Anonymous information system, information registering device and information storing device
First Claim
1. An anonymous information system that performs anonymity conversion processing on original individual specifying information that specifies an individual, to generate anonymous individual specifying information, the anonymous information system comprising:
- a conversion splitting device operable to split the anonymity conversion processing into two portions to generate first conversion processing that is one of the portions and second conversion processing that is the other one of the portions;
a first converting device operable to perform the first conversion processing on the original individual specifying information to generate semi-anonymous individual specifying information; and
a second converting device operable to perform the second conversion processing on the generated semi-anonymous individual specifying information to generate the anonymous individual specifying information.
3 Assignments
0 Petitions
Accused Products
Abstract
An anonymous information system is capable of maintaining anonymity of data while improving safety with regard to loss of anonymity caused by hacking of secret information, or the like. Conversion processing for converting from individual specifying information to anonymous individual information is split between an information providing device and an anonymity server device. Further, the manner in which the conversion processing is split is varied for each information providing device. A parameter generating device calculates Xinv to satisfy Xi×Xinv=1 mod q, a first characteristic parameter KAi=GˆXinv mod q, and a second characteristic parameter KBi=Xi. The information providing device generates a semi-anonymous individual identifier C=(KAi)ˆD mod P. The anonymity server device calculates an anonymous individual identifier E=(C)ˆKBi mod P.
-
Citations
19 Claims
-
1. An anonymous information system that performs anonymity conversion processing on original individual specifying information that specifies an individual, to generate anonymous individual specifying information, the anonymous information system comprising:
-
a conversion splitting device operable to split the anonymity conversion processing into two portions to generate first conversion processing that is one of the portions and second conversion processing that is the other one of the portions;
a first converting device operable to perform the first conversion processing on the original individual specifying information to generate semi-anonymous individual specifying information; and
a second converting device operable to perform the second conversion processing on the generated semi-anonymous individual specifying information to generate the anonymous individual specifying information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A parameter generating device in an anonymous information system that further includes an information providing device and an information storing device, and that performs anonymity conversion processing on original individual information specifying an individual, to generate anonymous individual specifying information,
the anonymity conversion processing generating, from the original individual specifying information and based on a base parameter, the anonymous individual specifying information from which the individual cannot be specified, the parameter generating device comprising: -
a first parameter generating unit operable to randomly generate a first parameter;
a second parameter generating unit operable to generate a second parameter that is complementary to the first parameter with respect to the base parameter; and
a first transmission unit operable to transmit the first parameter to the information providing device, and transmit the second parameter to the information storing device. - View Dependent Claims (12)
-
-
13. An information providing device in an anonymous information system that further includes a parameter generating device and an information storing device, and that performs anonymity conversion processing on original individual information specifying an individual, to generate anonymous individual specifying information,
the anonymity conversion processing generating, from the original individual specifying information and based on a base parameter, the anonymous individual specifying information from which the individual cannot be specified, the parameter generating device randomly generating a first parameter, generating a second parameter that is complementary to the first parameter with respect to the base parameter, transmitting the first parameter to the information providing device, the information providing device comprising: -
a first receiving unit operable to receive the first parameter, an acquiring unit operable to acquire the original individual specifying information;
a first converting unit operable to perform, as the first conversion processing, a repetitive calculation using the received first parameter and the acquired original individual specifying information to generate the semi-anonymous individual specifying information; and
a second transmission unit operable to transmit the generated semi-anonymous individual specifying information to the information storing device. - View Dependent Claims (14)
-
-
15. An information storing device of an anonymous information system that further includes a parameter generating device and an information providing device, and that performs anonymity conversion processing on original individual information specifying an individual, to generate anonymous individual specifying information,
the anonymity conversion processing generating, from the original individual specifying information and based on a base parameter, the anonymous individual specifying information from which the individual cannot be specified, the parameter generating device randomly generating a first parameter, generating a second parameter that is complementary to the first parameter with respect to the base parameter, transmitting the first parameter to the information providing device, the information providing device receiving the first parameter, acquiring the original individual specifying information, performing, as the first conversion processing, a repetitive calculation using the received first parameter and the acquired original individual specifying information to generate the semi-anonymous individual specifying information, and transmitting the generated semi-anonymous individual specifying information to the information storing device, the information storing device comprising: -
a storing unit having a region for storing the anonymous individual specifying information;
a second receiving unit operable to receive the second parameter and the semi-anonymous individual specifying information; and
a second converting unit operable to perform, as the second conversion processing, a repetitive calculation using the received second parameter and the received semi-anonymous individual specifying information to generate the anonymous individual specifying information, and to write the generated anonymous individual specifying information into the storing unit. - View Dependent Claims (16)
-
-
17. A method used by an anonymous information system that performs anonymity conversion processing on original individual specifying information that specifies an individual, to generate anonymous individual specifying information, the method comprising:
-
a conversion splitting step of splitting the anonymity conversion processing into two portions to generate first conversion processing that is one of the portions and second conversion processing that is the other one of the portions;
a first conversion step of performing the first conversion processing on the original individual specifying information to generate semi-anonymous individual specifying information; and
a second converting step of performing the second conversion processing on the generated semi-anonymous individual specifying information to generate the anonymous individual specifying information.
-
-
18. A program used by an anonymous information system that performs anonymity conversion processing on original individual specifying information that specifies an individual, to generate anonymous individual specifying information, the program comprising:
-
a conversion splitting step of splitting the anonymity conversion processing into two portions to generate first conversion processing that is one of the portions and second conversion processing that is the other one of the portions;
a first conversion step of performing the first conversion processing on the original individual specifying information to generate semi-anonymous individual specifying information; and
a second converting step of performing the second conversion processing on the generated semi-anonymous individual specifying information to generate the anonymous individual specifying information. - View Dependent Claims (19)
-
Specification