Anonymous information system, information registering device and information storing device

US 20060136253A1
Filed: 11/18/2005
Published: 06/22/2006
Est. Priority Date: 11/19/2004
Status: Active Grant

First Claim

Patent Images

1. An anonymous information system that performs anonymity conversion processing on original individual specifying information that specifies an individual, to generate anonymous individual specifying information, the anonymous information system comprising:

a conversion splitting device operable to split the anonymity conversion processing into two portions to generate first conversion processing that is one of the portions and second conversion processing that is the other one of the portions;

a first converting device operable to perform the first conversion processing on the original individual specifying information to generate semi-anonymous individual specifying information; and

a second converting device operable to perform the second conversion processing on the generated semi-anonymous individual specifying information to generate the anonymous individual specifying information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An anonymous information system is capable of maintaining anonymity of data while improving safety with regard to loss of anonymity caused by hacking of secret information, or the like. Conversion processing for converting from individual specifying information to anonymous individual information is split between an information providing device and an anonymity server device. Further, the manner in which the conversion processing is split is varied for each information providing device. A parameter generating device calculates X_invto satisfy X_i×X_inv=1 mod q, a first characteristic parameter KA_i=GˆX_invmod q, and a second characteristic parameter KB_i=X_i. The information providing device generates a semi-anonymous individual identifier C=(KA_i)ˆD mod P. The anonymity server device calculates an anonymous individual identifier E=(C)ˆKB_imod P.

16 Citations

View as Search Results

19 Claims

1. An anonymous information system that performs anonymity conversion processing on original individual specifying information that specifies an individual, to generate anonymous individual specifying information, the anonymous information system comprising:
- a conversion splitting device operable to split the anonymity conversion processing into two portions to generate first conversion processing that is one of the portions and second conversion processing that is the other one of the portions;
  
  a first converting device operable to perform the first conversion processing on the original individual specifying information to generate semi-anonymous individual specifying information; and
  
  a second converting device operable to perform the second conversion processing on the generated semi-anonymous individual specifying information to generate the anonymous individual specifying information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The anonymous information system of claim 1, wherein the anonymity conversion processing generates, from the original individual specifying information and based on a base parameter, the anonymous individual specifying information from which the individual cannot be specified, the conversion splitting device comprises:
    - a first parameter generating unit operable to randomly generate a first parameter;
      
      a second parameter generating unit operable to generate a second parameter that is complementary to the first parameter with respect to the base parameter; and
      
      a first transmission unit operable to transmit the first parameter to the first converting device, and transmit the second parameter to the second converting device, the first converting device comprises;
      
      a first receiving unit operable to receive the first parameter, an acquiring unit operable to acquire the original individual specifying information;
      
      a first converting unit operable to perform, as the first conversion processing, a repetitive calculation using the received first parameter and the acquired original individual specifying information, to generate the semi-anonymous individual specifying information;
      
      a second transmission unit operable to transmit the generated semi-anonymous individual specifying information to the second converting unit, and the second converting device comprises;
      
      a storing unit having a region for storing the anonymous individual specifying information;
      
      a second receiving unit operable to receive the second parameter and the semi-anonymous individual specifying information; and
      
      a second converting unit operable to perform, as the second conversion processing, a repetitive calculation using the received second parameter and the received semi-anonymous individual specifying information to generate the anonymous individual specifying information, and to write the generated anonymous individual specifying information into the storing unit.
  - 3. The anonymous information system of claim 2, wherein in addition to being an information providing device that provides the original individual specifying information, the first converting device further provides individual related information relating to the individual, and in addition to being an information storing device that stores the anonymous individual specifying information, the second converting device stores the anonymous individual specifying information in correspondence with the individual related information.
  - 4. The anonymous information system of claim 3, further comprising:
    - an information searching device operable to acquire, from the second converting device that is the information storing device, the anonymous individual specifying information and the individual related information which are desired by an operator.
  - 5. The anonymous information system of claim 2, wherein the conversion splitting device further splits the anonymity conversion processing into two portions to generate third conversion processing that is one of the portions and different from the first conversion processing, and fourth conversion processing that is the other one of the portions and different from the second conversion processing, the anonymous information system further comprises:
    - a third converting device operable to perform the third conversion processing on the original individual specifying information to generate other semi-anonymous individual specifying information, and the second converting device further performs the fourth conversion processing on the generated other semi-anonymous individual specifying information to generate the anonymous individual specifying information.
  - 6. The anonymous information system of claim 5, wherein the conversion splitting device generates a third parameter that indicates the third conversion processing and a fourth parameter that indicates the fourth conversion processing, the third parameter differing from the first parameter and the fourth parameter differing from the second parameter, the first converting device performs the third conversion processing indicated by the third parameter, and the second converting device performs the fourth conversion processing indicated by the fourth parameter.
  - 7. The anonymous information system of claim 2, wherein the conversion splitting device further splits other anonymity conversion processing that is different from the anonymity conversion processing into two portions to generate third conversion processing that is one of the portions and different from the first conversion processing and fourth conversion processing that is the other of the portions and different from the second conversion processing, instead of the first conversion processing, the first conversion device performs the third conversion processing on the original individual specifying information to generate other semi-anonymous individual specifying information, and instead of the second conversion processing, the second conversion device performs the fourth conversion processing on the generated other semi-anonymous individual specifying information to generate other anonymous individual specifying information.
  - 8. The anonymous information system of claim 7, wherein the first parameter generating unit randomly generates a third parameter that is different to the first parameter;
    - the second parameter generating unit generates a fourth parameter that is complementary to the third parameter with respect to the base parameter;
      
      the first transmission unit further transmits the third parameter to the first converting device, and transmits the fourth parameter to the second converting device;
      
      the first receiving unit further receives the third parameter;
      
      the first converting unit performs, as the third conversion processing, a repetitive calculation using the received third parameter and the acquired original individual specifying information to generate other semi-anonymous individual specifying information;
      
      the second transmission unit transmits the generated other semi-anonymous individual specifying information to the second converting unit;
      
      the storing unit has a region for storing other anonymous individual specifying information;
      
      the second receiving unit receives the fourth parameter and the other semi-anonymous individual specifying information; and
      
      the second converting unit performs, as the fourth conversion processing, a repetitive calculation using the received fourth parameter and the received other semi-anonymous individual specifying information to generate the other anonymous individual specifying information, and writes the generated other anonymous individual specifying information into the storing unit.
  - 9. The anonymous information system of claim 2, wherein the conversion splitting device further splits other anonymity conversion processing that is different to the anonymity conversion processing into two portions to generate third conversion processing that is one of the portions and different from the first conversion processing and fourth conversion processing that is the other one of the portions and different from the second conversion processing, instead of performing the first conversion processing, the first conversion device performs the anonymity conversion processing on the original individual specifying information to generate the anonymous individual specifying information, and performs the third conversion processing on the generated anonymous individual specifying information to generate other semi-anonymous individual specifying information, and instead of performing the second conversion processing, the second conversion device performs the fourth conversion processing on the generated other semi-anonymous individual specifying information to generate other anonymous individual specifying information.
  - 10. The anonymous information system of claim 9, wherein the first parameter generating unit randomly generates a third parameter that is different from the first parameter;
    - the second parameter generating unit generates a fourth parameter that is complementary to the third parameter with respect to the base parameter;
      
      the first transmission unit further transmits the third parameter to the first converting device, and transmits the fourth parameter to the second converting device;
      
      the first receiving unit further receives the third parameter;
      
      the first converting unit performs the anonymity conversion processing on the original individual specifying information to generate the anonymous individual specifying information, and as the third conversion processing, performs a repetitive calculation using the received third parameter and the generated anonymous individual specifying information to generate the other semi-anonymous individual specifying information;
      
      the second transmission unit transmits the generated other semi-anonymous individual specifying information to the second converting unit;
      
      the storing unit has a region for storing other anonymous individual specifying information;
      
      the second receiving unit receives the fourth parameter and the other semi-anonymous individual specifying information; and
      
      the second converting unit performs, as the fourth conversion processing, a repetitive calculation using the received fourth parameter and the received other semi-anonymous individual specifying information to generate the other anonymous individual specifying information, and writes the generated other anonymous individual specifying information into the storing unit.

11. A parameter generating device in an anonymous information system that further includes an information providing device and an information storing device, and that performs anonymity conversion processing on original individual information specifying an individual, to generate anonymous individual specifying information, the anonymity conversion processing generating, from the original individual specifying information and based on a base parameter, the anonymous individual specifying information from which the individual cannot be specified, the parameter generating device comprising:
- a first parameter generating unit operable to randomly generate a first parameter;
  
  a second parameter generating unit operable to generate a second parameter that is complementary to the first parameter with respect to the base parameter; and
  
  a first transmission unit operable to transmit the first parameter to the information providing device, and transmit the second parameter to the information storing device.
- View Dependent Claims (12)
- - 12. The parameter generating device of claim 11, wherein the first parameter generating unit and the second parameter generating unit are constructed from one or more large scale integrated circuits.

13. An information providing device in an anonymous information system that further includes a parameter generating device and an information storing device, and that performs anonymity conversion processing on original individual information specifying an individual, to generate anonymous individual specifying information, the anonymity conversion processing generating, from the original individual specifying information and based on a base parameter, the anonymous individual specifying information from which the individual cannot be specified, the parameter generating device randomly generating a first parameter, generating a second parameter that is complementary to the first parameter with respect to the base parameter, transmitting the first parameter to the information providing device, the information providing device comprising:
- a first receiving unit operable to receive the first parameter, an acquiring unit operable to acquire the original individual specifying information;
  
  a first converting unit operable to perform, as the first conversion processing, a repetitive calculation using the received first parameter and the acquired original individual specifying information to generate the semi-anonymous individual specifying information; and
  
  a second transmission unit operable to transmit the generated semi-anonymous individual specifying information to the information storing device.
- View Dependent Claims (14)
- - 14. The information providing device of claim 13, wherein the first converting unit is constructed from one or more large scale integrated circuits.

15. An information storing device of an anonymous information system that further includes a parameter generating device and an information providing device, and that performs anonymity conversion processing on original individual information specifying an individual, to generate anonymous individual specifying information, the anonymity conversion processing generating, from the original individual specifying information and based on a base parameter, the anonymous individual specifying information from which the individual cannot be specified, the parameter generating device randomly generating a first parameter, generating a second parameter that is complementary to the first parameter with respect to the base parameter, transmitting the first parameter to the information providing device, the information providing device receiving the first parameter, acquiring the original individual specifying information, performing, as the first conversion processing, a repetitive calculation using the received first parameter and the acquired original individual specifying information to generate the semi-anonymous individual specifying information, and transmitting the generated semi-anonymous individual specifying information to the information storing device, the information storing device comprising:
- a storing unit having a region for storing the anonymous individual specifying information;
  
  a second receiving unit operable to receive the second parameter and the semi-anonymous individual specifying information; and
  
  a second converting unit operable to perform, as the second conversion processing, a repetitive calculation using the received second parameter and the received semi-anonymous individual specifying information to generate the anonymous individual specifying information, and to write the generated anonymous individual specifying information into the storing unit.
- View Dependent Claims (16)
- - 16. The information storing device of claim 15, wherein the second converting unit is constructed from one or more large scale integrated circuits.

17. A method used by an anonymous information system that performs anonymity conversion processing on original individual specifying information that specifies an individual, to generate anonymous individual specifying information, the method comprising:
- a conversion splitting step of splitting the anonymity conversion processing into two portions to generate first conversion processing that is one of the portions and second conversion processing that is the other one of the portions;
  
  a first conversion step of performing the first conversion processing on the original individual specifying information to generate semi-anonymous individual specifying information; and
  
  a second converting step of performing the second conversion processing on the generated semi-anonymous individual specifying information to generate the anonymous individual specifying information.

18. A program used by an anonymous information system that performs anonymity conversion processing on original individual specifying information that specifies an individual, to generate anonymous individual specifying information, the program comprising:
- a conversion splitting step of splitting the anonymity conversion processing into two portions to generate first conversion processing that is one of the portions and second conversion processing that is the other one of the portions;
  
  a first conversion step of performing the first conversion processing on the original individual specifying information to generate semi-anonymous individual specifying information; and
  
  a second converting step of performing the second conversion processing on the generated semi-anonymous individual specifying information to generate the anonymous individual specifying information.
- View Dependent Claims (19)
- - 19. The program of claim 18 recorded on a computer-readable recording medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sovereign Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Ohmori, Motoji, Yokota, Kaoru, Ito, Akinobu

Granted Patent

US 7,747,491 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 50/265   Personal security, identity...

G16H 10/60   for patient-specific data, ...

Anonymous information system, information registering device and information storing device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Anonymous information system, information registering device and information storing device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links