JP2024066250A - Program, information processing apparatus, and information processing method - Google Patents

Abstract

To provide a program, an information processing apparatus, and an information processing method for evaluating a risk of using information, according to each of destinations to which the information is provided.SOLUTION: A program causes a computer to implement: a reception function of receiving an information request for target person information on a target person from a destination device to which the target person information is to be provided; an acquisition function of acquiring the target person information from a source device which provides the information, the source device being different from the destination device; an evaluation function of evaluating a risk of using the target person information in the destination, on the basis of the target person information and destination information on the destination; and a providing function of providing, in accordance with the information request, the target person information and risk information indicating the evaluated risk to the destination device.SELECTED DRAWING: Figure 5

Description

The present invention relates to a program, an information processing device, and an information processing method.

Conventionally, there are known technologies for linking information between multiple people or organizations. Patent Document 1 describes an information linking system that accepts requests to register, update, and acquire information from multiple external systems, and accesses a database that allows information to be registered and updated in accordance with these requests. This information linking system calculates reliability information about the information stored in the database based on the reliability of the original information and the attributes of the organization that provided the information. With this configuration, the reliability of the information stored in the database can be provided to the target person.

JP 2020-149645 A

Even if the information provided is the same, the risk of using the provided information (hereinafter simply referred to as "risk") may differ for each recipient in terms of the impact or the magnitude of the impact when the risk becomes apparent. However, with the above-mentioned conventional technology, although the recipient can grasp the reliability of the information, it cannot grasp the assessment of the risk for each recipient.

Therefore, in order to solve the above problems, the present invention aims to provide a program, an information processing device, and an information processing method that can evaluate the risks involved in using information depending on the information recipient.

A program according to one aspect of the present invention causes a computer to realize a reception function that receives an information request for subject information related to a subject from a destination device to which the subject information is provided, an acquisition function that acquires subject information from a source device that is a source different from the destination, an evaluation function that evaluates the risk of using the subject information at the destination based on the subject information and destination information related to the destination, and a provision function that provides the destination device with the subject information and risk information indicating the assessed risk in response to the information request.

An information processing device according to one aspect of the present invention includes a receiving unit that receives an information request for subject information related to a subject from a destination device to which the subject information is provided, an acquisition unit that acquires the subject information from a source device that is a source different from the destination, an evaluation unit that evaluates the risk of using the subject information at the destination based on the subject information and destination information related to the destination, and a providing unit that provides the destination device with the subject information and risk information indicating the evaluated risk in response to the information request.

In an information processing method according to one aspect of the present invention, a computer receives an information request for subject information related to a subject from a destination device to which the subject information is provided, obtains the subject information from a source device that is different from the destination, evaluates the risk of using the subject information at the destination based on the subject information and destination information related to the destination, and provides the subject information and risk information indicating the evaluated risk to the destination device in response to the information request.

The present invention makes it possible to evaluate the risks involved in using information depending on the recipient of the information.

FIG. 1 is a diagram for explaining an example of a system configuration of an information collaboration system according to an embodiment of the present invention. FIG. 1 is a diagram for explaining an example of an overview of an information collaboration system according to an embodiment of the present invention. FIG. 1 is a diagram for explaining an example of an overview of an information collaboration system according to an embodiment of the present invention. FIG. 1 is a diagram for explaining an example of an overview of an information linkage system according to an embodiment of the present invention. FIG. 2 is a diagram illustrating an example of a functional configuration of a collaboration device according to the present embodiment. FIG. 4 is a diagram illustrating an example of the operation of a linked device according to the embodiment. FIG. 2 is a diagram illustrating an example of a hardware configuration of a coordination device according to the present embodiment.

A preferred embodiment of the present invention (hereinafter, referred to as "the present embodiment") will be described with reference to the attached drawings. Note that in each drawing, parts with the same reference numerals have the same or similar configurations.

In this invention, "part," "means," "device," or "system" does not simply mean physical means, but also includes cases where the functions of the "part," "means," "device," or "system" are realized by software. Furthermore, the functions of one "part," "means," "device," or "system" may be realized by a combination of two or more physical means, devices, or software modules, and the functions of two or more "parts," "means," "devices," or "systems" may be realized by one physical means, device, or software module.

The information linking system 1 according to this embodiment is a system for information linking between an information source and a destination. In the information linking system 1, the linking device 100 acquires subject information from the source. Next, when providing this acquired subject information to the destination, the linking device 100 identifies the reliability of the subject information (hereinafter also simply referred to as "reliability") and evaluates the risk of using the subject information at the destination (hereinafter also simply referred to as "risk" or "usage risk"). The linking device 100 then provides the destination with reliability information indicating the identified reliability and risk information indicating the evaluated risk together with the subject information.

In this embodiment, an example is described in which the source of the target information (hereinafter also referred to simply as the "source") is a financial institution and an information provider, and the destination of the target information, which is different from the source (hereinafter also referred to simply as the "destination"), is a service provider; however, the parties with which the information linking system 1 links information are not limited to this. For example, the source and/or destination may be individuals. In other words, the information linking system 1 may be applied to information linking between individuals, or to information linking between a business and an individual.

The provider is typically, but not limited to, an entity that stores target information such as a financial institution at a certain level, and/or an information provider that collects and/or edits AML information, antisocial information, internet information, etc., which will be described later. Financial institutions include, for example, banks, credit card businesses, or money transfer businesses. The provider may be, for example, a specified business entity under the Act on Prevention of Transfer of Criminal Proceeds (hereinafter, simply referred to as a "specified business entity"). In this embodiment, an example will be described in which the provider is an information provider entity and a financial institution.

Target information is information about the person to whom information is provided. The target may be, for example, a user (in other words, a "user") who uses a service provided by a service provider. For example, if the target is an individual, the target information may include so-called personal information such as target identification information for identifying the target, the target's name, telephone number, address, email address, personal identification number (My Number), gender, or date of birth as the target's attribute information. Furthermore, in the case of target information, for example, if the target is a business operator such as a corporation, the target may hereinafter be read as the business operator's representative, officer, employee, etc.

The subject information may include, for example, the subject's driver's license number, card number, account information of the account held by the subject (e.g., account type, account number, name, etc.), and device information of the terminal device used by the subject (e.g., MAC address, IP address, serial number, etc.).

The target information may include, for example, location information (e.g., GPS data, etc.), web history information (e.g., browsing history, search history, cookie information, etc.), or product purchase history information on an e-commerce site.

When the target is a business, the target information may include business information. The business information may include, for example, business identification information for identifying each business, trade name, corporate name, industry, address, email address, contact information, and/or representative, etc., as attribute information of the business. The business information may also include, for example, information indicating whether or not the target is a specified business.

The subject information may include, for example, confirmation information, AML (Anti-Money Laundering) information, and/or reflection information. The confirmation information is information for confirming the authenticity of the subject. The AML information is, for example, information including the purpose of opening the account and/or the planned amount of deposit and withdrawal. The anti-social information is information related to anti-social forces, for example, business information of businesses that are anti-social forces. Note that the ALM information and/or anti-social information may be included in the confirmation information and handled.

The verification information may include, for example, identity verification information for verifying the identity of the subject. Identity verification information is, for example, information related to the identity verification of the subject. Identity verification information may include, for example, the subject's name, address, contact information, information related to the subject's My Number card used for identity verification, and/or information related to the subject's driver's license used for identity verification, etc.

The confirmation information may include, for example, authentication information for authenticating the subject (hereinafter also referred to as "subject authentication"). The authentication information may include information on possessions of the subject, biometric information, and/or memory information. The subject authentication may be, for example, person authentication (Authentication) as defined by NIST SP 800-63-3. Furthermore, the authentication level applied to the user authentication may be, for example, AAL (Authenticator Assurance Level) as defined by NIST SP 800-63B.

The possession information may be, for example, card information relating to an IC card or magnetic card possessed by the subject, device identification information identifying a device possessed (e.g., an information terminal such as a smartphone), location information indicating the location of the possession (e.g., distance information indicating the distance between the possession and the destination device 300, and/or information indicating GPS coordinates measured by a GPS system using a GPS (Global Positioning System) device).

The biometric information may be, for example, information about the subject's physical appearance, fingerprints, palm print, voiceprint, and/or iris.

The stored information may be, for example, subject identification information that identifies the subject in the services provided by the information linkage system 1 or the service provider, a card number used to settle a transaction, an account number, a telephone number, an account name such as an email address, a password, a signature or figure entered or selected by the subject, a free-entry or multiple-choice answer to a given question, or any other information that is stored by the subject and can be obtained by the linkage device 100.

The subject information may include, for example, information that represents the nature and/or characteristics of the subject. Information that represents the nature and/or characteristics of the subject may be, for example, (A) age group (e.g., calculated from the customer's date of birth, such as "30s"), (B) gender, (C) place of residence (e.g., calculated from the subject's address at the country/prefecture/city/village level, such as "living in Osaka Prefecture"), etc.

The subject information may include, for example, transaction history information, bank account information, and/or internet information. In addition, if the subject is a company, the subject information may include financial information and/or performance information about the company.

Transaction history information is information that indicates the history of transactions made by the target person. Transaction history information includes, for example, transaction identification information for identifying each transaction, account identification information for each account used in each transaction, a history of payment instructions for settling each transaction, or the transaction amount of each transaction.

The financial information is, for example, information on each company's financial statements (e.g., balance sheets and cash flows). The financial information may also include, for example, the business's expense settlement information (e.g., information on financial institutions used for expense settlement, settlement cycles and/or settlement methods, etc.).

The performance information may be, for example, quarterly or annual sales, operating profit, or ordinary profit. The performance information may also include, for example, sales history information that indicates the history of sales over a specified period.

Internet information includes, for example, information posted on social media, information published on each company's corporate website, or information disclosed on EDINET (an electronic disclosure system for disclosure documents such as securities reports under the Financial Instruments and Exchange Act).

The transaction history information may include, for example, at least one of the following pieces of information as negative information:
- History information showing a history of failures in identity verification or authentication of the target person - History information showing a history of non-payment of a scheduled account withdrawal due to insufficient funds or a history of delayed payment, etc.

The transaction history information may include, for example, at least one of the following pieces of information as positive information:
- History information showing the history of successful identity verification and authentication of the target person - History information showing the history of transaction settlement as scheduled

The target information may include, for example, access history information. The access history information is information that indicates the history of access to the information linkage system 1 and/or the external system 2. The access history information may include, for example, the number of failed attempts to access these systems (e.g., logging in, etc.) during a specified period in the past, the number of failed attempts to authenticate the person when accessing, and/or a history of suspicious access while using the services provided by the system.

The subject information may include, for example, credit information from financial institutions or external credit information agencies (e.g., credit evaluation, credit class, and/or scoring from these agencies, etc.).

1. System configuration
An example of a system configuration of an information linkage system 1 according to the present embodiment will be described with reference to Fig. 1. As shown in Fig. 1, the information linkage system 1 includes a linkage device 100, a source device 200, a destination device 300, and a target device 400.

The linkage device 100 is communicatively connected to the source device 200, the destination device 300, and the target device 400 via the network N.

The network N is composed of a wireless network or a wired network. Examples of networks include a mobile phone network, a PHS (Personal Handy-phone System) network, a wireless LAN (Local Area Network, including communication conforming to IEEE802.11 (so-called WI/Fi (registered trademark))), 3G (3rd Generation), LTE (Long Term Evolution), 4G (4th Generation), 5G (5th Generation), WiMax (registered trademark), infrared communication, visible light communication, Bluetooth (registered trademark), a wired LAN, a telephone line, a power line communication network, a network conforming to IEEE1394, etc.

The linking device 100 is an information processing device that provides a relay function (hereinafter also referred to as a "GW (gateway) function") that acquires subject information from the source device 200 and provides the acquired subject information to the destination device 300. The linking device 100 executes a specific program to acquire subject information from the source device 200, identify the reliability of the acquired subject information and/or evaluate the usage risk, and then provide the acquired subject information to the destination device 300.

The source device 200 is an information processing device used by the source of the subject information. The source device 200 executes a specific program to receive a request for subject information from the linked device 100 and to provide the subject information to the linked device 100 in response to the request.

The provider device 200 may be, for example, a device of the external system 2. The external system 2 is a so-called third-party system, and may include a financial institution system of a financial institution (e.g., a credit card system or a bank system, etc.), an information provider's information provision system, an insurance system of an insurance company, etc.

The destination device 300 is an information processing device used by the destination of the target person information. In this embodiment, an example is described in which the destination is a party that provides a service to the target person (hereinafter also referred to as a "service provider"), but the destination is not limited to this. The destination may be an individual or business that enters into a contract and/or transaction with the target person that requires the target person information. The destination may also be, for example, a specified business (including a financial institution). The destination device 300 executes a specified program to request target person information from the linking device 100 and obtain target person information from the linking device 100 in response to this request.

The subject device 400 is an information processing device used by the subject, and is, for example, a device such as a smartphone, laptop, or tablet. The subject device 400 executes a specific program to receive various requests from the subject and to output a screen for the subject to use the GW function and/or the trust function described below. This specific program may be, for example, an application program dedicated to the information linkage system 1 installed in the subject device 400, or a web browser that is standard on mobile devices.

＜2. Overview＞
<2-1. Overall picture＞
An example of the outline of the information linkage system 1 will be described with reference to FIG. 2. FIG. 2 is a diagram showing an example of the overall image of the information linkage system 1. As shown in FIG. 2, the functions provided by the linkage device 100 are classified into A) management function (shown in FIG. 3), B) GW function, C) trust function, and D) risk assessment function. The management function is a function for managing each piece of information such as subject information. The trust function is a function for confirming the authenticity, completeness, and/or validity (hereinafter also collectively referred to as "legitimacy") of the subject individual or organization such as a business operator, and/or the subject information. The risk assessment function is a function for evaluating the risk of using the subject information at the destination and promoting the subscription of insurance against the evaluated risk. In the information linkage system 1, the classified functions are linked to each other (including information linkage and/or function linkage. The same applies below).

(1) The target person makes a request to the destination device 300 of the service provider via the target person device 400 to apply for a service usage contract (hereinafter also simply referred to as a "usage contract"). (2) When the destination device 300 accepts this request, it requests the target person information necessary for the usage contract from the coordinating device 100.

(3) When the GW function of the linked device 100 receives the above information request, it requests the subject information from the information providing system 2a, the financial system 2b, and the insurance system 2c, and acquires the subject information from the devices of these systems. When requesting and acquiring this subject information, the GW function may use, for example, an API provided by the financial system 2b, such as a so-called reference-based API, for acquiring account information of the subject's account opened at a financial institution (e.g., account balance inquiry, etc.) and/or subject information stored at the financial institution (e.g., attribute information inquiry, etc.).

(4a) When the GW function of the linked device 100 acquires the above-mentioned target information, it may identify the reliability of the target information and, depending on the identified reliability, may make a request to the trust function of the linked device 100 to confirm the validity of the target or the target information (hereinafter, also referred to as a "trust request"). For example, the GW function may make a trust request if the reliability is lower than a predetermined threshold, but may not need to make a trust request if the reliability is equal to or higher than the predetermined threshold.

(4b) When the trust function receives the above trust request, it requests, for example, confirmation information to confirm the authenticity of the subject from the subject device 400. The confirmation of the authenticity of the subject may specifically be the subject's identity confirmation (in other words, identity confirmation) and/or subject authentication (in other words, person authentication), etc. When performing subject authentication, for example, the trust function acquires confirmation information from the subject device 400 and compares the acquired confirmation information with confirmation information of a matching source registered in advance in the storage unit 130. If the matching result shows that the matching source information and the matching destination information match, the trust function may determine that the authenticity of the subject has been confirmed. (4d) The trust function responds to the GW function with the result of this confirmation (hereinafter also referred to as a "trust response").

(4e) The GW function may re-identify the reliability of the target information to adjust the reliability based on the result of this confirmation. Specifically, for example, if the result of this confirmation indicates that the authenticity of the target has been confirmed, the GW function may re-identify the reliability to increase it.

(5a) The GW function of the linked device 100 may make a request to the risk assessment function of the linked device 100 for an evaluation of the usage risk (hereinafter also referred to as an "evaluation request") depending on the reliability of the subject information. (5b) In response to the evaluation request, the risk assessment function evaluates the usage risk based on the subject information and the destination information.

(5c) The risk assessment function determines whether there is insurance (hereinafter also referred to as "risk insurance") corresponding to the assessed use risk, and if there is risk insurance, estimates the insurance for risk insurance. (5d) The risk assessment function transmits insurance proposal information to the destination device 300, which is insurance proposal information for proposing to the service provider that the service provider subscribe to risk insurance and indicates the result of the above-mentioned insurance estimate. When the destination device 300 subscribes to the risk insurance proposed in the insurance proposal information, it returns application information for applying for this subscription to the risk assessment function. (5e) When the risk assessment function acquires the application information, it transmits the application information to the insurance system 2c of the corresponding insurance company. When the procedure for subscribing to risk insurance is completed based on the application information, the insurance system 2c transmits subscription information indicating that the service provider has already subscribed to risk insurance to the risk assessment function. (5f) The risk assessment function may reassess the use risk based on this subscription information to adjust the evaluation. (5g) The risk assessment function responds to the GW function with this assessed or reassessed usage risk (hereinafter also referred to as the "assessment response").

The risk insurance may be, for example, insurance to cover various damages caused by cyber risks (so-called cyber insurance).

The recipient information is information about the recipient. The recipient information may have the same configuration as at least a portion of the target person information (in other words, it may include at least a portion of the items included in the target person information). For example, if the recipient is a business, the recipient information may include the location, size, and industry of the business, and/or information about the products (hereinafter also referred to as "product information") and/or services (hereinafter also referred to as "service information") provided by the business.

Product information may include, for example, information for identifying the seller selling the product or the manufacturer producing the product, the JAN code indicated by the barcode attached to the product, the price of the product, etc.

The service information may include, for example, information for identifying the service provider providing the service to which it is provided, the service name for each service, the type of service (e.g., financial services, wireless communication services, e-commerce services, or hotel reservation services), the fee for the service, the payment method for the fee, the content of the service, and address information of the website introducing the service (e.g., a URL, etc.).

(6) If a format is specified by the destination, the GW function of the linkage device 100 processes the target person information based on the specified format. (7) The GW function provides the processed target person information, reliability information indicating the reliability, and risk information indicating the usage risk to the destination device 300. (8) Based on this provided information, the service provider concludes a service usage contract with the target person and begins providing the service to the target person.

<2-2. Trust Service>
An example of a trust service by the trust function of the information linkage system 1 will be described with reference to Fig. 3. As shown in Fig. 3, (1) a request for application for a service usage contract is made from the target person device 400 to the destination device 300 of the service provider. (2) Upon receiving this request, the destination device 300 makes an information request to the linkage device 100 for target person information required for the usage contract.

<B1) Destination RQ><A1-3) Source DB, Destination DB, Information provision DB>
(3) The reception unit 111 of the linked device 100 refers to the storage unit 130 and receives the above information request from the destination device 300 based on the destination information. The reception unit 111 refers to the storage unit 130 and checks whether the requested subject information has already been provided by the provider and stored in the storage unit 130. If the subject information is not stored in the storage unit 130, the reception unit 111 refers to the storage unit 130 and the provider information stored in the storage unit 130 to request the subject information from the corresponding provider.

<B3) External information inquiry / B2) Financial institution information inquiry>
(4) The request unit 117 of the linked device 100 requests the target person information from the provider device 200 of the external system 2 as an information inquiry based on the provider information. The acquisition unit 112 of the linked device 100 acquires the target person information from the provider device 200 of the external system 2 in response to this request.

<B4) Trust Inquiry><C1) Attribute Inquiry>
(5) The identification unit 115 of the linked device 100 identifies the reliability of the subject information. The request unit 117 requests the subject device 400 for confirmation information for confirming the authenticity of the subject based on the identified reliability. The acquisition unit 112 acquires the confirmation information from the subject device in response to this request. The confirmation unit 118 confirms the authenticity of the subject based on the confirmation information. Specifically, the confirmation unit 118 compares the confirmation information as a comparison target and the acquired subject information as a comparison source (in other words, matches these pieces of information). The confirmation unit 118 stores the result of this confirmation in the storage unit 130 as first confirmation history information.

<C2) Electronic signature><C4) Signature history record>
(6) The generation unit 119 of the linked device 100 generates an electronic signature for the subject information based on the result of the confirmation by the confirmation unit 118. When a data definition is specified by the provider, the generation unit 119 may generate an electronic signature for the subject information processed based on this data definition. The generation unit 119 stores this electronic signature and the signature history in the storage unit 130. The generation unit 119 assigns the generated electronic signature to the subject information. The identification unit 115 may re-identify the reliability based on, for example, first confirmation history information indicating the result of the above confirmation and the electronic signature.

<B6) Information processing and provision>
(7) The providing unit 114 of the linked device 100 provides the target person information to which the digital signature has been added and reliability information indicating the re-specified reliability to the destination device 300.

<2-3. Risk assessment>
An example of risk assessment by the trust function of the information linkage system 1 will be described with reference to Fig. 4. As shown in Fig. 4, the processes (1) to (4) are the same as the processes (1) to (4) in Fig. 3, and therefore the description will be omitted.

<B5) Risk assessment inquiry><D1) Risk assessment>
(5) The identification unit 115 of the linked device 100 identifies the reliability of the subject information. The evaluation unit 113 evaluates the risk of using the subject information based on the subject information and the destination information. The evaluation unit 113 may evaluate the risk of using the subject information based on, for example, the identified reliability.

<D2) Calculating insurance premiums><D3) Making insurance>
(6) The calculation unit 116a of the linking device 100 calculates the insurance premium of the risk insurance for the utilization risk based on the risk information and the recipient information. The provision unit 114 of the linking device 100 provides the recipient device 300 with insurance proposal information for proposing the recipient to subscribe to the risk insurance, the insurance proposal information including the calculated insurance premium and the content of the compensation for the utilization risk. The acquisition unit 112 of the linking device 100 acquires application information for applying for subscription to the risk insurance proposed by the provided insurance proposal information from the recipient device 300. The provision unit 114 provides the application information to the insurance system 2c of the insurance company that provides the risk insurance. The acquisition unit 112 acquires subscription information indicating that the risk insurance has been subscribed to from the insurance system 2c. The evaluation unit 113 reevaluates the utilization risk of the target information based on the subscription information.

<B6) Information processing and provision>
(7) The providing unit 114 of the linked device 100 provides the subject information and risk information indicating the reassessed risk to the destination device 300.

According to the above configuration, the information linkage system 1 can evaluate the risk of using information according to each information destination. Therefore, it is possible to evaluate the usage risk according to the usage manner at the destination. Furthermore, the information linkage system 1 can propose insurance against the evaluated usage risk to the destination and encourage the destination to transfer the usage risk. Furthermore, if risk insurance is subscribed to, the transfer of the usage risk can improve the evaluation of the usage risk. Furthermore, the information linkage system 1 can increase the reliability by confirming the validity of the target or the target information with the linkage device 100 with respect to the specified reliability.

<3. Functional configuration>
The functional configuration of the linked device 100 according to the present embodiment will be described with reference to Fig. 5. As shown in Fig. 5, the linked device 100 includes a control unit 110, a communication unit 120, and a storage unit 130.

[Control unit]
The control unit 110 includes a reception unit 111, an acquisition unit 112, an evaluation unit 113, and a provision unit 114. The control unit 110 may also include, for example, an identification unit 115, an insurance processing unit 116, a request unit 117, a confirmation unit 118, and/or a generation unit 119.

[Reception department]
The reception unit 111 receives various information indicating a request, selection, application, or the like from a user from the source device 200, the destination device 300, and/or the subject device 400. The reception unit 111 receives an information request requesting subject information related to a subject from the destination device 300 to which the subject information is to be provided.

[Acquisition section]
The acquisition unit 112 acquires various information from the external system 2 (the provider device 200), the recipient device 300, and/or the subject device 400. The acquisition unit 112 may acquire various information in any manner. The acquisition unit 112 acquires the subject information from the provider device 200 that is the provider. For example, the acquisition unit 112 may receive a data file indicating the subject information from the provider device 200 in an event-driven manner or periodically in response to a request from the acquisition unit 112 or the subject device 400. For example, the acquisition unit 112 may instruct an API implemented in the provider device 200 to refer to the subject information as an information inquiry, and acquire the subject information as a result.

The acquisition unit 112 may acquire confirmation information from the subject device 400, for example, in response to a request from the request unit 117.

The acquisition unit 112 may acquire the electronic certificate, for example, from a certification authority device described below in response to a request for issuance of the electronic certificate generated by the generation unit 119.

The acquisition unit 112 may acquire subscription information indicating that the service provider has already subscribed to the risk insurance proposed in the insurance proposal information, for example, from the service provider's device (the destination device 300), the insurance system 2c, the memory unit 130, etc.

[Evaluation Department]
The evaluation unit 113 evaluates the risk (usage risk) of using the target information at the destination indicated by the destination information based on the target information and the destination information. Specifically, the evaluation unit 113 may evaluate the type of usage risk (e.g., information tampering, impersonation, information leakage, use for money laundering, and/or use for fraud, etc.), the probability of occurrence of the usage risk, the magnitude of the impact when the usage risk occurs (e.g., "large", "medium", "small", etc.), etc. In addition, the magnitude of the impact when the risk occurs may be evaluated based on, for example, the amount of damage expected when the usage risk occurs or the cost required for recovery. With this configuration, it is possible to evaluate the risk when using information according to each information destination.

The evaluation unit 113 may evaluate the usage risk based on the reliability identified by the identification unit 115, for example. The evaluation unit 113 may reevaluate the usage risk when the reliability is re-identified, for example. The evaluation unit 113 may evaluate the usage risk by, for example, the following evaluation method.
Evaluation by score: A numerical value according to the reliability (for example, XX points out of 100 points. The total reliability may be inverted to be used as the usage risk numerical value. In other words, the lower the total reliability, the higher the usage risk numerical value.)
Qualitative evaluation: H (High), M (Middle), L (Low)
・Rating (scale): AAA (highly reliable), AA (second best) to C (junk level)

When evaluating the risk of use based on the above-mentioned ratings, the evaluation unit 113 may, for example, construct a classification model for classifying the subject information into the most appropriate rating, using the reliability information stored in the memory unit 130 as training data and the ratings for the reliability as correct answer data. Using the classification model thus constructed, the evaluation unit 113 classifies the subject information into each rating, using the reliability of the identified subject information as input data and the ratings as output data.

According to the above configuration, the risk of use can be evaluated according to the reliability of the target information. Therefore, for example, when the authenticity or completeness of the target information itself is low and the reliability is low, the risk of use can be evaluated as high compared to when the reliability is high, and the recipient can use the target information with low reliability while being careful of this risk of use.

For example, when the recipient is a company, the evaluation unit 113 may evaluate the utilization risk based on financial information and/or performance information included in the recipient information. For example, even if the identified credit ratings are the same, if the ratio of liabilities to assets shown in the financial information of one company is higher than that of the other company, the evaluation unit 113 may evaluate the company with the higher debt ratio as having a relatively higher utilization risk. The evaluation unit 113 may also evaluate the utilization risk according to loss information (impairment loss) shown in the financial information, for example. The evaluation unit 113 may also evaluate the utilization risk according to sales and/or operating profit shown in the performance information, for example. The evaluation unit 113 may also evaluate the utilization risk according to whether the recipient is a specified business operator, for example.

When the recipient is a service provider and the usage risk is the risk of using the subject information in a service provided by the service provider, the recipient information may include service information. In this case, for example, when the type of usage risk is "tampering with subject information" and the type of service indicated by the service information is a financial service, the evaluation unit 113 may evaluate the impact of the usage risk as "high" and, on the other hand, when the type of service is a hotel reservation service, the evaluation unit 113 may evaluate the impact of the usage risk as "medium." With this configuration, the evaluation unit 113 can evaluate the usage risk according to the service provided by the recipient.

The evaluation unit 113 may reevaluate the usage risk, for example, based on the risk insurance subscription information acquired by the acquisition unit 112.

[Provision Department]
The providing unit 114 provides various information to the external system 2 (provider device 200), the destination device 300, and/or the subject device 400. The providing unit 114 may provide various information in any manner. For example, the providing unit 114 may transmit a data file or a message including the subject information, the reliability information, and/or the risk information to these devices in an event-driven manner. As another example, the providing unit 114 may provide the subject information, etc. to these devices via an API or SDK library implemented by the providing unit 114. In response to an information request received by the receiving unit 111, the providing unit 114 provides the subject information and risk information indicating the usage risk evaluated by the evaluating unit 113 to the destination device 300.

According to the above configuration, it is possible to provide each recipient with the subject information, as well as risk information on the risks of using the subject information. The recipients can use the subject information based on the provided risk information. This allows the recipients to use the subject information after taking measures against the risks of use and ensuring information security.

The provider 114 may further provide the recipient device 300 with insurance proposal information for proposing to the recipient that the recipient subscribe to risk insurance, the insurance proposal information including insurance premiums and details of compensation for utilization risks. With this configuration, it is possible to recommend to the recipient a so-called risk transfer, in which the cost burden in the event of a utilization risk occurring is shifted to an outside party through risk insurance. By subscribing to the proposed risk insurance, the recipient can transfer the risk through risk insurance even if a utilization risk occurs.

The providing unit 114 may provide the destination device 300 with the electronic signature generated by the generating unit 119 together with the subject information, for example. With this configuration, the validity of the subject information can be ensured by the electronic signature, so that the risk of use can be reduced. Therefore, for example, even if the evaluation of the risk of use exceeds a level that is acceptable to the destination, it is possible to reduce the evaluation of the risk of use to an acceptable level by using the electronic signature.

The providing unit 114 may provide the destination device with the electronic certificate acquired by the acquiring unit 112 together with the subject information, for example. With this configuration, the authenticity of the electronic signature of the subject information can be ensured by the electronic certificate, so that the risk of use can be reduced. Therefore, for example, even if the evaluation of the risk of use exceeds an acceptable level at the destination, it is possible to further reduce the evaluation of the risk of use to an acceptable level.

The providing unit 114 may include, for example, a processing unit 114a. The processing unit 114a processes the subject information acquired by the acquiring unit 112 based on a data definition such as a format specified by the recipient.

The processing unit 114a may perform, for example, data wrangling processing on the subject information. This data wrangling may include, for example, at least one of data structuring processing, data cleansing processing, and data enriching processing.

The processing unit 114a may perform encryption processing such as anonymization of the subject information. The processing unit 114a may perform anonymization of the subject information by, for example, deleting data items or cell values, generalizing the subject information by abstracting, superimposing, or abbreviating the data in whole or in part, top (bottom) coding, data exchange, and/or adding noise (error), etc.

[Specific part]
The identification unit 115 identifies the reliability of the subject information based on source information related to the source of the subject information. The source information is information related to the source. The source information may have the same configuration as at least a part of the subject information, for example, similar to the destination information. The identification unit 115 may identify the reliability depending on whether the source is a specified business operator or not.

The identification unit 115 may, for example, identify the reliability of the subject information based on first confirmation history information indicating the history of confirmation of the authenticity of the subject, and second confirmation history information indicating the history of confirmation of the authenticity, completeness, and/or validity of the subject information. Hereinafter, the first confirmation history information and the second confirmation history information are collectively referred to as "confirmation history information." The identification unit 115 may, for example, re-identify the reliability of the subject information based on confirmation history information indicating the result of confirmation by the confirmation unit 118.

The identification unit 115 may, for example, identify the reliability based on a combination of multiple pieces of subject information. The identification unit 115 may also, for example, identify the reliability by combining one or more pieces of subject information with one or more pieces of confirmation history information.

The identification unit 115 may identify the reliability of the target information based on, for example, a combination of the target information and the first confirmation history information and/or the second confirmation history information. Specifically, the identification unit 115 may identify the reliability as levels 1 to 5 (expressed in ascending order in this example, with level 1 being the highest and level 5 being the lowest) based on a combination of the target's attribute information inquired of the provider device 200 of the financial institution and confirmation of the validity of the target himself/herself or the attribute information of the target indicated by the confirmation history information, as follows:
Level 1: A financial institution performs authentication of the individual to verify the individual's authenticity (e.g., an online banking app or a 3DS, etc.)
Level 2: The subject's attribute information held by the financial institution is queried using a reference API, and the authenticity of the attribute information is confirmed by the confirmation unit 118 by comparing it with the attribute information of the matching target as confirmation information obtained from the subject's device 400.Level 3: The validity of the possession information is confirmed by the confirmation unit 118 by performing authorization for debit card payment or credit card payment, etc., and a simple attribute information inquiry (for example, the subject's age, ATV (Address Telephone Verification), etc.).Level 4: The financial institution's device or the confirmation unit 118 performs authorization for debit card payment or credit card payment, etc. (validation of the debit card or credit card).Level 5: Simple attribute information inquiry

According to the above configuration, the identification unit 115 can identify the reliability by using the history of confirmation of the validity of the subject and/or the subject information. In addition, by combining multiple pieces of confirmation history information with the subject information, it is possible to identify the reliability with variations.

The identification unit 115, for example, sets a threshold for each of negative information, positive information, transaction history information, sales indicated by business performance information, and online reputation indicated by internet information, and assigns a numerical value (score) depending on whether the value exceeds, is equal to, or is below this threshold. Note that this threshold may be set according to, for example, the subject's annual income, occupation, size, and/or industry. The identification unit 115 assigns, for example, "+1" if the sales for the most recent year exceed the set threshold, "0" if the sales are equal to the threshold, and "-1" if the sales are below the threshold. The assigned numerical value may be identified as the reliability.

The identification unit 115 may calculate the reliability from multiple perspectives, such as reliability based on negative information, reliability based on cash flow, reliability based on sales, and reliability based on online reputation. The identification unit 115 may, for example, tally up the numerical values assigned as described above for each of the multiple reliability levels for each subject. The identification unit 115 may then identify the result of this tally as the reliability of the subject. Note that the identification unit 115 may, for example, calculate a statistical value from the result of this tally and use the calculated statistical value as the reliability. Here, the "statistical value" may be, for example, the average value, median, or mode.

[Insurance Processing Department]
The insurance processing unit 116 executes processing related to insurance (risk insurance) for the utilization risk evaluated by the evaluation unit. The insurance processing unit 116 may, for example, identify insurance corresponding to the utilization risk and estimate the insurance for the identified risk insurance. Specifically, the insurance processing unit 116 may identify, as the insurance estimate, the content of compensation including the insurance premium calculated by the calculation unit 116a, and the content of compensation when the utilization risk occurs. Then, the insurance processing unit 116 may generate insurance proposal information including the content of compensation, which is for proposing subscription to risk insurance to the provider.

The insurance processing unit 116 may include, for example, a calculation unit 116a. The calculation unit 116a calculates the insurance premium for the usage risk based on the risk information and the recipient information. The calculation unit 116a may include the calculated insurance premium in the insurance proposal information.

[Request section]
The request unit 117 requests the subject device 400 of the subject for confirmation information for confirming the authenticity of the subject. The request unit 117 may request the subject device 400 for confirmation information based on the usage risk evaluated by the evaluation unit 113, for example.

The request unit 117 may, for example, make a request for issuance of an electronic certificate to a certification authority device (not shown) of a certification authority capable of issuing an electronic certificate for an electronic signature. This certification authority may be a public or private authority, and may be, for example, a trusted third party, such as a TTP (Trusted Third Party) or a certification authority (CA).

[Confirmation section]
The confirmation unit 118 confirms the validity of the subject and/or the subject information. The confirmation unit 118 confirms the authenticity of the subject, for example, based on the confirmation information acquired by the acquisition unit 112. Specifically, the confirmation of the authenticity of the subject may be the subject's identity confirmation and/or authentication. For example, the confirmation unit 118 may compare (in other words, match) the confirmation information with the subject information acquired from the provider device 200 to confirm the authenticity and/or completeness of the subject information.

[Generation section]
The generating unit 119 generates an electronic signature for the subject information based on the result of the verification by the verifying unit 118 of the validity of the subject and/or the subject information. For example, when the verification result indicates that the validity has been verified, the generating unit 119 may generate an electronic signature for the subject information. Specifically, the generating unit 119 may generate a message digest from the subject information using a hash function. Then, the generating unit 119 may encrypt the generated message digest using a private key of the operator or manager of the linked device 100 (or a representative of these) to generate an electronic signature. For example, the generating unit 119 may generate an e-seal issued by the operator or manager of the linked device 100 instead of the electronic signature.

[Communications Department]
The communication unit 120 transmits and receives various information to and from the provider device 200, the destination device 300, the target device 400, or other devices of the external system 2, via the network N.

[Memory unit]
The storage unit 130 stores various data and information such as subject information, source information, destination information, risk information, reliability information, and/or confirmation history information. The storage unit 130 may store various data and information using a database management system (DBMS), or may store various data and information using a file system. When using a DBMS, for example, a table may be provided for each of the above information, and the tables may be associated with each other to manage each piece of information.

<4. Operation example>
An example of the operation of the information linkage system 1 will be described with reference to Fig. 6. Fig. 6 is a flow diagram showing the flow of processing in the linkage device 100. Note that the order of processing shown below is an example and may be changed as appropriate.

As shown in FIG. 6, the reception unit 111 of the coordination device 100 receives an information request for subject information on a subject from the destination device 300 to which the subject information is to be provided (S10). The acquisition unit 112 of the coordination device 100 acquires the subject information from the source device 200, which is a source different from the destination (S11). The evaluation unit 113 of the coordination device 100 evaluates the risk of using the subject information at the destination based on the subject information and the destination information (S12). The provision unit 114 of the coordination device 100 provides the subject information and risk information indicating the evaluated risk to the destination device 300 in response to the information request (S13).

6. Hardware Configuration
7, an example of a hardware configuration in which the above-described linked device 100 is realized by a computer 800 will be described. Note that the functions of each device can also be realized by dividing them into a plurality of devices.

As shown in FIG. 7, the computer 800 includes a processor 801, a memory 803, a storage device 805, an input I/F unit 807, a data I/F unit 809, a communication I/F unit 811, and a display device 813.

The processor 801 controls various processes in the computer 800 by executing programs stored in the memory 803. For example, each functional unit of the control unit 110 of the linked device 100 can be realized by the processor 801 executing a program temporarily stored in the memory 803.

The memory 803 is a storage medium such as a RAM (Random Access Memory). The memory 803 temporarily stores the program code of the program executed by the processor 801, or data required when the program is executed.

The storage device 805 is a non-volatile storage medium such as a hard disk drive (HDD) or flash memory. The storage device 805 stores an operating system or various programs for implementing each of the above configurations. In addition, the storage device 805 can also store tables that register various information and data such as subject information, destination information, and/or source information, and a DB that manages the tables. Such programs or data are loaded into the memory 803 as necessary and are referenced by the processor 801.

The input I/F unit 807 is a device for receiving input from a user. Specific examples of the input I/F unit 807 include a keyboard, a mouse, a touch panel, various sensors, and a wearable device. The input I/F unit 807 may be connected to the computer 800 via an interface such as a USB (Universal Serial Bus).

The data I/F unit 809 is a device for inputting data from outside the computer 800. A specific example of the data I/F unit 809 is a drive device for reading data stored in various storage media. The data I/F unit 809 may be provided outside the computer 800. In that case, the data I/F unit 809 is connected to the computer 800 via an interface such as a USB.

The communication I/F unit 811 is a device for performing data communication via the Internet N, either wired or wirelessly, with devices external to the computer 800. The communication I/F unit 811 may be provided external to the computer 800. In that case, the communication I/F unit 811 is connected to the computer 800 via an interface such as a USB.

The display device 813 is a device for displaying various types of information. Specific examples of the display device 813 include, for example, a liquid crystal display or an organic EL (Electro-Luminescence) display, a display of a wearable device, and the like. The display device 813 may be provided outside the computer 800. In that case, the display device 813 is connected to the computer 800 via, for example, a display cable. Furthermore, when a touch panel is used as the input I/F unit 807, the display device 813 can be configured as an integral part of the input I/F unit 807.

The above-described embodiment is an example for explaining the present invention, and is not intended to limit the present invention to only this embodiment. Furthermore, the present invention can be modified in various ways without departing from the gist of the invention. Furthermore, a person skilled in the art can adopt an embodiment in which each element described below is replaced with an equivalent element, and such an embodiment is also included in the scope of the present invention.

1...information linkage system, 100...linkage device, 110...control unit, 111...reception unit, 112...acquisition unit, 113...evaluation unit, 114...provision unit, 115...identification unit, 116...insurance processing unit, 117...request unit, 118...confirmation unit, 119...generation unit, 120...communication unit, 130...storage unit, 2...external system, 200...provider device, 300...recipient device, 400...target device, 800...computer, 801...processor, 803...memory, 805...storage device, 807...input I/F unit, 809...data I/F unit, 811...communication I/F unit, 813...display device

Claims (10)

On the computer,
A receiving function that receives an information request for requesting subject information related to a subject from a destination device that is a destination of the subject information;
An acquisition function for acquiring the target person information from a provider device of a provider source different from the provider;
An evaluation function for evaluating a risk of using the subject information at the destination based on the subject information and destination information regarding the destination;
a providing function of providing the subject information and risk information indicating the assessed risk to the destination device in response to the information request;
program. The said recipient is a service provider that provides a service to the said target person,
The risk is a risk of using the target information in the service,
The destination information includes service information related to the service.
The program according to claim 1. The computer further realizes a specification function of specifying a reliability of the subject information based on source information regarding a source of the subject information,
The assessment function assesses the risk further based on the determined confidence level.
The program according to claim 1 or 2. The computer is further provided with a function of determining the reliability of the subject information based on first confirmation history information indicating a history of confirmation of the authenticity of the subject and second confirmation history information indicating a history of confirmation of the authenticity, completeness, and/or validity of the subject information,
The assessment function assesses the risk further based on the determined confidence level.
The program according to claim 1 or 2. The computer is further provided with a function of determining the reliability of the subject information based on a combination of the subject information, first confirmation history information indicating a history of confirmation of the authenticity of the subject, and/or second confirmation history information indicating a history of confirmation of the authenticity, completeness, and/or validity of the subject information,
The assessment function assesses the risk further based on the determined confidence level.
The program according to claim 1 or 2. The computer further realizes a calculation function of calculating an insurance premium for the risk based on the risk information and the provider information,
The providing function further provides, to the destination device, insurance proposal information for proposing to the destination device that the insurance be purchased, the insurance proposal information including the insurance premium and details of the compensation for the risk.
The program according to claim 1 or 2. The computer includes:
a request function for requesting verification information from a subject device of the subject based on the risk to verify the authenticity of the subject;
an acquisition function for acquiring the confirmation information from the target device in response to the request;
A verification function for verifying the authenticity of the subject based on the verification information;
A generation function of generating an electronic signature for the subject information based on the result of the confirmation,
The providing function provides the electronic signature together with the target person information to the destination device.
3. The program according to claim 1 or 2. the request function requests a certification authority device of a certification authority capable of issuing a digital certificate for the digital signature to issue the digital certificate;
the acquiring function acquiring the electronic certificate from the certificate authority device in response to the issuance request;
the providing function provides the destination device with the electronic certificate together with the electronic signature;
The program according to claim 7. a receiving unit that receives an information request for requesting subject information related to the subject from a destination device that is a destination of the subject information;
an acquisition unit that acquires the target person information from a provider device that is a provider different from the provider;
an evaluation unit that evaluates a risk of using the subject information at the destination based on the subject information and destination information related to the destination;
a providing unit that provides the subject information and risk information indicating the assessed risk to the destination device in response to the information request.
Information processing device. The computer
receiving an information request for subject information relating to the subject from a destination device to which the subject information is to be provided;
Acquire the target person information from a provider device of a provider different from the provider;
assessing a risk of the recipient using the subject information based on the subject information and recipient information relating to the recipient;
providing the subject information and risk information indicating the assessed risk to the destination device in response to the information request;
Information processing methods.

Images