IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0281577
(2005-11-18)
|
등록번호 |
US-7747491
(2010-07-19)
|
우선권정보 |
JP-2004-335642(2004-11-19) |
발명자
/ 주소 |
- Yokota, Kaoru
- Ohmori, Motoji
- Ito, Akinobu
|
출원인 / 주소 |
|
대리인 / 주소 |
Wenderoth, Lind & Ponack, L.L.P.
|
인용정보 |
피인용 횟수 :
0 인용 특허 :
2 |
초록
▼
An anonymous information system is capable of maintaining anonymity of data while improving safety with regard to loss of anonymity caused by hacking of secret information, or the like. Conversion processing for converting from individual specifying information to anonymous individual information is
An anonymous information system is capable of maintaining anonymity of data while improving safety with regard to loss of anonymity caused by hacking of secret information, or the like. Conversion processing for converting from individual specifying information to anonymous individual information is split between an information providing device and an anonymity server device. Further, the manner in which the conversion processing is split is varied for each information providing device. A parameter generating device calculates Xinv to satisfy Xi×Xinv=1 mod q, a first characteristic parameter KAi=G^Xinv mod q, and a second characteristic parameter KBi=Xi. The information providing device generates a semi-anonymous individual identifier C=(KAi)^D mod P. The anonymity server device calculates an anonymous individual identifier E=(C)^KBi mod P.
대표청구항
▼
What is claimed is: 1. An anonymous information system that performs anonymity conversion processing on original individual specifying information D that specifies an individual, to generate anonymous individual specifying information E, the anonymous information system comprising: a conversion spl
What is claimed is: 1. An anonymous information system that performs anonymity conversion processing on original individual specifying information D that specifies an individual, to generate anonymous individual specifying information E, the anonymous information system comprising: a conversion splitting device configured to generate a first parameter KA and a second parameter KB based on a base parameter, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, the first parameter KA being utilized for the first conversion processing and the second parameter KB being utilized for the second conversion processing; a first converting device configured to receive from said conversion splitting device the first parameter KA, to perform the first conversion processing on the original individual specifying information using a parameter P and the received first parameter KA according to a first expression, and to generate semi-anonymous individual specifying information, the first expression being represented as, C=(KA)^D mod P; and a second converting device configured to receive from said conversion splitting device the second parameter KB, to receive from said first converting device the generated semi-anonymous individual specifying information C and to perform the second conversion processing on the received semi-anonymous individual specifying information C using the parameter P and the received second parameter KB according to a second expression, and to generate the anonymous individual specifying information E from the generated semi-anonymous individual specifying information C, the second expression being represented as, E=(C)^KB mod P, wherein said first converting device comprises an information providing device that provides the original individual specifying information D, and provides individual related information relating to the individual, said second converting device comprises an information storing device that stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and the conversion splitting device generates a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×=Xinv mod q, and q and G are constants. 2. The anonymous information system of claim 1, wherein the anonymity conversion processing generates, from the original individual specifying information D, the anonymous individual specifying information E from which the individual cannot be specified, said conversion splitting device comprises: a first parameter generating unit configured to randomly generate the first parameter KA based on the base parameter; a second parameter generating unit configured to generate, based on the base parameter, the second parameter KB that is complementary to the first parameter KA with respect to the base parameter; and a first transmission unit configured to transmit the first parameter KA to said first converting device, and to transmit the second parameter KB to said second converting device, said first converting device comprises: a first receiving unit configured to receive the first parameter KA; an inputting unit configured to input the original individual specifying information D into said first converting device; a first converting unit configured to perform, as the first conversion processing, a repetitive calculation using the received first parameter KA and the input original individual specifying information, to generate the semi-anonymous individual specifying information C; a second transmission unit configured to transmit the generated semi-anonymous individual specifying information C to said second converting unit, and said second converting device comprises: a storing unit having a region for storing the anonymous individual specifying information E; a second receiving unit configured to receive the second parameter KB from said conversion splitting device and to receive the semi-anonymous individual specifying information C from said first converting device; and a second converting unit configured to perform, as the second conversion processing, a repetitive calculation using the received second parameter KB and the received semi-anonymous individual specifying information C to generate the anonymous individual specifying information E information, and to store the generated anonymous individual specifying information E into said storing unit. 3. The anonymous information system of claim 2, further comprising: an information searching device configured to acquire, from said second converting device, the anonymous individual specifying information E and the individual related information which are desired by an operator of said information searching device. 4. The anonymous information system of claim 2, wherein said conversion splitting device further generates a third parameter and a fifth parameter based on the base parameter, the anonymity conversion processing being split into two portions to generate third conversion processing and fourth conversion processing, the third conversion processing being one of the two portions and different from the first conversion processing, and the fourth conversion processing being the other one of the two portions and different from the second conversion processing, the third parameter being utilized for the third conversion processing and the fourth parameter being utilized for the fourth conversion processing, said anonymous information system further comprises: a third converting device configured to receive from said conversion splitting device the third parameter and to perform the third conversion processing on the original individual specifying information D using the third parameter to generate other semi-anonymous individual specifying information from the original individual specifying information; and said second converting device further receives from the conversion splitting device the fourth parameter, receives from said third converting device the generated other semi-anonymous individual specifying information and performs the fourth conversion processing on the received other semi-anonymous individual specifying information using the fourth parameter to generate the anonymous individual specifying information from the received other semi-anonymous individual specifying information. 5. The anonymous information system of claim 4, wherein the third parameter is distinct from the first parameter KA, and the fourth parameter differing from the second parameter KB. 6. The anonymous information system of claim 2, wherein said conversion splitting device further generates a third parameter and a fourth parameter based on the base parameter, other anonymity conversion processing being split into two portions to generate third conversion processing and fourth conversion processing, the other anonymity conversion processing being distinct from the anonymity conversion processing, the third conversion processing being one of the portions and different from the first conversion processing and, fourth conversion processing being the other of the portions and different from the second conversion processing, the third parameter being utilized for the third conversion processing and the fourth parameter being utilized for the fourth conversion processing, instead of the first conversion processing, said first conversion device receives from said conversion splitting device the third parameter and performs the third conversion processing on the original individual specifying information using the third parameter to generate other semi-anonymous individual specifying information from the original individual specifying information D, and instead of the second conversion processing, said second conversion device receives from said conversion splitting device the fourth parameter, receives from said first conversion device the generated other semi-anonymous individual specifying information and performs the fourth conversion processing on the generated other semi-anonymous individual specifying information using the fourth parameter to generate other anonymous individual specifying information from the received other semi-anonymous individual specifying information. 7. The anonymous information system of claim 6, wherein said first parameter generating unit randomly generates based on the base parameter the third parameter that is different to the first parameter KA; said second parameter generating unit generates, based on the base parameter, the fourth parameter that is complementary to the third parameter with respect to the base parameter; said first transmission unit further transmits the third parameter to said first converting device, and transmits the fourth parameter to said second converting device; said first receiving unit further receives the third parameter from said first parameter generating unit; said first converting unit performs, as the third conversion processing, a repetitive calculation using the received third parameter and the input original individual specifying information D to generate other semi-anonymous individual specifying information; said second transmission unit transmits the generated other semi-anonymous individual specifying information to said second converting unit; said storing unit has a region for storing other anonymous individual specifying information; said second receiving unit receives the fourth parameter from said first transmission unit and receives from said second transmission unit the other semi-anonymous individual specifying information; and said second converting unit performs, as the fourth conversion processing, a repetitive calculation using the received fourth parameter and the received other semi-anonymous individual specifying information to generate the other anonymous individual specifying information, and stores the generated other anonymous individual specifying information into said storing unit. 8. The anonymous information system of claim 2, wherein said conversion splitting device further generates a third parameter and a fourth parameter based on the base parameter, other anonymity conversion processing being split into two portions to generate third conversion processing and fourth conversion processing, the other anonymity conversion processing being distinct from the anonymity conversion processing, the third conversion processing being one of the portions and different from the first conversion processing and, fourth conversion processing being the other of the portions and different from the second conversion processing, the third parameter being utilized for the third conversion processing and the fourth parameter being utilized for the fourth conversion processing, instead of performing the first conversion processing, said first conversion device performs the anonymity conversion processing on the original individual specifying information D to generate the anonymous individual specifying information, receives from said conversion splitting device the third parameter and performs the third conversion processing on the generated anonymous individual specifying information using the third parameter to generate other semi-anonymous individual specifying information from the anonymous individual specifying information, and instead of performing the second conversion processing, said second conversion device receives from said conversion splitting device the third parameter, receives from said first conversion device the generated other semi-anonymous individual specifying information, and performs the fourth conversion processing on the generated other semi-anonymous individual specifying information using the fourth parameter to generate other anonymous individual specifying information from the received other semi-anonymous individual specifying information. 9. The anonymous information system of claim 8, wherein said first parameter generating unit randomly generates based on the base parameter the third parameter that is different from the first parameter KA; said second parameter generating unit generates, based on the base parameter, the fourth parameter that is complementary to the third parameter with respect to the base parameter; said first transmission unit further transmits the third parameter to said first converting device, and transmits the fourth parameter to said second converting device; said first receiving unit further receives the third parameter from said first parameter generating unit; said first converting unit performs the anonymity conversion processing on the original individual specifying information D to generate the anonymous individual specifying information, and as the third conversion processing, performs a repetitive calculation using the received third parameter and the generated anonymous individual specifying information to generate the other semi-anonymous individual specifying information; said second transmission unit transmits the generated other semi-anonymous individual specifying information to said second converting unit; said storing unit has a region for storing other anonymous individual specifying information; said second receiving unit receives the fourth parameter from said first transmission unit and receives from the second transmission unit the other semi-anonymous individual specifying information; and said second converting unit performs, as the fourth conversion processing, a repetitive calculation using the received fourth parameter and the received other semi-anonymous individual specifying information to generate the other anonymous individual specifying information, and stores the generated other anonymous individual specifying information into said storing unit. 10. A parameter generating device in an anonymous information system that includes an information providing device and an information storing device, and that performs anonymity conversion processing on original individual information D specifying an individual, to generate anonymous individual specifying information E, the anonymity conversion processing generating, from the original individual specifying information D and based on a base parameter, the anonymous individual specifying information E from which the individual cannot be specified, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, first parameter KA being utilized for the first conversion processing and second parameter KB being utilized for the second conversion processing, the parameter generating device comprising: a first parameter generating unit configured to randomly generate the first parameter KA based on the base parameter; a second parameter generating unit configured to generate, based on the base parameter, the second parameter KB that is complementary to the first parameter KA with respect to the base parameter; and a first transmission unit configured to transmit the first parameter KA to the information providing device, and transmit the second parameter KB to the information storing device, wherein the information providing device receives the first parameter KA from said first transmission unit, inputs the original individual specifying information D into a first converting device, performs, as the first conversion processing according to a first expression, a repetitive calculation using a parameter P and the received first parameter KA and the input original individual specifying information D, to generate the semi-anonymous individual specifying information C, and transmits the generated semi-anonymous individual specifying information C to a second converting unit, the first expression being represented as, C=(KA)^D mod P, wherein said information storing device receives the second parameter KB from said first transmission unit, receives the semi-anonymous individual specifying information C from the information providing device, performs, as the second conversion processing according to a first expression, a repetitive calculation using the parameter P and the received second parameter KB and the received semi-anonymous individual specifying information C to generate the anonymous individual specifying information E, and stores the generated anonymous individual specifying information E into the information storing device, the second expression being represented as, E=(C)^KB mod P, wherein the first converting device comprises the information providing device that provides the original individual specifying information D, and provides individual related information relating to the individual, the second converting device comprises the information storing device that stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and a conversion splitting device generates a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×Xinv=1 mod q, and q and G are constants. 11. The parameter generating device of claim 10, wherein said first parameter generating unit and said second parameter generating unit are constructed from one or more large scale integrated circuits. 12. An information providing device in an anonymous information system that includes a parameter generating device and an information storing device, and that performs anonymity conversion processing on original individual information specifying an individual D, to generate anonymous individual specifying information E, the anonymity conversion processing generating, from the original individual specifying information D and based on a base parameter, the anonymous individual specifying information E from which the individual cannot be specified, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, a first parameter KA being utilized for the first conversion processing and a second parameter KB being utilized for the second conversion processing, the parameter generating device randomly generating the first parameter KA based on the base parameter, generating, based on the base parameter, the second parameter KB that is complementary to the first parameter KA with respect to the base parameter, transmitting the first parameter KA to the information providing device, and transmitting the second parameter KB to the information storing device, the information providing device comprising: a first receiving unit configured to receive the first parameter KA from the parameter generating device, an inputting unit configured to input the original individual specifying information D into the information providing device; a first converting unit configured to perform, as the first conversion processing according to a first expression, a repetitive calculation using a parameter P and the received first parameter KA and the input original individual specifying information D to generate the semi-anonymous individual specifying information C, the first expression being represented as, C=(KA)^D mod P; and a second transmission unit configured to transmit the generated semi-anonymous individual specifying information C to the information storing device, wherein the information storing device receives the second parameter KB from a first transmission unit, receives the semi-anonymous individual specifying information C from the information providing device, performs, as the second conversion processing according to a second expression, a repetitive calculation using the parameter P and the received second parameter KB and the received semi-anonymous individual specifying information C to generate the anonymous individual specifying information E, and stores the generated anonymous individual specifying information E into the information storing device, the second expression being represented as, E=(C)^KB mod P, wherein said first converting unit comprises the information providing device that provides the original individual specifying information D, and provides individual related information relating to the individual, a second converting unit comprises the information storing device that stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and a conversion splitting device generates a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×Xinv=1 mod q, and q and G are constants. 13. The information providing device of claim 12, wherein said first converting unit is constructed from one or more large scale integrated circuits. 14. An information storing device of an anonymous information system that further includes a parameter generating device and an information providing device, and that performs anonymity conversion processing on original individual information D specifying an individual, to generate anonymous individual specifying information E, the anonymity conversion processing generating, from the original individual specifying information D and based on a base parameter, the anonymous individual specifying information E from which the individual cannot be specified, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, first parameter KA being utilized for the first conversion processing and second parameter KB being utilized for the second conversion processing, the parameter generating device randomly generating the first parameter KA based on the base parameter, generating, based on the base parameter, the second parameter KB that is complementary to the first parameter KA with respect to the base parameter, transmitting the first parameter KA to the information providing device, transmitting the second parameter KB to the information storing device, the information providing device receiving the first parameter KA, inputting the original individual specifying information D into the information providing device, performing, as the first conversion processing according to a first expression, a repetitive calculation using a parameter P, the received first parameter KA and the input original individual specifying information D to generate the semi-anonymous individual specifying information C, and transmitting the generated semi-anonymous individual C specifying information to the information storing device, the first expression being represented as, C=(KA)^D mod P, the information storing device comprising: a storing unit having a region for storing the anonymous individual specifying information E; a second receiving unit configured to receive the parameter P and the second parameter KB from the parameter generating device and to receive the semi-anonymous individual specifying information C from the information providing device; and a second converting unit configured to perform, as the second conversion processing according to a second expression, a repetitive calculation using the parameter P, the received second parameter KB and the received semi-anonymous individual specifying information C to generate the anonymous individual specifying information E, and to store the generated anonymous individual specifying information E into the storing unit, the second expression being represented as, E=(C)^KB mod P wherein a first converting device comprises the information providing device that provides the original individual specifying information D, and provides individual related information relating to the individual, said second converting unit comprises the information storing device that stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and a conversion splitting device generates a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×Xinv=1 mod q, and q and G are constants. 15. The information storing device of claim 14, wherein said second converting unit is constructed from one or more large scale integrated circuits. 16. A method used by an anonymous information system that performs anonymity conversion processing on original individual specifying information D that specifies an individual, to generate anonymous individual specifying information E, the method comprising: generating, via a conversion splitting device, a first parameter KA and a second parameter KB based on a base parameter, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, the first parameter KA being utilized for the first conversion processing and the second parameter KB being utilized for the second conversion processing; receiving, via a first converting device, the generated first parameter KA; performing the first conversion processing on the original individual specifying information D using a parameter P and the received first parameter KA according to a first expression, the first expression being represented as, C=(KA)^D mod P; generating semi-anonymous individual specifying information C from the original individual specifying information D; receiving, via a second converting device, the generated second parameter KB; receiving the generated semi-anonymous individual specifying information C; and performing the second conversion processing on the received semi-anonymous individual specifying information C using the parameter P and the received second parameter KB according to a second expression; and generating the anonymous individual specifying information E from the generated semi-anonymous individual specifying information C, the second expression being represented as, E=(C)^KB mod P, wherein said first conversion provides the original individual specifying information D, and provides individual related information relating to the individual, a second conversion stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and generating a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×Xinv=1 mod q, and q and G are constants. 17. A computer-readable recording medium storing a program used by an anonymous information system that performs anonymity conversion processing on original individual specifying information D that specifies an individual, to generate anonymous individual specifying information E, the program comprising: generating a first parameter KA and a second parameter KB based on a base parameter, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, the first parameter KA being utilized for the first conversion processing and the second parameter KB being utilized for the second conversion processing; receiving the generated first parameter KA; performing the first conversion processing on the original individual specifying information D using a parameter P and the received first parameter KA according to a first expression, the first expression being represented as, C=(KA)^D mod P; generating semi-anonymous individual specifying information C from the original individual specifying information D; receiving the generated second parameter KB; receiving the generated semi-anonymous individual specifying information C; and performing the second conversion processing on the received semi-anonymous individual specifying information C using the parameter P and the received second parameter KB according to a second expression; and generating the anonymous individual specifying information E from the generated semi-anonymous individual specifying information C, the second expression being represented as, E=(C)^KB mod P, wherein said first conversion provides the original individual specifying information D, and provides individual related information relating to the individual, a second conversion stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and generating a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×Xinv=1 mod q, and q and G are constants.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.