WO2021059434A1 - Information circulation system, information circulation method, and recording medium - Google Patents

Information circulation system, information circulation method, and recording medium Download PDF

Info

Publication number
WO2021059434A1
WO2021059434A1 PCT/JP2019/037886 JP2019037886W WO2021059434A1 WO 2021059434 A1 WO2021059434 A1 WO 2021059434A1 JP 2019037886 W JP2019037886 W JP 2019037886W WO 2021059434 A1 WO2021059434 A1 WO 2021059434A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
computer
consent
trail
personal information
Prior art date
Application number
PCT/JP2019/037886
Other languages
French (fr)
Japanese (ja)
Inventor
隆太 牛膓
祐介 神
善弘 水野
勲 粂
洋平 川辺
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to PCT/JP2019/037886 priority Critical patent/WO2021059434A1/en
Priority to JP2021548080A priority patent/JP7214000B2/en
Publication of WO2021059434A1 publication Critical patent/WO2021059434A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services

Definitions

  • the present invention relates to an information distribution system that manages the distribution of personal information.
  • Patent Document 1 is known.
  • Patent Document 1 describes a technique for providing the latest personal information to a user by appropriately updating the personal information on the assumption that the personal information obtained from the service provider that provides the personal information changes depending on the situation. It is disclosed.
  • Patent Document 1 the individual inputs the provision conditions (industry of the person who wishes to purchase, selling price, etc.) for providing personal information to the user (purchaser of personal information) from the terminal, and the information management server It is stored in the information registrant management record (information management record) of the registrant information storage unit.
  • the consent information (providing conditions) entered by the individual is centrally managed by the information management system, and falsification of the consent information cannot be detected. Therefore, reliable information can be provided based on the consent of the individual. It could not have been done.
  • the consent information obtained from an individual and the purpose of use obtained from the user are stored and shared in the blockchain, and the consent information shared by the blockchain is stored and shared by the business parties (specific providers and information banks).
  • the purpose is to ensure the transfer of personal information.
  • the present invention provides to the outside a first computer having a processor, a memory and a communication device and collecting information, and having a processor, a memory and a communication device and providing the information collected by the first computer to the outside.
  • An information distribution system including a second computer, the second computer receives a usage condition of the information provided to the outside and stores the usage condition information in the usage purpose information, and the first purpose management unit.
  • the consent information management unit that accepts the consent to the terms of use provided to the outside and stores the information collected by the computer in the consent information and the request for acquisition of the information is received, the terms of use with the consent
  • the information management unit that acquires the information collected by the first computer and provides it to the outside, and the trail management unit that generates a trail indicating that the information acquisition request or the information has been provided and stores it in the trail information.
  • the second computer stores the purpose of use information, the consent information, and the trail information in a blockchain and shares the information with the first computer.
  • the consent information shared by the blockchain is referred to by business parties (specific providers and information banks) who use an external computer, and the consent of the individual is confirmed after confirming the validity of the consent information. It is possible to send and receive reliable information based on.
  • FIG. 1 shows an embodiment of the present invention and is a diagram showing an outline of distribution of personal information.
  • a personal terminal 400 used by an individual who uses a service or purchases an article and a provider (company A to C) who provides the service or an article to an individual and accumulates personal information
  • Data usage sites 2-A to 2-C operated and data usage sites 3-operated by users (Company X to Company Z) who use personal information stored in the data providing sites 2-A to 2-C.
  • the code "2" is used with the "-" and subsequent parts omitted. The same applies to the codes of other components.
  • the data providing site 2 provides services and goods in response to an order from the personal terminal 400, and stores personal information acquired when purchasing the goods and using the services in the personal information table 4. Further, when the data providing site 2 registers the personal information in the personal information table 4, the hash value of the registered personal information is calculated, and the signature and the hash value of the data providing site 2 are used as the personal information of the blockchain 6. It is stored in the hash value table 63 and shared with the information bank site 1.
  • the data providing site 2 registers the items that can be provided to the user (hereinafter, the items that can be provided) from the accumulated personal information table 4 in the information bank site 1.
  • the information bank site 1 acquires information on items that can be provided to the data utilization site 3 in the personal information table 4 of the data providing site 2, and stores the information in the providing personal information table 5.
  • the illustrated example shows an example in which personal information is provided from the personal information table 5 for provision stored in the information bank site 1 to the data use site 3, but the present invention is not limited to this.
  • the information bank site 1 does not accumulate personal information, requests the data providing site 2 for the personal information requested by the data using site 3, and relays the personal information output by the data providing site 2 to the data using site 3. You may try to do so.
  • the personal information may be kept up to date on the data providing site 2, so that the cost for maintaining the information can be reduced.
  • the user who operates the data use site 3 refers to the items that can be provided, and if there is data that can be used, registers the purpose of use on the information bank site 1.
  • the purpose of use is stored in the purpose of use table 62 of the blockchain 6.
  • the individual who provides personal information concludes a contract with the information bank site 1 on the personal terminal 400, and agrees to the items of the personal information table 4 provided to the data use site 3 and the purpose of use.
  • the content of the consent is stored in the consent information table 61 of the blockchain 6 and shared with the data providing site 2.
  • the data usage sites 3-X to 3-Z acquire the personal information table 5 for provision from the information bank site 1 based on the consent information, and use it for marketing and the like. Then, the information bank site 1 generates a trail every time an information acquisition request is executed from the data use site 3, stores it in the trail table 64 of the blockchain 6, and shares it with the data providing site 2.
  • the personal terminal 400 When the personal terminal 400 that has provided personal information requests the information bank site 1 to disclose the trail table 64, it browses when, who, and for what purpose the personal information provided by itself was used. Can be done. In addition, the personal terminal 400 can request the information bank site 1 to correct or delete the personal information table 5 for provision.
  • the consent information table 61 shared by the blockchain 6 is referred to by the business associates of the information bank site 1 and the data providing site 2, and after confirming the consent information table 61, the individual We will exchange personal information for provision based on consent. Since the consent information table 61 is stored in the blockchain 6, falsification can be easily detected.
  • the information management server 210 calculates a hash value when registering personal information and stores it in the hash value table 63 of the personal information, so that the personal information table 4 or the personal information table 5 for provision can be exchanged. By referring to the hash value each time, tampering can be detected.
  • the information bank site 1 receives the usage fee of the personal information table 5 for provision from the data use site 3, and returns the consideration for providing the personal information table 5 for provision to the data provision site 2.
  • the information bank site 1 may return the consideration to the individual who has consented to the provision of personal information.
  • the consent information table 61, the purpose of use table 62, the hash value table 63 of personal information, and the trail table 64 are stored in one blockchain 6 , but the present invention is limited to this. It is not something that is done.
  • the consent information table 61, the purpose of use table 62, the hash value table 63 of personal information, and the trail table 64 can be managed by an independent blockchain.
  • the consent information table 61 and the like stored in the blockchain 6 can easily detect the presence or absence of falsification by comparing the hash value included in the latest block with the hash value calculated from the data of the immediately preceding block. can do.
  • the block of the blockchain 6 is generated and the hash value is calculated by both the ledger management unit 25 of the bank management server 110 at the information bank site 1 and the ledger management unit 25 of the information management server 210 at the data providing site 2. To do.
  • FIG. 2 is a block diagram showing an example of an information distribution system that distributes personal information.
  • the information distribution system uses services provided by the data providing site 2 to provide information on a personal terminal 400 used by an individual who registers personal information at the time of use and items of personal information that can be provided by accumulating personal information.
  • the data providing site 2 registered in the bank site 1 and the information bank site 1 that provides the personal information (or the personal information table 5 for provision) of the personal information table 4 to the data use site 3 based on the consent from the personal terminal 400.
  • An individual who provides personal information connects to a data providing site 2 or an information bank site 1 using a personal terminal 400.
  • An authentication device 410 that authenticates using biometric information is connected to the personal terminal 400 and is used for certifying an individual.
  • the data providing site 2-A includes an information management server 210, a database 220, and a blockchain node 240 as computer resources.
  • the information management server 210, the database 220, and the blockchain node 240 may be configured by independent computers, virtual computers, or containers.
  • the information management server 210 is a trail for confirming the usage status of the personal information management unit 221 that manages the personal information acquired from the personal terminal 400 and the personal information provided to the data usage site 3 via the information bank site 1. Includes management unit 222.
  • the personal information provided to the data use site 3 is the personal information corresponding to the provideable item table 121 in the personal information table 4, and is the information that the provider (individual) has permitted to provide to the user. ..
  • the personal information management unit 221 stores the personal information received from the personal terminal 400 in the database 220, registers the items that can be provided to the data use site 3 in the information bank site 1, and provides the personal information table to the data use site 3.
  • Manage 4
  • the blockchain node 240 manages the blockchain 6 which is distributed and shared with the information bank site 1.
  • the blockchain 6 includes a ledger 60 for storing information and a chain code 30 for realizing a smart contract with respect to the ledger 60.
  • the ledger 60 includes a consent information table 61, a purpose of use table 62, a hash value table 63 for personal information, and a trail table 64, as will be described later.
  • the chain code 30 includes a consent information management unit 31, a purpose-of-use management unit 32, a personal information management unit 33, and a trail management unit 34 in order to control transactions and the like with respect to the ledger 60.
  • the consent information management unit 31 controls transactions for the consent information table 61 of the ledger 60.
  • the purpose-of-use management unit 32 controls transactions with respect to the purpose-of-use table 62 of the ledger 60.
  • the personal information management unit 33 controls transactions with respect to the hash value table 63 of personal information in the ledger 60.
  • the trail management unit 34 controls transactions with respect to the trail table 64 of the ledger 60.
  • the information bank site 1 includes a bank management server 110, a database 120, an authentication server 130, and a blockchain node 140 as computer resources.
  • the bank management server 110, the database 120, the authentication server 130, and the blockchain node 140 may each be configured by an independent calculator, a virtual calculator, or a container. Can be done.
  • the bank management server 110 receives from the personal information management unit 21 that manages the personal information acquired from the data providing site 2, the consent information management unit 22 that manages the consent information received from the personal terminal 400, and the data use site 3. It includes a purpose-of-use management unit 23 that manages the purpose of use, and a trail management unit 24 that generates a trail and stores it in the blockchain 6.
  • the personal information management unit 21 manages the personal information acquired from the personal information table 4 of the data providing site 2 in the providing personal information table 5. If the bank management server 110 does not manage the personal information table 5 for provision, the personal information management unit 21 responds to the request for acquisition of personal information from the data use site 3 by the personal information management unit 21. Mediate the acquisition of.
  • the personal information management unit 21 registers the provideable items received from the data providing site 2 in the provideable item table 121 of the database 120 and provides them to the data use site 3 as described later.
  • the personal information management unit 21 associates the personal ID on the data providing sites 2-A to 2-C with the personal ID on the bank management server 110 and stores it in the ID information table 122 of the database 120. And manage it.
  • the consent information management unit 22 uses the consent information management unit 31 of the chain code to store the consent for the purpose of use received from the personal terminal 400 in the consent information table 61 of the blockchain 6. Then, when the consent information management unit 22 provides the personal information to the data use site 3, it verifies that the personal information acquired from the data provision site 2 is based on the consent of the individual.
  • the purpose of use management unit 23 uses the purpose of use management unit 32 of the chain code to store the purpose of use received from the data use terminal 300 of the data use site 3 in the purpose of use table 62 of the blockchain 6. Then, when the purpose of use management unit 23 provides the personal information to the data use site 3, it verifies that the personal information acquired from the data provision site 2 complies with the purpose of use.
  • the trail management unit 24 uses the trail management unit 34 of the chain code to receive a request for acquisition of personal information from the data use terminal 300 of the data use site 3, provides personal information of the data provision site 2, and the like. A trail of access or request for personal information is generated and stored in the trail table 64 of the blockchain 6. Further, when the trail management unit 24 receives the viewing request of the trail table 64, the trail management unit 24 acquires the trail of the designated personal ID from the trail table 64 and presents it.
  • the authentication server 130 uses the authentication unit 131 that authenticates an individual or a user based on the biometric information from the authentication device 410 of the personal terminal 400 or the authentication device 310 of the data utilization site 3, and the use of the individual or the data utilization site 3. It includes a public key management unit 132 that manages a person's public key and authentication information based on biometric information.
  • the authentication server 130 shows an example of using a private key and a public key using biometric information, but the present invention is not limited to this. It suffices if authentication can be performed with a known or well-known key.
  • the blockchain node 140 manages the blockchain 6 which is distributed and shared with the data providing site 2.
  • the blockchain 6 includes a ledger 60 for storing information as described above, and a chain code 30 for realizing a smart contract with respect to the ledger 60.
  • the data utilization site 3-X includes a data utilization terminal 300 that uses personal information provided by the information bank site 1, and an authentication device 310 for authenticating the biometric information of the person in charge of using the data utilization terminal 300.
  • the data use terminal 300 acquires personal information from the information bank site 1 based on the purpose of use table 62 and uses it according to a predetermined purpose.
  • FIG. 3 is a block diagram showing an example of the bank management server 110.
  • FIG. 3 shows an example in which the database 120 and the blockchain node 140 are provided by the bank management server 110 among the computer resources of the information bank site 1.
  • the authentication server 130 may be integrated in the bank management server 110.
  • the bank management server 110 is a computer including a processor 11, a memory 12, a storage device 16, an input device 13, an output device 14, and a communication device 15.
  • the input device 13 is composed of a keyboard, a mouse, or a touch panel.
  • the output device 14 is composed of a display.
  • the communication device 15 is connected to the network 70 and communicates with another computer.
  • the memory 12 includes a personal information management unit 21, a consent information management unit 22, a purpose-of-use management unit 23, a trail management unit 24, a ledger management unit 25 for realizing the blockchain node 140, and a chain code 30. Is loaded as a program and executed by the processor 11.
  • the chain code 30 includes a consent information management unit 31 that controls transactions with respect to the consent information table 61 of the ledger 60, a purpose management unit 32 that controls transactions with respect to the purpose of use table 62 of the ledger 60, and a ledger 60. It includes a personal information management unit 33 that controls transactions with respect to the hash value table 63 of personal information, and a trail management unit 34 that controls transactions with respect to the trail table 64 of the ledger 60.
  • the processor 11 operates as a functional unit that provides a predetermined function by processing according to the program of each functional unit.
  • the processor 11 functions as the personal information management unit 21 by processing according to the personal information management program. The same applies to other programs.
  • the processor 11 also operates as a functional unit that provides each function of a plurality of processes executed by each program.
  • a computer and a computer system are devices and systems including these functional parts.
  • the storage device 16 stores a database 120 and a ledger 60 for realizing the blockchain node 140.
  • the personal information table 5 for provision, the item table 121 that can be provided, and the ID information table 122 are stored in the database 120.
  • the ledger 60 includes a consent information table 61 distributed and shared on the blockchain 6, a purpose of use table 62, a hash value table 63 of personal information, and a trail table 64 as described above.
  • FIG. 4 is a block diagram showing an example of the information management server 210.
  • FIG. 4 shows an example in which the information management server 210 provides the database 220 and the blockchain node 240 among the computer resources of the data providing site 2.
  • the information management server 210 is a computer including a processor 251, a memory 252, a storage device 26, an input device 253, an output device 254, and a communication device 255.
  • the input device 253 is composed of a keyboard, a mouse, or a touch panel.
  • the output device 254 is composed of a display.
  • the communication device 255 is connected to the network 70 and communicates with other computers.
  • the personal information management unit 221 and the trail management unit 222, the ledger management unit 25 for realizing the blockchain node 240, and the chain code 30 are loaded into the memory 252 as a program and executed by the processor 251.
  • the chain code 30 is the same as the bank management server 110 as described above.
  • the processor 251 operates as a functional unit that provides a predetermined function by processing according to the program of each functional unit.
  • the processor 251 functions as the personal information management unit 221 by processing according to the personal information management program. The same applies to other programs.
  • the processor 251 also operates as a functional unit that provides each function of a plurality of processes executed by each program.
  • a computer and a computer system are devices and systems including these functional parts.
  • the storage device 26 stores a database 220 and a ledger 60 for realizing the blockchain node 240.
  • the database 120 the personal information collected from the personal terminal 400 is stored in the personal information table 4.
  • the ledger 60 includes a consent information table 61 distributed and shared on the blockchain 6, a purpose of use table 62, a hash value table 63 of personal information, and a trail table 64 as described above.
  • FIG. 10 is a diagram showing an example of the provideable item table 121.
  • the provideable item table 121 is information input from the information management server 210 of the data providing site 2, and is held by the bank management server 110 of the information bank site 1.
  • the provideable item table 121 contains an item ID 1211 that stores an item identifier, a provider ID 1212 that stores an identifier of the data providing site 2, a personal information type 1213 that stores the type of personal information, and an item name of personal information.
  • One record includes a personal information item name 1214 to be stored, a 1215 explaining what kind of information the personal information item is, and a sample value 1216 for storing information for presentation.
  • the item ID 1211 stores the identifier given by the information management server 210.
  • the provider ID 1212 stores an identifier set in the data providing site 2 that provides personal information.
  • the type of personal information is stored in the personal information type 1213.
  • the item name of personal information is stored in the personal information item name 1214.
  • the item content 1215 stores an explanation of what kind of information the personal information item is.
  • the sample value 1216 stores a sample of data disclosed by the information management server 210 to the data utilization site 3.
  • the provideable item table 121 holds the types and item names of personal information that the provider of the data providing site 2 has permitted to provide to the data using site 3.
  • FIG. 11 is a diagram showing an example of the personal information table 4.
  • the personal information table 4 is personal information collected by the information management server 210 of the data providing site 2.
  • the personal information table 4 stores a personal ID 41 that identifies an individual, a personal information type 42 that indicates the type of personal information, a personal information item name 43 that indicates an item name of personal information, and information corresponding to the personal information item name.
  • the personal information 44 to be used is included in one record.
  • the personal ID 41 is an identifier given to an individual who is a customer by the information management server 210, and is a unique value in the data providing site 2.
  • the personal information table 5 for provision managed by the bank management server 110 of the information bank site 1 has the personal information type 1213 registered in the provideable item table 121 of FIG. 10 and the personal information item name 1214 in the personal information table 4. The information corresponding to is stored.
  • the format of the personal information table 5 for provision managed by the bank management server 110 is the same as that of the personal information table 4 of FIG. However, as will be described later, the identifier of the personal information table 4 (personal ID 41) is a unique identifier within the data providing site 2, and the identifier of the providing personal information table 5 is a unique identifier within the information bank site 1. There is a difference.
  • FIG. 12 is a diagram showing an example of the purpose of use table 62.
  • the purpose of use table 62 is information input from the data use terminal 300 of the data use site 3, and is held at the information bank site 1.
  • the purpose of use table 62 stores the consent pattern ID 621, the user ID 622 that stores the identifier set in the data use site 3, the purpose of use (summary) 623 that stores the outline of the purpose of use, and the details of the purpose of use.
  • the personal information item name 627 that stores the item of is included in one record.
  • the consent pattern ID 621 is an identifier for presenting a plurality of personal information item names 627 when obtaining the consent of an individual, and is given by the bank management server 110.
  • the consent pattern ID 621 indicates that the individual consent is obtained for the "electric power data" of "ag1”
  • the personal information item name 627 indicates that the individual consent is obtained for the two items of "contract type” and "electric power usage”.
  • FIG. 13 is a diagram showing an example of the consent information table 61.
  • the consent information table 61 is generated by the bank management server 110 based on the input from the personal terminal 400, stored in the blockchain 6, and shared by the information bank site 1 and the data providing site 2.
  • the consent information table 61 is a provider that specifies the consent pattern ID 611, the personal ID 612 for identifying the individual given by the information management server 210 to the personal information, and the data providing site 2 that provides the personal information of the personal ID 612. ID 613 and is included in one record.
  • the value of the consent pattern ID 621 of the purpose of use table 62 is set in the consent pattern ID 611, and the value of the provider ID 625 of the purpose of use table 62 is stored in the provider ID 613.
  • the consent information table 61 stored in the blockchain 6 is managed by the personal ID 612 assigned by the information management server 210 of the data providing site 2 that provides personal information. It is possible to conceal the information as to whether or not you agree with.
  • FIG. 14 is a diagram showing an example of a hash value table 63 of personal information.
  • the hash value table 63 of personal information is generated by the information management server 210 of the data providing site 2, stored in the blockchain 6, and shared with the information bank site 1.
  • the hash value table 63 of personal information includes a personal ID 631 that stores an identifier that identifies an individual, a provider ID 632 that stores an identifier that identifies the data providing site 2, and an item name of the personal information table 4 that is the target of the hash value.
  • the personal information item name 633 for storing the personal information, the hash value 634 calculated from the personal information, and the signature 635 for storing the electronic signature preset in the data providing site 2 are included in one record.
  • the personal ID 41 of the personal information table 4 is stored in the personal ID 631.
  • the provider ID 632 stores an identifier preset in the data providing site 2.
  • the personal information item name 633 the value of the personal information item name 43 of the personal information table 4 for calculating the hash value is stored.
  • the hash value 634 stores the hash value calculated by the information management server 210 by a preset function.
  • the signature 635 stores a digital signature preset in the data providing site 2 (or the information management server 210).
  • the information management server 210 calculates the hash value of the personal information 44 of the personal information table for each personal information item name 633 of the personal ID 631 and stores it in the hash value table 63 of the personal information, and the information management server 210 electronically signs it. Is stored in the signature 635 and shared with the information bank site 1 on the blockchain 6.
  • FIG. 15 is a diagram showing an example of the trail table 64.
  • the trail table 64 is generated by the bank management server 110 of the information bank site 1, stored in the blockchain 6, and shared with the data providing site 2.
  • the trail table 64 includes an application No. 641 that stores an identifier for identifying an identifier for specifying an access request to the personal information table 5 for provision, and a user ID 642 that stores an identifier of a user or an individual who accesses the personal information table 5 for provision.
  • the provider ID 643 that stores the identifier that identifies the data providing site 2 that provided the personal information table 5 for provision of the access target, the application content 644 that stores the type of access to the personal information table 5 for provision, and the access target.
  • One record includes a pattern ID 645 for storing an identifier of personal consent given to personal information for provision, a signature 646 for storing a user's signature, and a time stamp 647 for storing an access date and time.
  • the bank management server 110 of the information bank site 1 receives an access request to the personal information table 5 for provision from the data use terminal 300 or the personal terminal 400, the application No. 641 is numbered and a new record is added to the trail table 64. Then, it is stored in the blockchain 6 and shared with the data providing site 2.
  • FIG. 16 is a diagram showing an example of the ID information table 122.
  • the ID information table 122 is generated by the bank management server 110 of the information bank site 1 and stored in the database 120.
  • the ID information table 122 stores the personal ID (information bank management) 1221 given by the bank management server 110 as an identifier in the information bank site 1 and the identifier of the data providing site 2 that holds the personal information table 4 of the personal ID 1221.
  • the provider ID 1222 to be used and the personal ID (provider management) 1223 for storing the personal identifier given by the data providing site 2 are included in one record.
  • the bank management server 110 When the bank management server 110 acquires the data of the personal information table 4 from the information management server 210 of the data providing site 2, the bank management server 110 can identify the identifier given to the individual at the data providing site 2 and the individual such as a name and an address. Get information. When the same individual exists on different data providing sites 2, the bank management server 110 assigns the same identifier to the personal ID (information bank management) 1221.
  • the bank management server 110 stores the identifier of an individual who uses a different data providing site 2 in the personal ID (provider management) 1223, and separately stores the identifier in the information bank site 1 (personal ID (information bank management) 1221).
  • the personal ID (information bank management) 1221 is used.
  • FIG. 5 is a sequence diagram showing an example of the registration process of the items that can be provided and the personal information performed in the information distribution system.
  • the provider who manages the personal information table 4 at the data providing site 2 determines the item name of the personal information table 4 to be provided to the information bank site 1, the bank management server of the information bank site 1 via the information management server 210. Request the registration of personal information that can be provided to 110 (S1).
  • the bank management server 110 outputs the registration screen 1700 of the personal information item that can be provided as shown in FIG. 17, and the personal information type 1213, the personal information item name 1214, the item content 1215, and the sample value are output from the information management server 210. Accepts 1216.
  • the bank management server 110 includes a sample of personal information type 1213 indicating the type of personal information, personal information item name 1214 indicating the item name of personal information, and item content 1215 indicating the content of personal information.
  • a new record is added to the available item table 121 by accepting the value 1216, and the item ID 1211 is assigned (S2).
  • the bank management server 110 notifies the information management server 210 of the data providing site 2 of the completion of registration (S3).
  • the bank management server 110 of the information bank site 1 registers new items that can be provided with personal information in the item table 121 that can be provided.
  • the personal terminal 400 accesses the information management server 210 of the data providing site 2 and inputs personal information (S4).
  • the information management server 210 stores the personal information received from the personal terminal 400 in the personal information table 4 of the database 220 (S5).
  • the information management server 210 calculates the hash value of the registered personal information using a preset function (S6), and acquires the electronic signature of the data providing site 2 (or the information management server 210) in which the personal information is registered. Then, the hash value and the electronic signature are stored in the hash value table 63 of the personal information of the blockchain 6 (S8).
  • the hash value 634 stored in the hash value table 63 of personal information is shared with the bank management server 110 of the information bank site 1 by the blockchain 6 (S9).
  • new personal information is stored in the personal information table 4 of the data providing site 2, and a new record is added to the hash value table 63 of the personal information of the blockchain 6.
  • FIG. 6 is a sequence diagram showing an example of the purpose of use registration process performed in the information distribution system.
  • the user of the data use site 3 that uses personal information accesses the bank management server 110 of the information bank site 1 via the data use terminal 300, and requests the provideable item table 121 (S11).
  • biometric information for certifying the user is input from the authentication device 310 connected to the data use terminal 300, and authentication based on the biometric information is performed. To do.
  • the authentication based on biometric information is the same as above, and a well-known technique may be used, so the description thereof will be omitted.
  • the bank management server 110 acquires the provideable item table 121 from the database 120 (S12) and responds to the data use terminal 300 (S13).
  • the user (person in charge) who operates the data use terminal 300 selects a provideable item to be used from the provideable item table 121 on the registration screen 1800 shown in FIG. 18 (S14), and requests registration of the purpose of use (S14). S15).
  • a provider name 1801 for designating the data providing site 2 a personal information type 1802, and a personal information item name 1803 can be input, and the data using terminal 300 sets a value for any of the items.
  • the search button 1804 is operated to search the provideable item table 121.
  • the search results are displayed in the provider name 1810, the personal information type 1213 in the provideable item table 121, and the personal information item name 1214.
  • the user of the data use terminal 300 selects the line selection switch 1820 of the used data, inputs necessary items into the purpose of use (overview) 623 and the purpose of use (details) 624, and operates the registration button 1821. Then, the registration request is carried out.
  • the bank management server 110 registers the input purpose of use in the purpose of use table 62 of the blockchain 6 (S16) and shares it with the data providing site 2 (S17).
  • the bank management server 110 assigns the consent pattern ID 621 to the new record in the purpose of use table 62. In this embodiment, if the same personal information type 626 is used, the same consent pattern ID is given, but the present invention is not limited to this. Then, the bank management server 110 notifies the data use terminal 300 that the registration of the purpose of use has been completed (S18).
  • the information bank site 1 adds a new purpose of use table 62 to the blockchain 6.
  • FIG. 7 is a sequence diagram showing an example of the consent information registration process performed in the information distribution system.
  • An individual who uses the personal terminal 400 provides personal information to the bank management server 110 of the information bank site 1 in order to consent to provide the personal information stored in the data providing site 2 to the data using site 3. (S21).
  • biometric information for proving that the person is the provider of personal information is input from the authentication device 410 connected to the personal terminal 400, and authentication based on the biometric information is performed.
  • the authentication based on biometric information is the same as above, and a well-known technique may be used, so the description thereof will be omitted.
  • the bank management server 110 relays the request for providing personal information and relays the request for acquiring personal information to the information management server 210 of the data providing site 2 (S22).
  • the information management server 210 acquires the data of the personal information table 4 specified in the personal information acquisition request from the database 220 (S23), and responds to the bank management server 110 (S24).
  • the acquisition of personal information between the personal terminal 400 and the information management server 210 of the data providing site 2 is relayed through the bank management server 110, but the present invention is not limited to this. Absent. For example, it is desirable to use authentication such as OAuth 2.0.
  • the bank management server 110 acquires the data of the personal information table 4 from the information management server 210, it determines whether the same person as the designated individual has already been registered from the personally identifiable information such as the name and address. If it is already registered, the registered personal ID (information bank management) 1221 of the ID information table 122 is given to the individual, and a new record is added to the ID information table 122 (S25).
  • the bank management server 110 acquires the purpose of use for using personal information from the purpose of use table 62 of the blockchain 6 (S26).
  • the information management server 210 responds to the personal terminal 400 with the requested personal information and the purpose of use (S27).
  • the bank management server 110 outputs the consent information registration screen 1900 to the personal terminal 400 as shown in FIG. 19, and displays the personal information and the purpose of use.
  • the provider name name of the data providing site 2
  • ID and password are entered in the personal information search form 1901, and the search button is operated to register the consent information in advance on the data providing site 2.
  • the personal information facing the ID and the purpose of use set in the personal information are displayed.
  • the provider name 1902, the personal information type 42 of the personal information table 4, the personal information item name 43, and the personal information 44 are displayed.
  • the user name 1903 corresponding to the user ID 622 of the purpose of use table 62, the purpose of use (summary) 623, and the purpose of use (details) 624 of the purpose of use table 62 are displayed.
  • the individual who operates the personal terminal 400 confirms the registration screen 1900, and if he / she accepts the user name 1903 and the purpose of use 623 that use the personal information item name 43, he / she operates the check box of the agreement 1904. Operate the registration button 1905.
  • the selection of the consent target (S28) and the registration request of the consent information (S29) of FIG. 7 are carried out.
  • the bank management server 110 When the bank management server 110 receives consent from the personal terminal 400, it acquires the consent pattern ID 621 and the provider ID 625 from the purpose of use table 62, obtains the personal ID (information bank management) 1221 from the ID information table 122, and agrees. Information is generated and registered in the consent information table 61 of the blockchain 6 (S30).
  • the consent information table 61 stored in the blockchain 6 is shared with the data providing site 2 (S31).
  • the bank management server 110 notifies the personal terminal 400 that the registration of the consent information has been completed (S32).
  • the individual requests consent from the personal terminal 400 to the bank management server 110 of the information bank site 1, and confirms his / her personal information and the purpose of use and user name set in the item of personal information. You can consent to the use of personal information.
  • FIG. 8 is a sequence diagram showing an example of personal information provision processing performed in the information distribution system.
  • the information bank site 1 relays the distribution of personal information between the data providing site 2 and the data using site 3 without using the personal information table 5 for providing the information bank site 1. Shown.
  • the data use terminal 300 of the data use site 3 requests the provision of personal information based on a preset purpose of use (S41).
  • a preset purpose of use S41
  • an example of specifying the personal information to be used by the personal information type or the personal information item name is shown.
  • the authentication device 310 is used to perform authentication based on the biometric information of the person in charge.
  • the bank management server 110 that has received the request refers to the provideable item table 121 or the purpose of use table 62, and refers to the provider ID 1212 or the provider of the data providing site 2 that stores the requested personal information type or personal information item name. 625 is specified (S42).
  • the bank management server 110 acquires the user ID, the provider ID 1212, and the consent pattern ID 611 of the consent information table 61, acquires the user's electronic signature, and adds a new record to the trail table 64 (S13). ).
  • the bank management server 110 assigns the application No. 641 and the time stamp 647.
  • the user's electronic signature may be a public key or the like based on biometric information.
  • the record added to the trail table 64 is shared with the data providing site 2 by the blockchain 6 (S44).
  • the bank management server 110 requests the data providing site 2 specified in step S42 to provide personal information (S45).
  • the request for providing personal information includes a user ID 642 and a consent pattern ID 611.
  • the information management server 210 of the data providing site 2 searches the trail table 64 from the user ID 642 and the consent pattern ID 611, and determines that the user's signature 646 is valid (S46).
  • the information management server 210 acquires the personal information type 626 and the personal information item name 627 corresponding to the consent pattern ID 621 of the usage purpose table 62 of the blockchain 6. Further, the personal ID 612 that matches the consent pattern ID 621 is acquired from the consent information table 61. The personal information type 626 corresponding to the personal ID 612 and the personal information corresponding to the personal information item name 627 are acquired from the personal information table 4 of the database 220 (S47).
  • the information management server 210 adds the user ID of the data usage site 3 and the trail that provided personal information with the consent pattern ID to the trail table 64 of the blockchain 6, and electronically signs the information management server 210 and the time stamp 647. Is recorded (S48).
  • the trail table 64 to which a new record is added is shared by the blockchain 6 with the bank management server 110 (S49).
  • the information management server 210 responds to the bank management server 110 with the personal information acquired from the personal information table 4 (S50).
  • the bank management server 110 that has received the personal information has the personal information type 626 and the personal information item name 627 corresponding to the consent pattern ID 621 of the purpose of use table 62 of the blockchain 6, and the personal information type and the personal information item of the received personal information. Make sure it matches the name. Further, it is confirmed that the personal ID 612 corresponding to the consent pattern ID 621 in the consent information table matches the received personal information ID (S51).
  • the bank management server 110 acquires the hash value 634 from the hash value table 63 of the personal information of the blockchain 6 if the personal information matches the consent pattern ID 611. Then, a hash value is calculated for each personal ID of the acquired personal information, it is determined that the acquired personal information matches the hash value 634, and falsification is detected (S52).
  • the bank management server 110 acquires personal information from a plurality of data providing sites 2, the personal ID (information provider management) 1223 of each data providing site 2 and the personal ID (information) assigned by the bank management server 110 (Bank management) 1221 is associated, and the same personal ID (information bank management) 1221 is set for the same individual (S53).
  • the bank management server 110 provides the personal information acquired from the data providing site 2 to the data using terminal 300 of the data using site 3 and ends the process (S54).
  • the bank management server 110 acquires personal information based on the consent information from the information management server 210 of the data providing site 2, detects the validity of the consent content and the falsification of the personal information, and then performs the data. It is possible to provide personal information to the data usage terminal 300 of the usage site 3. As a result, personal information can be distributed among the business associates of the data providing site 2, the information bank site 1, and the data using site 3 while observing the contents agreed by the individual.
  • FIG. 9 is a sequence diagram showing an example of browsing processing of the trail table 64 performed in the information distribution system.
  • the personal terminal 400 accesses the bank management server 110 of the information bank site 1 by using authentication using biometric information, and requests a trail of personal information (S61).
  • the bank management server 110 acquires the personal ID from the authentication information and the like, and acquires the consent pattern ID 611 that the individual has agreed to from the consent information table 61.
  • the bank management server 110 searches the trail table 64 of the blockchain 6 with the search condition specified as the consent pattern ID 611 (S62), and provides the corresponding record to the personal terminal 400 (S63).
  • FIG. 20 is a diagram showing an example of the trail search screen 2000.
  • the search screen 2000 includes search conditions 2001 and search results (2011 to 2018).
  • the provider name (name of the data providing site 2), the personal information type, the user name (name of the data using site 3), and the providing period (date and time) can be specified.
  • the search results include the provider name 2011, the personal information type 2012, the personal information item name 2013, the item value 2014, the user name 2015, the purpose of use (summary) 2016, and the purpose of use (details) 2017. , The date and time of provision 2018 is included.
  • the provider name 2011 is the name of the data providing site 2 corresponding to the provider ID 643 of the trail table 64.
  • the personal information type 2012 and the personal information item name 2013 are the personal information type 626 and the personal information item name 627 corresponding to the consent pattern ID 611.
  • the user name 2015 is the name of the data usage site 3 corresponding to the user ID 642 in the trail table 64.
  • the purpose of use (summary) 2016 and the purpose of use (details) 2017 are the purpose of use (summary) 623 and the purpose of use (details) 624 of the purpose of use table 62 corresponding to the consent pattern ID 621.
  • the date and time of provision 2018 is the time stamp 647 of the trail table 64.
  • the individual who provided the personal information can confirm how his / her personal information is used via the personal terminal 400. Further, by sharing the trail table 64 between the information bank site 1 and the data providing site 2 participating in the information distribution system, it is possible to easily verify that the processing based on the individual consent information is surely performed. ..
  • the result can be confirmed by the trail table 64. This makes it possible to ensure compliance or execution of the consent and request of the individual who provides personal information.
  • the information distribution system of the above embodiment can have the following configuration.
  • a second computer (bank management server) having the device (15) and providing the information (personal information) collected by the first computer (210) to the outside (data use terminal 300 of the data use site 3). 110), the second computer (110) receives the usage conditions of the information provided to the outside (300) and uses the purpose of use management unit (32) via the purpose of use management unit (32). Accepts consent to the terms of use for providing the information (4) collected by the purpose of use management unit (23) stored in the information (purpose of use table 62) and the first computer (210) to the outside (300).
  • the consent information management unit (22) stored in the consent information (consent information table 61) and the acquisition request of the information (4) are received via the consent information management unit (31), the terms of use having the consent. Then, the information management unit (personal information management unit 21 personal information management unit 33) and the trail management unit (34) that acquire the information (4) collected by the first computer (210) and provide it to the outside (300). ), And a trail management unit (24) that generates a trail indicating that the acquisition request of the information (4) or the provision of the information has been performed and stores it in the trail information (trail table 64).
  • the second computer (110) stores the purpose of use information (62), the consent information (61), and the trail information (64) in the blockchain (6), and stores the first computer (210). ), An information distribution system characterized by sharing with.
  • the consent information shared on the blockchain is referred to by the business parties (specific providers (individuals) and information banks) who use the external computer (data use terminal 300), and the validity of the consent information is verified. After confirmation, it is possible to send and receive reliable information based on the consent of the individual.
  • the trail management unit (24) receives a request for viewing the trail, and the blockchain (6) via the trail management unit (34).
  • the individual who provided the personal information can confirm from the trail table 64 how his / her personal information is used via the personal terminal 400. Further, by sharing the trail table 64 between the information bank site 1 and the data providing site 2 participating in the information distribution system, it is possible to easily verify that the processing based on the individual consent information is surely performed. ..
  • the first computer (210) generates a hash value (634) of the collected information (4) to generate the blockchain (6).
  • the personal information management unit (21) of the second computer (110) acquires the information from the first computer (210).
  • the hash value of the personal information is calculated, and the hash value information stored in the blockchain is compared with the hash value corresponding to the personal information to detect falsification, which is an information distribution system.
  • the bank management server 110 detects falsification of personal information by calculating and comparing the hash value 634 shared by the blockchain 6 with the hash value of personal information acquired from the information management server 210. be able to.
  • the consent information management unit (22) obtains the content of the consent received through the consent information management unit (31) in the information (4).
  • the consent information table 61 stored in the blockchain 6 is managed by the consent pattern ID 611 that can be identified only by the parties (individuals and the provider of the information (data providing site) and the information bank). Can be concealed.
  • the second computer (110) is connected to a plurality of the first computers (210), and the personal information management unit (21)
  • the identifier of the first computer (210) that manages the provider (individual) of the information (4) is first provided.
  • the original identifier (personal ID (information bank management)) 1221 is assigned, and the pair of the first provider identifier (1223) and the second provider identifier (1221) is managed as ID information (ID information table 122).
  • ID information table 122 An information distribution system characterized in that the same identifier is set for the identifier (1221).
  • the information collected by the first computer (210) includes confidential information (personal information table 4), and the second computer (110)
  • the consent received by the consent information management unit (22) is the consent of the confidential information provider (individual), and the consent is the consent of the parties to the confidential information and the first computer that is the provider of the confidential information.
  • the consent information shared on the blockchain is referred to by specific providers, individuals, and information banks, and after confirming the validity of the consent information, reliable information is exchanged based on the consent of the individual. It becomes possible.
  • the present invention is not limited to the above-described embodiment, and includes various modifications.
  • the above-described embodiment is described in detail in order to explain the present invention in an easy-to-understand manner, and is not necessarily limited to the one including all the configurations described.
  • any of addition, deletion, or replacement of other configurations can be applied alone or in combination.
  • each of the above configurations, functions, processing units, processing means, etc. may be realized by hardware by designing a part or all of them by, for example, an integrated circuit. Further, each of the above configurations, functions, and the like may be realized by software by the processor interpreting and executing a program that realizes each function. Information such as programs, tables, and files that realize each function can be placed in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.
  • SSD Solid State Drive
  • control lines and information lines indicate those that are considered necessary for explanation, and not all control lines and information lines are necessarily indicated on the product. In practice, it can be considered that almost all configurations are interconnected.

Landscapes

  • Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Health & Medical Sciences (AREA)
  • Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention has a first computer that collects information and a second computer that provides the information collected by the first computer to the outside. The second computer has a purpose-of-use management unit that receives usage conditions for the information to be provided to the outside and stores the usage conditions as purpose-of-use information, a consent information management unit that receives consent to the usage conditions for providing the information collected by the first computer to the outside and stores the consent in consent information, an information management unit that, upon receiving an acquisition request for the information, acquires the information collected by the first computer and provides the information to the outside pursuant to the usage conditions for which consent has been received, and a trail management unit that generates a trail that indicates that an acquisition request for the information has been made or that the information has been provided and stores the trail in trail information. The second computer stores the purpose-of-use information, the consent information, and the trail information in a blockchain that is shared with the first computer.

Description

情報流通システム、情報流通方法及び記憶媒体Information distribution system, information distribution method and storage medium
 本発明は、個人情報の流通を管理する情報流通システムに関する。 The present invention relates to an information distribution system that manages the distribution of personal information.
 個人が購入した物品の購入情報やサービスの利用情報等の個人情報を、マーケティングに利用することが検討されている。個人情報を利用する技術としては、例えば、特許文献1が知られている。 It is being considered to use personal information such as purchase information of goods purchased by individuals and service usage information for marketing. As a technique for utilizing personal information, for example, Patent Document 1 is known.
 特許文献1には、個人情報を提供するサービスプロバイダから取得した個人情報が状況に応じて変化することを想定して、適宜個人情報を更新して最新の個人情報を利用者へ提供する技術が開示されている。 Patent Document 1 describes a technique for providing the latest personal information to a user by appropriately updating the personal information on the assumption that the personal information obtained from the service provider that provides the personal information changes depending on the situation. It is disclosed.
 また、特許文献1では、利用者(個人情報の購入者)に個人情報を提供する上での提供条件(購入希望者の業種、販売価格等)は個人が端末から入力し、情報管理サーバの登録者情報記憶部の情報登録者管理レコード(情報管理レコード)に格納されている。 Further, in Patent Document 1, the individual inputs the provision conditions (industry of the person who wishes to purchase, selling price, etc.) for providing personal information to the user (purchaser of personal information) from the terminal, and the information management server It is stored in the information registrant management record (information management record) of the registrant information storage unit.
特開2019-128648号公報JP-A-2019-128648
 しかしながら、上記特許文献1では、個人が入力した同意情報(提供条件)は情報管理システムで一元管理されており、同意情報の改竄を検知できないため、個人の同意に基づいた確実な情報の提供が行われない可能性があった。 However, in the above-mentioned Patent Document 1, the consent information (providing conditions) entered by the individual is centrally managed by the information management system, and falsification of the consent information cannot be detected. Therefore, reliable information can be provided based on the consent of the individual. It could not have been done.
 そこで本発明は、個人から取得した同意情報および利用者から取得した利用目的をブロックチェーンに格納・共有し、ブロックチェーンで共有された同意情報を取引関係者(特定の提供者および情報銀行)が参照することで、確実な個人情報の授受を行うことを目的とする。 Therefore, in the present invention, the consent information obtained from an individual and the purpose of use obtained from the user are stored and shared in the blockchain, and the consent information shared by the blockchain is stored and shared by the business parties (specific providers and information banks). By referring to it, the purpose is to ensure the transfer of personal information.
 本発明は、プロセッサとメモリと通信装置を有して、情報を収集する第1の計算機と、プロセッサとメモリと通信装置を有して、前記第1の計算機が収集した情報を、外部へ提供する第2の計算機と、を有する情報流通システムであって、前記第2の計算機は、外部へ提供する前記情報の利用条件を受け付けて利用目的情報に格納する利用目的管理部と、前記第1の計算機が収集した情報を、外部へ提供する前記利用条件に対する同意を受け付けて同意情報に格納する同意情報管理部と、前記情報の取得要求を受け付けると、前記同意を有する前記利用条件で、前記第1の計算機が収集した情報を取得して外部へ提供する情報管理部と、前記情報の取得要求又は前記情報の提供を実施したことを示す証跡を生成して証跡情報に格納する証跡管理部と、を有し、前記第2の計算機は、前記利用目的情報と、前記同意情報と、前記証跡情報をブロックチェーンに格納して前記第1の計算機と共有する。 The present invention provides to the outside a first computer having a processor, a memory and a communication device and collecting information, and having a processor, a memory and a communication device and providing the information collected by the first computer to the outside. An information distribution system including a second computer, the second computer receives a usage condition of the information provided to the outside and stores the usage condition information in the usage purpose information, and the first purpose management unit. When the consent information management unit that accepts the consent to the terms of use provided to the outside and stores the information collected by the computer in the consent information and the request for acquisition of the information is received, the terms of use with the consent The information management unit that acquires the information collected by the first computer and provides it to the outside, and the trail management unit that generates a trail indicating that the information acquisition request or the information has been provided and stores it in the trail information. The second computer stores the purpose of use information, the consent information, and the trail information in a blockchain and shares the information with the first computer.
 本発明によれば、ブロックチェーンで共有された同意情報を外部の計算機を利用する取引関係者(特定の提供者及び情報銀行)が参照し、同意情報の正当性を確認した上で個人の同意に基づく確実な情報の授受を行うことが可能となる。 According to the present invention, the consent information shared by the blockchain is referred to by business parties (specific providers and information banks) who use an external computer, and the consent of the individual is confirmed after confirming the validity of the consent information. It is possible to send and receive reliable information based on.
 本明細書において開示される主題の、少なくとも一つの実施の詳細は、添付されている図面と以下の記述の中で述べられる。開示される主題のその他の特徴、態様、効果は、以下の開示、図面、請求項により明らかにされる。 Details of at least one implementation of the subject matter disclosed herein are described in the accompanying drawings and in the description below. Other features, aspects, and effects of the disclosed subject matter are manifested in the disclosures, drawings, and claims below.
本発明の実施例を示し、個人情報の流通の概要を示す図である。It is a figure which shows the Example of this invention and shows the outline of the distribution of personal information. 本発明の実施例を示し、個人情報を流通する情報流通システムの一例を示すブロック図である。It is a block diagram which shows the Example of this invention and shows an example of the information distribution system which distributes personal information. 本発明の実施例を示し、銀行管理サーバの一例を示すブロック図である。It is a block diagram which shows the Example of this invention and shows an example of a bank management server. 本発明の実施例を示し、情報管理サーバの一例を示すブロック図である。It is a block diagram which shows the Example of this invention and shows an example of an information management server. 本発明の実施例を示し、情報流通システムで行われる提供可能項目及び個人情報の登録処理の一例を示すシーケンス図である。It is a sequence diagram which shows the Example of this invention and shows an example of the registration process of the item which can be provided and the personal information performed in the information distribution system. 本発明の実施例を示し、情報流通システムで行われる利用目的の登録処理の一例を示すシーケンス図である。It is a sequence diagram which shows the Example of this invention and shows an example of the registration process of purpose of use performed in an information distribution system. 本発明の実施例を示し、情報流通システムで行われる同意情報の登録処理の一例を示すシーケンス図である。It is a sequence diagram which shows the Example of this invention and shows an example of the registration process of consent information performed in an information distribution system. 本発明の実施例を示し、情報流通システムで行われる個人情報の提供処理の一例を示すシーケンス図である。It is a sequence diagram which shows the Example of this invention and shows an example of the personal information provision processing performed in the information distribution system. 本発明の実施例を示し、情報流通システムで行われる証跡の閲覧処理の一例を示すシーケンス図である。It is a sequence diagram which shows the Example of this invention and shows an example of the browsing process of a trail performed in an information distribution system. 本発明の実施例を示し、提供可能項目テーブルの一例を示す図である。It is a figure which shows the Example of this invention and shows an example of the offerable item table. 本発明の実施例を示し、個人情報テーブルの一例を示す図である。It is a figure which shows the Example of this invention and shows an example of the personal information table. 本発明の実施例を示し、利用目的テーブルの一例を示す図である。It is a figure which shows the Example of this invention and shows an example of the purpose of use table. 本発明の実施例を示し、同意情報テーブルの一例を示す図である。It is a figure which shows the Example of this invention and shows an example of the consent information table. 本発明の実施例を示し、個人情報のハッシュ値テーブルの一例を示す図である。It is a figure which shows the Example of this invention and shows an example of the hash value table of personal information. 本発明の実施例を示し、証跡テーブルの一例を示す図である。It is a figure which shows the Example of this invention and shows an example of a trail table. 本発明の実施例を示し、ID情報テーブルの一例を示す図である。It is a figure which shows the Example of this invention and shows an example of the ID information table. 本発明の実施例を示し、提供可能項目の登録画面の一例を示す図である。It is a figure which shows the Example of this invention and shows an example of the registration screen of the offerable item. 本発明の実施例を示し、利用目的の登録画面の一例を示す図である。It is a figure which shows the Example of this invention and shows an example of the registration screen of the purpose of use. 本発明の実施例を示し、同意情報の登録画面の一例を示す図である。It is a figure which shows the Example of this invention and shows an example of the registration screen of consent information. 本発明の実施例を示し、証跡の検索画面の一例を示す図である。It is a figure which shows the Example of this invention and shows an example of the search screen of a trail.
 以下、本発明の一実施形態について添付図面を用いて説明する。 Hereinafter, an embodiment of the present invention will be described with reference to the accompanying drawings.
 <概要>
 図1は本発明の実施例を示し、個人情報の流通の概要を示す図である。本実施例の情報流通システムは、サービスの利用や物品を購入する個人が利用する個人端末400と、サービスや物品を個人に提供し、個人情報を蓄積する提供者(A社~C社)が運用するデータ提供サイト2-A~2-Cと、データ提供サイト2-A~2-Cに蓄積された個人情報を利用する利用者(X社~Z社)が運用するデータ利用サイト3-X~3-Zに提供する情報銀行サイト1を含む。 <Overview>
FIG. 1 shows an embodiment of the present invention and is a diagram showing an outline of distribution of personal information. In the information distribution system of this embodiment, a personal terminal 400 used by an individual who uses a service or purchases an article, and a provider (company A to C) who provides the service or an article to an individual and accumulates personal information Data usage sites 2-A to 2-C operated and data usage sites 3-operated by users (Company X to Company Z) who use personal information stored in the data providing sites 2-A to 2-C. Includes information bank site 1 provided to X to 3-Z.
 なお、情報銀行サイト1を運用する情報銀行と、提供者(A社~C社)及び利用者(X社~Z社)は、個人の同意に基づく個人情報を利用する契約を予め締結している。なお、以下の説明では、データ提供サイトを個々に特定しない場合には「-」以降を省略した符号「2」を用いる。他の構成要素の符号についても同様である。 The information bank that operates the information bank site 1 and the providers (Company A to C) and the users (Company X to Z) have previously concluded a contract to use personal information based on the consent of the individual. There is. In the following description, when the data providing site is not individually specified, the code "2" is used with the "-" and subsequent parts omitted. The same applies to the codes of other components.
 データ提供サイト2は、個人端末400からの注文に応じてサービスや物品を提供し、物品の購入やサービスの利用の際に取得した個人情報を個人情報テーブル4に蓄積する。また、データ提供サイト2は、個人情報を個人情報テーブル4へ登録する際に、登録する個人情報のハッシュ値を算出し、データ提供サイト2の署名とハッシュ値を、ブロックチェーン6の個人情報のハッシュ値テーブル63に格納して情報銀行サイト1と共有する。 The data providing site 2 provides services and goods in response to an order from the personal terminal 400, and stores personal information acquired when purchasing the goods and using the services in the personal information table 4. Further, when the data providing site 2 registers the personal information in the personal information table 4, the hash value of the registered personal information is calculated, and the signature and the hash value of the data providing site 2 are used as the personal information of the blockchain 6. It is stored in the hash value table 63 and shared with the information bank site 1.
 また、データ提供サイト2は、蓄積した個人情報テーブル4の中から利用者に提供可能な項目(以下、提供可能項目)を情報銀行サイト1へ登録しておく。情報銀行サイト1は、データ提供サイト2の個人情報テーブル4のうち、データ利用サイト3へ提供可能な項目の情報を取得して、提供用個人情報テーブル5に格納する。 In addition, the data providing site 2 registers the items that can be provided to the user (hereinafter, the items that can be provided) from the accumulated personal information table 4 in the information bank site 1. The information bank site 1 acquires information on items that can be provided to the data utilization site 3 in the personal information table 4 of the data providing site 2, and stores the information in the providing personal information table 5.
 なお、図示の例では、情報銀行サイト1に蓄積した提供用個人情報テーブル5からデータ利用サイト3へ個人情報を提供する例を示すが、これに限定されるものではない。例えば、情報銀行サイト1では、個人情報を蓄積せず、データ利用サイト3が要求した個人情報をデータ提供サイト2に要求し、データ提供サイト2が出力した個人情報を、データ利用サイト3へ中継するようにしてもよい。情報銀行サイト1で個人情報を蓄積せず、個人情報の中継を行う場合は、データ提供サイト2で個人情報を最新の状態にしておけばよいので、情報のメンテナンスにかかるコストを低減できる。 Note that the illustrated example shows an example in which personal information is provided from the personal information table 5 for provision stored in the information bank site 1 to the data use site 3, but the present invention is not limited to this. For example, the information bank site 1 does not accumulate personal information, requests the data providing site 2 for the personal information requested by the data using site 3, and relays the personal information output by the data providing site 2 to the data using site 3. You may try to do so. When personal information is relayed without accumulating personal information on the information bank site 1, the personal information may be kept up to date on the data providing site 2, so that the cost for maintaining the information can be reduced.
 データ利用サイト3を運用する利用者は、提供可能項目を参照して利用可能なデータがあれば、利用目的を情報銀行サイト1に登録する。利用目的はブロックチェーン6の利用目的テーブル62に格納される。 The user who operates the data use site 3 refers to the items that can be provided, and if there is data that can be used, registers the purpose of use on the information bank site 1. The purpose of use is stored in the purpose of use table 62 of the blockchain 6.
 個人情報を提供する個人は、個人端末400で情報銀行サイト1と契約を締結し、データ利用サイト3に提供する個人情報テーブル4の項目と利用目的に同意する。同意の内容はブロックチェーン6の同意情報テーブル61に格納されて、データ提供サイト2と共有される。 The individual who provides personal information concludes a contract with the information bank site 1 on the personal terminal 400, and agrees to the items of the personal information table 4 provided to the data use site 3 and the purpose of use. The content of the consent is stored in the consent information table 61 of the blockchain 6 and shared with the data providing site 2.
 その後、データ利用サイト3-X~3-Zは、同意情報に基づいてそれぞれ提供用個人情報テーブル5を情報銀行サイト1から取得して、マーケティングなどに利用する。そして、情報銀行サイト1は、データ利用サイト3から情報の取得要求を実施する度に証跡を生成してブロックチェーン6の証跡テーブル64に格納し、データ提供サイト2と共有する。 After that, the data usage sites 3-X to 3-Z acquire the personal information table 5 for provision from the information bank site 1 based on the consent information, and use it for marketing and the like. Then, the information bank site 1 generates a trail every time an information acquisition request is executed from the data use site 3, stores it in the trail table 64 of the blockchain 6, and shares it with the data providing site 2.
 個人情報を提供した個人端末400は、情報銀行サイト1に対して証跡テーブル64の開示を要求すると、自身が提供した個人情報がいつ、誰に、どのような目的で利用されたかを閲覧することができる。また、個人端末400は、情報銀行サイト1に対して、提供用個人情報テーブル5の訂正や、削除を要求することができる。 When the personal terminal 400 that has provided personal information requests the information bank site 1 to disclose the trail table 64, it browses when, who, and for what purpose the personal information provided by itself was used. Can be done. In addition, the personal terminal 400 can request the information bank site 1 to correct or delete the personal information table 5 for provision.
 本実施例の情報流通システムでは、ブロックチェーン6で共有された同意情報テーブル61を、情報銀行サイト1とデータ提供サイト2の取引関係者が参照し、同意情報テーブル61を確認した上で個人の同意に基づく提供用個人情報の授受を行う。同意情報テーブル61はブロックチェーン6に格納されているので、改竄を容易に検出することができる。 In the information distribution system of this embodiment, the consent information table 61 shared by the blockchain 6 is referred to by the business associates of the information bank site 1 and the data providing site 2, and after confirming the consent information table 61, the individual We will exchange personal information for provision based on consent. Since the consent information table 61 is stored in the blockchain 6, falsification can be easily detected.
 また、情報管理サーバ210は、個人情報を登録する際にハッシュ値を算出して個人情報のハッシュ値テーブル63へ格納しておくことで、個人情報テーブル4又は提供用個人情報テーブル5の授受の度にハッシュ値を参照することで、改竄の検知を実施することができる。 Further, the information management server 210 calculates a hash value when registering personal information and stores it in the hash value table 63 of the personal information, so that the personal information table 4 or the personal information table 5 for provision can be exchanged. By referring to the hash value each time, tampering can be detected.
 本実施例では、情報銀行サイト1は、データ利用サイト3から提供用個人情報テーブル5の利用料を受け取り、データ提供サイト2へ提供用個人情報テーブル5を提供した対価を還元する。また、情報銀行サイト1は、個人情報の提供に同意した個人へ対価を還元するようにしてもよい。 In this embodiment, the information bank site 1 receives the usage fee of the personal information table 5 for provision from the data use site 3, and returns the consideration for providing the personal information table 5 for provision to the data provision site 2. In addition, the information bank site 1 may return the consideration to the individual who has consented to the provision of personal information.
 なお、本実施例では、一つのブロックチェーン6に、同意情報テーブル61と、利用目的テーブル62と、個人情報のハッシュ値テーブル63と、証跡テーブル64を格納する例を示したが、これに限定されるものではない。例えば、同意情報テーブル61と、利用目的テーブル62と、個人情報のハッシュ値テーブル63と、証跡テーブル64を独立したブロックチェーンで管理することも可能である。 In this embodiment, an example in which the consent information table 61, the purpose of use table 62, the hash value table 63 of personal information, and the trail table 64 are stored in one blockchain 6 is shown, but the present invention is limited to this. It is not something that is done. For example, the consent information table 61, the purpose of use table 62, the hash value table 63 of personal information, and the trail table 64 can be managed by an independent blockchain.
 また、ブロックチェーン6に格納される同意情報テーブル61等は、最新のブロックに含まれるハッシュ値と、直前のブロックのデータから算出したハッシュ値とを比較することで、改竄の有無を容易に検出することができる。 Further, the consent information table 61 and the like stored in the blockchain 6 can easily detect the presence or absence of falsification by comparing the hash value included in the latest block with the hash value calculated from the data of the immediately preceding block. can do.
 ブロックチェーン6のブロックの生成と、ハッシュ値の算出は、後述の情報銀行サイト1における銀行管理サーバ110の台帳管理部25およびデータ提供サイト2における情報管理サーバ210の台帳管理部25の双方で実施する。 The block of the blockchain 6 is generated and the hash value is calculated by both the ledger management unit 25 of the bank management server 110 at the information bank site 1 and the ledger management unit 25 of the information management server 210 at the data providing site 2. To do.
 <システム構成>
 図2は、個人情報を流通する情報流通システムの一例を示すブロック図である。情報流通システムは、データ提供サイト2が提供するサービス等を利用し、利用時に個人情報を登録する個人に利用される個人端末400と、個人情報を蓄積して提供可能な個人情報の項目を情報銀行サイト1へ登録するデータ提供サイト2と、個人端末400からの同意に基づいて個人情報テーブル4の個人情報(または提供用個人情報テーブル5)をデータ利用サイト3へ提供する情報銀行サイト1と、個人情報を情報銀行サイト1から取得して利用するデータ利用サイト3と、各サイト等を相互に接続するネットワーク70を含む。 <System configuration>
FIG. 2 is a block diagram showing an example of an information distribution system that distributes personal information. The information distribution system uses services provided by the data providing site 2 to provide information on a personal terminal 400 used by an individual who registers personal information at the time of use and items of personal information that can be provided by accumulating personal information. The data providing site 2 registered in the bank site 1 and the information bank site 1 that provides the personal information (or the personal information table 5 for provision) of the personal information table 4 to the data use site 3 based on the consent from the personal terminal 400. Includes a data usage site 3 that acquires and uses personal information from an information bank site 1, and a network 70 that interconnects each site and the like.
 個人情報を提供する個人は、個人端末400を利用してデータ提供サイト2や情報銀行サイト1に接続する。個人端末400には生体情報を利用して認証を行う認証デバイス410が接続されて、個人を証明する際に利用される。 An individual who provides personal information connects to a data providing site 2 or an information bank site 1 using a personal terminal 400. An authentication device 410 that authenticates using biometric information is connected to the personal terminal 400 and is used for certifying an individual.
 個人情報を蓄積するデータ提供サイト2-A~2-Cは、同一の構成であるので、以下ではデータ提供サイト2-Aについて説明する。データ提供サイト2-Aは、計算機資源として、情報管理サーバ210と、データベース220と、ブロックチェーンノード240を含む。情報管理サーバ210と、データベース220と、ブロックチェーンノード240は、それぞれ独立した計算機で構成してもよいし、仮想計算機で構成してもよいし、あるいはコンテナで構成することができる。 Since the data providing sites 2-A to 2-C for accumulating personal information have the same configuration, the data providing sites 2-A will be described below. The data providing site 2-A includes an information management server 210, a database 220, and a blockchain node 240 as computer resources. The information management server 210, the database 220, and the blockchain node 240 may be configured by independent computers, virtual computers, or containers.
 情報管理サーバ210は、個人端末400から取得した個人情報を管理する個人情報管理部221と、情報銀行サイト1を介してデータ利用サイト3へ提供された個人情報の利用状況を確認するための証跡管理部222を含む。 The information management server 210 is a trail for confirming the usage status of the personal information management unit 221 that manages the personal information acquired from the personal terminal 400 and the personal information provided to the data usage site 3 via the information bank site 1. Includes management unit 222.
 なお、データ利用サイト3へ提供された個人情報は、個人情報テーブル4のうち提供可能項目テーブル121に対応する個人情報であり、提供者(個人)が利用者への提供を許可した情報である。 The personal information provided to the data use site 3 is the personal information corresponding to the provideable item table 121 in the personal information table 4, and is the information that the provider (individual) has permitted to provide to the user. ..
 個人情報管理部221は、個人端末400から受け付けた個人情報をデータベース220へ格納し、データ利用サイト3へ提供可能な項目を情報銀行サイト1へ登録し、データ利用サイト3に提供する個人情報テーブル4を管理する。 The personal information management unit 221 stores the personal information received from the personal terminal 400 in the database 220, registers the items that can be provided to the data use site 3 in the information bank site 1, and provides the personal information table to the data use site 3. Manage 4
 ブロックチェーンノード240は、情報銀行サイト1と分散共有するブロックチェーン6を管理する。ブロックチェーン6は、情報を格納する台帳60と、台帳60に対してスマートコントラクトを実現するチェーンコード30を含む。 The blockchain node 240 manages the blockchain 6 which is distributed and shared with the information bank site 1. The blockchain 6 includes a ledger 60 for storing information and a chain code 30 for realizing a smart contract with respect to the ledger 60.
 台帳60には、後述するように、同意情報テーブル61と、利用目的テーブル62と、個人情報のハッシュ値テーブル63と、証跡テーブル64が含まれる。チェーンコード30は、台帳60に対するトランザクション等を制御するために、同意情報管理部31と、利用目的管理部32と、個人情報管理部33と、証跡管理部34を含む。 The ledger 60 includes a consent information table 61, a purpose of use table 62, a hash value table 63 for personal information, and a trail table 64, as will be described later. The chain code 30 includes a consent information management unit 31, a purpose-of-use management unit 32, a personal information management unit 33, and a trail management unit 34 in order to control transactions and the like with respect to the ledger 60.
 同意情報管理部31は、台帳60の同意情報テーブル61に対するトランザクションを制御する。利用目的管理部32は、台帳60の利用目的テーブル62に対するトランザクションを制御する。個人情報管理部33は、台帳60の個人情報のハッシュ値テーブル63に対するトランザクションを制御する。証跡管理部34は、台帳60の証跡テーブル64に対するトランザクションを制御する。 The consent information management unit 31 controls transactions for the consent information table 61 of the ledger 60. The purpose-of-use management unit 32 controls transactions with respect to the purpose-of-use table 62 of the ledger 60. The personal information management unit 33 controls transactions with respect to the hash value table 63 of personal information in the ledger 60. The trail management unit 34 controls transactions with respect to the trail table 64 of the ledger 60.
 情報銀行サイト1は、計算機資源として、銀行管理サーバ110と、データベース120と、認証サーバ130と、ブロックチェーンノード140を含む。銀行管理サーバ110と、データベース120と、認証サーバ130と、ブロックチェーンノード140は、それぞれが独立した計算機で構成してもよいし、仮想計算機で構成してもよいし、あるいはコンテナで構成することができる。 The information bank site 1 includes a bank management server 110, a database 120, an authentication server 130, and a blockchain node 140 as computer resources. The bank management server 110, the database 120, the authentication server 130, and the blockchain node 140 may each be configured by an independent calculator, a virtual calculator, or a container. Can be done.
 銀行管理サーバ110は、データ提供サイト2から取得した個人情報を管理する個人情報管理部21と、個人端末400から受け付けた同意情報を管理する同意情報管理部22と、データ利用サイト3から受け付けた利用目的を管理する利用目的管理部23と、証跡を生成してブロックチェーン6に格納する証跡管理部24を含む。 The bank management server 110 receives from the personal information management unit 21 that manages the personal information acquired from the data providing site 2, the consent information management unit 22 that manages the consent information received from the personal terminal 400, and the data use site 3. It includes a purpose-of-use management unit 23 that manages the purpose of use, and a trail management unit 24 that generates a trail and stores it in the blockchain 6.
 個人情報管理部21は、データ提供サイト2の個人情報テーブル4から取得した個人情報を提供用個人情報テーブル5で管理する。なお、銀行管理サーバ110で提供用個人情報テーブル5を管理しない場合には、データ利用サイト3からの個人情報の取得要求に対して、個人情報管理部21は、データ提供サイト2からの個人情報の取得を仲介する。 The personal information management unit 21 manages the personal information acquired from the personal information table 4 of the data providing site 2 in the providing personal information table 5. If the bank management server 110 does not manage the personal information table 5 for provision, the personal information management unit 21 responds to the request for acquisition of personal information from the data use site 3 by the personal information management unit 21. Mediate the acquisition of.
 また、個人情報管理部21は、後述するようにデータ提供サイト2から受け付けた提供可能な項目をデータベース120の提供可能項目テーブル121へ登録し、データ利用サイト3に提供する。 Further, the personal information management unit 21 registers the provideable items received from the data providing site 2 in the provideable item table 121 of the database 120 and provides them to the data use site 3 as described later.
 また、個人情報管理部21は、後述するようにデータ提供サイト2-A~2-Cにおける個人のIDと、当該銀行管理サーバ110における個人のIDを関連付けてデータベース120のID情報テーブル122に格納して管理する。 Further, as will be described later, the personal information management unit 21 associates the personal ID on the data providing sites 2-A to 2-C with the personal ID on the bank management server 110 and stores it in the ID information table 122 of the database 120. And manage it.
 同意情報管理部22は、チェーンコードの同意情報管理部31を利用して、個人端末400から受け付けた利用目的に対する同意を、ブロックチェーン6の同意情報テーブル61に格納する。そして、同意情報管理部22は、個人情報をデータ利用サイト3へ提供する際には、データ提供サイト2から取得した個人情報が、個人の同意に基づいていることを検証する。 The consent information management unit 22 uses the consent information management unit 31 of the chain code to store the consent for the purpose of use received from the personal terminal 400 in the consent information table 61 of the blockchain 6. Then, when the consent information management unit 22 provides the personal information to the data use site 3, it verifies that the personal information acquired from the data provision site 2 is based on the consent of the individual.
 利用目的管理部23は、チェーンコードの利用目的管理部32を利用して、データ利用サイト3のデータ利用端末300から受け付けた利用目的を、ブロックチェーン6の利用目的テーブル62に格納する。そして、利用目的管理部23は、個人情報をデータ利用サイト3へ提供する際には、データ提供サイト2から取得した個人情報が、利用目的を遵守していることを検証する。 The purpose of use management unit 23 uses the purpose of use management unit 32 of the chain code to store the purpose of use received from the data use terminal 300 of the data use site 3 in the purpose of use table 62 of the blockchain 6. Then, when the purpose of use management unit 23 provides the personal information to the data use site 3, it verifies that the personal information acquired from the data provision site 2 complies with the purpose of use.
 証跡管理部24は、チェーンコードの証跡管理部34を利用して、個人情報の取得要求をデータ利用サイト3のデータ利用端末300から受け付けた場合や、データ提供サイト2の個人情報の提供など、個人情報に対するアクセスや要求などの証跡を生成してブロックチェーン6の証跡テーブル64に格納する。また、証跡管理部24は、証跡テーブル64の閲覧要求を受け付けると、指定された個人IDの証跡を証跡テーブル64から取得して提示する。 The trail management unit 24 uses the trail management unit 34 of the chain code to receive a request for acquisition of personal information from the data use terminal 300 of the data use site 3, provides personal information of the data provision site 2, and the like. A trail of access or request for personal information is generated and stored in the trail table 64 of the blockchain 6. Further, when the trail management unit 24 receives the viewing request of the trail table 64, the trail management unit 24 acquires the trail of the designated personal ID from the trail table 64 and presents it.
 認証サーバ130は、個人端末400の認証デバイス410やデータ利用サイト3の認証デバイス310からの生体情報に基づいて、個人又は利用者の認証を行う認証部131と、個人又はデータ利用サイト3の利用者の公開鍵や生体情報に基づく認証情報を管理する公開鍵管理部132を含む。 The authentication server 130 uses the authentication unit 131 that authenticates an individual or a user based on the biometric information from the authentication device 410 of the personal terminal 400 or the authentication device 310 of the data utilization site 3, and the use of the individual or the data utilization site 3. It includes a public key management unit 132 that manages a person's public key and authentication information based on biometric information.
 なお、認証サーバ130では、生体情報を利用した秘密鍵と公開鍵を利用する例を示すが、これに限定されるものではない。公知又は周知の鍵によって認証が実施できればよい。 Note that the authentication server 130 shows an example of using a private key and a public key using biometric information, but the present invention is not limited to this. It suffices if authentication can be performed with a known or well-known key.
 ブロックチェーンノード140は、データ提供サイト2と分散共有するブロックチェーン6を管理する。ブロックチェーン6は、上述したとおりであり情報を格納する台帳60と、台帳60に対してスマートコントラクトを実現するチェーンコード30を含む。 The blockchain node 140 manages the blockchain 6 which is distributed and shared with the data providing site 2. The blockchain 6 includes a ledger 60 for storing information as described above, and a chain code 30 for realizing a smart contract with respect to the ledger 60.
 データ利用サイト3-X~3-Zは、同様の構成であるので、以下ではデータ利用サイト3-Xについて説明する。データ利用サイト3-Xは、情報銀行サイト1が提供する個人情報を利用するデータ利用端末300と、データ利用端末300を利用する担当者の生体情報を認証するための認証デバイス310を含む。 Since the data usage sites 3-X to 3-Z have the same configuration, the data usage sites 3-X will be described below. The data utilization site 3-X includes a data utilization terminal 300 that uses personal information provided by the information bank site 1, and an authentication device 310 for authenticating the biometric information of the person in charge of using the data utilization terminal 300.
 データ利用端末300は、利用目的テーブル62に基づいて情報銀行サイト1から個人情報を取得して、所定の目的に沿って利用する。 The data use terminal 300 acquires personal information from the information bank site 1 based on the purpose of use table 62 and uses it according to a predetermined purpose.
 <銀行管理サーバ>
 図3は、銀行管理サーバ110の一例を示すブロック図である。図3では、情報銀行サイト1の計算機資源のうち、銀行管理サーバ110で、データベース120とブロックチェーンノード140を提供する例を示す。なお、銀行管理サーバ110に、認証サーバ130を集約してもよい。 <Bank management server>
FIG. 3 is a block diagram showing an example of the bank management server 110. FIG. 3 shows an example in which the database 120 and the blockchain node 140 are provided by the bank management server 110 among the computer resources of the information bank site 1. The authentication server 130 may be integrated in the bank management server 110.
 銀行管理サーバ110は、プロセッサ11とメモリ12とストレージ装置16と、入力装置13と、出力装置14と、通信装置15を含む計算機である。入力装置13は、キーボードやマウスあるいはタッチパネルで構成される。出力装置14は、ディスプレイで構成される。通信装置15はネットワーク70に接続されて他の計算機と通信を行う。 The bank management server 110 is a computer including a processor 11, a memory 12, a storage device 16, an input device 13, an output device 14, and a communication device 15. The input device 13 is composed of a keyboard, a mouse, or a touch panel. The output device 14 is composed of a display. The communication device 15 is connected to the network 70 and communicates with another computer.
 メモリ12には、個人情報管理部21と、同意情報管理部22と、利用目的管理部23と、証跡管理部24と、ブロックチェーンノード140を実現するための台帳管理部25と、チェーンコード30がプログラムとしてロードされてプロセッサ11によって実行される。 The memory 12 includes a personal information management unit 21, a consent information management unit 22, a purpose-of-use management unit 23, a trail management unit 24, a ledger management unit 25 for realizing the blockchain node 140, and a chain code 30. Is loaded as a program and executed by the processor 11.
 チェーンコード30は、上述したように台帳60の同意情報テーブル61に対するトランザクションを制御する同意情報管理部31と、台帳60の利用目的テーブル62に対するトランザクションを制御する利用目的管理部32と、台帳60の個人情報のハッシュ値テーブル63に対するトランザクションを制御する個人情報管理部33と、台帳60の証跡テーブル64に対するトランザクションを制御する証跡管理部34を含む。 As described above, the chain code 30 includes a consent information management unit 31 that controls transactions with respect to the consent information table 61 of the ledger 60, a purpose management unit 32 that controls transactions with respect to the purpose of use table 62 of the ledger 60, and a ledger 60. It includes a personal information management unit 33 that controls transactions with respect to the hash value table 63 of personal information, and a trail management unit 34 that controls transactions with respect to the trail table 64 of the ledger 60.
 プロセッサ11は、各機能部のプログラムに従って処理することによって、所定の機能を提供する機能部として稼働する。例えば、プロセッサ11は、個人情報管理プログラムに従って処理することで個人情報管理部21として機能する。他のプログラムについても同様である。さらに、プロセッサ11は、各プログラムが実行する複数の処理のそれぞれの機能を提供する機能部としても稼働する。計算機及び計算機システムは、これらの機能部を含む装置及びシステムである。 The processor 11 operates as a functional unit that provides a predetermined function by processing according to the program of each functional unit. For example, the processor 11 functions as the personal information management unit 21 by processing according to the personal information management program. The same applies to other programs. Further, the processor 11 also operates as a functional unit that provides each function of a plurality of processes executed by each program. A computer and a computer system are devices and systems including these functional parts.
 ストレージ装置16は、データベース120と、ブロックチェーンノード140を実現するための台帳60が格納される。データベース120には、提供用個人情報テーブル5と、提供可能項目テーブル121と、ID情報テーブル122が格納される。 The storage device 16 stores a database 120 and a ledger 60 for realizing the blockchain node 140. The personal information table 5 for provision, the item table 121 that can be provided, and the ID information table 122 are stored in the database 120.
 台帳60は、上述したようにブロックチェーン6上で分散共有する同意情報テーブル61と、利用目的テーブル62と、個人情報のハッシュ値テーブル63と、証跡テーブル64が含まれる。 The ledger 60 includes a consent information table 61 distributed and shared on the blockchain 6, a purpose of use table 62, a hash value table 63 of personal information, and a trail table 64 as described above.
 <情報管理サーバ>
 図4は、情報管理サーバ210の一例を示すブロック図である。図4では、データ提供サイト2の計算機資源のうち、情報管理サーバ210で、データベース220とブロックチェーンノード240を提供する例を示す。 <Information management server>
FIG. 4 is a block diagram showing an example of the information management server 210. FIG. 4 shows an example in which the information management server 210 provides the database 220 and the blockchain node 240 among the computer resources of the data providing site 2.
 情報管理サーバ210は、プロセッサ251とメモリ252とストレージ装置26と、入力装置253と、出力装置254と、通信装置255を含む計算機である。入力装置253は、キーボードやマウスあるいはタッチパネルで構成される。出力装置254は、ディスプレイで構成される。通信装置255はネットワーク70に接続されて他の計算機と通信を行う。 The information management server 210 is a computer including a processor 251, a memory 252, a storage device 26, an input device 253, an output device 254, and a communication device 255. The input device 253 is composed of a keyboard, a mouse, or a touch panel. The output device 254 is composed of a display. The communication device 255 is connected to the network 70 and communicates with other computers.
 メモリ252には、個人情報管理部221と、証跡管理部222と、ブロックチェーンノード240を実現するための台帳管理部25と、チェーンコード30がプログラムとしてロードされてプロセッサ251によって実行される。チェーンコード30は、上述したように銀行管理サーバ110と同様である。 The personal information management unit 221 and the trail management unit 222, the ledger management unit 25 for realizing the blockchain node 240, and the chain code 30 are loaded into the memory 252 as a program and executed by the processor 251. The chain code 30 is the same as the bank management server 110 as described above.
 プロセッサ251は、各機能部のプログラムに従って処理することによって、所定の機能を提供する機能部として稼働する。例えば、プロセッサ251は、個人情報管理プログラムに従って処理することで個人情報管理部221として機能する。他のプログラムについても同様である。さらに、プロセッサ251は、各プログラムが実行する複数の処理のそれぞれの機能を提供する機能部としても稼働する。計算機及び計算機システムは、これらの機能部を含む装置及びシステムである。 The processor 251 operates as a functional unit that provides a predetermined function by processing according to the program of each functional unit. For example, the processor 251 functions as the personal information management unit 221 by processing according to the personal information management program. The same applies to other programs. Further, the processor 251 also operates as a functional unit that provides each function of a plurality of processes executed by each program. A computer and a computer system are devices and systems including these functional parts.
 ストレージ装置26は、データベース220と、ブロックチェーンノード240を実現するための台帳60が格納される。データベース120には、個人端末400から収集した個人情報が個人情報テーブル4に格納される。 The storage device 26 stores a database 220 and a ledger 60 for realizing the blockchain node 240. In the database 120, the personal information collected from the personal terminal 400 is stored in the personal information table 4.
 台帳60は、上述したようにブロックチェーン6上で分散共有する同意情報テーブル61と、利用目的テーブル62と、個人情報のハッシュ値テーブル63と、証跡テーブル64が含まれる。 The ledger 60 includes a consent information table 61 distributed and shared on the blockchain 6, a purpose of use table 62, a hash value table 63 of personal information, and a trail table 64 as described above.
 <テーブル>
 以下、各サーバで利用されるテーブルについて説明する。図10は、提供可能項目テーブル121の一例を示す図である。 <Table>
The tables used by each server will be described below. FIG. 10 is a diagram showing an example of the provideable item table 121.
 提供可能項目テーブル121は、データ提供サイト2の情報管理サーバ210から入力された情報であり、情報銀行サイト1の銀行管理サーバ110によって保持される。 The provideable item table 121 is information input from the information management server 210 of the data providing site 2, and is held by the bank management server 110 of the information bank site 1.
 提供可能項目テーブル121は、項目の識別子を格納する項目ID1211と、データ提供サイト2の識別子を格納する提供者ID1212と、個人情報の種類を格納する個人情報種別1213と、個人情報の項目名を格納する個人情報項目名1214と、個人情報項目がどういう情報であるかを説明する1215と、提示用の情報を格納するサンプル値1216と、を一つのレコードに含む。 The provideable item table 121 contains an item ID 1211 that stores an item identifier, a provider ID 1212 that stores an identifier of the data providing site 2, a personal information type 1213 that stores the type of personal information, and an item name of personal information. One record includes a personal information item name 1214 to be stored, a 1215 explaining what kind of information the personal information item is, and a sample value 1216 for storing information for presentation.
 項目ID1211には、情報管理サーバ210が付与した識別子が格納される。提供者ID1212には、個人情報を提供するデータ提供サイト2に設定された識別子が格納される。 The item ID 1211 stores the identifier given by the information management server 210. The provider ID 1212 stores an identifier set in the data providing site 2 that provides personal information.
 個人情報種別1213には、個人情報の種類が格納される。個人情報項目名1214には、個人情報の項目名が格納される。項目内容1215には、個人情報項目がどういう情報であるかという説明が格納される。サンプル値1216には、情報管理サーバ210がデータ利用サイト3に開示するデータのサンプルが格納される。 The type of personal information is stored in the personal information type 1213. The item name of personal information is stored in the personal information item name 1214. The item content 1215 stores an explanation of what kind of information the personal information item is. The sample value 1216 stores a sample of data disclosed by the information management server 210 to the data utilization site 3.
 提供可能項目テーブル121は、データ提供サイト2の提供者が、個人情報のうちデータ利用サイト3に提供を許可した種別と項目名などが保持される。 The provideable item table 121 holds the types and item names of personal information that the provider of the data providing site 2 has permitted to provide to the data using site 3.
 図11は、個人情報テーブル4の一例を示す図である。個人情報テーブル4は、データ提供サイト2の情報管理サーバ210が収集した個人情報である。 FIG. 11 is a diagram showing an example of the personal information table 4. The personal information table 4 is personal information collected by the information management server 210 of the data providing site 2.
 個人情報テーブル4は、個人を識別する個人ID41と、個人情報の種類を示す個人情報種別42と、個人情報の項目名を示す個人情報項目名43と、個人情報項目名に対応する情報を格納する個人情報44と、を一つのレコードに含む。 The personal information table 4 stores a personal ID 41 that identifies an individual, a personal information type 42 that indicates the type of personal information, a personal information item name 43 that indicates an item name of personal information, and information corresponding to the personal information item name. The personal information 44 to be used is included in one record.
 個人ID41は、情報管理サーバ210が顧客である個人に付与した識別子で、データ提供サイト2内でユニークな値である。情報銀行サイト1の銀行管理サーバ110が管理する提供用個人情報テーブル5は、個人情報テーブル4のうち、図10の提供可能項目テーブル121に登録された個人情報種別1213と、個人情報項目名1214に対応する情報が格納される。銀行管理サーバ110が管理する提供用個人情報テーブル5のフォーマットは、図11の個人情報テーブル4と同様である。ただし、後述するように、個人情報テーブル4の識別子(個人ID41)は、データ提供サイト2内で一意の識別子であり、提供用個人情報テーブル5の識別子は情報銀行サイト1内で一意の識別子である点が相違する。 The personal ID 41 is an identifier given to an individual who is a customer by the information management server 210, and is a unique value in the data providing site 2. The personal information table 5 for provision managed by the bank management server 110 of the information bank site 1 has the personal information type 1213 registered in the provideable item table 121 of FIG. 10 and the personal information item name 1214 in the personal information table 4. The information corresponding to is stored. The format of the personal information table 5 for provision managed by the bank management server 110 is the same as that of the personal information table 4 of FIG. However, as will be described later, the identifier of the personal information table 4 (personal ID 41) is a unique identifier within the data providing site 2, and the identifier of the providing personal information table 5 is a unique identifier within the information bank site 1. There is a difference.
 図12は、利用目的テーブル62の一例を示す図である。利用目的テーブル62は、データ利用サイト3のデータ利用端末300から入力された情報で、情報銀行サイト1で保持される。 FIG. 12 is a diagram showing an example of the purpose of use table 62. The purpose of use table 62 is information input from the data use terminal 300 of the data use site 3, and is held at the information bank site 1.
 利用目的テーブル62は、同意パターンID621と、データ利用サイト3に設定された識別子を格納する利用者ID622と、利用目的の概要を格納する利用目的(概要)623と、利用目的の詳細を格納する利用目的(詳細)624と、個人情報の提供者を特定する提供者ID625と、データ利用サイト3で利用したい個人情報の種類を格納する個人情報種別626と、データ利用サイト3で利用したい個人情報の項目を格納する個人情報項目名627と、を一つのレコードに含む。 The purpose of use table 62 stores the consent pattern ID 621, the user ID 622 that stores the identifier set in the data use site 3, the purpose of use (summary) 623 that stores the outline of the purpose of use, and the details of the purpose of use. Purpose of use (details) 624, provider ID 625 that identifies the provider of personal information, personal information type 626 that stores the type of personal information that you want to use on the data use site 3, and personal information that you want to use on the data use site 3. The personal information item name 627 that stores the item of is included in one record.
 同意パターンID621は、個人の同意を得る際に、複数の個人情報項目名627を提示するための識別子で、銀行管理サーバ110によって付与される。図示の例では、同意パターンID621が「ag1」の「電力データ」について、個人情報項目名627が「契約種別」と「電力使用量」の2つの項目について、個人の同意を得ることを示す。このように、同意パターンID621に同一の値を複数のレコードに設定することで、一回の同意で複数の個人情報項目名627の利用の許諾が可能となる。 The consent pattern ID 621 is an identifier for presenting a plurality of personal information item names 627 when obtaining the consent of an individual, and is given by the bank management server 110. In the illustrated example, the consent pattern ID 621 indicates that the individual consent is obtained for the "electric power data" of "ag1", and the personal information item name 627 indicates that the individual consent is obtained for the two items of "contract type" and "electric power usage". By setting the same value for the consent pattern ID 621 in a plurality of records in this way, it is possible to permit the use of the plurality of personal information item names 627 with one consent.
 図13は、同意情報テーブル61の一例を示す図である。同意情報テーブル61は、個人端末400からの入力に基づいて銀行管理サーバ110で生成され、ブロックチェーン6に格納され、情報銀行サイト1とデータ提供サイト2で共有される。 FIG. 13 is a diagram showing an example of the consent information table 61. The consent information table 61 is generated by the bank management server 110 based on the input from the personal terminal 400, stored in the blockchain 6, and shared by the information bank site 1 and the data providing site 2.
 同意情報テーブル61は、同意パターンID611と、個人情報に対して情報管理サーバ210が付与した個人を特定するための個人ID612と、個人ID612の個人情報を提供するデータ提供サイト2を特定する提供者ID613と、を一つのレコードに含む。 The consent information table 61 is a provider that specifies the consent pattern ID 611, the personal ID 612 for identifying the individual given by the information management server 210 to the personal information, and the data providing site 2 that provides the personal information of the personal ID 612. ID 613 and is included in one record.
 図示の例では、提供者ID613が「A」のデータ提供サイト2が保持する個人情報について、個人ID612が「C1」の個人は、同意パターンID611が「ag1」のデータ(又はデータセット)について同意したことを示す。 In the illustrated example, regarding the personal information held by the data providing site 2 whose provider ID 613 is "A", the individual whose personal ID 612 is "C1" agrees to the data (or data set) whose consent pattern ID 611 is "ag1". Show that you did.
 なお、同意パターンID611には利用目的テーブル62の同意パターンID621の値が設定され、提供者ID613には利用目的テーブル62の提供者ID625の値が格納される。 The value of the consent pattern ID 621 of the purpose of use table 62 is set in the consent pattern ID 611, and the value of the provider ID 625 of the purpose of use table 62 is stored in the provider ID 613.
 ブロックチェーン6に格納する同意情報テーブル61は、個人情報を提供するデータ提供サイト2の情報管理サーバ210で付与した個人ID612で管理することで、他の情報流通システムの参加者に対して誰が何に同意しているかの情報を秘匿化することができる。 The consent information table 61 stored in the blockchain 6 is managed by the personal ID 612 assigned by the information management server 210 of the data providing site 2 that provides personal information. It is possible to conceal the information as to whether or not you agree with.
 図14は、個人情報のハッシュ値テーブル63の一例を示す図である。個人情報のハッシュ値テーブル63はデータ提供サイト2の情報管理サーバ210で生成されて、ブロックチェーン6に格納され、情報銀行サイト1と共有される。 FIG. 14 is a diagram showing an example of a hash value table 63 of personal information. The hash value table 63 of personal information is generated by the information management server 210 of the data providing site 2, stored in the blockchain 6, and shared with the information bank site 1.
 個人情報のハッシュ値テーブル63は、個人を特定する識別子を格納する個人ID631と、データ提供サイト2を特定する識別子を格納する提供者ID632と、ハッシュ値の対象となる個人情報テーブル4の項目名を格納する個人情報項目名633と、個人情報から算出したハッシュ値634と、データ提供サイト2に予め設定された電子署名を格納する署名635と、を一つのレコードに含む。 The hash value table 63 of personal information includes a personal ID 631 that stores an identifier that identifies an individual, a provider ID 632 that stores an identifier that identifies the data providing site 2, and an item name of the personal information table 4 that is the target of the hash value. The personal information item name 633 for storing the personal information, the hash value 634 calculated from the personal information, and the signature 635 for storing the electronic signature preset in the data providing site 2 are included in one record.
 個人ID631には、個人情報テーブル4の個人ID41が格納される。提供者ID632にはデータ提供サイト2に予め設定された識別子が格納される。個人情報項目名633には、ハッシュ値を算出する個人情報テーブル4の個人情報項目名43の値が格納される。 The personal ID 41 of the personal information table 4 is stored in the personal ID 631. The provider ID 632 stores an identifier preset in the data providing site 2. In the personal information item name 633, the value of the personal information item name 43 of the personal information table 4 for calculating the hash value is stored.
 ハッシュ値634には、予め設定された関数によって情報管理サーバ210が算出したハッシュ値が格納される。署名635には、データ提供サイト2(又は情報管理サーバ210)に予め設定された電子署名が格納される。 The hash value 634 stores the hash value calculated by the information management server 210 by a preset function. The signature 635 stores a digital signature preset in the data providing site 2 (or the information management server 210).
 情報管理サーバ210は、個人ID631の個人情報項目名633毎に個人情報テーブルの個人情報44のハッシュ値を算出して個人情報のハッシュ値テーブル63に格納し、さらに、情報管理サーバ210が電子署名を署名635に格納してブロックチェーン6で情報銀行サイト1と共有する。 The information management server 210 calculates the hash value of the personal information 44 of the personal information table for each personal information item name 633 of the personal ID 631 and stores it in the hash value table 63 of the personal information, and the information management server 210 electronically signs it. Is stored in the signature 635 and shared with the information bank site 1 on the blockchain 6.
 図15は、証跡テーブル64の一例を示す図である。証跡テーブル64は、情報銀行サイト1の銀行管理サーバ110で生成されて、ブロックチェーン6に格納され、データ提供サイト2と共有される。 FIG. 15 is a diagram showing an example of the trail table 64. The trail table 64 is generated by the bank management server 110 of the information bank site 1, stored in the blockchain 6, and shared with the data providing site 2.
 証跡テーブル64は、提供用個人情報テーブル5へのアクセス要求を特定するための識別子を格納する申請No641と、提供用個人情報テーブル5にアクセスする利用者又は個人の識別子を格納する利用者ID642と、アクセス対象の提供用個人情報テーブル5を提供したデータ提供サイト2を特定する識別子を格納する提供者ID643と、提供用個人情報テーブル5に対するアクセスの種類を格納する申請内容644と、アクセス対象の提供用個人情報に与えられている個人の同意の識別子を格納するパターンID645と、利用者の署名を格納する署名646と、アクセスの日時を格納するタイムスタンプ647と、を一つのレコードに含む。 The trail table 64 includes an application No. 641 that stores an identifier for identifying an identifier for specifying an access request to the personal information table 5 for provision, and a user ID 642 that stores an identifier of a user or an individual who accesses the personal information table 5 for provision. , The provider ID 643 that stores the identifier that identifies the data providing site 2 that provided the personal information table 5 for provision of the access target, the application content 644 that stores the type of access to the personal information table 5 for provision, and the access target. One record includes a pattern ID 645 for storing an identifier of personal consent given to personal information for provision, a signature 646 for storing a user's signature, and a time stamp 647 for storing an access date and time.
 情報銀行サイト1の銀行管理サーバ110は、データ利用端末300又は個人端末400から提供用個人情報テーブル5に対するアクセス要求を受け付けると、申請No641を採番して、証跡テーブル64に新たなレコードを追加し、ブロックチェーン6に格納し、データ提供サイト2と共有する。 When the bank management server 110 of the information bank site 1 receives an access request to the personal information table 5 for provision from the data use terminal 300 or the personal terminal 400, the application No. 641 is numbered and a new record is added to the trail table 64. Then, it is stored in the blockchain 6 and shared with the data providing site 2.
 図16は、ID情報テーブル122の一例を示す図である。ID情報テーブル122は、情報銀行サイト1の銀行管理サーバ110で生成されて、データベース120に格納される。 FIG. 16 is a diagram showing an example of the ID information table 122. The ID information table 122 is generated by the bank management server 110 of the information bank site 1 and stored in the database 120.
 ID情報テーブル122は、銀行管理サーバ110が情報銀行サイト1内の識別子として付与した個人ID(情報銀行管理)1221と、当該個人ID1221の個人情報テーブル4を保有するデータ提供サイト2の識別子を格納する提供者ID1222と、データ提供サイト2で付与された個人の識別子を格納する個人ID(提供者管理)1223と、を一つのレコードに含む。 The ID information table 122 stores the personal ID (information bank management) 1221 given by the bank management server 110 as an identifier in the information bank site 1 and the identifier of the data providing site 2 that holds the personal information table 4 of the personal ID 1221. The provider ID 1222 to be used and the personal ID (provider management) 1223 for storing the personal identifier given by the data providing site 2 are included in one record.
 銀行管理サーバ110は、データ提供サイト2の情報管理サーバ210から個人情報テーブル4のデータを取得する際に、データ提供サイト2で個人に付与された識別子と、名前や住所などの個人を特定可能な情報を取得する。銀行管理サーバ110は、異なるデータ提供サイト2で同一の個人が存在する場合、個人ID(情報銀行管理)1221に同一の識別子を付与する。 When the bank management server 110 acquires the data of the personal information table 4 from the information management server 210 of the data providing site 2, the bank management server 110 can identify the identifier given to the individual at the data providing site 2 and the individual such as a name and an address. Get information. When the same individual exists on different data providing sites 2, the bank management server 110 assigns the same identifier to the personal ID (information bank management) 1221.
 銀行管理サーバ110は、異なるデータ提供サイト2を利用する個人の識別子を個人ID(提供者管理)1223に格納し、情報銀行サイト1内での識別子(個人ID(情報銀行管理)1221)を別途付与し、提供用個人情報テーブル5では、個人ID(情報銀行管理)1221を使用する。 The bank management server 110 stores the identifier of an individual who uses a different data providing site 2 in the personal ID (provider management) 1223, and separately stores the identifier in the information bank site 1 (personal ID (information bank management) 1221). In the personal information table 5 for granting and providing, the personal ID (information bank management) 1221 is used.
 これにより、データ提供サイト2内で使用されている識別子が、データ利用サイト3に開示されるのを防ぐことができる。 This makes it possible to prevent the identifier used in the data providing site 2 from being disclosed to the data using site 3.
 <処理>
 図5は、情報流通システムで行われる提供可能項目及び個人情報の登録処理の一例を示すシーケンス図である。 <Processing>
FIG. 5 is a sequence diagram showing an example of the registration process of the items that can be provided and the personal information performed in the information distribution system.
 データ提供サイト2で個人情報テーブル4を管理する提供者は、情報銀行サイト1に提供する個人情報テーブル4の項目名などを決定すると、情報管理サーバ210を介して情報銀行サイト1の銀行管理サーバ110に提供可能な個人情報の登録を依頼する(S1)。 When the provider who manages the personal information table 4 at the data providing site 2 determines the item name of the personal information table 4 to be provided to the information bank site 1, the bank management server of the information bank site 1 via the information management server 210. Request the registration of personal information that can be provided to 110 (S1).
 銀行管理サーバ110は、図17に示す提供可能な個人情報項目の登録画面1700を出力して、情報管理サーバ210から個人情報種別1213と、個人情報項目名1214と、項目内容1215と、サンプル値1216を受け付ける。 The bank management server 110 outputs the registration screen 1700 of the personal information item that can be provided as shown in FIG. 17, and the personal information type 1213, the personal information item name 1214, the item content 1215, and the sample value are output from the information management server 210. Accepts 1216.
 銀行管理サーバ110は、情報管理サーバ210から、個人情報の種類を示す個人情報種別1213と、個人情報の項目名を示す個人情報項目名1214と、個人情報の内容を示す項目内容1215と、サンプル値1216を受け付けて提供可能項目テーブル121に新たなレコードを追加して項目ID1211を付与する(S2)。銀行管理サーバ110は、登録の完了をデータ提供サイト2の情報管理サーバ210へ通知する(S3)。 From the information management server 210, the bank management server 110 includes a sample of personal information type 1213 indicating the type of personal information, personal information item name 1214 indicating the item name of personal information, and item content 1215 indicating the content of personal information. A new record is added to the available item table 121 by accepting the value 1216, and the item ID 1211 is assigned (S2). The bank management server 110 notifies the information management server 210 of the data providing site 2 of the completion of registration (S3).
 上記の処理によって、情報銀行サイト1の銀行管理サーバ110は、提供可能項目テーブル121に新たな個人情報の提供可能項目を登録する。 By the above processing, the bank management server 110 of the information bank site 1 registers new items that can be provided with personal information in the item table 121 that can be provided.
 次に、データ提供サイト2で物品の購入やサービスを利用するため、個人端末400がデータ提供サイト2の情報管理サーバ210にアクセスし、個人情報を入力する(S4)。 Next, in order to purchase goods and use services on the data providing site 2, the personal terminal 400 accesses the information management server 210 of the data providing site 2 and inputs personal information (S4).
 情報管理サーバ210は、個人端末400から受け付けた個人情報をデータベース220の個人情報テーブル4に格納する(S5)。情報管理サーバ210は、予め設定された関数を用いて登録された個人情報のハッシュ値を算出し(S6)、個人情報を登録したデータ提供サイト2(又は情報管理サーバ210)の電子署名を取得し(S7)、ハッシュ値と電子署名をブロックチェーン6の個人情報のハッシュ値テーブル63へ格納する(S8)。 The information management server 210 stores the personal information received from the personal terminal 400 in the personal information table 4 of the database 220 (S5). The information management server 210 calculates the hash value of the registered personal information using a preset function (S6), and acquires the electronic signature of the data providing site 2 (or the information management server 210) in which the personal information is registered. Then, the hash value and the electronic signature are stored in the hash value table 63 of the personal information of the blockchain 6 (S8).
 個人情報のハッシュ値テーブル63に格納されたハッシュ値634は、ブロックチェーン6によって情報銀行サイト1の銀行管理サーバ110と共有される(S9)。上記の処理によって、新たな個人情報がデータ提供サイト2の個人情報テーブル4に格納され、ブロックチェーン6の個人情報のハッシュ値テーブル63に新たなレコードが追加される。 The hash value 634 stored in the hash value table 63 of personal information is shared with the bank management server 110 of the information bank site 1 by the blockchain 6 (S9). By the above processing, new personal information is stored in the personal information table 4 of the data providing site 2, and a new record is added to the hash value table 63 of the personal information of the blockchain 6.
 図6は、情報流通システムで行われる利用目的の登録処理の一例を示すシーケンス図である。 FIG. 6 is a sequence diagram showing an example of the purpose of use registration process performed in the information distribution system.
 個人情報を利用するデータ利用サイト3の利用者は、データ利用端末300を介して情報銀行サイト1の銀行管理サーバ110にアクセスし、提供可能項目テーブル121を要求する(S11)。 The user of the data use site 3 that uses personal information accesses the bank management server 110 of the information bank site 1 via the data use terminal 300, and requests the provideable item table 121 (S11).
 なお、提供可能項目テーブル121を要求する際には、データ利用端末300に接続された認証デバイス310から利用者(担当者)を証明するための生体情報を入力し、生体情報に基づく認証を実施する。生体情報に基づく認証については、上記と同様であり、周知の技術を利用すればよいので、説明は省略する。 When requesting the provideable item table 121, biometric information for certifying the user (person in charge) is input from the authentication device 310 connected to the data use terminal 300, and authentication based on the biometric information is performed. To do. The authentication based on biometric information is the same as above, and a well-known technique may be used, so the description thereof will be omitted.
 銀行管理サーバ110は、データベース120から提供可能項目テーブル121を取得し(S12)、データ利用端末300に応答する(S13)。 The bank management server 110 acquires the provideable item table 121 from the database 120 (S12) and responds to the data use terminal 300 (S13).
 データ利用端末300を操作する利用者(担当者)は、図18に示す登録画面1800で、提供可能項目テーブル121から利用する提供可能項目を選択し(S14)、利用目的の登録を依頼する(S15)。 The user (person in charge) who operates the data use terminal 300 selects a provideable item to be used from the provideable item table 121 on the registration screen 1800 shown in FIG. 18 (S14), and requests registration of the purpose of use (S14). S15).
 登録画面1800には、データ提供サイト2を指定する提供者名1801と、個人情報種別1802と、個人情報項目名1803が入力可能で、データ利用端末300は、いずれかの項目に値を設定して検索ボタン1804を操作して、提供可能項目テーブル121を検索する。 On the registration screen 1800, a provider name 1801 for designating the data providing site 2, a personal information type 1802, and a personal information item name 1803 can be input, and the data using terminal 300 sets a value for any of the items. The search button 1804 is operated to search the provideable item table 121.
 検索結果は、提供者名1810と、提供可能項目テーブル121の個人情報種別1213と、個人情報項目名1214に表示される。データ利用端末300の利用者は、利用したデータの行の選択スイッチ1820を選択し、利用目的(概要)623と利用目的(詳細)624へ必要な事項を入力して登録ボタン1821を操作することで、登録の依頼が実施される。 The search results are displayed in the provider name 1810, the personal information type 1213 in the provideable item table 121, and the personal information item name 1214. The user of the data use terminal 300 selects the line selection switch 1820 of the used data, inputs necessary items into the purpose of use (overview) 623 and the purpose of use (details) 624, and operates the registration button 1821. Then, the registration request is carried out.
 銀行管理サーバ110は、入力された利用目的をブロックチェーン6の利用目的テーブル62に登録し(S16)、データ提供サイト2と共有する(S17)。なお、銀行管理サーバ110は、利用目的テーブル62の新たなレコードに同意パターンID621を付与する。本実施例では、同一の個人情報種別626であれば、同一の同意パターンIDを付与する例を示すが、これに限定されるものではない。そして、銀行管理サーバ110は、利用目的の登録が完了したことをデータ利用端末300に通知する(S18)。 The bank management server 110 registers the input purpose of use in the purpose of use table 62 of the blockchain 6 (S16) and shares it with the data providing site 2 (S17). The bank management server 110 assigns the consent pattern ID 621 to the new record in the purpose of use table 62. In this embodiment, if the same personal information type 626 is used, the same consent pattern ID is given, but the present invention is not limited to this. Then, the bank management server 110 notifies the data use terminal 300 that the registration of the purpose of use has been completed (S18).
 上記処理によって、情報銀行サイト1は、新たな利用目的テーブル62をブロックチェーン6に追加する。 By the above processing, the information bank site 1 adds a new purpose of use table 62 to the blockchain 6.
 図7は、情報流通システムで行われる同意情報の登録処理の一例を示すシーケンス図である。 FIG. 7 is a sequence diagram showing an example of the consent information registration process performed in the information distribution system.
 個人端末400を利用する個人は、データ提供サイト2に蓄積された自身の個人情報をデータ利用サイト3へ提供することを承諾するために、情報銀行サイト1の銀行管理サーバ110に個人情報の提供を依頼する(S21)。なお、依頼の際には、個人端末400に接続された認証デバイス410から個人情報の提供者であることを証明するための生体情報を入力し、生体情報に基づく認証を実施する。生体情報に基づく認証については、上記と同様であり、周知の技術を利用すればよいので、説明は省略する。銀行管理サーバ110は、個人情報の提供の依頼を中継してデータ提供サイト2の情報管理サーバ210に個人情報の取得依頼を取り次ぐ(S22)。 An individual who uses the personal terminal 400 provides personal information to the bank management server 110 of the information bank site 1 in order to consent to provide the personal information stored in the data providing site 2 to the data using site 3. (S21). At the time of request, biometric information for proving that the person is the provider of personal information is input from the authentication device 410 connected to the personal terminal 400, and authentication based on the biometric information is performed. The authentication based on biometric information is the same as above, and a well-known technique may be used, so the description thereof will be omitted. The bank management server 110 relays the request for providing personal information and relays the request for acquiring personal information to the information management server 210 of the data providing site 2 (S22).
 情報管理サーバ210は、個人情報の取得依頼で指定された個人情報テーブル4のデータをデータベース220から取得して(S23)、銀行管理サーバ110へ応答する(S24)。なお、本実施例では、個人端末400とデータ提供サイト2の情報管理サーバ210との間の個人情報の取得を、銀行管理サーバ110を中継する例を示したが、これに限定されるものではない。例えば、OAuth 2.0等の認証を利用することが望ましい。 The information management server 210 acquires the data of the personal information table 4 specified in the personal information acquisition request from the database 220 (S23), and responds to the bank management server 110 (S24). In this embodiment, the acquisition of personal information between the personal terminal 400 and the information management server 210 of the data providing site 2 is relayed through the bank management server 110, but the present invention is not limited to this. Absent. For example, it is desirable to use authentication such as OAuth 2.0.
 銀行管理サーバ110は、情報管理サーバ210から個人情報テーブル4のデータを取得すると、名前や住所などの個人を特定可能な情報から、指定された個人と同一人物が既に登録されているかを判定し、既登録であればID情報テーブル122の既登録の個人ID(情報銀行管理)1221を当該個人に付与して、ID情報テーブル122に新たなレコードを追加する(S25)。 When the bank management server 110 acquires the data of the personal information table 4 from the information management server 210, it determines whether the same person as the designated individual has already been registered from the personally identifiable information such as the name and address. If it is already registered, the registered personal ID (information bank management) 1221 of the ID information table 122 is given to the individual, and a new record is added to the ID information table 122 (S25).
 次に、銀行管理サーバ110は、個人情報を利用する利用目的をブロックチェーン6の利用目的テーブル62から取得する(S26)。情報管理サーバ210は、要求された個人情報と利用目的を個人端末400に応答する(S27)。銀行管理サーバ110は、例えば、図19のような、同意情報の登録画面1900を個人端末400へ出力し、個人情報と利用目的を表示する。 Next, the bank management server 110 acquires the purpose of use for using personal information from the purpose of use table 62 of the blockchain 6 (S26). The information management server 210 responds to the personal terminal 400 with the requested personal information and the purpose of use (S27). For example, the bank management server 110 outputs the consent information registration screen 1900 to the personal terminal 400 as shown in FIG. 19, and displays the personal information and the purpose of use.
 同意情報の登録画面1900では、個人情報の検索フォーム1901に提供者名(データ提供サイト2の名称)とIDとパスワードを入力して検索ボタンを操作することで、予めデータ提供サイト2に登録しておいたIDに対向する個人情報と、個人情報に設定された利用目的が表示される。 On the consent information registration screen 1900, the provider name (name of the data providing site 2), ID and password are entered in the personal information search form 1901, and the search button is operated to register the consent information in advance on the data providing site 2. The personal information facing the ID and the purpose of use set in the personal information are displayed.
 個人情報は、提供者名1902と、個人情報テーブル4の個人情報種別42と個人情報項目名43と個人情報44が表示される。利用目的としては、利用目的テーブル62の利用者ID622に対応する利用者名1903と、利用目的テーブル62の利用目的(概要)623、利用目的(詳細)624が表示される。 As the personal information, the provider name 1902, the personal information type 42 of the personal information table 4, the personal information item name 43, and the personal information 44 are displayed. As the purpose of use, the user name 1903 corresponding to the user ID 622 of the purpose of use table 62, the purpose of use (summary) 623, and the purpose of use (details) 624 of the purpose of use table 62 are displayed.
 個人端末400を操作する個人は、登録画面1900を確認して、個人情報項目名43を利用する利用者名1903と利用目的623を承諾する場合には、合意1904のチェックボックスを操作してから登録ボタン1905を操作する。この処理によって、図7の同意対象の選択(S28)と同意情報の登録依頼(S29)が実施される。 The individual who operates the personal terminal 400 confirms the registration screen 1900, and if he / she accepts the user name 1903 and the purpose of use 623 that use the personal information item name 43, he / she operates the check box of the agreement 1904. Operate the registration button 1905. By this process, the selection of the consent target (S28) and the registration request of the consent information (S29) of FIG. 7 are carried out.
 銀行管理サーバ110は、個人端末400から同意を受け付けると、利用目的テーブル62から同意パターンID621と提供者ID625を取得して、ID情報テーブル122から個人ID(情報銀行管理)1221を取得して同意情報を生成し、ブロックチェーン6の同意情報テーブル61に登録する(S30)。 When the bank management server 110 receives consent from the personal terminal 400, it acquires the consent pattern ID 621 and the provider ID 625 from the purpose of use table 62, obtains the personal ID (information bank management) 1221 from the ID information table 122, and agrees. Information is generated and registered in the consent information table 61 of the blockchain 6 (S30).
 ブロックチェーン6に格納された同意情報テーブル61は、データ提供サイト2と共有される(S31)。銀行管理サーバ110は、同意情報の登録が完了したことを個人端末400へ通知する(S32)。 The consent information table 61 stored in the blockchain 6 is shared with the data providing site 2 (S31). The bank management server 110 notifies the personal terminal 400 that the registration of the consent information has been completed (S32).
 上記処理によって、個人は個人端末400から情報銀行サイト1の銀行管理サーバ110へ同意の依頼を行うことで、自身の個人情報と、個人情報の項目に設定された利用目的及び利用者名を確認して個人情報の利用に同意することができる。 By the above processing, the individual requests consent from the personal terminal 400 to the bank management server 110 of the information bank site 1, and confirms his / her personal information and the purpose of use and user name set in the item of personal information. You can consent to the use of personal information.
 図8は、情報流通システムで行われる個人情報の提供処理の一例を示すシーケンス図である。なお、以下の例では、情報銀行サイト1の提供用個人情報テーブル5を利用せず、情報銀行サイト1がデータ提供サイト2とデータ利用サイト3の間で、個人情報の流通を中継する例を示す。 FIG. 8 is a sequence diagram showing an example of personal information provision processing performed in the information distribution system. In the following example, the information bank site 1 relays the distribution of personal information between the data providing site 2 and the data using site 3 without using the personal information table 5 for providing the information bank site 1. Shown.
 データ利用サイト3のデータ利用端末300が、予め設定した利用目的に基づいて個人情報の提供を要求する(S41)。なお、個人情報の提供要求には、個人情報種別又は個人情報項目名で、利用する個人情報を指定する例を示す。また、個人情報の提供を要求する際には、上述したように、認証デバイス310を利用して、担当者の生体情報に基づく認証を実施する。 The data use terminal 300 of the data use site 3 requests the provision of personal information based on a preset purpose of use (S41). In the request for providing personal information, an example of specifying the personal information to be used by the personal information type or the personal information item name is shown. Further, when requesting the provision of personal information, as described above, the authentication device 310 is used to perform authentication based on the biometric information of the person in charge.
 要求を受け付けた銀行管理サーバ110は、提供可能項目テーブル121もしくは利用目的テーブル62を参照して、要求された個人情報種別又は個人情報項目名を蓄積したデータ提供サイト2の提供者ID1212もしくは提供者625を特定する(S42)。 The bank management server 110 that has received the request refers to the provideable item table 121 or the purpose of use table 62, and refers to the provider ID 1212 or the provider of the data providing site 2 that stores the requested personal information type or personal information item name. 625 is specified (S42).
 銀行管理サーバ110は、利用者IDと、提供者ID1212と同意情報テーブル61の同意パターンID611を取得して、利用者の電子署名を取得して、証跡テーブル64に新たなレコードを追加する(S13)。なお、銀行管理サーバ110は、申請No641とタイムスタンプ647を付与する。また、利用者の電子署名は、生体情報に基づく公開鍵等を利用すればよい。 The bank management server 110 acquires the user ID, the provider ID 1212, and the consent pattern ID 611 of the consent information table 61, acquires the user's electronic signature, and adds a new record to the trail table 64 (S13). ). The bank management server 110 assigns the application No. 641 and the time stamp 647. Further, the user's electronic signature may be a public key or the like based on biometric information.
 証跡テーブル64に追加されたレコードは、ブロックチェーン6によってデータ提供サイト2に共有される(S44)。銀行管理サーバ110は、ステップS42で特定したデータ提供サイト2に対して、個人情報の提供を依頼する(S45)。個人情報の提供を依頼には、利用者ID642と同意パターンID611が含まれる。 The record added to the trail table 64 is shared with the data providing site 2 by the blockchain 6 (S44). The bank management server 110 requests the data providing site 2 specified in step S42 to provide personal information (S45). The request for providing personal information includes a user ID 642 and a consent pattern ID 611.
 データ提供サイト2の情報管理サーバ210は、利用者ID642と同意パターンID611から証跡テーブル64を検索して、利用者の署名646が正当であることを判定する(S46)。 The information management server 210 of the data providing site 2 searches the trail table 64 from the user ID 642 and the consent pattern ID 611, and determines that the user's signature 646 is valid (S46).
 次に、情報管理サーバ210は、ブロックチェーン6の利用目的テーブル62の同意パターンID621に対応する個人情報種別626と個人情報項目名627を取得する。また、同意パターンID621と合致する個人ID612を同意情報テーブル61から取得する。先の個人ID612に該当する個人情報種別626と個人情報項目名627に該当する個人情報を、データベース220の個人情報テーブル4から取得する(S47)。 Next, the information management server 210 acquires the personal information type 626 and the personal information item name 627 corresponding to the consent pattern ID 621 of the usage purpose table 62 of the blockchain 6. Further, the personal ID 612 that matches the consent pattern ID 621 is acquired from the consent information table 61. The personal information type 626 corresponding to the personal ID 612 and the personal information corresponding to the personal information item name 627 are acquired from the personal information table 4 of the database 220 (S47).
 情報管理サーバ210は、ブロックチェーン6の証跡テーブル64に、データ利用サイト3の利用者IDと、同意パターンIDで個人情報を提供した証跡を追加し、情報管理サーバ210の電子署名とタイムスタンプ647を記録する(S48)。新たなレコードが追加された証跡テーブル64はブロックチェーン6によって銀行管理サーバ110に共有される(S49)。 The information management server 210 adds the user ID of the data usage site 3 and the trail that provided personal information with the consent pattern ID to the trail table 64 of the blockchain 6, and electronically signs the information management server 210 and the time stamp 647. Is recorded (S48). The trail table 64 to which a new record is added is shared by the blockchain 6 with the bank management server 110 (S49).
 情報管理サーバ210は、個人情報テーブル4から取得した個人情報を銀行管理サーバ110へ応答する(S50)。個人情報を受信した銀行管理サーバ110は、ブロックチェーン6の利用目的テーブル62の同意パターンID621に対応する個人情報種別626と個人情報項目名627が、受信した個人情報の個人情報種別と個人情報項目名に一致しているかを確認する。また、同意情報テーブルの同意パターンID621に対応する個人ID612が受信した個人情報IDと一致していることを確認する(S51)。 The information management server 210 responds to the bank management server 110 with the personal information acquired from the personal information table 4 (S50). The bank management server 110 that has received the personal information has the personal information type 626 and the personal information item name 627 corresponding to the consent pattern ID 621 of the purpose of use table 62 of the blockchain 6, and the personal information type and the personal information item of the received personal information. Make sure it matches the name. Further, it is confirmed that the personal ID 612 corresponding to the consent pattern ID 621 in the consent information table matches the received personal information ID (S51).
 銀行管理サーバ110は、同意パターンID611に一致した個人情報であれば、ブロックチェーン6の個人情報のハッシュ値テーブル63からハッシュ値634を取得する。そして、取得した個人情報について個人ID毎にハッシュ値を算出して、ハッシュ値634に一致することを判定し、改竄の検知を行う(S52)。 The bank management server 110 acquires the hash value 634 from the hash value table 63 of the personal information of the blockchain 6 if the personal information matches the consent pattern ID 611. Then, a hash value is calculated for each personal ID of the acquired personal information, it is determined that the acquired personal information matches the hash value 634, and falsification is detected (S52).
 次に、銀行管理サーバ110は、複数のデータ提供サイト2から個人情報を取得した場合、各データ提供サイト2の個人ID(情報提供者管理)1223と銀行管理サーバ110が付与した個人ID(情報銀行管理)1221の関連付けを行って、同一の個人には同一の個人ID(情報銀行管理)1221を設定する(S53)。 Next, when the bank management server 110 acquires personal information from a plurality of data providing sites 2, the personal ID (information provider management) 1223 of each data providing site 2 and the personal ID (information) assigned by the bank management server 110 (Bank management) 1221 is associated, and the same personal ID (information bank management) 1221 is set for the same individual (S53).
 最後に、銀行管理サーバ110は、データ提供サイト2から取得した個人情報を、データ利用サイト3のデータ利用端末300に提供して処理を終了する(S54)。 Finally, the bank management server 110 provides the personal information acquired from the data providing site 2 to the data using terminal 300 of the data using site 3 and ends the process (S54).
 上記処理によって、銀行管理サーバ110は、同意情報に基づく個人情報をデータ提供サイト2の情報管理サーバ210から取得して、同意内容の正当性と、個人情報の改竄の検知を行ってから、データ利用サイト3のデータ利用端末300に個人情報を提供することが可能となる。これにより、個人が同意した内容を遵守しながらデータ提供サイト2と情報銀行サイト1とデータ利用サイト3の取引関係者で個人情報を流通することが可能となる。 By the above process, the bank management server 110 acquires personal information based on the consent information from the information management server 210 of the data providing site 2, detects the validity of the consent content and the falsification of the personal information, and then performs the data. It is possible to provide personal information to the data usage terminal 300 of the usage site 3. As a result, personal information can be distributed among the business associates of the data providing site 2, the information bank site 1, and the data using site 3 while observing the contents agreed by the individual.
 図9は、情報流通システムで行われる証跡テーブル64の閲覧処理の一例を示すシーケンス図である。 FIG. 9 is a sequence diagram showing an example of browsing processing of the trail table 64 performed in the information distribution system.
 個人端末400は、生体情報を利用した認証を用いて情報銀行サイト1の銀行管理サーバ110にアクセスし、個人情報の証跡を要求する(S61)。銀行管理サーバ110は、認証情報等から個人IDを取得して、当該個人が同意している同意パターンID611を同意情報テーブル61から取得する。 The personal terminal 400 accesses the bank management server 110 of the information bank site 1 by using authentication using biometric information, and requests a trail of personal information (S61). The bank management server 110 acquires the personal ID from the authentication information and the like, and acquires the consent pattern ID 611 that the individual has agreed to from the consent information table 61.
 そして、銀行管理サーバ110は、ブロックチェーン6の証跡テーブル64を同意パターンID611と指定された検索条件で検索して(S62)、該当するレコードを個人端末400へ提供する(S63)。 Then, the bank management server 110 searches the trail table 64 of the blockchain 6 with the search condition specified as the consent pattern ID 611 (S62), and provides the corresponding record to the personal terminal 400 (S63).
 図20は、証跡の検索画面2000の一例を示す図である。検索画面2000は検索条件2001と検索結果(2011~2018)を含む。 FIG. 20 is a diagram showing an example of the trail search screen 2000. The search screen 2000 includes search conditions 2001 and search results (2011 to 2018).
 検索条件2001には、提供者名(データ提供サイト2の名称)と、個人情報種別と、利用者名(データ利用サイト3の名称)と、提供期間(日時)を指定することができる。 In the search condition 2001, the provider name (name of the data providing site 2), the personal information type, the user name (name of the data using site 3), and the providing period (date and time) can be specified.
 検索結果には、提供者名2011と、個人情報種別2012と、個人情報項目名2013と、項目値2014と、利用者名2015と、利用目的(概要)2016と、利用目的(詳細)2017と、提供日時2018を含む。 The search results include the provider name 2011, the personal information type 2012, the personal information item name 2013, the item value 2014, the user name 2015, the purpose of use (summary) 2016, and the purpose of use (details) 2017. , The date and time of provision 2018 is included.
 提供者名2011は、証跡テーブル64の提供者ID643に対応するデータ提供サイト2の名称である。個人情報種別2012と個人情報項目名2013は、同意パターンID611に対応する個人情報種別626と個人情報項目名627である。利用者名2015は、証跡テーブル64の利用者ID642に対応するデータ利用サイト3の名称である。 The provider name 2011 is the name of the data providing site 2 corresponding to the provider ID 643 of the trail table 64. The personal information type 2012 and the personal information item name 2013 are the personal information type 626 and the personal information item name 627 corresponding to the consent pattern ID 611. The user name 2015 is the name of the data usage site 3 corresponding to the user ID 642 in the trail table 64.
 利用目的(概要)2016と利用目的(詳細)2017は、同意パターンID621に対応する利用目的テーブル62の利用目的(概要)623と利用目的(詳細)624である。提供日時2018は、証跡テーブル64のタイムスタンプ647である。 The purpose of use (summary) 2016 and the purpose of use (details) 2017 are the purpose of use (summary) 623 and the purpose of use (details) 624 of the purpose of use table 62 corresponding to the consent pattern ID 621. The date and time of provision 2018 is the time stamp 647 of the trail table 64.
 以上のように、個人情報を提供した個人は、個人端末400を介して自身の個人情報がどのように利用されているかを確認することができる。また、証跡テーブル64を情報流通システムに参加する情報銀行サイト1とデータ提供サイト2で共有することで、個人の同意情報に基づく処理が確実に行われていることを容易に検証することができる。 As described above, the individual who provided the personal information can confirm how his / her personal information is used via the personal terminal 400. Further, by sharing the trail table 64 between the information bank site 1 and the data providing site 2 participating in the information distribution system, it is possible to easily verify that the processing based on the individual consent information is surely performed. ..
 例えば、個人が個人情報の削除や更新を申請すると、その結果を証跡テーブル64によって、確認することができる。これにより、個人情報を提供する個人の同意や要求を確実に遵守又は実行させることができる。 For example, when an individual applies for deletion or update of personal information, the result can be confirmed by the trail table 64. This makes it possible to ensure compliance or execution of the consent and request of the individual who provides personal information.
 なお、上記実施例では、個人情報を流通させる例について説明したが、これに限定されるものではない。例えば、企業間で情報資産や物品の在庫等の情報を対象に特定の企業間で流通させることにしても良い。 In the above embodiment, an example of distributing personal information has been described, but the present invention is not limited to this. For example, information such as information assets and inventories of goods may be distributed between specific companies among companies.
 <結び>
 上記実施例の情報流通システムは、以下のような構成とすることができる。 <Conclusion>
The information distribution system of the above embodiment can have the following configuration.
 (1)プロセッサ(251)とメモリ(252)と通信装置(255)を有して、情報を収集する第1の計算機(情報管理サーバ210)と、プロセッサ(11)とメモリ(12)と通信装置(15)を有して、前記第1の計算機(210)が収集した情報(個人情報)を、外部(データ利用サイト3のデータ利用端末300)へ提供する第2の計算機(銀行管理サーバ110)と、を有する情報流通システムであって、前記第2の計算機(110)は、外部(300)へ提供する前記情報の利用条件を受け付けて利用目的管理部(32)を介して利用目的情報(利用目的テーブル62)に格納する利用目的管理部(23)と、前記第1の計算機(210)が収集した情報(4)を、外部(300)へ提供する前記利用条件に対する同意を受け付けて同意情報管理部(31)を介して同意情報(同意情報テーブル61)に格納する同意情報管理部(22)と、前記情報(4)の取得要求を受け付けると、前記同意を有する前記利用条件で、前記第1の計算機(210)が収集した情報(4)を取得して外部(300)へ提供する情報管理部(個人情報管理部21個人情報管理部33)と、証跡管理部(34)を介して前記情報(4)の取得要求又は前記情報の提供を実施したことを示す証跡を生成して証跡情報(証跡テーブル64)に格納する証跡管理部(24)と、を有し、前記第2の計算機(110)は、前記利用目的情報(62)と、前記同意情報(61)と、前記証跡情報(64)をブロックチェーン(6)に格納して前記第1の計算機(210)と共有することを特徴とする情報流通システム。 (1) Communicating with a first computer (information management server 210) having a processor (251), a memory (252), and a communication device (255) and collecting information, a processor (11), and a memory (12). A second computer (bank management server) having the device (15) and providing the information (personal information) collected by the first computer (210) to the outside (data use terminal 300 of the data use site 3). 110), the second computer (110) receives the usage conditions of the information provided to the outside (300) and uses the purpose of use management unit (32) via the purpose of use management unit (32). Accepts consent to the terms of use for providing the information (4) collected by the purpose of use management unit (23) stored in the information (purpose of use table 62) and the first computer (210) to the outside (300). When the consent information management unit (22) stored in the consent information (consent information table 61) and the acquisition request of the information (4) are received via the consent information management unit (31), the terms of use having the consent. Then, the information management unit (personal information management unit 21 personal information management unit 33) and the trail management unit (34) that acquire the information (4) collected by the first computer (210) and provide it to the outside (300). ), And a trail management unit (24) that generates a trail indicating that the acquisition request of the information (4) or the provision of the information has been performed and stores it in the trail information (trail table 64). The second computer (110) stores the purpose of use information (62), the consent information (61), and the trail information (64) in the blockchain (6), and stores the first computer (210). ), An information distribution system characterized by sharing with.
 上記構成により、ブロックチェーンで共有された同意情報を外部の計算機(データ利用端末300)を利用する取引関係者(特定の提供者(個人)及び情報銀行)が参照し、同意情報の正当性を確認した上で個人の同意に基づく確実な情報の授受を行うことが可能となる。 With the above configuration, the consent information shared on the blockchain is referred to by the business parties (specific providers (individuals) and information banks) who use the external computer (data use terminal 300), and the validity of the consent information is verified. After confirmation, it is possible to send and receive reliable information based on the consent of the individual.
 (2)上記(1)に記載の情報流通システムであって、前記証跡管理部(24)は、前記証跡の閲覧要求を受け付けて、証跡管理部(34)を介して前記ブロックチェーン(6)に格納された証跡情報(64)から、前記閲覧要求に対応する前記証跡を取得して出力することを特徴とする情報流通システム。 (2) In the information distribution system according to (1) above, the trail management unit (24) receives a request for viewing the trail, and the blockchain (6) via the trail management unit (34). An information distribution system characterized in that the trail corresponding to the browsing request is acquired and output from the trail information (64) stored in.
 上記構成により、個人情報を提供した個人は、個人端末400を介して自身の個人情報がどのように利用されているかを証跡テーブル64から確認することができる。また、証跡テーブル64を情報流通システムに参加する情報銀行サイト1とデータ提供サイト2で共有することで、個人の同意情報に基づく処理が確実に行われていることを容易に検証することができる。 With the above configuration, the individual who provided the personal information can confirm from the trail table 64 how his / her personal information is used via the personal terminal 400. Further, by sharing the trail table 64 between the information bank site 1 and the data providing site 2 participating in the information distribution system, it is possible to easily verify that the processing based on the individual consent information is surely performed. ..
 (3)上記(1)に記載の情報流通システムであって、前記同意情報管理部(22)は、前記同意を受け付ける際には、生体情報に基づく認証を実施することを特徴とする情報流通システム。 (3) The information distribution system according to (1) above, wherein the consent information management unit (22) performs authentication based on biometric information when accepting the consent. system.
 上記構成により、個人情報を提供する本人を生体情報に基づく認証によって証明することで、なりすましなどの不正を防止することができる。 With the above configuration, fraud such as spoofing can be prevented by proving the person who provides personal information by authentication based on biometric information.
 (4)上記(1)に記載の情報流通システムであって、前記第1の計算機(210)は、前記収集した情報(4)のハッシュ値(634)を生成して、前記ブロックチェーン(6)のハッシュ値情報(個人情報のハッシュ値テーブル63)に格納し、前記第2の計算機(110)の前記個人情報管理部(21)は、前記情報を前記第1の計算機(210)から取得すると、当該個人情報のハッシュ値を算出し、前記ブロックチェーンに格納されたハッシュ値情報から当該個人情報に対応するハッシュ値と比較して改竄の検知を行うことを特徴とする情報流通システム。 (4) In the information distribution system according to (1) above, the first computer (210) generates a hash value (634) of the collected information (4) to generate the blockchain (6). ) Is stored in the hash value information (hash value table 63 of personal information), and the personal information management unit (21) of the second computer (110) acquires the information from the first computer (210). Then, the hash value of the personal information is calculated, and the hash value information stored in the blockchain is compared with the hash value corresponding to the personal information to detect falsification, which is an information distribution system.
 上記構成により、銀行管理サーバ110は、ブロックチェーン6で共有されたハッシュ値634と、情報管理サーバ210から取得した個人情報のハッシュ値を算出して比較することで、個人情報の改竄を検知することができる。 With the above configuration, the bank management server 110 detects falsification of personal information by calculating and comparing the hash value 634 shared by the blockchain 6 with the hash value of personal information acquired from the information management server 210. be able to.
 (5)上記(1)に記載の情報流通システムであって、前記同意情報管理部(22)は、同意情報管理部(31)を介して前記受け付けた同意の内容を、前記情報(4)を提供する項目(個人情報項目名627)と利用者(利用者ID622)を特定する同意パターン識別子(同意パターンID621)で管理することを特徴とする情報流通システム。 (5) In the information distribution system described in (1) above, the consent information management unit (22) obtains the content of the consent received through the consent information management unit (31) in the information (4). An information distribution system characterized in that the item (personal information item name 627) and the user (user ID 622) are managed by the consent pattern identifier (consent pattern ID 621).
 上記構成により、ブロックチェーン6に格納する同意情報テーブル61は、当事者(個人および当該情報の提供者(データ提供サイト)と情報銀行)だけが識別可能な同意パターンID611で管理することで、同意情報を秘匿化することができる。 With the above configuration, the consent information table 61 stored in the blockchain 6 is managed by the consent pattern ID 611 that can be identified only by the parties (individuals and the provider of the information (data providing site) and the information bank). Can be concealed.
 (6)上記(1)に記載の情報流通システムであって、前記第2の計算機(110)は、複数の前記第1の計算機(210)と接続され、前記個人情報管理部(21)は、前記第1の計算機(210)から前記情報(4)を取得する際に、当該情報(4)の提供元(個人)を管理する前記第1の計算機(210)の識別子を第1の提供元識別子(個人ID(提供者管理)1223)として取得し、前記第1の計算機(210)から取得した前記情報に、当該情報(4)を提供した提供元(個人)を示す第2の提供元識別子(個人ID(情報銀行管理))1221を付与し、前記第1の提供元識別子(1223)と第2の提供元識別子(1221)の組をID情報(ID情報テーブル122)として管理し、前記複数の第1の計算機(210)から取得した第1の提供元識別子(1223)が同一の提供元(個人)である場合には、前記ID情報(122)の前記第2の提供元識別子(1221)に同一の識別子を設定することを特徴とする情報流通システム。 (6) In the information distribution system according to (1) above, the second computer (110) is connected to a plurality of the first computers (210), and the personal information management unit (21) When the information (4) is acquired from the first computer (210), the identifier of the first computer (210) that manages the provider (individual) of the information (4) is first provided. A second provision indicating the provider (individual) who provided the information (4) to the information acquired as the original identifier (personal ID (provider management) 1223) and acquired from the first computer (210). The original identifier (personal ID (information bank management)) 1221 is assigned, and the pair of the first provider identifier (1223) and the second provider identifier (1221) is managed as ID information (ID information table 122). When the first provider identifier (1223) acquired from the plurality of first computers (210) is the same provider (individual), the second provider of the ID information (122) An information distribution system characterized in that the same identifier is set for the identifier (1221).
 上記構成により、個人情報を提供するデータ提供サイト毎に異なる個人ID(提供者管理)1223を、情報銀行サイト1では個人ID(情報銀行管理)1221で紐付けて管理することが可能となる。 With the above configuration, it is possible to manage the personal ID (provider management) 1223, which is different for each data providing site that provides personal information, in association with the personal ID (information bank management) 1221 at the information bank site 1.
 (7)上記(1)に記載の情報流通システムであって、前記第1の計算機(210)が収集する前記情報が機密情報(個人情報テーブル4)を含み、前記第2の計算機(110)の同意情報管理部(22)が受け付ける前記同意は、前記機密情報の提供元(個人)の同意であり、前記同意は、前記機密情報の当事者、前記機密情報の提供元である第1の計算機(210)および前記第2の計算機(110)のみが識別できることを特徴とする情報流通システム。 (7) In the information distribution system according to (1) above, the information collected by the first computer (210) includes confidential information (personal information table 4), and the second computer (110) The consent received by the consent information management unit (22) is the consent of the confidential information provider (individual), and the consent is the consent of the parties to the confidential information and the first computer that is the provider of the confidential information. An information distribution system characterized in that only (210) and the second computer (110) can be identified.
 上記構成により、ブロックチェーンで共有された同意情報を、特定の提供者、個人、及び情報銀行が参照し、同意情報の正当性を確認した上で個人の同意に基づく確実な情報の授受を行うことが可能となる。 With the above configuration, the consent information shared on the blockchain is referred to by specific providers, individuals, and information banks, and after confirming the validity of the consent information, reliable information is exchanged based on the consent of the individual. It becomes possible.
 なお、本発明は上記した実施例に限定されるものではなく、様々な変形例が含まれる。例えば、上記した実施例は本発明を分かりやすく説明するために詳細に記載したものであり、必ずしも説明した全ての構成を備えるものに限定されるものではない。また、ある実施例の構成の一部を他の実施例の構成に置き換えることが可能であり、また、ある実施例の構成に他の実施例の構成を加えることも可能である。また、各実施例の構成の一部について、他の構成の追加、削除、又は置換のいずれもが、単独で、又は組み合わせても適用可能である。 The present invention is not limited to the above-described embodiment, and includes various modifications. For example, the above-described embodiment is described in detail in order to explain the present invention in an easy-to-understand manner, and is not necessarily limited to the one including all the configurations described. Further, it is possible to replace a part of the configuration of one embodiment with the configuration of another embodiment, and it is also possible to add the configuration of another embodiment to the configuration of one embodiment. Further, for a part of the configurations of each embodiment, any of addition, deletion, or replacement of other configurations can be applied alone or in combination.
 また、上記の各構成、機能、処理部、及び処理手段等は、それらの一部又は全部を、例えば集積回路で設計する等によりハードウェアで実現してもよい。また、上記の各構成、及び機能等は、プロセッサがそれぞれの機能を実現するプログラムを解釈し、実行することによりソフトウェアで実現してもよい。各機能を実現するプログラム、テーブル、ファイル等の情報は、メモリや、ハードディスク、SSD(Solid State Drive)等の記録装置、又は、ICカード、SDカード、DVD等の記録媒体に置くことができる。 Further, each of the above configurations, functions, processing units, processing means, etc. may be realized by hardware by designing a part or all of them by, for example, an integrated circuit. Further, each of the above configurations, functions, and the like may be realized by software by the processor interpreting and executing a program that realizes each function. Information such as programs, tables, and files that realize each function can be placed in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.
 また、制御線や情報線は説明上必要と考えられるものを示しており、製品上必ずしも全ての制御線や情報線を示しているとは限らない。実際には殆ど全ての構成が相互に接続されていると考えてもよい。 In addition, the control lines and information lines indicate those that are considered necessary for explanation, and not all control lines and information lines are necessarily indicated on the product. In practice, it can be considered that almost all configurations are interconnected.

Claims (15)

  1.  プロセッサとメモリと通信装置を有して、情報を収集する第1の計算機と、
     プロセッサとメモリと通信装置を有して、前記第1の計算機が収集した情報を、外部へ提供する第2の計算機と、を有する情報流通システムであって、
     前記第2の計算機は、
     外部へ提供する前記情報の利用条件を受け付けて利用目的情報に格納する利用目的管理部と、
     前記第1の計算機が収集した情報を、外部へ提供する前記利用条件に対する同意を受け付けて同意情報に格納する同意情報管理部と、
     前記情報の取得要求を受け付けると、前記同意を有する前記利用条件で、前記第1の計算機が収集した情報を取得して外部へ提供する情報管理部と、
     前記情報の取得要求又は前記情報の提供を実施したことを示す証跡を生成して証跡情報に格納する証跡管理部と、を有し、
     前記第2の計算機は、
     前記利用目的情報と、前記同意情報と、前記証跡情報をブロックチェーンに格納して前記第1の計算機と共有することを特徴とする情報流通システム。     A first computer that has a processor, memory, and a communication device to collect information,
    An information distribution system having a processor, a memory, and a communication device, and having a second computer that provides information collected by the first computer to the outside.
    The second computer is
    The purpose of use management unit that accepts the terms of use of the information provided to the outside and stores it in the purpose of use information,
    The consent information management unit that accepts the consent to the terms of use provided to the outside and stores the information collected by the first computer in the consent information.
    Upon receiving the request for acquisition of the information, the information management unit that acquires the information collected by the first computer and provides it to the outside under the terms of use with the consent.
    It has a trail management unit that generates a trail indicating that the information acquisition request or the information has been provided and stores it in the trail information.
    The second computer is
    An information distribution system characterized in that the purpose of use information, the consent information, and the trail information are stored in a blockchain and shared with the first computer.
  2.  請求項1に記載の情報流通システムであって、
     前記証跡管理部は、
     前記証跡の閲覧要求を受け付けて、前記ブロックチェーンに格納された証跡情報から、前記閲覧要求に対応する前記証跡を取得して出力することを特徴とする情報流通システム。     The information distribution system according to claim 1.
    The trail management department
    An information distribution system characterized in that it receives a viewing request for the trail, acquires the trail corresponding to the viewing request from the trail information stored in the blockchain, and outputs the trail.
  3.  請求項1に記載の情報流通システムであって、
     前記同意情報管理部は、
     前記同意を受け付ける際には、生体情報に基づく認証を実施することを特徴とする情報流通システム。     The information distribution system according to claim 1.
    The consent information management department
    An information distribution system characterized by performing authentication based on biometric information when accepting the consent.
  4.  請求項1に記載の情報流通システムであって、
     前記第1の計算機は、
     前記収集した情報のハッシュ値を生成して、前記ブロックチェーンのハッシュ値情報に格納し、
     前記第2の計算機の前記情報管理部は、
     前記情報を前記第1の計算機から取得すると、当該情報のハッシュ値を算出し、前記ブロックチェーンに格納されたハッシュ値情報から当該情報に対応するハッシュ値と比較して改竄の検知を行うことを特徴とする情報流通システム。     The information distribution system according to claim 1.
    The first computer is
    A hash value of the collected information is generated and stored in the hash value information of the blockchain.
    The information management unit of the second computer
    When the information is acquired from the first computer, the hash value of the information is calculated, and the hash value information stored in the blockchain is compared with the hash value corresponding to the information to detect falsification. An information distribution system that features it.
  5.  請求項1に記載の情報流通システムであって、
     前記同意情報管理部は、
     前記受け付けた同意の内容を、前記情報を提供する項目と利用者を特定する同意パターン識別子で管理することを特徴とする情報流通システム。     The information distribution system according to claim 1.
    The consent information management department
    An information distribution system characterized in that the content of the received consent is managed by an item that provides the information and a consent pattern identifier that identifies a user.
  6.  請求項1に記載の情報流通システムであって、
     前記第2の計算機は、複数の前記第1の計算機と接続され、
     前記情報管理部は、
     前記第1の計算機から前記情報を取得する際に、当該情報の提供元を管理する前記第1の計算機の識別子を第1の提供元識別子として取得し、
     前記第1の計算機から取得した前記情報に、当該情報を提供した提供元を示す第2の提供元識別子を付与し、
     前記第1の提供元識別子と第2の提供元識別子の組をID情報として管理し、前記複数の第1の計算機から取得した第1の提供元識別子が同一の提供元である場合には、前記ID情報の前記第2の提供元識別子に同一の識別子を設定することを特徴とする情報流通システム。     The information distribution system according to claim 1.
    The second computer is connected to a plurality of the first computers.
    The information management department
    When acquiring the information from the first computer, the identifier of the first computer that manages the provider of the information is acquired as the first provider identifier.
    A second provider identifier indicating the provider who provided the information is added to the information obtained from the first computer.
    When the pair of the first provider identifier and the second provider identifier is managed as ID information and the first provider identifier obtained from the plurality of first computers is the same provider, the same provider is used. An information distribution system characterized in that the same identifier is set for the second provider identifier of the ID information.
  7.  請求項1に記載の情報流通システムであって、
     前記第1の計算機が収集する前記情報が機密情報を含み、
     前記第2の計算機の同意情報管理部が受け付ける前記同意は、前記機密情報の提供元の同意であり、
     前記同意は、前記機密情報の当事者、前記機密情報の提供元である第1の計算機および前記第2の計算機のみが識別できることを特徴とする情報流通システム。     The information distribution system according to claim 1.
    The information collected by the first computer includes confidential information.
    The consent received by the consent information management unit of the second computer is the consent of the provider of the confidential information.
    The information distribution system is characterized in that the consent can be identified only by the parties to the confidential information, the first computer that is the provider of the confidential information, and the second computer.
  8.  プロセッサとメモリと通信装置を有して情報を収集する第1の計算機と、プロセッサとメモリと通信装置を有して前記第1の計算機が収集した情報を外部へ提供する第2の計算機で情報を流通する情報流通方法であって、
     前記第2の計算機が、外部へ提供する前記情報の利用条件を受け付けて、前記利用条件を利用目的情報へ格納する利用目的管理ステップと、
     前記第2の計算機が、前記第1の計算機で収集された情報を、外部へ提供する前記利用条件に対する同意を受け付けて、同意情報に角のする同意情報管理ステップと、
     前記第2の計算機が、前記情報の取得要求を受け付けると、前記同意を有する前記利用条件で、前記第1の計算機が収集した情報を取得して外部へ提供する情報管理ステップと、
     前記第2の計算機が、前記情報の取得要求又は前記情報の提供を実施したことを示す証跡を生成して証跡情報へ格納する証跡管理ステップと、
     前記第2の計算機が、前記利用目的情報と、前記同意情報と、前記証跡情報をブロックチェーンに格納して前記第1の計算機と共有する共有ステップと、
    を含むことを特徴とする情報流通方法。     Information by a first computer having a processor, a memory and a communication device to collect information, and a second computer having a processor, a memory and a communication device and providing the information collected by the first computer to the outside. It is an information distribution method that distributes
    A usage purpose management step in which the second computer receives the usage conditions of the information provided to the outside and stores the usage conditions in the usage purpose information.
    The second computer accepts the consent to the terms of use that provides the information collected by the first computer to the outside, and the consent information management step that makes the consent information horny.
    When the second computer receives the request for acquisition of the information, the information management step of acquiring the information collected by the first computer and providing it to the outside under the terms of use with the consent.
    A trail management step in which the second computer generates a trail indicating that the acquisition request for the information or the provision of the information has been performed and stores the trail in the trail information.
    A sharing step in which the second computer stores the purpose of use information, the consent information, and the trail information in a blockchain and shares the information with the first computer.
    An information distribution method characterized by including.
  9.  請求項8に記載の情報流通方法であって、
     前記証跡管理ステップは、
     前記証跡の閲覧要求を受け付けて、前記ブロックチェーンに格納された証跡情報から、前記閲覧要求に対応する前記証跡を取得して出力することを特徴とする情報流通方法。     The information distribution method according to claim 8.
    The trail management step
    An information distribution method comprising receiving a viewing request for a trail, acquiring the trail corresponding to the viewing request from the trail information stored in the blockchain, and outputting the trail.
  10.  請求項8に記載の情報流通方法であって、
     前記同意情報管理ステップは、
     前記同意を受け付ける際には、生体情報に基づく認証を実施することを特徴とする情報流通方法。     The information distribution method according to claim 8.
    The consent information management step is
    An information distribution method characterized by performing authentication based on biometric information when accepting the consent.
  11.  請求項8に記載の情報流通方法であって、
     前記第1の計算機は、
     前記収集した情報のハッシュ値を生成して、前記ブロックチェーンのハッシュ値情報に格納し、
     前記第2の計算機の前記情報管理ステップは、
     前記情報を前記第1の計算機から取得すると、当該情報のハッシュ値を算出し、前記ブロックチェーンに格納されたハッシュ値情報から当該情報に対応するハッシュ値と比較して改竄の検知を行うことを特徴とする情報流通方法。     The information distribution method according to claim 8.
    The first computer is
    A hash value of the collected information is generated and stored in the hash value information of the blockchain.
    The information management step of the second computer is
    When the information is acquired from the first computer, the hash value of the information is calculated, and the hash value information stored in the blockchain is compared with the hash value corresponding to the information to detect falsification. Characteristic information distribution method.
  12.  請求項8に記載の情報流通方法であって、
     前記同意情報管理ステップは、
     前記受け付けた同意の内容を、前記情報を提供する項目と利用者を特定する同意パターン識別子で管理することを特徴とする情報流通方法。     The information distribution method according to claim 8.
    The consent information management step is
    An information distribution method characterized in that the content of the received consent is managed by an item for providing the information and a consent pattern identifier that identifies a user.
  13.  請求項8に記載の情報流通方法であって、
     前記第2の計算機は、複数の前記第1の計算機と接続され、
     前記情報管理ステップは、
     前記第1の計算機から前記情報を取得する際に、当該情報の提供元を管理する前記第1の計算機の識別子を第1の提供元識別子として取得し、
     前記第1の計算機から取得した前記情報に、当該情報を提供した提供元を示す第2の提供元識別子を付与し、
     前記第1の提供元識別子と第2の提供元識別子の組をID情報として管理し、前記複数の第1の計算機から取得した第1の提供元識別子が同一の提供元である場合には、前記ID情報の前記第2の提供元識別子に同一の識別子を設定することを特徴とする情報流通方法。     The information distribution method according to claim 8.
    The second computer is connected to a plurality of the first computers.
    The information management step
    When acquiring the information from the first computer, the identifier of the first computer that manages the provider of the information is acquired as the first provider identifier.
    A second provider identifier indicating the provider who provided the information is added to the information obtained from the first computer.
    When the pair of the first provider identifier and the second provider identifier is managed as ID information and the first provider identifier obtained from the plurality of first computers is the same provider, the same provider is used. An information distribution method, characterized in that the same identifier is set for the second provider identifier of the ID information.
  14.  請求項8に記載の情報流通方法であって、
     前記第1の計算機が収集する前記情報が機密情報を含み、
     前記同意情報管理ステップにおいて、
     前記第2の計算機が受け付ける前記同意は、
     前記機密情報の提供元の同意であり、
     前記同意は、前記機密情報の当事者、前記機密情報の提供元である第1の計算機および前記第2の計算機のみが識別できる識別子によって管理することを特徴とする情報流通方法。     The information distribution method according to claim 8.
    The information collected by the first computer includes confidential information.
    In the consent information management step,
    The consent received by the second calculator is
    It is the consent of the provider of the confidential information.
    The information distribution method is characterized in that the consent is managed by an identifier that can be identified only by the parties to the confidential information, the first computer that is the provider of the confidential information, and the second computer.
  15.  プロセッサとメモリと通信装置を有する計算機が、外部から情報を取得して、当該情報を外部へ提供させるためのプログラムを格納した記憶媒体であって、
     外部へ提供する前記情報の利用条件を受け付けて、前記利用条件を利用目的情報へ格納する利用目的管理ステップと、
     前記第1の計算機で収集された情報を、外部へ提供する前記利用条件に対する同意を受け付けて、同意情報に角のする同意情報管理ステップと、
     前記情報の取得要求を受け付けると、前記同意を有する前記利用条件で、前記第1の計算機が収集した情報を取得して外部へ提供する情報管理ステップと、
     前記情報の取得要求又は前記情報の提供を実施したことを示す証跡を生成して証跡情報へ格納する証跡管理ステップと、
     前記利用目的情報と、前記同意情報と、前記証跡情報をブロックチェーンに格納する共有ステップと、
    を前記計算機に実行させるためのプログラムを格納した非一時的な計算機読み取り可能な記憶媒体。     A storage medium in which a computer having a processor, a memory, and a communication device stores a program for acquiring information from the outside and providing the information to the outside.
    A purpose management step that accepts the terms of use of the information to be provided to the outside and stores the terms of use in the purpose of use information.
    The consent information management step, which accepts the consent to the terms of use for providing the information collected by the first computer to the outside, and makes the consent information angry,
    Upon receiving the information acquisition request, the information management step of acquiring the information collected by the first computer and providing it to the outside under the terms of use with the consent, and
    A trail management step that generates a trail indicating that the information acquisition request or the information has been provided and stores it in the trail information.
    A sharing step for storing the purpose of use information, the consent information, and the trail information in the blockchain.
    A non-temporary computer-readable storage medium that stores a program for causing the computer to execute.
PCT/JP2019/037886 2019-09-26 2019-09-26 Information circulation system, information circulation method, and recording medium WO2021059434A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2019/037886 WO2021059434A1 (en) 2019-09-26 2019-09-26 Information circulation system, information circulation method, and recording medium
JP2021548080A JP7214000B2 (en) 2019-09-26 2019-09-26 Information distribution system, information distribution method and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2019/037886 WO2021059434A1 (en) 2019-09-26 2019-09-26 Information circulation system, information circulation method, and recording medium

Publications (1)

Publication Number Publication Date
WO2021059434A1 true WO2021059434A1 (en) 2021-04-01

Family

ID=75164905

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/037886 WO2021059434A1 (en) 2019-09-26 2019-09-26 Information circulation system, information circulation method, and recording medium

Country Status (2)

Country Link
JP (1) JP7214000B2 (en)
WO (1) WO2021059434A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200074548A1 (en) * 2018-08-29 2020-03-05 Credit Suisse Securities (Usa) Llc Systems and methods for calculating consensus data on a decentralized peer-to-peer network using distributed ledger
JPWO2020184580A1 (en) * 2019-10-15 2021-09-13 株式会社博報堂Dyホールディングス Mediators, systems and computer programs
WO2022255386A1 (en) * 2021-06-03 2022-12-08 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Incentive determination method, server, and program
WO2023120283A1 (en) * 2021-12-22 2023-06-29 ソニーグループ株式会社 Information processing device, information processing method, and information processing program
WO2023187910A1 (en) * 2022-03-28 2023-10-05 株式会社日立製作所 Personal information distribution system and personal information distribution appropriateness determination method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003345931A (en) * 2002-05-28 2003-12-05 Nippon Telegr & Teleph Corp <Ntt> Private information distribution management method, private information identification device in private information distribution management system, private information using environment identification device, private information providing device, private information using device, disclosure use rule determination program. and program for each device.
JP2019128648A (en) * 2018-01-22 2019-08-01 株式会社 みずほ銀行 Information management system, information management method and information management program
JP6580212B1 (en) * 2018-06-05 2019-09-25 富士通株式会社 COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6504639B1 (en) * 2018-06-18 2019-04-24 Necソリューションイノベータ株式会社 Service providing system and service providing method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003345931A (en) * 2002-05-28 2003-12-05 Nippon Telegr & Teleph Corp <Ntt> Private information distribution management method, private information identification device in private information distribution management system, private information using environment identification device, private information providing device, private information using device, disclosure use rule determination program. and program for each device.
JP2019128648A (en) * 2018-01-22 2019-08-01 株式会社 みずほ銀行 Information management system, information management method and information management program
JP6580212B1 (en) * 2018-06-05 2019-09-25 富士通株式会社 COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200074548A1 (en) * 2018-08-29 2020-03-05 Credit Suisse Securities (Usa) Llc Systems and methods for calculating consensus data on a decentralized peer-to-peer network using distributed ledger
US11818204B2 (en) * 2018-08-29 2023-11-14 Credit Suisse Securities (Usa) Llc Systems and methods for calculating consensus data on a decentralized peer-to-peer network using distributed ledger
JPWO2020184580A1 (en) * 2019-10-15 2021-09-13 株式会社博報堂Dyホールディングス Mediators, systems and computer programs
WO2022255386A1 (en) * 2021-06-03 2022-12-08 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Incentive determination method, server, and program
WO2023120283A1 (en) * 2021-12-22 2023-06-29 ソニーグループ株式会社 Information processing device, information processing method, and information processing program
WO2023187910A1 (en) * 2022-03-28 2023-10-05 株式会社日立製作所 Personal information distribution system and personal information distribution appropriateness determination method

Also Published As

Publication number Publication date
JP7214000B2 (en) 2023-01-27
JPWO2021059434A1 (en) 2021-04-01

Similar Documents

Publication Publication Date Title
WO2021059434A1 (en) Information circulation system, information circulation method, and recording medium
US8676672B2 (en) Systems and methods for electronic delivery of stored value
JP6934847B2 (en) Distribution management equipment, distribution management system, and distribution management method
US20200366469A1 (en) A method for controlling distribution of a product in a computer network and system
JPH11224288A (en) Use condition sale type digital contents sale electronic mall system
JP2002298055A (en) Electronic commerce system
US8402524B2 (en) ID bridge service system and method thereof
JP6042766B2 (en) Electronic trading system, electronic trading method, and program
JP2021135901A (en) Service setting system, service setting device, and method and program for service setting
JP7171504B2 (en) Personal information management server, personal information management method and personal information management system
TW201935347A (en) Service providing system, storage medium storing a computer program used therefor, and control method of service providing system
JP2006323728A (en) Service system and optimal service provision method
JP2001216360A (en) Device and method for issuing advance order certificate
JP6027485B2 (en) Electronic trading system, electronic trading method, and program
CN110599176B (en) Block chain-based data processing method and device, storage medium and node equipment
WO2002021284A1 (en) Personal information protective method
JP4527491B2 (en) Content provision system
JP2010244272A (en) Method, system and program for managing individual attribute information
KR102544008B1 (en) Electronic device including aggregator manager managing a plurality of aggregators and method thereof
KR20190044939A (en) Membership Sharing System And Method Thereof
JP5410712B2 (en) Account information management system, management method, and computer program
KR100671542B1 (en) System and Method for prepaid card service management function
KR102409867B1 (en) A method for managing member information and an apparatus for the same
US20240135414A1 (en) Method for monetizing data for a religious organization
US20060080180A1 (en) Method of verifying whether an on-line user is a member of an organization unrelated to a company

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19947365

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021548080

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19947365

Country of ref document: EP

Kind code of ref document: A1