WO2011013495A1 - 情報管理装置、情報管理方法、及び情報管理プログラム - Google Patents
情報管理装置、情報管理方法、及び情報管理プログラム Download PDFInfo
- Publication number
- WO2011013495A1 WO2011013495A1 PCT/JP2010/061592 JP2010061592W WO2011013495A1 WO 2011013495 A1 WO2011013495 A1 WO 2011013495A1 JP 2010061592 W JP2010061592 W JP 2010061592W WO 2011013495 A1 WO2011013495 A1 WO 2011013495A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- unit
- transmission
- service
- candidate
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
Definitions
- the present invention relates to an information management apparatus, an information management method, and an information management program for managing confidential information.
- Patent Documents 1 to 3 can be cited.
- Patent Document 1 proposes a data disclosure apparatus that can provide privacy information of a person while preventing the person from being guessed with respect to a privacy information providing method.
- the data disclosing device includes a holding unit that holds one or more data including one or more attributes, an anonymity calculating unit that calculates anonymity when disclosing a specific attribute of the data, and calculated anonymity
- the property does not have the desired anonymity, it has a granularity change disclosure means for changing the granularity of the data of a specific attribute and disclosing the attribute data so as to have anonymity equal to or higher than a desired threshold Features.
- Such a data disclosure apparatus is capable of disclosing personal information, which cannot be disclosed due to difficulty in ensuring anonymity, by coarsening the description granularity.
- Patent Document 2 discloses an information mediation system that safely discloses privacy information to the outside.
- This information mediation system includes a user terminal, an information provider terminal, and a mediation server.
- the intermediary server sets a disclosure condition for a combination of means for collecting and storing the provision information from the information provider terminal, means for storing the attribute information of the information provider, and each item of the provision information and each item of the attribute information. Holding means.
- the intermediary server publishes the combination according to the publishing condition, and when the combination is not permitted to be published, rewrites data for identifying the provided information and the attribute information to dummy information and provides the information.
- Such an information mediation system can change the method of information disclosure by defining the scope of disclosure of provided information to users based on detailed conditions.
- Patent Document 3 discloses a member information management center apparatus that realizes provision of services tailored to each member while protecting the privacy of the member.
- the member information management center device includes a plurality of individual member information databases that manage individual member information in association with individual member IDs, and a secondary member information database that manages secondary member information in association with secondary member IDs.
- the member information management center device receives the correspondence relationship between the individual member ID and the secondary member ID from the member service providing device having the individual member ID and the secondary member ID associated with each other, the member information management center device collates the member information and uniquely identifies it.
- the abstract individual member information is created by performing a predetermined information processing process that prevents the information from being estimated.
- the member information management center device creates name identification member information including the secondary member ID and the abstract individual member information, stores it in the secondary member information database, and discards the correspondence between the secondary member ID and the individual member ID. It is characterized by that.
- Such a member information management center device is difficult to grasp detailed member information for each member even if the member information is exposed as it is, and can protect the privacy of the member at a certain level. .
- Patent Literature 1 The technology described in Patent Literature 1 is based on the premise that all information is referred to within the permitted range even if the user refers to only a part of the information. Processing is in progress. As a result, the technique described in Patent Document 1 has a problem in that the accuracy of information decreases. The technique described in Patent Document 2 has a problem that the user must recognize that the dummy information is included in the data and remove the dummy information from the analysis. In the technique described in Patent Document 3, when providing secondary member information obtained by performing different abstraction processing for a plurality of disclosure partners, there is a problem that individual members can be identified by performing identification with each other. is there.
- An object of the present invention is to provide an information management apparatus capable of providing confidential information that satisfies anonymity within a range of actual use.
- the information management device of the present invention includes a confidential information storage unit that stores a plurality of personal IDs and information associated with each of the plurality of personal IDs as confidential information, and a desired confidentiality transmitted from the first service providing device.
- a receiving unit that receives a first search condition for acquiring information, a search unit that extracts first candidate information that matches the first search condition from the confidential information storage unit, and a first service providing apparatus that has already been transmitted First candidate information based on the first information having the same type of information as the first candidate information among the plurality of anonymized information and the transmission history storage unit storing the plurality of anonymized information
- an anonymization unit that generates first transmission information processed so as to include the first information, and a transmission unit that transmits the first transmission information to the first service providing apparatus.
- the information management method of the present invention includes a step of receiving a first search condition for obtaining desired confidential information transmitted from a first service providing device, a plurality of personal IDs, and a plurality of personal IDs associated with each of the plurality of personal IDs. Extracting the first candidate information that matches the first search condition from the confidential information storage unit that stores the received information as confidential information, and a plurality of anonymized information already transmitted to the first service providing device Generating first transmission information processed so that the first candidate information and the first information are included based on the first information having the same type of information as the first candidate information among the information; Transmitting one piece of transmission information to the first service providing apparatus.
- the information management program of the present invention relates to a step of receiving a first search condition for acquiring desired confidential information transmitted from a first service providing device, a plurality of personal IDs, and a plurality of personal IDs Extracting the first candidate information that matches the first search condition from the confidential information storage unit that stores the received information as confidential information, and a plurality of anonymized information already transmitted to the first service providing device Generating first transmission information processed so that the first candidate information and the first information are included based on the first information having the same type of information as the first candidate information among the information; A step of transmitting one transmission information to the first service providing apparatus in a computer-executable manner.
- the information management apparatus of the present invention can provide confidential information that satisfies anonymity within the range of actual use.
- FIG. 1 is a functional block diagram showing the configuration of the information management apparatus 100 according to the first embodiment of the present invention.
- FIG. 2 is a block diagram illustrating a hardware configuration example in the embodiment of the information management apparatus 100.
- FIG. 3 is a flowchart showing the processing operation according to the first embodiment of the information management apparatus 100 of the present invention.
- FIG. 4 is a functional block diagram showing the configuration of the information management apparatus 200 according to the second embodiment of the present invention.
- FIG. 5 is a flowchart showing the processing operation according to the second embodiment of the information management apparatus 200 of the present invention.
- FIG. 1 is a functional block diagram showing the configuration of the information management apparatus 100 according to the first embodiment of the present invention.
- FIG. 2 is a block diagram illustrating a hardware configuration example in the embodiment of the information management apparatus 100.
- FIG. 3 is a flowchart showing the processing operation according to the first embodiment of the information management apparatus 100 of the present invention.
- FIG. 4 is a functional block diagram showing the configuration of the information management apparatus
- FIG. 6 is a functional block diagram showing the configuration of the information management apparatus 300 according to the third embodiment of the present invention.
- FIG. 7 is a flowchart showing a processing operation according to the third embodiment of the information management apparatus 300 of the present invention.
- FIG. 8 is a diagram showing behavior information stored in the confidential information recording unit 101.
- FIG. 9 is a diagram showing the state of the transmission history 104a stored in the transmission history storage unit 104.
- FIG. 10 is a diagram in which action information (personal ID “personal Z”) that moves from the residential area to both the office area and the downtown area is added to FIG. 8.
- FIG. 11 shows a position where the anonymization unit 105 has the same area as the anonymized “person C” and “person D” in the location information of the residential area and the office area of the individual ID “person Z”.
- FIG. 12 is a table showing personal IDs stored in the ID correspondence storage unit 110 and service personal IDs corresponding to the personal IDs.
- FIG. 13 is a diagram showing action information of a person whose personal ID stored in the confidential information storage unit 101 is “person A”.
- FIG. 14 is a diagram in which action information of a person whose personal ID is “person B” who moves from the residential area to the downtown area is added to FIG. 13.
- FIG. 1 is a functional block diagram showing the configuration of the information management apparatus 100 according to the first embodiment of the present invention.
- the information management apparatus 100 of the present invention is connected to a plurality of service providing apparatuses 10 (10a, 10b, 10c) via an information transmission path such as a network.
- Each of the plurality of service providing apparatuses 10 is operated by various service providers.
- the information management apparatus 100 of the present invention can anonymize stored confidential information and transmit it to each service providing apparatus 10.
- the information management apparatus 100 includes a confidential information storage unit 101, a reception unit 102, a search unit 103, a transmission history storage unit 104, an anonymization unit 105, a management unit 106, and a transmission unit 107. It comprises.
- the confidential information storage unit 101 stores a plurality of personal information as confidential information. Specifically, the confidential information storage unit 101 stores a plurality of personal IDs and information (personal information) associated with each of the plurality of personal IDs as confidential information.
- the personal ID is an ID for identifying a person such as an information owner, a sender, or an administrator.
- Information associated with each of a plurality of personal IDs includes information for identifying a person such as name and address, information for clarifying a person's characteristics such as movement information and purchase information, and information that infringes privacy. At least one of them.
- the personal ID format only needs to be uniquely identifiable by the information management apparatus 100, and may be in a format such as UUID (Universally Unique Identifier), or URI (Uniform Resource Identifier) or XRI (Extensible Identifier) adopted in OpenID or the like. (Resource Identifier) may be used.
- UUID Universally Unique Identifier
- URI Uniform Resource Identifier
- XRI Extensible Identifier
- the receiving unit 102 receives a search request transmitted by the service providing apparatus 10 to acquire desired confidential information.
- the search request includes search conditions such as the name of the person, the type of information, the period during which the information was generated, and a service ID for identifying the service providing apparatus 10 or the service provider.
- the receiving unit 102 provides the received search request to the search unit 103.
- the search unit 103 extracts search conditions from the received search request.
- the search unit 103 extracts a plurality of information (candidate information) that matches the search condition from the confidential information stored in the confidential information storage unit 101.
- the candidate information includes a personal ID and a plurality of information associated with the personal ID.
- the search unit 103 provides a plurality of candidate information and the service ID included in the search request to the anonymization unit 105.
- the transmission history storage unit 104 stores a transmission history.
- the transmission history is obtained by associating a plurality of anonymized information (transmission information) already transmitted to each service providing apparatus 10 and a service ID for identifying the service providing apparatus 10 that is the transmission destination of each transmission information. is there.
- the anonymized information (transmission information) includes a plurality of personal IDs and a plurality of processed information.
- the processed information is processed (anonymized) so as to include at least two of the information associated with the plurality of personal IDs so that the person corresponding to the personal ID in the confidential information storage unit 101 is not specified. Indicates information.
- the anonymization unit 105 described later performs anonymization of confidential information, and the transmission unit 107 described later transmits transmission information.
- the service ID format may be any format that can be uniquely identified by the information management apparatus 100 and that can transmit transmission information to the service providing apparatus 10, and may be a general format such as a URL (Uniform Resource Locator) or URI. Good.
- the anonymization unit 105 receives a plurality of candidate information and service IDs from the search unit 103.
- the anonymization unit 105 refers to the transmission history (a set of service ID and transmission information) in the transmission history storage unit 104, and extracts a plurality of transmission information associated with the same service ID as the received service ID.
- the anonymization unit 105 merges the plurality of candidate information and the extracted plurality of transmission information to generate temporary transmission information.
- the anonymization unit 105 performs processing (anonymization) such as abstraction, obfuscation, and partial deletion on a plurality of candidate information using a plurality of pieces of transmission information so that the provisional transmission information satisfies anonymity. .
- the anonymization unit 105 processes so as to include at least one candidate information and at least one transmission information having the same type of information as the candidate information.
- the anonymization unit 105 provides the anonymized temporary transmission information to the management unit 106 together with the service ID as new transmission information.
- the anonymization unit 105 uses a plurality of candidate information to process at least two pieces of candidate information having the same type of information. New transmission information can be generated.
- the management unit 106 receives a service ID and new transmission information from the anonymization unit 105.
- the management unit 106 provides new transmission information transmitted to the service providing apparatus 10 to the transmission history storage unit 104 together with the service ID. Further, the management unit 106 provides the service ID and new transmission information to the transmission unit 107. Note that the transmission history storage unit 104 stores new transmission information in the transmission history in association with the service ID.
- the transmission unit 107 receives a service ID and new transmission information.
- the transmission unit 107 transmits new transmission information to the service providing apparatus 10 based on the service ID.
- FIG. 2 is a block diagram illustrating a hardware configuration example in the embodiment of the information management apparatus 100.
- an information management apparatus 100 according to the present invention includes a CPU (Central Processing Unit) 1, a storage device 2, an input device 3, an output device 4, and a bus 5 that connects the devices. Consists of a system.
- CPU Central Processing Unit
- the CPU 1 performs arithmetic processing and control processing related to the information management device 100 of the present invention stored in the storage device 2.
- the storage device 2 is a device that records information, such as a hard disk or a memory.
- the storage device 2 stores a program read from a computer-readable storage medium such as a CD-ROM or DVD, a signal or program input from the input device 3, and a processing result of the CPU 1.
- the input device 3 is a device that allows a user to input commands and signals, such as a mouse, a keyboard, and a microphone.
- the output device 4 is a device that causes the user to recognize the output result, such as a display or a speaker.
- this invention is not limited to what was shown with the hardware structural example, Each part can be implement
- FIG. 3 is a flowchart showing the processing operation according to the first embodiment of the information management apparatus 100 of the present invention. With reference to FIG. 3, a processing operation according to the first embodiment of the present invention will be described.
- Step S01 The receiving unit 102 receives a search request from the service providing apparatus 10.
- the search request includes search conditions such as the name of the person, the type of information, the period during which the information was generated, and a service ID for identifying the service providing apparatus 10 or the service provider.
- the receiving unit 102 provides the received search request to the search unit 103.
- Step S02 The search unit 103 extracts search conditions from the received search request.
- the search unit 103 extracts a plurality of information (candidate information) that matches the search condition from the confidential information stored in the confidential information storage unit 101.
- the candidate information includes a personal ID and a plurality of information associated with the personal ID.
- the search unit 103 provides a plurality of candidate information and the service ID included in the search request to the anonymization unit 105.
- Step S03 The anonymization unit 105 receives a plurality of candidate information and service IDs from the search unit 103.
- the anonymization unit 105 anonymizes a plurality of candidate information using the transmission history. Specifically, the anonymization unit 105 refers to the transmission history (a set of service ID and transmission information) in the transmission history storage unit 104, and displays a plurality of pieces of transmission information associated with the same service ID as the received service ID. Extract. Next, the anonymization unit 105 merges the plurality of candidate information and the extracted plurality of transmission information to generate temporary transmission information.
- the anonymization unit 105 performs processing (anonymization) such as abstraction, ambiguity, and partial deletion on the plurality of candidate information using the plurality of transmission information so that the provisional transmission information satisfies anonymity. .
- processing anonymization
- the anonymization unit 105 processes so as to include at least one candidate information and at least one transmission information having the same type of information as the candidate information.
- the anonymization unit 105 provides the anonymized temporary transmission information to the management unit 106 together with the service ID as new transmission information.
- the anonymization unit 105 uses a plurality of candidate information to process the transmission information so as to have at least two pieces of information of the same type, thereby creating new transmission information. Can be generated.
- Step S04 The management unit 106 receives a service ID and new transmission information from the anonymization unit 105.
- the management unit 106 provides new transmission information transmitted to the service providing apparatus 10 to the transmission history storage unit 104 together with the service ID. Further, the management unit 106 provides the service ID and new transmission information to the transmission unit 107.
- the transmission history storage unit 104 stores the new transmission information in the transmission history in association with the service ID.
- Step S05 The transmission unit 107 receives a service ID and new transmission information.
- the transmission unit 107 transmits new transmission information to the service providing apparatus 10 based on the service ID.
- the information management apparatus 100 anonymizes confidential information requested by the service providing apparatus 10 together with transmission information transmitted to the service providing apparatus 10 in the past. Can be provided. Even if the accuracy of the information is too low if the entire confidential information is anonymized, if the confidential information requested by the service providing apparatus 10 is a part of the entire information, the deterioration of the accuracy of the information can be minimized. it can. As described above, the information management apparatus 100 according to the first embodiment of the present invention has an effect of improving the accuracy of information in the process of ensuring the anonymity of confidential information provided to the service providing apparatus 10. .
- the information management apparatus 200 according to the second embodiment of the present invention is different from the information management apparatus 100 according to the first embodiment in that the personal ID included in the confidential information can be converted and provided for each service providing apparatus 10. It is.
- FIG. 4 is a functional block diagram showing the configuration of the information management apparatus 200 according to the second embodiment of the present invention.
- an information management apparatus 200 according to the second exemplary embodiment of the present invention includes a confidential information storage unit 101, a reception unit 102, a search unit 103, a transmission history storage unit 104, and an anonymization unit 105.
- the confidential information storage unit 101, the reception unit 102, the search unit 103, the transmission history storage unit 104, the anonymization unit 105, the management unit 106, and the transmission unit 107 are the same as those in the first embodiment. Since there is, explanation is omitted.
- the ID conversion unit 111 receives a plurality of candidate information and a service ID from the search unit 103.
- the ID conversion unit 111 reads out a personal ID included in each of the plurality of candidate information.
- the ID conversion unit 111 refers to the ID correspondence storage unit 110 and extracts a service personal ID corresponding to the received service ID and the read personal ID.
- the ID conversion unit 111 replaces the personal ID included in each of the plurality of candidate information with the extracted service personal ID.
- the ID conversion unit 111 provides the anonymization unit 105 with a service ID and a plurality of candidate information including each service personal ID.
- FIG. 5 is a flowchart showing the processing operation of the information management apparatus 200 according to the second embodiment of the present invention. The processing operation according to the second embodiment of the present invention will be described with reference to FIG.
- Step S10 The receiving unit 102 receives a search request from the service providing apparatus 10.
- the search request includes search conditions such as the name of the person, the type of information, the period during which the information was generated, and a service ID for identifying the service providing apparatus 10 or the service provider.
- the receiving unit 102 provides the received search request to the search unit 103.
- Step S11 The search unit 103 extracts search conditions from the received search request.
- the search unit 103 extracts a plurality of information (candidate information) that matches the search condition from the confidential information stored in the confidential information storage unit 101.
- the candidate information includes a personal ID and a plurality of information associated with the personal ID.
- the search unit 103 provides a plurality of candidate information and the service ID included in the search request to the ID conversion unit 111.
- Step S12 The ID conversion unit 111 receives a plurality of candidate information and a service ID from the search unit 103.
- the ID conversion unit 111 reads out a personal ID included in each of the plurality of candidate information.
- the ID conversion unit 111 refers to the ID correspondence storage unit 110 and extracts a service personal ID corresponding to the received service ID and the read personal ID.
- the ID conversion unit 111 replaces the personal ID included in each of the plurality of candidate information with the extracted service personal ID.
- the ID conversion unit 111 provides the anonymization unit 105 with a service ID and a plurality of candidate information including each service personal ID.
- Step S13 The anonymization unit 105 receives a plurality of candidate information and service IDs from the ID conversion unit 111.
- the anonymization unit 105 anonymizes a plurality of candidate information using the transmission history.
- the details of anonymization are the same as those in the first embodiment.
- Step S14 The management unit 106 receives a service ID and new transmission information from the anonymization unit 105.
- the management unit 106 provides new transmission information transmitted to the service providing apparatus 10 to the transmission history storage unit 104 together with the service ID. Further, the management unit 106 provides the service ID and new transmission information to the transmission unit 107.
- the transmission history storage unit 104 stores the new transmission information in the transmission history in association with the service ID.
- Step S15 The transmission unit 107 receives a service ID and new transmission information.
- the transmission unit 107 transmits new transmission information to the service providing apparatus 10 based on the service ID.
- the information management apparatus 200 includes different service personal IDs for each service providing apparatus 10 when the types of confidential information requested by the service providing apparatuses 10 are different. Anonymized confidential information can be provided.
- the information management apparatus 200 has an effect of preventing a plurality of service providing apparatuses 10 from colluding and performing name identification of information. In other words, even if a plurality of service providing apparatuses 10 collide, each service providing apparatus 10 cannot determine that the confidential information provided is information of the same person, and thus there is no possibility that the person is specified. Therefore, the information management apparatus 200 according to the second embodiment of the present invention differs even when a person is specified by combining a plurality of different types of anonymized confidential information. It can be provided to the service providing apparatus 10.
- the information management apparatus 300 according to the third embodiment of the present invention is different from the information management apparatus 100 of the first embodiment in that information that has not been transmitted to the service providing apparatus 10 because it does not satisfy anonymity, It is used for processing anonymity for subsequent search requests.
- FIG. 6 is a functional block diagram showing the configuration of the information management apparatus 300 according to the third embodiment of the present invention.
- the information management apparatus 300 according to the third exemplary embodiment of the present invention includes a confidential information storage unit 101, a reception unit 102, a search unit 103, a transmission history storage unit 104, and a transmission unit 107.
- the unsent history storage unit 120 stores an unsent history. Since the unsent history does not satisfy anonymity (because it cannot be anonymized), a plurality of information (unsent information) that has not been transmitted to the service providing apparatus 10 and the service ID of the destination of each unsent information It is related.
- the untransmitted information is a plurality of pieces of information associated with the personal ID included in the candidate information and a plurality of pieces of information that cannot be anonymized are associated with the personal ID.
- the second anonymization unit 121 receives a plurality of candidate information and service IDs from the search unit 103.
- the second anonymization unit 121 refers to the transmission history (a set of service ID and transmission information) in the transmission history storage unit 104 and extracts a plurality of transmission information associated with the same service ID as the received service ID. To do.
- the second anonymization unit 121 refers to the unsent history (a set of service ID and unsent information) in the unsent history storage unit 120, and associates a plurality of services associated with the same service ID as the received service ID. Unsent information is extracted.
- the second anonymization unit 121 merges the plurality of candidate information, the extracted transmission information, and the extracted untransmitted information to generate temporary transmission information.
- the second anonymization unit 121 uses a plurality of pieces of transmission information and a plurality of pieces of untransmitted information so that the provisional transmission information satisfies anonymity. Processing (anonymization) such as deletion is performed. In other words, the second anonymization unit 121 processes at least one candidate information and at least one untransmitted information or at least one transmission information having the same type of information as the candidate information. At this time, the second anonymization unit 121 anonymizes information of a type that is not included in any of the untransmitted information and the transmitted information among a plurality of information associated with the personal ID included in the candidate information. Judged as unsent information that cannot be converted.
- the 2nd anonymization part 121 makes the temporary transmission information anonymized new transmission information, and divides
- the second anonymization unit 121 provides anonymized provisional transmission information as new transmission information to the second management unit 122 together with the service ID, and information that cannot be anonymized among the plurality of candidate information is newly unregistered.
- the transmission information is provided to the second management unit 122 together with the service ID.
- the second management unit 122 provides new transmission information and service ID to the transmission history storage unit 104, and provides new untransmitted information and service ID to the non-transmission history storage unit 120.
- FIG. 7 is a flowchart showing the processing operation of the information management apparatus 300 according to the third embodiment of the present invention. A processing operation according to the third embodiment of the present invention will be described with reference to FIG.
- Step S30 The receiving unit 102 receives a search request from the service providing apparatus 10.
- the search request includes a search condition such as a person's name, information type, and information generation period, and a service ID for identifying the service providing apparatus 10 or the service provider.
- the receiving unit 102 provides the received search request to the search unit 103.
- Step S31 The search unit 103 extracts search conditions from the received search request.
- the search unit 103 extracts a plurality of information (candidate information) that matches the search condition from the confidential information stored in the confidential information storage unit 101.
- the candidate information includes a personal ID and a plurality of information associated with the personal ID.
- the search unit 103 provides a plurality of candidate information and a service ID included in the search request to the second anonymization unit 121.
- Step S32 The second anonymization unit 121 receives a plurality of candidate information and service ID from the search unit 103.
- the second anonymization unit 121 refers to the transmission history (a set of service ID and transmission information) in the transmission history storage unit 104 and extracts a plurality of transmission information associated with the same service ID as the received service ID. To do.
- the second anonymization unit 121 refers to the unsent history (a set of service ID and unsent information) in the unsent history storage unit 120, and associates a plurality of services associated with the same service ID as the received service ID. Unsent information is extracted.
- the second anonymization unit 121 merges the plurality of candidate information, the extracted transmission information, and the extracted untransmitted information to generate temporary transmission information.
- the second anonymization unit 121 uses a plurality of pieces of transmission information and a plurality of pieces of untransmitted information so that the provisional transmission information satisfies anonymity. Processing (anonymization) such as deletion is performed. In other words, the second anonymization unit 121 processes at least one candidate information and at least one untransmitted information or at least one transmission information having the same type of information as the candidate information. At this time, the second anonymization unit 121 anonymizes information of a type that is not included in any of the untransmitted information and the transmitted information among a plurality of information associated with the personal ID included in the candidate information. Judged as unsent information that cannot be converted.
- the 2nd anonymization part 121 makes the temporary transmission information anonymized new transmission information, and divides
- the second anonymization unit 121 provides anonymized provisional transmission information as new transmission information to the second management unit 122 together with the service ID, and information that cannot be anonymized among the plurality of candidate information is newly unregistered.
- the transmission information is provided to the second management unit 122 together with the service ID.
- Step S33 and Step S34 The second management unit 122 receives a service ID, new transmission information, and new untransmitted information from the second anonymization unit 121.
- the second management unit 122 provides the service ID and new transmission information to the transmission history storage unit 104, and provides the service ID and new untransmitted information to the untransmission history storage unit 120. Furthermore, the second management unit 122 provides the transmission unit 107 with the service ID and new transmission information.
- the transmission history storage unit 104 stores the new transmission information in the transmission history in association with the service ID.
- the unsent history storage unit 120 associates new unsent information with the service ID and stores them in the unsent history.
- Step S35 The transmission unit 107 receives a service ID and new transmission information from the management unit 106.
- the transmission unit 107 transmits new transmission information to the service providing apparatus 10 based on the service ID.
- the information management apparatus 300 uses the information that is not transmitted because it does not satisfy anonymity even though it is requested by the service providing apparatus 10. It can be used to process anonymity of information to be transmitted later. For example, since information can be anonymized assuming that information that has not been sent before has been sent, information with higher accuracy can be sent.
- the information management apparatuses 100, 200, and 300 of the present invention collect requests received from the service providing apparatus 10 in addition to synchronously returning confidential information that has been anonymized in response to a request from the service providing apparatus 10.
- the confidential information may be retrieved and anonymized together and returned to the service providing apparatus 10.
- the information management apparatuses 100, 200, and 300 may include a storage unit (not shown) that can store a search request.
- the search unit 103 retrieves one or more search requests from the storage unit when the number of search requests from the same service providing apparatus 10 stored in the storage unit exceeds a certain number. Confidential confidential information may be searched. Furthermore, the anonymization unit 105 and the second anonymization unit 121 may anonymize all confidential information and collectively generate transmission information. According to this configuration, since anonymization can be performed for more confidential information, the accuracy of the confidential information can be increased.
- an anonymization method in addition to reducing the accuracy of confidential information or deleting a part of confidential information, some information is replaced with dummy information, or miscellaneous information is added to make confidential information inconspicuous You may perform processing, such as doing. That is, the search request from the service providing apparatus 10 may include a search condition, a service ID, and a policy that can specify an anonymization method. In that case, you may have an anonymization part which interprets a policy instead of the anonymization part 105 and the 2nd anonymization part 121, and anonymizes confidential information by the designated method. According to this configuration, since the confidential information is provided in a format that is easy for the service providing apparatus 10, the confidential information can be utilized to the maximum extent.
- any combination of the above-described constituent elements and a change in the expression of the present invention among methods, apparatuses, systems, storage media, computer programs, etc. are also effective as an aspect of the present invention.
- the various components of the present invention do not necessarily have to be independent of each other.
- a plurality of components are formed as a single member, and a single component is formed of a plurality of members. It may be that a certain component is a part of another component, a part of a certain component overlaps a part of another component, or the like.
- the data processing method of the present invention and the plurality of procedures of the computer program are not limited to being executed at different timings. For this reason, another procedure may occur during the execution of a certain procedure, or some or all of the execution timing of a certain procedure and the execution timing of another procedure may overlap.
- the confidential information storage unit 101 stores movement information indicating what action a person has taken as information associated with a personal ID. Particularly in the present embodiment, the confidential information storage unit 101 stores the personal ID and the movement information from position to position as action information (confidential information). More specifically, the confidential information storage unit 101 is configured such that the latitude / longitude measured by GPS, the location information represented by area information measured using a mobile phone base station, A directed graph including an arrow indicating movement to a position is stored as movement information. Furthermore, the confidential information storage unit 101 may further store the time and time zone staying at a certain position and the contents of shopping or entertainment performed at the position in association with each other.
- FIG. 8 is a diagram showing behavior information stored in the confidential information recording unit 101.
- the confidential information storage unit 101 stores, as behavior information, personal IDs “person A”, “person B”, “person C”, “person D”, and movement information in association with each other. Yes.
- the movement information associated with each of “person A” and “person B” indicates that the person has moved from a position in the residential area to a position in the downtown area.
- the movement information associated with each of “person C” and “person D” indicates that the person has moved from a position in the residential area to a position in the office district.
- FIG. 9 is a diagram showing a state of the transmission history 104a stored in the transmission history storage unit 104.
- the transmission history 104a is empty.
- the anonymization unit 105 determines that anonymity is satisfied when it is processed so as to include two or more pieces of movement information (when there are two or more persons taking the same action).
- the receiving unit 102 receives the search request 1 shown in FIG. 9 from the service providing apparatus 10a (step S01 in FIG. 3).
- the search request 1 includes a search condition “behavior information of a person moving from the residential area to the office area” and a service ID “http://service1.com” for identifying the service providing apparatus 10a.
- the receiving unit 102 provides the received search request to the search unit 103.
- the search unit 103 retrieves “behavior information of a person moving from the residential area to the office area” as a search condition from the received search request.
- the search unit 103 extracts a plurality of candidate information that matches the search condition from the confidential information stored in the confidential information storage unit 101. That is, the search unit 103 extracts the movement information associated with the personal IDs “personal C” and “personal C” and the movement information associated with the personal IDs “personal D” and “personal D”.
- the search unit 103 provides the plurality of candidate information and the service ID included in the search request to the anonymization unit 105 (step S02 in FIG. 3).
- the anonymization unit 105 receives a plurality of candidate information and service IDs from the search unit 103.
- the anonymization unit 105 anonymizes a plurality of candidate information using the transmission history 104a.
- the anonymization unit 105 processes a plurality of pieces of candidate information so as to include two pieces of movement information, and generates new transmission information. That is, the anonymization unit 105 uses the two pieces of movement information associated with each of “person C” and “person D” to convert the position information in the residential area and the office area into two pieces of position information. Is converted into position information having a certain size so as to be included (anonymized).
- the anonymization unit 105 provides new transmission information to the management unit 106 together with the service ID (step S03 in FIG. 3).
- the management unit 106 receives a service ID and new transmission information from the anonymization unit 105.
- the management unit 106 provides new transmission information transmitted to the service providing apparatus 10a to the transmission history storage unit 104 together with the service ID. Further, the management unit 106 provides the service ID and new transmission information to the transmission unit 107.
- the transmission history storage unit 104 stores new transmission information in the transmission history 104a in association with the service ID.
- the transmission history 104a is in the state (b) shown in FIG. 9 (step S04 in FIG. 3).
- the transmission unit 107 receives a service ID and new transmission information.
- the transmitting unit 107 transmits new transmission information to the service providing apparatus 10a based on the service ID “http://service1.com” (step S05 in FIG. 3).
- the information management apparatus 100 performs the same process on the service providing apparatus 10b. Specifically, the search unit 103 extracts the search condition “behavior information of a person moving from the residential area to the downtown area” from the received search request 2. The search unit 103 matches the search condition with the movement information associated with the personal IDs “person A” and “person A”, the movement information associated with the personal IDs “person B” and “person B”, Are extracted as a plurality of candidate information.
- the anonymization unit 105 anonymizes a plurality of candidate information using the transmission history 104a. In the state (b), since the transmission information associated with the service ID of the service providing apparatus 10b is not stored in the transmission history 104a, the anonymization unit 105 includes two pieces of movement information using a plurality of candidate information.
- the anonymization unit 105 provides a plurality of anonymized candidate information as new transmission information to the management unit 106 together with the service ID. Thereafter, the transmission history storage unit 104 stores the new transmission information in the transmission history 104a in association with the service ID.
- the transmission history 104a is in the state (c) shown in FIG. In the state (c) of FIG. 9, the upper row is for the service providing device 10a, and the lower transmission history is for the service providing device 10b.
- FIG. 10 is a diagram in which action information (personal ID “personal Z”) that moves from the residential area to both the office area and the downtown area is added to FIG. 8.
- the information providing apparatus 10a issues a search request including a conditional expression for searching for action information added since the previous search to the action information of the person moving from the residential area to the office area.
- the search condition here indicates that the information of the same type as that of the previous search request is searched after being added after the search execution by the previous search request.
- the receiving unit 102 receives the search request (step S01 in FIG. 3).
- the search unit 103 extracts, as candidate information, “personal Z” having a personal ID that matches the search conditions and movement information that moves from the residential area associated with “personal Z” to the office area.
- the search unit 103 provides the candidate information and the service ID included in the search request to the anonymization unit 105 (step S02 in FIG. 3).
- the anonymization unit 105 receives candidate information and a service ID from the search unit 103.
- the anonymization unit 105 anonymizes candidate information using the transmission history (step S03 in FIG. 3). Specifically, the anonymization unit 105 refers to the transmission history 104a in the transmission history storage unit 104 and extracts transmission information associated with the same service ID as the service ID of the service providing apparatus 10a. Next, the anonymization unit 105 merges the candidate information and the extracted transmission information to generate temporary transmission information.
- the anonymization unit 105 performs processing (anonymization) such as abstraction, ambiguity, and partial deletion on the candidate information using the transmission information so that the provisional transmission information satisfies anonymity.
- the anonymization unit 105 moves from the residential area of “individual Z” to the office area, and from the anonymized residential areas of “person C” and “person D” to the office area. It is processed so as to include movement information to move.
- FIG. 11 shows a position where the anonymization unit 105 has the same area as the anonymized “person C” and “person D” in the location information of the residential area and the office area of the individual ID “person Z”. It is the figure which showed a mode that it converted into information.
- the anonymization unit 105 provides new transmission information to the management unit 106 together with the service ID.
- the management unit 106 receives the service ID of the service providing apparatus 10a and new transmission information from the anonymization unit 105.
- the management unit 106 provides new transmission information transmitted to the service providing apparatus 10a to the transmission history storage unit 104 together with the service ID. Further, the management unit 106 provides the service ID and new transmission information to the transmission unit 107.
- the transmission history storage unit 104 stores the new transmission information in the transmission history in association with the service ID (step S04 in FIG. 3).
- the transmission unit 107 receives a service ID and new transmission information.
- the transmission unit 107 transmits new transmission information to the service providing apparatus 10 based on the service ID (step S05 in FIG. 3).
- Example 2 Next, as an example of the information management apparatus 200 according to the second exemplary embodiment of the present invention, an example in which a personal ID is converted into an ID unique to the service providing apparatus 10 according to the service providing apparatus 10 as a request source will be described. To do.
- the confidential information storage unit 101 of the information management apparatus 200 moves as “person A”, “person B”, “person C”, and “person D” of personal IDs, similarly to the behavior information of FIG. It is stored in association with information.
- the ID correspondence storage unit 110 stores a plurality of personal IDs in association with a plurality of service personal IDs that are different for each service providing apparatus 10.
- FIG. 12 is a table showing personal IDs stored in the ID correspondence storage unit 110 and service personal IDs corresponding to the personal IDs. Referring to FIG. 12, for the personal ID “person A”, a service personal ID “person ⁇ ” for the service providing apparatus 10a and a service individual ID “person 1” for the service providing apparatus 10b are set. The same applies to “person B”, “person C”, and “person D”.
- the receiving unit 102 receives the search request 1 shown in FIG. 9 from the service providing apparatus 10a (step S10 in FIG. 5).
- the search request 1 includes a search condition “behavior information of a person moving from the residential area to the office area” and a service ID “http://service1.com” for identifying the service providing apparatus 10a.
- the receiving unit 102 provides the received search request to the search unit 103.
- the search unit 103 retrieves “behavior information of a person moving from the residential area to the office area” as a search condition from the received search request.
- the search unit 103 searches the confidential information stored in the confidential information storage unit 101 from the personal information “personal C” and the personal information “Personal C” that match the search conditions, and the personal ID “personal C”.
- Individual D ”and movement information associated with“ Person D ” are extracted as a plurality of candidate information.
- the search unit 103 provides the plurality of candidate information and the service ID included in the search request to the ID conversion unit 111 (step S11 in FIG. 5).
- the ID conversion unit 111 receives a plurality of candidate information and a service ID from the search unit 103.
- the ID conversion unit 111 reads “personal C” and “personal D” of personal IDs included in the plurality of candidate information.
- the ID conversion unit 111 pays attention to “person C” and “person D” associated with the service providing apparatus 10a, and “person ⁇ ” corresponding to “person C” and “person ⁇ ” corresponding to “person D”. ”Is extracted from the ID correspondence storage unit 110.
- the ID conversion unit 111 replaces the personal ID included in each of the plurality of candidate information with the extracted service personal ID (step S12 in FIG. 5).
- the ID conversion unit 111 provides the anonymization unit 105 with a service ID and a plurality of candidate information including each service personal ID.
- the subsequent steps S13 to S15 in FIG. 5 are the same as the operation of the first embodiment, and thus the description thereof is omitted.
- Example 3 As an example of the information management apparatus 300 according to the third exemplary embodiment of the present invention, information that has not been transmitted to the service providing apparatus 10 because it does not satisfy anonymity is processed for anonymity for subsequent search requests.
- the confidential information storage unit 101 stores behavior information of a person whose personal ID is “person A” in the initial state.
- FIG. 13 is a diagram showing action information of a person whose personal ID stored in the confidential information storage unit 101 is “person A”. Referring to FIG. 13, the movement information associated with the “person A” of the personal ID represents the movement from the residential area to the downtown area.
- the transmission history in the transmission history storage unit 104 and the non-transmission history in the non-transmission history storage unit 120 are empty in the initial state.
- the service providing apparatus 10 transmits a search request including a search condition for acquiring action information of a person moving from a residential area to a downtown area to the information management apparatus 300.
- the receiving unit 102 of the information management apparatus 300 receives the search request (step S30 in FIG. 7).
- the search unit 103 extracts, as candidate information, “person A” having a personal ID that matches the search condition and movement information that moves from the residential area associated with “person A” to the downtown area (FIG. 7). Step S31).
- the search unit 103 provides the candidate information and the service ID included in the search request to the second anonymization unit 121.
- the second anonymization unit 121 receives candidate information and a service ID from the search unit 103.
- the second anonymization unit 121 sets the candidate information (the action information of the person whose personal ID is “person A”) as new untransmitted information (FIG. 7 step S32).
- the second anonymization unit 121 provides new untransmitted information to the second management unit 122 together with the service ID.
- the unsent history storage unit 120 stores unsent information (step S34 in FIG. 7).
- FIG. 14 is a diagram in which action information of a person whose personal ID is “person B” who moves from the residential area to the downtown area is added to FIG. 13.
- the service providing apparatus 10 sends a search request including a conditional expression for searching for action information added since the previous search to the action information of a person moving from the residential area to the downtown area.
- the message is transmitted to 300.
- the search condition here indicates that a search is performed for the same type of information as the previous search request (the same type of information that cannot be anonymized) that has been added since the previous search request was executed. .
- the receiving unit 102 receives the search request (step S30 in FIG. 7).
- the search unit 103 uses the confidential information stored in the confidential information storage unit 101 as the candidate information for the “person B” with the personal ID that matches the search condition and the movement information associated with the “person B”. (Step S31 in FIG. 7).
- the search unit 103 provides the candidate information and the service ID included in the search request to the second anonymization unit 121.
- the second anonymization unit 121 receives candidate information and a service ID from the search unit 103.
- the second anonymization unit 121 refers to the unsent history (a set of service ID and unsent information) in the unsent history storage unit 120 and is associated with the same service ID as the service ID of the service providing apparatus 10. Unsent information is extracted.
- the second anonymization unit 121 merges the candidate information and the extracted untransmitted information to generate temporary transmission information.
- the second anonymization unit 121 performs processing (anonymization) such as abstraction, ambiguity, and partial deletion on the candidate information using the untransmitted information so that the provisional transmission information satisfies anonymity. .
- the second anonymization unit 121 includes candidate information (behavior information of a person whose personal ID is “Person B”) and unsent information (behavior information of a person whose personal ID is “Person A”). To be processed. At this time, the second anonymization unit 121 anonymizes information of a type that is not included in the information associated with the personal ID “person A” among the plurality of information associated with the personal ID “person B”. Judged as unsent information that cannot be converted. And the 2nd anonymization part 121 divides
- the second anonymization unit 121 provides anonymized provisional transmission information as new transmission information to the second management unit 122 together with the service ID, and sets information that cannot be anonymized as new untransmitted information along with the service ID. 2 to the management unit 122 (step S32 in FIG. 7).
- the second management unit 122 receives the service ID, new transmission information, and new untransmitted information from the second anonymization unit 121.
- the second management unit 122 provides the service ID and new transmission information to the transmission history storage unit 104, and provides the service ID and new untransmitted information to the untransmission history storage unit 120.
- the second management unit 122 provides the transmission unit 107 with the service ID and new transmission information.
- the transmission history storage unit 104 stores the new transmission information in the transmission history in association with the service ID (step S33 in FIG. 7).
- the unsent history storage unit 120 associates new unsent information with the service ID and stores them in the unsent history (step S34 in FIG. 7).
- the transmission unit 107 receives a service ID and new transmission information from the management unit 106.
- the transmission unit 107 transmits new transmission information to the service providing apparatus 10 based on the service ID (step S35 in FIG. 7).
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Medical Informatics (AREA)
- Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- General Business, Economics & Management (AREA)
- Tourism & Hospitality (AREA)
- Quality & Reliability (AREA)
- Strategic Management (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
Description
本発明の第1の実施の形態を説明する。図1は、本発明の第1の実施の形態による情報管理装置100の構成を示す機能ブロック図である。本発明の情報管理装置100は、ネットワークなどの情報伝送経路を介して、複数のサービス提供装置10(10a、10b、10c)と接続される。複数のサービス提供装置10の各々は、様々なサービス提供者によって操作される。本発明の情報管理装置100は、格納している機密情報に匿名化を施して、各サービス提供装置10へ送信することができる。図1を参照すると、情報管理装置100は、機密情報記憶部101と、受信部102と、検索部103と、送信履歴記憶部104と、匿名化部105と、管理部106と、送信部107とを具備する。
受信部102は、サービス提供装置10から検索要求を受信する。検索要求は、人物の氏名や、情報の種類や、情報が生成された期間等の検索条件と、サービス提供装置10又はサービス提供者を識別するサービスIDとを含む。受信部102は、受信した検索要求を検索部103に提供する。
検索部103は、受け取った検索要求から検索条件を取り出す。検索部103は、機密情報記憶部101に格納されている機密情報の中から、検索条件に合致する複数の情報(候補情報)を抽出する。候補情報は、個人IDと、個人IDに関連付けられた複数の情報とを含む。検索部103は、複数の候補情報と、検索要求に含まれるサービスIDとを匿名化部105に提供する。
匿名化部105は、検索部103から複数の候補情報とサービスIDとを受け取る。匿名化部105は、送信履歴を用いて複数の候補情報を匿名化する。詳細には、匿名化部105は、送信履歴記憶部104の送信履歴(サービスIDと送信情報との組)を参照して、受け取ったサービスIDと同じサービスIDと関連付けられた複数の送信情報を抽出する。次に、匿名化部105は、複数の候補情報と、抽出した複数の送信情報とをマージして仮送信情報を生成する。匿名化部105は、仮送信情報が匿名性を満たすように、複数の送信情報を用いて、複数の候補情報に対して、抽象化、曖昧化、部分削除等の加工(匿名化)を施す。換言すると、匿名化部105は、少なくとも1つの候補情報と、その候補情報と同じ種類の情報を有する少なくとも1つの送信情報とが含まれるように加工する。匿名化部105は、仮送信情報が匿名性を満たした時点で、匿名化された仮送信情報を新たな送信情報としてサービスIDと共に管理部106に提供する。尚、匿名化部105は、送信履歴記憶部104に送信情報が格納されていない場合、複数の候補情報を用いて、同じ種類の情報を少なくとも2つ以上有するように加工し、新たな送信情報を生成することができる。
管理部106は、匿名化部105からサービスIDと新たな送信情報とを受け取る。管理部106は、サービス提供装置10に送信される新たな送信情報をサービスIDと共に送信履歴記憶部104に提供する。更に、管理部106は、サービスIDと新たな送信情報とを送信部107へ提供する。送信履歴記憶部104は、新たな送信情報をサービスIDと関連付けて、送信履歴に格納する。
送信部107は、サービスIDと新たな送信情報とを受け取る。送信部107は、サービスIDに基づいて、新たな送信情報をサービス提供装置10に送信する。
本発明の第2の実施の形態を説明する。本発明の第2の実施の形態による情報管理装置200が第1の実施の形態の情報管理装置100と異なることは、機密情報に含まれる個人IDをサービス提供装置10毎に変換して提供できることである。
受信部102は、サービス提供装置10から検索要求を受信する。検索要求は、人物の氏名や、情報の種類や、情報が生成された期間等の検索条件と、サービス提供装置10又はサービス提供者を識別するサービスIDとを含む。受信部102は、受信した検索要求を検索部103に提供する。
検索部103は、受け取った検索要求から検索条件を取り出す。検索部103は、機密情報記憶部101に格納されている機密情報の中から、検索条件に合致する複数の情報(候補情報)を抽出する。候補情報は、個人IDと、個人IDに関連付けられた複数の情報とを含む。検索部103は、複数の候補情報と、検索要求に含まれるサービスIDとをID変換部111に提供する。
ID変換部111は、検索部103から複数の候補情報と、サービスIDとを受け取る。ID変換部111は、複数の候補情報の各々に含まれる個人IDを読み出す。ID変換部111は、ID対応記憶部110を参照して、受け取ったサービスIDと読み出した個人IDとに対応するサービス個人IDを抽出する。ID変換部111は、複数の候補情報の各々に含まれる個人IDを、それぞれ抽出したサービス個人IDに置き換える。ID変換部111は、サービスIDと、それぞれのサービス個人IDを含む複数の候補情報とを匿名化部105へ提供する。
匿名化部105は、ID変換部111から複数の候補情報とサービスIDとを受け取る。匿名化部105は、送信履歴を用いて複数の候補情報を匿名化する。匿名化の詳細は、第1の実施の形態と同様である。
管理部106は、匿名化部105からサービスIDと新たな送信情報とを受け取る。管理部106は、サービス提供装置10に送信される新たな送信情報をサービスIDと共に送信履歴記憶部104に提供する。更に、管理部106は、サービスIDと新たな送信情報とを送信部107へ提供する。送信履歴記憶部104は、新たな送信情報をサービスIDと関連付けて、送信履歴に格納する。
送信部107は、サービスIDと新たな送信情報とを受け取る。送信部107は、サービスIDに基づいて、新たな送信情報をサービス提供装置10に送信する。
本発明の第3の実施の形態の説明をする。本発明の第3の実施の形態による情報管理装置300が第1の実施の形態の情報管理装置100と異なることは、匿名性を満たさないためにサービス提供装置10へ送信しなかった情報を、以降の検索要求に対する匿名性の加工に用いることである。
受信部102は、サービス提供装置10から検索要求を受信する。検索要求は、人物の氏名や、情報の種類や、情報の生成期間等の検索条件と、サービス提供装置10又はサービス提供者を識別するサービスIDとを含む。受信部102は、受信した検索要求を検索部103に提供する。
検索部103は、受け取った検索要求から検索条件を取り出す。検索部103は、機密情報記憶部101に格納されている機密情報の中から、検索条件に合致する複数の情報(候補情報)を抽出する。候補情報は、個人IDと、個人IDに関連付けられた複数の情報とを含む。検索部103は、複数の候補情報と、検索要求に含まれるサービスIDとを第2の匿名化部121に提供する。
第2の匿名化部121は、検索部103から複数の候補情報とサービスIDとを受け取る。第2の匿名化部121は、送信履歴記憶部104の送信履歴(サービスIDと送信情報との組)を参照して、受け取ったサービスIDと同じサービスIDと関連付けられた複数の送信情報を抽出する。更に、第2の匿名化部121は、未送信履歴記憶部120の未送信履歴(サービスIDと未送信情報との組)を参照して、受け取ったサービスIDと同じサービスIDと関連付けられた複数の未送信情報を抽出する。次に、第2の匿名化部121は、複数の候補情報と、抽出した複数の送信情報と、抽出した複数の未送信情報とをマージして仮送信情報を生成する。第2の匿名化部121は、仮送信情報が匿名性を満たすように、複数の送信情報と複数の未送信情報とを用いて、複数の候補情報に対して、抽象化、曖昧化、部分削除等の加工(匿名化)を施す。換言すると、第2の匿名化部121は、少なくとも1つの候補情報と、その候補情報と同じ種類の情報を有する少なくとも1つの未送信情報又は少なくとも1つの送信情報が含まれるように加工する。このとき、第2の匿名化部121は、候補情報に含まれる個人IDと関連付けられた複数の情報の中で、未送信情報と送信情報との何れにも含まれない種類の情報を、匿名化できない未送信情報と判断する。そして、第2の匿名化部121は、匿名化された仮送信情報を新たな送信情報とし、複数の候補情報のうちで匿名化できない情報を新たな未送信情報として分割する。第2の匿名化部121は、匿名化された仮送信情報を新たな送信情報としてサービスIDと共に第2の管理部122に提供し、複数の候補情報のうちで匿名化できない情報を新たな未送信情報としてサービスIDと共に第2の管理部122に提供する。
第2の管理部122は、第2の匿名化部121からサービスIDと、新たな送信情報と、新たな未送信情報とを受け取る。第2の管理部122は、サービスID及び新たな送信情報を送信履歴記憶部104に提供し、サービスID及び新たな未送信情報を未送信履歴記憶部120に提供する。更に、第2の管理部122は、サービスIDと新たな送信情報とを送信部107へ提供する。送信履歴記憶部104は、新たな送信情報をサービスIDと関連付けて、送信履歴に格納する。また、未送信履歴記憶部120は、新たな未送信情報をサービスIDと関連付けて、未送信履歴に格納する。
送信部107は、管理部106からサービスIDと新たな送信情報とを受け取る。送信部107はサービスIDに基づいて、新たな送信情報をサービス提供装置10に送信する。
図1の第1の実施の形態の情報管理装置100を例に説明する。機密情報記憶部101は、個人IDに関連付けられた情報として、人物がどのような行動をしたのかを表す移動情報を格納する。特に本実施例では、機密情報記憶部101は、個人IDと、位置から位置への移動情報とを行動情報(機密情報)として格納する。より具体的には、機密情報記憶部101は、GPSによって計測される緯度・経度や、携帯電話の基地局を利用して計測されるエリア情報等によって表わされる位置情報と、ある位置から他の位置への移動を表す矢印とを含む有向グラフを移動情報として格納する。更に、機密情報記憶部101は、ある位置に滞在している時刻や時間帯、その位置において行った買い物や娯楽等の内容を更に関連付けて格納していてもよい。
次に、本発明の第2の実施の形態の情報管理装置200の実施例として、要求元のサービス提供装置10に応じて、個人IDをサービス提供装置10に固有のIDに変換する例を説明する。本実施例では、情報管理装置200の機密情報記憶部101は、図8の行動情報と同様に、個人IDの「個人A」、「個人B」、「個人C」、「個人D」と移動情報とを関連付けて格納している。
次に、本発明の第3の実施の形態の情報管理装置300の実施例として、匿名性を満たさないためにサービス提供装置10へ送信しなかった情報を、以降の検索要求に対する匿名性の加工に用いる例を説明する。本実施例では、機密情報記憶部101は、初期状態において個人IDが「個人A」である人物の行動情報を格納しているとする。図13は、機密情報記憶部101が格納する個人IDが「個人A」である人物の行動情報を示した図である。図13を参照すると、個人IDの「個人A」と関連付けられた移動情報は、住宅地エリアから繁華街エリアに移動したことを表している。尚、送信履歴記憶部104の送信履歴と、未送信履歴記憶部120の未送信履歴とは、初期状態では空とする。
Claims (10)
- 複数の個人IDと、前記複数の個人IDの各々に関連付けられた情報とを機密情報として格納する機密情報記憶部と、
第1サービス提供装置から送信される所望の機密情報を取得するための第1検索条件を受信する受信部と、
前記第1検索条件に合致する第1候補情報を、前記機密情報記憶部から抽出する検索部と、
前記第1サービス提供装置に既に送信されている、複数の匿名化された情報を格納する送信履歴記憶部と、
前記複数の匿名化された情報のうちで、前記第1候補情報と同じ種類の情報を有する第1情報に基づいて、前記第1候補情報と前記第1情報とが含まれるように加工した第1送信情報を生成する匿名化部と、
前記第1送信情報を前記第1サービス提供装置へ送信する送信部と
を具備する
情報管理装置。 - 請求項1に記載の情報管理装置であって、
前記複数の個人IDと、サービス提供装置毎に異なる複数のサービス個人IDとを対応付けて格納するID対応記憶部と、
前記第1候補情報を受け取り、前記第1候補情報に含まれる第1個人IDを、前記第1個人IDに対応する第1サービス個人IDに置き換えるID変換部と
を更に備え、
前記送信部は、前記第1サービス個人IDを含む前記第1送信情報を前記第1サービス提供装置へ送信する
情報管理装置。 - 請求項1又は2に記載の情報管理装置であって、
前記第1送信情報を受け取り、前記送信履歴記憶部に提供する管理部
を更に具備し、
前記送信履歴記憶部は、前記第1送信情報を前記複数の匿名化された情報に含めて格納する
情報管理装置。 - 請求項1乃至3の何れか一項に記載の情報管理装置であって、
前記第1候補情報に含まれる匿名化できない情報を未送信情報として格納する未送信履歴記憶部
を更に具備し、
前記匿名化部は、前記第1候補情報に含まれる情報の中で、前記第1情報に含まれない種類の情報を前記匿名化できない情報と判断する
情報管理装置。 - 請求項4に記載の情報管理装置であって、
前記機密情報記憶部が、前記第1検索条件に合致する前記第1候補情報が抽出された後に、前記匿名化できない情報と同じ種類の情報を有する第2情報を格納し、前記受信部が、前記第1サービス提供装置から、前記第1検索条件による検索実行以降に追加され、且つ、前記匿名化できない情報と同じ種類の情報を取得するための第2検索条件を受信したとき、
前記検索部は、前記機密情報格納部から前記第2検索条件に合致する前記第2情報を第2候補情報として抽出し、
前記匿名化部は、前記複数の匿名化された情報のうちで前記第2候補情報と同じ種類の情報を有する第3情報と、前記未送信情報との少なくとも一方と、前記第2候補情報とが含まれるように加工した第2送信情報を生成し、
前記送信部は、前記第2送信情報を前記第1サービス提供装置へ送信する
情報管理装置。 - 第1サービス提供装置から送信される所望の機密情報を取得するための第1検索条件を受信するステップと、
複数の個人IDと、前記複数の個人IDの各々に関連付けられた情報とを機密情報として格納する機密情報記憶部から、前記第1検索条件に合致する第1候補情報を抽出するステップと、
前記第1サービス提供装置に既に送信されている複数の匿名化された情報のうちで、前記第1候補情報と同じ種類の情報を有する第1情報に基づいて、前記第1候補情報と前記第1情報とが含まれるように加工した第1送信情報を生成するステップと、
前記第1送信情報を前記第1サービス提供装置へ送信するステップと
を具備する
情報管理方法。 - 請求項6に記載の情報管理方法であって、
前記複数の個人IDと、サービス提供装置毎に異なる複数のサービス個人IDとを対応付けて格納するID対応記憶部に基づいて、前記第1候補情報に含まれる第1個人IDを、前記第1個人IDに対応する第1サービス個人IDに置き換えるステップ
を更に備え、
前記第1送信情報を生成するステップは、
前記第1サービス個人IDを含む前記第1候補情報と、前記第1情報とが含まれるように前記第1候補情報を加工する
情報管理方法。 - 請求項6又は7に記載の情報管理方法であって、
前記第1送信情報を生成するステップは、
前記第1候補情報に含まれる情報の中で、前記第1情報に含まれない種類の情報を匿名化できない情報と判断するステップと、
前記匿名化できない情報を未送信情報として格納するステップと
を更に具備する
情報管理方法。 - 請求項8に記載の情報管理方法であって、
前記第1検索条件に合致する前記第1候補情報が抽出された後に、前記匿名化できない情報と同じ種類の情報を有する第2情報を前記機密情報として格納するステップと、
前記第1サービス提供装置から、前記第1検索条件による検索実行以降に追加され、且つ、前記匿名化できない情報と同じ種類の情報を取得するための第2検索条件を受信するステップと、
前記機密情報格納部から前記第2検索条件に合致する前記第2情報を第2候補情報として抽出するステップと、
前記複数の匿名化された情報のうちで前記第2候補情報と同じ種類の情報を有する第3情報と、前記未送信情報との少なくとも一方と、前記第2候補情報とが含まれるように加工した第2送信情報を生成するステップと、
前記第2送信情報を前記第1サービス提供装置へ送信するステップと
を更に具備する
情報管理方法。 - 請求項6乃至9の何れか一項に記載の方法をコンピュータに実行させる
情報管理プログラム。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP10804242.5A EP2461266A4 (en) | 2009-07-31 | 2010-07-08 | INFORMATION MANAGEMENT SYSTEM, INFORMATION MANAGEMENT PROCEDURE AND INFORMATION MANAGEMENT PROGRAM |
CN201080034212.1A CN102473227B (zh) | 2009-07-31 | 2010-07-08 | 信息管理设备、信息管理方法和信息管理程序 |
JP2011524724A JP5729300B2 (ja) | 2009-07-31 | 2010-07-08 | 情報管理装置、情報管理方法、及び情報管理プログラム |
US13/387,890 US8938433B2 (en) | 2009-07-31 | 2010-07-08 | Information management apparatus, information management method, and information control program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009180041 | 2009-07-31 | ||
JP2009-180041 | 2009-07-31 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011013495A1 true WO2011013495A1 (ja) | 2011-02-03 |
Family
ID=43529157
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/061592 WO2011013495A1 (ja) | 2009-07-31 | 2010-07-08 | 情報管理装置、情報管理方法、及び情報管理プログラム |
Country Status (5)
Country | Link |
---|---|
US (1) | US8938433B2 (ja) |
EP (1) | EP2461266A4 (ja) |
JP (1) | JP5729300B2 (ja) |
CN (1) | CN102473227B (ja) |
WO (1) | WO2011013495A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102662784B1 (ko) * | 2023-08-25 | 2024-05-03 | (주)이지서티 | 인공지능을 이용한 자동 가명처리기법 추천 방법 |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5288066B2 (ja) * | 2011-01-05 | 2013-09-11 | 日本電気株式会社 | 匿名化装置 |
WO2013121739A1 (ja) * | 2012-02-17 | 2013-08-22 | 日本電気株式会社 | 匿名化装置及び匿名化方法 |
JP6152847B2 (ja) * | 2012-09-28 | 2017-06-28 | パナソニックIpマネジメント株式会社 | 情報管理方法および情報管理システム |
JP2014229039A (ja) * | 2013-05-22 | 2014-12-08 | 株式会社日立製作所 | プライバシ保護型データ提供システム |
EP3192000B1 (en) * | 2014-09-08 | 2024-06-12 | Uri Jacob Braun | System and method of controllably disclosing sensitive data |
WO2017072611A2 (en) * | 2015-08-04 | 2017-05-04 | Roberts David Klyce | Freight capacity maximization system |
CN105574438B (zh) * | 2016-01-07 | 2018-10-30 | 中国联合网络通信集团有限公司 | 用户隐私保护方法及*** |
CN106936837A (zh) * | 2017-03-27 | 2017-07-07 | 陕西省环境监测中心站 | 一种信息管理方法及应用此方法的*** |
US11093641B1 (en) * | 2018-12-13 | 2021-08-17 | Amazon Technologies, Inc. | Anonymizing sensitive data in logic problems for input to a constraint solver |
US11106813B2 (en) * | 2019-09-20 | 2021-08-31 | International Business Machines Corporation | Credentials for consent based file access |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11143871A (ja) * | 1997-11-12 | 1999-05-28 | Fuji Xerox Co Ltd | 文書開示装置及び文書開示プログラムを格納した媒体 |
WO2007136035A1 (ja) * | 2006-05-22 | 2007-11-29 | Nec Corporation | 情報提供システム、情報提供方法及び情報提供用プログラム |
WO2008108158A1 (ja) * | 2007-03-02 | 2008-09-12 | Nec Corporation | 情報開示制御システム、情報開示制御プログラム、情報開示制御方法 |
JP2009180041A (ja) | 2008-01-31 | 2009-08-13 | Kubota Matsushitadenko Exterior Works Ltd | 屋根瓦 |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS6426272A (en) | 1987-07-22 | 1989-01-27 | Fujitsu Ltd | System for retrieving and storing individual information |
US6275824B1 (en) * | 1998-10-02 | 2001-08-14 | Ncr Corporation | System and method for managing data privacy in a database management system |
JP2002366550A (ja) | 2001-06-08 | 2002-12-20 | Fujitsu Ltd | 個人情報管理装置、個人情報管理方法、記録媒体およびプログラム |
JP3357039B2 (ja) | 2001-10-16 | 2002-12-16 | 三井情報開発株式会社 | 匿名化臨床研究支援方法およびそのシステム |
JP4429619B2 (ja) * | 2003-04-15 | 2010-03-10 | 三菱電機株式会社 | 情報提供装置 |
JP4954487B2 (ja) | 2005-03-23 | 2012-06-13 | 株式会社日立製作所 | 会員情報管理センタ装置及び会員情報管理方法 |
JP2007219636A (ja) | 2006-02-14 | 2007-08-30 | Nippon Telegr & Teleph Corp <Ntt> | データ開示方法およびデータ開示装置 |
JP5238137B2 (ja) * | 2006-03-27 | 2013-07-17 | 日立オートモティブシステムズ株式会社 | 情報仲介システム、および、情報仲介方法 |
US7940170B2 (en) * | 2008-03-05 | 2011-05-10 | Omnivision Technologies, Inc. | Tracking system with user-definable private ID for improved privacy protection |
-
2010
- 2010-07-08 EP EP10804242.5A patent/EP2461266A4/en not_active Ceased
- 2010-07-08 CN CN201080034212.1A patent/CN102473227B/zh active Active
- 2010-07-08 US US13/387,890 patent/US8938433B2/en active Active
- 2010-07-08 WO PCT/JP2010/061592 patent/WO2011013495A1/ja active Application Filing
- 2010-07-08 JP JP2011524724A patent/JP5729300B2/ja active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11143871A (ja) * | 1997-11-12 | 1999-05-28 | Fuji Xerox Co Ltd | 文書開示装置及び文書開示プログラムを格納した媒体 |
WO2007136035A1 (ja) * | 2006-05-22 | 2007-11-29 | Nec Corporation | 情報提供システム、情報提供方法及び情報提供用プログラム |
WO2008108158A1 (ja) * | 2007-03-02 | 2008-09-12 | Nec Corporation | 情報開示制御システム、情報開示制御プログラム、情報開示制御方法 |
JP2009180041A (ja) | 2008-01-31 | 2009-08-13 | Kubota Matsushitadenko Exterior Works Ltd | 屋根瓦 |
Non-Patent Citations (4)
Title |
---|
See also references of EP2461266A4 |
SHIN'YA MIYAKAWA: "Privacy Information Secure exchange - A Platform Allows Users to Control Their Own Privacy Information", DAI 71 KAI (HEISEI 21 NEN) ZENKOKU TAIKAI KOEN RONBUNSHU (3) NETWORK SECURITY, 23 March 2009 (2009-03-23), pages 3-333 - 3-334, XP008151202 * |
SHOJI NISHIMURA: "An Implementation of Privacy Information Disclosure Controls on Privacy Information Secure Exchange Platform", DAI 71 KAI (HEISEI 21 NEN) ZENKOKU TAIKAI KOEN RONBUNSHU (3) NETWORK SECURITY, 10 March 2009 (2009-03-10), pages 3-335 - 3-336, XP008151201 * |
TAKUYA MORI: "A Report on Behavior Modeling and its Impact to Privaciness", DAI 71 KAI (HEISEI 21 NEN) ZENKOKU TAIKAI KOEN RONBUNSHU (3) NETWORK SECURITY, 10 March 2009 (2009-03-10), pages 3-345 - 3-346, XP008151200 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102662784B1 (ko) * | 2023-08-25 | 2024-05-03 | (주)이지서티 | 인공지능을 이용한 자동 가명처리기법 추천 방법 |
Also Published As
Publication number | Publication date |
---|---|
JPWO2011013495A1 (ja) | 2013-01-07 |
JP5729300B2 (ja) | 2015-06-03 |
US8938433B2 (en) | 2015-01-20 |
CN102473227A (zh) | 2012-05-23 |
CN102473227B (zh) | 2015-06-24 |
EP2461266A1 (en) | 2012-06-06 |
EP2461266A4 (en) | 2014-06-11 |
US20120131030A1 (en) | 2012-05-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5729300B2 (ja) | 情報管理装置、情報管理方法、及び情報管理プログラム | |
JP7222036B2 (ja) | モデルトレーニングシステムおよび方法および記憶媒体 | |
EP1645971A1 (en) | Database access control method, database access controller, agent processing server, database access control program, and medium recording the program | |
KR100739715B1 (ko) | 웹서비스 정책 합의를 수행하는 장치 및 방법 | |
KR102504075B1 (ko) | 사용자 디바이스 이벤트의 매칭 및 속성 | |
US10531286B2 (en) | Methods and systems for auto-completion of anonymized strings | |
KR20040085051A (ko) | 위치 인식을 위한 구조와 시스템 | |
CN1820264B (zh) | 名称解析的***和方法 | |
US10049231B2 (en) | Method and system for obfuscating the properties of a web browser | |
JP4622514B2 (ja) | 文書匿名化装置、文書管理装置、文書匿名化方法及び文書匿名化プログラム | |
JP2005051475A (ja) | 個人情報管理システム、個人情報管理方法及びそのプログラム | |
CN116490870A (zh) | 数据起源跟踪服务 | |
CN112600847B (zh) | 一种业务处理方法、***及电子设备和存储介质 | |
Damiani | Privacy enhancing techniques for the protection of mobility patterns in LBS: research issues and trends | |
Kim et al. | Quality of Private Information (QoPI) model for effective representation and prediction of privacy controls in mobile computing | |
KR20180072652A (ko) | 다중 id를 이용한 공간 정보 공유 서비스 시스템 및 그 방법 | |
KR20160066661A (ko) | 위치 기반 서비스에서 익명성을 확보하는 방법 및 시스템 | |
JP7131357B2 (ja) | 通信装置、通信方法、および通信プログラム | |
JP6329026B2 (ja) | 位置情報連携分析装置、位置情報連携分析システム、位置情報分析方法およびプログラム | |
EP3299980B1 (en) | Security measure program, file tracking method, information processing device, distribution device, and management device | |
CN105009543A (zh) | 媒体项目的递送 | |
KR102088300B1 (ko) | 클라우드 컴퓨터 환경에서의 사용자 빅데이터 정보 제공 장치 및 방법 | |
CN109144743A (zh) | 一种数据的获取方法、装置及设备 | |
JP5466191B2 (ja) | アクセス制御システム、サーバ管理装置、データ蓄積装置、アクセス制御方法、サーバ管理プログラム、及びデータ蓄積プログラム | |
JP6311460B2 (ja) | 情報共有サービス提供方法、情報共有サービス提供システム及び情報共有サービス提供装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080034212.1 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10804242 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011524724 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13387890 Country of ref document: US Ref document number: 2010804242 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |