Anonymous information system, information registering device and information storing device
First Claim
1. An anonymous information system that performs anonymity conversion processing on original individual specifying information D that specifies an individual, to generate anonymous individual specifying information E, the anonymous information system comprising:
- a conversion splitting device configured to generate a first parameter KA and a second parameter KB based on a base parameter, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, the first parameter KA being utilized for the first conversion processing and the second parameter KB being utilized for the second conversion processing;
a first converting device configured to receive from said conversion splitting device the first parameter KA, to perform the first conversion processing on the original individual specifying information using a parameter P and the received first parameter KA according to a first expression, and to generate semi-anonymous individual specifying information, the first expression being represented as,
C=(KA)^D mod P; and
a second converting device configured to receive from said conversion splitting device the second parameter KB, to receive from said first converting device the generated semi-anonymous individual specifying information C and to perform the second conversion processing on the received semi-anonymous individual specifying information C using the parameter P and the received second parameter KB according to a second expression, and to generate the anonymous individual specifying information E from the generated semi-anonymous individual specifying information C, the second expression being represented as,
E=(C)^KB mod P, wherein said first converting device comprises an information providing device that provides the original individual specifying information D, and provides individual related information relating to the individual,said second converting device comprises an information storing device that stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, andthe conversion splitting device generates a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×
=Xinv mod q, and q and G are constants.
3 Assignments
0 Petitions
Accused Products
Abstract
An anonymous information system is capable of maintaining anonymity of data while improving safety with regard to loss of anonymity caused by hacking of secret information, or the like. Conversion processing for converting from individual specifying information to anonymous individual information is split between an information providing device and an anonymity server device. Further, the manner in which the conversion processing is split is varied for each information providing device. A parameter generating device calculates Xinv to satisfy Xi×Xinv=1 mod q, a first characteristic parameter KAi=G^Xinv mod q, and a second characteristic parameter KBi=Xi. The information providing device generates a semi-anonymous individual identifier C=(KAi)^D mod P. The anonymity server device calculates an anonymous individual identifier E=(C)^KBi mod P.
-
Citations
17 Claims
-
1. An anonymous information system that performs anonymity conversion processing on original individual specifying information D that specifies an individual, to generate anonymous individual specifying information E, the anonymous information system comprising:
-
a conversion splitting device configured to generate a first parameter KA and a second parameter KB based on a base parameter, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, the first parameter KA being utilized for the first conversion processing and the second parameter KB being utilized for the second conversion processing; a first converting device configured to receive from said conversion splitting device the first parameter KA, to perform the first conversion processing on the original individual specifying information using a parameter P and the received first parameter KA according to a first expression, and to generate semi-anonymous individual specifying information, the first expression being represented as,
C=(KA)^D mod P; and
a second converting device configured to receive from said conversion splitting device the second parameter KB, to receive from said first converting device the generated semi-anonymous individual specifying information C and to perform the second conversion processing on the received semi-anonymous individual specifying information C using the parameter P and the received second parameter KB according to a second expression, and to generate the anonymous individual specifying information E from the generated semi-anonymous individual specifying information C, the second expression being represented as,
E=(C)^KB mod P,wherein said first converting device comprises an information providing device that provides the original individual specifying information D, and provides individual related information relating to the individual, said second converting device comprises an information storing device that stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and the conversion splitting device generates a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×
=Xinv mod q, and q and G are constants. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A parameter generating device in an anonymous information system that includes an information providing device and an information storing device, and that performs anonymity conversion processing on original individual information D specifying an individual, to generate anonymous individual specifying information E, the anonymity conversion processing generating, from the original individual specifying information D and based on a base parameter, the anonymous individual specifying information E from which the individual cannot be specified, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, first parameter KA being utilized for the first conversion processing and second parameter KB being utilized for the second conversion processing, the parameter generating device comprising:
-
a first parameter generating unit configured to randomly generate the first parameter KA based on the base parameter; a second parameter generating unit configured to generate, based on the base parameter, the second parameter KB that is complementary to the first parameter KA with respect to the base parameter; and a first transmission unit configured to transmit the first parameter KA to the information providing device, and transmit the second parameter KB to the information storing device, wherein the information providing device receives the first parameter KA from said first transmission unit, inputs the original individual specifying information D into a first converting device, performs, as the first conversion processing according to a first expression, a repetitive calculation using a parameter P and the received first parameter KA and the input original individual specifying information D, to generate the semi-anonymous individual specifying information C, and transmits the generated semi-anonymous individual specifying information C to a second converting unit, the first expression being represented as,
C=(KA)^D mod P,wherein said information storing device receives the second parameter KB from said first transmission unit, receives the semi-anonymous individual specifying information C from the information providing device, performs, as the second conversion processing according to a first expression, a repetitive calculation using the parameter P and the received second parameter KB and the received semi-anonymous individual specifying information C to generate the anonymous individual specifying information E, and stores the generated anonymous individual specifying information E into the information storing device, the second expression being represented as,
E=(C)^KB mod P,wherein the first converting device comprises the information providing device that provides the original individual specifying information D, and provides individual related information relating to the individual, the second converting device comprises the information storing device that stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and a conversion splitting device generates a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×
Xinv=1 mod q, and q and G are constants. - View Dependent Claims (11)
-
-
12. An information providing device in an anonymous information system that includes a parameter generating device and an information storing device, and that performs anonymity conversion processing on original individual information specifying an individual D, to generate anonymous individual specifying information E, the anonymity conversion processing generating, from the original individual specifying information D and based on a base parameter, the anonymous individual specifying information E from which the individual cannot be specified, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, a first parameter KA being utilized for the first conversion processing and a second parameter KB being utilized for the second conversion processing, the parameter generating device randomly generating the first parameter KA based on the base parameter, generating, based on the base parameter, the second parameter KB that is complementary to the first parameter KA with respect to the base parameter, transmitting the first parameter KA to the information providing device, and transmitting the second parameter KB to the information storing device, the information providing device comprising:
-
a first receiving unit configured to receive the first parameter KA from the parameter generating device, an inputting unit configured to input the original individual specifying information D into the information providing device; a first converting unit configured to perform, as the first conversion processing according to a first expression, a repetitive calculation using a parameter P and the received first parameter KA and the input original individual specifying information D to generate the semi-anonymous individual specifying information C, the first expression being represented as,
C=(KA)^D mod P; and
a second transmission unit configured to transmit the generated semi-anonymous individual specifying information C to the information storing device, wherein the information storing device receives the second parameter KB from a first transmission unit, receives the semi-anonymous individual specifying information C from the information providing device, performs, as the second conversion processing according to a second expression, a repetitive calculation using the parameter P and the received second parameter KB and the received semi-anonymous individual specifying information C to generate the anonymous individual specifying information E, and stores the generated anonymous individual specifying information E into the information storing device, the second expression being represented as,
E=(C)^KB mod P,wherein said first converting unit comprises the information providing device that provides the original individual specifying information D, and provides individual related information relating to the individual, a second converting unit comprises the information storing device that stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and a conversion splitting device generates a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×
Xinv=1 mod q, and q and G are constants. - View Dependent Claims (13)
-
-
14. An information storing device of an anonymous information system that further includes a parameter generating device and an information providing device, and that performs anonymity conversion processing on original individual information D specifying an individual, to generate anonymous individual specifying information E, the anonymity conversion processing generating, from the original individual specifying information D and based on a base parameter, the anonymous individual specifying information E from which the individual cannot be specified, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, first parameter KA being utilized for the first conversion processing and second parameter KB being utilized for the second conversion processing, the parameter generating device randomly generating the first parameter KA based on the base parameter, generating, based on the base parameter, the second parameter KB that is complementary to the first parameter KA with respect to the base parameter, transmitting the first parameter KA to the information providing device, transmitting the second parameter KB to the information storing device, the information providing device receiving the first parameter KA, inputting the original individual specifying information D into the information providing device, performing, as the first conversion processing according to a first expression, a repetitive calculation using a parameter P, the received first parameter KA and the input original individual specifying information D to generate the semi-anonymous individual specifying information C, and transmitting the generated semi-anonymous individual C specifying information to the information storing device, the first expression being represented as,
C=(KA)^D mod P,the information storing device comprising: -
a storing unit having a region for storing the anonymous individual specifying information E; a second receiving unit configured to receive the parameter P and the second parameter KB from the parameter generating device and to receive the semi-anonymous individual specifying information C from the information providing device; and a second converting unit configured to perform, as the second conversion processing according to a second expression, a repetitive calculation using the parameter P, the received second parameter KB and the received semi-anonymous individual specifying information C to generate the anonymous individual specifying information E, and to store the generated anonymous individual specifying information E into the storing unit, the second expression being represented as,
E=(C)^KB mod Pwherein a first converting device comprises the information providing device that provides the original individual specifying information D, and provides individual related information relating to the individual, said second converting unit comprises the information storing device that stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and a conversion splitting device generates a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×
Xinv=1 mod q, and q and G are constants. - View Dependent Claims (15)
-
-
16. A method used by an anonymous information system that performs anonymity conversion processing on original individual specifying information D that specifies an individual, to generate anonymous individual specifying information E, the method comprising:
-
generating, via a conversion splitting device, a first parameter KA and a second parameter KB based on a base parameter, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, the first parameter KA being utilized for the first conversion processing and the second parameter KB being utilized for the second conversion processing; receiving, via a first converting device, the generated first parameter KA; performing the first conversion processing on the original individual specifying information D using a parameter P and the received first parameter KA according to a first expression, the first expression being represented as,
C=(KA)^D mod P;
generating semi-anonymous individual specifying information C from the original individual specifying information D; receiving, via a second converting device, the generated second parameter KB; receiving the generated semi-anonymous individual specifying information C; and performing the second conversion processing on the received semi-anonymous individual specifying information C using the parameter P and the received second parameter KB according to a second expression; and generating the anonymous individual specifying information E from the generated semi-anonymous individual specifying information C, the second expression being represented as,
E=(C)^KB mod P,wherein said first conversion provides the original individual specifying information D, and provides individual related information relating to the individual, a second conversion stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and generating a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×
Xinv=1 mod q, and q and G are constants.
-
-
17. A computer-readable recording medium storing a program used by an anonymous information system that performs anonymity conversion processing on original individual specifying information D that specifies an individual, to generate anonymous individual specifying information E, the program comprising:
-
generating a first parameter KA and a second parameter KB based on a base parameter, the anonymity conversion processing being split into two portions to generate first conversion processing that is one of the two portions and second conversion processing that is the other one of the two portions, the first parameter KA being utilized for the first conversion processing and the second parameter KB being utilized for the second conversion processing; receiving the generated first parameter KA; performing the first conversion processing on the original individual specifying information D using a parameter P and the received first parameter KA according to a first expression, the first expression being represented as,
C=(KA)^D mod P;
generating semi-anonymous individual specifying information C from the original individual specifying information D; receiving the generated second parameter KB; receiving the generated semi-anonymous individual specifying information C; and performing the second conversion processing on the received semi-anonymous individual specifying information C using the parameter P and the received second parameter KB according to a second expression; and generating the anonymous individual specifying information E from the generated semi-anonymous individual specifying information C, the second expression being represented as,
E=(C)^KB mod P,wherein said first conversion provides the original individual specifying information D, and provides individual related information relating to the individual, a second conversion stores the anonymous individual specifying information E, and stores the anonymous individual specifying information E in correspondence with the individual related information, and generating a random number Xi as a base parameter, wherein the first parameter KA=G^Xinv mod q, and the second parameter KB=Xi, where Xi×
Xinv=1 mod q, and q and G are constants.
-
Specification