JP2023069351A - Data service providing method and data service providing system - Google Patents

Abstract

To provide a data service providing method and a data service providing system that handle data more strictly based upon use rules, etc.SOLUTION: In a data service providing system, an access policy control part 2 acquires an access policy P1 including information related to an agreement of an individual user U about use of data providing business. Data acquisition parts 1A, 1B and 1C acquire first data including data on the individual user U from data providing business DB1, DB2 and DB3 based upon the access policy P1. A cooperation control part 3 acquires an access policy including an agreement of a second individual user about use of service business, and sets a service cooperation policy P2 cooperating with the access policy P1. A provided data generation part 4 generates second data used for data service provided to service business based upon the service cooperation policy P2.SELECTED DRAWING: Figure 3

Description

Embodiments of the present invention relate to a data service providing method and a data service providing system.

A service that links different services via a server or cloud is provided. For example, a system has been proposed that links different services and provides services by linking member information (user IDs, etc.) of different services. In such a service providing method and service providing system, it is desired to handle data including user's personal data more strictly based on terms of use and the like.

JP 2016-128966 A JP 2018-156405 A

The problem to be solved by the present invention is to provide a data service providing method and a data service providing system that can handle data including personal data more strictly.

A data service providing method of an embodiment has a first policy acquisition step, a data acquisition step, a second policy acquisition step, a policy setting step, a data generation step, and a data provision step. The first policy acquisition step acquires a first policy including information regarding the first individual user's consent to use of the data providing business. The data acquisition step acquires first data including data of the first individual user from the data providing business based on the first policy. A second policy obtaining step obtains a second policy including information regarding the second individual user's consent to use of the service business. A policy setting step of setting a service linking policy in which the first policy and the second policy are linked. The data generation step generates second data used for a data service provided to the service business from the first data based on the service cooperation policy. The data providing step provides a data service to the service business based on the second data.

1 is a configuration diagram of a data service providing system according to the first embodiment; FIG. The figure which shows the specific example of the same data service provision system. FIG. 2 is a functional block diagram of the same data service providing system; FIG. 4 is a functional block diagram of a data acquisition unit of the data service providing system; FIG. 4 is a functional block diagram of an access policy control unit of the same data service providing system; FIG. 10 is a diagram showing an example of data items newly created based on the combination policy; FIG. 3 is a functional block diagram of a cooperation information recording unit of the data service providing system; The figure which shows an example of data provision business cooperation information. The figure which shows an example of service business cooperation information. The figure which shows an example of a service cooperation policy. The figure which shows the terms of service with respect to a 1st service business. The figure which shows the terms of use with respect to a 2nd service business. The figure which shows the terms of use with respect to a third service business. FIG. 10 is a diagram showing an example of a generated virtual table; FIG. 2 is a functional block diagram of a data access control unit of the same data service providing system; FIG. 10 is a diagram showing policy violation monitoring history; FIG. 4 is a sequence diagram of the same data service providing system that operates in cooperation with a linked application provided to individual users by the first data providing business; FIG. 4 is a sequence diagram of the same data service providing system that operates in cooperation with a linked application provided by the first service business to individual users. Service cooperation confirmation screen of the same cooperation application. Service cooperation confirmation screen of the same cooperation application. Service linkage completion screen of the same linkage application. FIG. 4 is a sequence diagram of the same data access control unit that manages policy violations; The figure which shows the HTML description in the data service which the data service monitoring part received from the 2nd service business.

Hereinafter, a data service providing method and a data service providing system according to embodiments will be described with reference to the drawings.

(First embodiment)
[Data service providing system 100]
FIG. 1 is a configuration diagram of a data service providing system 100 according to the first embodiment.
The data service providing system 100 is a system that provides data services to registered users (individual user U and service provider SP). "Provision of data services" includes not only the provision of data itself, but also the provision of data analysis results and the provision of various services based on data.

The data service providing system 100 is composed of one or more servers. A basic infrastructure of the data service providing system 100 is constructed using a known data distribution processing system. The functions of the data service providing system 100 are implemented by programs executed by the processor of the server.

FIG. 2 is a diagram showing a specific example of the data service providing system 100. As shown in FIG.
The data service providing system 100 illustrated in FIG. 2 includes servers SV1, SV2, SV3, and SV4. The servers SV1, SV2, SV3, and SV4 are servers that include hardware such as processors such as CPUs, memories, recording media such as hard disks and flash memories, and communication devices.

The servers SV1, SV2, SV3, and SV4 may be servers with different types of OS, software, and the like. Also, the servers SV1, SV2, SV3, and SV4 may be operated by different operating entities. Servers SV1, SV2, SV3 and SV4 may be installed in different countries or different regions.

All hardware and software resources of servers SV1 and SV2 are occupied by data service providing system 100 . On the other hand, servers SV3 and SV4 provide data service providing system 100 with only part of their hardware and software resources. That is, the data service providing system 100 includes on-site servers such as servers SV1 and SV2, and IaaS (Infrastructure as a Service), PaaS (Platform as a Service) and SaaS (Software as a Service) such as servers SV3 and SV4. ) and a cloud server that provides In the following description, "server" includes any of the above servers.

Functional blocks (data acquisition unit 1, access policy control unit 2, cooperation control unit 3, provided data generation unit 4, data access control unit 5, etc.) of the data service providing system 100, which will be described later, are distributed via the network NW. It is realized by the operation of servers (for example, servers SV1, SV2, SV3, and SV4 illustrated in FIG. 2) arranged in the same manner. Note that the functional blocks of the data service providing system 100 may be realized by the operation of one server.

As shown in FIG. 1, the data service providing system 100 includes a data device 200 managed by a data provider (DP), a smartphone or tablet terminal owned by an individual user U, and a personal computer via a network NW. etc. (hereinafter referred to as personal terminal 300), a management device 400 owned by the administrator A of the data service providing system 100, and a service providing device 500 owned by the service provider SP. The data device 200, the management device 400, and the service providing device 500 may be a system composed of one or more servers.

The network NW may be a wide area network (WAN) such as the so-called Internet, a private network (LAN) in the building where the data service providing system 100 is installed, or a combination thereof. . Also, the network NW may be either wired communication or wireless communication. Communication between each device may be mediated by another device such as an access point.

FIG. 3 is a functional block diagram of the data service providing system 100. As shown in FIG.
The data service providing system 100 includes a data acquisition unit 1 , an access policy control unit 2 , a cooperation control unit 3 , a provided data generation unit 4 and a data access control unit 5 .

The data acquisition unit 1 acquires data including personal data of the individual user U from the data device 200 of the data provider DP, and records it as acquired data (first data) D. FIG. The data access control unit 5 controls to respond to a data service request from a service provider SP or the like. The provided data generation unit 4 generates provided data (second data) from the acquired data (first data) D in response to a data access request via the data access control unit 5 . The access policy control unit 2 controls an access policy P1 for acquired data (first data) D when generating provided data (second data). The cooperation control unit 3 controls a service cooperation policy P2 for cooperation between an individual user U, a service business SB (service business), and a data provision business DB (data provision business).

[Data Acquisition Unit 1]
FIG. 4 is a functional block diagram of the data acquisition unit 1. As shown in FIG.
The data acquisition unit 1 acquires data including personal data of the individual user U from the data device 200 of the data provider DP, and records it as acquired data (first data) D (data acquisition step). The data acquisition unit 1 also provides the acquisition data D to the provided data generation unit 4 . The data acquisition unit 1 has a data import interface 11 and an acquired data recording unit 12 .

The data import interface 11 is an interface for acquiring data from the data device 200 of the data provider DP. The data device 200 of the data provider DP imports data including the personal data of the individual user U, which is obtained based on the consent of the individual user U, to the data service providing system 100 via the data import interface 11. provide to

The data import interface 11 acquires data from the data device 200 as the data provider business DB of the data provider DP and records it in the acquired data recording unit 12 based on a contract with the data provider DP. The data import interface 11, for example, periodically acquires data collectively from the data device 200 of the data provider DP and updates the acquired data D recorded in the acquired data recording unit 12 (bulk type). The data import interface 11 may acquire data in real time from a device connected via an API (Application Programming Interface), for example (streaming type).

The acquired data recording unit 12 is a data storage that records acquired data (first data) D acquired from the data provider DP. Acquired data (first data) D may be raw data itself acquired from the data provider DP, or processed data processed into a standard data format or the like by a data processing unit (not shown). may The processed data is, for example, statistical data, aggregated data, anonymized data, pseudonymized data, or the like.

In this embodiment, the data service providing system 100 has three data acquisition units 1 . In the following description, when distinguishing between the three data acquisition units 1, they are referred to as a first data acquisition unit 1A, a second data acquisition unit 1B, and a third data acquisition unit 1C.

The data acquisition unit 1 (first data acquisition unit 1A, second data acquisition unit 1B, and third data acquisition unit 1C) acquires and records acquired data D including a plurality of data types with different handling policies. Data including a plurality of data types with different handling policies is also called a "data group".

The first data acquisition unit 1A, for example, acquires the purchase data D1 provided by the first data provider DB1 from the data device 200 (hereinafter also referred to as "data device 200A") managed by the data provider DP1. Record. The purchase data D1 is, for example, purchase detail data of a receipt, settlement data, and the like. The data import interface 11 (hereinafter also referred to as "data import interface 11A") of the first data acquisition unit 1A is an interface capable of acquiring the purchase data D1 from the data provider DP1.

The second data acquisition unit 1B, for example, retrieves HR (Human Resources) data D2 provided by the second data provider DB2 from the data device 200 (hereinafter also referred to as "data device 200B") managed by the data provider DP2. is obtained and recorded. The HR data D2 is, for example, personnel announcement data, attendance data, salary data, education data, and the like. The data import interface 11 of the second data acquisition unit 1B (hereinafter also referred to as "data import interface 11B") is an interface capable of acquiring the HR data D2 from the data provider DP2.

Third data acquisition unit 1C acquires health data D3 provided by third data provider DB3, for example, from data device 200 managed by data provider DP3 (hereinafter also referred to as “data device 200C”). Record. The health data D3 is, for example, health checkup data and daily vital health data. The data import interface 11 (hereinafter also referred to as "data import interface 11C") of the third data acquisition unit 1C is an interface capable of acquiring the health data D3 from the data provider DP3.

The data import interface 11 (data import interface 11A, data import interface 11B, and data import interface 11C) differs depending on the type of data handled and the data provider. Note that the data import interface 11 may be a general-purpose interface that can be used regardless of the type of data handled or the data provider.

The data acquisition unit 1 (the first data acquisition unit 1A, the second data acquisition unit 1B, and the third data acquisition unit 1C) is a distributed storage provided in different servers, and has a plurality of data types with different handling policies. can be distributed and stored. The data acquisition unit 1 (the first data acquisition unit 1A, the second data acquisition unit 1B, and the third data acquisition unit 1C) may be provided in the same server. Acquired data D includes intellectual training data, physical training data, moral training data, training attendance data, qualification acquisition data, medical examination data, power consumption data, gas usage data, water usage data, communication details data, schedule data, music and video viewing data Data including personal data such as .

In the present embodiment, "purchase data", "HR data", and "health data" are used as examples of data types with different handling policies, but the data types with different handling policies are not limited to these. For example, when purchasing data is acquired from a plurality of different data providers, it may be handled as acquired data including a single data type with different handling policies.

[Access policy control unit 2]
FIG. 5 is a functional block diagram of the access policy control unit 2. As shown in FIG.
The access policy control unit 2 controls an access policy P1 for the obtained data D recorded in the obtained data recording unit 12. FIG. The access policy P1 is the permission/prohibition of access to the acquired data D, access conditions, and the like. The access policy P1 may include information about the erasure period of the acquired data D, the usage period of the converted data that has undergone processing such as anonymization or pseudonymization from the raw data at the time of acquisition, the life cycle, and the like. The access policy P1 may include information regarding whether or not it is possible to use a combination of different types of data. The access policy control section 2 has an access policy interface 21 and an access policy recording section 24 .

The access policy interface 21 is an interface that connects the personal terminal 300 and the management device 400 owned by the manager A of the data service providing system 100 . Specifically, access policy interface 21 includes an API that connects personal terminal 300 and management device 400 with access policy recording unit 24 . The access policy interface 21 has an individual user interface 22 and an administrator interface 23 .

The personal user interface 22 includes an API that connects the personal terminal 300 and the access policy recording unit 24 . Also, the personal user interface 22 connects the personal terminal 300 and the data access control unit 5 as shown in FIG.

The administrator interface 23 includes an API that connects the management device 400 owned by the administrator A and the access policy recording unit 24 .

The access policy recording unit 24 records an access policy P1 for the acquired data D. FIG. The access policy P1 recorded in the access policy recording unit 24 is managed by the individual user U and the administrator A via the access policy interface 21. FIG. The access policy recording section 24 has a first access policy recording section 25 and a second access policy recording section 26 .

The first access policy recording unit 25 records an access policy set by the personal user U via the personal user interface 22 . Access policies recorded by the first access policy recording unit 25 include an individual user access policy 251 and a comprehensive access policy 252 .

The individual user access policy 251 is an access policy in which whether or not access by the service business SB to the acquired data D including the personal data of the individual user U is permitted is set for each individual user U. FIG. The personal user access policy 251 includes, for example, each service business DB that provided the acquired data D, each service business SB that uses the acquired data D, each data type and purpose of use of the acquired data D, each data provision mode, each consent policy, It is an access policy set for the personal data of the individual user U for each of various conditions such as each region of use and each life cycle of the acquired data D. FIG. An individual user U can set an individual user access policy 251 for any combination of these conditions.

The access policy that can be set for each data providing business DB in the personal user access policy 251 is, for example, when the data providing business DB that provided the acquired data D is the "first data providing business DB 1" or "the second data providing business DB 2 ” indicates whether data access is possible or not.

The access policy that can be set for each service business SB in the individual user access policy 251 is, for example, data access permission/prohibition when the service business SB is "first service business SB1" or "second service business SB2". .

The access policy that can be set for each service business SB in the personal user access policy 251 is attribute information such as business category, industry, business type, etc. data access based on

An access policy that can be set for each data type in the personal user access policy 251 is, for example, whether or not the data can be accessed when the data type is "purchase data D1" or "health data D3".

The access policy that can be set for each purpose of use in the personal user access policy 251 is, for example, whether or not data can be accessed when the purpose of use is "statistical use that does not identify an individual" or "non-statistical use that identifies an individual". is.

The comprehensive access policy 252 is an access policy that comprehensively specifies the individual user access policy 251 . The comprehensive access policy 252 roughly indicates whether or not the individual user U is allowed to access personal data using, for example, step-by-step indicators from level 1 to level 5. FIG. The individual user U can roughly set the individual user access policy 251 for each individual user U by setting the comprehensive access policy 252 without setting all the individual user access policies 251 .

In the following description, “individual user access policy 251” includes individual user access policy 251 roughly set by comprehensive access policy 252 .

A personal user U can access the personal user access policy 251 using an application implemented using the API of the personal user interface 22 . The application may be a native application running on the personal terminal 300 or a web application running on the data service providing system 100 . In the following description, the applications implemented using the API of the personal user interface 22 are also referred to as "cooperation application AP1" and "cooperation application AP2".

The second access policy recording unit 26 records access policies set by the administrator A via the administrator interface 23 . The access policy recorded by the second access policy recording unit 26 includes virtual table definition information 261 , data type handling policy 262 , data type combination policy 263 , and service business access policy 264 .

The virtual table definition information 261 is definition information used to set an access policy, and defines the specifications of the virtual table T generated by the provided data generation unit 4 . The specification defined in the virtual table definition information 261 is, for example, a schema indicating the structure of the virtual table T, data items (columns), and the like. A “data item” is the type of data handled in the virtual table T (content, data type, etc.).

Data items not defined in the virtual table definition information 261 cannot be accessed from the data access control unit 5 . A data item to be defined may be a data item included in the acquired data D in advance, or may be a data item newly created by combining data items of different acquired data D. FIG.

The data type handling policy 262 is an access policy in which the handling of the acquired data D is set for each data type. The data type handling policy 262 is, for example, a handling policy for the purchase data D1, a handling policy for the HR data D2, and a handling policy for the health data D3. The data type handling policy 262 may include data necessary for handling the acquired data D, such as metadata indicating details of the acquired data D such as an item code. By setting a handling policy for each data type, the data service providing system 100 can handle a wide variety of acquired data D. FIG.

The data type combination policy 263 is an access policy that sets a combination of acquired data D with different data types. The data type combination policy 263 is, for example, a rule for using the purchase data D1 and the health data D3 in combination.

FIG. 6 is a diagram showing an example of data items newly created based on the data type combination policy 263. As shown in FIG. The data items of the acquired data D of different data types are combined based on the data type combination policy 263 and used as a new data item. For example, as shown in FIG. 6, the data items "food purchase date" and "purchased food name" of the purchase data D1 and the data item "exercise date" of the health data D3 are combined to form new data. Used as the item "name of food purchased before and after exercise". By setting the data type combination policy 263, a new data item can be easily generated by seamlessly associating data items of data types with different handling policies.

The service business access policy 264 is an access policy in which whether or not the service business SB can access the acquired data D is set for each service business SB based on the contract with the service business SP. The service business access policy 264 is set for each “data item” defined in the virtual table definition information 261 . The service business access policy 264 can, for example, be set generically to disallow access by the first service business SB1 to all data items relating to HR data D2.

The administrator A can access the first access policy recording unit 25 and the second access policy recording unit 26 using an application implemented using the API of the administrator interface 23 . The application may be a native application that runs on the management device 400 owned by the administrator A, or a web application that runs on the data service providing system 100 .

[Cooperation control unit 3]
FIG. 7 is a functional block diagram of the cooperation control section 3. As shown in FIG.
The cooperation control unit 3 sets a service cooperation policy P2 for cooperation among the individual user U, the service business SB, and the data providing business DB. The service linking policy P2 is information for linking the service business SB and the data providing business DB to the individual user U in order to provide data services to the individual user U. Member ID data linking information C1 and the service business SB and information on the terms of use of the data providing business DB, and information on the consent of the individual user U to the terms of use. The cooperation control unit 3 has a cooperation interface 30 and a cooperation information recording unit 34 .

The cooperation interface 30 is an interface connected to the data device 200 owned by the data provider DP, the service provider 500 owned by the service provider SP, and the management device 400 owned by the administrator A of the data service provider system 100. be. Specifically, the cooperation interface 30 includes an API that connects the service providing device 500 and the management device 400 with the cooperation information recording unit 34 . The cooperation interface 30 has a data providing business cooperation interface 31 , a service business cooperation interface 32 , and an administrator cooperation interface 33 .

The data provider cooperation interface 31 is an interface connected to the data device 200 owned by the data provider DP. For example, the data provider cooperation interface 31 is an interface connected to the data device 200A owned by the data provider DP1. The data providing business cooperation interface 31 includes an API that connects the data device 200 owned by the data providing business operator DP and the cooperation information recording unit 34 .

The service business cooperation interface 32 is an interface connected to the service providing device 500 owned by the service provider SP. For example, the service business cooperation interface 32 includes a service providing device 500 owned by the service provider SP1 (hereinafter also referred to as a “service providing device 500A”) and a service providing device 500 owned by the service provider SP2 (hereinafter referred to as a “service It is an interface connected to the provider 500B). The service business cooperation interface 32 includes an API that connects the service providing device 500 owned by the service provider SP and the cooperation information recording unit 34 .

The manager cooperation interface 33 is an interface connected to the management device 400 owned by the manager A of the data service providing system 100 . The administrator cooperation interface 33 includes an API that connects the management device 400 owned by the administrator A and the cooperation information recording unit 34 .

The cooperation information recording unit 34 records cooperation information of users of the data service providing system 100 . The cooperation information recording unit 34 has a business operator cooperation information recording unit 35 and an individual user cooperation information recording unit 36 . The business operator cooperation information recording unit 35 records data provision business cooperation information 351 and service business cooperation information 354 .

FIG. 8 is a diagram showing an example of the data providing business cooperation information 351. As shown in FIG.
The data providing business cooperation information 351 has the first cooperative member ID data 352 and the data providing business service cooperation policy 353 . The data providing business cooperation information 351 is information in which the first cooperative member ID data 352 and the data providing business service cooperation policy 353 are associated with each other.

The first cooperative member ID data 352 is member ID data managed by the data provider DP, and is member ID data that identifies the individual user U in the data provided by the data provider DP. The first cooperative member ID data 352 includes a member ID managed by the data provider DP and member information (name, address, date of birth, age, gender, email address, etc.) associated with the member ID. . The data provider cooperation information 351 illustrated in FIG. 8 is information managed by the data provider DP1, and includes member ID data managed by the data provider DP1.

The member ID of the first cooperative member ID data 352 may not be the member ID itself managed by the data provider DP, but may be cooperative member ID data generated to indicate cooperative information.

The data providing business service cooperation policy (first policy) 353 includes the terms of use (first terms of use) stipulated for each data providing business DB of the data provider DP and the agreement of the individual user U to the terms of use. It is a service cooperation policy for a data providing business DB including data.

The terms of use of the data providing business service cooperation policy 353 indicate the types of terms of use defined for each data providing business DB. The data providing business cooperation information 351 illustrated in FIG. 8 includes the terms of use TD1 of the first data providing business DB1 provided by the data providing business operator DP1 and the terms of use TD2 of the first data providing business DB1. As shown in FIG. 8, the terms of use for the same data providing business DB but with different contents are managed as separate records. For example, an individual user U agrees to the terms of use TD2 that stipulates "use of statistics that do not identify individuals (including provision of If you agree to the terms of use TD1 that stipulate "non-statistical use (including third party provision)", consent to these terms of use is managed as a separate record. "Terms of use with different contents" include terms of use with different versions. For example, if the individual user U agrees to the terms of use TD1 with respect to the first data providing business DB1 and then agrees to the terms of use TD1′, which is a revised version of the terms of use TD1, the consent to these terms of use is a separate record. managed as

The consent data (also referred to as “information on consent”) of the service cooperation policy for data providing business 353 is data indicating the consent of the individual user U to the corresponding terms of use (whether or not consent is given, date of consent, etc.). The consent data included in the data providing business cooperation information 351 illustrated in FIG. 8 indicates the date when the corresponding terms of use were agreed. "NULL" entered in place of the date in the consent data indicates that the individual user U has not consented to the corresponding terms of use.

FIG. 9 is a diagram showing an example of the service business cooperation information 354. As shown in FIG.
The service business cooperation information 354 has second cooperation member ID data 355 and a service cooperation policy 356 for service business. The service business cooperation information 354 is information in which the second cooperative member ID data 355 and the service business cooperation policy 356 are associated with each other.

The second affiliated member ID data 355 is member ID data managed by the service provider SP, and identifies the individual user U used by the service business SB when reading data via the data access control unit 5. This is member ID data. The second cooperative member ID data 355 includes a member ID managed by the service provider SP and member information (name, address, date of birth, age, gender, email address, etc.) associated with the member ID. The service business cooperation information 354 illustrated in FIG. 9 is information managed by the service provider SP1, and includes member ID data managed by the service provider SP1.

The member ID of the second cooperative member ID data 355 may not be the member ID data itself managed by the service provider SP, but may be cooperative member ID data generated to indicate cooperative information.

The service cooperation policy for service business (second policy) 356 includes terms of use (second terms of use) defined for each service business SB of the service provider SP, consent data of the individual user U to the terms of use, It is a service cooperation policy of SB for service business including.

The terms of use of the service cooperation policy 356 for service business indicate the type of terms of use defined for each service business SB. The service business cooperation information 354 illustrated in FIG. and the terms of use TS4 of the first service business SB1. As shown in FIG. 9, the terms of use regarding the same service business SB but with different contents are managed as separate records. For example, if the individual user U agrees to the terms of use TS1 that stipulates basic usage modes for the first service business SB1, and then agrees to the terms of use TS4 that stipulates additional optional usage modes, these Agreement to the terms of use is managed as a separate record. "Terms of use with different contents" include terms of use with different versions. For example, if the individual user U agrees to the terms of use TS1 for the first service business SB1 and then agrees to the revised terms of use TS1', the consent to these terms of use is recorded as a separate record. managed.

The consent data (also referred to as “information on consent”) of the service cooperation policy for service business 356 is data indicating the consent of the individual user U to the corresponding terms of use (agreement or non-agreement, date of consent, etc.). Consent data included in the service business cooperation information 354 illustrated in FIG. 9 indicates the date when the corresponding terms of use were agreed to. "NULL" entered in place of the date in the consent data indicates that the individual user U has not consented to the corresponding terms of use. For example, if the terms of use of service business SB are updated while individual user U is not using service business SB, it is unknown whether personal user U agrees to the new terms of use. consent data is set to "NULL". Also, when it is unclear whether or not the individual user U agrees to the terms of use for some other reason, the consent data of the individual user U is set to "NULL".

The individual user cooperation information recording unit 36 records member ID data 361 of registered individual users U who use the data service providing system 100, and the like. The administrator A can update the data recorded in the individual user cooperation information recording unit 36 via the administrator cooperation interface 33 .

FIG. 10 is a diagram showing an example of the service cooperation policy P2.
The cooperation control unit 3 generates member ID data cooperation information C<b>1 in which the first cooperative member ID data 352 and the second cooperative member ID data 355 are associated with the member ID data 361 . Further, the cooperation control unit 3 generates a "service cooperation policy P2" in which the data providing business service cooperation policy 353 and the service business service cooperation policy 356 are associated with the member ID data cooperation information C1. As a result, in the data service provided by the data service providing system 100, the individual user U, the service business SB, and the data providing business DB can cooperate with each other.

The service cooperation policy P2 illustrated in FIG. 10 is a service business SB (first service business SB1, second service business SB2, and third service business SB3). The service cooperation policy P2 is, for example, data constituting the service cooperation policy P2 (member ID data 361, first cooperation member ID data 352, service cooperation policy 353 for data providing business, second cooperation member ID data 355, and service business is generated or updated when at least part of the service association policy 356) is updated. For example, when an individual user U who agrees to the terms of use TD1 of the data providing business DB1 agrees to the terms of use TS1 of the first service business SB1 and the service cooperation policy 356 for the service business is updated, the service cooperation policy P2 is updated. In the service cooperation policy illustrated in FIG. 10, illustration of member information (address, date of birth, age, gender, e-mail address, etc.) other than the name is omitted.

[Provided data generator 4]
Provided data generation unit 4 generates provided data from acquired data (first data) D in response to a data access request from registered users (individual user U and service provider SP) via data access control unit 5. (Second data) is generated. The data that registered users (individual user U and service provider SP) can read out via the data access control unit 5 is not the acquired data D recorded in the acquired data recording unit 12, but the provided data (first second data).

The provided data generation unit 4 generates a virtual table T corresponding to the data access request as provided data (second data). A virtual table T is a table that is generated for each data access request and is not entirely recorded in a nonvolatile recording unit. The provided data generation unit 4 responds to the data access request from the data access control unit 5 based on the generated virtual table T. FIG. The provided data generation unit 4 has an access control integration unit 41 and a virtual table generation unit 42, as shown in FIG.

In response to a data access request from the data access control unit 5, the access control integration unit 41 stores the "access policy P1" recorded in the access policy recording unit 24 and the "service cooperation policy P2" generated in the cooperation information recording unit 34. ” are integrated to generate “access control information P3”. The access control information P3 is generated or updated, for example, when at least part of the data (the access policy P1 and the service cooperation policy P2) forming the access control information P3 is updated.

The virtual table generation unit 42 generates a virtual table (second data) T from the obtained acquisition data (first data) D based on the access control information P3 generated by the access control integration unit 41 .

Based on the access policy P1 and the service cooperation policy P2 included in the access control information P3, the virtual table generation unit 42 obtains the acquisition data D necessary for responding to the data access request from the data access control unit 5 from the data acquisition unit 1. get.

Specifically, the virtual table generator 42 generates a virtual table (second data) T from the obtained data (first data) D based on the individual user access policy 251 included in the access policy P1. For example, if the personal user U restricts the use of personal data for the service business SB that requested data access and the purpose of use, the virtual table generation unit 42 creates a virtual table T from which the corresponding personal data is deleted. Generate.

Specifically, the virtual table generator 42 generates a virtual table (second data) T from the obtained data (first data) D based on the personal user access policy 251 included in the access policy P1. For example, if the individual user U restricts the use of a specific data item to the service business SB that has issued the data access request, the virtual table generation unit 42 generates the virtual table T from which the corresponding data item is deleted. do.

Specifically, the virtual table generation unit 42 converts the acquired data (first data) D to the virtual table (second second data) T is generated. When data provided by individual user U is included in acquired data (first data) D used by service business SB, virtual table generation unit 42 sets A virtual table T is generated using data items whose use is permitted based on the above.

For example, an individual user U who has provided data to the first data providing business DB1, which is an electronic receipt business, agrees to the terms of use TD1 that stipulates "non-statistical use (including third party provision) that identifies an individual". Suppose you are. In this case, when the acquired data (first data) D used by the service business SB includes the data provided by the individual user U, the virtual table generation unit 42 generates data relating to the purchase data D1 of the individual user U A virtual table T can be generated that includes data items (purchased food name, food purchase date and time, etc.) and data items that identify the individual user U (for example, name).

For example, an individual user U who has provided data to the first data providing business DB1, which is an electronic receipt business, agrees to the terms of use TD2 that stipulates "the use of statistics that do not identify individuals (including provision to third parties)". Suppose there is In this case, when the acquired data (first data) D used by the service business SB includes the data provided by the individual user U, the virtual table generation unit 42 generates data relating to the purchase data D1 of the individual user U A virtual table T can be generated that includes data items (purchased food name, food purchase date and time, etc.) but does not include data items that identify the individual user U (for example, name). The generated virtual table T is permitted to be used by the data access control unit 5 only when the data access request from the data access control unit 5 is statistical use.

Specifically, the virtual table generation unit 42 converts the acquired data (first data) D to the virtual table (second data) T. When a data access request is generated from the service business SB in response to a request from the individual user U, the virtual table generation unit 42 generates data items permitted to be used based on the terms of service of the service business SB to which the individual user U has consented. generates a virtual table T using

FIG. 11 is a diagram showing the terms of use TS1 for the first service business SB1.
For example, assume that an individual user U who uses the first service business SB1 agrees to the terms of use TS1 shown in FIG. In this case, when a data access request is generated from the first service business SB1 in response to a request from the individual user U, the virtual table generation unit 42 generates a A virtual table T is generated using the data items for which use is permitted.

FIG. 12 is a diagram showing the terms of use TS2 for the second service business SB2.
For example, assume that an individual user U who uses the second service business SB2 agrees to the terms of use TS2 shown in FIG. In this case, when a data access request is generated from the second service business SB2 in response to a request from the individual user U, the virtual table generation unit 42 generates a A virtual table T is generated using the data items for which use is permitted.

FIG. 13 is a diagram showing the terms of use TS3 for the third service business SB3.
For example, assume that an individual user U who uses the third service business SB3 agrees to the terms of use TS3 shown in FIG. In this case, when a data access request is generated from the third service business SB3 in response to a request from the individual user U, the virtual table generation unit 42 generates a A virtual table T is generated using the data items for which use is permitted.

FIG. 14 is a diagram showing an example of the virtual table T generated.
The virtual table generation unit 42 generates a virtual table T for each service business SB for which a data access request has been made. For example, as shown in FIG. 14, the virtual table generator 42 creates a first virtual table T1 for a data access request from the first service business SB1. The virtual table generation unit 42 also creates a second virtual table T2 for data access requests from the second service business SB2. The virtual table generation unit 42 also creates a third virtual table T3 for data access requests from the third service business SB3. However, when the access control information P3 regarding a plurality of data access requests is the same, the virtual table generation unit 42 generates only one virtual table T and responds to the plurality of data access requests with the same access control information P3. may

[Data access controller 5]
FIG. 15 is a functional block diagram of the data access controller 5. As shown in FIG.
The data access control unit 5 responds to data service requests from registered users (individual user U and service provider SP). After receiving the data service request, the data access control unit 5 issues a data access request to the provided data generation unit 4 in order to access the provided data (second data) necessary for providing the requested data service. put out. The data access control unit 5 provides the data service to the data service requester based on the provided data (second data) acquired from the provided data generation unit 4 . The provision of data services includes not only the provision of data itself, but also the provision of data analysis results and the provision of various services based on data. Methods of providing data services include a method of allowing a user to access provided data generated in the data service providing system 100, and a method of providing generated provided data to a user via a predetermined network. The method of sending, etc. are mentioned.

The data access control unit 5 also monitors whether there is any violation of the service cooperation policy P2 (hereinafter also referred to as "policy violation") in the provided data (second data) and data service. The data access control unit 5 may monitor whether or not the access policy P1 is violated in addition to the violation of the service cooperation policy P2.

The data access control unit 5 has a service business data access interface 52 , an individual user data access interface 53 , a provided data monitoring unit 54 , a data service monitoring unit 55 and a policy violation recording unit 56 .

The service business data access interface 52 includes an API that connects the service providing device 500 owned by the service provider SP and the provided data generation unit 4 . Service business SB can receive data services from data service providing system 100 via service business data access interface 52 .

The service business data access interface 52 includes, for example, an API for data search, an API for data analysis, and an API for visualizing data analysis results.

The personal user data access interface 53 connects the personal user interface 22 and the provided data generator 4 . Via the personal user interface 22 and the personal user data access interface 53, the individual user U can check how the personal data of the individual user U is accessed to the service business SB. .

The provided data monitoring unit 54 monitors whether or not the provided data (second data) obtained from the provided data generation unit 4 violates the policy. Specifically, when a data access request is generated from the service business SB in response to a request from the individual user U, the provided data monitoring unit 54 checks whether the provided data acquired from the provided data generation unit 4 is It monitors whether it is generated using only data items whose use is permitted based on the terms of use of the service business SB.

For example, assume that the individual user U agrees to the terms of use TS2 (see FIG. 12) of the second service business SB2. Under the terms of use TS2 (see FIG. 12), use of data items such as date of birth and age is not permitted. Here, when a data access request is generated from the second service business SB2 in response to a request from the individual user U, the data items such as date of birth and age are used in the provided data acquired from the provided data generation unit 4. In this case, the provided data monitoring unit 54 detects policy violations in the provided data.

The data service monitoring unit 55 monitors whether there is any policy violation in the data service provided by the service business data access interface 52 to the service business SB. Specifically, the data service monitoring unit 55 generates a data service request to the service business data access interface 52 as a virtual individual user U, and monitors whether there is any policy violation in the provided data service. .

Here, the act of the data service monitoring unit 55 receiving the data service from the service business SB as a virtual individual user U of the service business SB is performed after obtaining the consent of the service provider SP that provides the service business SB. shall be

For example, the data service monitoring unit 55 registers a virtual individual user VU who is a virtual individual user U as a user of the third service business SB3. Assume that the virtual individual user VU agrees to the terms of use TS3 (see FIG. 13) of the third service business SB3. Use of the name data item is not permitted under the terms of use TS3 (see FIG. 13). Next, the data service monitoring unit 55 causes the service enterprise data access interface 52 to generate a data service request corresponding to the request from the virtual personal user VU like a data crawler as the virtual personal user VU. . If the name data item is used in the provided data service, the data service monitoring unit 55 detects a policy violation in the data service.

For example, the data service monitoring unit 55 detects a policy violation in the data service when an item related to a data item whose use is not permitted is described in the HTML description of the WEB page provided in the data service or in the argument of the API. To detect.

The data service monitoring unit 55 regularly monitors policy violations in the data service at a preset cycle, such as once a week. The data service monitoring unit 55 may monitor policy violations in the data service at random intervals.

FIG. 16 is a diagram showing policy violation monitoring history PR.
The policy violation recording unit 56 records policy violations detected by the provided data monitoring unit 54 and the data service monitoring unit 55 as a policy violation monitoring history PR. The policy violation monitoring history PR records details of provided data or data services in which policy violations have been detected. The policy violation monitoring history PR includes data providing business DB that is the data provider, provided data ID that identifies the provided data that was used, service provider SP and service business SB that are provided, and terms of use that violated the policy. and the date and time of the violation.

[Operation of data service providing system 100]
Next, the operation of the data service providing system 100 when the first individual user U1 and the second individual user U2 who are the individual users U use the data service providing system 100 will be described.

<Collaboration with the first data provision business DB1>
FIG. 17 is a sequence diagram of the data service providing system 100 that operates in cooperation with the cooperative application AP1 provided to the individual user U by the first data providing business DB1.

The first individual user U1 is a user of the first data providing business DB1, and provides the data service of the first data providing business DB1, which is an electronic receipt business, via the cooperative application AP1 installed in the personal terminal 300. A usage application for use via the system 100 is transmitted to the data service providing system 100 .

If the first individual user U1 who applied for use is not a member of the data service providing system 100, the data service providing system 100 requests membership registration with the data service providing system 100 via the data providing business cooperation interface 31. . The first individual user U1 who has been requested to register as a member applies for membership registration in the data service providing system 100 via the cooperative application AP1. The data providing business cooperation interface 31 updates the member ID data 361 in the individual user cooperation information recording unit 36 .

The data service providing system 100 transmits at least one terms of use (such as the terms of use TD1 and the terms of use TD2 described above) to the first individual user U1 via the data providing business cooperation interface 31 .

The first individual user U1 selects a terms of use to agree to and transmits the selected terms of use to the data service providing system 100 via the cooperative application AP1.

The data providing business cooperation interface 31 updates the data providing business service cooperation policy 353 of the business cooperation information recording unit 35 using the information on the terms of use agreed to by the first individual user U1.

After that, the data import interface 11A of the first data acquisition unit 1A acquires the purchase data D1 regarding the first individual user U1 from the data provider DP1 based on the terms of use agreed by the first individual user U1, and records the acquired data. Record in section 12. The data import interface 11A may periodically acquire data collectively (bulk type), or may acquire data in real time from a device connected via an API (streaming type), for example.

<Collaboration with First Service Business SB1>
FIG. 18 is a sequence diagram of the data service providing system 100 operating in cooperation with the cooperative application AP2 provided to the individual user U by the first service business SB1.

The first individual user U1 and the second individual user U2 are users of the first service business SB1, and use the service of the first data providing business DB1, which is a recipe proposal business, via the cooperative application AP2 installed in the personal terminal 300. is used via the data service providing system 100 is sent to the data service providing system 100 .

If the first individual user U1 or the second individual user U2 who applied for use is not a member of the data service providing system 100, the data service providing system 100 sends a request to the data service providing system 100 via the service business cooperation interface 32. Request membership registration. The first individual user U1 or the second individual user U2 requested for membership registration applies for membership registration with the data service providing system 100 via the cooperative application AP2. The service business cooperation interface 32 updates the member ID data 361 in the individual user cooperation information recording unit 36 .

The data service providing system 100 transmits at least one terms of use (such as the terms of use TS1 described above) to the first individual user U1 and the second individual user U2 via the service business cooperation interface 32 .

The first individual user U1 and the second individual user U2 transmit the agreed terms of use to the data service providing system 100 via the cooperative application AP2.

The service business cooperation interface 32 updates the service business service cooperation policy 356 of the business operator cooperation information recording unit 35 using the information on the terms of use agreed to by the first individual user U1 and the second individual user U2.

<Data service for second individual user U2>
A second individual user U2 is not a user of the first data providing business DB1, but a user of the first service business SB1. In this case, the second individual user U2, in the service provided by the first service business SB1, agrees to the terms of use agreed by the other individual user U who provided the data to the first data providing business DB1 Within the scope of use (including provision by a third party), data services using data provided by other individual users U can be used. However, the data service that the second individual user U2 can use is limited to data items whose use is permitted based on the terms of use of the first service business SB1 that the second individual user U2 has agreed to.

For example, the cooperative application AP2 provided by the first service business SB1 (recipe proposal business) is generated based on the purchase data D1 of an unspecified number of individual users U acquired from the first data provision business DB1 (electronic receipt business). Based on the statistical information obtained, it is possible to propose trendy recipes to the second individual user U2.

<Data service for first individual user U1>
On the other hand, the first individual user U1 is a user of the first data providing business DB1 and a user of the first service business SB1. In this case, in the service provided by the first service business SB1 (recipe proposal business), the first individual user U1 provides the data to the first data providing business DB1 (electronic receipt business) within the scope of the terms of use he has agreed to. A data service using the data obtained from the analysis is also available. However, the data service that the first individual user U1 can use is limited to data items whose use is permitted based on the terms of use of the first service business SB1 that the first individual user U1 has agreed to.

For example, the cooperative application AP2 provided by the first service business SB1 (recipe proposal business), based on the purchase data D1 of the first individual user U1 acquired from the first data providing business DB1 (electronic receipt business), We can suggest the best recipe for

<Service collaboration>
In order to receive the above data service, the first individual user U1 transmits a service linkage between the first data providing business DB1 and the first service business SB1 to be used to the data service providing system 100 via the linking application AP2. (request for service linkage). The first individual user U1 transmits information (such as a member ID) indicating that he/she is a member using the first data providing business DB1 to the data service providing system 100 as necessary.

The service business linkage interface 32 updates the data linkage policy P2 (see FIG. 10) of the business linkage information recording unit 35 based on the service linkage request from the first individual user U1. Specifically, the member ID data linkage information C1 is updated, and the data provision business service linkage policy 353 and the service business service linkage policy 356 relating to the first individual user U1 are associated with the updated member ID data linkage information C1. . As a result, the first individual user U1 can use the data service of the first service business SB1 using the data he or she has provided to the first data providing business DB1.

19 and 20 are service cooperation confirmation screens WA of the cooperation application AP2. The cooperative application AP2 may be a native application that runs on the personal terminal 300 or a web application that runs on the data service providing system 100 . When the cooperation application AP2 is a native application, the service cooperation confirmation screen WA is generated and controlled by the personal terminal 300 based on communication with the cooperation control unit 3 via the service business cooperation interface 32 . When the cooperation application AP2 is a web application, the service cooperation confirmation screen WA is generated and controlled by the cooperation control unit 3 based on communication with the personal terminal 300 via the service business cooperation interface 32 .

The service cooperation confirmation screen WA is a screen for confirming the consent of the individual user U to the service cooperation between the first data providing business DB1 and the first service business SB1. The service cooperation confirmation screen WA has a cooperation service confirmation area W1, a message area W2, an agreement confirmation area W3, a cooperation data confirmation area W4, and a data handling confirmation area W5 from the top to the bottom of the screen.

The linked service confirmation area W1 displays the two linked services with icons W11 and W12 in an easy-to-understand manner. In addition, the linking service confirmation area W1 displays a data providing direction W13 that clearly indicates the direction in which data is provided in the two linked services. The icon W11 is an icon indicating the first data providing business DB1, and is, for example, an icon of an application provided by the first data providing business DB1 or a logo mark of a brand related to the first data providing business DB1. The icon W12 is an icon representing the first service business SB1, and is, for example, an icon of an application provided by the first service business SB1, a logo mark of a brand related to the first service business SB1, or the like.

The message area W2 displays a message or the like prompting the individual user U to agree. The message area W2 may display specific information for each individual user U together.

The consent confirmation area W3 presents the terms of use regarding service cooperation to the individual user U, and confirms consent to the terms of use and the intention to start service cooperation. The agreement confirmation area W3 has a message W31 displaying the terms of use, an agreement check button W32, and a cooperation start button W33. The consent check button W32 is a radio button indicating that the individual user U agrees to the terms of use displayed in the message W31. The cooperation start button W33 is a button for confirming that individual user U's service cooperation is to be started.

The linked data confirmation area W4 displays the data to be actually linked in an easy-to-understand manner. The linked data confirmation area W4 may also display, for example, an example of data that is actually linked.

The data handling confirmation area W5 displays handling of linked data. The data handling confirmation area W5 has a message W51 explaining data handling, a data providing business terms of use confirmation button W52, and a service business terms of use confirmation button W53. The data providing business terms of use confirmation button W52 is a button for opening a screen for confirming the terms of use of the first data providing business DB1 (for example, the terms of use TD1). The service business terms of use confirmation button W53 is a button that opens a screen for confirming the terms of use of the first service business SB1 (for example, the terms of use TS1). The individual user U can easily access the terms of use of the two linked services.

The data handling confirmation area W5 may have a button for opening a screen where the privacy policy of each business operator can be confirmed instead of (or in addition to) the terms of use. The privacy policy stipulates the policy of each business operator regarding the collection, utilization, management, protection, etc. of personal information (which may be limited to user information of a specific data service). For example, the data handling confirmation area W5 may have a button for opening a screen for confirming the privacy policy of the data provider DP1 and a button for opening a screen for confirming the privacy policy of the service provider SP1. Furthermore, the data handling confirmation area W5 may have a button for opening a screen for confirming the privacy policy of the operating company that provides the data service providing system 100. FIG. The individual user U can easily access the terms of use of each business/service and/or the privacy policy of each business, and after confirming these, can decide whether to agree to the terms of use and start service cooperation.

When the individual user U indicates that he/she agrees to the terms of use with the consent check button W32 and then presses the cooperation start button W33, the cooperation application AP2 requests the service business cooperation interface 32 to start service cooperation. do. When the cooperation is completed in the cooperation control unit 3, the cooperation application AP2 displays the service cooperation completion screen WB.

FIG. 21 shows the service cooperation completion screen WB of the cooperation application AP2.
The service cooperation completion screen WB has, from the top to the bottom of the screen, a cooperation service confirmation area W1 and a message area W6 indicating completion of cooperation.

The individual user U who wants to implement service linkage can easily grasp the two services linked in the linkage service confirmation area W1 on the service linkage confirmation screen WA, and can easily check the data actually linked in the linkage data confirmation area W4. The user can easily access the linked data handling in the data handling confirmation area W5. The individual user U who wants to implement service cooperation can easily grasp that the service cooperation has been completed on the service cooperation completion screen WB.

<Operation of Provided Data Generation Unit 4>
After that, the cooperative application AP2 transmits a data service request to the data service providing system 100 . The data service providing system 100 receives the data service request via the service business data access interface 52 and confirms the data service content. The service business data access interface 52 issues a data access request to the provided data generator 4 in order to access the provided data (second data) necessary for providing the requested data service.

Next, the provided data generation unit 4 generates a virtual table T as provided data (second data) from the obtained data (first data) D in response to the data access request (data generation step). The provided data generation unit 4 generates a virtual table T in which the ever-changing access policy P1 and data linkage policy P2 are constantly reflected by creating the virtual table T in response to each data access request. The data access control unit 5 can provide data services using provided data reflecting the latest access policy P1 and data linkage policy P2.

The provided data generator 4 may cache the created virtual table T as temporary storage. When the next data access request occurs, the provided data generator 4 reuses all or part of the cached virtual table T if the related access policy P1 and data linkage policy P2 have not been updated. may The provided data generation unit 4 can reduce the processing load for generating the virtual table T by using cached data (cache data) as temporary storage.

Next, the service business data access interface 52 provides a data service based on the virtual table T (data providing step).

<Manage policy violations>
FIG. 22 is a sequence diagram of the data access control unit 5 that manages policy violations.
The data service monitoring unit 55 performs user registration for the first service business SB1 as a virtual individual user VU. Assume that the virtual individual user VU agrees to the terms of use TS1 (see FIG. 11) of the first service business SB1.

The data service monitoring unit 55 also performs user registration for the second service business SB2 as a virtual individual user VU. Assume that the virtual individual user VU agrees to the terms of use TS2 (see FIG. 12) of the second service business SB2.

Next, as shown in FIG. 22, the data service monitoring unit 55 issues a data service request from the first service business SB1 to the service business data access interface 52 as the virtual individual user VU. The service business data access interface 52 issues a data access request to the provided data generator 4 .

The provided data generation unit 4 generates provided data (second data) based on the data access request, and outputs the generated data to the service business data access interface 52 .

The provided data monitoring unit 54 monitors whether or not the provided data (second data) acquired from the provided data generation unit 4 violates the policy regarding the terms of use TS1.

The service business data access interface 52 provides a data service to the first service business SB1 based on the acquired provision data (second data) virtual table T. FIG.

The first service business SB1 provides data services to virtual individual users VU based on the provided data services.

The data service monitoring unit 55 monitors whether the data service provided as the virtual individual user VU violates the policy regarding the terms of use TS1.

The policy violation recording unit 56 records policy violations detected by the provided data monitoring unit 54 and the data service monitoring unit 55 as a policy violation monitoring history PR. If there is a policy violation, the data access control unit 5 takes measures such as suspending the data service for the first service business SB1.

Similarly, the data service monitoring unit 55 requests the data service from the second service business SB2 as the virtual individual user VU, and sets the policy regarding the terms of use TS2 in the data service provided by the second service business SB2. Monitor for violations.

Here, the act of the data service monitoring unit 55 receiving data services from these service businesses SB as a virtual individual user U of the first service business SB1 and the second service business SB2 provides these service businesses SB. It is assumed that this has been done with the consent of the service provider SP1.

FIG. 23 is a diagram showing the HTML description in the data service provided by the data service monitoring unit 55 from the second service business SB2. The terms of use TS2 (see FIG. 12) of the second service business SB2 do not permit the use of data items such as date of birth and age. However, in the HTML description shown in FIG. 23, the keyword "40's" related to the age data item is described, and it is presumed that the second service business SB2 uses the age data item to provide the data service. be done. In this case, the data service monitor 55 detects policy violations in the data service.

For example, the data service monitoring unit 55 has a keyword for each data item as dictionary data. For example, for the data item "age", the data service monitoring unit 55 prepares in advance, as dictionary data, keywords including fluctuations in expression, such as "40s", "40s", and "40s". The data service monitoring unit 55 matches the HTML description of the WEB page, API arguments, etc. in the data service provided by the second service business SB2 with keywords related to data items whose use is not permitted, and performs matching. Detect policy violations in data services when

For example, the data service monitoring unit 55 may use keywords for each data item generated in advance by machine learning as dictionary data. The data service monitoring unit 55 uses dictionary data generated by machine learning to detect, for example, policy violations that cannot be determined at first glance.

Service provider SP1 provides first service business SB1 and second service business SB2. Even if the service business data access interface 52 provides data services to the first service business SB1 and the second service business SB2 based on the data linkage policy P2 (see FIG. 10), the service provider SP1 cannot provide the data service. The data services received are treated indiscriminately, and policy violations may occur in the data services provided to the individual user U. The data service monitoring unit 55 monitors whether or not there is a violation of the policy regarding the terms of use in the data service requested and actually provided by the virtual individual user VU. Ability to detect policy violations due to indiscriminate treatment of services.

According to the above-described embodiment, the data service providing system 100 handles data types and registered users (individual user U and service provider SP) for acquired data D including a plurality of data types with different handling policies. ), a wide variety of acquired data D with different information management methods and handling can be managed more seamlessly. Further, the data service providing system 100 can easily provide a data service in which the access policy P1 is strictly applied to the acquired data D including the personal data of the individual user U.

Further, according to the embodiment described above, the data service providing system 100 seamlessly provides data services to the service business SB using data acquired from the data providing business DP. By collectively managing the terms of use for both the business SB and the consent of the individual user U to the terms of use as a service cooperation policy P2, it is possible to easily provide a data service in which the terms of use and the consent to the terms of use are strictly applied.

(Modification)
In each of the above embodiments, the provided data generation unit 4 generates the virtual table T as the provided data (second data), but the provided data generation unit 4 generates the real table as the provided data (second data). good too. A real table is a table recorded in advance in a nonvolatile recording unit before a data access request is made. The provided data generation unit 4 periodically generates or updates a real table as provided data based on specific specifications (for example, provided data used for "statistical use where individuals are not identified (including third party provision)"). By using such a real table, the provided data generation unit 4 can reduce the processing load for generating provided data.

Further, according to the embodiment described above, the data service providing system 100 monitors whether there is a violation of the service cooperation policy P2 (“policy violation”) in the provided data (second data) and data service, A data service to which the cooperation policy P2 is more strictly applied can be provided.

It may be realized by recording the program in the above-described embodiment in a computer-readable recording medium and causing a computer system to read and execute the program recorded in the recording medium. It should be noted that the "computer system" referred to here includes hardware such as an OS and peripheral devices. The term "computer-readable recording medium" refers to portable media such as flexible discs, magneto-optical discs, ROMs and CD-ROMs, and storage devices such as hard discs incorporated in computer systems. Furthermore, "computer-readable recording medium" refers to a program that dynamically retains programs for a short period of time, like a communication line when transmitting a program via a network such as the Internet or a communication line such as a telephone line. It may also include something that holds the program for a certain period of time, such as a volatile memory inside a computer system that serves as a server or client in that case. Further, the program may be for realizing part of the functions described above, or may be capable of realizing the functions described above in combination with a program already recorded in the computer system.

While several embodiments of the invention have been described, these embodiments have been presented by way of example and are not intended to limit the scope of the invention. These embodiments can be implemented in various other forms, and various omissions, replacements, and modifications can be made without departing from the scope of the invention. These embodiments and their modifications are included in the scope and spirit of the invention, as well as the scope of the invention described in the claims and equivalents thereof.

DESCRIPTION OF SYMBOLS 100... Data service provision system 1... Data acquisition part 2... Access policy control part 3... Cooperation control part 4... Provided data generation part 5... Data access control part 251... Personal user access policy 262... Data Type handling policy 263 Data type combination policy 264 Service business access policy 361 Member ID data 352 First cooperative member ID data 353 Service cooperation policy for data providing business 355 Second cooperative member ID Data 356... Service cooperation policy for service business DP... Data provider DB... Data provider business SP... Service provider SB... Service business

Claims (20)

a first policy acquisition step of acquiring a first policy including information about the first individual user's consent to use of the data providing business;
a data acquisition step of acquiring first data including data of the first individual user from the data providing business based on the first policy;
a second policy obtaining step of obtaining a second policy including information about the second individual user's consent to use of the service business;
a policy setting step of setting a service linking policy in which the first policy and the second policy are linked;
a data generating step of generating second data used for a data service provided to the service business from the first data based on the service cooperation policy;
a data providing step of providing a data service to the service business based on the second data;
comprising
How we provide data services. the second policy includes information about the first individual user's consent to use of the service business;
In the data generation step, when the first individual user uses the service business, the second data used for the data service provided to the service business is converted to the first data based on the service cooperation policy. generated from,
The data service providing method according to claim 1. The service linkage policy includes member data linkage information that associates member data of the data providing business and member data of the service business,
3. The data service providing method according to claim 1 or 2. The service linkage policy is generated or updated when at least part of the first policy, the second policy, and the member data linkage information is updated.
4. The data service providing method according to claim 3. The data generation step generates the second data using data items permitted to be used based on the second personal user's consent to use of the service business.
The data service providing method according to any one of claims 1 to 4. The data generation step generates the second data using data items permitted to be used based on the content of the first individual user's consent to the use of the service business.
3. The data service providing method according to claim 2. In the data generation step, when the first data includes data provided by the first individual user, the data is used based on the consent of the first individual user to the use of the data providing business. generates the second data using data items authorized by
The data service providing method according to any one of claims 1 to 5. The information on the consent to use of the data provision business includes the date of consent,
the information about the consent to use of the service business, including the date of consent;
The data service providing method according to any one of claims 1 to 7. further comprising a service linking step of permitting the first personal user to link the data providing business for the first personal user and the service business for the first personal user;
The service linking step includes presenting data to be linked and handling of the linked data to the first individual user,
The data service providing method according to any one of claims 1 to 8. The service linking step presents the completion of the linking to the first individual user after obtaining consent for the linking from the first individual user.
The data service providing method according to claim 9. further comprising a policy monitoring step of monitoring whether the second data violates the service linkage policy;
The data service providing method according to any one of claims 1 to 10. further comprising a policy monitoring step of monitoring whether or not the service cooperation policy is violated in the data service provided to the second individual user by the service business;
The data service providing method according to any one of claims 1 to 10. further comprising a policy monitoring step of monitoring whether or not the service cooperation policy is violated in the data service provided to the first individual user by the service business;
The data service providing method according to any one of claims 1 to 10. The policy monitoring step receives a data service provided by the service business as a virtual individual user, and monitors whether the provided data service violates the service cooperation policy.
14. The data service providing method according to claim 12 or 13. Acquire a first policy containing information about the consent of the first individual user to the use of the data providing business, obtain a second policy containing information about the consent of the second individual user to the use of the service business, a cooperation control unit that sets a service cooperation policy that links the first policy and the second policy;
a data acquisition unit that acquires first data including data of the first individual user from the data providing business based on the first policy;
a provided data generation unit that generates second data used for a data service provided to the service business from the first data based on the service cooperation policy;
a data access control unit that controls to provide the data service to the service business based on the second data;
comprising
Data service provision system. the second policy includes information about the first individual user's consent to use of the service business;
When the first individual user uses the service business, the provided data generation unit converts the second data used for the data service provided to the service business to the first data based on the service cooperation policy. generated from data,
The data service providing system according to claim 15.
The service linkage policy includes member data linkage information that associates member data of the data providing business and member data of the service business,
17. The data service providing system according to claim 15 or 16. The cooperation control unit generates or updates the service cooperation policy when at least part of the first policy, the second policy, and the member data cooperation information is updated.
The data service providing system according to claim 17. The cooperation control unit presents the data to be linked and the handling of the data to be linked to the first individual user, and provides the data providing business to the first individual user and authorizing the first individual user to associate with the service business;
The data service providing system according to any one of claims 15 to 18. The data access control unit monitors whether the service cooperation policy is violated in the data service provided to the first individual user by the service business.
20. The data service providing system according to any one of claims 15-19.

Images