KR102602782B1 - The Method to protect and use Private Information utilizing Shared Nickname Identification - Google Patents

Abstract

The present invention relates to personal identification technology and personal information security technology in non-face-to-face transactions, and a preferred embodiment is to share 'seller identification information' from a customer terminal owned by a certain seller to a service server of a specific service company, PIJU. A step of transmitting predetermined first payment approval application information including an alias ID and a 'payment amount'; A step of PJ's service server storing predetermined payment approval information including the shared alias ID and payment amount in a pseudonym transaction DB; A step of transmitting predetermined settlement application information including 'a predetermined settlement amount calculated using the payment amount' and the shared alias ID to a personal information server; In the personal information server, the personal information ID matching the shared alias ID is searched in the anonymized DB, the general account number matched to the personal information ID is searched in the personal information DB, and the service company DB is matched to the PZ identification information. A settlement account number is searched, and an operation of withdrawing the settlement amount from the settlement account number and depositing the settlement amount into the general account number is performed; Transmitting predetermined search request information including predetermined search item identification information from the service server to a personal information server; Extracting ‘data matching both the search item identification information and the shared alias ID’ from ‘one or more of the personal information DB and the real name transaction DB’ in the personal information server; transmitting the extracted data to the service server as a reply to the search request information; includes

Description

The Method to protect and use Private Information utilizing Shared Nickname Identification}

The present invention relates to personal identification technology and personal information security technology in non-face-to-face transactions.

Recently, the social need to foster the big data industry, artificial intelligence industry, and Internet of Things business is gaining consensus. This need is premised on effective access to personal information, and the social need for personal information protection is growing recently. There are inconveniences that conflict with needs (hereinafter referred to as “conflict inconveniences between personal information protection and personal information use”).

Recognizing this “conflict inconvenience between personal information protection and use of personal information,” and in order to compromise between the above conflicting needs, the Financial Services Commission and the Ministry of Government Administration and Home Affairs recently jointly announced the “Guidelines for Personal Information Protection in the Financial Sector,” which includes personal information. Measures to make the individual unrecognizable (hereinafter referred to as “de-identification measures”) by deleting or replacing identifiers or attributes related to an individual from a given DB using a de-identification method recognized by the above guidelines. Personal information is only permitted to be provided to those who absolutely need it for the purpose of data use. In addition, as a non-identification measure recognized in the above announcement, there is a "pseudonymization method" that replaces an individual's identifier or attribute with another value that cannot be directly identified, and a "pseudonymization method" that replaces each individual's identifier or attribute with a statistical value of grouped individuals. “Total processing method” that replaces, “data deletion method” that deletes all or part of identifier information, and “data that replaces each individual’s identifier or attribute information with a representative value or interval value of the group containing the corresponding identifier or attribute information.” Listed are “categorization methods” and “data masking methods” that replace part of the data constituting identifiers or attributes with spaces or add random noise to the data.

Meanwhile, in the case of card payments at online merchants, there is no need to store the card number at the merchant and there is no need to expose the card password to the merchant, thus reducing the risk of the card being stolen. When paying with a card used in the past, you can use the card without entering a separate card number. In order to enable payment, the inventor of the present application filed an application for a wired online commerce card payment system and method using a shared ID in 2012 (Public Patent Publication No. 10-2012-0076586).

However, even if the above "de-identification measures" are taken or the "wired online commerce card payment system and method using a shared ID" is applied, the same shared ID (for example, an identity authentication agency is used for each member When using a CI value issued by matching the resident registration number of the user, the user's transaction information stored in each service company can be combined by using the CI value as a mapping key, and through the combined transaction information, the user's Even without consent, the subject of the transaction information is exposed to the risk of being re-identified as the user, so the “inconvenience of conflict between personal information protection and personal information use” still remains.

In addition, even if the technology of the above-mentioned Patent Publication No. 10-2012-0076586 is used, when the customer wishes to move the customer's personal information distributed across multiple service companies in exchange for payment, the transfer must be made to each service company. There still remains the inconvenience of having to apply (hereinafter referred to as “the inconvenience of applying for transfer of personal information distributed across multiple service companies”).

In addition, even if the technology of Patent Publication No. 10-2012-0076586 is used, for the purpose of combining 'personal information about multiple individuals distributed across multiple service companies for each individual', information from the multiple individuals is collected. When attempting to purchase personal information, the inconvenience of having to inquire about whether the information the buyer wishes to purchase from each of the individuals is available for purchase (hereinafter referred to as “inconvenience of individual purchase consultation for multiple individuals”) still remains, and the purchase target remains. From the perspective of each individual who is the subject of personal information, it is inconvenient to receive a different list of desired purchase information from multiple buyers and negotiate separately with each buyer (hereinafter referred to as “inconvenience in individual purchase consultation for multiple buyers”) ) still remains.

Meanwhile, the number of startups seeking to enter businesses that utilize personal information, such as big data technology, artificial intelligence technology, or the Internet of Things business, is increasing. However, from the standpoint of startups with small capital, personal information security, including the de-identification measures described above, is necessary. There are burdensome inconveniences associated with investing in building a system to implement the various methods required for this purpose (hereinafter referred to as "personal information protection investment burdensome inconvenience").

delete

In order to solve the inconvenience of investing in personal information protection, a method of storing and using customer information using a cloud server equipped with the necessary system has been proposed. However, this method also conflicts with the need to protect personal information. Recently, the government's Financial Information Security Institute announced the "Guide to the Use of Cloud Services in the Financial Sector" and the supervisory authorities cited the above-mentioned guidelines to provide unique identification information or information using cloud servers. Storage or processing of personal credit information is practically prohibited. Therefore, in fact, personal information cannot be stored in the cloud server or analyzed using the cloud server.

The purpose of the present invention is “inconvenience of conflict between personal information protection and use of personal information” and “inconvenience in applying for transfer of personal information distributed across multiple service companies” and “inconvenience in individual purchase consultation for multiple individuals” and “inconvenience in providing personal information to multiple buyers.” The goal is to reduce “the inconvenience of individual purchase consultations” and “the inconvenience of personal information protection investment burden.”

One embodiment of a personal information protection and utilization method using a shared alias ID according to the characteristics of the present invention to solve this technical problem is to send 'seller identification information' from a customer terminal owned by a certain seller to the service server of a specific service company, PIJU. A step of transmitting predetermined first payment approval application information including a predetermined shared alias ID', predetermined buyer identification information, and a predetermined payment amount; When PJ's service server receives the first payment approval application information, it sends 'predetermined second payment approval application information including the buyer identification information and the payment amount' to the server of the payment company matched with the buyer identification information. transmitting; When a predetermined second payment approval ID matching the second payment approval application information is received from the payment company's server, a predetermined first payment approval information is transmitted as a reply to the first payment approval application information, and a pseudonym transaction is performed. Storing predetermined payment approval information including the shared alias ID and the payment amount in a DB; When PJ's service server receives certain deposit information including the receiving account number, 'payment company identification information as remittance identification information', remittance amount, and settlement target identification information from the system of PJ's trading bank, the above-mentioned settlement information is subject to settlement in the pseudonym transaction database. The 'payment amount and shared alias ID' of each record matching the identification information is extracted, and the 'predetermined settlement amount calculated using the payment amount' and the predetermined settlement application information including the shared alias ID are stored in the personal information server. Steps transmitted to; When the settlement application information is received from the personal information server, the personal information ID matching the shared alias ID is searched in the anonymization DB, the general account number matched to the personal information ID is searched in the personal information DB, and the general account number matching the personal information ID is searched in the service company DB. The settlement account number matching the above identification information is searched, the operation of withdrawing the settlement amount from the settlement account number and the settlement amount is deposited into the general account number, and the settlement amount is deposited into the 'Summary' column and the remitter column. A step in which an operation is performed to cause a name to be recorded; Storing the settlement account number as payer identification information, the general account number as payer identification information, the settlement amount as remittance amount, and a timestamp for the time of remittance in the Pizuki real name transaction DB matched to the Pizuki identification information; Includes.

In addition, if the service company requires personal information stored in the personal information server, a search request containing 'search conditions matching predetermined search condition item identification information and predetermined condition variables' and predetermined search item identification information is requested. Steps where information is transmitted to a personal information server; When the search request information is received from the personal information server, field identification information matching the search condition item identification information is extracted from the 'personal information DB and real name transaction DB', and 'matched to the field identification information is added to the condition variable. Extracting ‘matching data’ and extracting shared alias IDs matching each data; Extracting ‘data matching both the search item identification information and the shared alias ID’ from ‘at least one of a personal information DB and a real-name transaction DB’; Matching the extracted data with the 'shared alias ID and search item identification information searched through matching' and transmitting the extracted data to the service server as a reply to the search request information; Includes.

In the above embodiment, 'PJ, the service company' does not store the personal information of the 'customer seller' on its server, nor does it transmit or receive the personal information. Even if the seller's transaction information is stored, the information that can identify the seller is an anonymous shared alias ID, so it is not possible to know whose information the transaction information actually belongs to. Therefore, even if PJ uses a cloud server to build the PJ server, the cloud service can be used without ‘storing or transmitting or transmitting personal unique identification information or personal credit information’ as prohibited by the ‘Financial Cloud Service Usage Guide’. Electronic payment agency services for ‘customer sellers’ become possible.

Meanwhile, the personal information server is a server that already stores the seller's unique identification information, such as the 'seller's account number'. For example, if the server is a system operated by the bank of a ‘seller registered as an individual business’, it is legal to store and process the seller’s ‘unique identification information such as account number’ and ‘personal credit information such as payment approval details’. .

Therefore, according to the above embodiment, the PJ can provide an electronic payment agency service for the anonymous seller without storing or transmitting or receiving 'unique identification information or personal credit information' of the seller who is a private business. In other words, the “conflict inconvenience between personal information protection and personal information use” in the conventional payment collection agency method of PJU is reduced.

In addition, it is possible to build one's own server on a cloud server while complying with the 'Financial Cloud Service Usage Guide', thereby reducing the "inconvenience of investing in personal information protection."

Figure 1 is a block diagram of a device for implementing a method of protecting and utilizing personal information using a shared alias ID according to an embodiment of the present invention.
Figure 2 shows an operation in which a shared alias ID is shared between a personal information holding institution, a given service company, and a 'customer who wishes to join the service company' in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention. This is a drawing explaining one embodiment.
Figure 3 shows an operation in which a shared alias ID is shared between a personal information holding institution, a given service company, and a 'customer who wishes to join the service company' in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention. This is a drawing explaining another embodiment.
Figure 4 shows that in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention, a customer who has registered a shared alias ID with a business providing a certain service provides a certain service. This diagram explains the operation of connecting to a server.
Figure 5 shows that in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention, a business providing an electronic payment agency service (hereinafter referred to as "PJU") uses its service server (hereinafter referred to as "PJU server") A customer (hereinafter referred to as a “seller”) who installs a personal customer terminal and a separate seller customer terminal (hereinafter referred to as “seller terminal”) and is a ‘seller assigned a certain shared alias ID’ (hereinafter referred to as “seller”) This is a diagram explaining the operation of providing electronic payment agency services to ).
Figure 6 shows that in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention, a business providing a remittance service (hereinafter referred to as a "remittance company") uses its service server (hereinafter referred to as a "remittance server") This is a diagram explaining the operation of providing a remittance service to a customer who is a remitter (hereinafter referred to as a "remitter") who has installed the company's dedicated transaction app and registered a shared alias ID.
Figure 7 is a diagram explaining the operation of a service company searching for personal information about its specific customer in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention.
Figure 8 is a diagram explaining the operation of a service company searching and utilizing 'anonymized statistics' in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention.
Figure 9 is a diagram explaining an operation in which a customer exercises the right to port his or her personal information stored in a personal information server in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention.
10 shows a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention, in order for the customer to conveniently exercise the right to portability of his/her personal information stored in multiple personal information servers, the individual This is a diagram explaining an embodiment of the operation of centrally storing information in a personal information management server.
Figure 11 shows an example of an operation in which a customer receives compensation and exercises the right to port his or her personal information stored in the personal information management server in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention. This is the drawing explained.
Figure 12 is a diagram explaining an operation in which a service server purchases personal information for sale stored in a personal information management server in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention.
Figure 13 is a simplified example of a combined DB illustrated at specific operational steps illustrated herein.
Figures 14 and 19 are brief examples of the price DB illustrated in each operation step illustrated in this specification.
Figure 15 is a simplified example of a marketable information table illustrated at specific operational steps illustrated herein.
Figure 16 is a simplified example of a customer terminal output unit illustrated in a specific operation step illustrated in this specification.
Figure 17 is a simplified example of a sales application table illustrated in a specific operation step illustrated in this specification.
Figure 18 is a simplified example of a combined DB illustrated at specific operational steps illustrated herein.
Figure 20 is a simplified example of an example provision table illustrating specific operational steps illustrated herein.
Figure 21 is a simplified example of a purchase request table illustrated in a specific operation step illustrated in this specification.
Figures 22 and 23 are brief examples of the reply information list exemplified in each operation step illustrated in this specification.

Hereinafter, the present invention will be described in detail through preferred embodiments described with reference to the attached drawings. Embodiments of the present invention may be changed in various ways without departing from the spirit and scope of the present invention. The detailed description described below is not intended to limit the present invention, and the terms used in the detailed description are selected for readability or convenience of explanation.

In addition, “personal credit information” referred to in this specification refers to information required to determine an individual's credit rating and credit transaction ability, and is designated by relevant laws and regulations to control leakage to third parties. Therefore, individuals located in the Republic of Korea Among the information about individuals held by information holding institutions, the individual's name, address, and telephone number as stipulated in Article 2, Paragraph 1 of the Act on Use and Protection of Credit Information and Article 2, Paragraphs 1 and 2 of the Enforcement Decree of the same Act. Contact information such as number, unique identification information, domestic residence report number of overseas Koreans, gender, nationality, loan, guarantee, provision of collateral, current account transaction, credit card and installment financing, facility rental, and financial transactions related to commercial transactions. Type, period, amount and limit, etc., and the amount and timing of occurrence and resolution related to delinquency, bankruptcy, subrogation and counterpayment that occurred in connection with commercial transactions such as financial transactions, and acts that disrupted the credit order by lies, deception and other illegal methods. Matters related to such matters, occupation, total assets, liabilities and income, tax payment records, court judgments related to adult guardianship, limited guardianship and specific guardianship, judgments related to declaration of disappearance, decisions related to bankruptcy declaration, exemption from liability and reinstatement, list of defaulters. Information on decisions related to auctions, such as decisions on registration and cancellation, decisions on opening auctions, and decisions on permitting auctions, information on delinquency of national taxes, local taxes, customs duties, or national bonds, information on delinquency such as fines, fines, surcharges, or surcharges, and social insurance premiums. ·Related information such as public utility charges or fees, information on an individual's birth, death, immigration, or absence, information on changes in resident registration number or name, etc., information on the credit information provision record of a credit inquiry company or credit recovery of the subject of credit information, etc.; Re-identifiable information, etc. may be examples of the personal credit information.

In addition, “personal information” referred to in this specification refers to information about individuals held by personal information holding institutions, and refers collectively to information that is controlled for provision to third parties by relevant laws and regulations. Therefore, “unique identification” referred to in this specification “Information” and “personal credit information” may be examples of personal information. However, “shared alias ID” cited in this specification, even if provision to third parties is controlled by relevant laws and regulations, It is defined as not personal information cited in .

In addition, the “personal information holding institution” referred to in this specification refers to an institution that stores personal information about one or more individuals. Therefore, the “personal information holding institution” in the narrow sense referred to in this specification as well as the “personal information management institution” It may also be an example of the above-mentioned “personal information holding institution.”

Additionally, “personal information server” as used in this specification refers to a system operated by a personal information holding organization to store and retrieve personal information.

In addition, “personal information ID” cited in this specification refers to identification information given by a personal information holding organization to identify a specific individual from other individuals. Therefore, Bank A ‘presents personal information to Bank A and opens an account. If a 'demand deposit account number' is given to 'Hong Gil-dong', the demand deposit account number may be an example of the personal information ID in this specification. Additionally, a personal information holding institution, not a bank, may provide a predetermined login ID from each individual as a login ID. If you have registered an e-mail address, the e-mail address may be an example of the personal information ID in this specification.

In addition, the "transaction ID" used in this specification refers to information given to identify a specific transaction processed by 'one or more of the personal information server, service server, customer terminal, and seller terminal' from other transactions. Accordingly, approval application identification information for identifying various approval application information, approval identification information for identifying various approval information, etc. may be an embodiment of the transaction ID.

In addition, the term "payment company" referred to in this specification refers to a company that grants predetermined member identification information to its members, and when the fact that the member presented the member identification information to the seller for payment of the purchase price is proven by a predetermined method, It refers to a company that provides a service that pays the member's purchase price to the seller on behalf of the member and receives the purchase price from the member by a prescribed method. Accordingly, a company that issues one or more of credit cards, check cards, debit cards, and prepaid payment methods is an example of a “payment company.”

In addition, the term “payment member” as used in this specification refers to a person who has entered into a certain agreement with the payment company and has been provided with certain member identification information in order to receive services provided by the “payment company.”

In addition, “customer” as used in this specification refers to a person who has entered into a certain agreement with the service company on how to use the service, such as by agreeing to the terms and conditions, in order to use the service provided by the specific service company.

In addition, the term “customer terminal” referred to in this specification refers collectively to communication devices that “customers” used in this specification use services provided by a specific service company. Therefore, the sales payment settlement provided by PJ as a service company A "seller terminal", which is a communication device provided by a specific seller to use the service as a customer of PIJU, may also be an example of the customer terminal. However, in this specification, the seller terminal is cited separately from other customer terminals. When desired, cite with reference number "400".

In addition, “unique identification information” referred to in this specification refers to information designated by relevant laws and regulations to control leakage to third parties as identification information given to uniquely distinguish an individual. Therefore, personal information holding institutions located in the Republic of Korea Among the information about individuals held by this Act, resident registration number, passport number, driver's license number, and alien registration number, as stipulated in each subparagraph of Article 24 of the Personal Information Protection Act and Article 19 of the Enforcement Decree of the same Act, may be examples of the above-mentioned unique identification information. there is.

In addition, the terms “public key” and “private key” used in this specification refer to two keys that form a pair, characterized in that information encrypted by one of the two can be decrypted by the other of the two keys, and among the two keys, the ‘above’ The key that the owner of the two keys keeps secretly is called a “private key,” and the key that is disclosed to the outside is called a “public key.”

In addition, the “shared variable” referred to in this specification refers to information that can be calculated equally by each counterpart communication device that communicates with each other using a predetermined network. Therefore, the service server and customer terminal configure a highly accurate timer and If so, the current time value calculated from each timer may be an example of the shared variable.

Additionally, the “shared alias ID” cited in this specification refers to information that identifies a specific individual in a transaction with a ‘specific transaction counterparty’, and is not personal information.

Therefore, Bank A grants 'Hong Gil-dong, who opened an account by presenting personal information including real name information to Bank A' with 'virtual account number 1001 as information to identify Hong Gil-dong to be used in transactions between B Market and Hong Gil-dong', and ' If 'virtual account number 2011' is assigned as information to identify remittance company C and Hong Gil-dong, the virtual account numbers are limited to 'between Hong Gil-dong, bank A and market B' and 'between Hong Gil-dong, bank A and remittance company C' respectively. A shared alias ID may be used to identify Hong Gil-dong only in transactions within the range.

Additionally, the “shared alias ID category” cited in this specification refers to a set of shared alias IDs collectively assigned by a personal information holding organization to a service company. If Bank A, as a personal information holding institution, assigns 1000 shared alias IDs from 'BMK1000 to BMK1999' in advance to B Market to be used as shared alias IDs 'between B Market and A Bank and B Market customers', the above '010 The 'set of 10,000 shared alias IDs from -2012-0000 to 010-2012-9999' is an example of the shared alias ID category.

In addition, the "master password" referred to in this specification is a set of confidential information that is not exposed to any server or stored in any storage device and memorized by the customer, and is used as a key when encrypting and decrypting the user's confidential information (e.g., password). This refers to the information used.

In addition, the "mapping anonymous ID" referred to in this specification is an anonymous ID that a personal information management agency grants to each personal information subject to identify each subject of personal information it stores. This refers to an anonymous ID that is matched with the identification information of the personal information subject when personal information is received from an information holding institution and updated in the combined DB.

Additionally, the term “general account number” used in this specification refers to an account number other than a “dedicated account number.” Therefore, the account number of a conventional non-requestable bank account that can be used for remittance transactions with an unspecified number of counterparties can be an example of a “universal account number.”

Additionally, “category definition” as used herein refers to a section defined by arbitrary minimum and maximum values.

In addition, “block” as used in this specification refers to a certain amount of structured information including a block ID, ‘hash value of transaction data’, and ‘digital signature of the creator of transaction data’. According to an additional aspect of the present invention, the block may further include a previous block ID.

Additionally, the “block ID” used in this specification is information used to identify a specific block from other blocks. If the probability that the 'transaction data hash value' included in each block overlaps is extremely low, the 'transaction data hash value' may be an embodiment of the block ID.

Additionally, “distributed ledger” as used in this specification refers to a storage unit that stores blocks created in a specific blockchain network according to a predetermined structure.

In addition, the "usage code" used in this specification refers to information used to identify a specific 'matched shared alias ID has been matched to a specific customer' record. Accordingly, information combining the date and time value when the shared alias ID is matched to a specific customer becomes an example of the usage code.

In addition, the "service contract" referred to in this specification refers to a record of agreements between an individual and a service company regarding how an individual uses the service provided by a service company other than a personal information holding institution. Therefore, if an individual accesses the service server of a specific service company, reads the terms and conditions for use of the service, and checks the box to agree to the terms and conditions, the viewed terms and conditions become an example of a service contract.

In addition, the term "service company" referred to in this specification refers to an entity that enters into a service contract with any individual and provides the services specified in the service contract, and refers to entities other than personal information holding institutions. Accordingly, an entity that enters into a service contract regarding online shopping with a specific individual and provides services so that the individual can shop online may be an embodiment of the service company.

Additionally, “attribute” used in this specification refers to information related to an individual that can identify a specific individual when combined with other information. Therefore, gender, age, nationality, address up to the city/county/district level, zip code, military service status, marital status, religion, hobbies, identification information of the club/club/online site to which you have joined, date of subscription to the club/online site, Smoking status, drinking status, vegetarian status, interests, blood type, height, weight, waist circumference, blood pressure, eye color, disability type, disability grade, disease name, disease code, medication code, medical treatment history, tax payment amount, credit rating, income Income level identification information such as quintile, asset level identification information, and donations. Health insurance premium payment, medical benefits, school name, department name, grade, grades, academic background, career, occupation, occupation, workplace name, department name, rank, former employer name, cookie information, access date, visit date and time, service use record, access log, Internet access records, mobile phone usage records, store identifier, purchase product category identification information, purchase records including at least one of the amount and purchase date, GPS data, family information such as spouse, children, parents, siblings, legal representative information, etc. may be examples of the attribute.

In addition, “identifier” referred to in this specification refers to unique identification information including real name number, name, detailed address including Gumiman, birthday, anniversary, certificate acquisition date, telephone number, medical record number, health insurance number, and welfare recipient number. , bank account number, credit card number, various certificates and license numbers, automobile number, registration number or serial number of various devices, photo, biometric information, e-mail address, IP address, Mac address, homepage url, ID, employee number , a general term for customer numbers, military numbers, business registration numbers of individual business owners, and other unique identification numbers.

Additionally, “application information” used in this specification refers to information for applying for a given operation. Accordingly, the settlement application information, remittance application information, search application information, personal information transfer application information, and personal information sales application information cited in this specification may be an example of the application information.

In addition, the "real name number" referred to in this specification refers to information used to identify a specific individual or corporation from another individual or corporation, and is information provided by a government agency in a way that does not overlap with the "real name number" of another individual or corporation. . Accordingly, resident registration number, passport number, driver's license number, alien registration card number, corporation number, business registration number, etc. may be examples of real name numbers.

In addition, the term “app” used in this specification refers to an application program driven by the OS of a personal terminal, and a box for executing the application program is separately output to the output portion of the personal terminal.

In addition, the "exclusive account number" cited in this specification means 'the number of an account opened to be used only for remittance transactions between a specific customer and a specific service company.' Therefore, 'a virtual account number opened solely for the purpose of remitting a specific individual's electricity bill to the Korea Electric Power Corporation' may be an example of the dedicated account number.

In addition, the "provisionable code", "consent required code", and "provisionable code" cited in this specification are 'information that identifies information that can be provided without consent' and 'information that identifies information that requires customer consent when provided', respectively. and 'information that identifies information that cannot be provided', respectively.

In addition, the "condition variable" referred to in this specification is a variable that matches specific search condition item identification information. When the condition variable matches the search condition item identification information, 'the search condition item identification information is matched to the condition variable. This means ‘request only the information of the corresponding record to be searched.’

Additionally, the “designated variable input box” used in this specification refers to an input box into which one data can be entered.

In addition, the "immediate previous block ID" referred to in this specification refers to transaction data matching the 'hash value of transaction data' contained in a specific block, transaction data matching the 'hash value of transaction data' contained in another specific block, and In the case where there is a causal relationship, the hash value of the 'transaction data that precedes the two transaction data' is included in the block containing the hash value of the 'transaction data that follows the two transaction data' in order to indicate the causal relationship. This refers to the block ID of the block included.

Additionally, the term “time stamp” used in this specification refers to information that includes the date on which the operation occurred to identify when specific information was received or transmitted from a specific server. Accordingly, information including the date on which the operation occurred and the hour, minute, and second may be an example of the timestamp.

In addition, "statistical method identification information" used in this specification refers to information for identifying a method of calculating statistical quantities of data corresponding to a specific search item included in records extracted by a predetermined method. Accordingly, the sum, average, median, mode, 90% range, maximum value, minimum value, etc. may be examples of the statistical method identification information.

In addition, “communication device” as used in this specification refers to a device that is connected to a given communication network and capable of electronic communication with other communication devices. Therefore, the personal information server, service server, customer terminal, seller terminal, payment server, nodes, public station server, and personal information management server cited in this specification may be embodiments of the communication device.

Additionally, the term “communication ID” used in this specification refers to identification information called for electronic communication. Accordingly, a phone number, e-mail address, messenger service ID, etc. may be examples of the communication ID.

In addition, the term “seller terminal” used in this specification refers to a customer terminal provided by a seller, a customer of a given service company, to communicate with a service server operated by the service company.

In addition, "PJ" as used in this specification refers to a service (hereinafter referred to as "electronic payment agency service") that acts as an agent for receiving payment from a payment company for a sale made by a seller to a 'paying member who presents member identification information'. It refers to a company that has entered into a contract with a payment company to provide payment.

In addition, “member identification information” used in this specification refers to unique identification information given by the payment company to each member to identify each member who will receive its services. Accordingly, credit card numbers, check card numbers, debit card numbers, prepaid payment account numbers, etc. may be examples of “member identification information.”

In addition, the "OO box" referred to in this specification refers to an area in which information meaning "OO" is written among the screen areas output to the output unit of the personal terminal of the present invention, and is referred to as an 'action such as touching or clicking on the area'. This refers to an area configured to input information for selecting the "OO box". Therefore, the icon area configured to input information for selecting the OO app, the menu area, box area, button area, etc. configured to input information for selecting “OO” are examples of the “OO box”. You can.

In addition, the “OO name” cited in this specification refers to the name of a specific “OO”, and there may be rare cases where the same “OO name” is given to multiple “OO”s. Therefore, the name given to a specific “OO” Abbreviated names, nicknames, trade names, etc. may be examples of the “OO name”.

In addition, “OO identification information” referred to in this specification refers to the general term for information given to identify a specific “OO” from other “OO”s of the same type. Therefore, “OO name” and “OO identification code” are “OO identification information.” It may be an example of “information.”

In addition, the “OO identification code” used in this specification refers to all “OO identification information” that is not “OO name.”

In addition, “selecting OO” as used herein means that an individual uses the input unit to select the “OO” by touching or clicking on the area where “OO” is displayed among the areas output on the output unit. It means entering information to select. Therefore, touching the "OO" box on a specific screen of a smartphone can be an example of an 'action of selecting the OO box'.

Figure 1 is a block diagram of a device for implementing a method of protecting and utilizing personal information using a shared alias ID according to an embodiment of the present invention.

The personal information server 100 is a computer system operated by a personal information holding organization to store and manage personal information, and is connected to the service server 200, customer terminal 300, and seller terminal 400 through a predetermined communication network. It communicates with one or more of the nodes 600, the public server 700, and the personal information management server 800, and the personal information DB 110, anonymization DB 120, real name transaction DB 130, and shared variable calculation unit. It includes (140), inquiry reason DB (160), service company DB (170), node DB (180), and block generation unit (190) as components.

In the personal information DB 110, the real name number, communication ID, general account number, 'hashed password', and communication key can be stored by matching the personal information ID. According to an additional aspect of the present invention, the personal information ID may match one of a real name number and a communication ID. According to another additional aspect of the present invention, the communication ID includes one or more of a phone number, an e-mail address, a messenger account ID, and a residence address, and the communication key is a disposable communication key.

Meanwhile, according to an additional aspect of the present invention, the personal information DB 110 is matched with personal information ID, such as birthday, anniversary, date of acquisition of a specific qualification, medical record number, health insurance number, welfare recipient number, and various certificate and license numbers. , license plate number, photo, biometric information, Mac address, military service number, gender, age, nationality, military service status, marital status, religion, hobby category identification information, membership club identification information, membership online site identification information, the above club or Online site registration date, smoking status, drinking status, vegetarian status, blood type, height, weight, waist circumference, blood pressure, eye color, disability type, disability grade, disease name, illness code, medication code, medical treatment history, tax payment amount, credit Grade, income level identification information, asset level identification information, average monthly payment amount, average monthly remittance amount, average number of monthly payments, average number of monthly remittances, previous year's health insurance premium payment, status of medical benefits, name of school from which one graduated (or worked), name of department from which one graduated (or worked), You can further save one or more of the following: graduation grades, academic background, occupation, occupation, employer name, department name, rank, previous employer name, spouse information, child information, parent information, sibling information, and legal representative information.

One or more shared alias IDs are stored in the anonymization DB 120 by matching the personal information ID. Each shared alias ID is matched to a specific service company identification code, and the shared alias IDs matched to the specific service company identification code are Duplication is not possible. According to an additional aspect of the present invention, overlap is possible between shared alias IDs matched to different service company identification codes.

The real name transaction DB 130 may be comprised of multi-level sub-DBs. In one embodiment, step 1 for each type of real-name transaction, such as PJ real-name transaction DB (not shown), real-name remittance transaction DB (not shown), online market real-name transaction DB (not shown), and cryptocurrency exchange real-name transaction DB (not shown). It is composed of a sub-DB, and each sub-DB of the first-stage sub-DB for each corresponding type of real-name transaction can be used to form a second-stage sub-DB that matches the identification code of each service company conducting the above-mentioned type of real-name transaction. In one embodiment, the PD Real Name Transaction DB (not shown), which is one of the first-level sub-DBs for each type of real-name transaction, may form a second-level sub-DB matched to each PD identification information.

In the second-stage sub-DB, one or more transaction party identification information, transaction continuity information, transaction date, and transaction time information can be stored by matching the transaction ID for each stage.

According to an additional aspect of the present invention, the transaction essential information includes cookie information, service usage records, access logs, Internet access records, mobile phone usage records, store identifier, purchase product category identification information, purchase amount, GPS data, etc. can be exemplified, and transaction date and transaction time information can include access date, visit date and time, purchase date and time, etc.

In the PDB (not shown) matched to the specific PCU identification information, which is an embodiment of the second-stage sub-DB, the specific payment company identification information is matched with the specific payment company member identification information and payment amount, and a '1st-stage transaction ID' is provided. 2nd payment approval application ID' and 'approval application date and approval application time information matched to the 2nd payment approval application ID' and '2nd payment approval ID and 2nd payment approval date and 2nd payment as 2nd stage transaction ID' Approval time information' can be stored, '1st payment approval ID, 1st payment approval date, and 1st payment approval time information' as a 3-step transaction ID, 'remittance date as a 4-step transaction date', and '4-step transaction. ‘Remittance time information as time information’, payer identification information, recipient identification information, and remittance amount can be stored.

The real-name transaction DB (not shown) matched to the specific remittance company identification information, which is an embodiment of the second-stage lower DB, contains payer identification information, recipient identification information, remittance company identification information, remittance amount, remittance fee, remittance date, and remittance time. Information can be stored.

The shared variable calculation unit 140 outputs a predetermined shared variable. When the personal information server 100 communicates with the customer terminal 300, if a timer (not shown) is configured to output a time value to the customer terminal 300, the timer configured in the personal information server 100 may be an embodiment of the shared variable calculation unit 140.

In the inquiry reason DB 160, one or more search item identification information may be stored, and one or more inquiry reason identification codes may be stored in a way that matches each search item identification information, and the 'specific search item identification information and inquiry reason identification' may be stored in the search reason DB 160. Disclosure condition identification information is stored by matching the 'pair' of the code.

According to an additional aspect of the present invention, 'one or more inquiry reason identification codes are stored in a manner that matches each search item identification information', and one or more specific statistical method identification information is stored by matching each search item identification information. One or more inquiry reason identification codes are stored by matching the 'pair of specific search item identification information and specific statistical method identification information', and the 'group of specific search item identification information, statistical method identification information, and inquiry reason identification code'. This may be a method in which disclosure condition identification information is stored by matching '.

According to an additional aspect of the present invention, inquiry reason description information is stored by matching the inquiry reason identification code.

Examples of the statistical method identification information include "list", "number", "sum", "average", "median", "mode", "minimum value", and "maximum value", and the disclosure conditions identification above. The information includes identification information indicating that ‘it is possible without consent’ (hereinafter referred to as “consent-free code”), ‘identification information indicating that personal consent is required’ (hereinafter referred to as “consent-required code”), and ‘whether or not consent is required. This can be an example of identification information (hereinafter referred to as “unable to provide code”) that states that it is impossible regardless of the condition.

In the service company DB 170, the service company name, settlement account number, communication ID, and public key are stored by matching the service company identification code.

According to an additional aspect of the present invention, a personal information management agency identification code can be stored as one of the service company identification codes, and at least one of a phone number, address, e-mail address, IP address, and messenger account ID is used as a communication ID. This can be saved.

The node DB 180 stores the connection addresses of the nodes 600.

The block generator 190 generates predetermined transaction data, calculates a hash value of the transaction data, generates a predetermined block ID, and secrets the 'personal information holding institution that operates the personal information server 100'. Encrypt the 'hash value of transaction data' with a key to generate a digital signature of the personal information holding institution for the transaction data, search for the previous block ID, and combine the previous block ID with the 'hash value of transaction data' and the digital signature. A predetermined block header including a signature is generated, and a predetermined block is generated including the block header and the transaction data.

One embodiment of the transaction data is information including 'personal information holding organization identification information as sender identification information', 'predetermined communication ID as recipient identification information', and predetermined transmission target information.

The service server 200 is a computer system of the service company that the service company's customers must access in order to use the services provided by the service company, and is connected to the personal information server 100, the customer terminal 300, and the seller terminal (400) through a predetermined network. ), payment server 500, nodes 600, public service server 700, and personal information management server 800, and perform pseudonym transactions with service company information DB 210 and member DB 220. It includes a DB 230, a shared variable calculation unit 240, a communication key generation unit 250, and a query reason DB 260 as components.

The service company information DB 210 stores the service company's 'login ID and account identification information for accessing the personal information management server' and the communication ID of the service server 200, and 'one or more personal information management agency identification information and one or more personal information. Each public key may be stored by matching each 'information holding organization identification information'.

In the member DB 220, 'shared alias IDs with the personal information holding agency that belong to the shared alias ID category previously assigned by the personal information holding agency' are stored, and are matched to one or more of the shared alias IDs above. A predetermined usage code, 'hashed password', and communication key can be stored. According to an additional aspect of the present invention, the communication key is a disposable communication key.

The pseudonym transaction DB 230 contains a 'shared alias ID given to the customer who is the party to the transaction matched to the transaction ID' by matching a predetermined transaction ID and 'provided to the customer by the service company operating the service server 200. The ‘summary of a service’ and ‘the date and time value of the service provided’ are stored.

According to an additional aspect of the present invention, each record in the pseudonym transaction DB 230 stores a separate 'transaction ID, service summary, date and time value' for each stage of the service by matching a specific shared alias ID and payment amount. It can be.

According to one embodiment in the case where the service server 200 is a server operated by a specific PJ, it matches a specific shared alias ID and payment amount to 'first payment approval application ID as the first stage transaction ID' and 'second stage transaction ID'. '2nd payment approval application ID' as the transaction ID', '2nd payment approval ID as the 3rd step transaction ID' and '1st payment approval ID as the 4th step transaction ID' and the date on which at least one of the above steps was operated, and The time value may be stored as predetermined approval date and time information.

According to an embodiment in the case where the service server 200 is a server operated by a specific remittance company, the remittance application reception ID is matched to the shared alias ID, personal information holding organization identification information, recipient identification information, remittance amount, remittance fee, and remittance amount. The settlement application date and remittance settlement application time information are saved.

The shared variable calculation unit 240 outputs a predetermined shared variable. When the service server 200 communicates with the customer terminal 300, if a timer (not shown) is configured to output a time value to the customer terminal 300, the timer configured in the service server 200 is It may be an embodiment of the shared variable calculation unit 240.

The communication key generator 250 randomly generates a one-time communication key using a known method. Using a function that calculates a random value, such as “RN()”, can be an example of the known method.

In the inquiry reason DB 260, one or more inquiry reasons are stored, and a inquiry reason identification code is stored in matching each inquiry reason.

Examples of the reasons for the inquiry include “checking for settlement errors” and “providing product information.”

The customer terminal 300 is a communication device equipped with a customer to use a specific service provided by a specific service company, and communicates with one or more personal information servers 100 and one or more service servers 200 through a predetermined network, An anonymization app (310) is installed.

The anonymization app 310 is a predetermined application software that operates by the operating software of the customer terminal 300, and includes a personal information DB 311, an anonymization DB 312, a password generation unit 313, and a shared variable calculation unit ( 314), node DB 318, and block generator 319 are included as components.

The personal information DB 311 contains at least one of the 'communication ID matched to the customer terminal 300' and the real name number of the 'customer who is the rightful owner of the customer terminal 300' and the customer's 'encrypted secret key'. It is saved.

The anonymization DB 312 consists of a site identification information field, a site name field, an ID field, a password field, a connection address field, a communication key field, and a public key field.

When a service company identification code is stored in the site identification information field, the service company name is stored in the site name field, and in the ID field matched with the site identification information, the service company and personal information holding organization are stored in the 'customer terminal ( 300) A shared alias ID jointly assigned to identify the 'owner' is stored, and in the communication key field, 'the service server (200) operated by the service company' and 'the anonymization app (310) constituting the anonymization DB (312)' The shared communication key is stored, and in the password field, the password registered with the service company by the 'customer who owns the customer terminal 300' is encrypted with 'the customer's master password' and the access address field is stored. The access address of the service server 200 is stored, and the public key of the service company is stored in the public key field.

Meanwhile, when a personal information holding organization identification code is stored in the site identification information field, 'Personal information ID assigned by the personal information holding organization' is stored in the ID field matched to the personal information holding organization identification information, and 'Personal information ID assigned by the personal information holding organization' is stored in the communication key field. The communication key shared between the 'personal information server 100 operated by the personal information holding institution' and the 'anonymization app 310 constituting the anonymization DB 312' is stored, and in the password field, the 'customer terminal 300' is stored. ) is stored in the encrypted value of the password registered with the personal information holding institution by the 'customer who owns' with the 'customer's master password', and in the access address field, the access address of the personal information server 100 is stored and made public. The public key of the personal information holding organization is stored in the key field.

Meanwhile, when personal information management agency identification information is stored in the site identification information field, the 'login ID assigned by the personal information management agency' is stored in the ID field matched to the personal information management agency identification information, and the 'login ID given by the personal information management agency' is stored in the communication key field. The communication key shared between the 'personal information management server (800)' operated by the personal information management agency and the 'anonymization app (310) constituting the anonymization DB (312)' is stored, and in the password field, 'the customer terminal (300)' is stored. ) is stored in the encrypted value of the password registered with the personal information management agency by the 'customer who owns' with the 'customer's master password', and the access address of the personal information management server 800 is stored in the access address field, The public key of the personal information management agency is stored in the public key field.

The password generator 313 randomly generates a password using a known method. As an example of one of the above known methods, a certain algorithm for generating random variables is used.

The shared variable calculation unit 314 outputs a predetermined shared variable. When the customer terminal 300 communicates with one or more of the personal information server 100, the service server 200, and the personal information management server 800, the 'personal information server 100, the service server 200, and the individual If a timer (not shown) that outputs a time value is configured in one or more of the information management servers 800, the timer configured in the customer terminal 300 may be an embodiment of the shared variable calculation unit 314. there is.

The node DB 318 stores the connection addresses of the nodes 600.

According to an additional aspect of the present invention, the nodes 600 may be a limited number of master nodes selected by agreement among the personal information holding institutions of the present invention, and the master nodes have public trust and capital power among the personal information holding institutions. It is composed of personal information servers 100 operated by some of the above-mentioned public power stations, public power station servers 700 operated by representative public power stations, and personal information management servers 800 operated by representative personal information management companies, and is operated by a majority vote of the above nodes. The legitimacy of a block can be determined.

The block generator 319 generates predetermined transaction data, calculates a hash value of the transaction data, generates a predetermined block ID, and generates a hash of the transaction data using a 'secret key input by a predetermined method'. The 'value' is encrypted to generate the customer's digital signature, and a predetermined block containing the digital signature and the transaction data is created.

According to an additional aspect of the present invention, the transaction data includes sender identification information in a predetermined form, recipient identification information in a predetermined form, and transmission content in a predetermined form.

The seller terminal 400 communicates with the service server 200 operated by the service company in order to request a specific service company to settle the payment of goods or services provided to members of a certain payment company and manages the information necessary for the settlement. In order to do this, it is a type of customer terminal 300 provided by a 'seller who is a customer of the service company', and personal information server 100, the service server 200, and the station server 700 are connected to the personal information server 700 through a predetermined network. It communicates with one or more of the management servers 800 and includes an anonymization DB 420 and a payment DB 440 as components.

In the anonymization DB 420, one or more site identification information including specific PJU identification information is stored, and a shared alias ID and communication key may be stored by matching each site identification information.

The payment DB 440 may store payment company member identification information, payment amount, first payment approval ID, settlement completion date, and settlement completion time information by matching the payment approval application ID.

According to an additional aspect of the present invention, the payment company member identification information may be implemented as 'encrypted payment company member identification information'. According to an additional aspect of the above additional aspect, the 'encrypted payment company member identification information' is disposable payment company member identification information, and the encrypted payment company member identification information is used each time the same payment company member identification information is encrypted. are different from each other unless they coincide by chance.

The payment server 500 is a computer system of a payment company, and receives information from the service server 200, including the payment approval application ID, specific payment company member identification information, and payment amount, in a 'method that can be matched to Pizyu identification information.' Upon receiving the prescribed second payment approval application information, approval is determined using the method notified, and if it is determined to be subject to approval, the prescribed second payment approval is granted using a method that can be matched to the payment approval application ID received above. Reply ID.

The above-mentioned method includes a method of determining whether the balance matched to the member identification information is more than the payment amount, and a method of determining whether the balance matched to the member identification information is more than the payment amount, and a method of determining whether the bank or card company matched to the member identification information is 'the account number or card number matched to the member identification information. ' and a method of receiving approval for payment by transmitting the payment amount can be exemplified.

Nodes 600 are computing devices that receive blocks created in one or more of the personal information server 100, service server 200, and customer terminal 300, and include the distributed ledger 620 as a component.

According to an additional aspect of the present invention, one or more of the nodes 600 may also serve as one or more of the personal information server 100, the public station server 700, and the personal information management server 800.

According to another additional aspect of the present invention, the nodes 600 may be a limited number of master nodes selected in a predetermined manner according to Proof Of Share or other consensus algorithms in a blockchain network. According to another additional aspect of this aspect, the masternodes can decide whether to acknowledge the received blocks based on a majority vote among the masternodes.

In the distributed ledger 620, blocks received by each node 600 are stored according to a predetermined structure. According to an additional aspect of the present invention, the received block includes an 'incomplete block in which the previous block ID is not cited' and a 'complete block including the previous block ID'.

According to an additional aspect of the present invention, the completed block is composed of a predetermined block header and transaction data, and the block header includes the previous block ID and 'the root where the hash values of each transaction data are compressed into a Merkle tree structure. It includes a ‘hash value’, predetermined difficulty information, predetermined nonce, and predetermined timestamp.

According to an additional aspect of the present invention, the completed block designates the block corresponding to the previous block ID as the previous block and is arranged as a block immediately after the previous block, and some of the information required for the completed block is lacking. The block is determined to be an incomplete block and the insufficient information is searched or created to form a completed block and then arranged as described above.

The public space server 700 is a computer device operated by a certified electronic document repository and manages personal information with the personal information server 100, service server 200, customer terminal 300, and seller terminal 400 through a predetermined network. It communicates with one or more of the servers 800 and includes a content certification DB 720 as a component.

The content certification DB 720 stores sender identification information, recipient identification information, and 'information transmitted from the sender to the recipient' by matching a predetermined timestamp consisting of the date and time value at the time of communication relay.

The personal information management server 800 is a computer device operated by a personal information management agency, and is connected to the personal information server 100, the service server 200, the customer terminal 300, the nodes 600, and the public power station through a predetermined network. It communicates with one or more of the servers (700), customer information DB (810), distributed ledger (820), personal information holding institution DB (850), combination DB (860), price DB (870), and node DB (880). Includes as a component.

The customer information DB 810 consists of a login ID field, a mapping anonymous ID field, a password field, a communication key field, a communication ID field, a public key field, and an account identification information field, and includes one or more 'each personal information holding organization identification information and Configure ‘matched field’ and ‘field matched with each service company identification code’. A hashed password is stored in the password field, and each 'field matched with the personal information holding organization identification information' contains 'the personal information holding organization corresponding to the personal information holding organization identification information' and 'the personal information management server.' A shared alias ID is stored to identify the 'customer matching the above record' in collaboration with the 'personal information management agency that operates (800)', and in each 'field matched with the service company identification code', the 'service company A shared alias ID is stored by the 'service company corresponding to the identification code' in collaboration with the personal information management agency to identify the 'customer matching the record'.

Meanwhile, according to another aspect of the present invention in which each personal information holding institution trusts the personal information management institution, each 'field matched with the personal information holding institution identification information' is provided to the 'customer matching each record'. The personal information ID assigned by the ‘personal information holding organization’ corresponding to the personal information holding organization identification information may be stored.

In the distributed ledger 820, 'received blocks verified by a predetermined method' are stored according to a predetermined system consistent with the distributed ledger 820 configured in the nodes 600.

The personal information holding agency DB (850) includes a personal information holding agency name field, personal information holding agency identification code field, access address field, public key field, and 'search item identification for various search items that can be provided by the personal information holding agency. Search item identification information fields matching ‘information’ are constructed.

In each search item identification information field that matches the 'specific personal information holding organization identification code stored in the personal information holding organization identification code field', 'personal information holding organization corresponding to the above personal information holding organization identification code' is entered as the search item. You can store information on 'whether the personal information of a specific individual matching the identification information field can be provided to a personal information holding institution in accordance with the exercise of the individual's right to information portability.'

According to an additional aspect of the present invention, when information indicating an attribute capable of providing the information (hereinafter referred to as "information provision attribute") is stored in the field, 'the individual matched with the information provision attribute' This means that the personal information holding organization corresponding to the 'information holding organization identification code' can provide the above information, and for information matching the search item identification information corresponding to the field in which the above information provision attribute is not stored, the above personal information This means that the holding institution cannot provide the above information.

The combination DB 860 is comprised of fields matched to a mapping anonymous ID field and one or more search item identification information, as illustrated in FIG. 13. The mapping anonymous ID field includes 'each mapping anonymous stored in the customer information DB 810. ID' is stored, and in the field matched to each search item identification information, 'information matching the search item identification information of the customer matching the mapping anonymous ID' is stored. In addition, the field matched to each search item identification information is further configured to be matched with a sales availability field. When a predetermined information provision attribute is stored in the cell configured in each sales availability field, 'search item matched to the cell' The information stored in the 'cell' of the identification information field is judged to be available for sale.

Meanwhile, according to another aspect of the present invention, the sales availability field may not be configured separately, in which case it is determined that sales are possible if predetermined information is stored in each cell configured in the field matched to each search item identification information. do.

As illustrated in FIG. 14, the price DB 870 consists of a field storing the 'mapping anonymous ID stored in the customer information DB 810' and fields matching the 'each field identification information configured in the combination DB 860'. do. For a specific cell that matches both the specific mapping anonymous ID and the specific field identification information stored in the mapping anonymous ID field, a price is charged for 'personal information stored by matching the mapping anonymous ID and the field identification information in the combined DB 860'. It is saved. This specification focuses on an embodiment in which the price is selected by a customer who matches the mapping anonymous ID, but in an embodiment in which the service provider who wishes to purchase the personal information selects the price, and the personal information management agency selects the price according to a predetermined algorithm. Embodiments that do this are also possible.

The node DB 880 stores the connection addresses of the nodes 600.

Figure 2 shows an operation in which a shared alias ID is shared between a personal information holding institution, a given service company, and a 'customer who wishes to join the service company' in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention. This is a drawing explaining one embodiment.

In step 120, the customer terminal 300 is connected to the membership application page of the service server 200.

According to an additional aspect of the present invention, before step 120, a predetermined shared alias ID category is assigned from the personal information holding organization to the service company operating the service server 200 by a known method. According to an additional aspect of the present invention, the method of notifying is a method in which each contracting party retains one copy after signing a written contract and sharing alias ID category information from the personal information server 100 to the service server 200. This may be one of the ways to transmit.

In step 125, the service server 200 accesses the information on the 'predetermined screen including the terms and conditions search field, the terms and conditions agreement display field, the password input field, and the membership application box' (hereinafter referred to as the "service membership application screen"). It is transmitted to the customer terminal (300).

When the customer terminal 300 receives 'information about the service membership application screen transmitted in step 125 (or step 225 in FIG. 3)' in step 130, the service membership application screen is displayed on the output unit (not shown). It is output.

According to an additional aspect of the present invention, in step 130, 'the automatically matched password generation box and password output field' may be further output along with the service membership application screen to the output unit (not shown).

In step 135, the customer terminal 300 transmits 'a predetermined terms and conditions agreement display information, a predetermined password as the customer's service server password, and predetermined membership application information' to the service server 200.

According to an additional aspect of the present invention, step 135 includes step 135a in which the customer inputs an agreement to the terms and conditions using an input unit (not shown) of the customer terminal 300; Step 135b, where the customer inputs 'a predetermined password as the customer's service server password' into the password input field using the input unit (not shown) of the customer terminal 300; and step 135c in which the customer selects the membership application box using the input unit (not shown) of the customer terminal 300; Includes.

According to another aspect of the present invention, in step 135b, when the customer selects the password input field using the input unit (not shown) of the customer terminal 300, the password generator 313 randomly generates a password using a known method. Step 135d; and step 135e, where the generated password is output to the password input field. can be replaced with

According to another aspect of the present invention, the step 135b includes a step 135f in which the password generator 313 randomly generates a password using a known method; can be replaced with

According to another aspect of the present invention, step 135b includes the customer selecting the 'automatic password generation box output in the additional aspect of step 130' using the input unit (not shown) of the customer terminal 300; The password generator 313 randomly generates a password using a known method; outputting the generated password to the password output field; and a step where the customer inputs an agreement to the terms and conditions using the input unit (not shown) of the customer terminal 300 and enters the 'password printed in the password output box' into the password input field. Includes.

According to an additional aspect of the present invention, step 135d includes the customer touching and releasing the password input field for a certain period of time using an input unit (not shown) of the customer terminal 300; Calculating variable values matching the arbitrary period; A step where the shared variable calculation unit 314 outputs a predetermined shared variable; and generating a password by inputting 'the calculated variable value and the output shared variable' as independent variables into a predetermined password calculation function. Includes.

In step 140, when the service server 200 receives the 'terms and conditions agreement display information, password, and membership application information transmitted in step 135', the communication key generator 250 randomly generates a one-time communication key by a known method. Generate, hash the received password, and select 'Not yet in use' among the 'shared alias IDs with the personal information holding agency that belong to the shared alias ID category previously assigned by the personal information holding agency' in the member DB 220. A predetermined usage code is stored by matching with a 'shared alias ID' for which the code is not matched, and 'the hashed password' and 'the generated one-time communication key' are stored by matching with the shared alias ID. The disposable communication key and predetermined membership registration completion information are transmitted to the customer terminal 300 connected at 120 by matching the shared alias ID.

According to an additional aspect of the present invention, the 'shared alias ID stored by matching the usage code' is a service company identification code other than the service company identification code in the 'anonymized DB 120 configured in the personal information server 100'. It may overlap with other shared alias IDs that have already been matched and stored.

In step 145, the service server 200 calls the shared alias ID registration page of the personal information server 100 and uses the 'shared alias ID stored by matching the usage code in step 140' as a 'method that can be matched to the service company identification code'. ' is transmitted to the personal information server 100, and according to the call, 'customer terminal 300 connected in step 120' is connected to the shared alias ID registration page of the personal information server 100.

In step 150, the personal information server 100 receives the ‘shared alias ID transmitted in step 145’ and the ‘service company identification code matching the service server 200 called in step 145’ from the service company DB 175. The service company name matched is searched, and the 'shared alias ID, service company identification code, and service company name' are transmitted to the 'customer terminal 300 connected in step 145'.

In step 155, the customer terminal 300 receives the 'one-time communication key and membership registration completion information transmitted in step 140 and matched to the shared alias ID', and the 'shared alias ID and the service company transmitted in step 150' are received. When the 'identification code and service company name' are received, the anonymization app 310 is activated and determines whether the 'shared alias ID transmitted in step 140' and the 'shared alias ID transmitted in step 150' match.

If the determination in step 155 is positive, step 160 is operated.

In step 160, the 'shared alias ID, service company identification code, and service company name', the master password input field, and the confirmation box are output to the output unit (not shown) of the customer terminal 300.

In step 165, when the customer enters the customer's master password using the input unit (not shown) of the customer terminal 300 and selects the check box, the anonymization DB 312 displays the 'ID matched to the personal information holding organization identification information. The personal information ID stored in the 'field' is extracted, the 'customer's service server password sent in step 135' is encrypted using the input master password as an encryption key, and the 'service company password received in step 155' is encrypted in the anonymization DB 312. By matching the 'identification code', 'the service company name, shared alias ID, and one-time communication key received in step 155' and 'the encrypted password for the customer's service server' are stored, and the customer terminal 300 stores the 'shared alias ID and one-time communication key'. The 'customer's personal information ID' is transmitted to the personal information server 100 in a 'method that can be matched to the alias ID'.

According to an additional aspect of the present invention, the 'method capable of matching the shared alias ID' is a method of transmitting the shared alias ID by matching the 'customer's personal information ID'.

In step 170, when the personal information server 100 receives the customer's personal information ID transmitted in a way that can be matched to a specific shared alias ID in step 160, the anonymization DB 120 receives the information in step 155. The 'shared alias ID' is stored by matching the 'service company identification code' and the 'customer's personal information ID'.

Meanwhile, according to another aspect of the present invention, in step 170, the 'customer's personal information ID' is stored by matching the 'service company identification code received in step 155' and the 'shared alias ID' in the anonymization DB 120. It could be.

In step 175, the customer terminal 300 matches the 'service company identification code received in step 155' as a service company identification code in the anonymization DB 312 and matches the 'service company identification code in step 150' as a shared alias ID. The received ‘shared alias ID’ is saved.

Figure 3 shows an operation in which a shared alias ID is shared between a personal information holding institution, a given service company, and a 'customer who wishes to join the service company' in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention. This is a drawing explaining another embodiment.

In step 205, when the customer terminal 300 accesses the shared alias ID application page of the personal information server 100, the output unit (not shown) of the customer terminal 300 includes a service company name input field and a shared alias ID application box. A predetermined screen (hereinafter referred to as “first shared alias ID application screen”) is displayed.

According to an additional aspect of the present invention, in step 205, when the customer selects the anonymization app box output on the output unit (not shown) using the input unit (not shown) of the customer terminal 300, the anonymization app 310 This step is started and a predetermined anonymization app main screen including a personal information holding organization access box is output; And when the customer selects the personal information holding organization access box using the input unit (not shown) of the customer terminal 300, a first shared alias ID application screen is displayed; Includes.

According to another additional aspect of the present invention, in step 205, the customer uses the input unit (not shown) of the customer terminal 300 to input the access address required to call the shared alias ID application page of the personal information server 100. steps; The customer terminal 300 is connected to the shared alias ID application page, and the personal information server 100 displays a 'predetermined screen including a personal information ID input field, a service company name input field, and a shared alias ID application box' (hereinafter referred to as " 2. Transmitting information regarding “shared alias ID application screen”) to the connected customer terminal 300; The customer terminal 300 receives the information and outputs the second shared alias ID application screen to an output unit (not shown); Includes.

In step 210, when the customer enters or selects the service company name using the input unit (not shown) of the customer terminal 300, the name is entered in the anonymization DB 312 in the 'alias shared ID field matched to the personal information holding organization identification information'. The stored personal information ID is extracted, and the personal information ID and 'service company identification code matched to the entered or selected service company name' are transmitted to the personal information server 100.

According to an additional aspect of the present invention, step 210 includes the customer selecting a service company name input field using an input unit (not shown) of the customer terminal 300; A step where the customer terminal 300 transmits ‘information in which the service company name input box is selected’ to the personal information server 100; When the personal information server 100 receives the 'transmitted information in which the service company name input field is selected', extracting 'service company identification code and service company name pairs that match each other' from the service company DB 170; The personal information server 100 transmitting the extracted ‘service company identification code and service company name pairs matched to each other’ to the customer terminal 300; A step of outputting the service company names to an output unit (not shown) when the customer terminal 300 receives the 'service company identification code and service company name pairs that match each other'; A step where the customer selects a specific service company name from among the output service company names using an input unit (not shown) of the customer terminal 300; Outputting the service company name in the service company name input field; Extracting the personal information ID stored in the 'alias shared ID field matched to the personal information holding organization identification information' from the anonymization DB (312); and the customer terminal 300 transmitting 'the customer's personal information ID' and 'the service company identification code matching the selected service company name' to the personal information server 100; Includes.

In step 215, when the personal information server 100 receives the 'customer's personal information ID and service company identification code transmitted in step 210', it matches the service company identification code in the anonymization DB 120 and provides 'the service company identification code'. The personal information ID is stored to match a predetermined shared alias ID that does not overlap with 'shared alias IDs' stored by matching with private identification codes and other personal information IDs.

According to an additional aspect of the present invention, in step 215, matching the service company identification code and the 'customer's personal information ID' in the anonymization DB 120, 'the service company identification code in the anonymization DB 120 It may include an operation of storing a predetermined shared alias ID that does not overlap with other shared alias IDs already stored by matching.

According to another additional aspect of the present invention, the stored shared alias ID is different from 'other shared alias IDs already stored in the anonymization DB 120 by matching a service company identification code other than the service company identification code.' There may be overlap.

In step 220, the personal information server 100 calls the membership application page of the service server 200 and sends the 'shared alias ID matched to the personal information ID stored in the anonymized DB 120 in step 215' to the service server 200. and, according to the call, the 'customer terminal 300 connected in step 205' is connected to the membership application page of the service server 200.

In step 225, the service server 200 receives the 'shared alias ID transmitted in step 220' and transmits information about the service membership application screen to the 'customer terminal 300 connected in step 220'.

'Steps 230 and 235', which respectively correspond to 'steps 130 and 135 in FIG. 2', are operated.

In step 240, when the service server 200 receives the 'terms and conditions agreement display information, password, and membership application information transmitted in step 235', the communication key generator 250 randomly generates a one-time communication key by a known method. generates, hashes the received password, stores the 'shared alias ID received in step 240' in the member DB 220 as the customer's 'shared alias ID with the personal information holding institution', and stores the shared alias The hashed password and the generated one-time communication key are stored by matching the ID, and the one-time communication key and the predetermined number are stored by matching the shared alias ID with the 'customer terminal 300 connected in step 220'. Send membership registration completion information.

In step 260, when the customer terminal 300 receives the 'one-time communication key and membership registration completion information sent in step 240 and matched to the shared alias ID', the anonymization app 310 is activated and the output unit (not shown) The master password input field and confirmation box are displayed.

In step 265, when the customer enters the customer's master password using the input unit of the customer terminal 300 and selects the confirmation box, the entered master password is used as an encryption key as 'the customer's service server password transmitted in step 235'. is encrypted and matched to the 'service company identification code transmitted in step 210' in the anonymization DB 312 to enter 'shared alias ID and one-time communication key received in step 260' and 'the encrypted password for the customer's service server. ' is saved.

Figure 4 shows that in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention, a customer who has registered a shared alias ID with a business providing a certain service provides a certain service. This diagram explains the operation of connecting to a server.

In step 305, the customer terminal 300 connects to a 'predetermined screen including a predetermined ID input field and an identity authentication information input field' (hereinafter referred to as "identity verification screen") of the service server 200 by a known method.

According to an additional aspect of the present invention, in step 305, when the customer selects the anonymization app box using the input unit (not shown) of the customer terminal 300, the anonymization app 310 is started, and the anonymization DB 312 A step of extracting service company names and outputting them to an output unit (not shown); When the customer selects 'one of the output service company names' using the input unit (not shown) of the customer terminal 300, the service company identification code matched to the selected service company name is received from the anonymization DB 312. A step in which the identity verification screen access address is searched; and connecting the customer terminal 300 to the identity verification screen access address; Includes.

According to another aspect of the present invention, step 305 includes the customer selecting or entering an identity verification screen access address of the service server 200 using an input unit (not shown) of the customer terminal 300; and connecting the customer terminal 300 to the identity verification screen access address; Includes.

In step 310, the service server 200 transmits information on the identity verification screen to the customer terminal 300 in a manner that can be matched to the service company identification information.

According to an additional aspect of the present invention, an embodiment of the 'method that can be matched to service company identification information' is a method in which 'service server access address as service company identification information' is included in the information on the identity verification screen. .

When 'information about the identity verification screen transmitted in step 310' is received from the customer terminal 300 in step 315, the identity verification screen, master password input field, and confirmation box are output to an output unit (not shown).

In step 320, when the customer enters the master password using the input unit (not shown) of the customer terminal 300 and selects the confirmation box, the anonymization DB 312 displays information about the identity verification screen received in step 315. The 'shared alias ID, encrypted password, and communication key' matched to the matching service company identification code are searched, and the 'searched, encrypted password' is decrypted using the input master password as the decryption key, and the shared variable calculation unit ( 314) outputs a predetermined shared variable, calculates predetermined personal authentication information using 'the decrypted password, the communication key, and one or more of the output shared variable', and sends the service server from the customer terminal 300. The 'shared alias ID and the personal authentication information' are sent by matching the given service application information to (200).

According to an additional aspect of the present invention, the transmitted personal authentication information is the decrypted password.

According to another additional aspect of the present invention, the communication key is a one-time communication key, and the transmitted identity authentication information is disposable identity information obtained by encrypting the 'decrypted password' with the communication key.

According to another additional aspect of the present invention, the transmitted personal authentication information is disposable personal authentication information calculated by substituting 'the decrypted password, the disposable communication key, and the shared variable' into a predetermined function.

According to an additional aspect of the present invention, the 'predetermined service application information' includes 'information for applying for permission to log in to a service server to search for information', 'information for applying to conclude an electronic contract requiring identity verification', and ' It may be one or more of 'predetermined payment application information including seller identification information, purchased product identification information, and payment amount' and 'predetermined remittance application information including recipient identification information, recipient account identification information, and remittance amount.'

In step 325, when 'predetermined service application information, shared alias ID, and personal authentication information transmitted in step 320' are received from the service server 200, 'hashing' matching the shared alias ID is performed in member DB 220. The 'password and communication key' are searched, the shared variable calculation unit 240 outputs a predetermined shared variable, and it is determined whether the searched 'hashed password' matches the 'received personal authentication information'.

In this specification, the password is exemplified as the personal authentication information sent by the customer, and the 'hashed password' is exemplified as information that can verify the personal authentication information. However, the present invention is not limited to this, and the customer can transmit different types of personal authentication information and verify other types of personal authentication information matched with the shared alias ID in the member DB 220 such as the service server 200. It also includes embodiments in which ‘information that can be accessed’ is stored. Therefore, we also see an embodiment in which the customer transmits a digital signature as personal authentication information, matches it with a shared alias ID in the member DB 220, and stores the 'customer's public key' as 'information that can verify the digital signature'. It may be an embodiment of the invention.

delete

According to an additional aspect of the present invention, the identity authentication information received in step 325 is the 'password for the customer's service server', and in step 325, the received password for the service server is hashed and the hashed password for the service server is entered into the searched password. Determining whether it matches the 'hashed password'; Includes.

According to another additional aspect of the present invention, the identity authentication information received in step 325 is disposable identity authentication information encrypted with the 'customer's service server password' and the 'customer's one-time communication key', and in step 325, the 'customer's service server password' is encrypted with the 'customer's one-time communication key'. Decrypting the 'one-time personal authentication information' using the searched communication key as a decryption key to calculate the 'customer's service server password'; and hashing the decrypted password and determining whether the hashed password matches the searched 'hashed password'; Includes.

According to another additional aspect of the present invention, the identity authentication information received in step 325 is a one-time identity authentication calculated by substituting the 'customer's service server password, the customer's one-time communication key, and a predetermined shared variable' into a predetermined function. Information storage, step 325 is a step of substituting the 'received disposable personal authentication information', the retrieved communication key, and the output shared variable into a predetermined inverse function to invert the 'customer's service server password'; and hashing the inverted service server password and determining whether the hashed service server password matches the searched 'hashed password'. Includes.

If the determination in step 325 is positive, step 330 is operated.

In step 330, a one-time communication key is randomly generated in the service server 200, the communication key matching the 'shared alias ID received in step 325' in the member DB 220 is updated with the generated disposable communication key, and the customer A screen for inputting the information required for applying for a given service by matching the disposable communication key generated by the method that can be matched to the service company identification code to the 'service application information received in step 325' using the terminal 300. '(hereinafter referred to as "service application screen") is transmitted.

According to an additional aspect of the present invention, the 'method that can be matched to the service company identification code' is 'a method of matching the service company identification code to the disposable communication key and transmitting it to the customer terminal 300'.

According to an additional aspect of the present invention, the 'service application screen' is a 'search screen including a search target information input field for searching information' and an 'input field for entering the main points of the contract subject to contract conclusion application. 'Contract application screen containing the specified seller identification information' and 'Payment approval application screen including the buyer identification information input field and the payment amount input field required to apply for remittance of the predetermined payment amount to the settlement account matching the predetermined seller identification information' and ' It may be one of the ‘remittance application screens’ that include a recipient identification information input field and a remittance amount input field required to apply to remit a certain amount of money to a certain recipient.

In step 335, when the 'one-time communication key transmitted in step 330 (or step 530 in FIG. 6)' is received at the customer terminal 300, the communication key matched to the service company identification code in the anonymization DB 312 is 'received above. It is updated with a ‘one-time communication key’.

In step 340, the service server 200 operates a service matching the 'predetermined service application information transmitted in step 320', the current date and current time value are searched in a timer (not shown), and the pseudonym transaction DB ( 230), the gist of the 'operated service' and 'the current date and current time value' are stored by matching the shared alias ID.

According to an additional aspect of the present invention, the 'matching service' includes 'a service that searches for information about the information entered in a predetermined search target information input box and transmits the searched information to the customer terminal 300' and ' Recall the full text of ‘a service that accepts applications for a certain contract defined according to the main points entered in each input field’ and ‘applying for payment of the payment amount entered in the payment amount input field by matching the buyer identification information entered in the buyer identification information input field. ‘A service that transmits to the payment company matched with the purchaser identification information and acts as an agent for the collection application’ and ‘a service that provides personal settlement application information including the recipient identification information entered in the shared alias ID and recipient identification information input fields and the remittance amount entered in the remittance amount input field. It may be one of the ‘services that transmit information to an information server.’

Figure 5 shows that in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention, PCU uses the PCU server, installs a personal customer terminal and a separate seller terminal, and provides an electronic payment agency service to the seller. This is a diagram explaining the provided operation.

In step 405, the identification information of the first member of a specific payment company (hereinafter referred to as “first member identification information”) is collected from the customer terminal (hereinafter referred to as “seller terminal”) 400 owned by a predetermined seller using a predetermined method. It is read, and the shared alias ID and communication key matched with the service company identification code (hereinafter referred to as "PJU identification information") of 'PJU, an embodiment of the service company in the present invention', are searched for in the anonymized DB 420, and the shared alias ID and communication key are searched for, The first member identification information is encrypted with the disposable communication key as an encryption key, a predetermined first payment approval application ID is generated, and the above-mentioned information is sent to the service server (hereinafter referred to as “PJU server”) 200 of a specific service provider, PIJU. 1By matching the payment approval application ID, predetermined first payment approval application information including ‘the shared alias ID as seller identification information’, ‘the encrypted first member identification information as buyer identification information’ and a predetermined payment amount is provided. It is transmitted, and the payment amount is stored by matching it with the first payment approval application ID in the payment DB 440.

According to an additional aspect of the present invention, the shared alias ID is an affiliated store number shared between PZU and the personal information holding institution.

In step 410, the PIZU server, which is the service server 200 of PIZU, sends a 'shared alias ID matched to the first payment approval application ID transmitted in step 405, encrypted first member identification information, and a predetermined payment amount. Upon receiving 'predetermined first payment approval application information', the communication key matching the shared alias ID is searched for in the member DB 220, and the encrypted first member identification information is decrypted using the communication key decryption key, A predetermined second payment approval application ID is generated and sent to the payment company's server (hereinafter referred to as "payment server") and the personal information server 100, respectively, matching the 'first member identification information as purchaser identification information'. In a way that can be matched with the 'Piece identification information', which is the service company identification code, 'the second payment approval application ID, the purchaser identification information, the first member identification information, and the payment amount are included in the second payment approval application information. ' is transmitted, the current date and current time information are searched on a timer (not shown), and matched to the first payment approval application ID in the pseudonym transaction DB 230, the second payment approval application ID and the payment amount are And as the shared alias ID and the timestamp of the second payment approval application, 'the current date as the second payment approval application date' and 'current time information as the second payment approval application time information' are stored.

According to an additional aspect of the present invention, the 'method of matching with the PCB identification information' is 'a method of including the PCB identification information in the second payment approval application information.'

In step 415, the personal information server 100 sends a predetermined second payment including the second payment approval application ID, first member identification information, and payment amount transmitted in step 410 in a way that can be matched with the Pizyu identification information. When 'approval application information' is received, the current date and current time information is searched on a timer (not shown), and the PJ, which is a sub-DB comprised in the real-name transaction DB (130), is a sub-DB comprised in the real-name transaction DB (not shown). In the real name transaction DB matched to the identification information (hereinafter referred to as "Piece real name transaction DB matched to the Pju identification information (not shown)"), the second payment approval application ID, first member identification information, payment amount and current date, and Current time information is saved.

In step 420, 'predetermined second payment approval application information including the payment approval application ID, first member identification information, and payment amount transmitted in step 410 in a way that can be matched with the Pizyu identification information in the payment server 500. ', approval is determined by notification method.

If approval is determined in step 420, step 425 is operated.

In step 425, a predetermined second payment approval ID is transmitted from the payment server 500 to the PIZZ server 200 in a manner that can match the 'second payment approval application ID received in step 415.'

In step 430, when the service server PIZU server 200 receives the 'second payment approval ID transmitted in step 420' in a way that can match the second payment approval application ID, the current date is set in a timer (not shown). And the current time information is searched, the first payment approval application ID matching the second payment approval application ID is searched in the pseudonym transaction DB 230, a predetermined first payment approval ID is generated, and 'at step 410. In response to the received first payment approval application information', 'predetermined first payment approval information including the first payment approval ID' is sent to the 'seller terminal 400 that transmitted the first payment approval application information'. It is transmitted to the pseudonym transaction DB 230 and matched with the second payment approval application ID, and the first payment approval ID, the second payment approval ID, and the timestamp of the second payment approval are recorded as 'the second payment approval date.' The current date' and 'the current time information as second payment approval time information' are stored and matched to the second payment approval application ID by the personal information server 100, and the 'payment company matching with the payment server 500' is stored. ‘Identification information’ and the second payment approval ID are transmitted.

In step 435, when the personal information server 100 receives 'the payment company identification information and the second payment approval ID matched to the second payment approval application ID transmitted in step 425', a timer (not shown) records the current date and The current time information is searched, and the second information is retrieved from the PDB real-name transaction DB (not shown), which is a sub-DB configured in the real-name transaction DB 130, and matched to the PIZU identification information. The 'payment company identification information, the second payment approval ID, the current date as the second payment approval date, and the current time information as the second payment approval time information' are stored by matching the payment approval application ID.

In step 436, when the seller terminal 400 receives 'predetermined first payment approval information including the first payment approval ID transmitted in step 430 as a reply to the first payment approval application information transmitted in step 405' , the first payment approval ID is stored in the payment DB 440 by matching with the first payment approval application information.

In step 440, a predetermined information including the receiving account number, 'payment company identification information as remittance identification information', remittance amount, and settlement target identification information is received from the PIJU server 200, which is the service server of PJU, from the system of PJ's trading bank (not shown). Upon receiving deposit information, payment amounts matching the settlement target identification information are extracted from the pseudonym transaction DB 230, and it is determined whether the total amount of the extracted payment amounts matches the remittance amount.

According to an additional aspect of the present invention, the settlement target identification information is predetermined settlement target period identification information (e.g., settlement target date in case of settlement every business day), and in step 440, the approval date and approval are obtained from the pseudonym transaction DB 230. Payment amounts whose time information corresponds to the period indicated by the settlement target period identification information are extracted.

According to an additional aspect of the present invention, step 440 includes the steps of the PCJ server 200 logging into a system (not shown) of the PCB's trading bank and inputting the receiving account number as an account number to be searched for transaction details; may include.

If the determination in step 440 is positive, step 445 is operated.

In step 445, the PIZU server 200, which is the service server of PIZU, collects the 'first payment approval application ID and the second payment' of each record that matches the 'settlement target identification information received at step 440' in the pseudonym transaction DB 230. The approval application ID, the first payment approval ID, the second payment approval ID, the payment amount, and the shared alias ID' are extracted, and a predetermined settlement amount is calculated by deducting the fee calculated in a predetermined manner from the payment amount. Settlement application information including '1st payment approval application ID, 2nd payment approval application ID, 1st payment approval ID, 2nd payment approval ID, settlement amount, and shared alias ID' will be matched to 'Piece identification information. It is transmitted to the personal information server 100 in a 'method that can be used'.

According to an additional aspect of the present invention, one embodiment of the 'method capable of matching with the PSU identification information' is a method of specifying the PSU identification information in the header area of the settlement application information.

In step 450, the personal information server 100 receives the first payment approval application ID, the second payment approval application ID, the first payment approval ID, the second payment approval ID, the settlement amount, and the shared alias ID transmitted in step 445. When 'predetermined settlement application information including' is received in a 'method that can be matched to PJI identification information', the 'second payment approval ID and payment amount' matched with the second payment approval application ID in the real name transaction DB 130 and shared alias ID', and determine whether the received 'second payment approval ID, payment amount, and shared alias ID' respectively match the extracted 'second payment approval ID, payment amount, and shared alias ID'. .

According to an additional aspect of the present invention, step 450 includes calculating the settlement amount by deducting a fee calculated by a predetermined method from the 'settlement amount extracted from the pseudonym transaction DB 230'; Includes.

If the determination at step 450 is positive, step 455 is acted upon.

In step 455, the personal information ID matching the shared alias ID is searched in the anonymization DB 120 of the personal information server 100, and the communication ID and real name number matched to the personal information ID are searched in the personal information DB 110. The general account number is searched, the settlement account number and 'Piece company name as service company name' matching the above-mentioned Pizyu identification information are searched in the service company DB 170, and the current date and current time information are searched in the timer (not shown). is inquired, and the operation of withdrawing the 'settlement amount received in step 450' from the settlement account number and depositing the settlement amount into the general account number so that the name of the P.J. company is recorded in 'at least one of the summary column and the remitter column'. The operation proceeds, and the settlement is made by matching the 'first payment approval ID received in step 450' using a 'method that can be matched to personal information holding organization identification information' using the seller terminal 400 that matches the communication ID. A predetermined settlement confirmation message containing the amount, the name of the PSU company, and 'current date and current time information at the time the deposit/withdrawal operation is performed as a timestamp for the time of remittance' is transmitted, and is sent to the real name transaction DB (130). The settlement account number as payer identification information and the general purpose as beneficiary identification information in the PD Real Name Transaction DB (not shown) matched to the PD ID information, which is a sub DB comprised of the PD Real Name Transaction DB (not shown), which is a configured sub DB. The account number, the settlement amount as the remittance amount, and 'the current date as the time stamp for the remittance point, the current date as the remittance date, and the current time information as the remittance time information' are stored.

According to an additional aspect of the present invention, the personal information holding institution is a bank in which an account corresponding to the settlement account number is opened, and step 455 includes withdrawing the settlement amount from the account and transferring it to the general account number; Includes.

According to an additional aspect of the present invention, an embodiment of the 'method capable of matching personal information holding organization identification information' is a method of recording the personal information holding organization identification information in the header area of the settlement confirmation telegram.

In step 460, the seller terminal 400 sends 'the settlement amount, the name of the company, the current date, and the current time, matched to the first payment approval ID, transmitted in a way that can be matched to the personal information holding organization identification information in step 455. When a predetermined settlement confirmation message containing information is received, the payment amount matching the first payment approval ID is extracted from the payment DB 440, and the fee calculated by a predetermined method is deducted from the payment amount and settled. The amount is calculated, and it is determined whether the 'calculated settlement amount' matches the 'received settlement amount'.

If the determination in step 460 is positive, step 465 is operated.

In step 465, the 'settlement amount received in step 460, the name of the company, the current date, and the current time information' and the 'payment amount extracted in step 460' are output to the output unit (not shown) of the seller terminal 400. , the current date and current time information is searched on a timer (not shown), and matched to the 'first payment approval ID received in step 460' in the payment DB 440, a timestamp for the settlement completion point is entered as the 'settlement completion date.' The ‘current date’ and ‘the current time information as settlement completion time information’ are stored.

Figure 6 shows that in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention, a remittance company uses a remittance server to install a dedicated app for its own transactions and provides a remittance service to the remitter who has registered the shared alias ID. This is a diagram explaining the provided operation.

In step 505, when the first remitter selects the anonymization app box using the input unit (not shown) of the customer terminal 300 that he or she occupies, an anonymization app exclusively for remittance services (hereinafter referred to as “remittance app”) 310 This starts, and a predetermined remittance application screen is displayed, including a recipient identification information input field, a remittance amount input field, a master password input field, and a confirmation box.

According to another aspect of the present invention, the recipient identification information input field may be replaced with a recipient alias list.

In step 510, when the customer enters the recipient identification information, remittance amount, and master password using the input unit (not shown) of the customer terminal 300 and selects the confirmation box, the service company of a predetermined remittance company is identified in the anonymization DB 312. The 'shared alias ID, encrypted password, and communication key' matched to the code (hereinafter referred to as "remittance company identification code") is searched, and the 'searched, encrypted password' is decrypted using the entered master password as the decryption key. , the shared variable calculation unit 314 outputs a predetermined shared variable, calculates predetermined personal authentication information using 'the decrypted password, the communication key, and one or more of the output shared variables', and uses the customer terminal. From (300) to the service server (hereinafter referred to as “remittance server”) (200) of the ‘remittance company, which is one of the service companies’, a predetermined remittance is made including the ‘shared alias ID, recipient identification information, remittance amount, and personal authentication information’. Send application information.

According to another aspect of the present invention, the operation of inputting the recipient identification information may be replaced with 'an operation of selecting a specific recipient alias from the list of recipient aliases output in another aspect of step 505.'

According to an additional aspect of the present invention, the 'recipient identification information included in the remittance application information' is 'one or more of the recipient account number, recipient organization identification information, recipient name, recipient phone number, and recipient address.'

According to an additional aspect of the present invention, step 510 includes 'recipient account number, recipient organization identification information, recipient name, and recipient phone number matching the 'recipient identification information input or selected above' in a predetermined recipient DB (not shown). A step in which ‘one or more of the recipient addresses’ is extracted; may include.

In step 525, when the remittance server 200 receives 'predetermined remittance request information including the shared alias ID, recipient identification information, remittance amount, and personal authentication information transmitted in step 410,' the member DB 220 shares the information. The 'hashed password and communication key' matched to the alias ID is searched, the shared variable calculation unit 240 outputs a predetermined shared variable, and the searched 'hashed password' is 'the received personal authentication information. It is determined whether it matches '.

Additional aspects and other aspects in step 325 of FIG. 4 also apply in step 525.

If the determination in step 425 is positive, step 530 is operated.

In step 530, a one-time communication key is randomly generated in the remittance server 200, the communication key matching the 'shared alias ID received in step 525' in the member DB 220 is updated with the generated disposable communication key, and the customer The generated disposable communication key is transmitted to the terminal 300 in a 'method that can be matched to the remittance company identification information'.

According to an additional aspect of the present invention, the 'method that can be matched to the remittance company identification information' is 'a method of matching the remittance company identification information to the disposable communication key and transmitting it to the customer terminal 300.'

Step 335 in Figure 4 is operated.

In step 540, a predetermined remittance application reception ID is generated in the remittance server 200, a predetermined remittance fee matching the 'remittance amount received in step 525' is calculated, and the 'shared alias ID and recipient received in step 525' are calculated. Settlement application information including 'identification information and remittance amount' and the above remittance fee is transmitted to the personal information server 100 in a 'method that can be matched to the remittance company identification information', and the current date and time are displayed on a timer (not shown). The current time value is searched and matched to the remittance application reception ID in the pseudonym transaction DB 230, and the shared alias ID, 'personal information holding organization identification information matched to the personal information server 100' and the 'recipient identification' are searched. Information, remittance amount and remittance fee', 'the current date as the remittance settlement application date' and 'the current time value as the remittance settlement application time information' are stored.

In step 555, the personal information server 100 sends 'predetermined settlement application information including the shared alias ID, recipient identification information, remittance amount, and remittance fee transmitted in a way that can be matched with the remittance company identification information in step 540.' When received, the personal information ID matched to the shared alias ID is searched in the anonymization DB 120, and the communication ID, real name number, and universal account number matched to the personal information ID are searched in the personal information DB 110, The settlement account number and 'remittance company name as service company name' matching the remittance company identification information are searched in the service company DB 170, the current date and current time information are searched in the timer (not shown), and the general purpose The 'remittance amount and remittance fee' is withdrawn from the account number, the operations necessary to deposit the remittance amount in front of the recipient identification information are performed, the operations necessary to deposit the remittance fee in front of the settlement account number are performed, and real-name transaction DB In the real name transaction DB (not shown) matched to the remittance company identification information, which is a sub DB constructed in the real name remittance transaction DB (not shown), which is a sub DB constructed at (130), 'the above general account number as payer identification information' and 'receipt' The recipient identification information as child-specific information, the remittance company identification information as remittance company identification information, the remittance amount, the remittance fee, and the time stamp for the time of remittance, including the current date as the remittance date and the remittance time. The ‘current time information’ as information is stored.

According to an additional aspect of the present invention, the personal information holding institution is a bank in which an account corresponding to the universal account number is opened, and step 555 includes withdrawing the remittance amount from the account and remitting it to the recipient identification information; Includes.

Meanwhile, according to another aspect of the present invention, steps 510 and 555 may be replaced with steps 510-1, 555-1, 560-1, and 565-1 below.

In step 510-1, when the customer enters the recipient identification information, remittance amount, and master password using the input unit (not shown) of the customer terminal 300 and selects the confirmation box, the anonymization DB 312 matches the remittance company identification information. The 'shared alias ID, encrypted password, and one-time communication key' and the 'personal information ID, encrypted password, and one-time communication key' matched to the personal information holding organization identification information are searched, and the entered master password is used as the decryption key. The retrieved, encrypted passwords are decrypted, the shared variable calculation unit 314 outputs a predetermined shared variable, and among the decrypted password for the remittance company, the one-time communication key for the remittance company, and the output shared variables, Calculate personal authentication information for a predetermined remittance company using 'one or more', and use 'the decrypted password for the personal information holding institution, the one-time communication key for the personal information holding institution, and one or more of the output shared variables'. Calculate personal authentication information for the personal information holding institution, and send the above 'shared alias ID, recipient identification information, remittance amount, and remittance date from the customer terminal 300 to the service server of the remittance company (hereinafter referred to as "remittance server") 200. A predetermined amount of remittance application information including the personal authentication information used is transmitted, and a predetermined remittance request information including the personal information ID, remittance company identification information, remittance amount, and personal authentication information for the personal information holding institution is transmitted to the personal information server 100. Send ‘Application Information’

In step 555-1, the personal information server 100 sends a predetermined message including the personal information ID, remittance company identification information, remittance amount, and personal authentication information for the personal information holding organization transmitted from the customer terminal 300 in step 510-1. When 'remittance application information' is received and 'predetermined settlement application information including shared alias ID, recipient identification information, remittance amount, and remittance fee transmitted in a way that can be matched with remittance company identification information in step 540' is received. , search the personal information ID that matches the shared alias ID in the anonymization DB (120), and retrieve the 'communication ID, real name number, universal account number, and hashed password' matched to the personal information ID in the personal information DB (110). The 'one-time communication key' is searched, the shared variable calculation unit 140 outputs a predetermined shared variable, and it is determined whether the searched 'hashed password' matches the 'personal authentication information for the personal information holding institution received above'. .

An additional aspect of step 325 of FIG. 4 also applies to step 555-1.

If the determination in step 555-1 is positive, step 560-1 is operated.

In step 560-1, a one-time communication key is randomly generated in the personal information server 100, and the communication key matched to the 'personal information ID received in step 555-1' is generated in the personal information DB 110. It is updated with a communication key, and the generated one-time communication key is transmitted to the customer terminal 300 in a 'method that can be matched to the personal information holding organization identification information' and matched to the remittance company identification information in the service company DB 170. The settlement account number and 'remittance company name as service company name' are searched, the current date and current time information are searched on a timer (not shown), and the 'remittance amount and remittance fee' are withdrawn from the general account number, The operations necessary to deposit the remittance amount in front of the beneficiary identification information are performed, the operations necessary to deposit the remittance fee in front of the settlement account number are performed, and the real-name remittance transaction DB (not shown), which is a sub-DB constructed in the real-name transaction DB 130, is performed. 'The general account number as payer identification information', 'the beneficiary identification information as recipient identification information', and 'remittance company identification' are identified in the real name transaction DB (not shown) matched to the remittance company identification information, which is a sub-DB constructed in the city). The 'remittance company identification information' as information, the remittance amount, the remittance fee, 'the current date as the remittance date', and 'the current time information as the remittance time information' are stored.

According to an additional aspect of the present invention, the 'method capable of matching personal information holding organization identification information' is 'matching the personal information holding organization identification information to the disposable communication key and transmitting it to the customer terminal 300. It is a 'method'.

Meanwhile, according to another aspect of the present invention, step 560-1 may be replaced with step 560-2 below.

In step 560-2, a one-time communication key is randomly generated in the personal information server 100, and the communication key matched to the 'personal information ID received in step 555-1' in the personal information DB 110 is the generated disposable communication key. It is updated with a communication key, and the generated disposable communication key is transmitted to the customer terminal 300 in a 'method that can be matched to the personal information holding organization identification information' and matched to the remittance company identification information in the service company DB 170. The settlement account number and 'remittance company name as service company name' are searched, the current date and current time information are searched on a timer (not shown), and the 'remittance amount and remittance fee' are withdrawn from the general account number, The operations necessary to deposit the withdrawn 'remittance amount and remittance fee' to the settlement account number are performed, the remittance amount is withdrawn from the settlement account number, and the operations necessary to deposit the remittance amount to the recipient identification information are performed, 'The above general account number as payer identification information' in the real name transaction DB (not shown) matched with the remittance company identification information, which is a sub DB comprised in the real name remittance transaction DB (not shown), which is a sub DB composed of the real name transaction DB (130). and 'the recipient identification information as recipient identification information' and 'the remittance company identification information as remittance company identification information' and 'the current date as the remittance date' and 'as a timestamp for the remittance amount, the remittance fee, and the time of remittance. The ‘current time information’ as remittance time information is stored.

When the 'one-time communication key transmitted in step 560-1' is received at the customer terminal 300 in step 565-1, the communication key matched to the personal information holding organization identification information in the anonymization DB 312 is 'the received one-time use communication key'. It is updated with ‘communication key’.

Figure 7 is a diagram explaining the operation of a service company searching for personal information about its specific customer in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention.

In step 605, when the inquiry box is selected using the input unit (not shown) of the service server 200, the check box matches the 'search condition item identification information and search item identification information' and the inquiry reason input field and a predetermined confirmation. A box is printed.

According to an additional aspect of the present invention, the search condition item identification information and the search item identification information each include one or more identifiers and one or more attributes, and 'among the check boxes matched to the output search condition item identification information, 'One' and 'One of the checkboxes matching the output search item identification information above' are selected and output as default, and 'Identification information indicating all output search condition item identification information' and 'All output search item identification information' are displayed as selected by default. A check box is displayed even if each match is made to ‘identification information’, which means identification information.

As an example of the operation in step 605 when the service server 200 is one of the PIZU servers (hereinafter referred to as "PJU case"), the shared alias ID, the first payment approval application ID, and the first payment approval application ID are used as search condition item identification information. 2Payment approval application ID, approval date, approval time, settlement target identification information, payment amount, and settlement amount are printed, and search item identification information includes shared alias ID, real name number, phone number, e-mail address, address, and purchased product category. Identification information, monthly average payment amount, average payment unit price, and deposit average balance are displayed.

As an example of the operation in step 605 when the service server 200 is one of the remittance servers (hereinafter referred to as "remittance case"), the shared alias ID, recipient identification information, remittance amount, and remittance settlement are used as search condition item identification information. The application date, remittance date, and remittance time information are printed, and search item identification information includes shared alias ID, real name number, universal account number, real name number, phone number, e-mail address, address, monthly average remittance amount, average remittance unit price, and deposit average balance. This is output

In step 610, one or more of the check boxes matched to the search condition item identification information are selected using the input unit (not shown) of the service server 200, and one or more of the check boxes matched to the search item identification information is selected. is selected.

According to an additional aspect of the present invention, in step 610, whenever the check box matching the search condition item identification information is selected, a specified variable input field, a minimum value input field, and a maximum value input field are entered by matching the search condition item identification information. This is output.

In the case of the PJ case and the remittance case illustrated in step 605, when the checkbox matching the first payment approval application ID is selected, the designated variable input field, minimum value input field, and maximum value input field are entered by matching the first payment approval application ID. can be printed.

Meanwhile, according to another aspect of the present invention, in step 605, the 'checkbox matched search condition item identification information and search item identification information' is replaced with 'one or more search condition item identification information input fields and one or more search condition item identification information fields. Search item identification information input fields' are output, and in step 610, 'one or more search condition item identification information and one or more search item identification information' may be entered into each of the input boxes.

In step 615, if a predetermined condition variable is selected or entered by matching 'each search condition item identification information matched to the check box selected in step 610', the search condition item identification information and the condition variable are matched to form one search. Conditions are configured, a predetermined search condition list is created with the configured search conditions, and a predetermined search item list is created with 'search item identification information matched to the check box selected in step 610'.

As an additional aspect of the present invention, when predetermined data is input into the 'designated variable input field output in step 610', one search condition is created by matching the input data to the search condition item identification information as a condition variable. It is composed.

For example, in the case of PJ, if the checkbox matching the first payment approval application ID is selected and "2018052000011" is entered in the output designated variable input field, 'the first payment approval application ID is 201805200001' is one of the search conditions. It is composed.

Meanwhile, as another additional aspect of the present invention, when predetermined data is input into each of the 'output minimum value input field and maximum value input field', the data entered into the minimum value input field (hereinafter referred to as "minimum value") and the maximum value Search conditions are formed by matching the category definition defined by the data entered in the input box (hereinafter referred to as “maximum value”) to the search condition item identification information as a condition variable.

For example, in the case of remittance, if the checkbox matching the remittance settlement application date is selected and "20180520" and "20180521" are entered in the output minimum and maximum value input fields, respectively, 'remittance settlement application date' is May 2018. 'From the 20th to May 20, 2018' is one of the search conditions.

When the search reason identification information is entered in step 620, a predetermined search request including a search reason identification code matching the search reason identification information, a 'search condition list created in step 615', and a 'search item list created in step 615' The information is transmitted to the personal information server 100 in a way that can be matched to the service company identification code.

According to an additional aspect of the present invention, step 620 includes selecting a query reason input field; A step of extracting a search reason list from the inquiry reason DB 260 and outputting it to an output unit (not shown); selecting a predetermined inquiry reason from the output inquiry reason list; and extracting a query reason identification code matching the selected query reason from the query reason DB 260; Includes.

As an example of the PJ case, the step of selecting “Check whether there is a settlement error” from the output inquiry reason list; and extracting “06” as an inquiry reason identification code matching the selected “check for settlement error” from the inquiry reason DB 260; may include.

Also, as an example of a remittance case, the step of selecting “Provide product information” from the output inquiry reason list; and extracting “07” from the inquiry reason DB 260 as a inquiry reason identification code that matches the selected “product information provision”; may include.

According to an additional aspect of the present invention, the 'method capable of matching the service company identification code' is a method of including the service company identification code in the search request information.

In step 625, the personal information server 100 sends 'predetermined search request information including a search condition list, search item list, and inquiry reason identification code transmitted in a manner that can be matched to the service company identification code in step 620.' Once received, the disclosure condition identification information matching the 'received inquiry reason identification code' is searched for each 'each search item identification information included in the search item list' in the inquiry reason DB 160.

As an example of the PJ case and the remittance case, when 'telephone number as one of the search item identification information included in the above search item list' and '06 as the inquiry reason identification code received above' are received, the inquiry reason DB (160) A code that does not require consent can be searched as disclosure condition identification information that matches the 'telephone number as search item identification information' and '06 as inquiry reason identification code'.

As another example of the PJ case and the remittance case, when 'telephone number as one of the search item identification information included in the above search item list' and '07 as the inquiry reason identification code received above' are received, the inquiry reason DB (160 ), the consent required code can be searched as disclosure condition identification information matched with the above 'telephone number as search item identification information' and '07 as inquiry reason identification code'.

If one or more of the 'disclosure condition identification information retrieved in step 625' is a consent-required code, steps 630 to 655 below are operated, and then step 660 is operated.

In step 630, the service company name and communication ID matching the 'service company identification code that can be matched to the information received in step 625' are extracted from the service company DB 170 in the personal information server 100, and 'step 625 'Search condition item identification information and condition variables matched with each other' constituting 'each search condition included in the search condition list received from' are extracted from the 'personal information DB 110 and real name transaction DB 130'. Field identification information matching the search condition item identification information is extracted, data matching the field identification information and 'condition variable matching the search condition item identification information' are extracted, and matching each data. Shared alias IDs are extracted, personal information IDs matching the shared alias IDs are extracted from the anonymization DB 120, and communication IDs matching the ‘extracted personal information IDs’ are extracted from the personal information DB 110. The inquiry reason description information matching the 'inquiry reason identification code received in step 625' is extracted from the inquiry reason DB 160.

According to an additional aspect of the present invention, step 630 includes 'the field identification information' and 'a condition variable matching the search condition item identification information matching the field identification information' in the 'DB from which the field identification information was extracted'. extracting records containing data that all match; and extracting shared alias IDs from the records; may include.

As an example of the PJ case, the 'service company identification code received in step 625' is "PG011", and in the service company DB (170), the service company name and communication ID matched to "PG011" are "Daehan PJ" and "PG011", respectively. If it is "02-3456-7890", the above "Daehan Pig" and "02-3456-7890" will be extracted.

In the case of PJ, only one search condition is included in the search condition list, and the 'matched search condition item identification information and condition variable' that constitute the search condition are "first payment approval application ID" and " If "201805200001", then "First payment approval application" as field identification information matching the "First payment approval application ID" in a certain sub-DB matching the "Service company identification code PG011" of the real name transaction DB (130) ID" is extracted, and a record in which the data stored in the "First Payment Approval Application ID" field is "201805200001" is extracted from the subDB, and a specific shared alias ID stored in the shared alias ID field of the record is used as a 'virtual account The number 226-000296-00107' is extracted, and "Resident registration number 760821-2065321" is extracted as a personal information ID matched to the 'virtual account number 226-000296-00107 as a shared alias ID' in the anonymization DB 120, The 'messenger account ID moonlight@google.com' that matches the 'resident registration number 760821-2065321 extracted above' may be extracted from the personal information DB 110.

And, from the inquiry reason DB 160, “Check whether there is a settlement error” may be extracted as inquiry reason explanation information matched with ‘06, the inquiry reason identification code received in step 625’.

In addition, as an example of a remittance case, the 'service company identification code received in step 625' is "RM003", and in the service company DB (175), the service company name and communication ID matched to "RM003" are "World Remittance" and "World Remittance", respectively. If it is "02-1588-4455", the above "World Remittance" and "02-1588-4455" will be extracted.

As an example of a remittance case, the search condition list includes only one search condition, and the 'matched search condition item identification information and condition variables' that make up the search condition are respectively "remittance settlement application date" and "20180520- 20180521", the "remittance settlement application date" is extracted as field identification information matching the "remittance settlement application date" from a certain sub-DB matching the "service company identification code RM003" of the real name transaction DB (130). Records are extracted from the sub-DB where the data stored in the "Remittance Settlement Application Date" field is 'May 20, 2018 to May 20, 2018', and the specific data stored in the shared alias ID field of the records is extracted. As shared alias IDs, 'virtual account number 101-114936-00107' and 'virtual account number 335-003245-00107' are extracted, and the 'virtual account number 101-114936- as shared alias ID' is extracted from the anonymization DB 120. “Resident registration numbers 800305-2032434 and 761107-1020321” are extracted as personal information IDs matched to ‘00107 and 335-003245-00107’ respectively, and ‘Resident registration numbers 800305-2032434 and 761107-1020321 extracted above’ are extracted from the personal information DB (110). ' 'animal@hanmail.net and locus@naver.com' can be extracted as communication IDs matched to .

And, “Provide product information” may be extracted from the inquiry reason DB 160 as inquiry reason explanation information matched with ‘07, the inquiry reason identification code received in step 625’.

In step 635, the personal information server 100 receives 'service company name extracted in step 630' as information provision request identification information and 'each search item identification information included in the search item list received in step 625 as provision target information identification information. Predetermined consent application information including 'reason for inquiry information extracted in step 630' and 'predetermined consent request phrase' is transmitted to 'communication ID extracted by matching personal information ID in step 630'.

According to an additional aspect of the present invention, the communication ID is one of a phone number, an e-mail address, and a messenger account ID, and in step 635, the block generator 190 of the personal information server 100 generates the consent application information and ' Generate predetermined transaction data including 'Personal information holding organization identification information as sender identification information' and 'The communication ID as recipient identification information', calculate the hash value of the transaction data, and calculate the previous block ID on the blockchain network. Search, encrypt the ‘hash value of the transaction data’ with the secret key of the personal information holding institution, and create a digital signature of the personal information holding institution, and combine the previous block ID, the ‘hash value of the transaction data’ and the digital signature. Generate a predetermined block header containing the hash value of the block header as a predetermined block ID, generate a predetermined block containing the block header and the transaction data, and generate nodes in the node DB 180 ( 600)'s access addresses are searched and the generated block is transmitted to the nodes' 600's access addresses; and when the nodes 600 receive the block, storing the block in the distributed ledger 620; Includes.

Meanwhile, according to another aspect of the present invention, the communication ID is an address, and the transmitted information is sent by registered mail with a content certificate to the address.

Meanwhile, according to another aspect of the present invention, the 'communication ID extracted by matching the personal information ID in step 630' is one of a phone number, an e-mail address, and a messenger account ID, and in step 635, the consent application information is the communication ID. It is not directly transmitted as ID, but is transmitted to the public station server 700 by matching the 'communication ID of the personal information server as sender identification information and the communication ID as recipient identification information', and in step 635, the stationary server 700 sends the 'aforementioned communication ID'. When receiving the consent application information matched to the communication ID, the current date and current time value are searched in a timer (not shown), and a predetermined timestamp consisting of the current date and current time value is entered in the content certification DB 720. ', the 'communication ID of the personal information server as sender identification information', 'the communication ID as recipient identification information', and 'the consent application information as transmission information' are stored, and the stationary server 700 uses the 'recipient identification information. relaying the consent application information with the communication ID as information; Includes.

In step 640, when the 'consent application information transmitted in step 635' is received from the 'customer terminal 300 matched to the communication ID in step 635', under the control of the anonymization app 310, an output unit (not shown) The received 'consent application text, information provision applicant information, provision target information identification information, inquiry reason explanation information', consent box, and rejection box are displayed.

According to an additional aspect of the present invention, the 'consent application information transmitted in step 635' includes a predetermined code, and when the customer terminal 300 receives the code, the anonymization app 310 is started, and the output unit The above information is output (not shown).

In the case of the PJ case exemplified in steps 625 and 630, the customer terminal 300 displays 'Daehan PJ as the service company name', 'telephone number as the target information identification information', and 'whether there is a settlement error as the inquiry reason explanation information. When 'confirmation' and 'predetermined consent application information' including 'prescribed consent request phrase' are received, the consent application information, 'Daehan PJ as information provision applicant information' and 'provision target information identification information' are displayed in the output unit (not shown). 'Telephone number as' and 'Check whether there is a settlement error as inquiry reason explanation information' and the consent box and rejection box will be displayed.

In the case of the remittance case illustrated in steps 625 and 630, the customer terminal 300 provides 'world remittance as service company name', 'telephone number as target information identification information', and 'product information as inquiry reason explanation information. When the consent application information including 'and the prescribed consent application phrase' is received, the consent application information, 'global remittance as information provision applicant information' and 'as provided information identification information' are displayed in the output unit (not shown). 'Telephone number' and 'Provision of product information as inquiry reason information', as well as consent and rejection boxes will be displayed.

In step 645, when the customer selects the consent box using the input unit (not shown) of the customer terminal 300, a master password input field and a confirmation box are output to the output unit (not shown).

In step 650, when the customer enters the master password using the input unit (not shown) of the customer terminal 300 and selects the confirmation box, the anonymization DB 312 enters the personal information ID and ' The 'encrypted password' and the communication key are searched, the 'encrypted password' is decrypted with the master password decryption key, the current shared variable is output from the shared variable calculation unit 314, and the 'decrypted password and the The communication key and at least one of the output shared variables are substituted into a predetermined personal authentication information calculation function to calculate personal authentication information, and the personal information ID and real name are sent from the customer terminal 300 to the personal information server 100. Predetermined consent information is transmitted, including 'one or more of the communication IDs matched to the number and the customer terminal', 'the calculated personal authentication information', and 'predetermined consent phrases'.

According to an additional aspect of the present invention, step 650 includes searching for one or more of 'communication ID matched to customer terminal' and real name number in personal information DB 311; may include.

Additional aspects and other aspects related to personal authentication information illustrated in step 320 of FIG. 4 can also be applied in step 650.

According to an additional aspect of the present invention, step 650 includes searching for 'customer's communication ID' and 'encrypted customer's secret key' in the personal information DB 311 of the customer terminal 300; A communication ID matching the personal information holding organization identification information is searched in the anonymization DB (312); Decrypting the 'encrypted customer's secret key' using the master password as a decryption key; The block generator 319 generates predetermined transaction data including the consent information, 'the communication ID of the customer as sender identification information', and 'communication ID matched to the personal information holding organization identification information as recipient identification information'. Calculate the hash value of the transaction data, encrypt the 'hash value of the transaction data' with the 'decrypted private key of the customer' to generate the customer's digital signature, and generate the 'hash value of the transaction data' generating a predetermined block header including the digital signature and generating a predetermined block including the block header and the transaction data; Searching for connection addresses of nodes 600 in node DB 318; transmitting the generated block to the connection addresses of the nodes 600; When the nodes 600 receive the block, calculating a hash value of 'transaction data extracted from the received block'; Decrypting the calculated hash value and the 'digital signature extracted from the received block' with the 'public key of the owner of the customer terminal 300'; Determining whether the decrypted digital signature matches the hash value; If it is determined that they match, the transaction data, root hash value, and digital signature are extracted from the received block, the previous block ID on the blockchain network is searched, and the previous block ID, the root hash value, the digital signature, and a predetermined By generating a predetermined block header including difficulty information, a predetermined nonce, and a predetermined timestamp, and generating a predetermined completed block including the block header and the extracted transaction data, and storing it in the distributed ledger 620, Arranging the completed block as a subsequent block of ‘the block matched to the immediately preceding block ID’ on the blockchain network; Includes.

Meanwhile, according to another aspect of the present invention, in step 650, the consent information is not directly transmitted to the personal information server 100, but is transmitted to the 'communication ID of the customer terminal as sender identification information and the communication ID of the personal information server as recipient identification information. ' is transmitted to the public service server 700, and in step 650, when the public service server 700 receives the 'consent application information matched to the communication IDs', the current date and current time value are generated from a timer (not shown). This is searched and matched to the current date and current time values in the content certification DB 720, such as 'communication ID of the customer terminal as sender identification information', 'communication ID of the personal information server as receiver identification information' and 'transmission information. The consent information as 'is stored and the public server 700 relays the consent information with the 'communication ID of the personal information server as recipient identification information'; Includes.

In step 655, the personal information server 100 sends a predetermined message containing at least one of the personal information ID, real name number, and communication ID transmitted in step 650 and matched to the customer terminal, predetermined personal authentication information, and a predetermined consent phrase. When 'consent information' is received, the 'hashed password and communication key' matched with the 'personal information ID, real name number, and one or more of the communication ID matched to the customer terminal' are searched in the personal information DB 110, The shared variable calculation unit 140 outputs a predetermined shared variable, and it is determined whether the searched 'hashed password' matches the 'received personal authentication information'.

Additional aspects illustrated at step 325 of FIG. 4 are also applicable at step 655.

If the determination in step 655 is positive, step 660 is operated.

In step 660, a disposable communication key is randomly generated in the personal information server 100, and in the personal information DB 110, 'one or more of the personal information ID, real name number, and communication ID received in step 655 and the communication ID matched to the customer terminal. The communication key matched to ' is updated with the generated disposable communication key, the generated disposable communication key is transmitted to the customer terminal 300, and 'one or more of the personal information DB (110) and the real name transaction DB (130) ', data matching both 'each search item identification information included in the search item list received in step 625' and 'at least one of the personal information ID, real name number, and communication ID matched to the customer terminal' are extracted, The extracted data is matched with 'each shared alias ID extracted in step 630' and 'search item identification information matched and retrieved' to form a reply information list, and the reply information list is 'information received in step 625' It is transmitted to the service server 200 as a reply.

As an example of step 660, “10” may be randomly generated as a one-time communication key in the personal information server 100.

If the above case is an example of the PJ case exemplified in step 640, the communication key matching 'virtual account number 226-000296-00107, the shared alias ID extracted in step 630' in the personal information DB 110 is 'above. It is updated with '10' as the generated one-time communication key, and the '10 as the newly generated one-time communication key' is transmitted to the customer terminal 300, and 'virtual account number 226, which is the shared alias ID, is sent to the anonymization DB 120. 'Resident registration number 760821-2065321', which is a personal information ID, matching '-000296-00107' is extracted, and the phone number, which is the only search item identification information included in the search item list received in step 625, is extracted from the personal information DB 110. '010-1234-4567' may be extracted as data that matches both 'resident registration number 760821-2065321', which is the personal information ID above. In that case, the extracted '010-1234-4567' is matched with '226-000296-00107, which is the shared alias ID, and the phone number, which is search item identification information,' to form a reply information list, and the reply information list is in step ' It will be transmitted to the service server 200 as a reply to the 'information received at 625.'

If the above case is an example of the remittance case illustrated in step 640, 'resident registration number 800305-2032434', which is a personal information ID, matched with 'virtual account number 101-114936-00107', which is the shared alias ID, in the anonymization DB 120. The communication key extracted and matched to 'resident registration number 800305-2032434, which is personal information ID' in the personal information DB 110 is updated to '10, which is the generated one-time communication key,' and the 'new' is sent to the customer terminal 300. 10 as the generated one-time communication key is transmitted, and in the personal information DB 110, 'telephone number, the only search item identification information included in the search item list received in step 625' and 'resident registration number 800305, the personal information ID above. '010-4321-4456' may be extracted as data that matches all of '-2032434'. In that case, the extracted '010-4321-4456' is matched with '101-114936-00107, the shared alias ID and the phone number, which is search item identification information,' to form a reply information list, and the reply information The list will be transmitted to the service server 200 as a reply to the 'information received in step 625'.

In response to the search request information transmitted from the service server 200 in step 665 to the personal information server 100 in step 620, 'predetermined shared alias IDs transmitted from the personal information server 100 in step 660 And when a predetermined reply information list including predetermined data matched with predetermined search item identification information is received, 'matched with predetermined search item identification information' matched with each shared alias ID included in the reply list. A certain analysis operation is performed using certain data.

According to an additional aspect of the present invention, in step 665, data matched with each shared alias ID in the pseudonym transaction DB 230 and field identification information matched with each data, and 'the shared alias ID Step 665a where the matched data and search item identification information received by matching are integrated with the shared alias ID as a mapping key; Includes.

According to an additional aspect of the above aspect, step 665a extracts 'data matched to predetermined field identification information' matched with each shared alias ID from the pseudonym transaction DB 230 and creates a predetermined internal source DB. generating step; and 'data matched to predetermined search item identification information' (hereinafter referred to as "external source DB") matched to each of the received shared alias IDs and the internal source DB as a shared alias commonly included in both DBs. Integrating using the ID field as a mapping key; Includes.

When the 'one-time communication key transmitted in step 660' is received at the customer terminal 300 in step 670, the communication key matched with the personal information holding organization identification information in the anonymization DB 312 is converted into the 'received one-time communication key'. It is updated.

Meanwhile, if all of the 'disclosure condition identification information retrieved in step 625' is a code that does not require consent, 'steps 630 to 655' are omitted and steps 630-1 and 660-1 below are operated.

In step 630-1, 'matched search condition item identification information and condition variables' constituting each search condition are extracted from the search condition list included in the 'search request information received in step 625' in the personal information server 100. Field identification information matching the search condition item identification information is extracted from the 'personal information DB 110 and real name transaction DB 130', and by matching the field identification information, 'the search condition item identification information and Data matching the 'matching condition variable' are extracted, shared alias IDs matching each data are extracted, and personal information IDs matching the shared alias IDs are extracted from the anonymization DB 120.

In step 660-1, the personal information server 100 selects 'each search item identification information included in the search item list received in step 625' from 'one or more of the personal information DB 110 and the real name transaction DB 130'. Data that all matches the 'shared alias ID (or personal information ID) extracted in step 630-1' is extracted, and the extracted data is matched with the 'shared alias ID and search item identification information searched through the matching'. A reply information list is formed, and the reply information list is transmitted to the service server 200 as a reply to the 'search request information received from the service server 200 in step 625'.

After step 660-1 is operated, step 665 is operated.

Meanwhile, if the 'disclosure condition identification information retrieved in step 625' is an unavailable code, 'steps 630 to 655' are omitted and step 660-2 is operated.

In step 660-2, a 'message indicating that the search is not possible' is sent to the service server 200 by matching the 'search item identification information included in the search item list received in step 625'.

Figure 8 is a diagram explaining the operation of a service company searching and utilizing 'anonymized statistics' in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention.

Steps 605 to 610 of FIG. 7 are operated.

In step 615-3, a predetermined condition variable is selected or entered by matching 'each search condition item identification information matched to the check box selected in step 610' and 'each search item identification information matched to the check box selected in step 610. When statistical method identification information matching 'field' is selected, each search condition item identification information and each condition variable are matched to form one search condition, and a predetermined search condition list is created with the constructed search conditions. One search item statistic is defined by matching each search condition item identification information with each statistical method identification information, and a predetermined search item statistic list is created from the search item statistic definitions.

Additional aspects and examples in step 615 of FIG. 7 also apply in step 615-3.

In the case of remittance illustrated in step 615, 'remittance settlement application date from May 20, 2018 to May 20, 2018' is one of the search conditions, and a search condition list is created with the above single search condition. can be exemplified. In this case, if the checkbox matching "monthly average remittance amount" as the search item identification information is selected through the operation of step 615-3 and "average" is selected as the statistical method identification information, 'average monthly remittance amount' is the search processing statistic. It will constitute one of the definitions, and a case in which a list of search item statistics is created as the above one search item statistic definition may be possible.

When the inquiry reason identification information is entered in step 620-3, the inquiry reason identification code matching the inquiry reason identification information, the 'search condition list created in step 615-3' and the 'test item statistics list created in step 615-3' Predetermined search request information including is transmitted to the personal information server 100 in a way that can be matched to the service company identification code.

Additional aspects and instances of step 620 of FIG. 7 are also possible in step 620-3.

In step 625-3, the personal information server 100 sends a predetermined message including a search condition list, search item statistics list, and inquiry reason identification code, transmitted in a way that can be matched to the service company identification code in step 620-3. When 'search request information' is received, 'search item identification information and statistical method identification information' matching 'each search item statistic definition included in the search item statistic list' in the inquiry reason DB 160 Disclosure condition identification information matching the ‘private identification code’ is searched.

In the case of the remittance case exemplified in step 615-3, in step 625-3, the personal information server 100 selects 'As the only search condition constituting the search condition list, the remittance settlement application date is from May 20, 2018. Search application including 'until May 20, 2018' and 'average monthly remittance amount as the single search item statistic definition that constitutes the search item statistic list' and '06 (or 07) as the inquiry identification code.' Information will be received, and it corresponds to 'average monthly remittance amount as search item identification information' and 'average' as 'statistical method identification information' that matches 'search item statistics definition, average of monthly average remittance amount' in the inquiry reason DB (160). The disclosure condition identification information matching '06 (or 07) as inquiry identification code' will be searched. For example, a code that does not require consent can be searched by matching ‘06 as an inquiry reason identification code’, and a code that requires consent can be searched by matching ‘07 as an inquiry reason identification code’.

If one or more of the 'disclosure condition identification information retrieved in step 625-3' is a consent required code, after step 630 in FIG. 7 and steps 635-3 and 640-3 below are operated, steps 645 to 645 in FIG. 7 Step 655 and step 660-3 below are operated.

In step 635-3, the personal information server 100 receives 'service company name extracted in step 630' as information provision application identification information and 'step 625-3 as 'provision target information identification information and matching statistical method identification information'. 'Pairs of search item identification information and statistical method identification information that constitute each search item statistic definition included in the search item statistic list received from ', 'search reason explanation information extracted in step 630' and 'application for prescribed consent. Predetermined consent application information including 'phrase' is transmitted as 'communication ID extracted by matching personal information ID in step 630'.

In step 640-3, when the 'consent application information transmitted in step 635-3' is received from the 'customer terminal 300 matched to the communication ID in step 635-3', under the control of the anonymization app 310, The received consent request text, information provision applicant information, 'providing target information identification information and matching statistical method identification information', inquiry reason explanation information, consent box, and rejection box are output to the output unit (not shown).

In step 660-3, a one-time communication key is randomly generated in the personal information server 100, and in the personal information DB 110, 'one of the communication IDs received in step 655, the personal information ID, the real name number, and the communication ID matched to the customer terminal. The communication key matched to 'one or more' is updated with the generated disposable communication key, the generated disposable communication key is transmitted to the customer terminal 300, and the 'personal information DB 110 and the real name transaction DB 130 In 'one or more', data that matches both the search condition item identification information matching the 'each search item statistic definition constituting the search item statistic list received in step 625-3' and the 'shared alias ID extracted in step 630' Extracted, a statistical method matching the 'statistical method identification information matched to each search condition item identification information' is applied to the 'data extracted by matching each search condition item identification information', and a predetermined statistical quantity is calculated. , a reply list is created by matching the statistical quantity with the 'each matching search condition item identification information', and the reply list is transmitted to the service server 200.

As an example of step 660, “10” and “25” may be randomly generated as disposable communication keys in the personal information server 100.

If the above case is an example of the remittance case illustrated in step 640, the anonymization DB 120 displays 'virtual account number 101-114936-00107 and virtual account number 335-003245-00107, which are shared alias IDs extracted in step 630.' 'Resident registration numbers 800305-2032434 and 761107-1020321' are extracted as personal information IDs matched to each, and the communication keys matched to 'resident registration numbers 800305-2032434 and 761107-1020321 extracted above' are extracted from the personal information DB 110. They are updated with the generated disposable communication keys 10 and 25, respectively, and are respectively updated with 'customer terminal 300 matched to the resident registration number 800305-2032434' and 'customer terminal 300 matched to the resident registration number 761107-1020321'. '10 and 25 as newly generated one-time communication keys' are transmitted, and in the personal information DB 110, 'the average monthly remittance amount, which is the single search item statistic definition constituting the search item statistic list received in step 625-3' '600,000 won' is extracted as data that matches both 'average monthly remittance amount', which is the search item identification information, and 'resident registration number 800305-2032434', which is the personal information ID, and 'average monthly remittance amount' which is the search item identification information '1,400,000 won' can be extracted as data that matches all of the 'resident registration number 761107-1020321', which is the personal information ID above. In that case, the statistical method matching the "average" as the statistical method identification information matched to the "average monthly remittance amount as the search item identification information" is applied to the extracted '600,000 won and 1,400,000 won', resulting in '1,000,000 won' as a predetermined statistical quantity. This will be calculated. Then, a reply list is created by matching the '1,000,000 as a matching statistical quantity' with the 'average monthly remittance amount as search item identification information', and the reply list will be transmitted to the service server 200.

After step 660-3 is operated, steps 665 and 670 of FIG. 7 are operated.

If the 'disclosure condition identification information retrieved in step 625-3' is all "code that does not require consent", 'steps 630 to 655' are omitted and steps 630-4 and 660-4 below are operated.

In step 630-4, 'matched search condition item identification information and condition variables' constituting 'each search condition included in the search condition list received in step 625-3' are extracted from the personal information server 100, Field identification information matching the search condition item identification information is extracted from the 'personal information DB (110) and the real name transaction DB (130)', and by matching the field identification information, 'the search condition item identification information matching the search condition item identification information' is extracted. Data matching the 'condition variable' are extracted, shared alias IDs matching each data are extracted, and personal information IDs matching the shared alias IDs are extracted from the anonymization DB 120.

In step 660-4, the personal information server 100 selects 'one or more of the personal information DB 110 and the real name transaction DB 130' to 'each search item statistic constituting the search item statistic list received in step 625-3. Data matching both the search condition item identification information matching the 'definition' and the 'shared alias ID (or personal information ID) extracted in step 630-4' are extracted, and are extracted by matching each search condition item identification information. A statistical method matching the 'statistical method identification information matched to each search condition item identification information' is applied to the 'data' to calculate a predetermined statistical quantity, and each of the 'statistical quantities matching the search condition item identification information' is calculated. A reply list is created by matching ', and the reply list is transmitted to the service server 200.

In the case of the remittance case illustrated in step 640, the personal information ID matched to 'virtual account numbers 101-114936-00107 and 335-003245-00107 as shared alias IDs extracted in step 630' in the anonymization DB 120, respectively. As such, "resident registration numbers 800305-2032434 and 761107-1020321" will be extracted from the personal information DB 110, and the average monthly remittance amount, which is the single search item statistic definition constituting the search item statistic list received in step 625-3, is extracted from the personal information DB 110. '600,000 won' is extracted as data that matches both 'average monthly remittance amount', which is search item identification information that matches the 'average', and 'resident registration number 800305-2032434, which is the personal information ID extracted above', and 'monthly average search item identification information' '1,400,000 won' can be extracted as data that matches both the 'remittance amount' and 'resident registration number 761107-1020321, which is the personal information ID extracted in step 630.' In that case, the statistical method matching the "average" as the statistical method identification information matched to the "average monthly remittance amount as the search item identification information" is applied to the extracted '600,000 won and 1,400,000 won', resulting in '1,000,000 won' as a predetermined statistical quantity. This will be calculated. Then, a reply list is created by matching the '1,000,000 as a matching statistical quantity' with the 'average monthly remittance amount as search item identification information', and the reply list will be transmitted to the service server 200.

After step 660-3 is operated, step 665 of FIG. 7 is operated.

Meanwhile, if the 'disclosure condition identification information retrieved in step 625-3' is an "unavailable code", 'steps 630 to 655' are omitted and step 660-5 is operated.

In step 660-5, a 'message stating that the search is not possible' is sent to the service server 200 by matching the 'search item identification information included in the search item list received in step 625-3'.

Figure 9 is a diagram explaining an operation in which a customer exercises the right to portability of his or her personal information stored in the personal information server 100 in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention.

In step 705, when the customer terminal 300 accesses the personal information transfer application page of the personal information server 100 by a known method, one or more 'check boxes' are matched to the output unit (not shown) of the customer terminal 300. 'Search item identification information', receiving service company identification information input field, and a predetermined confirmation box are displayed.

According to one embodiment of the present invention, the personal information server 100 stores the server of the transaction bank that stores deposit transaction information of individuals, the server of the tax authority that stores tax payment records, and the national pension payment records of individuals. It is one of the servers of the National Pension Service that stores the National Pension Service's server, the server of the National Health Insurance Corporation that stores the medical insurance premium payment records of individuals, and the server of the telecommunication company that stores the communication fee payment records, and the search item identification information is for the previous year. It is one or more of the following: income tax payment amount, property tax payment amount of the previous year, national pension payment amount of the previous year, communication fee payment amount for the past 3 years, number of delinquency of communication fee over the past 3 years, number of days of overdue communication fee over the past 3 years, communication service subscription date, and delinquency record information.

According to an additional aspect of the present invention, in step 705, the customer selects the anonymization app box output to the output unit (not shown) of the customer terminal 300 using the input unit (not shown) of the customer terminal 300. Step 705a; Step 705b in which site names stored in the site name field are extracted from the anonymization DB 312 and output to the output unit (not shown) of the customer terminal 300; Step 705c in which the customer uses the input unit (not shown) of the customer terminal 300 to select a site name corresponding to a specific personal information holding organization among the output site names: 'Step 705c ( or step 705d in which a connection address matching the 'site name' selected in step 705c-1) of FIG. 10 is searched; The customer terminal 300 has an access address corresponding to the 'access address searched in step 705d', 'the personal information transfer application page of the personal information server 100 operated by the personal information holding agency corresponding to the site name selected in step 705c'. Step 705e connected to; Step 705f in which 'information about the personal information transfer application page accessed in step 705e' is transmitted from the personal information server 100 to the customer terminal 300; And a field for entering the name of the 'search item identification information with matching check boxes' and 'service company to receive personal information' (hereinafter referred to as "receiving service company") on the customer terminal 300 (hereinafter referred to as "receiving service company"). Step 705g, where a predetermined personal information transfer application page including a "name input field" and a confirmation box is output; Includes.

In step 725, the customer selects one or more of the 'check boxes matched to the search item identification information output in step 705' using the input unit (not shown) of the customer terminal 300.

In step 730, the customer uses the input unit (not shown) of the customer terminal 300, selects a predetermined service company name as the receiving service company name by matching it to the receiving service company identification information input field, and selects the confirmation box, The service company identification code that matches the name of the receiving service company is extracted as the service company identification code of the receiving service company, and a master password input field and confirmation box are output to the output unit (not shown).

According to an additional aspect of the present invention, in step 730, the customer enters some of the 'letters constituting the name of the receiving service company' in the receiving service company identification information input field using the input unit (not shown) of the customer terminal 300. Input step 730a; Step 730b in which the input information is transmitted to the personal information server 100; When the personal information server 100 receives the 'information transmitted in step 730a', step 730c in which service company names including the 'received information' are extracted from the service company name field of the service company DB 170; Step 730d in which a service company identification code matching the 'each extracted service company name' is extracted from the service company DB 170; A step of forming a predetermined service company identification information list by matching the 'matched and extracted service company identification code' to each of the extracted service company names, and transmitting the service company identification information list to the customer terminal 300. 730e; When the customer terminal 300 receives the 'service company identification information list transmitted in step 730e', it matches the 'receiving service company name input field output in step 705' and enters 'service company names extracted from the service company identification information list'. ' is output at step 730f; Step 730g in which the customer selects one of the output service company names as the 'service company name of the receiving service company' using the input unit (not shown) of the customer terminal 300; Step 730h in which the service company identification code matching the 'service company name selected in step 730g' is extracted from the 'service company identification information list received in step 730f' at the customer terminal 300 as the 'service company identification code of the receiving service company'. ; Includes.

When the master password is entered into the customer terminal 300 and the confirmation box is selected in step 735, the 'connection address of the personal information server 100' matching the 'page address accessed in step 705' is entered in the anonymization DB 312. The login ID for the personal information server matched to the access address, the 'encrypted password' for the personal information server, the communication key for the personal information server, and the public key of the personal information holding institution are searched, and the 'encrypted password' is searched for in the master. The password is decrypted with a decryption key, the current shared variable is output from the shared variable calculation unit 314, and 'one or more of the decrypted password, the communication key for the personal information server, and the output shared variable' is used as a predetermined identity authentication. Personal information is calculated by being substituted into the information calculation function, and the above personal information is used as 'identification information on the person who will receive the prescribed personal information transfer application information' (hereinafter referred to as "personal information transfer application information recipient identification information"). 'The access address of the server 100' and 'the retrieved login ID' as 'identification information on the person sending the personal information transfer application information' (hereinafter referred to as "personal information transfer application information sender identification information") and 'the above searched login ID' and 'the above. Check boxes selected in step 725 as 'calculated personal authentication information' and 'information for identifying personal information subject to the personal information transfer application' (hereinafter referred to as "personal information item identification information subject to transfer application") The receiving service company in step 730 as ‘matched search item identification information’ and ‘information for identifying the person who will receive the personal information that is the subject of the personal information transfer application’ (hereinafter referred to as “personal information recipient identification information”). Predetermined personal information portability application information including a 'service company identification code extracted as an identification code' is created, and the created personal information portability request information is stored in the personal information server 100 as 'personal information portability request information recipient identification information. It is encrypted with the public key matched to the ‘access address’ (hereinafter referred to as “personal information transfer application information recipient public key”).

According to an additional aspect of the present invention, since the access address connected in step 705 is the access address of the personal information transfer application page of the specific personal information server 100, the 'login ID' searched by matching the access address in step 735 and the encrypted password, communication key, and public key' are, respectively, 'the personal information ID registered by the customer with the personal information holding institution that operates the personal information server 100' and 'the login password registered by the customer with the personal information holding institution. will be the 'encrypted value', 'the communication key stored in the personal information server 100 by matching the personal information ID', and 'the public key of the personal information holding institution'.

Meanwhile, according to another aspect of the present invention, a recipient identification information input field and a recipient public key input field may be output in place of the receiving service company identification information input field in step 705. In this aspect, in step 730, the customer enters the recipient identification information input field. Enter the recipient's communication ID (e.g., one or more of mobile phone number, e-mail address, and messenger account) and the recipient's public key in the recipient public key input box, and enter the recipient's public key in step 735 as the receiving service company identification code in step 730. Instead of the 'extracted service company identification code', 'the recipient's communication ID as recipient identification information' and 'the recipient's public key' are included in the personal information transfer application information.

Additional aspects and other aspects related to personal authentication information illustrated in step 320 of FIG. 4 are also applicable in step 735.

In step 740, the communication ID and 'encrypted secret key' of the customer terminal 300 are retrieved from the personal information DB 311, the encrypted secret key is decrypted with the 'master password entered in step 735', and a block is generated. Unit 319 creates predetermined transaction data including ‘personal information transfer application information encrypted in step 735’, ‘the communication ID as sender identification information’, and ‘connection address retrieved in step 735 as recipient identification information’. , calculate the hash value of the transaction data, encrypt the 'hash value of the transaction data' with the 'decrypted secret key' to generate a digital signature of the customer, and generate the hash value of the transaction data, the transaction data and the A predetermined block containing a digital signature is generated, the connection addresses of the nodes 600 are searched in the node DB 318, and the created block is connected to the 'connection address searched in step 735' and the 'nodes 600'. ) is transmitted to the connection addresses of '.

According to an additional aspect of the present invention, prior to step 740, the secret key of 'the customer matching the customer terminal 300' is generated or input by a predetermined method at the customer terminal 300; Entering the customer's master password into the customer terminal 300; Encrypting the secret key with the input master password; Storing the encrypted secret key in the personal information DB (311); operates.

When the nodes 600 receive the 'block transmitted in step 740 (or step 740-1 in FIG. 10)' in step 745, the block is stored in the distributed ledger 620.

According to an additional aspect of the present invention, step 745 includes calculating a hash value of 'transaction data extracted from the received block' at each node 600; Decrypting the 'digital signature extracted from the received block' with the 'public key of the owner of the customer terminal 300'; Determining whether the decrypted digital signature matches the hash value; If it is determined that they match, the root hash value of the transaction data including the transaction data included in the received block is calculated, the previous block ID on the blockchain network is searched, and the previous block ID, the root hash value and a predetermined Generate a block header including difficulty information, nonce, and timestamp, and create a predetermined completed block including the block header and 'transaction data including the extracted transaction data used to calculate the root hash value.' Arranging the completed block as a subsequent block of 'the block matched to the immediately preceding block ID' on the blockchain network by generating and storing it in the distributed ledger 620; Includes.

When the personal information server 100 receives the 'block transmitted in step 740' in step 760, transaction data is extracted from the block, 'encrypted personal information transfer application information' is extracted from the transaction data, and the encryption The personal information transfer application information is decrypted using the decryption key 'the secret key of the personal information holding organization retrieved by a predetermined method', and the personal information transfer application information recipient identification information and 'personal information transfer information' are decrypted from the decrypted personal information transfer application information. 'Predetermined personal information ID' as application information sender identification information, prescribed personal authentication information, 'predetermined search item identification information as personal information item identification information for transfer application' and prescribed personal information recipient identification information are extracted, The 'hashed password and communication key' matching the 'extracted personal information ID' is searched in the information DB 110, the shared variable calculation unit 140 outputs a predetermined shared variable, and the searched 'hash It is determined whether the 'defined password' matches the 'received personal authentication information'.

Additional aspects illustrated at step 325 of FIG. 4 are also applicable at step 760.

Meanwhile, as personal information recipient identification information to be included in the personal information transfer application information in step 735, 'communication ID and public key of personal information recipient' replaces 'service company identification code extracted as receiving service company identification code in step 730'. If included, the 'communication ID and public key' will be extracted from the decrypted personal information transfer application information in step 760 by replacing the service company identification code.

If the determination in step 760 is positive, step 765 is operated.

In step 765, 'personal information ID extracted in step 760 (or step 760-1 in FIG. 10)' and 'step 760 (or step 760-1 in FIG. 10) are extracted from the personal information DB 110 and the real name transaction DB 130. ) are extracted, and the extracted data and the 'matched search item identification information' are matched to create predetermined target information, and a predetermined disposable information is randomly generated. A communication key is generated, the communication key matched to the personal information ID in the personal information DB 110 is updated with the generated communication key, and the communication ID matched to the personal information ID is searched in the personal information DB 110. , the updated communication key is transmitted to the customer terminal 300 matched to the communication ID in a 'method that can be matched to the personal information holding organization identification information'.

According to an additional aspect of the present invention, in step 765, when the customer terminal 300 receives the updated communication key in a 'method that can be matched to personal information holding organization identification information', the anonymization app 310 Activating and updating the communication key matched with the personal information holding organization identification information in the anonymization DB 312 with the received communication key; Includes.

In step 780, the 'public key and communication ID' matching the 'service company identification code as personal information recipient identification information extracted in step 760' is searched in the service company DB (170), and the anonymization DB (120) searches for the individual. A shared alias ID that matches both the information ID and the service company identification code is searched, predetermined personal information movement information including the shared alias ID and 'provided information created in step 765' is created, and the searched public key is used to generate the shared alias ID. Personal information movement information is encrypted, and the encrypted personal information movement information is transmitted with a communication ID matching the recipient identification information.

Meanwhile, according to another aspect of the present invention, the personal information movement information may include the personal information ID in place of the shared alias ID or in addition to the shared alias ID.

Meanwhile, in the case where 'the communication ID and public key of the recipient' are extracted from the decrypted personal information transfer application information in step 760 by replacing the receiving service company identification code, in step 780, 'from the service company DB 170' The operation of searching for the public key and communication ID matched to the receiving service company identification code is omitted, the personal information movement information will be encrypted with the 'extracted public key of the recipient', and the encrypted personal information movement information will be transmitted as 'the extracted communication ID of the recipient'.

Hereinafter, "transmitted with a communication ID matching the recipient identification information" refers to an operation of transmitting with a communication ID found by matching the receiving service company identification code in the service company DB 170, and the received 'recipient's Commonly referred to as ‘communication ID’.

In step 785, when the service server 200 receives the 'encrypted personal information movement information' transmitted in step 780, the 'secret key of the service company matching the service server 200' retrieved by a predetermined method is used as the decryption key. The 'encrypted personal information transfer information' is decrypted, and a predetermined operation is performed using the decrypted information.

According to an additional aspect of the present invention, the service server 200 is a server of one of a financial company and a credit rating company, and the customer terminal 300 is a server that wishes to receive a loan from the financial company or receives credit from the credit rating company. This is the mobile phone of the person who wishes to undergo a rating review, and the decrypted information is one of the customer's tax payment performance information, national pension payment performance information, and communication bill payment performance information, and the predetermined operation determines the customer's credit rating. It is an evaluation action.

10 shows a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention, in order for the customer to conveniently exercise the right to portability of his/her personal information stored in multiple personal information servers 100. , This is a diagram explaining an embodiment of the operation of centrally storing the personal information in the personal information management server 800.

In step 705-1, when the customer terminal 300 accesses the personal information collection application page of the personal information management server 800 by a known method, one or more personal information is stored in the output unit (not shown) of the customer terminal 300. A personal information collection application screen is displayed, including an institution name input field and a certain confirmation box.

According to an additional aspect of the present invention, step 705-1 includes steps 705a and 705b in Figure 9; Step 705-1c in which the customer uses the input unit (not shown) of the customer terminal 300 to select a site name corresponding to a personal information management agency from among the output site names: Step 705d in FIG. 9; Step 705 where the customer terminal 300 is connected to the 'main page of the personal information management server 800 operated by the personal information management agency corresponding to the site name selected in step 705-1c', which is the 'connection address searched in step 705d'. -1e; Step 705-1f in which 'information about the main page accessed in step 705-1e' is transmitted from the personal information management server 800 to the customer terminal 300; Step 705-1g, where 'a predetermined main screen including a personal information collection box and a personal information sales box' is displayed on the customer terminal 300; Step 705-1h in which the customer selects the printed personal information collection box using the input unit (not shown) of the customer terminal 300: Information on selecting the personal information collection box is transmitted to the personal information management server 800 Step 705-1i; When the personal information management server 800 receives 'information on selecting the personal information collection box', 'information on the personal information collection application screen' is transmitted from the personal information management server 800 to the customer terminal 300 in step 705. -1j; and step 705-1k, where a predetermined personal information collection application screen including one or more personal information holding organization name input fields and a confirmation box is displayed on the customer terminal 300; Includes.

In step 710-1, when the customer uses the input unit (not shown) of the customer terminal 300, selects or enters a predetermined personal information holding organization name by matching it to the personal information holding organization name input field and selects the check box, ' The personal information holding organization identification code that matches the ‘name of the personal information holding organization selected or entered above’ is transmitted to the personal information management server 800.

According to an additional aspect of the present invention, in step 710-1, the customer uses the input unit (not shown) of the customer terminal 300 to enter 'letters constituting the name of the personal information holding organization' in the personal information holding organization name input field. Step 710-1a of entering part of; Step 710b in which the input information is transmitted to the personal information management server 800; When the personal information management server 800 receives the 'information transmitted in step 710-1a', the personal information holding organization name field of the personal information holding organization DB 850 contains the 'received information'. Step 710-1c in which organization names are extracted; Step 710-1d in which a personal information holding organization identification code matching the 'names of each extracted personal information holding organization' is extracted from the personal information holding organization DB (850); A step of matching the 'personal information holding organization identification code extracted by matching' to each of the extracted personal information holding organization names to create a predetermined personal information holding organization identification information list and transmitting it to the customer terminal 300. 710-1e; When the customer terminal 300 receives the 'personal information holding organization identification information list transmitted in step 710-1e', it matches the 'personal information holding organization name input field output in step 705-1' and enters the 'personal information holding organization name input field'. Step 710-1f in which 'names of personal information holding institutions extracted from the identification information list' are output; Step 710-1g in which the customer selects 'one of the output personal information holding organization names' using the input unit (not shown) of the customer terminal 300; Step 710 in which the personal information holding organization identification code matching the ‘personal information holding organization name selected in step 710-1g’ is extracted from the ‘personal information holding organization identification information list received in step 710-1f’ at the customer terminal 300. -1h; Includes.

When the personal information management server 800 receives the 'personal information holding organization identification code transmitted in step 710-1' in step 715-1, it matches the personal information holding organization identification code in the personal information holding organization DB 850. Thus, the field identification information of the field in which the information provision attribute is stored is extracted as search item identification information, and the extracted search item identification information is transmitted to the customer terminal 300.

When the customer terminal 300 receives 'search item identification information transmitted in step 715-1' in step 720-1, the search item identification information is each matched with a predetermined check box in an output unit (not shown). Printed, the movement cycle identification information is output matching each predetermined check box, and the master password input field and confirmation box are output.

According to an additional aspect of the present invention, 'identification information for selecting all search items' (eg, "all") may be included as one of the search item identification information.

According to an additional aspect of the present invention, the movement cycle identification information includes information for identifying a one-time movement (e.g., "just this one time") and information for identifying a repetitive movement cycle (e.g., "every month"). 'Move whenever a specific event (e.g., personal information change event, event applied by a personal information management agency, etc.) occurs, but information to identify the effective period for such event' (e.g., "1 year" from today) and One or more of the following information may be included to identify the expiration date of such request delegation (e.g., “June 30, 2019”).

According to an additional aspect of the present invention, one or more of the check boxes output in step 720-1 may be selected as default.

In step 725-1, information for selecting predetermined search item identification information, information for selecting predetermined movement cycle identification information, and a master password are entered into the customer terminal 300, and a confirmation box is selected.

As an example of an embodiment of the operation in step 725-1, the customer uses the input unit (not shown) of the customer terminal 300 to select 'check boxes matched to each search item identification information output in step 720-1. Select one or more of the checkboxes matching each movement cycle identification information, enter the master password, and select the confirmation box.

In step 730-1, 'names of each personal information holding organization selected in step 710-1' are sent to the customer terminal 300, and 'identification of each personal information holding organization matching the name of the personal information holding organization' in the anonymization DB 312. The personal information ID, encrypted password, and communication key matched to the 'codes' are searched, each of the searched 'encrypted passwords' is decrypted using the master password as the decryption key, and the current shared variable calculation unit 314 A variable is output, and for each decrypted password, at least one of 'each decrypted password', 'a communication key searched by matching the password with an encrypted value', and 'the output shared variable' is provided as predetermined personal authentication information. Personal information is calculated by being substituted into the calculation function, and personal information is held that matches the name of each personal information holding organization and the name of the personal information holding organization as personal information transfer application recipient identification information. 'Organization identification code' and 'the retrieved personal information ID as personal information transfer application information sender identification information' and 'each calculated personal authentication information above' and 'as personal information item identification information subject to transfer application, check selected in step 725-1 ‘Step 705 as search item identification information matched to each of the boxes’ and ‘information for identifying the person who will receive the personal information subject to the personal information transfer application’ (hereinafter referred to as “personal information recipient identification information”) Predetermined personal information transfer application information including the 'connection address of the personal information management server (800) accessed from -1' is created, and the anonymization DB (312) uses the personal information recipient identification information as 'the personal information management server ( 800) access address' (hereinafter referred to as "personal information recipient public key") and a public key matched to each of the above 'personal information holding organization identification codes as personal information transfer application information recipient identification information' (hereinafter referred to as "personal information recipient public key"). (referred to as "Personal Information Portability Application Information Recipient Public Key") are searched, and each of the personal information portability application information is first encrypted with the encryption key of each personal information portability application information recipient public key, and then the first encrypted After each of the above ‘Personal Information Holding Organization Identification Codes as Personal Information Portability Application Information Recipient Identification Information’ is matched to the ‘Personal Information Portability Application Information Recipient’ The matched primary encrypted personal information transfer application information' is secondarily encrypted using the 'personal information recipient public key' as the encryption key.

Additional aspects and other aspects related to personal authentication information illustrated in step 320 of FIG. 4 can also be applied in step 730-1.

In step 735-1, the customer terminal 300 calculates a hash value for each of the 'secondary encrypted personal information transfer application information in step 730-1', and the 'encrypted secret key' and the 'encrypted secret key' in the personal information DB 311. The communication ID of the customer terminal 300 is searched, the 'encrypted secret key' is decrypted using the 'master password entered in step 725-1' as a decryption key, and each 'personal information secondarily encrypted in step 730-1 Each predetermined transaction including ‘transfer application information’ and the communication ID as personal information transfer application information sender identification information and ‘personal information holding organization identification code in step 730-1’ as personal information transfer application information recipient identification information. Write data, calculate hash values of the transaction data, calculate the root hash value by integrating the hash values using a known method, and encrypt the root hash value with the 'decrypted secret key' to create the root hash value. A digital signature is generated, and a predetermined block containing the root hash value, the root digital signature, and the transaction data is generated.

A known method of calculating a root hash value by integrating the hash values of each transaction data includes calculating a hash value of data by combining the hash values of each transaction data two by two, and recombining the calculated hash values. This is a method of repeating the operation of calculating the hash value of data combined two by one until only one hash value remains, and defining the last remaining hash value as the root hash value.

According to an additional aspect of the present invention, when there is only one transaction data, the hash value of the transaction data becomes the root hash value.

In step 740-1, the connection addresses of the nodes 600 are searched in the node DB 318, and the 'block created in step 735-1' is sent to the recipient in step 735-1 (or step 835 in FIG. 11). As identification information, it is transmitted to the connection address of the personal information management server 800 and the connection addresses of the nodes 600 included in the transaction data.

Step 745 of Figure 9 is operated.

When the personal information management server 800 receives the 'block transmitted in step 740-1' in step 750-1, 'personal information transfer application information sender identification' commonly included in 'each transaction data read from the block' The communication ID as information is read, the public key matched to the communication ID is searched in the customer information DB 810, and the value obtained by decrypting the 'root digital signature read from the block' with the public key is 'from the block. Determine whether it matches the root hash value of each read transaction data.

According to an additional aspect of the present invention, step 750-1 includes calculating the root hash value of 'transaction data read from the block'; determining whether the calculated root hash value matches the 'root hash value read from the block'; Decrypting the root digital signature with the public key; determining whether the decrypted root digital signature matches the 'root hash value read from the block'; may include.

If the determination in step 750-1 is positive, step 755-1 is operated.

In step 755-1, the 'block received in step 750-1' is stored in the distributed ledger 820 from the personal information management server 800, and each secondary encrypted individual read from each transaction data included in the block. The information transfer application information is first decrypted using the decryption key 'the secret key of the personal information management agency retrieved by a predetermined method', and each of the primary decrypted 'primary encrypted personal information portability application information' is registered with the corresponding personal information holding agency. The above-mentioned personal information holding organization identification codes are read from the ‘information with matching identification code’, and each ‘personal information holding organization identification code as personal information transfer application information recipient identification information’ is read from the personal information holding organization DB (850). Matched access addresses (hereinafter referred to as "personal information portability application information recipient access addresses") are searched, and each of the 'primary encrypted personal information portability request information' is sent to a device corresponding to the personal information portability application information recipient access address. It is transmitted to each personal information server 100 in a 'method that can be matched with personal information management agency identification information.'

One embodiment of the 'method that can be matched with personal information management agency identification information' is a method of matching and transmitting the personal information management agency identification information with the encrypted personal information transfer application information.

In step 760-1, when the personal information server 100 receives 'primary encrypted personal information transfer application information transmitted in a way that can be matched with the personal information management agency identification information in step 755-1', the above ' The first encrypted personal information transfer application information' is decrypted using the decryption key 'the secret key of the personal information holding institution, searched by a predetermined method', and the 'personal information transfer application information sender' is decrypted from the 'decrypted personal information transfer application information'. 'Personal information ID as identification information', personal authentication information, and search item identification information are extracted, and 'hashed password and communication key' matching the personal information ID are searched in the personal information DB 110, and shared variables are calculated. The unit 140 outputs a predetermined shared variable, and it is determined whether the searched 'hashed password' matches the 'received personal authentication information'.

Additional aspects illustrated in step 325 of FIG. 4 are also applicable in step 760-1.

If the judgment in step 760-1 is positive, step 765 of FIG. 9 and steps 770-1 and below are operated.

In step 770-1, the public key of the personal information management agency and the individual matching the 'personal information management agency identification information matching the information received in step 760-1' in the service company DB 170 from the personal information server 100 The communication ID of the information management agency is searched, and in the anonymization DB 120, 'personal information ID extracted from personal information transfer application information in step 760-1' and 'above personal information management agency identification information as service company identification code' All matching shared alias IDs are searched, predetermined personal information movement information including the shared alias ID and 'provided information created in step 765' is created, and the searched 'public key of the personal information management agency' is used. Personal information movement information is encrypted, and the searched 'personal information management agency's communication in a way that allows the encrypted personal information movement information to be matched with 'personal information holding organization identification information matched to the personal information server 100' It is transmitted to the personal information management server (800) matching the 'ID'.

Meanwhile, according to another aspect of the present invention, the personal information holding agency operating the personal information server 100 trusts the customer information protection method of the 'personal information management agency operating the personal information management server 800', The personal information movement information may include the personal information ID in place of the shared alias ID.

One embodiment of the 'method capable of matching personal information holding organization identification information' is a method of matching and transmitting the personal information holding organization identification information to the encrypted personal information movement information.

In step 775-1, when the personal information management server 800 receives 'encrypted personal information movement information transmitted in a method that can be matched with the personal information holding organization identification information in step 770-1', the 'encryption The 'personal information movement information' is decrypted using the decryption key 'the secret key of the personal information management agency searched by a predetermined method', and from the decrypted personal information movement information, 'one of the personal information ID and the shared alias ID' and the subject of provision are provided. Information is extracted, 'information matched to search item identification information' is extracted from the provision target information, and 'the shared alias ID (or personal information) matched with the personal information holding organization identification information in the customer information DB 810 A record containing 'ID)' is extracted, a mapping anonymous ID is extracted from the record, and the mapping anonymous ID is matched with 'field identification information matching the search item identification information' in the combination DB 860 to search for the 'search. Information ‘matched to the item identification information’ is stored.

Figure 11 shows an operation in which a customer receives compensation and exercises the right to port his or her personal information stored in the personal information management server 800 in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention. This is a drawing explaining an embodiment.

In step 805, when the customer terminal 300 accesses the personal information sales application page of the personal information management server 800 by a known method, predetermined personal information is sent from the personal information management server 800 to the customer terminal 300. Information regarding the sales application screen is transmitted.

According to an additional aspect of the present invention, step 805 includes steps 705a to 705-1g in FIG. 10; Step 705-1m in which the customer selects the printed personal information sales box using the input unit (not shown) of the customer terminal 300: Information on selecting the personal information sales box is transmitted to the personal information management server 800 Step 705-1n; Step 705 - When the personal information management server (800) receives 'information on selecting the personal information sales box', 'information on the personal information sales application screen' is transmitted from the personal information management server (800) to the customer terminal (300). 1o; Includes.

When information about the personal information sales application screen is received from the customer terminal 300 in step 810, the access address matching the 'page accessed in step 805' is retrieved from the anonymization DB 312 under the control of the anonymization app 310. A login ID matching the access address of the personal information management server 800 is searched, and the login ID is transmitted to the personal information management server 800.

When the 'login ID transmitted in step 810' is received from the personal information management server 800 in step 815, the mapping anonymous ID matching the login ID is searched in the personal information DB 810, and the mapping anonymous ID is searched in the combination DB 860. The field identification information of the fields in which the information of the record matched to the mapping anonymous ID is stored is extracted, and in the price DB 870, 'one or more of the login ID and the mapping anonymous ID' and all of the field identification information are matched. Prices are searched, a predetermined sales availability information table is created by matching the searched prices with the 'field identification information as search item identification information', and the sales availability information table is transmitted to the customer terminal 300.

According to an additional aspect of the present invention, the login ID may be implemented in the same way as the mapping anonymous ID. In an embodiment where this additional aspect is applied, the 'operation of searching for a mapping anonymous ID matching the login ID in the personal information DB 810' is omitted in step 815.

delete

An example of the combination DB 860 and the price DB 870 is shown in Figures 13 and 14, respectively. In the above example, if the mapping anonymous ID matched to the 'login ID transmitted in step 810' in the personal information DB 810 is "0002", the field in which the information of the record matched to the mapping anonymous ID in the combination DB 860 is stored is stored. As field identification information, “mobile phone number”, “deposit”, “payment amount for the last 3 months”, “address 1”, “detailed address”, and “gender” will be extracted. In addition, in the price DB 870, "300" is the price that matches both "0002" and the "mobile phone number", and "200" is the price that matches both "0002" and the "pastment amount for the last three months". Each price will be searched, and the price that matches all of the extracted field identification information other than "0002" will not be searched. Accordingly, a marketable information table as illustrated in FIG. 15 will be created. The above price unit can be expressed in both legal currency (e.g., "won") and the display currency of points and cryptocurrency, but this specification focuses on the example of the display currency of cryptocurrency.

When the customer terminal 300 receives the sellable information table in step 820, the matched search item identification information and price included in the sellable information table are matched to the checkbox and output, and the master password input field and checkbox are displayed. is output.

If step 820 is operated in the case illustrated in step 815, the output will be as illustrated in FIG. 16.

In step 825, when information for selecting one or more of the search item identification information output from the customer terminal 300 and a master password are input and a check box is selected, 'the selected search item identification information' is respectively 'the search item identification information'. A predetermined sales request table is created that matches the information and includes the printed price.

One embodiment of the operation in which the 'information for selecting one or more of the search item identification information' is input is an operation in which the customer selects one or more of the check boxes using the input unit of the customer terminal 300.

According to an additional aspect of the present invention, step 825 includes the customer modifying the output price using the input unit of the customer terminal 300; It may include, and in this case, the sales application table includes the revised price.

In the example illustrated in step 820, in step 825, the checkbox matching the “mobile phone,” the checkbox matching the “last 3 months payment amount,” and the checkbox matching “gender” are selected, and the checkbox matching the “gender” is selected. If the matched price is updated to 100 coins, a sales request table as shown in Figure 17 will be created.

In step 830, the login ID, 'encrypted password', communication key, and personal information matched to the access address of the personal information management server 800, which is the access address matching the 'page accessed in step 805' in the anonymization DB 312. The public key of the management organization is searched, the 'encrypted password' is decrypted using the master password decryption key, the current shared variable is output from the shared variable calculation unit 314, and the 'decrypted password and the communication key are and 'one or more of the output shared variables' are substituted into a predetermined personal authentication information calculation function to calculate personal authentication information, and a predetermined number including the login ID, the personal authentication information, and 'the sales application table created in step 825' Personal information sales application information is created, and the personal information sales application information is encrypted using the public key of the personal information management agency as an encryption key.

Additional aspects and other aspects related to personal authentication information illustrated in step 320 of FIG. 4 can also be applied in step 830.

Figure 11 is a diagram illustrating an embodiment of the operation of selling one's personal information stored in the personal information management server 800. In step 830, the personal information sales application information is encrypted with the public key of the personal information management agency. However, of course, the operation described in FIG. 11 can be similarly applied to a method of selling one's personal information stored in the personal information server 100. In the step corresponding to step 830 in the above example, the personal information sales application information is encrypted with the public key of the personal information holding institution.

In step 835, the hash value of the 'personal information sales application information encrypted in step 830' is calculated at the customer terminal 300, and the 'encrypted secret key' and the communication ID of the customer terminal 300 are calculated in the personal information DB 311. is searched, the 'encrypted secret key' is decrypted using the 'master password entered in step 825', each 'personal information sales application information encrypted in step 830' and the communication ID and recipient identification as sender identification information Creating each predetermined transaction data including 'the access address of the personal information management agency matching the page accessed in step 805' as information, generating a hash value of the transaction data, and encrypting the hash value with the secret key. A digital signature is calculated, and a predetermined block containing the digital signature, the hash value, and the transaction data is generated.

If the other aspect in step 830 is applied, in step 835, the transaction data includes the access address of the personal information management agency in place of the 'access address of the personal information management agency' as recipient identification information.

Steps 740-1 and 745 in Figure 10 are operated.

When the personal information management server 800 receives the 'block transmitted in step 740-1' in step 850, it reads the 'communication ID as sender identification information' included in the 'transaction data read from the block', and Search for the public key matched to the communication ID in the information DB 810, decrypt the 'digital signature read from the block' with the public key, and use the 'transaction data read from the block' as the decrypted value. It is determined whether it matches the calculated hash value.

According to an additional aspect of the present invention, step 850 includes determining whether the hash value calculated using 'transaction data read from the block' matches the 'hash value read from the block'; and determining whether the calculated hash value matches the 'hash value read from the block'; may include.

If the determination in step 850 is positive, step 855 is operated.

In step 855, the 'block received in step 850' is stored in the distributed ledger 820 from the personal information management server 800, and the 'encrypted personal information sales application information' read from the transaction data included in the block is ' The 'secret key of the personal information management agency, searched by a predetermined method,' is decrypted with a decryption key, and 'login ID, personal authentication information, and sales application table' are extracted from each decrypted personal information sales application information, and the customer information DB ( In 810), the 'hashed password and communication key' matching the login ID is searched, the shared variable calculation unit (not shown) outputs a predetermined shared variable, and the searched 'hashed password' is It is determined whether it matches the received personal authentication information.

Additional aspects illustrated at step 325 of FIG. 4 are also applicable at step 855.

If the determination in step 855 is positive, step 865 is operated.

In step 865, the mapping anonymous ID matching the 'login ID extracted in step 855' is searched in the customer information DB 810, and the mapping anonymous ID and the 'sales application table extracted in step 855' are searched in the combination DB 860. “Information provision attribute” is stored in the sales availability field that matches all of the “field identification information matching the included search item identification information,” and “at least one of the above login ID and mapping anonymous ID” is stored in the price DB 870. And the price matched to each field identification information is updated to 'the price matched to the search item identification information matched to the field identification information in the sales application table', a one-time communication key is randomly generated, and customer information In the DB 810, the communication key matched to the login ID is updated with the generated communication key for the first call, the communication ID matched to the login ID is searched in the customer information DB 810, and the customer matched to the communication ID is searched. The updated communication key is transmitted to the terminal 300 in a 'method that can be matched to the personal information holding organization identification information'.

If step 865 was operated in the case illustrated in step 825, the 'search item identification information included in the sales application table extracted in step 855' would be "mobile phone number", "payment amount for the last 3 months", and "gender". Therefore, in the combination DB 860 illustrated in FIG. 13, the mapping anonymous ID "0002" and the sales availability field that matches both 'each mobile phone, payment amount for the last three months, and gender' are entered as an "information provision attribute". By storing “1”, the combination DB 860 will be updated as illustrated in FIG. 18. And the price DB 870 illustrated in FIG. 14 will be updated as illustrated in FIG. 19.

In addition, according to an additional aspect of the present invention, in step 865, when the customer terminal 300 receives the updated communication key in a 'method that can be matched to personal information holding organization identification information', the anonymization app 310 This step is activated, and the communication key matched with the personal information holding organization identification information in the anonymization DB 312 is updated with the received communication key; Includes.

Figure 12 shows an example of an operation in which the service server 200 purchases personal information for sale stored in the personal information management server 800 in a preferred embodiment of the personal information protection and utilization method using the shared alias ID of the present invention. This is a drawing explaining.

In step 905, when the service server 200 accesses the personal information sales page of the personal information management server 800 by a known method, the personal information management server 800 sends 'one or more search items' to the service server 200. Information on a predetermined personal information sales screen is transmitted, including a predetermined target search item table in which price statistics and prices and check boxes are matched to the identification information.

According to an additional aspect of the present invention, in step 905, one or more 'information providing attribute matched information' among 'each field identification information configured in the combination DB 860' is identified that matches the stored field identification information. A step of extracting them as 'provided search item identification information'; Calculating statistics of prices stored in the price DB (870) by matching them with the target search item identification information using a predetermined method; Calculating a default price using the statistical quantity; and creating a predetermined target search item table in which the price statistics, 'price matching the default price', and check boxes are matched to the search item identification information. Includes.

According to an additional aspect of the present invention, the method for calculating the statistics of the prices is the 'average, median, mode, minimum, maximum, upper 10% quantile, 20% quantile, and lower 10% quantile of the prices. and one or more of the 20% quantile values.

If step 905 of the above additional aspects is operated in the case illustrated in step 865 of FIG. 11, one or more 'information providing attributes' among 'each field identification information configured in the combined DB 860 illustrated in FIG. 18' match. “Mobile phone”, “Deposit”, “Payment amount for the last 3 months”, and “Gender” are extracted as field identification information stored in the ‘information’, and the field identification information will be extracted as search item identification information to be provided. In the above case, if the price DB 970 is as illustrated in FIG. 19 and the average is used as the statistic, "300" as the average matching the "mobile phone" and "200" as the average matching the "deposit" , "150" is calculated as the average matching the "Payment Amount for the Last 3 Months" and "100" is calculated as the statistical quantity matching the "Gender", and the average matching "Address 1" and "Detailed Address" cannot be calculated. will be. In the case where the default price is calculated by multiplying the average by 110%, the provided item table illustrated in FIG. 20 can be created.

When information about the personal information sales screen is received from the service server 200 in step 920, the provided item table, login ID input field, password input field, and confirmation box are output to the output unit (not shown).

In step 925, when one or more search item identification information is selected in the service server 200, the 'price output by matching the search item identification information' is matched to each selected search item identification information, and a predetermined purchase request is made. A table is created.

According to an additional aspect of the present invention, step 925 includes modifying a price included in the received offer item table; It may include, and in this case, the purchase request table includes the revised price.

In the case illustrated in step 905, if “mobile phone” and “payment amount for the last 3 months” are selected as search item identification information in step 925, and the price matching the “payment amount for the last 3 months” is modified to “130”, Figure 21 The purchase request table shown in will be created.

According to another aspect of the present invention, the price may be omitted from the purchase request table, and in this case, the default price calculated in a predetermined manner in the personal information management server 800 replaces the price.

In step 930, in the service company information DB 210, 'login ID of the service company for accessing the personal information management server' and 'communication ID of the service server 200' and 'personal information management operating the personal information management server 800' The 'public key of the institution' is searched, predetermined personal information purchase application information including the login ID of the service company and the 'purchase application table created in step 925' is created, and the personal information purchase application information encrypts the public key. It is encrypted with a key.

In step 935, the service server 200 calculates a hash value of the 'personal information purchase application information encrypted in step 930' and the service server 200 as sender identification information and the 'personal information purchase application information encrypted in step 930'. )'s communication ID and 'access address matching the page accessed in step 905' as recipient identification information are created, a hash value of the transaction data is calculated, and the hash value is stored in a 'predetermined number'. A digital signature is calculated by encrypting the service company's secret key, extracted by the method, with an encryption key, and a predetermined block containing the digital signature and the transaction data is created.

In step 940, the connection addresses of the nodes 600 are searched in the node DB (not shown), and the 'block created in step 935' is included in the transaction data as recipient identification information in step 935, the personal information management server ( It is transmitted to the ‘access address of 800’ and the access addresses of the nodes 600.

When the nodes 600 receive the 'block transmitted in step 940' in step 945, the block is stored in the distributed ledger 620.

According to an additional aspect of the present invention, step 945 includes calculating a hash value of 'transaction data extracted from the received block' at each node 600; Decrypting the calculated hash value and the 'digital signature extracted from the received block' with 'the public key of the service company matching the service server 200'; Determining whether the decrypted digital signature matches the hash value; If it is determined to match, calculate a predetermined nonce, search for the previous block ID on the blockchain network, calculate the root hash value of one or more transaction data including transaction data read from the block, and calculate the root hash value. and generate a predetermined block header including the previous block ID, the nonce, and a predetermined timestamp, generate a completed block including the block header and the transaction data, and store it in the distributed ledger 620, and other Arranging the completed block as a 'successor block of the block matched to the immediately preceding block ID' on the blockchain network by transmitting the completed block to nodes; Includes.

When the personal information management server 800 receives the 'block transmitted in step 940' in step 950, it receives the 'communication ID of the service server 200 as sender identification information' included in the 'transaction data read from the block'. read, search the customer information DB 810 for the service company's public key matched to the communication ID of the service server 200, calculate the hash value of the 'transaction data read from the block', and use the public key as ' It is determined whether the decrypted value of the 'digital signature' read from the block matches the hash value.

If the determination in step 950 is positive, step 955 is operated.

In step 955, the 'block received in step 950' is stored in the distributed ledger 820 from the personal information management server 800, and the encrypted personal information purchase application information read from the transaction data included in the block is stored in the distributed ledger 820. The 'secret key of the personal information management agency' extracted by this method is decrypted with the decryption key, and the 'service company login ID and purchase request table' are extracted from the decrypted personal information purchase application information.

According to an additional aspect of the present invention, step 955 includes receiving a completed block including the transaction data from nodes 600; Storing the received completed block in the distributed ledger 820; Includes.

In step 965, the price that matches each piece of information with an information provision attribute among the information matched to the 'search item identification information included in the purchase request table extracted in step 955' in the combination DB (860) is entered into the price DB (870). ), and among the above prices, prices that are within the 'price matched to the search item identification information matching the field identification information in the purchase request table' (hereinafter referred to as "desired purchase price") are extracted as salable prices. A predetermined selling price is calculated using each of the possible selling prices and the desired purchase price, and the data of the combined DB 860 matching the price extracted from each of the selling possible prices is mapped to the anonymous ID and the search, respectively. A reply information list is created to simultaneously match the item identification information.

According to an additional aspect of the present invention, step 965 is a sales availability field matched to 'field identification information matching search item identification information included in the purchase request table extracted in step 955' in the combination DB 860. A step of extracting records in which information provision attributes are stored; Extracting mapping anonymous IDs of each extracted record from the combined DB (860); Extracting prices that match both the mapping anonymous ID and each field identification information from the price DB (870); A step of extracting prices within the “desired purchase price” among the prices as available sales prices; Defining data in the combination DB (860) matching the prices extracted from each of the salable prices as salable data; Calculating the desired purchase price as a selling price; Creating a reply information list so that the extracted information is simultaneously matched to 'matched search item identification information' and 'matched anonymous mapping ID'; Includes.

According to an additional aspect of the present invention, the selling price is expressed in units of one of legal currency, points, and cryptocurrency.

If step 965 is operated in the case illustrated in step 925, the 'search item identification information included in the purchase request table extracted in step 955' is "mobile phone" and "payment amount for the last 3 months", as illustrated in FIG. 18 In the combined DB 860, the field identification information matching the search item identification information is also “mobile phone” and “payment amount for the past three months,” and the “information provision attribute” is included in the sales availability field matched to “mobile phone.” Records with '1' as a character are extracted, and records with '0002' stored in the mapping anonymous ID field are extracted, and records with '1' as an information provision attribute stored in the sales availability field that matches the "Payment amount for the last 3 months" are extracted. Records with “0001” stored in the mapping anonymous ID field and records with “0002” stored in the mapping anonymous ID field will be extracted. And from the price DB 870 illustrated in FIG. 19, "300" is extracted as a price that matches both '0002, which is the mapping anonymous ID' and 'mobile phone, which is the field identification information,' and the "0001" and the " “100” will be extracted as the price that matches both the “Payment Amount of the Last 3 Months” and “200” will be extracted as the price that matches both the “0002” and the “Payment Amount of the Past 3 Months.” In the above case, if the “desired purchase price” is as illustrated in FIG. 21, the “300” is extracted as the sellable price matched to “mobile phone”, and as the sellable price matched to “payment amount for the past 3 months” The “100” will be extracted. However, since the '300, the selling price matched to the mobile phone' is information matched to the 'mapping anonymous ID 0002' in the price DB 870, the 'search item identification' in the combination DB 860 illustrated in FIG. 18 “010-6382-7532,” information that matches both “mobile phone as information” and “0002 as mapping anonymous ID,” will be extracted as salable data. In addition, since the 'saleable price of 100 matched to the last three months' payment amount is information matched to 'mapping anonymous ID 0001' in the price DB 870, the 'search' in the combination DB 860 illustrated in FIG. 18 “4,232,345”, which is information that matches both “last 3 months payment amount” as item identification information and “0001 as mapping anonymous ID,” will be extracted as salable data, and a reply information list as illustrated in FIG. 22 will be created.

Meanwhile, according to another aspect of the present invention, in step 965, each of the extracted information is sent to 'selection of a service company as an information purchaser' or 'personal information management server 800' for each 'search item identification information matched to each of the information'. Calculating the statistic by applying a function matched to one or more statistic identification information selected according to a stored predetermined logic'; It includes, and the reply information list created in the above step may be created by matching the search item identification information with a 'statistical quantity matching the search item identification information.'

In the above case, if the above aspect is applied and “average” is selected as the statistical identification information only by matching “payment amount for the last 3 months” among the search item identification information, as illustrated in FIG. 23, the search item identification information “mobile For "Phone", the mapping anonymous ID will be matched and included, and for the search item identification information "Payment amount in the last 3 months", the reply information list will be created by including the 'average of the extracted information' without the mapping anonymous ID.

Meanwhile, according to another aspect of the present invention, the shared alias ID matching the 'login ID extracted from personal information purchase application information' may be matched to the data by replacing or adding the mapping anonymous ID to the reply information list. In this case, step 965 extracts the service company identification code matching the 'login ID of the service company extracted in step 955' from the customer information DB 810, and extracts the mapping anonymous ID from the customer information DB 810. and searching for a shared alias ID matching the service company identification code; Includes.

In step 970, the public key of the service company and the communication ID of the service company matching the 'login ID of the service company extracted in step 955' are searched in the customer information DB 810, and the personal information management agency identification information and recipient identification as sender identification information are searched. Predetermined personal information provision information including the communication ID as information and the 'reply information list created in step 965' is created, and the personal information provision information is encrypted using the public key as an encryption key.

In step 975, the personal information management server 800 collects 'personal information provision information encrypted in step 970', personal information management agency identification information as sender identification information, and 'communication ID of the service company retrieved in step 970 as recipient identification information.' Predetermined transaction data including the transaction data is created, a hash value of the transaction data is calculated, and a digital signature is calculated by encrypting the hash value with an encryption key using the 'secret key of the personal information management agency extracted by a predetermined method'. And, a predetermined block containing the digital signature and the transaction data is created.

In step 980, the connection addresses of the nodes 600 are searched in the node DB 880, and the 'block created in step 975' is combined with the 'communication ID of the service company included in the transaction data as recipient identification information in step 975' and the above. It is transmitted to the connection addresses of nodes 600.

According to an additional aspect of the present invention, step 980 includes step 980a in which account identification information matching the 'mapping anonymous ID extracted in step 965' is searched in the customer information DB 810; Predetermined payment application information including the retrieved account identification information as deposit account identification information and the 'sales price calculated in step 965' as the billing amount is 'communication ID of the service server 200 as sender identification information read in step 950. Step 980b transmitted to '; When the service server 200 receives the 'payment application information transmitted in step 980b', the service company's account identification information is searched from the service company information DB 210, and the 'retrieved account identification information' as withdrawal account identification information and Step 980c in which predetermined transaction data is created including 'account identification information read from the payment application information' as deposit account identification information and 'claim amount read from the payment application information' as the remittance amount; Step 980d of calculating a hash value of the transaction data and encrypting the hash value with 'the service company's secret key retrieved by a predetermined method' to generate a predetermined digital signature; Step 980e in which a predetermined block including the digital signature and the transaction data is generated; Step 980f in which the block is transmitted from the service server 200 to the personal information management server 800 and nodes 600; When the personal information management server 800 receives the block, it extracts 'service company account identification information as withdrawal account identification information' from 'transaction data read from the block' in response to the block, and hashes of the transaction data. Calculate the value, search the customer information DB 810 for the public key matching the withdrawal account identification information, decrypt the 'digital signature read from the block' with the public key, and decrypt the decrypted digital signature 'read from the block. Step 980g of determining whether it matches the hash value'; And if the judgment is positive, 'connection addresses of nodes 600' are searched in node DB 880, and 'block created in step 975' is included in transaction data as recipient identification information in step 975. Step 980h, where the 'communication ID' and the connection addresses of the nodes 600 are transmitted; Includes.

Meanwhile, according to another aspect of the present invention in which the personal information purchasing subject pays the personal information purchase price to the personal information management agency and the personal information management agency selects the payment method to the personal information seller, in step 980b, the payment application information The deposit account identification information included in replaces the account identification information retrieved in step 980a and includes 'account number of a given personal information management institution.'

When the nodes 600 receive the 'block transmitted in step 980' in step 985, the block is stored in the distributed ledger 620.

Steps illustrated as additional aspects in step 945 of FIG. 9 may also be included in step 985.

When the service server 200 receives the 'block transmitted in step 980' in step 990, it reads the 'personal information management agency identification information as sender identification information' included in the 'transaction data read from the block', and services Search for a public key matching the 'personal information management agency identification information as sender identification information' in the private information DB 210, decrypt the 'digital signature read from the block' with the public key, and decrypt the decrypted value. Determine whether it matches the hash value of the ‘transaction data read from the block above’.

If the determination in step 990 is positive, step 995 is operated.

In step 995, the block is stored in a distributed ledger (not shown) in the service server 200, 'encrypted personal information provision information' is extracted from the 'transaction data read in step 990', and the 'encrypted personal information The 'provided information' is decrypted with the 'secret key of the service company, searched by a predetermined method', a reply information list is extracted from the decrypted personal information provided, and the 'mapping anonymous ID and search item' matched with each other in the reply information list. Identification information and data' are read, and a predetermined analysis operation is performed using the read information.

If the shared alias ID is included in the reply information list by matching the data by replacing or adding the mapping anonymous ID in step 965, the shared alias ID matches the 'search item identification information and data' in step 995. In this regard, step 965 performs a predetermined analysis operation by combining the received data with the information matched to the shared alias ID in one or more of the member DB 220 and the pseudonym transaction DB 230. It can be included.

100: Personal information server
110: Personal information DB
120: Anonymized DB
130: Real name transaction DB
140: Shared variable calculation unit
160: View reason DB
170: Service company DB
180: Node DB
190: Block generation unit
200: Service server
210: Service company information DB
220: Member DB
230: Fake name transaction DB
240: Shared variable calculation unit
250: Communication key generation unit
260: View reason DB
300: Customer terminal
310: Anonymization app
311: Personal information DB
312: Anonymized DB
313: Password generation unit
314: Shared variable calculation unit
318: Node DB
319: Block generation unit
400: Seller terminal
420: Anonymized DB
440: Payment DB
500: Payment server
600: nodes
620: Distributed ledger
700: Idle server
720: Content certification DB
800: Personal information management server
810: Customer information DB
820: Distributed ledger
850: Personal information holding institution DB
860: Combined DB
870: Price DB
880: Node dB

Claims (30)

'DB that stores one or more personal information by matching personal information ID' and 'Anonymized DB that can store each independent shared alias ID that matches two or more service company identification information by matching personal information ID' In a personal information server characterized by being configured,
Step (A) of receiving one personal information ID transmitted from the customer terminal in a way that can be matched to one service company identification code and one shared alias ID;
Step (B) of matching the personal information ID and the shared alias ID to the service company identification code in an anonymization DB;
Step (C) of receiving a shared alias ID in a way that can be matched to one service company identification code after step (B); and
Step (D) of searching the anonymized DB for a personal information ID matching the 'shared alias ID received in step (C)'; Including,
The shared alias ID is not disposable and is information for each service company to continuously identify customers, and as of the time of operation of step (B), it is duplicated with other shared alias IDs already stored by matching the service company identification code in the anonymization DB. However, it may overlap with one or more of the other shared alias IDs already stored by matching a service company identification code other than the service company identification code; How to protect and utilize personal information using a shared alias ID characterized by
By matching with the ‘anonymous ID given by the personal information management agency to each personal information subject to identify each subject of the personal information it stores’ (hereinafter referred to as “mapping anonymous ID”), ‘from two or more personal information servers’ A combined DB, characterized in that each received personal information is combined and stored, and a 'price DB, characterized in that the price is stored for the personal information stored by matching the mapping anonymous ID and the field identification information of the combined DB.' In the personal information management server characterized by configuring,
Step (A) of receiving a login ID from a customer terminal;
A step (B) of extracting one or more field identification information of fields in which information on a record matched to the 'mapping anonymous ID matched to the login ID' is stored in the combined DB;
Step (C) of searching the price DB for a price that matches both the 'mapping anonymous ID matched to the login ID' and the 'extracted field identification information'; and
Creating a sellable information table by matching the 'price searched in step (C)' with 'field identification information matched with the price in the price DB'; Personal information protection and utilization method using a shared alias ID comprising:
‘Combined DB characterized by storing one or more information by matching with mapping anonymous ID’ and ‘Price DB characterized by storing prices for personal information stored by matching mapping anonymous ID with field identification information of combined DB. In the personal information management server characterized by configuring,
Extracting ‘login ID and sales application table’ from personal information sales application information included in one transaction data;
In the combined DB, 'information can be provided' in the sales availability field that matches both 'mapping anonymous ID matching the above login ID' and 'field identification information matching search item identification information included in the above sales request table'. A step of storing ‘information indicating an attribute’ (hereinafter referred to as “information providing attribute”); and
In the price DB, the price matching both 'one or more of the login ID and mapping anonymous ID' and 'field identification information matching the search item identification information included in the sales application table' is entered into the 'search item in the sales application table.' Updating to a ‘price matched to identification information’; Personal information protection and utilization method using a shared alias ID comprising:
In the personal information management server, which is characterized by forming a combined DB in which 'personal information received from two or more personal information servers' is combined and stored by matching the mapping anonymous ID,
Step (A) of extracting the service company's login ID and one or more search item identification information from one personal information purchase application information;
From the combined DB, extract each piece of information matched with 'information providing attribute, which is information meaning an attribute that can provide information', from among the information matched with 'search item identification information extracted in step (A)' and Step (B) of extracting the mapping anonymous ID matched with each extracted information;
Step (C) of creating a reply information list by matching 'information extracted in step (B)' with 'search item identification information matched to the above information' and 'mapping anonymous ID matched to the above information'; Personal information protection and utilization method using a shared alias ID comprising:

delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete