JP6141091B2 - Information processing apparatus, information processing method, server apparatus, program, and recording medium - Google Patents

Description

  The present invention relates to information processing using confidential calculation.

  For example, with the spread of the Internet, it has become possible to easily publish various information on websites. As an adverse effect, for example, there is a concern that a photographic image that can identify a person (for example, a photographic image including the person as a subject) may be disclosed on a website by a third party. Contrary to the intention of the person, there is a demand that a person to whom such a photographic image is disclosed wants to request an administrator of the website to delete the photographic image without publishing privacy information. In response to such a request, there has been proposed a method of transmitting a request for deleting a photographic image of a website while keeping privacy information confidential (Patent Document 1).

  The method of Patent Document 1 conceals image data of a photograph that can identify an individual, and calculates a feature amount from the concealed image data by using concealment calculation. In addition, the feature amount is similarly calculated from the image data of the photograph published on the website. Then, the feature amounts are compared, and if they match, a deletion request for the photographic image is transmitted. According to such a method, it is possible to make a deletion request without disclosing the photographic image itself that can identify an individual as privacy information.

  However, the method of Patent Document 1 requires a secret calculation for each photographic image to be compared. For example, when performing an OR search (matches if any of the conditions are met) to find out whether a family or friend's photo image has been published, prepare multiple photo images, and the number of photo images Perform confidential calculation. As a result, the calculation amount of the secret calculation increases.

JP 2011-022641

  An object of the present invention is to suppress the calculation amount of the secret calculation when determining the coincidence between the input data group and the data group of the server device using the secret calculation.

  The present invention has the following configuration as one means for achieving the above object.

The information processing according to the present invention inputs a data group, transmits first data number information indicating the number of data in the data group, and category data indicating attributes of each data in the data group to the server device, The concatenated data obtained by concatenating the data of the data group, concealing the concatenated data, concatenating the concealed data obtained by the concealment, and concatenating the data of the data group of the server device Is used to restore the calculation result of the data group before concealment, and based on the restored calculation result, the match between the input data group and the data group of the server device is determined. To do.

  ADVANTAGE OF THE INVENTION According to this invention, when determining the coincidence of the input data group and the data group of a server apparatus using a secret calculation, the calculation amount of a secret calculation can be suppressed.

The block diagram which shows the structural example of the privacy information presence determination system of an Example. The figure which shows an example of the value of cat_data (i). The figure which shows the example of a display of UI. 6 is a flowchart for explaining privacy information presence / absence determination processing. The flowchart explaining a data connection process and a data concealment process. The figure which shows an example of connection data. The figure which shows an example of concealment data. The flowchart explaining the process of a judgment calculation part. FIG. 6 is a block diagram illustrating a configuration example of a privacy information presence / absence determination system according to a second embodiment. FIG. 10 is a diagram illustrating a display example of a UI according to the second embodiment. 10 is a flowchart for explaining data connection processing according to the third embodiment. FIG. 9 is a block diagram illustrating a configuration example of a privacy information presence / absence determination system according to a third embodiment.

  Hereinafter, information processing according to an embodiment of the present invention will be described in detail with reference to the drawings.

[Privacy information presence / absence judgment system]
The block diagram of FIG. 1 shows a configuration example of the privacy information presence / absence determination system of the embodiment. The privacy information presence / absence determination system includes a terminal device 101, calculation units 106, 108, and 110, a determination calculation unit 112, and a server 115 that can communicate with each other via a network.

Terminal Device The terminal device 101 is a personal computer (PC), for example. The input unit 102 includes, for example, a keyboard and a mouse, and inputs a data group corresponding to privacy information such as a site address, name, and address as user_data (i) (i = 1, 2,..., Data_num). The site address is address information (for example, a URL or IP address) of a site where privacy information to be deleted may be registered. Further, data_num is data number information indicating the number of data. The privacy information is personal information that can identify an individual, such as a name (including phonetic), address, gender, age, telephone number, date of birth, social security number, and the like.

  The input unit 102 supplies user_data (i) and data_num to the data connection unit 103 and the display unit 105, and transmits data_num to the determination calculation unit 112. Further, the input unit 102 generates category data cat_data (i) indicating the attribute of each data of user_data (i), and transmits cat_data (i) and data_num to the server 115. FIG. 2 shows an example of the value of cat_data (i). For example, if the attribute of user_data (i) is “name”, cat_data (i) = 1, if it is “address”, cat_data (i) = 2, and if it is “phone number”, cat_data (i) = 3.

  As will be described in detail later, the data concatenation unit 103 concatenates all data user_data (i) received from the input unit 102 and generates concatenated data cat_data.

  The data concealment unit 104 conceals cat_data generated by the data concatenation unit 103 using a genuine random number and a predetermined formula. That is, the data before concealment is divided into four pieces of concealed data con_data_X, con_data_Y, con_data_Z, and con_data_C from the data before concealment and the random numbers. Then, con_data_X is transmitted to the calculation unit 106, con_data_Y and con_data_C are transmitted to the calculation unit 108, and con_data_Z and con_data_C are transmitted to the calculation unit 110.

  In order to restore the data before concealment, it is necessary to acquire data transmitted from at least two of the calculation units 106, 108, and 110, and the data before concealment can be protected. Note that a method that allows addition and subtraction while being concealed, for example, a multi-party calculation protocol or a Paillier cipher that is a homomorphic cipher can be used.

  The display unit 105 displays a user interface (UI) on a monitor, for example. The UI is used for browsing the information input by the input unit 102, the input information, and the determination result as to whether or not there is data matching the input data in the server 115.

  Fig. 3 shows a UI display example. FIG. 3A shows an example of a screen before determination, and FIG. 3B shows an example of a screen after determination. In the input unit 1001a, a site address to which a deletion request is made when there is information searched and matching with the privacy information is input. Privacy information is input to the input unit 1001b. In this example, a name 1001c, an address 1001d, and a telephone number 1001e are input as privacy information. Then, after the determination in the server 115, the determination result is displayed on the display unit 1001f as shown in FIG. 3 (b).

  Note that even if the data has the same attribute, the size (byte length) of the field storing the data may be different. Considering this point, it is preferable that the input unit 102 specifies a server device by a site address, communicates with the server device, and determines the data size of each privacy information.

Calculation unit and determination calculation unit The calculation units 106, 108, and 110 and the determination calculation unit 112 are each a main body that performs predetermined calculations. For example, a CPU, a memory such as a RAM, a recording medium such as an HDD, and a communication interface with a server An apparatus or a system including a computer device having The function of the calculation unit is realized by the CPU of the calculation unit executing a program stored in the HDD using the RAM as a work memory.

The calculation unit 106 performs the calculation shown in Expression (1) using the data con_data_X concealed in the terminal device 101 and the data con_data_X2 concealed in the server 115 described later, and transmits the calculation result to the determination calculation unit 112 .
result_data_X = con_data_X-con_data_X2;… (1)

The calculation unit 108 inputs data con_data_Y and con_data_C concealed in the terminal device 101 and data con_data_Y2 and con_data_C2 concealed in the server 115 described later. Then, the calculation shown in Expression (2) using these data is performed, and the calculation result is transmitted to the determination calculation unit 112.
result_data_X = con_data_Y-con_data_Y2;
result_data_C = con_data_C-con_data_C2;… (2)

The calculation unit 110 inputs data con_data_Z and con_data_C concealed in the terminal device 101 and data con_data_Z2 and con_data_C2 concealed in the server 115 described later. Then, the calculation shown in Expression (3) using these data is performed, and the calculation result is transmitted to the determination calculation unit 112.
result_data_Z = con_data_Z-con_data_Z2;
result_data_C = con_data_C-con_data_C2;… (3)

The determination calculation unit 112 includes a calculation result restoration unit 113 and a determination unit 114. The calculation result restoration unit 113 restores the calculation result of the data before concealment by the calculation of Expression (4) using the calculation results result_data_X and result_data_C of the calculation units 106, 108, and 110. Alternatively, the calculation result of the data before concealment is restored by the calculation of Expression (5) using result_data_Y, result_data_Z, and result_data_C.
result_data = result_data_X + result_data_C;… (4)
result_data = result_data_Y + result_data_Z + result_data_C;… (5)

  The determination unit 114 inputs the restoration result of the calculation result restoration unit 113, and determines whether the data user_data (i) input in the terminal device 101 matches the data server_data (i) in the server 115. Then, the determination result is transmitted to the display unit 105 of the terminal device 101 and the determination result receiving unit 120 of the server 115.

Server The server 115 corresponds to a server that operates the site at the address input by the input unit 102 of the terminal device 101. The server 115 includes a database (DB) 116, a data extraction unit 117, a data connection unit 118, a data concealment unit 119, and a determination result reception unit 120. The server 115 is a computer device having a recording medium such as a CPU, a memory such as a RAM, and an HDD, for example. The CPU 115 executes the program stored in the HDD using the RAM as a work memory, so that the function of the server 115 is achieved. Realized.

  The DB 116 stores medical statistical data regarding diseases as electronic documents. Based on the cat_data (i) received from the terminal device 101, the data extraction unit 117 determines whether or not the data with the corresponding attribute exists in the DB 116, and if there is, extracts those data groups and extracts the extracted data as server_data ( Store in RAM etc. as i).

  Note that the number of data in server_data (i) is the same as the number of data in user_data (i). The data sizes of the same category are the same. As an extraction method, for example, keyword search or full-text search is used.

  Similar to the data concatenation unit 103, the data concatenation unit 118 concatenates server_data (i) and generates con_data2. Similarly to the data concealment unit 104, the data concealment unit 119 conceals con_data2. That is, the data before concealment is divided into four data con_data_X2, con_data_Y2, con_data_Z2, and con_data_C2 from the data before concealment and the random number. Then, con_data_X2 is transmitted to the calculation unit 106, con_data_Y2 and con_data_C2 are transmitted to the calculation unit 108, and con_data_Z2 and con_data_C2 are transmitted to the calculation unit 110.

  The determination result receiving unit 120 receives the determination result from the determination calculation unit 112. The administrator of the server 115 refers to the determination result received by the determination result receiving unit 120 and deletes the corresponding data when the determination result indicates “data matches”.

[Privacy information presence / absence judgment processing]
The privacy information presence / absence determination process will be described with reference to the flowchart of FIG.

  The input unit 102 of the terminal device 101 inputs data such as a site address and privacy information, and identifies the server 115 that operates the site DB 116 from the input site address. Furthermore, privacy information is stored in user_data (i), the number of data of privacy information is stored in data_num, and the data attribute of user_data (i) is stored in cat_data (i). Then, data_num is transmitted to the determination unit 114 of the determination calculation unit 112, and cat_data (i) and data_num are transmitted to the data extraction unit 117 of the server 115 (S201).

  Next, the data concatenation unit 103 concatenates the input user_data (i) (S202), and the data concealment unit 104 conceals the concatenated data con_data (S203).

  Based on cat_data (i) received from the terminal device 101, the data extraction unit 117 of the server 115 determines whether or not data with the corresponding attribute exists in the DB 116. If there is data with the corresponding attribute, the data is extracted, and the extracted data is stored in server_data (i) (S204).

  Next, the data concatenation unit 118 concatenates the extracted server_data (i) (S205), and the data concealment unit 119 conceals the concatenated data con_data2 (S206).

  Each of the calculation units 106, 108, and 110 calculates the difference of the concealment data, and transmits the calculation result to the calculation result restoration unit 113 of the determination calculation unit 112 (S207).

  The calculation result restoration unit 113 of the determination calculation unit 112 restores user_data (i) and server_data (i) based on the calculation results received from the calculation units 106, 108, and 110 (S208). Then, the determination unit 114 determines whether the restored user_data (i) and server_data (i) match or not (S209), and sends the determination results to the display unit 105 of the terminal device 101 and the determination result reception unit 120 of the server 115. Transmit (S210).

  After receiving the determination result, the display unit 105 updates the UI display (for example, FIG. 3A to FIG. 3B). Further, the administrator of the server 115 refers to the determination result received by the determination result receiving unit 120. If the determination result indicates that there is data that matches the privacy information input in the terminal device 101 (all determination results are ‘0’), the privacy information server_data (i) is deleted.

Data concatenation process The data concatenation process will be described with reference to the flowchart of FIG. The data connection process is executed by the data connection unit 103 and the data connection unit 118. Hereinafter, the data connection process in the data connection unit 103 will be described. If “user_data (i)” and “con_data” in the processing of the data linking unit 103 are replaced with “server_data (i)” and “con_data2”, the processing of the data linking unit 118 is performed.

  FIG. 6 shows an example of concatenated data. FIG. 6 (a) shows data input by the input unit 102 of the terminal device 101, where privacy information user_data (1) = 10 and privacy information user_data (2) = 65. In this case, the number of data data_num = 2. In FIG. 6A, cat_data (i) is not described, but for example, cat_data (1) = 1 and cat_data (2) = 2.

  The data concatenation unit 103 measures the data size of the data user_data (i) in bits, and sets the maximum data size as user_data_max (S401). For example, in the example of FIG. 6A, user_data (1) is 4 bits, user_data (2) is 8 bits, and user_data_max is 8 bits.

  Next, the data concatenation unit 103 pads the data whose data size does not reach user_data_max (S402). For example, in the example of FIG. 6A, user_data (1) is 4 bits (<user_data_max = 8 bits), and padding “0000” is concatenated into 8-bit data.

Next, the data concatenation unit 103 concatenates user_data (i) by the following equation to generate con_data (S403).
con_data = user_data (1) ‖user_data (2) ‖… ‖user_data (data_num)… (6)
Where ‖ is a concatenation operator.

For example, in the example of FIG. 6 (a), as shown below, after padding, user_data (1) and user_data (2) including padding are concatenated to obtain concatenated data con_data.
con_data = user_data (1) ‖padding‖user_data (2)
= 1010‖0000‖01000001
= 1010000001000001 (41025 decimal)

FIG. 6B shows data extracted by the data extraction unit 117 of the server 115, where privacy information server_data (1) = 10 and privacy information server_data (2) = 64. sever_data_max = 8, and the following concatenated data con_data2 is obtained.
con_data2 = server_data (1) ‖padding‖server_data (2)
= 1010‖0000‖01000000
= 1010000001000000 (41024 decimal)

Data concealment processing The data concealment processing will be described with reference to the flowchart of Fig. 5 (b). The data concealment process is executed by the data concealment unit 104 and the data concealment unit 119. Hereinafter, the data concealment process in the data concealment unit 104 will be described. If “con_data” and “con_data_?” In the processing of the data concealment unit 104 are replaced with “con_data2” and “con_data_? 2” (? Is a wild card), the processing of the data concealment unit 119 is performed.

  The data concealment unit 104 acquires con_data_Y using a true random number using a physical phenomenon (S411). Note that the random value is a value that fits in the number of bits of con_data. A pseudo random number may be used. FIG. 7 shows an example of confidential data. FIG. 7A shows an example in which con_data = 41025 is input to the data concealment unit 104 and 100 is acquired as con_data_Y.

  Next, the data concealment unit 104 acquires con_data_Z using a true random number (S412). FIG. 7 (a) shows an example in which 200 is acquired as con_data_Z.

Next, the data concealment unit 104 calculates con_data_X by the following equation (S413). In the example of FIG. 7 (a), con_data_X = 300 is calculated.
con_data_X = con_data_Y + con_data_Z… (7)

Next, the data concealment unit 104 calculates con_data_C by the following equation (S414). In the example of FIG. 7A, con_data_C = 41025−300 = 40725 is calculated.
con_data_C = con_data-con_data_X… (8)

  Next, the data concealment unit 104 transmits con_data_X, con_data_Y, con_data_Z, and con_data_C to the calculation units 106, 108, and 110 as described above (S415).

  FIG. 7B shows an example in which con_data2 = 41024 is input to the data concatenation unit 118 of the server 115. Then, con_data_Y2 = 300 and con_data_Z2 = 400 are acquired, con_data_X2 = 700 is calculated, and con_data_C = 41024-700 = 40324 is calculated.

Calculation unit The calculation units 106, 108, and 110 obtain the following calculation results from the confidential data shown in FIG.
if (Calculation unit 106) {;… Calculation of formula (1)
con_data_X = 300;
con_data_X2 = 700;
result_data_X = 300-700 = -400;
}
if (Calculation unit 108) {;… Calculation of formula (2)
con_data_Y = 100;
con_data_C = 40725:
con_data_Y2 = 300;
con_data_C2 = 40324;
result_data_Y = 100-300 = -200;
result_data_C = 40725-40324 = 401;
}
if (Calculation unit 110) {;… Calculation of equation (3)
con_data_Z = 200;
con_data_C = 40725:
con_data_Z2 = 400;
con_data_C2 = 40324;
result_data_Z = 200-400 = -200;
result_data_C = 40725-40324 = 401;
}

Determination Calculation Unit The processing of the determination calculation unit 112 will be described with reference to the flowchart of FIG.

The calculation result restoration unit 113 receives the calculation results result_data_X, result_data_Y, result_data_Z, and result_data_C from the calculation units 106, 108, and 110 (S701). Then, the calculation result is restored by the calculation of Expression (4) (or Expression (5)) (S702).
According to the example calculation above:
result_data = result_data_X + result_data_C = -400 + 401 = 1

Next, the determination unit 114 initializes the value of the counter i to 1 (S703), and creates an i-th bit mask mask (i) (S704). The determination unit 114 calculates a data size data_size corresponding to the maximum data size user_data_max by the following equation.
data_size = bit_length (result_data) / data_num… (9)
Here, bit_length () is a function that returns the bit length.

  Then, the determination unit 114 sets a bit corresponding to data_size from the position advanced by (i−1) × data_size bits from the MSB of result_data to “1”, and creates a bit mask of “0” for other bits. For example, when result_data is 16 bits and data_num = 2, mask (1) = ‘1111111100000000’ is created when i = 1, and mask (2) = ‘0000000011111111’ is created when i = 2.

Next, the determination unit 114 calculates the logical product of the calculation result result_data and mask (i) and stores the result in result (i) (S705).
According to the example calculation above:
result (1) = result_data && mask (1) = '1'&&'1111111100000000' = '0';
result (2) = result_data && mask (2) = '1'&&'0000000011111111' = '1';

  Next, the determination unit 114 compares the count value i with data_num (S706), and if i <data_num, increments the counter i (S707) and returns the process to step S704. When i = data_num, the determination result result (i) is transmitted (S708).

  The calculation units 206, 208, and 210 calculate the difference between the concealment data as shown in the equations (1) to (3). Therefore, the data restored by the calculation result restoration unit 113 corresponds to the difference between user_data (i) and server_data (i) before concealment, and if the two data match, all the corresponding bit strings are “0”. According to the specific example, result (1) = ‘0’ (match) and result (2) = ‘1’ (not match) are obtained as determination results. That is, a determination result is obtained in which user_data (1) and server_data (1) match, and user_data (2) and server_data (2) do not match.

  When all the determination results result (i) corresponding to the number of data data_num are “0”, an AND search (matches if all conditions are satisfied) is performed. In other words, an AND search can be performed by using all logical product results as determination results.

  Thus, by generating the concealment data from the data obtained by concatenating the data input as privacy information before data concealment, the number of concealment data and the number of concealment calculations can be reduced.

  The information processing according to the second embodiment of the present invention will be described below. Note that the same reference numerals in the second embodiment denote the same parts as in the first embodiment, and a detailed description thereof will be omitted.

  In the first embodiment, the example in which the user inputs the privacy information user_data (i) using the input unit 102 has been described. Furthermore, in order to improve convenience, privacy information can be extracted from a data file (for example, an electronic document or image data) instructed by the user without directly inputting privacy information by the user.

  FIG. 9 is a block diagram showing a configuration example of the privacy information presence / absence determination system according to the second embodiment. FIG. 10 shows a display example of the UI in the second embodiment.

  The user inputs a site address that identifies the server 115 and a file name of an electronic document or image data using the input unit 102, and checks a check box corresponding to the type of privacy information that the user wants to determine. The input unit 102 supplies the file name and the type of privacy information cat_data (i) to the data extraction unit 121, and transmits cat_data (i) to the data extraction unit 117 of the server 115.

  The data extraction unit 121 extracts privacy information user_data (i) corresponding to cat_data (i) from the data of the file name specified by the user, and counts the number of data data_num. When extracting privacy information from an electronic document, a method similar to that of the data extraction unit 117 may be used. In the case of image data, for example, in the case of a face photograph, feature quantities used by the face recognition algorithm, GPS information, Exif information, and the like are extracted as privacy information.

  The data extraction unit 121 supplies user_data (i) and data_num to the data concatenation unit 103, and transmits data_num to the data extraction unit 117 of the server 115 and the determination unit 114 of the determination calculation unit 112.

  Hereinafter, information processing according to the third embodiment of the present invention will be described. Note that the same reference numerals in the third embodiment denote the same parts as in the first and second embodiments, and a detailed description thereof will be omitted.

In the first embodiment, padding is performed before data connection, and the size of other data is adjusted to the maximum data size user_data_max. Therefore, if user_data_max is large and there is a lot of data whose data size is smaller than user_data_max, the data size of the concatenated data becomes large. For example, when the following seven data are concatenated, 224 bits of concatenated data (of which 120 bits are padded) are generated from a total of 104 bits of data.
user_data (i): A1 (32), A2 (16), A3 (32), A4 (8), A5 (8), A6 (4), A7 (4)
con_data = A1‖A2‖p (16) ‖A3‖A4‖p (24) ‖A5‖p (24) ‖A6‖p (28) ‖A7‖p (28)
Where p is padding,
Figures in parentheses are bit lengths.

  In the third embodiment, as information to be transmitted to the determination unit 114 of the determination calculation unit 112, in addition to the first data number information data_num, the second number representing the number of data for each bit length included in the data group user_data (i). Data number information bit_length_num is transmitted. Then, the determination unit 114 creates a bit mask mask (i) according to bit_length_num, thereby eliminating padding.

  The data connection process of the third embodiment will be described with reference to the flowchart of FIG.

  The data concatenation unit 103 counts the number of data in the data group user_data (i) for each bit length (S301). The bit length is, for example, a unit of power of 2 that is generally used in computers. In the above example, there are four types of data with bit lengths of 32, 16, 8, and 4 bits, and the number of data is counted for each bit length. As a result, a count value is obtained in which the number of 32-bit data is 2, the number of 16-bit data is 1, the number of 8-bit data is 2, and the number of 4-bit data is 2.

Next, the data concatenation unit 103 generates bit_length_num representing the number of data that is a bit length (S302). bit_length_num is composed of a bit string indicating the number of data of each bit length, and each bit string is, for example, 2 bits. In the above example, the number of 32-bit data is 2, the number of 16-bit data is 1, the number of 8-bit data is 2, and the number of 4-bit data is 2, so bit_length_num is as follows.
Bit length: 32 16 8 4
bit_length_num = '10'‖'01'‖'10'‖'10'
= '10011010'

The above shows the format of bit_length_num (8 bits) when there is a maximum of three data having a length of 32 bits to 4 bits. However, the privacy information further includes information having a length of 32 bits or more. For example, the format of bit_length_num (27 bits) when there is a maximum of 7 data from 1024 bits to 4 bits is as follows.
Bit length: 1024… 64 32 16 8 4
bit_length_num = 'xxx'‖… ‖'xxx'‖'xxx'‖'xxx'‖'xxx'‖'xxx'
= 'xxx… xxxxxxxxxxxxxxx'
Where x is '0' or '1'.

  That is, the format of bit_length_num is determined by the privacy information handled by the privacy information presence / absence determination system.

  Next, the data concatenation unit 103 sorts user_data (i) in order of bit length (S303). In the above example, A2 (16) <A3 (32), so the order of A1, A2, A3, A4, A5, A6, A7 is A1, A3, A2, A4, A5, A6 after sorting. , A7 is arranged in order.

  Next, the data concatenation unit 103 generates con_data obtained by concatenating user_data (i) (S304). Thus, since padding is not performed, in the above example, a total of 112 bits of concatenated data and bit_length_num are generated from a total of 104 bits of data, and the data size can be reduced as compared with the case of padding.

  The data linking process of the data linking unit 118 of the third embodiment is the same as the data linking process of the data linking unit 103 of the third embodiment, and detailed description thereof is omitted. Further, the process of the determination unit 114 is different from the process of the first embodiment in that a bit mask mask (i) is generated based on bit_length_num.

  The number of data with the maximum bit length can be known from bit_length_num. In the above example, the maximum bit length is 32 and the number of data is 2. Since con_data is sorted in order of bit length, the determination unit 114 first creates a mask (1) in which the 32-bit range from the MSB of result_data is ‘1’ and the others are ‘0’. Subsequently, a mask (2) is created in which the range from the 33rd bit to the 64th bit of result_data is ‘1’, and the others are ‘0’.

  Next, since there is one 16-bit length data following the 32-bit length data, the determination unit 114 is “1” in the range of the 65th to 80th bits of result_data, and “0” otherwise. Create mask (3), and create a bit mask in the same way.

  Note that user_data (i) may be sorted not in the order of increasing bit length but in the order of increasing bit length. In this case, it is preferable that the bit_length_num format is also arranged in ascending order of the bit length, and the creation of the bit mask of the determination unit 114 is also arranged in the order of the smaller bit length.

  FIG. 12 is a block diagram showing a configuration example of the privacy information presence / absence determination system according to the third embodiment. The difference from the configuration of the first embodiment illustrated in FIG. 1 is that the second data number information bit_length_num is transmitted from the data linking unit 103 to the determination unit 114.

  In the third embodiment, the first data number information data_num is used for the determination in step S706 shown in FIG. 8, but if the number of data of each bit length is extracted from the bit_length_num and the extracted number of data is totaled, the data_num Is obtained. Therefore, only bit_length_num may be transmitted from the terminal device 101 to the determination unit 114. In FIG. 12, the flow of data_num is indicated by a broken line to indicate this point.

  Note that Example 2 and Example 3 can be combined. That is, the data concatenation unit 103 may input the data group user_data (i) from the data extraction unit 121 and generate the second data number information bit_length_num and the con_data without padding.

[Other Examples]
The present invention can also be realized by executing the following processing. That is, software (program) that realizes the functions of the above-described embodiments is supplied to a system or apparatus via a network or various storage media, and a computer (or CPU, MPU, etc.) of the system or apparatus reads the program. It is a process to be executed.

Claims (16)

Input means for inputting a data group, first data number information indicating the number of data of the data group, and category data indicating an attribute of each data of the data group to the server device,
A connection means for connecting the data of the data group;
A concealment means for concealing the connected data;
The ciphering and ciphering ciphering data obtained by the means, the using the confidential data the data group of the data linked treated concealment of the server, the result of predetermined calculation, concealing before A restoration means for restoring the calculation result of the data group;
An information processing apparatus comprising: a determination unit configured to determine whether the input data group matches the data group of the server apparatus based on the restored calculation result. 2. The information processing apparatus according to claim 1, wherein the data group of the server apparatus includes a number of data corresponding to the category data and corresponding to the first data number information. 3. The information processing apparatus according to claim 1, wherein the input unit further inputs address information for specifying the server apparatus. 4. The method according to claim 1, further comprising a calculation unit that receives the concealment data from the concealment unit and the server device and performs the predetermined calculation. Information processing device. Said calculating means uses the ciphering data, set forth in claim 4, wherein the calculating the difference data of the data group of data and the server device of the input data set before concealment Information processing equipment. The coupling process in accordance with the maximum data size of the data of the data group, padding each data of said data groups, claim from claim 1, characterized in that the process of connecting the data after the padding 6. The information processing apparatus described in any one of 5. The determination unit includes a generation unit that generates a bit mask using the bit length of the restored calculation result and the first data number information,
7. The information processing apparatus according to claim 6, wherein a match between each data of the data group is determined using the restored calculation result and the bit mask. Processing the connection process, the number of data of the data group and generating a second data number information indicating the order of the bit length, and sort the data of the data groups in the order of the bit length, connecting the data after the sorting and an information processing apparatus according to any one of claims 1 to 5, characterized in that it. The determination means includes generation means for generating a bit mask using the second data number information,
9. The information processing apparatus according to claim 8, wherein a match between the data in the data group is determined using the restored calculation result and the bit mask. Furthermore, it has extraction means for extracting data from the data file,
The input means inputs information specifying a data file and category data indicating attributes of data extracted from the data file instead of the data group, and transmits the input category data to the server device.
The extraction unit extracts a data group corresponding to the input category data from the designated data file, and transmits the number of data in the extracted data group to the server device as the first data number information. it is an information processing apparatus according to any one of claims 1 to 9, characterized in. It said determining means is an information processing apparatus according to any one of claims 1 to 10, characterized in that for transmitting the result of the determination to the server apparatus. The first data number information and the category data are received from the information processing device according to any one of claims 1 to 11, and the first data number information corresponds to the category data from a database. Means for extracting a corresponding number of data as a data group;
Means for concatenating the data of the data group;
A server apparatus comprising: means for concealing the concatenated data and transmitting the concealed data to the information processing apparatus. An information processing method performed by an information processing apparatus,
The input unit of the information processing apparatus inputs a data group, and transmits first data number information indicating the number of data of the data group and category data indicating an attribute of each data of the data group to the server apparatus. ,
The connection means of the information processing device performs a connection process on the data of the data group,
The concealment means of the information processing apparatus conceals the connected data,
Restoring means of the information processing apparatus, wherein the confidential data obtained by the concealment of concealing means, and concealing data the data group of the data linked treated concealment of the server apparatus, the predetermined calculation Using the result, restore the calculation result of the data group before concealment,
An information processing method determination means of the information processing apparatus, based on the restored calculation result, characterized in that determining the matching data group of the input data unit and the server unit.   12. A program for causing a computer to function as each unit of the information processing apparatus according to any one of claims 1 to 11.   13. A program for causing a computer to function as each unit of the server device according to claim 12.   16. A computer-readable recording medium on which the program according to claim 14 or 15 is recorded.

Images