JP6075017B2 - Information analysis system and information analysis method - Google Patents

Description

  The present invention relates to an information analysis system and an information analysis method.

  There is an analysis system that integrates the same type of information owned by multiple organizations and companies, analyzes the integrated information, and outputs a more accurate or more accurate analysis result.

  For example, if clinical data owned by multiple hospitals are integrated and the trend of medical behavior of any individual is analyzed, analysis results that cannot be found by simply analyzing the clinical data owned by a single hospital Can be obtained. For example, the analysis can make it clear that a ladder examination for receiving treatment at a plurality of hospitals for the same disease is performed.

  In addition, by analyzing the consumption behavior on the Internet by integrating the purchase data owned by multiple Internet retail stores, it is possible to obtain only by analyzing the purchase data owned by a single Internet retail store. Analysis results that cannot be obtained.

  By the way, personal information is often included in information to be integrated and analyzed. The medical data given as an example above includes personal information about when, where, and what medical care was received, and the purchase data includes personal information about when, where, and what purchased. Yes. In addition, data in SNS (Social Network Service) includes personal information such as when, where, with whom, and what.

Japanese Patent Laid-Open No. 2002-297606 JP 2001-2111168 A JP 2001-285273 A JP 2002-41347 A

About data such as receipts and specific examinations, October 5, 2010 Ministry of Health, Labor and Welfare Insurance Bureau General Affairs Division (http://www.mhlw.go.jp/stf/shingi/2r9852000000thao-att/2r9852000000theb.pdf)

  However, providing information including personal information to an analysis service company is often undesirable from the viewpoint of protecting personal information for organizations and companies that provide information. Therefore, it is conceivable to conceal the personal information included in the information to be analyzed by encrypting it.

  However, even if the personal information is encrypted, if the encryption key or the decryption key is leaked, the personal information is leaked, which is not desirable for the organization or company that provides the information.

  Accordingly, an object of the present invention is, in one aspect, to provide a multiple information analysis system and a multiple information analysis method in which information leakage is unlikely to occur.

The first aspect of the multiple information analysis system includes a plurality of information providing systems each having information to be analyzed including secret information;
A convergence system that receives the analyzed information provided from each of the plurality of information providing systems, and enables the plurality of analyzed information to be used as targets of analysis processing related to the secret information;
The plurality of information providing systems each exchangeably encrypts secret information included in each of the analyzed information with individual individual encryption keys possessed by the plurality of information providing systems, and is exchanged by the plurality of information providing systems. Each commutatively encrypted analyzed information including the encrypted commutatively encrypted secret information is transmitted to the convergence system.

  According to the first aspect, it is possible to provide a plurality of information providing systems in which leakage of confidential information does not occur even if a plurality of pieces of information are integrated.

It is the schematic of a multiple information system. It is a figure which shows the encryption method of the information in FIG. It is a figure which shows the multiple information analysis system in 1st Embodiment. It is a figure explaining a commutative encryption. It is a figure explaining the decoding process of a ciphertext. It is a figure which shows the process which provides the to-be-analyzed information in FIG. 3 from an information provision system to an analysis service system. It is a figure which shows the specific example of analysis object information. It is a flowchart figure which shows the whole process sequence of the multiple information analysis system in 2nd Embodiment. It is a flowchart figure which shows the process sequence until each organization encrypts the confidential information contained in the information of analysis object, and transmits to a convergence system. It is a flowchart figure which shows the process in which the organization information provision system carries out exchange encryption of the personal information with the 1st key Kx. It is a figure which shows an example of the correspondence table. It is a flowchart figure which shows the process in a convergence system in the case of transmitting the information of analysis object to an analysis service system. It is a figure which shows an example of a key management table. It is a figure which shows an example of the correspondence table. It is a flowchart figure which shows the process sequence which each organization requests | requires for an analysis service system (query). It is a flowchart figure of a process when the query result by the organization information provision system IPS is received. It is a flowchart figure which shows the process applicable in the case of a common key encryption system. It is a flowchart figure which shows the commutative encryption process by RSA encryption system. It is a figure which shows an example of the multiple information analysis system in 3rd Embodiment. It is a figure which expands and shows medical treatment information (data) of hospitals A, B, and C shown in FIG. 19, and information (data) obtained by encrypting and integrating them. It is a figure which expands and shows medical treatment information (data) of hospitals A, B, and C shown in FIG. 19, and information (data) obtained by encrypting and integrating them. It is a flowchart figure which shows the process of the multiple information analysis system of FIG. It is a figure which shows an example of the multiple information analysis system in 4th Embodiment. It is the figure which expands and shows the personal information (data) of A, B, C of SNS shown in FIG. It is a flowchart figure which shows the process of the multiple information analysis system of FIG. It is a flowchart figure which shows the process of the multiple information analysis system of FIG.

  FIG. 1 is a schematic diagram of a multiple information system. When performing information analysis (or data analysis), generally, the greater the number of pieces of information to be analyzed, the higher the accuracy of the analysis result. In FIG. 1, information providers A, B, and C are, for example, a certain organization or company, and each owns information (data) IF-A, IF-B, and IF-C having confidential information such as personal information. Yes. These information IFs include, for example, customer and purchase history data, patient and medical history data, and personal and social dating history (meeting history). Each of these IFs has confidential information that must be kept confidential, such as personal information. doing.

  In order to integrate and analyze the information IF-A, IF-B, IF-C owned by these multiple information providers A, B, C, the information providing system IPS- of each information provider A, B, C A, IPS-B, and IPS-C encrypt the confidential information contained in each analysis target information IF-A, IF-B, and IF-C with a common key K0 and send it to the analysis service system ASS . The analysis service system integrates three pieces of analyzed information IF-A, IF-B, and IF-C, and executes a predetermined analysis on the integrated analyzed information IF-X. Then, the analysis service system ASS returns the analysis result AR to the information providing system of the information provider who requested the analysis.

  In this way, since the secret information such as personal information in the analyzed information IF-A, IF-B, and IF-C is encrypted with the common key K0, the integrated analyzed analysis is performed by the analysis service system ASS. Information IF-X does not include information linked to personal information. However, individuals who are common between different organizations or companies can be matched as the same encrypted information.

  FIG. 2 is a diagram showing a method of encrypting information in FIG. This example relates to Non-Patent Document 1, for example. FIG. 2 shows information (data) IF-A and IF-B of two information providers A and B. The information IF-A of the information provider A includes a purchased product code group for the names “Yamada” and “Tanaka”. The information provider B's information IF-B includes a group of purchased product codes for the names “Yamada” and “Sato”. Here, “Yamada”, “Tanaka”, and “Sato” that identify individuals are personal information and secret information that should be kept secret.

  Therefore, in the example of FIG. 2, the secret information of these names is calculated by a hash function and converted into hash values “aaa”, “bbb”, and “ccc” of fixed length. As a result, information (data) IF-A and IF-B are converted to IF-A1 and IF-B1. Further, the hash value “H7zw *”, “X3i @;”, and “YV9on” are calculated by a hash function with a key. As a result, the information (data) IF-A1 and IF-B1 are converted into IF-A2 and IF-B2. In this way, each information providing system encrypts the confidential information twice and sends the information to the analysis service system. The analysis service system integrates the information and performs a predetermined analysis. Do.

  In the above example, “Yamada” in different information (data) is encrypted to “H7zw *” even if encryption is performed twice, so the integrated information IF-X is the same. Matching is possible for “Yamada”. Therefore, for example, the feature analysis of the purchased item for the individual “H7zw *” can be performed on the integrated information IF-X.

  However, since each information providing system IPS encrypts each information IF with a common key K0 as shown in FIGS. 1 and 2, the key K0 is leaked from any of the information providers A, B, and C. , There is a risk of leakage of confidential information of information provided by a plurality of information providers.

[First Embodiment]
FIG. 3 is a diagram illustrating the multiple information analysis system according to the first embodiment. In the multiple information analysis system of FIG. 3, the analysis service system ASS performs a predetermined analysis on the data IF-X in which the information IF-A, IF-B, and IF-C of organizations A, B, and C are integrated. . Organizations A, B, and C are provided with systems (information providing systems) IPS-A, IPS-B, and IPS-C that provide respective information. A convergence system CONV is provided between the information providing systems IPS-A, IPS-B, and IPS-C of these organizations and the analysis service system ASS.

  The information providing system of each organization, the convergence system, and the analysis service system may be any computer system having a communication function, for example, a server system.

  In the figure, the solid line arrows indicate the information provision paths from the plurality of information provision systems IPS to the analysis service system ASS via the convergence system CONV. A broken arrow indicates a route of an analysis request (query) transmitted from a certain organization to the analysis service system. In addition, the path of the analysis result from the analysis service system is indicated by a dashed line arrow.

  In the provision of information to the analysis service system (solid arrows), the information IF-A, IF-B, and IF-C owned by each organization A, B, and C are assigned to the respective information provision systems IPS-A, IPS -B, input to IPS-C. The information providing system IPS-A of organization A exchangeably encrypts confidential information such as personal information contained in information IF-A with its own individual key Ka, and further converts the exchanged encrypted information IF- The information providing systems IPS-B and IPS-C of other organizations B and C exchange-encrypt A in an arbitrary order with the individual keys Kb and Kc. Then, the information IF-A exchange-encrypted by the information providing systems of all organizations with the individual keys Ka, Kb, and Kc is returned to the information providing system IPS-A. Thereafter, the information providing system IPS-A of the organization A sends the information IF-A having the exchangeable encrypted confidential information to the convergence system CONV, and the convergence system CONV analyzes the information IF-A. Send to service system ASS.

  The information provision system IPS-B of organization B performs the same processing as described above, and information IF-B that is exchange-encrypted in any order by the information provision systems of all organizations with their individual keys Ka, Kb, Kc. Is transmitted to the convergence system CONV, and the convergence system CONV transmits the information IF-B to the analysis service system ASS. The information providing system IPS-C of organization C performs the same processing, and sends the information IF-C exchangeable and encrypted with the individual keys Ka, Kb, Kc in any order to the convergence system CONV. Furthermore, the convergence system CONV Sends the information IF-C to the analysis service system ASS.

  The secret information exchange-encrypted with the individual keys Ka, Kb, Kc cannot be restored to the original secret information unless it is sequentially decrypted with all the individual keys Ka, Kb, Kc. Therefore, by managing the keys Ka, Kb, and Kc in a distributed manner by a plurality of organizations A, B, and C, it is possible to suppress the probability of secret information leakage due to key leakage.

  FIG. 4 is a diagram for explaining the commutative encryption. Commutation generally means that the result is the same even if the order of operations and operations such as addition and multiplication is replaced in mathematics. The commutative encryption is an encryption method that can obtain the same encryption result even if the order of encryption is changed.

  In the example of FIG. 4, plaintext L of information provider A is commutatively encrypted with key Ka in information provider A's system to obtain ciphertext Enc_Ka (L), and the ciphertext of information provider B's The system further performs commutative encryption with the key Kb to obtain a ciphertext Enc_Kb {Enc_Ka (L)}. On the other hand, if the order of commutative encryption is reversed, plaintext L of information provider B is commutatively encrypted with key Kb in the information provider B system to obtain ciphertext Enc_Kb (L), and the ciphertext The system of information provider A further exchangeably encrypts the text with the key Ka to obtain a ciphertext Enc_Ka {Enc_Kb (L)}.

  The ciphertext Enc_Kb {Enc_Ka (L)} encrypted in the order of the keys Ka and Kb and the ciphertext Enc_Ka {Enc_Kb (L) encrypted in the order of the keys Kb and Ka due to the nature of the commutative encryption } Is the same. That is, when encrypted with the keys Ka and Kb of everyone, the same plaintext L is converted into the same ciphertext regardless of the order of encryption. Therefore, the analysis service system ASS can analyze the same ciphertext as the same secret information or personal information.

  Even if the number of keys is 3 or more, the property of the above-described commutative encryption remains unchanged.

  FIG. 5 is a diagram for explaining ciphertext decryption processing. FIG. 5A shows that the encrypted text Enc_K0 (L) obtained by encrypting the plaintext L with the key K0 is decrypted into the original plaintext L if one key K0 leaks. On the other hand, FIG. 5B shows that the ciphertext Enc_Ka (Enc_Kc (Enc_Kb (L))) obtained by sequentially encrypting the plaintext L with the three individual keys Ka, Kb, Kc has three individual keys Ka, Kb, Kc. If all are not leaked, it indicates that the original plaintext L will not be decrypted.

  As described above, the analysis service system uses the properties of commutative cryptography to perform commutative encryption in an arbitrary order using the individual keys Ka, Kb, and Kc by the systems of multiple organizations. Can be matched as the same information. However, in the analysis service system, if all the individual keys Ka, Kb, and Kc are not leaked, the ciphertext cannot be decrypted, and the probability of leakage of secret information can be suppressed. Of course, between the organizations A, B, and C, the individual keys Ka, Kb, and Kc are managed in a secret state.

  FIG. 6 is a diagram showing a process of providing the analyzed information in FIG. 3 from the information providing system to the analysis service system. As outlined above with reference to FIG. 3, organization A inputs information (analyzed information) IF-A it holds into organization A's information provision system IPS-A (S0). This information IF-A is information having information A1, A2, A3 corresponding to secret information L, M, N such as personal information.

  The information providing system IPS-A of the organization A requests the convergence system CONV to generate a temporary first encryption key Kx, and in response, the key generation management device 10 (see FIG. 3) in the convergence system CONV The first encryption key Kx is generated with a random number, and the information providing system IPS-A receives the first key Kx (S1). Then, the information providing system IPS-A generates the ciphertext Enc_Kx (L) by commutatively encrypting the secret information L in the information IF-A with the first encryption key Kx (S2), and further The ciphertext Enc_Ka (Enc_Kx (L)) is generated by commutative encryption with the individual key Ka (S3). The order of the commutative encryption processes S2 and S3 may be reversed.

  Then, the information providing system IPS-A transmits the ciphertext Enc_Ka (Enc_Kx (L)) to the information providing system of another organization (S4). In the example of FIG. 6, the information is transmitted to the information providing system IPS-B of another organization B. Organization B's information provision system IPS-B generates a ciphertext Enc_Kb (Enc_Ka (Enc_Kx (L))) by commutatively encrypting it with its own individual key Kb (S5), and provides it to other organizations C Send to system IPS-C (S6).

  Finally, organization C's information provision system IPS-C generates a ciphertext Enc_Kc (Enc_Kb (Enc_Ka (Enc_Kx (L)))) by commutative encryption with its own individual key Kc (S7). It returns to the information providing system IPS-A (S8). Then, the information providing system IPS-A of the organization A sends the ciphertext that is exchange-encrypted in any order with the first key Kx and the individual keys Ka, Kb, Kc of the three organizations to the conversion system CONV. Send (S9).

  Unlike the schematic explanation described in FIG. 3, in FIG. 6, the information providing system IPS-A of the organization A that holds the information IF-A with the first key Kx that is temporarily generated is exchange-encrypted to obtain another organization. The ciphertext is sent to the information providing system. The reason is to reinforce the weaknesses of commutative encryption.

  That is, there is exclusive OR (XOR) as one arithmetic method of commutative encryption. That is, when the plaintext L to be encrypted is commutatively encrypted only with its own individual encryption key Ka, a third party who knows the existence of plaintext L can guess the individual encryption key Ka There is. Or, if you know the existence of plaintext L = Yamada and plaintext M = Yamashita, comparing the ciphertext Enc_Ka (Yamada) and Enc_Ka (Yamashita) corresponding to them, the encryption results for “Yama” are equal, otherwise May become different and it may be possible to infer the individual encryption key Ka from them.

  Therefore, the key generation management device 10 of the convergence system CONV, which is a third party neutral to the organizations A, B, C and the analysis service company, temporarily generates the first key Kx with a random number. Then, one information providing system performs commutative encryption with the first key Kx and then performs commutative encryption with its own individual encryption key Ka, so that the individual encryption key Ka can be obtained by another information providing system. Can be suppressed. As described above, in order to reinforce the weakness of the commutative encryption operation, the convergence system CONV, which is a third party organization, is provided and uses the first key Kx that is temporarily generated by random numbers.

  The convergence system CONV decrypts the exchangeable encrypted information IF-A having the exchangeable encrypted secret information received from the information providing system IPS-A with the first key Kx, and the ciphertext Enc_Kc (Enc_Kb (Enc_Ka ( L))) is generated (S10). As described above, as a property of the commutative cipher, when decryption is performed using any one of the encryption keys, a ciphertext is commutatively encrypted using a key other than the encryption key. Then, the convergence system CONV deletes the temporary first key Kx generated only for the organization A.

  The convergence system CONV, in turn, transmits the exchangeable encryption information IF-A to the analysis service system ASS, and the second key Kz common to all the organizations A, B, and C in order to increase security. The ciphertext Enc_Kz (Enc_Kc (Enc_Kb (Enc_Ka (L)))) is generated (S11) and transmitted to the analysis service system ASS (S12).

  The information providing systems IPS-B and IPS-C of other organizations B and C also exchange-encrypt secret information such as personal information included in each information IF-B and IF-C according to the procedure shown in FIG. , Sent to the analysis service system ASS via the convergence system CONV.

Since the commutative encryption process was performed with the second key Kz, the ciphertext for the secret information L of the information IF-A of the organization A is the information integrated in the analysis service system ASS:
Enc_Kz (Enc_Kc (Enc_Kb (Enc_Ka (L))))
It has become. However, since the second key Kz is a key common to all the organizations A, B, and C, the secret information L included in the information IF-B and IF-C of the other organizations B and C is also the same ciphertext. become. Accordingly, the analysis service system can match the secret information L.

  FIG. 7 is a diagram illustrating a specific example of analysis target information. The analysis target information IF-A shown in FIG. 7 has disease names corresponding to name, address, age, and sex. In this case, the name, address, age, and gender are personal information, and it is necessary to encrypt and provide it to the analysis service system.

  Therefore, as described with reference to FIG. 6, the secret information (name, address, age, gender) in the analyzed information IF-A is extracted, and the secret information is exchange-encrypted with the first key Kx. Further, the commutative encryption secret information is commutatively encrypted in any order with the individual encryption keys Ka, Kb, Kc of all the organizations A, B, C. As a result, the analyzed information IF-A (2) having secret information exchangeably encrypted with the keys Kx, Ka, Kb, and Kc is deposited in the analysis service system ASS via the convergence system CONV.

  Returning to FIG. 3, the analysis request to the analysis service in the multiple information analysis system will be described. In the example of FIG. 3, a person in organization A inputs an analysis request to the information providing system. The analysis request (query) is, for example, in the case of medical information, investigating a ladder medical treatment that receives the same medical treatment redundantly at a plurality of medical institutions. Alternatively, an example of an analysis request for purchase data is to investigate a tendency of an individual who has purchased a specific item. Or, in the case of SNS information, an example of an analysis request is to investigate a person who knows another person to know a specific person.

  Since the first two requests for analysis do not contain personal information, the information providing system IPS-A of organization A does not encrypt the request for analysis and uses the analysis service system ASS via the conversion system CONV. Send to. Since the last analysis request includes personal information, the personal information is subjected to the commutative encryption process shown in FIG. 6 and an analysis request including the commutative encrypted personal information is sent. The convergence system CONV transmits the decrypted ciphertext with the first key Kx, encrypts it with the common second key Kz, and transmits it to the analysis service system ASS.

  Next, notification of analysis results from the analysis service system ASS will be described. The analysis service system ASS executes the requested analysis on the integrated analyzed information IF-X, and returns the analysis result to the convergence system CONV. Even if the analysis result includes information for identifying an individual, it is commutatively encrypted, so there is no problem.

  Then, the convergence system CONV transmits the received analysis result to the systems ISP-A, ISP-B, and ISP-C of the corresponding organization appropriately. This process will be described in detail in an embodiment described later. If the analysis result includes commutatively encrypted secret information, decryption is performed using the second key Kz. As a result, the secret information is exchangeably encrypted with the individual encryption keys Ka, Kb, Kc of the organization.

  Finally, each organization's systems IPS-A, IPS-B, and IPS-C may need to identify individuals depending on the analysis results. For example, when a warning is issued to an individual receiving a ladder treatment. In that case, since the individual key of the other organization is not known, the secret information encrypted by commutative encryption by the following two methods can be returned to the original secret information.

  The first method is to encrypt the confidential information L included in the analyzed information of the organization with Ka, Kb, Kc at the stage of encrypting the organizational information IF-A, IF-B, IF-C. A first correspondence table between the ciphertext Enc_Kc (Enc_Kb (Enc_Ka (L))) and the secret information L is held. When the analysis result is received, the first correspondence table is referenced to obtain the secret information L for the ciphertext Enc_Kc (Enc_Kb (Enc_Ka (L))) included in the analysis result.

  In the second method, the system IPS-A of the organization A obtains the temporary first key Kx again, exchanges it with the first key Kx, and the ciphertext Enc_Kx (Enc_Kc (Enc_Kb (Enc_Ka (L)))) is requested to the other organization for decryption processing using the individual encryption keys Kb and Kc. Finally, the private information L is obtained by decrypting with the individual encryption key Ka and the first key Kx.

  As described above, according to the multiple information analysis system in the first embodiment, the confidential information of each organization is exchangeably encrypted with the individual encryption keys of all organizations, and the information is stored in the analysis service system. In the service system, information of multiple organizations can be integrated and analyzed, and the accuracy of analysis results can be increased. Since the individual encryption keys of a plurality of organizations are managed by each organization so as not to be known to other organizations, it is possible to suppress the probability that secret information encrypted by exchange will be leaked.

[Second Embodiment]
FIG. 8 is a flowchart showing an overall processing procedure of the multiple information analysis system according to the second embodiment. The configuration of the multiple information analysis system in the second embodiment is the same as the configuration shown in FIG. FIG. 8 shows a processing procedure (I) in which each organization transmits information to be analyzed (data) to the analysis service system and deposits it in the analysis service system, and a processing procedure in which each organization requests an analysis service (query) to the analysis service system. (II) and processing procedure (III) for returning a query result from the analysis service system are shown.

  In the second embodiment, various processes are added in addition to the processing procedure in the first embodiment. Details of each processing procedure will be described below.

[Processing procedure (I) in which each organization sends information (data) to be analyzed to the analysis service system and deposits it in the analysis service system]
FIG. 9 is a flowchart showing a processing procedure until each organization encrypts confidential information included in information to be analyzed and transmits it to the convergence system. As shown in FIG. 8, first, information (data) owned by the organization is input to the organization system (information providing system) IPS. Then, as shown in FIG. 9, the information providing system IPS extracts secret information such as personal information from the input information (data) (S21). This extracted personal information is information relating to personal privacy as shown in FIG. 7. In the information (data) owned by the organization, “Taro Yamada, Tokyo, 32, A plurality of pieces of personal information of “Man” “Hanako Sato, Kanagawa, 26, Woman” and “Ichiro Sato, Kanagawa, 28, Man” are included. The extracted personal information is exchangeably encrypted with each individual encryption key in the information providing system IPS of all organizations as follows.

  The organization information provision system IPS requests and acquires a temporary first key Kx from the convergence system CONV (S22). In response to the request, the convergence system CONV generates a first key Kx with a random number each time. Then, the information providing system IPS exchangeably encrypts the extracted personal information with the first key Kx (S23).

  FIG. 10 is a flowchart showing a process in which the organization information providing system exchanges and encrypts personal information with the first key Kx. The commutative encryption process using the first key Kx is a process for commutatively encrypting a plurality of personal information records using the key Kx provided from the convergence system without change (S232, S233). A process for performing commutative encryption using the new key Kx1 for each record of a plurality of personal information while generating a new key Kx1 by calculating with a pseudo random number function using the generated key Kx as a seed (S234, S245, S236). Which process is selected can be arbitrarily selected for each information providing system of each organization. For example, to increase the level of confidentiality of personal information provided, it is preferable to select an encryption process that uses a new key Kx1 generated by a pseudorandom function.

  In addition, since the information providing system of the organization generates a new key Kx1 by using the first random key Kx provided from the convergence system as a seed and using the pseudorandom function, the same pseudorandom function is used on the convergence system side as well. A new key Kx1 can be generated. Therefore, if the order of the exchangeable encryption using the first key Kx and the new key Kx1 of a plurality of personal information is mutually agreed, the convergence system and the organization information providing system can know the same keys Kx and Kx1. Can do.

  Returning to FIG. 9, the information exchangeable encrypted with the first key Kx is further divided into a plurality of pairs, and each pair of information is commutatively encrypted with the keys Ky generated for the respective pairs. (S24). Here, the reason for dividing into a plurality of groups is to change the order of the exchangeable encryption processing performed in the information providing system of another organization for each divided group. Therefore, when it is divided into three sets, it is exchangeable encrypted in three different orders. By doing in this way, the security of the information leakage in the exchangeable encryption process by the information provision system of all the organizations can be improved.

  Next, the information (data) exchangeably encrypted with the keys Kx and Ky is exchangeably encrypted with the individual encryption key of each organization in the information providing system IPS of all organizations (S25). In step S25, first, exchange encryption is performed with its own individual encryption key by the information providing system IPS of the organization that owned the information. Following the example of FIG. 6, the following description will be made assuming that the organization A encrypts the information IF-A with the key Ka.

  Then, the information providing system IPS-A of organization A sends the personal information commutatively encrypted with the keys Kx, Ky, and Ka to the information providing system IPS of another organization through a separate route for each divided group. . Then, each received information providing system IPS performs exchangeable encryption with each individual encryption key Kb, Kc and transmits it to the information providing system of the next organization. By repeating this, the personal information exchangeably encrypted with the individual encryption keys Ka, Kb, Kc of all the organizations is returned to the information providing system IPS-A of the original organization A.

  When commutative encryption processing by all organizations for all sets of information is completed (YES in S26), organization A's information provision system IPS-A is encrypted with keys Kx, Ky, Ka, Kb, and Kc. The personal information is decrypted with the key Ky corresponding to each set, and the personal information encrypted with a plurality of sets of keys Kx, Ka, Kb, Kc is integrated (S27).

  Next, organization A's information provision system IPS-A needs to decrypt the commutatively encrypted personal information into the original personal information that is included in the results of subsequent analysis requests (queries). If there is (YES at S28), correspondence table 1 is created (S29). This correspondence table 1 shows commutatively encrypted personal information (keys are Ka, Kb, Kc) obtained by decrypting personal information commutatively encrypted with keys Kx, Ka, Kb, Kc using a first key Kx, It is a correspondence table with personal information.

  FIG. 11 is a diagram illustrating an example of the correspondence table 1. This example is a table showing correspondence between personal information L, M, and N and exchangeable encryption information provided by the information providing system IPS-A of organization A. In the example of FIG. 11, the original personal information L is associated with the commutatively encrypted personal information Enc_Kc (Enc_Kb (Enc_Ka (L))). This commutatively encrypted personal information is a cipher itself.

  Returning to FIG. 9, the information providing system IPS-A of the organization A replaces the personal information L, M, N of the information (data) to be provided with the respective exchangeable encrypted personal information (S30). Then, information (data) including the commutatively encrypted personal information is transmitted to the convergence system CONV (S31). The commutatively encrypted personal information transmitted to this convergence system remains encrypted with the first key Kx as in Enc_Kx (Enc_Kc (Enc_Kb (Enc_Ka (L)))). Therefore, the information providing system IPS-A attaches the management number corresponding to the first key Kx to the information including the exchangeable encrypted personal information and transmits it to the convergence system. The management number is a number corresponding to the key Kx generated when the convergence system generates the first key Kx.

  Since the first key Kx is a temporary key generated by a random number each time the convergence system responds to a request from the information providing system of each organization, the convergence system can receive the exchangeable encryption received from a plurality of organizations. The personalized information Enc_Kx (Enc_Kc (Enc_Kb (Enc_Ka (L)))) is decrypted with the first key Kx issued to each organization.

  The processing performed by the organization A's information provision system IPS-A is also executed by all other organizations' information provision systems, and each commutatively encrypted personal information Enc_Kx (Enc_Ka (Enc_Kc (Enc_Kb (L))) ), Commutatively encrypted personal information Enc_Kx (Enc_Kb (Enc_Ka (Enc_Kc (L)))) is generated and transmitted to the convergence system together with the management number of the corresponding first key Kx.

  FIG. 12 is a flowchart showing processing in the convergence system when information to be analyzed is transmitted to the analysis service system. In response to the key request from the organization information provision system IPS (YES in S41), the convergence system CONV generates a first key Kx with a random number, generates a management number corresponding to the generated key Kx, The key Kx and the management number are stored in the key management table (S42).

  FIG. 13 is a diagram illustrating an example of a key management table. The correspondence between the first key Kx generated for each organization by the convergence system and the management number is shown.

  Returning to FIG. 12, the convergence system CONV returns the generated key Kx and the management number to the information providing system of the organization that has requested the first key (S43). In response to this, the organization information providing system exchangeably encrypts the secret information with the first key Kx, exchangeably encrypts it with its own individual encryption key, and uses the individual encryption key of the information providing system of the other organization. Let commutative encryption.

  Thereafter, the convergence system CONV receives the exchange encryption information having the exchange encryption personal information together with the management number of the first key Kx from the organization information providing system (YES in S44). Then, the convergence system CONV decrypts the received exchangeable encrypted personal information Enc_Kx (Enc_Kc (Enc_Kb (Enc_Ka (L)))) with the key Kx corresponding to the received management number of the first key Kx. Then, the convergence system generates the correspondence table 2 indicating the correspondence between the decrypted exchangeable encrypted personal information Enc_Kc (Enc_Kb (Enc_Ka (L))) and the organization that has transmitted it (S45).

  FIG. 14 is a diagram illustrating an example of the correspondence table 2. In the example of FIG. 14, exchangeable encrypted personal information for personal information L, M, and N transmitted from organization A, exchangeable encrypted personal information for personal information L, M, and O transmitted from organization B, The commutative encryption information for the personal information M, N, R transmitted from the organization C is associated with each organization A, B, C. This correspondence table 2 is used later to confirm to which organization the result of the analysis request (query) transmitted from the analysis service system should be returned. Depending on the analysis content, there may be a case where a query result including the exchangeable encrypted personal information is returned only to an organization that provides information including certain exchangeable encrypted personal information, and it should not be returned to other organizations. In this case, the correspondence table 2 is referred to.

  Returning to FIG. 12, the convergence system deletes the first key Kx and the management number from the key management table (S46). Since this is a temporary key generated with the first key Kx random number, this key Kx is deleted after decryption with the key Kx. Then, the convergence system exchangeably encrypts the exchangeable encrypted personal information (for example, Enc_Ka (Enc_Kb (Enc_Kc (L)))) decrypted with the key Kx, and transmits it to the analysis service system (S47). . This key Kz is an encryption key common to all organizations. The encryption with this key Kz is to enhance the security of communication between the convergence system and the analysis service system. Therefore, it is not always necessary to encrypt with the key Kz.

[Processing procedure (II) for each organization to request (query) analysis service system]
FIG. 15 is a flowchart showing a processing procedure in which each organization makes an analysis request (query) to the analysis service system. First, a person in an organization inputs an analysis request (query) to the information providing system IPS. In response to this, the information providing system extracts confidential information such as personal information included in the analysis request (query) (S51). Then, the information providing system requests and obtains the first key Kx from the convergence system in the same way as when the analysis target information is deposited (S52).

  If the information providing system IPS does not hold the correspondence table 1 (NO in S53), the extracted personal information is exchangeably encrypted with the first key Kx (S54), and the information providing system for all organizations Then, commutative encryption is performed with the individual encryption keys Ka, Kb, and Kc (S55). This process is the same as step S22 in FIG. On the other hand, when the information providing system IPS holds the correspondence table 1 (YES in S53), the correspondence table 1 is referred to, and Ka, Kb, Kc corresponding to the personal information included in the query are acceptable. The exchange encrypted personal information that is exchange encrypted is acquired (S56). Further, the information providing system exchangeably encrypts the exchangeable encrypted personal information with the first key Kx (S57).

  Then, the information providing system IPS replaces the personal information included in the query with the exchangeable encrypted personal information using Kx, Ka, Kb, Kc (S58), and transmits it to the convergence system IPS (S59).

  As shown in II of FIG. 8, the convergence system decrypts the exchangeable encrypted personal information included in the received analysis request (query) with the first key Kx and further exchanges with the second key Kz. Encryption is performed, the personal information included in the analysis request (query) is replaced with the encrypted personal information, and the analysis request (query) is transmitted to the analysis service system ASS. The analysis service system ASS analyzes integrated information obtained by integrating information transmitted from a plurality of organizations with respect to an analysis request (query), and generates an analysis result.

[Procedure for returning the query result from the analysis service system (III)]
The analysis service system returns the query result to the convergence system. The query result may include commutatively encrypted personal information. Therefore, the convergence system CONV decrypts the commutatively encrypted personal information with the second key Kz. Then, the convergence system transmits the transmitted query result to either the information providing system of the organization that requested the analysis or the information providing system of the organization that requested the analysis and the organization that should respond.

  Depending on the contents of the query and the contents of the query result, the convergence system can only refer to the organization that provided the exchangeable encrypted personal information included in the query result with reference to the correspondence table 2 in FIG. Reply.

  FIG. 16 is a flowchart of processing when a query result by the organization information providing system IPS is received. The organization information provision system IPS receives the query result from the convergence system (S61). If the query result includes commutatively encrypted personal information (YES in S62), the information providing system IPS holds the correspondence table 1 (YES in S63). By referring to the exchangeable encrypted personal information, the original personal information is replaced (S64). If the correspondence table 1 is not held, if the query result includes pointer information indicating the original personal information destination (YES in S65), the pointer information is replaced with the original personal information pointed to ( S66).

  The pointer information is pointer information that specifies personal information in the information of the organization that has issued the analysis request (query). Since the analysis service system grasps the information provided by the organization, if it is necessary to include information that identifies individuals in the analysis result, the pointer information in the provided information (data) is included in the analysis result. If attached, the system of the organization that received the analysis result can acquire the personal information.

[Encryption encryption method]
Next, a method for exchanging private information such as personal information will be described. As an encryption method, a common key encryption method and an RSA encryption method using a public key and a secret key are known. In the common key cryptosystem, the encryption and decryption keys are common, and the encryption operation and the decryption operation are, for example, an exclusive OR operation (XOR) of plaintext and the common key. On the other hand, in the RSA cryptosystem, the encryption operation is an operation for calculating the remainder of the published method (n value) by raising the plaintext to the power with the public key, and the decryption operation is obtained by raising the ciphertext to the power with the secret key. This is an operation for calculating the remainder of the value.

  The common key cryptosystem has the following characteristics because it involves an XOR operation. First, when ciphertext is communicated, if the ciphertext itself, which is the communication content, is leaked, the difference between the ciphertexts corresponding to different secret information (plaintext) is known, and the original secret information (plaintext) is leaked. There is a risk (weakness) that the common key is known. Therefore, for communication between systems, it is better to encrypt the communication contents with SSL or the like.

  Second, when commutative encryption is performed in two organizations, Enc_Ka (L) encrypted with key Ka in organization A is encrypted with key Kb in organization B, and the ciphertext Enc_Kb (Enc_Ka (L)) is organized in organization When replying to A, the organization A knows the plaintext L and the key Ka, so the organization K's key Kb is known. Therefore, commutative encryption must be performed between three or more organizations.

  Thirdly, since the common key cryptosystem performs an XOR operation, if the plaintext is decrypted by converting the plaintext of any plaintext with the individual encryption keys Ka, Kb, Kc of all organizations into plaintext, The encryption key KaKbKc can be acquired. If this is used, the commutative encryption processing by all organizations in step S25 of FIG. 9 can be performed only by the information providing system of the own organization without requesting other organizations.

  FIG. 17 is a flowchart showing processing applicable to the common key cryptosystem. In FIG. 17, the organization A generates the encryption key KaKbKc for all the organizations, and exchanges the information IF-A of the organization A with the encryption key KaKbKc to generate a ciphertext to be transmitted to the convergence system. Show. The encryption key KaKbKc of this entire organization is an XOR operation of the three individual keys Ka, Kb, Kc.

  First, the system of organization A generates dummy plaintext D (S71), and exchangeably encrypts it with its own individual encryption key Ka to generate ciphertext Da (S72). The system of organization A transmits the ciphertext Da to another organization, for example, the system of organization B (S73). The system of organization B generates the ciphertext Dab by commutatively encrypting the ciphertext Da with its own individual encryption key Kb (S74), and transmits it to the next system of organization C (S75). The system of organization C generates a ciphertext Dabc by commutatively encrypting the ciphertext Dab with its own individual encryption key Kc (S76), and transmits it to the system of the original organization A (S77). Finally, the system of organization A decrypts the ciphertext Dabc with the dummy plaintext D, and acquires the encryption key KaKbKc of all organizations (S78).

  Next, when the system IPS-A of organization A encrypts its own information (data) and sends it to the convergence system, it first receives the first key Kx generated by the convergence system (S79, S80), The personal information A included in the provided information IF-A is exchange-encrypted with the encryption key KaKbKc of all organizations and further exchange-encrypted with the first key Kx to generate a ciphertext A′x (S81). . Since Organization A has already acquired the encryption key KaKbKc for all organizations, it sends private information A or ciphertext that is commutatively encrypted with the key Kx to other organizations, and commutatively encrypts it with each individual key. There is no need to ask Then, the system ISP of the organization A transmits information having the ciphertext A'x of commutatively encrypted personal information to the convergence system (S82). The convergence system decrypts the received ciphertext A'x with the first key Kx (A '= A'xor Kx), and personal information A is commutatively encrypted with the encryption key KaKbKc of the entire organization. The ciphertext A ′ = A′xor Kx = Axor Kabc is acquired (S83). The subsequent processing is as described above.

  Next, an example using the principle of the RSA encryption method will be described. In the RSA encryption method, the original plaintext is obtained by encrypting with the public key and decrypting with the private key corresponding to the public key. Therefore, when using the first key Kx as a public key and decrypting the cipher encrypted thereby, the secret key (1 / Kx) corresponding to the public key Kx is used. Similarly to the RSA method, the encryption operation using the individual encryption keys Ka, Kb, and Kc of each organization obtains the remainder of the n value by raising the power of the ciphertext with these keys Ka, Kb, and Kc. However, although the individual encryption keys Ka, Kb, Kc are public keys, they are not disclosed. This is different from the RSA encryption method.

  FIG. 18 is a flowchart showing a commutative encryption process using the principle of the RSA encryption method. FIG. 18 illustrates a process in which the organization A encrypts the personal information A included in the information to be analyzed and transmits it to the convergence system. First, the system of organization A shares the public key Kx generated by the convergence system with random numbers (S91). Specifically, the convergence system generates a public key Kx and an n value and transmits them to the system of organization A (S92).

Then, the information providing system ISP-A organization A encrypts the personal information A with the public key Kx and n values, further encrypted with the individual key Ka and n value, to generate a ciphertext T _A (S93). The information providing system of organization B also encrypts the ciphertext TA with the individual key Kb and the n value to generate a ciphertext TB (S95). Furthermore, the information provision system of organization C also encrypts ciphertext TB with the individual key Kc and the n value to generate ciphertext TC (S97) and returns it to the information provision system of organization A (S98). The information providing system of organization A transmits the ciphertext TC to the convergence system (S99). Finally, the convergence system decrypts the ciphertext TC with the secret key Kx ⁻¹ (= 1 / Kx), generates a ciphertext A ′ (S100), and transmits it to the analysis service system. The ciphertext A ′ of the personal information A is equal to the ciphertext obtained by encrypting the personal information A with the three individual encryption keys Ka, Kb, and Kc because of the nature of the commutative encryption.

The above-described commutative encryption uses the principle of the RSA encryption method, which will be briefly described. First, it is determined as follows.
Embodiment: φ = n−1, n: prime number,
RSA system: φ = (p-1) (q-1), n = p * q: p, q prime number Common to this embodiment, RSA system: gcd (e, φ) = 1, e * d = 1 ( mod φ)
Here, gcd means the greatest common divisor, e corresponds to the RSA encryption key, and d corresponds to the decryption key. Note that ^ indicates the power and (mod n) indicates the remainder divided by n.

In the present embodiment, the above relational expression
e * d = 1 (mod φ)
As long as the above is maintained, we focus on the fact that the principle of encryption and decryption common to the RSA cryptosystem can be used.

According to the principle of the RSA cryptosystem, the ciphertext c for the plaintext m is as follows.
c = m ^ e (mod n)
On the other hand, the plaintext m for the ciphertext c is as follows.
m = c ^ d (mod n)
In addition, the following is obtained from the above relational expression.
e * d = 1 (mod φ) (relational expression),
from now on
d = e ^ (-1) mod φ
It becomes.

As long as this relational expression is maintained, the same encryption and decryption principle can be used. Therefore, when the encryption key is replaced with e = Kx, the encryption in this embodiment is as follows. ,
c = m ^ Kx (mod n)
Decryption is as follows.
m = c ^ (Kx ^ (-1)) (mod n)
That is, the decryption key is d = 1 / Kx (mod n).

Here, ed = 1 (mod φ) means that for some integer k
ed = 1 + k * φ
Is established.

On the other hand, in this embodiment, since e = K_x and d = K_x ^ (-1),
Kx * (Kx ^ (-1)) = 1 + k * φ (Formula 1)
Therefore, encryption and decryption are performed as follows.
Encryption with key Kx: c = m ^ Kx (mod n)
Further, encryption in the order of the keys Ka, Kb, Kc is as follows.
c_a = c ^ Ka (mod n) = m ^ (Kx * Ka) (mod n) (by c ^ K_a = (m ^ Kx) ^ Ka)
c_b = c_a ^ K_b (mod n) = m ^ (Kx * Ka * Kb) (mod n)
c_c = c_b ^ K_c (mod n) = m ^ (Kx * Ka * Kb * Kc) (mod n)
That is, even if the order of the keys Ka, Kb, Kc is changed, the same ciphertext is obtained.

Next, a case where encryption is performed with the key Kx and decryption is performed with the key Kx ^ (-1) will be described. However, the encryption part with the keys Ka, Kb, Kc is omitted.
Encryption: c = m ^ Kx (mod n)
Decoding is as follows.
c ^ (Kx ^ (-1)) (mod n) = m ^ (Kx * Kx ^ (-1)) (mod n) (c ^ (Kx ^ (-1))
= (m ^ Kx) ^ (Kx ^ (-1))
= m ^ (1 + k * φ) (mod n) (Equation 1)
= m * m ^ (φ * k) (mod n)
= m * (m ^ φ) ^ * k (mod n)
= m * 1 ^ k (mod n) (exponential period φ depends on m ^ φ = 1 (mod n))
= m (mod n)
Thus, the original plaintext m is obtained by decryption. This relationship holds even if encrypted with the keys Ka, Kb, Kc.

[Third Embodiment]
FIG. 19 is a diagram illustrating an example of a multiple information analysis system according to the third embodiment. The third embodiment is an example of analyzing a ladder examination by integrating medical information of a plurality of hospitals A, B, and C. In this example, medical information of multiple hospitals is encrypted and provided to the analysis service system, and the analysis service system analyzes whether the same individual is receiving a ladder examination that receives the same medical treatment at different hospitals at the same time. And return the results of the analysis that identifies the individual receiving the ladder examination to the hospital. The process of encrypting information of each hospital and providing it to the analysis service system and the process of returning the analysis result from the analysis service system to each hospital are the same as in the second embodiment. Therefore, the following will focus on analyzing the ladder examination by integrating hospital medical information.

  20 and 21 are diagrams showing the medical information (data) of hospitals A, B, and C shown in FIG. 19 and the information (data) obtained by encrypting and integrating them. FIG. 22 is a flowchart showing processing of the multiple information analysis system of FIG. Processing in the hospital, convergence system, and analysis service system will be described with reference to FIGS.

  First, medical information of each hospital A, B, and C is input to each hospital system (S101). As shown in FIG. 20, the medical information of hospital A records that “Tanaka” received medical treatment at hospital A on 2/5 of the examination date. The medical information of hospital B includes “ It is recorded that “Tanaka” received medical treatment at Hospital B on 3/2 of the medical examination date. The medical information of Hospital C shows that “Tanaka” received medical treatment at Hospital C on 4/1 of the medical examination date. It is recorded that I received it.

  Each hospital system performs exchangeable encryption processing with each individual encryption key in all hospital systems (S102). Thereby, the personal information of the name “Tanaka” of each hospital is encrypted in the ciphertext “8892179”. The medical information in which the name “Tanaka” is replaced with the commutatively encrypted personal information is transmitted from each hospital system to the convergence system (S103). In this third embodiment, the convergence system integrates medical information including exchangeable encrypted personal information transmitted from a plurality of hospital systems, and further shares each exchangeable encrypted personal information. The second key Kz is encrypted again (S103). As shown in FIG. 20, the personal information “Tanaka” of each hospital is encrypted into the ciphertext “7812039” by this encryption. In addition, it can be seen that the integrated information includes that the same ciphertext “7812039” has been examined by the same internal medicine on the medical days 2/5, 3/2, 4/1.

  Then, the convergence system sends the integrated information (data) to the analysis service system, and at the same time requests a survey for a ladder examination (S104).

  In response, the analysis service system analyzes the integrated information (S105). The analysis results detect the fact that "7812039" is receiving the same medical examination at hospitals A, B, and C at the same time 2/5, 3/2, and 4/1. The analysis result (7812039: 2 / 5A, 3 / 2B, 4 / 1C) is returned from the analysis service system to the convergence system (S106).

  The convergence system decrypts the encrypted personal information included in the analysis result with the second key Kz. As a result, the ciphertext “7812039” is decrypted into the ciphertext “8892179”. Therefore, the convergence system refers to the correspondence table 2 to determine to which hospital the analysis result (8892179: 2 / 5A, 3 / 2B, 4 / 1C) is returned. As described with reference to FIG. 14, the correspondence table 2 shows the correspondence between the exchangeable encrypted personal information and the organization (hospital) that provided the information. Therefore, the convergence system refers to this correspondence table 2, and the information having the exchangeable personal information “8892179” included in the analysis result (8892179: 2 / 5A, 3 / 2B, 4 / 1C). Is detected by hospitals A, B, and C. As a result, the convergence system transmits the analysis result to hospitals A, B, and C that provided the personal information (S107). In this way, by selecting the organization to which the analysis result is returned with reference to the correspondence table 2, the analysis result is not transmitted to a hospital unrelated to the personal information included in the analysis result. As a result, although it is encrypted, inappropriate diffusion of personal information is suppressed.

  Finally, the systems of hospitals A, B, and C that received the analysis results decrypted “Tanaka” corresponding to the encrypted personal information “8892179” included in the analysis results, and, for example, performed a ladder examination to “Tanaka”. Necessary measures are taken such as sending a warning letter to (S108). The decryption to “Tanaka” corresponding to the encrypted personal information “8892179” is performed by referring to the correspondence table 1 shown in FIG.

[Fourth Embodiment]
FIG. 23 is a diagram illustrating an example of a multiple information analysis system according to the fourth embodiment. In the fourth embodiment, the network information of a plurality of SNS (social network services) A, B, and C is integrated, and the integrated network information is analyzed to investigate one person's acquaintance. It is an example. In this example, the network connection information of a plurality of SNSs is encrypted and provided to the analysis service system, the acquaintance who knows the person with the analysis service system is investigated, and the acquaintance is returned as the analysis result. The process of encrypting the information of each SNS and providing it to the analysis service system, sending an analysis request (query) of a member of an SNS to the analysis service system, and sending the analysis result from the analysis service system to the SNS The process of returning to the analysis requester is almost the same as in the second embodiment. Therefore, the following will focus on research and analysis of acquaintances by integrating SNS network information.

  FIG. 24 is an enlarged view of the network information (data) of A, B, and C of the SNS shown in FIG. 23 and information (data) obtained by encrypting and integrating the information. 25 and 26 are flowcharts showing the processing of the multiple information analysis system of FIG. Processing in the SNS, convergence system, and analysis service system will be described with reference to FIGS.

  First, the network information of each SNS, A, B, C is input to each SNS system (S201). As shown in FIG. 24, this personal network information is a kind of schedule data, and it was confirmed that members “A, B, C” had a meeting on 10/28 in the social network information of the SNSA system. In the personal network information, it was recorded that member “B, D, E” had a meeting on 10/28.

  Therefore, each SNS system performs commutative encryption processing on the personal information included in each personal network information by the entire system (S202). As a result, members “A, B, C” of personal information in the network connection information of SNSA are encrypted as members “50, 80, 30” as encrypted personal information, and members of personal information in the network information of SNSB “B, D, E” is encrypted to member “80, 90, 20” as encrypted personal information. This encrypted personal information is a ciphertext that is exchangeably encrypted with the individual encryption keys Ka, Kb, and Kc of the three SNSs.

  Then, each of the three SNS systems transmits network information having commutatively encrypted personal information to the convergence system. In this example, the convergence system collects and integrates information (data) that has been encrypted and transmitted by each SNS system, and re-encrypts the commutatively encrypted personal information with the second key Kz. The integrated personal network information is transmitted to the personal network search service system (S204).

  As shown in FIG. 24, in the information integrated and re-encrypted in step S203, the member “50, 80, 30” of the encrypted personal information in the network information of SNSA is the member “150, 180, 130” as the encrypted personal information. The member “80, 90, 20” of the encrypted personal information in the network information of the SNSB is encrypted to the member “180, 190, 120” as encrypted personal information.

  Next, a request (search query) from the individual A of SNSA to “search for an acquaintance of Mr. A who knows Mr. E” is input to the SNSA system (S205). The SNSA system commutatively encrypts the personal information “E” and “A” included in this search query with the individual encryption keys of all SNS systems, and says “Search 50 acquaintances with 20 acquaintances” The search query is converted into a commutatively encrypted search query (S206). The SNSA system then sends the encrypted search query to the convergence system (S207). The convergence system re-encrypts the encrypted personal information of the search query with the key Kz, converts it into a search query “search for 120 acquaintances of 120 and acquaintances” (S208), and sends it to the personal network search service system (S208).

  In response to this search query, the network search service system analyzes the integrated network information and generates an analysis result “150 acquaintances 180 and 190 know 120” (S209). The personal network search service system transmits the analysis result to the convergence system (S210).

  The convergence system decrypts the encrypted personal information included in the analysis result with the key Kz, and generates an analysis result that “50 acquaintances 80 and 90 know 20”. Furthermore, the convergence system converts this analysis result “acquaintance 80, 90” into a pointer that identifies “acquaintance 80, 90” in the network connection information of SNSA in order to convey to query requester A of SNSA (S211). . As a result, the analysis result is converted to “second meeting of 10/28”. That is, of the ciphertexts 80 and 90, only the ciphertext 80 is present in the network connection information of SNSA, so that the ciphertext 80 is converted into an analysis result including only the ciphertext 80. Then, the convergence system returns the converted analysis result to the SNSA system that requested the query (S211).

  The SNSA system converts the analysis result “the second of the 10/28 meeting” into the analysis result “Mr. B of the 10/28 meeting” by referring to the network connection information of SNSA. The client A is notified (S212). By using such pointer data, the encrypted personal information included in the query result can be converted into the original personal information. In this example, it is not necessary to create and hold the correspondence table 11 of FIG.

  As described above, according to the multiple information analysis system of the present embodiment, confidential information such as personal information included in information held by multiple organizations and companies is stored as individual encryption keys of the multiple organizations and companies. Since it is commutatively encrypted, secret information can be integrated in a concealed state. In addition, since individual encryption keys of multiple organizations and companies are commutatively encrypted, if all the individual encryption keys are not leaked, the encrypted secret information will not be leaked. can do.

  Further, in the present embodiment, in order to reinforce the weakness of commutative encryption, encryption is performed using the first key Kx or encryption using the second key Kz.

  The above embodiment is summarized as follows.

(Appendix 1)
A plurality of information providing systems each having analyzed information including confidential information;
A convergence system that receives the analyzed information provided from each of the plurality of information providing systems, and enables the plurality of analyzed information to be used as targets of analysis processing related to the secret information;
The plurality of information providing systems each exchangeably encrypts secret information included in each of the analyzed information with individual individual encryption keys possessed by the plurality of information providing systems, and is exchanged by the plurality of information providing systems. A multiple information analysis system for transmitting each exchangeable encrypted analysis information including encrypted exchangeable encrypted secret information to the convergence system.

(Appendix 2)
In Appendix 1,
Each of the information providing systems of the plurality of information providing systems, after commutatively encrypting the secret information included in the information to be analyzed with the individual encryption key of the plurality of information providing systems, Send the information to be analyzed, including commutatively encrypted confidential information,
The other information providing system further performs exchangeable encryption with the individual encryption key of each of the other information providing systems for the confidentially encrypted secret information included in the received analysis information. In order,
Each of the information providing systems of the plurality of information providing systems receives the exchangeable encrypted analysis information that is exchangeably encrypted in a predetermined order by the other information providing systems, and transmits the information to the convergence system. Information analysis system.

(Appendix 3)
In Appendix 2,
Each of the information providing systems commutatively encrypts the secret information included in the information to be analyzed with the first encryption key that is temporarily generated in addition to the individual encryption key. Multiple information analysis system to send to the information provision system.

(Appendix 4)
In Appendix 3,
The convergence system generates the first encryption key each time based on a random number in response to a request from each information providing system, and transmits the first encryption key to each information providing system.
The convergence system includes a plurality of pieces of information for commutatively decrypting the exchangeable encrypted analysis information transmitted from the respective information systems with the first encryption key temporarily generated for the respective information systems. Analysis system.

(Appendix 5)
In Appendix 4,
The convergence system is a multiple information analysis system that erases a first encryption key after the exchangeable decrypted information is exchangeably decrypted with the first encryption key.

(Appendix 6)
In any one of appendices 1 to 5,
Further, the plurality of commutatively encrypted analyzed information is received from the convergence system, the plurality of commutatively encrypted analyzed information is integrated, an analysis process related to the secret information is performed, and an analysis result is obtained A multiple information analysis system having an analysis service system that replies to a convergence system.

(Appendix 7)
In Appendix 6,
Each of the plurality of information providing systems holds a first correspondence table indicating correspondence between the exchangeable encrypted secret information included in the exchangeable encrypted analysis information and the corresponding secret information. A multiple information analysis system that converts commutatively encrypted secret information included in the analysis result into corresponding secret information with reference to the correspondence table.

(Appendix 8)
In Appendix 6,
The convergence system includes a second information indicating correspondence between the exchangeable encrypted secret information included in each of the exchangeable encrypted analysis information received from the plurality of information providing systems and the information providing system that provides the information. A multiple information analysis system that holds a correspondence table and refers to the second correspondence table and transmits the analysis result to the information providing system that provided the commutative encryption secret information included in the analysis result.

(Appendix 9)
In Appendix 6,
The convergence system uses a second key common to the plurality of information providing systems to convert the commutative encryption secret information included in the exchangeable information-analyzed information received from the plurality of information providing systems using a second key common to the plurality of information providing systems. Multiple information analysis system that transmits the analysis result to the information providing system by commutatively decrypting the commutative encrypted secret information included in the analysis result with the second key. .

(Appendix 10)
A plurality of information providing systems each having information to be analyzed including confidential information each exchangeably encrypts the secret information included in each of the analyzed information with individual individual encryption keys possessed by the plurality of information providing systems. Receiving means for receiving each exchangeable encrypted analyzed information including exchangeable encrypted secret information from each of the plurality of information providing systems;
A convergence system of a multiple information analysis system comprising: a usable means for making the plurality of commutatively encrypted analyzed information usable as an analysis processing target related to the secret information.

(Appendix 11)
In Appendix 10,
Each of the information providing systems of the plurality of information providing systems, after commutatively encrypting the secret information included in the information to be analyzed with the individual encryption key of the plurality of information providing systems, Send the information to be analyzed, including commutatively encrypted confidential information,
The other information providing system further performs exchangeable encryption with the individual encryption key of each of the other information providing systems for the confidentially encrypted secret information included in the received analysis information. In order,
Each of the information providing systems of the plurality of information providing systems receives the exchangeable encrypted analysis information that is exchangeably encrypted in a predetermined order by the other information providing systems, and transmits the information to the convergence system. Convergence system for information analysis system.

(Appendix 12)
In Appendix 11,
Each of the information providing systems commutatively encrypts the secret information included in the information to be analyzed with the first encryption key that is temporarily generated in addition to the individual encryption key. Convergence system for multiple information analysis systems to be sent to the information provision system.

(Appendix 13)
A plurality of information providing systems each having information to be analyzed including secret information, each of the information to be analyzed is exchangeably encrypted with each individual encryption key possessed by each of the plurality of information providing systems; Transmitting each commutatively encrypted analyzed information including commutatively encrypted secret information commutatively encrypted by the plurality of information providing systems to a convergence system;
The convergence system receives the exchangeable encrypted analysis information provided from each of the plurality of information providing systems, and uses the plurality of exchangeable encrypted analysis information as targets of analysis processing related to the secret information. Enabling the process,
A method for providing a service for analyzing a plurality of information, wherein the analysis service system includes a step of performing the analysis processing on the plurality of commutatively encrypted analyzed information.

(Appendix 14)
In Appendix 13,
Each of the information providing systems of the plurality of information providing systems, after commutatively encrypting the secret information included in the information to be analyzed with the individual encryption key of the plurality of information providing systems, Send the information to be analyzed, including commutatively encrypted confidential information,
The other information providing system further performs exchangeable encryption with the individual encryption key of each of the other information providing systems for the confidentially encrypted secret information included in the received analysis information. In order,
Each of the information providing systems of the plurality of information providing systems receives the exchangeable encrypted analysis information that is exchangeably encrypted in a predetermined order by the other information providing system, and transmits the information to the convergence system. A method of providing a service that analyzes multiple pieces of information.

(Appendix 15)
In Appendix 14,
Each of the information providing systems commutatively encrypts the secret information included in the information to be analyzed with the first encryption key that is temporarily generated in addition to the individual encryption key. A method of providing a service that analyzes multiple information that is sent to other information provision systems.

IF-A, B, C: Analyzed information
IPS-A, B, C: Information provision system
CONV: Convergence system
ASS: Analysis service system

Claims (8)

A plurality of information providing systems each having analyzed information including confidential information;
A convergence system that receives the analyzed information provided from each of the plurality of information providing systems, and enables the plurality of analyzed information to be used as targets of analysis processing related to the secret information;
Each of the plurality of information providing systems uses the individual encryption key and the first encryption key temporarily generated for each of the information providing systems for the secret information included in the information to be analyzed. After commutative encryption, send the analyzed information including the commutatively encrypted confidential information to one of the other information providing systems,
The other information providing system further performs commutative encryption with the individual encryption key of each of the other information providing systems on the exchange-encrypted secret information included in the received analysis information,
Each of the plurality of information providing systems receives commutatively encrypted analyzed information including commutatively encrypted secret information commutatively encrypted by the other information providing system, and transmits the information to the convergence system.
The multiple information analysis system in which the exchangeable encrypted secret information included in the exchangeable encrypted analysis information is exchangeably decrypted with each of the first encryption keys . In claim 1 ,
The convergence system generates the first encryption key each time in response to a request from the respective information providing system, and transmits the first encryption key to the respective information providing system.
The convergence system is configured to temporarily generate the exchangeable encrypted secret information included in the exchangeable encrypted analysis information transmitted from the respective information systems for the respective information systems. Multiple information analysis system that exchanges and decrypts with the encryption key. In claim 1 or 2 ,
Further, the plurality of commutatively encrypted analyzed information is received from the convergence system, the plurality of commutatively encrypted analyzed information is integrated, an analysis process related to the secret information is performed, and an analysis result is obtained A multiple information analysis system having an analysis service system that replies to a convergence system. In claim 3 ,
Each of the plurality of information providing systems holds a first correspondence table indicating correspondence between the exchangeable encrypted secret information included in the exchangeable encrypted analysis information and the corresponding secret information. A multiple information analysis system that converts commutatively encrypted secret information included in the analysis result into corresponding secret information with reference to the correspondence table. In claim 3 ,
The convergence system includes a second information indicating correspondence between the exchangeable encrypted secret information included in each of the exchangeable encrypted analysis information received from the plurality of information providing systems and the information providing system that provides the information. A multiple information analysis system that holds a correspondence table and refers to the second correspondence table and transmits the analysis result to the information providing system that provided the commutative encryption secret information included in the analysis result. In claim 3 ,
The convergence system, the plurality of information variable換暗No. of secret information included in the commutative encryption analyte information received from the providing system, portable換暗degree in a second common key to said plurality of information providing system Multiple information analysis system that transmits the analysis result to the information providing system by commutatively decrypting the commutative encrypted secret information included in the analysis result with the second key. . Each of the plurality of information providing systems, each having an analyte information including secret information, the secret information contained in each of the analyte information, the respective information of the plurality of information providing system is a separate individual encryption keys each having Each of the first encryption keys temporarily generated for the providing system is commutatively encrypted, and the information to be analyzed including the commutatively encrypted secret information is transmitted to any of the other information providing systems. The other information providing system further exchangeably encrypts the exchange-encrypted secret information included in the received analyzed information with the individual encryption key of each of the other information providing systems, and the plurality of information each variable換暗No. of analyte information, each containing a soluble換暗No. of secret information that is allowed換暗Goka by the other information providing system received by the providing system A receiving means for receiving from each of said plurality of information providing system,
Decryption means for decrypting the commutatively encrypted secret information included in the commutatively encrypted analyzed information with each of the first encryption keys;
A convergence system of a multiple information analysis system comprising: a usable means for making the plurality of commutatively encrypted analyzed information usable as an analysis processing target related to the secret information. Each of the plurality of information providing systems, each having an analyte information including secret information, the secret information contained in each of the analyte information, the respective information of the plurality of information providing system is a separate individual encryption keys each having The process of performing exchangeable encryption with the first encryption key temporarily generated for the providing system, and transmitting the analyzed information including the exchangeable encrypted secret information to any of the other information providing systems When,
The other information providing system further performs exchange encryption with the individual encryption key of each of the other information providing systems for the exchange encrypted encrypted secret information included in the received analysis information;
Each of the plurality of information providing systems receives exchangeable encrypted analyzed information including exchangeable encrypted secret information exchangeably encrypted by the other information providing system, and transmits the information to the convergence system ;
The commutatively encrypted secret information included in the commutatively encrypted analyzed information is commutatively decrypted with each of the first encryption keys;
The convergence system receives the exchangeable encrypted analysis information provided from each of the plurality of information providing systems, and uses the plurality of exchangeable encrypted analysis information as targets of analysis processing related to the secret information. and a step of allowing a method of providing a service for analyzing a plurality of information.

Images