Privacy protection-type data providing system

US 9,317,716 B2
Filed: 05/21/2014
Issued: 04/19/2016
Est. Priority Date: 05/22/2013
Status: Expired due to Fees

First Claim

Patent Images

1. An information providing apparatus connected to a plurality of first user terminals and a plurality of second user terminals, wherein the information providing apparatus is configured to apply anonymization processing, wherein the anonymization processing is k-anonymization processing, which is processing for converting data including personal information so that an individual is not identified, wherein the data including the personal information is collected from the plurality of first user terminals, and the information providing apparatus is configured to distribute anonymized data generated as a result of application of the anonymization processing to a respective one of the second user terminals in response to a request from the respective second user terminal, the information providing apparatus comprising:

a storage unit configured to store;

the data including the personal information;

first information specifying, for each piece of data of an individual who is an owner of the personal information, a parameter, of a plurality of parameters, of the anonymized data that is allowed to be provided;

second information specifying the personal information to which the anonymization processing is applied;

third information specifying a level of reliability for each user associated with each respective second user terminal that receives the provided anonymized data;

fourth information specifying a respective parameter, of the plurality of parameters, of the anonymized data which the user having the level of reliability can receive in accordance with the level of reliability; and

a processing unit configured to;

extract a portion of data that is allowed to be provided from among the data including the personal information for each of the plurality of parameters based on the first information;

identify the personal information to which the anonymization processing is applied from among the personal information of the extracted portion of data based on the second information;

execute the anonymization processing on the identified personal information with each of the plurality of parameters, thus generating a plurality of anonymized data portions, wherein the anonymized data portions have varying amounts of information;

identify the level of reliability of the respective user of the second user terminal based on the third information in response to the request from the second user terminal; and

identify one of the anonymized data portions to distribute to the respective second user terminal from among the plurality of anonymized data portions based on the fourth information and the level of reliability identified for the respective user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information providing apparatus for collecting data including personal information and distributing the data to a user terminal performs anonymization processing for converting data, which an individual who is an owner of personal information allows to use, into data with which the individual cannot be identified using multiple parameters, thus generating multiple anonymized data protecting the, privacy of the individual. Since each of the anonymized data is anonymized using a different parameter, the amount of information of each of the anonymized data is different. Then, when a request is received from a user terminal, anonymized data that can be provided to the user are identified from among multiple generated anonymized data on the basis of the reliability of the user who uses the user terminal.

6 Citations

10 Claims

1. An information providing apparatus connected to a plurality of first user terminals and a plurality of second user terminals, wherein the information providing apparatus is configured to apply anonymization processing, wherein the anonymization processing is k-anonymization processing, which is processing for converting data including personal information so that an individual is not identified, wherein the data including the personal information is collected from the plurality of first user terminals, and the information providing apparatus is configured to distribute anonymized data generated as a result of application of the anonymization processing to a respective one of the second user terminals in response to a request from the respective second user terminal, the information providing apparatus comprising:
- a storage unit configured to store;
  
  the data including the personal information;
  
  first information specifying, for each piece of data of an individual who is an owner of the personal information, a parameter, of a plurality of parameters, of the anonymized data that is allowed to be provided;
  
  second information specifying the personal information to which the anonymization processing is applied;
  
  third information specifying a level of reliability for each user associated with each respective second user terminal that receives the provided anonymized data;
  
  fourth information specifying a respective parameter, of the plurality of parameters, of the anonymized data which the user having the level of reliability can receive in accordance with the level of reliability; and
  
  a processing unit configured to;
  
  extract a portion of data that is allowed to be provided from among the data including the personal information for each of the plurality of parameters based on the first information;
  
  identify the personal information to which the anonymization processing is applied from among the personal information of the extracted portion of data based on the second information;
  
  execute the anonymization processing on the identified personal information with each of the plurality of parameters, thus generating a plurality of anonymized data portions, wherein the anonymized data portions have varying amounts of information;
  
  identify the level of reliability of the respective user of the second user terminal based on the third information in response to the request from the second user terminal; and
  
  identify one of the anonymized data portions to distribute to the respective second user terminal from among the plurality of anonymized data portions based on the fourth information and the level of reliability identified for the respective user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The information providing apparatus according to claim 1, wherein the k-anonymization processing includes converting the data including the personal information so that one or more data field types included in the anonymized data portion have a same value, wherein a number of the data field types is equal to or more than a number designated by a corresponding parameter of the plurality of parameters.
  - 3. The information providing apparatus according to claim 2, whereinthe storage unit further stores log data indicating a history about providing of the anonymized data, andin a case where the processing unit receives a distribution request of the identified anonymized data from the second user terminal,the processing unit refers to the log data, and by comparing anonymized data provided in a past to the respective user of the respective second user terminal and the anonymized data for which the distribution request is received, the processing unit determines whether there is a risk of identification of personal information included in the anonymized data for which the distribution request is received, and in a case where the processing unit determines that there is the risk, the processing unit rejects the distribution request.
  - 4. The information providing apparatus according to claim 3, wherein the first information is set in response to a request from the first user terminal.
  - 5. The information providing apparatus according to claim 4, wherein the fourth information is set so that a value of the respective parameter specified by the fourth information decreases in response to an increase in the level of reliability for the respective user.

6. A control method for an information providing apparatus connected to a plurality of first user terminals and a plurality of second user terminals, wherein the control method for the information providing apparatus includes applying anonymization processing, wherein the anonymization processing is k-anonymization processing, which is processing for converting data including personal information so that an individual is not identified, wherein the data including the personal information is collected from the plurality of first user terminals, and distributed as anonymized data generated as a result of application of the anonymization processing to a respective one of the second user terminals in response to a request from the respective second user terminal, wherein the control method for the information providing apparatus comprises:
- storing the data including the personal information;
  
  storing first information specifying, for each piece of data of an individual who is an owner of the personal information, a parameter, of a plurality of parameters, of the anonymized data that is allowed to be provided;
  
  storing second information specifying the personal information to which the anonymization processing is applied;
  
  storing third information specifying a level of reliability for each user associated with each respective second user terminal that receives the provided anonymized data;
  
  storing fourth information specifying a respective parameter, of the plurality of parameters, of the anonymized data which the user having the level of reliability can receive in accordance with the level of reliability;
  
  extracting a portion of data that is allowed to be provided from among the data including the personal information for each of the plurality of parameters based on the first information;
  
  identifying the personal information to which the anonymization processing is applied from among the personal information of the extracted portion of data based on the second information;
  
  executing the anonymization processing on the identified personal information with each of the plurality of parameters, thus generating a plurality of anonymized data portions, wherein the anonymized data portions have varying amounts of information;
  
  identifying the level of reliability of the respective user of the second user terminal based on the third information in response to the request from the second user terminal; and
  
  identifying one of the anonymized data portions to distribute to the respective second user terminal from among the plurality of anonymized data portions based on the fourth information and the level of reliability identified for the respective user.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The control method for the information providing apparatus according to claim 6, further comprising executing the k-anonymization processing for converting the data including the personal information so that one or more data field types included in the anonymized data portion have a same value, wherein a number of the data field types is equal to or more than a number designated by a corresponding parameter of the plurality of parameters.
  - 8. The control method for the information providing apparatus according to claim 7, further comprising:
    - storing, in a storage unit, log data indicating a history about providing of the anonymized data, andin a case where a processing unit receives a distribution request of the identified anonymized data from the second user terminal,referring, by a processing unit, to the log data, and by comparing anonymized data provided in a past to the respective user of the respective second user terminal and the anonymized data for which the distribution request is received, the processing unit determines whether there is a risk of identification of personal information included in the anonymized data for which the distribution request is received, and in a case where the processing unit determines that there is the risk, the processing unit rejects the distribution request.
  - 9. The control method for the information providing apparatus according to claim 8, further comprising setting the first information in response to a request from the first user terminal.
  - 10. The control method for the information providing apparatus according to claim 9, further comprising setting the fourth information so that a value of the respective parameter specified by the fourth information decreases in response to an increase in the level of reliability for the respective user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Oikawa, Michio, Sato, Yoshinori, Fujiwara, Keisei, Harada, Kunihiko, Yokohari, Yumiko, Nakae, Tatsuya
Primary Examiner(s)
Lee, Jason

Application Number

US14/283,366
Publication Number

US 20140351946A1
Time in Patent Office

699 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6254 by anonymising data, e.g. d...

G16H 10/60 for patient-specific data, ...

Privacy protection-type data providing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy protection-type data providing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links