JP2020024376A - Data protection method, authentication server, data protection system, and data structure - Google Patents

Abstract

To provide a data protection method, etc., with which it is possible to effectively use data while protecting the privacy of data.SOLUTION: The data protection method includes: a step S104a for receiving transaction data that includes a first hash value obtained from the history information of a dwelling house 100; a step S107 for acquiring, from a data server, a second hash value obtained by the data server by executing a computation process, while being encrypted, on encrypted history information acquired from the dwelling house, the encrypted history information being the history information of the dwelling house encrypted using a secure computing system capable of performing computation while being encrypted; a step S108 for verifying the transaction data and confirming whether or not the first and the second hash values match; and a step S111 for confirming the validity of the transaction data and, when the first and second hash values match, recording the transaction data in a distributed ledger.SELECTED DRAWING: Figure 12

Description

  The present disclosure relates to a data protection method, an authentication server, a data protection system, and a data structure, and more particularly, to a data protection method, an authentication server, a data protection system, and a data structure for utilizing data collected from a user.

  In recent years, systems for collecting, analyzing, and distributing data such as user data and device data have been studied. In the future, the spread of AI (Internet of Things) and the spread of AI and the like will make it possible to collect more data than in the past, and thus the utilization of the collected data is expected.

  However, in order to utilize the collected data, protection of privacy information included in the data, that is, privacy protection of the data, is important.

  For example, Non-Patent Literature 1 describes security in an industrial control system (ICS: Industrial Control Systems) and IoT. According to Non-Patent Document 1, it is important to protect not only sensor information but also privacy information related to personal data such as health care and wearables.

Cyber Physical Security for Industrial Control Systems and IoT, IEICE TRANS.INF. & SYST., VOL.E99-D, NO.4 APRIL 2016 ABY-A Framework for Efficient Mixed-Protocol Secure Two-Party Computation, NDSS Symposium 2015 Fully Homomorphic Encryption without Bootstrapping, https://eprint.iacr.org/2011/277.pdf (July 20, 2018)

  However, when a system for collecting and distributing data encrypts and distributes the data in order to protect the privacy of the collected data, in a company that wants to provide a service, the obtainable data is encrypted. It is difficult to use data. On the other hand, if the system distributes the collected data in plain culture, the user does not provide the data itself because of the risk of data leakage, so the system will use enough data to utilize the data. Cannot collect.

  The present disclosure has been made in view of the above circumstances, and has as its object to provide a data protection method and the like that can utilize data while protecting data privacy.

  In order to achieve the above object, a data protection method according to the present disclosure is executed by a first authentication server among the plurality of authentication servers in a data protection system including a device, a plurality of authentication servers, and a plurality of data servers. Receiving a transaction data generated by the device, including a first hash value obtained from the history information of the device, and the encrypted data recorded by the data server. The data server encrypts the history information obtained by encrypting the history information of the device using a secret calculation method that can be operated as it is, and calculates the encrypted history information obtained by the device while encrypting the data server. Obtaining a second hash value obtained by executing a process from the data server; verifying the transaction data; Confirming whether the first hash value and the second hash value match, confirming the validity of the transaction data, and determining whether the first hash value and the second hash value If they match, recording the transaction data in a distributed ledger in synchronization with the plurality of authentication servers other than the first authentication server.

  Note that these comprehensive or specific aspects may be realized by a system, an integrated circuit, a computer program, or a computer-readable recording medium such as a CD-ROM. The system, the method, the integrated circuit, the computer program, and It may be realized by an arbitrary combination of recording media.

  According to the present disclosure, it is possible to realize a data protection method and the like that can utilize data while protecting data privacy.

FIG. 1 is a diagram illustrating an example of an overall configuration of a data distribution system according to an embodiment. FIG. 2 is a diagram illustrating an example of the entire configuration of the house according to the embodiment. FIG. 3 is a block diagram showing an example of a functional configuration of the controller shown in FIG. FIG. 4 is a diagram illustrating an example of a data structure of transaction data according to the embodiment. FIG. 5 is a block diagram illustrating an example of a functional configuration of the terminal according to the embodiment. FIG. 6 is a diagram illustrating an example of the entire configuration of the vehicle-mounted network system included in the vehicle according to the embodiment. FIG. 7 is a block diagram showing an example of a functional configuration of the gateway shown in FIG. FIG. 8 is a block diagram illustrating an example of a functional configuration of the authentication server according to the embodiment. FIG. 9 is an explanatory diagram showing the data structure of the block chain. FIG. 10 is a block diagram illustrating an example of a functional configuration of the data server according to the embodiment. FIG. 11 is an overall sequence diagram of data protection according to the embodiment. FIG. 12 is a sequence diagram of the transaction data registration process according to the embodiment. FIG. 13 is a sequence diagram of a data verification process according to the embodiment.

  A data protection method according to an embodiment of the present disclosure is directed to a data protection method performed by a first authentication server among the plurality of authentication servers in a data protection system including a device, a plurality of authentication servers, and a plurality of data servers. A method, comprising: receiving a transaction data generated by the device, including a first hash value obtained from history information of the device; and allowing the encrypted data recorded by the data server to be operated. The history information of the device is encrypted using a simple secret calculation method, and the encrypted history information obtained from the device is encrypted. Obtaining the second hash value obtained from the data server; verifying the transaction data; Confirming whether or not the transaction value matches the second hash value; and confirming the validity of the transaction data, and when the first hash value and the second hash value match. Recording the transaction data in a distributed ledger in synchronization with the plurality of authentication servers other than the first authentication server.

  As a result, a data protection method or the like that can utilize data while protecting data privacy can be realized.

  Acquiring, from the device, identification information for identifying first encryption history information of the first history information to be verified and a third hash value obtained from the first history information; Generating first transaction data including identification information and indicating a request for data verification, transmitting the transaction data to the data server; and, among the encryption history information acquired from the device recorded by the data server, Obtaining, from the data server, a fourth hash value obtained by performing an arithmetic operation on the first encryption history information specified by the identification information while the data server is encrypting; Checking whether a third hash value matches the fourth hash value, and determining whether the third hash value does not match the fourth hash value. The includes identification information, the identification and generates a second transaction data indicating a deletion request of the first encrypted history information specified by the information, it may include the steps of transmitting to the data server.

  Thus, if the history information of the device to be verified does not match the information stored in the data server, the encrypted history information of the device on the data server side can be deleted.

  Further, the data protection method further includes, when the third hash value and the fourth hash value do not match, record the second transaction data in the distributed ledger in synchronization with the plurality of authentication servers. Steps may be included.

  Thereby, it can be left in the blockchain that the history information of the device does not match the information stored in the data server.

  Further, for example, the history information may include personal data of a user of the device.

  Further, the authentication server according to an embodiment of the present disclosure is one of the plurality of authentication servers in a data protection system including a device, a plurality of authentication servers, and a plurality of data servers. The transaction data generated by the device including a first hash value obtained from the history information of the device, and using a secret calculation method recorded in the data server and capable of being operated while being encrypted. A second hash value obtained by performing the arithmetic processing while the data server is still encrypted with respect to the encryption history information obtained from the device, wherein the history information is encrypted encryption history information, A communication unit obtained from the data server; a transaction data verification unit for verifying the transaction data; a first hash value and the second hash value; A data verifying unit for checking whether the transaction data matches the authentication value, and when the first hash value and the second hash value match, the plurality of authentications are performed. A recording unit that records the transaction data in a distributed ledger in synchronization with a server.

  Further, a data protection system according to an embodiment of the present disclosure includes a device, a plurality of authentication servers, and a plurality of data servers, wherein the device includes a transaction including a first hash value obtained from history information of the device. A transaction data generation unit that generates data and transmits it to one of the plurality of authentication servers, and encrypts the history information using a secret calculation method that can be operated while being encrypted, A first secret calculation unit that generates encryption history information and transmits the encrypted history information to the plurality of data servers, wherein each of the data servers records the encryption history information acquired from the device; A second hash value of the recorded encryption history information is obtained by performing an arithmetic process on the recorded encryption history information while being encrypted, and obtaining the one hash value. A second secret calculation unit for transmitting to the authentication server, wherein the one authentication server receives the transaction data including the first hash value from the device, and acquires the second hash value from the data server A communication unit that verifies the transaction data; a data verification unit that verifies whether the first hash value matches the second hash value; and a validity of the transaction data. A recording unit that records the transaction data in a distributed ledger in synchronization with the plurality of authentication servers when the first hash value is confirmed and the second hash value matches.

  Further, a data structure according to an embodiment of the present disclosure is a data structure used for a block recorded as a block chain in a data protection system including a device, a plurality of authentication servers, and a plurality of data servers. Is a block chain address that is included in the block of the block chain and is an identifier for identifying the entity that generated the transaction data, a transaction ID that identifies the transaction data, and a first hash value that is included in the transaction data. The transaction data includes a first hash value obtained from the history information of the device and a digital signature of a user of the transaction data, and the transaction data is stored in the history information of the device using a secret calculation method that can be operated while being encrypted. Is encrypted encryption When the second hash value obtained by executing the arithmetic processing while the data server encrypts the history information and the encrypted history information obtained from the device matches the first hash value. , Included in the block.

  Hereinafter, embodiments will be described with reference to the drawings. Each of the embodiments described below shows a specific example of the present disclosure. Therefore, the numerical values, shapes, materials, constituent elements, arrangement of the constituent elements, connection forms, and the like shown in the following embodiments are merely examples and are not intended to limit the present disclosure. In addition, among the components in the following embodiments, components that are not described in independent claims that represent an embodiment according to an embodiment of the present disclosure are described as arbitrary components. Implementations of the present disclosure are not limited to the current independent claims, but may be expressed by other independent claims.

(Embodiment)
First, a system configuration of the present disclosure will be described.

[1. System configuration]
The data protection system according to the present disclosure records encrypted data obtained by encrypting data such as device history information in a method capable of performing a secret calculation in a data server, and stores transaction data including a hash value of the encrypted data. Record in the distributed ledger. Accordingly, the data protection system of the present disclosure can collect and utilize data while protecting data privacy by utilizing blockchain technology.

  Hereinafter, a data protection system and the like according to the embodiment will be described with reference to the drawings.

[1.1 Overall Configuration of Data Protection System 10]
FIG. 1 is a diagram illustrating an example of an overall configuration of a data protection system 10 according to the present embodiment.

  As shown in FIG. 1, the data protection system 10 includes a house 100, a terminal 110, a vehicle 120, for example, authentication servers 200a, 200b, 200c, and data servers 300a, 300b, 300c. These are connected by a communication network 400.

  The authentication servers 200a, 200b, and 200c (hereinafter, also referred to as the authentication server 200) are connected to the storage devices 201a, 201b, and 201c (hereinafter, also referred to as the storage device 201). The authentication server 200 may be connected to the storage device 201 via the communication network 400, or may include the storage device 201 inside. The storage device 201 has a distributed ledger in which transaction data and blocks of a block chain are electronically recorded.

  Although FIG. 1 shows an example in which the data protection system 10 includes three authentication servers and three data servers, the present invention is not limited to this. That is, the data protection system 10 may include four or more authentication servers, or may include four or more data servers.

[1.2 Configuration of House 100]
FIG. 2 is a diagram showing an example of the entire configuration of house 100 according to the present embodiment.

  The house 100 includes a controller 101, a solar power generator 102, a storage battery 103, and a power meter 104, as shown in FIG. The controller 101, the photovoltaic power generation 102, the storage battery 103, and the power meter 104 are connected by a communication network 105. The solar power generation 102, the storage battery 103, and the power meter 104 are connected by a power network 106. The house 100 is, for example, a house such as a house, but is not limited to this. The house 100 may be a building such as a factory or a building. That is, as long as the house 100 is a building used by the user, the form of the house 100 is not limited. In the following, devices in the house 100 are referred to as devices in the house. The device in the house is an example of the device of the present disclosure. The equipment in the house may or may not include the photovoltaic power generation 102, the storage battery 103, and the power meter 104. In addition, the house 100 may be an example of the device of the present disclosure.

<Controller 101>
The controller 101 is, for example, a controller of an energy management system. In the present embodiment, the controller 101 controls the photovoltaic power generation 102, displays the power generation status in the photovoltaic power generation 102 and the power storage state of the storage battery 103, and inputs an application for power sale or power purchase, or the like. I do. Further, the controller 101 manages the amount of power transmitted to an external power network (not shown) via the power meter 104 and notifies the authentication server 200 of the amount of power. As described above, the controller 101 operates the home device, displays the status of the home device, performs input to the home device, and manages the operation history and status change of the home device. .

<Solar power generation 102>
The photovoltaic power generation 102 is a device equipped with a power generation method for directly converting sunlight into electric power using a solar cell. The photovoltaic power generation 102 uses the generated power in the house 100, stores the power in the storage battery 103, and transmits the power to the power network.

<Storage battery 103>
The storage battery 103 stores the electric power generated by the solar power generation 102. The storage battery 103 transmits the stored power to the power network in accordance with a power transmission instruction from the controller 101, for example. In addition, the storage battery 103 may store the power received from the power network, for example, according to a power reception instruction from the controller 101. Note that the storage battery 103 is not an essential component, and need not be provided in the house 100.

<Power meter 104>
The power meter 104 measures the amount of power transmitted to the external power network or the amount of power received from the external power network. When the solar power generation 102 or the storage battery 103 transmits power to the power network according to a power transmission instruction from the controller, the power meter 104 measures the time and the amount of power transmitted by the solar power generation 102 or the storage battery 103 and notifies the controller 101. . In addition, the power meter 104 measures power used by receiving power from the power network according to a power use instruction from the controller 101.

  Hereinafter, an example of the configuration of the controller 101 will be described.

[1.3 Configuration of Controller 101]
FIG. 3 is a block diagram showing an example of a functional configuration of the controller 101 shown in FIG.

  The controller 101 includes a processor and a memory in which a program for causing the processor to execute a predetermined process is stored. That is, the controller 101 is realized by the processor executing a predetermined program using the memory. In the present embodiment, as shown in FIG. 3, the controller 101 includes a transaction data generation unit 1011, a secret calculation unit 1012, a recording unit 1013, and a communication unit 1014.

<Transaction data generation unit 1011>
The transaction data generation unit 1011 performs the operation history and the state history when the user operates the home device and receives the operation history from the device, or when the home device changes the state and receives the state history from the device. The transaction data in the blockchain is generated based on the history information of the devices such as. Here, the history information of the device is an example of personal data, and includes personal data of the user of the device.

  In the present embodiment, the transaction data generation unit 1011 calculates a hash value (referred to as a first hash value) of the history information of the device received from the device, and generates transaction data including the calculated first hash value. .

  Here, an example of the structure (data structure) of the transaction data generated by the transaction data generation unit 1011 will be described with reference to FIG. FIG. 4 is a diagram showing an example of a data structure of transaction data according to the present embodiment.

  As shown in FIG. 4, the data structure of the transaction data generated by the transaction data generation unit 1011 includes a transaction ID, a block chain address, a first hash value, and a signature. The transaction ID is an identifier for identifying transaction data. The block chain address is an identifier for identifying the entity that has generated the transaction data, and is represented as a BC address in FIG. In the present embodiment, the user or controller of the history information from which the first hash value can be obtained can be specified by the blockchain address. The first hash value is obtained from the history information of the device and is included in the transaction data. As shown in FIG. 4, the first hash value is included in the payload portion that is the data body of the transaction data. The signature is the user's digital signature. In the present embodiment, the signature is generated using a signature generation key for each user. Note that the transaction data generation unit 1011 may generate transaction data further including an identifier for identifying the history information of the device.

  Further, the transaction data generation unit 1011 records the generated transaction data in the recording unit 1013. Further, the transaction data generation unit 1011 transmits the generated transaction data to at least one of the authentication servers 200a, 200b, and 200c via the communication unit 1014.

<Secret calculation unit 1012>
The secret calculation unit 1012 generates encrypted history information obtained by encrypting the history information of the device using a secret calculation method capable of performing an operation while being encrypted. In the present embodiment, the secret calculation unit 1012 performs encryption processing of the secret calculation method on the history information of the device received from the transaction data generation unit 1011. The secret calculation unit 1012 transmits the encrypted history information obtained by encrypting the history information of the device by the secret calculation method to the data server 300 via the communication unit 1014.

  Here, arithmetic processing including image recognition can be performed on the data that has been encrypted using the secret calculation method in an encrypted state. The encryption processing using the secret calculation method can be performed using a method disclosed in Non-Patent Document 2 or Non-Patent Document 3, for example. By performing encryption using the method disclosed in Non-Patent Document 2 or Non-Patent Document 3, four arithmetic operations can be performed while the data is encrypted, and a hash value can be obtained. The method used for the encryption process may be determined in advance, or the method to be used may be obtained from data or the like. Further, a plurality of methods may be used for the encryption processing.

<Recording unit 1013>
The recording unit 1013 records the transaction data generated by the transaction data generation unit 1011 and the encryption history information that is the data encrypted by the secret calculation unit 1012. In the present embodiment, the recording unit 1013 records encryption history information, which is data encrypted by the secret calculation unit 1012 and capable of secret calculation, and includes a transaction including the first hash value generated by the transaction data generation unit 1011. Record the data.

<Communication unit 1014>
The communication unit 1014 communicates with the data server 300 and the authentication server 200 via the communication network 400. This communication may be performed by TLS (Transport Layer Security). In this case, the encryption key for TLS communication may be held in the communication unit 1014.

  Next, the terminal 110 will be described.

[1.4 Configuration of Terminal 110]
FIG. 5 is a block diagram showing an example of a functional configuration of terminal 110 according to the present embodiment.

  The terminal 110 is an example of the device of the present disclosure, and is realized by a processor executing a predetermined program using a memory. The terminal 110 is, for example, a device having a display unit and an input unit such as a smartphone, or a device such as a wearable device for acquiring sensor information of a user.

  In the present embodiment, terminal 110 includes a transaction data generation unit 1101, a secret calculation unit 1102, a recording unit 1103, and a communication unit 1104, as shown in FIG.

<Transaction data generation unit 1101>
The transaction data generation unit 1101 performs a transaction in the blockchain based on history information including a user's operation history of the terminal 110, a history of information input to the terminal 110 by the user, and a history of information about the user collected by the terminal 110. Generate data. The history of information input to the terminal 110 by the user is, for example, a plurality of past photographs taken by the user using the terminal 110. The history of information on the user collected by the terminal 110 is a history of sensor information such as information indicating the body temperature of the user, for example.

  In the present embodiment, the transaction data generation unit 1101 calculates a hash value (also referred to as a first hash value) of the history information acquired from the terminal 110, and generates transaction data including the calculated first hash value.

  Here, the structure (data structure) of the transaction data generated by the transaction data generation unit 1101 is as shown in FIG. That is, the data structure of the transaction data generated by the transaction data generation unit 1101 includes a transaction ID, a block chain address, a first hash value, and a signature.

  Note that, as described above, the block chain address is an identifier for identifying the entity that generated the transaction data, and can specify the user or the terminal 110. The transaction data generation unit 1101 may generate transaction data including an identifier for identifying the history information separately from the blockchain address.

  Further, the transaction data generation unit 1101 records the generated transaction data in the recording unit 1103. In addition, the transaction data generation unit 1101 transmits the generated transaction data to at least one of the authentication servers 200a, 200b, and 200c via the communication unit 1104.

<Secret calculation unit 1102>
The secret calculation unit 1102 generates encrypted history information obtained by encrypting the history information of the terminal 110 using a secret calculation method capable of performing an operation while being encrypted. In the present embodiment, the secret calculation unit 1102 performs a secret operation on the history information of the terminal 110 received from the transaction data generation unit 1101 or history information such as a plurality of past photos and sensor information held by the terminal 110. Performs encryption processing of the calculation method. In addition, the secret calculation unit 1102 transmits the encrypted history information obtained by encrypting the history information by the secret calculation method to the data server 300 via the communication unit 1104.

  The encryption processing using the secret calculation method is as described above, and thus detailed description is omitted. For example, a method disclosed in Non-Patent Document 2 and / or Non-Patent Document 3 may be used. Further, as described above, the method used for the encryption processing may be determined in advance, or the method to be used may be obtained from data or the like. Further, a plurality of methods may be used for the encryption processing.

<Recording unit 1103>
The recording unit 1103 records the transaction data generated by the transaction data generation unit 1101 and the encryption history information that is the data encrypted by the secret calculation unit 1102. In the present embodiment, the recording unit 1103 records encryption history information, which is data encrypted by the secret calculation unit 1102 and capable of secret calculation, and includes a transaction including the first hash value generated by the transaction data generation unit 1101. Record the data.

<Communication unit 1104>
The communication unit 1104 communicates with the data server 300 and the authentication server 200 via the communication network 400. This communication may be performed by TLS. In this case, the encryption key for the TLS communication may be held in the communication unit 1104.

  Next, the vehicle 120 will be described.

[1.5 Configuration of Vehicle 120]
The vehicle 120 is, for example, an automobile, but is not limited to this. The vehicle 120 may be a motorcycle, a boat, or the like. That is, the vehicle 120 and the like need only have a plurality of ECUs connected to a network in the vehicle 120.

  FIG. 6 is a diagram illustrating an example of the overall configuration of the vehicle-mounted network system included in the vehicle 120 according to the present embodiment.

  ECU1211a, ECU1221, ECU1231, ECU1241, ECU1251, and gateway 121 which are several electronic control units are connected by the in-vehicle network. Here, the in-vehicle network may be CAN, Ethernet (registered trademark), or a mixture of CAN and Ethernet (registered trademark). Even when the in-vehicle network includes Ethernet (registered trademark), the message may be transmitted by broadcast.

  The in-vehicle network is connected to, for example, an engine 1210, a battery 1230, a motor (not shown), and a drive system ECU related to fuel control. In the example shown in FIG. 6, the ECU 1211a for the engine 1210 and the ECU 1231 for the battery 1230 are connected to the on-vehicle network.

  The vehicle-mounted network is connected with a driving assist unit 1220 and a safety / comfort function ECU (not shown) such as an automatic brake, a lane keeping function, an inter-vehicle distance function, a collision prevention function, and an airbag. In the example shown in FIG. 6, an ECU 1221 for the driving assist unit 1220 is connected to the vehicle-mounted network.

  An infotainment ECU such as a head unit 1240 is connected to the on-vehicle network. In the example shown in FIG. 6, an ECU 1241 for the head unit 1240 is connected to the on-vehicle network. Note that the ECU 1241 for the head unit 1240 may not be provided, and the head unit 1240 may be directly connected to the vehicle-mounted network without using the ECU 1241. Further, the head unit has a display unit and an input unit, and has a function of receiving screen display and information input for a user who is in the vehicle 120, that is, in the vehicle.

  Further, a communication ECU such as a communication unit 1250 having a communication function of communicating with the authentication server 200 is connected to the on-vehicle network. In the example shown in FIG. 6, an ECU 1251 for the communication unit 1250 is connected to the on-vehicle network.

  The above-described ECUs 1211a to 1251 may be integrated with the components to be connected to each other, that is, may be configured by one component. For example, the engine 1210 and the ECU 1211a for the engine 1210 connected thereto may be configured as one component. The same applies to the other ECUs 1221 and the like.

  The plurality of electronic control units, that is, the ECUs 1211a to 1251 transmit messages periodically or irregularly. For example, the ECU 1211a for the engine 1210 has acquired the rotation speed of the engine 1210, and periodically transmits a message indicating the acquired rotation speed of the engine 1210. Further, for example, if the ECU 1221 is for the driving assist unit 1220, when the driving assist function is turned on, a message indicating that fact is transmitted. When the ECU newly connects to the in-vehicle network, a message indicating that fact may be transmitted.

  Next, the gateway 121 connected to the in-vehicle network will be described.

[1.6 Configuration of Gateway 121]
FIG. 7 is a block diagram illustrating an example of a functional configuration of the gateway 121 illustrated in FIG.

  The gateway 121 is realized by a processor executing a predetermined program using a memory. In the present embodiment, as shown in FIG. 7, the gateway 121 includes a transaction data generation unit 1211, a secret calculation unit 1212, a recording unit 1213, and a communication unit 1214.

<Transaction data generation unit 1211>
The transaction data generation unit 1211 generates transaction data in the block chain based on the history information of the vehicle 120 including the manual driving history or the automatic driving history of the vehicle 120 and the history of the sensor information of the vehicle 120.

  In the present embodiment, the transaction data generation unit 1211 calculates a hash value (referred to as a first hash value) of the history information acquired from the vehicle 120, and generates transaction data including the calculated first hash value.

  Here, the structure (data structure) of the transaction data generated by the transaction data generation unit 1211 is as shown in FIG. That is, the data structure of the transaction data generated by the transaction data generation unit 1211 includes the transaction ID, the block chain address, the first hash value, and the signature.

  Note that, as described above, the block chain address is an identifier for identifying the entity that generated the transaction data, and can identify the user of the vehicle 120, the gateway 121, or the vehicle 120. Further, similarly to the above, the transaction data generation unit 1211 may generate transaction data including an identifier for identifying the history information separately from the transaction ID.

  Further, the transaction data generation unit 1211 records the generated transaction data in the recording unit 1213. Further, the transaction data generation unit 1211 transmits the generated transaction data to at least one of the authentication servers 200a, 200b, and 200c via the communication unit 1214.

<Secret calculation unit 1212>
The secret calculation unit 1212 generates encrypted history information obtained by encrypting the history information of the vehicle 120 using a secret calculation method capable of performing an operation while being encrypted. In the present embodiment, the secret calculation unit 1212 performs encryption processing of the secret calculation method on the history information such as the driving history of the vehicle 120 and the history of the sensor information received from the transaction data generation unit 1211. In addition, the secret calculation unit 1212 transmits the encrypted history information obtained by encrypting the history information using the secret calculation method to the data server 300 via the communication unit 1214.

  The encryption processing using the secret calculation method is as described above, and thus detailed description is omitted. For example, a method disclosed in Non-Patent Document 2 and / or Non-Patent Document 3 may be used.

  Further, as described above, the method used for the encryption processing may be determined in advance, or the method to be used may be obtained from data or the like.

<Recording unit 1213>
The recording unit 1213 records the transaction data generated by the transaction data generation unit 1211 and the encryption history information that is the data encrypted by the secret calculation unit 1212. In the present embodiment, the recording unit 1213 records encryption history information, which is data encrypted by the secret calculation unit 1212 and capable of secret calculation, and includes a transaction including the first hash value generated by the transaction data generation unit 1211. Record the data.

<Communication unit 1214>
The communication unit 1214 performs communication with the data server 300 and the authentication server 200 via the communication network 400. This communication may be performed by TLS. In this case, the encryption key for the TLS communication may be held in the communication unit 1214.

  Next, the authentication server 200a and the like will be described.

[1.7 Configuration of Authentication Server 200a]
FIG. 8 is a block diagram illustrating an example of a functional configuration of authentication server 200a according to the present embodiment. Since the authentication servers 200b and 200c have the same configuration, the authentication server 200a will be described below as an example.

  As shown in FIG. 8, the authentication server 200a includes a transaction data verification unit 211, a block generation unit 212, a synchronization unit 213, a data verification unit 214, a recording unit 215, and a communication unit 216. The authentication server 200a can be realized by a processor executing a predetermined program using a memory. Hereinafter, each component will be described.

<Transaction data verification unit 211>
The transaction data verification unit 211 verifies the received transaction data. Specifically, when transaction data is received from a device such as the house 100, the terminal 110, or the vehicle 120, it verifies whether the format of the transaction data is correct and whether the signature is valid. As described above, the transaction data verification unit 211 verifies the transaction data by confirming the validity of the received transaction data.

  When the transaction data verification unit 211 confirms the validity of the transaction data as a result of the verification, the transaction data verification unit 211 records the transaction data in the recording unit 215 and notifies the synchronization unit 213.

<Block generator 212>
When the transaction data verification unit 211 successfully verifies the transaction data, the block generation unit 212 executes a consensus algorithm on the transaction data among the plurality of authentication servers. Here, as the consensus algorithm, a consensus algorithm called PBFT (Practical Byzantine Fault Tolerance) may be used, or another known consensus algorithm may be used.

  As described above, in the present embodiment, the block generation unit 212 executes a consensus algorithm among the authentication server 200a, the authentication server 200b, and the authentication server 200c. That is, the block generation unit 212 first generates a block of a block chain including one or more transaction data. Next, the block generation unit 212 executes a consensus algorithm. Then, when consensus is formed by executing the consensus algorithm, the block generation unit 212 records the generated block in the recording unit 215. The blocks generated by the block generation unit 212 are connected to a block chain by the recording unit 215 and recorded.

  Here, a data structure of a block chain and a partial data structure of transaction data included in the block chain will be described.

  FIG. 9 is an explanatory diagram showing the data structure of the block chain.

  A block chain is a block in which blocks as recording units are connected in a chain (chain) shape. Each block has a plurality of transaction data and a hash value of the immediately preceding block. Specifically, the block B2 includes the hash value of the previous block B1. Then, the hash value calculated from the plurality of transaction data included in the block B2 and the hash value of the block B1 is included in the block B3 as the hash value of the block B2. In this way, by connecting the blocks in a chain while including the contents of the previous block as a hash value, falsification of the connected transaction data is effectively prevented.

  If past transaction data is changed, the hash value of the block will be different from the value before the change, and in order to make the falsified block correct, all subsequent blocks must be recreated. Is very difficult in practice.

<Synchronization unit 213>
The synchronization unit 213 synchronizes a block of a block chain or transaction data between authentication servers (authentication servers 200a to 200c).

  The synchronization unit 213 of the plurality of authentication servers 200a to 200c synchronizes the transaction data of the block chain on a peer-to-peer basis. Then, the synchronization unit 213 records the synchronized blockchain transaction data in the recording unit 215.

  For example, when the validity of the transaction data is verified by the transaction data verification unit 211, the synchronization unit 213 transfers the verified transaction data to the other authentication servers 200, ie, the authentication servers 200b and 200c. When receiving the verified transaction data from another authentication server 200, the synchronization unit 213 records the received verified transaction data in the recording unit 215.

<Data verification unit 214>
The data verification unit 214 transmits a request to verify the encryption history information, which is data recorded in the data server 300, and receives a hash value obtained from the encryption history information to be verified from the data server 300. More specifically, the data verification unit 214 generates transaction data indicating a data verification request including identification information for identifying the encrypted history information of the history information of the device to be verified, and indicating to the data server 300 Send. Then, the data verification unit 214 applies the hash value obtained by performing the arithmetic processing to the encrypted history information specified by the identification information in the encrypted history information recorded by the data server 300 while the data is encrypted. , From the data server 300.

  The data verification unit 214 verifies whether the hash value obtained from the history information of the device as the data verification target recorded in the recording unit 215 matches the hash value obtained from the data server 300.

  It should be noted that the data verification unit 214 transmits the transaction data including the identification information for identifying the encryption history information to the data server 300 when requesting the verification of the encryption history information, but is not limited thereto. The data verification unit 214 may transmit only the identifier, or may transmit, instead of the identifier, transaction data indicating a data verification request, including information indicating an attribute type of data. Thus, the encryption history information to be verified can be identified.

<Recording unit 215>
The recording unit 215 records the transaction data in a block chain in the distribution ledger of the storage device 201a, including the transaction data in the block. The storage device 201a may be configured inside the recording unit 215, or may be configured outside the authentication server 200a as shown in FIG.

  The transaction data includes transaction data received from the house 100, the terminal 110, or the vehicle 120.

  In the present embodiment, when the validity of the transaction data received from the device is confirmed and the hash value recorded in the recording unit 215 matches the hash value acquired from the data server 300, Then, the transaction data is recorded in the distributed ledger.

<Communication unit 216>
The communication unit 216 performs communication with the house 100, the terminal 110, the vehicle 120, the authentication servers 200b, 200c, and the data servers 300a, 300b, 300c. This communication may be performed by TLS. In this case, the encryption key for TLS communication may be held in the communication unit 216.

  In the present embodiment, communication unit 216 receives the transaction data generated by the device, including the hash value obtained from the history information of the device. Also, the communication unit 216 is encrypted history information obtained by encrypting the history information of the device by using a secret calculation method that can be operated while being encrypted, which is recorded by the data server 300 and obtained from the device. From the data server 300, a hash value obtained by executing the arithmetic processing on the encrypted history information with the data server 300 being encrypted is obtained.

  Next, the data server 300a and the like will be described.

[1.8 Configuration of Data Server 300a]
FIG. 10 is a block diagram illustrating an example of a functional configuration of the data server 300a according to the present embodiment. Since the data servers 300b and 300c have the same configuration, the data server 300a will be described below as an example.

  As shown in FIG. 10, the data server 300a includes a management unit 311, a secret calculation unit 312, a recording unit 313, and a communication unit 314.

<Management unit 311>
The management unit 311 records, in the recording unit 313, encryption history information that is encrypted data received from a device such as the house 100, the terminal 110, or the vehicle 120.

  When the management unit 311 receives, from the authentication server 200, a request to verify the encryption history information that is the data recorded in the recording unit 313, the management unit 311 transmits the encryption history information to be verified to the secret calculation unit 312. I do. More specifically, the management unit 311 performs the secret calculation on the encryption history information recorded in the recording unit 313 and based on the information indicating the identifier or the attribute type given to the verification request. Is transmitted to the secret calculation unit 312.

  The management unit 311 receives the hash value of the encryption history information to be verified from the secret calculation unit 312 and transmits the hash value to the authentication server 200.

<Secret calculation unit 312>
Upon receiving, from the management unit 311, a request for hash value calculation processing by secret calculation with respect to the encryption history information to be verified, the secret calculation unit 312 records the encryption value information in the storage unit 313 and stores the encrypted data in the encryption target. A secret calculation is performed using the conversion history information to calculate a hash value. Note that the secret calculation unit 312 may perform a secret calculation in cooperation with the other data servers 300b and 300c to calculate a hash value of the encryption history information that is the encrypted data to be verified. In addition, the hash value calculation processing based on the secret calculation may be performed using the method disclosed in Non-Patent Document 2 and / or Non-Patent Document 3.

  The secret calculation unit 312 transmits the calculated hash value to the management unit 311.

<Recording unit 313>
The recording unit 313 records encryption history information that is encrypted data received from a device such as the house 100, the terminal 110, or the vehicle 120.

<Communication unit 314>
The communication unit 314 performs communication with the authentication servers 200a, 200b, and 200c. This communication may be performed by TLS. In this case, the encryption key for the TLS communication may be held in the communication unit 314.

[1.9 Overall Sequence of Data Distribution Between House, Authentication Server and Data Server]
Subsequently, a sequence of data distribution between the house 100, the authentication servers 200a to 200c, and the data servers 300a to 300c will be described.

  FIG. 11 is an overall sequence diagram of data protection according to the present embodiment. Each process will be described later. In addition, the house 100 shown in FIG. 11 may be the terminal 110 or the vehicle 120, and both are examples of the device of the present disclosure.

  First, in step S100, transaction data registration processing is performed between the house 100, the authentication servers 200a, 200b, 200c and the data servers 300a, 300b, 300c. Next, in step S200, data verification processing is performed between the authentication servers 200a, 200b, 200c and the data servers 300a, 300b, 300c.

  The data verification process may be performed periodically, may be performed after a fixed period of time after the transaction data registration process is performed, or may be performed after the transaction data registration process is performed a plurality of times. Is also good.

[1.9.1 Transaction registration process between house and authentication server]
Next, transaction data registration processing between the house 100 and the authentication servers 200a, 200b, 200c will be described.

  FIG. 12 is a sequence diagram of transaction data registration processing according to the present embodiment. In FIG. 12, a description is given assuming that the house 100 as an example of the device of the present disclosure registers the transaction data, but the present invention is not limited to this. The terminal 110 or the vehicle 120 may be the same sequence.

  First, in step S101, the controller 101 of the house 100 acquires history information of devices in the house and generates data that is a source of transaction data. For example, the house 100 acquires operation information of home electric appliances in the house, history information such as the amount of power generated by the solar power generation 102 or the amount of power output from the storage battery 103, and generates data serving as a source of transaction data. I do.

  Next, in step S102, the controller 101 of the house 100 performs a hash value calculation process and a secret calculation process, that is, an encryption process using a secret calculation method, on the data such as the history information acquired in step S101. The secret calculation method may be shared in advance between the authentication servers 200a, 200b, 200c, the data servers 300a, 300b, 300c, and the controller 101 of the house 100, or may be determined by the data protection system 10.

  Next, in step S103, the controller 101 of the house 100 generates transaction data using the hash value of the history information (hereinafter, referred to as a first hash value) obtained by the hash value calculation process in step S102. More specifically, transaction data including a first hash value obtained from the history information of the device is generated. Here, in addition to the first hash value, the transaction data includes the transaction ID, the block chain address, and the signature as described above.

  Next, in step S104, the controller 101 of the house 100 transmits the transaction data including the first hash value generated in step S103 to the authentication server 200a. Then, the authentication server 200a receives the transaction data including the first hash value, and acquires the first hash value (S104a). In the example illustrated in FIG. 12, the controller 101 of the house 100 is described as transmitting the generated transaction data to the authentication server 200a. However, the controller 101 may transmit the generated transaction data to the authentication server 200b or the authentication server 200c. This is because the same processing is performed when the data is transmitted to the authentication server 200b or the authentication server 200c.

  Next, in step S105, the controller 101 of the house 100 transmits the encryption history information, which is the encrypted data obtained by the secret calculation process in step S102, to the data servers 300a to 300c. Then, each of the data servers 300a to 300c receives and records the encrypted history information (S105a).

  Next, in step S106, the data servers 300a to 300c perform a hash value calculation process by a secret calculation on the encrypted history information that is the received encrypted data, and obtain a hash value (hereinafter, referred to as a second hash value). ) Is calculated. The data server 300a transmits the calculated second hash value to the authentication server 200a.

  In the example illustrated in FIG. 12, a description is given assuming that the secret calculation is performed in cooperation with the plurality of data servers 300 (data servers 300 a to 300 c) to calculate the second hash value. The calculation may be performed to calculate a second hash value.

  Next, in step S107, the authentication server 200a acquires the second hash value transmitted from the data server 300a. In other words, the authentication server 200a is the encrypted history information recorded by the data server 300a or the like, and is obtained by encrypting the history information of the device using a secret calculation method that can be operated while being encrypted. From the data server 300a, a second hash value obtained by performing an arithmetic operation on the obtained encryption history information while the data server 300a or the like encrypts the information is obtained.

  Next, in step S108, the authentication server 200a verifies the transaction data received from the house 100 and checks whether the hash value acquired from the house 100 and the hash value acquired from the data server 300a match. In other words, the authentication server 200a verifies the transaction data and checks whether the first hash value matches the second hash value.

  In step S108, when the verification of the transaction data is not successful, or when the obtained first hash value and the second hash value do not match (N in S108), the authentication server 200a A notification to that effect is transmitted (S109), and the process ends.

  On the other hand, in step S108, if the verification of the transaction data is successful and the obtained first hash value matches the second hash value (Y in S108), the authentication server 200a performs authentication on the other authentication server 200 (authentication). The transaction data is transferred to the servers 200b and 200c) (S110). The authentication servers 200b and 200c also verify the transferred and received transaction data.

  Next, in step S111, the authentication server 200a, the authentication server 200b, and the authentication server 200c execute a consensus algorithm. When the authentication server 200a, the authentication server 200b, and the authentication server 200c verify that the received transaction data is valid transaction data (that is, validity), each of them generates a block including the transaction data. Then, the authentication servers 200a, 200b, and 200c record the blocks including the transaction data in the distribution ledger of the storage devices 201a, 201b, and 201c. In other words, the authentication server 200a checks the validity of the transaction data received from the house 100, and, if the first hash value and the second hash value match, communicates with the authentication servers 200b and 200c other than the authentication server 200a. Synchronously, record transaction data in the distributed ledger.

[1.9.2 Data verification process between data server and authentication server]
Subsequently, a data verification process between the data server 300 and the authentication servers 200a, 200b, 200c will be described.

  FIG. 13 is a sequence diagram of the data verification processing according to the present embodiment. Although FIG. 13 illustrates that the authentication server 200a requests data verification and performs data verification processing, the authentication server 200b or the authentication server 200c may perform the data verification processing. The same processing is performed when the authentication server 200b or the authentication server 200c performs the processing.

  First, in step S201a, the authentication server 200a identifies the identification information (ID) for identifying the encrypted history information of the history information of the device to be verified, and a hash value (hereinafter, a third hash value) obtained from the history information. ) Is obtained from the transaction data recorded in the distributed ledger or from the transaction data transmitted by the device.

  Next, in step S201, the authentication server 200a requests verification of history information of a device to be verified. Specifically, the authentication server 200a selects history information to be verified from the identification information and the like included in the acquired transaction data, and generates a data verification request.

  Next, in step S202, the authentication server 200a generates transaction data (hereinafter, referred to as first transaction data) indicating a request for data verification of history information to be verified. For example, the authentication server 200a generates first transaction data including a transaction ID, identification information for identifying encrypted history information of history information of a device to be verified, and a signature.

  Next, in step S203, the authentication server 200a transmits the first transaction data indicating the data verification request generated in step S202 to the data servers 300a to 300c.

  Next, in step S204, based on the first transaction data received from the authentication server 200a, the data servers 300a to 300c collaborate with the data servers 300b and 300c to perform the data verification on the encrypted history information. Performs hash value calculation processing by secret calculation. Note that the hash value calculation processing by the secret calculation is not limited to being performed in cooperation between the plurality of data servers 300, and may be performed by one or more data servers 300.

  Next, in step S205, the data server 300a obtains a hash value (hereinafter, referred to as a fourth hash value) calculated by performing a hash value calculation process by a secret calculation on the encrypted history information to be verified. , To the authentication server 200a.

  Next, in step S206, the authentication server 200a acquires a fourth hash value from the data server 300a. In other words, the authentication server 200a obtains the encrypted history information specified by the identification information from the encrypted history information recorded by the data server 300a or the like by executing the arithmetic processing with the data being encrypted. The fourth hash value is obtained from the data server 300a.

  Next, in step S207, the authentication server 200a verifies whether the third hash value obtained in step S201a matches the fourth hash value obtained in step S206.

  In step S207, when the third hash value and the fourth hash value match (Y in S207), the authentication server 200a determines that the data verification has succeeded and ends the process. On the other hand, in step S207, if the third hash value does not match the fourth hash value (N in S207), the authentication server 200a determines that the data verification has not been successful and requests the data deletion. The transaction data is generated (S208). Transaction data for requesting data deletion is hereinafter referred to as second transaction data. In other words, when the third hash value and the fourth hash value do not match, the authentication server 200a generates the second transaction data including the identification information and indicating a request to delete the encryption information specified by the identification information. .

  In step S208a, the authentication server 200a transmits the second transaction data generated in step S208 to the data servers 300a to 300c as an error notification (S208a).

  Further, in step S209, the authentication server 200a transfers the second transaction data generated in step S208 to another authentication server 200 (authentication servers 200a, 200b).

  Next, in step S210, the authentication server 200a, the authentication server 200b, and the authentication server 200c execute a consensus algorithm. When the authentication server 200a, the authentication server 200b, and the authentication server 200c verify that the received transaction data is valid transaction data (that is, validity), the authentication server 200a generates a block including the transaction data. Then, the authentication servers 200a, 200b, and 200c record the blocks including the transaction data in the distribution ledger of the storage devices 201a, 201b, and 201c. In other words, when the third hash value and the fourth hash value do not match, the authentication server 200a records the second transaction data in the distributed ledger in synchronization with the authentication servers 200b and 200c other than the authentication server 200a.

  In step S211, the data servers 300a to 300c perform data deletion processing based on the data deletion request received from the authentication server 200a.

[1.10 Effects of First Embodiment]
In the first embodiment, encrypted data obtained by encrypting personal data such as history information in a system capable of performing a secret calculation from a device such as the house 100, the terminal 110, or the vehicle 120 is recorded in a data server, and the encrypted data is stored in the data server. The transaction data including only the hash value of the data is recorded in the distributed ledger.

  As a result, not only can falsification of the encrypted data be effectively prevented, but even if the transaction data contained in the block of the block chain is made public, privacy can be protected without leaking personal data. Also, by using the secret calculation, the personal data recorded in the data server can be utilized without being decrypted.

  Further, if necessary, the verification of the personal data recorded in the data server may be performed by comparing the hash value of the encrypted data obtained by the secret calculation with the hash value included in the transaction data of the distributed ledger. it can.

  Thereby, the personal data recorded in the data server can be verified without leaking the personal data.

  As a result, the user is provided with personal data even if the personal data is provided, so that the user is provided with personal data. That is, the user provides the data server 300 with transaction data including encrypted data encrypted by a method capable of performing secret calculation. Easier to do.

  In this way, utilizing the blockchain technology, we will not only effectively prevent tampering of personal data, but also build a safe system that can utilize data including data verification while protecting the privacy of personal data. be able to.

[2. Other modifications]
Although the present disclosure has been described based on the above embodiments, it is needless to say that the present disclosure is not limited to the above embodiments. The following cases are also included in the present disclosure.

  (1) In the above embodiment, the authentication server 200 and the data server 300 are described as separate devices, but the authentication server 200 and the data server 300 may be the same device.

  (2) In the above embodiment, when the verification of the transaction data fails, the authentication server 200 notifies the house 100, the terminal 110, or the vehicle 120, but the authentication server 200 may also notify the data server 300. At this time, the data server 300 deletes the received encrypted data.

  (3) As described in the above embodiment, a plurality of data servers 300 may cooperate to perform secret calculation processing, or one data server 300 may be based on an existing encryption scheme for secret calculation. May perform a secret calculation process.

  (4) In the above embodiment, the encryption processing by the secret calculation may use a plurality of encryption methods. This makes it possible to cope with a plurality of methods.

  (5) In the above embodiment, the house 100, the terminal 110, and the vehicle 120 transmit the encrypted history information obtained by encrypting the history information to the data server 300. However, a plurality of servers cooperate to decrypt the history information. May be used. At this time, the encrypted data recorded by the data server 300 may be decrypted based on the request of the authentication server 200 and the permission of the user of the house 100, the terminal 110, or the vehicle 120. As a result, history information and the like can be decrypted when necessary, and data can be utilized.

  (6) In the above embodiment, the encrypted history information obtained by encrypting the history information by the house 100, the terminal 110, and the vehicle 120 is transmitted to the data server 300; however, the present invention is not limited to this. The house 100, the terminal 110, or the vehicle 120 may receive the encrypted history information recorded in the data server 300, decrypt the encrypted history information, and verify the tampering. When tampering is detected as a result of the verification, the authentication server 200 or the data server 300 may be notified of the fact. This allows the data server 300 to record the encrypted history information, which is the encrypted data, so that the device such as the house 100 does not need to hold the encrypted data. When the house 100, the terminal 110, or the vehicle 120 receives the encrypted data recorded in the data server 300, decrypts the encrypted data, and verifies the tampering, the verified home 100, terminal 110, A token may be issued to the vehicle 120. At this time, the token may be issued by the authentication server 200, may be issued by the data server 300, or a token held by the authentication server 200 or the data server 300 may be transmitted.

  (7) In the above embodiment, if the data verification performed in step S108 is not successful, the data server 300 may be notified and the encrypted data recorded in the data server 300 may be deleted.

  (8) In the above embodiment, the authentication server 200 generates a data verification request and the data server 300 calculates a hash value. However, the present invention is not limited to this. The data server 300 may perform a hash value calculation process periodically or irregularly, and request data verification by notifying the authentication server 200 of the hash value obtained by the hash value calculation process.

  (9) In the above embodiment, the blockchain recorded by the authentication server 200 may be made public to the house 100, the terminal 110, and the vehicle 120.

  (10) Further, the present disclosure includes a data structure used for a block recorded as a block chain in the data protection system 10 of the above embodiment. More specifically, the data structure of the present disclosure includes a block chain address that is an identifier for identifying the entity that has generated the transaction data included in the block of the block chain, a transaction ID that identifies the transaction data, A first hash value obtained from the device history information, and a user's electronic signature of the transaction data. Then, the transaction data is encrypted history information obtained by encrypting the history information of the device using a secret calculation method that can be operated while being encrypted. If the second hash value and the first hash value obtained by executing the arithmetic processing with the server 300 being encrypted match, it is included in the block.

  (11) Each device in the above embodiment is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is recorded on the RAM or the hard disk unit. Each device achieves its function by the microprocessor operating according to the computer program. Here, the computer program is configured by combining a plurality of instruction codes indicating instructions to the computer in order to achieve a predetermined function.

  (12) Each device in the above-described embodiment may be configured such that a part or all of the constituent elements are configured by one system LSI (Large Scale Integration). The system LSI is an ultra-multifunctional LSI manufactured by integrating a plurality of components on one chip, and is specifically a computer system including a microprocessor, a ROM, a RAM, and the like. . The RAM stores a computer program. When the microprocessor operates according to the computer program, the system LSI achieves its function.

  In addition, each unit of the constituent elements constituting each of the above devices may be individually formed into one chip, or may be formed into one chip so as to include a part or all of them.

  Although the system LSI is used here, it may be called an IC, an LSI, a super LSI, or an ultra LSI depending on the degree of integration. Further, the method of circuit integration is not limited to LSI, and may be realized by a dedicated circuit or a general-purpose processor. After the LSI is manufactured, an FPGA (Field Programmable Gate Array) that can be programmed or a reconfigurable processor that can reconfigure the connection and setting of circuit cells inside the LSI may be used.

  Furthermore, if an integrated circuit technology that replaces the LSI appears due to the progress of the semiconductor technology or another derivative technology, the functional blocks may be naturally integrated using the technology. Application of biotechnology, etc. is possible.

  (13) A part or all of the constituent elements constituting each of the above devices may be constituted by an IC card detachable from each device or a single module. The IC card or the module is a computer system including a microprocessor, a ROM, a RAM, and the like. The IC card or the module may include the above super-multifunctional LSI. When the microprocessor operates according to the computer program, the IC card or the module achieves its function. The IC card or the module may have tamper resistance.

  (14) The present disclosure may be the methods described above. Further, these methods may be a computer program that is realized by a computer, or may be a digital signal formed by the computer program.

  In addition, the present disclosure relates to a computer-readable recording medium that can read the computer program or the digital signal, for example, a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray ( (Registered trademark) Disc), and may be recorded on a semiconductor memory or the like. Further, the digital signal may be recorded on these recording media.

  Further, the present disclosure may be configured to transmit the computer program or the digital signal via an electric communication line, a wireless or wired communication line, a network represented by the Internet, a data broadcast, or the like.

  The present disclosure may be a computer system including a microprocessor and a memory, wherein the memory records the computer program, and the microprocessor operates according to the computer program.

  Further, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, so that it is implemented by another independent computer system. It may be.

  (15) The above embodiments and the above modifications may be combined.

  According to the present disclosure, in a data protection system, data can be verified while protecting privacy by encrypting and transmitting device history information by a secret calculation method and calculating a hash value while encrypting the history information in a server. .

REFERENCE SIGNS LIST 100 housing 101 controller 102 solar power generation 103 storage battery 104 power meter 105, 400 communication network 106 power network 110 terminal 120 vehicle 121 gateway 200a, 200b, 200c authentication server 211 transaction data verification unit 212 block generation unit 213 synchronization unit 214 data verification unit 215, 313, 1013, 1103, 1213 Recording unit 216, 314, 1014, 1104, 1214 Communication unit 300a, 300b, 300c Data server 311 Management unit 312, 1012, 1102, 1212 Secret calculation unit 1011, 1101, 1211 Transaction data generation Unit 1210 engine 1220 driving assist unit 1230 battery 1240 head unit 1250 communication unit 1 211a, 1221, 1231, 1241, 1251 ECU

Claims (7)

A data protection method executed by a first authentication server among the plurality of authentication servers in a data protection system including a device, a plurality of authentication servers, and a plurality of data servers,
Receiving a transaction data generated by the device, including a first hash value obtained from history information of the device;
The data server records, the history information of the device is encrypted using a secret calculation method that can be operated while being encrypted, the encrypted history information is encrypted history information obtained from the device to the encrypted history information On the other hand, acquiring from the data server a second hash value obtained by executing the arithmetic processing while the data server is still encrypted,
Verifying the transaction data and checking whether the first hash value matches the second hash value;
Verifying the validity of the transaction data, and if the first hash value and the second hash value match, synchronize the transaction data with the plurality of authentication servers other than the first authentication server; Recording the data in a distributed ledger.
Data protection method. Acquiring, from the device, identification information for identifying first encryption history information of the first history information to be verified and a third hash value obtained from the first history information;
Generating first transaction data including the identification information and indicating a data verification request, and transmitting the generated first transaction data to the data server;
Of the encryption history information acquired from the device recorded by the data server, for the first encryption history information specified by the identification information, the arithmetic processing is performed while the data server remains encrypted. Acquiring a fourth hash value obtained by execution from the data server;
Confirming whether the third hash value and the fourth hash value match,
If the third hash value and the fourth hash value do not match, second transaction data including the identification information and indicating a request to delete the first encryption history information specified by the identification information is generated. Transmitting to the data server.
The data protection method according to claim 1. The data protection method further comprises:
Recording the second transaction data in the distributed ledger in synchronization with the plurality of authentication servers when the third hash value does not match the fourth hash value.
The data protection method according to claim 2. The history information includes personal data of a user of the device,
The data protection method according to claim 1. In a data protection system including a device, a plurality of authentication servers, and a plurality of data servers, one of the plurality of authentication servers,
Including a first hash value obtained from the history information of the device, receiving the transaction data generated by the device, using a secret calculation method recorded in the data server and capable of being operated while being encrypted A second hash value obtained by performing arithmetic processing on the encrypted history information obtained from the device while the history information of the device is encrypted and obtained from the device while performing encryption processing on the data. A communication unit that acquires from the data server;
A transaction data verification unit for verifying the transaction data,
A data verification unit that checks whether the first hash value matches the second hash value,
A recording unit that records the transaction data in a distributed ledger in synchronization with the plurality of authentication servers when the validity of the transaction data is confirmed and the first hash value and the second hash value match. Comprising,
Authentication server. Equipment and
Multiple authentication servers,
With multiple data servers,
The device comprises:
A transaction data generation unit that generates transaction data including a first hash value obtained from the history information of the device, and transmits the transaction data to one of the plurality of authentication servers;
By encrypting the history information using a secret calculation method that can be operated while being encrypted, a first secret calculation unit that generates encrypted history information and transmits the encrypted history information to the plurality of data servers;
With
Each of said data servers
A recording unit that records the encryption history information obtained from the device,
By performing an arithmetic operation on the recorded encryption history information while being encrypted, a second hash value of the recorded encryption history information is obtained and transmitted to the one authentication server. A second secret calculation unit,
The one authentication server,
A communication unit that receives the transaction data including the first hash value from the device, and acquires the second hash value from the data server;
A transaction data verification unit for verifying the transaction data,
A data verification unit that checks whether the first hash value matches the second hash value,
A recording unit that records the transaction data in a distributed ledger in synchronization with the plurality of authentication servers when the validity of the transaction data is confirmed and the first hash value and the second hash value match. Comprising,
Data protection system. A data structure used for a block recorded as a block chain in a data protection system including a device, a plurality of authentication servers, and a plurality of data servers,
The data structure is:
A blockchain address included in a block of the blockchain, which is an identifier for identifying a subject that has generated transaction data;
A transaction ID for identifying the transaction data;
A first hash value included in the transaction data, the first hash value being obtained from history information of the device;
Electronic signature of a user of the transaction data,
The transaction data is encrypted history information obtained by encrypting the history information of the device using a secret calculation method that can be operated while being encrypted, with respect to the encryption history information acquired from the device, When the second hash value obtained by executing the operation processing while the data server is encrypted matches the first hash value, the data server is included in the block.
data structure.

Images