WO2020184580A1

WO2020184580A1 - Mediation device, system, and computer program

Info

Publication number: WO2020184580A1
Application number: PCT/JP2020/010379
Authority: WO
Inventors: 誠一猪谷; 龍道本
Original assignee: 株式会社博報堂Ｄｙホールディングス
Priority date: 2019-03-11
Filing date: 2020-03-10
Publication date: 2020-09-17
Also published as: CN113544726A; WO2020184579A1; CN113557545B; CN113557545A

Abstract

This mediation device is provided with a request acquisition unit, an overlap confirmation acquisition unit, a determination unit, and an acquisition transmission unit. The request acquisition unit acquires request information. The overlap confirmation acquisition unit acquires overlap confirmation information. The overlap confirmation information indicates that first personal data managed by a first personal data manager and second personal data managed by a second personal data manager different from the first personal data manager are personal data items related to the same individual. The determination unit determines a procurement plan and/or delivery data on the basis of the overlap confirmation information. The acquisition transmission unit acquires personal data in accordance with the procurement plan determined by the determination unit and/or transmits the delivery data determined by the determination unit to a user device held by a data user.

Description

Brokers, systems and computer programs

Cross-reference of related applications

This international application is the Japanese Patent Application No. 2019-043674 filed with the Japan Patent Office on March 11, 2019, and the Japanese Patent Application No. 19 filed with the Japan Patent Office on October 15, 2019. It claims priority based on Japanese Patent Application No. 2019-188985 and Japanese Patent Application No. 2019-188896 filed with the Japan Patent Office on October 15, 2019, and Japanese Patent Application No. 2019- The entire contents of No. 043674, Japanese Patent Application No. 2019-188985 and Japanese Patent Application No. 2019-188896 are incorporated by reference in this international application.

The present disclosure relates to an intermediary device that mediates the transaction of personal data between a data user and a personal data manager, and a computer program that causes a computer to function as an intermediary device.

A personal data manager who manages personal data is known. An information bank is an example of a personal data manager. The personal data manager is notified of the data usage policy, etc. by the individual who entrusted the personal data, and determines whether or not the data can be provided to a third party according to the notified policy, etc. In addition, Patent Document 1 discloses an information processing system for the purpose of preventing leakage of personal information or the like from an information processing device owned by an information bank or the like in which data is deposited.

Japanese Patent No. 6342094

By the way, when a personal data user such as a company (hereinafter referred to as a data user) procures personal data from a personal data administrator, the personal data administrator is notified of the target conditions that are the conditions of the personal data desired by the data user. It is conceivable to do.

However, it is difficult for data users to understand what kind of personal data the personal data manager holds. Therefore, it is assumed that the personal data manager of the inquiry destination does not have enough personal data that matches the target conditions. In this case, the data user may make another exchange, such as inquiring to another personal data manager. In this case, the workload increases when the data user procures personal data, and the amount of communication performed by the data user increases.

In addition, it is assumed that the same individual entrusts personal data to multiple personal data managers. In this case, the data user or the personal data manager cannot grasp which data entrusted to the personal data manager is the data of the same individual. Therefore, when a data user procures personal data from a plurality of personal data managers, double purchase of personal data may occur. Double purchase here means purchasing the personal data of the same person twice through different routes. It is assumed that data users want to avoid such double purchases and procure personal data.

One aspect of this disclosure is to make it easier to procure the personal data that the data user wants while satisfying the needs of the data user that occurs when the same individual entrusts the data to multiple personal data managers. It is an object of the present invention to provide a technology capable of reducing the amount of communication performed by a data user.

One aspect of the present disclosure is an intermediary device, which includes a request acquisition unit, a duplicate confirmation acquisition unit, a determination unit, and an acquisition transmission unit. The request acquisition unit acquires request information. The duplicate confirmation acquisition unit acquires duplicate confirmation information. The duplicate confirmation information includes the first personal data managed by the first personal data manager and the second personal managed by a second personal data manager different from the first personal data manager. The data is information indicating that is personal data relating to the same individual. The decision unit determines the procurement plan and / or delivery data based on the duplicate confirmation information. The procurement plan shows the conditions for personal data procured from a plurality of personal data managers including the first personal data manager and the second personal data manager. The delivery data is data based on personal data procured from a plurality of personal data managers and is transmitted to a user device owned by the data user. The acquisition / transmission unit acquires personal data according to the procurement plan determined by the determination unit, and / or transmits the delivery data determined by the determination unit to the user device.

According to such a configuration, personal data is procured according to the procurement plan determined based on the duplicate confirmation information. And / or, the delivery data determined based on the duplicate confirmation information is transmitted to the user device. Therefore, it is possible to meet the needs of data users that occur in a situation where the same individual entrusts data to a plurality of personal data managers. In addition, since the intermediary device procures data from a plurality of personal data managers on behalf of the data user, it is possible to more easily procure the personal data desired by the data user, and the communication performed by the data user. The amount of communication can be reduced.

In one aspect of the present disclosure, the decision-making unit may decide the procurement plan based on the duplicate confirmation information.

According to such a configuration, personal data is procured according to the procurement plan determined based on the duplicate confirmation information. Therefore, it is possible to meet the needs of data users that occur in a situation where the same individual entrusts data to a plurality of personal data managers.

In one aspect of the present disclosure, the decision-making unit provides a procurement plan for procuring either the first personal data or the second personal data, which are shown to be personal data relating to the same individual by the duplicate confirmation information. You may decide.

According to such a configuration, it is possible to suppress the duplicate purchase of personal data having the same content related to the same individual from a plurality of personal data managers.

In one aspect of the present disclosure, the decision-making unit may decide a procurement plan for procuring the cheaper of the first personal data and the second personal data.

According to such a configuration, the data user can purchase the personal data at a lower price while suppressing the duplicate purchase of the personal data of the same content related to the same individual.

In one aspect of the disclosure, the decision-making unit may determine a procurement plan to procure both the first and second personal data, which are indicated by duplicate confirmation information to be personal data relating to the same individual. Good.

According to such a configuration, when the same individual deposits personal data having different contents to the first personal data manager and the second personal data manager, the personal data of the same individual is transferred to a plurality of personals. The name can be identified by the data administrator.

In one aspect of the present disclosure, the duplicate confirmation acquisition unit may acquire the duplicate confirmation information from an external device that can manage the duplicate confirmation information or generate the duplicate confirmation information.

With such a configuration, it is easy for the brokerage device to acquire duplication confirmation information that reflects the latest duplication status of personal data. As a result, the brokerage device can easily determine the procurement plan based on the latest duplication situation.

In one aspect of the present disclosure, the intermediary device may further include a storage unit configured to store duplicate confirmation information. The duplicate confirmation acquisition unit may acquire duplicate confirmation information from the storage unit.

According to such a configuration, the intermediary device can acquire the duplication confirmation information without exchanging data with the external device that manages the duplication confirmation information. Therefore, the communication volume of the intermediary device can be reduced.

In one aspect of the present disclosure, each of the plurality of personal data managers may assign the individual who has entrusted the personal data to the personal data manager or the registered identification information which is predetermined identification information to the personal data. Good. The duplication confirmation information may be information indicating the registration identification information of the first personal data manager and the registration identification information of the second personal data manager related to the same individual.

According to such a configuration, when a plurality of personal data managers manage personal data related to the same individual with different registered identification information, the intermediary device uses the personal data related to the same individual as any personal data. I can figure out if there is one. Therefore, the brokerage device can determine the procurement plan based on the grasped result.

In one aspect of the present disclosure, the duplicate confirmation acquisition unit may acquire similarity information indicating the similarity between a plurality of personal data acquired from a plurality of information banks as duplicate confirmation information.

According to such a configuration, duplicate confirmation information can be acquired without exchanging data with an external device that manages duplicate confirmation information. Therefore, the communication volume of the intermediary device can be reduced.

In one aspect of this disclosure, the personal data manager may be an information bank.

One aspect of the present disclosure is a system including the intermediary device, which may be a system including a notification information acquisition unit and a notification information transmission unit. The notification information acquisition unit is configured to acquire notification information according to the personal data acquired by the acquisition transmission unit. The notification information is information to be notified to the individual who has entrusted the personal data to the personal data manager. The notification information transmission unit is configured to transmit the notification information acquired by the notification information acquisition unit.

According to such a configuration, notification information is transmitted using the personal data acquired from the personal data administrator. Therefore, it is possible to send notification information suitable for the individual to the individual who has deposited the personal data.

Another aspect of the present disclosure is a computer program that causes the computer to function as the intermediary device. According to such a configuration, the same effect as that of the above-mentioned intermediary device is obtained.

FIG. 1 is a diagram showing a configuration of a procurement system according to the first embodiment. FIG. 2 is a block diagram showing a hardware configuration of the intermediary device according to the first to fifth embodiments. FIG. 3 is a block diagram showing a functional configuration of the intermediary device of the first embodiment. FIG. 4 is a flowchart of the data procurement process of the first embodiment. FIG. 5 is a diagram for explaining request information. FIG. 6 is a diagram for explaining the metadata request of the first embodiment to the first information bank. FIG. 7 is a diagram for explaining the metadata request of the first embodiment to the second information bank. FIG. 8A is a diagram showing a category table master of the first information bank, and FIG. 8B is a diagram showing a category table master of the second information bank. FIG. 9 is a diagram for explaining the metadata of the first embodiment. FIG. 10 is a diagram for explaining an example of logic for determining a personal data procurement plan. FIG. 11 is a diagram for explaining a data request to the first information bank. FIG. 12 is a diagram for explaining a data request to the second information bank. FIG. 13 is a diagram for explaining delivery data from the information bank. FIG. 14 is a diagram for explaining a standard dictionary. FIG. 15 is a diagram for explaining a data conversion dictionary of the first information bank. FIG. 16A is a diagram showing delivery data from the first information bank, and FIG. 16B is a diagram showing delivery data from the second information bank. FIG. 17 is a diagram showing delivery data after conversion from the first information bank. FIG. 18 is a diagram showing delivery data after conversion from the second information bank. FIG. 19 is a diagram for explaining the integrated data generated by integrating the delivery data from each information bank device. FIG. 20 is a block diagram showing a functional configuration of the intermediary device of the second embodiment. FIG. 21 is a flowchart of the data procurement process of the second embodiment. FIG. 22 is a diagram showing the configuration of the procurement system of the third embodiment. FIG. 23 is a block diagram showing the hardware configuration of the administrator device. FIG. 24 is a diagram for explaining the duplicate management table held by the administrator device 9. FIG. 25 is a block diagram showing a functional configuration of the intermediary device of the third and fourth embodiments. FIG. 26 is a flowchart of the data procurement process of the third and fourth embodiments. FIG. 27 is a diagram for explaining an ID request. FIG. 28 is a diagram for explaining ID result information. FIG. 29 is a diagram for explaining the duplication confirmation request. FIG. 30 is a diagram for explaining duplicate result information. FIG. 31 is a diagram for explaining the metadata request of the third embodiment. FIG. 32 is a diagram for explaining the metadata request of the fourth embodiment to the first information bank. FIG. 33 is a diagram for explaining the metadata request of the fourth embodiment to the second information bank. FIG. 34 is a diagram showing integrated data in which personal data of the same individual is identified. FIG. 35 is a diagram showing a duplication status table including price information of personal data. FIG. 36 is a block diagram showing a functional configuration of the intermediary device of the fifth embodiment. FIG. 37 is a flowchart of the data procurement process of the fifth embodiment. FIG. 38 is a diagram showing the configuration of the procurement system of the sixth embodiment. FIG. 39 is a block diagram showing a hardware configuration of a device that delivers advertisements. FIG. 40 is a flowchart of the advertisement distribution process. FIG. 41 is a flowchart of the data procurement process of the seventh and eighth embodiments. FIG. 42 is a diagram for explaining the metadata requirement of the seventh embodiment. FIG. 43 is a diagram showing delivery data from the first information bank that has been subjected to anonymous processing. FIG. 44 is a diagram for explaining the metadata requirement of the eighth embodiment. FIG. 45 is a diagram showing delivery data from the first information bank, which has been converted into statistical information. FIG. 46 is a block diagram showing a functional configuration of the intermediary device of the ninth embodiment. FIG. 47 is a flowchart of the data procurement process of the ninth embodiment. FIG. 48 is a diagram showing the converted delivery data from the first information bank in the ninth embodiment. FIG. 49 is a diagram showing delivery data after conversion from the second information bank in the ninth embodiment. FIG. 50 is a diagram showing a similarity matrix showing the similarity between a plurality of personal data. FIG. 51 is a graph showing the relationship between the similarity threshold value and the number of successful associations. FIG. 52 is a diagram showing a coordinate space in which personal data is represented as data points. FIG. 53 is a multidimensionally expanded graph showing the relationship between the similarity threshold value and the number of successful associations.

1 ... Procurement system, 2 ... User device, 2a ... Data user,
3,7,8,11,12 ... brokerage device, 4-6 ... information bank device, 4a-6a ... information bank,
9 ... Administrator device, 9a ... Registered administrator, 33, 73, 83, 113 ... Control unit,
331 ... Request acquisition unit, 332 ... Metadata request generation unit,
333 ... Metadata request transmission unit, 334 ... Metadata reception unit, 335 ... Condition arrangement unit,
336 ... Procurement plan determination unit, 337 ... Data request generation unit, 338 ... Data request transmission unit,
339 ... Data receiving unit, 340 ... Format processing unit, 341 ... Data transmitting unit,
731 ... Metadata acquisition unit, 732 ... Update processing unit, 831 ... ID request generation unit,
832 ... ID request transmitting unit, 833 ... ID receiving unit, 834 ... Duplicate confirmation generation unit,
835 ... Duplicate confirmation transmitter, 836 ... Duplicate confirmation receiver, 931 ... Duplicate confirmation acquisition unit,
932 ... Update processing unit, 1231 ... Similarity determination unit

Hereinafter, a mode for implementing the present disclosure will be described with reference to the drawings.

[1. First Embodiment]
[1-1. overall structure]
The procurement system 1 shown in FIG. 1 includes a user device 2, an intermediary device 3, and a plurality of information bank devices 4 to 6.

The user device 2 is a device owned by a data user 2a who uses personal data. The data user 2a is a company or the like that makes a profit by using personal data.

Here, the personal data referred to in the present embodiment refers to all information about an individual regardless of whether or not the individual is unique. Personal data includes personal information that can identify and identify an individual. The personal information referred to here is, for example, "personal information" specified in Article 2, Paragraph 1 of the Personal Information Protection Law of Japan. Personal information includes information that can identify an individual by the information itself, as well as information that can be collated with other information to identify an individual. Examples of personal data other than personal information include personal location information, purchase information, IP addresses, Internet browsing history, and other information accumulated on companies and the Internet. In addition, as personal data other than personal information, data related to the behavior and state of an individual processed so as not to be linked to an individual can be mentioned.

The user device 2 is connected to the intermediary device 3 via a network such as the Internet or a dedicated wireless / wired communication network.

The intermediary device 3 requests personal data from the information bank devices 4 to 6 on behalf of the data user 2a, purchases the personal data under conditions suitable for the data user 2a, and delivers the personal data to the data user 2a. It is a device for. The intermediary device 3 is owned by, for example, a trader who mediates the sale and purchase of personal data between the data user 2a and the information banks 4a to 6a. The intermediary device 3 is connected to the user device 2 and the information bank devices 4 to 6 via a network such as the Internet or a dedicated wireless / wired communication network. The hardware configuration and functions of the intermediary device 3 will be described in detail later.

Information bank devices 4 to 6 are held in separate information banks 4a to 6a. Information banks 4a to 6a operate a business that manages personal data entrusted by an individual and provides the personal data to a third party such as a company.

Information banking devices 4 to 6 store personal data deposited by an individual via information processing terminals 11 to 17 such as smartphones, tablets, and personal computers owned by the individual. The information bank devices 4 to 6 are connected to the intermediary device 3 and the information processing terminals 11 to 17 via a network such as the Internet or a dedicated wireless / wired communication network. As will be described later, the information banking devices 4 to 6 exchange various information with the brokerage device 3, and deliver personal data to the data user 2a via the brokerage device 3.

Although only three information banking devices 4 to 6 are shown in FIG. 1, the intermediary device 3 generally exchanges data such as personal data with other information banking devices.

[1-2. Broker]
Next, the hardware configuration of the intermediary device 3 will be described with reference to FIG. The intermediary device 3 includes a communication unit 31, a storage unit 32, and a control unit 33.

The communication unit 31 is a communication interface for connecting the intermediary device 3 to the network. The intermediary device 3 can perform data communication with the user device 2 and the information bank devices 4 to 6 by wire or wirelessly via the communication unit 31. Further, the intermediary device 3 may be connected to the Internet via the communication unit 31 and may be capable of data communication with an external device via the Internet.

The storage unit 32 stores various data.

The control unit 33 is mainly composed of a well-known microcomputer having a CPU 33a and a semiconductor memory (hereinafter, memory 33b) such as a RAM, a ROM, and a flash memory. Various functions of the control unit 33 are realized by the CPU 33a executing a program stored in the non-transitional substantive storage medium. In this example, the memory 33b corresponds to a non-transitional substantive storage medium in which the program is stored. In addition, by executing this program, the method corresponding to the program is executed. The number of microcomputers constituting the control unit 33 may be one or a plurality.

The control unit 33 executes the data procurement process shown in FIG. 4, which will be described later, by executing the program by the CPU 33a. By executing the data procurement process, the control unit 33 executes the data procurement process, and as shown in FIG. 3, the request acquisition unit 331, the metadata request generation unit 332, the metadata request transmission unit 333, the metadata reception unit 334, the condition arrangement unit 335, It functions as a procurement plan determination unit 336, a data request generation unit 337, a data request transmission unit 338, a data reception unit 339, a format processing unit 340, and a data transmission unit 341. The method for realizing these elements 331 to 341 constituting the control unit 33 is not limited to software, and some or all of the elements are realized by using hardware that combines logic circuits, analog circuits, and the like. May be good.

In the following, first, the outline of the function of each element 331 to 341 will be described with reference to FIG. After that, the functions of the elements 331 to 341 will be described in detail using the flowchart of FIG.
<Request acquisition department>
The request acquisition unit 331 receives the request information from the user device 2 via the communication unit 31. The request information is information including a target condition which is a condition of personal data desired by the data user 2a. Specific examples of request information will be described later.
<Metadata request generator>
The metadata request generation unit 332 generates a metadata request to be transmitted to the information banking devices 4 to 6 based on the request information received by the request acquisition unit 331. The metadata request referred to here is information for requesting metadata from the information banking devices 4 to 6. The metadata referred to here is information indicating the attributes of personal data that matches the target conditions included in the request information among the personal data held by the information banks 4a to 6a. The attribute of personal data referred to here is an attribute of an individual related to personal data, and means, for example, the age, gender, etc. of the individual. Of course, the attributes of personal data may be personal attributes other than age and gender. In other words, the attribute of personal data means each data item including various attributes such as age and gender of an individual included in the personal data. That is, the attribute of personal data means a data item of personal data.

In the present embodiment, the metadata shows an outline of data held by the information bank for all or part of personal data that meets the target conditions. The outline of the data referred to here may be, for example, some attributes of personal data, statistical information regarding each attribute of personal data, and the like.

Metadata is information that the information bank holds and indicates what kind of attribute personal data is composed of all or part of the personal data that meets the target conditions. Specifically, as will be described later, the metadata includes statistical information of all or part of personal data that meets the target conditions held by the information bank. The metadata request and specific examples of the metadata will be described later.

Further, in the present embodiment, the data formats that can be handled differ for each of the information banking devices 4 to 6. Therefore, the metadata request generation unit 332 generates a metadata request for each of the information bank devices 4 to 6 according to the data formats that can be handled by the information bank devices 4 to 6.
<Metadata request transmitter>
The metadata request transmission unit 333 transmits the metadata request generated by the metadata request generation unit 332 to the information banking devices 4 to 6 via the communication unit 31. The information banking devices 4 to 6 that have received the metadata request transmit the metadata to the intermediary device 3 in response to the metadata request.
<Metadata receiver>
The metadata receiving unit 334 receives metadata from the information banking devices 4 to 6 via the communication unit 31.
<Conditions arrangement department>
The condition arrangement unit 335 arranges transaction conditions from the metadata received from the information bank devices 4 to 6.
<Procurement Plan Decision Department>
The procurement plan determination unit 336 determines a procurement plan suitable for the data user 2a based on the metadata received by the metadata reception unit 334. The procurement plan referred to here indicates the conditions related to personal data to be procured from the personal data that meets the target conditions held by the information banking devices 4 to 6. That is, personal data that meets the conditions indicated by the procurement plan is procured (that is, purchased) from the information bank devices 4 to 6. The logic for determining the procurement plan will be described later.
<Data request generator>
The data request generation unit 337 generates a data request according to the procurement plan determined by the procurement plan determination unit 336. The data request is data for requesting personal data from the information banking devices 4 to 6. The data request generation unit 337 generates a data request for each of the information bank devices 4 to 6 according to the data formats that can be handled by the information bank devices 4 to 6. Specific examples of data request will be described later.
<Data request transmitter>
The data request transmission unit 338 transmits the data request generated by the data request generation unit 337 to the information banking devices 4 to 6 via the communication unit 31.
<Data receiver>
The data receiving unit 339 receives the delivery data from the information banking devices 4 to 6 that have received the data request via the communication unit 31. The delivery data includes the personal data specified in the data request. Specific examples of delivery data will be described later.
<Form processing unit>
The format processing unit 340 matches the data formats of the delivery data received from the plurality of information banking devices 4 to 6 with the common data format and integrates them into one data to generate integrated data. Specific examples of integrated data will be described later.
<Data transmission unit>
The data transmission unit 341 transmits the integrated data generated by the format processing unit 340 to the user device 2 via the communication unit 31. As a result, the personal data procured from the information banks 4a to 6a is delivered to the data user 2a.

[1-3. processing]
Next, the data procurement process executed by the control unit 33 of the intermediary device 3 will be described with reference to the flowchart of FIG. The data procurement process is started by receiving the request information from the user device 2 via the communication unit 31. When the request information is received from the data user 2a, the received request information is stored in the storage unit 32.

<S101>
In S101, the request acquisition unit 331 acquires the request information from the data user 2a from the storage unit 32. The request information of this embodiment includes each item shown in FIG. That is, the request information includes a time stamp, a transaction ID, a sentence type, a destination, a source, and a sentence content. The sentence type is data indicating which data such as request information, metadata request, and metadata corresponds to the information.

The content of the sentence includes information on budget, remuneration, target conditions, required items, distribution aggregation axis, user organization, purpose of use and conditions of use.

The budget information includes information on the budget amount that the data user 2a can pay for the transaction and information indicating the payment method of the cost of the data user 2a.

The reward information is the reward information from the data user 2a for the individual who provided the personal data. The reward information includes information such as the format of the reward, the issuer of the reward, the timing of issuing the reward, the area where the reward related to the reward can be used, the effective time and the expiration time of the reward, and the like.

The target condition is the condition of personal data desired by the data user 2a. The target condition is, for example, a condition for designating an individual's attributes (for example, gender, age, habit, etc.) related to personal data. When the data user 2a wants a plurality of personal data having different conditions, the target conditions included in the sentence content are also a plurality. In addition, the sentence content includes information on the number of cases in which the data user 2a wants personal data that matches the target condition for each target condition.

For example, in the example shown in FIG. 5, the first target condition is that the gender of the individual related to the personal data is male, and the number of views of the recipe site in the last 3 months is 3 or more. In addition, the number of personal data that meets this target condition desired by the data user 2a is 1000. The second target condition is that the gender of the individual related to the personal data is female, and the number of views of the recipe site in the last 3 months is 7 or more. In addition, the number of personal data that meets this target condition desired by the data user 2a is 1000.

The required items are personal data items (for example, gender, age, residence prefecture, etc.) that the data user 2a wishes to deliver.

The distribution aggregation axis specifies some items of personal data included in the metadata transmitted from the information bank devices 4 to 6. That is, as will be described later, the metadata transmitted from the information bank devices 4 to 6 includes a list (that is, a list) of all or part of personal data held by the information banks 4a to 6a that meet the target conditions. Is done. The list includes a part of the items of the personal data and the data price of the personal data for each ID of the personal data. In other words, some items of personal data referred to here are some attributes of an individual related to personal data, such as unmarried rate and age. The distribution aggregation axis specifies the part of the personal data included in the list. In the present embodiment, the attributes of the personal data included in the distribution aggregation axis are set to attributes other than the attributes specified by the target conditions.

Information on the organization, purpose of use, and conditions of use indicates the organization, purpose of use, and conditions of use of personal data. The information of the user organization includes, for example, the corporate number, name, address, country, industry, etc. of the user organization. The information on the purpose of use includes, for example, the type of use (customer analysis, direct mail transmission, etc.) and the individual purpose of use. The individual purpose of use is, for example, expansion of customer information, creation of statistics, access to the person who provides personal data, advertisement distribution, and the like.

The request acquisition unit 331 receives the above request information from the user device 2.

<S102>
Subsequently, in S102, the metadata request generation unit 332 generates a metadata request based on the request information received in S101. The metadata request is generated for each information bank 4a to 6a from which personal data is procured. Specifically, FIG. 6 shows an example of requesting metadata for the first information bank 4a. Further, FIG. 7 shows an example of requesting metadata for the second information bank 5a. The metadata requirements shown in FIGS. 6 and 7 both include the same items.

Specifically, the metadata request includes a time stamp, transaction ID, statement type, reference transaction ID, destination, source and statement content. The reference transaction ID is the transaction ID of the request information received in S101, in other words, the request information related to the metadata request.

The content of the sentence includes information on remuneration, target conditions, required items, distribution aggregation axis, user organization, purpose of use and conditions of use. These pieces of information contained in the statement content are the same as those contained in the request information.

Here, in the present embodiment, the data formats that can be handled differ for each of the information bank devices 4 to 6. Therefore, the metadata request is generated according to the data format that can be handled by the destination information banking devices 4 to 6.

For example, in the data format that can be handled by the first information bank device 4, the variable representing the gender of the individual related to the personal data is "Gender", and the value "1" stored in the variable is "individual gender". Is a man. " In addition, the value "2" stored in the variable "Gender" is associated with the meaning "individual gender is female".

On the other hand, for example, in the data format that can be handled by the second information bank device 5, the variable representing the gender of the individual related to the personal data is "gender", and the value "male" stored in the variable is "individual". The gender of the person is a man. " In addition, the meaning "individual gender is female" is associated with the value "female" stored in the variable "gender".

Therefore, for example, in the metadata request for the first information banking apparatus 4 shown in FIG. 6, the metadata request generation unit 332 sets the condition that "the gender of the individual related to the personal data is male" in the item of the target condition. Specify in a data format such as "Gender = 1".

On the other hand, the metadata request generation unit 332, for example, in the metadata request for the second information bank device 5 shown in FIG. 7, in the item of the target condition, the condition that "the gender of the individual related to the personal data is male" is set. Specify in a data format such as "gender = male".

Note that the metadata request for each of the information banking devices 4 to 6 is created based on the category table master as shown in FIGS. 8A and 8B. The category table master is information for converting each item included in the metadata request or the like into a data format that can be handled by each of the information banking devices 4 to 6. In the category table master of a certain information banking apparatus, "variable name", "value" and "meaning" described in a data format that can be handled by the information banking apparatus are set in association with each other. In the present embodiment, the category table masters of the information banking devices 4 to 6 which are the business partners of the brokerage device 3 are stored in advance in the storage unit 32 of the brokerage device 3. However, the location of the category table master is not limited to this. For example, when generating a metadata request, the intermediary device 3 transmits information requesting the category table master to each information bank device 4 to 6, and the category table master of each information bank device 4 to 6 acquires the information as a response signal. May be done. That is, the category table master may be acquired at the timing of generating the metadata request.

<S103>
Subsequently, in S103, the metadata request transmission unit 333 transmits the metadata request generated in S102 to the information banking devices 4 to 6 via the communication unit 31. The information banking devices 4 to 6 that have received the metadata request transmit the metadata to the intermediary device 3 as the response information of the metadata request.

<S104>
Subsequently, in S104, the metadata receiving unit 334 receives the metadata from the information banking devices 4 to 6 via the communication unit 31. The metadata is described in a data format that can be handled by each of the information banking devices 4 to 6.

The metadata of this embodiment includes each item shown in FIG. FIG. 9 shows the metadata received from the second information banking device 5.

Metadata includes a time stamp, transaction ID, statement type, reference transaction ID, destination, source, category code master, and statement content. The reference transaction ID is a transaction ID of a metadata request related to the metadata, in other words, a metadata request transmitted to the information banking apparatus that is the source of the metadata. The category code master is information that identifies the category code master for the information banking device from which the metadata is transmitted.

The content of the sentence includes the target person information, which is the target person's information. The target person information includes the target conditions included in the request information and the number of all or part of the personal data held by the information bank that meets the target conditions. In addition, the target person information indicates what kind of attribute personal data is composed of all or part of the personal data that matches the target condition.

Specifically, the target person information includes the required item statistics. The required item statistic is a statistic (mean, variance, skewness, median, etc.) of personal data for each attribute specified by the required item, a maximum value, a minimum value, and the like. In addition, the subject information includes information on the variance-covariance matrix, data price distribution of personal data, and information on other multivariate statistics.

Here, the data price distribution information indicates the data price of the personal data included in each classification when the personal data is classified by the attribute specified by the distribution aggregation axis. For example, it is assumed that the attribute of "unmarried, age, 3 months magazine purchase presence / absence" is specified in the distribution aggregation axis. In this case, the data price distribution information includes the data price of personal data "260, 280, 290, ..." Included in the classification of "unmarried: unmarried, age: 30, 3 months with or without magazine purchase = none". Can be included.

In this embodiment, it is assumed that the metadata includes more personal data information than the number of personal data specified in the request information. More specifically, it is assumed that the number of personal data information that matches a certain target condition contained in the metadata is larger than the number of personal data that matches the target condition specified in the request information. .. This is to consider how to select multiple types of personal data (that is, procurement plan) when selecting the number of personal data specified in the request information based on the metadata, and from among multiple types of procurement plans. This is to determine a procurement plan suitable for the data user 2a. However, the number of personal data whose attributes are indicated by the metadata is not limited to this, and the number of the personal data may be the same as the number of personal data specified in the request information, for example.

<S105>
Subsequently, in S105, the condition arrangement unit 335 arranges the transaction conditions from the metadata matched to the data formats of the information banking devices 4 to 6. Specifically, the condition organizing unit 335 uses the category table master of each information banking device 4 to 6 to match the metadata matched to the data format of each information banking device 4 to 6 into a common data format. Organize transaction terms.

Further, the condition organizing unit 335 generates a list (hereinafter referred to as a metadata list) as shown by the broken line in FIG. 10 based on the metadata from each of the information banking devices 4 to 6 received in S104. The metadata list is data in which an ID of personal data, a data source, an attribute specified by a distribution aggregation axis, and a data price are associated with each other. A data source is information that identifies which information bank the data comes from. As described above, in the present embodiment, a metadata list containing a larger number of data than the number of personal data specified in the request information is generated. In the "data source" column of the metadata list of FIG. 10, "first" means the first information bank 4a, and "second" means the second information bank 5a.

<S106>
Subsequently, in S106, the procurement plan determination unit 336 determines a procurement plan suitable for the data user 2a based on the metadata list generated in S105. In the present embodiment, the procurement plan determination unit 336 determines the procurement plan based on the data price of the individual personal data held by the information banking devices 4 to 6 and the budget amount specified by the data user 2a. Further, the procurement plan determination unit 336 determines the procurement plan based on the reproducibility of the distribution of personal data (hereinafter referred to as the original data distribution) when focusing on the attributes specified by the distribution aggregation axis, which is indicated by the metadata. That is, the procurement plan determination unit 336 determines the procurement plan so that the data distribution of the personal data procured by the procurement plan approaches the original data distribution within the budget amount of the data user 2a.

Hereinafter, how to determine the procurement plan will be specifically described with reference to FIG. In FIG. 10, for simplicity, consider a metadata list consisting of 100 pieces of data. In this case, it is assumed that the request information from the data user 2a includes only one target condition. For example, the request information includes only the target condition 1 of the target condition 1 in FIG. 5, "The gender of the individual related to the personal data is male, and the number of views of the recipe site in the last 3 months is 3 times or more". Suppose you are. The 100 data in FIG. 10 are data that meet this target condition. Then, it is assumed that the number of personal data that meets this target condition desired by the data user 2a is 40. That is, 40 data are selected from the 100 data. Further, it is assumed that the budget amount of the data user 2a is 11,000 yen.

The procurement plan with the lowest total data price is Plan A, which sorts the data in ascending order by data price and purchases the first to 40th data. In FIG. 10, the data purchased in the procurement plan is flagged as "1", and the data not purchased is flagged as "0". The total purchase data price of Plan A is 10570 yen. However, for example, the ratio of unmarried and unmarried is 59:41 (≈3: 2) in the original 100 data (hereinafter, original data), whereas it is 12:28 (≈1: 2) in Plan A. It is .5), which is different from the distribution of the original data. In FIG. 10, the value corresponding to unmarried is "0", and the value corresponding to married is "1". Then, there is a concern that the distribution of the original data will not be reproduced for other items of personal data actually procured. Therefore, other patterns with different breakdowns of purchased data (for example, Plan B and Plan C in FIG. 10) are also examined, and the total data price and the distribution of the original data are derived from the original data distribution as in Plan A. Evaluate the deviation. The deviation from the original data distribution can be evaluated by using an index value such as KL (Kullback-Leibler) -divergence (Kullback-Leibler information amount). In the example shown in FIG. 10, the procurement plan with the smallest deviation from the original data distribution is Plan C, but the total data price is 12420 yen, which is over budget. Therefore, Plan B, which has the smallest deviation from the original data distribution within the budget amount, is determined and adopted as the procurement plan. In this way, the procurement plan determination logic of the present embodiment is to determine as the procurement plan the plan with the smallest deviation from the original data distribution within the budget amount from the plurality of procurement plans. In the above description, the case where the request information includes only one target condition has been described as an example, but the same applies to the case where the request information includes a plurality of target conditions. If the request information includes multiple target conditions, consider multiple plans by changing the data procured so as not to change the number of each target condition specified in the request information.

<S107>
Subsequently, in S107, the data request generation unit 337 generates a data request for requesting personal data according to the procurement plan determined by the procurement plan determination unit 336. The data request generation unit 337 generates a data request for each of the information banking devices 4 to 6 so as to match the data format that can be handled by each of the information banking devices 4 to 6.

FIG. 11 shows an example of data request to the first information bank 4a. FIG. 12 shows an example of data request to the second information bank 5a. All of these data requests include the same items.

Specifically, the data request includes a time stamp, a transaction ID, a statement type, a reference transaction ID, a destination, a source, and a statement content. The reference transaction ID is the transaction ID of the metadata related to the data request, in other words, the metadata received from the information banking apparatus to which the data request is sent.

The content of the sentence includes the target person information corresponding to each target condition. The target person information includes information on conditional statements, number of cases, payment amount, and purchase data.

The conditional statement represents the corresponding target condition. The number of cases and the amount of payment represent the number of cases and the amount of payment of personal data procured from the information bank device to which the data request is sent for the corresponding target conditions.

The purchase data specifies personal data procured from the information bank device to which the data request is sent. Specifically, the purchase data specifies personal data to be procured by each attribute specified by the aggregate distribution axis and the data price.

In addition, the content of the sentence includes a request item which is an item of personal data that the data user 2a wishes to deliver.

The data request generation unit 337 generates a data request for each of the information bank devices 4 to 6 by using the category code master of each information bank device 4 to 6 so as to match the data format that can be handled by each information bank device 4 to 6. To do.

<S108>
Subsequently, in S108, the data request transmission unit 338 transmits the data request generated in S107 to the information banking devices 4 to 6 via the communication unit 31.

<S109>
Subsequently, in S109, the data receiving unit 339 receives the delivery data including the personal data specified in the data request from the information banking devices 4 to 6 that have received the data request, as shown in FIG.

Specifically, the delivery data includes a time stamp, a transaction ID, a statement type, a reference transaction ID, a destination, a sender, and a statement content. The reference transaction ID is a transaction ID of a data request related to the delivery data, in other words, a transaction ID of the data request transmitted to the information bank device to which the delivery data is transmitted.

The content of the sentence includes the target person information corresponding to each target condition. The target person information includes conditional statements, the number of cases, and information on the data body. The conditional statement and the number of cases are the same as those included in the data request. The data body is personal data specified in the purchase data included in the data request. The data body includes the items specified by the required items among the items of personal data. In addition, the content of the sentence includes information on the required item.

<S110>
Subsequently, in S110, the format processing unit 340 aligns the data formats of the delivery data received from the plurality of information banking devices 4 to 6. Specifically, the format processing unit 340 converts the data format of the delivery data received from each of the information bank devices 4 to 6 into a common data format. Then, the format processing unit 340 integrates the delivery data from the information banking devices 4 to 6 converted into a common data format into one data. Hereinafter, a specific description will be given.

First, in converting the data format of the delivery data from the information banking devices 4 to 6 into a common data format, the format processing unit 340 uses a standard dictionary as shown in FIG. The standard dictionary is stored in the storage unit 32. The standard dictionary is data in which the meanings, variable names, and values specified in the brokerage device 3 are associated with each other for each item that can be included in the personal data. Hereinafter, the specified variable names and values are referred to as "standard variable names" and "standard values", respectively. Using this standard dictionary, the format processing unit 340 first creates a data conversion dictionary for each of the information banking devices 4 to 6. The data conversion dictionary is data for converting the variable names and values of the delivery data of the information banking devices 4 to 6 into the standard variable names and standard values specified in the standard dictionary.

When creating a dictionary for data conversion, the format processing unit 340 matches the category table master shown in FIGS. 8A and 8B of the information bank with the standard dictionary shown in FIG. 14 by the item of "meaning". In performing this matching (that is, matching), for example, the texts in the "meaning" items of both data may be simply matched, or may be matched by other methods.

When the category table master and the standard dictionary are compared by the item of "meaning", the "variable name" and "value" included in the category table master and the "standard variable name" and "standard value" included in the standard dictionary are displayed. A data conversion dictionary as shown in FIG. 15 is generated in which "meaning" is associated with. The data conversion dictionary may be generated when converting the data format of the delivery data from the information banking devices 4 to 6 into a common data format, or may be generated in advance and stored in the storage unit 32. Good.

Then, the format processing unit 340 converts the variables and values of the delivery data transmitted from the information banking device into standard variables and standard values using the data conversion dictionary of the information banking device. As a result, the data format of the delivery data received from each of the information bank devices 4 to 6 is converted into a common data format.

For example, using the data conversion dictionary of the first information banking apparatus 4 shown in FIG. 15, the delivery data from the first information banking apparatus 4 shown in FIG. 16A is converted into the converted delivery data shown in FIG. To. Similarly, the delivery data from the second information bank 5a shown in FIG. 16B is converted into the converted delivery data shown in FIG. 18 by using the data conversion dictionary of the second information bank device 5 (not shown). ..

Then, the format processing unit 340 integrates the converted delivery data of each information banking apparatus 4 to 6 into one data, and generates integrated data as shown in FIG. When the format processing unit 340 generates the integrated data, the ID of each personal data is reassigned, and the delivery data of the information bank devices 4 to 6 are sequentially accumulated. Further, in the integrated data, personal data from one information banking device and personal data from another information banking device can be distinguished from each other. For example, in the integrated data shown in FIG. 19, the ID of the personal data from the first information bank 4a is attached with "b", and the personal data from the second information bank 5a is attached with "a".

In this way, the format processing unit 340 arranges the data formats of the delivery data from the plurality of information banking devices 4 to 6 and integrates them into one data.

<S111>
Subsequently, in S111, the data transmission unit 341 transmits the integrated data generated by the format processing unit 340 to the data user 2a.

When the control unit 33 executes S111, the data procurement process of FIG. 4 ends.

[1-4. effect]
According to the first embodiment described in detail above, the following effects can be obtained.

(1a) In the present embodiment, the procurement plan determination unit 336 determines a procurement plan suitable for the data user 2a based on the metadata received from the information bank devices 4 to 6. Then, the data request transmitting unit 338 transmits the data request to the information banking devices 4 to 6 according to the determined procurement plan, and the data receiving unit 339 receives the personal data from the information banking devices 4 to 6. Then, the data transmission unit 341 transmits the received personal data to the data user 2a.

Therefore, compared to the case where the data user 2a directly inquires about the information banking devices 4 to 6 to procure the personal data while it is difficult to grasp the personal data held by the information banking devices 4 to 6, the personal data Procurement can be performed more easily, and the amount of communication performed by the data user 2a can be reduced.

(1b) In the present embodiment, the brokerage device 3 acquires metadata from the information bank devices 4 to 6 owned by the information banks 4a to 6a.

Here, it is conceivable that the mediator 3 stores the metadata in its own storage unit 32, periodically updates the metadata stored in the storage unit 32, and acquires the metadata from the storage unit 32. However, in such a configuration, the metadata acquired from the storage unit 32 is not updated to the latest metadata, and the procurement plan determination unit 336 may determine the procurement plan based on the old metadata. On the other hand, according to the configuration of the present embodiment, since the brokerage device 3 acquires the metadata from the information bank devices 4 to 6, the procurement plan can be determined based on the latest metadata.

(1c) In the present embodiment, the procurement plan determination unit 336 determines the procurement plan based on the metadata that indicates the attributes of the personal data that matches the target conditions among the personal data managed by the information banks 4a to 6a. decide.

Therefore, the brokerage device 3 can determine the procurement plan based on the attributes of the personal data that matches the target conditions among the personal data managed by the information banks 4a to 6a.

(1d) In the present embodiment, the metadata request transmitting unit 333 transmits the metadata request to the information banking devices 4 to 6 when the request receiving unit 331 acquires the request information. Then, the metadata receiving unit 334 receives the metadata from the information banking devices 4 to 6.

Therefore, when the intermediary device 3 acquires the request information from the user device 2, it makes an inquiry to the information bank devices 4 to 6 and acquires the latest metadata. Therefore, the procurement plan can be determined based on the latest metadata.

(1e) In the present embodiment, the procurement plan determination unit 336 determines the procurement plan based on the price of each personal data held by the information bank devices 4 to 6 and the budget amount included in the request information. Therefore, an appropriate procurement plan can be determined according to the budget amount of the data user 2a.

(1f) In the present embodiment, the procurement plan determination unit 336 determines the procurement plan so that the distribution based on the attributes of the personal data procured by the procurement plan approaches the original data distribution indicated by the metadata.

For example, if the original data distribution is ignored and the personal data procurement plan is decided, there is a possibility that the personal data will be procured with a distribution that is biased with respect to the original data distribution. As a result, when the data user 2a aggregates the specific items included in the request items of the personal data, the distribution of the original data may not be reproduced and a biased result may be obtained.

On the other hand, according to the configuration of the present embodiment, since the procurement plan is determined based on the reproducibility of the original data distribution, it is possible to suppress the occurrence of data bias when actually procuring personal data.

In particular, in the present embodiment, it is possible to suppress the occurrence of data bias as much as possible within the budget amount of the data user 2a.

(1g) In the present embodiment, the procurement plan determination unit 336 is a personal that matches the target conditions held by the plurality of information banking devices 4 to 6 based on the metadata received from the plurality of information banking devices 4 to 6. Determine a procurement plan that shows the conditions for personal data to be actually procured from the data. The data receiving unit 339 receives personal data from the plurality of information banking devices 4 to 6, and the data transmitting unit 341 transmits the personal data received from the plurality of information banking devices 4 to 6 to the data user 2a.

Therefore, compared to the case where the data user 2a directly inquires of a plurality of information banking devices 4 to 6 to procure personal data while it is difficult to grasp the personal data held by the information banking devices 4 to 6, a plurality of data users 2a Personal data suitable for the data user 2a can be more easily procured from the information banking devices 4 to 6 of the above.

(1h) In the present embodiment, the format processing unit 340 aligns the data formats of personal data received from the plurality of information banking devices 4 to 6 with a common data format. Then, the data transmission unit 341 transmits personal data from the plurality of information banking devices 4 to 6 whose data formats are matched by the format processing unit 340 to the user device 2.

Therefore, by aligning the data formats with a common data format, personal data can be delivered in a data format that is easy for the data user 2a to handle.

[2. Second Embodiment]
[2-1. Differences from the first embodiment]
Since the basic configuration of the second embodiment is the same as that of the first embodiment, the common configuration will be omitted and the differences will be mainly described. It should be noted that the same reference numerals as those in the first embodiment indicate the same configuration, and the preceding description will be referred to.

In the first embodiment described above, when the intermediary device 3 receives the request information from the user device 2, it transmits a metadata request to the information bank devices 4 to 6 and receives the metadata from the information bank devices 4 to 6.

On the other hand, in the second embodiment, the intermediary device 7 shown in FIGS. 2 and 20 stores a storage unit 72 that stores a set of metadata (hereinafter, metadata set) including metadata corresponding to an arbitrary target condition. To be equipped. Then, when the intermediary device 7 receives the request information from the data user 2a, the brokerage device 7 does not acquire the metadata from the information bank devices 4 to 6, but acquires the metadata from the storage unit 72 provided by the intermediary device 7. Different from the embodiment. Hereinafter, the second embodiment will be described in detail.

As shown in FIG. 2, the intermediary device 7 of the second embodiment includes a communication unit 71, a storage unit 72, and a control unit 73. The hardware configurations of these configurations 71 to 73 are the same as the respective configurations 31 to 33 of the intermediary device 3 of the first embodiment. However, the data stored in the storage unit 72 is different from that of the first embodiment. Specifically, the storage unit 72 stores metadata sets related to the information banks 4a to 6a.

The metadata set is a data set that can acquire the metadata corresponding to the target condition for any target condition that can be included in the request information. In other words, the metadata set can acquire each information such as the request item statistics and the data price distribution included in the metadata corresponding to the target condition for any target condition that can be included in the request information. It is a data set. The storage unit 72 stores a metadata set including metadata about all the information banks 4a to 6a from which the intermediary device 7 can request personal data.

Specifically, for example, the metadata set is a statistic and maximum regarding each attribute such as age, gender, unmarried, and magazine subscription of personal data held by all information banks for which the brokerage device 7 can request personal data. Contains information such as values and minimum values. Further, the metadata set is information on the number of personal data corresponding to an arbitrary target condition (that is, an arbitrary combination of personal data attributes) for all information banks 4a to 6a for which the intermediary device 7 can request personal data. including. In addition, a metadata set of an information bank contains information on the data price distribution of personal data corresponding to an arbitrary target condition. Such a metadata set is stored in the storage unit 72.

In the present embodiment, it is assumed that the metadata set stored in the storage unit 72 is periodically updated at a predetermined frequency (for example, once a month or once a week). The data set can be updated by various methods, and may be updated as follows, for example. That is, the holder of the intermediary device 7 receives the storage medium in which the metadata set is stored from the information banks 4a to 6a, and stores the metadata set in the received storage medium in the storage unit 72 to store the metadata set. May be updated.

On the other hand, the control unit 73 executes the data procurement process shown in FIG. 21, which will be described later, by executing the program by the CPU 73a. By executing the data procurement process, the control unit 73 executes the request acquisition unit 331, the metadata acquisition unit 731, the update processing unit 732, the procurement plan determination unit 336, the data request generation unit 337, and the data request, as shown in FIG. It functions as a transmission unit 338, a data reception unit 339, a format processing unit 340, and a data transmission unit 341. That is, the second aspect is that it functions as a metadata acquisition unit 731 and an update processing unit 732 in place of the request generation unit 332, the metadata request transmission unit 333, the metadata reception unit 334, and the condition arrangement unit 335 of the first embodiment. The control unit 73 of the embodiment is different from the control unit 33 of the first embodiment.
<Metadata acquisition department>
The metadata acquisition unit 731 acquires metadata from the storage unit 72 based on the request information received by the request acquisition unit 331. Specifically, the metadata acquisition unit 731 acquires metadata about each information bank 4a to 6a according to the request information from the metadata set.
<Update processing unit>
The update processing unit 732 updates the metadata set stored in the storage unit 72.

[2-2. processing]
Next, the data procurement process executed by the control unit 73 of the intermediary device 7 of the second embodiment instead of the data procurement process (FIG. 4) of the first embodiment will be described with reference to the flowchart of FIG. In the flowchart of FIG. 21, the processes of S201 and S203 to S208 (that is, processes other than S202 and S209) are the same as those of S101 and S106 to S111 of FIG. 4 described above, respectively. Therefore, in the following, the description of these processes will be omitted, and only the differences S202 and S209 will be described.
<S202>
In S202, the metadata acquisition unit 731 acquires metadata based on the request information acquired in S201 and the metadata set stored in the storage unit 72.
<S209>
In S209, the update processing unit 732 updates the metadata set stored in the storage unit 72. For example, when the update processing unit 732 is different from the metadata set information stored in the storage unit 72, such as the statistical information of the attributes of the personal data and the data price distribution included in the integrated data, the metadata set information. Is updated to the information contained in the delivery data.

[2-3. effect]
According to the second embodiment described in detail above, in addition to the effects (1c), (1e) to (1h) of the first embodiment described above, the following effects can be obtained.

(2a) In the present embodiment, the procurement plan determination unit 336 determines a procurement plan suitable for the data user 2a based on the metadata acquired from the storage unit 72. Then, the data request transmission unit 338 receives personal data from the information banking devices 4 to 6 according to the determined procurement plan. Then, the data transmission unit 341 transmits the received personal data to the data user 2a.

Therefore, as compared with the case where the data user 2a directly inquires about the information banking devices 4 to 6 to procure the personal data while it is difficult to grasp the personal data held by the information banking devices 4 to 6, the data is used. It is possible to more easily procure personal data suitable for person 2a.

In particular, the metadata acquisition unit 731 acquires metadata from the storage unit 72. That is, the brokerage device 7 can acquire metadata without exchanging data with the information banks 4a to 6a. Therefore, the communication volume of the brokerage device 7 can be reduced as compared with the configuration in which the metadata request is transmitted to the information banks 4a to 6a to acquire the metadata. In addition, system development costs such as API (Application Programming Interface) for requesting metadata and sending and receiving metadata can be suppressed.

[3. Third Embodiment]
[3-1. Differences from the first embodiment]
Since the basic configuration of the third embodiment is the same as that of the first embodiment, the common configuration will be omitted and the differences will be mainly described. It should be noted that the same reference numerals as those in the first embodiment indicate the same configuration, and the preceding description will be referred to.

In the first embodiment described above, the brokerage device 3 acquires personal data from a plurality of information banks 4a to 6a. Here, it is fully conceivable that the same individual deposits personal data in a plurality of information banks 4a to 6a. Then, the information banks 4a to 6a and the data user 2a cannot know which personal data deposited in the information banks 4a to 6a is derived from the same person. Therefore, when the data user 2a requests personal data from a plurality of information banks 4a to 6a, the same personal data of the same person may be purchased from different information banks 4a to 6a. That is, double purchase of personal data may occur.

The third embodiment solves the above-mentioned problem of suppressing double purchase of personal data as follows. That is, in the third embodiment, as shown in FIG. 22, it is assumed that there is a person who knows which individual deposits personal data in which information bank (hereinafter, registration manager 9a). To. Then, the brokerage device 8 of the third embodiment detects an individual who has deposited personal data with a plurality of information banks 4a to 6a by making an inquiry to the manager device 9 which is a device owned by the registered manager 9a. To do. Then, the brokerage device 8 determines a procurement plan that does not result in double purchase. Hereinafter, the configuration of the third embodiment will be described in detail.

As shown in FIG. 23, the administrator device 9 of the registered administrator 9a includes a communication unit 91, a storage unit 92, and a control unit 93.

The communication unit 91 is a communication interface for connecting the administrator device 9 to the network. The administrator device 9 can perform data communication with the intermediary device 8 by wire or wirelessly via the communication unit 91. Further, the administrator device 9 may be connected to the Internet via the communication unit 91 and may be capable of data communication with an external device via the Internet.

The storage unit 92 stores various data. In the present embodiment, the storage unit 92 stores a duplicate management table as shown in FIG. 24. The duplicate management table is information set by associating an information bank ID, an information bank registrant ID, and an individual ID.

The information bank ID is an ID for identifying each information bank. The information bank ID may be given to each information bank by the registration manager 9a. In the present embodiment, the information bank IDs of the first information bank 4a, the second information bank 5a, and the third information bank 6a are "00001", "00002", and "00003", respectively.

The information bank registrant ID is an ID given by each information bank 4a to 6a to an individual who has deposited personal data with the information bank 4a to 6a, that is, a registrant. The information bank registrant ID is a unique ID within each information bank 4a to 6a. Each information bank 4a to 6a stores the personal information bank registrant ID of the individual who deposited the personal data and the personal data deposited by the individual in a one-to-one correspondence. Therefore, the information bank registrant ID can be considered as an ID given to the personal data of the individual who has deposited the personal data with the information bank.

The individual ID is an ID that has a one-to-one correspondence with the individual, and is given to the individual by the registration manager 9a, for example. Specifically, for example, the registration manager 9a lends a tool for generating a personal ID to each information bank 4a to 6a. Then, each information bank 4a to 6a may generate a personal ID by using the loaned tool. For example, the personal ID may be an ID generated by a hash function or the like from the identity verification information when the individual registers the data in the information banks 4a to 6a. Specifically, for example, a hash value such as hash (surname_firstname_sex_birthday) may be used as the personal ID. Here, hash is a hash function, and the surname, first name, gender, and date of birth of the individual who entrusts the data are input to surname, firstname, sex, and birthday.

In this duplicate management table, it can be determined that the same personal data of the personal ID is the personal data of the same person.

On the other hand, the control unit 93 is mainly composed of a well-known microcomputer having a CPU 93a and a semiconductor memory (hereinafter, memory 93b) such as a RAM, a ROM, and a flash memory.

On the other hand, the intermediary device 8 of the third embodiment includes a communication unit 81, a storage unit 82, and a control unit 83, as shown in FIG. The hardware configurations of these configurations 81 to 83 are the same as the respective configurations 31 to 33 of the intermediary device 3 of the first embodiment. However, the process executed by the control unit 83 is partially different from that of the first embodiment.

Specifically, the control unit 83 executes the data procurement process shown in FIG. 26, which will be described later, by executing the program stored in the memory 83b by the CPU 83a. By executing the data procurement process, the control unit 83 executes the data procurement process, and as shown in FIG. 25, the request acquisition unit 331, the ID request generation unit 831, the ID request transmission unit 832, the ID reception unit 833, the duplication confirmation generation unit 834, and the duplication confirmation. Transmission unit 835, duplicate confirmation reception unit 836, metadata request generation unit 332, metadata request transmission unit 333, metadata reception unit 334, condition arrangement unit 335, procurement plan determination unit 336, data request generation unit 337, data request transmission It functions as a unit 338, a data receiving unit 339, a format processing unit 340, and a data transmitting unit 341. That is, the control unit 83 of the third embodiment further functions as an ID request generation unit 831, an ID request transmission unit 832, an ID reception unit 833, a duplication confirmation generation unit 834, a duplication confirmation transmission unit 835, and a duplication confirmation reception unit 836. In that respect, it differs from the control unit 33 of the first embodiment. In the following, the outline of the functions of the elements 832 to 836 and the like related to the differences will be described. After that, the functions of the elements 832 to 836 and the like will be described in detail using the flowchart of FIG.
<ID request generator>
The ID request generation unit 831 generates an ID request to be transmitted to the information banking devices 4 to 6 based on the request information including the target condition received by the request acquisition unit 331. The ID request referred to here is information for requesting an information bank registrant ID related to personal data that matches the target conditions. In the present embodiment, the ID request generation unit 831 generates an ID request for each of the information bank devices 4 to 6 according to the data formats that can be handled by the information bank devices 4 to 6. A specific example of the ID request will be described later.
<ID request transmitter>
The ID request transmission unit 832 transmits the ID request generated by the ID request generation unit 831 to the plurality of information banking devices 4 to 6 via the communication unit 81. The information banking devices 4 to 6 that have received the ID request transmit the ID result information to the intermediary device 3 as a response to the ID request. The ID result information referred to here is information indicating an information bank registrant ID of personal data that matches the target conditions. The ID result information referred to in the present embodiment also includes price information of personal data that matches the target conditions.
<ID receiver>
The ID receiving unit 833 receives ID result information from the plurality of information banking devices 4 to 6 via the communication unit 81. A specific example of the ID result information will be described later.
<Duplicate confirmation generator>
The duplicate confirmation generation unit 834 generates a duplicate confirmation request to be transmitted to the administrator device 9 based on the ID result information received from the plurality of information bank devices 4 to 6. The duplicate confirmation request here is information for requesting confirmation of whether or not there is personal data related to the same individual among a plurality of personal data indicated by a plurality of information bank registrant IDs included in the ID result information. Is. A specific example of the duplicate confirmation request will be described later.
<Duplicate confirmation transmitter>
The duplication confirmation transmission unit 835 transmits the duplication confirmation request generated by the duplication confirmation generation unit 834 to the administrator device 9 via the communication unit 81. Upon receiving the duplicate confirmation request, the administrator device 9 transmits the duplicate result information indicating the result of the duplicate confirmation to the intermediary device 8 as a response to the duplicate confirmation request.
<Duplicate confirmation receiver>
The duplication confirmation receiving unit 836 receives duplication result information from the administrator device 9 via the communication unit 81. A specific example of the duplicate result information will be described later.
<Metadata request generator>
The metadata request generation unit 332 generates a metadata request to be transmitted to the information banking devices 4 to 6 based on the duplication result information received by the duplication confirmation receiving unit 836 and the request information received by the request acquisition unit 331. To do. In the present embodiment, the metadata request generation unit 332 requests the data of the same person from one of the plurality of information banks when the personal data of the same person is managed by a plurality of information banks. Generate a metadata request.

Since each element 333 to 341 after the metadata request transmission unit 333 is basically the same as that of the first embodiment, the description thereof will be omitted.

[3-2. processing]
Next, the data procurement process executed by the control unit 83 of the intermediary device 8 of the third embodiment instead of the data procurement process (FIG. 4) of the first embodiment will be described with reference to the flowchart of FIG.

<S301>
Since S301 is the same as S101 of FIG. 4 described above, the description thereof will be omitted.

<S302>
Subsequently, in S302, the ID request generation unit 831 generates an ID request to be transmitted to the information banking devices 4 to 6 based on the request information including the target condition received by the request acquisition unit 331.

Here, the ID request includes each item shown in FIG. 27. FIG. 27 shows an example of an ID request for the first information bank 4a. The ID request includes the same items as the metadata request shown in FIG. 6 described above. In other words, the ID request is basically the same as the metadata request except that the statement type is "ID request". In particular, the ID request includes information on the target condition included in the request information.

In this embodiment, the data formats that can be handled differ for each of the information bank devices 4 to 6. Therefore, the ID request is generated for each of the information bank devices 4 to 6 according to the data formats that can be handled by the destination information bank devices 4 to 6.

<S303>
Subsequently, in S303, the ID request transmission unit 832 transmits the ID request generated by the ID request generation unit 831 to the plurality of information banking devices 4 to 6 via the communication unit 81. The information banking devices 4 to 6 that have received the ID request transmit the ID result information to the intermediary device 3 as a response to the ID request.

<S304>
The ID receiving unit 833 receives ID result information from the plurality of information banking devices 4 to 6 via the communication unit 81. The ID result information is described in a data format that can be handled by each of the information bank devices 4 to 6.

The ID result information of this embodiment includes each item shown in FIG. 28. FIG. 28 shows the ID result information received from the first information bank 4a.

The ID result information includes a time stamp, a transaction ID, a sentence type, a reference transaction ID, a destination, a sender, and a sentence content. The reference transaction ID is an ID request related to the ID result information, in other words, a transaction ID of the ID request received by the information banking apparatus of the source of the ID result information.

The text content includes a list of pairs of personal data information bank registrant IDs and prices that meet the target conditions indicated by the ID request. For example, in the example shown in FIG. 28, the set of {1343482,215} included in the sentence content is an information bank registrant of a certain personal data that meets the target conditions among the personal data held by the first information bank 4a. It means that the ID is 1343482 and the price is 215 yen. The brokerage device 8 receives the ID result information as shown in FIG. 28 from the information banks 4a to 6a.

<S305>
Subsequently, in S305, the duplicate confirmation generation unit 834 generates a duplicate confirmation request to be transmitted to the administrator device 9 based on the ID result information received from the plurality of information bank devices 4 to 6.

As shown in FIG. 29, the duplicate confirmation request of the present embodiment includes each item of time stamp, transaction ID, sentence type, reference transaction ID, destination, source, and sentence content.

The text content includes a list of information bank registrant IDs received from each information bank 4a to 6a and an identifier of each information bank (in FIG. 29, the "first information bank" and "second information bank" in the "text content". Information bank "etc.) and.

<S306>
Subsequently, in S306, the duplication confirmation transmission unit 835 transmits the duplication confirmation request generated by the duplication confirmation generation unit 834 to the administrator device 9 via the communication unit 81. The administrator device 9 that has received the duplicate confirmation request transmits the duplicate result information to the intermediary device 8 as a response to the duplicate confirmation request.

<S307>
The duplication confirmation receiving unit 836 receives duplication result information from the administrator device 9 via the communication unit 81.

As shown in FIG. 30, the duplicate result information of this embodiment includes each item of time stamp, transaction ID, sentence type, reference transaction ID, destination, sender, and sentence content.

The content of the sentence includes a set of information bank registrant IDs in each of the information banks 4a to 6a of the same person.

For example, in the example shown in FIG. 30, the set (0980838, 9888100, 430981213) included in the sentence content includes the information bank registrant ID "09008838" of the first information bank 4a and the information of the third information bank 6a. It means that the bank registrant ID "9888100" and the information bank registrant ID "430981213" of the third information bank 6a are the same person's ID.

When the administrator device 9 receives the duplicate confirmation request from the broker device 8, the administrator device 9 generates the duplicate result information as follows. That is, the administrator device 9 refers to the duplicate management table shown in FIG. 24. Then, the administrator device 9 confirms whether or not there are a plurality of information bank registrant IDs corresponding to the same personal ID in the list of information bank registrant IDs included in the duplicate confirmation request. Then, when there are a plurality of information bank registrant IDs corresponding to the same personal ID, the administrator device 9 combines the plurality of information bank registrant IDs into a set. As a result, a set of information bank registrant IDs included in the text content of the duplicate result information is generated. The administrator device 9 generates duplicate result information in this way. In FIG. 24, the information bank registrant ID represented by the reference numeral 9a corresponds to the same personal ID. Further, the information bank registrant ID represented by the reference numeral 9b also corresponds to the same personal ID.

<S308>
The metadata request generation unit 332 generates a metadata request to be transmitted to the information banking devices 4 to 6 based on the duplication result information received by the duplication confirmation receiving unit 836 and the request information received by the request acquisition unit 331. To do.

Here, the metadata request generation unit 332 identifies one of the plurality of information banks when the information bank registrant IDs of the plurality of information banks correspond to the same personal ID. Then, the metadata request generation unit 332 generates a metadata request so as to exclude the information bank registrant ID corresponding to the same personal ID and transmit the metadata to other than the specified information bank. To do.

Specifically, in the present embodiment, the metadata request generation unit 332 matches the duplicate result information received in S307 with the price information included in the ID result information received in S304. Then, the metadata request generation unit 332 identifies the information bank that provides the personal data of a certain individual at the lowest price, and transmits the metadata excluding the personal data from the information banks other than the specified information bank. The conditions in the metadata request specify that this should be done.

In this embodiment, it is assumed that the price of personal data of the same person differs depending on the information bank. This is because it is assumed that the margin taken by the information bank differs depending on the information bank.

As shown in FIG. 31, the metadata request of the present embodiment further includes an item of exclusion ID in the sentence content in addition to each item of the metadata request shown in FIG. 6 described above.

The exclusion ID is an item indicating the information bank registrant ID of personal data that is not included (that is, excluded) in the metadata transmitted from the information bank. That is, the information bank that has received the metadata request excludes the data of the information bank registrant ID specified by the exclusion ID and transmits the metadata to the intermediary device 8. As a result, the data of the information bank registrant ID corresponding to the same personal ID is excluded from the metadata from the information banks other than the specific information bank.
<S309>
Since S309 is the same as S103 in FIG. 4 described above, the description thereof will be omitted.
<S310>
Subsequently, in S310, the metadata receiving unit 334 receives the metadata from the information banking devices 4 to 6 via the communication unit 81. Here, when the information bank registrant IDs of the plurality of information banks 4a to 6a correspond to a certain same personal ID, the metadata receiving unit 334 is from the information bank that provides the personal data of the individual at the lowest price. Receive metadata containing that personal data. Then, the metadata receiving unit 334 receives the metadata excluding the personal data from the information banks other than the information bank that provides the personal data of the individual at the lowest price. As a result, the metadata receiving unit 334 is prevented from receiving metadata including the data of the same person from a plurality of information banks.
<S311 to S317>
Since S311 to S317 are the same as S105 to S111 in FIG. 4 described above, the description thereof will be omitted.

[3-3. effect]
According to the third embodiment described in detail above, the following effects can be obtained in addition to the effects (1a) to (1h) of the first embodiment described above.

(3a) In the present embodiment, the procurement plan determination unit 336 generates a metadata request based on the duplicate result information, and determines the procurement plan based on the metadata obtained as a response to the metadata request. That is, the procurement plan determination unit 336 determines the procurement plan based on the duplicate result information.

Therefore, personal data will be procured according to the procurement plan determined based on the duplicate confirmation information. Therefore, it is possible to satisfy the needs of the data user 2a that occurs in the situation where the same individual deposits data in a plurality of information banks 4a to 6a. Further, since the intermediary device 8 procures data from a plurality of information banks 4a to 6a instead of the data user 2a, it is possible to more easily procure the personal data desired by the data user 2a.

(3b) In the present embodiment, the procurement plan determination unit 336 procures one of the first personal data and the second personal data, which are shown to be personal data related to the same individual by the duplicate result information. Determine the procurement plan to be carried out.

Therefore, it is possible to suppress the duplicate purchase of personal data having the same content related to the same individual from a plurality of

information banks

4a and 5a.

(3c) In the present embodiment, the procurement plan determination unit 336 determines the procurement plan for procuring the cheaper of the first personal data and the second personal data related to the same individual.

Therefore, the data user 2a can purchase the personal data at a lower price while suppressing the duplicate purchase of the personal data of the same content related to the same individual.

(3d) In the present embodiment, the duplication confirmation receiving unit 836 acquires the duplication result information from the administrator device 9 which is an external device capable of generating the duplication result information.

Here, it is conceivable that the intermediary device 8 stores the duplication status table shown in FIG. 24 in its own storage unit 82 and acquires duplication result information based on the duplication status table stored in the storage unit 82. However, in such a configuration, the duplication status table stored in the storage unit 82 is not updated to the latest duplication status table, and the acquired duplication result information does not reflect the latest duplication status of personal data. there is a possibility. On the other hand, according to the configuration of the present embodiment, since the duplication result information is acquired from the administrator device 9, the intermediary device 8 can easily acquire the duplication result information reflecting the latest duplication situation. As a result, the brokerage device 8 can easily determine the procurement plan based on the latest duplication situation.

(3e) In the present embodiment, the duplicate result information is information that associates an information bank registrant ID of a certain information bank with an information bank registrant ID of another information bank related to the same individual.

Therefore, when a plurality of information banks manage personal data relating to the same individual with different information bank registrant IDs, the brokerage device 8 relates to any personal data managed by the plurality of information banks relating to the same individual. You can grasp whether it is personal data. Then, the brokerage device 8 can determine the procurement plan based on the grasped result.

In the present embodiment, the duplicate result information corresponds to the duplicate confirmation information, the information bank registrant ID corresponds to the registration identification information, and the administrator device 9 can manage the duplicate confirmation information or generate the duplicate confirmation information. Corresponds to an external device, S301 corresponds to processing as a request acquisition unit, S307 corresponds to processing as a duplicate confirmation acquisition unit, S312 corresponds to processing as a determination unit, and S315 and S317 serve as acquisition transmission units. Corresponds to the processing of.

[4. Fourth Embodiment]
[4-1. Differences from the third embodiment]
Since the basic configuration of the fourth embodiment is the same as that of the third embodiment, the description of the common configuration will be omitted, and the differences will be mainly described. It should be noted that the same reference numerals as those in the third embodiment indicate the same configuration, and the preceding description will be referred to.

In the third embodiment described above, the brokerage device 8 performs duplicate confirmation to confirm which data deposited in the plurality of information banks 4a to 6a is the data of the same individual. Then, the brokerage device 8 determines the procurement plan so as to avoid duplicate purchase of personal data of the same individual. That is, the brokerage device 8 procures personal data of the same individual only from a specific information bank among a plurality of information banks 4a to 6a.

On the other hand, it is conceivable that the information bank will have the consumer deposit personal data in order to provide some service to the consumer. In this case, if the service content provided by each information bank is different, there is a possibility that even the same individual may deposit personal data with different data items for each information bank. Therefore, it is assumed that the data user 2a wants to acquire the personal data of the same individual by name identification from a plurality of information banks 4a to 6a.

The fourth embodiment is different from the third embodiment in that the intermediary device 8 is procured by identifying the personal data of the same person from each of the plurality of information banks 4a to 6a. Hereinafter, the fourth embodiment will be described in detail.

The intermediary device 8 of the fourth embodiment has the same hardware configuration and functional elements as those of the third embodiment. In particular, the intermediary device 8 of the fourth embodiment includes each element 331 to 341, 831 to 836 shown in FIG. 25. The functions of the elements 331 to 341, 831 to 836 are basically the same as those of the third embodiment, but the functions of the metadata request generation unit 332 and the format integration unit 340 are partially different from those of the third embodiment. Hereinafter, these

elements

332 and 340 will be described.
<Metadata request generator>
The metadata request generation unit 332 generates a metadata request to be transmitted to the information banking devices 4 to 6 based on the duplication result information received by the duplication confirmation receiving unit 836 and the request information received by the request acquisition unit 331. To do. From the received duplicate result information, it is possible to identify the personal information bank registrant ID of an individual who deposits personal data in a plurality of information banks. The metadata receiver 334 generates a metadata request that requests metadata that includes only the data of an individual who has deposited personal data with a plurality of information banks (ie, other information banks). <Formal integration department>
The format processing unit 340 matches the data formats of the delivery data received from the plurality of information banking devices 4 to 6 with the common data format and integrates them into one data to generate integrated data. In the present embodiment, the format processing unit 340 generates the integrated data by name-identifying the personal data of the same individual received from the plurality of information banking devices 4 to 6.

[4-2. processing]
Next, the data procurement process executed by the control unit 83 of the intermediary device 8 of the fourth embodiment instead of the data procurement process of the third embodiment will be described with reference to the flowchart of FIG. 26 described above.
<S301-S307>
Since S301 to S307 are the same as S301 to S307 of the third embodiment described above, the description thereof will be omitted.
<S308>
Subsequently, in S308, the metadata request generation unit 332 generates a metadata request to be transmitted to the information banking devices 4 to 6 based on the duplicate result information received in S307 and the request information received in S301. .. Here, the metadata request generation unit 332 generates a metadata request that requests metadata including only the data of an individual who has deposited personal data with a plurality of information banks.

Specifically, the metadata request generation unit 332 generates a metadata request as shown in FIGS. 32 and 33. FIG. 32 shows an example of a metadata request transmitted to the first information bank 4a. FIG. 33 shows an example of a metadata request sent to the second information bank 5a.

The metadata request of the present embodiment basically includes the same items as the metadata request shown in FIG. 6 described above, but does not include the items of the distribution aggregation axis. Further, the metadata request of the present embodiment further includes the item of the target ID in the sentence content.

The target ID here is an item indicating the personal information bank registrant ID included in the metadata sent from the information bank. That is, the information banks 4a to 6a that have received the metadata request transmit the metadata including only the data of the information bank registrant ID specified by the target ID to the brokerage device 8. In the target ID, an individual information bank registrant ID that deposits personal data in a plurality of information banks is described.

For example, in the above-mentioned example of FIG. 24, the information bank registrant ID “09008838” of the first information bank 4a having the information bank ID “00001” and the second information bank having the information bank ID “0000002” The information bank registrant ID "9888100" of 5a and the information bank registrant ID "430981213" of the third information bank 6a whose information bank ID is "00003" are IDs of the same individual. Further, the information bank registrant ID "2910110" of the first information bank 4a and the information bank registrant ID "7550360" of the second information bank 5a are IDs of the same individual.

Therefore, as shown in FIG. 32, for the first information bank 4a, as an ID indicating an individual who deposits data in a plurality of information banks 4a to 6a, the information bank registrant ID " "0900838" and "2910110" are described.

In the example of FIG. 32, as can be seen from the required item column, the first information bank 4a has the basic attributes such as gender (Gender) and age (Age10), as well as the child's age (Age_minor_child) and family. It has attributes of personal data such as the number of people (Num_Family), self-catering frequency (Freq_HomeCook), supermarket usage frequency (Freq_GSM), convenience store usage frequency (Freq_CVS), and drugstore usage frequency (Freq_DS).

On the other hand, as shown in FIG. 33, for the second information bank 5a, as an ID indicating an individual who deposits data in a plurality of

information banks

4a, 5a, the information bank registrant ID " 7550360 ”and“ 9888100 ”are described.

In the example of FIG. 33, the second information bank 5a has personal data such as recipe site monthly browsing history and 3-month magazine purchase amount, in addition to basic attributes such as gender and age, as can be seen from the required item column. Has the attributes of.

The metadata request generation unit 332 generates the above-mentioned metadata request.
<S309-S315>
Since S309 to S315 are the same as S309 to S315 of the third embodiment described above, the description thereof will be omitted.
<S316>
Subsequently, in S316, the format processing unit 340 matches the data format of the delivery data received from the plurality of information banking devices 4 to 6 with the common data format and integrates them into one data to generate integrated data. ..

FIG. 34 shows an example of integrated data. In the figure, the personal data attribute (that is, the data item) represented by reference numeral 10a is an attribute owned by both the first information bank 4a and the second information bank 5a. On the other hand, the attribute of the personal data represented by the reference numeral 10b is an attribute owned only by the first information bank 4a. The personal data attribute represented by the reference numeral 10c is an attribute owned only by the second information bank 5a. In this way, the format processing unit 340 generates integrated data by identifying the personal data of the same individual from a plurality of information banks 4a to 6a.
<S317>
Since S317 is the same as S317 of the third embodiment described above, the description thereof will be omitted.

[4-3. effect]
According to the fourth embodiment described in detail above, in addition to the effects (1a) to (1h) of the first embodiment and the effects (3a), (3d) and (3e) of the third embodiment, the following The effect is obtained.

(4a) In the present embodiment, the procurement plan determination unit 336 procures a procurement plan for procuring both the first personal data and the second personal data, which are shown to be personal data related to the same individual by the duplicate result information. decide.

Therefore, for example, when the same individual deposits personal data having different contents in the first information bank 4a and the second information bank 5a, the personal data of the same individual is identified from a plurality of

information banks

4a and 5a. can do. Since the personal data deposited in a plurality of information banks is not always the same, the brokerage device 8 can generate information that is not found in any of the

information banks

4a and 5a by name identification.

In the present embodiment, as in the third embodiment, each configuration of the intermediary device 8 corresponds to each wording of the claim.

[5. Fifth Embodiment]
[5-1. Differences from the third embodiment]
Since the basic configuration of the fifth embodiment is the same as that of the third embodiment, the common configuration will be omitted and the differences will be mainly described. It should be noted that the same reference numerals as those in the third embodiment indicate the same configuration, and the preceding description will be referred to.

In the third embodiment, the intermediary device 8 acquires duplicate result information from the external administrator device 9. On the other hand, in the fourth embodiment, the duplication status table is stored in advance in the storage unit 82 of the intermediary device 8. The intermediary device 8 is different from the third embodiment in that when the request information is received from the user device 2, the duplication result information is generated from the storage unit 82 based on the duplication status table. Hereinafter, the fifth embodiment will be described in detail.

As shown in FIG. 2, the intermediary device 11 of the fifth embodiment includes a communication unit 111, a storage unit 112, and a control unit 113. The hardware configurations of these configurations 111 to 113 are the same as the respective configurations 81 to 83 of the intermediary device 8 of the third embodiment. However, the data stored in the storage unit 112 of the intermediary device 11 of the fifth embodiment is different from that of the third embodiment. Specifically, the storage unit 112 of the fifth embodiment stores the duplicate management table shown in FIG. 35.

The duplication status table of FIG. 35 is basically the same as the duplication management table held by the registration manager 9a shown in FIG. 24 described above, but differs in that it further includes the item of the price of personal data. That is, the duplication status table shown in FIG. 35 is information set in which the information bank ID, the information bank registrant ID, the personal ID, and the price of the personal data are associated with each other.

In the present embodiment, it is assumed that the duplication status table stored in the storage unit 112 is periodically updated at a predetermined frequency (for example, once a month or once a week). The duplication status table can be updated by various methods, and may be updated as follows, for example. That is, the holder of the intermediary device 11 receives the storage medium in which the duplicate status table is stored from the registered manager 9a holding the administrator device 9, and stores the duplicate status table in the received storage medium in the storage unit 112. By doing so, the duplicate status table may be updated.

On the other hand, the control unit 113 executes the data procurement process shown in FIG. 37, which will be described later, by executing the program stored in the memory 113b by the CPU 113a. By executing the data procurement process, the control unit 113 functions as elements 331 to 341, 831 to 833, and 931, 932 as shown in FIG. 36. That is, the control unit 113 of the fifth embodiment functions as the duplication confirmation acquisition unit 931 in place of the duplication confirmation generation unit 834, the duplication confirmation transmission unit 835, and the duplication confirmation reception unit 8636 shown in FIG. 25 of the third embodiment. Further, it differs from the third embodiment in that it functions as an update processing unit 932. Hereinafter, the duplicate confirmation acquisition unit 931 and the update processing unit 932 related to the differences will be described.
<Duplicate confirmation acquisition department>
The duplication confirmation acquisition unit 931 acquires the duplication status table from the storage unit 112. Then, the duplication confirmation acquisition unit 931 generates duplication result information based on the ID result information received by the ID receiving unit 833 and the duplication status table acquired from the storage unit 112. Since the method of generating the duplicate result information is the same as the method of generating the duplicate result information by the administrator device 9 of the third embodiment described above, the description thereof will be omitted.
<Update processing unit>
The update processing unit 932 updates the duplication status table stored in the storage unit 112 based on the integrated data generated by the format processing unit 340.

For example, when the data included in the integrated data and the data registered in the duplication status table are different, the update processing unit 932 updates the data registered in the duplication status table with the data included in the delivery data. As a result, the duplication status table is updated with the data included in the integrated data, that is, the latest data content recently purchased by the intermediary device 11.

[5-2. processing]
Next, the data procurement process executed by the control unit 113 of the intermediary device 11 of the fifth embodiment instead of the data procurement process (FIG. 26) of the third embodiment will be described with reference to the flowchart of FIG. 37.
<S401 to S404>
Since S401 to S404 are the same as S301 to S304 in FIG. 26 described above, the description thereof will be omitted.
<S405>
Subsequently, in S405, the duplication confirmation acquisition unit 931 acquires the duplication status table from the storage unit 112. Then, the duplication confirmation acquisition unit 931 generates the duplication result information based on the ID result information received by the ID receiving unit 833 and the duplication status table acquired from the storage unit 112, thereby generating the duplication result information. get.
<S406-S415>
Since S406 to S415 are the same as S308 to S317 of FIG. 26 described above, the description thereof will be omitted.
<S416>
Subsequently, in S416, the update processing unit 932 updates the duplication status table stored in the storage unit 112 based on the integrated data generated by the format processing unit 340.

[5-3. effect]
According to the fifth embodiment described in detail above, in addition to the effects (1a) to (1h) of the first embodiment and the effects (3a) to (3c) and (3e) of the third embodiment, the following The effect is obtained.

(5a) In the present embodiment, the intermediary device 11 acquires the duplication status table from the storage unit 112. Then, the duplication confirmation acquisition unit 931 acquires the duplication result information by generating the duplication result information based on the ID result information received by the ID receiving unit 833 and the acquired duplication status table. That is, the intermediary device 11 can acquire the duplicate result information without exchanging data with the administrator device 9. Therefore, the communication volume of the administrator device 9 can be reduced as compared with the configuration in which the duplicate confirmation request is transmitted to the administrator device 9 to acquire the duplicate result information. In addition, API (Application) for sending and receiving duplicate confirmation request and duplicate result information.
System development costs such as Programming Interface) can be suppressed.

In the present embodiment, the duplication status table corresponds to the duplication confirmation information, S401 corresponds to the processing as the request acquisition unit, S405 corresponds to the processing as the duplication confirmation acquisition unit, and S410 corresponds to the processing as the determination unit. Corresponds to, and S413 and S415 correspond to the processing as the acquisition transmission unit.

[6. 6th Embodiment]
[6-1. Differences from the third embodiment]
Since the basic configuration of the sixth embodiment is the same as that of the third embodiment, the common configuration will be omitted and the differences will be mainly described. It should be noted that the same reference numerals as those in the third embodiment indicate the same configuration, and the preceding description will be referred to. In the sixth embodiment, the user device 2 of the data user 2a uses the personal data procured from the information banks 4a to 6a to deliver an advertisement to an individual who has deposited the personal data with the information banks 4a to 6a. It differs from the above-described third embodiment in that it is performed.

The procurement system 12 of the sixth embodiment shown in FIG. 38 includes a user device 2, an intermediary device 3, and a plurality of information bank devices 4 to 6, as in the third embodiment. The brokerage device 3 and the plurality of information banking devices 4 to 6 of the sixth embodiment are the same as those of the third embodiment.

On the other hand, the user device 2 of the sixth embodiment includes a communication unit 21, a storage unit 22, and a control unit 23, as shown in FIG. 39. The communication unit 21 is a communication interface for connecting the user device 2 to the network. The user device 2 can perform data communication with the intermediary device 8 and the information processing terminals 11 to 17 owned by an individual via the communication unit 21.

The storage unit 22 stores various data. In the present embodiment, the storage unit 22 stores the advertisement information and the destination information. The advertising information referred to here is advertising information transmitted to an individual related to personal data procured from information banks 4a to 6a by the data user 2a, and is an attribute of the procured personal data (in other words, related to personal data). Advertising information corresponding to various attributes such as personal preference).

In addition, the destination information referred to here is information that specifies the destination to which the advertisement information is transmitted. In the present embodiment, an individual who has deposited personal data with information banks 4a to 6a is assumed as a transmission destination. The destination information may be an identifier that identifies the destination of the advertisement information, such as IDFA (Identification For Advertisers), ADID (Advertising Identifier), cookie ID, and the e-mail address of the distribution target person. In the present embodiment, it is assumed that the destination information is included in the personal data acquired from the information banks 4a to 6a.

The control unit 23 is mainly composed of a well-known microcomputer having a CPU 23a and a semiconductor memory (hereinafter, memory 23b) such as a RAM, a ROM, and a flash memory. Various functions of the control unit 23 are realized by the CPU 23a executing a program stored in the non-transitional substantive storage medium. In this example, the memory 23b corresponds to a non-transitional substantive storage medium in which the program is stored. In addition, by executing this program, the method corresponding to the program is executed. The control unit 23 executes the advertisement distribution process shown in FIG. 40, which will be described later.

[6-2. processing]
Next, the advertisement distribution process executed by the control unit 23 of the user device 2 will be described with reference to the flowchart of FIG. 40. The advertisement distribution process is executed at an appropriate timing.

First, in S501, the control unit 23 acquires the advertisement information and the destination information from the storage unit 22.

Subsequently, in S502, the control unit 23 delivers the advertisement. Specifically, the control unit 23 transmits the advertisement information acquired in S501 to the destination indicated by the destination information acquired in S501 via the communication unit 21. When the control unit 23 executes S502, the advertisement distribution process of FIG. 40 ends.

[6-3. effect]
According to the sixth embodiment described in detail above, in addition to the effects (1a) to (1h) of the first embodiment and the effects (3a) to (3e) of the third embodiment, the following effects can be obtained. ..

(6a) In the present embodiment, the user device 2 uses the personal data acquired from the information banks 4a to 6a to deliver the advertisement to the individual who has deposited the personal data in the information banks 4a to 6a. Specifically, the user device 2 acquires the advertisement information notified to the individual related to the personal data acquired from the brokerage device 8 and the destination information indicating the destination of the advertisement information. Then, the user device 2 transmits the advertisement information to the destination indicated by the destination information.

Therefore, the advertisement information is transmitted using the personal data acquired from the information banking devices 4 to 6. Therefore, it is possible to deliver advertisements suitable for individuals who have deposited personal data with information banks 4a to 6a.

In the present embodiment, the procurement system 12 corresponds to the system, the advertisement information corresponds to the notification information, S501 corresponds to the processing as the notification information acquisition unit, and S502 corresponds to the processing as the notification information transmission unit. ..

[7. Seventh Embodiment]
[7-1. Differences from the first embodiment]
Since the basic configuration of the seventh embodiment is the same as that of the first embodiment, the common configurations will be omitted and the differences will be mainly described. It should be noted that the same reference numerals as those in the first embodiment indicate the same configuration, and the preceding description will be referred to.

In the first embodiment described above, the data user 2a acquires personal data from the information banks 4a to 6a via the intermediary device 3. Here, it is assumed that the data user does not want to bear the cost of handling personal data. That is, in recent years, there is a movement to demand a safety management device such as the use of a privacy mark even for data users who acquire personal data from information banks 4a to 6a. The safety management device means a necessary and appropriate measure for the business operator to prevent leakage, loss or damage of personal data and other safety management of personal data. However, it may be difficult for data users, who are small and medium-sized enterprises, to implement such a safety management device. Therefore, it is conceivable that such a data user acquires anonymously processed information instead of taking safety management measures. The anonymously processed information referred to here is information generated based on personal data, and is information generated by changing or deleting the information contained in the personal data so that the individual related to the personal data is not specified. ..

In the seventh embodiment, the brokerage device 3 generates anonymously processed information based on the personal data acquired from the information banks 4a to 6a, and transmits the generated anonymously processed information to the user device 2. Different from the embodiment. Hereinafter, the seventh embodiment will be described in detail.

The hardware configuration of the procurement system 1 of the seventh embodiment is the same as that of the first embodiment. On the other hand, the processing executed by the intermediary device 3 of the seventh embodiment and the data to be transmitted and received are partially different from those of the first embodiment.

[7-2. processing]
Hereinafter, the data procurement process executed by the control unit 33 of the brokerage device 3 of the seventh embodiment instead of the data procurement process (FIG. 4) of the first embodiment will be described with reference to the flowchart of FIG. 41. In the flowchart of FIG. 41, the processes of S501, S503 to S509, and S511 (that is, processes other than S502 and S510) are the same as those of S101, S103 to S109, and S111 of FIG. 4 described above, respectively. Therefore, in the following, the description of these processes will be omitted, and only the different points S502 and S510 will be described.

<S502>
In S502, the metadata request generation unit 332 generates a metadata request based on the request information received in S501. In this embodiment, the metadata request generation unit 332 generates a metadata request as shown in FIG. 42. The metadata request shown in FIG. 42 is basically the same as the metadata request of the first embodiment shown in FIG. 6, but the description of the type of purpose of use of personal data is different. In the metadata request shown in FIG. 42, the type of purpose of use of personal data is described as "anonymous processing information creation".

<S510>
In S510, the format processing unit 340 aligns the data formats of the delivery data received from the information banking devices 4 to 6 and converts the data. Then, the format processing unit 340 integrates the delivery data from the information banking devices 4 to 6 into one data. Specifically, the format processing unit 340 converts the variable names and values included in the delivery data received from the information bank devices 4 to 6 into data of the information bank devices 4 to 6, as in the first embodiment. By converting according to the dictionary, the data format of the delivery data received from each information bank device 4 to 6 is made uniform. Then, the format processing unit 340 converts the variable names and values included in the delivery data so as to satisfy the criteria stipulated in the Personal Information Protection Law.

Specifically, the format processing unit 340 converts, for example, the variable names and values included in the delivery data shown in FIG. 16A received from the first information bank 4a according to the conversion dictionary shown in FIG. Then, the format processing unit 340 generates the converted delivery data of the first information bank 4a as shown in FIG. 43. The converted delivery data shown in FIG. 43 is anonymously processed information that has been subjected to anonymous processing. The anonymous processing process is a process of changing or deleting personal data so that the individual related to the personal data cannot be identified. The anonymous processing process may be, for example, a process of coarsening the particle size of the personal data to the extent that the individual related to the personal data cannot be identified.

Specifically, for example, in the anonymously processed information shown in FIG. 43, personally identifiable information is deleted. Examples of the information that can identify an individual include an ID (that is, an information bank registrant ID) and a name given to an individual by an information bank. Then, an ID is randomly assigned to the individual or personal data as in the ID shown in FIG. 43 (a3321, 34accd, 943dd, ...).

Further, the anonymously processed information is, for example, characteristic or unusual information when viewed in a specific area (for example, Japan) as a whole, and therefore information that can identify an individual may be deleted or changed.

Specifically, for example, it is assumed that the age (Demographic: Age) of an individual related to personal data is "115 years old". In this case, the information that the age is "115 years old" is rare when viewed in Japan as a whole, and is information that can identify an individual. Therefore, such information may be deleted in the anonymously processed information or rounded to "100 years old or older".

Further, in the anonymously processed information, information that is characteristic or unusual in the data set acquired from the information banks 4a to 6a and that can identify an individual may be deleted or changed.

For example, information such as "demographic (Marital)" being "divorce" or "bereavement" is characteristic or rare in the above data set, and is information that can identify an individual. In this case, when the "unmarried" of an individual corresponds to "divorce" or "bereavement", the "unmarried" of the individual is "divorce or bereavement" as in the ID "34accd" shown in FIG. It may be changed as follows.

Further, for example, it is assumed that the information that the 3-month magazine purchase amount (Aggregate: 1: TotalExpense3MonthSeasonings) is larger than 5000 yen is characteristic or rare in the above data set and can identify an individual. In this case, in the anonymously processed information, the actual amount larger than 5000 yen is not recorded as in the case of the individual with the ID "09aba" shown in FIG. 43, but the numerical value is rounded to "5000 yen". You may.

In this way, the brokerage device 3 converts the delivery data received from each of the information banks 4a to 6a into anonymously processed information. Then, the brokerage device 3 integrates the anonymously processed information of each information bank 4a to 6a into one data to generate the integrated data. The order in which the anonymous processing and the data integration processing are performed is not limited to this. For example, after integrating the delivery data of each information bank 4a to 6a into one data, the integrated data may be subjected to anonymous processing.

[7-3. effect]
According to the seventh embodiment described in detail above, the following effects can be obtained in addition to the effects (1a) to (1h) of the first embodiment described above.

In the present embodiment, the intermediary device 3 receives personal data from the information bank devices 4 to 6 via the communication unit 31, and generates anonymously processed information based on the received personal data. Here, the anonymously processed information is information generated based on personal data, and information (that is, data) generated by changing or deleting information included in personal data so that an individual related to the personal data is not specified. ). Then, the intermediary device 3 transmits the generated anonymously processed information to the user device 2 via the communication unit 31.

Therefore, it is possible to reduce the handling cost of personal data of data users who have difficulty in using the safety management device. In addition, computer security related to personal data management can be improved.

[8. 8th Embodiment]
[8-1. Differences from the 7th embodiment]
Since the basic configuration of the eighth embodiment is the same as that of the first embodiment, the common configurations will be omitted and the differences will be mainly described. It should be noted that the same reference numerals as those in the first embodiment indicate the same configuration, and the preceding description will be referred to.

In the first embodiment described above, the data user 2a acquires personal data from the information banks 4a to 6a via the intermediary device 3. Here, it is assumed that the data user 2a does not need personal data having a fine grain size in the first place. For example, consider a case where a data user 2a knows how much his / her customers are buying competing products and formulates a marketing strategy. In this case, even if the data is not the data of the company's customer, the data user 2a may sufficiently consider the strategy if the statistical information of the average purchase amount of the competing products of the individuals having the attributes similar to the company's customer is known. In this case, fine-grained personal data is not required.

In the eighth embodiment, the intermediary device 3 generates statistical information based on the personal data acquired from the information banks 4a to 6a, and transmits the generated statistical information to the user device 2. Different from the form. Hereinafter, the eighth embodiment will be described in detail.

The hardware configuration of the procurement system 1 of the eighth embodiment is the same as that of the first embodiment. On the other hand, the processing executed by the intermediary device 3 of the eighth embodiment and the data to be transmitted and received are partially different from those of the first embodiment.

[8-2. processing]
Hereinafter, the data procurement process executed by the control unit 33 of the brokerage device 3 of the eighth embodiment instead of the data procurement process (FIG. 4) of the first embodiment will be described with reference to the flowchart of FIG. 41 described above. In the flowchart of FIG. 41, the processes of S501, S503 to S509, and S511 (that is, processes other than S502 and S510) are the same as those of S101, S103 to S109, and S111 of FIG. 4 described above, respectively. Therefore, in the following, the description of these processes will be omitted, and only the different points S502 and S510 will be described.

<S502>
In S502, the metadata request generation unit 332 generates a metadata request based on the request information received in S501. In this embodiment, the metadata request generation unit 332 generates a metadata request as shown in FIG. 44. The metadata request shown in FIG. 44 is basically the same as the metadata request of the first embodiment shown in FIG. 6, but the description of the type of purpose for using personal data is different. In the metadata request shown in FIG. 41, the type of purpose of use of personal data is described as "statistical information creation".

<S510>
In S510, the format processing unit 340 aligns the data formats of the delivery data received from the information banking devices 4 to 6 and converts the data. Then, the format processing unit 340 integrates the delivery data from the information banking devices 4 to 6 into one data. Specifically, the format processing unit 340 converts the variable names and values included in the delivery data received from the information bank devices 4 to 6 into data of the information bank devices 4 to 6, as in the first embodiment. By converting according to the dictionary, the data format of the delivery data received from each information bank device 4 to 6 is made uniform. Then, the format processing unit 340 converts the delivery data to which the variable names and values have been converted into statistical information. The statistical information referred to here is information obtained by aggregating or processing personal data relating to a plurality of individuals acquired from information banks 4a to 6a.

Specifically, for example, the format processing unit 340 converts the variable names and values included in the delivery data shown in FIG. 16A received from the first information bank 4a according to the conversion dictionary shown in FIG. Then, the format processing unit 340 generates the converted delivery data of the first information bank 4a as shown in FIG. 45. The converted delivery data shown in FIG. 45 is statistically converted delivery data.

In the statistical information shown in FIG. 45, personal data relating to a plurality of individuals received from the first information bank 4a is classified into a plurality of groups (for example, six groups having group IDs 1 to 6). For example, personal data may be classified into a plurality of groups by mapping personal data relating to a plurality of individuals with appropriate items included in the personal data (for example, a 3-month magazine purchase amount) and clustering them.

Then, for each group ID of each group, the group size and the total number of individuals corresponding to various demographic attributes (gender = male, age = 15 years, etc.) are associated with each other. The group size is the total number of individuals or personal data contained in the group.

Then, the brokerage device 3 integrates the statistical information generated for each of the information banks 4a to 6a into one data, and generates the integrated data.

In the above, statistical information is generated by performing clustering, but the method for generating statistical information is not limited to this. For example, statistical information may be generated by other statistical methods such as cross tabulation.

Further, for example, in the above, statistical information is generated by classifying personal data into a plurality of groups, but for example, personal data may be grouped into one group without being classified into a plurality of groups. Then, for the group, statistical information indicating the total number, average, median, variance, etc. of individual or personal data corresponding to various demographic attributes and the like may be generated.

Further, for example, instead of generating statistical information for each of the information banks 4a to 6a, all the personal data received from a plurality of information banks 4a to 6a are once aggregated, and the statistical information is generated based on the aggregated personal data. It may be generated.

As described above, in the eighth embodiment, the data is not transmitted to the user device 2 in units of personal data, but is transmitted in units of groups.

In the eighth embodiment, the statistical information is generated so that the individual related to the personal data used for generating the statistical information cannot be identified from the generated statistical information. That is, the generated statistical information may be anonymously processed information.

[8-3. effect]
According to the eighth embodiment described in detail above, the following effects can be obtained in addition to the effects (1a) to (1h) of the first embodiment described above.

In the present embodiment, the intermediary device 3 receives personal data relating to a plurality of individuals from the information bank devices 4 to 6 via the communication unit 31, and based on the received personal data, the attribute of the personal data (that is, that is, Generate statistical information showing statistical information related to (items such as gender and age). Then, the intermediary device 3 transmits the generated statistical information to the user device 2 via the communication unit 31.

Therefore, when fine-grained personal data is unnecessary and statistical information is sufficient, statistical information can be provided to data user 2a. In addition, since the grain size of data is generally coarsened by converting it into statistical information, it is possible to reduce the handling cost of personal data of a data user who has difficulty in performing a safety management device. In addition, computer security related to personal data management can be improved.

[9. 9th Embodiment]
[9-1. Differences from the fourth embodiment]
Since the basic configuration of the ninth embodiment is the same as that of the fourth embodiment, the common configuration will be omitted and the differences will be mainly described. It should be noted that the same reference numerals as those in the fourth embodiment indicate the same configuration, and the preceding description will be referred to.

In the fourth embodiment described above, the brokerage device 8 identifies the personal data of the same individual from a plurality of information banks 4a to 6a. In particular, in the fourth embodiment, the brokerage device 8 inquires the administrator device 9 whether or not the personal data of the same individual is included in the personal data held by the plurality of information banks 4a to 6a. Then, the administrator device 9 identifies the personal data of the same individual by using the three IDs of the information bank ID, the information bank registrant ID, and the personal ID shown in FIG. 24. Then, the brokerage device 8 acquires a plurality of personal data identified as personal data of the same individual from the plurality of information banks 4a to 6a.

On the other hand, the ninth embodiment is the same as the fourth embodiment in that personal data of the same individual is identified from a plurality of information banks 4a to 6a. However, in the ninth embodiment, the intermediary device does not inquire of the administrator device 9. Specifically, the brokerage device of the ninth embodiment has a plurality of similar combinations of attribute values such as age and gender on a data set including a plurality of personal data received from a plurality of information banks 4a to 6a. Identify personal data. The fourth embodiment is different from the fourth embodiment in that a plurality of personal data having similar combinations of attribute values are identified from a plurality of information banks 4a to 6a as personal data relating to the same individual. Hereinafter, the ninth embodiment will be described in detail.

The hardware configuration of the procurement system of the ninth embodiment is the same as that of the first embodiment described above rather than the fourth embodiment described above. On the other hand, the function of the intermediary device 12 of the ninth embodiment is partially different from that of the first embodiment.

Specifically, the control unit of the brokerage device 12 of the ninth embodiment functions as each element 331 to 341, 1231 as shown in FIG.

That is, the control unit of the intermediary device 12 of the ninth embodiment is different from that of the first embodiment in that it functions as a similarity determination unit 1231 in addition to the elements 331 to 341 shown in FIG. 3 of the first embodiment. It's different.
<Similarity determination unit>
The similarity determination unit 1231 identifies a plurality of personal data having similar attribute values of the personal data from the plurality of personal data received from the plurality of information banks 4a to 6a. The determination of whether or not the personal data are similar may be performed by determining whether or not the degree of similarity between the personal data is equal to or less than a predetermined threshold value. Then, the similarity determination unit 1231 associates the specified plurality of personal data with each other as personal data of the same individual. Then, the plurality of personal data linked to each other by the similarity determination unit 1231 are transmitted to the data user 2a by the data transmission unit 341 as being personal data of the same individual. The processing content of the similarity determination unit 1231 will be described in detail below.

[9-2. processing]
Next, the data procurement process executed by the control unit of the brokerage device 12 of the ninth embodiment instead of the data procurement process (FIG. 4) of the first embodiment will be described with reference to the flowchart of FIG. 47. In the flowchart of FIG. 47, the processes of S601 to S610 and S612 (that is, processes other than S611) are the same as those of S101 to S111 of FIG. 4 described above. Therefore, in the following, the description of these processes will be omitted, and only S611, which is a difference point, will be described.
<S611>
In S611, the similarity determination unit 1231 determines the similarity for a plurality of personal data received from the plurality of information banks 4a to 6a. Then, the similarity determination unit 1231 associates a plurality of personal data determined to be similar to each other with each other. The similarity determination is a determination as to whether or not a plurality of personal data are similar. Specifically, the similarity determination unit 1231 specifies a plurality of personal data having similar attribute values as follows.

That is, it is assumed that the data sets shown in FIGS. 48 and 49 are obtained as a result of the data formats being arranged by the format processing unit 340.

FIG. 48 is a data set in which variables and values of personal data obtained from the first information bank 4a are converted into a common format. FIG. 49 is a data set obtained by converting variables and values of personal data obtained from the second information bank 5a into a common format. In the examples shown in FIGS. 48 and 49, it is assumed that 20 personal data (personal data having IDs 1 to 20) are acquired from each of the first information bank 4a and the second information bank 5a.

In the data sets shown in FIGS. 48 and 49, each ID is associated with each attribute value of personal data. In FIGS. 48 and 49, the value "1" means that it corresponds to the attribute, and the value "0" means that it does not correspond to the attribute. For example, in the data set shown in FIG. 48, the personal data with ID = 1 is "D: Gender: 1" = 1 and "D: Age: 20-34" = 1, which means that the personal data with ID = 1 This means that the individual is male and is between the ages of 20 and 34.

In the first embodiment described above, the standard value, which is a common data format, includes texts such as "male" and "female" as shown in FIG. 14, but in the present embodiment, the calculation to be performed later For convenience, the standard value is set to a numerical value such as "0" or "1".

What is important here is that the meanings of the variables and values of the data sets received from

different information banks

4a and 5a are converted into a common format by the format processing unit 340 (that is, the processing of S610). That's what I'm doing. The meaning of the value is, for example, that "D: Gender: 1" means that it is a man. This makes it possible to calculate the degree of similarity between personal data acquired from a plurality of information banks 4a to 6a having different data formats that can be handled.

Specifically, for example, in the data sets shown in FIGS. 48 and 49, the personal data of each ID can be treated as a vector having each attribute value as a component. For example, in FIG. 48, the personal data with ID = 1 is "D: Gender: 1", "D: Gender: 2", "D: Age: 0-19", "D: Age: 20-34", etc. It can be treated as a vector (1,0,0,1, ...) whose component is the attribute value of. Then, by calculating the similarity or distance between the vectors, the similarity between the personal data can be calculated. Regarding the relationship between the similarity between vectors and the distance, the higher the similarity, the smaller the distance, and the lower the similarity, the larger the distance.

Then, the personal data of ID = 1 to 20 received from the first information bank 4a shown in FIG. 48, the personal data of ID = 1 to 20 received from the second information bank 5a shown in FIG. 49, and By calculating the similarity of, a similarity matrix as shown in FIG. 50 can be obtained.

In the similarity matrix shown in FIG. 50, the row label "1 ID" means the ID of the first information bank 4a, and the column label "2 ID" means the ID of the second information bank 5a. To do. That is, the components of 1 ID = i and 2 ID = j have a degree of similarity between the personal data of ID = i of the first information bank 4a and the personal data of ID = j of the second information bank 5a. Is shown.

In the example shown in FIG. 50, the similarity between the two personal data (that is, the two vectors) is calculated as the cosine similarity, but the calculation method of the similarity between the two personal data is not limited to this. For example, the similarity between two personal data may be calculated using other distances or similarities such as the Euclidean distance and the Mahalanobis distance. In the similarity matrix shown in FIG. 50, the cosine similarity is not standardized so as to be in the range of 0 to 1.

Then, the similarity determination unit 1231 links two personal data whose similarity is equal to or higher than a predetermined threshold value (hereinafter, similarity threshold value) in the similarity matrix to each other as personal data of the same person. wear.

For example, in the example shown in FIG. 50, when two personal data having a similarity of 5 or more are specified as personal data of the same person, the following three combinations are combinations of personal data of the same person.
-Personal data with ID = 2 of the first information bank 4a (1 ID = 2) and personal data with ID = 10 of the second information bank 5a (2 ID = 10)
-Personal data with ID = 12 of the first information bank 4a (1 ID = 12) and personal data with ID = 12 (2 ID = 12) or 13 (2 ID = 13) of the second information bank 5a. Personal data of ID = 18 (1 ID = 18) of the first information bank 4a and personal data of ID = 7 (2 ID = 7) of the second information bank 5a In addition, like the second combination above. In some cases, one personal data is associated with a plurality of personal data. In such a case, for example, the following handlings (1) to (3) can be considered.
(1) When a plurality of personal data are linked to one personal data, the combination including the one personal data is excluded. That is, only when one personal data is associated with one personal data, the two personal data are specified as the personal data of the same individual.
(2) When a plurality of personal data are linked to one personal data and the degree of similarity of the plurality of personal data with the one personal data is different from each other, the similarity with the one personal data among the plurality of personal data. Give priority to the one with the higher degree. Then, the preferred personal data among the plurality of personal data and the one personal data are identified as the personal data of the same individual.
(3) When a plurality of personal data are linked to one personal data and the degree of similarity of the plurality of personal data with the one personal data is similar to each other, the plurality of personal data are more similar than the one personal data. If there is high-level personal data, it will be linked there. For example, in the above example, if the personal data of the second information bank 5a with ID = 12 has another personal data having a higher degree of similarity than the personal data of the first information bank 4a with ID = 12. The other personal data is linked with the personal data of the second information bank 5a with ID = 12.

Note that at least two of the above (1) to (3) may be adopted at the same time. In this way, the similarity determination unit 1231 identifies a plurality of personal data having similar attribute values of the personal data from the plurality of personal data received from the plurality of information banks 4a to 6a.

Then, in the subsequent processing of S612, the plurality of personal data associated with each other by the similarity determination unit 1231 is transmitted to the data user 2a by the data transmission unit 341 as being the personal data of the same individual.

[9-3. effect]
According to the ninth embodiment described in detail above, the following effects can be obtained in addition to the effect (4a) of the fourth embodiment described above.

(9a) In the present embodiment, the intermediary device 12 is a similarity matrix showing the similarity between a plurality of personal data acquired from the plurality of information banks 4a to 6a and based on the attribute value of the personal data. Determine delivery data based on. In particular, the brokerage device 12 acquires the similarity matrix as duplicate confirmation information.

Specifically, the brokerage device 12 acquires a plurality of personal data from the plurality of information banks 4a to 6a, and determines the similarity of the acquired plurality of personal data based on the attribute value of the personal data (S611). Then, the intermediary device 12 associates a plurality of personal data determined to be similar to each other by the similarity determination (S611). Then, the intermediary device 12 transmits the delivery data based on the plurality of associated personal data to the user device 2.

Therefore, by regarding a plurality of personal data linked to each other as personal data relating to the same individual, personal data relating to the same individual can be identified from a plurality of information banks 4a to 6a.

Further, according to the present embodiment, even when the registration manager 9a does not exist as in the fourth embodiment, that is, before the registration manager 9a appears, the plurality of information banks 4a to Personal data related to the same individual can be identified from 6a.

(9b) If the personal data item managed by the first information bank 4a and the personal data item managed by the second information bank 5a are different, a sample of personal data in which both items are complemented. There may be a need to get as many as possible. When name identification is performed using three IDs, an information bank ID, an information bank registrant ID, and an individual ID as in the fourth embodiment, only a plurality of personal data relating to the same individual is linked to each other. Therefore, a large number of the above samples may not be obtained. In this regard, according to the present embodiment, many-to-many association of personal data can be allowed by relaxing the similarity threshold value when associating personal data. As a result, the number of samples described above can be increased.

In the present embodiment, the similarity matrix shown in FIG. 50 corresponds to the similarity information and the duplication confirmation information, S601 corresponds to the processing as the request acquisition unit, and S611 corresponds to the processing as the duplication confirmation acquisition unit. , S611 and S612 correspond to the processing as the determination unit, and S609 and S612 correspond to the processing as the acquisition transmission unit.

[10. Other embodiments]
Although the embodiment for carrying out the present disclosure has been described above, the present disclosure is not limited to the above-described embodiment, and can be implemented in various modifications.

(1) In each of the above embodiments, the brokerage device procures personal data from a plurality of information banking devices 4 to 6, but the number of information banking devices from which the brokerage device procures personal data is not limited to this. For example, in the first to second embodiments, the intermediary device may procure personal data from only one information bank device without procuring personal data from a plurality of information bank devices.

(2) In each of the above embodiments, an information bank is illustrated as a personal data manager, but the personal data manager is not limited to this. For example, the personal data manager may be a business operator such as a telecommunications carrier or a credit card company that holds a large amount of customer data but does not exclusively use information banks. In this way, the personal data manager may be a personal data business operator who manages personal data entrusted by an individual and operates a business of providing the personal data to a third party.

(3) In each of the above embodiments, the intermediary device matches the data format of the delivery data received from the plurality of information bank devices 4 to 6 into a common data format, integrates the data into one data, and provides the data user 2a. We deliver, but the delivery method is not limited to this. For example, the brokerage device does not have to match the delivery data received from the plurality of information bank devices 4 to 6 into a common data format. Further, the brokerage device does not have to integrate the delivery data from the plurality of information bank devices 4 to 6 into one delivery data.

(4) The procurement plan determination logic in each of the above embodiments is just an example, and the procurement plan may be determined by another determination logic. For example, in each of the above embodiments, the plan with the highest reproducibility of the original data distribution within the budget amount of the data user 2a is determined as the procurement plan. However, for example, if the reproducibility of the original data distribution is the highest even if the budget amount is slightly exceeded (that is, a predetermined amount), the plan may be determined as the procurement plan. That is, when the procurement plan is determined based on the budget amount and the reproducibility of the original data distribution, the procurement plan may be determined so that the reproducibility is more important than the budget amount. On the other hand, the procurement plan may be determined so that the budget amount is more important than the reproducibility as in each of the above embodiments.

Also, for example, when a personal data manager such as an information bank conducts a questionnaire to individuals in order to expand personal data, the personal data of individuals who do not respond to the questionnaire will be missing data. .. When the personal data managed by the personal data manager includes missing data, the procurement plan may be determined so that the missing data is minimized.

Also, for example, the procurement plan may be determined so that the "freshness" of the personal data to be procured is the best. Specifically, the brokerage device acquires information on the last update date and time of personal data from the personal data manager, its own storage unit, etc., and determines the procurement plan based on the acquired information on the last update date and time. Good. In this case, for example, the brokerage device may determine the procurement plan by determining the personal data to be procured in order from the newest personal data with the latest update date and time.

Also, if the data price contained in the metadata received from a certain information bank is extremely low or extremely high, in other words, if the data price is below or above a predetermined threshold value, that The data price or the information bank itself is suspicious. In that case, the intermediary device may determine the procurement plan to procure personal data avoiding the extremely cheap or expensive data. The brokerage device may also decide on a procurement plan to procure personal data to avoid information banks that offer extremely cheap or extremely high data prices (ie, from information banks other than that information bank).

Further, for example, the brokerage device may determine a procurement plan for procuring personal data that is not the lowest price from a plurality of personal data that match the same target conditions in consideration of factors other than price.

Specifically, for example, in the intermediary device, as elements other than the price, among the attributes included in the personal data, the attributes not specified in the target condition (hereinafter, non-designated attributes) and the personal data of the data user 2a The personal data to be procured may be determined in consideration of the purpose of use (and thus the request information) and the degree of conformity.

For example, suppose that the brokerage device receives request information from the user device 2 including the target condition that the gender is male and the age is in the twenties. Then, the brokerage device receives the metadata related to the personal data satisfying the above target conditions from the information banks 4a to 6a. At this time, it is assumed that the data user 2a is specified to be a food and drink-related industry (for example, a food manufacturer) from the information of the user organization included in the request information. Then, it is assumed that the personal data held by the first information bank 4a includes attributes related to eating and drinking (meal log, etc.) as attributes other than gender and age (that is, non-designated attributes). On the other hand, it is assumed that the personal data held by the second information bank 5a does not include an attribute related to eating and drinking as a non-designated attribute. In this case, the intermediary device determines that the personal data of the first information bank 4a is more compatible with the user organization, purpose of use, etc. of the data user 2a, and the price is the data of the second information bank 5a. Even if it is higher, the procurement plan for procuring the data of the first information bank 4a may be determined.

Further, for example, the brokerage device may prevent the data user from obtaining the data of the individual when the industry of the data user and the industry of the individual who entrusted the data to the information banks 4a to 6a are the same. .. In other words, the intermediary device may determine the procurement plan by excluding the personal data of the individual. That is, the brokerage device may determine the procurement plan based on the relationship between the data user and the individual who has deposited the data in the information banks 4a to 6a. In addition, the procurement plan may be determined in consideration of other factors other than the price.

Further, for example, the brokerage device acquires a request regarding the conditions for determining the procurement plan (in other words, the determination logic of the procurement plan) from the data user 2a, and determines the procurement plan based on the acquired request. May be good.

Further, the brokerage device may suddenly output one procurement plan suitable for the data user 2a instead of selecting a procurement plan suitable for the data user 2a from a plurality of plans.

(5) The specific example of the request information illustrated in FIG. 5 and the specific example of the metadata request exemplified in FIGS. 6 and 7 are merely examples, and the request information and the like are one of the items shown in FIG. 5 and the like. Only the part may be included, and other items not illustrated in FIG. 5 and the like may be included.

(6) Metadata from a certain information bank may be information indicating the attributes of all personal data held by the information bank, or information indicating the attributes of only some personal data. May be good. Further, the metadata is not limited to those showing some attributes of personal data, and may be data showing all attributes of personal data.

(7) In the second embodiment, the metadata set is stored in the storage unit 72, but the data stored in the storage unit 72 is not limited to this. For example, the storage unit 72 may store information bank feature information, which is information representing the features of the information bank devices 4 to 6. As for the characteristic information of the information bank, for example, the first information bank 4a manages a lot of personal data of women in their twenties to forties, and the second information bank 5a manages a lot of personal data of family-owned users. The third information bank 3a manages a lot of personal data of senior users after the age of 60, and so on. In this case, for example, when the intermediary device receives request information from the user device 2 that the personal data of the family-owned user is desired, the metadata request is made to the second information bank 5a that manages a large amount of the personal data of the family-owned user. Or data requests may be sent. Then, the brokerage device may determine a procurement plan for procuring personal data from the second information bank 5a. On the contrary, when the intermediary device receives the request information from the user device 2 that the personal data of the family-owned user is desired, the intermediary device avoids the information bank that does not manage the personal data of the family-owned user very much. You may send a metadata request or a data request.

That is, the brokerage device requests metadata and / or data from an information bank (and / or a personal data manager) that is determined to have characteristics that meet the target conditions included in the request information based on the information bank characteristic information. May be sent. In addition, the brokerage device requests metadata and / or data from the information bank (and thus the personal data manager) that is determined not to have the characteristics that meet the target conditions included in the request information based on the information bank characteristic information. You do not have to send the request.

The brokerage device does not acquire the information bank feature information from its own storage unit 72, but acquires the information bank feature information from each information bank 4a to 6a by inquiring to each information bank 4a to 6a. May be good.

Note that the information bank characteristic information corresponds to an example of administrator characteristic information which is information representing the characteristics of each personal data administrator. Further, the administrator characteristic information is an example of attribute information which is information indicating the attributes of personal data managed by the personal data administrator.

(8) The content of the update process executed by the

update processing units

732 and 932 is not limited to that of the second and fifth embodiments described above.

For example, in the second embodiment, the update processing unit 732 may update the metadata set stored in the storage unit 72 based on the personal data procured from the information banks 4a to 6a. Specifically, for example, with respect to personal data procured from information banks 4a to 6a (that is, purchased personal data), the attributes of the personal data (that is, the contents of the data) can be known. The update processing unit 732 is stored in the storage unit 72 by updating the distribution based on the attributes of the personal data held by the source information banks 4a to 6a based on the contents of the procured personal data. You may update the existing metadata set.

Similarly, in the fifth embodiment, the update processing unit 932 may update the duplicate status table stored in the storage unit 112 based on the personal data procured from the information banks 4a to 6a. Specifically, for example, it is assumed that the brokerage device procures (that is, purchases) personal data that matches the target conditions from a plurality of information banks 4a to 6a. At that time, the intermediary device compares the attributes (that is, the contents of the data) of the plurality of purchased personal data with each other, and determines whether or not the plurality of purchased personal data are personal data relating to the same individual. Judgment is made from the degree of similarity of. Then, the intermediary device may set the same personal ID for a plurality of personal data determined to be personal data related to the same individual, and newly add the data to the duplication status table shown in FIG. 35.

(9) In the fifth embodiment, the intermediary device does not perform duplication confirmation on the administrator device 9, but performs duplication confirmation based on the duplication status table stored in the storage unit 112, but manages in the following cases. Duplicate confirmation may be performed on the personal device 9.

That is, the brokerage device confirms the duplication status in the duplication status table stored in the storage unit 112 for each information bank registrant ID included in the ID result information received by the ID receiving unit 833. At this time, there may be an information bank registrant ID whose duplication status cannot be confirmed in the duplication status table stored in the storage unit 112, such as when there is no information bank registrant ID corresponding to the duplication status table. In this case, the brokerage device may inquire the administrator device 9 of the duplication status only for the information bank registrant ID whose duplication status is unknown. Then, based on the duplication result information received from the administrator device 9, the duplication status table may be updated by registering the data of the information bank registrant ID whose duplication status is unknown.

(10) In the third to fifth embodiments, the brokerage device asks the administrator device 9 for the information bank registrant ID included in the ID result information, or the duplication status table stored in the storage unit 112. By referring to, duplicate confirmation is performed for the ID. Then, the brokerage device transmits the metadata request to each of the information banks 4a to 6a based on the result of the duplication confirmation. However, the timing of duplicate confirmation is not limited to this.

For example, in the third embodiment, the intermediary device does not transmit the ID request to the information banks 4a to 6a, but transmits the metadata request to the information banks 4a to 6a. Here, the brokerage device receives metadata from each of the information banks 4a to 6a in a form that allows duplication of data of the same individual.

At this time, the brokerage device receives the list of information bank registrant IDs related to the individual whose data is included in the metadata from each of the information banks 4a to 6a together with the metadata.

Then, the brokerage device makes a duplicate confirmation request to the administrator device 9 for the received list of information bank registrant IDs. In this way, duplicate confirmation may be performed after receiving the metadata.

(11) In the third to sixth embodiments, the brokerage device receives the ID result information including the list of the information bank registrant ID and the price set as shown in FIG. 28, but the ID result information includes the ID result information. Not limited. For example, the manager device 9 of the registered manager 9a may have a duplicate status table including price information as shown in FIG. 35. In this case, a duplicate status table including price information may be held as shown in FIG. 35. In that case, the ID result information shown in FIG. 28 may include only the list of information bank registrant IDs. In addition, the duplicate result information shown in FIG. 30 includes information bank registrant IDs and prices for each information bank 4a to 6a in the form of ({ID, price}, {ID, price}, {ID, price} ...). A list of pairs with may be included. Then, for example, the intermediary device may specify IDs other than the lowest price as exclusion IDs in the metadata based on the received list.

(12) In the third to sixth embodiments, as the registration identification information, the information bank registrant ID, which is the information for identifying the individual who has deposited the personal data in the information banks 4a to 6a, is exemplified, but the registration identification information is Not limited to this. The registered identification information may be, for example, identification information given by each information bank 4a to 6a to the personal data deposited in the information banks 4a to 6a.

(13) In the sixth embodiment, the advertisement information is exemplified as the notification information, but the notification information is not limited to this. For example, the notification information may be recommendation information for recommending a product or service to an individual.

(14) In the sixth embodiment, it is assumed that the destination information of the advertisement information is included in the personal data acquired from the information banks 4a to 6a. However, for example, when the destination information is not included in the personal data acquired from the information banks 4a to 6a, the advertisement may be delivered as follows.

That is, the advertisement distribution device such as the user device 2 transmits notification information such as advertisement information for each distribution target person indirectly or directly to the information banks 4a to 6a via the brokerage device or not via the brokerage device. .. Then, the information banks 4a to 6a may transmit the notification information received from the advertisement distribution device to the individual who has deposited the personal data. That is, the advertisement distribution device such as the user device 2 may distribute the advertisement to the individual who has deposited the personal data through the information banks 4a to 6a.

In this case, the information banks 4a to 6a may deliver the advertisement by using some contact point with the individual who has deposited the personal data.

Specifically, for example, the information banking devices 4 to 6 of the information banks 4a to 6a may send notification information by e-mail to the information processing terminals 11 to 17 of the individual who has deposited the personal data, and the individual may send the notification information. Notification information may be output to the Internet website you browse. Further, for example, the information banking devices 4 to 6 may output notification information in the application software installed on the personal information processing terminals 11 to 17, and may be installed on a terminal installed in an area such as a store where an individual visits the store. The notification information may be output, or the notification information may be transmitted to an individual by various other methods.

According to such a configuration, even if the personal data acquired by the data user 2a or the like does not include the destination information, the data user 2a or the like can deliver the advertisement to the individual.

(15) In the sixth embodiment, the user device 2 delivers the advertisement, but the main body that delivers the advertisement is not limited to this. For example, a device owned by a person other than the data user 2a, such as an advertisement distribution company such as an advertising agency or a platformer that distributes advertisements, may distribute advertisements, and an intermediary device distributes advertisements. You may go. In this case, an advertisement distribution business operator, a device owned by the platformer, an intermediary device, or the like may perform the advertisement distribution process shown in FIG. 40.

(16) Also, for example, [7. As described in (14) of [Other Embodiments], when an intermediary device or the like distributes an advertisement to an individual who has deposited personal data with the information banks 4a to 6a via the information banks 4a to 6a, etc. The device or the like may calculate the advertising performance index. The advertising performance index referred to here is an index showing the performance related to advertisement distribution.

Specifically, for example, the brokerage device may calculate the number of unique users as an advertising performance index by using the duplicate result information acquired from the manager device 9 of the registered manager 9a. The number of unique users is the number of users to whom the advertisement is delivered.

That is, when each information bank 4a to 6a distributes an advertisement to an individual who deposits data in the information banks 4a to 6a, the individual who deposits personal data in a plurality of information banks 4a to 6a May send the same advertising information from a plurality of information banks 4a to 6a. Even in such a case, if the duplicate result information is used, it is possible to know to which individual the advertisement information is duplicated, so that the number of unique users can be calculated. In addition, the brokerage device may calculate an advertising performance index other than the number of unique users by using the duplicate result information.

Further, for example, the brokerage device or the like may deliver the advertisement based on the duplicate result information when the advertisement is delivered via the information banks 4a to 6a. Specifically, for example, an intermediary device or the like is one of a plurality of information bank devices 4 to 6 so that the same advertisement information is not transmitted to the same person from a plurality of information banks 4a to 6a in duplicate. The exclusion ID is transmitted together with the distribution contents to other than the device. Here, the information bank devices 4 to 6 do not deliver the advertisement to the individual related to the information bank registrant ID specified by the received exclusion ID. By doing so, the information banking device other than the above-mentioned information banking device may not deliver the advertisement. Of course, the same advertisement information may not be duplicated and transmitted to the same person by another method using the duplicate result information.

(17) In the ninth embodiment, the similarity threshold is set to be constant, but the similarity threshold is not limited to this, and the similarity threshold may be changed. In this case, for example, the similarity threshold value may vary as follows.

That is, as shown in FIG. 51, when the similarity threshold value t is continuously changed, the number of successful associations changes. The number of successful associations is the number of combinations of personal data that are judged to be similar to each other and are associated with each other.

As can be seen from FIG. 51, the number of successful associations decreases as the similarity threshold value t increases. Therefore, if the similarity threshold value t is set too large, there is a possibility that the combination of personal data of the same individual and the combination of personal data that should be regarded as not the combination of personal data of the same individual will be missed. .. On the contrary, if the similarity threshold value t is set too small, many combinations of personal data not derived from the same individual may occur. Therefore, it is considered desirable that the similarity threshold value t is not set too large and not too small.

Based on this idea, for example, when the similarity threshold value t is continuously changed as shown in FIG. 51, the value t of the similarity threshold value t that maximizes the change in the number of successful associations. It is conceivable to adopt _MAX as the optimum threshold value. t _MAX is in other words, similar to the gradient of tangent linking function of the success number n when considered as a function n = f similarity threshold t (t) n = f ( t) is minimum It is a value of the degree threshold value t.

Further, etc. If the value of t _MAX is small, when the tying of the personal data by setting a similarity threshold t to t _MAX, when a combination of personal data between not derived from the same individual occurs many There is. In such a case, following the change of the linking number of successes is greater similarity threshold t value of t _MAX, in other words, the function n = f tangent slope is smaller similarity to the second (t) The value t _{2MAX of the} threshold value t may be adopted as the optimum threshold value. Of course, a value having a small tangent slope at the third, fourth, ... May be adopted as the optimum threshold value t.

Incidentally, the similarity threshold t t _{MAX, t} 2MAX, one on either set of such _... may be set by the user, or may be automatically set by the system.

Further, for example, it may be determined as follows whether or not a plurality of personal data are similar to each other. That is, the degree of similarity between personal data is calculated for each attribute (in other words, data item of personal data) such as age and gender of personal data. Then, when it is determined that the similarity is equal to or higher than the threshold value for all or some of the attributes, it may be determined that the plurality of personal data are similar to each other.

Further, for example, as described in detail below, a coordinate axis corresponding to a data item of personal data is provided, and a new coordinate axis is set in a coordinate space in which each personal data is expressed as a point or a vector. Then, when the degree of similarity for each of the set coordinate axes is equal to or higher than the threshold value, it may be determined that the plurality of personal data are similar to each other, and by extension, the personal data relates to the same individual. Then, for example, the similarity threshold value may be varied in the same manner as described above to obtain the optimum similarity threshold value. Specifically, the similarity threshold value may be obtained as follows.

That is, as shown in FIG. 52, first, the data set of personal data acquired from the information banks 4a to 6a is plotted in the coordinate space. In FIG. 52, each data point represents personal data. Further, each coordinate axis in the coordinate space of FIG. 52 corresponds to each attribute (that is, each data item) of personal data. For example, for the coordinate axes corresponding to the data item "gender = male", each personal data takes a value of 0 or 1 depending on whether or not it corresponds to male. Further, with respect to the coordinate axes corresponding to the data item "three-month magazine purchase amount", each personal data takes a value at the corresponding purchase amount.

Then, by performing principal component analysis and manifold learning on the data set, a new coordinate axis that better describes the data set is constructed. In Figure 52, _{x 1} coordinate axis and _{x 2} coordinate axis is a new axis.

Then, the similarity threshold value t = (t ₁ , t ₂ , ...) Is set for each new coordinate axis. The similarity threshold value t referred to here may be, for example, a threshold value relating to the difference between the attribute values of each component of the two personal data. Specifically, for example, a certain personal data A is represented by the coordinates x _A = (x _1A , x _2A , ...) On the new coordinate axes, and another personal data B is represented by the coordinates x _B = on the new coordinates. It is expressed as (x _1B , x _2B , ...). In this case, the two personal data A and B may be determined to be similar to each other when the absolute value of the difference between the components is equal to or less than the similarity threshold value as follows.
Δx ₁ ≡ | x _1A −x _1B | ≦ t ₁ and Δx ₂ ≡ | x _2A −x _2B | ≦ t ₂ ...
Then, as shown in FIG. 53, the similarity threshold _{t = (t 1, t 2} , ···) when the components t _i of continuously changed, the change in the tying success number n maximum similarity threshold _{_{_{t MAX = (t MAX1, t}}} MAX2, ···) or the like may be adopted as the optimal threshold value.

By dynamically changing the similarity threshold value t in this way, the optimum similarity threshold value t can be set for each data set of personal data. As a result, it is possible to reduce the possibility of missing a combination of personal data of the same individual and a combination of personal data that should be regarded as, or generating a large number of combinations of personal data not derived from the same individual.

It is not essential to set a new coordinate axis by performing principal component analysis and manifold learning as described above. However, by setting a new coordinate axis, each personal data can generally be expressed as coordinates with a small dimension. Therefore, the amount of calculation in computer processing can be reduced, and the processing speed can be increased.

(18) In each of the above embodiments, the brokerage device directly transmits the delivery data based on the personal data acquired from the information banks 4a to 6a to the user device 2. However, the method of transmitting the delivery data to the data user 2a is not limited to this. For example, the intermediary device once transmits the delivery data to another device that is neither the intermediary device nor the user device. Then, the delivery data may be transmitted to the user device 2 via the other device. In this way, even when the delivery data is transmitted from the intermediary device to the user device 2 via another device, it is included in the "intermediary device transmitting the delivery data to the user device 2" in the present application. And.

(19) In addition to the above-mentioned intermediary device, a system having the intermediary device as a component, a program for operating a computer as the intermediary device, a non-transitional substantive storage medium such as a semiconductor memory storing this program, and a personal. The present disclosure can also be realized in various forms such as a method of procuring data.

(20) Even if a plurality of functions possessed by one component in each of the above embodiments are realized by a plurality of components, or one function possessed by one component is realized by a plurality of components. Good. Further, a plurality of functions possessed by the plurality of components may be realized by one component, or one function realized by the plurality of components may be realized by one component. Further, a part of the configuration of each of the above embodiments may be omitted. Further, at least a part of the configuration of each of the above embodiments may be added or replaced with the configuration of each of the other embodiments. It should be noted that all aspects included in the technical idea specified by the wording described in the claims are embodiments of the present disclosure.

Claims

A request acquisition unit configured to acquire request information including target conditions, which are conditions for personal data desired by data users, and a request acquisition unit.
It is a duplication confirmation acquisition unit configured to acquire duplication confirmation information, and the duplication confirmation information includes a first personal data managed by a first personal data manager and the first personal data. The duplicate confirmation acquisition unit, which is information indicating that the second personal data managed by the second personal data administrator different from the administrator is the personal data related to the same individual,
A decision unit configured to determine a procurement plan and / or delivery data based on the duplication confirmation information, wherein the procurement plan is the first personal data manager and the second personal data manager. The conditions for personal data procured from a plurality of personal data managers including the above are shown, and the delivery data is data based on the personal data procured from the plurality of personal data managers and is used by the data user. The decision unit, which is the data sent to the device,
An acquisition transmission unit configured to acquire personal data according to the procurement plan determined by the determination unit and / or to transmit the delivery data determined by the determination unit to the user device.
An intermediary device equipped with.
The intermediary device according to claim 1.
The determination unit is an intermediary device that determines the procurement plan based on the duplication confirmation information.
The intermediary device according to claim 2.
The determination unit determines the procurement plan for procuring either of the first personal data and the second personal data, which are shown to be personal data related to the same individual by the duplication confirmation information. , Brokerage device.
The intermediary device according to claim 3.
The determination unit is an intermediary device that determines the procurement plan for procuring the cheaper of the first personal data and the second personal data.
The intermediary device according to any one of claims 1 to 4.
The determination unit is an intermediary device that determines the procurement plan for procuring both the first personal data and the second personal data, which are shown to be personal data related to the same individual by the duplication confirmation information.
The intermediary device according to any one of claims 1 to 5.
The duplication confirmation acquisition unit is an intermediary device that manages the duplication confirmation information or acquires the duplication confirmation information from an external device capable of generating the duplication confirmation information.
The intermediary device according to any one of claims 1 to 6.
A storage unit configured to store the duplicate confirmation information is further provided.
The duplication confirmation acquisition unit is an intermediary device that acquires the duplication confirmation information from the storage unit.
The intermediary device according to any one of claims 1 to 7.
Each of the plurality of personal data managers assigns registration identification information, which is predetermined identification information, to the individual who has entrusted the personal data to the personal data manager or the personal data.
The duplication confirmation information is an intermediary device that is information indicating the registration identification information of the first personal data manager and the registration identification information of the second personal data manager related to the same individual.
The intermediary device according to any one of claims 1 to 7.
The duplication confirmation acquisition unit is an intermediary device that acquires similarity information indicating the similarity between a plurality of personal data acquired from the plurality of information banks as the duplication confirmation information.
The intermediary device according to any one of claims 1 to 9.
The personal data manager is an information bank, an intermediary device.
A system including the intermediary device according to any one of claims 1 to 10.
The notification information acquisition unit is configured to acquire notification information according to the personal data acquired by the acquisition transmission unit, and the notification information is notified to the individual who has deposited the personal data with the personal data manager. Notification information acquisition department, which is the information to be sent,
A notification information transmission unit configured to transmit the notification information acquired by the notification information acquisition unit, and a notification information transmission unit.
System with.
Computer,
A request acquisition unit configured to acquire request information including target conditions, which are conditions for personal data desired by data users, and a request acquisition unit.
It is a duplication confirmation acquisition unit configured to acquire duplication confirmation information, and the duplication confirmation information includes a first personal data managed by a first personal data manager and the first personal data. The duplicate confirmation acquisition unit, which is information indicating that the second personal data managed by the second personal data administrator different from the administrator is the personal data related to the same individual,
A decision unit configured to determine a procurement plan and / or delivery data based on the duplication confirmation information, wherein the procurement plan is the first personal data manager and the second personal data manager. The conditions for personal data procured from a plurality of personal data managers including the above are shown, and the delivery data is data based on the personal data procured from the plurality of personal data managers and is used by the data user. The decision unit, which is the data sent to the device,
An acquisition transmission unit configured to acquire personal data according to the procurement plan determined by the determination unit and / or to transmit the delivery data determined by the determination unit to the user device.
A computer program that functions as an intermediary device.