WO2024069958A1 - Information processing device and information processing system - Google Patents

Information processing device and information processing system Download PDF

Info

Publication number
WO2024069958A1
WO2024069958A1 PCT/JP2022/036763 JP2022036763W WO2024069958A1 WO 2024069958 A1 WO2024069958 A1 WO 2024069958A1 JP 2022036763 W JP2022036763 W JP 2022036763W WO 2024069958 A1 WO2024069958 A1 WO 2024069958A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
key
information processing
processing device
unit
Prior art date
Application number
PCT/JP2022/036763
Other languages
French (fr)
Japanese (ja)
Inventor
孝介 八木
悟崇 奥田
卓 藤原
冰 鄭
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to PCT/JP2022/036763 priority Critical patent/WO2024069958A1/en
Publication of WO2024069958A1 publication Critical patent/WO2024069958A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • This disclosure relates to controllably recording, storing, and transmitting data about a vehicle.
  • this information includes personal information and other privacy-related information. Therefore, the arbitrary use of this information is problematic.
  • the purpose of this disclosure is to prevent unauthorized use of private information.
  • the information processing device has a data division unit that divides acquired data according to a situation, and a data encryption unit that encrypts each of the divided data with a different first key.
  • This disclosure makes it possible to prevent unauthorized use of privacy-related information.
  • FIG. 2 is a diagram illustrating hardware included in an information processing device according to a first embodiment.
  • 2 is a block diagram showing functions of the information processing device according to the first embodiment;
  • FIG. 2 is a diagram showing a specific example of the first embodiment;
  • 10 is a flowchart showing an example of a process when a public key is acquired in the first embodiment;
  • 13 is a flowchart showing an example of a process in the second embodiment.
  • FIG. 13 is an image diagram of the work of creating a decryption key set for provision according to the second embodiment.
  • FIG. 13 is a diagram showing a specific example of the third embodiment.
  • 13 is a flowchart illustrating an example of processing executed in the third embodiment.
  • FIG. 13 is a diagram showing a specific example of the fourth embodiment.
  • This disclosure provides a mechanism for storing and using in-vehicle information with limited uses, periods, and recipients.
  • the data may be stored inside the vehicle, or may be sent via communication to a data center for storage. It is anticipated that data stored in the vehicle will be collected by police, insurance companies, auto repair shops, automobile manufacturers, etc. If the data is sent via communication, in addition to the above, it is anticipated that road management offices, government traffic and road-related departments, research companies, data analysis companies, advertising agencies, commercial facilities, etc. will request use of the data.
  • the information processing device 1000 is a device included in a mobile object owned by a user.
  • the mobile object is a car, a taxi, a truck, a bus, or the like.
  • the information processing device 1000 includes a processor 101 , a volatile storage device 102 , and a non-volatile storage device 103 .
  • the processor 101 controls the entire information processing device 1000.
  • the processor 101 is a CPU (Central Processing Unit) or an FPGA (Field Programmable Gate Array).
  • the processor 101 may be a multiprocessor.
  • the information processing device 1000 may also have a processing circuit.
  • the volatile memory device 102 is the main memory device of the information processing device 1000.
  • the volatile memory device 102 is a RAM (Random Access Memory).
  • the non-volatile memory device 103 is the auxiliary memory device of the information processing device 1000.
  • the non-volatile memory device 103 is a HDD (Hard Disk Drive) or an SSD (Solid State Drive).
  • FIG. 2 is a block diagram showing the functions of the information processing device of the first embodiment.
  • the information processing device 1000 has a data collection unit 1001, a data division unit (by time) 1002, a data division unit (by rank) 1003, a data encryption unit 1004, a transfer control unit 1005, a data recording unit 1006, a rights holder key acquisition unit 1007, a data key creation unit 1008, and a data key set encryption unit 1009.
  • the data collection unit 1001, the data division unit (by time) 1002, the data division unit (by rank) 1003, the data encryption unit 1004, the transfer control unit 1005, the rights holder key acquisition unit 1007, the data key creation unit 1008, and the data key set encryption unit 1009 may be partially or entirely realized by a processing circuit. Also, the data collection unit 1001, the data division unit (by time) 1002, the data division unit (by rank) 1003, the data encryption unit 1004, the transfer control unit 1005, the rights holder key acquisition unit 1007, the data key creation unit 1008, and the data key set encryption unit 1009 may be partially or entirely realized as a program module executed by the processor 101.
  • the data recording unit 1006 may be realized as a storage area secured in the volatile storage device 102 or the non-volatile storage device 103.
  • the data recording unit 1006 may also be a server to which data is transferred.
  • the in-vehicle data collected by the data collection unit 1001 is divided by the data division unit (by time) 1002 and the data division unit (by rank) 1003 according to rank and time.
  • the data division units 1002 and 1003 will be described in detail.
  • the data division units 1002 and 1003 divide the acquired data according to the situation.
  • the data division units 1002 and 1003 may also divide the data according to the degree of privacy of the user.
  • the data key generation unit 1008 generates a data key 1010 .
  • the data encryption unit 1004 performs encryption using a data key 1010, and creates an in-vehicle data file 1011.
  • the data encryption unit 1004 may be expressed as follows: The data encryption unit 1004 encrypts each of the divided data with a different first key.
  • the key for decrypting the encrypted in-vehicle data file 1011 (if common encryption is used, it will be the same as the data key 1010 used in the encryption process, and will be referred to as the data key 1010 from here on) is set with the many in-vehicle data files 1011, and there are similarly many of them. Therefore, it would be convenient if the in-vehicle data file 1011 and the data key 1010 could be saved and transmitted together.
  • the third party can decrypt the in-vehicle data file 1011, which can be used by the third party without any restrictions. Therefore, it is considered that the data key 1010 is further encrypted using another encryption key.
  • a rights holder key acquisition unit 1007 acquires a key presented by the rights holder at a predetermined timing. For example, a driver inserts his/her driver's license into the car and the driver's license is imported when the engine is started (when the vehicle starts moving). If the key pair is a public key type, the public key is extracted and imported into the vehicle.
  • the transfer control unit 1005 will now be described.
  • the transfer control unit 1005 provides encrypted data to the destination.
  • the transfer control unit 1005 selects the data to be provided based on the intended use of the destination.
  • FIG. 3 is a diagram showing a specific example of the first embodiment.
  • a public key 2002 and a private key 2003 are embedded in a My Number card 2001.
  • the public key 2002 is extracted and used in the vehicle.
  • FIG. 4 is a flowchart showing an example of the process when the public key is acquired in the first embodiment.
  • the public key if the public key can be acquired, the public key is acquired, but if the public key cannot be acquired because the My Number card is not inserted, for example, data encryption is not performed. The process will be explained in detail.
  • Step S11 It is determined whether or not the My Number card is inserted in the vehicle. If the My Number card is inserted in the vehicle, the process proceeds to step S12. If the My Number card is not inserted in the vehicle, the process ends. (Step S12) The public key is obtained from the My Number card. (Step S13) The data key 1010 is encrypted using the public key, and a decryption key set 1012 is created.
  • the data key set encryption unit 1009 encrypts the data keys 1010 one by one or multiple keys at a time to create a decryption key set 1012.
  • the data key set encryption unit 1009 may be expressed as follows.
  • the data key set encryption unit 1009 encrypts a key ring set, which is a set of data keys that are first keys, using a public key (the public key portion of a key pair consisting of a private key and a public key) as a second key different from the first key.
  • the data key set encryption unit 1009 may use the public key of a key pair managed by the rights holder, who is the owner of the data, as the second key.
  • the data key set encryption unit 1009 may use another public key built into a device owned by the rights holder as the second key.
  • Metadata including information such as the level range that can be decrypted using these keys, the time, and related events together with the decryption key set 1012.
  • This metadata may be encrypted and stored within the decryption key set 1012, or may be stored as separate data without encryption.
  • the private key 2003 of the My Number card 2001 held by the right holder is used to decrypt (decrypt) the decryption key set 1012 and extract the data key 1010.
  • the corresponding data key 1010 By applying the corresponding data key 1010 to the in-vehicle data file 1011, the data can be decrypted and used.
  • the decryption key set 1012 cannot be decrypted without the private key 2003, which is the decryption key.
  • the private key 2003 is stored in the My Number card 2001 owned by the user. Therefore, other people cannot obtain the data key 1010 included in the decryption key set 1012 without the user's permission. In other words, other people cannot obtain the data key 1010 included in the decryption key set 1012 without the user's permission to use the private key 2003. Other people cannot decrypt the encrypted data of the in-vehicle data file 1011 unless they can obtain the data key 1010.
  • the information processing device 1000 can prevent unauthorized use of privacy information such as in-vehicle video by encrypting the data key 1010 using the public key 2002, which is an encryption key stored in a recording medium (e.g., the My Number card 2001) owned by the user and is a key pair of the private key 2003.
  • the public key 2002 which is an encryption key stored in a recording medium (e.g., the My Number card 2001) owned by the user and is a key pair of the private key 2003.
  • Embodiment 2 Next, a description will be given of embodiment 2. In embodiment 2, differences from embodiment 1 will be mainly described. Furthermore, in embodiment 2, description of matters common to embodiment 1 will be omitted.
  • the decryption key set 1012 is simply decrypted to extract the data key 1010, but in actual operation, care must be taken when handling the data key 1010. Therefore, it is considered to re-encrypt the data key using the recipient's public key before providing it.
  • Fig. 5 is a flowchart showing an example of processing in embodiment 2.
  • Fig. 5 is a flowchart showing a re-encryption operation, which is a procedure for selecting data to be permitted to be provided from the decrypted and extracted data key 1010, and re-encrypting the selected data using the public key of the recipient.
  • Step S21 The rights holder key is received.
  • Step S22 The encryption of the key set is decrypted.
  • Step S23 Data to be provided is selected.
  • Step S24 The key from the recipient is received.
  • Step S25 Encryption is performed with the recipient's key as the providing key set.
  • FIG. 6 is a conceptual diagram of the process of creating a decryption key set for provision according to the second embodiment.
  • the operation terminal 6001 communicates with the information processing device 1000.
  • a system including the operation terminal 6001 and the information processing device 1000 is also referred to as an information processing system.
  • the operation terminal 6001 generates a provision selection list of data to be provided, obtains a data key required for decrypting data selected from the provision selection list from a key ring set, which is a first key set, and provides the created key ring set as a new key ring set.
  • the operation terminal 6001 uses the right holder's private key 2003.
  • the form of use may involve extracting the private key and temporarily storing it in the operation terminal 6001 to perform the decryption operation, or, if the card has a function for decrypting data, using the card's function to decrypt the target data.
  • the name of the right holder associated with this key may be displayed.
  • a public key is also obtained from the provider who is permitted to use the data, and is input to the operation terminal 6001 .
  • the validity of the recipient's public key can be verified by checking with a public certification authority, and the name of the recipient included in the certificate can be used to confirm that the key was provided to the intended recipient.
  • the operation terminal 6001 imports the collected decryption key set 1012. It decrypts it using the rights holder's private key 2003, and extracts the metadata and data key 1010 from the decryption key set 1012.
  • a list of provided data is created from the contents of the metadata, and is displayed via a provided data selection UI for the user to select.
  • a standard provision setting may be automatically selected by having the user select the purpose, etc.
  • the data key 1010 corresponding to the selected data is re-encrypted using the recipient's public key 6002 to create a decryption key set (for provision) 6003.
  • Embodiment 3 Next, a description will be given of embodiment 3. In embodiment 3, differences from embodiment 1 will be mainly described. Furthermore, in embodiment 3, description of matters common to embodiment 1 will be omitted.
  • the data to be provided was selected after the fact, but to use the data for driving diagnosis by insurance companies, etc., it is necessary to transmit the data on a regular basis.
  • a public key 7002 and a private key 7003 are encryption keys managed by the insurance company, and after a contract is made, the public key 7002 is given to the driver or the like who is the contract holder and is taken into the vehicle.
  • the other party's public key is stored in the vehicle for use, and when this key is stored in the vehicle, it is signed using the private key of the right holder so that it cannot be replaced without permission.
  • the right holder's public key 2002 is used to verify the insurance company's public key 7002, and after the signature verification is completed, the insurance company's public key 7002 is used to encrypt the key set and create a decryption key set 7012. This prevents the possibility of data being sent to unexpected recipients due to key switching, etc.
  • a dedicated data set is created and encrypted, and then the key is encrypted using the recipient's public key and sent to the recipient along with the data. At this time, the data key can only be extracted using the recipient's private key.
  • FIG. 7 is a diagram showing a specific example of the third embodiment.
  • an example is shown in which only acceleration data and outside-vehicle video are submitted to an insurance company.
  • the acceleration data is to be used by the insurance company at all times for the purpose of driving diagnosis, and the outside-vehicle video is to be made available to the insurance company only before and after an accident.
  • the data key A01 used for the acceleration data can be updated less frequently.
  • the data keys for decrypting the outside-vehicle video are selected from those before and after the accident (key B02, key B03), and only specific parts can be decrypted. This makes it possible to protect privacy while providing data at all times.
  • FIG. 8 is a flowchart showing an example of a process executed in the third embodiment.
  • Step S41 It is determined whether or not a My Number card is inserted. If a My Number card is inserted, the process proceeds to step S42. If a My Number card is not inserted, the process ends.
  • Step S42 Right holder key information is obtained.
  • Step S43 The signature of the right holder is confirmed.
  • Step S44 The signature is verified. If it is valid, the process proceeds to step S45. If it is invalid, the process ends.
  • the data key 1010 is encrypted using the public key.
  • Embodiment 4 Next, a fourth embodiment will be described. In the fourth embodiment, differences from the first embodiment will be mainly described. Furthermore, in the fourth embodiment, descriptions of the commonalities between the first embodiment and the fourth embodiment will be omitted. If the intended use of the provided data is for store marketing or urban planning, it is necessary to adjust the data granularity to protect privacy. FIG. 9 shows an example of processing in this case.
  • FIG. 9 is a diagram showing a specific example of the fourth embodiment.
  • the key used when providing the vehicle is obtained and used from one prepared by the user, the recipient.
  • data anonymization processing 9021 is performed to make it difficult to identify individuals. Basically, the granularity of information on location and time is made coarse so that individuals and vehicles cannot be identified by combining it with other information such as surveillance cameras. Regarding the granularity of location, it is possible to delete information on the travel route and leave only information on the parking location, and further exclude information on the home, workplace, etc.
  • Information relating to time can be divided into categories such as morning, afternoon, evening, and night, and the actual time information can be deleted. It is also possible to aggregate the information by day of the week, date of the month, or month, and provide only the aggregated results after processing.
  • 101 Processor 102 Volatile storage device, 103 Non-volatile storage device, 1000 Information processing device, 1001 Data collection unit, 1002 Data division unit (by time), 1003 Data division unit (by rank), 1004 Data encryption unit, 1005 Transfer control unit, 1006 Data recording unit, 1007 Rights holder key acquisition unit, 1008 Data key creation unit, 1009 Data data key set encryption unit, 1010 data key, 1011 in-vehicle data file, 1012 decryption key set, 2001 My Number card, 2002 public key, 2003 private key, 6001 operation terminal, 6002 public key, 6003 decryption key set (for provision), 7002 public key, 7003 private key, 7012 decryption key set, 9021 data anonymization process.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

This information processing device (1000) has data division units (1002, 1003) that divide acquired data in accordance with a condition, and a data encryption unit (1004) that encrypts the divided data with first keys that differ from the respective pieces of the divided data.

Description

情報処理装置、及び情報処理システムInformation processing device and information processing system
 本開示は、車両に関するデータを制御可能な状態で記録、保管、送信することに関する。 This disclosure relates to controllably recording, storing, and transmitting data about a vehicle.
 近年ドライブレコーダ、EDR(Event Data Recorder)など、車載情報に対する関心が高まっている。事故時以外も含めて活用の機運が高まっている。即時性・データ量増加に対応するため通信を用いてデータセンターに送信されることも行われるようになってきた。一方、車載データには個人のプライバシーに関するデータも含まれており、無制限な活用はプライバシー侵害を引き起こす懸念がある。権利者がデータ使用者・用途などの制御ができることが求められている。 In recent years, there has been growing interest in in-vehicle information, such as drive recorders and EDRs (Event Data Recorders). There is also growing momentum for using this information for purposes other than accidents. In order to meet the demands of immediacy and the increase in data volume, data is now being sent to data centers via communications. However, in-vehicle data also contains data related to personal privacy, and there are concerns that unlimited use of the data could lead to privacy violations. There is a demand for rights holders to be able to control who uses the data and how it is used.
 ここで、ドライブレコーダが情報を提供する技術が提案されている(特許文献1を参照)。 Here, a technology has been proposed in which a drive recorder provides information (see Patent Document 1).
特開2018-206325号公報JP 2018-206325 A
 上記したように、情報の機運が高まっている。しかし、当該情報には、個人情報などのプライバシーに関する情報が含まれている。そのため、当該情報の勝手な活用は、問題である。 As mentioned above, there is a growing momentum for information. However, this information includes personal information and other privacy-related information. Therefore, the arbitrary use of this information is problematic.
 本開示の目的は、プライバシーに関する情報の勝手な活用を防止することである。 The purpose of this disclosure is to prevent unauthorized use of private information.
 本開示の一態様に係る情報処理装置が提供される。情報処理装置は、取得されたデータを状況に応じて分割するデータ分割部と、分割された前記データの各々に対し異なる第1の鍵で暗号化するデータ暗号化部と、を有する。 An information processing device according to one aspect of the present disclosure is provided. The information processing device has a data division unit that divides acquired data according to a situation, and a data encryption unit that encrypts each of the divided data with a different first key.
 本開示によれば、プライバシーに関する情報の勝手な活用を防止することができる。 This disclosure makes it possible to prevent unauthorized use of privacy-related information.
実施の形態1の情報処理装置が有するハードウェアを示す図である。FIG. 2 is a diagram illustrating hardware included in an information processing device according to a first embodiment. 実施の形態1の情報処理装置の機能を示すブロック図である。2 is a block diagram showing functions of the information processing device according to the first embodiment; 実施の形態1の具体例を示す図である。FIG. 2 is a diagram showing a specific example of the first embodiment; 実施の形態1の公開鍵が取得される場合の処理の例を示すフローチャートである。10 is a flowchart showing an example of a process when a public key is acquired in the first embodiment; 実施の形態2における処理の例を示すフローチャートである。13 is a flowchart showing an example of a process in the second embodiment. 実施の形態2の提供用の復号鍵セットを作成する作業のイメージ図である。FIG. 13 is an image diagram of the work of creating a decryption key set for provision according to the second embodiment. 実施の形態3の具体例を示す図である。FIG. 13 is a diagram showing a specific example of the third embodiment. 実施の形態3で実行される処理の例を示すフローチャートである。13 is a flowchart illustrating an example of processing executed in the third embodiment. 実施の形態4の具体例を示す図である。FIG. 13 is a diagram showing a specific example of the fourth embodiment.
 以下、図面を参照しながら実施の形態を説明する。以下の実施の形態は、例にすぎず、本開示の範囲内で種々の変更が可能である。 Below, an embodiment will be described with reference to the drawings. The following embodiment is merely an example, and various modifications are possible within the scope of this disclosure.
実施の形態1. Embodiment 1.
 本開示は、用途と期間と相手を限定して車載情報を保存、利用する仕組みを提供するものである。なお、データの保存先は、車両内であっても構わないし、通信を利用してデータセンターへ送信して保存するものであっても構わない。車両に保存してあるデータは、警察、保険会社、自動車修理工場、自動車メーカー等に収集されることを想定している。通信で送信された場合には、上記に加えて、道路管理事務所、行政の交通・道路関連部門、リサーチ会社、データ解析業者、広告代理店、商業施設等が利用を求めることを想定している。 This disclosure provides a mechanism for storing and using in-vehicle information with limited uses, periods, and recipients. The data may be stored inside the vehicle, or may be sent via communication to a data center for storage. It is anticipated that data stored in the vehicle will be collected by police, insurance companies, auto repair shops, automobile manufacturers, etc. If the data is sent via communication, in addition to the above, it is anticipated that road management offices, government traffic and road-related departments, research companies, data analysis companies, advertising agencies, commercial facilities, etc. will request use of the data.
 法制化によるEDR義務付けやドライブレコーダへの関心の高まりに加え、近年、ADAS(Advanced Driver-Assistance Systems)又は自動運転のために車両は膨大なデータを収集しており、無制約にデータの活用を許してしまうことによるプライバシーの侵害を防ぐことを目的としている。 In addition to the legislation requiring EDR and growing interest in drive recorders, vehicles have been collecting huge amounts of data in recent years for ADAS (Advanced Driver-Assistance Systems) or autonomous driving, and the aim is to prevent privacy violations that could result from allowing unrestricted use of that data.
 図1は、実施の形態1の情報処理装置が有するハードウェアを示す図である。例えば、情報処理装置1000は、ユーザが所有する移動体に含まれる装置である。例えば、移動体は、車、タクシー、トラック、バスなどである。
 情報処理装置1000は、プロセッサ101、揮発性記憶装置102、及び不揮発性記憶装置103を有する。 1 is a diagram showing hardware included in an information processing device according to embodiment 1. For example, the information processing device 1000 is a device included in a mobile object owned by a user. For example, the mobile object is a car, a taxi, a truck, a bus, or the like.
The information processing device 1000 includes a processor 101 , a volatile storage device 102 , and a non-volatile storage device 103 .
 プロセッサ101は、情報処理装置1000全体を制御する。例えば、プロセッサ101は、CPU(Central Processing Unit)、FPGA(Field Programmable Gate Array)などである。プロセッサ101は、マルチプロセッサでもよい。また、情報処理装置1000は、処理回路を有してもよい。 The processor 101 controls the entire information processing device 1000. For example, the processor 101 is a CPU (Central Processing Unit) or an FPGA (Field Programmable Gate Array). The processor 101 may be a multiprocessor. The information processing device 1000 may also have a processing circuit.
 揮発性記憶装置102は、情報処理装置1000の主記憶装置である。例えば、揮発性記憶装置102は、RAM(Random Access Memory)である。不揮発性記憶装置103は、情報処理装置1000の補助記憶装置である。例えば、不揮発性記憶装置103は、HDD(Hard Disk Drive)、又はSSD(Solid State Drive)である。 The volatile memory device 102 is the main memory device of the information processing device 1000. For example, the volatile memory device 102 is a RAM (Random Access Memory). The non-volatile memory device 103 is the auxiliary memory device of the information processing device 1000. For example, the non-volatile memory device 103 is a HDD (Hard Disk Drive) or an SSD (Solid State Drive).
 データ保護の仕組みは、いくつかあるが、ここでは暗号化によるデータ保護を用いて説明する。また、データの暗号化には、AES(Advanced Encryption Standard)などの共通鍵暗号方式を、認証や共通鍵の保護にはRSA(Rivest-Shamir-Adleman cryptosystem)などの公開鍵暗号方式を用いているものとして説明する。 There are several data protection mechanisms, but here we will explain data protection through encryption. We will also explain that a shared key cryptosystem such as AES (Advanced Encryption Standard) is used for data encryption, and a public key cryptosystem such as RSA (Rivest-Shamir-Adleman cryptosystem) is used for authentication and shared key protection.
 図2は、実施の形態1の情報処理装置の機能を示すブロック図である。情報処理装置1000は、データ収集部1001、データ分割部(時刻別)1002、データ分割部(ランク別)1003、データ暗号化部1004、転送制御部1005、データ記録部1006、権利者鍵取得部1007、データ鍵作成部1008、及びデータ鍵セット暗号化部1009を有する。 FIG. 2 is a block diagram showing the functions of the information processing device of the first embodiment. The information processing device 1000 has a data collection unit 1001, a data division unit (by time) 1002, a data division unit (by rank) 1003, a data encryption unit 1004, a transfer control unit 1005, a data recording unit 1006, a rights holder key acquisition unit 1007, a data key creation unit 1008, and a data key set encryption unit 1009.
 データ収集部1001、データ分割部(時刻別)1002、データ分割部(ランク別)1003、データ暗号化部1004、転送制御部1005、権利者鍵取得部1007、データ鍵作成部1008、及びデータ鍵セット暗号化部1009の一部又は全部は、処理回路によって実現してもよい。また、データ収集部1001、データ分割部(時刻別)1002、データ分割部(ランク別)1003、データ暗号化部1004、転送制御部1005、権利者鍵取得部1007、データ鍵作成部1008、及びデータ鍵セット暗号化部1009の一部又は全部は、プロセッサ101が実行するプログラムのモジュールとして実現してもよい。 The data collection unit 1001, the data division unit (by time) 1002, the data division unit (by rank) 1003, the data encryption unit 1004, the transfer control unit 1005, the rights holder key acquisition unit 1007, the data key creation unit 1008, and the data key set encryption unit 1009 may be partially or entirely realized by a processing circuit. Also, the data collection unit 1001, the data division unit (by time) 1002, the data division unit (by rank) 1003, the data encryption unit 1004, the transfer control unit 1005, the rights holder key acquisition unit 1007, the data key creation unit 1008, and the data key set encryption unit 1009 may be partially or entirely realized as a program module executed by the processor 101.
 データ記録部1006は、揮発性記憶装置102又は不揮発性記憶装置103に確保した記憶領域として実現してもよい。また、データ記録部1006は、データ転送先のサーバーなどであってもよい。 The data recording unit 1006 may be realized as a storage area secured in the volatile storage device 102 or the non-volatile storage device 103. The data recording unit 1006 may also be a server to which data is transferred.
 データ収集部1001で収集された車載データは、データ分割部(時刻別)1002、データ分割部(ランク別)1003により、ランクと時刻に応じて分割される。
 ここで、データ分割部1002,1003を詳細に説明する。データ分割部1002,1003は、取得されたデータを状況に応じて分割する。また、データ分割部1002,1003は、ユーザのプライバシーの程度に応じてデータを分割してもよい。 The in-vehicle data collected by the data collection unit 1001 is divided by the data division unit (by time) 1002 and the data division unit (by rank) 1003 according to rank and time.
Here, the data division units 1002 and 1003 will be described in detail. The data division units 1002 and 1003 divide the acquired data according to the situation. The data division units 1002 and 1003 may also divide the data according to the degree of privacy of the user.
 また、データ鍵作成部1008は、データ鍵1010を作成する。
 データ暗号化部1004は、データ鍵1010を用いて暗号化を行い、車載データファイル1011を作成する。データ暗号化部1004は、次のように表現してもよい。データ暗号化部1004は、分割されたデータの各々に対し異なる第1の鍵で暗号化する。 Furthermore, the data key generation unit 1008 generates a data key 1010 .
The data encryption unit 1004 performs encryption using a data key 1010, and creates an in-vehicle data file 1011. The data encryption unit 1004 may be expressed as follows: The data encryption unit 1004 encrypts each of the divided data with a different first key.
 ここで、分割された車載データにそれぞれ別のデータ鍵1010を適用して暗号化することで、個々の車載データファイル1011に対して個別の利用権を設定することが可能となる。 Here, by encrypting each of the divided vehicle data files with a different data key 1010, it becomes possible to set individual usage rights for each vehicle data file 1011.
 暗号化された車載データファイル1011を複号するための鍵(共通暗号化であれば暗号化処理に使用したデータ鍵1010と同一となるため、以降データ鍵1010として説明する。)は、多数ある車載データファイル1011とセットになっており同様に多数存在する。そこで、車載データファイル1011とデータ鍵1010を一緒に保存・送信できれば便利である。 The key for decrypting the encrypted in-vehicle data file 1011 (if common encryption is used, it will be the same as the data key 1010 used in the encryption process, and will be referred to as the data key 1010 from here on) is set with the many in-vehicle data files 1011, and there are similarly many of them. Therefore, it would be convenient if the in-vehicle data file 1011 and the data key 1010 could be saved and transmitted together.
 しかし、データ鍵1010をそのまま他者に渡してしまうと、車載データファイル1011を復号できるため、無制限に他者に利用されてしまうことになる。
 そこで、データ鍵1010を他の暗号かぎを用いてさらに暗号化することを考える。 However, if the data key 1010 is handed over to a third party as is, the third party can decrypt the in-vehicle data file 1011, which can be used by the third party without any restrictions.
Therefore, it is considered that the data key 1010 is further encrypted using another encryption key.
 例としてマイナンバーカードに内蔵されている公開鍵方式用の鍵ペア(秘密鍵+公開鍵)を使う場合を想定して説明する。マイナンバーカードと運転免許証の一体化が予定されており、運転時に常に携行している運転免許証にマイナンバーカードが内蔵する公開鍵方式の鍵ペアを使うことができれば便利である。運転免許証に他のデータ保護の仕組みが取り込まれるのであればこちらを活用しても良い。 As an example, we will explain the case where the key pair (private key + public key) for the public key system built into the My Number card is used. There are plans to integrate My Number cards and driver's licenses, and it would be convenient if the public key system key pair built into the My Number card could be used on the driver's license that is always carried when driving. If other data protection mechanisms are incorporated into the driver's license, these could also be used.
 権利者鍵取得部1007は、所定のタイミングで権利者が提示した鍵を取り込む。
 例えば、運転者が免許証を車に挿入するようにして置き、例えばエンジン始動時(運行開始時)に取り込むようにする。この時公開鍵方式の鍵ペアであれば、公開鍵を取り出して車両側に取り込む。 A rights holder key acquisition unit 1007 acquires a key presented by the rights holder at a predetermined timing.
For example, a driver inserts his/her driver's license into the car and the driver's license is imported when the engine is started (when the vehicle starts moving). If the key pair is a public key type, the public key is extracted and imported into the vehicle.
 ここで、転送制御部1005を説明する。転送制御部1005は、暗号化されたデータを提供先へ提供する。詳細には、転送制御部1005は、提供先の用途に基づいて、提供するデータを選択する。 The transfer control unit 1005 will now be described. The transfer control unit 1005 provides encrypted data to the destination. In detail, the transfer control unit 1005 selects the data to be provided based on the intended use of the destination.
 図3は、実施の形態1の具体例を示す図である。マイナンバーカード2001には、公開鍵2002、秘密鍵2003が内蔵されている。今回の用途では、公開鍵2002を取り出して車両で使用する。 FIG. 3 is a diagram showing a specific example of the first embodiment. A public key 2002 and a private key 2003 are embedded in a My Number card 2001. For this purpose, the public key 2002 is extracted and used in the vehicle.
 図4は、実施の形態1の公開鍵が取得される場合の処理の例を示すフローチャートである。図4では、公開鍵を取得可能であれば、公開鍵を取得し、マイナンバーカードが挿入されていないなど公開鍵が取得できない場合には、データの暗号化を行わないようにしている。詳細に、処理を説明する。 FIG. 4 is a flowchart showing an example of the process when the public key is acquired in the first embodiment. In FIG. 4, if the public key can be acquired, the public key is acquired, but if the public key cannot be acquired because the My Number card is not inserted, for example, data encryption is not performed. The process will be explained in detail.
 (ステップS11)マイナンバーカードが車に挿入されているか否かが判定される。マイナンバーカードが車に挿入されている場合、処理は、ステップS12に進む。マイナンバーカードが車に挿入されていない場合、処理は、終了する。
 (ステップS12)マイナンバーカードから公開鍵が、取得される。
 (ステップS13)公開鍵を用いて、データ鍵1010が暗号化され、復号鍵セット1012が作成される。 (Step S11) It is determined whether or not the My Number card is inserted in the vehicle. If the My Number card is inserted in the vehicle, the process proceeds to step S12. If the My Number card is not inserted in the vehicle, the process ends.
(Step S12) The public key is obtained from the My Number card.
(Step S13) The data key 1010 is encrypted using the public key, and a decryption key set 1012 is created.
 データ鍵セット暗号化部1009は、データ鍵1010を1つずつ、あるいは複数個まとめて暗号化を行い、復号鍵セット1012を作成する。データ鍵セット暗号化部1009は、次のように表現されてもよい。データ鍵セット暗号化部1009は、第1の鍵であるデータ鍵のセットである鍵束セットを第1の鍵とは異なる第2の鍵として公開鍵(秘密鍵と公開鍵とからなる鍵ペアのうち公開鍵部分)を使用して暗号化する。データ鍵セット暗号化部1009は、データの所有者である権利者が管理する鍵ペアの公開鍵を第2の鍵として使用してもよい。データ鍵セット暗号化部1009は、権利者が所有するデバイスに内蔵された他の公開鍵を第2の鍵として使用してもよい。 The data key set encryption unit 1009 encrypts the data keys 1010 one by one or multiple keys at a time to create a decryption key set 1012. The data key set encryption unit 1009 may be expressed as follows. The data key set encryption unit 1009 encrypts a key ring set, which is a set of data keys that are first keys, using a public key (the public key portion of a key pair consisting of a private key and a public key) as a second key different from the first key. The data key set encryption unit 1009 may use the public key of a key pair managed by the rights holder, who is the owner of the data, as the second key. The data key set encryption unit 1009 may use another public key built into a device owned by the rights holder as the second key.
 車載データファイル1011と復号鍵セット1012の両方を一緒に保存しておいても、権利者の秘密鍵が無いと復号することができないため、無断で他者に利用される心配はない。 Even if both the vehicle data file 1011 and the decryption key set 1012 are stored together, they cannot be decrypted without the rights holder's private key, so there is no need to worry about them being used by others without permission.
 この時、復号鍵セット1012と共にこれらの鍵で複合可能な範囲のレベル、時刻、関連イベントなどの情報を含むメタデータを一緒に格納しておくと便利である。これらのメタデータは、復号鍵セット1012内に暗号化して保存してもよいし、暗号化せずに別データとして保存してもよい。 At this time, it is useful to store metadata including information such as the level range that can be decrypted using these keys, the time, and related events together with the decryption key set 1012. This metadata may be encrypted and stored within the decryption key set 1012, or may be stored as separate data without encryption.
 データを復号・利用する際には、権利者の持つマイナンバーカード2001の秘密鍵2003を利用して復号鍵セット1012を複号(暗号化の解除)を行い、データ鍵1010を取り出す。
 車載データファイル1011に対して対応するデータ鍵1010を適用することにより、データを復号しデータを利用することが可能になる。 When decrypting and using the data, the private key 2003 of the My Number card 2001 held by the right holder is used to decrypt (decrypt) the decryption key set 1012 and extract the data key 1010.
By applying the corresponding data key 1010 to the in-vehicle data file 1011, the data can be decrypted and used.
 ここで、復号鍵セット1012は、復号鍵である秘密鍵2003がなければ、復号されない。秘密鍵2003は、ユーザが所有するマイナンバーカード2001に格納されている。そのため、他人は、ユーザの許諾を得なければ、復号鍵セット1012に含まれているデータ鍵1010を得ることができない。言い換えれば、他人は、ユーザから秘密鍵2003の使用の許諾を得なければ、復号鍵セット1012に含まれているデータ鍵1010を得ることができない。他人は、データ鍵1010を得ることができなければ、車載データファイル1011の暗号化データを復号できない。よって、情報処理装置1000は、ユーザが所有する記録媒体(例えば、マイナンバーカード2001)に格納されている暗号鍵であり、かつ秘密鍵2003の鍵ペアである公開鍵2002を用いて、データ鍵1010を暗号化することで、車内映像などのプライバシーに関する情報の勝手な活用を防止することができる。 Here, the decryption key set 1012 cannot be decrypted without the private key 2003, which is the decryption key. The private key 2003 is stored in the My Number card 2001 owned by the user. Therefore, other people cannot obtain the data key 1010 included in the decryption key set 1012 without the user's permission. In other words, other people cannot obtain the data key 1010 included in the decryption key set 1012 without the user's permission to use the private key 2003. Other people cannot decrypt the encrypted data of the in-vehicle data file 1011 unless they can obtain the data key 1010. Therefore, the information processing device 1000 can prevent unauthorized use of privacy information such as in-vehicle video by encrypting the data key 1010 using the public key 2002, which is an encryption key stored in a recording medium (e.g., the My Number card 2001) owned by the user and is a key pair of the private key 2003.
実施の形態2.
 次に、実施の形態2を説明する。実施の形態2では、実施の形態1と相違する事項を主に説明する。そして、実施の形態2では、実施の形態1と共通する事項の説明を省略する。 Embodiment 2.
Next, a description will be given of embodiment 2. In embodiment 2, differences from embodiment 1 will be mainly described. Furthermore, in embodiment 2, description of matters common to embodiment 1 will be omitted.
 上記の例では単純に復号鍵セット1012を復号しデータ鍵1010を取り出したが、実際の運用ではデータ鍵1010の取り扱いにも注意が必要である。
 そこで、提供先の公開鍵を使用して再度データ鍵を暗号化して提供することを考える。 In the above example, the decryption key set 1012 is simply decrypted to extract the data key 1010, but in actual operation, care must be taken when handling the data key 1010.
Therefore, it is considered to re-encrypt the data key using the recipient's public key before providing it.
 図5は、実施の形態2における処理の例を示すフローチャートである。図5では、再暗号化の動作を示すフローチャートで、復号して取り出したデータ鍵1010から、提供を許可するデータの選定を行い、選定したデータを提供先の公開鍵を用いて再度暗号化する手順である。
 (ステップS21)権利者鍵が、受け取られる。
 (ステップS22)鍵セットの暗号が、解除される。
 (ステップS23)提供データが選定される。
 (ステップS24)提供相手の鍵が、受け取られる。
 (ステップS25)提供用鍵セットとして提供相手の鍵で暗号化が実行される。 Fig. 5 is a flowchart showing an example of processing in embodiment 2. Fig. 5 is a flowchart showing a re-encryption operation, which is a procedure for selecting data to be permitted to be provided from the decrypted and extracted data key 1010, and re-encrypting the selected data using the public key of the recipient.
(Step S21) The rights holder key is received.
(Step S22) The encryption of the key set is decrypted.
(Step S23) Data to be provided is selected.
(Step S24) The key from the recipient is received.
(Step S25) Encryption is performed with the recipient's key as the providing key set.
 なお、PKI(公開鍵暗号基板)を用いた公的認証局が発行した証明書付きの鍵であれば、相手の身元を確認することが可能になる。
 通常、このような復号・再暗号処理は中間データが取り出せないセキュアブロックなど特殊領域を使用して実行される。 Furthermore, if the key is accompanied by a certificate issued by a public certification authority using PKI (public key encryption system), it becomes possible to verify the identity of the other party.
Typically, such decryption and re-encryption processing is performed using a special area such as a secure block from which intermediate data cannot be extracted.
 図6は、実施の形態2の提供用の復号鍵セットを作成する作業のイメージ図である。
 操作端末6001は、情報処理装置1000と通信する。また、操作端末6001と情報処理装置1000とを含むシステムは、情報処理システムとも言う。操作端末6001は、提供するデータの提供選択リストを生成し、第1の鍵のセットである鍵束セットから、提供選択リストの中から選択されたデータの復号に必要なデータ鍵を取得し、新たな鍵束セットとして作成を提供する。 FIG. 6 is a conceptual diagram of the process of creating a decryption key set for provision according to the second embodiment.
The operation terminal 6001 communicates with the information processing device 1000. A system including the operation terminal 6001 and the information processing device 1000 is also referred to as an information processing system. The operation terminal 6001 generates a provision selection list of data to be provided, obtains a data key required for decrypting data selected from the provision selection list from a key ring set, which is a first key set, and provides the created key ring set as a new key ring set.
 具体例に操作端末6001を説明する。
 操作端末6001は、権利者の秘密鍵2003を利用する。ここで、利用する形態は、秘密鍵を取り出して操作端末6001内に一時的に保存して復号操作を行っても良いし、カード内でデータ復号する機能がある場合には対象データをカードの機能を使って復号する方法でもよい。
 鍵間違いを防ぐためにこの鍵に結び付けられている権利者の名称を表示するなどしても良い。 As a specific example, the operation terminal 6001 will be described.
The operation terminal 6001 uses the right holder's private key 2003. Here, the form of use may involve extracting the private key and temporarily storing it in the operation terminal 6001 to perform the decryption operation, or, if the card has a function for decrypting data, using the card's function to decrypt the target data.
To prevent key errors, the name of the right holder associated with this key may be displayed.
 また、データ利用を許可する提供先からは公開鍵を取得し、操作端末6001に取り込む。
 このとき公的認証局との照会などを用いて提供先公開鍵の正当性の検証と、証明書に含まれる相手先の名称を用いて想定した相手先への提供であることを確認できる。 A public key is also obtained from the provider who is permitted to use the data, and is input to the operation terminal 6001 .
At this time, the validity of the recipient's public key can be verified by checking with a public certification authority, and the name of the recipient included in the certificate can be used to confirm that the key was provided to the intended recipient.
 次に操作端末6001は、収集された復号鍵セット1012を取り込む。権利者の秘密鍵2003を用いて復号し、復号鍵セット1012からメタデータとデータ鍵1010を取り出す。メタデータの内容から、提供データのリストを作成し、提供データ選択UIを通じて表示して利用者に選択させる。このとき、目的などを選択させることにより標準的な提供設定が自動的に選択されるようにしても良い。 Then, the operation terminal 6001 imports the collected decryption key set 1012. It decrypts it using the rights holder's private key 2003, and extracts the metadata and data key 1010 from the decryption key set 1012. A list of provided data is created from the contents of the metadata, and is displayed via a provided data selection UI for the user to select. At this time, a standard provision setting may be automatically selected by having the user select the purpose, etc.
 その後、選択されたデータに対応するデータ鍵1010を提供先の公開鍵6002により再暗号化し復号鍵セット(提供用)6003を作成する。 Then, the data key 1010 corresponding to the selected data is re-encrypted using the recipient's public key 6002 to create a decryption key set (for provision) 6003.
 利用者は、この復号鍵セット(提供用)6003を提供先に提供することによって、記録された車載データファイル1011のうち、必要な部分にだけ利用権を付与することが可能になる。 By providing this decryption key set (for provision) 6003 to the recipient, the user can grant usage rights only to the necessary parts of the recorded vehicle data file 1011.
 図6の例では事故調書作成用に、レベル1~3、11:10~11:22までのデータを提供するよう選択している。 In the example in Figure 6, data from levels 1 to 3 and 11:10 to 11:22 has been selected to be provided for the creation of the accident report.
実施の形態3.
 次に、実施の形態3を説明する。実施の形態3では、実施の形態1と相違する事項を主に説明する。そして、実施の形態3では、実施の形態1と共通する事項の説明を省略する。 Embodiment 3.
Next, a description will be given of embodiment 3. In embodiment 3, differences from embodiment 1 will be mainly described. Furthermore, in embodiment 3, description of matters common to embodiment 1 will be omitted.
 先ほどの例では、事後に提供データを選択する例であったが、保険会社の運転診断などに利用するには、定常的にデータの送信を行う必要がある。 In the previous example, the data to be provided was selected after the fact, but to use the data for driving diagnosis by insurance companies, etc., it is necessary to transmit the data on a regular basis.
 図7、図8に示したのは、運転診断と事故時の対応を保険会社で行う場合の例である。公開鍵7002、秘密鍵7003は保険会社の管理する暗号用鍵であり、契約後に公開鍵7002が契約者であるドライバー等に与えられ、車内に取り込まれる。先方の公開鍵を車両内に保管して使用することになるが、この鍵を無断で差し替えられないように車両に保管する際に、権利者の秘密鍵を使って署名しておく。保険会社提出用の鍵セットを暗号化する際には、権利者の公開鍵2002を使って保険会社の公開鍵7002を検証し署名が検証完了後に保険会社の公開鍵7002を用いて鍵セットの暗号化を実施し復号用鍵セット7012を作成する。
 これにより、鍵の入れ替わりなどで想定外の相手にデータが送出される可能性を防止する。 7 and 8 show an example in which driving diagnosis and accident response are performed by an insurance company. A public key 7002 and a private key 7003 are encryption keys managed by the insurance company, and after a contract is made, the public key 7002 is given to the driver or the like who is the contract holder and is taken into the vehicle. The other party's public key is stored in the vehicle for use, and when this key is stored in the vehicle, it is signed using the private key of the right holder so that it cannot be replaced without permission. When encrypting a key set to be submitted to the insurance company, the right holder's public key 2002 is used to verify the insurance company's public key 7002, and after the signature verification is completed, the insurance company's public key 7002 is used to encrypt the key set and create a decryption key set 7012.
This prevents the possibility of data being sent to unexpected recipients due to key switching, etc.
 定常的なデータ送信用には専用のデータセットを作成し、暗号化したうえで、提供先の公開鍵を用いて鍵の暗号化を行い、データとともに提供先に送出する。このとき、先方が持つ秘密鍵でなければデータ鍵を取り出すことができない。 For regular data transmission, a dedicated data set is created and encrypted, and then the key is encrypted using the recipient's public key and sent to the recipient along with the data. At this time, the data key can only be extracted using the recipient's private key.
 図7は、実施の形態3の具体例を示す図である。図7の例では、加速度データと社外映像のみを保険会社に提出する場合の例を示している。加速度データは運転診断を目的として常時保険会社で利用することをとし、車外映像は事故の前後のみ保険会社で利用可能としたい。この場合、加速度データに用いるデータ鍵A01は更新頻度を低くすることができる。車外映像を復号するためのデータ鍵は事故前後の物を選定して(鍵B02、鍵B03)、特定部分のみを複号可能とする。
 これにより、プライバシー保護とデータの常時提供を両立することが可能となる。 FIG. 7 is a diagram showing a specific example of the third embodiment. In the example of FIG. 7, an example is shown in which only acceleration data and outside-vehicle video are submitted to an insurance company. The acceleration data is to be used by the insurance company at all times for the purpose of driving diagnosis, and the outside-vehicle video is to be made available to the insurance company only before and after an accident. In this case, the data key A01 used for the acceleration data can be updated less frequently. The data keys for decrypting the outside-vehicle video are selected from those before and after the accident (key B02, key B03), and only specific parts can be decrypted.
This makes it possible to protect privacy while providing data at all times.
 図8は、実施の形態3で実行される処理の例を示すフローチャートである。
 (ステップS41)マイナンバーカードが挿入されているか否かが判定される。マイナンバーカードが挿入されている場合、処理は、ステップS42に進む。マイナンバーカードが挿入されていない場合、処理は、終了する。
 (ステップS42)権利者鍵情報が取得される。
 (ステップS43)権利者署名が確認される。
 (ステップS44)署名が確認される。有効である場合、処理は、ステップS45に進む。無効である場合、処理は、終了する。
 (ステップS45)公開鍵を用いて、データ鍵1010が暗号化される。 FIG. 8 is a flowchart showing an example of a process executed in the third embodiment.
(Step S41) It is determined whether or not a My Number card is inserted. If a My Number card is inserted, the process proceeds to step S42. If a My Number card is not inserted, the process ends.
(Step S42) Right holder key information is obtained.
(Step S43) The signature of the right holder is confirmed.
(Step S44) The signature is verified. If it is valid, the process proceeds to step S45. If it is invalid, the process ends.
(Step S45) The data key 1010 is encrypted using the public key.
実施の形態4.
 次に、実施の形態4を説明する。実施の形態4では、実施の形態1と相違する事項を主に説明する。そして、実施の形態4では、実施の形態1と共通する事項の説明を省略する。
 提供先の利用目的が店舗のマーケティングや都市計画であれば、プライバシー保護のための、データ粒度の調整が必要になる。図9では、この場合の処理の例である。 Embodiment 4.
Next, a fourth embodiment will be described. In the fourth embodiment, differences from the first embodiment will be mainly described. Furthermore, in the fourth embodiment, descriptions of the commonalities between the first embodiment and the fourth embodiment will be omitted.
If the intended use of the provided data is for store marketing or urban planning, it is necessary to adjust the data granularity to protect privacy. FIG. 9 shows an example of processing in this case.
 図9は、実施の形態4の具体例を示す図である。
 提供時に使用する鍵は利用者である提供先が用意したものを取得して使用する。また、個人の特定を困難にするためにデータ匿名化処理9021を実施する。基本的には、場所や時間に関する情報の粒度を荒くして、監視カメラなどほかの情報との組み合わせで、個人、車体の特定がされないようにする。位置の粒度に関しては、駐車場で駐車した場所の情報のみとして移動経路の情報を削除し、さらに自宅、勤務先等の情報は除外することが考えられる。 FIG. 9 is a diagram showing a specific example of the fourth embodiment.
The key used when providing the vehicle is obtained and used from one prepared by the user, the recipient. In addition, data anonymization processing 9021 is performed to make it difficult to identify individuals. Basically, the granularity of information on location and time is made coarse so that individuals and vehicles cannot be identified by combining it with other information such as surveillance cameras. Regarding the granularity of location, it is possible to delete information on the travel route and leave only information on the parking location, and further exclude information on the home, workplace, etc.
 時間に関する情報では、午前、午後、夕刻、夜などの区分に分け、実際の時刻情報を削除する。また、曜日別、月の日付別、月別などのレベルで集計し、集計結果のみとするなどの加工を行ったうえで提供する。などの方法をとることが可能である。 Information relating to time can be divided into categories such as morning, afternoon, evening, and night, and the actual time information can be deleted. It is also possible to aggregate the information by day of the week, date of the month, or month, and provide only the aggregated results after processing.
 以上に説明した各実施の形態における特徴は、互いに適宜組み合わせることができる。 The features of each of the embodiments described above can be combined as appropriate.
 101 プロセッサ、 102 揮発性記憶装置、 103 不揮発性記憶装置、 1000 情報処理装置、 1001 データ収集部、 1002 データ分割部(時刻別)、 1003 データ分割部(ランク別)、 1004 データ暗号化部、 1005 転送制御部、 1006 データ記録部、 1007 権利者鍵取得部、 1008 データ鍵作成部、 1009 データ鍵セット暗号化部、 1010 データ鍵、 1011 車載データファイル、 1012 復号鍵セット、 2001 マイナンバーカード、 2002 公開鍵、 2003 秘密鍵、 6001 操作端末、 6002 公開鍵、 6003 復号鍵セット(提供用)、 7002 公開鍵、 7003 秘密鍵、 7012 復号用鍵セット、 9021 データ匿名化処理。 101 Processor, 102 Volatile storage device, 103 Non-volatile storage device, 1000 Information processing device, 1001 Data collection unit, 1002 Data division unit (by time), 1003 Data division unit (by rank), 1004 Data encryption unit, 1005 Transfer control unit, 1006 Data recording unit, 1007 Rights holder key acquisition unit, 1008 Data key creation unit, 1009 Data data key set encryption unit, 1010 data key, 1011 in-vehicle data file, 1012 decryption key set, 2001 My Number card, 2002 public key, 2003 private key, 6001 operation terminal, 6002 public key, 6003 decryption key set (for provision), 7002 public key, 7003 private key, 7012 decryption key set, 9021 data anonymization process.

Claims (8)

  1.  取得されたデータを状況に応じて分割するデータ分割部と、
     分割された前記データの各々に対し異なる第1の鍵で暗号化するデータ暗号化部と、
     を有する情報処理装置。     A data division unit that divides the acquired data according to a situation;
    a data encryption unit that encrypts each of the divided data pieces with a different first key;
    An information processing device having the above configuration.
  2.  前記データ分割部は、ユーザのプライバシーの程度に応じて前記データを分割する、
     請求項1に記載の情報処理装置。     The data division unit divides the data according to the degree of privacy of the user.
    The information processing device according to claim 1 .
  3.  暗号化された前記データを提供先へ提供する転送制御部をさらに有し、
     前記転送制御部は、前記提供先の用途に基づいて、提供する前記データを選択する、
     請求項1又は2に記載の情報処理装置。     a transfer control unit for providing the encrypted data to a destination;
    The transfer control unit selects the data to be provided based on the intended use of the destination.
    3. The information processing device according to claim 1 or 2.
  4.  前記第1の鍵のセットである鍵束セットを前記第1の鍵とは異なる第2の鍵で暗号化するデータ鍵セット暗号化部をさらに有する、
     請求項1から3のいずれか1項に記載の情報処理装置。     The data key set encryption unit further includes a data key set encryption unit that encrypts a key ring set, which is a set of the first keys, with a second key different from the first keys.
    The information processing device according to claim 1 .
  5.  前記データ鍵セット暗号化部は、前記データの所有者である権利者が管理する鍵を前記第2の鍵として使用する、
     請求項4に記載の情報処理装置。     the data key set encryption unit uses, as the second key, a key managed by a right holder who is the owner of the data;
    The information processing device according to claim 4.
  6.  前記データ鍵セット暗号化部は、前記権利者が所有するデバイスに内蔵された鍵を前記第2の鍵として使用する、
     請求項4又は5に記載の情報処理装置。     the data key set encryption unit uses a key built into a device owned by the right holder as the second key;
    6. The information processing device according to claim 4 or 5.
  7.  端末と、
     前記端末と通信する情報処理装置と、
     を含み、
     前記情報処理装置は、
     取得されたデータを状況に応じて分割するデータ分割部と、
     分割された前記データの各々に対し異なる第1の鍵で暗号化するデータ暗号化部と、
     暗号化された前記データを提供先へ提供する転送制御部と、
     を有する、
     情報処理システム。     A terminal,
    An information processing device that communicates with the terminal;
    Including,
    The information processing device includes:
    A data division unit that divides the acquired data according to a situation;
    a data encryption unit that encrypts each of the divided data pieces with a different first key;
    a transfer control unit that provides the encrypted data to a destination;
    having
    Information processing system.
  8.  前記端末は、提供する前記データの提供選択リストを生成し、前記第1の鍵のセットである鍵束セットから、前記提供選択リストの中から選択された前記データの復号に必要なデータ鍵を取得し、新たな鍵束セットとして作成を提供する、
     請求項7に記載の情報処理システム。     the terminal generates a provision selection list of the data to be provided, obtains a data key necessary for decrypting the data selected from the provision selection list from a key ring set which is the first key set, and provides the created new key ring set;
    The information processing system according to claim 7.
PCT/JP2022/036763 2022-09-30 2022-09-30 Information processing device and information processing system WO2024069958A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/036763 WO2024069958A1 (en) 2022-09-30 2022-09-30 Information processing device and information processing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/036763 WO2024069958A1 (en) 2022-09-30 2022-09-30 Information processing device and information processing system

Publications (1)

Publication Number Publication Date
WO2024069958A1 true WO2024069958A1 (en) 2024-04-04

Family

ID=90476678

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/036763 WO2024069958A1 (en) 2022-09-30 2022-09-30 Information processing device and information processing system

Country Status (1)

Country Link
WO (1) WO2024069958A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11272681A (en) * 1998-03-19 1999-10-08 Hitachi Information Systems Ltd Recording method for individual information and record medium thereof
JP2020129760A (en) * 2019-02-08 2020-08-27 国立大学法人東京工業大学 Distributed data management system and program therefor
JP2021158548A (en) * 2020-03-27 2021-10-07 株式会社日立製作所 Information sharing management method and information sharing management apparatus

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11272681A (en) * 1998-03-19 1999-10-08 Hitachi Information Systems Ltd Recording method for individual information and record medium thereof
JP2020129760A (en) * 2019-02-08 2020-08-27 国立大学法人東京工業大学 Distributed data management system and program therefor
JP2021158548A (en) * 2020-03-27 2021-10-07 株式会社日立製作所 Information sharing management method and information sharing management apparatus

Similar Documents

Publication Publication Date Title
US11223487B2 (en) Method and system for secure blockchain-based vehicular digital forensics
US10121143B1 (en) Method and system for blockchain-based combined identity, ownership, integrity and custody management
US10491388B2 (en) Multi-level encryption of tokenized protected data
CN105637916B (en) Authorization access to vehicle data
US7792300B1 (en) Method and apparatus for re-encrypting data in a transaction-based secure storage system
CN111368324A (en) Credible electronic license platform system based on block chain and authentication method thereof
US20210281400A1 (en) Method for Transmitting Data Between Internet of Vehicles Devices and Device
US9244864B2 (en) Information providing system, information processing apparatus, computer readable medium, and information providing method for providing encrypted information
WO2020083822A1 (en) Privacy-preserving mobility as a service supported by blockchain
CN101690077B (en) Drm scheme extension
US11188668B2 (en) Method for accessing data in a secure manner
JP5590953B2 (en) KEY GENERATION DEVICE, DATA PROVIDING DEVICE, TERMINAL DEVICE, AND PROGRAM
CN105122265A (en) Data security service system
CN108763955B (en) Travel data sharing method and apparatus, travel data sharing system, and computer storage medium
CN113326533B (en) Electronic license service system and method based on blockchain and distributed file storage
KR20220104552A (en) System and Method for Blockchain-based Data Sharing and Trading for Connected Car
Feng et al. S2PD: A selective sharing scheme for privacy data in vehicular social networks
AU774704B2 (en) Electronic information inquiring method
WO2024069958A1 (en) Information processing device and information processing system
KR20160040399A (en) Personal Information Management System and Personal Information Management Method
CN105208017B (en) A kind of memorizer information acquisition methods
Lin et al. A real-time parking service with proxy re-encryption in vehicular cloud computing
CN115776396A (en) Data processing method and device, electronic equipment and storage medium
CN111866009B (en) Vehicle information updating method and device
Langley et al. Key management in vehicular ad-hoc networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22961017

Country of ref document: EP

Kind code of ref document: A1