JP2023025661A - Information processing method, information processing device, information processing system, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make it possible to decrypt information about a user even when the user forgets his/her private key.

SOLUTION: An information processing device 1 has an acquiring unit 131 that acquires a block chain private key used by a user, a generating unit 132 that divides the acquired private key and generates a plurality of divided keys constituting the private key, a first transmitting unit 134 that transmits each of the generated divided keys to each of storage devices 4 managed by each of a plurality of providers that store the divided keys, and a notifying unit 135 that notifies a user using the private key of information indicating a plurality of providers corresponding to the plurality of storage devices 4 to which each of the plurality of divided keys is transmitted.

SELECTED DRAWING: Figure 2

COPYRIGHT: (C)2023,JPO&INPIT

Description

The present invention relates to an information processing method, an information processing apparatus, an information processing system, and a program.

Conventionally, when information about a user is stored in a blockchain, the information is encrypted using a private key (see Patent Document 1, for example).

Japanese Patent Application Laid-Open No. 2021-048430

If the private key is compromised, a third party can use the compromised private key to decrypt information about the user. For this reason, users are required to strictly manage their private keys, such as making them known only to the users. On the other hand, in a situation where only the user can know the private key, if the user forgets the private key, there is a problem that the information about the user cannot be decrypted.

Therefore, the present invention has been made in view of these points, and it is an object of the present invention to enable decryption of information about a user even when the user forgets the private key.

An information processing method according to a first aspect of the present invention comprises steps of obtaining a private key of a blockchain, which is executed by a computer and used by a user, and dividing the obtained private key to configure the private key. generating a plurality of split keys; transmitting each of the plurality of generated split keys to storage devices managed by each of a plurality of operators storing the split keys; and using the private keys. a step of notifying a user who wants to do so of information indicating a plurality of said operators corresponding to a plurality of said storage devices which are destinations of said plurality of split keys.

The information processing method further comprises a step of receiving instructions from the user to store the private key in each of a plurality of storage devices, executed by the computer, and in the obtaining step, the computer receives the private key The private key may be acquired upon receiving an instruction to store the .

In the receiving step, the computer receives a selection of a storage device that stores the split key from among a plurality of storage devices, and in the transmitting step, the computer sends each of the plurality of generated split keys to: It may be transmitted to each of the plurality of storage devices that have accepted the selection.

The private key corresponds to a combination of a plurality of words, and in the generating step, the computer creates a first split key corresponding to some of the plurality of words corresponding to the private key. and a second split key corresponding to the remaining words of the plurality of words, and in the transmitting step, the computer stores the first split key in a first storage device and transmitting said second split key to a second said storage device.

said block chain storing encrypted personal information of said user and receiving a request, executed by said computer, to obtain said user's personal information required for user registration for a service provided by a server; obtaining the private key from the user, authenticating the user, and, if the authentication is successful, permitting transmission of personal information of the user to the server; When the transmission of personal information is permitted, the encryption of the personal information of the user stored in the blockchain is decrypted using the obtained private key, and the service corresponding to the received personal information acquisition request is provided. sending to the server for providing.

The information processing method comprises: user identification information for identifying the user; A step of storing information indicating a plurality of businesses corresponding to the device in a storage unit, and in the notifying step, the computer stores the split key from the user or a person related to the user. Notifying the user or a person related to the user of information indicating the plurality of businesses associated with the user identification information of the user when a business information acquisition request indicating a business that manages the storage device is obtained. You may

The information processing method includes a step of associating information indicating a destination of the generated split key with identification information for identifying the user, and storing the information in a blockchain, which is executed by the computer. good too.

An information processing apparatus according to a second aspect of the present invention includes an acquisition unit that acquires a private key of a blockchain used by a user, and a plurality of split keys that divide the acquired private key and constitute the private key. a transmission unit that transmits each of the plurality of generated split keys to storage devices managed by each of a plurality of businesses that store the split keys; and a user that uses the private key. and a notification unit for notifying information indicating the plurality of businesses corresponding to the plurality of storage devices, which are destinations of the plurality of split keys.

An information processing system according to a third aspect of the present invention provides information processing having an information processing device, a first storage device managed by a first business operator, and a second storage device managed by a second business operator. A system, wherein the information processing device includes an acquisition unit that acquires a private key of a blockchain used by a user; a generation unit for generating a split key and a second split key; and a first storage device for storing the split key, transmitting the first split key generated by the generation unit to the first storage device for storing the split key, and storing the split key. a transmission unit for transmitting the second split key generated by the generation unit to a second storage device; and a notification unit that notifies information indicating the first business operator and the second business operator corresponding to the and a storage control unit that stores the split key received by the receiving unit in its own storage unit.

A program according to a fourth aspect of the present invention comprises a computer, an acquisition unit used by a user for acquiring a private key of a blockchain, and a plurality of split keys that divide the acquired private key and constitute the private key. a transmission unit that transmits each of the plurality of generated split keys to storage devices managed by each of a plurality of businesses that store the split keys; and a user that uses the private key. and a notification unit that notifies information indicating the plurality of business operators corresponding to the plurality of storage devices that are destinations of the plurality of split keys.

ADVANTAGE OF THE INVENTION According to this invention, there exists an effect that the information regarding a user can be decoded even when a user forgets a private key.

It is a figure explaining the outline|summary of the information processing apparatus which concerns on this embodiment. It is a figure which shows the structure of the information processing apparatus which concerns on this embodiment. It is a figure which shows an example of the registration screen of the user with respect to the service which a server provides. It is a figure which shows an example of an approval reception screen. FIG. 4 is a diagram showing an example in which personal information is input on the user registration screen shown in FIG. 3; It is a figure which shows the structure of the storage apparatus which concerns on this embodiment. FIG. 10 is a sequence diagram showing the flow of processing related to storage service; FIG. 10 is a sequence diagram showing the flow of processing related to personal information management service;

[Overview of information processing device 1]
FIG. 1 is a diagram illustrating an outline of an information processing device 1 according to this embodiment. The information processing device 1 is, for example, a computer that implements a personal information management service that manages personal information of a user by storing the personal information of the user in a blockchain and provides the personal information to a service in which the user newly registers as a user. be. The information processing device 1 is communicably connected to a user terminal 2 such as a smart phone or a personal computer, and a plurality of servers 3 that provide various services. In this embodiment, it is assumed that a user owns a user terminal 2A as a personal computer and a user terminal 2B as a smart phone. In the following description, the user terminals 2A and 2B are simply referred to as user terminals 2 when not distinguished from each other.

The information processing device 1 implements a storage service that divides and stores private keys of a blockchain used for user authentication. The information processing device 1 is communicably connected to a plurality of storage devices 4 that store split keys obtained by splitting a private key in order to implement storage services. The plurality of storage devices 4 is, for example, a server managed by a company different from the company that provides the personal information management service.

When the user uses the storage service, the information processing device 1 acquires the private key of the block chain used by the user ((1) in FIG. 1). The information processing device 1 divides the obtained private key to generate a plurality of divided keys constituting the private key ((2) in FIG. 1). The information processing device 1 transmits the generated split key to each of the plurality of storage devices 4, and causes the storage device 4 to store the split key ((3) and (4) in FIG. 1).

In the example shown in FIG. 1, the information processing device 1 splits the private key into two to generate two split keys, and stores each of the two generated split keys in one of the plurality of storage devices 4. 4A and storage device 4B for storage.

The information processing device 1 notifies the user terminal 2 of the user who uses the private key of storage destination information indicating a plurality of businesses corresponding to a plurality of storage devices 4 to which a plurality of split keys are sent ( (5) in FIG. 1).

By doing so, when the user forgets or loses the private key and cannot use the private key, by inquiring the contents of the split key to the plurality of business operators notified to the user, You can get the split key. The user can then combine the split keys to decrypt the private key.
Next, configurations of the information processing device 1 and the storage device 4 will be described.

[Configuration example of information processing device 1]
FIG. 2 is a diagram showing the configuration of the information processing device 1 according to this embodiment. The information processing device 1 includes a communication section 11 , a storage section 12 and a control section 13 .

The communication unit 11 is an interface for connecting to a communication network such as a mobile phone line or Internet line.
The storage unit 12 is, for example, a ROM (Read Only Memory) and a RAM (Random Access Memory). The storage unit 12 stores various programs for causing the information processing device 1 to function. For example, the storage unit 12 causes the control unit 13 of the information processing device 1 to be configured as a reception unit 130, an acquisition unit 131, a generation unit 132, a storage control unit 133, a first transmission unit 134, a notification unit 135, a registration unit 136, an acquisition request A program that functions as the receiving unit 137, the authenticating unit 138, and the second transmitting unit 139 is stored.

The storage unit 12 stores personal information of users who use the personal information management service provided by the information processing apparatus 1 . Specifically, the storage unit 12 stores a first user ID, which is a user ID that identifies a user who uses the personal information management service, type information indicating a plurality of types of personal information, and personal information corresponding to the type. and are stored in association with each other. The types of personal information are, for example, the user's name, address, age, telephone number, and credit card number used for payment. Types of personal information include information indicating user characteristics such as the user's years of investment experience, annual income, hobbies, etc., and a second user ID which is a user ID issued by a predetermined service for which the user has already registered as a user. and password.

The control unit 13 is, for example, a CPU (Central Processing Unit). The control unit 13 controls functions related to the information processing device 1 by executing various programs stored in the storage unit 12 . By executing the programs stored in the storage unit 12, the control unit 13 performs a reception unit 130, an acquisition unit 131, a generation unit 132, a storage control unit 133, a first transmission unit 134, a notification unit 135, and a registration unit 136. , an acquisition request reception unit 137 , an authentication unit 138 , and a second transmission unit 139 .

[Functions related to storage service]
First, functions of the control unit 13 related to the storage service provided by the information processing device 1 will be described. The storage service is implemented by the reception unit 130 , the acquisition unit 131 , the generation unit 132 , the storage control unit 133 , the first transmission unit 134 and the notification unit 135 .

The accepting unit 130 accepts an instruction to store a private key in each of the plurality of storage devices 4 by accepting use of the storage service from a user who uses the personal information management service. For example, the reception unit 130 causes the user terminal 2 used by the user to display a menu screen of the personal information management service. For example, an acceptance button is displayed on the menu screen as acceptance means for accepting an application for use of the storage service. The accepting unit 130 accepts an instruction to store the private key in response to the acceptance button being selected on the user terminal 2 .

Here, the private key is assumed to be a character string combining numbers, alphabets, symbols, etc., but may correspond to a combination of a plurality of words. For example, each of the multiple words may correspond to a specific character string, and the private key may be a conversion of the multiple words received from the user into the specific character string. In addition, the private key is not limited to a combination of multiple words, and may be a combination of numeric strings such as dates and a combination of character strings including symbols.

For example, when receiving a combination of multiple words from a user, the information processing apparatus 1 rearranges the multiple words corresponding to the combination according to a predetermined rule such as alphabetical order. Then, the information processing apparatus 1 identifies a private key corresponding to the user by converting each of the rearranged words into a character string corresponding to the word. By doing so, the user remembers a combination of words that is easier to remember than a private key, and inputs the combination of words into the information processing apparatus 1 at the time of authentication, so that the user's private key is stored in the information processing apparatus 1. key can be specified. This allows the user to treat the combination of words as equivalent to a private key.

Here, the receiving unit 130 may receive from the user a selection of the storage device 4 that stores the split key from among the plurality of storage devices 4 . For example, the receiving unit 130 receives the division number of the private key. Then, the receiving unit 130 displays a list of a plurality of storage devices 4, and receives selection of storage devices 4 corresponding to the number of divisions received from the list. The reception unit 130 displays the device name indicating the storage device 4 and the business operator information indicating the business operator managing the storage device 4 in the list of the storage device 4 in association with each other, so that the device name or the business operator can be selected. By accepting, the selection of the storage device 4 may be accepted. By doing so, the user can select the storage device 4 managed by the business operator that the user prefers.

Acquisition unit 131 acquires a private key used by a user. Specifically, when the accepting unit 130 accepts an instruction to store the private key from the user and accepts the selection of the storage device 4, the acquiring unit 131 displays an input accepting screen for accepting the private key input on the user terminal 2. Let Acquisition unit 131 acquires the private key of the user via the input reception screen. Here, the obtaining unit 131 may obtain the private key by receiving an input of a combination of multiple words corresponding to the private key and converting each of the multiple words corresponding to the input combination. In this case, the acquiring unit 131 causes the user terminal 2 to display a plurality of words including a plurality of words corresponding to the private key, and selects a combination of the plurality of words corresponding to the private key from the displayed plurality of words. may be accepted. By doing so, the information processing apparatus 1 can obtain a private key limited to the user who has applied for the use of the storage service by pressing the acceptance button indicating the application for the use of the storage service on the user terminal 2. can.

The generation unit 132 divides the private key acquired by the acquisition unit 131 to generate a plurality of split keys that constitute the private key. For example, if the number of divisions received from the user is 2 and the number of characters that make up the private key is X, the generation unit 132 generates n characters from the first character to the nth character that make up the private key. Let the character string be the first split key, and Xn character strings from the (n+1)th character to the Xth character be the second split key.

In addition, when the reception unit 130 receives a combination of a plurality of words corresponding to a private key from the user, the plurality of words received from the user are divided into groups of the number of divisions specified by the user. Generate a key. For example, when the number of divisions received from the user is 2, the generation unit 132 generates a first division key corresponding to some of the plurality of words, and Generate a second split key corresponding to the remaining word. When receiving a combination of multiple words corresponding to a private key from a user, the generation unit 132 does not convert the combination of multiple words into a private key, and generates one or more words divided into groups corresponding to the number of divisions. may be used as the split key.

In addition, the generation unit 132 selects words to be used as the first split keys so that the difference between the number of words to be used as the first split keys and the number of words to be used as the second split keys is minimized. and the number of words to be used as second split keys may be determined. By doing so, the generation unit 132 can suppress bias in the amount of information to any one of the plurality of split keys.

The storage control unit 133 causes the blockchain to store storage history information that associates information indicating the destination of the generated split key with the first user ID for identifying the user who applied for the storage service. . For example, the storage control unit 133 stores a storage device ID for identifying the storage device 4 indicating the transmission destination of the generated split key or a business operator ID for identifying a business operator managing the storage device 4, and a storage service Storage history including the first user ID of the user who applied for the use of the storage service, part of the user's personal information such as the user's name and birthday, and information indicating the date and time when the user applied for the storage service Store information on the blockchain. Since it is difficult to falsify the information stored in the blockchain, the information processing device 1 can reliably store the usage history of the storage service by the user.

Note that the storage control unit 133 may encrypt the storage history information and store it in the block chain. By doing so, the information processing apparatus 1 can prevent a third party from specifying the storage location of the split key when the storage history information is leaked.

The first transmission unit 134 generates each of the plurality of split keys generated by the generation unit 132, the first user ID of the user who applied for the storage service, and part of the name and date of birth of the user. Personal information is transmitted to each of the storage devices 4 managed by each of the plurality of business operators. The first transmission unit 134 transmits each of the plurality of split keys generated by the generation unit 132, the first user ID, and part of the personal information to a plurality of storage devices 4 for which the reception unit 130 has received a selection from the user. , and the split key and the user ID are associated with each other and stored in the storage device 4 .

For example, the receiving unit 130 receives from the user that the private key is divided into two, and also receives the selection of the first storage device 4 and the second storage device 4, and the generation unit 132 selects the first split key and the second storage device 4. Suppose that a second split key is generated. In this case, the first transmission unit 134 transmits the first split key, the first user ID of the user who applied for the storage service, and part of the personal information to the first storage device 4. Then, the second split key, the first user ID of the user, and a part of the personal information are sent to the first storage device 4 for storage.

By doing so, the information processing device 1 can store the split key in each of the storage devices 4 for the number of splits specified by the user. Further, when receiving an inquiry about a split key from a user, the business operator of the storage device 4 accepts presentation of the first user ID and part of the personal information from the user. Also, it is possible to confirm whether or not some of the personal information is stored in the storage device 4, and to identify that the user is the user who applied for the storage service.

Further, when transmitting a split key to the storage device 4 for storage, the first transmission unit 134 may transmit information indicating the position of the split key in the private key to the storage device 4 for storage. For example, the private key is split into a first split key and a second split key, and it is determined whether the first split key corresponds to the first half of the private key or the second half of the private key. The information shown may be transmitted to and stored in the storage device 4 . In this way, when a user acquires split keys from a plurality of storage devices 4, the position of the split key in the private key can be confirmed and the private key can be decoded from the acquired split key without error.

The notification unit 135 informs the user who uses the private key that storage destination information indicating a plurality of businesses corresponding to a plurality of storage devices 4 to which the plurality of split keys are sent, and that storage of the split keys has been completed. Notify the completion information indicating that. For example, when the first transmission unit 134 transmits each of the plurality of split keys to the plurality of storage devices 4, the notification unit 135 causes the user terminal 2 to display the completion information, thereby displaying the plurality of stored split keys. The user is notified of information indicating a plurality of business operators corresponding to the storage device 4 and the completion of storage of the split key. By doing so, even if the user forgets the private key, the user can inquire about the split key from the notified multiple business operators.

In addition, when the notification unit 135 acquires from the user or a person related to the user a request to acquire the business operator information indicating the business operator that manages the storage device storing the split key, the notification unit 135 acquires the information associated with the user ID of the user. Notify the user or the user's related parties of information indicating a plurality of businesses. Here, the related persons of the user are, for example, the user's family, the user's relatives, the agent designated by the user, and the like.

For example, the notification unit 135 receives, from the user or a person related to the user, the user ID of the user, and certification information for certifying the user, such as the image of the user's driver's license or the image of the insurance card. Get a get request for . When the acquired user ID and part of the user's personal information indicated by the certification information are associated and stored in the storage history information, the notification unit 135 selects a plurality of business operators associated with the user's user ID. Notify the user of the information shown.

Note that, when acquiring a company information acquisition request from a person related to the user, the notification unit 135 receives certification information indicating that the person related to the user is related to the user, and based on the certification information, is related to the user. In addition, the notification unit 135 may present the user ID and the certification information acquired together with the acquisition request of the business operator information to the administrator or the like of the information processing device 1 . Then, the notification unit 135 may receive from the administrator or the like whether or not the user or the person related to the user who made the acquisition request is a valid user or the person related to the user.

In addition, the notification unit 135 sends the user ID who applied for the storage service to the business operator corresponding to each of the storage devices 4 storing the split key, personal information such as the user's name and date of birth, and the user's data for the storage service. and information indicating the date and time when the application for use of is made. In this manner, when the user inquires about the split key, the business operator confirms the user's personal information to confirm that the split key is stored in the storage device 4 of the business operator. can be checked quickly.

[Functions related to personal information management service]
Next, functions related to the personal information management service will be described. A personal information management service is implemented by the registration unit 136 , the acquisition request reception unit 137 , the authentication unit 138 and the second transmission unit 139 .

The registration unit 136 registers users with the personal information management service provided by the information processing apparatus 1 . Specifically, first, the registration unit 136 receives a user registration request for the personal information management service from the user terminal 2 . Upon receiving a user registration request, registration unit 136 generates a first user ID for identifying the user, authentication information for authenticating the user, and a private key. Then, the registration unit 136 receives registration of personal information from the user via the user terminal 2 . The registration unit 136 notifies the user of the generated private key.

The authentication information is, for example, the user's biometric information such as the user's iris and voiceprint. The registration unit 136 receives biometric information from the user and uses the biometric information as authentication information for authenticating the user. When generating the authentication information, the registration unit 136 generates a hash value of the authentication information, associates the hash value with the first user ID, and stores them in a block chain (not shown). By storing the hashed authentication information in the blockchain in this way, it is possible to prevent the authentication information from being stolen or tampered with, and to prevent unauthorized authentication from being performed.

The private key, for example, is registered by the user and used to decrypt (decrypt) the user's encrypted personal information. Upon receiving registration of personal information from a user, the registration unit 136 encrypts the registered personal information using, for example, a predetermined secret key associated with the private key, and encrypts the registered personal information using IPFS (InterPlanetary File System). Distribute and store the converted personal information on the blockchain. In this embodiment, the personal information is stored in the block chain, but the storage unit 12 may store the personal information without being limited to this. In addition, in the present embodiment, the registered personal information is encrypted using IPFS and a predetermined secret key, and distributed and stored in the block chain. Personal information may be encrypted and distributed and stored in a blockchain.

The acquisition request receiving unit 137 receives a request for acquiring the user's personal information required for the user's registration for the service provided by the server 3 . For example, as shown in FIG. 1, it is assumed that a user owns, as user terminals 2, a user terminal 2A as a personal computer and a user terminal 2B as a smart phone. The user terminal 2A displays a user registration screen for the service provided by the server 3 by the user's operation. FIG. 3 is a diagram showing an example of a user registration screen for services provided by the server 3. As shown in FIG. As shown in FIG. 3, a two-dimensional barcode such as a QR code (registered trademark) is displayed on the user registration screen. The two-dimensional barcode contains personal information type information indicating a plurality of types of personal information required for user registration.

When the user operates the user terminal 2B and reads the two-dimensional barcode, the application corresponding to the personal information provision service stored in the user terminal 2B is activated, and the personal information type information indicates necessary for user registration. The type of personal information is displayed, and an approval reception screen for receiving approval for transmission of the personal information corresponding to the type to the server 3 is displayed.

FIG. 4 is a diagram showing an example of an approval reception screen. FIG. 4 shows the name, address, telephone number, and date of birth as the types of personal information required for user registration. , and a non-approval button for not accepting approval are displayed. When the approval button is pressed on the approval reception screen, the user terminal 2B sends a personal information acquisition request including the first user ID, the personal information type information, and the service ID for identifying the service provided by the server 3. Send to the processing device 1 .

The acquisition request receiving unit 137 receives a personal information acquisition request including personal information type information from the user terminal 2B. In addition, in the present embodiment, a personal information acquisition request including personal information type information is received from the user terminal 2B, but the present invention is not limited to this. For example, the server 3 may cause the user terminal 2A to display an approval acceptance screen. In this case, an input field for the first user ID may be provided on the approval reception screen. The acquisition request receiving unit 137 identifies the type of personal information to be transmitted to the server 3 based on the personal information type information included in the received personal information acquisition request.

The authentication unit 138 requests the user for permission to transmit the user's personal information to the server 3, and receives the transmission permission from the user. Specifically, the authentication unit 138 transmits an authentication information acquisition request to the user terminal 2 when the acquisition request reception unit 137 receives the personal information acquisition request. The authentication unit 138 acquires authentication information and a private key from the user terminal 2, and performs authentication using the acquired authentication information.

The authentication unit 138 authenticates the user by comparing the authentication information acquired from the user terminal 2 and the authentication information stored in the block chain. Specifically, the authentication unit 138 calculates a hash value of the authentication information acquired from the user terminal 2, associates the hash value with the hash value of the authentication information associated with the first user ID, and stores the hash value in the blockchain. User authentication is performed by determining whether or not it is stored. The authentication unit 138 accepts permission to transmit personal information from the user when the authentication is successful.

When the authentication unit 138 receives permission from the user to transmit the personal information, the second transmission unit 139 acquires the user's personal information based on the private key acquired together with the authentication information. Then, the second transmission unit 139 transmits the acquired personal information to the server 3 that provides the service corresponding to the personal information acquisition request received by the acquisition request reception unit 137 . In this way, when the user registers for a new service, the user does not need to input personal information to the server 3, but allows the information processing device 1 to transmit the personal information to the server 3 and register for the new service. can do.

Specifically, first, when the authentication unit 138 receives permission to transmit personal information from the user, the second transmission unit 139 transmits the user's personal information stored in the blockchain in association with the specified type of personal information. get. For example, when the approval button is pressed on the approval reception screen shown in FIG. 4, the second transmission unit 139 stores encrypted name, address, telephone number, It obtains the date of birth and decrypts these personal information using a predetermined private key associated with the private key obtained with the authentication information.

Then, the second transmission unit 139 transmits the personal information to the server 3 corresponding to the service ID included in the personal information acquisition request received by the acquisition request reception unit 137 . The server 3 inputs and displays the personal information received from the information processing apparatus 1 on the user registration screen for the service provided by itself. FIG. 5 is a diagram showing an example in which personal information is entered on the user registration screen shown in FIG. By doing so, the personal information is entered on the user registration screen, so that the user can easily register for the service without having to manually enter the personal information. In this embodiment, an example in which personal information is input to the user registration screen displayed on the user terminal 2A shown in FIG. 3 has been described, but the present invention is not limited to this. For example, the user terminal 2B may newly display a registration screen for a user whose personal information has been input.

Further, when the personal information is transmitted, the second transmission unit 139 associates the type of the transmitted personal information with the service ID corresponding to the server to which the personal information is transmitted, and stores them in the storage unit 12 as provision management information.

The registration unit 136 receives a personal information update request from the user and updates the personal information. First, the registration unit 136 transmits an acquisition request for authentication information to the user terminal 2 . The registration unit 136 acquires authentication information and a private key from the user terminal 2, and performs authentication using the acquired authentication information. The registration unit 136 accepts personal information to be updated from the user due to the success of the authentication. Upon receiving the personal information to be updated, registration unit 136 encrypts the personal information using a predetermined secret key associated with the private key. Then, the registration unit 136 updates the personal information by storing the encrypted personal information in the block chain.

When the user's personal information is updated, the second transmission unit 139 identifies the server 3 that transmits the updated personal information, and transmits the personal information to the identified server 3 . Specifically, first, the second transmission unit 139 refers to the provision management information and identifies the service ID of each of the one or more servers 3 that have transmitted personal information to be updated in the past. Then, the second transmission unit 139 receives a selection as to whether or not to transmit the updated personal information to the server 3 corresponding to each of the identified one or more service IDs. The second transmission unit 139 individually receives a selection as to whether or not to transmit the updated personal information to each of the plurality of servers 3 . Upon receiving the instruction to send the updated personal information, the second sending unit 139 sends the updated personal information to the server 3 corresponding to the sending instruction. By doing so, the information processing apparatus 1 can transmit the updated personal information to the server 3 that transmitted the personal information in the past, and change the personal information to the latest one.

[Configuration example of storage device 4]
FIG. 6 is a diagram showing the configuration of the storage device 4 according to this embodiment. The storage device 4 includes a communication section 41 , a storage section 42 and a control section 43 .

The communication unit 41 is an interface for connecting to a communication network such as a mobile phone line or Internet line.
The storage unit 42 is, for example, ROM and RAM. The storage unit 42 stores various programs for causing the storage device 4 to function. For example, the storage unit 42 stores a program that causes the control unit 43 of the storage device 4 to function as the reception unit 431 , the storage control unit 432 and the provision unit 433 . The storage unit 42 also stores the split key received from the information processing apparatus 1 .

The control unit 43 is, for example, a CPU. The control unit 43 controls functions related to the storage device 4 by executing various programs stored in the storage unit 42 . The control unit 43 functions as a receiving unit 431 , a storage control unit 432 and a providing unit 433 by executing programs stored in the storage unit 42 .

The receiving unit 431 receives the split key from the information processing device 1 . Specifically, the receiving unit 431 receives from the information processing device 1 the split key, the first user ID of the user who applied for the storage service, and part of the personal information of the user.

The storage control unit 432 causes the storage unit 42 to store the split key received by the reception unit 431 . Specifically, the storage control unit 432 causes the storage unit 42 to store the split key received by the reception unit 431, the user's first user ID, and part of the user's personal information in association with each other. The storage control unit 432 encrypts the split key, the user's first user ID, and part of the user's personal information using the secret key managed by the operator of the storage device 4, and stores the encrypted information in the storage unit 42. may

The providing unit 433 provides the split key stored in the storage unit 42 . The providing unit 433 receives a split key acquisition request from a business operator terminal (not shown) used by the business operator who manages the storage device 4, so that the business operator who manages the storage device 4 receives an inquiry about the split key from the user. acknowledge that it has received Then, when the operator who manages the storage device 4 receives an inquiry about the split key from the user, the providing unit 433 determines whether or not the user is an authorized user, and determines that the user is an authorized user. Then, the division key corresponding to the user is provided to the operator terminal.

For example, the providing unit 433 receives, from a business operator terminal (not shown) used by the business operator, the user's first user ID, the user's name and date of birth, etc. presented by the user to the business operator. Accepts input with some personal information. When the first user ID whose input is accepted and a part of the personal information are associated and stored in the storage unit 42, the providing unit 433 sends the split key associated with the first user ID to the operator terminal. Send to As a result, the provider can notify the split key to the user who made the inquiry about the split key. Note that, when information indicating the user terminal 2 of the notification destination such as the user's email address is received from the business terminal, the providing unit 433 sends the split key corresponding to the user to the user terminal based on the information indicating the notification destination. 2 may be notified.

[Flow of processing related to storage service]
Next, an example of the flow of processing related to the storage service in the information processing device 1 will be described. FIG. 7 is a sequence diagram showing the flow of processing related to user registration using the information processing apparatus 1 according to this embodiment.

First, when the accepting unit 130 accepts a user ID and a storage service usage application from the user terminal 2 (S1), the acquiring unit 131 acquires the private key of the user of the user terminal 2 from the user terminal 2. (S2).

Subsequently, the generation unit 132 divides the private key acquired by the acquisition unit 131 to generate a plurality of split keys that constitute the private key (S3). Here, generation unit 132 divides the private key acquired by acquisition unit 131 into two to generate a first split key and a second split key.

The storage control unit 133 blocks the storage history information that associates the information indicating the destination of the generated split key with the user ID acquired together with the storage service usage application from the user terminal 2 that applied for the storage service usage. Store in the chain (S4).

The first transmission unit 134 transmits the first split key generated by the generation unit 132 to the storage device 4A, and transmits the second split key to the storage device 4B (S5, S6). When the reception unit 431 receives the first split key, the storage control unit 432 of the storage device 4A stores the received first split key in the storage unit 42 of the storage device 4A (S7). Similarly, when the receiving unit 431 receives the second split key, the storage control unit 432 of the storage device 4B stores the received second split key in the storage unit 42 of the storage device 4B (S8).

The notification unit 135 sends the user terminal 2 of the user who has applied for the use of the storage service to the user terminal 2, which includes information indicating a plurality of operators corresponding to the plurality of storage devices 4 to which the plurality of split keys are to be sent. is transmitted (S9). Upon receiving the completion information, the user terminal 2 displays the completion information on its own display unit, and displays information indicating a plurality of businesses corresponding to a plurality of storage devices 4 in which the split keys are stored, and information on which split keys are stored. The user is notified of the completion (S10).

[Flow of processing related to personal information management service]
Next, an example of the flow of processing related to the personal information management service in the information processing device 1 will be described. FIG. 8 is a sequence diagram showing the flow of processing related to user registration using the information processing apparatus 1 according to this embodiment.

First, the server 3 transmits a user registration screen to the user terminal 2A (S21). The user terminal 2A displays a user registration screen (S22).
Subsequently, the user terminal 2B reads the two-dimensional barcode displayed on the user's registration screen (S23). Upon reading the two-dimensional barcode, the user terminal 2B activates an application corresponding to the personal information providing service. The user terminal 2B displays the type of personal information required for user registration, and also displays an approval acceptance screen for accepting approval for transmission of the personal information corresponding to the type to the server 3 (S24).

When the approval button provided on the approval reception screen is pressed, the user terminal 2B receives the personal information including the first user ID, the personal information type information, and the service ID for identifying the service provided by the server 3. An acquisition request is transmitted to the information processing device 1 (S25). The acquisition request receiving unit 137 of the information processing device 1 receives a personal information acquisition request including personal information type information from the user terminal 2B.

The acquisition request receiving unit 137 of the information processing device 1 identifies the type of personal information to be transmitted to the server 3 based on the personal information type information included in the received personal information acquisition request (S26). When the acquisition request receiving unit 137 receives the personal information acquisition request, the authentication unit 138 of the information processing device 1 transmits an authentication information acquisition request to the user terminal 2B (S27), and receives the authentication information from the user terminal 2B. (S28).

The authentication unit 138 authenticates the user by comparing the authentication information acquired from the user terminal 2 and the authentication information stored in the block chain (S29). When the authentication is successful, the second transmission section 139 transmits the user's personal information stored in the storage section 12 in association with the type specified by the acquisition request reception section 137 to the server 3 (S30).

When receiving the personal information from the information processing device 1, the server 3 transmits the received personal information to the user terminal 2A (S31), and displays the personal information on the user's registration screen (S32).

[Effects of this embodiment]
As described above, the information processing apparatus 1 according to the present embodiment obtains a blockchain private key used by a user, divides the private key, generates a plurality of divided keys, and generates a plurality of divided keys. Each of the keys is transmitted to each of storage devices 4 managed by each of a plurality of businesses that store split keys. Further, the information processing device 1 notifies the user who uses the private key of information indicating a plurality of businesses corresponding to a plurality of storage devices 4 to which the plurality of split keys are sent. In this way, a user can decrypt information about the user even if the user forgets the private key.

Although the present invention has been described above using the embodiments, the technical scope of the present invention is not limited to the scope described in the above embodiments, and various modifications and changes are possible within the scope of the gist thereof. be. For example, in the above-described embodiment, the information processing apparatus 1 functions as the reception unit 130, the acquisition unit 131, the generation unit 132, the storage control unit 133, the first transmission unit 134, and the notification unit 135, thereby realizing the storage service. , but not limited to this. For example, the user terminal 2 functions as a reception unit 130, an acquisition unit 131, a generation unit 132, a storage control unit 133, a first transmission unit 134, and a notification unit 135. may be realized.

Further, in the above-described embodiment, the information processing device 1 causes the smartphone serving as the user terminal 2B to display an approval reception screen, receives a personal information acquisition request from the user terminal 2B, and then receives authentication information from the user terminal 2B. Acquired, but not limited to.

For example, a store terminal installed in a store or the like may display an approval reception screen and receive input of the authentication information and the first user ID from the user. In this case, the store terminal accepts the input of the authentication information and the first user ID from the user, and in response to pressing the approval button on the approval acceptance screen, personal information including the first user ID and the authentication information to the information processing apparatus 1.

When the information processing apparatus 1 receives a personal information acquisition request including the first user ID and the authentication information, the information processing apparatus 1 authenticates the user based on the first user ID and the authentication information included in the acquisition request, In response to successful authentication, the user's personal information may be acquired and transmitted to a store terminal or a server managed by the store. By doing so, the user can register his or her own personal information in a store terminal or a server managed by the store without using the user terminal 2 itself.

Further, the acquisition request receiving unit 137 may receive a personal information acquisition request including the second user ID issued by the server 3 from the server 3 for which user registration has been completed. In this case, the authentication unit 138 identifies the first user ID, which is the user ID of the personal information providing service associated with the second user ID included in the personal information acquisition request. Then, the authentication unit 138 transmits a request for approval of transmission of the personal information to the server 3 to the user terminal 2 used by the user of the specified first user ID, and receives approval of the personal information from the user terminal 2. Personal information is transmitted to the server 3 in response to the request. By doing so, when the server 3 needs to acquire the personal information, the user can provide the personal information to the server 3 only by approving the transmission of the personal information.

Further, in the above-described embodiment, the storage unit 12 stores the user's personal information, but the present invention is not limited to this. For example, a blockchain may store a user's personal information. In this case, the registration unit 136 causes the blockchain to store the personal information received from the user. By doing so, it is possible to prevent falsification of the personal information registered by the user.

Also, for example, all or part of the device can be functionally or physically distributed and integrated in arbitrary units. In addition, new embodiments resulting from arbitrary combinations of multiple embodiments are also included in the embodiments of the present invention. The effect of the new embodiment caused by the combination has the effect of the original embodiment.

Reference Signs List 1 information processing device 11 communication unit 12 storage unit 13 control unit 130 reception unit 131 acquisition unit 132 generation unit 133... Storage control unit, 134... First transmission unit, 135... Notification unit, 136... Registration unit, 137... Acquisition request reception unit, 138... Authentication unit, 139... Second transmission unit 2 User terminal 3 Server 4 Storage device 41 Communication unit 42 Storage unit 43 Control unit 431 Receiving unit 432 Storage control unit 433 Providing unit

Claims (10)

the computer runs
obtaining a blockchain private key for use by a user;
splitting the obtained private key to generate a plurality of split keys that make up the private key;
transmitting each of the plurality of generated split keys to each storage device managed by each of a plurality of businesses that store the split keys;
a step of notifying a user who uses the private key of information indicating the plurality of operators corresponding to the plurality of storage devices to which the plurality of split keys are sent;
An information processing method comprising: further comprising receiving instructions from the user to store the private key in each of a plurality of storage devices, executed by the computer;
In the acquiring step, the computer acquires the private key upon receiving an instruction to store the private key.
The information processing method according to claim 1 . In the receiving step, the computer receives a selection of a storage device that stores the split key from among a plurality of storage devices;
In the transmitting step, the computer transmits each of the plurality of generated split keys to each of the plurality of storage devices that have accepted the selection.
The information processing method according to claim 2. the private key corresponds to a combination of words,
In the generating step, the computer generates a first split key corresponding to some of the plurality of words corresponding to the private key, and converts the remaining words of the plurality of words to generate a corresponding second split key;
In the transmitting step, the computer transmits the first split key to a first storage device and transmits the second split key to a second storage device;
The information processing method according to any one of claims 1 to 3. the blockchain stores encrypted personal information of the user;
the computer executes
receiving a request to obtain the user's personal information required for the user's registration for services provided by the server;
obtaining the private key from the user, authenticating the user, and permitting transmission of personal information of the user to the server if the authentication is successful;
If the transmission of the user's personal information to the server is permitted, the user's personal information stored in the blockchain is decrypted using the obtained private key, and the received personal information is decrypted. sending an acquisition request to the server that provides the corresponding service;
further having
The information processing method according to any one of claims 1 to 4. User identification information for identifying the user and a plurality of split keys generated for the private key of the user, executed by the computer, corresponding to a plurality of storage devices that are destinations, respectively having a step of storing information indicating the business operator in a storage unit;
In the notifying step, when the computer acquires from the user or a person related to the user a business operator information acquisition request indicating a business operator managing the storage device storing the split key, the user Notifying the user or a related party of the user of information indicating the plurality of businesses associated with the user identification information of
The information processing method according to claim 5. A step of associating information indicating a destination of the generated split key with identification information for identifying the user, which is executed by the computer, and storing the information in a blockchain;
The information processing apparatus according to any one of claims 1 to 6. an acquisition unit that acquires a blockchain private key used by a user;
a generating unit that divides the obtained private key and generates a plurality of divided keys that constitute the private key;
a transmission unit that transmits each of the plurality of generated split keys to each of storage devices managed by each of a plurality of businesses that store the split keys;
a notification unit that notifies a user using the private key of information indicating the plurality of operators corresponding to the plurality of storage devices that are the destinations of the plurality of split keys;
Information processing device having An information processing system having an information processing device, a first storage device managed by a first business operator, and a second storage device managed by a second business operator,
The information processing device is
an acquisition unit that acquires a blockchain private key used by a user;
a generation unit that divides the private key acquired by the acquisition unit and generates a first split key and a second split key that constitute the private key;
transmitting the first split key generated by the generation unit to the first storage device storing the split key, and transmitting the second split key generated by the generation unit to the second storage device storing the split key a transmitter that transmits
a notification unit that notifies a user who uses the private key of information indicating a first business operator and a second business operator corresponding to the first storage device and the second storage device, which are destinations of the split keys, respectively; ,
has
Each of the first storage device and the second storage device
a receiver that receives the split key;
a storage control unit that stores the split key received by the receiving unit in its own storage unit;
having
Information processing system. the computer,
an acquisition unit that acquires a blockchain private key used by a user;
a generating unit that divides the obtained private key and generates a plurality of divided keys that constitute the private key;
a transmitting unit that transmits each of the plurality of generated split keys to each of storage devices managed by each of a plurality of businesses that store the split keys;
a notification unit that notifies the user using the private key of information indicating the plurality of operators corresponding to the plurality of storage devices that are destinations of the plurality of split keys;
A program that acts as a

Images