Control of data linkability
First Claim
1. A method of controlling data linkability in a system in which a client apparatus is connected to a personal data management server that has a database for storing individual data, the personal data being electronic data that can identify a specific individual and electronic data that can be collated with the personal data to identify a specific individual, the client apparatus starting processing for connecting with the personal data management server, the method for controlling data linkability comprising:
- executing processing for referring to a personal ID for identifying a specific individual stored in a storage area in the client apparatus;
executing processing for creating one or more anonymous IDs according to a hash function with the personal ID as a key;
executing processing for sending anonymous data for management, which includes the anonymous IDs and one or more conditions for permitting personal data usage, to the personal data management server;
executing processing for receiving a result of registration of the anonymous data for management from the personal data management server;
when the registration fails, executing the anonymous ID creation processing and the anonymous data for management sending processing again; and
when the registration is successful, executing processing for storing the anonymous data for management in the storage area in the client apparatus.
1 Assignment
0 Petitions
Accused Products
Abstract
In the conventional technique for mainly performing access control, an entity (an individual) which provides information cannot grasp a state of use of personal information. In the conventional technique for encrypting stored data, a decryption key is always required when personal data is used and the personal data is not protected once decrypted. The invention constitute a system such that a purchase history is collected according to an anonymous ID and a response from a member card or an agent server is required for operation for associating the anonymous ID with a personal ID. Personal data itself is not encrypted but stored in a plain text with the personal ID and the anonymous ID as keys such that the anonymous ID is regenerated every time the anonymous ID is associated with the personal ID on a server side. At this point, the anonymous ID serving as a collection key for the purchase history, which is accumulated concurrently, is also regenerated.
-
Citations
22 Claims
-
1. A method of controlling data linkability in a system in which a client apparatus is connected to a personal data management server that has a database for storing individual data, the personal data being electronic data that can identify a specific individual and electronic data that can be collated with the personal data to identify a specific individual,
the client apparatus starting processing for connecting with the personal data management server, the method for controlling data linkability comprising: -
executing processing for referring to a personal ID for identifying a specific individual stored in a storage area in the client apparatus;
executing processing for creating one or more anonymous IDs according to a hash function with the personal ID as a key;
executing processing for sending anonymous data for management, which includes the anonymous IDs and one or more conditions for permitting personal data usage, to the personal data management server;
executing processing for receiving a result of registration of the anonymous data for management from the personal data management server;
when the registration fails, executing the anonymous ID creation processing and the anonymous data for management sending processing again; and
when the registration is successful, executing processing for storing the anonymous data for management in the storage area in the client apparatus. - View Dependent Claims (2, 3, 4, 10)
-
-
5. A method of controlling data linkability in a system using a personal data management server that has a database for storing individual data, the personal data including electronic data that can identify a specific individual and electronic data that can be collated with the personal data to identify a specific individual, the method for controlling data linkability comprising:
-
executing processing for receiving anonymous IDs created according to a hash function with a personal ID for identifying a specific individual as a key and one or more anonymous data for management including one or more conditions for permitting personal data usage from a client apparatus;
executing processing for deciding whether the received anonymous IDs conflict with an anonymous ID stored in the server and sending a result of the decision to the client apparatus;
when there is no conflict, executing processing for storing the anonymous data for management in the database; and
executing processing for replacing anonymous IDs in the database created from personal IDs, which are the same as the received anonymous IDs, with the received anonymous IDs. - View Dependent Claims (6, 7, 8, 9)
-
-
11. A client apparatus connected to a personal data management server that has a database for storing individual data, the personal data being electronic data that can identify a specific individual and electronic data that can be collated with the personal data to identify a specific individual, the client apparatus comprising:
-
a storage unit that has a personal ID for identifying a specific individual; and
an arithmetic processing unit that creates one or more anonymous IDs according to a hash function with the personal ID stored in the storage unit as an input value and stores the anonymous IDs in the storage unit, wherein the storage unit includes anonymous data for management having the anonymous IDs and at least one condition for permitting personal data usage concerning the personal data owned by the personal data management server, and the client apparatus has a function of, when the personal data management server requests the client apparatus to send the personal ID, before sending the personal ID to the personal data management server, creating a new anonymous ID using the arithmetic processing unit, sending the anonymous ID to the personal data management server, and storing the new anonymous ID in the storage unit.
-
-
12. A method of controlling data linkability in a system in which a client apparatus is connected to a personal data management server that has a database for storing personal data, the personal data being electronic data that can identify a specific individual and electronic data that can be collated with the personal data to identify a specific individual,
the client apparatus starting processing for connecting with the personal data management server, the method for controlling data linkability comprising: -
executing processing for referring to a personal ID for identifying a specific individual stored in a storage area in the client apparatus and an anonymous ID;
creating ID corresponding data representing a correspondence relation between the personal ID and the anonymous ID;
executing processing for creating one or more new anonymous IDs according to a hash function with the personal ID as a key and sending the anonymous IDs to the personal data management server;
executing processing for receiving a result of registration of the anonymous IDs from the personal data management server;
when the registration fails, executing the anonymous ID creation processing and the anonymous data for management sending processing again; and
when the registration is successful, executing processing for storing the anonymous IDs in the storage area in the client apparatus and sending the ID corresponding data to the personal data management server.
-
-
13. A method of controlling data linkability in a system in which a client apparatus is connected to a personal data management server that has a database for storing personal data, the personal data being electronic data that can identify a specific individual and electronic data that can be collated with the personal data to identify a specific individual,
the client apparatus starting processing for connecting with the personal data management server, the method for controlling data linkability comprising: -
executing processing for receiving one or more new anonymous IDs created according to a hash function with a personal ID for identifying a specific individual, which is present in the client apparatus, as a key from the client apparatus;
executing processing for deciding whether the received new anonymous IDs conflict with an anonymous ID stored in the server and sending a result of the decision to the client apparatus;
when there is no conflict, executing processing for storing the new anonymous IDs in a database that stores anonymous ID regeneration history data; and
receiving ID corresponding data of the personal ID and the anonymous ID before regeneration from the client apparatus. - View Dependent Claims (15, 17)
-
-
14. A method of controlling data linkability in a system in which a client apparatus is connected to a personal data management server that has a database for storing personal data, the personal data being electronic data that can identify a specific individual and electronic data that can be collated with the personal data to identify a specific individual,
the client apparatus starting processing for connecting with the personal data management server, the method for controlling data linkability comprising: -
executing processing for receiving one or more new anonymous IDs created according to a hash function with a personal ID for identifying a specific individual, which is present in the client apparatus, as a key from the client apparatus;
executing processing for deciding whether the received new anonymous IDs conflict with anonymous IDs stored in the server and sending a result of the decision to the client apparatus;
when there is no conflict, executing processing for storing the new anonymous IDs in a database that stores anonymous ID regeneration history data;
receiving ID corresponding data of personal IDs and anonymous IDs before regeneration from the client apparatus; and
executing processing for replacing anonymous IDs before regeneration present in the database for storing the personal data with the new anonymous IDs. - View Dependent Claims (18, 19)
-
-
16. A method of controlling data linkability in a system in which a client apparatus is connected to a personal data management server that has a database for storing personal data, the personal data being electronic data that can identify a specific individual, electronic data that can be collated with the personal data to identify a specific individual, and a database that stores anonymous ID regeneration history data,
the client apparatus starting processing for connecting with the personal data management server, the method for controlling data linkability comprising: -
receiving an anonymous ID from the client apparatus;
referring to a regeneration sequence of the received anonymous ID stored in the database that stores anonymous ID regeneration history data and extracting a latest anonymous ID;
when the received anonymous ID is older than the latest anonymous ID, sending an anonymous ID to the client apparatus; and
deleting history data related to an anonymous ID, which is older than the latest anonymous ID and is not present in the database for storing the personal data, from the regeneration sequence stored in the database that stores anonymous ID regeneration history data.
-
-
20. A method of controlling data linkability in a personal data management server which has a database for storing personal data in an encrypted form, the personal data being electronic data that can identify a specific individual, electronic data that can be collated with the personal data to identify a specific individual, and corresponding data of these electronic data, when the personal data management server starts processing for connection with a client apparatus, the method comprising:
-
receiving an encryption key provided in the client apparatus; and
decrypting ID corresponding data of a personal ID stored in the server and anonymous ID before regeneration using the received encryption key.
-
-
21. A data management system comprising:
-
a terminal apparatus that acquires linked data;
a first apparatus that stores a combination of a real name ID and a real name;
a second apparatus that stores data related to the real name and an anonymous ID corresponding to the data;
a third apparatus that stores a correspondence table of the real name ID and the anonymous ID; and
a control apparatus that stores anonymous ID regeneration history data of corresponding to the real name ID and is connected to the terminal apparatus, the first apparatus, the second apparatus, and the third apparatus via a network, wherein when the control apparatus accesses the second apparatus to regenerate the anonymous ID, the control apparatus accesses the third apparatus to regenerate a value of the correspondence table corresponding to the regenerated anonymous ID, and stores information on the regeneration history in a storage unit of the control apparatus. - View Dependent Claims (22)
-
Specification