JP6145319B2 - Personal information control system - Google Patents

Description

  The present invention relates to a personal information control system capable of recording personal information related to an individual or a group in a database and accessing the personal information on condition that authentication is received.

  In a modern world where it is difficult to conduct daily life without using personal information, it is possible to manage personal information so that it is not misused by a third party or used against the intentions and interests of the individual. It is essential. However, it is apparent from daily reports that such management cannot always be performed, such as leakage of personal information. As printed matters or electronic data, personal information is used in various media forms, and is used in a wide variety of situations from the individual level to the corporate and administrative levels. Regardless of media form and situation, personal information should be strictly managed.

  Conventionally, when performing personal authentication, even if it has been tampered with, etc., the authentication accuracy of the registrant's existence is improved by performing temporal and spatial authentication, and security in the system is improved. An example of a technique related to a personal authentication system aimed at realizing improvement is disclosed (for example, see Patent Document 1). In this personal authentication system, the movement information includes spatial information based on the installation position of the information input device of the movement information transmission source, time information indicating when the information was input by the person, and a person-specific personal identification ID. It is characterized by that.

JP 2008-269556 A

  However, when the technique of Patent Document 1 is applied, if unauthorized access is made to all databases included in the authentication server, authentication can be easily performed, and security is lowered.

  On the other hand, it authenticates in a wide range of things, such as the existence of individuals by public organizations (eg local governments), attribution of property (especially personal property), credit card (eg credit cards and cash cards) There is a demand for a system that enables this. By utilizing such a system, it becomes possible to create a new business market.

  The present invention has been made in view of the above points, and a first object is to provide an individual who can improve the security of personal information by using implicit information of the individual. It is to provide an equal information control system. The second object is to provide a personal information control system that can authenticate a wide range of things.

The first invention made in order to solve the above-mentioned problem is that an individual who can access the personal information recorded in the database on condition that the personal information related to the individual or the organization is recorded in the database and is authenticated. In the information control system,
A provider authentication database for associating and recording provider identification information for identifying an information provider that provides the personal information and provider assignment information assigned to each information provider;
A provider information database that records the provider personal information, which is personal information of the information provider, and the provider allocation information in association with each other;
A user authentication database for associating and recording user identification information for identifying information users using the personal information and user allocation information allocated to each information user;
A user access right database for setting user access right information for setting an authority to be accessed among the personal information of the provider recorded in the provider information database, and a user access right database for recording the user assignment information in association with each other; ,
An information-related database that records tag information that individually identifies one or more of the information provider itself and the object that the information provider wants to identify, the provider allocation information, and the user allocation information in association with each other. When,
The provider personal information is recorded in the provider information database on the condition that the provider input information input by the information provider matches the provider assignment information recorded in the provider authentication database. A provider information recording means for performing one or more recordings among recording the tag information in the information-related database;
User information recording means for recording in the user access right database on the condition that the user input information input by the information user matches the user allocation information recorded in the user authentication database. When,
The provider personal information recorded in the provider information database on the condition that the user input information matches the user allocation information and the tag information recorded in the user authentication database. And an information access means for accessing the system.

  According to this configuration, the information provided from the information provider is associated with the provider assignment information and recorded in the required database, and the information provided from the information user is associated with the user assignment information and is provided in the required database. To be recorded. These provider allocation information and user allocation information are alias information used inside the personal information control system. Tag information that can be registered by an information provider or information user is unique information whose contents, quantity, etc. can be freely set. The provider allocation information, the user allocation information, and the tag information are meaningless with each piece of information, and it is extremely difficult to grasp the entire information even if there is an unauthorized access. Therefore, security can be ensured by implicitly using the provider allocation information, the user allocation information, and the tag information. In addition, the information recorded in the database in association with each other can be freely set, so that a wide range of things can be authenticated.

According to a second aspect of the present invention, the provider access right information for setting the access right among the provider personal information recorded in the provider information database and the provider allocation information are recorded in association with each other. have administrator access database,
The provider information recording means further performs one or more recordings including recording the provider access right information and the provider allocation information in association with the provider access right database,
The user information recording means further performs one or more recordings including recording the user access right information and the user allocation information in association with the user access right database,
The information access means further provides the provision recorded in the provider information database by limiting to one of the provider access right information and the user access right information or a range in which both match. Access to personal information.

  According to the second aspect of the invention, the information accessible to the provider personal information recorded in the provider information database matches one or both of the provider access right information and the user access right information. It is limited within the range. Therefore, it is possible to prevent access to information such as a provider personal information that is not desired by the information provider or information user.

  3rd invention has a user information database which records the user personal information which is the information etc. of the information user in association with the user allocation information, and the user information recording means includes: Further, one or more recordings are performed, including recording the user personal information and the user allocation information in association with each other in the user information database.

  According to the third aspect of the invention, the personal information of the user provided by the information user can be recorded or acquired in the user information database in the same manner as the personal information of the provider provided by the information provider. . The information provider can set the range of the provider access right information according to the information provider recorded in the user information database.

  According to a fourth aspect of the present invention, the information access means includes the provider information database on the condition that the user personal information recorded in the user information database is included in the provider access right information. It is characterized in that the information such as the provider's personal information recorded in the above is accessed.

  Even an information user who can be authenticated may not want the information provider to access information such as the individual provider. According to the fourth invention, it is possible to deny access to the provider personal information depending on whether the information user specified by the user personal information is included in the range of the provider access right information. .

  According to a fifth aspect of the present invention, the provider information database includes an attribute separation information database that separates and records the provider assignment information for each attribute information, and the association between the provider identification information and the data for each attribute information. And a related information database to be recorded. The “relation with data for each attribute information” may be direct data (for example, an address) or indirect data (for example, a pointer).

  According to the fifth aspect, the provider assignment information is separated for each attribute information and recorded in the attribute separation information database, and the association with the data for each attribute information is recorded in the related information database. By separating each attribute information, it is unclear how the data is constructed from the outside and it is difficult to analyze, so even if there is unauthorized access, the leakage of various information can be suppressed. it can.

6th invention has a key information database which records key information used when performing encryption or decryption,
The provider information recording means includes the provider information database, the provider access right database, and the tag information that are obtained by encrypting data encrypted from the key information database using the key information corresponding to the information provider. One or more records are recorded in the related database, and the information access means stores data using the key information corresponding to the information provider from the key information database when accessing the information such as the individual provider. It is characterized by decoding.

  According to the sixth aspect of the invention, the data recorded in the database can be encrypted or decrypted using the key information, so that security can be improved.

  The seventh invention is characterized in that the tag information includes at least one of a character, a symbol, and a pattern.

  According to the seventh aspect, the tag information is unique information recorded (registered) by the information provider or information user with free contents, and therefore, third parties other than the person who performs the registration cannot know. By making the tag information match a condition for accessing the database, it is possible to suppress leakage of various types of information even if there is unauthorized access.

  Here, the meaning of the term is simply defined. The “individual information” is arbitrary as long as it is information about an individual or an organization. For example, various information such as name (including name and name), address (including residence), telephone number, e-mail address, age or founding year, occupation or type of business, and property are applicable. Use "individual" as a natural person and "group" as a non-natural person. The latter group is arbitrary as long as it is an aggregate composed of one or more natural persons (for example, a country, a local government, a company, an association, a foundation, a business association, a union, etc.), and it does not matter whether it is a corporation. Individual businesses shall be included in the organization. In the present specification, the term “person” may be an individual or an organization. The “information provider” and the “information user” may be different people or the same person. “Associate” is also called “association”. The “tag information” is arbitrary as long as it is information specifying a target, and the type of information is not limited. The former “identifying information” specifies, for example, information for specifying an individual or an organization, information for specifying a legal object (for example, movable property or real estate), or a virtual object (for example, point, mileage, virtual currency, etc.) Information is applicable. The latter “type of information” may be one or more characters, symbols, numerical values, and the like. For example, identification information embedded in electronic tags, unique identifiers assigned to cards (for example, credit cards, cash cards, point cards), codes (for example, bar codes such as JIS X 0012 and JIS X 0501, JIS X 0510) 2D code, etc.) and other identifiable codes are applicable. The electronic tag can be arbitrarily applied as long as it is attached electronically (electrically). For example, an RF-ID (Radio Frequency IDentification) tag, an NFC (Near Field Communication) tag, an IC (Integrated Circuit) tag, and the like are applicable. Information capable of identifying a target such as the identification information, unique identifier, random number (numerals or numerical values) described above is referred to as “GUID (Global Unique IDentifier)”. A “database” is a collection of data, as defined in the JIS standard, organized according to a conceptual structure that describes the relationship between the characteristics of the data and the corresponding entities. As long as data can be managed (that is, recorded, stored, referenced, extracted, etc.), it may be arbitrarily configured. It does not matter whether it is a hierarchical, network, relational, object, card, structural, or other data model or data structure. The database may include tables, files, objects, etc., or some or all of them may be replaced or mixed with tables, files, objects, etc.

  It should be noted that an arbitrary interface (interface; based on the provisions of JIS X 0001) for performing one or both of information input and output between information providers and information users and personal information control systems. It is assumed that there are input devices, output devices, input / output devices, etc. (the interface portion is not shown in the drawing). For example, a keyboard, a mouse, a reader, and the like correspond to the input device. The output device corresponds to, for example, a display device (display device, indicator lamp, etc.), a sound source device (speaker, buzzer, etc.), a vibration device (vibrator, etc.), and the like.

It is a schematic diagram which shows the structural example of a personal information control system. It is a schematic diagram which shows an example which records the user identification information of an information user. It is a schematic diagram which shows an example which records information, such as a user individual of an information user. It is a schematic diagram which shows an example which records the user access right information of an information user. It is a schematic diagram which shows an example which records tag information of an information user. It is a schematic diagram which shows an example which records provider identification information of an information provider. It is a schematic diagram which shows an example which records information, such as a provider individual of an information provider. It is a schematic diagram which shows an example which records provider access right information of an information provider. It is a schematic diagram which shows an example which records the tag information of an information provider. It is a schematic diagram which shows an example which accesses provider identification information. It is a schematic diagram which shows the structural example of a provider information database. It is a schematic diagram which shows an example which records data encrypted. It is a schematic diagram which shows an example which decodes the recorded data.

  Hereinafter, embodiments for carrying out the present invention will be described with reference to the drawings. Unless otherwise specified, “connect” means that the connection is electrical or communication. In addition, the term “processing device” corresponds to a computer, a server, or the like. Each drawing shows elements necessary for explaining the present invention, and does not necessarily show all actual elements. When referring to directions such as up, down, left and right, the description in the drawings is used as a reference. Due to space limitations, the database is abbreviated as “DB” in the figure. Further, the symbol “+” in the figure means that data is associated.

[Embodiment 1]
The first embodiment will be described with reference to FIGS. The personal information control system IPCS (Individual Privacy Control System) of this embodiment is a provider (aliasing provider) that provides information users iU through a cloud service (a service provided in the form of cloud computing), for example. . The information user iU can use (acquire) information of the information provider iP only through the personal information control system IPCS. Therefore, personal information of the information provider iP is not leaked to a third party, and security is ensured.

  The personal information control system IPCS of the configuration example shown in FIG. 1 has elements such as a provider information recording unit 2, a user information recording unit 7, an information access unit 10, and various databases. Various databases include elements such as a provider authentication database 1, a provider information database 3, a provider access right database 4, an information related database 5, a user authentication database 6, a user information database 8, a user access right database 9, and the like. Applicable.

  The personal information control system IPCS may be a stand-alone system configured by a single processing device, or may be a distribution system configured by being distributed among a plurality of processing devices. In the latter distribution system, as long as the database can be managed, the connection form (topology) between the processing apparatuses is arbitrary, and which element is arranged in which processing apparatus is also arbitrary.

  First, various databases will be briefly described. Any recording medium that implements various databases may be used. These databases may be configured with a single recording medium, or may be configured with further segmented recording media. As long as various database functions are realized, they may be merged or distributed.

  The provider authentication database 1 assigns provider identification information Pinfo (provider identifier PID and provider password Ppw in this embodiment) for identifying an information provider iP that provides personal information, and is assigned to each information provider iP. Information associated with provider assignment information iPID (information Provider ID) to be recorded. The provider information database 3 records provider personal information iPpi, which is personal information of the information provider iP, and provider assignment information iPID in association with each other. The provider access right database 4 associates the provider access right information iPac for setting the access right among the provider personal information iPpi recorded in the provider information database 3 and the provider assignment information iPID. Record. The information-related database 5 includes tag information 3iTags, provider assignment information iPID, and user assignment information iUID (information that identifies each of one or more of the objects that the information provider iP and the information provider iP want to specify. User ID) is recorded.

  The user authentication database 6 includes user identification information Uinfo (in this embodiment, user identifier UID and user password Upw) for identifying information users iU that use information such as individuals, and is assigned to each information user iU. To be recorded in association with the user assignment information iUID. The user information database 8 records user personal information iUpi, which is personal information of the information user iU, and user assignment information iUID in association with each other. The user access right database 9 associates the user access right information iUac for setting the right to be accessed in the provider personal information iPpi recorded in the provider information database 3 with the user allocation information iUID. Record.

  Next, each means will be briefly described. The provider input information iPin is information input by the information provider iP, such as provider identifier PID, provider password Ppw, provider personal information iPpi, provider access right information iPac, tag information 3iTags, etc. To do. The user input information iUin is information input by the information user iU, and corresponds to, for example, a user identifier UID, a user password Upw, user personal information iUpi, tag information 3iTags, and the like.

  The provider information recording means 2 uses the provider condition information iPin entered by the information provider iP and the provider assignment information iPID recorded in the provider authentication database 1 as an authentication condition to provide information such as the provider's personal information One or more recordings are performed among recording iPpi in the provider information database 3 and tag information 3 iTags in the information-related database 5. The user information recording means 7 uses the user access right database as an authentication condition that the user input information iUin input by the information user iU matches the user assignment information iUID recorded in the user authentication database 6. Record in 9. The information access means 10 is recorded in the provider information database 3 under the authentication condition that the user input information iUin matches the user allocation information iUID and tag information 3iTags recorded in the user authentication database 6. Access the provider's personal information iPpi. The provider personal information iPpi that can be accessed provides information required by the information user iU to the information user iU.

  The provider information recording unit 2, the user information recording unit 7, and the information access unit 10 operate with hardware logic if the CPU is a software configuration that executes a program as long as the function of each element is realized. It doesn't matter if it is a hardware configuration. Further, these elements may be realized by one means, or may be realized by appropriately combining a plurality of subdivided means.

  Recording and reference to various databases in the personal information control system IPCS configured as described above will be described with reference to FIGS. Note that the information provider iP and the information user iU may be different persons or the same person. The following (1) to (11f) may be performed in any order as long as the conditions shown individually are satisfied.

(1) Preliminary procedure of information user iU In FIG. 2, the information user iU obtains the user identification information Uinfo in advance when receiving the service of the personal information control system IPCS. The user identification information Uinfo is information for specifying the information user iU. In this embodiment, the user identifier UID and the user password Upw are applied. The user identifier UID and the user password Upw are character strings composed of alphanumeric characters, symbols, etc., which may be set by the information user iU itself, and are set and issued appropriately by the personal information control system IPCS. May be. The acquisition method is arbitrary, and may be processed online with respect to the personal information control system IPCS, or may be processed offline (for example, in writing). The set user identifier UID and user password Upw are recorded in the user authentication database 6 by the user information recording means 7. The user identifier UID is also called “account”. Public organizations such as the national, local government, police, and hospitals (including clinics) should record the information in the personal information control system IPCS in advance without going through the recording procedure.

(2) Login procedure of information user iU The information user iU who has acquired the user identification information Uinfo logs in to the personal information control system IPCS using the user identification information Uinfo. User information recording means 7 includes user input information iUin (in this case, user identifier UID and user password Upw) input from information user iU, and a user identifier recorded in user authentication database 6. Determine whether UID and user password Upw match. If they match, login is permitted (authenticated), and if they do not match, login is rejected. When first logging in is permitted, unique user assignment information iUID is assigned to each information user iU, and is recorded in the user authentication database 6 in association with the user identifier UID and the user password Upw. The user allocation information iUID is information that only the personal information control system IPCS knows, and is not informed to the information user iU or a third party. In the personal information control system IPCS, since the information user iU and the user allocation information iUID are associated with each other, the information user iU is centrally managed by the user allocation information iUID. The “information user iU permitted to log in” described below means an information user iU permitted to log in in the item (2).

(3) Record (registration) of user personal information iUpi by information user iU
In FIG. 3, the information user iU who is permitted to log in may register the user personal information iUpi, which is his / her information. This personal user information iUpi is personal information that characterizes the information user iU. For example, various information such as the name (including name and name), address (including residence), telephone number, e-mail address, age or founding year, occupation or industry, and property of the information user iU are applicable. The user information recording means 7 acquires the user allocation information iUID of the information user iU recorded in the user authentication database 6, and the user input information iUin (in this case, used) input from the information user iU Personal information iUpi), and records it in the user information database 8. As will be described later, the user allocation information iUID is recorded in a database other than the user authentication database 6 instead of the information user iU.

(4) Recording (setting) of user access right information iUac by information user iU
In FIG. 4, the information user iU who is permitted to log in is based on the tag information 3iTags based on the tag information 3iTags of the information (i.e., usage level) of the provider personal information iPpi recorded by the information provider iP described later. It may be set whether to obtain. The user access right information iUac does not specify the information provider iP, but specifies the type of information acquired from the provider personal information iPpi. The user information recording means 7 acquires the user allocation information iUID of the information user iU recorded in the user authentication database 6, and the user input information iUin (in this case, used) input from the information user iU In the user access right database 9 in association with the user access right information iUac).

  By preventing information unnecessary for the information user iU from being acquired, it is possible to safely handle information such as information of the information user iU. For example, if the information user iU is a retailer and wants to analyze the customer segment statistically, there is no need to acquire information (for example, name, address, etc.) that identifies the information provider iP. What is necessary is just to be able to acquire information that can identify a customer segment such as a hobby. Thus, by setting the type (usage level) of personal information acquired by the information user iU itself, the management cost of the acquired personal information can be reduced.

(5) Recording (registration) of tag information 3iTags by information user iU
In FIG. 5, an information user iU who is permitted to log in may register tag information 3iTags. The tag information 3iTags includes one or more of characters, symbols, and patterns. The pattern includes a barcode and a two-dimensional code. The user information recording means 7 obtains the user assignment information iUID of the information user iU recorded in the user authentication database 6, and the user input information iUin (in this case, the tag input from the information user iU) Information 3iTags) is recorded in the information related database 5. Note that the registration of tag information 3iTags by the information user iU is the same as the registration of the information user iU by the information provider iP described later, and therefore it may be performed as in (10a) or (10b). However, in (10a), (10b), etc., the information provider iP is replaced with the information user iU.

(6) Preliminary procedure of information provider iP In FIG. 6, the information provider iP acquires the provider identification information Pinfo in advance when receiving the service of the personal information control system IPCS. The provider identification information Pinfo is information for specifying the information provider iP. In this embodiment, the provider identifier PID and the provider password Ppw are applied. The provider identifier PID and the provider password Ppw are character strings composed of alphanumeric characters, symbols, and the like, like the user identification information Uinfo described above. The information provider iP itself may be set, or the personal information control system IPCS may appropriately set and issue it. The acquisition method is arbitrary, and may be processed online with respect to the personal information control system IPCS, or may be processed offline (for example, in writing). The set provider identifier PID and provider password Ppw are recorded in the provider authentication database 1 by the provider information recording means 2. The provider identifier PID is also called “account” in the same way as the user identifier UID.

(7) Information Provider iP Login Procedure The information provider iP that has acquired the provider identification information Pinfo logs into the personal information control system IPCS using the provider identification information Pinfo. The provider information recording means 2 includes provider input information iPin (in this case, provider identifier PID and provider password Ppw) input from the information provider iP, and a provider identifier recorded in the provider authentication database 1 It is determined whether or not the PID and the provider password Ppw match. If they match, login is permitted (authenticated), and if they do not match, login is rejected. When first logging in is permitted, unique provider assignment information iPID is assigned to each information provider iP, and is recorded in the provider authentication database 1 in association with the provider identifier PID and the provider password Ppw. The provider allocation information iPID is information that only the personal information control system IPCS knows, and is not informed to the information provider iP or a third party. In the personal information control system IPCS, since the information provider iP and the provider assignment information iPID are associated with each other, the information provider iP is centrally managed by the provider assignment information iPID. It should be noted that the “information provider iP permitted to log in” described below means an information provider iP permitted to log in in the item (2).

(8) Information provider iPpi records (registration) by provider iPpi
In FIG. 7, the information provider iP permitted to log in may register the provider personal information iPpi, which is his / her information. This provider personal information iPpi is personal information that characterizes the information provider iP. For example, various information such as the name (including name and name), address (including residence), telephone number, e-mail address, age or year of establishment, occupation or industry, and property of the information provider iP are applicable. The provider information recording means 2 acquires the provider assignment information iPID of the information provider iP recorded in the provider authentication database 1 and provides provider input information iPin (provided in this case) from the information provider iP. In the provider information database 3 in association with the personal information iPpi). As will be described later, provider assignment information iPID is recorded in a database other than the provider authentication database 1 instead of the information provider iP.

(9) Record (setting) of provider access right information iPac by information provider iP
In FIG. 8, the information provider iP who is permitted to log in provides what kind of information (providing level) among the provider personal information iPpi recorded by the information provider iP in (8) above. It is possible to record (set) whether or not to do so. The provider access right information iPac may specify the information user iU or the type of information set in the provider personal information iPpi. The provider information recording means 2 acquires the provider assignment information iPID of the information provider iP recorded in the provider authentication database 1 and provides provider input information iPin (provided in this case) from the information provider iP. To the provider access right database 4 in association with the provider access right information iPac). The personal information control system IPCS is advantageous in that the type (providing level) of information to be provided to the information user iU can be freely set based on the judgment of the information provider iP itself.

(10) Recording (registration) of tag information 3iTags by information provider iP
In FIG. 9, the information provider iP permitted to log in may register the tag information 3iTags. There are no restrictions on the content and quantity of the tag information 3iTags that can be registered, and the information provider iP may freely register it. In the personal information control system IPCS, tag information 3iTags is important information that characterizes the information provider iP. The provider information recording means 2 acquires the provider assignment information iPID of the information provider iP recorded in the provider authentication database 1, and provides the provider input information iPin (in this case a tag) input from the information provider iP. Information 3iTags) is recorded in the information related database 5. The tag information 3iTags is registered, for example, as in the following (10a) and (10b). However, when registered in the information-related database 5, the registrant (information provider iP) is associated with all the registered RF-ID tags, cards, codes, and the like. For the first time at this point, the associated RF-ID tag or card becomes tag information 3iTags. Regardless of the tag information 3iTags, the owner (information provider iP) of the RF-ID tag, cards, codes, etc. can be specified via the provider assignment information iPID.

(10a) Registration method when tag information 3iTags is an RF-ID tag or a card First, in order to communicate between the personal information control system IPCS and the information provider iP, a terminal device is provided on the information provider iP side. It is necessary to have. The terminal device is an interface that can read GUIDs of RF-ID tags and cards. The interface includes, for example, an application and an address necessary for processing. The terminal device may be in any form (that is, configuration, shape, arrangement, quantity, etc.) as long as it can be communicably connected to the personal information control system IPCS. If the terminal device has an NFC function, the GUID can be read simply by holding the RF-ID tag or cards, which is very convenient. For example, a mobile phone, a smartphone, a tablet terminal, a dedicated terminal, and the like correspond to each other, regardless of whether the OS is installed or not. The terminal device may be the property of the information provider iP, belongings, rental items, or the like. The cards include an IC card in which an IC is incorporated, but since the GUID recorded in the IC is not protected, the GUID can be read by the NFC function.

  An information provider iP who is permitted to log in only needs to hold an RF-ID tag or a card over the terminal device. By holding it over, communication is performed between the terminal device and the RF-ID tag or cards, and the GUID is read and information such as personal information is automatically provided as provider input information iPin (in this case, tag information 3iTags) Input to control system IPCS. The RF-ID tag and cards registered (recorded) in the information-related database 5 may be arbitrary. All items at hand may be registered, or newly purchased and registered. At the time of registration in the information related database 5, the registrant (information provider iP) is associated with all the registered RF-ID tags and cards. For the first time at this point, the associated RF-ID tag, cards, and the like become tag information 3iTags. Regardless of the tag information 3iTags, the owner of the RF-ID tag or card (information provider iP) can be specified via the provider assignment information iPID.

(10b) Registration method when tag information 3iTags is a code type In the same manner as (10a) described above, in order to communicate between the personal information control system IPCS and the information provider iP, the information provider iP side It is necessary to provide a terminal device. The terminal device in this case may be an interface that can read a random number embedded in codes. For example, a scanner such as a barcode reader, a mobile phone including a camera and an image processing application, a smartphone, a tablet terminal, and the like are applicable. The image processing application may be preinstalled or downloaded from the Internet or the like and installed. Although it is necessary to regulate random numbers so that they do not overlap in one personal information control system IPCS, there may exist overlapping random numbers between different personal information control systems IPCS. In other words, the random number need only be a unique number in one personal information control system IPCS, and includes a prime number.

  The information provider iP who is permitted to log in only needs to scan codes on the terminal device. A random number embedded in codes is read by scanning, and the random number is handled as a GUID. This GUID is automatically input to the personal information control system IPCS as provider input information iPin (in this case, tag information 3iTags). The codes registered (recorded) in the information related database 5 may be arbitrary. All items at hand may be registered, or codes attached to products purchased at supermarkets, convenience stores, etc. may be registered. In order for each individual information control system IPCS to manage individually and collectively, codes etc. that embed information (address, name, etc.) identifying the individual information control system IPCS itself are issued and transferred (sales) to the information provider iP May be included). In the case of codes (especially two-dimensional codes) in which the address of the personal information control system IPCS is embedded, a link to the address of the personal information control system IPCS is displayed by scanning, and clicking the link automatically Convenience is good when configured to be connected to the personal information control system IPCS. When registered in the information-related database 5, the registrant (information provider iP) is associated with all the registered codes. For the first time at this point, the associated codes are the tag information 3iTags. Regardless of the tag information 3iTags, the owner of the code (information provider iP) can be specified via the provider assignment information iPID.

(11) Acquisition of Personal Information by Information User iU In FIG. 10, the information user iU who is permitted to log in is the personal information of the information provider iP (provider personal information recorded in the provider information database 3, etc. Part or all of the information iPpi) can be obtained. Certain conditions are imposed on acquisition, and the acquisition procedure will be described below.

(11a) Information User iU Prepares in advance Provider personal information iPpi recorded in the provider information database 3 is associated with tag information 3iTags (see FIG. 7). The tag information 3iTags is recorded in the information related database 5 in association with the user allocation information iUID. Considering these, the user allocation information iUID and tag information 3iTags are required as a premise for the information user iU to acquire the provider personal information iPpi. The former user allocation information iUID is obtained when the information user iU is permitted to log in to the personal information control system IPCS. Therefore, the information user iU needs to obtain the tag information 3iTags associated with the provider personal information iPpi to be acquired from the information provider iP. The method for obtaining the tag information 3iTags is arbitrary. For example, an online procedure may be performed on the computer system of the information user iU, or an offline procedure (for example, in writing) may be performed. When the information user iU is the same person as the information provider iP, it is sufficient to simply prepare the tag information 3iTags.

(11b) Information User iU Login Procedure The information user iU who has prepared the tag information 3iTags is personalized based on the user identification information Uinfo (user identifier UID and user password Upw) according to (2) above. Log in to the information control system IPCS. When login is permitted, the user information recording means 7 accesses the user authentication database 6 and acquires the user assignment information iUID of the information user iU.

(11c) Recording (registration) of tag information 3iTags by information user iU
The information user iU permitted to log in causes the terminal device to read the RF-ID tag, the cards, the codes, and the like, which are the media of the tag information 3iTags, according to (5) described above. The user information recording means 7 records the user identification information Uinfo read from the terminal device in the information related database 5 as tag information 3iTags. In the information-related database 5, provider assignment information iPID and user assignment information iUID that are common to the same tag information 3iTags are associated. The user information recording means 7 transmits the user allocation information iUID acquired in (11b) and the tag information 3iTags read from the terminal device and recorded in the information related database 5 to the information access means 10.

(11d) Identification of Target Person by Information Access Unit 10 The information access unit 10 identifies the information user iU based on the user assignment information iUID and the tag information 3iTags transmitted from the user information recording unit 7. Specifically, based on the user assignment information iUID and the tag information 3iTags, the information related database 5 is accessed, and the provider assignment information iPID associated with the user assignment information iUID and the tag information 3iTags is specified. As described above, the provider assignment information iPID is information unique to the information provider iP. Therefore, the information user iU can be identified indirectly via the provider assignment information iPID.

(11e) Acquisition of access right by the information access means 10 The information access means 10 accesses the user access right database 9 based on the user assignment information iUID transmitted from the user information recording means 7 and accesses the user. Acquires the right information iUac. Further, based on the provider assignment information iPID specified in (11d), the provider access right database 4 is accessed to obtain the provider access right information iPac.

(11f) Acquisition and provision of personal information by information access means 10 The information access means 10 obtains the overlapping range of the user access right information iUac and the provider access right information iPac acquired in (11e). The overlapping range is obtained because the information provider iP allows the information provision and the information user iU requests the information provision. Then, the information access means 10 accesses the provider information database 3 based on the provider assignment information iPID, and acquires the provider personal information iPpi only within the overlapping range. The provider personal information iPpi obtained in this way is provided to the information user iU. The providing method is arbitrary, and it may be only notification by display or voice, or may be provided as data.

(12) Advantages of Using Tag Information 3iTags as an Aliasing Medium for Personal Information The personal information iPpi of the information provider iP can be recorded (registered) in association with a plurality of tag information 3iTags. If recorded (registered), any tag information 3iTags can be used as an equivalent and equivalent product. If the recorded tag information 3iTags is not at hand, new tag information 3iTags may be obtained and recorded, so that the forgetting to carry event does not occur. Even if a third party unrelated to the information user iU or the information provider iP obtains the tag information 3iTags, it is difficult to log in to the personal information control system IPCS. Since a third party cannot access as a registrant of the tag information 3iTags, setting or changing based on the tag information 3iTags cannot be performed. Therefore, there is no security problem even if the tag information 3iTags is lost. The tag information 3iTags recorded in the information-related database 5 cannot be recorded or deleted because it is difficult for a third party to log in to the personal information control system IPCS. Therefore, there is no risk of unauthorized reuse or misuse of tag information 3iTags by a third party.

  According to the first embodiment described above, the following effects can be obtained.

  The first invention is a provider authentication database 1, a provider information database 3, a user authentication database 6, an information related database 5, a provider information recording means 2, a user information recording means 7 in a personal information control system IPCS. , Information access means 10 (see FIG. 1). According to this configuration, the provider assignment information iPID and the user assignment information iUID are alias information used inside the personal information control system IPCS. Tag information 3iTags is unique information that can be set freely. Provider allocation information iPID, user allocation information iUID, and tag information 3iTags are all unknown from the outside, and it is extremely difficult to perform authentication and record / acquire data even if there is unauthorized access. . Therefore, security can be ensured by implicitly using the provider allocation information iPID, the user allocation information iUID, and the tag information 3iTags. In addition, the information recorded in the database in association with each other can be freely set, so that a wide range of things can be authenticated.

  The second invention has a provider access right database 4 and a user access right database 9, and the provider information recording means 2 further associates the provider access right information iPac with the provider assignment information iPID and provides the provider. One or more records including recording in the access right database 4 are performed, and the user information recording means 7 further records the user access right information iUac and the user allocation information iUID in association with each other in the user access right database 9. The information access means 10 is further limited to one of the provider access right information iPac and the user access right information iUac or to a range where both match, The configuration is such that the provider personal information iPpi recorded in the provider information database 3 is accessed (see FIG. 10). According to this configuration, information accessible to the provider personal information iPpi recorded in the provider information database 3 is within one range or both of the provider access right information iPac and the user access right information iUac. Is limited to the range in which Therefore, it is possible to prevent access to the information iPpi such as the provider individual that the information provider iP or the information user iU does not want.

  The third invention has a user information database 8 that records user personal information iUpi, which is personal information of the information user iU, and user assignment information iUID in association with each other, and includes user information recording means 7. Further, one or more recordings are performed including the recording of the user personal information iUpi and the user allocation information iUID in association with each other in the user information database 8 (see FIG. 1). According to this configuration, the user personal information iUpi provided by the information user iU is recorded or acquired in the user information database 8 in the same manner as the provider personal information iPpi provided by the information provider iP. be able to. The information provider iP can set the range of the provider access right information iPac according to the information provider iP recorded in the user information database 8.

  According to a fourth aspect of the invention, the information access means 10 provides the provider information database 3 on the condition that the user personal information iUpi recorded in the user information database 8 is included in the range of the provider access right information iPac. The personal information iPpi recorded on the provider is accessed (see FIG. 10). According to this configuration, depending on whether or not the information user iU specified by the user personal information iUpi is included in the scope of the provider access right information iPac, access to the provider personal information iPpi is performed. Can be accepted or rejected.

  In the seventh invention, the tag information 3iTags includes one or more of characters, symbols, and patterns (see FIG. 5). According to this configuration, the tag information 3iTags is unique information that can be recorded (registered) with free content, quantity, etc., and therefore cannot be known by a third party other than the person who performs the recording. By making the match of the tag information 3iTags as an access condition to the database, leakage of various information can be suppressed even if there is an unauthorized access.

[Embodiment 2]
The second embodiment will be described with reference to FIGS. For simplicity of illustration and description, unless otherwise specified, the same elements as those used in the first embodiment are denoted by the same reference numerals and description thereof is omitted. In this embodiment, an example applied to the provider information database 3 will be described as a representative, but the present invention may be applied to other databases shown in FIG.

  The provider information database 3 shown in FIG. 11 is an example in which the provider information database 3 shown in FIG. The provider information database 3 in FIG. 11 includes an attribute separation information database 31, a key information database 32, a related information database 33, and the like. In the following, these databases will be briefly described.

  The attribute separation information database 31 separates and records the provider personal information iPpi for each attribute information. Attribute information includes, for example, name (name for individuals, name for organizations, etc.), address (including residence), account (deposit account such as bank account, securities account, insurance account, member account, etc.), official document information (eg Registration number of national qualification, license number, insured person's identification number / number, company corporation number in the registry, etc.). Since how attribute information is separated may be arbitrarily set, for the sake of simplicity, an example of separation by name, address, and account will be described below as a representative example.

  The configuration example shown in FIG. 11 includes a name table 31a, an address table 31b, an account table 31c, and the like. In the name table 31a, one or more name data and a name identifier ID-Name corresponding to each name data are recorded in association with each other. In the address table 31b, one or more addresses and an address identifier ID-Address corresponding to each address data are recorded in association with each other. In the account table 31c, a corresponding account number identifier ID-Account is recorded in association with each account number data. The same applies to data other than the data shown.

  The key information database 32 records key information Key used when performing encryption or decryption. The key information Key is composed of characters, symbols, codes, random numbers, prime numbers, etc., and two or more may be combined. Visible information such as a character string may be used, and invisible information such as a numerical value may be used. Note that since the key information database 32 is important information for performing encryption or decryption, the key information database 32 may be provided in a processing device separate from other databases.

  The related information database 33 records the relationship between the provider assignment information iPID and the data for each attribute information. Specifically, the provider assignment information iPID and various identifiers recorded in the attribute separation information database 31 (name identifier ID-Name, address identifier ID-Address, account number identifier ID-Account, etc. in the configuration example of FIG. 11). Are recorded in association with each other.

  Data encryption and decryption in the provider information database 3 having the above-described configuration example will be described with reference to FIGS. 12 and 13. Since encryption and decryption performed on each attribute information included in the attribute separation information database 31 are the same procedure, the name table 31a will be described below as a representative. In the description, it is assumed that the information provider iP is permitted to log in by (7) described above, the provider assignment information iPID has already been acquired, and the information necessary for recording has already been input as the provider input information iPin. To do.

  FIG. 12 shows an example in which data is encrypted and recorded. Data encryption is performed by the provider information recording means 2. First, the provider information recording means 2 generates an identifier (here, name identifier ID-Name) of each attribute information to be recorded. In the example of FIG. 12, the provider assignment information iPID is a numeric string “98025382392390”, and the name identifier ID-Name is a numeric string “5623840012”. The index information Ref generated in this way accesses the related information database 33 and records (registers) it in the related table 33a. As a result of this recording, a virtual link is formed between the related table 33a and various tables (name table 31a, address table 31b, account table 31c, key table 32a in the example of FIG. 12) as indicated by a two-dot chain line. The That is, the provider assignment information iPID is associated with the separated attribute information.

  Next, the provider information recording means 2 generates the character symbol string “Esl; vgouevtr @ 09unev” of the key information Key, and associates it with the numeric string “5623840012” of the name identifier ID-Name, and the key table 32a of the key information database 32. To record.

  Then, the provider information recording means 2 encrypts the name data Name (for example, “Taro Aichi”) of the provider input information iPin with the character symbol string “Esl; vgouevtr @ 09unev” of the generated key information Key. The encrypted character symbol string “WIEKCIDE) # () RK” and the numeric string “5623840012” of the name identifier ID-Name are recorded in the name table 31 a of the attribute separation information database 31 in association with each other.

  FIG. 13 shows an example in which recorded data is obtained by decoding. The information access means 10 performs data decryption. First, the information access means 10 searches the related table 33a of the related information database 33 based on the acquired provider assignment information iPID, and acquires index information Ref such as name identifier ID-Name related to the provider assignment information iPID. . In the example of FIG. 13, the numeric string “5623840012” is acquired as the name identifier ID-Name.

  Next, the information access means 10 searches and acquires the attribute separation information database 31 and the key information database 32 based on the numeric string “5623840012” of the acquired name identifier ID-Name. In the attribute separation information database 31, name data related to the name identifier ID-Name is acquired in the name table 31a. In the key information database 32, key information Key related to the name identifier ID-Name is acquired in the key table 32a. In the example of FIG. 13, the character symbol string “WIEKCIDE) # () RK” is acquired as the name data Name of the provider personal information iPpi, and the character symbol string “Esl; vgouevtr @ 09unev” is acquired as the key information Key.

  Then, the information access means 10 decrypts the character symbol string “WIEKCIDE) # () RK” of the name data Nam based on the character symbol string “Esl; vgouevtr @ 09unev” of the key information Key. By this decryption, the provider personal information iPpi (“Aichi Taro” in the above example) before encryption is obtained and can be provided to the information user iU.

  According to the second embodiment described above, the following effects can be obtained. Since other configurations are the same as those in the first embodiment, the same functions and effects as those in the first embodiment can be obtained.

  According to a fifth aspect of the present invention, the provider information database 3 includes an attribute separation information database 31 that records the provider assignment information iPID separately for each attribute information, and the association between the provider assignment information iPID and the data for each attribute information. The related information database 33 is recorded (see FIG. 11). According to this configuration, the provider assignment information iPID is separated for each attribute information and recorded in the attribute separation information database, and the association with the data for each attribute information is recorded in the related information database 33. By separating each attribute information, it is unclear how the data is constructed from the outside and it is difficult to analyze, so even if there is unauthorized access, the leakage of various information can be suppressed. it can.

  6th invention has the key information database 32 which records the key information Key used when encrypting or decoding, The provider information recording means 2 is a key corresponding to the information provider iP from the key information database 32. Data encrypted using the information key is recorded in one or more of the provider information database 3, the provider access right database 4, and the tag information 3iTags in the information related database 5, and the information access means 10 When accessing the equal information iPpi, the data is decrypted from the key information database 32 using the key information Key corresponding to the information provider iP (see FIGS. 12 and 13). According to this configuration, the data recorded in the database can be encrypted or decrypted using the key information Key, so that security can be improved.

[Other Embodiments]
In the above, although the form for implementing this invention was demonstrated according to Embodiment 1, 2, this invention is not limited to the said form at all. In other words, various forms can be implemented without departing from the scope of the present invention. For example, the following forms may be realized.

  Embodiments 1 and 2 described above are configured to be applied to a provider provided through a cloud service as the personal information control system IPCS (see FIG. 1). It may replace with this form and may apply to the provider who provides other services except a cloud service, and may apply to the person who is not a provider. Since the service form is only different, the same operational effects as those of the first and second embodiments can be obtained.

  In Embodiments 1 and 2 described above, when logging in to the personal information control system IPCS, a password (provider password Ppw or user password Upw) composed of alphanumeric characters and symbols is used. (See FIGS. 2 and 6). Instead of this form, another password other than the character string may be used. Other passwords correspond to biometric information and handwriting, for example. Biometric information used in biometric authentication is natural human body information, and includes, for example, fingerprints, voiceprints, static prints, irises, retinas, faces, and DNA types. The handwriting includes a signature (autograph). Since these pieces of information are unique, it is possible to specify whether or not a person is a representative of an individual or an organization when logging in. By combining two or more, unauthorized login due to fake fingerprints or fake irises can be further prevented and accuracy can be improved. Therefore, the same effect as Embodiments 1 and 2 described above can be obtained. Since the other passwords are unique information, the provider identifier PID and the user identifier UID may be omitted or replaced. In this case, the other password corresponds to the provider identification information Pinfo or the user identification information Uinfo.

  In the first and second embodiments described above, an RF-ID tag, cards, codes, and the like are applied as the tag information 3iTags (see FIG. 1). Instead of this form, tag information other than RF-ID tags, cards, and codes may be applied. Other tag information includes, for example, the above-mentioned biometrics information, official document information (for example, registration number of national qualification, license number, Basic Resident Register number, symbol / number of insured card, company corporation of registry Etc.) and medical institution chart information (especially, treatment site, treatment content, dental image, etc.). Even if it is other tag information, since an individual or a group can be specified, it is possible to obtain the same effects as those of the first and second embodiments.

  Tag information 3iTags (hereinafter simply referred to as “tag information 3iTags”) recorded in the information-related database 5 is an inexpensive RF-ID tag, a card possessed by anyone, or an information control system such as an individual. This information is recorded (including registration) based on a GUID such as a two-dimensional code issued by IPCS and sold at a retail store or the like. The information provider iP records personal information of the information provider iP from the point of time when the tag information 3iTags obtained by purchase or transfer is recorded by the terminal device (that is, the provider personal information iPpi recorded in the provider information database 3). ) Can be used without being exposed to the risk of leakage or misuse. By effectively utilizing this, it becomes possible to create a new business as described below.

[Embodiment 1] Management of possessions The possession is managed by pasting the recorded tag information 3iTags to the possession. Alternatively, the tag information 3iTags is processed as a key holder to prepare for when the key is lost. For example, when the property is delivered to the police or the like as a lost property, the personal information control system IPCS only needs to be accessed by reading the tag information 3iTags attached to the lost property by the police with a terminal device. The personal information acquired from the personal information control system IPCS is notified to the terminal device. The personal information in this case corresponds to information necessary for specifying the owner of the article (for example, information specifying an individual's name, age, property, etc.). Thereby, the owner of the lost article can be specified. The user access right information iUac should be set so that public authorities such as the police can access the personal information of the information provider iP.

  As another possible situation, if you do not know who your belongings are, read the tag information 3iTags pasted on those belongings with the terminal device, access the personal information control system IPCS, and use your ID and password. You can log in and prove to others that you are the owner. In other words, since the information provider iP matches the information user iU, it is possible to acquire personal information such as personal information without any limitation. If it is not your belongings, you cannot log in to the server itself using the GUID of the read tag information 3iTags as a clue, so you can prove that it is not your belongings.

  Thus, the tag information 3iTags can serve as the name of the owner written on the article. By using IC cards (cash cards, credit cards, etc.) recorded in the personal information control system IPCS as tag information 3iTags, the wallet containing the IC card itself is "implicit (alias)" by the owner. It becomes the article written in. If a name, a telephone number, or the like is written on the property as in the past (for example, a bicycle), there is a risk that an individual is identified by a third party. In the case of tag information 3iTags, a third party who has not given permission cannot obtain personal information, so there is no risk of identifying an individual.

[Embodiment 2] Safety confirmation Accurately grasping who is in the evacuation center at the time of a disaster is an extremely time-consuming work. Moreover, it is impossible to grasp in real time the evacuees that change from moment to moment. A list can be created by identifying individuals based on official document information held by evacuees. Public document information cannot be used as a personal identification tool in situations where people have to evacuate without taking time to bring public document information (earthquakes, tsunamis, etc.). Even if official document information can be used, there is a problem whether the government can obtain information such as individuals by accessing a database managed by the police, and personal identification using a license is not realistic. Thus, at present, it can be said that there is no means for electronically checking an individual's safety.

  The problem described above can be easily solved by the tag information 3iTags. Since the tag information 3iTags can be recorded freely and without limitation in the personal information control system IPCS, the tag information 3iTags may be recorded in advance in the personal information control system IPCS. If a disaster occurs, all you need to do is grab the nearest tag information 3iTags and evacuate. At the evacuation destination, the person in charge reads the tag information 3iTags with the terminal device and accesses the personal information control system IPCS, so that the evacuee is known. Regarding the access to the personal information control system IPCS, in the event of a disaster, the person in charge of the administration specially provides a mechanism for giving permission to access the personal information control system IPCS in the personal information control system IPCS. Regardless of how the information provider iP sets the information provision level, it is recommended that administrative personnel and public security authorities access personal information in the event of a disaster as a default.

[Embodiment 3] Customer Guidance A mail transfer function is implemented in the personal information control system IPCS. In this function, the mail transmitted from the information user iU is forwarded to the information provider iP as it is (the mail address of the sender is kept as it is). On the other hand, the mail sent from the information provider iP omits all information that can identify the individual such as the sender's address on the server, and implements a function to forward it to the information user iU. Such a mail function can be used for customer guidance described below.

  I see a scene of distributing advertising media such as leaflets and tissues on the streets for advertising purposes, and tag information 3iTags is affixed to these advertising media. The tag information 3iTags is recorded in advance in the personal information control system IPCS by the advertiser. The advertiser makes settings for using the above-described mail delivery function in the personal information control system IPCS. If the consumer who received the advertisement is interested in the contents of the advertisement, the tag information 3iTags is read by the terminal device, the personal information control system IPCS is accessed, and the mail forwarding function to the advertiser is set. The advertiser logs in to the personal information control system IPCS and inputs the GUID of the recorded tag information 3iTags. If the consumer agrees to use the mail transfer function, the advertiser can send an email to the consumer inviting them to visit the store. Of course, at this time, the advertiser does not send the advertisement mail based on the consumer's mail address, but sends it based on the GUID of the tag information 3iTags. For example, when a discount is obtained when a mail is received and a store is visited (the role of a coupon), the customer can guide the customer by the coupon by showing the tag information 3iTags and the mail to the advertiser.

[Embodiment 4] Alternative to current IC cards IC cards are widely used in membership cards, medical examination cards, student cards, cash cards, credit cards, boarding tickets, mileage cards, and the like. An IC card is supported by the market because it can record more information than a magnetic card and has stronger security. From the user's point of view, there are cases where the convenience of the card itself is offset, for example, the number of cards held increases and sometimes it is forgotten that it cannot be used.

  Such a situation can be easily solved by using the tag information 3iTags. In this case, the IC card owner is the information provider iP, and the IC card issuer is the information user iU. Hereinafter, an IC card used as a mileage card will be described as a representative. Consider a situation where a mileage member of an airline (information user iU) changes a conventional mileage card to tag information 3iTags. The mileage member (information provider iP) selects arbitrary tag information 3iTags at hand, reads the tag information 3iTags with the terminal device, accesses the personal information control system IPCS, and records it. A server or the like is set so that necessary personal information can be provided to airlines that are mileage members. The airline communicates the GUID of the tag information 3iTags through the personal information control system IPCS (email, written, telephone, etc.), and the airline logs into the personal information control system IPCS and enters the GUID of the matter To do. However, it is necessary for the airline to receive the service of the personal information control system IPCS in advance. Only with this work, the tag information 3iTags is authenticated as a mileage card by the airline. Thereafter, the tag information 3iTags becomes a mileage card and can be used as a ticket (boarding pass) when boarding.

  Although an example of a mileage card has been given, the tag information 3iTags can be similarly used as an alternative for other cards such as IC cards and magnetic cards. The important point is that if tag information 3iTags is used, an issuance procedure is not required and costs are not required (other than expenses paid to the personal information control system IPCS). With the current IC card, there is a cost for writing personal information on the IC chip when the card is issued. In addition, since it is necessary to write information for each sheet, it takes a weekly time to issue an IC card. In addition, the trouble and cost of safely sending the IC card to the person by registered mail or the like are also generated. All of these costs and time can be saved by using tag information 3iTags. In addition, since a plurality of tag information 3iTags (as many as you like) can be recorded, it is possible to prevent a situation in which the tag information is forgotten and cannot be used. Even if you do not have any tag information 3iTags, purchase tag information 3iTags at a store, etc., record it on the personal information control system IPCS on the spot, and contact the information user iU Thus, the tag information 3iTags can be used as an IC card. Finally, most importantly, unlike the current IC card, personal information is not stored in the tag information 3iTags, so even if the tag information 3iTags is lost, there is no security problem.

[Embodiment 5] Identification card Identification card (eg license, student ID card, insurance card, family register, resident card, election postcard, etc.) can be easily substituted with the tag information 3iTags. The issuer of the ID card and the person or organization that uses the ID card to identify the person is the information user iU, and the owner of the ID card is the information provider iP. Since the information of the owner of the ID is recorded in the personal information control system IPCS, the ID issuer and the identity verifier based on the ID will be able to obtain the level of personal information that can be obtained according to the type of ID. It only has to be set in the information control system IPCS. In response to this, the owner of the ID card determines which person or organization can access his / her personal information, and which type (provided level) can provide personal information depending on the type of ID. It can be set in the personal information control system IPCS.

  Similar to the other tag information 3iTags, when tag information 3iTags is used as an identification card, tag information 3iTags may be recorded as identification card as much as desired. If you do not have the tag information 3iTags when you need identification, purchase the tag information 3iTags from a nearby store and record it in the personal information control system IPCS. I can get it. There is no need to go to a government office like the current resident's card, and it is possible to prevent a situation where the person is not carrying a phone like a driver's license.

[Embodiment 6] Ticket (including regular tickets, boarding tickets, air tickets, etc.)
Tickets can also be replaced with tag information 3iTags. Since it is necessary to read the tag information 3iTags at the ticket gate at high speed, the two-dimensional code cannot be used as the tag information 3iTags. The two-dimensional code needs to be read as an image by the camera, and does not operate at high speed like reading an RF-ID tag by an NFC reader. The information provider iP is a passenger, and the transportation system that issues them is the information user iU. The financial institution that settles the price for the ticket is also an information user iU.

  The passenger may record the tag information 3iTags at hand as a boarding ticket (similar to a mileage card). In the personal information control system IPCS, in order to set the information user iU as a transportation facility and to settle the boarding fee, a financial institution (bank for account withdrawal, credit card company for credit settlement) Also set as information user iU. Of course, it is necessary for these transportation and financial institutions to receive the services of the personal information control system IPCS. With this procedure, any tag information 3iTags can be used as a ticket, eliminating the need for a ticket vending machine. Even if tag information 3iTags is lost during boarding, use another tag information 3iTags recorded as a boarding ticket, or record unrecorded tag information 3iTags as a boarding ticket on the spot. If you do this, you can get a new ticket.

[Embodiment 7] An item premised on the exchange of a business card, etc. An item premised on the exchange of a business card or the like can be substituted with the tag information 3iTags. A business card is a medium for exchanging names, offices and contacts. The information provider iP records the tag information 3iTags as a business card in the personal information control system IPCS. That is, it is recorded in the personal information control system IPCS that tag information 3iTags will be handed over to a third party, and the other party to whom the tag information 3iTags handed the business card reads and accesses the personal information control system IPCS Sometimes, what kind of personal information should be provided to the other party is also set. The partner who received the tag information 3iTags as a business card reads the received tag information 3iTags with the terminal device and accesses the personal information control system IPCS (it is necessary to receive the service of the personal information control system IPCS in advance). By sending the GUID of the tag information 3iTags to the personal information control system IPCS, the contents of the business card are transmitted from the personal information control system IPCS to the terminal device and displayed.
Tag information 3iTags can be used not only as a business card but also as a medium for messages and information exchange. Instead of providing personal information, it is sufficient to record messages, photos, videos, and anything else that can be converted into electronic information into the personal information control system IPCS, and communicate it to the tag information 3iTags recipient via tag information 3iTags. be able to.

[Example 8] Premise of distribution (cash voucher)
Gold coupons such as discount coupons and gift certificates can be substituted with tag information 3iTags. A description will be given taking a gift certificate as an example. The consumer (information provider iP) sends the GUID of tag information 3iTags (recorded if not recorded tag information 3iTags) recorded in the personal information control system IPCS to the issuer of the voucher (information user iU). Contact through the personal information control system IPCS (the issuer of the voucher also needs to receive the service of the personal information control system IPCS). At this time, only the GUID of the tag information 3iTags is transmitted, so the personal information of the purchaser is not provided to the issuer. The issuer recognizes the consumer as a voucher purchaser and records it in the personal information control system IPCS. At the time of authorization, it is also associated with the settlement financial institution designated by the purchaser (financial institution that settles the price when the cash voucher is used) through the GUID.

  The purchaser gives a tag information 3iTags having a cash voucher function to a third party. The received third party presents the tag information 3iTags at a retail store (necessary to receive the service of the personal information control system IPCS) or the like. The retail store accesses the personal information control system IPCS by reading the presented tag information 3iTags with the terminal device. With the association of “Retail Store⇔Voucher Purchaser Tag Information 3iTags⇔Settlement Financial Institution” in the personal information control system IPCS, the purchase price is transferred from the financial institution to the retail store through the personal information control system IPCS.

  The current voucher must be paid in advance for the face value at the time of purchase, and if the voucher is not used and destroyed, it will be charged to the voucher seller by the merchant who sells the product using the voucher. You are not charged for the money you are supposed to pay, and as a result, you will be charged money. This is an economically unreasonable reason that the seller obtains the profit that the consumer (voucher purchaser) should originally obtain, and is a fundamental problem of the voucher. When the tag information 3iTags is used as a cash voucher, the settlement is performed in a scene where it is actually used.

[Example 9] Lottery (including sports promotion lotteries, etc.)
As in the case of the above-mentioned gold voucher, the lottery ticket can be replaced by tag information 3iTags. The information provider iP is a lottery purchaser, and the information user iU is a lottery issuing organization. The purchaser sets the tag information 3iTags to be used as a lottery in the personal information control system IPCS. The actual work is to record the lottery seller as his information user iU. The distributor needs to receive the service of the personal information control system IPCS in advance.

  To purchase a lottery ticket, the purchaser sends the tag information 3iTags GUID to the seller on the personal information control system IPCS (the purchaser records the settlement financial institution in the personal information control system IPCS in advance) ). The distributor who received the GUID makes an inquiry to the financial institution. If the purchaser has received permission to settle the lottery from the GUID to the financial institution, the seller will receive the lottery purchase price from the financial institution. Once the winning number is decided, the purchaser will contact the buyer through the personal information control system IPCS. The winner brings the corresponding tag information 3iTags to the seller, and the issuer reads the tag information 3iTags with the terminal device and confirms that he is a winner.

[Embodiment 10] Key Anyone who is in trouble because they cannot forget the key and open the door at home or in a car. If tag information 3iTags is used as a key, the problem of forgetting the key is solved. Since the door knob that is an example of the lock needs to have a mechanism for reading the tag information 3iTags, a two-dimensional code that needs to be read by the camera is not appropriate as the tag information 3iTags. When tag information 3iTags is used as a key, an RF-ID tag, an IC card, or the like inevitably becomes tag information 3iTags, and an NFC reader is attached to the door knob. When the tag information 3iTags is used as a key, the relationship between the information provider iP and the information user iU differs depending on whether the key is used exclusively for individuals or used as a common key by a plurality of persons.

  When the key is used exclusively for individuals, the information provider iP and the information user iU are the same person. In order for the tag information 3iTags to function as a key, the personal information control system IPCS is set so that the tag information 3iTags operates as a key. This setting information is transmitted from the personal information control system IPCS to the door knob NFC reader. However, the NFC reader of the doorknob is recorded in advance in the personal information control system IPCS. At this time, GUID of tag information 3iTags that can unlock the door is transmitted from the personal information control system IPCS. When these operations are completed, simply by holding the tag information 3iTags over the door knob, the door's NFC reader reads the tag information 3iTags and collates the GUID with a function as a key, thereby unlocking the door. If you forget to have tag information 3iTags recorded as a key, you can record your tag information 3iTags as a key on the spot and follow the above procedure.

  When used as a common key, the key manager is the information provider iP as a representative, and the members who use other keys are the information users iU. By recording the member used by the key manager as the information user iU in the personal information control system IPCS, the key can be used by all members. The rest of the procedure is the same as when using a key with the above individual. The same applies to locks other than the door knob.

[Embodiment 11] Company equipment management tag Since the name of the company or organization that is the equipment owner (administrator) is not displayed as text on the equipment, this is a security measure. Taking a surveillance camera as an example, if the camera manufacturer, camera management number, etc. are displayed on the surveillance camera, the security system may be hacked from that information. If possible, it is better not to display such information on the surveillance camera, but it is necessary to associate such necessary information with the camera for management and operation. If tag information 3iTags is pasted to the surveillance camera, it can be managed and managed without leaking security information to a third party.

[Embodiment 12] Examination slip, election notice, etc. Examination slip, election notice, etc. are necessary to prevent a third party from impersonating the person. In addition, it plays a role of transmitting information such as the examination place (voting place) and the examination time (voting time) to the examinee (voting person). Therefore, it is necessary to mail the examination slip and election notice to the person.

  Tag information 3iTags can fulfill functions such as admission tickets and election notices. Examination slips and election notices can be handled in the same way, so we will explain them on behalf of them below. The examinee communicates the GUID of the tag information 3iTags recorded in the personal information control system IPCS to the test organizer through the personal information control system IPCS (the organizer should also receive the services of the personal information control system IPCS) At the same time, pass the same GUID to your settlement financial institution, and if there is a payment request from the organizer, contact the personal information control system IPCS to pay the examination fee. The organizer receives the examinee's GUID, receives payment of the examination fee from the settlement financial institution, and certifies the tag information 3iTags as an examination ticket. The test taker brings the tag information 3iTags to the test site, and the person in charge of the site reads the tag information 3iTags with the terminal device and confirms that the test is possible. Even if you forget to bring tag information 3iTags (not necessarily one) recorded as an admission ticket to the test site, you can record other tag information 3iTags as an admission card with the Personal Information Control System IPCS. That's fine. Since the personal information control system IPCS can confirm that the examination fee has already been paid, the tag information 3iTags can be used as an examination ticket on the spot.

[Embodiment 13] Anonymous Online Shopping Although online shopping may be convenient, there is a problem that personal information is made known to online shopping businesses (hereinafter referred to as "online store") by purchasing products. Various personal information such as who is purchasing what product and where the purchaser's address is acquired and accumulated. By realizing online shopping through the tag information 3iTags, these problems can be solved.

  The product purchaser records his / her tag information 3iTags in the personal information control system IPCS. Tag information 3iTags GUID is sent to the online store through the personal information control system IPCS and payment can be received through the personal information control system IPCS service when shopping at an online store receiving the personal information control system IPCS service. Send GUID to financial institution. The online store charges the payment financial institution based on the GUID received from the customer. Upon completion of the transfer, the online store brings the product to the courier. At this time, the online store does not know the shipping destination of the product, and only the delivery company knows the destination by the GUID. However, the home delivery service also receives the service of the personal information control system IPCS, and acquires the address and destination of the GUID owner from the personal information control system IPCS. In this way, the online store does not know who made the purchase, nor does it know where the item was sent. Since the delivery company does not know who the shipper is, the personal consumption behavior data cannot be accumulated through the delivery service.

[Embodiment 14] Address and address of postal items and parcel delivery items The address and address etc. are written on the postal items and parcels, or the name (company name) and address of the shipper are written. Therefore, it is also possible that personal information of the recipient is leaked to a third party other than the person in charge of delivery. By attaching tag information 3iTags (two-dimensional code is the best choice) to postal items and parcels, it is possible to completely prevent personal information leakage.

  As shown in the above example, when shopping at an online store, merchandise is delivered using the tag information 3iTags, so that personal information does not leak. That is, the address and destination are not written in characters, but are replaced with a two-dimensional code. Although the GUID is included in the two-dimensional code, it is impossible to know who the GUID is without access rights in the personal information control system IPCS.

  When sending a package from person to person, a two-dimensional code is purchased at a store or the like and recorded in the personal information control system IPCS. In the personal information control system IPCS, the purchaser is in the position of an information provider iP and is set so that only the other party receiving the package can obtain his / her name and address from the tag information 3iTags. The courier should be able to obtain only the name and address of the package from the personal information control system IPCS. Thus, the parcel can be sent to the other party without the courier company knowing the personal information of the shipper. The recipient of the package can read the tag information 3iTags (two-dimensional code) affixed to the package with the terminal device, log in to the personal information control system IPCS, and know who the package is from.

IPCS personal information control system 1 Provider authentication database 2 Provider information recording means 3 Provider information database 31 Attribute separation information database 31a Name table 31b Address table 31c Account table 32 Key information database 32a Key table 33 Related information database 33a Related table 4 Provider access right database 5 Information related database 6 User authentication database 7 User information recording means 8 User information database 9 User access right database 10 Information access means
Pinfo Provider identification information
PID provider identifier
Ppw provider password
iP information provider
iPID provider assignment information
iPac Provider Access Rights Information
iPin provider input information
iPpi personal information
Uinfo User identification information
UID User identifier
Upw user password
iU information users
iUID user allocation information
iUac user access right information
iUin user input information
iUpi User Personal Information
3iTags Tag information
Key Key information
ID-Name Name identifier
ID-Address Address identifier
ID-Account Account number identifier
ID-Item identifier item

Claims (7)

In a personal information control system that records personal information related to an individual or group in a database and can access the personal information recorded in the database on the condition that it is authenticated,
A provider authentication database for associating and recording provider identification information for identifying an information provider that provides the personal information and provider assignment information assigned to each information provider;
A provider information database that records the provider personal information, which is personal information of the information provider, and the provider allocation information in association with each other;
A user authentication database for associating and recording user identification information for identifying information users using the personal information and user allocation information allocated to each information user;
A user access right database for setting user access right information for setting an authority to be accessed among the personal information of the provider recorded in the provider information database, and a user access right database for recording the user assignment information in association with each other; ,
An information-related database that records tag information that individually identifies one or more of the information provider itself and the object that the information provider wants to identify, the provider allocation information, and the user allocation information in association with each other. When,
The provider personal information is recorded in the provider information database on the condition that the provider input information input by the information provider matches the provider assignment information recorded in the provider authentication database. A provider information recording means for performing one or more recordings among recording the tag information in the information-related database;
User information recording means for recording in the user access right database on the condition that the user input information input by the information user matches the user allocation information recorded in the user authentication database. When,
The provider personal information recorded in the provider information database on the condition that the user input information matches the user allocation information and the tag information recorded in the user authentication database. Information access means to access
A personal information control system characterized by comprising: Yes and provider access right information setting accessible rights among the provider personal information such as recorded in the providing information database, the provider access database for recording in association with said provider allocation information And
The provider information recording means further performs one or more recordings including recording the provider access right information and the provider allocation information in association with the provider access right database,
The user information recording means further performs one or more recordings including recording the user access right information and the user allocation information in association with the user access right database,
The information access means further provides the provision recorded in the provider information database by limiting to one of the provider access right information and the user access right information or a range in which both match. The personal information control system according to claim 1, wherein the personal information is accessed. A user information database that records the user personal information, which is the information user personal information, and the user allocation information in association with each other;
The user information recording means further performs one or more recordings, including recording the user personal information and the user allocation information in association with each other in the user information database. The personal information control system according to 1 or 2. The information access means is the provision recorded in the provider information database on the condition that the personal information of the user recorded in the user information database is included in the range of the provider access right information. personal information such as control system according to any one of claims 1 to 3 you, wherein access to individuals such information. The provider information database is
An attribute separation information database for separating and recording the provider allocation information for each attribute information;
A related information database that records a relationship between the provider allocation information and data for each attribute information;
The personal information control system according to any one of claims 1 to 4, wherein the personal information control system is provided. Having a key information database for recording key information used for encryption or decryption;
The provider information recording means includes the provider information database, the provider access right database, and the tag information that are obtained by encrypting data encrypted from the key information database using the key information corresponding to the information provider. Make one or more records in the relevant database,
The information access means decrypts data using the key information corresponding to the information provider from the key information database when accessing the personal information of the provider. 6. The personal information control system according to any one of 5 above.   The personal information control system according to any one of claims 1 to 6, wherein the tag information includes at least one of a character, a symbol, and a pattern.

Images