JP6494004B1 - Personal information management system, service providing system, method and program - Google Patents

Abstract

To improve convenience on the user side and protection of personal information, and to reduce the risk of information leakage on the vendor side. A personal information management system includes two or more nodes constituting a block chain to which a new block is added through processing according to a predetermined consensus algorithm in which two or more nodes participate, and a block chain. Registers the first block containing the hash value of the target confirmation information, which is the personal information disclosed by the user and is necessary for the predetermined target confirmation that is one of identity verification, user authentication or eligibility confirmation A registration unit 62 that performs verification on the basis of the disclosed target confirmation information after verifying the validity of the target confirmation information disclosed by the user using a block in the block chain, and And a record registration unit 64 for registering the second block including the target confirmation record in the block chain. [Selection] Figure 21

Description

  The present invention relates to a personal information management system that manages personal information, a service providing system that provides services using the personal information management system, a service providing method, and a service providing program.

  In service provision, a service provider (hereinafter referred to as a vendor) may provide a service after confirming whether the requesting user is the user himself / herself. For example, the vendor requests the requesting user to disclose personal information, and checks whether the user is the user himself / herself based on the disclosed personal information. In general, confirming that a person is the person is called “personal identification” or “identity verification.” Personal information used for identification is, for example, a license. (More specifically, the information set included therein, the same applies hereinafter), insurance card (more specifically, the information set included therein, the same applies hereinafter), passport (more specifically, the information set included therein). The credit card (more specifically, the information set included therein, the same applies hereinafter), biometric information, my number, etc. In some cases, two or more pieces of information such as a set of ID and password are included. Combinations are also included in such personal information.

  Further, for example, the vendor requests the request source user for user identification information and authentication information in order to confirm that the request source user is a legitimate user in the vendor, and the obtained information is registered in advance. It is confirmed whether or not the user is a legitimate user in the vendor. Confirming that a person who has declared a specific user for a certain system is that specific user, that is, a regular user, is referred to as “user authentication”. Here, confirming that the user is a legitimate user means more specifically that a reporter who declares that he / she is a specific user for a certain system is the same person or equivalent to that specific user in that system. It is to confirm that it has the qualification that can be considered. Confirmation results show that the filer confirms that the filer is the filer, whereas user authentication only confirms that the filer can be regarded as the same as the registered user. However, user authentication can be regarded as a kind of identity verification within each system.

  Another example of using personal information is “eligibility verification” to confirm that the requester who requested the provision of a service is eligible for that service. . Here, the service includes all services such as provision of goods and services regardless of pay / free.

  Hereinafter, performing at least one of identity verification, user authentication, and eligibility verification for a service requester using personal information is referred to as target verification. In other words, the object confirmation is defined as a concept including identity confirmation, user authentication, and eligibility confirmation.

  With regard to the target confirmation technology using such personal information, for example, in Patent Document 1, the management apparatus performs user authentication using a face image captured by a product providing apparatus such as a vending machine, thereby reducing the user's trouble. A merchandise providing system that can provide merchandise without spending is described.

  Further, Patent Document 2 describes a personal authentication system that can identify an individual without using a dedicated card and a dedicated device such as an IC card and its reader, and without using any ID set by the individual. Yes. The personal authentication system described in Patent Document 2 holds a terminal ID as information for identifying a user in an authentication server and authentication information (a pair of biometric information and position information) in advance in association with each other. In the information server, the terminal ID and the personal information of the user are stored in association with each other. In addition, the terminal device that holds the terminal ID transmits a command for requesting the user's personal information together with the verification information (biological information and position information) acquired by the terminal device to the information server via the reader / writer. To do. The information server analyzes the received command, compares the verification information received from the terminal device with the authentication information stored in the authentication server, and performs user authentication. Information is transmitted to the terminal device.

  Non-Patent Document 1 discloses a personal authentication service using a personal information management system (Identity Management System: IMS) provided by ShoCard as one of systems for verifying an identity using a block chain. ShoBadge ”is introduced. ShoCard also provides “ShoCard,” a personal authentication service application, for personal terminals. In the following, regardless of the actual service name or application name, the IMS by ShoCard will be referred to as “ShoCard”, and the platform and applications for personal terminals used in the IMS may be referred to as “ShoCard platform” and “ShoCard APP”. is there.

JP 2017-162191 A JP 2017-102842 A

"SHOBADGE Secure Enterprise Identity Authentication Built Using the Blockchain (White paper)", [online], 2017, ShoCard Inc., [Search April 6, 2018], Internet <URL: https://shocard.com/shobadge />

  The problem is that when performing object confirmation using personal information, the convenience on the user side, the protection of personal information, and the risk avoidance of information leakage on the vendor side are not sufficient.

  For example, the methods described in Patent Document 1 and Patent Document 2 need to manage a set of ID and authentication information or perform a procedure for object confirmation for each service. For this reason, when a user tries to receive provision of various services, the user needs to manage different IDs, authentication information, and information used for the procedure for object confirmation for each service and vendor, which is complicated.

  In addition, each vendor has to hold and manage the user's personal information by himself / herself, and there is a problem that costs for information management including protection against attacks are increased as well as taking a risk of leakage.

  It is also conceivable that the user's personal information is not managed by the vendor, but is presented to the user each time a service is requested. However, this method is complicated for the user because the information necessary for the target confirmation must be presented each time in the target confirmation. In addition, this method, for example, must present the entire certificate even if it is sufficient to present only a part of the certificate certifying the user, such as a license, in the target confirmation. In such a case, it is impossible to control to disclose only the minimum necessary information for each purpose and use, and it is not sufficient in terms of protection of personal information.

  Note that the above-mentioned “ShoCard” uses the ShoCard ID assigned to each user when using the terminal application to request the disclosure of the user's personal information or verify the authenticity of the disclosed information by verifying the identity. For personal applications. If such a personal application is used, it may be possible to provide a service including target confirmation by determining specifications and cooperating with the partner system on the service provider side. To achieve this in an environment where users can continue to use it without taking the hassle of disclosing personal information again and without any risk of leakage of personal information by any vendor. Nothing is taken into account.

  In order to solve the above-described problems, the present invention is not complicated to manage procedures for users and information for the procedures, and the vendor does not take the risk of leakage of the user's personal information. It is an object of the present invention to provide a personal information management system capable of confirming an object using a service, a service providing system, a service providing method and a service providing program for providing a service using the personal information management system.

The personal information management system according to the present invention includes two or more nodes constituting a block chain to which a new block is added through processing according to a predetermined consensus algorithm in which two or more nodes participate, and a user in the block chain. Registration for registering the first block including the hash value of the target confirmation information, which is the personal information disclosed by, and is the personal information necessary for the predetermined target confirmation that is one of identity verification, user authentication or eligibility confirmation The target confirmation information disclosed by the user, the target confirmation information that is verified based on the disclosed target confirmation information, and the blockchain a recording registration unit for registering a second block including the recording of target confirmation, its hash value is registered in the first block by the registration unit A user-side data holding unit that holds at least target confirmation information, and when a request for disclosure of target confirmation information is received from the target confirmation unit, it is held in the user-side data holding unit after obtaining permission from the user A disclosure unit for disclosing the target confirmation information, and the registration unit includes an identifier assigned to the user or a hash value thereof, and personal information disclosed by the user and required for the target confirmation in the blockchain. The first block including the hash value of the target confirmation information that is information is registered, and the first block includes the hash value of two or more target confirmation information, or the block chain includes two or more target confirmation information of the user. Two or more first blocks including at least one hash value are registered, and the disclosure unit obtains permission from the user and opens only the target confirmation information specified by the target confirmation unit. Characterized in that it.

The service providing method according to the present invention is personal information disclosed by a user to a block chain in which a new block is added through processing according to a predetermined consensus algorithm in which two or more nodes participate, and , A first block including a hash value of target confirmation information that is personal information necessary for predetermined target confirmation that is either user authentication or qualification confirmation, and an identifier assigned to the user or a hash value thereof If at least a first block including personal information disclosed by a user and a hash value of target confirmation information that is personal information necessary for target confirmation is registered, and a service is requested by the user, After requesting the user to disclose the target confirmation information and verifying the validity of the disclosed target confirmation information using the blocks in the blockchain Performed target confirmation based on the disclosed target confirmation information, based on the target confirmation of results, as well as providing a service to the user, the block chain registers the second block including the recording of target confirmation, target confirmation When the information disclosure request is accepted, the target confirmation information held in the user side data holding unit holding at least the target confirmation information whose hash value is registered in the first block after obtaining permission from the user The first block includes two or more hash values of target confirmation information, or two or more first blocks including at least one hash value of two or more target confirmation information of a user are registered in the block chain. When the target confirmation information is disclosed in a state where the information is displayed, only the specified target confirmation information is disclosed after obtaining permission from the user .

The service providing program according to the present invention is a block chain in which a new block is added through processing according to a predetermined consensus algorithm in which two or more nodes participate, and is personal information disclosed by a user, An identifier assigned to a user or a hash thereof, which is a first block including a hash value of object confirmation information that is personal information necessary for predetermined object confirmation that is one of identity confirmation, user authentication, and eligibility confirmation Information of at least the first block from a block chain in which at least a first block including a value and a hash value of target confirmation information that is personal information disclosed by the user and is necessary for target confirmation is registered. When a user requests a service to an obtainable computer, the user is requested to disclose the target confirmation information. , After verifying the validity of the disclosed object confirmation information using the block in the block chain, the process of performing the object confirmation based on the disclosed object confirmation information, based on the result of the object confirmation, to the user process of providing the service, to the block chain, process for registering a second block including the recording of target confirmation, and, when receiving a disclosure request of target confirmation information, with the permission to the user, the first block The process of disclosing the target confirmation information held in the user-side data holding unit holding at least the target confirmation information in which the hash value is registered is executed, and the first block stores the hash value of two or more target confirmation information. Or two or more first blocks including at least one hash value of two or more pieces of target confirmation information of the user are registered in the block chain. When to disclose the confirmation information, with the permission to a user, characterized in that to disclose only the specified target confirmation information.

  According to the present invention, procedures for users and management of information for the procedures are not complicated, and the vendor can confirm the target using personal information without taking the risk of leakage of the personal information of the user. it can.

It is explanatory drawing which shows the holding example of the various information in the personal information management system of 1st Embodiment. It is explanatory drawing which shows the other example of the signature method of the registration information in a registration block. It is explanatory drawing which shows the other example of the signature method of the registration information in a registration block. It is explanatory drawing which shows the example of a confirmation recording block. It is a block diagram which shows the main structures of the personal information management system of 1st Embodiment. 3 is a block diagram illustrating a configuration example of a confirmation unit 202. FIG. It is a block diagram which shows the structural example of the ledger management node 301. FIG. It is a flowchart which shows an example of the operation | movement in the registration phase of the personal information management system of 1st Embodiment. It is a flowchart which shows the other example of the operation | movement in the registration phase of the personal information management system of 1st Embodiment. It is a flowchart which shows an example of the operation | movement in the confirmation phase of the personal information management system of 1st Embodiment. It is a flowchart which shows an example of the operation | movement in the confirmation phase of the personal information management system of 1st Embodiment. It is a flowchart which shows the operation example of the confirmation organization side system in a confirmation phase. It is a schematic block diagram of the ticket service system of 2nd Embodiment. It is a flowchart which shows the outline | summary of operation | movement of the ticket service system of 2nd Embodiment. It is a sequence diagram which shows an example of the flow of the process at the time of the personal registration of 2nd Embodiment. It is a sequence diagram (1) which shows an example of the flow of the process at the time of the purchase application of 2nd Embodiment. It is a sequence diagram (2) which shows an example of the flow of the process at the time of the purchase application of 2nd Embodiment. It is a sequence diagram which shows an example of the flow of the process at the time of the entrance application of 2nd Embodiment. It is a block diagram which shows the other example of the ticket service system of 2nd Embodiment. It is a schematic block diagram which shows the structural example of the computer concerning each embodiment of this invention. It is a block diagram which shows the outline | summary of the personal information management system of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. First, a technical concept of a personal information management system (Identity Management System: IMS) in the present invention will be briefly described.

  In the personal information management system of the present invention, one personal ID is assigned as identification information for associating various personal information with users. More specifically, various personal information used for target confirmation is securely managed in association with one personal ID assigned to each user. The personal ID is preferably associated with all personal information owned by the user. However, it is sufficient that the personal ID is associated with at least personal information managed by the personal information management system provided by the present invention. Even in this case, the personal ID can be said to be one piece of identification information associated with various pieces of personal information used for object confirmation in the personal information management system, that is, an integrated identification number.

  In the personal information management system according to the present invention, a block chain is used as a mechanism for managing personal information of users. Here, the block chain is a time series of data groups having a predetermined data structure called a block, and has a role as a ledger describing transaction contents. Each block contains information on one or more previous blocks (hereinafter referred to as the previous block) and information for detecting the presence or absence of tampering (nonce, signature, etc.) in addition to the data to be recorded in the block, such as transaction details Including. A nonce is a value in a data area that is set so that a value obtained when data in that area is processed by a one-way function satisfies a predetermined rule. . A new block is added to the block chain through processing according to a predetermined consensus algorithm in which two or more nodes participate. For example, in PoW (Proof of Work) which is one of the consensus algorithms, for each block (data group) including information and nonce of the previous block, “the hash value of the block is equal to or less than a threshold value (target value). Rules are determined in advance, and when adding a block, a process is performed in which a plurality of nodes simultaneously search for nonces that satisfy such rules. In addition to PoW, there is a consensus algorithm such as BFT (Byzantine fault tolerance).

  However, the personal information is not recorded in the block chain as it is, but the hash value of the personal information is recorded in association with the hash value of the personal ID. At that time, the signature of the person who created the hash value (creating source) is attached to the hash value. The signature is, for example, the signature of the person who owns the personal information, or the signature of a third party organization (hereinafter referred to as a confirmation organization) that has confirmed that the personal information is correct (Correctness). As a signature, a digital signature obtained by encrypting information to be signed (in this case, a hash value) with a private key of the signer can be used. By attaching the signature of the creator to the hash value, the reliability of the hash value, more specifically, the hash value is created by the signer himself (creator certificate), and the signature The side that refers to the hash value can confirm that it has not been tampered with since that time (non-tampered proof). By performing such a hash value creator certificate and non-falsification certificate, the hash value that is the registration information can be trusted, that is, the information possessed by the legitimate owner or the verification authority confirms its validity. It is possible to confirm from the signature that the information is created from the processed information. It is also possible to perform encryption instead of the process of attaching a signature.

  The reliability of the information registered in the block chain (hash value and signature attached thereto) itself is secured by the difficulty of tampering with the block chain.

  On the other hand, the personal information that is the original data of the hash value is held in a secure environment so as to be hidden by a person other than the user. For example, the personal information may be stored in a secure area in a device owned by the person (hereinafter referred to as a client device) or may be encrypted and stored in a distributed file server. The user can control whether or not personal information placed in such a secure environment is freely disclosed, and if so, which personal information is disclosed.

  In the personal information management system according to the present invention, the personal information of the user associated with the personal ID (the personal ID that is the original data of the hash value of the personal ID in the block) is included in the block chain that can be referred to by a third party. By storing only the information indicating the correctness, the confidentiality of personal information is ensured. At that time, by combining the identification information for identifying the owner of the personal information into one, the procedure for confirming the object that has been different for each purpose can be specified by one identification information (personal ID). So that it can be done by unified processing.

  Further, in the personal information management system according to the present invention, when the object confirmation is performed using the hash value of the personal information of the user stored in the block chain, the block indicating the confirmation record is displayed in the block chain. Will continue to add. Thus, by leaving a history of confirmation records in the blockchain, the results of past object confirmations can be used for object confirmations for similar purposes without disclosure of specific personal information. For example, for users who have been confirmed for the same purpose in the past, the hash value of the personal information is used to collate with the information in the block chain without requiring the disclosure of the personal information. Just to be able to give the same result as the result of past object confirmation. This minimizes the disclosure of personal information.

  In the personal information management system according to the present invention, a personal ID is used as information for linking a user and personal information. The personal ID is a unique device such as a mobile phone, an IC card, or an authentication device. Since they are not managed in association with each other, even if a device or the like is lost, recovery is possible without rewriting registered information.

Embodiment 1. FIG.
Next, an embodiment of the personal information management system according to the present invention will be described while presenting a specific system configuration. FIG. 1 is an explanatory diagram illustrating an example of holding various types of information in the personal information management system according to the first embodiment. FIG. 1 shows a client device 1 possessed by a user, a confirmation authority device 2 possessed by a confirmation authority, and a block chain 3.

  In FIG. 1, the client device 1 holds a signature key pair (secret key 11D and public key 12D) of the user himself / herself and a personal ID 13D assigned to the user by the personal information management system. In the client device 1, the personal ID 13D is associated with one or more personal information 14D.

  In addition, the verification authority device 2 holds a key pair for signature of the verification authority (a secret key 21D and a public key 22D).

  The block chain 3 holds registered blocks and confirmation recording blocks as shown below.

  For example, when an individual starts using the personal information management system, a personal ID 13D is assigned to the individual who becomes a user, and a signature key pair (secret key 11D and public key 12D) is generated. When the personal ID 13D is assigned and the key pair is generated, the user operates the client device 1 to store the hash value of the personal ID 13D and the personal information 14D to be registered (particularly, personal information used for target confirmation). A hash value is calculated, a personal information management block including them is created and added to the block chain.

  FIG. 1 shows a block n−1 as an example of a registered block added to the block chain 3. The registration block includes personal ID_Hash 31D (corresponding to the hash value of the personal ID 13D), personal information Hash 32D (corresponding to the hash value of the personal information 14D), and the signature 33D of the person who created them. It is. Here, the personal signature 33D is a signature for indicating that the personal ID_Hash 31D and the personal information Hash 32D included in the block are created by the user himself / herself who is the authorized owner of the original data.

  The personal information Hash32D is preferably calculated for each unit in which the user who owns the personal information discloses the personal information (see FIG. 2A). At that time, it is also possible to attach a personal signature 33D to each personal information Hash32D (see FIG. 2B). FIG. 2 is an explanatory diagram showing another example of the registration information signing method in the registration block. In FIG. 2, the dotted line represents the signature target data of the signature 33D of the principal.

  In addition, when there are a plurality of pieces of personal information to be registered, the user can add these hash values to the block chain 3 as separate registration blocks. In any case, it is only necessary that the personal ID_Hash 31D of the user and the personal information Hash 32D are associated with the signature of the creator in the registration block. The personal ID can also be regarded as one of the personal information. In this case, the registration block includes the hash value of the personal ID and other personal information other than the personal information together with the signature of the creator. It only has to be.

  Although not shown in the drawing, each block may include information indicating the signature creation source public key, the type of block, the type of each registered information, and the like.

  Each block constituting the block chain 3 has control information necessary for the block to form a part of the block chain, for example, the hash value of the previous block or the signature of the person who added the block. Etc. are included. Such control information is determined by the specifications of the block chain to be used.

  Hereinafter, a case where a license is registered as personal information will be described as an example. The license includes multiple personal information such as name, address, face photo, date of birth, license number, expiration date, etc., but the user took the entire license as personal information used for subject confirmation. A license image may be used. In that case, a registration block including the hash value of the license image as personal information Hash32D is registered in the block chain 3. Note that the license image itself, which is personal information, may be held in a secure area of the client device 1 or may be divided and encrypted and held in a distributed file system.

  When registering a license as personal information, in addition to making the entire license a single image, you can divide it into units that you want to control disclosure into multiple partial images, or set a unit that you want to control disclosure For each unit, only that part can be identified so that it can be processed into multiple processed images, and if text input is possible (address, date of birth, name, etc.), it can be converted into data by text input, etc. May be registered as personal information. In that case, the license image (whole), the partial image, the processed image, and the text data can be held as different types of personal information.

  For example, when the user wants to register an image (the above partial image or processed image) that can identify only the region where the date of birth of the license is described as birth date data that is one of personal information Calculates the hash value of the personal ID of the user and the hash value of the date of birth data, and puts each of them together or puts them into one signature, and attaches the signature of each person. A registered block in which the hash value is registered may be added to the block chain 3.

  Next, a case where the user's target confirmation is performed using the information registered in the block chain 3 will be described. The confirmation organization device 2 of the confirmation organization that wants to confirm the target acquires the personal ID 13D and personal information 14D (hereinafter referred to as first personal information) used for target verification from the client device 1 of the user to be verified. . Then, the verification authority device 2 acquires a registration block in which the hash value of the first personal information is registered in association with the hash value of the personal ID 13D. Acquisition of the registration block may be obtained by searching the block chain 3 using the hash value calculated from the personal ID 13D and the hash value calculated from the first personal information as a key. May be obtained by obtaining a hash value or the like of a registered block obtained from the block registration history or the like held by the and searching the block chain 3 using the hash value or the like as a key. It is only necessary to be able to search based on information published at least in the block chain 3. When the corresponding registration block is searched, the confirmation authority device 2 determines that the information registered in the registration block (personal ID_Hash31D or personal information Hash32D) is the user himself / herself (in this case, the person who disclosed the personal information). ) Is created (certificate of origin) and has not been tampered with from the time of signing (non-tampered proof), the signature 33D of the principal attached to the information, and the public key 12D of the user who is the signer (Check the reliability of registered information). Further, the verification authority device 2 collates the personal information Hash32D in the searched registration block with the hash value calculated from the first personal information acquired from the user (confirmation of original data consistency). Note that the consistency check of the original data is omitted when the registered block is searched using the hash value calculated from the first personal information as a key.

  When both of these two confirmation results are OK, the confirmation authority device 2 uses the personal information 14D of the user himself / herself as the first personal information obtained from the disclosing person, as indicated by the personal ID 13D obtained from the disclosing person. Based on the disclosed first personal information, necessary confirmation (identity confirmation, user authentication, and eligibility confirmation) is performed in the confirmation organization.

  As an example, it is assumed that the confirmation authority device 2 confirms the age of the service requesting user as a condition of service qualification. In this case, the confirmation authority device 2 sends the personal ID 13D and date of birth data (eg, partial image of the license image, processed image, text data) to the user's client device 1 as the first personal information. May be required to be disclosed. The date of birth data used as the first personal information has at least the hash value registered in the registration block together with the hash value calculated from the personal ID 13D of the user, that is, the personal information in the registration block. It is assumed that the original data of Hash32D.

  Upon obtaining such information, the verification authority device 2 acquires a registration block in which the hash value of the disclosed birth date data of the user indicated by the disclosed personal ID 13D is registered. Upon obtaining the registration block, the verification authority device 2 creates the hash value (personal information Hash32D) of the date of birth data included in the registration block and the signature 33D of the principal attached to the personal ID_Hash31D (user himself / herself) And the reliability of the obtained decrypted data (hash value to be signed) is confirmed (reliability confirmation of registered information). Here, the public key of the creator may be the one in the block, or the public key of the disclosing person who disclosed the first personal information as the user himself / herself.

  In addition, the verification authority device 2 compares the personal information Hash32D included in the registration block with the hash value created from the date of birth data disclosed by the user as necessary, and determines whether or not they match. Confirm (confirm consistency of original data). As already described, the consistency check of the original data is replaced with the search process when the registered block is searched using the hash value calculated from the disclosed personal information as a key (searched The same block as the original data).

  When both the reliability check of the registration information and the consistency check of the original data are OK, the checking authority device 2 indicates that the disclosed date of birth data is the user himself / herself indicated by the disclosed personal ID. Age confirmation is performed based on the date of birth data, assuming that the personal information is correct for the disclosing person. As a result, the confirmation authority device 2 may provide an age-restricted service, for example. In this way, the confirmation authority device 2 simply obtains the personal ID 13D and the date of birth data from the request source of the service, and whether the date of birth data is the date of birth of the presenter. Even if the identity verification is not performed by itself, the subject confirmation (age confirmation) can be performed based on the disclosed birth date data.

  Further, when the confirmation authority device 2 performs the target confirmation using the information in the block chain 3, the confirmation organization device 2 registers a confirmation record block indicating the confirmation record in the block chain 3.

  FIG. 1 shows a block n and a block n + 1 as examples of the confirmation recording block added to the block chain 3. The confirmation record block includes at least a personal ID_Hash 31D (corresponding to a hash value calculated from the personal ID 13D disclosed by the user) and a signature 35D of the confirmation organization that created the confirmation ID. As shown as block n, the confirmation recording block may further include confirmation information 34D.

  Here, the confirmation information 34D may include, for example, information on a confirmation organization (confirmation organization ID or the like) and information indicating a confirmation item. By registering such confirmation information 34D, it is possible to eliminate the need for duplicate processing when performing target confirmation for the same purpose. For example, the information of the confirmation organization may be a confirmation organization ID that identifies the confirmation organization, for example. The confirmation items include, for example, information on the block used for the target confirmation (thereby knowing the hash value and type of personal information used for the target confirmation), and the results of the target confirmation (the various types performed during the target confirmation). Or the type of service provided as a result of target confirmation, the type of eligibility required by the service, and the like.

  If such a confirmation record block is included in the block chain 3, thereafter, the confirmation institution does not disclose specific personal information (for example, date of birth data) and the personal ID disclosed by the user. Based on the hash value of the personal information, a confirmation result equivalent to the confirmation result indicated by the confirmation information 34D of the past confirmation record block specified from the hash value can be given to the user. In addition, the user can prevent unnecessary disclosure of personal information.

  In the above example, without receiving disclosure of birth date data, it is necessary to know the type of service given to the user in the past, based on the user's personal ID and the hash value of the birth date data. The user can be provided with services and eligibility equivalent to the eligibility type. In addition, for example, when the purpose of use and the use organization are limited, it is possible to identify what type of personal information was used for the user from the confirmation organization's signature 35D. Even without the confirmation information 34D, it is possible to give the user the same object confirmation result. Even in this case, it is assumed that the registration information of the confirmation record block which is the confirmation record of the user is subjected to the reliability confirmation based on the signature.

  The client device 1 of the user wants to retain key information (such as the hash value of the block) in the block chain 3 of the block in which his / her information (at least personal ID_Hash31D) is recorded as a registration history and to use it when confirming the target. It is also possible to specify the key information of the block.

  By the way, the reliability determination of the registration information described above is based on the fact that the user's personal ID, personal information, and secret key are confidential to a third party, and the signer (the person who created the hash value) has the correct personal ID and It is assumed that a hash value is created from personal information. However, if a legitimate user intentionally cheats (personal information falsification, etc.), only the signature of the person attached to the registration information (in this case, the hash value of the personal ID and the hash value of the personal information) Thus, the validity of the original data (personal ID itself or personal information itself) is not guaranteed.

  For example, when the first personal information used for object confirmation is information derived from the user's living body such as a facial photograph or biological information, it is created from the hash value created from the disclosed first personal information and the disclosed personal ID 13D. The disclosed first personal information or disclosure from the correspondence relationship with the hash value and the similarity between the disclosed first personal information and equivalent information (such as current biometric information) obtained from the person who made the disclosure It is possible to confirm the validity of the original data of the hash value of the first personal information, that is, the disclosing person who disclosed the personal ID 13D and the correctness as the personal information of the user himself / herself indicated by the personal ID 13D.

  However, if the disclosed first personal information is information other than information derived from the user's living body (for example, attribute information such as name, address, date of birth, etc.), the reliability of the personal information Hash32D included in the registration block Only the confirmation cannot confirm the validity of the first personal information which is the original data.

  Therefore, in consideration of the user's intentional fraud, a registration block may be added after allowing a predetermined confirmation organization to confirm the validity of the personal information. At this time, the personal information Hash 32D may be attached with the signature 35D of the confirmation organization instead of the signature 33D of the principal or together with the signature 33D of the principal. Even when the signature 35D of the checking organization is attached instead of the signature 33D of the principal, there is no particular problem because the signature 33D of the principal is attached to the personal ID_Hash 31D. In addition, when the signature 33D of the principal and the signature 35D of the verification authority are attached together, the data to be signed with one signature may be regarded as one data, and the other signature may be attached. Each signature target data may be signed.

  FIG. 3 is an explanatory diagram showing another example of the registration information signing method in the registration block. In FIG. 3, the dotted line represents the signature target data of the signature 33D of the principal, and the broken line represents the signature target data of the signature 35D of the verification authority. FIG. 3A shows an example in which the personal information Hash32D is attached with the signature 35D of the checking organization instead of the signature 33D of the principal. FIGS. 3B to 3F show an example in which the personal information Hash 32D is added with the signature 33D of the principal and the signature 35D of the checking organization. In the example shown in FIG. 3B, the personal information Hash32D, which is the data to be signed, is appended with the signature 33D of the principal and the signature 35D of the checking organization, respectively, and examples shown in FIGS. Then, the signature 33D of the principal and the signature 35D of the checking organization are attached in a nested structure. Here, “nested structure” means that one signature is attached to the signature target data first, and the data including the signature is made new signature target data and the other signature is attached. The signer who performs the signature later can include the previous data to be signed and other data together with the previously attached signature. In any case, when confirming the reliability of the registered information in the object confirmation, it is pre-determined what structure and which data is subject to which signature, or information in the block, etc. It is assumed that As a result, if the other confirmation authority can obtain the hash value of the personal ID, the hash value of the personal information, the public key of the principal, and the public key of the confirmation authority, the reliability of the registered information (this includes the personal information (Including the reliability of the signature 35D of the confirming organization that has confirmed the validity).

  For example, in the example shown in FIG. 3C, the personal information Hash32D, which is one of the registration information, is first attached with the signature 33D of the principal, and the signature 33D of the principal and the previous signature target data (personal information Hash32D) Is added as a new signature object data, and the signature 35D of the checking organization is attached. Further, for example, in the example shown in FIG. 3D, the personal ID_Hash31D and personal information Hash32D, which are two registration information, are first attached with the signature 33D of the principal, and the signature 33D of the principal and the data to be signed (personal) ID_Hash31D and personal information Hash32D) are used as new signature target data, and the signature 35D of the checking organization is attached. In FIGS. 3C to 3D, the verification authority can also attach the signature 35D of the verification authority using only the signature 33D of the principal, which is the previous signature, as new signature target data. For example, in the example shown in FIG. 3 (e), the personal information Hash32D, which is one of the registration information, is first attached with the signature 35D of the confirmation organization, and the signature 35D of the confirmation organization and the previous signature target data (personal The information Hash32D) is used as new signature target data, and the signature 33D of the principal is attached. The principal can also add the signature 33D of the principal by using only the signature 35D of the checking organization as new signature target data. Further, for example, in the example shown in FIG. 3F, the personal information Hash32D, which is one of the registration information, is first attached with the signature 35D of the confirmation organization, and the signature 35D of the confirmation organization and the previous signature target data (personal The information Hash32D) and other registered information (personal ID_Hash31D) are used as new signature target data, and the signature 33D of the principal is attached.

  In the personal information management system, as shown in FIG. 2 and FIG. 3, the registration information (for example, personal ID_Hash 31D or personal information Hash 32D) does not have to be signed one-on-one with the person or the confirmation organization. If the signature target data of the signature includes the registration information that is the purpose of the signature or other signatures that use the registration information as the signature target data (including cases where the signature is included in a nested structure), Therefore, it is assumed that the registration information has a certain signature.

  Therefore, when registering certain registration information with the signature of the principal, the registration information with the signature of the principal in combination with the other registration information, or the registration information that is the signature target data of another signature In addition, the person's signature is attached, the data subject to signature including the other signature attached to the registration information to which the other signature is attached, the person's signature is attached, Also included are those with other signatures added to the subject's signature attached to the registration information attached in advance as signature object data.

  For example, the confirmation authority device 2 of the confirmation authority requested to confirm the validity of the first personal information, the client apparatus 1 confirms that the first personal information and the first personal information are correct. You may acquire the 2nd personal information which can be confirmed. Then, after confirming that the first personal information is correct based on the second personal information, the confirmation authority device 2 calculates the hash value (personal information Hash32D) of the first personal information and obtains it. It adds its own signature (signature 35D of the confirmation authority) to the hash value and returns it to the client device 1. When the client device 1 receives the hash value of the personal information with the signature of the confirmation authority, the client device 1 creates a registration block together with the hash value of the personal ID (personal ID_Hash31D) with the signature 33D of the principal, and the block chain 3 May be added to

  The confirmation organization that confirms the legitimacy of the personal information may be, for example, an organization that issued the personal information (for example, a police organization in the case of license information). In that case, the verification authority device 2 of the verification authority as the issuing source, for example, information (license number, face photo, credit card number, password, etc.) that can be used for identity verification or user authentication at the verification authority, The first personal information that is obtained as the second personal information and after confirming whether or not it matches the authentication information held by itself, and the first personal information that has been requested for confirmation. The legitimacy may be determined by confirming whether or not. If the validity is confirmed, the hash value of the first personal information acquired from the user may be calculated, and the signature may be added to the hash value and returned to the client device 1. Hereinafter, the second personal information acquired by the confirmation organization that confirms the validity of the personal information may be referred to as validity confirmation information.

  It is also possible to create a registration block and add it to the block chain 3 on the confirmation authority side without replying to the client device 1. In this case, the verification authority device 2 may further acquire the personal ID_Hash 31D with the signature 33D of the user himself / herself from the client device 1. If necessary, the personal information Hash32D with the personal signature 33D, or personal ID_Hash31D and personal information Hash32D as registration information with the personal signature 33D may be acquired.

  If such a registration block is included in the block chain 3, thereafter, the confirmation organization does not need to confirm the validity of the first personal information disclosed by the user by itself. The personal information can be used for target confirmation only by checking the reliability of (personal ID_Hash31D and personal information Hash32D) and the consistency of the original data. However, the confirmation authority is a confirmation authority in addition to the creation source certificate (registration source certificate in this case) and the non-falsification certificate of the data to be signed with the signature 33D of the principal in the reliability confirmation of the registered information. The creation source certificate (in this case, the registration source certificate) and the non-falsification certificate of the signature target data to which the signature is attached by the signature 35D.

  Note that the timing of confirming the validity of the personal information that is the original data of the personal information Hash32D of the registration block is not limited to when the registration block is registered. For example, it is possible to have a predetermined confirmation organization confirm the validity of the personal information after registering the registration block. In such a case, the confirmation organization may verify the object (including identity confirmation and user) including the validity confirmation of the original data of the registration information (more specifically, the first personal information whose consistency with the original data of the registration information has been confirmed). For example, a confirmation recording block as shown in FIG. 4 may be registered in the block chain 3. The confirmation recording block shown in FIG. 4 includes the confirmation information 34D, personal information Hash32D included in the registration information for which the validity of the original data of the registration information is confirmed, the result of identification (OK), and the validity of the original data. Information on the result of confirmation (OK) is included.

  The object confirmation including the validity confirmation of the personal information that is the original data of the registration information is performed by, for example, the object information that the confirmation authority device 2 further discloses from the client device 1 (first individual This can be realized by acquiring second personal information that can be confirmed by the confirmation organization. The method for confirming the validity of the first personal information from the second personal information is as described above. Note that if the validity of the first personal information can be confirmed from the first personal information by visual inspection or the like in the confirmation organization, the acquisition of the second personal information is omitted.

  It is also possible for a confirmation organization other than the issuer of personal information to confirm the validity of the personal information. In that case, the confirmation authority device 2 of the confirmation authority is the second personal information that includes the first personal information or information indicating the equivalent content in the process of the target confirmation, You may acquire what can confirm in the confirmation organization or this system that the personal information (2nd personal information) is correct. In addition, when any organization confirms the validity, if the validity of the first personal information can be confirmed by visual inspection or the like from the first personal information, the acquisition of the second personal information is omitted. Is done.

When the verification organization other than the issuer verifies the validity of the personal information, for example, personal information that satisfies any of the following conditions (1) to (3) is used as the second personal information (validity confirmation information): It may be used.
(1) (a) “(a1)“ original information that indicates the first personal information or the same content ”and (a2)“ original information that includes at least the identity information ”or at least integrated” or A copy of the original.
(2) (b1) “Information including at least (a1)“ information indicating the first personal information or the same content ”” and (b2) “issued to the original data of the hash value The block with the original verification authority's signature is the information registered in the blockchain ”.
(3) (c) “A set of information capable of identifying a user and an authentication information capable of user authentication in an organization that holds authorized first personal information (authorized information holding organization)”.

  Note that the condition (1) is, for example, a case where the original license or a copy of the license including (a) = (a1) date of birth data and (a2) the face image are integrated. In such a case, if it is confirmed that the presenter is the identity of the person (a2) in the disclosed (a) by visual inspection or collation with information equivalent to (a2) obtained from the current user, (A1) can also be regarded as the personal information. After that, (a1) in the disclosed (a) may be compared with the disclosed first personal information. At this time, a copy image may be obtained from the original when the target is confirmed. Note that the collation between the disclosed (a1) in (a) and the disclosed first personal information includes collation of image data and text data. In addition, in order to confirm the validity of the second personal information, when information equivalent to (a2) is further acquired from the current user, the information may be referred to as third personal information. In this case, the personal identification information including the third personal information may be called.

  Further, for the condition (2), for example, consider a case where (b1) = (a1) insurance card image (entire) including date of birth data. In such a case, if a block with the signature of the issuing authority is registered for the original data of the disclosed hash value of (b1) in the block chain 3, the registration information in the block If the reliability and the consistency between the disclosed (b1) and the original data of the hash value in the block are confirmed, the validity of the disclosed (b1) is confirmed. After that, (a1) in the disclosed (b1) may be collated with the disclosed first personal information.

  For condition (3), if (c) = a set of such user identification information and authentication information, (c) is transmitted to the regular information holding organization together with the first personal information, and (c) is Based on user authentication based on that, by sending back the result of collating the first personal information that was sent with the legitimate first personal information of the user held by the regular information holding organization, The validity of the disclosed first personal information can be confirmed.

  For example, when the signature 35D of the confirmation organization that confirms the validity of the original data is not attached to the hash value of personal information (personal information Hash32D) included in the registration block or confirmation record block of the user, The confirmation authority device 2 may perform object confirmation including validity confirmation of the first personal information used for object confirmation. Specifically, the confirmation authority device 2 may further request the disclosure of the second personal information as described above at the time of object confirmation.

  In addition, the personal information management system may perform the above-described processing after performing user authentication for the personal ID when the user discloses the personal ID, if necessary. User authentication can use existing authentication technology.

  In addition, specific processing (to personal information and private key) such as addition of a registration block, addition of a confirmation recording block, confirmation of reliability of registration information in the block, confirmation of consistency of original data, validity of original data, and the like described above. The personal information management system uses a UI (User Interface) or an API (Application Program Interface) provided by the personal information management system.

  Next, the main configuration of the personal information management system will be described with reference to FIG. A personal information management system 100 shown in FIG. 5 includes a data storage unit 101, a registration unit 102, a disclosure unit 103, an authentication unit 104, a data storage unit 201, a confirmation unit 202, a ledger management node 301, a data storage unit 501, and a personal ID assignment. Part 502 is provided. As shown in FIG. 5, the personal information management system 100 is roughly divided into a user side system 10, a confirmation organization side system 20, a ledger management system 30, and a management side system 50.

  In FIG. 5, the data storage unit 101, the registration unit 102, the disclosure unit 103, and the authentication unit 104 belong to the user side system 10. The data storage unit 201 and the confirmation unit 202 belong to the confirmation organization side system 20. The ledger management node 301 belongs to the ledger management system 30. In addition, the data storage unit 501 and the personal ID assignment unit 502 belong to the management system 50. Note that the authentication unit 104 can belong to the management-side system when performing user authentication using authentication information held in the management-side system.

  However, this classification is based on information access authority and does not limit the actual operating environment of the program. For example, functions of a part of the registration unit 102 (excluding access to the data storage unit 101) and a part of the confirmation unit 202 (excluding access to the data storage unit 201) are implemented in an apparatus included in the management system 50 May be.

  Although not shown, the user side system 10 includes at least the client device 1. Further, the confirmation organization side system 20 includes at least the confirmation organization device 2.

  Each processing unit excluding the data storage unit 101, the data storage unit 201, and the data storage unit 501 is connected via the network 40. Note that the network 40 may include a plurality of different networks such as the Internet and the Ethereum network. The data storage unit 101 only needs to be connected to the registration unit 102, the disclosure unit 103, and the authentication unit 104. The data storage unit 201 only needs to be connected to the confirmation unit 202. The data storage unit 501 only needs to be connected to the personal ID assignment unit 502.

  The data storage unit 101 holds information necessary for each processing unit belonging to the user-side system 10 and information disclosed to other systems as user information. The data storage unit 101 stores, for example, personal information 14D of a user, a personal ID 13D assigned by the personal information management system 100, and a signature pair key (a secret key 11D and a public key 12D). In this embodiment, at least a part of the data storage unit 101 is accessed from a storage device having a secure area included in an apparatus (for example, the client device 1) included in the user-side system 10 or an apparatus included in the user-side system 10. Realized by possible split file system.

  In response to an instruction from the user, the registration unit 102 includes a hash value of the personal ID 13D of the user, a hash value of the personal information 14D to be registered, and a necessary signature (including at least the signature of the user). Is registered in the block chain 3. Since actual registration is performed by a ledger management node 301 described later through a predetermined procedure, the registration unit 102 performs processing for adding a registration block to the block chain 3 via the ledger management node 301. Note that the registration unit 102 only needs to provide a user with a procedure for registering such a registration block in the block chain 3.

  For example, when the personal information 14D to be registered is designated by the user, the registration unit 102 reads the designated personal information 14D from the data storage unit 101 and calculates the hash value. The obtained personal information hash value (personal information Hash32D) and the personal ID 13D hash value (personal ID_Hash31D) are attached with at least one signature 33D of the registered block in which they are registered. An addition request (block addition request) is transmitted to the ledger management node 301 described later.

  Note that the registration unit 102 may transmit a request for confirmation of the validity of the personal information 14D, which is the original data, to the confirmation unit 202 of a predetermined confirmation organization, if necessary, together with the personal information 14D. Thereby, at least the signature 35D of the confirmation authority for the personal information Hash32D may be obtained. Then, the registration unit 102 requests to add a registration block including personal information Hash32D, personal ID_Hash31D, at least the signature 35D of the confirmation authority for the personal information Hash32D, and at least the signature 33D of the principal for the personal ID_Hash31D as registration information. (Block addition request) may be transmitted to the ledger management node 301 described later.

  Further, the registration unit 102 may transmit the validity confirmation of the personal information 14D and the registration block registration request to the confirmation unit 202 of the predetermined confirmation organization together with the personal ID_Hash 31D with at least the signature 33D of the person. In this case, the confirmation unit 202 adds a registration block including personal information Hash32D, personal ID_Hash31D, at least the signature 35D of the verification organization for the personal information Hash32D, and at least the signature 33D of the principal for the personal ID_Hash31D as registration information ( (Block addition request) may be transmitted to the ledger management node 301 described later.

  The disclosure unit 103 outputs the designated personal information 14D or its hash value to the outside in accordance with an instruction from the user. Here, the output to the outside can include display (output to a display device) and transmission (output to a designated destination). For example, when the disclosure unit 103 receives a disclosure request in which the personal information 14D is designated from the confirmation unit 202, the disclosure unit 103 inquires of the user whether the disclosure is present or not, and then designates the designated personal information 14D or the hash value thereof. To the output destination (request source confirmation unit 202, display unit, etc.). If the hash value of the personal information 14D is registered in the block chain 3 as a confirmation record block or a registration block together with the result of target confirmation for the same purpose and the signature of the confirmation organization, the disclosure unit 103 specifies the specified personal information Instead of 14D, a hash value of designated personal information 14D can be output. At that time, the disclosure unit 103 may output the specified information after inquiring the user about which information is disclosed, or may output the hash value preferentially without making an inquiry. Good. Further, when outputting the hash value of the personal information instead of the personal information, the disclosure unit 103 may output the information of the confirmation recording block at that time together.

  The authentication unit 104 performs user authentication for the current user when another processing unit accesses the personal ID 13D. For example, when detecting the access to the personal ID 13D, the authentication unit 104 requests the current user to input authentication information, compares the input authentication information with the authentication information held in advance, User authentication is performed. Note that if the user-side system 10 does not require user authentication for the personal ID 13D, the authentication unit 104 may be omitted.

  In the present embodiment, the registration unit 102, the disclosure unit 103, and the authentication unit 104 are realized by a CPU that can access the data storage unit 101, for example, installed in an apparatus included in the user-side system 10.

  Note that the authentication unit 104 can also operate as a processing unit that performs user authentication for the personal ID 13 </ b> D disclosed from the disclosure unit 103 in the management-side system 50. In this case, the authentication unit 104 requests the current user (disclosure person) of the disclosure unit 103 that disclosed the personal ID 13D to input authentication information in response to a request from the confirmation unit 202 described later, The information and the authentication information previously stored in the data storage unit 501 or the like are collated to perform user authentication of the disclosing person. In that case, the authentication unit 104 is realized by a CPU or the like that is mounted so as to be accessible to the data storage unit 501.

  The data storage unit 201 holds information necessary for each processing unit belonging to the confirmation organization side system 20 and information disclosed to other systems included in the personal information management system 100 as information on the confirmation organization. The data storage unit 201 stores, for example, a confirmation organization ID and a signature pair key (a secret key 21D and a public key 22D). In the present embodiment, at least a part of the data storage unit 201 is obtained from a storage device having a secure area included in an apparatus (for example, the confirmation authority device 2) included in the confirmation engine side system 20 or an apparatus included in the confirmation engine side system 20. Realized by an accessible split file system.

  The confirmation unit 202 confirms the target of the user in response to an instruction from the confirmation organization requested for service by the user. For example, the confirmation unit 202 is based on information acquired from the disclosure unit 103 of the designated user and information registered in the block chain 3 (information in the registration block and the confirmation recording block). Confirm the target.

  For example, the confirmation unit 202 requests the disclosure unit 103 of the designated user to disclose the personal ID 13D and the personal information 14D used for target confirmation or the hash value (personal information Hash32D). Further, the confirmation unit 202 searches for the user's registration block or confirmation record block based on the obtained information and the block registration history held by the user-side system 10. Then, using the obtained registration block or confirmation record block of the user, the reliability of the registered information, the consistency of the original data and the validity of the personal information are confirmed as described above, and the confirmation is made. The result is output and the target confirmation is performed based on the confirmation result. In addition, the target confirmation itself is the output of the verification result of the disclosed information that is determined based on the reliability check of the registered information, the consistency check of the original data, the correctness check of the personal information, or a combination thereof. On the basis, the user on the confirmation organization side may perform this. In that case, the confirmation unit 202 accepts a target confirmation result performed by the user.

  In addition, the confirmation unit 202 creates a confirmation recording block indicating a target confirmation record as necessary, and performs processing for adding to the block chain 3. The confirmation record block includes at least a hash value (personal ID_Hash31D) of the personal ID 13D of the user who has performed the target confirmation and a signature 35D of the confirmation organization corresponding thereto.

  The confirmation unit 202 only needs to be able to provide the confirmation organization with such a target confirmation and a procedure for registering such a confirmation record block in the block chain 3. In the present embodiment, the confirmation unit 202 is realized by a CPU or the like that can access the data storage unit 201 such as being installed in an apparatus included in the confirmation organization-side system 20.

  In FIG. 5, only one user side system 10 and one confirmation organization side system 20 are shown, but the user side system 10 is provided for each user, and the confirmation organization side system 20 is also a confirmation organization. Provided for each.

  The ledger management system 30 is a system in which a block chain is a ledger and the ledger is shared and managed by a plurality of nodes. In addition, although the ledger management system is illustrated as a system for managing the block chain, a ledger that can execute processing according to a predetermined consensus algorithm (hereinafter referred to as consensus processing) and is difficult to tamper with is shared by terminals in the system If it is a system, it is not limited to a ledger management system.

  The ledger management node 301 is a node that executes consensus processing in the ledger management system 30. Each of the ledger management nodes 301 holds a copy of the block chain 3 through execution of the consensus process.

  In FIG. 5, the user side system 10 and the ledger management system 30, and the confirmation organization side system 20 and the ledger management system 30 are described separately, but for example, the user side system 10 and the confirmation organization side system 20. May have the function of the ledger management node 301.

  The data storage unit 501 stores information necessary for each processing unit belonging to the management-side system 50 and information disclosed to other systems included in the personal information management system 100 as information on the management-side system 50, if any. To do. The data storage unit 501 may store, for example, a personal ID assigned to a user or a program (execution code or the like) that implements a procedure performed by a processing unit of another system included in the personal information management system 100. Good. In the present embodiment, at least a part of the data storage unit 501 is realized by a storage device having a secure area included in the management-side system 50 or a divided file system accessible from the device included in the management-side system 50.

  The personal ID assigning unit 502 assigns a personal ID 13D to the user. In the present embodiment, the personal ID assignment unit 502 is realized by a CPU or the like that can access the data storage unit 501, for example, installed in an apparatus included in the management-side system 50.

  FIG. 6 is a block diagram illustrating a configuration example of the confirmation unit 202. As shown in FIG. 6, the confirmation unit 202 includes a data acquisition unit 221, a registered information reliability confirmation unit 222, an original data consistency confirmation unit 223, a personal information validity confirmation unit 224, and a result output unit 225. , A confirmation record registration unit 226 may be included.

  The data acquisition unit 221 receives information (for example, the personal information 14D or its hash value, and the past confirmation record block of the user) together with the personal ID 13D from the user side system 10 (particularly the disclosure unit 103). Information). Further, the data acquisition unit 221 searches the block chain 3 based on the information acquired from the user-side system 10 and searches for the user information (particularly, the personal information 14D necessary for target confirmation or the hash value thereof, A block including a record (confirmation information 34D etc.) indicating that the object confirmation has been performed is acquired using the information.

  For example, when acquiring the personal ID 13D and the personal information 14D from the user-side system 10, the data acquisition unit 221 blocks the latest block including the hash value of the personal ID 13D and the hash value of the personal information 14D. It may be obtained from the chain 3. For example, when the data acquisition unit 221 acquires the personal ID 13D and the hash value of the personal information 14D from the user-side system 10, the hash value calculated from the personal ID 13D and the hash value of the personal information 14D The latest block including the above may be acquired from the block chain 3. Further, for example, when the personal ID 13D is acquired from the user side system 10, the data acquisition unit 221 may acquire the latest block including the hash value calculated from the personal ID 13D from the block chain 3. Further, for example, when the data acquisition unit 221 acquires the hash value of the personal ID 13D and the information of the past confirmation recording block from the user side system 10, the data acquisition unit 221 acquires the latest confirmation recording block from the block chain 3. Also good.

  The data acquisition unit 221 may determine what information is acquired from the user-side system 10 from the confirmation record of the user.

  The registration information reliability confirmation unit 222 confirms the reliability of the information (registration information) in the block acquired by the data acquisition unit 221 based on the signature attached to the registration information. Note that the registration information reliability confirmation unit 222 confirms the reliability of the signature target data of the designated signature by comparing the data with the decryption result of the signature when a plurality of signatures are included in the block. . At this time, if the signature specified in the nested structure is attached in the nested structure, the decryption processing is performed in the reverse direction to the order of the encryption processing when the signature is attached, and the signature target data of each signature And the decryption result of the signature may be compared to confirm final reliability.

  When the data acquisition unit 221 obtains the personal information 14D of the user and acquires a block including the personal information Hash32D that is the hash value of the personal information 14D, the original data consistency check unit 223 acquires the personal information 14D of the user. The consistency between the personal information used as the original data of the personal information Hash32D and the acquired personal information 14D is confirmed. The original data matching confirmation unit 223, for example, collates the hash value calculated from the personal information 14D obtained by the data acquisition unit 221 with the personal information Hash32D in the block, thereby obtaining the original of the personal information Hash32D in the block. What is necessary is just to confirm the consistency with the personal information made into data, and the acquired personal information 14D.

  When the data acquisition unit 221 obtains personal information (first personal information) used for object confirmation by the data acquisition unit 221, the personal information validity confirmation unit 224 confirms the validity of the first personal information. The personal information legitimacy confirmation unit 224 confirms that the first personal information such as the current user's (disclosure person's) biometric information, “information that can be verified by the user”, and “information that can be authenticated by the system” is correct. The data acquisition unit 221 further acquires the second personal information that can be confirmed by the confirmation organization, and based on these, the validity of the first personal information is confirmed.

  The result output unit 225 confirms the results of confirmation by the registered information reliability confirmation unit 222, the original data consistency confirmation unit 223, and the personal information validity confirmation unit 224, and the validity of the disclosed information that is determined based on the confirmation results. The determination result and the final target confirmation result are output. Note that the final confirmation of the object is based on the confirmation results by the registered information reliability confirmation unit 222, the original data consistency confirmation unit 223, and the personal information validity confirmation unit 224, and the validity of the disclosed information determined based on them. Based on the output of the sex determination result, the user on the confirmation organization side may perform this. In that case, the confirmation unit 202 accepts a target confirmation result performed by the user.

  The confirmation record registration unit 226 registers the confirmation record block in the block chain 3 based on the result obtained by the result output unit 225. Further, the confirmation record registration unit 226 outputs information on the confirmation record block to the user side system 10 as necessary.

  FIG. 7 is a block diagram illustrating a configuration example of the ledger management node 301. The ledger management node 301 illustrated in FIG. 7 includes a registration information reception unit 311, a block generation unit 312, a block sharing unit 313, an information storage unit 314, and a block verification unit 315.

  The registration information receiving unit 311 receives information recorded in a ledger that is a block chain managed by the ledger management system 30 from an external node. In the present embodiment, the registration information receiving unit 311 receives, for example, the contents of the registration block (block data) and the contents of the confirmation recording block (block data) as information to be recorded in the ledger.

  The block generation unit 312 generates a block to be added to the block chain based on the information (block data) received by the registration information reception unit 311. The block generation unit 312 generates a block including information based on the previous block and information received by the registration information reception unit 311. Also, the block generation unit 312 performs, for example, a process of searching for a nonce as a predetermined consensus process for a block generated by itself or a block generated by another ledger management node 301 via a block sharing unit 313 described later. And a process of giving a signature, and then adding a block to the block chain managed by itself (corresponding to a copy of block chain 3). Note that a block obtained by performing a predetermined consensus process by the plurality of ledger management nodes 301 on the block generated by the block generation unit 312 is finally added to the block chain 3.

  The block sharing unit 313 exchanges information between the ledger management nodes 301 belonging to the ledger management system 30. More specifically, the block sharing unit 313 appropriately stores information received by the registration information receiving unit 311, blocks generated by the block generation unit 312, blocks received from other ledger management nodes 301, etc. Transmit to the management node 301. As a result, all the ledger management nodes 301 share this information and the latest block chain 3 as much as possible.

  The information storage unit 314 stores a copy of the block chain 3. In addition to the copy of the block chain 3, the information storage unit 314 may store, for example, information necessary for verification processing by the block verification unit 315 described later.

  The block verification unit 315 verifies information in the block when adding the block to the block chain held by the block verification unit 315. Normally, the block to be added is the block that the rule is satisfied first in the ledger management node 301 group including the own node, but considering the case where the malicious ledger management node 301 is included, etc. It may be verified whether the rules are actually satisfied.

  The configuration in FIG. 7 is merely an example, and the ledger management node 301 can execute a predetermined consensus process for sharing and managing the block chain 3 that is difficult to tamper with. As long as the node can add information to the ledger and refer to the ledger in response to a request from the user, the specific configuration is not limited.

  Next, the operation of this embodiment will be described. The operation of this embodiment is broadly divided into two phases: a registration phase for registering a registration block in the block chain, and a confirmation phase for performing object confirmation based on a registration block registered in the block chain and a past confirmation record block. . Furthermore, in the confirmation phase, the personal information is disclosed to the user and the target confirmation is performed based on the registered block in the block chain 3, and the block chain is not disclosed to the user. 3 is roughly divided into two second confirmation phases in which object confirmation is performed on the basis of confirmation recording blocks in 3.

  First, the operation of the personal information management system in the registration phase will be described with reference to FIG. FIG. 8 is a flowchart showing an example of the operation in the registration phase of the personal information management system of this embodiment. Note that the registration phase shown in FIG. 8 is an example in which a registration block is registered without confirming the validity of the personal information that is the original data by the confirmation organization.

  In the example shown in FIG. 8, first, the registration unit 102 of the user-side system 10 reads the personal ID 13D and the personal information 14D to be registered from the data storage unit 101, calculates a hash value for each, and calculates the personal ID_Hash 31D and the personal information. Hash32D is obtained (step S101). The registration unit 102 may access the personal ID 13D and the personal information 14D after performing user authentication.

  Next, the registration unit 102 adds the signature 33D of the principal to the personal ID_Hash31D and personal information Hash32D obtained in this way, and the registration in which the personal ID_Hash31D and the personal information Hash32D with the signature 33D of the principal are registered. A block is created (step S102).

  Next, the registration unit 102 requests the ledger management node 301 to add the created registration block, and registers the registration block in the block chain 3 (step S103). At this time, the registration unit 102 may acquire key information of the registered block registered from the ledger management node 301 and store it in the data storage unit 101 as a registration history.

  In this way, the personal ID Hash31D, which is the hash value of the user's personal ID 13D, and the personal information Hash32D, which is the hash value of the user's personal information 14D, to which the signature 33D of the user is attached, are registered in the block chain 3. A registration block to be included as information is added.

  FIG. 9 is a flowchart showing another example of the operation in the registration phase of the personal information management system of this embodiment. Note that the registration phase shown in FIG. 9 is an example in the case where the registration block is registered after the validity of the personal information that is the original data is confirmed by the confirmation organization.

  In the example shown in FIG. 9, first, the registration unit 102 of the user side system 10 reads personal information 14D (first personal information) to be registered from the data storage unit 101 (step S111).

  Next, the registration unit 102 transmits a request for confirming the validity of the personal information including the first personal information and, if necessary, the second personal information, to the confirmation unit 202 of the issuer's confirmation organization side system 20. (Step S112).

  Upon receipt of the personal information validity confirmation request, the confirmation unit 202 (for example, the personal information validity confirmation unit 224) confirms the validity of the first personal information included therein based on the second personal information. (Step S113). Further, when the validity of the first personal information can be confirmed, the confirmation unit 202 calculates the hash value (personal information Hash32D), attaches the signature 35D of the confirmation organization to the obtained hash value, A confirmation result is transmitted to the request source (steps S114 to S116).

  When the validity of the personal information is confirmed, the registration unit 102 calculates a hash value (personal ID_Hash31D) of the personal ID 13D (step S117), and adds the signature 33D of the principal to the obtained hash value. Then, a registration block is created in which the personal ID_Hash 31D with the signature 33D of the principal and the personal information Hash 32D with the signature 35D of the confirmation organization are registered (step S118). Note that the registration processing of the created registration block to the block chain 3 may be the same as in step S103.

  Next, the operation of the personal information management system in the confirmation phase will be described with reference to FIG. FIG. 10 is a flowchart showing an example of the operation in the confirmation phase of the personal information management system of this embodiment. Note that the confirmation phase shown in FIG. 10 is an example of a first confirmation phase in which the user is made to disclose personal information and subject confirmation is performed based on the registered blocks in the block chain 3.

  In the example shown in FIG. 10, first, the confirmation unit 202 (for example, the data acquisition unit 221) of the confirmation organization side system 20 transmits a request for disclosure of a personal ID to the user side system 10 (step S201).

  Upon receiving the personal ID disclosure request, the disclosure unit 103 of the user-side system 10 reads the personal ID 13D from the data storage unit 101 and transmits it to the request source (steps S202 and S203).

  The confirmation unit 202 (for example, the data acquisition unit 221) of the confirmation organization side system 20 that has received the personal ID 13D searches the block chain 3 for a confirmation record block including the obtained hash value of the personal ID 13D (step S204). In step S203, the data acquisition unit 221 may acquire information on a confirmation record block indicating the same target confirmation record from the disclosure unit 103 together with the personal ID 13D, and search for the confirmation record block based on the information. For example, the disclosure unit 103 may obtain such block information from a registration history held by the user-side system 10.

  As a result of the search, when a desired confirmation record block (for example, confirmation record block including confirmation information 34D indicating the confirmation result for the same purpose) is not found, the data acquisition unit 221 further selects an individual necessary for target confirmation. An information disclosure request is transmitted to the disclosure unit 103 (step S205). The disclosure request may include the type of personal information requested.

  When the disclosure unit 103 receives a request for disclosure of personal information, the disclosure unit 103 reads out the requested type of personal information (here, first personal information) and transmits it to the request source (steps S206 and S207). At this time, the disclosure unit 103 may transmit the request to the request source after allowing the user to disclose the personal information.

  When acquiring the first personal information, the data acquisition unit 221 searches the block chain 3 for a registered block in which personal information Hash32D (hereinafter referred to as personal information Hash32D-1), which is the hash value, is registered (step S208). ). In step S207, the data acquisition unit 221 may acquire information on the registration block in which the hash value is registered together with the personal information from the disclosure unit 103, and search for the registration block based on the information.

  When a desired registration block is obtained as a result of the search, the registration information reliability confirmation unit 222 of the confirmation unit 202 uses at least the personal ID_Hash31D and the personal information Hash32D-1 included in the registration block based on the signatures attached thereto. Then, the reliability is confirmed (step S209: Reliability confirmation of registration information). The method for confirming the reliability of registered information is as described above.

  Also, the original data consistency check unit 223 of the check unit 202 has the original data for the personal ID_Hash31D and the personal information Hash32D-1 included in the registration block that match the acquired personal ID 13D and the first personal information. Is confirmed by comparing hash values (step S210: confirmation of consistency of original data). The method for confirming the consistency of the original data is as described above.

  In step S208, the data acquisition unit 221 may search for a confirmation record block indicating a confirmation record of the validity of the first personal information.

  In that case, in the reliability confirmation process of the registration information in step S209, the reliability of the personal ID_Hash 31D and the confirmation information 34D included in the confirmation record block may be confirmed based on the signatures attached thereto. Further, in the original data matching confirmation process in step S210, the personal information Hash32D-1 to be compared with the disclosed first personal information may be acquired based on the confirmation information 34D of the confirmation recording block. For example, the data acquisition unit 221 may acquire a hash value (personal information Hash32D-1) that is an object of confirmation of validity indicated in the confirmation information 34D. Further, for example, the data acquisition unit 221 includes, in the confirmation information 34D, information on a registration block in which a hash value (personal information Hash32D-1) that is a validity confirmation target is registered (such as TxID described later). If it is, the registration block is searched from the information, and the personal information Hash32D-1 included in the searched registration block may be acquired.

  If the desired registration block or confirmation record block is not found as a result of the search, the fact that the personal information used for target confirmation is unregistered is transmitted to the user side system 10 and the processing is terminated. May be.

  In addition, the confirmation unit 202 (for example, the personal information validity confirmation unit 224) adds a signature 35D of a confirmation organization that satisfies a predetermined condition such as an issuer or a regular information holding organization to the personal information Hash32D-1 included in the registration block. If is not attached, the validity of the first personal information may be confirmed.

  For example, the personal information validity confirmation unit 224 transmits a disclosure request for information (validity confirmation information) necessary for validity confirmation to the disclosure unit 103 (step S211). The disclosure request may include the type of personal information requested.

  When the disclosure unit 103 receives the disclosure request for the validity confirmation information, the disclosure unit 103 reads out the requested type of personal information (here, the second personal information used as the validity confirmation information) and transmits it to the request source (step) S212, step S213). Similar to step S206, the disclosure unit 103 may allow the user to disclose the personal information and then transmit it to the request source.

  When the personal information validity confirmation unit 224 acquires the second personal information that is the validity confirmation information, the personal information validity confirmation unit 224 confirms the validity of the first personal information based on the second personal information (step S214: personal information). ). The method for confirming the reliability of personal information is as described above. Here, the data acquisition unit 221 may further acquire a registration block in which the hash value of the second personal information is registered, biometric information of the current user, and the like.

  In the registration block where the personal information Hash32D-1 is registered, the processing in steps S211 to S214 is performed when the personal information Hash32D-1 is attached with the signature 35D of the confirmation organization that satisfies the predetermined condition. Omitted. In that case, the confirmation unit 202 may just confirm the confirmation result of the validity of the personal information in step S214 as confirmation OK.

  Next, the result output unit 225 of the confirmation unit 202 outputs the determination result of the validity of the disclosed first personal information and the final target confirmation result from the processing results so far (step S215).

  The result output unit 225 is disclosed when, for example, the results of the confirmation of the reliability of the registration information at step S209, the confirmation of the consistency of the original data at step S210, and the validity confirmation of the personal information at step S214 are OK. The first personal information may be determined to be correct information of the user who is the disclosing person and the disclosed personal ID corresponds. If any of the confirmation results is NG, the disclosed first personal information may be determined to be not the correct information of the user corresponding to the disclosed personal ID corresponding to the disclosed personal ID. . Further, for example, when the result output unit 225 determines that the disclosed first personal information is the correct information of the user who is the disclosed person ID and the corresponding personal ID is disclosed, Based on the personal information of 1, the confirmation target may perform target confirmation, and the confirmation result may be output. Examples of target confirmation include age confirmation and service qualification confirmation. Here, as an example of service qualification confirmation, collation with the user information (payment information etc.) in the system of the confirmation organization specified by the disclosed first personal information can be mentioned.

  Next, the verification institution side system 20 (for example, a service providing unit (not shown)) determines the validity of the disclosed first personal information (including identity verification) output from the result output unit 225 and the target. A service may be provided to the user based on the confirmation result (step S216).

  Next, the confirmation record registration unit 226 creates a confirmation record block indicating the record of the current confirmation, and registers the block in the block chain 3 (steps S217 and S218). For example, the confirmation record registration unit 226 generates confirmation information 34D indicating that the personal information Hash32D-1 in the registration block is a predetermined target confirmation OK or an identity confirmation OK. Further, the confirmation record registration unit 226 calculates, for example, the hash value (personal ID_Hash31D) of the personal ID 13D acquired in step S203. Then, a signature 35D of the confirmation organization is generated for the personal ID_Hash 31D and confirmation information 34D obtained in this way, and a confirmation record block including the personal ID_Hash 31D and the confirmation information 34D with the signature 35D of the confirmation organization is created. May be. The block registration process may be the same as in step S103.

  Thus, for example, when the first target confirmation is performed, a confirmation indicating the confirmation result for the personal ID_Hash31D and the personal information Hash32D-1 to which the signature 35D of the confirmation organization that performed the target confirmation is attached to the block chain 3 A confirmation recording block including information 34D is added.

  Next, the operation of the personal information management system in the confirmation phase will be described with reference to FIG. FIG. 11 is a flowchart showing an example of the operation in the confirmation phase of the personal information management system of this embodiment. Note that the confirmation phase shown in FIG. 11 is an example of a second confirmation phase in which target confirmation is performed based on the confirmation record block in 3 in the block chain without disclosing personal information to the user.

  Also in the example illustrated in FIG. 11, first, the confirmation unit 202 (for example, the data acquisition unit 221) of the confirmation organization side system 20 transmits a disclosure request for a personal ID to the user side system 10 (step S201). Note that the processing from step S201 to step S204 may be the same as in the first confirmation phase.

  In this example, as a result of the search, a desired confirmation recording block (for example, a confirmation recording block including confirmation information 34D indicating a confirmation result for the same purpose) is obtained.

  Next, the registration information reliability confirmation unit 222 of the confirmation unit 202 confirms the reliability of the personal ID_Hash 31D and the confirmation information 34D included in the confirmation record block based on the signature 35D of the confirmation organization attached to them. (Step S209: Confirmation of reliability of registered information).

  Next, the result output unit 225 of the confirmation unit 202 outputs the final target confirmation result from the processing results thus far (step S215). In this example, if the result of the reliability check of the registration information in step S209 is OK, the result output unit 225 outputs that the check result included in the check record block check information 34D has been obtained in the past. Or you may use the past object confirmation result as it is. At this time, if the result output unit 225 is a confirmation record by a confirmation organization other than itself, the result output unit 225 outputs the confirmation organization that performed the object confirmation and the confirmation content without using the confirmation record to the user of the confirmation organization. You may inquire about the applicability of the target confirmation result.

  If it can be used, the confirmation organization side system 20 (for example, a service providing unit (not shown)) may provide a service to the user based on the target confirmation result (step S216). In addition, what is necessary is just to perform the process after step S205 shown in FIG.

  Also in this example, the confirmation record registration unit 226 may create a confirmation record block indicating a record of the current confirmation and register the block in the block chain 3 (steps S217 and S218). For example, the confirmation record registration unit 226 attaches a signature 35D of the confirmation organization to the acquired hash value (personal ID_Hash31D) of the personal ID 13D and confirmation information 34D indicating the information of the confirmed confirmation record block and the target confirmation result. Then, a confirmation recording block may be generated.

  Thus, for example, when the second target confirmation is performed, personal ID_Hash31D, which is a hash value of the personal ID 13D of the user, attached to the block chain 3 with the signature 35D of the confirmation authority that performed the target confirmation, In addition, a confirmation record block including the signature 35D of the confirmation organization is added to the information of the confirmed confirmation record block and the confirmation information 34D indicating the target confirmation result.

  In the third and subsequent times, for example, after confirming the reliability of the registration information of the confirmation recording block indicating the second target confirmation record, the target confirmation result obtained from the information indicated in the confirmation information 34D is used. can do. For example, when the information of the incorporated confirmation record block (if it is the third time, the confirmation record block indicating the record of the first target confirmation) is obtained, the further confirmed confirmation record block is obtained, The registration information may be checked for reliability and verification information may be verified, and inquiries may be made regarding availability.

  FIG. 12 is a flowchart summarizing the operation of the confirmation engine side system 20 in the confirmation phase. As shown in FIG. 12, the data acquisition unit 221 of the confirmation unit 202 first acquires the personal ID 13D from the user (more specifically, the user side system 10) (step S301).

  Next, the data acquisition unit 221 searches the block chain 3 for past confirmation record blocks of the user (step S302).

  If there is a confirmation record block indicating confirmation record for the same purpose (Yes in step S303), the registration information of the confirmation record block is acquired, and the process proceeds to step S310.

  When such a confirmation record block does not exist (No in step S303), the data acquisition unit 221 requests the user to disclose personal information (first personal information) used for target confirmation (step S303). .

  When the first personal information is acquired, a confirmation record indicating a record in which identity verification is performed on the registered block in which the personal information Hash32D-1 is registered or the original data of the registered personal information Hash32D-1 from the block chain 3 A block is searched (step S304).

  When such a registration block or confirmation recording block is confirmed, the registration information of the block is acquired, and the process proceeds to step S305.

  In step S305, the block chain 3 is determined from the presence / absence of the signature 35D of the confirmation organization attached to the personal information Hash32D-1 in the acquired registration information, the confirmation result of the confirmation information 34D included in the acquired registration information, and the like. As for the personal information Hash32D-1 registered in the above, whether or not the validity of the original data (first personal information) has been confirmed in the past is confirmed.

  If the validity of the original data (first personal information) has not been confirmed (No in step S305), the data acquisition unit 221 can provide second personal information (validity) that can confirm the validity of the first personal information. The user is further requested to disclose (confirmation information) (step S306).

  Then, the personal information validity confirmation unit 224 confirms the validity of the first personal information acquired from the user based on the acquired second personal information (step S307). When the validity of the first personal information is confirmed, the process proceeds to step S311.

  On the other hand, if the validity of the original data (first personal information) has been confirmed (Yes in step S305), the data acquisition unit 221 has confirmed the validity of the original data registered in the block chain 3. The personal information Hash32D-1 is acquired, and the process proceeds to step S308.

  In step S308, the original data matching confirmation unit 223 uses the first personal information (personal information at the time of registration) as the original data of the personal information Hash32D-1 in which the validity of the original data in the block chain 3 has been confirmed. ) And the first personal information acquired from the user. The original data coincidence confirmation unit 223 calculates a hash value from the first personal information acquired from the user, and it matches the personal information Hash32D-1 whose validity of the original data in the block chain 3 has been confirmed. You can check if you want to.

  When the consistency with the original data of the personal information Hash32D-1 whose validity has been confirmed is not confirmed (No in step S309), the process proceeds to step S311 as it is.

  On the other hand, when the consistency with the original data of the personal information Hash32D-1 whose validity has been confirmed is confirmed (Yes in step S309), the process proceeds to step S310.

  In step S310, the registration information reliability confirmation unit 222 obtains registration information from which the information used for the determination so far is obtained (such as the confirmation record block in step S303, the registration block in step S304, or the registration information in the confirmation record block). Confirm the reliability using the signature attached to it. When the registration information reliability confirmation unit 222 acquires a part of the information of the registration information, the registration information reliability confirmation unit 222 performs reliability confirmation for at least the information and the personal ID_Hash 31D associated with the information.

  In addition, in this example, an example is shown in which the validity of personal information is determined first, and then the validity of personal information is confirmed, the consistency with the original data is confirmed, and the reliability of registered information is confirmed. However, the order of these confirmations is not particularly limited. For example, every time information (confirmation information 34D, personal information Hash32D-1, etc.) is acquired from the registration information of the block, the information and the personal ID_Hash31D associated with the information are signed in the same block. It may be used to confirm reliability.

  In step S311, the confirmation result so far, the determination result of the validity of the disclosed information based on the confirmation result, and the final confirmation result of the target are output. In addition, when the confirmation recording block for the same purpose is discovered, you may inquire whether the assistance of the confirmation result is used. Further, the target confirmation result may be received from the user on the confirmation organization side after outputting the confirmation result so far and the determination result of the validity of the disclosed information.

  In addition, when a plurality of pieces of personal information are required for the target confirmation, the confirmation unit 202 has not completed the target confirmation, such as unacquired information or information whose validity has not been confirmed (No in step S312). Returns to step S303. Then, the user may be requested for necessary personal information. Note that the confirmation unit 202 may determine whether or not the target confirmation has been completed by receiving from the user on the confirmation organization side.

  On the other hand, when the target confirmation is completed (Yes in step S312), the confirmation unit 202 creates a confirmation record block indicating the record of the current confirmation, registers it in the block chain 3, and ends the process (step S314). ).

  As described above, according to the present embodiment, the confirmation record of the validity of the original data and the confirmation record for various purposes are registered in the block chain 3 so that only one personal ID is disclosed. You will be able to verify your identity instead of your license or passport. This eliminates the need for the user to perform identity verification procedures for each purpose and application.

  For example, simply disclosing the personal ID cannot confirm the identity of the owner of the personal ID and the authority (reward qualification) to receive the requested service. However, according to the present embodiment, for example, in the first disclosure of the personal ID, confirmation (identity confirmation) of whether the person is eligible for the service and who is the owner of the personal ID if necessary. Then, confirmation is performed based on the personal information associated with the personal ID, and a hash value indicating the correctness of the information used for the confirmation and the result thereof are recorded in the block chain 3 together with the signature of the confirmer. In the second and subsequent scenes where the same service is used, the service provider confirms the past confirmation result and verifies the content, thereby giving the same confirmation result.

  For example, a certain user has a certain confirmation organization confirm the validity (that is, the correct information of the user himself / herself indicated by his / her personal ID) regarding the age information such as date of birth or adult. In the above, it is assumed that the hash value is associated with the hash value of the personal ID and registered in the block chain.

  In such a case, in a scene where alcohol is purchased at a certain store A, the first request for disclosure of age information is made after disclosure of the personal ID, and with the permission of the user, the date of birth, Information on whether or not an adult is present is disclosed to the store.

  In the store A, the validity of the disclosed information can be confirmed based on the record of the block chain. For this reason, in store A, it is possible to provide alcohol by confirming the age only with the disclosed information (information on whether it is a date of birth or an adult). At this time, the store A records the age confirmation result (confirmation result indicating that it is an adult) on the block chain with its own signature and a hash value of the disclosed personal ID.

  Next, in a case where alcohol is purchased at another store B for the second time for age confirmation of the same type, the user is requested to disclose age information after the personal ID is disclosed. Can disclose the information of the confirmation recording block in which the result of the first age confirmation is recorded instead of the disclosure of the age information. In store B, based on the disclosed information, the result of the first age check is obtained from the blockchain, and this personal ID has already been checked for the same age in store A and has received a service. Can be confirmed. Note that the store B can also request information disclosure of identity verification in the second confirmation instead of disclosure of the confirmation record. These are determined by the policy on the service provider side. If the same service is provided, there are many cases where the second disclosure may be a disclosure of the confirmation record.

  In this way, when using a service, a user associates various personal information with each other via a hash value instead of disclosing information including multiple pieces of personal information such as a license for identity verification. By disclosing only one personal ID, it is possible to receive the same benefits as disclosing personal information associated with the personal ID or a confirmation record using the personal information. Therefore, if the service of this system is shared by a plurality of vendors and services, it is possible to prevent an increase in information for identifying individuals for each service and for each vendor.

  In addition, according to the present embodiment, once the validity of the original personal information is confirmed and the record is registered in the block chain, the information (birth date) necessary for age confirmation is also used at the first time. It is possible to prevent unnecessary personal information (license number, name, address, etc.) that is not related to age confirmation from being disclosed in order to confirm the validity of the date. As described above, according to the present embodiment, personal information associated with a personal ID can be selectively disclosed, so that only the minimum information necessary for confirmation can be disclosed.

  In this embodiment, since the hash value of the personal ID is registered in each block, the personal ID issued at the start of use is based on the characteristics of the block chain where the service is not stopped due to server down or the like. Unless disabled by the will of the user or administrator, it can be used permanently.

  This means that when the personal ID is associated with the authentication information in the client device, the record registered due to the loss of the client device cannot be rewritten. For this reason, if the client device is lost, the personal ID may be recovered by the following method.

  As a first method, there is a method of registering a plurality of authentication members for a set of the personal ID and a device ID as authentication information when assigning a personal ID at the start of use of the system. When a user loses a device, the user notifies the authentication member of a new device ID. At this time, the personal ID may be reusable with a new device ID upon approval of a certain number of authentication members. The method may be realized by using a block chain ID management platform called uPort.

  More specifically, a permanent ID that is the address of the Proxy contract called uPortID is prepared as a user key in the blockchain network for the user. Note that uPortID is created from UserAddress using PrivateKey. Here, UserAddress corresponds to the address of an EOA (Etherum account) corresponding to the user device key. In this example, the uPort device corresponding to the client device has a User Address (EOA) paired with the device ID and a secret key.

  Using such an Ethereum blockchain network, for example, when a user loses a uPort device, the user first connects to Ethereum with a new device and obtains a new UserAddress. Then, a new UserAddress is notified to a previously registered authentication member (such as a real delegate member).

  The authentication member authenticates the new UserAddress by calling the Recovery contract and confirming the user. As a result of authentication, if a certain number of approvals are obtained, the new UserAddress is notified to the Controller contract and rewritten with the old UserAddress.

  Thereby, only the EOA corresponding to the actual device ID can be changed without changing the UPorID that functions as the identification information of the client device in the Proxy contract. In this way, by dividing the EOA corresponding to the device ID and the proxy address corresponding to the data on the block chain, the connectivity with the existing data can be maintained even when the client device is replaced due to device loss or the like. Here, uPortID corresponds to the above personal ID.

  As another method, when a personal ID is assigned at the start of use of the system, a registration block in which a hash value of personal information that can be used for identity verification and user authentication is registered in association with the hash value of the personal ID. There is a method to add it to the blockchain. In this method, when such personal information and a personal ID when it is registered are registered in a new device, user authentication using registration information equivalent to the personal information for the new device , The personal ID on the new device may be reusable.

  For example, SMS authentication can be used for telephone numbers, mail can be sent to the mail address for mail addresses, and user authentication for new devices can be performed by comparing biometric information with the current user's biometric information. For example, the personal ID may be reusable on a new device.

Embodiment 2. FIG.
Next, some specific utilization examples of the first personal information management system will be described. In the present embodiment, a ticket service system will be described as an example in which the personal information management system of the present embodiment is used for preventing ticket resale. FIG. 13 is a schematic configuration diagram of a ticket service system according to the second embodiment. The ticket service system shown in FIG. 13 includes a personal terminal 10A, a service providing device 21A, an entrance device 22A, and a block chain network (hereinafter referred to as a block chain NW) 30A.

  Here, the personal terminal 10 </ b> A corresponds to the user-side system 10 described above. The service providing device 21A corresponds to the above-described confirmation organization side system 20, which corresponds to the confirmation organization side system 20 of the organization (ticket sales company, etc.) that issued the ticket information. The admission device 22A corresponds to the confirmation institution side system 20 of an institution (such as a concert operating company) that checks the ticket purchaser's entry / exit to the place (event venue etc.) based on the ticket information. For example, the entrance device 22A is installed at a place where a ticket issued by the service providing device 21A is used. Note that the service providing device 21A and the entrance device 22A may belong to the confirmation organization side system 20 of the same organization. The block chain NW 30A corresponds to the ledger management system 30 described above. Although not shown, the block chain NW 30A implements the functions of the management system 50 (assignment of personal ID, generation of a pair key, etc.) in addition to mounting the block chain 3 usable in this system. . In this example, an identifier (such as the above uPortID) for identifying the creator of the block in the block chain 3 also serves as the personal ID 13D. In this case, the personal terminal 10A may have the function of the management system 50.

  In this example, a ticket purchase application is downloaded to the personal terminal 10A as a user-side application in this example, in which a user performs a procedure for receiving a ticket purchase service using this system. The ticket purchase application operates on the CPU of the personal terminal 10A, and causes the personal terminal 10A to execute predetermined processing of the user side system 10 in the present system. In this example, it is assumed that a personal ID is assigned and a key pair is generated when a ticket purchase application is downloaded.

  Further, it is assumed that a ticket information management application is pre-installed in the service providing apparatus 21A as the first service providing side application in this example. Here, the ticket information management application sells the ticket to the user while checking the purchase qualification of the ticket including the identity verification using the information in the block chain 3 and confirming the payment according to the purchase application from the user. It is an application that performs the procedure for. The application operates on the CPU of the service providing apparatus 21A, for example, and causes the service providing apparatus 21A to execute a predetermined process of the confirmation engine side system 20 in the present system.

  In addition, it is assumed that a ticket information confirmation application is installed in advance in the admission device 22A as the second service providing side application in this example. Here, the ticket information confirmation application manages the entry / exit of the user while examining the entrance / exit qualification including the identity confirmation using the information in the block chain 3 according to the entry / exit application from the user. It is an application that performs the procedure for. For example, the application operates on the CPU of the admission device 22A, and causes the admission device 22A to execute predetermined processing of the confirmation engine side system 20 in the present system.

  Next, the operation of the ticket service system of this example will be described. FIG. 14 is a flowchart showing an outline of the operation of the ticket service system of the present embodiment. As shown in FIG. 14, in the ticket service system of this example, first, the user registers himself / herself in the system (step S401A).

  In step S401A, in response to an instruction from the user, the personal terminal 10A acquires biometric information (for example, a facial photograph) for identity verification that is performed at the time of ticket purchase and at least when entering the venue, Read personal information (for example, address, name, credit card number, etc.) required at the time of ticket purchase. Then, the personal terminal 10A calculates a hash value for a predetermined disclosure unit that is each of them or a combination thereof, and calculates a hash value for the personal ID 13D assigned to the user. In addition, it is also possible to use the personal ID 13D as it is instead of the personal ID_Hash 31D as information for specifying the individual in each block. In that case, the personal ID_hash 31D may be read as a personal ID in the subsequent processing, and the reliability confirmation process for the personal ID_hash 31D may be omitted. The same applies to the above embodiment.

  In this example, it is assumed that a combination of an address and a name is used as user information at the time of ticket purchase in the ticket purchase service provided by the service providing apparatus 21A, and a credit card number is used as settlement information in the service. Yes. As already described, it is assumed that the biometric information is used as identity verification information that is performed at the time of ticket purchase and at least when entering the venue.

  Hereinafter, in order to simplify the description, a combination of an address and a name may be referred to as personal information 14D (1), and the hash value may be referred to as personal information Hash32D (1). In some cases, the credit card number as the payment information is described as personal information 14D (2), and the hash value thereof is described as personal information Hash32D (2). In some cases, the biometric information is described as personal information 14D (3), and the hash value thereof is described as personal information Hash32D (3).

  When the personal terminal 10A calculates hash values (personal information Hash32D (1), (2), (3)) for the personal information 14D (1), (2), (3) and the personal ID 13D, respectively, A request to add a registration block using the attached person's signature 33D as registration information is requested to the block chain NW 30A and registered in the block chain 3.

  When a block is registered in the block chain 3, the personal terminal 10A receives a transaction ID (TxID) that identifies a block of information related to the personal ID 13D in the block chain 3 from the block chain NW30A. In step S401A, TxID = 1 indicating that this is the first registration block in the personal ID 13D is received.

  In the ticket service system of this example, the block in the block chain 3 is designated using this TxID. Accordingly, the personal terminal 10A retains the TxID in its own personal ID 13D obtained from the block chain NW 30A as a registration history. The personal terminal 10A may hold, for example, the TxID of the registration block and at least the TxID of the latest confirmation recording block as the registration history.

  In this way, when the registration block in which the hash value of the personal information including the biometric information is associated with the hash value of the personal ID 13D together with the personal signature 33D is registered in the block chain 3, the personal registration is completed.

  When the personal registration is completed, the user then applies for ticket purchase to the service providing apparatus 21A (step S402A). In step S402A, the personal terminal 10A transmits, for example, a ticket purchase application including the personal ID 13D and ticket information to be purchased to the service providing apparatus 21A.

  The service providing apparatus 21A that has accepted the ticket purchase application uses the registration information in the user's block chain 3 based on the personal ID 13D included therein and personal information directly disclosed by the applicant. The qualification is confirmed (step S403A). The purchase qualification at the level of the personal information management system in this example is an individual whose hash value is registered in the block chain 3 together with biometric information that is personal information necessary for ticket purchase and is used for identity verification. Information (the above personal information 14D (1) (2)) is disclosed. However, some personal information (in this example, personal information 14D (1)) can be replaced by disclosure of past purchase records registered in the block chain 3. The purchase qualification at the ticket service system level is further added to the fact that payment is normally performed based on the disclosed information.

  In addition, for example, if you want to verify your identity not only at the time of entry but also at the time of purchase, in addition to the above-mentioned purchase qualifications, the personal information disclosed to the applicant or the individual disclosed at the time of past purchases It is also possible to add that the identity of the information can be verified. Note that these are merely examples, and may be freely determined by the service provider.

  In this example, the service providing apparatus 21A confirms at least one piece of personal information 14D (1) including the past purchase record to the requesting user (applicant) as the purchase qualification confirmation process in this example. At least the disclosure and the disclosure of the personal information 14D (2) for each purchase are requested, and the validity of the disclosed information is confirmed (step S403A). The service providing apparatus 21 </ b> A may check the validity of the disclosed information by collating it with registered information (including a confirmation record) in the block chain 3. Note that the verification with the registration information includes the above-described confirmation of the consistency of the original data and the reliability of the registration information itself.

  Note that the service providing apparatus 21A can also verify the identity of the applicant (more specifically, the disclosing person who disclosed the above two personal information) in the purchase qualification confirmation process. In that case, the service providing apparatus 21A causes the personal terminal 10A to further disclose the applicant's current biometric information, and compares the hash value with the personal information Hash32D (3) registered in the registration block. You may verify your identity. Depending on the biometric information, there is a case where the current information is not completely coincident with the registration, and it may be difficult to compare and collate with hash values. In such a case, the original data (biological information at the time of registration) of the personal information Hash32D (3), which is a hash value of the registered biometric information, is disclosed and collated with the current biometric information of the applicant. Just do it. The identity verification described above can also be performed on the personal terminal 10A (more specifically, a ticket purchase application including a part of the function of the confirmation unit 202 of the confirmation organization side system).

  When the applicant's purchase qualification is confirmed in this way, the service providing apparatus 21A issues a ticket to the applicant. When the purchase qualification is confirmed and the ticket is issued, the service providing apparatus 21A issues, as confirmation information 34D, ticket issue information (for example, the fact that the ticket has been issued, the issued ticket information, and the purchase qualification confirmation record when the ticket is issued). The confirmation recording block including the information) is registered in the block chain 3 (step S404A). The confirmation record block includes the hash value (personal ID_Hash31D) of the disclosed personal ID 13D, and the personal ID_Hash31D and the confirmation information 34D are attached with the signature 35D of the confirmation organization that is the ticket information issuer. The The issued ticket information itself may be held on the service providing apparatus 21A side, and an identifier (service ID) for identifying the ticket information may be registered in the confirmation recording block.

  When the registration of the confirmation record block is completed, the service providing apparatus 21A returns the service ID and the TxID of the confirmation record block in which the service ID is recorded as issued ticket information to the requesting personal terminal 10A.

  Next, consider a scene in which a user enters the venue using the ticket thus issued. In this example, the user may apply for an entrance to the entrance device 22A (step S405A). In step S405A, the personal terminal 10A, for example, enters an entrance application including the personal ID 13D and the ticket information received from the service providing apparatus 21A (such as the service ID and the TxID of the confirmation recording block in which the service ID is recorded). To 22A.

  The admission device 22A that has accepted the admission application confirms the admission qualification using the registration information in the user's block chain 3 based on the information included therein (step S406A). As an admission qualification at the personal information management system level in this example, a confirmation record block including ticket issuance information is registered in the block chain 3 for the user and disclosed or referred to the applicant at the time of purchase. The identity of the person as the owner of personal information can be confirmed. Note that these are merely examples, and may be freely determined by the service provider.

  The admission device 22A confirms whether or not there is a confirmation record block including ticket issue information from the disclosed ticket information and the validity of the registration information, and confirms the identity of the applicant as the admission qualification processing of this example. I do. The validity of the registration information in the confirmation record block may be confirmed using the public key of the confirmation organization that is the ticket information issuer. The identity verification method may be the same as the method described above.

  When the admission qualification of the applicant is confirmed in this way, the admission device 22A performs admission processing such as opening a gate (not shown) and outputting information indicating admission permission. Further, when the admission qualification is confirmed and the admission process is performed, the admission device 22A may register a confirmation record block including admission information indicating that the admission process has been performed in the block chain 3 as the confirmation information 34D (step S407A). ). The confirmation record block includes the hash value (personal ID_Hash31D) of the disclosed personal ID 13D, and the personal ID_Hash31D and the confirmation information 34D are attached with the signature 35D of the confirmation organization that is the ticket information issuer. The

  In the case of re-entry, the admission process may be performed after confirming the identity by the same method as the admission application. It is also possible to register an exit record in the block chain 3 when leaving on the way, and to perform collation processing with that information.

  FIGS. 15 to 18 are sequence diagrams showing an example of the flow of processing at the time of the above-described identity registration, purchase application, and entrance application.

  FIG. 15 is a sequence diagram illustrating an example of a processing flow at the time of personal registration. It is assumed that the personal ID 13D is assigned and the pair key is issued before the personal registration.

  In the example shown in FIG. 15, the user first instructs personal terminal 10A to register personal information (step S501). When the personal information registration instruction is received, the personal terminal 10A acquires the personal information 14D (1) (2) (3), calculates a hash value for each of them, and acquires the personal information Hash32D (1) (2) ( 3) is obtained (step S502).

  Next, the personal terminal 10A transmits a block addition request including the personal ID 13D, the personal information Hash32D (1) (2) (3), and the personal signature 33D attached to them to the block chain NW 30A (step S503). .

  In the block chain NW 30A, a block (registered block) including the information included in the block addition request as registration information is added to the block chain 3 (step S504).

  When the personal terminal 10A receives a block addition response from the block chain NW 30A (step S505), the personal terminal 10A holds the TxID of the added block (TxID = 1 in this example) in the registration history and prepares for a subsequent disclosure request. The personal information at the time of registration, that is, the personal information 14D (1) (2) (3), which is the original data at the time of registration of the registration block, is stored (step S506). Thereafter, the user is notified of completion (step S507).

  FIGS. 16 to 17 are sequence diagrams illustrating an example of a processing flow at the time of purchase application. FIG. 17 is a continuation of FIG. In the example illustrated in FIGS. 16 to 17, the user first instructs the purchase application to the personal terminal 10 </ b> A (step S <b> 511). At this time, information on a ticket to be purchased may be designated.

  When receiving the purchase application instruction, the personal terminal 10A transmits a purchase application including the personal ID 13D to the service providing apparatus 21A (step S512).

  Upon receiving a purchase application from the personal terminal 10A, the service providing apparatus 21A first transmits a personal information disclosure request A specifying the personal information 14D (1) to the requesting personal terminal 10A (step S513).

  Upon receiving the personal information disclosure request A, the personal terminal 10A, for example, searches the registration history to disclose the personal information 14D (1) in the past in the ticket service system, or equivalent target confirmation (this book) In the example, it may be confirmed whether or not there is a purchase qualification confirmation.

  If there is no disclosure of the personal information 14D (1) or an equivalent target confirmation in the past, the personal terminal 10A discloses the personal information 14D (1) with the permission of the user. In this example, the personal terminal 10A discloses personal information including personal information 14D (1) and TxID of a registration block including information indicating the validity (personal information Hash32D (1) and the signature 33D of the person). Response A is transmitted to service providing apparatus 21A (step S514).

  The service providing apparatus 21A that has received the personal information disclosure response A acquires a registration block of the personal information 14D (1) based on the TxID included in the personal information disclosure response A (step S515). Then, the service providing device 21A confirms the reliability of the registration information of the registration block and the consistency of the original data (between the disclosed personal information 14D (1) and the original data of the personal information Hash32D (1) in the registration block). Consistency confirmation) is performed to confirm the validity of the disclosed personal information 14D (1) (step S516). At this time, the service providing apparatus 21A registers the record of the purchase qualification confirmation A indicating that the personal information 14D (1) is disclosed and the validity thereof is confirmed in the block chain 3 as a confirmation record block. May be. As a result, the TxID (TxID = 2 in this example) of the confirmation recording block is received (steps S517 and S518).

  On the other hand, if the personal terminal 10A has previously disclosed the personal information 14D (1) or an equivalent target confirmation (purchasing qualification confirmation in this example), the personal terminal 10A replaces the personal information 14D (1) with the confirmation at that time. A personal information disclosure response A including the TxID of the recording block (for example, TxID = 2 or TxID = 4 described later) is transmitted to the service providing apparatus 21A (step S519).

  The service providing apparatus 21A that has received the personal information disclosure response A, based on the TxID included in the personal information disclosure response A, confirms the validity of the personal information 14D (1) and the equivalent service receipt qualification (ticket purchase qualification). Is obtained (step S520). Then, the service providing apparatus 21A confirms the reliability of the registration information of the confirmation record block, and verifies (aids for use) the confirmation result indicated by the registration information (step S521).

  In this example, if it is a confirmation record block registered by its own institution, disclosure of the personal information 14D (1) can be omitted if the reliability of the registered information is confirmed (creator certification and non-falsification certification). To do. Also for the confirmation in step S521, the service providing apparatus 21A records the purchase qualification confirmation A indicating that the validity of the personal information 14D (1) has been confirmed based on the confirmation result of the designated confirmation record block. May be registered in the block chain 3. As a result, the TxID of the confirmation recording block is received (steps S522 and S523).

  When the disclosure and / or validity verification of the personal information 14D (1) is completed, the service providing apparatus 21A discloses the personal information specifying the personal information 14D (2) as payment information to the requesting personal terminal 10A. Request B is transmitted (step S524). In this example, personal information 14D (2) as settlement information is not permitted to be disclosed in a confirmation record.

  The personal terminal 10A that has received the personal information disclosure request B obtains the permission of the user and discloses the personal information 14D (2). Also in this example, the personal terminal 10A discloses the personal information including the personal information 14D (2) and the TxID of the registration block including information indicating the validity (personal information Hash32D (2) and the signature 33D of the person). Response B is transmitted to service providing apparatus 21A (step S525).

  The service providing apparatus 21A that has received the personal information disclosure response A performs the same legitimacy confirmation as that when the personal information 14D (1) is received, and adds the record to the block chain 3 (steps S526 to S529).

  The service providing apparatus 21A completes the confirmation of purchase qualification in response to the fact that at least the validity of the personal information 14D (1) has been confirmed in this way and that the valid personal information 14D (2) has been acquired. Then, the service providing apparatus 21A issues the designated ticket to the user (step S530). At this time, the service providing apparatus 21A registers a confirmation recording block including ticket issuance information indicating that a ticket has been issued in the block chain 3 (step S531). As a result, TxID (for example, TxID = 3) of the confirmation recording block is received (step S532).

  The ticket issuance information includes information related to issuance of the current ticket in the service providing apparatus 21A (information on the user of the issuance destination, TxID of a block necessary at the time of admission, etc.) It is assumed that a service ID associated with TxID) and personal information etc. of the referenced block is included. Further, the service providing apparatus 21A holds information related to the issuance of the current ticket in association with such a service ID (step S533).

  When the above processing is completed, the service providing apparatus 21A grants purchase permission to the purchase application, a service ID for identifying information related to the issuance of the current ticket, and a TxID in which the issuance record of the present ticket is registered. Along with (issue record TxID in the figure), the request is returned to the requesting personal terminal 10A (step S534).

  The personal terminal 10A that has received the purchase permission stores the service ID and the issuance record TxID received together with the purchase permission as ticketing ticket information (step S535). Thereafter, the user is notified of completion (step S536).

  FIG. 18 is a sequence diagram showing an example of the flow of processing at the time of application for admission. In the example shown in FIG. 18, the user first instructs the personal terminal 10A to enter the application (step S541). At this time, a service ID as ticketing ticket information for applying for admission may be designated.

  When receiving the instruction for the admission application, the personal terminal 10A transmits the admission application including the personal ID 13D and the service ID to the admission device 22A (step S542). This may be performed by information communication by touching the reader device provided in the entrance device 22A actually installed in the venue.

  Upon receipt of the purchase application from the personal terminal 10A, the admission device 22A transmits a service ID validity confirmation including the personal ID 13D and the service ID to the service providing device 21A (step S543). It should be noted that the service ID validity confirmation may further include information on the event being held or the venue.

  The service providing apparatus 21A that has received the service ID validity confirmation from the entrance apparatus 22A confirms the validity of the service ID (step S544). 21 A of service provision apparatuses should just confirm whether the information regarding issue of the ticket with respect to the event in which the entrance apparatus 22A was installed is registered with respect to the received service ID.

  Then, the service providing apparatus 21A acquires the confirmation record block in which the issue record is registered based on the issue record TxID associated with the service ID held by itself, and confirms the reliability of the registration information. After that, the validity of the issue record is confirmed (steps S545 to S546). When the service providing apparatus 21A confirms the validity of the issuance record in the confirmation record block, the service providing apparatus 21A returns a service ID validity result (OK) to the entrance apparatus 22A (step S547). If the validity of the issue record cannot be confirmed, the service providing apparatus 21A returns a service ID validity result (NG) to the entrance apparatus 22A.

  If the service ID validity result is NG, the admission device 22A that has received the service ID validity result returns an admission impossible message to the personal terminal 10A (step S548). At this time, the admission device 22A may also transmit that the service ID is illegal. The personal terminal 10A that has received the admission disapproval notifies the user of the disapproval and ends the process (step S549).

  On the other hand, if the service ID validity result is OK, the admission device 22A transmits a biometric authentication request D to the personal terminal 10A (step S550). In addition, although the example shown below is an example which performs identity verification using the biometric authentication in the block chain 3 on the personal terminal 10A side, the same processing may be performed by the entrance device 22A or the like.

  The personal terminal 10A that has received the biometric authentication request D searches the registration history held by itself, acquires the TxID of the registration block registered at the time of personal registration (step S551), and the registration information (particularly, Personal information Hash32D (3)), which is a hash value of biometric information, is acquired.

  Then, the personal terminal 10A confirms the reliability of the acquired registration information (step S552) and confirms the consistency between the personal information at the time of registration held by itself and the original data of the registration information (step S553), It is confirmed that the personal information 14D (3) held by itself is biometric information when it is registered in the block chain 3. In this confirmation, the registration information reference request is transmitted to the block chain NW30A, in which the TxID of the registered block is designated as the reference TxID, and the hash value calculated from the biometric information at the time of registration to be confirmed is designated as the comparison source. It is also possible to do this.

  When the validity (personal registration authentication) of the personal information 14D (3) held by itself is confirmed in this way, the personal terminal 10A further obtains the biometric information of the current user (at the time of admission application). Acquire and confirm the identity of both (step S554). Note that the personal terminal 10A may collate both in the form of a hash value. Then, the personal terminal 10A returns the result of step S554 to the entrance device 22A as a biometric authentication result (step S555).

  If the biometric authentication result is NG, the admission device 22A that has received the biometric authentication result returns an improper entry to the personal terminal 10A (step S556). At this time, the admission device 22A may also transmit a message indicating a biometric authentication error. The personal terminal 10A that has received the entry failure notice notifies the user of the failure and ends the process (step S557).

  On the other hand, if the biometric authentication result is OK, the admission device 22A adds the current authentication record as a confirmation record block to the block chain 3 (steps S558 and S559), and then returns admission permission to the personal terminal 10A. (Step S560). The personal terminal 10A that has received the admission permission notifies the user of permission and ends the process (step S561).

  As described above, according to the present embodiment, it is possible to realize a ticket service including identity verification reliably and quickly without omission. In addition, since it is not necessary to go to the personnel site for identity verification, it also leads to cost reduction.

  FIG. 19 is a block diagram showing another configuration example of the ticket service system of this embodiment. The ticket service system shown in FIG. 19 includes a personal terminal 10B, a service providing device 21B, an entrance device 22B, and a block chain NW 30B.

  The personal terminal 10B includes a service request unit 711B and an IMS application unit 712B.

  The service providing apparatus 21B includes a service providing unit 721B and a first target confirmation service unit 722B.

  The entrance device 22B includes a second target confirmation service unit 731B and a determination unit 732B.

  The service request unit 711B performs processing related to service provision (processing other than processing related to target confirmation and record registration corresponding to processing performed by the confirmation unit 202) performed by the personal terminal 10A of the second embodiment. For example, the service request unit 711B transmits a message requesting a service to the service providing unit 721B in response to an operation from the user of the personal terminal 10B.

  The IMS application unit 712B performs processing related to target confirmation and record registration performed in the personal terminal 10A of the second embodiment. Specifically, the IMS application unit 712B provides various processes and interfaces for the user of the personal terminal 10B to use the personal information management system.

  The service providing unit 721B performs processes other than the target confirmation among the processes related to service provision performed by the service providing apparatus 21A of the second embodiment. Note that the service providing unit 721B of this example provides a ticket service. The service providing unit 721B provides a service to the user by exchanging information with the service request unit 711B, for example.

  The first target confirmation service unit 722B performs processing related to target confirmation among the processing related to service provision performed by the service providing apparatus 21A of the second embodiment. Specifically, the first target confirmation service unit 722B performs the target confirmation of the user by exchanging information with the IMS application unit 712B using the IMS platform.

  The second target confirmation service unit 731B performs processing related to target confirmation among the processing related to service provision performed by the admission device 22A of the second embodiment. Specifically, the second target confirmation service unit 731B confirms the target of the user by exchanging information with the IMS application unit 712B using the IMS platform.

  The determination unit 732B performs processes other than the target confirmation among the processes related to service provision performed by the entrance device 22A of the second embodiment. For example, the determination unit 732B determines whether or not the user can enter based on the result of the target confirmation by the second target confirmation service unit 731B.

  In such a configuration, the service providing unit 721B may provide a ticket purchase service to the user based on the result of the target confirmation of the user notified from the first target confirmation service unit 722B.

  In this example, the IMS includes two or more nodes 301B, a registration unit 102B, a disclosure unit 103B, a target confirmation unit 2021B, and a record registration unit 2022B.

  The node 301B corresponds to the ledger management node 301, and is a block chain (more specifically, block chain NW30B) to which a new block is added through processing according to a predetermined consensus algorithm in which two or more nodes participate. Configure.

  The registration unit 102B includes, in the block chain, personal information disclosed by the user, and target confirmation information that is personal information necessary for predetermined target confirmation that is one of identity confirmation, user authentication, or eligibility confirmation. A first block including a hash value is registered.

  When the disclosure unit 103B receives a request for disclosure of personal information, the disclosure unit 103B reads the requested type of personal information from a predetermined storage unit (not shown) and transmits it to the request source. Alternatively, in place of the requested type of personal information, information that can specify the second block including the record of the past object confirmation performed using the personal information may be transmitted.

  The target confirmation unit 2021B verifies the validity of the target confirmation information disclosed by the user using a block in the block chain, and then performs target confirmation based on the disclosed target confirmation information.

  The record registration unit 2022B registers the second block including the target confirmation or service provision record in the block chain.

  In this example, the IMS application unit 712B has the registration unit 102B as a part of the IMS, and the first target confirmation service unit 722B and the second target confirmation service unit 731B are each a part of the IMS. It is assumed that a confirmation unit 2021B and a record registration unit 2022B are included.

  In such a configuration, the IMS application unit 712B, via the registration unit 102B, in the block chain, the identifier of the user, the hash value of the first target confirmation information that is biometric information disclosed by the user, You may register the 1st block containing the hash value of the 2nd object confirmation information which is the predetermined | prescribed personal information disclosed by the user.

  Further, the first target confirmation service unit 722B may request the user to disclose the second target confirmation information via the target confirmation unit 2021B, and perform target confirmation based on the obtained information. .

  In addition, when the second target confirmation service unit 731B receives an entry application from the user, the second target confirmation service unit 731B allows the user to identify information that can identify the second block via the target confirmation unit 2021B and the first block registration time. One target confirmation information and the present first target confirmation information may be requested to be disclosed, and predetermined eligibility confirmation including identity verification may be performed based on the disclosed information.

  In addition, when the first target confirmation service unit 722B and the second target confirmation service unit 731B provide target confirmation or some service, the target confirmation or service provision is provided to the block chain via the record registration unit 2022B. You may register the 2nd block containing recording.

  According to such a configuration, the user can be provided with a ticket service accompanied by target confirmation only by disclosing the minimum necessary personal information. Other points are the same as those of the personal information management system of the first embodiment and the ticket service system of the second embodiment.

  In the present embodiment, personal information for performing object confirmation including identity confirmation using information in the block chain 3 associated with one personal ID for a series of ticket services from ticket sales to admission determination. Although an example in which the management system is applied has been shown, the application service is not limited to the ticket service.

  For example, using a smart key to lock / unlock facilities and rooms, use a smart key issuance and entrance / exit management, or use a wearable device or portable terminal with biometric information A voting service and a commuter pass fare management service at a ticket gate using a wearable device or a portable terminal in which biometric information is registered are also conceivable.

As a method for applying the personal information management system to the facility management service, for example, the following method can be cited.
・ At the start of use, the hash value of biometric information for personal identification is registered in the block chain together with the personal ID (personal registration) together with the personal information required for this service.
・ When making a reservation, issue an electronic key after confirming your identity and register the record in the blockchain.
・ At the time of check-in, the electronic key issued after identification is validated and the record is registered in the blockchain.
-When electronically unlocking / locking, the record is registered in the block chain via a locking device.
・ At the time of checkout, the issued electronic key is invalidated and settlement is performed based on the records on the blockchain.

As a method for applying the personal information management system to the above voting service, for example, the following can be cited.
・ At the start of use, the hash value of biometric information for personal identification is registered in the block chain together with the personal ID (personal registration) together with the personal information required for this service.
・ When applying for electronic voting rights, issue the electronic voting rights after confirming the identity and information necessary for issuing electronic voting rights, and register the issuance record in the blockchain.
-At the time of voting, the voting device that has accepted the voting accepts the voting after confirming the identity verification and the issuance record. Also, voting records including voting contents (encryption) are registered in the block chain.
・ At the time of ticketing, the ticketing device performs counting based on the voting records on the blockchain.

As a method of applying the personal information management system to the above commuter pass fare management service, for example, the following can be cited.
・ At the start of use, biometric information is registered in the wearable device or portable terminal possessed by the user.
-When applying for a commuter pass, an issuance record including a device ID that has registered biometric information and commuter pass issuance information is registered in the block chain. At this time, the device ID may be regarded as a personal ID or may be assigned separately.
・ Check the issuance record on the blockchain and the previous record based on the device ID obtained from the wearable device or mobile terminal that has been biometrically authenticated and the personal ID notified when issuing the commuter pass when passing through the ticket gate , Judge whether to enter. Also, register the admission record in the blockchain.
・ When passing through the ticket gate (getting off), check the issuance record on the blockchain and the previous record based on the device ID acquired from the biometrically authenticated wearable device or mobile terminal and the personal ID notified when issuing the commuter pass , Judge whether to participate. Also, register the participation record in the blockchain.

  In the example shown above, the admission device accepts an application for admission from the user, and based on the result of the target confirmation, an example of determining whether or not the user can apply is shown. It is also possible to replace with a permit judging device installed at a place where a permit indicating the eligibility for receiving the service issued by the service providing device is used. In such a case, as shown in FIG. 19, in the permit determination device, the second target confirmation service unit accepts an application for entrance or receipt of profits obtained from the permit from the user, and the determination unit Based on the result of the object confirmation by the second object confirmation unit, it may be determined whether or not the user can apply. Here, the permit may be an electronic ticket, an electronic key, an electronic voting ticket, or a commuter pass.

  FIG. 20 is a schematic block diagram showing a configuration example of a computer according to each embodiment of the present invention. The computer 1000 includes a CPU 1001, a main storage device 1002, an auxiliary storage device 1003, an interface 1004, a display device 1005, and an input device 1006.

  Servers and other devices included in the systems of the above-described embodiments may be implemented in the computer 1000. In that case, the operation of each device may be stored in the auxiliary storage device 1003 in the form of a program. The CPU 1001 reads a program from the auxiliary storage device 1003 and develops it in the main storage device 1002, and executes predetermined processing in each embodiment according to the program. The CPU 1001 is an example of an information processing apparatus that operates according to a program. In addition to a CPU (Central Processing Unit), for example, an MPU (Micro Processing Unit), an MCU (Memory Control Unit), a GPU (Graphics Processing Unit), or the like. May be provided.

  The auxiliary storage device 1003 is an example of a tangible medium that is not temporary. Other examples of the tangible medium that is not temporary include a magnetic disk, a magneto-optical disk, a CD-ROM, a DVD-ROM, and a semiconductor memory connected via the interface 1004. When this program is distributed to the computer 1000 via a communication line, the computer that has received the distribution may develop the program in the main storage device 1002 and execute the predetermined processing in each embodiment.

  The program may be for realizing a part of predetermined processing in each embodiment. Furthermore, the program may be a difference program that realizes predetermined processing in each embodiment in combination with another program already stored in the auxiliary storage device 1003.

  The interface 1004 transmits / receives information to / from other devices. The display device 1005 presents information to the user. The input device 1006 accepts input of information from the user.

  Further, depending on the processing contents in the embodiment, some elements of the computer 1000 may be omitted. For example, if the computer 1000 does not present information to the user, the display device 1005 can be omitted. For example, if the computer 1000 does not accept information input from the user, the input device 1006 can be omitted.

  In addition, some or all of the constituent elements of each of the embodiments described above are implemented by a general-purpose or dedicated circuit (Circuitry), a processor, or a combination thereof. These may be constituted by a single chip or may be constituted by a plurality of chips connected via a bus. In addition, some or all of the constituent elements in each of the above embodiments may be realized by a combination of the above-described circuit and the like and a program.

  When some or all of the constituent elements of each of the above embodiments are realized by a plurality of information processing devices and circuits, the plurality of information processing devices and circuits may be centrally arranged or distributed. It may be arranged. For example, the information processing apparatus, the circuit, and the like may be realized as a form in which each is connected via a communication network, such as a client and server system and a cloud computing system.

  Next, the outline of the present invention will be described. FIG. 21 is a block diagram showing an outline of the personal information management system of the present invention. As shown in FIG. 21, the personal information management system of the present invention may include two or more nodes 61, a registration unit 62, a target confirmation unit 63, and a record registration unit 64.

  The node 61 constitutes a block chain in which a new block is added through processing according to a predetermined consensus algorithm in which two or more nodes 61 participate.

  The registration unit 62 stores the personal information disclosed by the user in the blockchain, and the target confirmation information that is the personal information necessary for the predetermined target confirmation that is one of identity verification, user authentication, or eligibility confirmation. A first block including a hash value is registered.

  The target confirmation unit 63 verifies the validity of the target confirmation information disclosed by the user using the blocks in the block chain, and then performs target confirmation based on the disclosed target confirmation information.

  The record registration unit 64 registers the second block including the target confirmation record in the block chain.

  While the present invention has been described with reference to the present embodiment and examples, the present invention is not limited to the above embodiment and examples. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.

  According to the present invention, any service that provides services to users after performing identity verification, user authentication, or eligibility confirmation can be suitably applied.

1 Client device 2 Checking authority device 3 Block chain 4 Network 11D, 21D Private key 12D, 22D Public key 13D Personal ID
14D personal information 31D personal ID_Hash
32D Personal Information Hash
33D Signature of the person 34D Confirmation information 35D Signature of the confirmation organization 100 Personal information management system 10 User side system 101 Data storage unit 102 Registration unit 103 Disclosure unit 104 Authentication unit 20 Confirmation organization side system 201 Data storage unit 202 Confirmation unit 221 Data acquisition Unit 222 registration information reliability confirmation unit 223 original data consistency confirmation unit 224 personal information validity confirmation unit 225 result output unit 226 confirmation record registration unit 30 ledger management system 301 ledger management node 311 registration information reception unit 312 block generation unit 313 block Shared unit 314 Information storage unit 315 Block verification unit 40 Network 50 Management side system 501 Data storage unit 502 Personal ID allocation unit 10A, 10B Personal terminal 21A, 21B Service providing device 22A, 22B Entrance device 30A , 30B Block chain NW
711B service request unit 712B IMS application unit 721B service providing unit 722B first target confirmation service unit 731B second target confirmation service unit 732B determination unit 102B registration unit 103B disclosure unit 2021B target confirmation unit 2022B recording registration unit 301B node 1000 computer 1001 CPU
1002 Main storage device 1003 Auxiliary storage device 1004 Interface 1005 Display device 1006 Input device 61 Node 62 Registration unit 63 Target confirmation unit 64 Record registration unit

Claims (7)

Two or more nodes constituting a block chain to which a new block is added through processing according to a predetermined consensus algorithm in which two or more nodes participate;
The block chain includes personal information disclosed by a user and a hash value of target confirmation information that is personal information necessary for predetermined target confirmation that is one of identity verification, user authentication, or eligibility confirmation. A registration unit for registering the first block;
After verifying the validity of the target confirmation information disclosed by the user using a block in the block chain, a target confirmation unit that performs the target confirmation based on the disclosed target confirmation information;
A record registration unit for registering a second block including a record of the target confirmation in the block chain ;
A user-side data holding unit that holds at least the target confirmation information in which the hash value is registered in the first block by the registration unit;
Upon receiving a request for disclosure of the target confirmation information from the target confirmation unit, after obtaining permission from the user, a disclosure unit that discloses the target confirmation information held in the user side data holding unit; Prepared,
The registration unit includes, in the block chain, an identifier assigned to the user or a hash value thereof, and personal information disclosed by the user, which is personal information necessary for the target confirmation. Register the first block containing the hash value,
The first block includes two or more hash values of target confirmation information, or two or more first blocks including at least one hash value of the user's two or more target confirmation information are registered in the block chain. And
The disclosure unit discloses only the target confirmation information designated by the target confirmation unit after obtaining permission from the user . The registration unit registers the first block with the signature of at least one of the creator of the information included in the first block, the user himself / herself, or the organization that has confirmed the validity of the target confirmation information. Item 2. A personal information management system according to item 1. The target confirmation unit
Confirmation of the reliability of the hash value of the object confirmation information in the first block based on the validity of the disclosed object confirmation information based on the signature attached to the first block of the user in the block chain A validity verification unit that performs verification based on a result and a confirmation result of consistency between a hash value of the target confirmation information in the first block and a hash value calculated from the disclosed target confirmation information. Item 3. The personal information management system according to item 2. The target confirmation unit is disclosed when information that can identify the second block is disclosed from the user instead of the target confirmation information as a result of requesting the user to disclose the target confirmation information. The personal information management system according to any one of claims 1 to 3, wherein the target confirmation is performed with reference to a record of the target confirmation in the second block identified from the information. The record registration unit registers the second block with the signature of the creator of the information included in the second block or the organization that performed the target confirmation,
The object confirmation unit confirms at least the reliability of the record of the object confirmation in the second block based on a signature attached to the second block specified from the disclosed information, and then performs the object confirmation. The personal information management system according to any one of claims 1 to 4, wherein the target confirmation is performed with reference to a record. Personal information disclosed by the user to the blockchain where a new block is added through processing according to a predetermined consensus algorithm in which two or more nodes participate, and identity verification, user authentication or eligibility verification A first block including a hash value of target confirmation information which is personal information necessary for predetermined target confirmation, which is an identifier assigned to the user or a hash value thereof, and is disclosed by the user Registered at least a first block including personal information and a hash value of target confirmation information which is personal information necessary for the target confirmation ,
When a service is requested from the user, the user is requested to disclose the target confirmation information, and after verifying the validity of the disclosed target confirmation information using a block in the block chain, Perform the target confirmation based on the disclosed target confirmation information,
Based on the result of the target confirmation, the service is provided to the user, and the second block including the target confirmation record is registered in the block chain ,
When receiving the request for disclosure of the target confirmation information, after obtaining permission from the user, it is held in the user side data holding unit holding at least the target confirmation information whose hash value is registered in the first block The subject confirmation information is disclosed,
The first block includes two or more hash values of target confirmation information, or two or more first blocks including at least one hash value of the user's two or more target confirmation information are registered in the block chain. When the target confirmation information is disclosed , the service providing method is characterized in that only the designated target confirmation information is disclosed after obtaining permission from the user . A block chain in which a new block is added through a process according to a predetermined consensus algorithm in which two or more nodes participate, and is personal information disclosed by a user, which includes identity verification, user authentication or eligibility. A first block including a hash value of target confirmation information which is personal information necessary for predetermined target confirmation that is one of confirmations, and an identifier assigned to the user or a hash value thereof, and the user A computer capable of acquiring at least information of the first block from a block chain in which at least a first block including disclosed personal information and a hash value of target confirmation information that is personal information necessary for target confirmation is registered. In addition,
When a service is requested from the user, the user is requested to disclose the target confirmation information, and after verifying the validity of the disclosed target confirmation information using a block in the block chain, A process for performing the object confirmation based on the disclosed object confirmation information;
A process of providing a service to the user based on the result of the target confirmation ;
A process of registering a second block including a record of the object confirmation in the block chain ; and
When receiving the request for disclosure of the target confirmation information, after obtaining permission from the user, it is held in the user side data holding unit holding at least the target confirmation information whose hash value is registered in the first block To execute the process of disclosing the target confirmation information,
The first block includes two or more hash values of target confirmation information, or two or more first blocks including at least one hash value of the user's two or more target confirmation information are registered in the block chain. A service providing program for disclosing only the specified target confirmation information after obtaining permission from the user when the target confirmation information is disclosed .

Images