JP6742852B2 - Search method, search system and program - Google Patents

Description

The present invention relates to a search method and a search system for concealing contents by encryption and performing a similar search.

In recent years, for example, when a user measures blood pressure and the like at home and sends information on the measurement result from a user terminal to a server, there is a system that advises the user regarding eating habits and the like by performing analysis on the server. In this analysis, it is possible to give useful advice to the user by referring to not only the past information of the user himself but also other similar cases. In the search for similar cases in the server (similarity search), it is desirable to encrypt and conceal the user information and the like from the viewpoint of privacy protection. Patent Literature 1 discloses a technique of a collation system that uses additive homomorphic encryption to collate the data to be authenticated and the authentication data while they are encrypted to conceal these data from the server.

International Publication No. 2014/185450

Allison Bishop, 2 people outside, "Function-Hiding Inner Product Encryption", "Advances in Cryptology-ASIACRYPT 2015", Springer Berlin Heidelberg, (URL: https://eprint.iacr.org/2015/672.pdf) Emily Shen, 2 others, "Predicate Privacy in Encryption Systems", "Theory of Cryptography", Springer Berlin Heidelberg, (URL: https://eprint.iacr.org/2008/536.pdf)

However, in the conventional similarity search, it is necessary to encrypt and transmit the user information from the user terminal to the server, and to collate the reference information as a result of the search on the server with the encrypted information on the user terminal side. As the number increases, the processing load on the user terminal and the communication amount increase.

Therefore, the present invention provides a search method capable of suppressing the processing load of the user terminal and suppressing the communication amount when the user information is concealed and searched in the server. Further, the present invention provides a search system capable of suppressing the processing load of the user terminal and suppressing the communication amount in the search, and a computer program used in the search system.

In order to solve the above problems, a search method according to an aspect of the present invention is a search method for searching data in a first device, and is represented by a vector including a plurality of components extracted from user privacy data. The encrypted first converted feature amount obtained by performing the predetermined encryption on the first converted feature amount as the result of the first conversion for the feature amount to be received is received from the second device, and each of the plurality of reference feature amounts is plural. Corresponding to any of the reference data, the second conversion feature amount as a result of the second conversion for the reference feature amount for each of the plurality of reference feature amounts represented by a vector including the same number of components as the feature amount. The encrypted second conversion feature amount obtained by performing the predetermined encryption on the encrypted second conversion feature amount and the encryption first conversion feature amount for each of the obtained plurality of encrypted second conversion feature amounts. Information indicating one or more pieces of the reference data having a corresponding relationship with each of the one or more encrypted second conversion feature quantities, the result of the inner product operation being performed using the transform feature quantity To the second device, and the first conversion, the second conversion, and the predetermined encryption are inner product operations of the encrypted first conversion feature amount and the acquired one encrypted second conversion feature amount. Is determined as a value related to the Euclidean distance between the feature quantity corresponding to the encrypted first conversion feature quantity and the reference feature quantity corresponding to the one encrypted second conversion feature quantity. ing.

Further, in order to solve the above problems, a search system according to an aspect of the present invention is a search system including a first device and a second device that can communicate with each other, and the second device measures a user. An encryption obtained by performing a predetermined encryption on the first conversion feature amount as a result of the first conversion with respect to the feature amount represented by a vector including a plurality of components extracted from the privacy data as the measurement result. 1 conversion feature amount is transmitted to the first device, the first device receives the encrypted first conversion feature amount from the second device, and each of the plurality of reference feature amounts is one of a plurality of reference data. Correspondingly, for each of the plurality of reference feature amounts represented by a vector including the same number of components as the feature amount, the predetermined encryption is performed on the second converted feature amount as a result of the second conversion for the reference feature amount. To obtain the encrypted second conversion feature quantity, and obtain the encrypted second conversion feature quantity and the encrypted first conversion feature quantity for each of the acquired plurality of encrypted second conversion feature quantities. The inner device operation is performed, and the information indicating the one or more reference data having a corresponding relationship with each of the one or more encrypted second conversion feature amounts whose result of the inner product operation satisfies a certain condition is used as the second device. To the second device, the second device receives the information indicating the reference data, presents the reference data, and the first conversion, the second conversion, and the predetermined encryption are the encryption first conversion. The result of the inner product operation of the feature amount and the acquired one encrypted second conversion feature amount corresponds to the feature amount corresponding to the encrypted first conversion feature amount and the one encrypted second conversion feature amount. The reference value is set to a value related to the Euclidean distance.

Further, in order to solve the above problems, a program according to an aspect of the present invention is a program for causing a first device including a storage medium and a microprocessor to perform a predetermined data search process, wherein the first device includes: A plurality of reference data and a plurality of reference feature amounts represented by a vector containing a plurality of components are stored in the storage medium in association with each other, and the predetermined data search process is extracted from the privacy data of the user. The second device is an encrypted first conversion feature amount obtained by performing predetermined encryption on the first conversion feature amount as a result of the first conversion for the feature amount represented by a vector including the same number of components as the reference feature amount. A receiving step of receiving from the conversion medium, a conversion step of generating a second conversion characteristic amount obtained by performing a second conversion on the reference characteristic amount for each of the plurality of reference characteristic amounts in the storage medium, and the conversion step. For each of the plurality of generated second conversion feature amounts, an encryption step of generating an encrypted second conversion feature amount obtained by subjecting the second conversion feature amount to the predetermined encryption, and an encryption step An inner product operation using the encrypted second conversion feature quantity and the encrypted first conversion feature quantity is performed for each of the plurality of encrypted second conversion feature quantities, and the result of the inner product operation satisfies a certain condition. A selection step of selecting one or more encrypted second conversion feature quantities to satisfy, and one or more of the one or more corresponding to each of the one or more encrypted second conversion feature quantities selected in the selection step. And a step of transmitting information indicating reference data to the second device, wherein the first conversion, the second conversion, and the predetermined encryption are generated in the encrypted first conversion feature amount and the encryption step. The result of the inner product operation with the generated one encrypted second conversion feature amount is the feature amount corresponding to the encrypted first conversion feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount. It is set to be a value related to the Euclidean distance between and.

According to the present invention, it is possible to suppress the processing load of the user terminal and suppress the communication amount in the search performed by concealing the user information.

It is a conceptual diagram which shows an example of the aspect of the service which the search system which concerns on embodiment provides. It is a conceptual diagram which shows an example of the data center operating company which concerns on embodiment. 1 is a schematic configuration diagram showing an entire search system according to Embodiment 1. FIG. FIG. 3 is a configuration diagram showing a configuration of a user terminal device according to the first embodiment. FIG. 6 is a diagram showing an example of conversion of a feature amount in the user terminal device according to the first embodiment. FIG. 3 is a configuration diagram showing a configuration of a data operation device according to the first embodiment. It is a figure which shows an example of the storage content of the reference feature-value storage part in a data arithmetic unit. It is a figure which shows an example of the storage content of the reference data storage part in a data arithmetic unit. FIG. 5 is a diagram showing an example of conversion of reference feature quantities in the data arithmetic unit according to the first embodiment. FIG. 6 is a sequence diagram showing an operation of the search system according to the first embodiment. It is a figure which shows an example of the data format of the communication data from a user terminal to a data processor. It is a figure which shows an example of the data format of the communication data from a data arithmetic unit to a user terminal. It is a block diagram which shows the whole search system which concerns on Embodiment 2. FIG. 9 is a sequence diagram showing an operation of the search system according to the second embodiment. FIG. 9 is a diagram showing an example of conversion of reference feature amounts according to Modification Example 1. It is a conceptual diagram which shows the service (type 1) which a search system provides. It is a conceptual diagram which shows the service (type 2) which a search system provides. It is a conceptual diagram which shows the service (type 3) which a search system provides. It is a conceptual diagram which shows the service (type 4) which a search system provides.

(Findings that form the basis of the present invention)
Concerning that the user terminal keeps the data secret in the server and causes the server to perform the search, that is performed when performing the similarity search for searching the reference feature amount similar to the feature amount while the data (feature amount) is encrypted. Homomorphic encryption can be used for encryption. However, the operation that can be performed using the homomorphic encryption is only one of addition and multiplication. In the case where the feature quantity to be subjected to the similarity search is represented by a vector having a plurality of components (elements), the Euclidean distance between the feature quantity and the reference feature quantity is specified as an index indicating the similarity in the similarity search. Therefore, when using the inner product or the like, the index of similarity cannot be derived only by one of the addition and multiplication operations. When the feature amount is decomposed into each component and the user terminal causes the server to perform the similarity search, the processing load on the user terminal increases.

Therefore, in order to suppress the processing load of the user terminal and suppress the communication amount when the user information is concealed and searched in the server, the inventors of the present application convert the feature amount and perform the encryption method related to the inner product operation. I came up with a method to perform similarity search by using. Then, a search method using the method, a search system, and a computer program used in the search system are provided.

A search method according to an aspect of the present invention is a search method for searching for data in a first device, wherein the first method for a feature amount represented by a vector including a plurality of components extracted from user privacy data is used. An encrypted first conversion feature amount obtained by performing a predetermined encryption on the first conversion feature amount as a result of the conversion is received from the second device, and each of the plurality of reference feature amounts corresponds to one of the plurality of reference data. Then, for each of the plurality of reference feature quantities represented by a vector including the same number of components as the feature quantity, the second encryption feature quantity as a result of the second conversion for the reference feature quantity is subjected to the predetermined encryption. The encrypted second conversion feature quantity obtained by the above is acquired, and the encrypted second conversion feature quantity and the encrypted first conversion feature quantity are used for each of the acquired plurality of encrypted second conversion feature quantities. An inner product operation is performed, and the result of the inner product operation is transmitted to the second device, the information indicating one or more reference data having a correspondence relationship with each of the one or more encrypted second conversion feature amounts satisfying a certain condition. Then, in the first conversion, the second conversion, and the predetermined encryption, the result of the inner product operation of the encrypted first conversion feature amount and the acquired one encrypted second conversion feature amount is the encryption result. It is set to be a value related to the Euclidean distance between the feature amount corresponding to the first conversion feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount. The Euclidean distance here is a concept including a weighted Euclidean distance. With this configuration, in the similarity search, the inner product operation can be performed in the first device (for example, the data operation device) while the user information is kept secret and encrypted, and the condition related to the similarity can be determined. The processing load of the device (for example, the user terminal device) can be suppressed and the communication amount can be suppressed.

Further, for example, the predetermined encryption is encryption by a predetermined inner product encryption, and the first conversion and the second conversion are the encrypted first conversion feature amount and the acquired one encrypted second conversion. The result of the inner product operation with the feature quantity is the Euclidean distance between the feature quantity corresponding to the encrypted first conversion feature quantity and the reference feature quantity corresponding to the one encrypted second conversion feature quantity, The predetermined condition may be a condition that is satisfied when the result of the inner product operation is equal to or less than a predetermined threshold value. Further, the feature amount is defined as an n-dimensional vector X=(x1, x2 , X3,..., Xn), the first conversion is performed by the vector X′=(Σxj^2,1,x1,x2,... , Xn), and Σxj^2 is the sum of xj^2 in which j is from 1 to n, and the plurality of reference feature quantities are from k to 1 In the case where the n-dimensional vector Yk=(yk1, yk2, yk3,..., Ykn) is represented as each integer up to the number of quantities, the second conversion includes each of the plurality of reference feature quantities in the first Vector Yk'=(1, Σykj^2, -2yk1, -2yk2,..., -2ykn) as a two-transformation feature amount is defined to be converted, and in the Σykj^2, j is 1 to n. May be the total sum of ykj^2 up to. As a result, the similarity between the vectors including a plurality of components can be efficiently determined based on the Euclidean distance indicated by the inner product value with each vector being encrypted by the inner product encryption.

Further, for example, in the case where the feature amount is represented by an n-dimensional vector X=(x1, x2, x3,..., xn), the first conversion uses the feature amount as the first conversion feature amount. X′=(Σ(wj·xj^2),1,x1,x2,...,xn), and Σ(wj·xj^2) is such that j is 1 From n to n, the n-dimensional vector Yk=(yk1), where k is each integer from 1 to the number of the plurality of reference feature amounts. , Yk2, yk3,..., Ykn), the second conversion uses each of the plurality of reference feature quantities as a vector Yk′=(1,Σ(wj· ykj^2), −2w1·yk1, −2w2·yk2,..., −2wn·ykn), and the Σ(wj·ykj^2) is from 1 to n. (Wj·ykj^2), and the Euclidean distance is a weighted Euclidean distance with weights w1 to wn corresponding to the first to nth components of the n-dimensional vector. It may be that. As a result, it becomes possible to make a determination regarding similarity based on the weighted Euclidean distance.

Further, for example, the predetermined encryption is encryption by a predetermined predicate encryption, and the first conversion and the second conversion are the encrypted first conversion feature amount and the acquired one encrypted second conversion. The result of the inner product calculation with the feature amount subtracts a predetermined value from the Euclidean distance between the feature amount corresponding to the encrypted first converted feature amount and the reference feature amount corresponding to the one encrypted second converted feature amount. The constant condition may be a condition that is satisfied when the result of the inner product operation is 0. As a result, it is possible to judge the similarity between vectors including a plurality of components based on the value obtained by subtracting a predetermined value from the Euclidean distance indicated by the result of the predetermined inner product operation with each vector being encrypted by the predicate encryption. Become.

Further, for example, the first device includes a storage medium, and the plurality of reference data and the plurality of reference feature amounts are stored in the storage medium. In the search method, the plurality of reference data in the storage medium are stored. For each of the reference feature quantities, the second transformed feature quantity is generated by performing the second transformation on the reference feature quantity, and the encrypted second transformation is performed by performing the predetermined encryption on the second transformed feature quantity. The acquisition of the encrypted second conversion feature amount may be performed by generating a feature amount. As a result, the similarity search can be performed using the reference feature quantity stored in the first device.

Further, for example, in the search method, the acquisition of a plurality of encrypted second conversion feature amounts is performed by receiving the plurality of encrypted second conversion feature amounts from a third device, and the third device, The plurality of reference data corresponding to the plurality of encrypted second conversion feature quantities are stored, and in the search method, the result of the inner product calculation is constant under each of the plurality of encrypted second conversion feature quantities. One or more of the reference data having a correspondence relationship with each of the one or more encrypted second conversion feature amounts satisfying the above conditions are received from the third device, and the information is based on the received one or more of the reference data. The transmission to the second device may be performed. Accordingly, it is possible to perform similarity search by using the encrypted second conversion feature amount (encrypted reference feature amount) generated based on the reference feature amount in the third device (for example, the data providing device). Become. In this case, for example, the third device may conceal the reference feature amount that is the target of the similarity search from the first device.

Further, for example, the privacy data of the user may include vital data of the user, and further, the feature amount is the shape, size, weight, state of the whole or part of the body of the user, And a component indicating an index associated with at least one of the movements. As a result, the user can obtain reference data such as information on health, illness, etc., which is highly related to the vital data while keeping the vital data secret.

Further, for example, the privacy data of the user may include log information indicating a history of the user operating the device. As a result, the user can obtain reference data such as information highly relevant to the operation history while keeping the operation history and the like of devices such as electric devices and moving bodies (vehicles, etc.) secret.

Further, for example, the information indicating the one or more reference data may be information obtained by encrypting the one or more reference data. As a result, not only the feature amount of the privacy data for the search but also the privacy of the search result is less likely to be estimated due to the encryption of the search result, and the confidentiality of the search content is more appropriately realized.

Further, a search system according to an aspect of the present invention is a search system including a first device and a second device that can communicate with each other, wherein the second device measures a user and displays a result of the measurement. The encrypted first conversion feature quantity obtained by performing predetermined encryption on the first conversion feature quantity as a result of the first conversion for the feature quantity represented by the vector including a plurality of components extracted from the privacy data To the first device, the first device receives the encrypted first conversion feature amount from the second device, and each of the plurality of reference feature amounts corresponds to any one of the plurality of reference data items. An encryption obtained by performing the predetermined encryption on the second conversion feature amount as a result of the second conversion for the reference feature amount for each of the plurality of reference feature amounts represented by a vector including the same number of components as Acquiring a second conversion feature amount, performing an inner product operation using the encrypted second conversion feature amount and the encrypted first conversion feature amount for each of the acquired plurality of encrypted second conversion feature amounts, The information indicating the one or more reference data having a corresponding relationship with each of the one or more encrypted second conversion feature amounts, which is a result of the inner product calculation, is transmitted to the second device, The device receives the information indicating the reference data and presents the reference data, and the first conversion, the second conversion, and the predetermined encryption are the encrypted first conversion feature amount and the acquired 1 The result of the inner product operation with two encrypted second conversion feature amounts is a Euclidean value of the feature amount corresponding to the encrypted first conversion feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount. It is set to be a value related to the distance. Thereby, in the similarity search, the inner product operation can be performed in the first device (for example, the data operation device) while the user information is kept secret and encrypted, and the condition related to the similarity can be determined, and the second device ( For example, the processing load of the user terminal device) can be suppressed and the communication amount can be suppressed.

A program according to one aspect of the present invention is a program for causing a first device including a storage medium and a microprocessor to execute a predetermined data search process, and the first device includes a plurality of references in the storage medium. The data and a plurality of reference feature amounts represented by a vector including a plurality of components are stored in association with each other, and the predetermined data search process is performed in the same number as the reference feature amount extracted from the privacy data of the user. A receiving step of receiving, from the second device, an encrypted first conversion feature amount obtained by performing predetermined encryption on the first conversion feature amount as a result of the first conversion for the feature amount represented by the vector including the component; For each of the plurality of reference feature quantities in the storage medium, a conversion step of generating a second converted feature quantity that is the second conversion performed on the reference feature quantity, and a plurality of the plurality of first feature values generated in the conversion step. For each of the two conversion feature amounts, an encryption step of generating an encrypted second conversion feature amount by performing the predetermined encryption on the second conversion feature amount, and a plurality of the encryptions generated in the encryption step. One or more encryptions in which the inner product operation using the encrypted second converted feature value and the encrypted first converted feature value is performed for each of the second converted feature values, and the result of the inner product operation satisfies a certain condition. Information indicating the selection step of selecting the second conversion feature quantity and information indicating one or more reference data having a correspondence relationship with each of the one or more encrypted second conversion feature quantities selected in the selection step is described above. A transmission step of transmitting to the second device, wherein the first conversion, the second conversion, and the predetermined encryption include the encrypted first conversion feature amount and one encryption first generated in the encryption step. The result of the inner product operation with the two conversion feature amounts is related to the Euclidean distance between the feature amount corresponding to the encrypted first conversion feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount. It is set to be a value. If this program is installed in the first device, the first device performs a predetermined data search process to realize the search function. This allows the user to acquire the reference data while keeping the privacy data confidential by accessing the first device using the second device.

Note that these comprehensive or specific aspects may be realized by a recording medium such as a system, a method, an integrated circuit, a computer program or a computer-readable CD-ROM, and the system, the method, the integrated circuit, the computer. It may be realized by any combination of programs or recording media.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. It should be noted that each of the embodiments described below shows a comprehensive or specific example of the present invention. Numerical values, shapes, constituent elements, arrangement of constituent elements, steps, order of steps, and the like shown in the following embodiments are examples and do not limit the present invention. Further, among the constituent elements in the following embodiments, constituent elements not described in the independent claims are constituent elements that can be arbitrarily added. In addition, each drawing is a schematic view and is not necessarily strictly illustrated.

(Overview of services provided)
First, the aspect of the service provided by the search system in the present embodiment will be described.

FIG. 1A is a diagram showing an example of a mode of a service provided by the search system 10 according to the present embodiment. The search system 10 includes a group 1100, a data center operating company 1110, and a service provider 1120.

The group 1100 is, for example, a facility such as a company, a group, or a home (for example, a building, a house, etc.), and its scale does not matter. The group 1100 includes a device 1101 and a home gateway 1102. The device 1101 has a user interface for exchanging information with a user in some way. The user interface may be a sensor or the like for sensing (measuring) the user. The device 1101 is, for example, a device that can be connected to the Internet (for example, a smartphone, a personal computer (PC), a television, etc.). The device 1101 may be a device that cannot connect to the Internet by itself (for example, a washing machine, a refrigerator, etc.) or a device that can connect to the Internet via the home gateway 1102. The home gateway 1102 may not be necessary in some cases. The user 1010 uses the device 1101. The device 1101 may be a portable device that can be wirelessly connected to the Internet (for example, a smartphone, a laptop PC, etc.), and in this case, the user 1010 and the device 1101 are not necessarily located in the group 1100. Good. For example, the user 1010 and the device 1101 may be located in a moving body such as a vehicle or an aircraft. The device 1101 is not limited to one device, and the device 1101 may be configured by a plurality of devices.

The data center operating company 1110 includes a cloud server 1111. The cloud server 1111 is a computer that cooperates with various devices via the Internet, and is, for example, a virtualization server. The cloud server 1111 manages, for example, huge data (big data) that is difficult to handle with a normal database management tool or the like. The data center operating company 1110 manages data and the cloud server 1111. Note that the data center operating company 1110 is not limited to a management company that only manages data or the cloud server 1111 and may be a company that also conducts other businesses. It may be a device manufacturer who is developing or manufacturing. Further, the data center operating company 1110 is not limited to one company. For example, as shown in FIG. 1B, when the device manufacturer and the management company jointly or share the data management or the cloud server 1111 management, Both the equipment manufacturer and the management company may correspond to the data center operating company 1110.

The service provider 1120 includes a server 1121. The server 1121 is realized by, for example, one or a plurality of computers, and regardless of its scale, may have a storage such as a large-capacity hard disk as a storage medium, or, for example, has only a memory in a PC or the like. May be. The server 1121 does not necessarily have to include a storage medium.

Next, the flow of information in the search system 10 of the above aspect will be described.

First, the device 1101 of the group 1100 transmits the transmission information generated based on the information acquired via the user interface to the cloud server 1111 of the data center operating company 1110 directly or via the home gateway 1102. The user interface used for input by the user 1010 in the device 1101 is, for example, a sensor, a keyboard, a touch panel, or a voice input device using an existing voice recognition technology. The cloud server 1111 acquires the transmission information from the device 1101. The transmission information is, for example, information generated based on various information (user's vital data, log information based on device operation, etc.) obtained by user's operation or user's measurement. The device log information is, for example, information indicating the operation content, state, date and time of the device 1101. The log information may include TV viewing history, recorder recording reservation information, washing machine operating date/time, laundry amount, refrigerator opening/closing date, refrigerator opening/closing times, etc. It may include various information that can be acquired from the device.

Next, the cloud server 1111 of the data center operating company 1110 transmits information based on the transmission information from the device 1101 to the server 1121 of the service provider 1120. Even if the information based on this transmission information includes the same information as at least a part of the transmission information, it is the information as a result of performing processing such as calculation on the transmission information without including the same information. It may be. The unit of information transmission based on this transmission information may be any unit. The server 1121 acquires information from the cloud server 1111.

Then, the server 1121 of the service provider 1120 identifies the information to be provided to the user in correspondence with the information from the cloud server 1111 and informs the cloud server 1111 of the information to be provided to the user 1010. Send. The cloud server 1111 transfers information to be provided from the server 1121 to the device 1101, or transmits information to the device 1101 as a result of performing processing such as calculation on the information to be provided. As a result, information is provided to the user 1010 from the user interface of the device 1101. The user interface used by the device 1101 to provide information to the user 1010 is, for example, a display or a voice output device using an existing voice synthesis technique.

The server 1121 may communicate with the device 1101 without going through the cloud server 1111 to acquire information from the user 1010 and provide information for provision. Further, the search system 10 may have a mode different from the example described above. For example, in the search system 10, the data center operating company 1110 and the service provider 1120 may be omitted, the device 1101 specifies the information for provision based on the information acquired from the user, and the information for provision is specified by the user. May be provided to

(Embodiment 1)
Hereinafter, an example of the search system according to the first embodiment will be described with reference to the drawings.

1.1 Overall Configuration of Search System FIG. 2 is a schematic configuration diagram showing the entire search system 10 according to the present embodiment. The search system 10 includes a user terminal device 100 and a data calculation device 200. In FIG. 2, one user terminal device 100 and one data processing device 200 are shown, but there may be one or more, and there may be a plurality. Further, the connection form between the respective devices may be wired connection (wired network, dedicated line, etc.) or wireless connection, as long as communication is possible. Communication in real time is not always necessary. For example, the user terminal device 100 may sequentially send a request for similarity search based on the sensed information or the like to the data processing device, or a plurality of such requests may be collectively processed in the data processing device. It may be sent to the device.

1.2 User Terminal Device FIG. 3 is a block diagram showing the configuration of the user terminal device 100. The user terminal device 100 includes a sensing unit 101, a feature amount calculation unit 102, a feature amount conversion unit 103, a key storage unit 104, a feature amount encryption unit 105, a decryption unit 106, a reference data use unit 107, The communication unit 108 is included. The user terminal device 100 can be implemented in, for example, a computer including a processor (microprocessor), a memory, a sensor, a communication interface, and the like. The memory is a ROM, a RAM, or the like, and can store a program (computer program as software) executed by the processor. The computer program is configured by combining a plurality of instruction codes indicating instructions to the processor in order to achieve a predetermined function. For example, various functions in the user terminal device 100 can be realized by the processor executing a program stored in the memory. The user terminal device 100, for example, senses information about the user such as the blood pressure, heartbeat, and CT scan information of the user, extracts the characteristic amount, and obtains reference data (for example, case information) similar to the characteristic amount. The data calculation device 200 is requested and the obtained reference data is used for the service to the user.

1.2.1 Sensing Unit The sensing unit 101 senses information about the user. The sensing unit 101 may include one or more sensors (measuring devices) for sensing, such as a blood pressure monitor, a CT scanner, a camera (image sensor), and the like. The information to be sensed is, for example, vital data such as blood pressure, body temperature, and heartbeat of the user, and is, for example, face image obtained by imaging (measurement) the body of the user, echo image, image information such as CT scan information, and the like. Good. The information to be sensed is, for example, position information obtained by GPS (Global Positioning System), log information indicating a history of the user operating an electric device or a moving body (vehicle etc.), or a product etc. by the user. It may be purchase history information or the like. For the log information, for example, various information (displacement amount, speed, acceleration) and the like acquired (measured) in association with vehicle steering operation, accelerator operation, brake operation, transmission gear operation, etc. are associated with operation time. It can be information. The sensed information about the user can be, for example, privacy data, which is a personal matter that the user does not want others to know. Since the search system 10 is a system that can perform privacy search by concealing privacy data, the information about the user sensed by the sensing unit 101 will be described here as privacy data. The privacy data sensed by the sensing unit 101 is processed by each unit in the user terminal device 100, then encrypted by the feature amount encryption unit 105, and transmitted to the data calculation device 200 for similarity search.

1.2.2 Characteristic Amount Calculation Unit The characteristic amount calculation unit 102 calculates (extracts) a characteristic amount from the information (privacy data) acquired by the sensing unit 101. The feature amount calculated by the feature amount calculation unit 102 can be represented by a vector including a plurality of components (elements). This feature amount includes, for example, a component indicating an index related to at least one of shape, size, weight, state, and movement of the whole or part of the body of the user. The part of the user that is the target of the characteristic amount may be any part, and examples thereof include eyes, nose, ears, hands, feet, organs, blood vessels and the like. Examples of the state of the whole or part of the body of the user include a health state (states of various inspection items used for physical examination), water content, blood pressure, oxygen saturation, and the like. The movement of the user's body in whole or in part includes, for example, body movement (number of times of rolling over per unit time) and slight vibration (heart rate, respiration rate, inspiration/expiration ratio, etc.). The feature amount may be, for example, information such as the main component of a characteristic parameter in the face image of the user, the position, the area, and the width of a certain area. Further, the feature amount is represented by a vector including the coefficient of each term as a component when the tendency of the element corresponding to the time axis is expressed by, for example, a polynomial from history information indicating some element measured by the sensing unit 101 for the user. It may be the information to be provided. The feature amount itself extracted from the information acquired by the sensing unit 101 may also be privacy data.

1.2.3 Feature Amount Converter The feature amount converter 103 performs a predetermined conversion (referred to as a first conversion) on the feature amount calculated by the feature amount calculator 102. An example of this first conversion is shown in FIG. FIG. 4 is a diagram showing an example of the feature amount before conversion and after conversion. In the case where the feature amount (feature amount before conversion) calculated by the feature amount calculating unit 102 is represented by an n-dimensional (n is, for example, 2 or more) vector X=(x1, x2, x3,..., xn), The feature amount (first converted feature amount) after conversion by the feature amount conversion unit 103 is the vector X′=(Σxj^2,1,x1,x2,...,xn). Here, Σxĵ2 indicates the total sum of xĵ2 in which j is 1 to n (that is, the total sum of squares of the elements from x1 to xn).

1.2.4 Key Storage Unit The key storage unit 104 stores keys used for each encryption process (encryption or decryption) in the feature amount encryption unit 105 and the decryption unit 106. The encryption method and the key used in each of the feature amount encryption unit 105 and the decryption unit 106 may be the same or different. For example, the key used in the feature amount encryption unit 105 is a secret key of the inner product encryption that enables the inner product operation while being encrypted, and the key used in the decryption unit 106 is the key of the user terminal device 100 of the general public key cryptosystem. It may be a private key (a private key paired with a public key shared with the data processing device 200). Further, the same key as the secret key used in the feature quantity encryption unit 105 may be used in the decryption unit 106.

1.2.5 Feature Amount Encryption Unit The feature amount encryption unit 105 encrypts the feature amount converted by the feature amount conversion unit 103 by a predetermined encryption method. The feature amount encryption unit 105 uses the key stored in the key storage unit 104 in this encryption. The feature quantity encryption unit 105 encrypts the feature quantity in the data operation device 200 while using the predetermined inner product encryption that enables the calculation (inner product operation) for similarity search. Since the conventional method shown in Non-Patent Document 1 cited in this specification is used for the inner product encryption, it will not be described in detail here.

1.2.6 Decryption Unit The decryption unit 106 decrypts the encrypted reference data (similarity search result) sent from the data operation device 200. The decryption unit 106 uses the key stored in the key storage unit 104 in this decryption.

1.2.7 Reference Data Utilization Unit The reference data utilization unit 107 utilizes the reference data obtained by decoding in the decoding unit 106. The use of the reference data is, for example, presentation of the reference data to the user. The reference data utilization unit 107 can be implemented by including, for example, a display, a voice output device, and other user interfaces. Examples of the presentation of the reference data include, for example, displaying on the display of the user terminal device 100 in the form of a graph, statistical information, etc. based on the reference data, outputting voice based on the reference data from the voice output device, and the like. Can be mentioned. In addition, the reference data utilization unit 107 may perform a predetermined calculation or information search based on the reference data to present the user with advice on lifestyle improvement and recommended meals. Good.

1.2.8 Communication Unit The communication unit 108 communicates with the data processing device 200. For this communication, for example, encrypted communication based on the TLS (Transport Layer Security) protocol is used. The user terminal device 100 mutually authenticates with the data processing device 200 by the communication unit 108 based on TLS, and performs data encryption. The public key certificate and private key used for TLS are held in the communication unit 108.

The communication unit 108 transmits, to the data processing apparatus 200, a similarity search request encrypted with the feature amount encryption unit 105 and accompanied by the converted feature amount. Further, the communication unit 108 receives the encrypted reference data (result of the similarity search) as a response (response) from the data operation device 200 to the request for the similarity search, and transmits the encrypted reference data to the decryption unit 106.

1.3 Data Computing Device FIG. 5 is a block diagram showing the configuration of the data computing device 200. The data calculation device 200 includes a reference feature amount storage unit 201, a reference feature amount conversion unit 202, a reference feature amount encryption unit 203, a key storage unit 204, an encryption distance calculation unit 205, and an encrypted reference data extraction unit. 206, a reference data storage unit 207, and a communication unit 208. The data operation device 200 can be implemented in a computer including a processor, a memory, a communication interface, and the like, like the user terminal device 100, for example. For example, various functions of the data processing device 200 can be realized by the processor executing a program stored in the memory. The data calculation device 200 functions as a server that performs a similarity search, receives a request for a similarity search regarding a feature amount from the user terminal device 100 (a request accompanied by information in which the feature amount is converted and encrypted), and performs the similar search. Then, the reference data as the search result is transmitted to the user terminal device 100 as a response to the request. In the similarity search, for example, a reference feature amount having a feature similar to the feature amount is selected from a set of reference feature amounts extracted from information such as vital data of a plurality of users different from the user, which can be compared with the feature amount. And specifying reference data corresponding to the reference feature amount (for example, information such as a case related to a person corresponding to the reference feature amount).

1.3.1 Reference Feature Amount Storage Unit The reference feature amount storage unit 201 stores a reference feature amount to be searched when performing a similarity search in response to a request from the user terminal device 100. The reference feature quantity has a property that it can be compared with the feature quantity in the information (information in which the feature quantity is converted and encrypted) accompanied by the request from the user terminal device 100. That is, the reference feature amount is represented by an n-dimensional vector like the feature amount.

FIG. 6A shows an example of the reference feature amount stored in the reference feature amount storage unit 201. Each of the plurality of reference feature amounts is stored in the reference feature amount storage unit 201 in association with an identifier (ID). In the example of FIG. 6A, the reference feature amount storage unit 201 stores an ID and a reference feature amount Ey for each ID. In this example, a plurality of reference feature amounts, where k is an integer from 1 to the number of the plurality of reference feature amounts, are k n-dimensional vectors Yk=(yk1, yk2, yk3,..., Ykn). ). Each reference feature amount, for example, is extracted from information such as measurement results for each of a plurality of people, for example, the shape, size, weight, state of the whole or part of the measured human body, And may include a component indicating an index associated with at least one of the movements. The ID may be an identifier that distinguishes the person (person related to the reference feature amount) from other persons. The reference feature quantity may be encrypted and stored in the reference feature quantity storage unit 201, and decrypted only when the reference feature quantity conversion unit 202 converts the reference feature quantity. The ID associated with the reference feature amount stored in the reference feature amount storage unit 201 corresponds to the ID associated with the reference data stored in the reference data storage unit 207 described later ( See FIG. 6B).

1.3.2 Reference Feature Amount Conversion Unit The reference feature amount conversion unit 202 performs a predetermined conversion (referred to as a second conversion) on the reference feature amount stored in the reference feature amount storage unit 201. An example of this second conversion is shown in FIG. FIG. 7 is a diagram showing an example of reference feature amounts before and after conversion. One of the reference feature quantities (reference feature quantity before conversion) stored in the reference feature quantity storage unit 201 is an n-dimensional vector Y1=(y11, y12, y13,... , Y1n), the reference feature amount (second conversion feature amount) after conversion by the reference feature amount conversion unit 202 is a vector Y1′=(1,Σy1j^2,-2y11,-2y12,... , -2y1n). Here, Σy1j^2 represents the total sum of y1j^2 in which j is 1 to n (that is, the total square of the elements from y11 to y1n). The reference feature amount conversion unit 202 also performs similar conversion for other reference feature amounts Yk (k=2,..., N).

That is, the n-dimensional vector Yk=(yk1, yk2, yk3, where k is an integer from 1 to the number of the plurality of reference feature amounts, is a plurality of reference feature amounts stored in the reference feature amount storage unit 201. ,..., Ykn), the second conversion performed by the reference feature amount conversion unit 202 represents each of the plurality of reference feature amounts by a vector Yk′=(1,Σykj^2,−2yk1,−). 2yk2,..., -2ykn). Here, Σykj^2 is the total sum of ykj^2 in which j is 1 to n. The second conversion is determined to have a certain relationship with the first conversion applied to the feature amount in the user terminal device 100. Specifically, the encrypted first conversion feature amount, which is the result of performing the above-described predetermined inner product encryption on the first conversion feature amount, which is the result of the first conversion for the feature amount, and the first feature value for the reference feature amount. The result (inner product value) of the inner product with the encrypted second transformed feature amount, which is the result of performing encryption by the predetermined inner product encryption on the second transformed feature amount that is the result of the second transformation, is the feature amount and its It is set to be the Euclidean distance from the reference feature amount.

1.3.3 Reference Feature Amount Encryption Unit The reference feature amount encryption unit 203 encrypts the reference feature amount converted by the reference feature amount conversion unit 202 by a predetermined encryption method. The reference feature amount encryption unit 203 uses the key stored in the key storage unit 204 in this encryption. The reference feature amount encryption unit 203 has the same predetermined value as the feature amount encryption unit 105 of the user terminal device 100 for each of the plurality of reference feature amounts (second converted feature amounts) converted by the reference feature amount conversion unit 202. The inner product cipher is used for encryption.

1.3.4 Key Storage Unit The key storage unit 204 stores a key used for each encryption process (encryption or decryption) in the reference feature amount encryption unit 203 and the encrypted reference data extraction unit 206. The encryption method and the key used by the reference feature amount encryption unit 203 and the encrypted reference data extraction unit 206 may be the same or different. For example, the key used by the reference feature amount encryption unit 203 is a secret key of the inner product encryption that enables the inner product operation while it is encrypted, and the key used by the encrypted reference data extraction unit 206 is a general public key encryption system. It may be the public key of the user terminal device 100. Further, the same key as the secret key used in the reference feature quantity encryption unit 203 may be used in the encrypted reference data extraction unit 206.

1.3.5 Encrypted Distance Calculation Unit The encrypted distance calculation unit 205 includes information related to a request for a similarity search transmitted by the user terminal device 100 (the feature amount is subjected to the first conversion and encrypted by the inner product encryption). The encrypted first conversion feature amount, etc.) is acquired via the communication unit 208. Further, the encrypted distance calculation unit 205 acquires each encrypted second conversion feature amount obtained by encrypting the second conversion feature amount based on the reference feature amount by the reference feature amount encryption unit 203.

The encrypted distance calculation unit 205 obtains the Euclidean distance between the feature amount generated by the user terminal device 100 and each reference feature amount stored in the data operation device 200 by the inner product calculation while keeping the encryption.

For example, the Euclidean distance D1 between the feature amount vector X=(x1, x2, x3,..., Xn) and one reference feature amount vector Y1=(y11, y12, y13,..., Y1n). Is represented by D1=Σ(xj-y1j)^2 (j=1,..., N). Σ(xj-y1j)^2 represents the sum total from the square value of the result of x1-y11 to the square value of the result of xn-y1n. Note that the general definition of the Euclidean distance is the square root of D1, but here, D1 (formally called the square Euclidean distance) will be described as the Euclidean distance. According to the inner product cipher of Non-Patent Document 1, the inner product value <X, Y1>=Σxi·y1i (i=1,..., N) of the two vectors X and Y1 is obtained while being encrypted. Using the inner product cipher of Non-Patent Document 1, a feature amount (first transformed feature amount) X′=(Σxj^2,1,x1,x2,...,xn) converted by the first conversion, and a second When the inner product of one reference feature value (second conversion feature value) Y1′=(1,Σy1j^2,-2y11,-2y12,...,-2y1n) converted by the conversion is calculated, Become.

<X', Y1'>
=Σxj^2+Σy1j^2-2x1·y11-2x2·y12-...-2xn·y1n
=Σ(xj-y1j)^2

In this way, when the inner product of the feature amount converted by the first conversion and the reference feature amount converted by the second conversion is calculated, the Euclidean distance between the feature amount and the reference feature amount is obtained. By using the inner product cipher of Non-Patent Document 1, the encrypted Euclidean distance is obtained by performing the inner product operation, and the Euclidean distance is obtained by decoding.

The encrypted distance calculation unit 205 determines whether or not the Euclidean distances obtained by the inner product calculation (results of the inner product calculation) are similar depending on whether a certain condition is satisfied. The certain condition is a condition that is satisfied when it is equal to or less than a predetermined threshold value (for example, 1). When the encryption distance calculation unit 205 determines that they are similar, the corresponding reference feature amount (that is, the reference that is the basis of the encrypted second conversion feature amount used in the inner product operation for determining whether a certain condition is satisfied) The ID associated with the (feature amount) is extracted. The encrypted distance calculation unit 205 does not extract the ID of the corresponding reference feature amount when it is not determined to be similar.

The encryption distance calculation unit 205 performs a second conversion on each of the plurality of reference feature amounts stored in the reference feature amount storage unit 201 to perform inner product encryption, and thus a plurality of encrypted second transformed feature amounts. For each of the above, the encrypted second conversion feature amount and the encrypted first conversion feature amount obtained by performing the first conversion on the feature amount received from the user terminal device 100 and performing inner product encryption are used. An inner product calculation is performed to determine whether or not the above-described certain condition is satisfied. As a result, among the plurality of reference feature quantities stored in the reference feature quantity storage unit 201, the IDs corresponding to one or more reference feature quantities satisfying the certain condition for similarity determination are extracted. ..

1.3.6 Encrypted Reference Data Extraction Unit The encrypted reference data extraction unit 206 extracts from the reference data storage unit 207 the reference data corresponding to the one or more IDs extracted by the encrypted distance calculation unit 205. The encrypted reference data is transmitted to the user terminal device 100 via the communication unit 208. The encrypted reference data extraction unit 206 may be anonymized so that the corresponding person cannot be specified from the reference data (for example, information such as a case) before the encryption. In addition, the encrypted reference data extraction unit 206 obtains statistical information such as average and distribution for one or more reference data extracted corresponding to the ID, encrypts the statistical information, and transmits the encrypted statistical information to the user terminal device 100. May be

1.3.7 Reference Data Storage Unit The reference data storage unit 207, when performing a similarity search in response to a request from the user terminal device 100, has a plurality of reference data items corresponding to a plurality of reference feature amounts to be searched. To store. For example, the reference data corresponding to the reference feature amount extracted from the information such as the measurement result of a person is related to the information of the person. FIG. 6B shows an example of reference data stored in the reference data storage unit 207. Each of the plurality of reference data is stored in the reference data storage unit 207 in association with an identifier (ID). The reference feature amount and the reference data are associated with each other by the ID. In the example of FIG. 6B, the reference data storage unit 207 stores an ID and reference data Ez for each ID. Each reference data may be, for example, one extracted from information such as a measurement result for each of a plurality of people. For example, when the reference feature amount is an index (for example, blood pressure, heart rate, etc.) related to a human body, the reference data may be, for example, a history of illness and treatment of the person. Further, for example, when the reference feature amount indicates the position information of a person, the reference data may be, for example, a history of products purchased by the person. In the example of FIG. 6B, the person with ID 1 is hospitalized for cerebral infarction in October 2013, and the person with ID 2 accumulates history of illness and treatment, such as start of medical treatment with diabetes in February 1999. There is. The reference data may be encrypted and stored in the reference data storage unit 207.

The reference data storage unit 207 and the reference feature amount storage unit 201 are implemented, for example, by a storage medium such as a memory or a hard disk in the data processing device 200, and in the storage medium, a plurality of reference data and a plurality of reference feature amounts correspond to each other. It will be attached and memorized.

1.3.8 Communication Unit The communication unit 208 communicates with the user terminal device 100. For this communication, for example, encrypted communication based on the TLS protocol is used. The data computing device 200 mutually authenticates with the user terminal device 100 by the communication unit 208 based on TLS, and encrypts the data. The public key certificate and private key used for TLS are held in the communication unit 208.

The communication unit 208 receives, from the user terminal device 100, a request for a similarity search including information about the encrypted feature amount, and transfers the information to the encrypted distance calculation unit 205. The communication unit 208 also transmits the reference data encrypted by the encrypted reference data extraction unit 206 to the user terminal device 100 as a response (response) to the request for similarity search.

1.4 Operation of Search System 1.4.1 Operation Processing FIG. 8 is a sequence diagram showing the operation of the search system 10. The operation of the search system 10 will be described below with reference to FIG.

In the data calculation device 200, the reference feature amount conversion unit 202 converts each reference feature amount Yk stored in the reference feature amount storage unit 201 (step S101). Thereby, each reference feature amount Yk is transformed by the second transformation, and a plurality of second transformed feature amounts Yk' are generated.

Next, the data operation device 200 encrypts each reference feature amount converted by the reference feature amount conversion unit 202 in the reference feature amount encryption unit 203 (step S102). As a result, each second conversion feature amount is encrypted by the predetermined inner product encryption, and a plurality of encrypted reference feature amounts (encrypted second conversion feature amounts) are generated.

The user terminal device 100 acquires information (privacy data about the user) with the sensing unit 101 (step S103).

Then, the user terminal device 100 calculates (extracts) the feature amount X from the information acquired by the sensing unit 101 in the feature amount calculation unit 102 (step S104).

Next, in the user terminal device 100, the characteristic amount conversion unit 103 converts the characteristic amount X (step S105). As a result, the feature quantity X is transformed by the first transformation, and the first transformed feature quantity X′ is generated.

Next, the user terminal device 100 encrypts the converted feature amount (first converted feature amount X') in the feature amount encryption unit 105 (step S106). As a result, the first conversion feature amount is encrypted by the inner product encryption, and the encrypted feature amount (encrypted first conversion feature amount) is generated.

Then, in the user terminal device 100, the communication unit 108 transmits the encrypted feature amount to the data calculation device 200 to request similar data satisfying a certain condition (step S107). The similar data is, for example, data (reference data) about another person having a feature similar to the feature amount of the user. As a result, the encrypted feature amount (encrypted first conversion feature amount) is transmitted from the user terminal device 100 to the data processing device 200.

Next, the data processing device 200 selects the encrypted reference feature quantity corresponding to the i-th ID from the plurality of encrypted reference feature quantities generated in step S102 (step S108). Here, i is, for example, 1 at the beginning, and i is set to 1 each time step S108 is repeated until the number of encrypted reference feature amounts generated in step S102 (that is, the total number of reference feature amounts or IDs) is reached. To increase.

In the data calculation device 200, the encryption distance calculation unit 205 causes the encrypted reference feature amount (encrypted second conversion feature amount) selected in step S108 and the encrypted feature amount (encrypted second feature amount) received from the user terminal device 100. The inner product is calculated by the inner product calculation using (1 conversion feature amount) (step S109). From this calculation result, the Euclidean distance between the feature amount and the reference feature amount corresponding to the i-th ID can be obtained.

The data calculation device 200 checks whether the Euclidean distance derived by the calculation in step S109 in the encryption distance calculation unit 205 is equal to or less than a predetermined threshold value to satisfy a certain condition for similarity (determination). ) (Step S110). When the Euclidean distance is equal to or smaller than the predetermined threshold value in step S110, the encrypted distance calculation unit 205 determines that the feature amount and the reference feature amount are similar to each other and extracts the i-th ID ( Step S111).

The data processing device 200 repeats the processing of steps S108 to S111 until the check relating to all IDs is completed, and thereafter, in the encrypted reference data extraction unit 206, for each of the one or more IDs extracted in step S111. The corresponding reference data is extracted from the reference data storage unit 207 and encrypted (step S112).

Then, the data processing device 200 transmits the reference data encrypted in step S112 in the communication unit 208 (step S113). Thereby, information indicating one or more reference data is transmitted to the user terminal device 100.

Upon receiving the transmitted encrypted reference data, the decryption unit 106 of the user terminal device 100 decrypts the reference data, and the reference data utilization unit 107 utilizes the reference data (step S114).

1.4.2 Communication Between User Terminal Device and Data Processing Device FIGS. 9A and 9B are communication data exchanged between the user terminal device 100 and the data processing device 200 in steps S107 and S113, respectively. An example of the format is shown below. The communication data according to the examples of FIGS. 9A and 9B each include a sender, a receiver, a command, and data. The sender is the identification information (the communication network address or the like) of the transmission source device of the communication data, and the receiver is the identification information (the communication network address or the like) of the communication data transmission destination (destination) device. .. In FIG. 9A, as for the communication data transmitted from the user terminal device 100 in step S107, information indicating a request command related to similar data is included as a command, and as the data, the encrypted feature amount (encryption first conversion feature) is included. Quantity) is included. In FIG. 9B, for the communication data transmitted from the data processing device 200 in step S113, the command includes information indicating a reply command related to similar data, and the data includes two encrypted reference data. An example is shown.

If the user terminal device 100 and the data processing device 200 can execute a plurality of processes related to the sequence shown in FIG. 8 in parallel, the communication data of step S107 and step S113 correspond to each other. An identifier for identifying that may be included in the communication data. At this time, the same value is set as the identifier in the communication data including the reply command corresponding to the communication data including the request command. The same applies to the case where communication data is exchanged in parallel between a plurality of user terminal devices and a plurality of data processing devices, and the communication data in steps S107 and S113 correspond to each other. An identifier for identifying that is included in the communication data.

1.5 Effect of First Embodiment In the search system 10 according to the first embodiment, the data computing device 200 performs the first conversion on the feature amount in the user terminal device 100 and encrypts it with the inner product encryption. Information including (encrypted first conversion feature amount) is received, and each reference feature amount held is subjected to the second conversion and encrypted reference feature amount (encrypted second conversion feature amount) encrypted by inner product encryption Using the same, the Euclidean distance between the feature amount and each reference feature amount is derived by an inner product operation while being encrypted, to extract similar data (reference data corresponding to similar reference feature amounts). In order to extract only the reference data corresponding to the similar reference feature amount whose Euclidean distance is equal to or less than the predetermined threshold value and send it to the user terminal device 100, the processing load (calculation amount) and the communication amount in the user terminal device 100 are For example, it can be reduced as compared with the case of the similarity search using the conventional homomorphic encryption. In addition, since the feature amount, which may be the user's privacy data, is not handled in plain text in the data calculation device 200, the user's privacy can be protected.

(Embodiment 2)
Hereinafter, a description will be given of a search system 11 which is an example in which a part of the search system 10 described in the first embodiment is modified and the data operation device 200 is separated into two devices.

2.1 Overall Configuration of Search System FIG. 10 is a configuration diagram showing the overall configuration of the search system 11 according to the second embodiment. The search system 11 includes a user terminal device 100, a data calculation device 200a, and a data providing device 300. That is, in the search system 11, the data operation device 200 in the search system 10 according to the first embodiment is separated into the data operation device 200a and the data providing device 300. The data providing device 300 encrypts the reference feature amount and the reference data and provides the encrypted data to the data computing device 200a. The data calculation device 200a does not handle any of the feature amount, the reference feature amount, and the reference data in plain text. In the search system 11, the same components as those of the search system 10 (see FIGS. 2, 3, and 5) are designated by the same reference numerals, and the description thereof will be omitted as appropriate. The search system 11 is the same as the search system 10 unless otherwise specified here.

In FIG. 10, one each of the user terminal device 100, the data processing device 200a, and the data providing device 300 is shown, but there may be one or more each, and there may be a plurality. Further, the connection form between the respective devices may be wired connection or wireless connection.

2.2 Data Arithmetic Device As shown in FIG. 10, the data arithmetic device 200a includes a key storage unit 204, an encrypted distance calculation unit 205, an encrypted reference data extraction unit 206, and a communication unit 208. To be done.

The data processing device 200a can be implemented in, for example, a computer including a processor, a memory, a communication interface and the like. For example, various functions of the data processing device 200a can be realized by the processor executing a program stored in the memory. The data calculation device 200a receives a request for similarity search regarding a feature amount from the user terminal device 100 (a request accompanied by information in which the feature amount is converted and encrypted), and the encrypted reference feature from the data providing device 300. The amount is acquired, a similar search is performed, and the encrypted reference data acquired from the data providing apparatus 300 as the search result is transmitted to the user terminal apparatus 100 as a response to the request.

The key storage unit 204 stores a key used for encryption processing in the encrypted reference data extraction unit 206. In the encrypted reference data extraction unit 206, the key used for encrypting the reference data received from the data providing apparatus 300 to be transmitted to the user terminal device 100 is, for example, a general public key encryption user terminal device. For example, the public key of 100.

The encrypted distance calculation unit 205 is information related to the request for similarity search transmitted by the user terminal device 100 (encrypted first conversion feature obtained by performing the first conversion on the feature amount and the inner product encryption). Amount) is acquired via the communication unit 208. Further, the encryption distance calculation unit 205 requests each encrypted second conversion feature amount that is the second conversion feature amount encrypted by the reference feature amount encryption unit 303 in the data providing apparatus 300 based on the reference feature amount. And get it. The encrypted distance calculation unit 205 obtains the Euclidean distance between the feature amount generated by the user terminal device 100 and each reference feature amount stored in the data providing device 300 by the inner product calculation while keeping the encryption.

The encrypted reference data extraction unit 206 acquires the reference data corresponding to the one or more IDs extracted by the encrypted distance calculation unit 205 by requesting the data providing device 300 via the communication unit 208, and acquires the data. The reference data acquired from the providing device 300 is transmitted to the user terminal device 100 via the communication unit 208. The encrypted reference data extraction unit 206 can encrypt the reference data when transmitting the reference data to the user terminal device 100. The data providing apparatus 300 may encrypt the reference data by using the public key of the user terminal device 100 or the like, and in this case, the encrypted reference data extracting unit 206 omits the encryption. Then, the reference data received from the data providing device 300 is transferred to the user terminal device 100.

The communication unit 208 communicates with the user terminal device 100 and also communicates with the data providing device 300. For these communications, for example, encrypted communications based on the TLS protocol are used. The data computing device 200a mutually authenticates with the user terminal device 100 or the data providing device 300 based on TLS by the communication unit 208, and encrypts the data. The public key certificate and private key used for TLS are held in the communication unit 208.

2.3 Data Providing Device The data providing device 300 can be implemented in, for example, a computer including a processor, a memory, a communication interface, and the like. For example, various functions of the data providing apparatus 300 can be realized by the processor executing a program stored in the memory. When a plurality of encrypted reference feature quantities (encrypted second conversion feature quantities) are requested from the data computing device 200a, the data providing device 300 assigns an ID to each and sends them to the data computing device 200a. When the data processing device 200a requests the reference data by designating the ID, the reference data is transmitted to the data processing device 200a.

As shown in FIG. 10, the data providing device 300 includes a reference feature amount storage unit 301, a reference feature amount conversion unit 302, a reference feature amount encryption unit 303, a key storage unit 304, a reference data storage unit 305, The reference data encryption unit 306 and the communication unit 307 are included. The reference feature amount storage unit 301, the reference feature amount conversion unit 302, the reference feature amount encryption unit 303, and the reference data storage unit 305 are respectively the reference feature amount storage unit 201 and the reference feature amount conversion unit 202 described in the first embodiment. The reference feature quantity encryption unit 203 and the reference data storage unit 207 have the same functions, and therefore the description thereof will be omitted here.

The key storage unit 304 holds a key used by the reference feature amount encryption unit 303 to encrypt the converted reference feature amount and a key used by the reference data encryption unit 306 to encrypt the reference data. For encryption of the reference data, for example, a public key of the user terminal device 100 or the like may be used, or a secret key shared by the data providing device 300 and the data processing device 200a may be used.

Of the reference data stored in the reference data storage unit 305, the reference data encryption unit 306 encrypts the reference data requested by the data operation device 200a by specifying the ID, and the encrypted reference data is used as the data operation device 200a. To the communication unit 307.

The communication unit 307 communicates with the data processing device 200a. For the communication, for example, encrypted communication based on the TLS protocol is used. The data providing device 300 mutually authenticates with the data processing device 200a by the communication unit 307 based on TLS, and performs data encryption. The public key certificate and private key used for TLS are held in the communication unit 307.

2.4 Search System Operation 2.4.1 Operation Processing FIG. 11 is a sequence diagram showing the operation of the search system 11. The operation of the search system 11 will be described below with reference to FIG.

The data providing apparatus 300 causes the reference feature amount conversion unit 302 to convert each reference feature amount Yk stored in the reference feature amount storage unit 301 (step S201). Thereby, each reference feature amount Yk is transformed by the second transformation, and a plurality of second transformed feature amounts Yk' are generated.

Next, the data providing apparatus 300 encrypts each reference feature amount converted by the reference feature amount conversion unit 302 in the reference feature amount encryption unit 303 (step S202). As a result, each second conversion feature amount is encrypted by the predetermined inner product encryption, and a plurality of encrypted reference feature amounts (encrypted second conversion feature amounts) are generated.

For example, in response to a request from the data processing device 200a, the data providing device 300 associates a plurality of encrypted reference feature amounts with the corresponding IDs and sends them to the data processing device 200a (step S203). The data processing device 200a acquires a plurality of encrypted reference feature quantities (encrypted second conversion feature quantities) by receiving.

The user terminal device 100 acquires information (privacy data about the user) by the sensing unit 101 (step S204).

Subsequently, in the user terminal device 100, the feature amount calculation unit 102 calculates (extracts) the feature amount X from the information acquired by the sensing unit 101 (step S205).

Next, in the user terminal device 100, the characteristic amount conversion unit 103 converts the characteristic amount X (step S206). As a result, the feature quantity X is transformed by the first transformation, and the first transformed feature quantity X′ is generated.

Next, the user terminal device 100 encrypts the converted feature amount (first converted feature amount X') in the feature amount encryption unit 105 (step S207). As a result, the first conversion feature amount is encrypted by the inner product encryption, and the encrypted feature amount (encrypted first conversion feature amount) is generated.

Then, in the user terminal device 100, the communication unit 108 transmits the encrypted feature amount to the data calculation device 200a, and requests similar data satisfying a certain condition (step S208). The similar data is, for example, data (reference data) about another person having a feature similar to the feature amount of the user. As a result, the encrypted feature amount (encrypted first conversion feature amount) is transmitted from the user terminal device 100 to the data processing device 200a.

Next, the data processing device 200a selects the encrypted reference feature amount corresponding to the i-th ID from the plurality of encrypted reference feature amounts acquired from the data providing device 300 (step S209). Here, i is, for example, 1 at the beginning, and i is incremented by 1 each time step S209 is repeated until the number of encrypted reference feature amounts generated in step S202 (that is, the total number of reference feature amounts or IDs) is reached. To increase.

In the data calculation device 200a, the encryption distance calculation unit 205 uses the encrypted reference feature amount (encrypted second conversion feature amount) selected in step S209 and the encrypted feature amount (encrypted second feature amount) received from the user terminal device 100. The inner product is calculated by the inner product calculation using (1 conversion feature amount) (step S210). From this calculation result, the Euclidean distance between the feature amount and the reference feature amount corresponding to the i-th ID can be obtained.

The data calculation device 200a checks whether the Euclidean distance derived by the calculation in step S210 in the encryption distance calculation unit 205 is equal to or less than a predetermined threshold value to satisfy a certain condition for similarity (determination). ) (Step S211). If the Euclidean distance is equal to or smaller than the predetermined threshold value in step S211, the encrypted distance calculation unit 205 determines that the feature amount and the reference feature amount are similar to each other, and extracts the i-th ID ( Step S212).

The data processing device 200a repeats the processing of steps S209 to S212 until the check relating to all IDs is completed, and transmits a request for reference data specifying one or more IDs extracted in step S212 to the data providing device 300. Yes (step S213).

Upon receiving the reference data request, the data providing apparatus 300 extracts the reference data corresponding to the ID received from the data processing apparatus from the reference data storage unit 305 and encrypts the reference data by the reference data encryption unit 306 (step S214).

The data providing device 300 transmits the reference data encrypted by the reference data encryption unit 306 to the data operation device 200a in the communication unit 307 (step S215).

Next, the data processing device 200a transmits the encrypted reference data received from the data providing device 300 to the user terminal device 100 (step S216). In step S216, when the reference data received from the data providing apparatus 300 is encrypted with the public key or the like of the user terminal apparatus 100, the data processing apparatus 200a uses the encrypted reference data received from the data providing apparatus 300. It can be transmitted to the user terminal device 100 as it is. Further, the encrypted reference data received from the data providing apparatus 300 may be decrypted and then encrypted with the public key of the user terminal device 100 or the like and transmitted to the user terminal device 100.

Upon receiving the transmitted encrypted reference data, the decryption unit 106 of the user terminal device 100 decrypts the reference data, and the reference data utilization unit 107 utilizes the reference data (step S217).

2.5 Effect of Second Embodiment In the search system 11 according to the second embodiment, the data processing device 200a performs the first conversion on the feature amount in the user terminal device 100 and encrypts it with the inner product encryption. An encrypted reference feature amount (encrypted second conversion feature amount) obtained by receiving information including the (encrypted first conversion feature amount), performing the second conversion on each reference feature amount from the data providing apparatus 300, and encrypting with the inner product encryption Amount) is received, and the Euclidean distance between the feature amount and each reference feature amount is derived by an inner product operation while being encrypted, and similar data (reference data corresponding to similar reference feature amount) is extracted. Since the data computing device 200a does not handle the feature amount of the user terminal device 100 and the reference feature amount of the data providing device 300 in plain text, it is possible to protect privacy. In addition, in the user terminal device 100, the data processing device 200a acquires only the reference data corresponding to the similar reference feature amount whose Euclidean distance is equal to or less than the predetermined threshold value from the data providing device 300 and sends it to the user terminal device 100. The processing load (calculation amount) and the communication amount can be reduced.

(Other embodiments, etc.)
As described above, the embodiments 1 and 2 have been described as examples of the technology according to the present invention. However, it goes without saying that the above-described embodiment is merely an example, and various changes, additions, omissions, and the like can be made. Hereinafter, modified examples and the like will be shown.

(1) In the above embodiment, non-patent document 1 is applied to the encryption of the first converted feature amount that is the converted feature amount and the encryption of the second converted feature amount that is each converted reference feature amount. Although the example of using the inner product encryption of the above is shown, a predetermined predicate encryption which is the encryption method shown in Non-Patent Document 2 may be used for these encryptions. Hereinafter, an example using this predetermined predicate encryption will be referred to as modification 1. FIG. 12 shows an example of conversion of reference feature amounts by the reference feature amount conversion unit 202 of the search system 10 according to Modification 1. FIG. 12 shows an example of reference feature amounts before and after conversion. One of the reference feature amounts (reference feature amount before conversion) stored in the reference feature amount storage unit 201 is an n-dimensional vector Y1=(y11, y12, y13,... , Y1n), the reference feature amount after conversion by the reference feature amount conversion unit 202 is a vector Y1′=(1,(Σy1j^2)−z, −2y11, −2y12,..., −2y1n. ). Here, Σy1j^2 represents the total sum of y1j^2 in which j is 1 to n (that is, the total square of the elements from y11 to y1n). Further, z represents a variable relating to the condition of the Euclidean distance, and a threshold value of the Euclidean distance for judging the similarity (the threshold value for judging the relation of the Euclidean distance equal to or less than the threshold value to be similar) is, for example, D- If it is 1, a value from 0 to D-1 is substituted for z. Then, in the data arithmetic device 200, D1 Y1's corresponding to z into which the respective values are substituted are used in this case, and the Y1's between the vector X'of the first converted feature amount which is the feature amount after the first conversion. Then, a predetermined inner product operation is performed to determine whether or not they are similar. That is, the reference feature amount Y1′ after conversion using a predetermined z in which one value from 0 to D−1 is substituted is subjected to a predetermined predicate encryption, and the converted feature amount X′ is set at a predetermined value. The inner product operation is performed by inputting the predicate-encrypted one into Query of Non-Patent Document 2. When the output of Query in Non-Patent Document 2 is 1, the Euclidean distance between the feature amount X and the reference feature amount Y1 is a predetermined z, and it can be determined that they are similar. For Y1, similar determination is performed by Query, D times, based on X1' and Y1' generated by successively substituting a value from 0 to D-1 for z. The reference feature amount conversion unit 202 also performs similar conversion for other reference feature amounts Yk (k=2,..., N). Then, the data arithmetic unit 200 uses the n-1 converted reference feature quantities Y2 to Yn to make similar determinations as in the case of Y1. In this case, the first conversion performed by the feature amount conversion unit 103 of the user terminal device 100 and the second conversion performed by the reference feature amount conversion unit 202 of the data operation device 200 are the predicates that are predetermined to the first conversion feature amount. The result of the inner product operation of the encrypted first conversion feature amount that is encrypted and the encrypted second conversion feature amount that is the second conversion feature amount subjected to the predetermined predicate encryption is the encrypted result. It is set to be a value obtained by subtracting a predetermined value z from the Euclidean distance between the feature amount corresponding to the first conversion feature amount and the reference feature amount corresponding to the encrypted second conversion feature amount. In this case, the constant condition for determining similarity is a condition that is satisfied when the result of the inner product operation is 0.

(2) In the above embodiment, an example of the first conversion performed by the feature amount conversion unit 103 and the second conversion performed by the reference feature amount conversion unit 202 has been described, but the first conversion and the second conversion are performed by, for example, <X′, It is preferable that Y1′> be the following expression.

<X', Y1'>
=Σxj^2+Σy1j^2-2x1·y11-2x2·y12-...-2xn·y1n
=Σ(xj-y1j)^2

As one specific conversion method, the feature quantity X is converted by the first conversion so that X′=(Σxj^2, 1, −2x1, −2x2,..., −2xn). One reference feature amount Y1 may be converted into Y1′=(1,Σy1j^2,y11,y12,...,y1n) by two conversion. When applied to the first modification, the feature amount X is converted by the first conversion so that X′=(Σxj^2,-1,-2x1,-2x2,...,-2xn). Then, one reference feature amount Y1 may be converted into Y1′=(1,(Σy1j^2)−z,y11,y12,...,Y1n) by the second conversion.

(3) In the above embodiment, the Euclidean distance that is not particularly weighted is obtained, but the Euclidean distance may be a weighted Euclidean distance. For example, the Euclidean distance is a weighted Euclidean distance weighted from w1 to wn corresponding to the first to nth components of an n-dimensional vector. In the case of obtaining the weighted Euclidean distance, if the weight to each component (element) j of the vector is represented by wj, the feature amount conversion unit 103 performs the first conversion, and the feature amount X is an n-dimensional vector X=(x1, x2), the feature quantity X is a vector X′=(Σ(wj·xj^2), 1, x1, x2,... xn), where Σ(wj·xj^2) is the sum of (wj·xj^2) from 1 to n. In the second conversion performed by the reference feature amount conversion unit 202, an n-dimensional vector Yk=(yk1, yk2, where k is an integer from 1 to the number of the plurality of reference feature amounts. yk3,..., Ykn), each of the plurality of reference feature amounts is a vector Yk′=(1,Σ(wj·ykj^2), −2w1·yk1,−) as the second conversion feature amount. 2w2·yk2,..., −2wn·ykn), where Σ(wj·ykj^2) is the sum of (wj·ykj^2) from 1 to n. Is. One reference feature value Y1 is converted into Y1'=(1, Σ(wj·y1j^2), −2w1·y11, −2w2·y12,..., −2wn·y1n). At this time, <X', Yk'> is the following formula.

<X', Yk'>
=Σ(wj·xj^2)+Σ(wj·ykj^2)-2w1·x1·yk1-2w2·x2·yk2-...-2wn·xn·ykn
=Σwj(xj-ykj)^2

(4) In the above embodiment, an example in which the Euclidean distance between the feature amount and the reference feature amount is calculated by converting the feature amount and the reference feature amount by the feature amount conversion unit 103 and the reference feature amount conversion unit 202 As shown, the power of the difference between the feature amount and the reference feature amount, which is an extension of the Euclidean distance, can be calculated by using the following conversion method. For example, when calculating Σ(xj-y1j)^3, the converted X′ and Y1′ are as follows.

X'=(Σxj^3,1,x1^2,x1,x2^2,x2,...,xn^2,xn)
Y1'=(1, Σy1j^3, -3y11, 3y11^2, -3y12, 3y12^2,..., -3y1n, 3y1n^2)

Here, Σxj^3 is the total sum of (xj^3) from j to 1 to n.

At this time, since <X', Y1'> matches Σ(xj-y1j)^3, the cube of xj-y1j can be calculated. Similarly, if conversion is performed, it is possible to calculate powers other than the third power. As a further extension of the Euclidean distance, for example, the polynomial obtained by the inner product calculation of the feature amount and the reference feature amount is such that the first term is the second power and the second term is the third power. Even if the exponentiation value is changed to, the same calculation can be performed.

(5) In the above embodiment, the example in which the data calculation device 200 or the data providing device 300 holds the reference feature amount, converts the reference feature amount, and encrypts it. In addition to this, the data calculation device 200 or the data providing device 300 stores the second conversion feature amount, which is the reference feature amount converted in advance, in the storage medium or the like in association with the ID (ID for associating with the reference data). Alternatively, the encrypted reference feature quantity (encrypted second converted feature quantity) obtained by encrypting the second converted feature quantity may be held in association with the ID. Thereby, it may be possible to efficiently perform the process related to the similarity search.

(6) In the above-described embodiment, whether or not the Euclidean distance as the result of the inner product operation satisfies a certain condition in all the encrypted reference feature quantities corresponding to all the IDs in the data operation devices 200 and 200a Although the determination is made (see FIGS. 8 and 11), for example, if it is determined that a certain number of (for example, 10) conditions are satisfied, the determination may be ended at that point. Further, the data operation devices 200 and 200a transmit only the reference data corresponding to a fixed number (for example, 10) from the one having the smallest Euclidean distance to the feature amount among all the reference feature amounts to the user terminal device 100. It may be that.

Further, in the case of using the modified example 1, it is determined whether or not there is a condition that satisfies the condition when z=0, and then the determination is performed when z=1, and so on. ) It is also possible to end the repetition of the judgment when the items satisfying the conditions are gathered. Thereby, it is possible to provide the user terminal device 100 with reference data corresponding to a fixed number of reference feature amounts from those having a short Euclidean distance to the feature amount.

(7) Although the encrypted reference data extraction unit 206 shown in the above embodiment encrypts and transmits the reference data, the reference data does not necessarily have to be encrypted and transmitted. However, encryption is useful for concealing the reference data acquired by the user.

(8) The transmission of the encrypted reference feature quantity from the data providing apparatus 300 to the data computing apparatus 200a in the second embodiment may be performed in response to a request from the data computing apparatus 200a to the data providing apparatus 300, The data providing apparatus 300 may voluntarily perform the request regardless of the request. Further, the data processing apparatus 200a requests the data providing apparatus 300 to transmit the encrypted reference feature amount after receiving the request for the similarity search from the user terminal apparatus 100, and the data providing apparatus 300 responds to the request. The encrypted reference feature amount may be transmitted to the data processing device 200a.

(9) In the first modification, when the reference feature quantity before conversion is represented by the vector Y1=(y11, y12, y13,..., y1n) using predicate encryption, the reference feature quantity conversion unit 202 The converted reference feature amount is the vector Y1′=(1,(Σy1j^2)-z, −2y11, −2y12,..., −2y1n), but this is merely an example, and for example, You may do the following. That is, the converted feature quantity is vector X′=(Σxj^2,1,1,x1,x2,...,xn), and the converted reference feature quantity is vector Y1′=(1,(Σy1j^2 ), -z, -2y11, -2y12,..., -2y1n). Here, Σxj^2 represents the total sum of xj^2 in which j is 1 to n (that is, the sum of squares of the elements in x1 to xn), and Σy1j^2 is y1j^2 in which j is 1 to n. (That is, the sum of the squares of the elements from y11 to y1n).

(10) The execution order of the procedures of various processes (for example, the sequences shown in FIGS. 8 and 11) shown in the above embodiment is not necessarily limited to the order described above, and the gist of the invention. It is possible to change the order of execution, perform a plurality of steps in parallel, or omit a part of the steps without departing from the above.

(11) Although each device in the above embodiments is a device including, for example, a processor, a memory, a communication interface, etc., it includes other hardware components such as a hard disk device, a display, a keyboard, and a mouse. You may stay. Further, instead of the program stored in the memory being executed by the processor to realize the function by software, the function may be realized by dedicated hardware (digital circuit, analog circuit, communication circuit, etc.).

(12) Part or all of the constituent elements of each device in the above-described embodiments may be composed of one system LSI (Large Scale Integration). The system LSI is a super-multifunctional LSI manufactured by integrating a plurality of constituent parts on a single chip, and is specifically a computer system including a microprocessor, ROM, RAM and the like. .. A computer program is recorded in the RAM. The system LSI achieves its function by the microprocessor operating according to the computer program. Further, each part of the constituent elements of each of the above-mentioned devices may be individually made into one chip, or may be made into one chip so as to include a part or all. Although the system LSI is used here, it may be called IC, LSI, super LSI, or ultra LSI depending on the degree of integration. Further, the method of circuit integration is not limited to LSI, and it may be realized by a dedicated circuit or a general-purpose processor. A field programmable gate array (FPGA) that can be programmed after the LSI is manufactured, or a reconfigurable processor capable of reconfiguring the connection and setting of circuit cells inside the LSI may be used. Furthermore, if integrated circuit technology comes out to replace LSI's as a result of the advancement of semiconductor technology or a derivative other technology, it is naturally also possible to carry out function block integration using this technology. The application of biotechnology is possible.

(13) Part or all of the constituent elements of each of the above devices may be configured with an IC card that can be attached to or detached from each device or a single module. The IC card or the module is a computer system including a microprocessor, ROM, RAM and the like. The IC card or the module may include the above super-multifunctional LSI. The IC card or the module achieves its function by the microprocessor operating according to the computer program. This IC card or this module may be tamper resistant.

(14) As one aspect of the present invention, for example, a search method including all or part of the processing procedure shown in FIGS. For example, the search method is a search method for searching data in the first device (for example, the data processing device 200, 200a), and is a feature represented by a vector including a plurality of components extracted from the privacy data of the user. An encrypted first conversion feature amount obtained by performing predetermined encryption on the first conversion feature amount as a result of the first conversion with respect to the amount is received from the second device (for example, the user terminal device 100), and a plurality of reference feature amounts are received. For each of the plurality of reference feature quantities represented by a vector including the same number of components as the feature quantity corresponding to any of the plurality of reference data, as a result of the second conversion for the reference feature quantity. An encrypted second conversion characteristic amount obtained by performing the predetermined encryption on the second conversion characteristic amount is acquired, and the encrypted second conversion characteristic amount and the encrypted second conversion characteristic amount are acquired for each of the acquired plurality of encrypted second conversion characteristic amounts. An inner product operation is performed using the encrypted first conversion feature quantity, and the result of the inner product operation has a corresponding relationship with each of the one or more encrypted second conversion feature quantities, and the one or more references described above. Information indicating data is transmitted to the second device, and the first conversion, the second conversion, and the predetermined encryption include the encrypted first conversion feature amount and the acquired one encrypted second conversion feature amount. So that the result of the inner product calculation with and becomes a value related to the Euclidean distance between the feature quantity corresponding to the encrypted first conversion feature quantity and the reference feature quantity corresponding to the one encrypted second conversion feature quantity. Is stipulated. Further, the program may be a program (computer program) that realizes a predetermined data search process according to this search method by a computer, or may be a digital signal including the computer program. For example, the program transmits a reception step (for example, reception of a request related to step S107), a conversion step (for example, step S101), an encryption step (for example, step S102), a selection step (for example, steps S108 to S111), and a transmission step. This is for causing the processor to execute a predetermined data search process including steps (eg, step S113). In the receiving step, the first conversion feature quantity as a result of the first conversion with respect to the feature quantity represented by the vector including the same number of components as the reference feature quantity extracted from the user's privacy data is subjected to predetermined encryption. The encrypted first conversion feature amount is received from the user terminal device 100. In the conversion step, for each of the plurality of reference feature quantities, a second converted feature quantity is generated by subjecting the reference feature quantity to the second conversion. In the encryption step, for each of the plurality of second conversion feature amounts generated in the conversion step, the second conversion feature amount is subjected to predetermined encryption to generate an encrypted second conversion feature amount. In the selection step, an inner product operation using the encrypted second conversion feature quantity and the encrypted first conversion feature quantity is performed for each of the plurality of encrypted second conversion feature quantities generated in the encryption step, and an inner product operation is performed. One or more encrypted second conversion feature quantities whose results satisfy a certain condition are selected. In the transmitting step, information indicating one or more reference data having a corresponding relationship with each of the one or more encrypted second conversion feature amounts selected in the selecting step is transmitted to the user terminal device 100. Here, in the first conversion, the second conversion, and the predetermined encryption, the result of the inner product operation of the encrypted first conversion feature amount and one encrypted second conversion feature amount generated in the encryption step is the encryption. It is set to be a value related to the Euclidean distance between the feature amount corresponding to the first conversion feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount. Further, according to one aspect of the present invention, a computer-readable recording medium such as the computer program or the digital signal, for example, a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD. (Blu-ray (registered trademark) Disc), semiconductor memory, or the like may be used for recording. Further, it may be the digital signal recorded in these recording media. Further, as one aspect of the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, a data broadcast, or the like. Further, as one aspect of the present invention, a computer system including a microprocessor and a memory may be configured such that the memory records the computer program and the microprocessor operates according to the computer program. .. In addition, by recording and transferring the program or the digital signal in the recording medium, or by transferring the program or the digital signal via the network or the like, by another independent computer system. You may implement.

In addition to the above-described service aspect (see FIG. 1A), the techniques related to the search systems 10 and 11 described in the above-described embodiments can be implemented in the following cloud service types, for example. However, the application of the technique described in the above embodiment is not limited to the cloud service type described here.

(Service type 1: In-house data center type cloud service)
FIG. 13 is a diagram showing an overview of services provided by the search system in service type 1 (in-house data center cloud service). In this type, the service provider 1120 acquires the information input by the user 1010 from the device 1101 and provides the service to the user 1010 via the device 1101. In this type, the service provider 1120 has the function of a data center operating company. That is, the service provider 1120 has a cloud server that manages big data. In this type, there are no data center operating companies. In this type, the service provider 1120 has a cloud server 1203 as a data center and manages an operating system (OS) 1202 and application programs (applications) 1201. The service provider 1120 provides a service by using the OS 1202 and the application 1201 to communicate with the device 1101 via the cloud server 1203.

(Service type 2: Cloud service using IaaS)
FIG. 14 is a diagram showing an overview of services provided by the search system in service type 2 (IaaS-based cloud service). Here, IaaS is an abbreviation for infrastructure as a service, and is a cloud service providing model that provides the infrastructure itself for constructing and operating a computer system as a service via the Internet.

In this type, a data center operating company 1110 operates and manages a data center (cloud server) 1203. Further, the service provider 1120 manages the OS 1202 and the application 1201. The service provider 1120 provides a service using the OS 1202 and the application 1201 managed by the service provider 1120.

(Service type 3: Cloud service using PaaS)
FIG. 15 is a diagram showing an overview of services provided by the search system in service type 3 (PaaS-based cloud service). Here, PaaS is an abbreviation for platform as a service, and is a cloud service providing model that provides a platform as a base for building and operating software as a service via the Internet.

In this type, the data center operating company 1110 manages the OS 1202 and operates and manages the data center (cloud server) 1203. The service provider 1120 also manages the application 1201. The service provider 1120 provides a service using an OS 1202 managed by the data center operating company 1110 and an application 1201 managed by the service provider 1120.

(Service type 4: SaaS cloud service)
FIG. 16 is a diagram showing an overview of services provided by the search system in service type 4 (SaaS-based cloud service). Here, SaaS is an abbreviation for software as a service. The SaaS-based cloud service includes, for example, an application provided by a platform provider who owns a data center (cloud server), an Internet provided by a user such as a company or an individual who does not own the data center (cloud server). It is a cloud service provision model that has a function that can be used via the network.

In this type, the data center operating company 1110 manages the application 1201, manages the OS 1202, and operates and manages the data center (cloud server) 1203. Further, the service provider 1120 provides a service using the OS 1202 and the application 1201 managed by the data center operating company 1110.

As described above, in any of the cloud service types, the service provider 1120 provides the service. Further, for example, the service provider or the data center operating company may develop the OS, the application, the big data database, or the like by itself, or may let a third party develop them.

Further, a form realized by arbitrarily combining the respective constituent elements and functions shown in the above embodiment is also included in the scope of the present invention.

INDUSTRIAL APPLICABILITY The present invention can be used in a search system that hides user information and performs a search.

10, 11 Search system 100 User terminal device 101 Sensing unit 102 Feature amount calculation unit 103 Feature amount conversion unit 104 Key storage unit 105 Feature amount encryption unit 106 Decryption unit 107 Reference data utilization unit 108 Communication unit 200, 200a Data operation device 201, 301 reference feature amount storage unit 202, 302 reference feature amount conversion unit 203, 303 reference feature amount encryption unit 204, 304 key storage unit 205 encryption distance calculation unit 206 encrypted reference data extraction unit 207, 305 reference data storage unit 208 communication Part 300 Data providing device 306 Reference data encryption part 307 Communication part 1010 User 1100 Group 1101 Device 1102 Home gateway 1110 Data center operating company 1111 Cloud server 1120 Service provider 1121 server 1201 Application 1202 Operating system (OS)
1203 cloud server

Claims (14)

More is executed first device, a search method for data retrieval,
An encrypted first conversion feature amount obtained by performing a predetermined encryption on the first conversion feature amount as a result of the first conversion for the feature amount represented by the vector including a plurality of components extracted from the user privacy data Received from the second device,
A second conversion for the reference feature quantity for each of the plurality of reference feature quantities, each of which is represented by a vector including the same number of components as the feature quantity in association with any one of the plurality of reference data. The encrypted second conversion feature amount obtained by performing the predetermined encryption on the second conversion feature amount as a result of
An inner product operation using the encrypted second conversion feature quantity and the encrypted first conversion feature quantity is performed for each of the acquired plurality of encrypted second conversion feature quantities, and the result of the inner product operation satisfies a certain condition. And transmitting to the second device, information indicating one or more pieces of the reference data having a correspondence relationship with each of the one or more encrypted second conversion feature quantities that satisfy
In the first conversion, the second conversion, and the predetermined encryption, the result of the inner product operation of the encrypted first conversion feature amount and the acquired one encrypted second conversion feature amount is the encryption first Is determined to be a value related to the Euclidean distance between the feature amount corresponding to the converted feature amount and the reference feature amount corresponding to the one encrypted second converted feature amount ,
The predetermined encryption is an encryption by a predetermined inner product encryption,
In the first conversion and the second conversion, the result of the inner product operation of the encrypted first conversion feature amount and the acquired one encrypted second conversion feature amount corresponds to the encrypted first conversion feature amount. Is set to be a Euclidean distance between the feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount,
The retrieval method is a condition that is satisfied when the result of the inner product calculation is equal to or less than a predetermined threshold . In the case where the feature amount is represented by an n-dimensional vector X=(x1, x2, x3,..., xn), the first conversion includes the feature amount as a vector X′ as the first converted feature amount. =(Σxj^2,1,x1,x2,...,xn), where Σxj^2 is the sum of xj^2 from j to 1;
In the case where the plurality of reference feature amounts are represented by an n-dimensional vector Yk=(yk1, yk2, yk3,..., Ykn), where k is an integer from 1 to the number of the plurality of reference feature amounts, The second conversion converts each of the plurality of reference feature amounts into a vector Yk′=(1,Σykj^2,-2yk1,-2yk2,...,-2ykn) as the second transformed feature amount. has been determined so, the Σykj ^ 2 search method according to claim 1, wherein the sum of ykj ^ 2 from j is 1 to n. In the case where the feature amount is represented by an n-dimensional vector X=(x1, x2, x3,..., xn), the first conversion includes the feature amount as a vector X′ as the first converted feature amount. =(Σ(wj·xj^2),1,x1,x2,...,xn), where Σ(wj·xj^2) is for j from 1 to n. Is the sum of (wj·xj^2),
In the case where the plurality of reference feature amounts are represented by an n-dimensional vector Yk=(yk1, yk2, yk3,..., Ykn), where k is an integer from 1 to the number of the plurality of reference feature amounts, In the second conversion, each of the plurality of reference feature amounts is a vector Yk′=(1,Σ(wj·ykj^2), −2w1·yk1, −2w2·yk2,. .., −2wn·ykn), and Σ(wj·ykj^2) is the sum of (wj·ykj^2) from 1 to n.
The Euclidean distance is search method of claim 1, wherein in response to a component of the first n-dimensional vector to the n th a weighted Euclidean distance weighted from w1 to wn. A retrieval method for retrieval of data, the retrieval method being performed by a first device, comprising:
An encrypted first conversion feature amount obtained by performing predetermined encryption on the first conversion feature amount as a result of the first conversion for the feature amount represented by the vector including a plurality of components extracted from the user privacy data Received from the second device,
Second conversion for the reference feature quantity for each of the plurality of reference feature quantities, each of which is represented by a vector including the same number of components as the feature quantity corresponding to any of the plurality of reference data The encrypted second conversion feature amount obtained by performing the predetermined encryption on the second conversion feature amount as a result of
An inner product operation using the encrypted second conversion feature quantity and the encrypted first conversion feature quantity is performed for each of the acquired plurality of encrypted second conversion feature quantities, and the result of the inner product operation satisfies a certain condition. Transmitting to the second device information indicating one or more reference data having a correspondence relationship with each of the one or more encrypted second conversion feature quantities that satisfy
In the first conversion, the second conversion, and the predetermined encryption, the result of the inner product operation of the encrypted first conversion feature amount and the acquired one encrypted second conversion feature amount is the encryption first Is determined to be a value related to the Euclidean distance between the feature amount corresponding to the converted feature amount and the reference feature amount corresponding to the one encrypted second converted feature amount,
The predetermined encryption is encryption by a predetermined predicate encryption,
In the first conversion and the second conversion, the result of the inner product operation of the encrypted first conversion feature amount and the acquired one encrypted second conversion feature amount corresponds to the encrypted first conversion feature amount. Is set to be a value obtained by subtracting a predetermined value from the Euclidean distance between the feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount.
The constant condition is a condition that is satisfied when the result of the inner product operation is 0.
Search method. The first device includes a storage medium, and stores the plurality of reference data and the plurality of reference feature amounts in the storage medium,
In the search method, for each of the plurality of reference feature amounts in the storage medium, the second converted feature amount is generated by subjecting the reference feature amount to a second conversion, and the second converted feature amount is set to the second converted feature amount. Search method according to any one of claims 1 to 4, by generating the encrypted second transformed feature which has been subjected to predetermined encryption performs the acquisition of the encrypted second transformed feature. In the search method, the acquisition of a plurality of encrypted second conversion feature amounts is performed by receiving the plurality of encrypted second conversion feature amounts from a third device,
The third device stores the plurality of reference data corresponding to the plurality of encrypted second conversion feature amounts,
In the search method, one or more of the plurality of encrypted second conversion feature quantities, each of which has a corresponding relationship with one or more encrypted second conversion feature quantities, in which a result of the inner product operation satisfies a certain condition. receives reference data from the third device, according to the any one of claims 1 to 4 for transmission to the second device of said information based on one or more of the reference data the received retrieval method. Privacy data of the user, the search process according to any one of claims 1 to 6 including the vital data of the user. The search method according to claim 7 , wherein the feature amount includes a component indicating an index related to at least one of shape, size, weight, state, and movement of the whole or a part of the body of the user. Privacy data of the user, the search process according to any one of claims 1 to 6, wherein the user comprises a log information indicating a history of having to operate the equipment. Wherein the information indicative of one or more of the reference data search method according the one or more said reference data to any one of claims 1 to 9, which is encrypted information. A search system comprising a first device and a second device capable of communicating with each other, comprising:
The second device performs measurement on a user, and a predetermined first conversion feature amount as a result of a first conversion with respect to a feature amount represented by a vector including a plurality of components extracted from privacy data as the measurement result. Transmitting an encrypted first conversion feature amount obtained by performing encryption to the first device,
The first device is
Receiving the encrypted first conversion feature amount from the second device,
A second conversion for the reference feature quantity for each of the plurality of reference feature quantities, each of which is represented by a vector including the same number of components as the feature quantity in association with any one of the plurality of reference data. The encrypted second conversion feature amount obtained by performing the predetermined encryption on the second conversion feature amount as a result of
An inner product operation using the encrypted second conversion feature quantity and the encrypted first conversion feature quantity is performed for each of the acquired plurality of encrypted second conversion feature quantities, and the result of the inner product operation satisfies a certain condition. Transmitting to the second device information indicating one or more reference data having a correspondence relationship with each of the one or more encrypted second conversion feature quantities that satisfy
The second device receives the information indicating the reference data and presents the reference data,
In the first conversion, the second conversion, and the predetermined encryption, the result of the inner product operation of the encrypted first conversion feature amount and the acquired one encrypted second conversion feature amount is the encryption first Is determined to be a value related to the Euclidean distance between the feature amount corresponding to the converted feature amount and the reference feature amount corresponding to the one encrypted second converted feature amount ,
The predetermined encryption is an encryption by a predetermined inner product encryption,
In the first conversion and the second conversion, the result of the inner product operation of the encrypted first conversion feature amount and the acquired one encrypted second conversion feature amount corresponds to the encrypted first conversion feature amount. Is set to be a Euclidean distance between the feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount,
The constant condition is a search system that is satisfied when a result of the inner product calculation is equal to or less than a predetermined threshold . A search system comprising a first device and a second device capable of communicating with each other, comprising:
The second device performs measurement on a user and sets a predetermined first conversion feature amount as a result of a first conversion for a feature amount represented by a vector including a plurality of components extracted from privacy data as the measurement result. Transmitting an encrypted first conversion feature amount obtained by performing encryption to the first device,
The first device is
Receiving the encrypted first conversion feature amount from the second device,
Second conversion for the reference feature quantity for each of the plurality of reference feature quantities, each of which is represented by a vector including the same number of components as the feature quantity corresponding to any of the plurality of reference data The encrypted second conversion feature amount obtained by performing the predetermined encryption on the second conversion feature amount as a result of
An inner product operation using the encrypted second conversion feature quantity and the encrypted first conversion feature quantity is performed for each of the acquired plurality of encrypted second conversion feature quantities, and the result of the inner product operation satisfies a certain condition. Transmitting to the second device information indicating one or more reference data having a correspondence relationship with each of the one or more encrypted second conversion feature quantities that satisfy
The second device receives the information indicating the reference data and presents the reference data,
In the first conversion, the second conversion, and the predetermined encryption, the result of the inner product operation of the encrypted first conversion feature amount and the obtained one encrypted second conversion feature amount is the encryption first Is determined to be a value related to the Euclidean distance between the feature amount corresponding to the converted feature amount and the reference feature amount corresponding to the one encrypted second converted feature amount,
The predetermined encryption is encryption by a predetermined predicate encryption,
In the first conversion and the second conversion, the result of the inner product operation of the encrypted first conversion feature amount and the acquired one encrypted second conversion feature amount corresponds to the encrypted first conversion feature amount. Is set to be a value obtained by subtracting a predetermined value from the Euclidean distance between the feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount.
The constant condition is a condition that is satisfied when the result of the inner product operation is 0.
Search system. A program for causing a first device including a storage medium and a microprocessor to execute a predetermined data search process,
The first device stores a plurality of reference data and a plurality of reference feature amounts represented by a vector including a plurality of components in the storage medium in association with each other,
The predetermined data search process is
An encryption obtained by performing a predetermined encryption on the first converted feature amount as a result of the first conversion for the feature amount represented by the vector including the same number of components as the reference feature amount extracted from the user privacy data. A receiving step of receiving the 1-converted feature amount from the second device;
A conversion step of generating, for each of the plurality of reference feature amounts in the storage medium, a second converted feature amount by subjecting the reference feature amount to a second conversion;
An encryption step of generating an encrypted second conversion feature amount obtained by performing the predetermined encryption on the second conversion feature amount for each of the plurality of second conversion feature amounts generated in the conversion step,
An inner product operation using the encrypted second conversion feature quantity and the encrypted first conversion feature quantity is performed for each of the plurality of encrypted second conversion feature quantities generated in the encryption step, and the inner product operation is performed. A selection step of selecting one or more encrypted second conversion feature quantities whose result satisfies a certain condition;
A transmission step of transmitting, to the second device, information indicating one or more pieces of the reference data having a corresponding relationship with each of the one or more encrypted second conversion feature amounts selected in the selection step,
In the first conversion, the second conversion, and the predetermined encryption, the result of the inner product operation of the encrypted first conversion feature amount and one encrypted second conversion feature amount generated in the encryption step is Is determined to be a value related to the Euclidean distance between the feature quantity corresponding to the encrypted first conversion feature quantity and the reference feature quantity corresponding to the one encrypted second conversion feature quantity ,
The predetermined encryption is an encryption by a predetermined inner product encryption,
In the first conversion and the second conversion, the result of the inner product operation of the encrypted first conversion feature amount and the generated one encrypted second conversion feature amount corresponds to the encrypted first conversion feature amount. Is set to be the Euclidean distance between the feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount,
The constant condition is a program that is satisfied when the result of the inner product calculation is less than or equal to a predetermined threshold . A program for causing a first device including a storage medium and a microprocessor to execute a predetermined data search process,
The first device stores a plurality of reference data and a plurality of reference feature amounts represented by a vector including a plurality of components in the storage medium in association with each other,
The predetermined data search process is
An encryption obtained by performing a predetermined encryption on the first converted feature amount as a result of the first conversion for the feature amount represented by the vector including the same number of components as the reference feature amount extracted from the user privacy data. A receiving step of receiving the 1-converted feature amount from the second device;
A conversion step of generating, for each of the plurality of reference feature amounts in the storage medium, a second converted feature amount by subjecting the reference feature amount to a second conversion;
An encryption step of generating an encrypted second conversion feature amount obtained by performing the predetermined encryption on the second conversion feature amount for each of the plurality of second conversion feature amounts generated in the conversion step,
An inner product operation using the encrypted second conversion feature quantity and the encrypted first conversion feature quantity is performed for each of the plurality of encrypted second conversion feature quantities generated in the encryption step, and the inner product operation is performed. A selection step of selecting one or more encrypted second conversion feature quantities whose result satisfies a certain condition;
A transmission step of transmitting, to the second device, information indicating one or more pieces of the reference data having a corresponding relationship with each of the one or more encrypted second conversion feature amounts selected in the selection step,
In the first conversion, the second conversion, and the predetermined encryption, the result of the inner product operation of the encrypted first conversion feature amount and one encrypted second conversion feature amount generated in the encryption step is Is determined to be a value related to the Euclidean distance between the feature quantity corresponding to the encrypted first conversion feature quantity and the reference feature quantity corresponding to the one encrypted second conversion feature quantity,
The predetermined encryption is encryption by a predetermined predicate encryption,
In the first conversion and the second conversion, the result of the inner product operation of the encrypted first conversion feature amount and the generated one encrypted second conversion feature amount corresponds to the encrypted first conversion feature amount. Is set to a value obtained by subtracting a predetermined value from the Euclidean distance between the feature amount and the reference feature amount corresponding to the one encrypted second conversion feature amount,
The constant condition is a condition that is satisfied when the result of the inner product operation is 0.
program.

Images