WO2009110277A1 - Personal information distribution management system, and personal information using device and method - Google Patents

Personal information distribution management system, and personal information using device and method Download PDF

Info

Publication number
WO2009110277A1
WO2009110277A1 PCT/JP2009/051846 JP2009051846W WO2009110277A1 WO 2009110277 A1 WO2009110277 A1 WO 2009110277A1 JP 2009051846 W JP2009051846 W JP 2009051846W WO 2009110277 A1 WO2009110277 A1 WO 2009110277A1
Authority
WO
WIPO (PCT)
Prior art keywords
personal information
utilization device
policy
necessary
disclosed
Prior art date
Application number
PCT/JP2009/051846
Other languages
French (fr)
Japanese (ja)
Inventor
拓 久保山
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to JP2010501827A priority Critical patent/JP5429158B2/en
Publication of WO2009110277A1 publication Critical patent/WO2009110277A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Definitions

  • the present invention relates to a personal information distribution management system, and more particularly to a personal information distribution management system capable of distributing personal information between personal information utilization devices in accordance with a personal information management policy.
  • a personal information utilization device acquires personal information stored in a personal information providing device according to a management policy, and provides various services using the acquired personal information.
  • a personal information distribution management system An example of such a personal information distribution management system is described in Patent Document 1.
  • the personal information distribution management system described in Patent Literature 1 is roughly composed of a personal information owner terminal, a personal information utilization device, and a personal information providing device, and these devices are connected via a network. .
  • the personal information holder terminal registers in advance personal information and a disclosure policy that defines conditions for permitting the disclosure in the personal information providing apparatus.
  • the personal information utilization device wants to use personal information
  • the personal information utilization device transmits a usage policy that defines necessary personal information and the purpose of use to the personal information providing device.
  • the personal information providing apparatus determines whether or not personal information can be disclosed based on the disclosure policy and the usage policy. If disclosure is possible, the personal information providing device provides personal information to the personal information using device. On the other hand, if disclosure is not possible, the personal information providing apparatus transmits a usage policy to the personal information holder terminal, and asks the personal information holder to determine whether or not personal information can be disclosed.
  • the personal information utilization device can acquire necessary personal information from the personal information providing device within a range that the personal information holder permits disclosure.
  • each service provider acquires personal information that can be used in common by the individual services forming the linked service from the personal information provision device (that is, access to the personal information provision device is concentrated).
  • This personal information distribution management system includes a personal information providing device, a first personal information using device that directly accesses the personal information providing device to obtain personal information, and a first personal information using device that accesses the personal information. Consists of a second personal information utilization device to be acquired, thereby avoiding concentration of access to the personal information providing device.
  • the second personal information utilization device can only acquire personal information within the range held by the first personal information utilization device, and the shortage of individuals. There is a problem that it is impossible to determine whether or not information can be acquired from the personal information providing apparatus (that is, any insufficient personal information cannot be acquired).
  • an object of the present invention is to provide a personal information distribution management system capable of avoiding concentration of access to personal information providing devices as much as possible and capable of acquiring necessary personal information by all personal information using devices.
  • a personal information distribution management system includes a personal information providing apparatus, a first personal information utilization apparatus, and a second that uses personal information in response to a request from the first personal information utilization apparatus.
  • Personal information utilization device has a first means for providing personal information in accordance with a disclosure policy determined by the owner, and the first personal information using device receives personal information from the personal information providing device.
  • a personal information utilization device comprising: a first means for obtaining personal information and a disclosure policy of personal information determined by the owner from the personal information providing device; and another personal information utilization device. Requesting the use of the acquired personal information, and as a response to the second means for receiving the use policy of the personal information in the other personal information use device, collating the disclosed policy with the use policy, A third means for determining whether or not the personal information required by the personal information utilization device can be disclosed; and if the personal information required by the other personal information utilization device can be disclosed, A fourth means for determining whether or not personal information required by the other personal information utilization device can be provided from within, and when the personal information required by the other personal information utilization device cannot be provided, Personal information against Apparatus for, and a fifth means for performing notification to prompt the acquisition of personal information from the personal information provider.
  • the personal information utilization device provides a personal information utilization policy in its own device to the other personal information utilization device as a response to a personal information utilization request from another personal information utilization device.
  • Second means for obtaining necessary personal information from the personal information providing apparatus Second means for obtaining necessary personal information from the personal information providing apparatus.
  • the first personal information utilization device that directly accesses the personal information utilization device determines in advance whether the personal information required by the second personal information utilization device that accesses the personal information device can be disclosed and provided. Only when the personal information can be disclosed and cannot be provided, the access to the personal information providing apparatus by the second personal information using apparatus can be permitted.
  • the processing load of the personal information providing apparatus can be reduced by causing the first personal information utilizing apparatus to execute the disclosure policy and the usage policy matching process.
  • Embodiment 1 of the personal information distribution management system It is the block diagram which showed the example of a structure of Embodiment 1 of the personal information distribution management system concerning this invention. It is the sequence diagram which showed the operation example of Embodiment 1 of the personal information distribution management system concerning this invention. It is the block diagram which showed the structural example of Embodiment 2 of the personal information distribution management system which concerns on this invention. It is the sequence diagram which showed the operation example of Embodiment 2 of the personal information distribution management system concerning this invention. It is the block diagram which showed the example of application to the one-stop service of the personal information distribution management system concerning this invention. It is the figure which showed the example of a setting of the utilization policy used in the example of application to the one-stop service of the personal information distribution management system concerning this invention.
  • Embodiments 1 and 2 of the personal information distribution management system according to the present invention will be described below with reference to FIGS. 1 to 5 and FIGS. 6A to 6C.
  • the same components are denoted by the same reference numerals, and redundant description is omitted as necessary for the sake of clarity.
  • a personal information distribution management system 1 includes a personal information providing device 10, a personal information utilization device 20 that directly acquires and uses personal information from the device 10, and It comprises a personal information utilization device 30 that uses personal information upon request. Note that these devices 10 to 30 are connected via a communication network such as the Internet.
  • the personal information providing device 10 includes a personal information storage unit 11 that stores personal information INF, a disclosure policy storage unit 12 that stores a disclosure policy DP determined by a personal information holder, and a personal information utilization device 20 or 30.
  • a personal information providing unit 13 that receives the personal information request message MSG1 including the usage policy UP20 or UP30 and provides the personal information INF and the disclosure policy DP to the personal information using device 20 or 30 when the personal information can be disclosed; Analyzing (collating) the usage policy UP20 or UP30 received by the personal information providing unit 13 and the disclosure policy DP read from the disclosure policy storage unit 12, and disclosing the personal information INF to the personal information utilization device 20 or 30
  • a disclosure policy analysis unit 14 for determining whether or not it is possible.
  • the disclosure policy DP includes disclosure permission conditions for the personal information INF.
  • the usage policies UP20 and UP30 include personal information necessary for each of the personal information utilization devices 20 and 30, the purpose of use thereof, and the like.
  • the personal information utilization device 20 includes a usage policy storage unit 21 that stores the usage policy UP20, a personal information acquisition unit 22 that generates a personal information request message MSG1 including the usage policy UP20 and transmits it to the personal information providing device 10.
  • the personal information use unit 23 that uses the personal information INF acquired by the personal information acquisition unit 22 and the personal information use request message MSG2 are sent to the personal information use device 30, and the use policy UP30 is sent as a response.
  • the disclosure policy analysis unit 25 that determines whether or not the INF can be disclosed, and analyzes (collates) the usage policy UP20 and the usage policy UP30 to determine whether or not the personal information INF can be provided to the personal information usage device 30.
  • Use policy analysis unit 26 There.
  • the use request unit 24 determines that the personal information INF can be disclosed by the disclosure policy analysis unit 25 and the personal information INF can be provided by the use policy analysis unit 26.
  • the personal information INF is provided to the information utilization apparatus 30.
  • the use request unit 24 obtains the personal information from the personal information providing device 10 to the personal information using device 30.
  • a message urging message (hereinafter referred to as a personal information acquisition promotion message) MSG4 is transmitted.
  • the personal information utilization device 30 includes a utilization policy storage unit 31 that stores the utilization policy UP30, a utilization request reception unit 32 that transmits the utilization policy UP30 to the personal information utilization device 20 when receiving the utilization request message MSG2, A personal information request including the usage policy UP30 only when the personal information utilization unit 33 that uses the personal information INF acquired by the usage request reception unit 32 and the usage request reception unit 32 receives the personal information acquisition promotion message MSG4. And a personal information acquisition unit 34 that generates a message MSG1 and transmits it to the personal information providing apparatus 10.
  • the personal information acquisition unit 22 in the personal information utilization device 20 generates a personal information request message MSG1 including the usage policy UP20 and transmits it to the personal information provision device 10 (step) S1).
  • the personal information providing unit 13 in the personal information providing apparatus 10 extracts the usage policy UP20 from the message MSG1 and gives it to the disclosure policy analyzing unit 14.
  • the disclosure policy analysis unit 14 compares the disclosure policy DP read from the disclosure policy storage unit 12 with the usage policy UP20 to determine whether the personal information INF1 required by the personal information utilization device 20 can be disclosed (step S2). As a result, when it is determined that the personal information INF1 can be disclosed, the personal information providing unit 13 transmits the personal information INF1 and the disclosure policy DP to the personal information utilization device 20 (step S3).
  • the personal information acquisition unit 22 in the personal information utilization device 20 gives the received personal information INF1 to the personal information utilization unit 23 for use, and also gives the personal information INF1 and the disclosure policy DP to the usage request unit 24 to use the request message Generate MSG2.
  • the usage request unit 24 transmits the generated usage request message MSG2 to the personal information utilization device 30 (step S4).
  • the use request receiving unit 32 in the personal information using device 30 Upon receipt of the request, the use request receiving unit 32 in the personal information using device 30 transmits the use policy UP30 to the personal information using device 20 (step S5).
  • the disclosure policy analysis unit 25 in the personal information utilization device 20 collates the disclosure policy DP received from the personal information provision device 10 with the utilization policy UP30 received from the personal information utilization device 30, and the personal information utilization device 30 is required. It is determined whether or not the personal information INF2 can be disclosed (step S6).
  • the usage request unit 24 when it is determined that the personal information INF2 cannot be disclosed (step S7), the usage request unit 24 generates the error message MSG3 and transmits it to the personal information utilization device 30, and then ends the processing (step S7). S8).
  • the usage policy analysis unit 26 uses the usage policy UP20 in the own device read from the usage policy storage unit 21, and the usage policy UP30 received from the personal information usage device 30. To determine whether or not personal information INF2 can be provided to the personal information utilization device 30 (that is, whether or not the personal information utilization device 20 has the personal information INF2) (step S9). Whether or not the personal information INF2 can be provided may be determined by searching whether or not the personal information INF2 is included in the personal information INF1 acquired from the personal information providing apparatus 10.
  • step S10 when it is determined that the personal information INF2 can be provided (step S10), the use request unit 24 transmits the personal information INF2 to the personal information utilization device 30 and ends the process (step S11).
  • the usage request unit 24 generates a personal information acquisition promotion message MSG4 and transmits it to the personal information utilization device 30 (step S12).
  • the personal information acquisition unit 34 in the personal information utilization device 30 that has detected the reception of this message MSG4 generates a personal information request message MSG1 including the usage policy UP30 and transmits it to the personal information provision device 10 (step S13).
  • the personal information providing unit 13 in the personal information providing device 10 determines that the personal information INF2 can be disclosed by the disclosure policy analyzing unit 14 (step S14), the personal information providing device 30 stores the personal information INF2 and the disclosure policy DP. Is transmitted (step S15).
  • the personal information utilization device 20 allows the personal information utilization device 30 to access the personal information provision device 10 only when the personal information INF2 required by the personal information utilization device 30 can be disclosed and cannot be provided. Can do.
  • the personal information utilization device 30 determines that a part of the personal information INF2 can be provided in step S9, the personal information utilization device 30 sends the partial personal information together with the personal information acquisition promotion message MSG4. You may send to. In this case, the personal information utilization device 30 can acquire only the personal information that is insufficient in the personal information INF2 from the personal information provision device 10, and therefore between the personal information provision device 10 and the personal information utilization device 30. The amount of information transmission can be reduced.
  • the personal information utilization device 30a includes a disclosure permit generation unit 35 in addition to the configuration of the personal information utilization device 30 shown in FIG. This is different from the first embodiment.
  • the disclosure permit generating unit 35 discloses a disclosure permission that proves that the personal information required by the personal information utilization device 30a is disclosed by the disclosure policy analysis unit 25 in the personal information utilization device 20 It generates a proof LS.
  • the personal information acquisition unit 34 includes the disclosure permit LS in addition to the usage policy UP30 in the personal information request message MSG1.
  • the disclosure permit generation unit 35 in the personal information utilization device 30a When receiving the personal information acquisition promotion message MSG4 sent from the personal information utilization device 20 in step S12, the disclosure permit generation unit 35 in the personal information utilization device 30a generates a disclosure permit LS to generate the personal information acquisition unit (Step S16).
  • the personal information acquisition unit 34 generates a personal information request message MSG1 including the usage policy UP30 and the disclosure permit LS and transmits it to the personal information providing apparatus 10 (step S17).
  • the personal information providing unit 13 in the personal information providing apparatus 10 acquires the personal information INF2 from the personal information storage unit 11 without referring to the disclosure policy DP because the personal information request message MSG1 includes the disclosure permit LS. Then, it is transmitted to the personal information utilization device 30a (step S18).
  • the personal information utilization device 30a presents the disclosure permit LS to the personal information providing device 10, so that the personal information providing device 10 does not need to determine whether or not the personal information INF2 can be disclosed.
  • the processing load on the information providing apparatus 10 can be reduced.
  • the travel reservation system 2 shown in FIG. 5 is an application of the personal information distribution management system 1a to a service for making a one-stop reservation for accommodation and transportation when making a travel reservation.
  • the portal site 100 that owns the personal information providing device 10 shown in FIG. 3, the hotel 200 that owns the personal information utilization device 20, and the airline 300 that owns the personal information utilization device 30a are connected to a communication network NW such as the Internet. Are interconnected through.
  • NW such as the Internet.
  • the portal site 100 stores the personal information of the service user of the travel reservation system 2 and its disclosure policy.
  • the hotel 200 that has received a reservation from a service user calls the reservation service of the airline 300 to make a seat reservation for the plane.
  • the hotel 200 In operation, first, the hotel 200 generates a personal information request form in which the usage policy UP1 relating to the accommodation reservation shown in FIG. 6A is described, and requests the personal information of the service user from the portal site 100.
  • the usage policy UP1 as shown in the drawing, “accommodation reservation” as the usage purpose PP of personal information, “name”, “age”, “gender”, “address”, and “phone” as necessary personal information INF1 "Number” is set.
  • the portal site 100 compares the disclosure policy DP of the service user shown in FIG. 6B with the usage policy UP1 received from the hotel 200 to determine whether or not the personal information INF1 can be disclosed.
  • the disclosure policy DP as shown in the figure, “use regarding accommodation reservation” as disclosure permission condition CND, “name”, “age”, “gender”, “address”, “phone number”, as personal information INF, And “E-mail address” are set. Therefore, the portal site 100 determines that the personal information INF1 can be disclosed, generates a response including the personal information INF1 and the disclosure policy DP, and transmits the response to the hotel 200.
  • Hotel 200 makes an accommodation reservation using the acquired personal information INF1. Thereafter, the hotel 200 generates an airplane reservation request and transmits it to the airline 300. Receiving this, the airline 300 generates a response form in which the usage policy UP2 relating to the airplane reservation shown in FIG. 6C is described, and transmits it to the hotel 200.
  • the usage policy UP2 as shown in the figure, “Plane reservation” as the usage purpose PP of personal information, “Name”, “Age”, “Gender”, “Phone number”, and “Personal information INF2 as necessary” “E-mail address” is set.
  • the hotel 200 collates the disclosure policy DP with the usage policy UP2 received from the airline 300, and determines whether or not the personal information INF2 can be disclosed.
  • the disclosure policy DP as shown in FIG. 6B, “use regarding airplane reservation” is set as the disclosure permission condition CND, and “name”, “age”, “gender”, “phone number” are set in the personal information INF. And “E-mail address” are all included. For this reason, the hotel 200 determines that the personal information INF2 can be disclosed.
  • the hotel 200 does not have the “e-mail address” in the personal information INF2, it is determined that the personal information INF2 cannot be provided.
  • a disclosure permit LS shown in FIG. 6C is generated and transmitted to the airline 300.
  • the disclosure permit LS describes that the disclosure policy DP and the usage policy UP2 have been verified.
  • the airline 300 generates a personal information request MSG1 including a usage policy UP2 and a disclosure permit LS as shown in FIG. 6C and transmits it to the portal site 100.
  • the portal site 100 transmits the personal information INF2 to the airline 300 without collating the disclosure policy DP and the usage policy UP2 because the disclosure permit LS is included in the personal information request MSG1.
  • the airline 300 makes a flight reservation using the acquired personal information INF2.
  • the present invention is applied to a personal information distribution management system, and in particular to a personal information distribution management system capable of distributing personal information between personal information utilization devices in accordance with a personal information management policy.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Human Resources & Organizations (AREA)
  • Operations Research (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Data Mining & Analysis (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

This object aims to provide a personal information distribution management system capable of avoiding the concentration of access to a personal information providing device as much as possible and acquiring personal information required by all personal information using devices. A personal information using device (20) acquires personal information (INF1) and the disclosure policy (DP) from a personal information providing device (10). The using device (20) requests another personal information using device (30) to use the personal information (INF1) and receives a use policy (UP30) of the using device (30) as the response. The using device (20) collates the disclosure policy (DP) with the use policy (UP30) to determine whether or not personal information (INF2) required by the using device (30) can be disclosed. If the personal information (INF2) can be disclosed, the using device (20) determines whether or not the personal information (INF2) can be provided from the personal information (INF1). If not, the using device (20) performs a notification to the using device (30) to encourage the using device (30) to acquire the personal information (INF2) from the providing device (10).

Description

個人情報流通管理システム、並びに個人情報利用装置及び方法Personal information distribution management system, personal information utilization apparatus and method
 本発明は、個人情報流通管理システムに関し、特に個人情報の管理ポリシに従って、個人情報利用装置同士間で個人情報の配布を行うことができる個人情報流通管理システムに関する。 The present invention relates to a personal information distribution management system, and more particularly to a personal information distribution management system capable of distributing personal information between personal information utilization devices in accordance with a personal information management policy.
 一般に、個人情報流通管理システムにおいては、個人情報利用装置が、個人情報提供装置に保管されている個人情報を管理ポリシに従って取得すると共に、取得した個人情報を利用して種々のサービスを提供する。このような個人情報流通管理システムの一例が、特許文献1に記載されている。 Generally, in a personal information distribution management system, a personal information utilization device acquires personal information stored in a personal information providing device according to a management policy, and provides various services using the acquired personal information. An example of such a personal information distribution management system is described in Patent Document 1.
 特許文献1に記載される個人情報流通管理システムは、大略、個人情報保有者端末と、個人情報利用装置と、個人情報提供装置とで構成され、これらの装置がネットワークを介して接続されている。 The personal information distribution management system described in Patent Literature 1 is roughly composed of a personal information owner terminal, a personal information utilization device, and a personal information providing device, and these devices are connected via a network. .
 動作においては、個人情報保有者端末が、個人情報とその開示を許可する条件等を定めた開示ポリシとを個人情報提供装置に予め登録しておく。個人情報利用装置は、個人情報を利用したい場合、必要な個人情報やその利用目的等を定めた利用ポリシを個人情報提供装置に送信する。個人情報提供装置は、開示ポリシと利用ポリシとに基づき個人情報が開示可能か否か判定する。開示可能な場合、個人情報提供装置は、個人情報利用装置に個人情報を提供する。一方、開示不可の場合、個人情報提供装置は、利用ポリシを個人情報保有者端末に送信し、以て個人情報保有者に個人情報の開示可否の判断を仰ぐ。 In operation, the personal information holder terminal registers in advance personal information and a disclosure policy that defines conditions for permitting the disclosure in the personal information providing apparatus. When the personal information utilization device wants to use personal information, the personal information utilization device transmits a usage policy that defines necessary personal information and the purpose of use to the personal information providing device. The personal information providing apparatus determines whether or not personal information can be disclosed based on the disclosure policy and the usage policy. If disclosure is possible, the personal information providing device provides personal information to the personal information using device. On the other hand, if disclosure is not possible, the personal information providing apparatus transmits a usage policy to the personal information holder terminal, and asks the personal information holder to determine whether or not personal information can be disclosed.
 このように、個人情報利用装置は、個人情報提供装置から個人情報保有者が開示を許可する範囲内で必要な個人情報を取得することが可能である。 As described above, the personal information utilization device can acquire necessary personal information from the personal information providing device within a range that the personal information holder permits disclosure.
 しかしながら、特許文献1に記載される個人情報流通管理システムを、一度の手続きで複数のサービスを利用できる連携サービス(一般に、ワンストップサービスと呼称される)に適用した場合、各サービス事業者(各個人情報利用装置)が、連携サービスを形成する個々のサービスで共通に利用可能な個人情報を、個人情報提供装置から重複して取得してしまう(すなわち、個人情報提供装置に対するアクセスが集中してしまう)という問題があった。 However, when the personal information distribution management system described in Patent Document 1 is applied to a cooperative service (generally referred to as a one-stop service) that can use a plurality of services in one procedure, each service provider (each individual The information utilization device) acquires personal information that can be used in common by the individual services forming the linked service from the personal information provision device (that is, access to the personal information provision device is concentrated). ).
 上記の問題に対処する個人情報流通管理システムの一例が、特許文献2に記載されている。この個人情報流通管理システムは、個人情報提供装置と、個人情報提供装置に直接アクセスして個人情報を取得する第1の個人情報利用装置と、第1の個人情報利用装置にアクセスして個人情報を取得する第2の個人情報利用装置とで構成され、以て個人情報提供装置に対するアクセスの集中を回避している。
特開2004-192353号公報 特開2006-344156号公報 An example of a personal information distribution management system that addresses the above problem is described in Patent Document 2. This personal information distribution management system includes a personal information providing device, a first personal information using device that directly accesses the personal information providing device to obtain personal information, and a first personal information using device that accesses the personal information. Consists of a second personal information utilization device to be acquired, thereby avoiding concentration of access to the personal information providing device.
JP 2004-192353 A JP 2006-344156 A
 しかしながら、特許文献2に記載される個人情報流通管理システムでは、第2の個人情報利用装置が、第1の個人情報利用装置が保持する範囲内の個人情報しか取得できず、また、不足する個人情報を個人情報提供装置から取得可能であるか否かも判断できない(すなわち、不足する個人情報を何ら取得できない)という課題があった。 However, in the personal information distribution management system described in Patent Document 2, the second personal information utilization device can only acquire personal information within the range held by the first personal information utilization device, and the shortage of individuals. There is a problem that it is impossible to determine whether or not information can be acquired from the personal information providing apparatus (that is, any insufficient personal information cannot be acquired).
 従って、本発明は、個人情報提供装置に対するアクセスの集中を出来るだけ回避し、且つ全ての個人情報利用装置が必要な個人情報を取得することが可能な個人情報流通管理システムを提供することを目的とする。 SUMMARY OF THE INVENTION Accordingly, an object of the present invention is to provide a personal information distribution management system capable of avoiding concentration of access to personal information providing devices as much as possible and capable of acquiring necessary personal information by all personal information using devices. And
 本発明の一態様に係る個人情報流通管理システムは、個人情報提供装置と、第1の個人情報利用装置と、前記第1の個人情報利用装置からの要求に応じて個人情報を利用する第2の個人情報利用装置とを備える。さらに、前記個人情報提供装置が、個人情報を、その保有者が定めた開示ポリシに従って提供する第1手段を有し、前記第1の個人情報利用装置が、前記個人情報提供装置から、個人情報と前記開示ポリシとを取得する第2手段と、前記第2の個人情報利用装置に前記取得した個人情報の利用を要求し、その応答として前記第2の個人情報利用装置における個人情報の利用ポリシを受信する第3手段と、前記開示ポリシと前記利用ポリシとを照合し、前記第2の個人情報利用装置が必要とする個人情報を開示可能か否か判定する第4手段と、前記第2の個人情報利用装置が必要とする個人情報が開示可能である場合、前記取得した個人情報の内から前記第2の個人情報利用装置が必要とする個人情報を提供可能か否か判定する第5手段と、前記第2の個人情報利用装置が必要とする個人情報が提供不可である場合、前記第2の個人情報利用装置に対して、前記個人情報提供装置からの個人情報の取得を促す通知を行う第6手段とを有し、前記第2の個人情報利用装置が、前記要求への応答として、前記第1の個人情報利用装置に前記利用ポリシを送信する第7手段と、前記通知を受けた場合、前記必要な個人情報を前記個人情報提供装置から取得する第8手段とを有することを特徴とする。 A personal information distribution management system according to an aspect of the present invention includes a personal information providing apparatus, a first personal information utilization apparatus, and a second that uses personal information in response to a request from the first personal information utilization apparatus. Personal information utilization device. Further, the personal information providing device has a first means for providing personal information in accordance with a disclosure policy determined by the owner, and the first personal information using device receives personal information from the personal information providing device. And a second means for acquiring the disclosure policy, and requesting the second personal information utilization device to use the acquired personal information, and as a response, the personal information utilization policy in the second personal information utilization device. A third means for receiving information, a fourth means for checking whether the disclosure policy and the usage policy are collated, and determining whether the personal information required by the second personal information utilization device can be disclosed, and the second When it is possible to disclose the personal information required by the personal information utilization apparatus, it is determined whether the personal information necessary for the second personal information utilization apparatus can be provided from the acquired personal information. Means and before When the personal information required by the second personal information utilization device cannot be provided, the sixth personal information utilization device is notified to urge the acquisition of personal information from the personal information provision device. And when the second personal information utilization device receives the notification, as a response to the request, the seventh means for transmitting the utilization policy to the first personal information utilization device, And an eighth means for acquiring the necessary personal information from the personal information providing apparatus.
 また、本発明の一態様に係る個人情報利用装置は、個人情報提供装置から、個人情報とその保有者が定めた個人情報の開示ポリシとを取得する第1手段と、他の個人情報利用装置に前記取得した個人情報の利用を要求し、その応答として前記他の個人情報利用装置における個人情報の利用ポリシを受信する第2手段と、前記開示ポリシと前記利用ポリシとを照合し、前記他の個人情報利用装置が必要とする個人情報を開示可能か否か判定する第3手段と、前記他の個人情報利用装置が必要とする個人情報が開示可能である場合、前記取得した個人情報の内から前記他の個人情報利用装置が必要とする個人情報を提供可能か否か判定する第4手段と、前記他の個人情報利用装置が必要とする個人情報が提供不可である場合、前記他の個人情報利用装置に対して、前記個人情報提供装置からの個人情報の取得を促す通知を行う第5手段とを備える。 According to another aspect of the present invention, there is provided a personal information utilization device comprising: a first means for obtaining personal information and a disclosure policy of personal information determined by the owner from the personal information providing device; and another personal information utilization device. Requesting the use of the acquired personal information, and as a response to the second means for receiving the use policy of the personal information in the other personal information use device, collating the disclosed policy with the use policy, A third means for determining whether or not the personal information required by the personal information utilization device can be disclosed; and if the personal information required by the other personal information utilization device can be disclosed, A fourth means for determining whether or not personal information required by the other personal information utilization device can be provided from within, and when the personal information required by the other personal information utilization device cannot be provided, Personal information Against Apparatus for, and a fifth means for performing notification to prompt the acquisition of personal information from the personal information provider.
 また、本発明の一態様に係る個人情報利用装置は、他の個人情報利用装置からの個人情報の利用要求への応答として、前記他の個人情報利用装置に自装置における個人情報の利用ポリシを送信し、必要な個人情報の提供を要求する第1手段と、前記他の個人情報利用装置から、前記必要な個人情報は提供不可であるが開示可能である旨の通知を受けた場合、前記必要な個人情報を個人情報提供装置から取得する第2手段とを備える。 In addition, the personal information utilization device according to one aspect of the present invention provides a personal information utilization policy in its own device to the other personal information utilization device as a response to a personal information utilization request from another personal information utilization device. When the first means for transmitting and requesting provision of necessary personal information and the other personal information utilization device receive notification that the necessary personal information cannot be provided but can be disclosed, Second means for obtaining necessary personal information from the personal information providing apparatus.
 本発明によれば、個人情報利用装置に直接アクセスする第1の個人情報利用装置が、自装置にアクセスする第2の個人情報利用装置で必要となる個人情報の開示可否及び提供可否を事前に判断し、その個人情報が開示可能且つ提供不可である場合にのみ、第2の個人情報利用装置による個人情報提供装置へのアクセスを許可することが可能である。 According to the present invention, the first personal information utilization device that directly accesses the personal information utilization device determines in advance whether the personal information required by the second personal information utilization device that accesses the personal information device can be disclosed and provided. Only when the personal information can be disclosed and cannot be provided, the access to the personal information providing apparatus by the second personal information using apparatus can be permitted.
 従って、個人情報提供装置に対する不必要なアクセスを抑制し、且つ第2の個人情報利用装置に必要な個人情報を取得させることができる。また、開示ポリシと利用ポリシの照合処理を第1の個人情報利用装置に実行させることにより、個人情報提供装置の処理負荷を軽減できる。 Therefore, unnecessary access to the personal information providing apparatus can be suppressed, and the second personal information using apparatus can acquire necessary personal information. Further, the processing load of the personal information providing apparatus can be reduced by causing the first personal information utilizing apparatus to execute the disclosure policy and the usage policy matching process.
本発明に係る個人情報流通管理システムの実施の形態1の構成例を示したブロック図である。It is the block diagram which showed the example of a structure of Embodiment 1 of the personal information distribution management system concerning this invention. 本発明に係る個人情報流通管理システムの実施の形態1の動作例を示したシーケンス図である。It is the sequence diagram which showed the operation example of Embodiment 1 of the personal information distribution management system concerning this invention. 本発明に係る個人情報流通管理システムの実施の形態2の構成例を示したブロック図である。It is the block diagram which showed the structural example of Embodiment 2 of the personal information distribution management system which concerns on this invention. 本発明に係る個人情報流通管理システムの実施の形態2の動作例を示したシーケンス図である。It is the sequence diagram which showed the operation example of Embodiment 2 of the personal information distribution management system concerning this invention. 本発明に係る個人情報流通管理システムのワンストップサービスへの適用例を示したブロック図である。It is the block diagram which showed the example of application to the one-stop service of the personal information distribution management system concerning this invention. 本発明に係る個人情報流通管理システムのワンストップサービスへの適用例で用いる利用ポリシの設定例を示した図である。It is the figure which showed the example of a setting of the utilization policy used in the example of application to the one-stop service of the personal information distribution management system concerning this invention. 本発明に係る個人情報流通管理システムのワンストップサービスへの適用例で用いる開示ポリシの設定例を示した図である。It is the figure which showed the example of a setting of the disclosure policy used in the example of application to the one-stop service of the personal information distribution management system concerning this invention. 本発明に係る個人情報流通管理システムのワンストップサービスへの適用例で用いる開示許可証の設定例を示した図である。It is the figure which showed the example of a setting of the disclosure permit used in the example of application to the one-stop service of the personal information distribution management system concerning this invention.
符号の説明Explanation of symbols
 1, 1a 個人情報流通管理システム
 10 個人情報提供装置
 11 個人情報記憶部
 12 開示ポリシ記憶部
 13 個人情報提供部
 14 開示ポリシ解析部
 20, 30, 30a 個人情報利用装置
 21, 31 利用ポリシ記憶部
 22, 34 個人情報取得部
 23, 33 個人情報利用部
 24 利用要求部
 25 開示ポリシ解析部
 26 利用ポリシ解析部
 32 利用要求受付部
 35 開示許可証生成部
 DP 開示ポリシ
 UP20, UP30 利用ポリシ
 INF, INF1, INF2 個人情報
 MSG1 個人情報要求メッセージ
 MSG2 利用要求メッセージ
 MSG4 個人情報取得促進メッセージ
 LS 開示許可証 1, 1a Personal information distribution management system 10 Personal information provision device 11 Personal information storage unit 12 Disclosure policy storage unit 13 Personal information provision unit 14 Disclosure policy analysis unit 20, 30, 30a Personal information utilization device 21, 31 Usage policy storage unit 22 , 34 Personal information acquisition unit 23, 33 Personal information usage unit 24 Usage request unit 25 Disclosure policy analysis unit 26 Usage policy analysis unit 32 Usage request reception unit 35 Disclosure permit generation unit DP disclosure policy UP20, UP30 Usage policy INF, INF1, INF2 Personal information MSG1 Personal information request message MSG2 Usage request message MSG4 Personal information acquisition promotion message LS Disclosure permit
 以下、本発明に係る個人情報流通管理システムの実施の形態1及び2を、図1~図5及び図6A~図6Cを参照して説明する。なお、各図面において、同一要素には同一の符号が付されており、説明の明確化のため、必要に応じて重複説明は省略される。 Embodiments 1 and 2 of the personal information distribution management system according to the present invention will be described below with reference to FIGS. 1 to 5 and FIGS. 6A to 6C. In the drawings, the same components are denoted by the same reference numerals, and redundant description is omitted as necessary for the sake of clarity.
[実施の形態1]
 図1に示す本実施の形態に係る個人情報流通管理システム1は、個人情報提供装置10と、この装置10から個人情報を直接取得して利用する個人情報利用装置20と、この装置20からの要求に応じて個人情報を利用する個人情報利用装置30とで構成されている。なお、これらの装置10~30は、インターネット等の通信ネットワークを介して接続されている。 [Embodiment 1]
A personal information distribution management system 1 according to the present embodiment shown in FIG. 1 includes a personal information providing device 10, a personal information utilization device 20 that directly acquires and uses personal information from the device 10, and It comprises a personal information utilization device 30 that uses personal information upon request. Note that these devices 10 to 30 are connected via a communication network such as the Internet.
 また、個人情報提供装置10は、個人情報INFを記憶する個人情報記憶部11と、個人情報保有者が定めた開示ポリシDPを記憶する開示ポリシ記憶部12と、個人情報利用装置20又は30から利用ポリシUP20又はUP30を含む個人情報要求メッセージMSG1を受信し、個人情報が開示可能な場合に個人情報INFと開示ポリシDPとを個人情報利用装置20又は30に提供する個人情報提供部13と、この個人情報提供部13で受信された利用ポリシUP20又はUP30と開示ポリシ記憶部12から読み出した開示ポリシDPとを解析(照合)し、個人情報利用装置20又は30に対して個人情報INFが開示可能か否か判定する開示ポリシ解析部14とを備えている。 The personal information providing device 10 includes a personal information storage unit 11 that stores personal information INF, a disclosure policy storage unit 12 that stores a disclosure policy DP determined by a personal information holder, and a personal information utilization device 20 or 30. A personal information providing unit 13 that receives the personal information request message MSG1 including the usage policy UP20 or UP30 and provides the personal information INF and the disclosure policy DP to the personal information using device 20 or 30 when the personal information can be disclosed; Analyzing (collating) the usage policy UP20 or UP30 received by the personal information providing unit 13 and the disclosure policy DP read from the disclosure policy storage unit 12, and disclosing the personal information INF to the personal information utilization device 20 or 30 A disclosure policy analysis unit 14 for determining whether or not it is possible.
 ここで、開示ポリシDPには、個人情報INFの開示許可条件等が含まれる。また、利用ポリシUP20及びUP30には、個人情報利用装置20及び30の各々において必要な個人情報やその利用目的等が含まれる。 Here, the disclosure policy DP includes disclosure permission conditions for the personal information INF. The usage policies UP20 and UP30 include personal information necessary for each of the personal information utilization devices 20 and 30, the purpose of use thereof, and the like.
 また、個人情報利用装置20は、利用ポリシUP20を記憶する利用ポリシ記憶部21と、利用ポリシUP20を含む個人情報要求メッセージMSG1を生成して個人情報提供装置10に送信する個人情報取得部22と、この個人情報取得部22で取得された個人情報INFを利用する個人情報利用部23と、個人情報利用装置30に対して個人情報の利用要求メッセージMSG2を送信し、その応答として利用ポリシUP30を受信する利用要求部24と、個人情報取得部22で取得された開示ポリシDPと利用要求部24で取得された利用ポリシUP30とを解析(照合)し、個人情報利用装置30に対して個人情報INFが開示可能か否か判定する開示ポリシ解析部25と、利用ポリシUP20と利用ポリシUP30とを解析(照合)し、個人情報利用装置30に対して個人情報INFが提供可能か否か判定する利用ポリシ解析部26とを備えている。 Further, the personal information utilization device 20 includes a usage policy storage unit 21 that stores the usage policy UP20, a personal information acquisition unit 22 that generates a personal information request message MSG1 including the usage policy UP20 and transmits it to the personal information providing device 10. The personal information use unit 23 that uses the personal information INF acquired by the personal information acquisition unit 22 and the personal information use request message MSG2 are sent to the personal information use device 30, and the use policy UP30 is sent as a response. Analyzing (verifying) the usage request unit 24 to be received, the disclosure policy DP acquired by the personal information acquisition unit 22 and the usage policy UP30 acquired by the usage request unit 24, and personal information to the personal information utilization device 30 The disclosure policy analysis unit 25 that determines whether or not the INF can be disclosed, and analyzes (collates) the usage policy UP20 and the usage policy UP30 to determine whether or not the personal information INF can be provided to the personal information usage device 30. Use policy analysis unit 26 There.
 ここで、利用要求部24は、開示ポリシ解析部25で個人情報INFが開示可能であると判定され、且つ利用ポリシ解析部26で個人情報INFが提供可能であると判定された場合に、個人情報利用装置30へ個人情報INFを提供する。一方、個人情報INFが開示可能であっても、個人情報INFが提供不可である場合、利用要求部24は、個人情報利用装置30に対して、個人情報提供装置10からの個人情報の取得を促すメッセージ(以下、個人情報取得促進メッセージと呼称する)MSG4を送信する。 Here, the use request unit 24 determines that the personal information INF can be disclosed by the disclosure policy analysis unit 25 and the personal information INF can be provided by the use policy analysis unit 26. The personal information INF is provided to the information utilization apparatus 30. On the other hand, even if the personal information INF can be disclosed, but the personal information INF cannot be provided, the use request unit 24 obtains the personal information from the personal information providing device 10 to the personal information using device 30. A message urging message (hereinafter referred to as a personal information acquisition promotion message) MSG4 is transmitted.
 また、個人情報利用装置30は、利用ポリシUP30を記憶する利用ポリシ記憶部31と、利用要求メッセージMSG2を受けた際に利用ポリシUP30を個人情報利用装置20に送信する利用要求受付部32と、この利用要求受付部32で取得された個人情報INFを利用する個人情報利用部33と、利用要求受付部32が個人情報取得促進メッセージMSG4を受信した場合にのみ、利用ポリシUP30を含む個人情報要求メッセージMSG1を生成して個人情報提供装置10に送信する個人情報取得部34とを備えている。 Further, the personal information utilization device 30 includes a utilization policy storage unit 31 that stores the utilization policy UP30, a utilization request reception unit 32 that transmits the utilization policy UP30 to the personal information utilization device 20 when receiving the utilization request message MSG2, A personal information request including the usage policy UP30 only when the personal information utilization unit 33 that uses the personal information INF acquired by the usage request reception unit 32 and the usage request reception unit 32 receives the personal information acquisition promotion message MSG4. And a personal information acquisition unit 34 that generates a message MSG1 and transmits it to the personal information providing apparatus 10.
 動作においては、図2に示すように、まず個人情報利用装置20内の個人情報取得部22が、利用ポリシUP20を含む個人情報要求メッセージMSG1を生成し、個人情報提供装置10に送信する(ステップS1)。 In operation, as shown in FIG. 2, first, the personal information acquisition unit 22 in the personal information utilization device 20 generates a personal information request message MSG1 including the usage policy UP20 and transmits it to the personal information provision device 10 (step) S1).
 個人情報提供装置10内の個人情報提供部13は、メッセージMSG1中から利用ポリシUP20を抽出して開示ポリシ解析部14に与える。開示ポリシ解析部14は、開示ポリシ記憶部12から読み出した開示ポリシDPと利用ポリシUP20とを照合し、個人情報利用装置20が必要とする個人情報INF1が開示可能か否かを判定する(ステップS2)。この結果、個人情報INF1が開示可能であると判定された場合、個人情報提供部13は、個人情報利用装置20に個人情報INF1と開示ポリシDPとを送信する(ステップS3)。 The personal information providing unit 13 in the personal information providing apparatus 10 extracts the usage policy UP20 from the message MSG1 and gives it to the disclosure policy analyzing unit 14. The disclosure policy analysis unit 14 compares the disclosure policy DP read from the disclosure policy storage unit 12 with the usage policy UP20 to determine whether the personal information INF1 required by the personal information utilization device 20 can be disclosed (step S2). As a result, when it is determined that the personal information INF1 can be disclosed, the personal information providing unit 13 transmits the personal information INF1 and the disclosure policy DP to the personal information utilization device 20 (step S3).
 個人情報利用装置20内の個人情報取得部22は、受信した個人情報INF1を個人情報利用部23に与えて利用させると共に、利用要求部24に個人情報INF1及び開示ポリシDPを与えて利用要求メッセージMSG2を生成させる。利用要求部24は、生成した利用要求メッセージMSG2を個人情報利用装置30に送信する(ステップS4)。 The personal information acquisition unit 22 in the personal information utilization device 20 gives the received personal information INF1 to the personal information utilization unit 23 for use, and also gives the personal information INF1 and the disclosure policy DP to the usage request unit 24 to use the request message Generate MSG2. The usage request unit 24 transmits the generated usage request message MSG2 to the personal information utilization device 30 (step S4).
 これを受けた個人情報利用装置30内の利用要求受付部32は、利用ポリシUP30を個人情報利用装置20へ送信する(ステップS5)。 Upon receipt of the request, the use request receiving unit 32 in the personal information using device 30 transmits the use policy UP30 to the personal information using device 20 (step S5).
 個人情報利用装置20内の開示ポリシ解析部25は、個人情報提供装置10から受信した開示ポリシDPと、個人情報利用装置30から受信した利用ポリシUP30とを照合し、個人情報利用装置30が必要とする個人情報INF2が開示可能か否かを判定する(ステップS6)。 The disclosure policy analysis unit 25 in the personal information utilization device 20 collates the disclosure policy DP received from the personal information provision device 10 with the utilization policy UP30 received from the personal information utilization device 30, and the personal information utilization device 30 is required. It is determined whether or not the personal information INF2 can be disclosed (step S6).
 この結果、個人情報INF2が開示不可であると判定された場合(ステップS7)、利用要求部24は、エラーメッセージMSG3を生成して個人情報利用装置30に送信した後、処理を終了する(ステップS8)。 As a result, when it is determined that the personal information INF2 cannot be disclosed (step S7), the usage request unit 24 generates the error message MSG3 and transmits it to the personal information utilization device 30, and then ends the processing (step S7). S8).
 一方、個人情報INF2が開示可能と判定された場合には、利用ポリシ解析部26が、利用ポリシ記憶部21から読み出した自装置における利用ポリシUP20と、個人情報利用装置30から受信した利用ポリシUP30とを照合し、個人情報利用装置30に個人情報INF2が提供可能か否か(すなわち、個人情報利用装置20が個人情報INF2を有しているか否か)判定する(ステップS9)。なお、個人情報INF2の提供可否は、個人情報提供装置10から取得した個人情報INF1中に個人情報INF2が含まれるか否かを検索することにより行っても良い。 On the other hand, if it is determined that the personal information INF2 can be disclosed, the usage policy analysis unit 26 uses the usage policy UP20 in the own device read from the usage policy storage unit 21, and the usage policy UP30 received from the personal information usage device 30. To determine whether or not personal information INF2 can be provided to the personal information utilization device 30 (that is, whether or not the personal information utilization device 20 has the personal information INF2) (step S9). Whether or not the personal information INF2 can be provided may be determined by searching whether or not the personal information INF2 is included in the personal information INF1 acquired from the personal information providing apparatus 10.
 この結果、個人情報INF2が提供可能であると判定された場合(ステップS10)、利用要求部24は、個人情報利用装置30へ個人情報INF2を送信して処理を終了する(ステップS11)。 As a result, when it is determined that the personal information INF2 can be provided (step S10), the use request unit 24 transmits the personal information INF2 to the personal information utilization device 30 and ends the process (step S11).
 一方、個人情報INF2が提供不可であると判定された場合には、利用要求部24が、個人情報取得促進メッセージMSG4を生成して個人情報利用装置30に送信する(ステップS12)。 On the other hand, if it is determined that the personal information INF2 cannot be provided, the usage request unit 24 generates a personal information acquisition promotion message MSG4 and transmits it to the personal information utilization device 30 (step S12).
 このメッセージMSG4の受信を検知した個人情報利用装置30内の個人情報取得部34は、利用ポリシUP30を含む個人情報要求メッセージMSG1を生成し、個人情報提供装置10に送信する(ステップS13)。 The personal information acquisition unit 34 in the personal information utilization device 30 that has detected the reception of this message MSG4 generates a personal information request message MSG1 including the usage policy UP30 and transmits it to the personal information provision device 10 (step S13).
 個人情報提供装置10内の個人情報提供部13は、開示ポリシ解析部14によって個人情報INF2が開示可能と判定されれば(ステップS14)、個人情報利用装置30に個人情報INF2と開示ポリシDPとを送信する(ステップS15)。 If the personal information providing unit 13 in the personal information providing device 10 determines that the personal information INF2 can be disclosed by the disclosure policy analyzing unit 14 (step S14), the personal information providing device 30 stores the personal information INF2 and the disclosure policy DP. Is transmitted (step S15).
 このように、個人情報利用装置20は、個人情報利用装置30が必要とする個人情報INF2を開示可能且つ提供不可である場合にのみ、個人情報利用装置30に個人情報提供装置10へアクセスさせることができる。 As described above, the personal information utilization device 20 allows the personal information utilization device 30 to access the personal information provision device 10 only when the personal information INF2 required by the personal information utilization device 30 can be disclosed and cannot be provided. Can do.
 なお、個人情報利用装置20は、上記のステップS9で個人情報INF2の一部が提供可能であると判定した場合に、その一部の個人情報を個人情報取得促進メッセージMSG4と共に個人情報利用装置30に送信しても良い。この場合、個人情報利用装置30は、個人情報INF2の内で不足している個人情報のみを個人情報提供装置10から取得することができ、以て個人情報提供装置10-個人情報利用装置30間の情報伝送量を低減させることができる。 If the personal information utilization device 20 determines that a part of the personal information INF2 can be provided in step S9, the personal information utilization device 30 sends the partial personal information together with the personal information acquisition promotion message MSG4. You may send to. In this case, the personal information utilization device 30 can acquire only the personal information that is insufficient in the personal information INF2 from the personal information provision device 10, and therefore between the personal information provision device 10 and the personal information utilization device 30. The amount of information transmission can be reduced.
[実施の形態2]
 図3に示す本実施の形態に係る個人情報流通管理システム1aは、個人情報利用装置30aが、図1に示した個人情報利用装置30の構成に加えて、開示許可証生成部35を備えている点が上記の実施の形態1と異なる。ここで、開示許可証生成部35は、個人情報利用装置20内の開示ポリシ解析部25によって個人情報利用装置30aが必要とする個人情報が開示可能であると判定されたことを証明する開示許可証LSを生成するものである。 [Embodiment 2]
In the personal information distribution management system 1a according to the present embodiment shown in FIG. 3, the personal information utilization device 30a includes a disclosure permit generation unit 35 in addition to the configuration of the personal information utilization device 30 shown in FIG. This is different from the first embodiment. Here, the disclosure permit generating unit 35 discloses a disclosure permission that proves that the personal information required by the personal information utilization device 30a is disclosed by the disclosure policy analysis unit 25 in the personal information utilization device 20 It generates a proof LS.
 また、これに対応して、個人情報取得部34が、利用ポリシUP30に加えて開示許可証LSを個人情報要求メッセージMSG1に含めるようにしている。 Correspondingly, the personal information acquisition unit 34 includes the disclosure permit LS in addition to the usage policy UP30 in the personal information request message MSG1.
 次に、本実施の形態の動作を図4を参照して説明するが、同図のステップS1~S12の処理は、図2に示したステップS1~S12と同様の処理であるため説明を省略する。 Next, the operation of the present embodiment will be described with reference to FIG. 4, but the processing in steps S1 to S12 in the same figure is the same as the processing in steps S1 to S12 shown in FIG. To do.
 ステップS12で個人情報利用装置20から送出された個人情報取得促進メッセージMSG4を受信した場合、個人情報利用装置30a内の開示許可証生成部35が、開示許可証LSを生成して個人情報取得部34に与える(ステップS16)。 When receiving the personal information acquisition promotion message MSG4 sent from the personal information utilization device 20 in step S12, the disclosure permit generation unit 35 in the personal information utilization device 30a generates a disclosure permit LS to generate the personal information acquisition unit (Step S16).
 個人情報取得部34は、利用ポリシUP30と開示許可証LSを含む個人情報要求メッセージMSG1を生成して個人情報提供装置10に送信する(ステップS17)。 The personal information acquisition unit 34 generates a personal information request message MSG1 including the usage policy UP30 and the disclosure permit LS and transmits it to the personal information providing apparatus 10 (step S17).
 個人情報提供装置10内の個人情報提供部13は、個人情報要求メッセージMSG1に開示許可証LSが含まれているため、開示ポリシDPを参照すること無く個人情報記憶部11から個人情報INF2を取得し、個人情報利用装置30aへ送信する(ステップS18)。 The personal information providing unit 13 in the personal information providing apparatus 10 acquires the personal information INF2 from the personal information storage unit 11 without referring to the disclosure policy DP because the personal information request message MSG1 includes the disclosure permit LS. Then, it is transmitted to the personal information utilization device 30a (step S18).
 このように、個人情報利用装置30aが個人情報提供装置10に対して開示許可証LSを提示することで、個人情報提供装置10における個人情報INF2の開示可否の判定処理が不要となり、以て個人情報提供装置10の処理負荷を軽減することができる。 In this way, the personal information utilization device 30a presents the disclosure permit LS to the personal information providing device 10, so that the personal information providing device 10 does not need to determine whether or not the personal information INF2 can be disclosed. The processing load on the information providing apparatus 10 can be reduced.
 以下、上記の個人情報流通管理システム1aの具体的な適用例を、図5及び図6A~図6Cを参照して説明する。 Hereinafter, specific application examples of the personal information distribution management system 1a will be described with reference to FIGS. 5 and 6A to 6C.
 図5に示す旅行予約システム2は、個人情報流通管理システム1aを旅行予約の際の宿泊の予約と交通手段の予約とをワンストップで行うサービスに適用したものである。図3に示した個人情報提供装置10を所有するポータルサイト100と、個人情報利用装置20を所有するホテル200と、個人情報利用装置30aを所有する航空会社300とが、インターネット等の通信ネットワークNWを介して相互接続されている。ここで、ポータルサイト100は、旅行予約システム2のサービス利用者の個人情報とその開示ポリシとを保管しているものとする。また、サービス利用者からの宿泊予約を受けたホテル200が、航空会社300の予約サービスを呼び出して飛行機の座席予約を行なうものとする。 The travel reservation system 2 shown in FIG. 5 is an application of the personal information distribution management system 1a to a service for making a one-stop reservation for accommodation and transportation when making a travel reservation. The portal site 100 that owns the personal information providing device 10 shown in FIG. 3, the hotel 200 that owns the personal information utilization device 20, and the airline 300 that owns the personal information utilization device 30a are connected to a communication network NW such as the Internet. Are interconnected through. Here, it is assumed that the portal site 100 stores the personal information of the service user of the travel reservation system 2 and its disclosure policy. In addition, it is assumed that the hotel 200 that has received a reservation from a service user calls the reservation service of the airline 300 to make a seat reservation for the plane.
 動作においては、まずホテル200が、図6Aに示す宿泊予約に関する利用ポリシUP1が記載された個人情報要求書を生成し、ポータルサイト100にサービス利用者の個人情報を要求する。ここで、利用ポリシUP1には、図示の如く、個人情報の利用目的PPとして"宿泊予約"、必要な個人情報INF1として"氏名"、"年齢"、"性別"、"住所"、及び"電話番号"が設定されている。 In operation, first, the hotel 200 generates a personal information request form in which the usage policy UP1 relating to the accommodation reservation shown in FIG. 6A is described, and requests the personal information of the service user from the portal site 100. Here, in the usage policy UP1, as shown in the drawing, “accommodation reservation” as the usage purpose PP of personal information, “name”, “age”, “gender”, “address”, and “phone” as necessary personal information INF1 "Number" is set.
 ポータルサイト100は、図6Bに示すサービス利用者の開示ポリシDPと、ホテル200から受け取った利用ポリシUP1とを照合して個人情報INF1の開示可否を判定する。ここで、開示ポリシDPには、図示の如く、開示許可条件CNDとして"宿泊予約に関する利用"、個人情報INFとして"氏名"、"年齢"、"性別"、"住所"、"電話番号"、及び"Eメールアドレス"が設定されている。このため、ポータルサイト100は、個人情報INF1が開示可能であると判定し、個人情報INF1と開示ポリシDPを含む応答書を生成してホテル200に送信する。 The portal site 100 compares the disclosure policy DP of the service user shown in FIG. 6B with the usage policy UP1 received from the hotel 200 to determine whether or not the personal information INF1 can be disclosed. Here, in the disclosure policy DP, as shown in the figure, “use regarding accommodation reservation” as disclosure permission condition CND, “name”, “age”, “gender”, “address”, “phone number”, as personal information INF, And “E-mail address” are set. Therefore, the portal site 100 determines that the personal information INF1 can be disclosed, generates a response including the personal information INF1 and the disclosure policy DP, and transmits the response to the hotel 200.
 ホテル200は、取得した個人情報INF1を利用して宿泊予約を行う。この後、ホテル200は、飛行機予約要求書を生成して航空会社300に送信する。これを受けた航空会社300は、図6Cに示す飛行機予約に関する利用ポリシUP2が記載された応答書を生成し、ホテル200に送信する。ここで、利用ポリシUP2には、図示の如く、個人情報の利用目的PPとして"飛行機予約"、必要な個人情報INF2として"氏名"、"年齢"、"性別"、"電話番号"、及び"Eメールアドレス"が設定されている。 Hotel 200 makes an accommodation reservation using the acquired personal information INF1. Thereafter, the hotel 200 generates an airplane reservation request and transmits it to the airline 300. Receiving this, the airline 300 generates a response form in which the usage policy UP2 relating to the airplane reservation shown in FIG. 6C is described, and transmits it to the hotel 200. Here, in the usage policy UP2, as shown in the figure, “Plane reservation” as the usage purpose PP of personal information, “Name”, “Age”, “Gender”, “Phone number”, and “Personal information INF2 as necessary” “E-mail address” is set.
 そして、ホテル200は、開示ポリシDPと、航空会社300から受け取った利用ポリシUP2とを照合して個人情報INF2の開示可否を判定する。開示ポリシDPには、図6Bに示す如く開示許可条件CNDとして"飛行機予約に関する利用"が設定されており、個人情報INFには、"氏名"、"年齢"、"性別"、"電話番号"、及び"Eメールアドレス"が全て含まれている。このため、ホテル200は、個人情報INF2が開示可能であると判定する。 Then, the hotel 200 collates the disclosure policy DP with the usage policy UP2 received from the airline 300, and determines whether or not the personal information INF2 can be disclosed. In the disclosure policy DP, as shown in FIG. 6B, “use regarding airplane reservation” is set as the disclosure permission condition CND, and “name”, “age”, “gender”, “phone number” are set in the personal information INF. And “E-mail address” are all included. For this reason, the hotel 200 determines that the personal information INF2 can be disclosed.
 この後、航空会社300に対する個人情報INF2の提供可否を判定するが、ホテル200は、個人情報INF2中の"Eメールアドレス"を有していないため、個人情報INF2が提供不可であると判定し、図6Cに示す開示許可証LSを生成して航空会社300に送信する。ここで、開示許可証LSには、開示ポリシDPと利用ポリシUP2とが照合済みである旨が記載されている。 Thereafter, it is determined whether or not the personal information INF2 can be provided to the airline 300. However, since the hotel 200 does not have the “e-mail address” in the personal information INF2, it is determined that the personal information INF2 cannot be provided. Then, a disclosure permit LS shown in FIG. 6C is generated and transmitted to the airline 300. Here, the disclosure permit LS describes that the disclosure policy DP and the usage policy UP2 have been verified.
 航空会社300は、図6Cに示す如く利用ポリシUP2と開示許可証LSを含む個人情報要求書MSG1を生成し、ポータルサイト100に送信する。 The airline 300 generates a personal information request MSG1 including a usage policy UP2 and a disclosure permit LS as shown in FIG. 6C and transmits it to the portal site 100.
 ポータルサイト100は、個人情報要求書MSG1に開示許可証LSが含まれているため、開示ポリシDPと利用ポリシUP2の照合を行わずに、航空会社300に個人情報INF2を送信する。 The portal site 100 transmits the personal information INF2 to the airline 300 without collating the disclosure policy DP and the usage policy UP2 because the disclosure permit LS is included in the personal information request MSG1.
 航空会社300は、取得した個人情報INF2を利用して飛行機予約を行う。 The airline 300 makes a flight reservation using the acquired personal information INF2.
 なお、上記の実施の形態によって本発明は限定されるものではなく、特許請求の範囲の記載に基づき、当業者によって種々の変更が可能なことは明らかである。例えば、上記の実施の形態で示した個人情報利用装置の各処理をコンピュータに実行させるためのプログラムとして提供することもできる。 It should be noted that the present invention is not limited by the above-described embodiments, and it is apparent that various modifications can be made by those skilled in the art based on the description of the scope of claims. For example, it can be provided as a program for causing a computer to execute each process of the personal information utilization apparatus shown in the above embodiment.
 この出願は、2008年3月3日に出願された日本出願特願2008-052048を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority based on Japanese Patent Application No. 2008-052048 filed on Mar. 3, 2008, the entire disclosure of which is incorporated herein.
 本発明は、個人情報流通管理システムに適用され、特に個人情報の管理ポリシに従って、個人情報利用装置同士間で個人情報の配布を行うことができる個人情報流通管理システムに適用される。 The present invention is applied to a personal information distribution management system, and in particular to a personal information distribution management system capable of distributing personal information between personal information utilization devices in accordance with a personal information management policy.

Claims (18)

  1.  個人情報提供装置と、第1の個人情報利用装置と、前記第1の個人情報利用装置からの要求に応じて個人情報を利用する第2の個人情報利用装置と、を備えた個人情報流通管理システムであって、
     前記個人情報提供装置が、個人情報を、その保有者が定めた開示ポリシに従って提供する第1手段を有し、
     前記第1の個人情報利用装置が、前記個人情報提供装置から、個人情報と前記開示ポリシとを取得する第2手段と、前記第2の個人情報利用装置に前記取得した個人情報の利用を要求し、その応答として前記第2の個人情報利用装置における個人情報の利用ポリシを受信する第3手段と、前記開示ポリシと前記利用ポリシとを照合し、前記第2の個人情報利用装置が必要とする個人情報を開示可能か否か判定する第4手段と、前記第2の個人情報利用装置が必要とする個人情報が開示可能である場合、前記取得した個人情報の内から前記第2の個人情報利用装置が必要とする個人情報を提供可能か否か判定する第5手段と、前記第2の個人情報利用装置が必要とする個人情報が提供不可である場合、前記第2の個人情報利用装置に対して、前記個人情報提供装置からの個人情報の取得を促す通知を行う第6手段と、を有し、
     前記第2の個人情報利用装置が、前記要求への応答として、前記第1の個人情報利用装置に前記利用ポリシを送信する第7手段と、前記通知を受けた場合、前記必要な個人情報を前記個人情報提供装置から取得する第8手段と、を有する
     ことを特徴とする個人情報流通管理システム。     Personal information distribution management comprising: a personal information providing device; a first personal information using device; and a second personal information using device that uses personal information in response to a request from the first personal information using device. A system,
    The personal information providing device has a first means for providing personal information in accordance with a disclosure policy set by the owner;
    The first personal information utilization device requests a second means for obtaining personal information and the disclosure policy from the personal information providing device, and requests the second personal information utilization device to use the obtained personal information. In response, the third means for receiving the usage policy of the personal information in the second personal information utilization device, the disclosure policy and the usage policy are collated, and the second personal information utilization device is required. 4th means for determining whether or not the personal information to be disclosed can be disclosed, and when the personal information required by the second personal information utilization device can be disclosed, the second individual from the acquired personal information The fifth means for determining whether or not the personal information required by the information use device can be provided, and when the personal information required by the second personal information use device cannot be provided, the second personal information use Before the device A sixth means for performing notification to prompt the acquisition of personal information from the personal information providing apparatus, a,
    In response to the request, the second personal information utilization device receives the notification and the seventh means for transmitting the utilization policy to the first personal information utilization device. And an eighth means for acquiring from the personal information providing apparatus.
  2. 請求項1において、
     前記第2の個人情報利用装置が、前記必要な個人情報の前記個人情報提供装置からの取得に際して、前記第1の個人情報提供装置において前記必要な個人情報が開示可能であると判定されたことを証明する開示許可証を生成し、前記個人情報提供装置に送信する手段をさらに備え、
     前記個人情報提供装置が、前記開示許可証を受けた場合に、前記開示ポリシを参照すること無く前記必要な個人情報を前記第2の個人情報利用装置へ提供する手段をさらに備えたことを特徴とする個人情報流通管理システム。     In claim 1,
    When the second personal information utilization device acquires the necessary personal information from the personal information provision device, it is determined that the necessary personal information can be disclosed in the first personal information provision device. Further comprising means for generating a disclosure permit for certifying and transmitting to the personal information providing device,
    The personal information providing device further comprises means for providing the necessary personal information to the second personal information utilization device without referring to the disclosure policy when the disclosure permit is received. Personal information distribution management system.
  3. 請求項1において、
     前記第1の個人情報利用装置が、前記取得した個人情報の内から前記第2の個人情報利用装置が必要とする個人情報の一部を提供可能であると判定した場合、前記通知と共に前記一部の個人情報を前記第2の個人情報利用装置に送信する手段をさらに備え、
     前記第2の個人情報利用装置が、前記通知と共に前記一部の個人情報を受けた場合に、前記必要な個人情報の内で不足している個人情報を前記個人情報提供装置から取得する手段をさらに備えたことを特徴とする個人情報流通管理システム。     In claim 1,
    When the first personal information utilization device determines that it is possible to provide a part of the personal information required by the second personal information utilization device from the acquired personal information, together with the notification, the one Means for transmitting a part of personal information to the second personal information utilization device,
    Means for acquiring, from the personal information providing device, personal information that is missing among the necessary personal information when the second personal information utilization device receives the partial personal information together with the notification; A personal information distribution management system characterized by further comprising:
  4.  個人情報提供装置から、個人情報とその保有者が定めた個人情報の開示ポリシとを取得する第1手段と、
     他の個人情報利用装置に前記取得した個人情報の利用を要求し、その応答として前記他の個人情報利用装置における個人情報の利用ポリシを受信する第2手段と、
     前記開示ポリシと前記利用ポリシとを照合し、前記他の個人情報利用装置が必要とする個人情報を開示可能か否か判定する第3手段と、
     前記他の個人情報利用装置が必要とする個人情報が開示可能である場合、前記取得した個人情報の内から前記他の個人情報利用装置が必要とする個人情報を提供可能か否か判定する第4手段と、
     前記他の個人情報利用装置が必要とする個人情報が提供不可である場合、前記他の個人情報利用装置に対して、前記個人情報提供装置からの個人情報の取得を促す通知を行う第5手段と、
     を備えた個人情報利用装置。     A first means for acquiring personal information and a disclosure policy of personal information determined by the owner from the personal information providing device;
    A second means for requesting use of the acquired personal information to another personal information utilization device and receiving a use policy of personal information in the other personal information utilization device as a response;
    A third means for collating the disclosure policy with the usage policy and determining whether the personal information required by the other personal information utilization device can be disclosed;
    When the personal information required by the other personal information utilization device can be disclosed, it is determined whether the personal information required by the other personal information utilization device can be provided from the acquired personal information. 4 means,
    Fifth means for notifying the other personal information utilization device to acquire personal information from the personal information provision device when the personal information required by the other personal information utilization device cannot be provided. When,
    Personal information utilization device equipped with.
  5. 請求項4において、
     前記取得した個人情報の内から前記他の個人情報利用装置が必要とする個人情報の一部を提供可能であると判定した場合、前記通知と共に前記一部の個人情報を前記他の個人情報利用装置に送信する手段をさらに備えたことを特徴とする個人情報利用装置。     In claim 4,
    When it is determined that it is possible to provide a part of the personal information required by the other personal information using device from the acquired personal information, the part of the personal information is used together with the notification. An apparatus for using personal information, further comprising means for transmitting to the apparatus.
  6.  他の個人情報利用装置からの個人情報の利用要求への応答として、前記他の個人情報利用装置に自装置における個人情報の利用ポリシを送信し、必要な個人情報の提供を要求する第1手段と、
     前記他の個人情報利用装置から、前記必要な個人情報は提供不可であるが開示可能である旨の通知を受けた場合、前記必要な個人情報を個人情報提供装置から取得する第2手段と、
     を備えた個人情報利用装置。     As a response to a request for use of personal information from another personal information use device, a first means for transmitting a use policy of personal information in the own device to the other personal information use device and requesting provision of necessary personal information When,
    A second means for acquiring the necessary personal information from the personal information providing device when receiving a notification from the other personal information utilization device that the necessary personal information cannot be provided but can be disclosed;
    Personal information utilization device equipped with.
  7. 請求項6において、
     前記必要な個人情報の前記個人情報提供装置からの取得に際して、前記他の情報提供装置において前記必要な個人情報が開示可能であると判定されたことを証明する開示許可証を生成し、前記個人情報提供装置に送信する手段をさらに備えたことを特徴とする個人情報利用装置。     In claim 6,
    When obtaining the necessary personal information from the personal information providing device, the other information providing device generates a disclosure permit that proves that the necessary personal information is disclosed, An apparatus for using personal information, further comprising means for transmitting to the information providing apparatus.
  8. 請求項6において、
     前記他の個人情報利用装置から、前記通知と共に前記必要な個人情報の一部を受けた場合に、前記必要な個人情報の内で不足している個人情報を前記個人情報提供装置から取得する手段をさらに備えたことを特徴とする個人情報利用装置。     In claim 6,
    Means for acquiring, from the personal information providing apparatus, personal information that is missing among the necessary personal information when receiving a part of the necessary personal information together with the notification from the other personal information utilization apparatus. An apparatus for using personal information, further comprising:
  9.  個人情報提供装置から、個人情報とその保有者が定めた個人情報の開示ポリシとを取得する第1ステップと、
     他の個人情報利用装置に前記取得した個人情報の利用を要求し、その応答として前記他の個人情報利用装置における個人情報の利用ポリシを受信する第2ステップと、
     前記開示ポリシと前記利用ポリシとを照合し、前記他の個人情報利用装置が必要とする個人情報を開示可能か否か判定する第3ステップと、
     前記他の個人情報利用装置が必要とする個人情報が開示可能である場合、前記取得した個人情報の内から前記他の個人情報利用装置が必要とする個人情報を提供可能か否か判定する第4ステップと、
     前記他の個人情報利用装置が必要とする個人情報が提供不可である場合、前記他の個人情報利用装置に対して、前記個人情報提供装置からの個人情報の取得を促す通知を行う第5ステップと、
     を備えた個人情報利用方法。     A first step of acquiring personal information and a disclosure policy of personal information determined by the owner from the personal information providing device;
    A second step of requesting the use of the acquired personal information to another personal information using device and receiving a use policy of the personal information in the other personal information using device as a response;
    A third step of collating the disclosure policy with the usage policy and determining whether the personal information required by the other personal information utilization device can be disclosed;
    When the personal information required by the other personal information utilization device can be disclosed, it is determined whether the personal information required by the other personal information utilization device can be provided from the acquired personal information. 4 steps,
    When personal information required by the other personal information utilization device cannot be provided, a fifth step of notifying the other personal information utilization device to urge acquisition of personal information from the personal information provision device When,
    How to use personal information with
  10. 請求項9において、
     前記取得した個人情報の内から前記他の個人情報利用装置が必要とする個人情報の一部を提供可能であると判定した場合、前記通知と共に前記一部の個人情報を前記他の個人情報利用装置に送信するステップをさらに備えたことを特徴とする個人情報利用方法。     In claim 9,
    When it is determined that it is possible to provide a part of the personal information required by the other personal information using device from the acquired personal information, the part of the personal information is used together with the notification. A method for using personal information, further comprising the step of transmitting to a device.
  11.  他の個人情報利用装置からの個人情報の利用要求への応答として、前記他の個人情報利用装置に予め記憶している個人情報の利用ポリシを送信し、必要な個人情報の提供を要求する第1ステップと、
     前記他の個人情報利用装置から、前記必要な個人情報は提供不可であるが開示可能である旨の通知を受けた場合、前記必要な個人情報を個人情報提供装置から取得する第2ステップと、
     を備えた個人情報利用方法。     In response to a request for use of personal information from another personal information utilization device, a personal information utilization policy stored in advance in the other personal information utilization device is transmitted to request provision of necessary personal information. One step,
    A second step of obtaining the necessary personal information from the personal information providing device when receiving notification from the other personal information utilization device that the necessary personal information cannot be provided but can be disclosed;
    How to use personal information with
  12. 請求項11において、
     前記必要な個人情報の前記個人情報提供装置からの取得に際して、前記他の情報提供装置において前記必要な個人情報が開示可能であると判定されたことを証明する開示許可証を生成し、前記個人情報提供装置に送信するステップをさらに備えたことを特徴とする個人情報利用方法。     In claim 11,
    When obtaining the necessary personal information from the personal information providing device, the other information providing device generates a disclosure permit that proves that the necessary personal information is disclosed, A method for using personal information, further comprising the step of transmitting to an information providing apparatus.
  13. 請求項11において、
     前記他の個人情報利用装置から、前記通知と共に前記必要な個人情報の一部を受けた場合に、前記必要な個人情報の内で不足している個人情報を前記個人情報提供装置から取得するステップをさらに備えたことを特徴とする個人情報利用方法。     In claim 11,
    A step of acquiring, from the personal information providing device, personal information that is missing among the necessary personal information when receiving a part of the necessary personal information together with the notification from the other personal information using device; A method for using personal information, further comprising:
  14.  個人情報利用装置の制御プログラムであって、
     前記個人情報利用装置に、
     個人情報提供装置から、個人情報とその保有者が定めた個人情報の開示ポリシとを取得する第1ステップと、
     他の個人情報利用装置に前記取得した個人情報の利用を要求し、その応答として前記他の個人情報利用装置における個人情報の利用ポリシを受信する第2ステップと、
     前記開示ポリシと前記利用ポリシとを照合し、前記他の個人情報利用装置が必要とする個人情報を開示可能か否か判定する第3ステップと、
     前記他の個人情報利用装置が必要とする個人情報が開示可能である場合、前記取得した個人情報の内から前記他の個人情報利用装置が必要とする個人情報を提供可能か否か判定する第4ステップと、
     前記他の個人情報利用装置が必要とする個人情報が提供不可である場合、前記他の個人情報利用装置に対して、前記個人情報提供装置からの個人情報の取得を促す通知を行う第5ステップと、
     を実行させることを特徴とする制御プログラム。     A control program for a personal information utilization device,
    In the personal information utilization device,
    A first step of acquiring personal information and a disclosure policy of personal information determined by the owner from the personal information providing device;
    A second step of requesting the use of the acquired personal information to another personal information using device and receiving a use policy of the personal information in the other personal information using device as a response;
    A third step of collating the disclosure policy with the usage policy and determining whether the personal information required by the other personal information utilization device can be disclosed;
    When the personal information required by the other personal information utilization device can be disclosed, it is determined whether the personal information required by the other personal information utilization device can be provided from the acquired personal information. 4 steps,
    When personal information required by the other personal information utilization device cannot be provided, a fifth step of notifying the other personal information utilization device to urge acquisition of personal information from the personal information provision device When,
    A control program characterized by causing
  15. 請求項14において、
     前記個人情報利用装置に、
     前記取得した個人情報の内から前記他の個人情報利用装置が必要とする個人情報の一部を提供可能であると判定した場合、前記通知と共に前記一部の個人情報を前記他の個人情報利用装置に送信するステップをさらに実行させることを特徴とする制御プログラム。     In claim 14,
    In the personal information utilization device,
    When it is determined that it is possible to provide a part of the personal information required by the other personal information using device from the acquired personal information, the part of the personal information is used together with the notification. A control program for further executing the step of transmitting to an apparatus.
  16.  個人情報利用装置の制御プログラムであって、
     前記個人情報利用装置に、
     他の個人情報利用装置からの個人情報の利用要求への応答として、前記他の個人情報利用装置に予め記憶している個人情報の利用ポリシを送信し、必要な個人情報の提供を要求する第1ステップと、
     前記他の個人情報利用装置から、前記必要な個人情報は提供不可であるが開示可能である旨の通知を受けた場合、前記必要な個人情報を個人情報提供装置から取得する第2ステップと、
     を実行させることを特徴とする制御プログラム。     A control program for a personal information utilization device,
    In the personal information utilization device,
    In response to a request for use of personal information from another personal information utilization device, a personal information utilization policy stored in advance in the other personal information utilization device is transmitted to request provision of necessary personal information. One step,
    A second step of obtaining the necessary personal information from the personal information providing device when receiving notification from the other personal information utilization device that the necessary personal information cannot be provided but can be disclosed;
    A control program characterized by causing
  17. 請求項16において、
     前記個人情報利用装置に、
     前記必要な個人情報の前記個人情報提供装置からの取得に際して、前記他の情報提供装置において前記必要な個人情報が開示可能であると判定されたことを証明する開示許可証を生成し、前記個人情報提供装置に送信するステップをさらに実行させることを特徴とする制御プログラム。     In claim 16,
    In the personal information utilization device,
    When obtaining the necessary personal information from the personal information providing device, the other information providing device generates a disclosure permit that proves that the necessary personal information is disclosed, A control program for further executing the step of transmitting to the information providing apparatus.
  18. 請求項16において、
     前記個人情報利用装置に、
     前記他の個人情報利用装置から、前記通知と共に前記必要な個人情報の一部を受けた場合に、前記必要な個人情報の内で不足している個人情報を前記個人情報提供装置から取得するステップをさらに実行させることを特徴とする制御プログラム。     In claim 16,
    In the personal information utilization device,
    A step of acquiring, from the personal information providing device, personal information that is missing among the necessary personal information when receiving a part of the necessary personal information together with the notification from the other personal information using device; Is further executed.
PCT/JP2009/051846 2008-03-03 2009-02-04 Personal information distribution management system, and personal information using device and method WO2009110277A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2010501827A JP5429158B2 (en) 2008-03-03 2009-02-04 Personal information distribution management system, personal information utilization apparatus and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008052048 2008-03-03
JP2008-052048 2008-03-03

Publications (1)

Publication Number Publication Date
WO2009110277A1 true WO2009110277A1 (en) 2009-09-11

Family

ID=41055839

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/051846 WO2009110277A1 (en) 2008-03-03 2009-02-04 Personal information distribution management system, and personal information using device and method

Country Status (2)

Country Link
JP (1) JP5429158B2 (en)
WO (1) WO2009110277A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012046670A1 (en) * 2010-10-05 2012-04-12 日本電気株式会社 Personal-information transmission/reception system, personal-information transmission/reception method, personal-information provision device, preference management device, and computer program
JP7354860B2 (en) 2020-01-31 2023-10-03 富士フイルムビジネスイノベーション株式会社 Information processing device, information processing system, and information processing program
JP7463750B2 (en) 2020-02-10 2024-04-09 大日本印刷株式会社 Consent simulation distribution device and computer program

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006344156A (en) * 2005-06-10 2006-12-21 Nec Corp Personal information distribution management system, personal information distribution management method, personal information providing program and personal information using program

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006344156A (en) * 2005-06-10 2006-12-21 Nec Corp Personal information distribution management system, personal information distribution management method, personal information providing program and personal information using program

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012046670A1 (en) * 2010-10-05 2012-04-12 日本電気株式会社 Personal-information transmission/reception system, personal-information transmission/reception method, personal-information provision device, preference management device, and computer program
JP7354860B2 (en) 2020-01-31 2023-10-03 富士フイルムビジネスイノベーション株式会社 Information processing device, information processing system, and information processing program
JP7463750B2 (en) 2020-02-10 2024-04-09 大日本印刷株式会社 Consent simulation distribution device and computer program

Also Published As

Publication number Publication date
JP5429158B2 (en) 2014-02-26
JPWO2009110277A1 (en) 2011-07-14

Similar Documents

Publication Publication Date Title
EP2589179B1 (en) Apparatus and method for controlling access to multiple services
JP4729651B2 (en) Authentication apparatus, authentication method, and authentication program implementing the method
US20120144501A1 (en) Regulating access to protected data resources using upgraded access tokens
CN108605043B (en) Authentication of packetized audio signals
CN102752300B (en) Dynamic antitheft link system and dynamic antitheft link method
US9053136B2 (en) Systems and methods for identifying contacts as users of a multi-tenant database and application system
US20100077467A1 (en) Authentication service for seamless application operation
JP2018536232A (en) System and method for controlling sign-on to a web application
US9942764B1 (en) System and method for accessing a membership-based service
CN102413151A (en) Network resource sharing method and system
WO2009101755A1 (en) Personal information circulation control system and personal information circulation control method
US10652332B2 (en) System, method, and apparatuses for dynamic authorization
CN111404921A (en) Webpage application access method, device, equipment, system and storage medium
JP4667326B2 (en) Authentication apparatus, authentication method, and authentication program implementing the method
JP5429158B2 (en) Personal information distribution management system, personal information utilization apparatus and method
JP5383923B1 (en) Information processing apparatus, information processing system, information processing method, and program
US7840666B2 (en) Device, control method of the device, and program for causing computer to execute the control method
CN110276028B (en) Processing method and device for internal link function requirements of business system
US20140304097A1 (en) Method & System for the automated population of data fields, with personal information, in enrollment/registration forms of service providers
US8364837B2 (en) Virtual web service
US20110289552A1 (en) Information management system
JP2010039763A (en) Server system
JP2009110337A (en) Information processing apparatus, information processing system, and information processing method
CN103078912A (en) Single-point logging method and system
CN113987035A (en) Block chain external data access method, device, system, equipment and medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09717805

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2010501827

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09717805

Country of ref document: EP

Kind code of ref document: A1