WO2022269861A1 - Information collection system, information management system, information collection method, and program - Google Patents

Information collection system, information management system, information collection method, and program Download PDF

Info

Publication number
WO2022269861A1
WO2022269861A1 PCT/JP2021/023955 JP2021023955W WO2022269861A1 WO 2022269861 A1 WO2022269861 A1 WO 2022269861A1 JP 2021023955 W JP2021023955 W JP 2021023955W WO 2022269861 A1 WO2022269861 A1 WO 2022269861A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
basic
encrypted
additional
attribute
Prior art date
Application number
PCT/JP2021/023955
Other languages
French (fr)
Japanese (ja)
Inventor
賢治 太田
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2021/023955 priority Critical patent/WO2022269861A1/en
Publication of WO2022269861A1 publication Critical patent/WO2022269861A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to an information collection system, an information management system, an information collection method, and a program for collecting and holding information such as personal information.
  • Non-Patent Literature 1 describes a service that distributes products, services, and advertisements tailored to individuals by using personal attribute information (personal information) collected by personal information holding organizations such as information banks. ing. As a technique for combining tables while making information confidential, a secure calculation technique disclosed in Non-Patent Document 2 is known.
  • An object of the present invention is to provide a technology that allows an information holding organization to easily obtain additional attribute information from an information provider.
  • the information collection system of the present invention includes an information management system and an analysis device.
  • the information management system includes a plaintext basic information recording unit, a basic information encryption unit, an additional information request unit, encrypted basic information recording means, encrypted additional information recording means, information combining means, and encrypted combined information recording means.
  • the plaintext basic information recording unit records plaintext basic information, which is plaintext information of a predetermined basic attribute.
  • the basic information encryption unit outputs encrypted basic information obtained by encrypting the plaintext basic information.
  • the additional information requesting unit requests information on additional attributes, which are attributes other than the basic attributes, from outside the information collecting system based on a request from the analysis device.
  • the encrypted basic information recording means records encrypted basic information.
  • the encrypted additional information recording means externally acquires and records encrypted additional information obtained by encrypting all or part of the basic attribute information and the additional attribute information.
  • the information combining means combines the encrypted basic information and the encrypted additional information based on all or part of the basic attribute information included in the encrypted additional information, and outputs encrypted combined information.
  • the encrypted combination information recording means records the encrypted combination information.
  • the analyzer includes an additional information requesting section and an analysis requesting section.
  • the additional information requesting unit requests the information management system to acquire additional attribute information.
  • the additional attribute information is acquired in an encrypted state, and the encrypted basic information and the encrypted additional information are combined to obtain the encrypted combined information. Subsequent analyzes using encrypted binding information can also be analyzed using secure computation techniques. Therefore, the information of the additional attribute can be maintained in a confidential state with respect to the information holding organization. Therefore, information providers do not have to worry about information leaks, so information holding organizations can easily obtain additional attribute information from information providers such as individuals.
  • FIG. 2 is a diagram showing a functional configuration example of the information collection system according to the first embodiment
  • FIG. FIG. 4 is a diagram showing an example of information on predetermined basic attributes
  • the figure which shows the processing flow after basic information is provided.
  • FIG. 10 is a diagram showing a processing flow for acquiring and recording additional information according to the first embodiment; The figure which shows the processing flow which combines basic information and additional information.
  • FIG. 10 is a diagram showing a functional configuration example of an information collection system according to modification 1;
  • FIG. 10 is a diagram showing a processing flow for acquiring and recording additional information according to Modification 1;
  • the figure which shows the functional structural example of a computer The figure which shows the functional structural example of a computer.
  • FIG. 1 shows a functional configuration example of the information collection system of the first embodiment.
  • the information collection system 10 includes an information management system 50 and an analysis device 300 .
  • the information management system 50 is composed of an information management device 100 and a secure computing system 200 .
  • the secure computing system 200 is composed of N secure computing devices 200 1 , . . . , 200 N .
  • M information providing devices 400 1 is primarily assumed to be a mobile terminal owned by an individual, but may be a database owned by a company.
  • FIG. 2 shows an example of information on predetermined basic attributes.
  • FIG. 3 shows an example of information with added attributes.
  • basic attribute information personal name, gender, age, address, telephone number, and e-mail address are recorded in plaintext (unencrypted) in the plaintext basic information recording unit 190 of the information management device 100.
  • the analysis device 300 wishes to use the information on the purchase frequency of the product group A to search for individuals who are likely to purchase the products, information such as that shown in FIG. 3 is required.
  • an individual cannot easily provide information on the purchase frequency of the A product group.
  • the present invention employs a technique for generating the information shown in FIG. 3 in an encrypted state.
  • the information shown in FIG. 3 is kept secret from both the organization (information holding organization) that owns the information management system 50 and the organization that owns the analysis device 300 (such as a company that sells product A). You can keep it in a solid state.
  • the present invention provides an environment in which an individual (information provider) can easily provide information by using a technique that can conceal information. By providing such an environment, the information holding organization can easily obtain additional attribute information from the information provider.
  • the information management system 50 is composed of an information management device 100 and a secure computing system 200 .
  • the secure computing system 200 is composed of N secure computing devices 200 1 , . . . , 200 N .
  • the information management device 100 includes a plaintext basic information recording unit 190 , a basic information encryption unit 110 and an additional information request unit 130 .
  • the information management device 100 may also include a basic attribute notification unit 120 .
  • the secure computing device 200n includes an information combiner 210n , an analyzer 250n , and a recorder 290n .
  • the information combining units 210 1 , . . . , 210 N constitute an information combining means 210 .
  • the recording unit 290 n records the n-th share of the encrypted basic information, the n-th share of the encrypted additional information, and the n-th share of the encrypted combined information.
  • Encrypted basic information recording means 291 is the part that records shares of the encrypted basic information of the recording units 290 1 , . . . , 290 N .
  • Encrypted additional information recording means 292 is a portion that records shares of the encrypted additional information of the recording units 290 1 , . . . , 290 N .
  • Encrypted combined information recording means 293 is a portion that records shares of encrypted combined information of recording units 290 1 , . . . , 290 N .
  • the analysis device 300 includes an additional information requesting section 320 , an analysis requesting section 340 and an analysis recording section 390 .
  • the analysis device 300 may also include an additional information extraction section 310 and a combination request section 330 .
  • the analysis recording unit 390 records analysis rules to be requested to the information management system 50 .
  • the analysis requesting section 340 requests the analysis recorded by the analysis recording section 390 to the information management system 50 .
  • the information providing device 400m includes a basic information providing section 410m , an additional information encrypting section 420m , an encrypted additional information providing section 430m , and a recording section 490m . Information on various attributes held by individuals is recorded in the recording unit 490m .
  • FIG. 4 is a diagram showing the processing flow after basic information is provided.
  • FIG. 5 is a diagram illustrating a processing flow for acquiring and recording additional information according to the first embodiment.
  • FIG. 6 is a diagram showing a processing flow for combining basic information and additional information.
  • the basic information providing unit 410m sends plaintext basic information, which is plaintext information of a predetermined basic attribute, to the information management device 100 ( S410m ).
  • the information management device 100 records plaintext basic information, which is plaintext information of a predetermined basic attribute, in the plaintext basic information recording unit 190 (S190).
  • the basic information encryption unit 110 outputs encrypted basic information (N shares of the plaintext basic information) obtained by encrypting the plaintext basic information, and sends the encrypted basic information (n-th share) to the secure computing device 200 n .
  • Send The recording unit 290n of the secure computing device 200n records the encrypted basic information (the n -th share of the basic information) ( S291n ).
  • Summarizing steps S291 1 , . . . , S291 N the encrypted basic information recording means 291 records the encrypted basic information (S291).
  • the information management device 100 also includes the basic attribute notification unit 120, the basic attribute notification unit 120 transmits the predetermined basic attribute type to the analysis device 300 (S120).
  • the analysis device 300 records the type of basic attribute in the analysis recording unit 390 (S391).
  • the "types of basic attributes" are personal name, sex, age, address, telephone number, and e-mail address.
  • the additional information extraction unit 310 stores the analysis rule to be requested to the information management system 50 and the types of basic attributes recorded in the analysis recording unit 390. By comparison, attributes that are insufficient with only the basic attributes are extracted, and additional attributes that need to be added are output (S310). If the types of basic attributes are known and the additional information extraction unit 310 is not provided, the administrator who manages the analysis device 300 may specify the additional attributes.
  • the additional information requesting unit 320 of the analysis device 300 requests the information management system 50 to acquire additional attribute information (S320).
  • the information management device 100 of the information management system 50 receives the request, and the additional information requesting unit 130 sends the information of the additional attribute, which is an attribute other than the basic attribute, to the information collection system 10 based on the request from the analysis device 300. is requested to the information providing devices 400 1 , .
  • the additional information encryption unit 420m of the information providing device 400m encrypts all or part of the basic attribute information and the additional attribute information.
  • Encrypted additional information (N shares of additional information) is generated by associating and encrypting the information (S420 m ).
  • the personal name, gender, age, address, telephone number, and e-mail address information which are all of the basic attributes shown in FIG. 2, may be associated with additional attribute information.
  • the email address information may be associated with additional attribute information.
  • the additional information may be associated with information that can identify an individual in the basic attribute information.
  • the encrypted additional information providing unit 430 m transmits the encrypted basic information (the nth share) to the secure computing device 200 n (S430 m ).
  • the recording unit 290n of the secure computing device 200n records the encrypted additional information (the n -th share of the additional information) ( S292n ).
  • steps S292 1 , . (S292). Through the processing of steps S310 to S292, the information management system 50 can acquire the anonymized additional information.
  • the combination requesting section 330 requests the information management system 50 to combine the encrypted basic information and the encrypted additional information (S330).
  • the encrypted basic information and the encrypted additional information may be combined automatically when the information management system 50 records the encrypted additional information. In that case, the connection requesting unit 330 is not required.
  • the information combining means 210 combines the encrypted basic information and the encrypted additional information based on the information of all or part of the basic attributes included in the encrypted additional information to obtain encrypted combined information (encrypted combined information). N shares) are output (S210). More specifically, the information combining units 210 1 , . . . , 210 N of the secure computing devices 200 1 , . Then, the encrypted basic information and the encrypted additional information with matching basic attribute information are combined (S210 1 , . . . , S210 N ).
  • the encrypted combined information recording means 293 records encrypted combined information (N shares of encrypted combined information). That is, the recording unit 290n of the secure computing device 200n records the encrypted combined information (the n -th share of combined information) ( S293n ). Through steps S210 and S293, information obtained by encrypting the information obtained by combining the basic attribute information and the additional attribute information shown in FIG. 3 is recorded in the information management system 50.
  • FIG. 1 the information combining units 210 1 ,
  • the analysis requesting unit 340 of the analysis device 300 requests the information management system 50 to perform analysis according to the analysis rule recorded by the analysis recording unit 390 (S341).
  • the analysis means 250 of the secure computing system 200 of the information management system 50 performs the requested analysis using secure computing (S250), and the analysis device 300 acquires the analysis result (S342).
  • Analysis using secure calculation may be executed by cooperative processing of analysis units 250 1 , . . . , 250 N .
  • the additional attribute information is acquired in an encrypted state, and the encrypted basic information and the encrypted additional information are combined to obtain the encrypted combined information. Subsequent analyzes using encrypted binding information can also be analyzed using secure computation techniques. Therefore, the information of the additional attribute can be maintained in a confidential state with respect to the information holding organization. Therefore, information providers (individuals, etc.) do not need to worry about information (personal information, etc.) leaking out. In such an environment, information holding organizations can easily obtain additional attribute information from information providers such as individuals. [Modification 1]
  • step S320 of the first embodiment the analysis device 300 transmits to the information management system 50 in plaintext what information is required as additional attributes.
  • the information holding organization does not know the additional attribute information itself, but can know what kind of information has been added as additional attribute information (type of additional attribute).
  • the information holding organization does not know the type of the additional attribute.
  • FIG. 7 shows a functional configuration example of the information collection system of Modification 1.
  • FIG. 8 shows a processing flow for acquiring and recording additional information in Modification 1.
  • the secure computing device 201n includes an information combining unit 210n and an analyzing unit 250n as in FIG .
  • secure computing system 201 comprises additional attribute request means 230 .
  • the additional attribute request means 230 is composed of additional attribute request units 230 1 , . . . , 230 N of the secure computing devices 201 1 , .
  • the analysis device 301 includes an encrypted additional information requesting section 325 instead of the additional information requesting section 320 .
  • the information providing device 401m also includes an additional attribute decoding unit 440m .
  • Other configurations are the same as those of the first embodiment.
  • the processing flow after basic information is provided is the same as in FIG. 4, and the processing flow for combining basic information and additional information is the same as in FIG.
  • the analysis device 301 also includes an additional information extraction unit 310
  • the additional information extraction unit 310 stores the analysis rules to be requested to the information management system 51 recorded by the analysis recording unit 390 and the types of basic attributes. By comparison, attributes that are insufficient with only the basic attributes are extracted, and additional attributes that need to be added are output (S310). If the types of basic attributes are known and the additional information extraction unit 310 is not provided, the administrator who manages the analysis device 301 may specify the additional attributes.
  • the encrypted additional information requesting unit 325 of the analysis device 301 encrypts the type of the additional attribute, generates an encrypted additional attribute (N shares indicating the type of the additional attribute) indicating the type of the additional attribute, and encrypts the type of the additional attribute.
  • Information acquisition is requested to the information management system 51 (S325).
  • the secure computing system 201 of the information management system 51 receives the request, and the additional attribute request means 230 sends the information of the additional attribute, which is an attribute other than the basic attribute, to the information collection system 11 based on the request from the analysis device 301. is requested to the information providing devices 401 1 , .
  • the secure computing device 201 n receives one of the N shares (n-th share) indicating the type of additional attribute, and the additional attribute requesting unit 230 n requests based on the request from the analysis device 301 , 401M for information on additional attributes other than the basic attributes ( S230n ) .
  • the information providing device 401 m receives K or more shares among the shares indicating the types of additional attributes, and the additional attribute decoding unit 440 m decodes the types of additional information (S440 m ).
  • the additional information encryption unit 420m of the information providing device 401m encrypts all or part of the basic attribute information and the additional attribute information. Encrypted additional information (N shares of additional information) is generated by associating and encrypting the information (S420 m ).
  • the encrypted additional information providing unit 430 m transmits the encrypted basic information (the nth share) to the secure computing device 201 n (S430 m ).
  • the recording unit 290n of the secure computing device 201n records the encrypted additional information (the n -th share of the additional information) ( S292n ).
  • steps S292 1 , . (S292). Through the processing of steps S310 to S292, the information management system 51 can acquire the anonymized additional information.
  • Embodiment 1 According to the information collection system of Modification 1, the same effects as in Embodiment 1 can be obtained while preventing the information holding organization from knowing the types of additional attributes.
  • the recording unit 2020 of the computer 2000 shown in FIG. 7 reads a program for executing each step of the above method, and the control unit 2010, the input unit 2030, the output unit 2040, the display unit 2050, etc. operate. It can be implemented by
  • a program that describes this process can be recorded on a computer-readable recording medium.
  • Any computer-readable recording medium may be used, for example, a magnetic recording device, an optical disk, a magneto-optical recording medium, a semiconductor memory, or the like.
  • this program is carried out, for example, by selling, assigning, lending, etc. portable recording media such as DVDs and CD-ROMs on which the program is recorded.
  • the program may be distributed by storing the program in the storage device of the server computer and transferring the program from the server computer to other computers via the network.
  • a computer that executes such a program for example, first stores the program recorded on a portable recording medium or the program transferred from the server computer once in its own storage device. Then, when executing the process, this computer reads the program stored in its own recording medium and executes the process according to the read program. Also, as another execution form of this program, the computer may read the program directly from a portable recording medium and execute processing according to the program, and the program is transferred from the server computer to this computer. Each time, the processing according to the received program may be executed sequentially. In addition, the above-mentioned processing is executed by a so-called ASP (Application Service Provider) type service, which does not transfer the program from the server computer to this computer, and realizes the processing function only by its execution instruction and result acquisition. may be It should be noted that the program in this embodiment includes information that is used for processing by a computer and that conforms to the program (data that is not a direct instruction to the computer but has the property of prescribing the processing of the computer, etc.).
  • ASP
  • the device is configured by executing a predetermined program on a computer, but at least part of these processing contents may be implemented by hardware.
  • Information collection system 50 51 Information management system 100, 101 Information management device 110 Basic information encryption unit 120 Basic attribute notification unit 130 Additional information request unit 190 Plaintext basic information recording unit 200, 201 Secure computing system 200 n , 201 n secure computing device 210 information combining means 210 n information combining section 230 additional attribute requesting means 230 n additional attribute requesting section 250 analyzing means 250 n analyzing section 290 n recording section 291 encrypted basic information recording means 292 encrypted additional information recording means 293 Encrypted combined information recording means 300, 301 Analysis device 310 Additional information extraction unit 320 Additional information request unit 325 Encrypted additional information request unit 330 Combine request unit 340 Analysis request unit 390 Analysis recording unit 400 m , 401 m Information providing device 410 m Basic information providing unit 420 m Additional information encryption unit 430 m Encrypted additional information providing unit 440 m Additional information decoding unit 490 m Recording unit 400 m , 401 m Information providing device 410 m Basic information providing unit 420 m Additional information encryption unit

Abstract

This information management system comprises a basic information encryption unit, an additional information demanding unit, an encrypted basic information recording means, an encrypted additional information recording means, an information combination means, and an encrypted combined information recording means. The basic information encryption unit outputs encrypted basic information obtained by encrypting plaintext basic information. The additional information demanding unit demands information about an additional attribute that is an attribute other than a basic attribute. The encrypted basic information recording means records the encrypted basic information. The encrypted additional information recording means acquires and records encrypted additional information obtained by encrypting information about the basic attribute and the information about the additional attribute. The information combination means combines the encrypted basic information and the encrypted additional information on the basis of the information about the basic attribute included in the encrypted additional information, and outputs encrypted combined information. The encrypted combined information recording means records the encrypted combined information.

Description

情報収集システム、情報管理システム、情報収集方法、プログラムInformation collection system, information management system, information collection method, program
 本発明は個人情報などの情報を収集し保有する情報収集システム、情報管理システム、情報収集方法、プログラムに関する。 The present invention relates to an information collection system, an information management system, an information collection method, and a program for collecting and holding information such as personal information.
 顧客サービスを提供する事業者は顧客情報(個人情報、企業情報など)を保有しており、その保管システム(例えば、顧客管理データベースなど)が存在する。また、個人情報のデータ利活用を促進する目的で情報信託機能(情報銀行等)も存在する。このような個人情報を保有する組織を個人情報保有組織と呼ぶ(非特許文献1参照)。非特許文献1には、情報銀行などの個人情報保有組織が収集した個人の属性情報(個人情報)を事業者が活用して、個人に合わせた商品やサービス、広告を配信するサービスについて記載されている。なお、情報を秘匿化しながら表を結合する技術として、非特許文献2に示された秘密計算技術などが知られている。  Businesses that provide customer services possess customer information (personal information, corporate information, etc.), and have a storage system (for example, a customer management database, etc.). There is also an information trust function (information bank, etc.) for the purpose of promoting data utilization of personal information. An organization that holds such personal information is called a personal information holding organization (see Non-Patent Document 1). Non-Patent Literature 1 describes a service that distributes products, services, and advertisements tailored to individuals by using personal attribute information (personal information) collected by personal information holding organizations such as information banks. ing. As a technique for combining tables while making information confidential, a secure calculation technique disclosed in Non-Patent Document 2 is known.
 しかしながら、個人情報を活用してデータ分析等を行うにあたり、既に保有している属性以外の新たな属性情報を入手したい場合があり得る。しかし、情報を提供する個人が個人情報保有組織に新たな属性情報を知られたくないという理由により、改めて追加の属性情報を入手することが難しいという課題があった。このような追加の属性情報の入手が困難な事例は個人情報の場合が多いと考えられるが、同様の事例は企業が保有する情報でもあり得る。そこで、以下では、属性情報を保有する組織を情報保有組織と呼ぶことにする。本発明は、情報保有組織が情報提供者から追加の属性情報を入手しやすい技術を提供することを目的とする。 However, when performing data analysis using personal information, there may be cases where you want to obtain new attribute information other than the attributes you already have. However, there is a problem that it is difficult to obtain additional attribute information again because the individual who provides the information does not want the personal information holding organization to know the new attribute information. Such cases where it is difficult to obtain additional attribute information are considered to be personal information in many cases, but similar cases can also be information held by companies. Therefore, hereinafter, an organization that holds attribute information will be called an information holding organization. SUMMARY OF THE INVENTION An object of the present invention is to provide a technology that allows an information holding organization to easily obtain additional attribute information from an information provider.
 本発明の情報収集システムは、情報管理システムと分析装置とを備える。情報管理システムは、平文基本情報記録部、基本情報暗号化部、追加情報要求部、暗号化基本情報記録手段、暗号化追加情報記録手段、情報結合手段、暗号化結合情報記録手段を備える。平文基本情報記録部は、あらかじめ定めた基本属性の平文の情報である平文基本情報を記録する。基本情報暗号化部は、平文基本情報を暗号化した暗号化基本情報を出力する。追加情報要求部は、分析装置からの依頼に基づいて、基本属性以外の属性である追加属性の情報を、当該情報収集システムの外部に要求する。暗号化基本情報記録手段は、暗号化基本情報を記録する。暗号化追加情報記録手段は、基本属性の全部または一部の情報と追加属性の情報とを暗号化した暗号化追加情報を外部から取得し、記録する。情報結合手段は、暗号化追加情報に含まれる基本属性の全部または一部の情報に基づいて、暗号化基本情報と暗号化追加情報とを結合し、暗号化結合情報を出力する。暗号化結合情報記録手段は、暗号化結合情報を記録する。分析装置は、追加情報依頼部、分析依頼部を備える。追加情報依頼部は、追加属性の情報の取得を、情報管理システムに依頼する。 The information collection system of the present invention includes an information management system and an analysis device. The information management system includes a plaintext basic information recording unit, a basic information encryption unit, an additional information request unit, encrypted basic information recording means, encrypted additional information recording means, information combining means, and encrypted combined information recording means. The plaintext basic information recording unit records plaintext basic information, which is plaintext information of a predetermined basic attribute. The basic information encryption unit outputs encrypted basic information obtained by encrypting the plaintext basic information. The additional information requesting unit requests information on additional attributes, which are attributes other than the basic attributes, from outside the information collecting system based on a request from the analysis device. The encrypted basic information recording means records encrypted basic information. The encrypted additional information recording means externally acquires and records encrypted additional information obtained by encrypting all or part of the basic attribute information and the additional attribute information. The information combining means combines the encrypted basic information and the encrypted additional information based on all or part of the basic attribute information included in the encrypted additional information, and outputs encrypted combined information. The encrypted combination information recording means records the encrypted combination information. The analyzer includes an additional information requesting section and an analysis requesting section. The additional information requesting unit requests the information management system to acquire additional attribute information.
 本発明の情報収集システムおよび情報管理システムによれば、追加属性の情報は、暗号化した状態で取得し、暗号化基本情報と暗号化追加情報とを結合して暗号化結合情報を得る。その後の暗号化結合情報を用いた分析でも、秘密計算技術を利用して分析できる。したがって、追加属性の情報は、情報保有組織に対して秘匿化した状態を維持できる。よって、情報提供者は情報の流出を心配する必要がないので、情報保有組織は個人などの情報提供者から追加の属性情報を入手しやすくなる。 According to the information collection system and the information management system of the present invention, the additional attribute information is acquired in an encrypted state, and the encrypted basic information and the encrypted additional information are combined to obtain the encrypted combined information. Subsequent analyzes using encrypted binding information can also be analyzed using secure computation techniques. Therefore, the information of the additional attribute can be maintained in a confidential state with respect to the information holding organization. Therefore, information providers do not have to worry about information leaks, so information holding organizations can easily obtain additional attribute information from information providers such as individuals.
実施例1の情報収集システムの機能構成例を示す図。FIG. 2 is a diagram showing a functional configuration example of the information collection system according to the first embodiment; FIG. あらかじめ定めた基本属性の情報の例を示す図。FIG. 4 is a diagram showing an example of information on predetermined basic attributes; 属性を追加した情報の例を示す図。The figure which shows the example of the information which added the attribute. 基本情報が提供された後の処理フローを示す図。The figure which shows the processing flow after basic information is provided. 実施例1の追加情報を取得し、記録する処理フローを示す図。FIG. 10 is a diagram showing a processing flow for acquiring and recording additional information according to the first embodiment; 基本情報と追加情報とを結合する処理フローを示す図。The figure which shows the processing flow which combines basic information and additional information. 変形例1の情報収集システムの機能構成例を示す図。FIG. 10 is a diagram showing a functional configuration example of an information collection system according to modification 1; 変形例1の追加情報を取得し、記録する処理フローを示す図。FIG. 10 is a diagram showing a processing flow for acquiring and recording additional information according to Modification 1; コンピュータの機能構成例を示す図。The figure which shows the functional structural example of a computer.
 以下、本発明の実施の形態について、詳細に説明する。なお、同じ機能を有する構成部には同じ番号を付し、重複説明を省略する。 Hereinafter, embodiments of the present invention will be described in detail. Components having the same function are given the same number, and redundant description is omitted.
 以下の説明では、Nはあらかじめ定めた3以上の整数、nは1以上N以下の整数、Kはあらかじめ定めた2以上N以下の整数、Mは1以上の整数、mは1以上M以下の整数とする。図1に実施例1の情報収集システムの機能構成例を示す。情報収集システム10は、情報管理システム50と分析装置300を備える。情報管理システム50は、情報管理装置100と秘密計算システム200で構成される。また、秘密計算システム200は、N個の秘密計算装置200,…,200で構成される。情報管理装置100、秘密計算装置200,…,200、分析装置300は、ネットワーク900を介して接続されている。同様に、情報を保有し、提供するM個の情報提供装置400,…,400もネットワーク900を介して接続される。本発明では、情報提供装置400は、第1には個人が保有する携帯端末などを想定しているが、企業が保有するデータベースでも構わない。 In the following description, N is a predetermined integer of 3 or more, n is an integer of 1 or more and N or less, K is a predetermined integer of 2 or more and N or less, M is an integer of 1 or more, and m is 1 or more of M or less. be an integer. FIG. 1 shows a functional configuration example of the information collection system of the first embodiment. The information collection system 10 includes an information management system 50 and an analysis device 300 . The information management system 50 is composed of an information management device 100 and a secure computing system 200 . The secure computing system 200 is composed of N secure computing devices 200 1 , . . . , 200 N . The information management device 100, the secure computing devices 200 1 , . Similarly, M information providing devices 400 1 , . In the present invention, the information providing device 400m is primarily assumed to be a mobile terminal owned by an individual, but may be a database owned by a company.
 非特許文献2などに示されている秘密計算技術では、データは「シェア」と呼ばれるN個の断片に分割され、K個以上のシェアを取得するとデータを復元できるが、K個未満のシェアからではデータは復元できない(秘密は漏れない)という特徴を有する。したがって、情報提供装置400が秘匿化した状態を保ちたい情報からN個のシェアを生成して、それぞれの秘密計算装置200に1つずつのシェアを分散すれば、情報を秘匿化できる。なお、例えば、N=3、K=2とすればよいし、それ以外の値でもよい。 In the secure computing technology shown in Non-Patent Document 2, etc., data is divided into N pieces called "shares". , the data cannot be restored (the secret is not leaked). Therefore, if the information providing device 400m generates N shares from the information that the information providing device 400m wishes to keep confidential, and distributes one share to each of the secure computing devices 200n, the information can be made confidential. For example, N=3 and K=2, or other values may be used.
 図2に、あらかじめ定めた基本属性の情報の例を示す。また、図3に、属性を追加した情報の例を示す。例えば、基本属性の情報として、個人名、性別、年齢、住所、電話番号、メールアドレスが、平文の状態(暗号化していない状態)で情報管理装置100の平文基本情報記録部190に記録される。分析装置300が、A商品群の購入頻度の情報を用いて購入しそうな個人を探す分析を行いたい場合、図3に示すような情報が必要である。しかし、個人(情報提供者)から、A商品群の購入頻度の情報を容易には提供してもらえない。図3に示した情報は平文の状態で示しているが、本発明では、図3に示した情報を暗号化した状態で生成する技術である。この方法の場合、情報管理システム50を保有する組織(情報保有組織)に対しても分析装置300を保有する組織(A商品を販売する企業など)に対しても図3に示した情報は秘匿化した状態を維持できる。本発明では、情報を秘匿化できる技術によって、個人(情報提供者)が情報を提供しやすい環境を提供する。そして、このような環境を提供することで、情報保有組織が情報提供者から追加の属性情報を入手しやすくする。 Fig. 2 shows an example of information on predetermined basic attributes. Also, FIG. 3 shows an example of information with added attributes. For example, as basic attribute information, personal name, gender, age, address, telephone number, and e-mail address are recorded in plaintext (unencrypted) in the plaintext basic information recording unit 190 of the information management device 100. . If the analysis device 300 wishes to use the information on the purchase frequency of the product group A to search for individuals who are likely to purchase the products, information such as that shown in FIG. 3 is required. However, an individual (information provider) cannot easily provide information on the purchase frequency of the A product group. Although the information shown in FIG. 3 is shown in a plaintext state, the present invention employs a technique for generating the information shown in FIG. 3 in an encrypted state. In the case of this method, the information shown in FIG. 3 is kept secret from both the organization (information holding organization) that owns the information management system 50 and the organization that owns the analysis device 300 (such as a company that sells product A). You can keep it in a solid state. The present invention provides an environment in which an individual (information provider) can easily provide information by using a technique that can conceal information. By providing such an environment, the information holding organization can easily obtain additional attribute information from the information provider.
 図1に示したように、情報管理システム50は、情報管理装置100と秘密計算システム200で構成される。秘密計算システム200は、N個の秘密計算装置200,…,200で構成される。情報管理装置100は、平文基本情報記録部190、基本情報暗号化部110、追加情報要求部130を備える。情報管理装置100は、基本属性通知部120も備えてもよい。秘密計算装置200は、情報結合部210、分析部250、記録部290を備える。情報結合部210,…,210で情報結合手段210を構成する。分析部250,…,250で分析手段250を構成する。記録部290は、暗号化基本情報のn番目のシェア、暗号化追加情報のn番目のシェア、暗号化結合情報のn番目のシェアを記録する。記録部290,…,290の暗号化基本情報のシェアを記録している部分が、暗号化基本情報記録手段291である。記録部290,…,290の暗号化追加情報のシェアを記録している部分が、暗号化追加情報記録手段292である。記録部290,…,290の暗号化結合情報のシェアを記録している部分が、暗号化結合情報記録手段293である。 As shown in FIG. 1, the information management system 50 is composed of an information management device 100 and a secure computing system 200 . The secure computing system 200 is composed of N secure computing devices 200 1 , . . . , 200 N . The information management device 100 includes a plaintext basic information recording unit 190 , a basic information encryption unit 110 and an additional information request unit 130 . The information management device 100 may also include a basic attribute notification unit 120 . The secure computing device 200n includes an information combiner 210n , an analyzer 250n , and a recorder 290n . The information combining units 210 1 , . . . , 210 N constitute an information combining means 210 . The analysis units 250 1 , . . . , 250 N constitute the analysis means 250 . The recording unit 290 n records the n-th share of the encrypted basic information, the n-th share of the encrypted additional information, and the n-th share of the encrypted combined information. Encrypted basic information recording means 291 is the part that records shares of the encrypted basic information of the recording units 290 1 , . . . , 290 N . Encrypted additional information recording means 292 is a portion that records shares of the encrypted additional information of the recording units 290 1 , . . . , 290 N . Encrypted combined information recording means 293 is a portion that records shares of encrypted combined information of recording units 290 1 , . . . , 290 N .
 分析装置300は、追加情報依頼部320、分析依頼部340、分析記録部390を備える。また、分析装置300は、追加情報抽出部310、結合依頼部330も備えてもよい。分析記録部390は、情報管理システム50に依頼する分析のルールを記録している。分析依頼部340は、情報管理システム50に分析記録部390が記録している分析を依頼する。情報提供装置400は、基本情報提供部410、追加情報暗号化部420、暗号化追加情報提供部430、記録部490を備える。個人が保有する様々な属性の情報などは、記録部490に記録されている。 The analysis device 300 includes an additional information requesting section 320 , an analysis requesting section 340 and an analysis recording section 390 . The analysis device 300 may also include an additional information extraction section 310 and a combination request section 330 . The analysis recording unit 390 records analysis rules to be requested to the information management system 50 . The analysis requesting section 340 requests the analysis recorded by the analysis recording section 390 to the information management system 50 . The information providing device 400m includes a basic information providing section 410m , an additional information encrypting section 420m , an encrypted additional information providing section 430m , and a recording section 490m . Information on various attributes held by individuals is recorded in the recording unit 490m .
 図4は、基本情報が提供された後の処理フローを示す図である。図5は、実施例1の追加情報を取得し、記録する処理フローを示す図である。図6は、基本情報と追加情報とを結合する処理フローを示す図である。基本情報提供部410は、あらかじめ定めた基本属性の平文の情報である平文基本情報を、情報管理装置100に送る(S410)。情報管理装置100は、平文基本情報記録部190に、あらかじめ定めた基本属性の平文の情報である平文基本情報を記録する(S190)。 FIG. 4 is a diagram showing the processing flow after basic information is provided. FIG. 5 is a diagram illustrating a processing flow for acquiring and recording additional information according to the first embodiment. FIG. 6 is a diagram showing a processing flow for combining basic information and additional information. The basic information providing unit 410m sends plaintext basic information, which is plaintext information of a predetermined basic attribute, to the information management device 100 ( S410m ). The information management device 100 records plaintext basic information, which is plaintext information of a predetermined basic attribute, in the plaintext basic information recording unit 190 (S190).
 基本情報暗号化部110は、平文基本情報を暗号化した暗号化基本情報(平文基本情報のN個のシェア)を出力し、秘密計算装置200に暗号化基本情報(n番目のシェア)を送信する(S110)。秘密計算装置200の記録部290は暗号化基本情報(基本情報のn番目のシェア)を記録する(S291)。ステップS291,…,S291をまとめると、暗号化基本情報記録手段291が暗号化基本情報を記録する(S291)。情報管理装置100が基本属性通知部120も備えている場合は、基本属性通知部120は、あらかじめ定めた基本属性の種類を、分析装置300に送信する(S120)。分析装置300は、分析記録部390に基本属性の種類を記録する(S391)。「基本属性の種類」とは、図2の場合であれば、個人名、性別、年齢、住所、電話番号、メールアドレスである。 The basic information encryption unit 110 outputs encrypted basic information (N shares of the plaintext basic information) obtained by encrypting the plaintext basic information, and sends the encrypted basic information (n-th share) to the secure computing device 200 n . Send (S110). The recording unit 290n of the secure computing device 200n records the encrypted basic information (the n -th share of the basic information) ( S291n ). Summarizing steps S291 1 , . . . , S291 N , the encrypted basic information recording means 291 records the encrypted basic information (S291). If the information management device 100 also includes the basic attribute notification unit 120, the basic attribute notification unit 120 transmits the predetermined basic attribute type to the analysis device 300 (S120). The analysis device 300 records the type of basic attribute in the analysis recording unit 390 (S391). In the case of FIG. 2, the "types of basic attributes" are personal name, sex, age, address, telephone number, and e-mail address.
 分析装置300が、追加情報抽出部310も備えている場合は、追加情報抽出部310は、分析記録部390が記録している情報管理システム50に依頼する分析のルールと基本属性の種類とを対比し、基本属性だけでは不足する属性を抽出し、追加する必要がある属性である追加属性を出力する(S310)。なお、基本属性の種類が既知であり、追加情報抽出部310を備えていない場合は、分析装置300を管理する管理者が、追加属性を指定すればよい。 If the analysis device 300 also includes an additional information extraction unit 310, the additional information extraction unit 310 stores the analysis rule to be requested to the information management system 50 and the types of basic attributes recorded in the analysis recording unit 390. By comparison, attributes that are insufficient with only the basic attributes are extracted, and additional attributes that need to be added are output (S310). If the types of basic attributes are known and the additional information extraction unit 310 is not provided, the administrator who manages the analysis device 300 may specify the additional attributes.
 分析装置300の追加情報依頼部320は、追加属性の情報の取得を、情報管理システム50に依頼する(S320)。情報管理システム50の情報管理装置100が依頼を受信し、追加情報要求部130が、分析装置300からの依頼に基づいて、基本属性以外の属性である追加属性の情報を、当該情報収集システム10の外部に存在する情報提供装置400,…,400に要求する(S130)。 The additional information requesting unit 320 of the analysis device 300 requests the information management system 50 to acquire additional attribute information (S320). The information management device 100 of the information management system 50 receives the request, and the additional information requesting unit 130 sends the information of the additional attribute, which is an attribute other than the basic attribute, to the information collection system 10 based on the request from the analysis device 300. is requested to the information providing devices 400 1 , .
 個人などの情報の保有者が追加属性の情報を提供することを許可する場合は、情報提供装置400の追加情報暗号化部420は、基本属性の全部または一部の情報と追加属性の情報を関連付けて暗号化した暗号化追加情報(追加情報のN個のシェア)を生成する(S420)。例えば、図2に示した基本属性の全部である個人名、性別、年齢、住所、電話番号、メールアドレスの情報を追加属性の情報と関連付けてもよいし、基本属性の一部である個人名、メールアドレスの情報を追加属性の情報と関連付けてもよい。追加情報には、基本属性の情報の中で個人を特定できる情報が関連付けられていればよい。 When the owner of information such as an individual is permitted to provide additional attribute information, the additional information encryption unit 420m of the information providing device 400m encrypts all or part of the basic attribute information and the additional attribute information. Encrypted additional information (N shares of additional information) is generated by associating and encrypting the information (S420 m ). For example, the personal name, gender, age, address, telephone number, and e-mail address information, which are all of the basic attributes shown in FIG. 2, may be associated with additional attribute information. , the email address information may be associated with additional attribute information. The additional information may be associated with information that can identify an individual in the basic attribute information.
 暗号化追加情報提供部430は、秘密計算装置200に暗号化基本情報(n番目のシェア)を送信する(S430)。秘密計算装置200の記録部290は暗号化追加情報(追加情報のn番目のシェア)を記録する(S292)。ステップS292,…,S292をまとめると、暗号化追加情報記録手段292が基本属性の全部または一部の情報と追加属性の情報とを暗号化した暗号化追加情報を外部から取得し、記録する(S292)。ステップS310~S292の処理で、情報管理システム50は秘匿化した追加情報を取得できる。 The encrypted additional information providing unit 430 m transmits the encrypted basic information (the nth share) to the secure computing device 200 n (S430 m ). The recording unit 290n of the secure computing device 200n records the encrypted additional information (the n -th share of the additional information) ( S292n ). To summarize steps S292 1 , . (S292). Through the processing of steps S310 to S292, the information management system 50 can acquire the anonymized additional information.
 分析装置300が結合依頼部330も備えている場合は、結合依頼部330が、暗号化基本情報と暗号化追加情報の結合を情報管理システム50に依頼する(S330)。暗号化基本情報と暗号化追加情報との結合は、暗号化追加情報を情報管理システム50が記録した際に、自動的に行ってもよい。その場合は、結合依頼部330は必要ない。 If the analysis device 300 also includes a combination requesting section 330, the combination requesting section 330 requests the information management system 50 to combine the encrypted basic information and the encrypted additional information (S330). The encrypted basic information and the encrypted additional information may be combined automatically when the information management system 50 records the encrypted additional information. In that case, the connection requesting unit 330 is not required.
 情報結合手段210は、暗号化追加情報に含まれる基本属性の全部または一部の情報に基づいて、暗号化基本情報と暗号化追加情報とを結合し、暗号化結合情報(暗号化結合情報のN個のシェア)を出力する(S210)。より具体的には、秘密計算装置200,…,200の情報結合部210,…,210が協調して、秘密計算を用いて暗号化追加情報に含まれる基本属性の情報を対比し、基本属性の情報が一致する暗号化基本情報と暗号化追加情報とを結合する(S210,…,S210)。暗号化結合情報記録手段293は、暗号化結合情報(暗号化結合情報のN個のシェア)を記録する。つまり、秘密計算装置200の記録部290は暗号化結合情報(結合情報のn番目のシェア)を記録する(S293)。ステップS210とS293により、図3に示した基本属性の情報と追加属性の情報とが結合した情報が暗号化された情報が、情報管理システム50に記録される。 The information combining means 210 combines the encrypted basic information and the encrypted additional information based on the information of all or part of the basic attributes included in the encrypted additional information to obtain encrypted combined information (encrypted combined information). N shares) are output (S210). More specifically, the information combining units 210 1 , . . . , 210 N of the secure computing devices 200 1 , . Then, the encrypted basic information and the encrypted additional information with matching basic attribute information are combined (S210 1 , . . . , S210 N ). The encrypted combined information recording means 293 records encrypted combined information (N shares of encrypted combined information). That is, the recording unit 290n of the secure computing device 200n records the encrypted combined information (the n -th share of combined information) ( S293n ). Through steps S210 and S293, information obtained by encrypting the information obtained by combining the basic attribute information and the additional attribute information shown in FIG. 3 is recorded in the information management system 50. FIG.
 分析装置300の分析依頼部340は、分析記録部390が記録している分析のルールにしたがった分析を、情報管理システム50に依頼する(S341)。情報管理システム50の秘密計算システム200の分析手段250は、秘密計算を用いて依頼された分析を行い(S250)、分析装置300が分析結果を取得する(S342)。秘密計算を用いた分析は、分析部250,…,250が協調した処理により実行すればよい。 The analysis requesting unit 340 of the analysis device 300 requests the information management system 50 to perform analysis according to the analysis rule recorded by the analysis recording unit 390 (S341). The analysis means 250 of the secure computing system 200 of the information management system 50 performs the requested analysis using secure computing (S250), and the analysis device 300 acquires the analysis result (S342). Analysis using secure calculation may be executed by cooperative processing of analysis units 250 1 , . . . , 250 N .
 情報収集システム10および情報管理システム50によれば、追加属性の情報は、暗号化した状態で取得し、暗号化基本情報と暗号化追加情報とを結合して暗号化結合情報を得る。その後の暗号化結合情報を用いた分析でも、秘密計算技術を利用して分析できる。したがって、追加属性の情報は、情報保有組織に対して秘匿化した状態を維持できる。よって、情報提供者(個人など)は情報(個人情報など)の流出を心配する必要がない。そのような環境であれば、情報保有組織は個人などの情報提供者から追加の属性情報を入手しやすくなる。
[変形例1] According to the information collection system 10 and the information management system 50, the additional attribute information is acquired in an encrypted state, and the encrypted basic information and the encrypted additional information are combined to obtain the encrypted combined information. Subsequent analyzes using encrypted binding information can also be analyzed using secure computation techniques. Therefore, the information of the additional attribute can be maintained in a confidential state with respect to the information holding organization. Therefore, information providers (individuals, etc.) do not need to worry about information (personal information, etc.) leaking out. In such an environment, information holding organizations can easily obtain additional attribute information from information providers such as individuals.
[Modification 1]
 実施例1のステップS320では、追加属性としてどのような情報が必要かを分析装置300は情報管理システム50に平文で送信している。つまり、情報保有組織は、追加属性の情報自体は知らないが、追加属性の情報としてどんな情報を追加させたか(追加属性の種類)は知り得る。変形例1では、情報保有組織が追加属性の種類も分からない構成とする。図7に変形例1の情報収集システムの機能構成例を示す。図8に変形例1の追加情報を取得し、記録する処理フローを示す。なお、図7では情報結合手段210と分析手段250の詳細は省略しているが、図1と同様に秘密計算装置201は、情報結合部210と分析部250を備える。 In step S320 of the first embodiment, the analysis device 300 transmits to the information management system 50 in plaintext what information is required as additional attributes. In other words, the information holding organization does not know the additional attribute information itself, but can know what kind of information has been added as additional attribute information (type of additional attribute). In Modified Example 1, the information holding organization does not know the type of the additional attribute. FIG. 7 shows a functional configuration example of the information collection system of Modification 1. As shown in FIG. FIG. 8 shows a processing flow for acquiring and recording additional information in Modification 1. As shown in FIG. Although the details of the information combining means 210 and the analyzing means 250 are omitted in FIG. 7, the secure computing device 201n includes an information combining unit 210n and an analyzing unit 250n as in FIG .
 情報収集システム11の情報管理システム51においては、情報管理装置101は追加情報要求部130を備えない。その代わりに、秘密計算システム201が追加属性要求手段230を備える。追加属性要求手段230は、秘密計算装置201,…,201の追加属性要求部230,…,230で構成される。分析装置301は、追加情報依頼部320の代わりに、暗号化追加情報依頼部325を備える。情報提供装置401は、追加属性復号部440も備える。その他の構成は、実施例1と同じである。また、基本情報が提供された後の処理フローは図4と同じであり、基本情報と追加情報とを結合する処理フローは図6と同じである。 In the information management system 51 of the information collection system 11 , the information management device 101 does not have the additional information request section 130 . Instead, secure computing system 201 comprises additional attribute request means 230 . The additional attribute request means 230 is composed of additional attribute request units 230 1 , . . . , 230 N of the secure computing devices 201 1 , . The analysis device 301 includes an encrypted additional information requesting section 325 instead of the additional information requesting section 320 . The information providing device 401m also includes an additional attribute decoding unit 440m . Other configurations are the same as those of the first embodiment. The processing flow after basic information is provided is the same as in FIG. 4, and the processing flow for combining basic information and additional information is the same as in FIG.
 図8にしたがって変形例を説明する。分析装置301が、追加情報抽出部310も備えている場合は、追加情報抽出部310は、分析記録部390が記録している情報管理システム51に依頼する分析のルールと基本属性の種類とを対比し、基本属性だけでは不足する属性を抽出し、追加する必要がある属性である追加属性を出力する(S310)。なお、基本属性の種類が既知であり、追加情報抽出部310を備えていない場合は、分析装置301を管理する管理者が、追加属性を指定すればよい。 A modified example will be described according to FIG. If the analysis device 301 also includes an additional information extraction unit 310, the additional information extraction unit 310 stores the analysis rules to be requested to the information management system 51 recorded by the analysis recording unit 390 and the types of basic attributes. By comparison, attributes that are insufficient with only the basic attributes are extracted, and additional attributes that need to be added are output (S310). If the types of basic attributes are known and the additional information extraction unit 310 is not provided, the administrator who manages the analysis device 301 may specify the additional attributes.
 分析装置301の暗号化追加情報依頼部325は、追加属性の種類を暗号化して追加属性の種類を示す暗号化追加属性(追加属性の種類を示すN個のシェア)を生成し、追加属性の情報の取得を、情報管理システム51に依頼する(S325)。情報管理システム51の秘密計算システム201が依頼を受信し、追加属性要求手段230が、分析装置301からの依頼に基づいて、基本属性以外の属性である追加属性の情報を、当該情報収集システム11の外部に存在する情報提供装置401,…,401に要求する(S230)。言い換えると、秘密計算装置201は、追加属性の種類を示すN個のシェアの中の1つ(n番目のシェア)を受信し、追加属性要求部230が分析装置301からの依頼に基づいて、基本属性以外の属性である追加属性の情報を、情報提供装置401,…,401に要求する(S230)。 The encrypted additional information requesting unit 325 of the analysis device 301 encrypts the type of the additional attribute, generates an encrypted additional attribute (N shares indicating the type of the additional attribute) indicating the type of the additional attribute, and encrypts the type of the additional attribute. Information acquisition is requested to the information management system 51 (S325). The secure computing system 201 of the information management system 51 receives the request, and the additional attribute request means 230 sends the information of the additional attribute, which is an attribute other than the basic attribute, to the information collection system 11 based on the request from the analysis device 301. is requested to the information providing devices 401 1 , . In other words, the secure computing device 201 n receives one of the N shares (n-th share) indicating the type of additional attribute, and the additional attribute requesting unit 230 n requests based on the request from the analysis device 301 , 401M for information on additional attributes other than the basic attributes ( S230n ) .
 情報提供装置401は、追加属性の種類を示すシェアの中のK個以上のシェアを受信し、追加属性復号部440が追加情報の種類を復号する(S440)。個人などの情報の保有者が追加属性の情報を提供することを許可する場合は、情報提供装置401の追加情報暗号化部420は、基本属性の全部または一部の情報と追加属性の情報を関連付けて暗号化した暗号化追加情報(追加情報のN個のシェア)を生成する(S420)。 The information providing device 401 m receives K or more shares among the shares indicating the types of additional attributes, and the additional attribute decoding unit 440 m decodes the types of additional information (S440 m ). When the owner of information such as an individual is allowed to provide additional attribute information, the additional information encryption unit 420m of the information providing device 401m encrypts all or part of the basic attribute information and the additional attribute information. Encrypted additional information (N shares of additional information) is generated by associating and encrypting the information (S420 m ).
 暗号化追加情報提供部430は、秘密計算装置201に暗号化基本情報(n番目のシェア)を送信する(S430)。秘密計算装置201の記録部290は暗号化追加情報(追加情報のn番目のシェア)を記録する(S292)。ステップS292,…,S292をまとめると、暗号化追加情報記録手段292が基本属性の全部または一部の情報と追加属性の情報とを暗号化した暗号化追加情報を外部から取得し、記録する(S292)。ステップS310~S292の処理で、情報管理システム51は秘匿化した追加情報を取得できる。 The encrypted additional information providing unit 430 m transmits the encrypted basic information (the nth share) to the secure computing device 201 n (S430 m ). The recording unit 290n of the secure computing device 201n records the encrypted additional information (the n -th share of the additional information) ( S292n ). To summarize steps S292 1 , . (S292). Through the processing of steps S310 to S292, the information management system 51 can acquire the anonymized additional information.
 変形例1の情報収集システムによれば、情報保有組織が追加属性の種類も分からないようにしながら、実施例1と同様の効果が得られる。 According to the information collection system of Modification 1, the same effects as in Embodiment 1 can be obtained while preventing the information holding organization from knowing the types of additional attributes.
[プログラム、記録媒体]
 上述の各種の処理は、図7に示すコンピュータ2000の記録部2020に、上記方法の各ステップを実行させるプログラムを読み込ませ、制御部2010、入力部2030、出力部2040、表示部2050などに動作させることで実施できる。 [Program, recording medium]
In the above-described various processes, the recording unit 2020 of the computer 2000 shown in FIG. 7 reads a program for executing each step of the above method, and the control unit 2010, the input unit 2030, the output unit 2040, the display unit 2050, etc. operate. It can be implemented by
 この処理内容を記述したプログラムは、コンピュータで読み取り可能な記録媒体に記録しておくことができる。コンピュータで読み取り可能な記録媒体としては、例えば、磁気記録装置、光ディスク、光磁気記録媒体、半導体メモリ等どのようなものでもよい。 A program that describes this process can be recorded on a computer-readable recording medium. Any computer-readable recording medium may be used, for example, a magnetic recording device, an optical disk, a magneto-optical recording medium, a semiconductor memory, or the like.
 また、このプログラムの流通は、例えば、そのプログラムを記録したDVD、CD-ROM等の可搬型記録媒体を販売、譲渡、貸与等することによって行う。さらに、このプログラムをサーバコンピュータの記憶装置に格納しておき、ネットワークを介して、サーバコンピュータから他のコンピュータにそのプログラムを転送することにより、このプログラムを流通させる構成としてもよい。 In addition, the distribution of this program is carried out, for example, by selling, assigning, lending, etc. portable recording media such as DVDs and CD-ROMs on which the program is recorded. Further, the program may be distributed by storing the program in the storage device of the server computer and transferring the program from the server computer to other computers via the network.
 このようなプログラムを実行するコンピュータは、例えば、まず、可搬型記録媒体に記録されたプログラムもしくはサーバコンピュータから転送されたプログラムを、一旦、自己の記憶装置に格納する。そして、処理の実行時、このコンピュータは、自己の記録媒体に格納されたプログラムを読み取り、読み取ったプログラムに従った処理を実行する。また、このプログラムの別の実行形態として、コンピュータが可搬型記録媒体から直接プログラムを読み取り、そのプログラムに従った処理を実行することとしてもよく、さらに、このコンピュータにサーバコンピュータからプログラムが転送されるたびに、逐次、受け取ったプログラムに従った処理を実行することとしてもよい。また、サーバコンピュータから、このコンピュータへのプログラムの転送は行わず、その実行指示と結果取得のみによって処理機能を実現する、いわゆるASP(Application Service Provider)型のサービスによって、上述の処理を実行する構成としてもよい。なお、本形態におけるプログラムには、電子計算機による処理の用に供する情報であってプログラムに準ずるもの(コンピュータに対する直接の指令ではないがコンピュータの処理を規定する性質を有するデータ等)を含むものとする。 A computer that executes such a program, for example, first stores the program recorded on a portable recording medium or the program transferred from the server computer once in its own storage device. Then, when executing the process, this computer reads the program stored in its own recording medium and executes the process according to the read program. Also, as another execution form of this program, the computer may read the program directly from a portable recording medium and execute processing according to the program, and the program is transferred from the server computer to this computer. Each time, the processing according to the received program may be executed sequentially. In addition, the above-mentioned processing is executed by a so-called ASP (Application Service Provider) type service, which does not transfer the program from the server computer to this computer, and realizes the processing function only by its execution instruction and result acquisition. may be It should be noted that the program in this embodiment includes information that is used for processing by a computer and that conforms to the program (data that is not a direct instruction to the computer but has the property of prescribing the processing of the computer, etc.).
 また、この形態では、コンピュータ上で所定のプログラムを実行させることにより、本装置を構成することとしたが、これらの処理内容の少なくとも一部をハードウェア的に実現することとしてもよい。 In addition, in this embodiment, the device is configured by executing a predetermined program on a computer, but at least part of these processing contents may be implemented by hardware.
10,11 情報収集システム    50,51 情報管理システム
100,101 情報管理装置    110 基本情報暗号化部
120 基本属性通知部       130 追加情報要求部
190 平文基本情報記録部
200,201 秘密計算システム  200,201 秘密計算装置
210 情報結合手段        210 情報結合部
230 追加属性要求手段      230 追加属性要求部
250 分析手段          250 分析部
290 記録部          291 暗号化基本情報記録手段
292 暗号化追加情報記録手段   293 暗号化結合情報記録手段
300,301 分析装置      310 追加情報抽出部
320 追加情報依頼部       325 暗号化追加情報依頼部
330 結合依頼部         340 分析依頼部
390 分析記録部
400,401 情報提供装置  410 基本情報提供部
420 追加情報暗号化部     430 暗号化追加情報提供部
440 追加情報復号部      490 記録部
 
  10, 11 Information collection system 50, 51 Information management system 100, 101 Information management device 110 Basic information encryption unit 120 Basic attribute notification unit 130 Additional information request unit 190 Plaintext basic information recording unit 200, 201 Secure computing system 200 n , 201 n secure computing device 210 information combining means 210 n information combining section 230 additional attribute requesting means 230 n additional attribute requesting section 250 analyzing means 250 n analyzing section 290 n recording section 291 encrypted basic information recording means 292 encrypted additional information recording means 293 Encrypted combined information recording means 300, 301 Analysis device 310 Additional information extraction unit 320 Additional information request unit 325 Encrypted additional information request unit 330 Combine request unit 340 Analysis request unit 390 Analysis recording unit 400 m , 401 m Information providing device 410 m Basic information providing unit 420 m Additional information encryption unit 430 m Encrypted additional information providing unit 440 m Additional information decoding unit 490 m Recording unit

Claims (8)

  1.  情報管理システムと分析装置とを備える情報収集システムであって、
     前記情報管理システムは、
     あらかじめ定めた基本属性の平文の情報である平文基本情報を記録する平文基本情報記録部と、
     前記平文基本情報を暗号化した暗号化基本情報を出力する基本情報暗号化部と、
     前記分析装置からの依頼に基づいて、前記基本属性以外の属性である追加属性の情報を、当該情報収集システムの外部に要求する追加情報要求部と、
     前記暗号化基本情報を記録する暗号化基本情報記録手段と、
     前記基本属性の全部または一部の情報と前記追加属性の情報とを暗号化した暗号化追加情報を前記外部から取得し、記録する暗号化追加情報記録手段と、
     前記暗号化追加情報に含まれる前記基本属性の全部または一部の情報に基づいて、前記暗号化基本情報と前記暗号化追加情報とを結合し、暗号化結合情報を出力する情報結合手段と、
     前記暗号化結合情報を記録する暗号化結合情報記録手段と
     を備え、
     前記分析装置は、
     前記追加属性の情報の取得を、前記情報管理システムに依頼する追加情報依頼部
     を備える
     ことを特徴とする情報収集システム。     An information collection system comprising an information management system and an analysis device,
    The information management system is
    a plaintext basic information recording unit for recording plaintext basic information, which is plaintext information of predetermined basic attributes;
    a basic information encryption unit that outputs encrypted basic information obtained by encrypting the plaintext basic information;
    an additional information requesting unit that requests information on additional attributes, which are attributes other than the basic attributes, from outside the information collection system based on a request from the analysis device;
    encrypted basic information recording means for recording the encrypted basic information;
    encrypted additional information recording means for acquiring from the outside and recording encrypted additional information obtained by encrypting all or part of the basic attribute information and the additional attribute information;
    information combining means for combining the encrypted basic information and the encrypted additional information based on all or part of the basic attribute information included in the encrypted additional information and outputting encrypted combined information;
    and encryption combination information recording means for recording the encryption combination information,
    The analysis device is
    An information collection system, comprising: an additional information requesting unit that requests the information management system to acquire information on the additional attribute.
  2.  情報管理システムと分析装置とを備える情報収集システムであって、
     前記情報管理システムは、
     あらかじめ定めた基本属性の平文の情報である平文基本情報を記録する平文基本情報記録部と、
     前記平文基本情報を暗号化した暗号化基本情報を出力する基本情報暗号化部と、
     前記分析装置からの暗号化された追加属性の情報の取得の依頼に基づいて、前記基本属性以外の属性である追加属性の情報を、暗号化して当該情報収集システムの外部に要求する追加属性要求手段と、
     前記暗号化基本情報を記録する暗号化基本情報記録手段と、
     前記基本属性の全部または一部の情報と前記追加属性の情報とを暗号化した暗号化追加情報を前記外部から取得し、記録する暗号化追加情報記録手段と、
     前記暗号化追加情報に含まれる前記基本属性の全部または一部の情報に基づいて、前記暗号化基本情報と前記暗号化追加情報とを結合し、暗号化結合情報を出力する情報結合手段と、
     前記暗号化結合情報を記録する暗号化結合情報記録手段と
     を備え、
     前記分析装置は、
     前記追加属性の情報の取得を、暗号化して前記情報管理システムに依頼する暗号化追加情報依頼部
     を備える
     ことを特徴とする情報収集システム。     An information collection system comprising an information management system and an analysis device,
    The information management system is
    a plaintext basic information recording unit for recording plaintext basic information, which is plaintext information of predetermined basic attributes;
    a basic information encryption unit that outputs encrypted basic information obtained by encrypting the plaintext basic information;
    An additional attribute request for encrypting additional attribute information, which is an attribute other than the basic attributes, and requesting it from the outside of the information collection system, based on a request for acquisition of encrypted additional attribute information from the analysis device. means and
    encrypted basic information recording means for recording the encrypted basic information;
    encrypted additional information recording means for acquiring from the outside and recording encrypted additional information obtained by encrypting all or part of the basic attribute information and the additional attribute information;
    information combining means for combining the encrypted basic information and the encrypted additional information based on all or part of the basic attribute information included in the encrypted additional information and outputting encrypted combined information;
    and encryption combination information recording means for recording the encryption combination information,
    The analysis device is
    An information collection system, comprising: an encrypted additional information requesting unit for encrypting and requesting the information management system to obtain the additional attribute information.
  3.  請求項1または2記載の情報収集システムであって、
     前記情報管理システムは、
     前記基本属性の種類を前記分析装置に送信する基本属性通知部も備え、
     前記分析装置は、
     前記情報分析を実行するために、前記基本属性では不足する属性を追加属性とする追加属性抽出部も備える
     ことを特徴とする情報収集システム。     The information collection system according to claim 1 or 2,
    The information management system is
    A basic attribute notification unit that transmits the type of the basic attribute to the analysis device,
    The analysis device is
    An information collection system, further comprising an additional attribute extracting unit that extracts an attribute that is lacking in the basic attributes as an additional attribute in order to perform the information analysis.
  4.  請求項1から3のいずれかに記載の情報収集システムであって、
     前記外部とは、前記基本属性を前記情報管理システムに提供した情報提供装置である
     ことを特徴とする情報収集システム。     The information collection system according to any one of claims 1 to 3,
    The information collecting system, wherein the external is an information providing device that has provided the basic attributes to the information management system.
  5.  あらかじめ定めた基本属性の平文の情報である平文基本情報を記録する平文基本情報記録部と、
     前記平文基本情報を暗号化した暗号化基本情報を出力する基本情報暗号化部と
     前記基本属性以外の属性である追加属性の情報を、外部に要求する追加情報要求部、もしくは、暗号化して外部に要求する追加属性要求手段と、
     前記暗号化基本情報を記録する暗号化基本情報記録手段と、
     前記基本属性の全部または一部の情報と前記追加属性の情報とを暗号化した暗号化追加情報を外部から取得し、記録する暗号化追加情報記録手段と、
     前記暗号化追加情報に含まれる前記基本属性の全部または一部の情報に基づいて、前記暗号化基本情報と前記暗号化追加情報とを結合し、暗号化結合情報を出力する情報結合手段と、
     前記暗号化結合情報を記録する暗号化結合情報記録手段と
     を備える情報管理システム。     a plaintext basic information recording unit for recording plaintext basic information, which is plaintext information of predetermined basic attributes;
    A basic information encryption unit that outputs encrypted basic information obtained by encrypting the plaintext basic information; an additional attribute request means for requesting the
    encrypted basic information recording means for recording the encrypted basic information;
    encrypted additional information recording means for externally acquiring and recording encrypted additional information obtained by encrypting all or part of the basic attribute information and the additional attribute information;
    information combining means for combining the encrypted basic information and the encrypted additional information based on all or part of the basic attribute information included in the encrypted additional information and outputting encrypted combined information;
    and encrypted combination information recording means for recording the encrypted combination information.
  6.  情報管理システムと分析装置とを用いた情報収集方法であって、
     前記情報管理システムは、あらかじめ定めた基本属性の平文の情報である平文基本情報を記録しておき、
     前記情報管理システムが、前記平文基本情報を暗号化した暗号化基本情報を出力して記録し、
     前記分析装置が、前記基本属性以外の属性である追加属性の情報の取得を、前記情報管理システムに依頼し、
     前記情報管理システムが、前記分析装置からの依頼に基づいて、前記追加属性の情報を、外部に要求し、
     前記情報管理システムが、前記基本属性の全部または一部の情報と前記追加属性の情報とを暗号化した暗号化追加情報を前記外部から取得し、記録し、
     前記情報管理システムが、前記暗号化追加情報に含まれる前記基本属性の全部または一部の情報に基づいて、前記暗号化基本情報と前記暗号化追加情報とを結合した暗号化結合情報を出力し、前記暗号化結合情報を記録する
     情報収集方法。     An information collection method using an information management system and an analysis device,
    The information management system records plaintext basic information, which is plaintext information of predetermined basic attributes,
    The information management system outputs and records encrypted basic information obtained by encrypting the plaintext basic information,
    The analysis device requests the information management system to acquire information on additional attributes that are attributes other than the basic attributes,
    The information management system externally requests the additional attribute information based on a request from the analysis device,
    the information management system obtains from the outside and records encrypted additional information obtained by encrypting all or part of the basic attribute information and the additional attribute information;
    The information management system outputs encrypted combined information combining the encrypted basic information and the encrypted additional information based on all or part of the basic attribute information included in the encrypted additional information. and recording said cryptographic binding information.
  7.  情報管理システムと分析装置とを用いた情報収集方法であって、
     前記情報管理システムは、あらかじめ定めた基本属性の平文の情報である平文基本情報を記録しておき、
     前記情報管理システムが、前記平文基本情報を暗号化した暗号化基本情報を出力して記録し、
     前記分析装置が、前記基本属性以外の属性である追加属性の情報の取得を、暗号化して前記情報管理システムに依頼し、
     前記情報管理システムが、前記分析装置からの依頼に基づいて、前記追加属性の情報を、暗号化して外部に要求し、
     前記情報管理システムが、前記基本属性の全部または一部の情報と前記追加属性の情報とを暗号化した暗号化追加情報を前記外部から取得し、記録し、
     前記情報管理システムが、前記暗号化追加情報に含まれる前記基本属性の全部または一部の情報に基づいて、前記暗号化基本情報と前記暗号化追加情報とを結合した暗号化結合情報を出力し、前記暗号化結合情報を記録する
     情報収集方法。     An information collection method using an information management system and an analysis device,
    The information management system records plaintext basic information, which is plaintext information of predetermined basic attributes,
    The information management system outputs and records encrypted basic information obtained by encrypting the plaintext basic information,
    The analysis device encrypts and requests the information management system to acquire information on an additional attribute that is an attribute other than the basic attribute;
    The information management system encrypts and requests the additional attribute information from the outside based on a request from the analysis device;
    the information management system obtains from the outside and records encrypted additional information obtained by encrypting all or part of the basic attribute information and the additional attribute information;
    The information management system outputs encrypted combined information combining the encrypted basic information and the encrypted additional information based on all or part of the basic attribute information included in the encrypted additional information. and recording said cryptographic binding information.
  8.  請求項1または2記載の前記情報管理システムを構成する情報管理装置、秘密計算装置、もしくは分析装置のいずれかの装置としてコンピュータを機能させるためのプログラム。
     
          3. A program for causing a computer to function as one of an information management device, a secure computing device, and an analysis device constituting the information management system according to claim 1 or 2.
PCT/JP2021/023955 2021-06-24 2021-06-24 Information collection system, information management system, information collection method, and program WO2022269861A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/023955 WO2022269861A1 (en) 2021-06-24 2021-06-24 Information collection system, information management system, information collection method, and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/023955 WO2022269861A1 (en) 2021-06-24 2021-06-24 Information collection system, information management system, information collection method, and program

Publications (1)

Publication Number Publication Date
WO2022269861A1 true WO2022269861A1 (en) 2022-12-29

Family

ID=84544260

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/023955 WO2022269861A1 (en) 2021-06-24 2021-06-24 Information collection system, information management system, information collection method, and program

Country Status (1)

Country Link
WO (1) WO2022269861A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200342464A1 (en) * 2019-04-26 2020-10-29 Tenspace Co., Ltd. Server, method, and system for evaluating user by analyzing social network
JP2021503117A (en) * 2017-12-26 2021-02-04 マインドウェアワークス カンパニー リミテッド Query processing service provision system based on personal information protection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2021503117A (en) * 2017-12-26 2021-02-04 マインドウェアワークス カンパニー リミテッド Query processing service provision system based on personal information protection
US20200342464A1 (en) * 2019-04-26 2020-10-29 Tenspace Co., Ltd. Server, method, and system for evaluating user by analyzing social network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KIRIBUCHI, NAOTO ET AL.: "An Efficient Equi-join Algorithm for Secure Computation and Its Implementation toward Secure Comprehensive Analyses of Users' Attribute and History Information", PROCEEDINGS OF COMPUTER SECURITY SYMPOSIUM, 4 October 2016 (2016-10-04), pages 1072 - 1078, XP055741167 *

Similar Documents

Publication Publication Date Title
Archer et al. From keys to databases—real-world applications of secure multi-party computation
US10204227B2 (en) Privacy firewall
Vijayakumar et al. RETRACTED ARTICLE: E-Health Cloud Security Using Timing Enabled Proxy Re-Encryption
JP6538570B2 (en) System and method for cloud data security
EP4068130A1 (en) Data sharing system, data sharing method, and data sharing program
Dehling et al. Secure provision of patient-centered health information technology services in public networks—leveraging security and privacy features provided by the German nationwide health information technology infrastructure
JP2008276756A (en) Web services intermediary
EP4273843A1 (en) Data sharing system, data sharing method, and data sharing program
JP6250497B2 (en) Information management system
WO2020004139A1 (en) Personal information analysis system and personal information analysis method
Karegar et al. Opportunities and challenges of CREDENTIAL: towards a metadata-privacy respecting identity provider
US10438003B2 (en) Secure document repository
WO2022269861A1 (en) Information collection system, information management system, information collection method, and program
CN116975125A (en) Data statistics method, device, system, storage medium and program product
US11139969B2 (en) Centralized system for a hardware security module for access to encryption keys
JP7178811B2 (en) Service support system and service support method
WO2022269862A1 (en) Customer extraction system, information management system, analysis request device, customer extraction method, and program
JP6558126B2 (en) Information processing system and information processing method
Kumar et al. Design of retrievable data perturbation approach and TPA for public cloud data security
Hasimi Cost-effective solutions in cloud computing security
Ahmad et al. Tokenization based service model for cloud computing environment
JP2006350139A (en) Information providing device, information acquiring device, concealing system, information providing method, information acquiring method, information providing program, and information acquiring program
Bhavyasree et al. Public Auditing To Provide Privacy Preservation Of Cloud Data Using Ring Signatures
Nguyen-Vu et al. Privacy enhancement using selective encryption scheme in data outsourcing
US20230161907A1 (en) Method and system for unifying de-identified data from mulitple sources

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21947146

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE