KR101859636B1 - Personal information de-identification system with security function and method thereof - Google Patents

Abstract

The present invention relates to a de-identification system of an information providing system and a method thereof, and more particularly, to a personal information de-identification system with a security function and a method thereof, capable of collecting and classifying data (information) by applying a unified schema in which newly generated attributes are continuously updated, configuring a de-identification dictionary by updating the attribute and words newly generated by the analysis of the information, and encrypting and providing the information. Accordingly, the present invention can easily integrate data collected from a plurality of organizations in the same field.

Description

[0001] Personal information de-identification system with security function and method [

The present invention relates to a system and method for identifying personal information in an information providing system. More particularly, the present invention relates to a system and method for identifying personal information in an information providing system, which collects data (information) by applying a unified schema, And a security function of encrypting and providing information by constructing a non-identification dictionary by updating words and attributes newly generated by analyzing information, and to a personal information non-discrimination system and method.

The modern society in the latter half of the 20th century has evolved into an information society, and has evolved into an intelligent information society by the fourth industrial revolution as of the 21st century.

As the information society evolves, the system of personal information (hereinafter referred to as "information providing system") (hereinafter referred to as "information providing system") is a system of various institutions (medical institutions, national institutions and educational institutions) ).

Each information provider uses the data to request better data such as medical evaluation and health insurance assessment appraisal etc. related to the work of the relevant institution for the purpose of better medical support and industrial development support, Provide the requested data.

At this time, the information of the data should be provided to each data provider (medical institution, educational institution, national institution, etc.) in a way that it can not identify a specific individual who has the value of information.

Typically, the non-identification is to delete an identifier (ID) (eg name, social security number, telephone number, etc.) that can identify an individual excluding general information from the information of the data, and a quasi-identification (QI (Eg, zip code, address, etc.) k-anonymity and Sensitivity Attribute (SA) (eg, monthly salary, disease name, etc.) with ℓ-multiplicity and t-proximity.

The data provided as described above are unidentified at each data source and each of a plurality of institutions (eg, a plurality of medical institutions) in the same field (eg, medical field) collects information by their own schema Therefore, there is a problem in that the data collected from a large number of institutions is inconsistent in format. That is, when the conventional personal information non-discrimination system is applied, the information requesting party has difficulty in integrating data of plural institutions in the same field after collecting data.

In addition, the information providing system to which the conventional personal information non-discrimination system is applied provides the data including the non-discriminated information as it is, and thus there is a problem that the unauthorized third party can leak or utilize or change the data.

Korean Registered Patent No. 10-1197443 (registered on October 29, 2012)

Accordingly, an object of the present invention is to provide a method and apparatus for collecting and classifying data (information) by applying a unified schema in which attributes newly generated for the same field of information are continuously updated, and updating words and attributes newly generated by analyzing information A non-discrimination dictionary, and a security function for encrypting and providing information.

According to another aspect of the present invention, there is provided a personal information non-discrimination system having a security function, including: a communication unit connected to an information providing system, which is at least one information providing place, and an information requesting unit, A storage unit for storing a field-specific data dictionary storing a schema for each field and defining attributes of the words and words included in the collection information of the field; And an information providing system in the specific field and an information requesting unit, if an information request including a query of the field is generated through the communication unit, the database of the information providing system in the field corresponds to the field of the information providing system, And applying the non-identification model based on the data dictionary corresponding to the field to non-identifying the collected information, and transmitting the non-identified information through the communication unit to the non- And a controller for providing the information to the information requesting unit.

Wherein the control unit receives a request for information including a field including field information for the field from the information providing system and the information request unit in a specific field via the communication unit and outputs the inquiry; The information processing system of the present invention receives a query from the service reception unit, loads a schema corresponding to the field of the field information included in the query and a query corresponding to the query term from the storage unit, applies the schema, A data collecting unit for outputting data; And an information analyzing unit for analyzing the collected information by word by referring to the data dictionary of the field, defining attributes of the analyzed words, and classifying the collected information according to the attributes.

The information analysis unit may include a data analysis unit that detects a word included in the collected information based on the collected morphological information; An attribute discrimination unit for discriminating and defining an attribute of each word detected by the data analysis unit by referring to the data dictionary; And a data classifier for sorting the words according to the determined attributes.

Wherein the control unit defines attributes of a word and a word which are not defined by the attribute determination unit, adds the attribute to the data dictionary of the field, sets an attribute of the added word, A non-identification initial setting unit performing the non-identification; A non-discrimination unit for discriminating and outputting the collected information based on the finally updated data dictionary and the set setting information; And a collection information providing unit for providing the non-identified collection information to at least one of the information requesting unit and the information providing system by requesting the information.

The control unit may further include a secret shared encryption unit for encrypting the non-identified collection information in the non-identifying unit by a secret sharing scheme and providing the encrypted secret information to the collection information providing unit.

The control unit may further include an evaluation unit for generating and outputting non-identification level generalization layer information for the non-identified collection information, storage space information for storing the level generalization layer information, utilization analysis information, and risk analysis information .

Wherein the evaluation unit comprises: a usage analysis unit for generating and outputting the utilization analysis information analyzing the attack possibility according to an attack scenario for the non-identified collection information; A risk analyzer for analyzing the risk of re-identification of the non-identified collected information to generate and output risk analysis information; A data utilization metric unit for generating and outputting non-identification step generalization layer information as generalized layer information for each step of non-identification of the non-identified collection information; And outputting the storage space information for the storage space.

Wherein the non-identification initialization unit comprises: a non-identifying dictionary generation unit for loading and setting a data dictionary corresponding to the field; and a non-identification dictionary generation unit for determining from the collected information that the attribute of the non- A non-discrimination dictionary management unit which includes a non-discrimination dictionary constituent unit for defining words defined and defined, and adding the defined words and their attributes to a data dictionary; And an attribute information management unit for storing and managing attribute information for the identified attributes of the collected information and the collected information, and a setting information managing unit for setting parameters and parameter values to be applied for each attribute, .

Wherein the non-identification model is a classical non-identification model, the non-identification unit deletes the identifier from the collected collection information, classifies the quasi identifier into a homogeneous set based on the setting information, A k-anonymity processing unit for performing non-identification processing so as not to be distinguished from other persons of the k-anonymity processing unit; A? -Diversity processor for diversifying the sensitivity information of the non-discriminated processed collection information so as to be diversified to a predetermined number (1); Proximity (similarity) processing such that the difference between the distribution of the augmented information of the attributes (records) not distinguished in the specific data set of the collection information and the distribution of the sensitive information of the entire collection information is equal to or less than a constant value t and a t-proximity processing unit.

Wherein the non-discrimination model is a differential privacy non-discrimination model, and the non-discrimination unit removes the discrimination of the individual by putting the noise calculated for the quasi-identifier (QI) And a classical non-discrimination unit for performing the non-discrimination.

According to another aspect of the present invention, there is provided an information non-discrimination method comprising: receiving, by a control unit, an information request including a query of the field from an information providing system and an information request unit of a specific field through a communication unit Process of accepting non-identification services; An information collecting step of collecting information from the database of the information providing system of the field corresponding to the information providing system field and applying a pre-stored schema corresponding to the query; A non-discrimination process in which the controller applies a non-discrimination model based on a data dictionary corresponding to the field to discern the collected information; And a non-identification information providing step of providing the non-identified information to the information requesting unit through the communication unit.

Wherein the information collection process is a process in which the control unit receives a query from the service reception unit, loads the schema corresponding to the field and the query term included in the query from the storage unit, and applies the schema to the information providing system A data collecting step of collecting and outputting information; And an information analysis step of the controller referring to the data dictionary of the field and defining the collected information and the attributes of words and words corresponding to the query term included in the query and classifying the collected information according to the attributes .

The information analysis step may include a data analysis step of detecting words included in the collected information based on the morphemes of the collected information collected by the control unit through the data analysis unit; An attribute discrimination step of the control section discriminating and defining an attribute of each word detected by the data analysis section through an attribute discrimination section by referring to a data dictionary; And a data classification step in which the control unit arranges words according to the determined attributes through a data classification unit.

The control unit encrypts the non-identified collection information in the non-identifying unit through the secret sharing cryptography unit and provides the encrypted information to the collection information providing unit.

The control unit may be configured to generate non-discrimination level generalization layer information for the non-identified collection information, storage space information for storing the non-discrimination level generalization layer information, utilization analysis information, and risk analysis information through an evaluation unit And generating an information.

The evaluation information generating step may include: a usage analysis step of generating and outputting the usage analysis information analyzing an attack possibility according to an attack scenario for the non-identified collection information; A risk analysis step of analyzing the re-identification risk of the non-identified collected information to generate and output the risk analysis information; A data usage metric step of generating and outputting non-identification step generalization layer information, which is generalized layer information for each step of non-identification of the non-identified collection information, And a solution space presentation step of outputting storage space information for a space in which the step generalization layer information is stored.

Wherein the control unit defines attributes of a word and a word which are not defined by the attribute determination unit through the non-identification initialization unit, adds the attribute to the data dictionary of the field, sets the attribute of the added word, And a non-identification initialization step of performing a setting for a non-identification.

Wherein the non-identification initialization step comprises: a non-identification pre-generation step in which the control unit loads and sets a data dictionary corresponding to the field through the non-identification pre-production unit; Identifying non-identified words and attributes of the words from the received collection information and defining non-identifying pre-configuration steps to add the defined words and their attributes to the data dictionary through the non-identifying pre- A non-discrimination dictionary management step including; And an attribute information management step of the control unit storing and managing attribute information on the determined attributes of the collected information and the collected information through the attribute information management unit; And a setting information management step of setting the values of the non-identifying configuration management step.

Wherein the non-identification model is a classical non-identification model, the non-identification process deletes the identifier from the collected information collected through the k-anonymity processing unit, and based on the setting information, An anonymity processing step of anonymizing processing so as not to be distinguished from others of a predetermined number (k); a? -diversity processing step of? -diversifying the sensitivity information of the anonymized collected information to a certain number (l) through diversity processing unit; And a t-proximity processing unit for obtaining a difference between a distribution of the augmented information of the attributes (records) not distinguished in the specific data set of the collection information and a distribution of the sensitive information of the total collection information, Proximity processing step of processing proximity (similarity).

Wherein the non-discrimination model is a differential privacy model, and the non-discrimination process comprises: generating differential privacy by deleting the discrimination of the individual by putting the noise calculated for the quasi-identifier (QI) And performs non-discrimination by performing the non-discrimination.

In the personal information non-discrimination system having a separate security function, the information is collected by applying a unified schema corresponding to the inquired query from the information requesting destination from the information providing systems of the information providing destinations, And the data collected from multiple institutions in the same field can be easily integrated.

In addition, the present invention has an effect that the information can be more accurately discriminated because the dictionary is updated by defining the attribute of the newly generated word and reflecting the word in which the attribute is defined in advance.

In addition, the present invention provides an unidentified data by performing secret sharing encryption, thereby preventing a third party from re-identifying or deducing data. That is, the present invention has the effect of improving the security for the third party.

1 is a block diagram of a communication system including a personal information non-discrimination system having a security function according to the present invention.
FIG. 2 is a diagram illustrating a configuration of a personal information non-discrimination system having a security function according to the present invention.
FIG. 3 is a diagram illustrating the configuration of an evaluation unit, a non-recognition unit, and a non-identification initialization unit of a personal information non-identification system having a security function according to the present invention.
4 is a flowchart illustrating a personal information ratio identification method having a security function according to an exemplary embodiment of the present invention.
5 is a flowchart illustrating an information non-discrimination method performed by a controller of a personal information non-discrimination system having a security function according to an exemplary embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0027] Hereinafter, a configuration and operation of a personal information non-discrimination system having a security function according to the present invention will be described with reference to the accompanying drawings, and a personal information ratio identification method having security functions in the system will be described.

1 is a block diagram of a communication system including a personal information non-discrimination system having a security function according to the present invention.

The personal information non-discrimination system 300 is connected to the data request unit 100 and the information providing system 200 through the wire / wireless data communication network 150 to perform mutual data communication.

The wired / wireless data communication network 150 is a communication network in which at least one or two or more of an Internet network including a WiFi network, a mobile communication network, and a WiBro network are mixed.

The data requesting unit 100 is a data requesting unit for requesting information of a specific field to the information providing system 200. The data requesting unit 100 may be a data requesting unit such as an examination evaluation unit .

The data request unit 100 may be a computer terminal 110 such as a desktop computer or a notebook computer, or a mobile terminal 120 such as a smart phone or a smart pad.

The data requesting unit 100 may be configured to provide data request information including inquiry information about required data to the information providing system 200 or directly to the personal information non-discrimination system 300 . The query information may include field information (eg, medical, plant, etc.) for the field of information needed, and collection data for the required collection (eg, '2017 patient information') will be.

The information providing system 200 may include a plurality of information non-discrimination request information including query information received by the personal information non-discrimination system 300 upon receipt of inquiry information directly from the data request unit 100, And provides the personal information non-discrimination system 300 with the information of the corresponding field requested by the personal information non-discrimination system 300 when the personal information non-discrimination system 300 is accessed.

The personal information non-discrimination system 300 receives data request information directly from the data request unit 100, receives information non-discrimination request information from the information providing system 200, The information corresponding to the query information included in the data request information or the information non-identification request information of the collected information is collected, and the data of the collected collected information is subjected to the non-identification model by applying the non- And provides the information directly to the data requesting unit 100 or to the information providing system 200. The non-discrimination model may be a classical non-discrimination model and a differential privacy model. The classical non-discrimination model is a non-discrimination model that proceeds sequentially with k-anonymity, l-variability, and t-proximity.

The configuration and operation of the personal information non-discrimination system 300 will be described in detail with reference to FIG. 2 and FIG.

FIG. 2 is a diagram illustrating a configuration of a personal information non-discrimination system having a security function according to the present invention.

Referring to FIG. 2, the personal information non-discrimination system 300 includes a communication unit 400, a storage unit 500, and a control unit 600.

The communication unit 400 connects to the wire / wireless data communication network 150 and performs data communication with the data request unit 100 and the information providing systems 200 connected to the wire / wireless data communication network 150.

The storage unit 500 stores a field-specific schema and a field-specific data dictionary.

The schema defines fields (attributes) for collecting data. For example, if the field is in the medical field, the schema could be defined as attributes such as patient name, patient resident registration number, zip code, age, salary, gender, disease,

The field-specific data dictionary defines words and attributes of words used in the information providing system 200 for each field, and non-identifier classification information of each attribute is matched. The non-identifier classification information may be classified into an Identification (ID), a Quasi Identification (QI), and a Sensitivity Attribute (SA). For example, Hong Gil-dong is a word, Hong Gil-dong is a patient name, and the patient name may be defined as an identifier (ID) which is a non-identifier classification information.

The control unit 600 includes a service receiving unit 610, a data collecting unit 620, an information analyzing unit 700, a non-identifying unit 900, and a collecting information providing unit 1200, The setting unit 800, the evaluating unit 1000 and the secret sharing encryption unit 1100 to control the overall operation of the personal information non-discrimination system 300 according to the present invention.

Specifically, the service acceptance unit 610 receives the information collection request information from the information request unit 100 or the data non-identification request information from the information providing system 200 and transmits a data non- Receives the query information, detects the query information included in the information, and outputs the query information to the data collection unit 620.

The data collecting unit 620 receives query information from the service accepting unit 610 and accesses the information providing system 200 according to the field information included in the query information, And collects and outputs information corresponding to the query term of the query information.

The data collecting unit 620 collects the files by applying the Resilient Distribute Dataset (RDD), distributes the processed files, and calculates the frequency of the words through the map re-dicing process and uses the collected data as a statistical index.

The information analyzing unit 700 includes a data analyzing unit 710, an attribute determining unit 720 and a data classifying unit 730. The information analyzing unit 700 stores the collected information collected through the data collecting unit 620, And analyzes the collected collected information by words and defines the properties of the analyzed words to classify the words of the collected information according to the attributes.

Specifically, the data analyzer 710 detects a word contained in the collected information based on the collected morpheme.

The attribute determination unit 720 determines the attributes of the detected words by referring to the data dictionary, and outputs the attributes.

The attribute determination unit 720 outputs word undetected word detection notification information indicating that a new word is detected when a new word whose attribute is not determined by the data dictionary is detected, to the non-identification initialization unit 820, If the data dictionary is updated for transmission of the undefined word detection notification information, the attribute of the word is discriminated and output.

The data classifier 730 classifies the data according to the determined attributes and outputs the collected information classified by the attributes.

The non-identification initialization unit 800 initializes information related to the information non-identification.

Specifically, the non-identification initialization unit 800 includes a dictionary management unit 810 and a configuration management unit 820.

The dictionary management unit 810 loads and sets a data dictionary corresponding to the field, and the attribute discrimination unit 720 learns and detects the attributes of the word and attributes of the word through the statistical information, The new words and attributes are updated by adding them to the data dictionary of the corresponding field.

The configuration management unit 820 stores and manages attribute information for the identified attributes of the collected information and the collected information, and sets parameters and parameter values to be applied for each attribute. The parameter may be an anonymity parameter (k), a diversity parameter (l), a proximity (affinity) parameter (t), a differential privacy parameter (e)

The non-identifying unit 900 applies the non-identifying model based on the data dictionary, attribute, and setting information set by the non-identifying initialization unit 810 to perform non-identification of collected collected information. The detailed configuration of the non-identifying unit 900 will be described in detail with reference to FIG.

The evaluation unit 1000 generates evaluation information on the non-identified collection information and provides the evaluation information to the evaluator, receives the adequacy evaluation information according to the evaluation information from the evaluator, processes the collection information according to the inputted adequacy evaluation information do. For example, the evaluating unit 1000 outputs the non-identified collected information as it is when the appropriateness evaluation information is acceptable, and resets the non-identification parameters through the non-identification initialization unit 810 if the evaluation information is not acceptable, The non-identification process may be performed again through the identification unit 800.

The secret sharing encryption unit 1100 encrypts the non-identified collection information using a secret sharing encryption method, and outputs the encrypted information to the collection information providing unit 1200. The secret shared encryption scheme is well known to those skilled in the art, and a detailed description thereof will be omitted.

The collection information providing unit 1200 transmits the non-identified collection information output from the non-identifying unit 900 or the non-identified and encrypted collection information output from the secret sharing unit 1100 to the information request unit 100, And the information providing system 200 according to an embodiment of the present invention.

FIG. 3 is a diagram illustrating the configuration of an evaluation unit, a non-recognition unit, and a non-identification initialization unit of a personal information non-identification system having a security function according to the present invention.

Referring to FIG. 3, the non-identification initialization unit 800 includes a dictionary management unit 810 and a configuration management unit 820 as described above.

The dictionary management unit 810 includes a non-identification dictionary generation unit 811 for loading and setting a data dictionary corresponding to the field, and a dictionary management unit 820 for receiving the words whose attributes are not determined by the attribute determination unit 720 and the attributes of the words Identifying dictionary unit 812 for recognizing and defining from the collected information and adding the defined word and its attribute to the data dictionary.

The configuration management unit 820 includes an attribute information management unit 821 that stores and manages attribute information on the identified attributes of the collected information and the collected information, a configuration information management unit 820 that sets parameters and parameter values to be applied for each attribute, And a non-identifying configuration management unit 822 that includes a non-identifying configuration management unit 822.

The non-identifying unit 900 includes at least one of a classical non-identifying unit 910 and a modern non-identifying unit (or "differential privacy unit") 920, Output.

More specifically, the classical non-identifying unit 910 includes a k-anonymity processing unit 911, a? -Diversity processing unit 912, and a t-proximity processing unit 913.

The k-anonymity processing unit 911 deletes attributes whose non-identification classification information of collected collected information is an identifier (ID). The attribute as the identifier is information that can directly identify an individual, and may be a name, a resident registration number, a telephone number, and the like.

The k-anonymity processing unit 911 adds a record in which the non-identifying classification information is the quasi-identifier (QI), and the non-identifying classification information is the sensitive information (SA).

The ℓ-diversity processing unit 912 generates ℓ-diversity which generates more than two (ℓ) records having different sensitive information for any record including sensitive information such as disease, Processing is performed.

The t-proximity processing unit 913 analyzes the distribution of sensitive sensitive information of records to prevent personal privacy information from being exposed through the distribution difference of sensitive information even if the deletion of the non-identifying process, k-anonymity, and t- And performs t-proximity processing to make the difference of the distribution of sensitive information of the entire data less than a predetermined value (t).

The differential privacy unit 920 deletes the identity of the individual by outputting the correctly calculated noise to the statistical record for the quasi-identifier (QI) among the collected information.

The differential privacy unit 920 can derive an optimal computation result by continuously changing the value of e (epsilon), thereby providing an accurate data distribution, ensuring privacy (security) of personal information, It has flexibility for data use and can improve efficiency.

The evaluation unit 1000 includes a usage analysis unit 1010 for generating and outputting the usage analysis information analyzing the attack possibility according to an attack scenario for the non-identified collected information, A risk analysis unit 1020 for analyzing the risk and generating and outputting risk analysis information, and non-identification step generalization layer information for generalization layer information for each step of non-identification of the non-identified collection information And a solution space presenting unit 1040 for outputting storage space information for the space where the non-identified step generalization layer information is stored.

4 is a flowchart illustrating a personal information ratio identification method having a security function according to an exemplary embodiment of the present invention.

Referring to FIG. 4, the data requesting unit 100 transmits data request information including query information corresponding to a desired data to the first information providing system 200 (S111). At this time, the data requesting unit 100 may transmit data request information to two or more information providing systems 200 in the same field, and may request data from a plurality of information providing systems 200 at the same time.

In addition, the data requesting unit 100 may be configured to transmit the data request information directly to the personal information non-identification system 300. In this case, the data request information should include the request destination identification information, which is the identification information of the data request unit 100 requesting the data, the providing destination identification information, and the query information, which are identification information of the information providing system that received the data request.

The information providing system 200 that has received the data request information receives the request destination identification information of the data request unit 100 included in the data request information, the providing destination identification information that is the identification information of the information providing system that received the data request, To the personal information non-discrimination system 300 (S113).

The personal information non-discrimination system 300 receives the data request information from the data requesting unit 100 or receives the data non-discrimination request information from the information providing system 200, detects the query information included in the request information, After connecting to the information providing system 200 by the providing destination identification information included in the request information, at least one or more database servers of the connected information providing system 200 are connected to the schema corresponding to the query term included in the query information (S117). The schema may be defined for the information providing system 200 in the same field regardless of the query language.

When the information is collected, the personal information non-discrimination system 300 applies the non-discrimination model based on the data dictionary and preset setting information according to the present invention to identify the collected collected information (S119) (S121, S123, and S125) to the information providing system 100 and the information providing system 200, respectively.

5 is a flowchart illustrating an information non-discrimination method performed by a controller of the personal information non-discrimination system according to an embodiment of the present invention. The information non-discrimination method will be described in detail with reference to FIG.

The control unit 600 checks whether a non-identification service event is generated (S211). The non-identifying service event may be generated when data request information is received from the data requesting unit 100 or when data non-identifying request information is received from the information providing system 200.

When the non-identification service event occurs, the control unit 600 detects the query information from the received request information (data request information or data non-identification request information) (S213).

When the query information is detected, the control unit 600 determines and loads the schema corresponding to the query term of the query information (S215), accesses the target information providing system 200 (S217) (S219).

When the information is collected, the control unit 600 checks whether the collection is completed (S220). When the collection is completed, the collected information is analyzed and then the non-discrimination is started and it is checked whether the non-discrimination is completed (S221, S222).

After performing the non-identification, the controller 600 completes the non-identification and generates the non-identification data corresponding to the schema (S223).

When the non-identification data is generated, the control unit 600 performs evaluation on the generated data and generates evaluation information according to the performed evaluation (S224).

When the evaluation information is generated, the control unit 600 provides the evaluation information registered in advance to the evaluator so as to request the adequacy check (S225). The adequacy check request may be provided to the evaluator by providing the data via e-mail or may be provided by the evaluator upon log-on to the system.

After the appropriateness evaluation request is received, the controller 600 receives the correctness evaluation information from the evaluator to determine whether the data is correct (S227). If not, the controller 600 reanalyzes the collected information and changes the setting information k, l, t, (S229) The non-discrimination will be re-run and the data will be regenerated and the appropriateness evaluation will be performed again.

If the generated data is appropriate, the control unit 600 provides the non-identification data to the information request unit 100 (S231).

 While the present invention has been described with reference to exemplary embodiments, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. It will be easily understood. It is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, it is intended to cover various modifications within the scope of the appended claims.

100: Data Request Unit 150: Wired and wireless data communication network
200: Information providing system
300: personal information non-discrimination system 400:
500: storage unit 600: control unit
610: Service reception unit 620: Data collection unit
700: Information analysis unit 710: Data analysis unit
720: Attribute determination unit 730: Data classification unit
800: non-identification initial setting unit 810:
811: Non-identification pre-formation unit 812: Non-identification pre-
820: Configuration management unit 821: Attribute information management unit
822: setting information management unit 900: non-identifying unit
910: Classic non-identifying unit 911: k-Anonymity processing unit
912:? - diversity processing unit 913: t-proximity processing unit
920: Differential Privacy Section
1000: Evaluation section 1010: Usage analysis section
1020: Risk analysis unit 1030: Data usage metrics unit
1040: Resolution space presentation unit 1100: Secret sharing encryption unit
1200: Collecting Information Offering

Claims (20)

A communication unit connected to the information providing system, which is the at least one information providing unit, and the information request unit, which is the information requesting unit, and performs data communication;
A storage unit for storing a field-specific data dictionary storing a schema for each field and defining attributes of the words and words included in the collection information of the field; And
When an information request including a query of the field is generated from any one of the information providing system and the information requesting unit in the specific field through the communication unit, the database of the information providing system in the field corresponds to the field of the information providing system, Collecting information by applying a corresponding pre-stored schema, applying a non-identification model based on the data dictionary corresponding to the field to non-identify the collected information, and transmitting the non- And a controller for providing information to the information requesting unit,
Wherein,
A service accepting unit for accepting an information request including a query including field information for the field from any one of an information providing system and an information requesting unit in a specific field via the communication unit and outputting the query;
The information processing system of the present invention receives a query from the service reception unit, loads a schema corresponding to the field of the field information included in the query and a query corresponding to the query term from the storage unit, applies the schema, A data collecting unit for outputting data; And
And an information analyzer for analyzing the collected information by word by referring to the data dictionary of the field and defining attributes of analyzed words and classifying the collected information according to the attributes,
The information analyzing unit,
A data analyzer for detecting a word included in the collected information based on the collected information;
An attribute discrimination unit for discriminating and defining an attribute of each word detected by the data analysis unit by referring to the data dictionary; And
And a data classifier for sorting the words according to the determined attributes,
Wherein,
Identifying the attribute of the word not defined by the attribute determination unit, adding the attribute to the data dictionary of the field, setting the attribute of the added word, and performing non-identification Initial setting section;
A non-discrimination unit for discriminating and outputting the collected information based on the finally updated data dictionary and the set setting information;
A collection information providing unit for providing the non-identified collection information to at least one of the information requesting unit and the information providing system; And
Further comprising an evaluation unit for generating and outputting non-identification step generalization layer information for the non-identified collection information, storage space information storing the step generalization layer information, usage analysis information, and risk analysis information, Personal information non - discrimination system with function.
delete delete delete The method according to claim 1,
Wherein,
And the secret sharing encryption unit encrypts the non-identified collection information by the secret sharing scheme and provides the encrypted secret information to the collection information providing unit.
delete The method according to claim 1,
The evaluating unit,
A usage analysis unit for generating and outputting the usage analysis information analyzing an attack possibility according to an attack scenario for the non-identified collection information;
A risk analyzer for analyzing the risk of re-identification of the non-identified collected information to generate and output risk analysis information;
A data utilization metric unit for generating and outputting non-identification level generalization layer information as generalized layer information for each step of non-identification of the non-identified collection information; and
And a resolution space presentation unit for outputting storage space information for a space in which the non-identifying step generalization layer information is stored.
A communication unit connected to the information providing system, which is the at least one information providing unit, and the information request unit, which is the information requesting unit, and performs data communication;
A storage unit for storing a field-specific data dictionary storing a schema for each field and defining attributes of the words and words included in the collection information of the field; And
When an information request including a query of the field is generated from any one of the information providing system and the information requesting unit in the specific field through the communication unit, the database of the information providing system in the field corresponds to the field of the information providing system, Collecting information by applying a corresponding pre-stored schema, applying a non-identification model based on the data dictionary corresponding to the field to non-identify the collected information, and transmitting the non- And a controller for providing information to the information requesting unit,
Wherein,
A service accepting unit for accepting an information request including a query including field information for the field from any one of an information providing system and an information requesting unit in a specific field via the communication unit and outputting the query;
The information processing system of the present invention receives a query from the service reception unit, loads a schema corresponding to the field of the field information included in the query and a query corresponding to the query term from the storage unit, applies the schema, A data collecting unit for outputting data; And
And an information analyzer for analyzing the collected information by word by referring to the data dictionary of the field and defining attributes of analyzed words and classifying the collected information according to the attributes,
The information analyzing unit,
A data analyzer for detecting a word included in the collected information based on the collected information;
An attribute discrimination unit for discriminating and defining an attribute of each word detected by the data analysis unit by referring to the data dictionary; And
And a data classifier for sorting the words according to the determined attributes,
Wherein,
Identifying the attribute of the word not defined by the attribute determination unit, adding the attribute to the data dictionary of the field, setting the attribute of the added word, and performing non-identification Initial setting section;
A non-discrimination unit for discriminating and outputting the collected information based on the finally updated data dictionary and the set setting information; And
Further comprising a collection information providing unit for providing the non-identified collection information to at least one of the information requesting unit and the information providing system,
The non-identification initial setting unit
A non-discrimination dictionary generating unit for loading and setting a data dictionary corresponding to the field;
A non-discrimination dictionary unit for recognizing and defining the word whose attribute has not been determined by the attribute discrimination unit and the attribute of the word from the received collecting information, and adding the defined word and its attribute to the data dictionary Management; And
An attribute information management unit for storing and managing attribute information on the determined attributes of the collected information and the collected information;
And a setting information management unit for setting parameters and parameter values to be applied for each attribute.
9. The method of claim 8,
The non-identifying model is a classical non-identifying model,
The non-
An k-anonymity processing unit for deleting an identifier from the collected collection information, classifying the quasi-identifiers into a homogeneous set based on the setting information, generalizing the quasi-identifiers, and performing non-discrimination processing so as not to be distinguished from others of a certain number k;
A? -Diversity processor for diversifying the sensitivity information of the non-discriminated processed collection information so as to be diversified to a predetermined number (1); And
T-proximity (similarity) processing such that the difference between the distribution of the augmented information of the attributes (records) not distinguished in the specific data set of the collection information and the distribution of the sensitive information of the total collection information is equal to or less than a predetermined value t ≪ / RTI > a proximity processing unit; and a classical non-identifying unit including a proximity processing unit.
9. The method of claim 8,
Wherein the non-discrimination model is a differential privacy non-discrimination model,
The non-identifying unit includes a differential privacy unit, which is a modern non-identifying unit for performing differential privacy by deleting the identity of the individual by putting the noise calculated for the quasi-identifier (QI) of the collected information into a statistical record A personal information non-discrimination system having a security function.
A non-identification service receiving step of the control unit receiving an information request including a query of the field from an information providing system and an information requesting unit of a specific field through a communication unit;
An information collecting step of collecting information from the database of the information providing system of the field corresponding to the information providing system field and applying a pre-stored schema corresponding to the query;
A non-discrimination process in which the controller applies a non-discrimination model based on a data dictionary corresponding to the field to discern the collected information;
A non-identification information providing step of providing the non-identified information to the information requesting unit through the communication unit;
Wherein the control unit encrypts the non-identified collection information in the non-identifying unit through the secret sharing cryptography unit and provides the encrypted information to the collection information providing unit. And
The control unit may be configured to generate non-discrimination level generalization layer information for the non-identified collection information, storage space information for storing the non-discrimination level generalization layer information, utilization analysis information, and risk analysis information through an evaluation unit Information generation process,
In the evaluation information generation process,
A utilization analysis step of generating and outputting the utilization analysis information analyzing an attack possibility according to an attack scenario for the non-identified collection information;
A risk analysis step of analyzing the re-identification risk of the non-identified collected information to generate and output the risk analysis information;
And generating and outputting non-identifying step generalization layer information, which is generalized layer information for each step of non-identification of the non-identified collection information,
And outputting a storage space information for a space in which the non-identification step generalization layer information for the non-identified step is stored.
12. The method of claim 11,
The information gathering process includes:
The control unit receives a query from the service accepting unit, loads the schema corresponding to the field and the query term included in the query from the storage unit, and collects and outputs information from the information providing system of the field based on the applied schema A data collecting step; And
And an information analysis step of the controller referring to the data dictionary of the field to define attributes of words and words corresponding to the collected information and a query term included in the query, A personal information non-discrimination method having a security function.
13. The method of claim 12,
The information analysis step includes:
A data analysis step in which the control unit detects words included in the collected information based on the morphemes of the collected information collected through the data analysis unit;
An attribute discrimination step of the control section discriminating and defining an attribute of each word detected by the data analysis section through an attribute discrimination section by referring to a data dictionary; And
Wherein the control unit includes a data classification step of sorting words by the determined attribute through a data classification unit.
delete delete delete A non-identification service receiving step of the control unit receiving an information request including a query of the field from an information providing system and an information requesting unit of a specific field through a communication unit;
An information collecting step of collecting information from the database of the information providing system of the field corresponding to the information providing system field and applying a pre-stored schema corresponding to the query;
A non-discrimination process in which the controller applies a non-discrimination model based on a data dictionary corresponding to the field to discern the collected information;
A non-identification information providing step of providing the non-identified information to the information requesting unit through the communication unit; And
Wherein the control unit defines attributes of a word and a word which are not defined by the attribute determination unit through the non-identification initialization unit, adds the attribute to the data dictionary of the field, sets the attribute of the added word, Further comprising a non-identification initialization step of performing a setting for the personal information non-discrimination with the security function.
18. The method of claim 17,
In the non-identification initialization process,
The control unit loads and sets a data dictionary corresponding to the field through the non-identifying dictionary creation unit;
The control unit recognizes and defines an unidentified word and an attribute of the word from the received collection information through the non-identifying dictionary creation unit, and identifies the word and its attribute defined through the non-identification pre- A non-identifying dictionary management step including a non-identifying pre-configuration step of adding to the data dictionary; And
An attribute information management step of the control unit storing and managing attribute information on the determined attributes of the collected information and the collected information through the attribute information management unit;
And a setting information management step of setting parameters and parameter values to be applied to each of the attributes through the setting information management unit.
A non-identification service receiving step of the control unit receiving an information request including a query of the field from an information providing system and an information requesting unit of a specific field through a communication unit;
An information collecting step of collecting information from the database of the information providing system of the field corresponding to the information providing system field and applying a pre-stored schema corresponding to the query;
A non-discrimination process in which the controller applies a non-discrimination model based on a data dictionary corresponding to the field to discern the collected information; And
And a non-identification information providing step of providing the non-identified information to the information requesting unit through the communication unit,
The non-identifying model is a classical non-identifying model,
The non-
an identifier is deleted from the collected information collected through the k-anonymity processing unit, an unidentified display process is performed on some of the quasi identifiers based on the setting information, and anonymity processing is performed so as not to be distinguished from other persons of a certain number (k) k-anonymity processing step;
a? -diversity processing step of? -diversifying the sensitivity information of the anonymized collected information to a certain number (l) through diversity processing unit; And
(t) so that the difference between the distribution of the imprecise information of the attributes (records) not distinguished in the specific data set of the collection information and the distribution of the sensitive information of the whole collection information through the t- Proximity processing step for processing the similarity (similarity) of the personal information.
A non-identification service receiving step of the control unit receiving an information request including a query of the field from an information providing system and an information requesting unit of a specific field through a communication unit;
An information collecting step of collecting information from the database of the information providing system of the field corresponding to the information providing system field and applying a pre-stored schema corresponding to the query;
A non-discrimination process in which the controller applies a non-discrimination model based on a data dictionary corresponding to the field to discern the collected information; And
And a non-identification information providing step of providing the non-identified information to the information requesting unit through the communication unit,
The non-discrimination model is a differential privacy model,
The non-
Wherein the discrimination is performed by performing differential privacy by deleting the discrimination of the individual by putting the noise calculated for the quasi-identifier (QI) among the collected information in the statistical record through differential privacy. Non - discrimination method.

Images