WO2020240729A1 - 管理装置、管理方法、検証装置、コンピュータプログラム及び記録媒体 - Google Patents

管理装置、管理方法、検証装置、コンピュータプログラム及び記録媒体 Download PDF

Info

Publication number
WO2020240729A1
WO2020240729A1 PCT/JP2019/021278 JP2019021278W WO2020240729A1 WO 2020240729 A1 WO2020240729 A1 WO 2020240729A1 JP 2019021278 W JP2019021278 W JP 2019021278W WO 2020240729 A1 WO2020240729 A1 WO 2020240729A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
policy
policy information
hash value
operating entity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2019/021278
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
紗菜美 中川
圭祐 梶ヶ谷
隆夫 竹之内
バトニヤマ エンケタイワン
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to PCT/JP2019/021278 priority Critical patent/WO2020240729A1/ja
Priority to US17/612,741 priority patent/US12124605B2/en
Priority to JP2021521650A priority patent/JP7279783B2/ja
Publication of WO2020240729A1 publication Critical patent/WO2020240729A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present invention relates to a management device, a management method, a computer program and a recording medium, and more particularly to a technical field of a management device, a management method, a verification device, a computer program and a recording medium related to an information service such as a service for providing personal information. ..
  • the intermediary can ensure the transparency of information disclosure and prevent falsification of the provision history, and try to gain the trust of each individual. Conceivable.
  • the data provision permission policy may correspond to personal information, it is difficult to register the provision permission policy itself in the blockchain as a part of the provision history. Then, even if the provision history is registered in the blockchain, there is a technical problem that it is extremely difficult to verify whether or not the data is provided according to the provision permission policy.
  • the present invention has been made in view of the above problems, and is a management device, a management method, a verification device, a computer program, and a recording medium capable of verifying whether or not the data is provided according to the provision permission policy.
  • the challenge is to provide.
  • One aspect of the management device of the present invention is a management device operated by one operating entity, which is associated with data provided by a data provider to another operating entity different from the one operating entity.
  • a storage means for storing the policy information that defines the provision permission policy of the data provider for the data, and one policy information associated with the one data provided to the data user from the other operating entity.
  • the acquisition means for acquiring the policy information corresponding to the one policy information from the storage means, and the second acquisition means of the acquired policy information.
  • a comparison means for obtaining the hash value of the above and comparing it with the first hash value.
  • Another aspect of the management device of the present invention is a management device operated by one operating entity, which is associated with data provided by a data provider to another operating entity different from the one operating entity.
  • a storage means for storing the policy information that defines the provision permission policy of the data provider for the data, and one policy information associated with the one data provided to the data user from the other operating entity.
  • the acquisition means for acquiring the policy information corresponding to the one policy information from the storage means, and the first policy information related to the one policy information acquired from the other operating entity.
  • a comparison means for comparing the hash value with the second hash value obtained from the acquired policy information is provided.
  • One aspect of the management method of the present invention is a management method in a management device operated by one operating entity, and is associated with data provided by a data provider to another operating entity different from the one operating entity. And, the policy information that defines the provision permission policy of the data provider for the data is stored in the storage means, and the one data associated with the one data provided to the data user by the other operating entity. With reference to the log information in which the first hash value related to the policy information is recorded, the policy information corresponding to the one policy information is acquired from the storage means, and the second of the acquired policy information is acquired. The hash value is obtained and compared with the first hash value.
  • One aspect of the verification device of the present invention is associated with one data provided to a data user, and defines a licensing policy for the one data of the data provider who provided the one data.
  • the acquisition means for acquiring the policy information corresponding to the one policy information and the second hash of the acquired policy information.
  • a comparison means for obtaining a value and comparing it with the first hash value is provided.
  • One aspect of the computer program of the present invention causes a computer to execute one aspect of the management method described above.
  • One aspect of the recording medium of the present invention is a recording medium on which one aspect of the computer program described above is recorded.
  • FIG. 1 is a diagram showing an outline of a data distribution system according to the first embodiment.
  • FIG. 2 is a conceptual diagram showing the concept of the data distribution log according to the first embodiment.
  • the data distribution system 1 is configured to include a policy management service 10, a PDS 20, and an audit organization 30.
  • the policy management service 10, the PDS 20, and the audit organization 30 are each operated by different operating entities.
  • the policy management device 100 is installed in the policy management service 10.
  • a data management device 200 is installed in the PDS 20.
  • An audit device 300 is installed in the audit organization 30.
  • a plurality of policy management devices 100 may be installed in the policy management service 10.
  • a plurality of data management devices 200 may be installed in the PDS 20.
  • a plurality of audit devices 300 may be installed in the audit organization 30.
  • policy management device 100 data management device 200
  • audit device 300 are connected to each other via a network.
  • a distributed network such as a Peer-to-Peer (P2P) network
  • P2P Peer-to-Peer
  • the policy management device 100, the data management device 200, and the audit device 300 function as nodes of the distributed network. It may or may not work.
  • the data management device 200 of the PDS 20 acquires data from a data provider (for example, an individual, a business operator that provides data related to an individual, etc.) and policy information that defines a provision permission policy of the data provider for the data.
  • the acquired data and policy information are associated with each other and stored in the database 241.
  • the policy information is information that defines a policy regarding availability when data is provided by, for example, PDS20 (or, for example, an institution such as an information bank service), and is mainly determined by the individual data provider.
  • Specific examples of the policy (provision license policy) include the purpose, period, and destination of the licensed data use.
  • the data acquired from the data provider is not limited to personal information, but may be various data such as anonymously processed information.
  • the policy management device 100 of the policy management service 10 acquires the above policy information (that is, the same policy information as the policy information stored in the database 241 of the PDS 20) from the data provider and stores it in the database 141.
  • the database 141 contains the one policy information before the change and the one after the change.
  • the data management device 200 of the PDS 20 is associated with the policy information based on the policy information stored in the database 241 when a data user (typically, a business operator) requests data provision. Provide the data to the data user.
  • a data user typically, a business operator
  • Businesses as data users include, for example, pharmaceutical companies that use medical information for research purposes, retailers that use purchasing information and the like for marketing, and the like.
  • distributed log When data is provided to data users from PDS20, log information related to the provision of data (hereinafter, appropriately referred to as "distribution log") is generated.
  • This distribution log is registered in the blockchain as an example of a data management ledger using a distributed ledger technology that is tamper-resistant and can be confirmed by the data provider.
  • the blockchain in which the distribution log is registered is managed by the policy management device 100 of the policy management service 10, the data management device 200 of the PDS 20, and the audit device 300 of the audit organization 30, respectively.
  • each of the policy management service 10, PDS 20, and audit organization 30 has a blockchain in which distribution logs are registered (see the “log” icon in FIG. 1).
  • each distribution log includes, for example, a data ID related to data provided to a data user, and a hash value (data hash) calculated using the content of the data as an input value.
  • a policy ID related to the policy information associated with the data and a hash value (policy hash) calculated by using the content of the policy information as an input value are included.
  • the distribution log is not limited to the above-mentioned information, and may include other information such as identification information indicating PDS 20.
  • various existing modes can be applied to the method of obtaining the hash value.
  • the policy management device 100 of the policy management service 10 refers to the blockchain in which the distribution log is registered, and whether or not the data is provided from the PDS 20 to the data user according to the license agreement defined by the policy information. (Note that this verification is different from the verification of each block in the blockchain).
  • the audit device 300 of the audit organization 30 receives the policy information from the policy management service 10, refers to the blockchain in which the distribution log is registered, and provides the data user with the policy information from the PDS 20. Verify whether the data was provided according to the prescribed license policy.
  • FIG. 3 is a block diagram showing a hardware configuration of the policy management device 100 according to the first embodiment.
  • all of the plurality of policy management devices 100 may have the hardware configuration shown in FIG.
  • the policy management device 100 includes a CPU (Central Processing Unit) 11, a RAM (Random Access Memory) 12, a ROM (Read Only Memory) 13, a storage device 14, an input device 15, and an output device 16.
  • the CPU 11, RAM 12, ROM 13, storage device 14, input device 15, and output device 16 are connected to each other via a data bus 17.
  • the policy management device 100 may be constructed as a cloud system. In this case, the input device 15 and the output device 16 may have a configuration corresponding to the cloud system.
  • the CPU 11 reads a computer program.
  • the CPU 11 may read a computer program stored in at least one of the RAM 12, the ROM 13, and the storage device 14.
  • the CPU 11 may read a computer program stored in a computer-readable recording medium using a recording medium reading device (not shown).
  • the CPU 11 may acquire (that is, may read) a computer program from a device (not shown) arranged outside the policy management device 100 via a network interface.
  • the CPU 11 controls the RAM 12, the storage device 14, the input device 15, and the output device 16 by executing the read computer program.
  • the computer program read by the CPU 11 is executed, it is verified whether or not the data is provided from the PDS 20 to the data user in the CPU 11 according to the provision permission policy defined by the policy information.
  • a logical functional block for doing so is realized. That is, the CPU 11 can function as a controller for performing the above verification.
  • the configuration of the functional block realized in the CPU 11 will be described in detail later with reference to FIG.
  • the RAM 12 temporarily stores the computer program executed by the CPU 11.
  • the RAM 12 temporarily stores data temporarily used by the CPU 11 when the CPU 11 is executing a computer program.
  • the RAM 12 may be, for example, a D-RAM (Dynamic RAM).
  • the ROM 13 stores a computer program executed by the CPU 11.
  • the ROM 13 may also store fixed data.
  • the ROM 13 may be, for example, a P-ROM (Programmable ROM).
  • the storage device 14 stores data stored by the policy management device 100 for a long period of time.
  • the storage device 14 may operate as a temporary storage device of the CPU 11.
  • the storage device 14 may include, for example, at least one of a hard disk device, a magneto-optical disk device, an SSD (Solid State Drive), and a disk array device.
  • the input device 15 is a device that receives an input instruction from the user of the policy management device 100.
  • the input device 15 may include, for example, at least one of a keyboard, a mouse and a touch panel.
  • the output device 16 is a device that outputs information about the policy management device 100 to the outside.
  • the output device 16 may be a display device capable of displaying information about the policy management device 100.
  • FIG. 4 is a block diagram showing a functional block realized in the CPU 11.
  • a storage means 111 As shown in FIG. 4, a storage means 111, an acquisition means 112, a comparison means 113, a notification means 114, and a proposal means 115 are realized in the CPU 11 as logical functional blocks.
  • the storage means 111 acquires policy information associated with the data provided to the PDS 20 by the data provider from the data provider, and stores the acquired policy information in, for example, a storage device 14. Store in 141.
  • the acquisition means 112, the comparison means 113, the notification means 114, and the registration means 116 will be described with reference to the flowchart of FIG.
  • the operation shown by the flowchart of FIG. 5 is an operation for verifying whether or not the data is provided to the data user from the PDS 20 according to the provision permission policy defined by the policy information.
  • the acquisition means 112 acquires the policy ID and the policy Hash included in one distribution log to be verified among the plurality of distribution logs registered in the blockchain (step S101). Next, the acquisition means 112 acquires the policy information corresponding to the policy ID acquired in the process of step S101 from the database 141 (step S102).
  • the comparison means 113 calculates the hash value of the policy information from the policy information acquired in the process of step S102 by using a predetermined hash function (step S103). Next, the comparison means 113 compares the policy hash acquired in the process of step S101 with the hash value calculated in the process of step S103, and determines whether or not they match (step S104). ).
  • step S104 when it is determined that the two match (step S104: Yes), the operation is terminated.
  • the data is provided from the PDS 20 to the data user based on the correct policy information (in other words, according to the license agreement).
  • the notification means 114 may notify the data provider that the data is provided based on, for example, correct policy information.
  • step S104 when it is determined that the two do not match (step S104: No), the notification means 114 notifies the data provider (step S105).
  • the PDS 20 is based on a policy different from the license policy intended by the data provider (that is, the license policy defined by the policy information stored in the database 141 of the policy management service 10). This is because the data is provided to the data users.
  • the notification to the data provider may be given immediately after it is determined in the process of step S104 that the two do not match, or may be given at a predetermined timing. Further, when it is determined a plurality of times that the two do not match in a relatively short period of time, the determination results of the plurality of times may be collectively notified.
  • various existing modes such as warning can be applied.
  • the registration means 116 further revokes information (distribution) including the policy ID related to the policy information (that is, the correct policy information) acquired in the process of step S102 and the hash value calculated in the process of step S103. (Corresponding to the log) is registered in the blockchain (step S106).
  • the data management device 200 of the PDS 20 refers to the policy information stored in the database 241 and decides whether or not to permit the data provision. judge.
  • the data management device 200 issues a token indicating the data provision permission to the data user.
  • This token may be sent directly to the data user, or may be registered in the blockchain, for example (in this case, the data user obtains the token from the blockchain).
  • the token includes a policy ID and the like related to the policy information used for determining the permission to provide data.
  • the data management device 200 provides the data to the data user on condition that the data management device 200 receives the token indicating the data provision permission from the data user.
  • the blockchain is first subjected to the process of step S106 described above. It is confirmed whether or not the revocation information (that is, the information including the policy ID and the hash value related to the correct policy information) is registered.
  • the revocation information including the policy ID corresponding to the policy ID included in the token is registered in the blockchain, the terminal of the data user revokes the token. As a result, the provision of the data associated with the policy information corresponding to the policy ID included in the revoked token to the data user is stopped.
  • step S104 when it is determined that the two do not match (step S104: No), the process of step S106 is performed, so that the use of inappropriate policy information is continued in PDS 20. Can be prevented.
  • the proposing means 115 proposes a new licensing policy for data to the data provider based on one or more policy information stored in the database 141.
  • the proposing means 115 is, for example, for each item (items related to specific data such as age, address, family structure, height, weight, purpose of use of data, data provision period, provision destination, etc.).
  • FIG. 6 is a block diagram showing a hardware configuration of the audit device 300 according to the first embodiment.
  • all of the plurality of auditing devices 300 may have the hardware configuration shown in FIG.
  • the audit device 300 includes a CPU 31, a RAM 32, a ROM 33, a storage device 34, an input device 35, and an output device 36.
  • the CPU 31, RAM 32, ROM 33, storage device 34, input device 35, and output device 36 are connected to each other via a data bus 37.
  • the CPU 31 reads a computer program.
  • the CPU 31 controls the RAM 32, the storage device 34, the input device 35, and the output device 36 by executing the read computer program.
  • the computer program read by the CPU 31 it is verified whether or not the data is provided from the PDS 20 to the data user in the CPU 31 according to the provision permission policy defined by the policy information.
  • a logical functional block for doing so is realized. That is, the CPU 31 can function as a controller for performing the above verification.
  • the acquisition means 311 and the comparison means 312 are realized as logical functional blocks in the CPU 31.
  • the acquisition means 311 and the comparison means 312 have the same functions as the acquisition means 112 and the comparison means 113 described above, respectively. That is, the acquisition means 311 and the comparison means 312 have a function for verifying whether or not the data has been provided to the data user from the PDS 20 according to the provision permission policy defined by the policy information.
  • the acquisition means 311 first acquires the policy ID and the policy Hash included in one distribution log to be verified among the plurality of distribution logs registered in the blockchain. Next, the acquisition means 311 acquires the policy information corresponding to the acquired policy ID from the database 141 of the policy management service 10.
  • the comparison means 312 calculates the hash value of the policy information from the policy information acquired from the database 141 by using a predetermined hash function. Next, the comparison means 312 compares the policy hash acquired from the above distribution log with the calculated hash value, and determines whether or not they match.
  • the comparison means 312 outputs the determination result via the output device 36. At this time, the comparison means 312 may output the determination result via the output device 36 only when it is determined that the two do not match.
  • the hash value is very effective in detecting data change or falsification.
  • the policy information applied when the data is provided from the PDS 20 to the data user is verified by utilizing the property of the hash value.
  • the data is collected from the PDS 20 according to the correct policy information. It can be confirmed that it was provided to the data user.
  • the policy Hash and the calculated hash value do not match, it can be confirmed that the data is provided from the PDS 20 to the data user according to the inappropriate policy information. That is, according to the data distribution system 1, it is possible to verify whether or not the data is provided from the PDS 20 to the data user according to the provision permission policy defined by the policy information.
  • the data distribution system 1 includes a policy management service 10 that manages policy information in addition to the PDS 20. Therefore, in the data distribution system 1, whether or not the data is provided from the PDS 20 in accordance with the provision permission policy defined by the policy information is verified independently of the PDS 20 which is the main body that provides the data to the data user. be able to. Therefore, in the data distribution system 1, it is possible to fairly verify whether or not the data is provided from the PDS 20 in accordance with the provision permission policy defined by the policy information. Therefore, in the data distribution system 1, even when the PDS 20 intentionally (for example, maliciously or intentionally) provides data contrary to the policy information, the PDS 20 violates the policy information to the data user. It is possible to properly identify that the data is provided. Therefore, the data distribution system 1 of the present embodiment is particularly useful in a situation where the relationship of trust between the data provider and the PDS 20, which is supposed not to be broken, may be broken.
  • the PDS 20 can be used by the data user. It is also possible to verify whether or not the data was provided according to the license policy specified by the policy information. However, in such a verification method, when the data handled by the data distribution system 1 increases, the time and cost required for verification also increase, and it may be difficult to perform appropriate verification. However, in the configuration in which the policy Hash is compared with the calculated hash value, even if the data handled by the data distribution system 1 increases, the verification can be appropriately performed.
  • the audit organization 30 may confirm the specific contents of the policy information when auditing the PDS 20.
  • the PDS 20 may not store the one policy information before the change, for example, when one policy information is changed. Then, even if the audit organization 30 tries to confirm the specific content of the one policy information before the change, there is a possibility that the one policy information before the change cannot be obtained from the PDS 20.
  • one policy information before the change is stored in the database 141 of the policy management service 10. Therefore, even if the audit organization 30 cannot obtain the policy information before the change from the PDS 20, the audit organization 30 can obtain the policy information before the change from the policy management service 10. it can. As a result, the audit organization 30 can confirm the specific contents of one policy information before the change.
  • a second embodiment according to the data distribution system 1 will be described with reference to FIG.
  • the first embodiment described above it is verified whether or not the data is provided from the PDS 20 to the data user according to the license agreement defined by the policy information by referring to the distribution log registered in the blockchain. Will be done.
  • the second embodiment when the data is provided from the PDS 20 to the data user, it is verified whether or not the data is provided according to the provision permission policy defined by the policy information.
  • the description overlapping with the first embodiment will be omitted, the common parts on the drawings will be indicated by the same reference numerals, and the fundamental differences will be described with reference to FIG. ..
  • the data management device 200 of the PDS 20 When a data user requests data provision, the data management device 200 of the PDS 20 provides a policy ID and a policy hash related to the policy information associated with the data to be provided in response to the request as a policy management service. It is transmitted to 10 (step S211).
  • the acquisition means 112 (see FIG. 4) of the policy management device 100 of the policy management service 10 acquires the policy information corresponding to the received policy ID from the database 141 (step S221).
  • the comparison means 113 (see FIG. 4) of the policy management device 100 calculates the hash value of the policy information from the policy information acquired from the database 141 by using a predetermined hash function (step S222). Next, the comparison means 113 compares the policy Hash with the calculated hash value (step S223).
  • the policy management device 100 transmits the comparison result of step S233 to the data management device 200 of PDS 20 (step S224).
  • the notification means 114 of the policy management device 100 sends the data provider, for example, policy information different from the intention of the data provider. You may notify that it is being used.
  • the notification to the data provider may be given immediately after it is found that the policy Hash and the calculated hash value do not match in the process of step S223, or may be given at a predetermined timing. May be done at. Further, when it is found that the two do not match a plurality of times in a relatively short period of time, the results of the plurality of times may be notified together.
  • the mode of notification various existing modes such as warning can be applied.
  • the data management device 200 determines that the data can be provided (step S212: Yes), and the data Data is provided to the user based on the policy information (step S213).
  • the data management device 200 determines that the data cannot be provided (step S212: No). , End the operation. In this case, the data management device 200 may notify the data user that the data cannot be provided.
  • the applied policy information is verified before the data is provided from the PDS 20 to the data user. Therefore, according to the present embodiment, it is possible to prevent data from being provided to the data user in accordance with inappropriate policy information.
  • a third embodiment according to the data distribution system 1 will be described.
  • data is provided to the data user from PDS20 by referring to the distribution log before being registered in the blockchain instead of the distribution log registered in the blockchain, it is defined by the policy information. It is verified whether or not the data is provided according to the license policy.
  • the description overlapping with the first embodiment will be omitted, and the common parts on the drawings will be indicated by the same reference numerals, and basically different points will be described.
  • only the policy management device 100 of the policy management service 10 has the right to create a block and connect the created block to the blockchain. That is, in this embodiment, only the policy management device 100 is a minor (miner).
  • the distribution log generated when the data is provided from the PDS 20 to the data user is registered in the blockchain, or after the distribution log is registered in one block. It is assumed that the data is actually provided to the data user from the PDS 20 on the condition that a predetermined number of blocks are connected after the one block.
  • the generated distribution log is temporarily stored in the memory pool built in the policy management device 100, for example, the storage device 14 (see FIG. 3) before being registered in the blockchain.
  • the acquisition means 112 (see FIG. 4) of the policy management device 100 acquires policy information corresponding to the policy ID included in one distribution log to be verified in the memory pool from the database 141.
  • the comparison means 113 (see FIG. 4) of the policy management device 100 calculates the hash value of the policy information from the policy information acquired from the database 141 by using a predetermined hash function.
  • the comparison means 113 compares the policy hash included in the above distribution log with the calculated hash value, and determines whether or not they match.
  • the policy management device 100 registers the above-mentioned distribution log in the blockchain. On the other hand, when it is determined that the two do not match, the policy management device 100 prevents the one distribution log from being registered in the blockchain by, for example, excluding the one distribution log. In this case, the notification means 114 (see FIG. 4) of the policy management device 100 issues a warning to the data provider.
  • the management device is a management device operated by one operating entity, which is associated with data provided by a data provider to another operating entity different from the one operating entity, and It relates to the storage means for storing the policy information which defines the provision permission policy of the data provider about the data, and one policy information associated with one data provided to a data user from the other operating entity.
  • the acquisition means for acquiring the policy information corresponding to the one policy information from the storage means, and the second hash of the acquired policy information.
  • the management device is provided with a comparison means for obtaining a value and comparing it with the first hash value.
  • the management device provides the data provider who provided the one data associated with the one policy information when the second hash value and the first hash value are different from each other.
  • the management device according to Appendix 1, further comprising a notification means for notifying the data.
  • the management device according to Appendix 3 is the management device according to Appendix 2, wherein the log information is registered in a data management ledger using a distributed ledger technique.
  • the management device according to Appendix 4 is characterized by comprising a registration means for registering the second hash value in the data management ledger when the second hash value and the first hash value are different from each other.
  • the management device is characterized by comprising a proposal means for proposing a new provision permission policy to the data provider based on one or a plurality of policy information stored in the storage means.
  • the management device according to 1.
  • the management method described in Appendix 6 is a management method in a management device operated by one operating entity, and is associated with data provided by a data provider to another operating entity different from the one operating entity.
  • the policy information that defines the provision permission policy of the data provider for the data is stored in the storage means, and one policy associated with the one data provided to the data user by the other operating entity.
  • the policy information corresponding to the one policy information is acquired from the storage means, and the second hash of the acquired policy information is acquired. It is a management method characterized in that a value is obtained and compared with the first hash value.
  • the management device described in Appendix 7 is a management device operated by one operating entity, which is associated with data provided by a data provider to another operating entity different from the one operating entity, and A storage means for storing the policy information that defines the provision permission policy of the data provider for the data and one policy information associated with the one data provided to the data user by the other operating entity are shown.
  • the management device is characterized by comprising a comparison means for comparing the data with the second hash value obtained from the acquired policy information.
  • the verification device is one that is associated with the one data provided to the data user and defines the provision permission policy for the one data of the data provider who provided the one data.
  • An acquisition means for acquiring the policy information corresponding to the one policy information by referring to the log information in which the first hash value related to the policy information is recorded, and the second hash value of the acquired policy information.
  • the verification device is provided with a comparison means for obtaining and comparing with the first hash value.
  • the acquisition means acquires the corresponding policy information from a management device operated by an operating entity different from the operating entity that provides the one data to the data user.
  • Appendix 10 The computer program described in Appendix 10 is a computer program that causes a computer to execute the management method described in Appendix 6.
  • Appendix 11 The recording medium described in Appendix 11 is a recording medium on which the computer program described in Appendix 10 is recorded.
  • the present invention can be appropriately modified within the scope of the claims and within the scope not contrary to the gist or idea of the invention that can be read from the entire specification, and the management device, management method, verification device, computer program and record accompanied by such a change.
  • the medium is also included in the technical idea of the present invention.
  • 1 ... Data distribution system 10 ... Policy management service, 11, 31 ... CPU, 12, 32 ... RAM, 13, 33 ... ROM, 14, 34 ... Storage device, 15, 35 ... Input device, 16, 36 ... Output device , 20 ... PDS, 30 ... Audit organization, 100 ... Policy management device, 111 ... Storage means, 112, 311 ... Acquisition means, 113, 312 ... Comparison means, 114 ... Notification means, 115 ... Proposal means, 116 ... Registration means, 141, 241 ... database, 200 ... data management device, 300 ... audit device

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Tourism & Hospitality (AREA)
  • Economics (AREA)
  • Computing Systems (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
PCT/JP2019/021278 2019-05-29 2019-05-29 管理装置、管理方法、検証装置、コンピュータプログラム及び記録媒体 Ceased WO2020240729A1 (ja)

Priority Applications (3)

Application Number Priority Date Filing Date Title
PCT/JP2019/021278 WO2020240729A1 (ja) 2019-05-29 2019-05-29 管理装置、管理方法、検証装置、コンピュータプログラム及び記録媒体
US17/612,741 US12124605B2 (en) 2019-05-29 2019-05-29 Management apparatus, management method, verification apparatus, computer program and recording medium
JP2021521650A JP7279783B2 (ja) 2019-05-29 2019-05-29 管理装置、管理方法、検証装置、コンピュータプログラム及び記録媒体

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2019/021278 WO2020240729A1 (ja) 2019-05-29 2019-05-29 管理装置、管理方法、検証装置、コンピュータプログラム及び記録媒体

Publications (1)

Publication Number Publication Date
WO2020240729A1 true WO2020240729A1 (ja) 2020-12-03

Family

ID=73553603

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/021278 Ceased WO2020240729A1 (ja) 2019-05-29 2019-05-29 管理装置、管理方法、検証装置、コンピュータプログラム及び記録媒体

Country Status (3)

Country Link
US (1) US12124605B2 (https=)
JP (1) JP7279783B2 (https=)
WO (1) WO2020240729A1 (https=)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210081549A1 (en) * 2019-09-18 2021-03-18 Sightline Innovation Inc. Systems and methods for sharing data assets via a computer-implemented data trust
JP2023059719A (ja) * 2021-10-15 2023-04-27 株式会社東芝 情報処理装置、情報処理システムおよびコンピュータプログラム

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2024081537A (ja) * 2022-12-06 2024-06-18 富士通株式会社 データベース管理プログラム、データベース管理方法、および情報処理装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002123633A (ja) * 2000-10-17 2002-04-26 Laurel Intelligent Systems Co Ltd 個人情報保護方法、個人情報保護システム、処理装置および記録媒体
JP2011022825A (ja) * 2009-07-16 2011-02-03 Nippon Telegr & Teleph Corp <Ntt> サービス提供システム、改ざんチェック方法および改ざんチェックプログラム
JP2018196097A (ja) * 2017-05-22 2018-12-06 Kddi株式会社 生成装置、合意形成システム、プログラム、及び生成方法

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007137353A1 (en) * 2006-05-29 2007-12-06 Symbiotic Technologies Pty Ltd Communications security system
JP5273805B2 (ja) 2009-07-16 2013-08-28 日本電信電話株式会社 サービス提供システム、利用者id管理方法および利用者id管理プログラム
US8510569B2 (en) 2009-12-16 2013-08-13 Intel Corporation Providing integrity verification and attestation in a hidden execution environment
CN102244659A (zh) * 2011-06-30 2011-11-16 成都市华为赛门铁克科技有限公司 安全策略脚本执行方法、装置以及安全策略系统
US20170132625A1 (en) 2015-11-05 2017-05-11 Mastercard International Incorporated Method and system for use of a blockchain in a transaction processing network
US10579368B2 (en) 2017-03-10 2020-03-03 Salesforce.Com, Inc. Blockchain version control systems
US10970410B2 (en) * 2017-10-26 2021-04-06 Lawrence Livermore National Security, Llc Accessing protected data by a high-performance computing cluster
US11567904B2 (en) * 2019-05-03 2023-01-31 First American Financial Corporation Distributed ledger systems and methods for importing, accessing, verifying, and comparing documents

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002123633A (ja) * 2000-10-17 2002-04-26 Laurel Intelligent Systems Co Ltd 個人情報保護方法、個人情報保護システム、処理装置および記録媒体
JP2011022825A (ja) * 2009-07-16 2011-02-03 Nippon Telegr & Teleph Corp <Ntt> サービス提供システム、改ざんチェック方法および改ざんチェックプログラム
JP2018196097A (ja) * 2017-05-22 2018-12-06 Kddi株式会社 生成装置、合意形成システム、プログラム、及び生成方法

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210081549A1 (en) * 2019-09-18 2021-03-18 Sightline Innovation Inc. Systems and methods for sharing data assets via a computer-implemented data trust
JP2023059719A (ja) * 2021-10-15 2023-04-27 株式会社東芝 情報処理装置、情報処理システムおよびコンピュータプログラム
JP7623923B2 (ja) 2021-10-15 2025-01-29 株式会社東芝 情報処理装置、情報処理システムおよびコンピュータプログラム
US12277253B2 (en) 2021-10-15 2025-04-15 Kabushiki Kaisha Toshiba Information processing apparatus, information processing system, and non-transitory computer readable medium

Also Published As

Publication number Publication date
JP7279783B2 (ja) 2023-05-23
JPWO2020240729A1 (https=) 2020-12-03
US12124605B2 (en) 2024-10-22
US20220237320A1 (en) 2022-07-28

Similar Documents

Publication Publication Date Title
Landi et al. The “A” of FAIR–as open as possible, as closed as necessary
O'Donoghue et al. Design choices and trade-offs in health care blockchain implementations: systematic review
US11315110B2 (en) Private resource discovery and subgroup formation on a blockchain
US10423453B2 (en) Distributed computation systems and methods
Zhao et al. Research on electronic medical record access control based on blockchain
JP2021526751A (ja) 自己監視ブロックチェーンのための安全な合意に基づくエンドースメント
US20180225469A1 (en) Expendable access control
US20130006865A1 (en) Systems, methods, apparatuses, and computer program products for providing network-accessible patient health records
CN102449633A (zh) 访问权限的动态确定
GB2540977A (en) Expendable access control
EP3329409A1 (en) Access control
WO2017054985A1 (en) Access control
US20200034545A1 (en) Information provision device, information provision system, information provision method, and program
Taylor et al. Vigilrx: A scalable and interoperable prescription management system using blockchain
JP7279783B2 (ja) 管理装置、管理方法、検証装置、コンピュータプログラム及び記録媒体
Pu et al. A medical big data access control model based on smart contracts and risk in the blockchain environment
US12314425B2 (en) Privacy data management in distributed computing systems
Lee et al. Validation of serostatus of rheumatoid arthritis using ICD‐10 codes in administrative claims data
JP7514766B2 (ja) 制御方法、情報管理システム、および、プログラム
US20230153450A1 (en) Privacy data management in distributed computing systems
JP7314993B2 (ja) データ管理方法、データ流通システム、コンピュータプログラム及び記録媒体
Masluk et al. Protecting personal data with blockchain technology
US12613991B2 (en) Credential to guarantee identity
Cáceres et al. Blockchain Validity Register for Healthcare Environments
US12353590B2 (en) Secure data processing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19931283

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021521650

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19931283

Country of ref document: EP

Kind code of ref document: A1