WO2015072084A1 - Anonymization device, information processing system, anonymization method, information processing method, and recording medium for recording computer program - Google Patents

Anonymization device, information processing system, anonymization method, information processing method, and recording medium for recording computer program Download PDF

Info

Publication number
WO2015072084A1
WO2015072084A1 PCT/JP2014/005333 JP2014005333W WO2015072084A1 WO 2015072084 A1 WO2015072084 A1 WO 2015072084A1 JP 2014005333 W JP2014005333 W JP 2014005333W WO 2015072084 A1 WO2015072084 A1 WO 2015072084A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
information
anonymous
range
time
Prior art date
Application number
PCT/JP2014/005333
Other languages
French (fr)
Japanese (ja)
Inventor
小西 勇介
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to JP2015547618A priority Critical patent/JPWO2015072084A1/en
Publication of WO2015072084A1 publication Critical patent/WO2015072084A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Definitions

  • the present invention relates to a technique for anonymizing a user ID (IDentification).
  • a technique for anonymizing a user ID and generating an anonymous ID is known.
  • Anonymous ID is used, for example, in a system that collects and stores user information in association with a user identifier (user ID).
  • user ID is information indicating the position of the user or the device held by the user.
  • the user ID is information that can be associated with personal information such as name and address. Therefore, a system for collecting and accumulating user information provides user information together with an anonymous ID, not a user ID, for a service that utilizes user information.
  • An anonymous ID cannot be directly associated with personal information such as name and address. As a result, the system for collecting and accumulating user information reduces the risk of leakage of information related to user privacy.
  • Patent Document 1 An example of a technique for anonymizing a user ID is described in Patent Document 1.
  • This anonymization technique of Patent Document 1 avoids the registration of a plurality of anonymous IDs by a single user, and guarantees the uniqueness of the anonymous ID.
  • a client device that can be used by a plurality of users generates and assigns unique key data to each user.
  • the server apparatus receives the registration request of anonymous ID from a client apparatus, it will request
  • the anonymization technique of patent document 1 guarantees the uniqueness of anonymous ID.
  • Patent Document 2 An example of another anonymization technique is described in Patent Document 2.
  • the anonymization technique of Patent Literature 2 easily accumulates and uses information obtained from the user regarding consent for use while protecting personal information. Specifically, the anonymization technique of Patent Document 2 holds information specifying the owner of an IC card and an anonymous ID in the IC card. And this anonymization technique considers that the consent of utilization of personal information was obtained by insertion of the IC card, and sends the information to be utilized to the server together with the anonymous ID held in the IC card.
  • the present invention has been made to solve the above-described problems, and an object of the present invention is to provide a technique for restricting tracking / counting of specific user information when providing collected / stored user information.
  • the anonymization device of the present invention is based on user position information indicating a user position, specifying means for specifying a position section ID for identifying a range including the position, a user ID for identifying the user, and the position section ID Generating means for generating an anonymous ID using
  • the information processing system of the present invention uses user position information representing a user position and a user ID for identifying the user, and uses the user position information and the user ID acquired by the acquisition means. And the above-mentioned anonymization device that generates the anonymous ID, and an output unit that associates and outputs the anonymous ID generated using the anonymization device and the user information.
  • the anonymization method of the present invention specifies a location classification ID that identifies a range including the location based on user location information indicating a location of the user, and determines the user ID and the location classification ID that identify the user. To generate an anonymous ID.
  • the information processing method of the present invention acquires user position information indicating a user's position and a user ID for identifying the user, and determines a position classification ID for identifying a range including the position based on the user position information.
  • An anonymous ID is generated using the user ID and the location classification ID, and the anonymous ID and the user information are associated with each other and output.
  • the recording medium for recording the computer program of the present invention specifies a position classification ID for identifying a range including the position based on user position information indicating the position of the user, and a user ID for identifying the user and The computer apparatus is caused to generate an anonymous ID using the position classification ID.
  • the present invention can provide a technique for restricting tracking / counting of specific user information when providing the collected / accumulated user information.
  • FIG. 1 shows a functional block configuration of an information processing system 1 as a first embodiment of the present invention.
  • the information processing system 1 includes an acquisition unit 11, an anonymization device 12, and an output unit 13.
  • the anonymization device 12 includes a specifying unit 14 and a generation unit 15.
  • the information processing system 1 includes a CPU (Central Processing Unit) 1001, a RAM (Random Access Memory) 1002, a ROM (Read Only Memory) 1003, and a storage device 1004 such as a hard disk. And a network device 1005.
  • the acquisition unit 11 and the output unit 13 include a network interface 1005 and a CPU 1001 that reads a computer program and various data stored in the ROM 1003 and the storage device 1004 into the RAM 1002 and executes them.
  • the specifying unit 14 and the generating unit 15 are configured by a CPU 1001 that reads a computer program and various data stored in the ROM 1003 and the storage device 1004 into the RAM 1002 and executes them.
  • the hardware configuration of the information processing system 1 and each functional block thereof is not limited to the above-described configuration.
  • the acquisition unit 11 acquires user position information and a user ID.
  • the user position information is information representing the position of the user.
  • the user ID is information for identifying the user at the position indicated by the user position information.
  • the acquisition unit 11 acquires position information obtained from a device having a positioning function based on GPS (Global Positioning System) via the network interface 1005 as user position information indicating the position of the user who owns the device. Also good.
  • the acquisition unit 11 may acquire the user ID transmitted from the apparatus together with the user position information as the user ID.
  • the acquisition unit 11 acquires, from the IC card usage log at a retail store or a station, the location where the IC card is used as user position information, and information indicating the owner of the IC card as a user ID. Also good.
  • the acquisition unit 11 may acquire user position information and a user ID input by a user via an input device (not shown).
  • the user position information acquired by the acquisition unit 11 may be coordinate values such as (latitude / longitude / altitude) and (x, y, z).
  • the user position information may be information representing an address.
  • the user position information may be information representing a place.
  • the information indicating the location “XX convenience store ⁇ station square store”, “XX convenience store ⁇ station square ⁇ sales floor”, “XX office ⁇ ⁇ building 12 floor”, There are information such as “XX Office ⁇ Building 12F A Conference Room”, “XX Shinkansen ⁇ No. 5 Car A Seat”.
  • information representing a place is further subdivided into buildings, stores, offices, facilities, transportation facilities, or ridges, floors, rooms, sales floors, routes, flights, seats, etc. at these places. It may be information indicating the location. Further, the information representing such a location may be represented by a name that can uniquely identify the location, or may be represented by an ID that is predetermined to uniquely identify the location.
  • the identifying unit 14 identifies the corresponding location category ID based on the user location information.
  • the position classification ID is information for identifying a range including the position indicated by the user position information.
  • the specifying unit 14 may specify the position section ID based on the user position information by storing in advance information representing the correspondence relationship between the position range and the corresponding position section ID.
  • the specifying unit 14 may specify the corresponding position section ID using a predetermined calculation formula, rule, or the like that can calculate the position section ID from the user position information.
  • the generation unit 15 generates an anonymous ID using the user ID and the position classification ID.
  • the generation unit 15 may generate an anonymous ID by applying a one-way hash function to information including a user ID and a position classification ID.
  • the output unit 13 outputs an anonymous ID and user information in association with each other.
  • the output destination of the user information may be a device that provides a service utilizing the user information that is connected to be able to communicate via the network interface 1005.
  • the user information may be the user position information itself acquired by the acquisition unit 11.
  • the user information may be other information related to the user. Such other information regarding the user may be acquired by the acquisition unit 11 together with the user position information and the user ID.
  • the acquisition unit 11 first acquires user location information and a user ID (step S1).
  • the anonymization device 12 generates an anonymous ID based on the information acquired in step S1 (step S2). Details of this step will be described later.
  • the output unit 13 outputs the anonymous ID generated in step S2 in association with the user information indicated by the user ID acquired in step S1 (step S3).
  • the output unit 13 may associate the anonymous ID with the user information and output it to a device that provides a service that utilizes the user information.
  • the information processing system 1 ends its operation.
  • step S2 the operation of the anonymization device 12 in step S2 is shown in FIG.
  • the specifying unit 14 specifies a position classification ID for identifying a range including the position indicated by the user position information based on the user position information obtained in step S1 (step S11).
  • the generation unit 15 generates an anonymous ID based on the user ID obtained in step S1 and the position classification ID specified in step S11 (step S12).
  • the anonymization device 12 ends the anonymization operation of the user ID.
  • the information processing system as the first embodiment can limit the tracking / counting of specific user information when providing the collected / accumulated user information.
  • the acquisition unit acquires the user ID and the user position information
  • the specifying unit specifies the position classification ID that identifies the range including the position indicated by the user position information. Furthermore, it is because a production
  • this embodiment generates the same anonymous ID for the same user ID while the user is in the same position section, and generates different anonymous IDs for different position sections. Become. Therefore, an apparatus that utilizes the anonymous ID and user information output from the present embodiment can track and aggregate user information while the user is in the same location segment, but track and aggregate between different location segments. Can not. As a result, this embodiment limits the tracking / aggregation of specific user information.
  • the user anonymization device allows the same user information to be tracked / aggregated within the same location category, and can be restricted so that it cannot be traced / aggregated between different location categories. It is useful as a device to make.
  • the information providing system 2 includes an anonymizing device 22 instead of the anonymizing device 12 and an output unit 23 instead of the output unit 13 with respect to the information processing system 1 as the first embodiment.
  • the point to prepare is different.
  • the anonymization device 22 includes a specification unit 24 instead of the specification unit 14 and a generation unit 25 instead of the generation unit 15 with respect to the anonymization device 12 in the first exemplary embodiment, and further stores The difference is that the unit 26 (section ID specific information storage unit) is included.
  • the information providing system 2 is connected to the information utilization system 9 so as to be communicable.
  • the information providing system 2 can be configured by the same hardware elements as the information processing system 1 as the first embodiment described with reference to FIG.
  • the storage unit 26 is configured by the storage device 1004. Note that the hardware configuration of the information providing system 2 and each functional block thereof is not limited to the above-described configuration.
  • the storage unit 26 stores a position range and a position classification ID for identifying the range in association with each other.
  • the storage unit 26 associates the range of the coordinate value with its position category ID. It is only necessary to store information representing. Further, for example, when the user position information is given as information representing an address, the storage unit 26 may hold information representing a correspondence relationship between the location range described by the address and the position classification ID. Further, for example, when the user position information is given as information representing a place, the storage unit 26 may hold information representing a correspondence relationship between a combination of information representing the place and the position classification ID. For example, in this case, the storage unit 26 may hold information in which the position classification ID “A” is associated with the combination of the store a and the store b in a certain chain store.
  • the position classification ID “A” is associated with the combination of the store a and the store b in a certain chain store.
  • the information held in the storage unit 26 is preferably determined so that a unique position classification ID is specified for each range in which user position information is desired to be tracked / aggregated.
  • the user position information can be tracked and aggregated in detail within the range given the unique position category ID.
  • the user position information cannot be tracked / aggregated between ranges given different position category IDs.
  • the identifying unit 24 identifies the position classification ID determined for the range including the position indicated by the user position information acquired by the acquiring unit 11 by referring to the storage unit 26.
  • the generation unit 25 generates an anonymous ID based on the user ID and the position classification ID.
  • the user ID is information acquired by the acquisition unit 11.
  • the position classification ID is information specified by the specifying unit 24 based on the user position information acquired by the acquiring unit 11.
  • generation part 25 produces
  • Anonymous ID hash (user ID + position classification ID) (1)
  • the above formula (1) represents that the anonymous ID is calculated as a value obtained by applying the one-way hash function hash to the concatenated data of the user ID and the position classification ID.
  • the one-way hash function is a one-way function that maps data of an arbitrary length to a value (hash value) that has been compressed to a fixed length, and the inverse transformation for obtaining the original data from the hash value is performed. It has the property of being difficult.
  • the one-way hash function has a property that it is difficult to find different original data in which hash values are equal.
  • SHA Secure Hash Algorithm
  • MD5 Message Digest Algorithm 5
  • the position classification ID used to calculate the anonymous ID can be calculated from the user position information.
  • the anonymous ID calculated in this way has the property of being identical only when calculated from the same user ID and the same location classification ID. Therefore, such an anonymous ID is provided in association with the user position information, thereby realizing the property that the position can be tracked / aggregated only when a certain user is in a certain position category. .
  • the output unit 23 associates the user position information with the anonymous ID and outputs the information to the information utilization system 9.
  • This user position information is information acquired by the acquisition unit 11.
  • the anonymous ID is an ID generated by the anonymization device 22.
  • the acquisition unit 11 executes step S ⁇ b> 1 as in the first embodiment, and acquires user position information and a user ID.
  • the anonymization device 22 generates an anonymous ID using the information obtained in step S1 (step S22). Details of this step will be described later.
  • the output unit 23 associates the anonymous ID generated in step S22 with the user position information acquired in step S1, and outputs the associated information to the information utilization system 9 (step S23).
  • the information providing system 2 ends its operation.
  • step S22 the operation of the anonymization device 22 in step S22 is shown in FIG.
  • the specifying unit 24 specifies a position category ID for identifying a range including the position indicated by referring to the storage unit 26 based on the user position information obtained in step S ⁇ b> 1 (step S ⁇ b> 1). S31).
  • the generation unit 25 generates an anonymous ID by applying a one-way hash function to the information including the user ID obtained in step S1 and the position classification ID specified in step S31 ( Step S32).
  • the anonymization device 22 ends the anonymization operation of the user ID.
  • the information providing system as the second embodiment can limit the tracking / aggregation of user position information for a specific user when providing the collected and accumulated user position information.
  • the acquisition unit acquires the user ID and the user position information
  • the storage unit stores information indicating the correspondence between the range of the position and the position classification ID that identifies the range, This is because the location classification ID corresponding to the acquired user location information is specified by referring to the storage unit.
  • generation part produces
  • FIG. 8 different location classification IDs are assigned to the store A and the store B.
  • this embodiment provides the user location information in association with the same anonymous ID while the user is in the location category of store A or store B. Therefore, the device that utilizes the anonymous ID and the user position information provided from the present embodiment can track and count the position while the user is in the same position section. Further, in the present embodiment, when the same user moves between the store A and the store B, the user position information is provided in association with an anonymous ID different from that before the move. Therefore, the apparatus that utilizes the user position information provided from the present embodiment cannot track / aggregate the user position between different position sections.
  • the present embodiment limits the tracking and counting of the user's position over a long period of time and over a wide range.
  • the present embodiment reduces the risk of finding that a certain anonymous ID is associated with a specific user by analyzing the relationship with other information, etc., and leaks information related to personal privacy Risk can be reduced.
  • a third embodiment of the present invention will be described in detail with reference to the drawings.
  • the information processing system is applied to an information providing system that provides user location information
  • the same configurations and steps that operate in the same manner as in the second embodiment are denoted by the same reference numerals, and detailed description in the present embodiment is omitted. To do.
  • the functional block configuration of the information providing system 3 as the third embodiment is shown in FIG.
  • the information providing system 3 has an acquisition unit 31 instead of the acquisition unit 11 and an anonymization device 32 instead of the anonymization device 22 with respect to the information provision system 2 as the second embodiment.
  • an output unit 33 is provided instead of the output unit 23.
  • the anonymization device 32 includes a specifying unit 34, a generation unit 35, and a storage unit 36 (section ID specifying information storage unit).
  • the information providing system 3 and each functional block thereof can be configured by the same hardware elements as the information providing system 2 and the respective functional blocks as the second embodiment described with reference to FIG. .
  • the hardware configuration of the information providing system 3 and each functional block thereof is not limited to the above-described configuration.
  • the acquisition unit 31 acquires time information in addition to the user position information and the user ID.
  • the time information is information representing the time when the user indicated by the user ID was at the position indicated by the user position information.
  • the storage unit 36 stores the same information as the storage unit 26 in the second embodiment.
  • the storage unit 36 stores a time range and a time division ID that identifies the time range in association with each other.
  • the storage unit 36 may store information in which a time division ID is defined for a time range such as every hour, every day, every week, or the like. In such a time range, it is desirable that a unique time division ID is determined for each time zone in which tracking or counting is desired.
  • the identifying unit 34 identifies the location category ID from the user location information, as with the identifying unit 24 in the second embodiment. In addition, based on the time information acquired by the acquisition unit 31, the specifying unit 34 specifies a time segment ID that identifies a time range including the time.
  • the generation unit 35 generates an anonymous ID using the user ID, the position division ID, and the time division ID.
  • the user ID is information acquired by the acquisition unit 31.
  • the position classification ID is information specified by the specifying unit 34 based on the user position information acquired by the acquiring unit 31.
  • the time division ID is information specified by the specifying unit 34 based on the time information acquired by the acquiring unit 31.
  • generation part 35 produces
  • Anonymous ID hash (user ID + position division ID + time division ID) (2)
  • the above formula (2) represents that the anonymous ID is calculated as a value obtained by applying the one-way hash function hash to the concatenated data of the user ID, the position category ID, and the time category ID.
  • a one-way hash function SHA, MD5, or the like can be applied as in the equation (1) used in the second embodiment.
  • the anonymous ID calculated in this way is provided in association with user position information and time information.
  • the position classification ID used to calculate the anonymous ID can be calculated from the user position information.
  • the time division ID used for calculating the anonymous ID from the time information can be calculated.
  • due to the one-way nature of the hash value it is difficult to examine even the original user ID used to calculate the anonymous ID. Therefore, such an anonymous ID ensures user anonymity.
  • the anonymous ID calculated in this way has the same property only when calculated from the same user ID, the same position division ID, and the same time division ID. Therefore, such an anonymous ID is provided in association with user position information and time information, so that a change with time of the position is tracked only in a certain time zone within a certain position section of the certain user. ⁇ Realize the property of enabling aggregation.
  • the output unit 33 associates the user position information, the time information, and the anonymous ID, and outputs them to the information utilization system 9.
  • the user position information and time information are information acquired by the acquisition unit 31.
  • anonymous ID is ID produced
  • the acquisition unit 31 acquires user position information, user ID, and time information (step S41).
  • the anonymization device 32 generates an anonymous ID using the information obtained in step S41 (step S42). Details of this step will be described later.
  • the output unit 33 outputs the anonymous ID generated in step S42 in association with the user position information and time information acquired in step S41 (step S43).
  • the information providing system 3 ends the operation.
  • FIG. 11 shows the operation of the anonymization device 32 in step S42.
  • the specifying unit 34 specifies the position category ID by executing step S31 as in the second embodiment, based on the user position information obtained in step S41.
  • the specifying unit 34 specifies a time division ID for identifying a range including the time by referring to the storage unit 36 based on the time information obtained in step S41 (step S52).
  • the generation unit 35 performs a one-way hash on the information including the user ID obtained in step S41, the position division ID obtained in step S31, and the time division ID obtained in step S52.
  • the function is applied to generate an anonymous ID (step S53).
  • the anonymization device 32 ends its operation.
  • the information providing system as the third embodiment can further limit the tracking / aggregation of the user position information for a specific user when providing the collected / accumulated user position information.
  • the acquisition unit acquires time information in addition to the user ID and the user location information
  • the storage unit corresponds to the time range and the time division ID in addition to the information for specifying the location division ID. This is because information representing the relationship is stored.
  • the specifying unit specifies the time section ID corresponding to the time information in addition to specifying the position section ID corresponding to the user position information.
  • generation part produces
  • this embodiment provides user position information and time information in association with the same anonymous ID for users who are in the same position section in a certain time zone. Therefore, the apparatus that utilizes the user position information output from the present embodiment can track and count the position only in a certain time zone while the user is in the same position section. Furthermore, in the present embodiment, even when the same user is in the same position section, if the same user is in the position section across different time zones, each time The user position information is provided in association with different anonymous IDs in the band. Therefore, the apparatus that utilizes the user position information provided from the present embodiment cannot track and count the user position between different time segments.
  • this embodiment further restricts the tracking and counting of the user's position over a long period of time and over a wide range.
  • the present embodiment further reduces the risk of being found to correspond to a specific user with an anonymous ID by analyzing the relationship with other information, etc., and leaks information related to personal privacy Can further reduce the risk of
  • the functional block configuration of the information providing system 4 as the fourth embodiment is shown in FIG.
  • the information providing system 4 is different from the information providing system 3 according to the second embodiment in that an anonymizing device 42 is provided instead of the anonymizing device 32.
  • the anonymization device 42 is different from the anonymization device 32 according to the third embodiment in that a specification unit 44 is used instead of the specification unit 34, and a storage unit 46 (section ID specification information storage unit) is used instead of the storage unit 36. Is different.
  • the information providing system 4 and each function block thereof can be configured by the same hardware elements as the information providing system 3 and the respective function blocks as the third embodiment described with reference to FIG. .
  • the hardware configuration of the information providing system 4 and each functional block thereof is not limited to the above-described configuration.
  • the storage unit 46 stores information indicating the correspondence between the position range and the position classification ID so as to be switchable according to a predetermined condition.
  • the storage unit 46 stores information representing a plurality of types of correspondence relationships with respect to the position range and the position classification ID.
  • the storage unit 46 may store a position section ID determined for each narrower position range and a position section ID determined for each wider position range.
  • the specifying unit 44 specifies the position category ID corresponding to the user location information by switching the correspondence relationship between the position range and the location category ID according to a predetermined condition.
  • the predetermined condition may be, for example, whether or not the time when the user position information is acquired is included in a predetermined time zone. For example, when the time when the user position information is acquired is included in a certain time zone, the specifying unit 44 may use a position classification ID determined for each wider position range. In addition, when the time at which the user position information is acquired is included in another time zone, the specifying unit 44 may use a position category ID determined for each narrower position range.
  • the predetermined condition used by the specifying unit 44 may be a condition based on the user ID. For example, for the user position information acquired together with a certain user ID, the specifying unit 44 may use a position classification ID determined for each wider position range. Moreover, the specific
  • the predetermined condition used by the specifying unit 44 may be a condition based on the number of users.
  • the specifying unit 44 can calculate the number of users existing in the range based on the user position information and the user ID collected in the predetermined period or the predetermined range. In this case, when the number of users is smaller than the threshold value, the specifying unit 44 may use a position classification ID determined for each wider position range. Further, when the number of users is greater than the threshold value, the specifying unit 44 may use a position category ID determined for each narrower position range.
  • FIG. 13 shows details of the position classification ID specifying operation in the present embodiment.
  • the identifying unit 44 determines which information to use according to a predetermined condition among the information representing the correspondence relationship stored in the storage unit 46 (step S ⁇ b> 61). For example, as described above, the specifying unit 44 uses a predetermined condition based on time information, the number of users, a user ID, or the like to determine a position determined for either a wider position range or a narrower position range. It may be determined whether to use information representing the category ID.
  • the specifying unit 44 specifies the position category ID corresponding to the user position information using the information indicating the correspondence relationship determined in step S61 (step S62).
  • the anonymization device 42 ends the specific operation of the position category ID.
  • the information providing system as the fourth embodiment can provide the user location information collected and accumulated in a more flexible manner while restricting the tracking / counting of the user location information for a specific user.
  • the storage unit stores a plurality of types of correspondences for the position range and the position classification ID, and the specifying unit switches which information representing the correspondence is used according to a predetermined condition. This is because the position classification ID corresponding to the user position information is specified.
  • an anonymous ID is generated using the position classification ID specified by switching. For example, let us consider a case where the storage unit stores a position classification ID determined for each narrower position range and a position classification ID determined for each wider position range.
  • the specific unit determines which of the wider position range and the narrower position range to use the position category ID determined according to the acquisition time of the user position information.
  • the size of the range of the position where the user position information can be tracked / aggregated can be switched according to the time zone.
  • the specific unit determines which of the wider position range and the narrower position range to use the position classification ID determined according to the user ID.
  • the size of the range in which the user position information can be tracked / aggregated can be switched according to the user.
  • the specific unit determines which of the wider position range and the narrower position range to use the position classification ID determined according to the number of users.
  • the present embodiment can switch the size of a range in which user position information can be tracked / aggregated according to the number of users.
  • the storage unit may store information representing a plurality of types of correspondences with respect to the time range and the time division ID.
  • the storage unit may store a time division ID determined for each shorter time range and a time division ID determined for each longer time range.
  • the specifying unit may switch whether to specify the time division ID using information indicating which correspondence relationship according to a predetermined condition.
  • the predetermined condition may be a condition based on the number of users, the user ID, or the acquisition time of the user position information.
  • the present embodiment can switch the length of time during which user position information can be tracked / aggregated according to the time zone, the number of users, or the number of users.
  • the storage unit is information representing two types of correspondences, such as a position classification ID determined for each narrower position range and a position classification ID determined for each wider position range.
  • the storage unit is not limited to two types, and may store information representing three or more types of correspondence.
  • the specifying unit may switch which information representing the corresponding relationship is used according to a predetermined condition.
  • the storage unit stores time ranges and time division IDs
  • the information is not limited to two types, but information representing three or more types of correspondence relationships is stored, and the specifying unit is based on a predetermined condition. You may decide which one to use.
  • the predetermined condition used when the specifying unit switches these correspondences is not limited to the condition based on the number of users, the user ID, or the acquisition time of the user position information, and other conditions and combinations thereof are also applied. Is possible.
  • the information processing system has been mainly described as being applied to the information providing system.
  • each embodiment can also be applied to an information processing system that acquires and provides other information about a user.
  • the specification unit has been described as specifying the position division ID or the time division ID by referring to information stored in advance in the storage unit.
  • each embodiment may specify the position division ID or the time division ID by applying a predetermined calculation formula or a predetermined rule to the user position information or time information instead of including a storage unit. Good.
  • each functional block of the information processing system (information providing system) and the anonymization device is realized by a CPU that executes a computer program stored in a storage device or a ROM.
  • a CPU that executes a computer program stored in a storage device or a ROM.
  • some, all, or a combination of each functional block may be realized by dedicated hardware.
  • the function blocks of the information processing system (information providing system) and the anonymization device may be realized by being distributed to a plurality of devices.
  • the operations of the information processing system (information providing system) and the anonymization device described with reference to the flowcharts are stored in a storage device (storage medium) of the computer device as a computer program.
  • the computer program may be read and executed by the CPU.
  • the present invention is constituted by the code of the computer program or a storage medium.
  • a section ID identifying unit that identifies a section ID (position section ID) for identifying a range including the position, based on user position information indicating the position of the user;
  • An anonymous ID generation unit that generates an anonymous ID using the user ID for identifying the user and the position classification ID;
  • a user ID anonymization device comprising: (Appendix 2)
  • the section ID specifying unit further specifies a section ID (time section ID) for identifying a time range including the time based on time information indicating a time when the user was at a position indicated by the user position information.
  • generation part produces
  • the anonymous ID generation unit sets information obtained by applying a one-way hash function to information including the user ID and the classification ID as the anonymous ID.
  • the described user ID anonymization device In the supplementary note 1 or the supplementary note 2, the anonymous ID generation unit sets information obtained by applying a one-way hash function to information including the user ID and the classification ID as the anonymous ID.
  • a section ID specifying information storage unit for storing information representing a correspondence relationship between the range of the position and the position section ID determined for the range; From the supplementary note 1, the section ID specifying unit specifies a position section ID determined for a range including the position indicated by the user position information by referring to the section ID specifying information storage unit
  • the user ID anonymization device according to any one of Appendix 3.
  • Appendix 5 When the user position information is a coordinate value, The user ID anonymization according to appendix 4, wherein the section ID specific information storage unit stores information representing a correspondence relationship between a coordinate range and the position section ID defined for the range. apparatus.
  • the classification ID specifying information storage unit stores information representing a correspondence relationship between a combination of information representing a place and the position classification ID determined for the combination.
  • the described user ID anonymization device (Appendix 7) When the user position information is information representing an address, Any one of the appendix 4 to the appendix 6, wherein the section ID specific information storage unit stores information representing a correspondence relationship between a range of addresses and the position section ID defined for the range.
  • the user ID anonymization apparatus as described in one.
  • the section ID specifying unit switches the correspondence between the position range and the position section ID according to a predetermined condition, and specifies the position section ID based on the switched correspondence.
  • the user ID anonymization device according to any one of appendix 8.
  • the section ID identifying unit switches the correspondence between the time range and the time section ID according to a predetermined condition, and identifies the time section ID based on the switched correspondence.
  • the user ID anonymization device according to any one of Appendix 9.
  • Appendix 11 An information acquisition unit for acquiring user position information representing the position of the user and a user ID for identifying the user;
  • the user ID anonymization device according to any one of Supplementary Note 1 to Supplementary Note 10, which generates the anonymous ID using the user position information and the user ID acquired by the information acquisition unit;
  • An information output unit that outputs the anonymous ID generated using the user ID anonymization device and information related to the user in association with each other;
  • Information processing system with (Appendix 12) The information processing system according to appendix 11, wherein the information output unit outputs the anonymous ID and the user position information in association with each other.
  • the information acquisition unit further acquires time information indicating the time when the user was at the position indicated by the user position information, 13.
  • the information output unit outputs the time information in association with the anonymous ID generated using the user ID anonymization device and the information related to the user. system.
  • (Appendix 15) Based on the user position information indicating the position of the user, identify a section ID (position section ID) that identifies a range including the position, The user ID anonymization method which produces
  • (Appendix 16) Obtaining user location information representing the location of the user and a user ID identifying the user; Based on the user position information, identify a section ID (position section ID) for identifying a range including the position, An anonymous ID is generated using the user ID and the location classification ID, An information processing method for outputting the anonymous ID and information related to the user in association with each other.
  • a section ID specifying step for specifying a section ID (position section ID) for identifying a range including the position, based on user position information indicating the position of the user;
  • An anonymous ID generating step for generating an anonymous ID using the user ID for identifying the user and the position classification ID; Is a computer program that causes a computer device to execute.
  • a section ID specifying step for specifying a section ID (position section ID) for identifying a range including the position based on the user position information;
  • An anonymous ID generating step for generating an anonymous ID using the user ID and the position classification ID;
  • An information output step for outputting the anonymous ID and information related to the user in association with each other; Is a computer program that causes a computer device to execute.

Abstract

A technology for restricting the pursuit and compilation of specific user information when providing collected and stored user information is provided. The present invention is provided with an acquisition unit (11) for acquiring user location information and user ID, an identification unit (14) for identifying a location classification ID on the basis of the user location information, a generation unit (15) for generating an anonymity ID using the user ID and the location classification ID, and an output unit (13) for outputting the anonymity ID and the user information.

Description

匿名化装置、情報処理システム、匿名化方法、情報処理方法、および、コンピュータ・プログラムを記録する記録媒体Anonymization device, information processing system, anonymization method, information processing method, and recording medium for recording computer program
 本発明は、ユーザID(IDentification)を匿名化する技術に関する。 The present invention relates to a technique for anonymizing a user ID (IDentification).
 ユーザIDを匿名化して匿名IDを生成する技術が知られている。匿名IDは、例えば、ユーザ情報をユーザの識別子(ユーザID)に対応付けて収集・蓄積するシステムで利用される。このようなシステムは、ユーザ情報を活用するサービスを実現するために用いられる。ここで、ユーザ情報は、ユーザ、または、ユーザによって所持される装置の位置を表す情報等である。また、ユーザIDは、氏名や住所などの個人情報と対応付けることが可能な情報である。そこで、ユーザ情報を収集・蓄積するシステムは、ユーザ情報を活用するサービスに対して、ユーザIDそのものではなく、匿名IDとともにユーザ情報を提供する。匿名IDは、氏名や住所などの個人情報と直接対応付けることができない。これにより、ユーザ情報を収集・蓄積するシステムは、ユーザのプライバシにかかわる情報が漏えいする危険性を低くする。 A technique for anonymizing a user ID and generating an anonymous ID is known. Anonymous ID is used, for example, in a system that collects and stores user information in association with a user identifier (user ID). Such a system is used to realize a service that utilizes user information. Here, the user information is information indicating the position of the user or the device held by the user. The user ID is information that can be associated with personal information such as name and address. Therefore, a system for collecting and accumulating user information provides user information together with an anonymous ID, not a user ID, for a service that utilizes user information. An anonymous ID cannot be directly associated with personal information such as name and address. As a result, the system for collecting and accumulating user information reduces the risk of leakage of information related to user privacy.
 ここで、ユーザIDを匿名化する技術の一例が、特許文献1に記載されている。この特許文献1の匿名化技術は、単一のユーザにより、複数の匿名IDが登録されることを回避し、匿名IDの一意性を保証する。この匿名化技術において、複数のユーザにより使用可能なクライアント装置は、各ユーザに対して固有の鍵データを生成して割り当てる。また、サーバ装置は、クライアント装置からの匿名IDの登録要求を受けると、鍵データを要求し、取得した鍵データに対応する匿名IDが未発行であれば、匿名IDを発行する。これにより、特許文献1の匿名化技術は、匿名IDの一意性を保証する。 Here, an example of a technique for anonymizing a user ID is described in Patent Document 1. This anonymization technique of Patent Document 1 avoids the registration of a plurality of anonymous IDs by a single user, and guarantees the uniqueness of the anonymous ID. In this anonymization technique, a client device that can be used by a plurality of users generates and assigns unique key data to each user. Moreover, if the server apparatus receives the registration request of anonymous ID from a client apparatus, it will request | require key data, and if anonymous ID corresponding to the acquired key data is unissued, an anonymous ID will be issued. Thereby, the anonymization technique of patent document 1 guarantees the uniqueness of anonymous ID.
 さらに他の匿名化技術の一例が、特許文献2に記載されている。特許文献2の匿名化技術は、ユーザから活用に関する同意が得られた情報を、個人情報を保護しながら容易に蓄積し活用する。具体的には、特許文献2の匿名化技術は、ICカードに、ICカードの所有者を特定する情報と、匿名IDとを保持しておく。そして、この匿名化技術は、ICカードの挿入によって個人情報の活用の同意を得られたとみなし、ICカードに保持される匿名IDとともに、活用対象の情報をサーバに送る。 An example of another anonymization technique is described in Patent Document 2. The anonymization technique of Patent Literature 2 easily accumulates and uses information obtained from the user regarding consent for use while protecting personal information. Specifically, the anonymization technique of Patent Document 2 holds information specifying the owner of an IC card and an anonymous ID in the IC card. And this anonymization technique considers that the consent of utilization of personal information was obtained by insertion of the IC card, and sends the information to be utilized to the server together with the anonymous ID held in the IC card.
特許第4265479号公報Japanese Patent No. 4265479 特許第4284986号公報Japanese Patent No. 4284986
 しかしながら、ユーザ情報を収集・蓄積するシステムにおいて、特許文献1及び特許文献2の匿名化技術を用いてユーザIDを匿名化する場合、以下の課題がある。 However, when the user ID is anonymized using the anonymization techniques of Patent Document 1 and Patent Document 2 in a system for collecting and accumulating user information, there are the following problems.
 これらの匿名化技術は、あるユーザに対して事実上固定された匿名IDを発行する。そのため、あるユーザに対して固定的に発行された匿名IDに対応付けて、ユーザ情報が収集・蓄積されることになる。このような情報が悪意のある第三者によって利用されると、ある匿名IDについてのユーザ情報が、長期間かつ広範囲に亘って追跡・集計可能となる。さらには、このような匿名IDは、他の情報処理システムにおける情報との関係性等の分析により、ある特定のユーザに対応付くことが発見される可能性がある。したがって、特許文献1及び特許文献2の技術を用いる、ユーザ情報を収集・蓄積するシステムは、特定のユーザ情報が長期間かつ広範囲にわたって追跡・集計することを防止できない。 These anonymization techniques issue a virtually fixed anonymous ID to a user. Therefore, user information is collected and accumulated in association with an anonymous ID that is fixedly issued to a certain user. When such information is used by a malicious third party, user information regarding a certain anonymous ID can be tracked and aggregated over a long period of time and over a wide range. Furthermore, there is a possibility that such an anonymous ID may be found to correspond to a specific user by analyzing a relationship with information in another information processing system. Therefore, a system that collects and accumulates user information using the techniques of Patent Literature 1 and Patent Literature 2 cannot prevent specific user information from being tracked and aggregated over a wide period of time.
 本発明は、上述の課題を解決するためになされたもので、収集・蓄積したユーザ情報を提供する際に、特定のユーザ情報の追跡・集計を制限する技術を提供することを目的とする。 The present invention has been made to solve the above-described problems, and an object of the present invention is to provide a technique for restricting tracking / counting of specific user information when providing collected / stored user information.
 本発明の匿名化装置は、ユーザの位置を示すユーザ位置情報に基づいて、前記位置を含む範囲を識別する位置区分IDを特定する特定手段と、前記ユーザを識別するユーザIDおよび前記位置区分IDを用いて匿名IDを生成する生成手段と、を備える。 The anonymization device of the present invention is based on user position information indicating a user position, specifying means for specifying a position section ID for identifying a range including the position, a user ID for identifying the user, and the position section ID Generating means for generating an anonymous ID using
 また、本発明の情報処理システムは、ユーザの位置を表すユーザ位置情報および前記ユーザを識別するユーザIDを取得する取得手段と、前記取得手段によって取得された前記ユーザ位置情報および前記ユーザIDを用いて前記匿名IDを生成する上述の匿名化装置と、前記匿名化装置を用いて生成された匿名IDおよび前記ユーザ情報を対応付けて出力する出力手段と、を備える。 The information processing system of the present invention uses user position information representing a user position and a user ID for identifying the user, and uses the user position information and the user ID acquired by the acquisition means. And the above-mentioned anonymization device that generates the anonymous ID, and an output unit that associates and outputs the anonymous ID generated using the anonymization device and the user information.
 また、本発明の匿名化方法は、ユーザの位置を示すユーザ位置情報に基づいて、前記位置を含む範囲を識別する位置区分IDを特定し、前記ユーザを識別するユーザIDおよび前記位置区分IDを用いて匿名IDを生成する。 Further, the anonymization method of the present invention specifies a location classification ID that identifies a range including the location based on user location information indicating a location of the user, and determines the user ID and the location classification ID that identify the user. To generate an anonymous ID.
 また、本発明の情報処理方法は、ユーザの位置を表すユーザ位置情報および前記ユーザを識別するユーザIDを取得し、前記ユーザ位置情報に基づいて、前記位置を含む範囲を識別する位置区分IDを特定し、前記ユーザIDおよび前記位置区分IDを用いて匿名IDを生成し、前記匿名IDおよび前記ユーザ情報を対応付けて出力する。 Further, the information processing method of the present invention acquires user position information indicating a user's position and a user ID for identifying the user, and determines a position classification ID for identifying a range including the position based on the user position information. An anonymous ID is generated using the user ID and the location classification ID, and the anonymous ID and the user information are associated with each other and output.
 また、本発明のコンピュータ・プログラムを記録する記録媒体は、ユーザの位置を示すユーザ位置情報に基づいて、前記位置を含む範囲を識別する位置区分IDを特定し、前記ユーザを識別するユーザIDおよび前記位置区分IDを用いて匿名IDを生成することをコンピュータ装置に実行させる。 Further, the recording medium for recording the computer program of the present invention specifies a position classification ID for identifying a range including the position based on user position information indicating the position of the user, and a user ID for identifying the user and The computer apparatus is caused to generate an anonymous ID using the position classification ID.
 本発明は、収集・蓄積したユーザ情報を提供する際に、特定のユーザ情報の追跡・集計を制限する技術を提供することができる。 The present invention can provide a technique for restricting tracking / counting of specific user information when providing the collected / accumulated user information.
本発明の第1の実施の形態としての情報処理システムの機能ブロック図である。It is a functional block diagram of an information processing system as a 1st embodiment of the present invention. 第1の実施の形態としての情報処理システムのハードウェア構成図である。It is a hardware block diagram of the information processing system as 1st Embodiment. 第1の実施の形態としての情報処理システムの全体の動作を説明するフローチャートである。It is a flowchart explaining the whole operation | movement of the information processing system as 1st Embodiment. 第1の実施の形態における匿名化装置の動作を説明するフローチャートである。It is a flowchart explaining operation | movement of the anonymization apparatus in 1st Embodiment. 本発明の第2の実施の形態としての情報提供システムの機能ブロック図である。It is a functional block diagram of the information provision system as the 2nd Embodiment of this invention. 第2の実施の形態としての情報提供システムの全体の動作を説明するフローチャートである。It is a flowchart explaining the whole operation | movement of the information provision system as 2nd Embodiment. 第2の実施の形態における匿名化装置の動作を説明するフローチャートである。It is a flowchart explaining operation | movement of the anonymization apparatus in 2nd Embodiment. 第2の実施の形態の効果を模式的に説明する図である。It is a figure which illustrates the effect of a 2nd embodiment typically. 本発明の第3の実施の形態としての情報提供システムの機能ブロック図である。It is a functional block diagram of the information provision system as the 3rd Embodiment of this invention. 第3の実施の形態としての情報提供システムの全体の動作を説明するフローチャートである。It is a flowchart explaining the whole operation | movement of the information provision system as 3rd Embodiment. 第3の実施の形態における匿名化装置の動作を説明するフローチャートである。It is a flowchart explaining operation | movement of the anonymization apparatus in 3rd Embodiment. 本発明の第4の実施の形態としての情報提供システムの機能ブロック図である。It is a functional block diagram of the information provision system as the 4th Embodiment of this invention. 第4の実施の形態における匿名化装置の位置区分ID特定動作を説明するフローチャートである。It is a flowchart explaining position division ID specific operation | movement of the anonymization apparatus in 4th Embodiment.
 以下、本発明の実施の形態について、図面を参照して詳細に説明する。 Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
 (第1の実施の形態)
 本発明の第1の実施の形態としての情報処理システム1の機能ブロック構成を図1に示す。図1において、情報処理システム1は、取得部11と、匿名化装置12と、出力部13とを備える。また、匿名化装置12は、特定部14と、生成部15とを含む。 (First embodiment)
FIG. 1 shows a functional block configuration of an information processing system 1 as a first embodiment of the present invention. In FIG. 1, the information processing system 1 includes an acquisition unit 11, an anonymization device 12, and an output unit 13. The anonymization device 12 includes a specifying unit 14 and a generation unit 15.
 ここで、情報処理システム1は、図2に示すように、CPU(Central Processing Unit)1001と、RAM(Random Access Memory)1002と、ROM(Read Only Memory)1003と、ハードディスク等の記憶装置1004と、ネットワークインタフェース1005とを備えるコンピュータ装置によって構成可能である。この場合、取得部11および出力部13は、ネットワークインタフェース1005と、ROM1003および記憶装置1004に記憶されたコンピュータ・プログラムおよび各種データをRAM1002に読み込んで実行するCPU1001とによって構成される。また、特定部14および生成部15は、ROM1003および記憶装置1004に記憶されたコンピュータ・プログラムおよび各種データをRAM1002に読み込んで実行するCPU1001によって構成される。なお、情報処理システム1およびその各機能ブロックのハードウェア構成は、上述の構成に限定されない。 As shown in FIG. 2, the information processing system 1 includes a CPU (Central Processing Unit) 1001, a RAM (Random Access Memory) 1002, a ROM (Read Only Memory) 1003, and a storage device 1004 such as a hard disk. And a network device 1005. In this case, the acquisition unit 11 and the output unit 13 include a network interface 1005 and a CPU 1001 that reads a computer program and various data stored in the ROM 1003 and the storage device 1004 into the RAM 1002 and executes them. The specifying unit 14 and the generating unit 15 are configured by a CPU 1001 that reads a computer program and various data stored in the ROM 1003 and the storage device 1004 into the RAM 1002 and executes them. Note that the hardware configuration of the information processing system 1 and each functional block thereof is not limited to the above-described configuration.
 取得部11は、ユーザ位置情報およびユーザIDを取得する。ユーザ位置情報は、ユーザの位置を表す情報である。ユーザIDは、ユーザ位置情報の示す位置にいるユーザを識別する情報である。例えば、取得部11は、GPS(Global Positioning System)に基づく測位機能を有する装置からネットワークインタフェース1005を介して得られる位置情報を、その装置を所持するユーザの位置を示すユーザ位置情報として取得してもよい。その場合、取得部11は、ユーザIDとして、その装置からユーザ位置情報とともに送信されるユーザIDを取得してもよい。また、取得部11は、小売店や駅などでのICカード利用ログから、そのICカードが利用された場所をユーザ位置情報とし、そのICカードの所有者を表す情報をユーザIDとして取得してもよい。その他、取得部11は、ユーザによって入力装置(図示せず)を介して入力されるユーザ位置情報およびユーザIDを取得してもよい。 The acquisition unit 11 acquires user position information and a user ID. The user position information is information representing the position of the user. The user ID is information for identifying the user at the position indicated by the user position information. For example, the acquisition unit 11 acquires position information obtained from a device having a positioning function based on GPS (Global Positioning System) via the network interface 1005 as user position information indicating the position of the user who owns the device. Also good. In that case, the acquisition unit 11 may acquire the user ID transmitted from the apparatus together with the user position information as the user ID. Further, the acquisition unit 11 acquires, from the IC card usage log at a retail store or a station, the location where the IC card is used as user position information, and information indicating the owner of the IC card as a user ID. Also good. In addition, the acquisition unit 11 may acquire user position information and a user ID input by a user via an input device (not shown).
 なお、取得部11によって取得されるユーザ位置情報は、(緯度・経度・高度)や(x、y、z)などの座標値であってもよい。あるいは、ユーザ位置情報は、住所を表す情報であってもよい。その他、ユーザ位置情報は、場所を表す情報であってもよい。ここで、場所を表す情報の一例としては、「○○コンビニエンスストア△△駅前店」、「○○コンビニエンスストア△△駅前店の□□売場」、「○○事業場△△棟12階」、「○○事業場△△棟12階A会議室」、「○○新幹線△△1号の5号車A席」等といった情報がある。このように、場所を表す情報とは、建物、店舗、事業所、施設、交通機関、または、これらの場所における棟、階、部屋、売り場、路線、便、座席などのようにさらに細分化された場所等を表す情報であってもよい。また、このような場所を表す情報は、その場所を一意に識別可能な名称で表されてもよいし、その場所を一意に識別するようあらかじめ定められたIDで表されてもよい。 Note that the user position information acquired by the acquisition unit 11 may be coordinate values such as (latitude / longitude / altitude) and (x, y, z). Alternatively, the user position information may be information representing an address. In addition, the user position information may be information representing a place. Here, as an example of the information indicating the location, “XX convenience store △△ station square store”, “XX convenience store △△ station square □□ sales floor”, “XX office △ △ building 12 floor”, There are information such as “XX Office △△ Building 12F A Conference Room”, “XX Shinkansen △△ No. 5 Car A Seat”. In this way, information representing a place is further subdivided into buildings, stores, offices, facilities, transportation facilities, or ridges, floors, rooms, sales floors, routes, flights, seats, etc. at these places. It may be information indicating the location. Further, the information representing such a location may be represented by a name that can uniquely identify the location, or may be represented by an ID that is predetermined to uniquely identify the location.
 特定部14は、ユーザ位置情報に基づいて、対応する位置区分IDを特定する。位置区分IDは、ユーザ位置情報の示す位置を含む範囲を識別する情報である。例えば、特定部14は、位置の範囲と、対応する位置区分IDとの対応関係を表す情報をあらかじめ記憶しておくことにより、ユーザ位置情報に基づいて位置区分IDを特定してもよい。その他、特定部14は、ユーザ位置情報から位置区分IDを算出可能な所定の計算式や規則等を用いて、対応する位置区分IDを特定してもよい。 The identifying unit 14 identifies the corresponding location category ID based on the user location information. The position classification ID is information for identifying a range including the position indicated by the user position information. For example, the specifying unit 14 may specify the position section ID based on the user position information by storing in advance information representing the correspondence relationship between the position range and the corresponding position section ID. In addition, the specifying unit 14 may specify the corresponding position section ID using a predetermined calculation formula, rule, or the like that can calculate the position section ID from the user position information.
 生成部15は、ユーザIDおよび位置区分IDを用いて匿名IDを生成する。例えば、生成部15は、ユーザIDおよび位置区分IDを含む情報に対して一方向性ハッシュ関数を適用したものを匿名IDとして生成してもよい。 The generation unit 15 generates an anonymous ID using the user ID and the position classification ID. For example, the generation unit 15 may generate an anonymous ID by applying a one-way hash function to information including a user ID and a position classification ID.
 出力部13は、匿名IDおよびユーザ情報を対応付けて出力する。ここで、ユーザ情報の出力先は、ネットワークインタフェース1005を介して通信可能に接続された、ユーザ情報を活用するサービスを提供する装置であってもよい。なお、ユーザ情報とは、取得部11によって取得されたユーザ位置情報そのものであってもよい。その他、ユーザ情報は、そのユーザに関する他の情報であってもよい。そのようなユーザに関する他の情報は、取得部11によって、ユーザ位置情報およびユーザIDとともに取得されたものであってもよい。 The output unit 13 outputs an anonymous ID and user information in association with each other. Here, the output destination of the user information may be a device that provides a service utilizing the user information that is connected to be able to communicate via the network interface 1005. The user information may be the user position information itself acquired by the acquisition unit 11. In addition, the user information may be other information related to the user. Such other information regarding the user may be acquired by the acquisition unit 11 together with the user position information and the user ID.
 以上のように構成された情報処理システム1の動作について、図面を参照して説明する。 The operation of the information processing system 1 configured as described above will be described with reference to the drawings.
 まず、情報処理システム1全体の動作を図3に示す。 First, the overall operation of the information processing system 1 is shown in FIG.
 図3では、まず、取得部11は、ユーザ位置情報およびユーザIDを取得する(ステップS1)。 In FIG. 3, the acquisition unit 11 first acquires user location information and a user ID (step S1).
 次に、匿名化装置12は、ステップS1で取得された情報に基づいて、匿名IDを生成する(ステップS2)。このステップの詳細については後述する。 Next, the anonymization device 12 generates an anonymous ID based on the information acquired in step S1 (step S2). Details of this step will be described later.
 次に、出力部13は、ステップS2で生成された匿名IDと、ステップS1で取得されたユーザIDの示すユーザ情報とを対応付けて出力する(ステップS3)。前述のように、出力部13は、匿名IDおよびユーザ情報を対応付けて、ユーザ情報を活用するサービスを提供する装置に対して出力してもよい。 Next, the output unit 13 outputs the anonymous ID generated in step S2 in association with the user information indicated by the user ID acquired in step S1 (step S3). As described above, the output unit 13 may associate the anonymous ID with the user information and output it to a device that provides a service that utilizes the user information.
 以上で、情報処理システム1は動作を終了する。 Thus, the information processing system 1 ends its operation.
 次に、ステップS2における匿名化装置12の動作を、図4に示す。 Next, the operation of the anonymization device 12 in step S2 is shown in FIG.
 図4では、まず、特定部14は、ステップS1で得られたユーザ位置情報に基づいて、そのユーザ位置情報の示す位置を含む範囲を識別する位置区分IDを特定する(ステップS11)。 In FIG. 4, first, the specifying unit 14 specifies a position classification ID for identifying a range including the position indicated by the user position information based on the user position information obtained in step S1 (step S11).
 次に、生成部15は、ステップS1で得られたユーザIDおよびステップS11で特定された位置区分IDに基づいて、匿名IDを生成する(ステップS12)。 Next, the generation unit 15 generates an anonymous ID based on the user ID obtained in step S1 and the position classification ID specified in step S11 (step S12).
 以上で、匿名化装置12は、ユーザIDの匿名化動作を終了する。 Thus, the anonymization device 12 ends the anonymization operation of the user ID.
 次に、第1の実施の形態の効果について述べる。 Next, the effect of the first embodiment will be described.
 第1の実施の形態としての情報処理システムは、収集・蓄積したユーザ情報を提供する際に、特定のユーザ情報の追跡・集計を制限することができる。 The information processing system as the first embodiment can limit the tracking / counting of specific user information when providing the collected / accumulated user information.
 その理由は、取得部が、ユーザIDおよびユーザ位置情報を取得し、特定部が、ユーザ位置情報の示す位置を含む範囲を識別する位置区分IDを特定するからである。さらに、生成部が、ユーザIDおよび位置区分IDに基づいて匿名IDを生成し、出力部が、匿名IDおよびユーザ情報を対応付けて出力するからである。 The reason is that the acquisition unit acquires the user ID and the user position information, and the specifying unit specifies the position classification ID that identifies the range including the position indicated by the user position information. Furthermore, it is because a production | generation part produces | generates anonymous ID based on user ID and position division ID, and an output part matches and outputs anonymous ID and user information.
 このように、本実施の形態は、同一のユーザIDに対して、ユーザが同一の位置区分内にいる間は同一の匿名IDを生成し、異なる位置区分間では異なる匿名IDを生成することになる。したがって、本実施の形態から出力される匿名IDおよびユーザ情報を活用する装置は、ユーザ情報を、ユーザが同一の位置区分内にいる間は追跡・集計できるが、異なる位置区分間では追跡・集計できない。その結果、本実施の形態は、特定のユーザ情報の追跡・集計を制限することになる。 Thus, this embodiment generates the same anonymous ID for the same user ID while the user is in the same position section, and generates different anonymous IDs for different position sections. Become. Therefore, an apparatus that utilizes the anonymous ID and user information output from the present embodiment can track and aggregate user information while the user is in the same location segment, but track and aggregate between different location segments. Can not. As a result, this embodiment limits the tracking / aggregation of specific user information.
 また、上述した理由により、本実施の形態におけるユーザ匿名化装置は、同一のユーザ情報を同一の位置区分内で追跡・集計可能とし、異なる位置区分間では追跡・集計できないよう制限可能な匿名IDを作る装置として有用である。 For the reasons described above, the user anonymization device according to the present embodiment allows the same user information to be tracked / aggregated within the same location category, and can be restricted so that it cannot be traced / aggregated between different location categories. It is useful as a device to make.
 (第2の実施の形態)
 次に、本発明の第2の実施の形態について図面を参照して詳細に説明する。本実施の形態では、情報処理システムを、ユーザの位置情報を提供する情報提供システムに適用した例について説明する。なお、本実施の形態の説明において参照する各図面において、第1の実施の形態と同一の構成および同様に動作するステップには同一の符号を付して本実施の形態における詳細な説明を省略する。 (Second Embodiment)
Next, a second embodiment of the present invention will be described in detail with reference to the drawings. In the present embodiment, an example in which the information processing system is applied to an information providing system that provides user location information will be described. Note that, in each drawing referred to in the description of the present embodiment, the same configurations and steps that operate in the same manner as in the first embodiment are denoted by the same reference numerals, and detailed description in the present embodiment is omitted. To do.
 まず、第2の実施の形態としての情報提供システム2の機能ブロック構成を図5に示す。図5において、情報提供システム2は、第1の実施の形態としての情報処理システム1に対して、匿名化装置12に替えて匿名化装置22と、出力部13に替えて出力部23とを備える点が異なる。また、匿名化装置22は、第1の実施の形態における匿名化装置12に対して、特定部14に替えて特定部24と、生成部15に替えて生成部25とを含み、さらに、記憶部26(区分ID特定情報記憶部)を含む点が異なる。また、情報提供システム2は、情報活用システム9と通信可能に接続される。 First, a functional block configuration of an information providing system 2 as a second embodiment is shown in FIG. In FIG. 5, the information providing system 2 includes an anonymizing device 22 instead of the anonymizing device 12 and an output unit 23 instead of the output unit 13 with respect to the information processing system 1 as the first embodiment. The point to prepare is different. Further, the anonymization device 22 includes a specification unit 24 instead of the specification unit 14 and a generation unit 25 instead of the generation unit 15 with respect to the anonymization device 12 in the first exemplary embodiment, and further stores The difference is that the unit 26 (section ID specific information storage unit) is included. The information providing system 2 is connected to the information utilization system 9 so as to be communicable.
 ここで、情報提供システム2は、図2を参照して説明した第1の実施の形態としての情報処理システム1と同様のハードウェア要素によって構成可能である。この場合、記憶部26は、記憶装置1004によって構成される。なお、情報提供システム2およびその各機能ブロックのハードウェア構成は、上述の構成に限定されない。 Here, the information providing system 2 can be configured by the same hardware elements as the information processing system 1 as the first embodiment described with reference to FIG. In this case, the storage unit 26 is configured by the storage device 1004. Note that the hardware configuration of the information providing system 2 and each functional block thereof is not limited to the above-described configuration.
 記憶部26は、位置の範囲と、その範囲を識別する位置区分IDとを対応付けて記憶している。 The storage unit 26 stores a position range and a position classification ID for identifying the range in association with each other.
 例えば、ユーザ位置情報が、(緯度・経度・高度)や(x、y、z)などといった座標値として与えられる場合、記憶部26は、座標値の範囲と、その位置区分IDとの対応関係を表す情報を保持しておけばよい。また、例えば、ユーザ位置情報が、住所を表す情報として与えられる場合、記憶部26は、住所で記述される所在地範囲と、位置区分IDとの対応関係を表す情報を保持しておけばよい。また、例えば、ユーザ位置情報が場所を表す情報として与えられる場合、記憶部26は、場所を表す情報の組み合わせと、位置区分IDとの対応関係を表す情報を保持しておけばよい。例えば、この場合、記憶部26は、あるチェーン店における店舗aおよび店舗bの組み合わせに対して、位置区分ID「A」を対応付けた情報を保持しておいてもよい。 For example, when the user position information is given as a coordinate value such as (latitude / longitude / altitude) or (x, y, z), the storage unit 26 associates the range of the coordinate value with its position category ID. It is only necessary to store information representing. Further, for example, when the user position information is given as information representing an address, the storage unit 26 may hold information representing a correspondence relationship between the location range described by the address and the position classification ID. Further, for example, when the user position information is given as information representing a place, the storage unit 26 may hold information representing a correspondence relationship between a combination of information representing the place and the position classification ID. For example, in this case, the storage unit 26 may hold information in which the position classification ID “A” is associated with the combination of the store a and the store b in a certain chain store.
 なお、記憶部26に保持される情報は、ユーザ位置情報の追跡・集計を可能としたい範囲毎にユニークな位置区分IDが特定されるように決定されることが望ましい。これにより、ユニークな位置区分IDを与えられた範囲内ではユーザ位置情報の詳細な追跡・集計が可能となる。また、異なる位置区分IDを与えられた範囲間では、ユーザ位置情報の追跡・集計ができないことになる。 It should be noted that the information held in the storage unit 26 is preferably determined so that a unique position classification ID is specified for each range in which user position information is desired to be tracked / aggregated. As a result, the user position information can be tracked and aggregated in detail within the range given the unique position category ID. In addition, the user position information cannot be tracked / aggregated between ranges given different position category IDs.
 特定部24は、取得部11によって取得されたユーザ位置情報について、その示す位置を含む範囲に対して定められた位置区分IDを、記憶部26を参照することにより特定する。 The identifying unit 24 identifies the position classification ID determined for the range including the position indicated by the user position information acquired by the acquiring unit 11 by referring to the storage unit 26.
 生成部25は、ユーザIDと、位置区分IDとに基づいて、匿名IDを生成する。ここで、ユーザIDは、取得部11によって取得された情報である。位置区分IDは、取得部11によって取得されたユーザ位置情報に基づいて特定部24によって特定された情報である。本実施の形態では、生成部25は、次式(1)を用いて匿名IDを生成する。 The generation unit 25 generates an anonymous ID based on the user ID and the position classification ID. Here, the user ID is information acquired by the acquisition unit 11. The position classification ID is information specified by the specifying unit 24 based on the user position information acquired by the acquiring unit 11. In this Embodiment, the production | generation part 25 produces | generates anonymous ID using following Formula (1).
 匿名ID=hash(ユーザID+位置区分ID)・・・(1)
 上記式(1)は、ユーザIDと位置区分IDとの連結データに一方向性ハッシュ関数hashを適用して得られた値として、匿名IDが算出されることを表している。ここで、一方向性ハッシュ関数は、任意の長さのデータを固定長に短く圧縮した値(ハッシュ値)にマップする一方向性の関数であり、ハッシュ値から元のデータを求める逆変換が困難であるという性質を持つ。また、一方向性ハッシュ関数は、ハッシュ値同士が等しくなるような異なる元データを見つけることが困難であるという性質も持つ。このような一方向性ハッシュ関数の例としては、SHA(Secure Hash Algorithm)、MD5(Message Digest Algorithm 5)などを適用可能である。 Anonymous ID = hash (user ID + position classification ID) (1)
The above formula (1) represents that the anonymous ID is calculated as a value obtained by applying the one-way hash function hash to the concatenated data of the user ID and the position classification ID. Here, the one-way hash function is a one-way function that maps data of an arbitrary length to a value (hash value) that has been compressed to a fixed length, and the inverse transformation for obtaining the original data from the hash value is performed. It has the property of being difficult. In addition, the one-way hash function has a property that it is difficult to find different original data in which hash values are equal. As examples of such a one-way hash function, SHA (Secure Hash Algorithm), MD5 (Message Digest Algorithm 5), and the like can be applied.
 このようにして算出される匿名IDが、ユーザ位置情報と対応付けて提供される場合について考える。この場合、ユーザ位置情報から、その匿名IDを算出するのに用いられた位置区分IDは、算出可能である。しかしながら、ハッシュ値の一方向性により、匿名IDを算出するのに用いられた元のユーザIDまでを調べることは困難である。したがって、このような匿名IDは、ユーザの匿名性を確保している。 Consider the case where the anonymous ID calculated in this way is provided in association with the user position information. In this case, the position classification ID used to calculate the anonymous ID can be calculated from the user position information. However, due to the one-way nature of the hash value, it is difficult to examine even the original user ID used to calculate the anonymous ID. Therefore, such an anonymous ID ensures user anonymity.
 さらに、このようにして算出される匿名IDは、同一のユーザIDおよび同一の位置区分IDから算出されるときにのみ同一となる性質を持つ。したがって、このような匿名IDは、ユーザ位置情報と対応付けられて提供されることにより、あるユーザがある位置区分内にいるときにのみ、その位置を追跡・集計可能とするという性質を実現する。 Furthermore, the anonymous ID calculated in this way has the property of being identical only when calculated from the same user ID and the same location classification ID. Therefore, such an anonymous ID is provided in association with the user position information, thereby realizing the property that the position can be tracked / aggregated only when a certain user is in a certain position category. .
 出力部23は、ユーザ位置情報と、匿名IDとを対応付けて、情報活用システム9に対して出力する。このユーザ位置情報は、取得部11によって取得された情報である。また、この匿名IDは、匿名化装置22によって生成されたIDである。 The output unit 23 associates the user position information with the anonymous ID and outputs the information to the information utilization system 9. This user position information is information acquired by the acquisition unit 11. The anonymous ID is an ID generated by the anonymization device 22.
 以上のように構成された情報提供システム2の動作について、図面を参照して説明する。 The operation of the information providing system 2 configured as described above will be described with reference to the drawings.
 まず、情報提供システム2全体の動作を図6に示す。 First, the overall operation of the information providing system 2 is shown in FIG.
 図6において、まず、取得部11は、第1の実施の形態と同様にステップS1を実行し、ユーザ位置情報およびユーザIDを取得する。 In FIG. 6, first, the acquisition unit 11 executes step S <b> 1 as in the first embodiment, and acquires user position information and a user ID.
 次に、匿名化装置22は、ステップS1で得られた情報を用いて、匿名IDを生成する(ステップS22)。このステップの詳細については後述する。 Next, the anonymization device 22 generates an anonymous ID using the information obtained in step S1 (step S22). Details of this step will be described later.
 次に、出力部23は、ステップS22で生成された匿名IDと、ステップS1で取得されたユーザ位置情報とを対応付けて、情報活用システム9に対して出力する(ステップS23)。 Next, the output unit 23 associates the anonymous ID generated in step S22 with the user position information acquired in step S1, and outputs the associated information to the information utilization system 9 (step S23).
 以上で、情報提供システム2は動作を終了する。 Thus, the information providing system 2 ends its operation.
 次に、ステップS22における匿名化装置22の動作を図7に示す。 Next, the operation of the anonymization device 22 in step S22 is shown in FIG.
 図7では、まず、特定部24は、ステップS1で得られたユーザ位置情報に基づいて、記憶部26を参照することにより、その示す位置を含む範囲を識別する位置区分IDを特定する(ステップS31)。 In FIG. 7, first, the specifying unit 24 specifies a position category ID for identifying a range including the position indicated by referring to the storage unit 26 based on the user position information obtained in step S <b> 1 (step S <b> 1). S31).
 次に、生成部25は、ステップS1で得られたユーザIDおよびステップS31で特定された位置区分IDを含む情報に対して、一方向性ハッシュ関数を適用することにより、匿名IDを生成する(ステップS32)。 Next, the generation unit 25 generates an anonymous ID by applying a one-way hash function to the information including the user ID obtained in step S1 and the position classification ID specified in step S31 ( Step S32).
 以上で、匿名化装置22は、ユーザIDの匿名化動作を終了する。 With the above, the anonymization device 22 ends the anonymization operation of the user ID.
 次に、第2の実施の形態の効果について述べる。 Next, the effect of the second embodiment will be described.
 第2の実施の形態としての情報提供システムは、収集・蓄積したユーザ位置情報を提供する際に、特定のユーザについてユーザ位置情報の追跡・集計を制限することができる。 The information providing system as the second embodiment can limit the tracking / aggregation of user position information for a specific user when providing the collected and accumulated user position information.
 その理由は、取得部が、ユーザIDおよびユーザ位置情報を取得し、記憶部が、位置の範囲と、その範囲を識別する位置区分IDとの対応関係を表す情報を記憶し、特定部が、記憶部を参照することにより、取得されたユーザ位置情報に対応する位置区分IDを特定するからである。そして、生成部が、ユーザIDおよび位置区分IDとを含む情報に一方向性ハッシュ関数を適用したものを匿名IDとして生成し、出力部が、匿名IDおよびユーザ位置情報を対応付けて出力するからである。 The reason is that the acquisition unit acquires the user ID and the user position information, the storage unit stores information indicating the correspondence between the range of the position and the position classification ID that identifies the range, This is because the location classification ID corresponding to the acquired user location information is specified by referring to the storage unit. And since a production | generation part produces | generates what applies a one-way hash function to the information containing user ID and position division ID as anonymous ID, and an output part matches and outputs anonymous ID and user position information. It is.
 ここで、本実施の形態の効果を、図8の模式図を用いて説明する。図8では、店舗Aおよび店舗Bに異なる位置区分IDが割り当てられている。この場合、本実施の形態は、ユーザが店舗Aまたは店舗Bの位置区分内にいる間は、同一の匿名IDに対応付けてそのユーザ位置情報を提供する。したがって、本実施の形態から提供される匿名IDおよびユーザ位置情報を活用する装置は、ユーザが同一の位置区分内にいる間は、その位置を追跡・集計できる。さらに、本実施の形態は、同一のユーザが店舗Aおよび店舗B間で移動した場合には、移動前とは異なる匿名IDに対応付けてそのユーザ位置情報を提供する。したがって、本実施の形態から提供されるユーザ位置情報を活用する装置は、異なる位置区分間では、ユーザの位置を追跡・集計できない。 Here, the effect of the present embodiment will be described with reference to the schematic diagram of FIG. In FIG. 8, different location classification IDs are assigned to the store A and the store B. In this case, this embodiment provides the user location information in association with the same anonymous ID while the user is in the location category of store A or store B. Therefore, the device that utilizes the anonymous ID and the user position information provided from the present embodiment can track and count the position while the user is in the same position section. Further, in the present embodiment, when the same user moves between the store A and the store B, the user position information is provided in association with an anonymous ID different from that before the move. Therefore, the apparatus that utilizes the user position information provided from the present embodiment cannot track / aggregate the user position between different position sections.
 このように、本実施の形態は、ユーザの位置を長期間かつ広範囲に亘って追跡・集計されることを制限する。また、本実施の形態は、他の情報との関係性等の分析によりある匿名IDがある特定のユーザに対応付くことが発見される危険性を低減し、個人のプライバシにかかわる情報が漏えいする危険性を低くできる。
(第3の実施の形態)
 次に、本発明の第3の実施の形態について図面を参照して詳細に説明する。本実施の形態では、第2の実施の形態と同様に、情報処理システムを、ユーザの位置情報を提供する情報提供システムに適用した例について説明する。なお、本実施の形態の説明において参照する各図面において、第2の実施の形態と同一の構成および同様に動作するステップには同一の符号を付して本実施の形態における詳細な説明を省略する。 As described above, the present embodiment limits the tracking and counting of the user's position over a long period of time and over a wide range. In addition, the present embodiment reduces the risk of finding that a certain anonymous ID is associated with a specific user by analyzing the relationship with other information, etc., and leaks information related to personal privacy Risk can be reduced.
(Third embodiment)
Next, a third embodiment of the present invention will be described in detail with reference to the drawings. In this embodiment, as in the second embodiment, an example in which the information processing system is applied to an information providing system that provides user location information will be described. Note that, in each drawing referred to in the description of the present embodiment, the same configurations and steps that operate in the same manner as in the second embodiment are denoted by the same reference numerals, and detailed description in the present embodiment is omitted. To do.
 まず、第3の実施の形態としての情報提供システム3の機能ブロック構成を図9に示す。図9において、情報提供システム3は、第2の実施の形態としての情報提供システム2に対して、取得部11に替えて取得部31と、匿名化装置22に替えて匿名化装置32と、出力部23に替えて出力部33とを備える点が異なる。また、匿名化装置32は、特定部34と、生成部35と、記憶部36(区分ID特定情報記憶部)とを含む。 First, the functional block configuration of the information providing system 3 as the third embodiment is shown in FIG. In FIG. 9, the information providing system 3 has an acquisition unit 31 instead of the acquisition unit 11 and an anonymization device 32 instead of the anonymization device 22 with respect to the information provision system 2 as the second embodiment. The difference is that an output unit 33 is provided instead of the output unit 23. In addition, the anonymization device 32 includes a specifying unit 34, a generation unit 35, and a storage unit 36 (section ID specifying information storage unit).
 ここで、情報提供システム3およびその各機能ブロックは、図2を参照して説明した第2の実施の形態としての情報提供システム2およびその各機能ブロックと同様のハードウェア要素によって構成可能である。なお、情報提供システム3およびその各機能ブロックのハードウェア構成は、上述の構成に限定されない。 Here, the information providing system 3 and each functional block thereof can be configured by the same hardware elements as the information providing system 2 and the respective functional blocks as the second embodiment described with reference to FIG. . Note that the hardware configuration of the information providing system 3 and each functional block thereof is not limited to the above-described configuration.
 取得部31は、ユーザ位置情報およびユーザIDに加えて、時刻情報を取得する。時刻情報は、ユーザIDの示すユーザが、ユーザ位置情報の示す位置にいた時刻を表す情報である。 The acquisition unit 31 acquires time information in addition to the user position information and the user ID. The time information is information representing the time when the user indicated by the user ID was at the position indicated by the user position information.
 記憶部36は、第2の実施の形態における記憶部26と同様の情報を記憶する。加えて、記憶部36は、時刻の範囲と、時刻の範囲を識別する時刻区分IDとを対応付けて記憶する。 The storage unit 36 stores the same information as the storage unit 26 in the second embodiment. In addition, the storage unit 36 stores a time range and a time division ID that identifies the time range in association with each other.
 例えば、記憶部36は、1時間ごと、1日ごと、1週間ごと、などといった時刻の範囲に対して時刻区分IDが定められた情報を記憶してもよい。このような時刻の範囲は、追跡や集計を可能としたい時間帯毎にユニークな時刻区分IDが定められることが望ましい。 For example, the storage unit 36 may store information in which a time division ID is defined for a time range such as every hour, every day, every week, or the like. In such a time range, it is desirable that a unique time division ID is determined for each time zone in which tracking or counting is desired.
 特定部34は、第2の実施の形態における特定部24と同様にユーザ位置情報から位置区分IDを特定する。加えて、特定部34は、取得部31によって取得された時刻情報に基づいて、その時刻を含む時刻の範囲を識別する時刻区分IDを特定する。 The identifying unit 34 identifies the location category ID from the user location information, as with the identifying unit 24 in the second embodiment. In addition, based on the time information acquired by the acquisition unit 31, the specifying unit 34 specifies a time segment ID that identifies a time range including the time.
 生成部35は、ユーザIDと、位置区分IDと、時刻区分IDとを用いて、匿名IDを生成する。ここで、ユーザIDは、取得部31によって取得された情報である。位置区分IDは、取得部31によって取得されたユーザ位置情報に基づいて特定部34によって特定された情報である。時刻区分IDは、取得部31によって取得された時刻情報に基づいて特定部34によって特定された情報である。本実施の形態では、生成部35は、次式(2)を用いて匿名IDを生成する。 The generation unit 35 generates an anonymous ID using the user ID, the position division ID, and the time division ID. Here, the user ID is information acquired by the acquisition unit 31. The position classification ID is information specified by the specifying unit 34 based on the user position information acquired by the acquiring unit 31. The time division ID is information specified by the specifying unit 34 based on the time information acquired by the acquiring unit 31. In this Embodiment, the production | generation part 35 produces | generates anonymous ID using following Formula (2).
 匿名ID=hash(ユーザID+位置区分ID+時刻区分ID)・・・(2)
上記式(2)は、ユーザIDと位置区分IDと時刻区分IDとの連結データに一方向性ハッシュ関数hashを適用して得られた値として、匿名IDが算出されることを表している。このような一方向性ハッシュ関数としては、第2の実施の形態において用いられる式(1)と同様に、SHAやMD5などを適用可能である。 Anonymous ID = hash (user ID + position division ID + time division ID) (2)
The above formula (2) represents that the anonymous ID is calculated as a value obtained by applying the one-way hash function hash to the concatenated data of the user ID, the position category ID, and the time category ID. As such a one-way hash function, SHA, MD5, or the like can be applied as in the equation (1) used in the second embodiment.
 このようにして算出される匿名IDが、ユーザ位置情報および時刻情報と対応付けて提供される場合について考える。この場合、ユーザ位置情報から、その匿名IDを算出するのに用いられた位置区分IDは、算出可能である。また、時刻情報から、その匿名IDを算出するのに用いられた時刻区分IDは、算出可能である。しかしながら、ハッシュ値の一方向性により、匿名IDを算出するのに用いられた元のユーザIDまでを調べることは困難である。したがって、このような匿名IDは、ユーザの匿名性を確保している。 Consider the case where the anonymous ID calculated in this way is provided in association with user position information and time information. In this case, the position classification ID used to calculate the anonymous ID can be calculated from the user position information. Moreover, the time division ID used for calculating the anonymous ID from the time information can be calculated. However, due to the one-way nature of the hash value, it is difficult to examine even the original user ID used to calculate the anonymous ID. Therefore, such an anonymous ID ensures user anonymity.
 さらに、このようにして算出される匿名IDは、同一のユーザID、同一の位置区分IDおよび同一の時刻区分IDから算出されるときにのみ同一となる性質を持つ。したがって、このような匿名IDは、ユーザ位置情報および時刻情報と対応付けられて提供されることにより、あるユーザがある位置区分内にいるある時間帯においてのみ、その位置の時刻に伴う変化を追跡・集計可能とするという性質を実現する。 Furthermore, the anonymous ID calculated in this way has the same property only when calculated from the same user ID, the same position division ID, and the same time division ID. Therefore, such an anonymous ID is provided in association with user position information and time information, so that a change with time of the position is tracked only in a certain time zone within a certain position section of the certain user.・ Realize the property of enabling aggregation.
 出力部33は、ユーザ位置情報と、時刻情報と、匿名IDとを対応付けて、情報活用システム9に対して出力する。ユーザ位置情報および時刻情報は、取得部31によって取得された情報である。また、匿名IDは、これらの情報に基づいて匿名化装置32によって生成されたIDである。 The output unit 33 associates the user position information, the time information, and the anonymous ID, and outputs them to the information utilization system 9. The user position information and time information are information acquired by the acquisition unit 31. Moreover, anonymous ID is ID produced | generated by the anonymization apparatus 32 based on such information.
 以上のように構成された情報提供システム3の動作について、図面を参照して説明する。 The operation of the information providing system 3 configured as described above will be described with reference to the drawings.
 まず、情報提供システム3全体の動作を図10に示す。 First, the overall operation of the information providing system 3 is shown in FIG.
 図10において、まず、取得部31は、ユーザ位置情報、ユーザID、および、時刻情報を取得する(ステップS41)。 In FIG. 10, first, the acquisition unit 31 acquires user position information, user ID, and time information (step S41).
 次に、匿名化装置32は、ステップS41で得られた情報を用いて、匿名IDを生成する(ステップS42)。このステップの詳細については後述する。 Next, the anonymization device 32 generates an anonymous ID using the information obtained in step S41 (step S42). Details of this step will be described later.
 次に、出力部33は、ステップS42で生成された匿名IDと、ステップS41で取得されたユーザ位置情報および時刻情報とを対応付けて出力する(ステップS43)。 Next, the output unit 33 outputs the anonymous ID generated in step S42 in association with the user position information and time information acquired in step S41 (step S43).
 以上で、情報提供システム3は動作を終了する。 Thus, the information providing system 3 ends the operation.
 次に、ステップS42における匿名化装置32の動作を図11に示す。 Next, FIG. 11 shows the operation of the anonymization device 32 in step S42.
 図11において、まず、特定部34は、ステップS41で得られたユーザ位置情報に基づいて、第2の実施の形態と同様にステップS31を実行することにより、位置区分IDを特定する。 In FIG. 11, first, the specifying unit 34 specifies the position category ID by executing step S31 as in the second embodiment, based on the user position information obtained in step S41.
 次に、特定部34は、ステップS41で得られた時刻情報に基づいて、記憶部36を参照することにより、その時刻を含む範囲を識別する時刻区分IDを特定する(ステップS52)。 Next, the specifying unit 34 specifies a time division ID for identifying a range including the time by referring to the storage unit 36 based on the time information obtained in step S41 (step S52).
 次に、生成部35は、ステップS41で得られたユーザIDと、ステップS31で得られた位置区分IDと、ステップS52で得られた時刻区分IDとを含む情報に対して、一方向性ハッシュ関数を適用し、匿名IDを生成する(ステップS53)。 Next, the generation unit 35 performs a one-way hash on the information including the user ID obtained in step S41, the position division ID obtained in step S31, and the time division ID obtained in step S52. The function is applied to generate an anonymous ID (step S53).
 以上で、匿名化装置32は動作を終了する。 Thus, the anonymization device 32 ends its operation.
 次に、第3の実施の形態の効果について述べる。 Next, the effect of the third embodiment will be described.
 第3の実施の形態としての情報提供システムは、収集・蓄積したユーザ位置情報を提供する際に、特定のユーザについてユーザ位置情報の追跡・集計を、さらに制限することができる。 The information providing system as the third embodiment can further limit the tracking / aggregation of the user position information for a specific user when providing the collected / accumulated user position information.
 その理由は、取得部が、ユーザIDおよびユーザ位置情報に加えて時刻情報を取得し、記憶部が、位置区分IDを特定するための情報に加えて、時刻の範囲と時刻区分IDとの対応関係を表す情報を記憶するからである。さらに、特定部が、ユーザ位置情報に対応する位置区分IDを特定することに加えて、時刻情報に対応する時刻区分IDを特定するからである。そして、生成部が、ユーザIDおよび位置区分IDに加えて時刻区分IDを含む情報に一方向性ハッシュ関数を適用したものを匿名IDとして生成し、出力部が、匿名IDと、ユーザ位置情報および時刻情報とを対応付けて出力するからである。 The reason is that the acquisition unit acquires time information in addition to the user ID and the user location information, and the storage unit corresponds to the time range and the time division ID in addition to the information for specifying the location division ID. This is because information representing the relationship is stored. Furthermore, the specifying unit specifies the time section ID corresponding to the time information in addition to specifying the position section ID corresponding to the user position information. And a production | generation part produces | generates what applied the one-way hash function to the information containing time division ID in addition to user ID and position division ID as anonymous ID, and an output part produces anonymous ID, user position information, and This is because the time information is output in association with the time information.
 このように、本実施の形態は、ある時間帯において同一の位置区分内にいるユーザについては、同一の匿名IDに対応付けてそのユーザ位置情報および時刻情報を提供する。したがって、本実施の形態から出力されるユーザ位置情報を活用する装置は、ユーザが同一の位置区分内にいる間、ある時間帯に限ってその位置を追跡・集計できる。さらに、本実施の形態は、同一のユーザが同一の位置区分内にいた場合であっても、異なる時刻の範囲として定められた時間帯をまたがってその位置区分内にいた場合は、それぞれの時間帯において異なる匿名IDに対応付けてそのユーザ位置情報を提供することになる。したがって、本実施の形態から提供されるユーザ位置情報を活用する装置は、異なる時刻区分間では、ユーザの位置を追跡・集計できない。 As described above, this embodiment provides user position information and time information in association with the same anonymous ID for users who are in the same position section in a certain time zone. Therefore, the apparatus that utilizes the user position information output from the present embodiment can track and count the position only in a certain time zone while the user is in the same position section. Furthermore, in the present embodiment, even when the same user is in the same position section, if the same user is in the position section across different time zones, each time The user position information is provided in association with different anonymous IDs in the band. Therefore, the apparatus that utilizes the user position information provided from the present embodiment cannot track and count the user position between different time segments.
 このように、本実施の形態は、ユーザの位置を長期間かつ広範囲に亘って追跡・集計されることをさらに制限する。また、本実施の形態は、他の情報との関係性等の分析によりある匿名IDがある特定のユーザに対応付くことが発見される危険性をさらに低減し、個人のプライバシにかかわる情報が漏えいする危険性をさらに低くできる。 As described above, this embodiment further restricts the tracking and counting of the user's position over a long period of time and over a wide range. In addition, the present embodiment further reduces the risk of being found to correspond to a specific user with an anonymous ID by analyzing the relationship with other information, etc., and leaks information related to personal privacy Can further reduce the risk of
 (第4の実施の形態)
 次に、第4の実施の形態について図面を参照して詳細に説明する。本実施の形態では、第3の実施の形態と同様に、情報処理システムを、ユーザの位置情報を提供する情報提供システムに適用した例について説明する。なお、本実施の形態の説明において参照する各図面において、第3の実施の形態と同一の構成および同様に動作するステップには同一の符号を付して本実施の形態における詳細な説明を省略する。 (Fourth embodiment)
Next, a fourth embodiment will be described in detail with reference to the drawings. In this embodiment, as in the third embodiment, an example in which the information processing system is applied to an information providing system that provides user location information will be described. Note that, in each drawing referred to in the description of the present embodiment, the same reference numerals are given to the same configuration and steps that operate in the same manner as in the third embodiment, and the detailed description in the present embodiment is omitted. To do.
 まず、第4の実施の形態としての情報提供システム4の機能ブロック構成を図12に示す。図12において、情報提供システム4は、第2の実施の形態としての情報提供システム3に対して、匿名化装置32に替えて匿名化装置42を備える点が異なる。匿名化装置42は、第3の実施の形態における匿名化装置32に対して、特定部34に替えて特定部44と、記憶部36に替えて記憶部46(区分ID特定情報記憶部)とを含む点が異なる。 First, the functional block configuration of the information providing system 4 as the fourth embodiment is shown in FIG. In FIG. 12, the information providing system 4 is different from the information providing system 3 according to the second embodiment in that an anonymizing device 42 is provided instead of the anonymizing device 32. The anonymization device 42 is different from the anonymization device 32 according to the third embodiment in that a specification unit 44 is used instead of the specification unit 34, and a storage unit 46 (section ID specification information storage unit) is used instead of the storage unit 36. Is different.
 ここで、情報提供システム4およびその各機能ブロックは、図2を参照して説明した第3の実施の形態としての情報提供システム3およびその各機能ブロックと同様のハードウェア要素によって構成可能である。なお、情報提供システム4およびその各機能ブロックのハードウェア構成は、上述の構成に限定されない。 Here, the information providing system 4 and each function block thereof can be configured by the same hardware elements as the information providing system 3 and the respective function blocks as the third embodiment described with reference to FIG. . Note that the hardware configuration of the information providing system 4 and each functional block thereof is not limited to the above-described configuration.
 記憶部46は、位置の範囲および位置区分IDの対応関係を表す情報を、所定の条件に応じて切り替え可能に記憶している。つまり、記憶部46は、位置の範囲および位置区分IDについて、複数種類の対応関係を表す情報を記憶している。例えば、記憶部46は、より狭い位置範囲毎に定められた位置区分IDと、より広い位置範囲毎に定められた位置区分IDとを記憶してもよい。 The storage unit 46 stores information indicating the correspondence between the position range and the position classification ID so as to be switchable according to a predetermined condition. In other words, the storage unit 46 stores information representing a plurality of types of correspondence relationships with respect to the position range and the position classification ID. For example, the storage unit 46 may store a position section ID determined for each narrower position range and a position section ID determined for each wider position range.
 特定部44は、位置の範囲および位置区分IDの対応関係を、所定の条件に応じて切り替えて用いることにより、ユーザ位置情報に対応する位置区分IDを特定する。 The specifying unit 44 specifies the position category ID corresponding to the user location information by switching the correspondence relationship between the position range and the location category ID according to a predetermined condition.
 所定の条件とは、例えば、ユーザ位置情報が取得された時刻が所定の時間帯に含まれるかどうかであってもよい。例えば、特定部44は、ユーザ位置情報が取得された時刻がある時間帯に含まれる場合には、より広い位置範囲毎に定められた位置区分IDを用いてもよい。また、特定部44は、ユーザ位置情報が取得された時刻が他の時間帯に含まれる場合には、より狭い位置範囲毎に定められた位置区分IDを用いてもよい。 The predetermined condition may be, for example, whether or not the time when the user position information is acquired is included in a predetermined time zone. For example, when the time when the user position information is acquired is included in a certain time zone, the specifying unit 44 may use a position classification ID determined for each wider position range. In addition, when the time at which the user position information is acquired is included in another time zone, the specifying unit 44 may use a position category ID determined for each narrower position range.
 また、例えば、特定部44によって用いられる所定の条件とは、ユーザIDに基づく条件であってもよい。例えば、特定部44は、あるユーザIDとともに取得されたユーザ位置情報については、より広い位置範囲毎に定められた位置区分IDを用いてもよい。また、特定部44は、他のユーザIDとともに取得されたユーザ位置情報については、より狭い位置範囲毎に定められた位置区分IDを用いてもよい。 Further, for example, the predetermined condition used by the specifying unit 44 may be a condition based on the user ID. For example, for the user position information acquired together with a certain user ID, the specifying unit 44 may use a position classification ID determined for each wider position range. Moreover, the specific | specification part 44 may use location division ID defined for every narrower location range about the user location information acquired with other user ID.
 また、例えば、特定部44によって用いられる所定の条件とは、ユーザの数に基づく条件であってもよい。例えば、特定部44は、所定期間や所定範囲において収集されたユーザ位置情報およびユーザIDに基づいて、その期間にその範囲に存在するユーザ数を算出可能である。そして、この場合、特定部44は、ユーザ数が閾値より少ない場合には、より広い位置範囲毎に定められた位置区分IDを用いてもよい。また、特定部44は、ユーザ数が閾値より多い場合には、より狭い位置範囲毎に定められた位置区分IDを用いてもよい。 Further, for example, the predetermined condition used by the specifying unit 44 may be a condition based on the number of users. For example, the specifying unit 44 can calculate the number of users existing in the range based on the user position information and the user ID collected in the predetermined period or the predetermined range. In this case, when the number of users is smaller than the threshold value, the specifying unit 44 may use a position classification ID determined for each wider position range. Further, when the number of users is greater than the threshold value, the specifying unit 44 may use a position category ID determined for each narrower position range.
 以上のように構成された情報提供システム4の動作について、図面を参照して説明する。なお、情報提供システム4全体の動作およびユーザIDの匿名化動作については、図10および図11を参照して説明した第3の実施の形態における各動作と略同様である。ただし、ステップS31における位置区分ID特定動作の詳細が異なる。 The operation of the information providing system 4 configured as described above will be described with reference to the drawings. In addition, about the operation | movement of the information provision system 4 whole and the anonymization operation | movement of user ID, it is substantially the same as each operation | movement in 3rd Embodiment demonstrated with reference to FIG. 10 and FIG. However, the details of the position classification ID specifying operation in step S31 are different.
 本実施の形態における位置区分ID特定動作の詳細を図13に示す。 FIG. 13 shows details of the position classification ID specifying operation in the present embodiment.
 図13において、まず、特定部44は、記憶部46に記憶された対応関係を表す情報のうち、所定の条件に応じていずれの情報を用いるかを決定する(ステップS61)。例えば、前述のように、特定部44は、時刻情報、ユーザ数、または、ユーザID等に基づく所定の条件を用いて、より広い位置範囲またはより狭い位置範囲のいずれに対して定められた位置区分IDを表す情報を用いるかを決定してもよい。 In FIG. 13, first, the identifying unit 44 determines which information to use according to a predetermined condition among the information representing the correspondence relationship stored in the storage unit 46 (step S <b> 61). For example, as described above, the specifying unit 44 uses a predetermined condition based on time information, the number of users, a user ID, or the like to determine a position determined for either a wider position range or a narrower position range. It may be determined whether to use information representing the category ID.
 次に、特定部44は、ステップS61で決定した対応関係を表す情報を用いて、ユーザ位置情報に対応する位置区分IDを特定する(ステップS62)。 Next, the specifying unit 44 specifies the position category ID corresponding to the user position information using the information indicating the correspondence relationship determined in step S61 (step S62).
 以上で、匿名化装置42は、位置区分IDの特定動作を終了する。 With the above, the anonymization device 42 ends the specific operation of the position category ID.
 次に、第4の実施の形態の効果について述べる。 Next, the effect of the fourth embodiment will be described.
 第4の実施の形態としての情報提供システムは、特定のユーザについてユーザ位置情報の追跡・集計を制限しながらも、収集・蓄積したユーザ位置情報をより柔軟に活用可能に提供することができる。 The information providing system as the fourth embodiment can provide the user location information collected and accumulated in a more flexible manner while restricting the tracking / counting of the user location information for a specific user.
 その理由は、記憶部が、位置の範囲および位置区分IDについて複数種類の対応関係を記憶し、特定部が、所定の条件に応じて、いずれの対応関係を表す情報を用いるかを切り替えることにより、ユーザ位置情報に対応する位置区分IDを特定するからである。 The reason is that the storage unit stores a plurality of types of correspondences for the position range and the position classification ID, and the specifying unit switches which information representing the correspondence is used according to a predetermined condition. This is because the position classification ID corresponding to the user position information is specified.
 これにより、本実施の形態は、切り替えにより特定された位置区分IDを用いて匿名IDを生成することになる。例えば、記憶部が、より狭い位置範囲毎に定められた位置区分IDと、より広い位置範囲毎に定められた位置区分IDとを記憶している場合について考える。 Thus, in the present embodiment, an anonymous ID is generated using the position classification ID specified by switching. For example, let us consider a case where the storage unit stores a position classification ID determined for each narrower position range and a position classification ID determined for each wider position range.
 ここで、特定部が、より広い位置範囲およびより狭い位置範囲のいずれに対して定められた位置区分IDを用いるかを、ユーザ位置情報の取得時刻に応じて決定するとする。この場合、本実施の形態は、時間帯に応じて、ユーザ位置情報の追跡・集計を可能とする位置の範囲の大きさを切り替えることができる。 Here, it is assumed that the specific unit determines which of the wider position range and the narrower position range to use the position category ID determined according to the acquisition time of the user position information. In this case, according to the present embodiment, the size of the range of the position where the user position information can be tracked / aggregated can be switched according to the time zone.
 また、特定部が、より広い位置範囲およびより狭い位置範囲のいずれに対して定められた位置区分IDを用いるかを、ユーザIDに応じて決定するとする。この場合、本実施の形態は、ユーザに応じて、ユーザ位置情報の追跡・集計を可能とする範囲の大きさを切り替えることができる。 Also, it is assumed that the specific unit determines which of the wider position range and the narrower position range to use the position classification ID determined according to the user ID. In this case, according to the present embodiment, the size of the range in which the user position information can be tracked / aggregated can be switched according to the user.
 また、特定部が、より広い位置範囲およびより狭い位置範囲のいずれに対して定められた位置区分IDを用いるかを、ユーザ数に応じて決定するとする。この場合、本実施の形態は、ユーザ数に応じてユーザ位置情報の追跡・集計を可能とする範囲の大きさを切り替えることができる。 Also, it is assumed that the specific unit determines which of the wider position range and the narrower position range to use the position classification ID determined according to the number of users. In this case, the present embodiment can switch the size of a range in which user position information can be tracked / aggregated according to the number of users.
 なお、本実施の形態において、記憶部は、時刻の範囲および時刻区分IDについても、複数種類の対応関係を表す情報を記憶してもよい。例えば、記憶部は、より短い時刻の範囲毎に定められた時刻区分IDと、より長い時刻の範囲毎に定められた時刻区分IDとを記憶してもよい。そして、この場合、特定部は、所定の条件に応じて、いずれの対応関係を表す情報を用いて時刻区分IDを特定するかを切り替えてもよい。この場合も、所定の条件としては、ユーザ数、ユーザID、または、ユーザ位置情報の取得時刻に基づく条件などが考えられる。 In the present embodiment, the storage unit may store information representing a plurality of types of correspondences with respect to the time range and the time division ID. For example, the storage unit may store a time division ID determined for each shorter time range and a time division ID determined for each longer time range. In this case, the specifying unit may switch whether to specify the time division ID using information indicating which correspondence relationship according to a predetermined condition. Also in this case, the predetermined condition may be a condition based on the number of users, the user ID, or the acquisition time of the user position information.
 このように構成する場合、本実施の形態は、時間帯、ユーザ、または、ユーザ数等に応じて、ユーザ位置情報の追跡・集計を可能とする時間の長さを切り替えることができる。 When configured in this way, the present embodiment can switch the length of time during which user position information can be tracked / aggregated according to the time zone, the number of users, or the number of users.
 また、本実施の形態において、記憶部は、より狭い位置範囲毎に定められた位置区分IDと、より広い位置範囲毎に定められた位置区分IDといったように、2種類の対応関係を表す情報を切り替え可能に記憶する例を中心に説明した。この他、記憶部は、2種類に限らず、3種類以上の対応関係を表す情報を記憶してもよい。この場合も、特定部は、所定の条件に応じて、それらのいずれの対応関係を表す情報を用いるかを切り替えればよい。同様に、記憶部が、時刻の範囲および時刻区分IDについて記憶する場合も、2種類に限らず、3種類以上の対応関係を表す情報を記憶しておき、特定部が、所定の条件に基づいてそれらのいずれを用いるかを決定してもよい。また、特定部がこれらの対応関係を切り替える際に用いる所定の条件としては、ユーザ数、ユーザID、または、ユーザ位置情報の取得時刻に基づく条件に限らず、その他の条件やそれらの組み合わせも適用可能である。 Further, in the present embodiment, the storage unit is information representing two types of correspondences, such as a position classification ID determined for each narrower position range and a position classification ID determined for each wider position range. The description has been made mainly on the example of memorizing the switchable. In addition, the storage unit is not limited to two types, and may store information representing three or more types of correspondence. Also in this case, the specifying unit may switch which information representing the corresponding relationship is used according to a predetermined condition. Similarly, when the storage unit stores time ranges and time division IDs, the information is not limited to two types, but information representing three or more types of correspondence relationships is stored, and the specifying unit is based on a predetermined condition. You may decide which one to use. In addition, the predetermined condition used when the specifying unit switches these correspondences is not limited to the condition based on the number of users, the user ID, or the acquisition time of the user position information, and other conditions and combinations thereof are also applied. Is possible.
 また、第2~第4の実施の形態では、情報処理システムを、情報提供システムに適用する例を中心に説明した。その他、各実施の形態は、ユーザに関するその他の情報を取得して提供する情報処理システムにも適用可能である。 In the second to fourth embodiments, the information processing system has been mainly described as being applied to the information providing system. In addition, each embodiment can also be applied to an information processing system that acquires and provides other information about a user.
 また、第2~第4の実施の形態において、特定部は、記憶部にあらかじめ記憶された情報を参照することにより、位置区分IDまたは時刻区分IDを特定するものとして説明した。この他、各実施の形態は、記憶部を備える代わりに、ユーザ位置情報または時刻情報に所定の計算式や所定の規則等を適用することにより、位置区分IDまたは時刻区分IDを特定してもよい。 In the second to fourth embodiments, the specification unit has been described as specifying the position division ID or the time division ID by referring to information stored in advance in the storage unit. In addition, each embodiment may specify the position division ID or the time division ID by applying a predetermined calculation formula or a predetermined rule to the user position information or time information instead of including a storage unit. Good.
 また、上述した各実施の形態において、情報処理システム(情報提供システム)および匿名化装置の各機能ブロックが、記憶装置またはROMに記憶されたコンピュータ・プログラムを実行するCPUによって実現される例を中心に説明した。これに限らず各機能ブロックの一部、全部、または、それらの組み合わせが専用のハードウェアにより実現されていてもよい。 Further, in each of the above-described embodiments, an example in which each functional block of the information processing system (information providing system) and the anonymization device is realized by a CPU that executes a computer program stored in a storage device or a ROM. Explained. Not limited to this, some, all, or a combination of each functional block may be realized by dedicated hardware.
 また、上述した各実施の形態において、情報処理システム(情報提供システム)および匿名化装置の機能ブロックは、複数の装置に分散されて実現されてもよい。 Further, in each of the above-described embodiments, the function blocks of the information processing system (information providing system) and the anonymization device may be realized by being distributed to a plurality of devices.
 また、上述した各実施の形態において、各フローチャートを参照して説明した情報処理システム(情報提供システム)および匿名化装置の動作を、コンピュータ・プログラムとしてコンピュータ装置の記憶装置(記憶媒体)に格納しておき、係るコンピュータ・プログラムを当該CPUが読み出して実行するようにしてもよい。そして、このような場合において、本発明は、係るコンピュータ・プログラムのコードあるいは記憶媒体によって構成される。 In each of the above-described embodiments, the operations of the information processing system (information providing system) and the anonymization device described with reference to the flowcharts are stored in a storage device (storage medium) of the computer device as a computer program. In addition, the computer program may be read and executed by the CPU. In such a case, the present invention is constituted by the code of the computer program or a storage medium.
 以上、実施形態を参照して本願発明を説明したが、本願発明は上記実施形態に限定されるものではない。本願発明の構成や詳細には、本願発明のスコープ内で当業者が理解し得る様々な変更をすることができる。 The present invention has been described above with reference to the embodiments, but the present invention is not limited to the above embodiments. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.
 また、上述した各実施の形態の一部又は全部は、以下の付記のようにも記載されうるが、以下には限られない。 Further, a part or all of the above-described embodiments can be described as in the following supplementary notes, but is not limited to the following.
 (付記1)
 ユーザの位置を示すユーザ位置情報に基づいて、前記位置を含む範囲を識別する区分ID(位置区分ID)を特定する区分ID特定部と、
 前記ユーザを識別するユーザIDおよび前記位置区分IDを用いて匿名IDを生成する匿名ID生成部と、
 を備えたユーザID匿名化装置。
(付記2)
 前記区分ID特定部は、前記ユーザが前記ユーザ位置情報の示す位置にいた時刻を表す時刻情報に基づいて、前記時刻を含む時刻の範囲を識別する区分ID(時刻区分ID)をさらに特定し、
 前記匿名ID生成部は、前記ユーザIDおよび前記位置区分IDに加えて、前記時刻区分IDを用いて前記匿名IDを生成することを特徴とする付記1に記載のユーザID匿名化装置。
(付記3)
 前記匿名ID生成部は、前記ユーザIDおよび前記区分IDを含む情報に対して一方向性ハッシュ関数を適用して得られる情報を、前記匿名IDとすることを特徴とする付記1または付記2に記載のユーザID匿名化装置。
(付記4)
 前記位置の範囲と、前記範囲に対して定められた前記位置区分IDとの対応関係を表す情報を記憶する区分ID特定情報記憶部をさらに備え、
 前記区分ID特定部は、前記ユーザ位置情報の示す位置を含む範囲に対して定められた位置区分IDを、前記区分ID特定情報記憶部を参照することにより特定することを特徴とする付記1から付記3のいずれか1つに記載のユーザID匿名化装置。
(付記5)
 前記ユーザ位置情報が座標値であるとき、
 前記区分ID特定情報記憶部は、座標の範囲と、その範囲に対して定められた前記位置区分IDとの対応関係を表す情報を記憶することを特徴とする付記4に記載のユーザID匿名化装置。
(付記6)
 前記ユーザ位置情報が場所を表す情報であるとき、
 前記区分ID特定情報記憶部は、場所を表す情報の組み合わせと、その組み合わせに対して定められた前記位置区分IDとの対応関係を表す情報を記憶することを特徴とする付記4または付記5に記載のユーザID匿名化装置。
(付記7)
 前記ユーザ位置情報が住所を表す情報であるとき、
 前記区分ID特定情報記憶部は、住所の範囲と、その範囲に対して定められた前記位置区分IDとの対応関係を表す情報を記憶することを特徴とする付記4から付記6のいずれか1つに記載のユーザID匿名化装置。
(付記8)
 前記区分ID特定情報記憶部は、時刻の範囲と、その範囲に対して定められた前記時刻区分IDとの対応関係を表す情報をさらに記憶することを特徴とする付記4から付記7のいずれか1つに記載のユーザID匿名化装置。
(付記9)
 前記区分ID特定部は、前記位置の範囲および前記位置区分IDの対応関係を所定の条件に応じて切り替え、切り替えた対応関係に基づいて前記位置区分IDを特定することを特徴とする付記1から付記8のいずれか1つに記載のユーザID匿名化装置。
(付記10)
 前記区分ID特定部は、前記時刻の範囲および前記時刻区分IDの対応関係を所定の条件に応じて切り替え、切り替えた対応関係に基づいて前記時刻区分IDを特定することを特徴とする付記2から付記9のいずれか1つに記載のユーザID匿名化装置。
(付記11)
 ユーザの位置を表すユーザ位置情報および前記ユーザを識別するユーザIDを取得する情報取得部と、
 前記情報取得部によって取得された前記ユーザ位置情報および前記ユーザIDを用いて前記匿名IDを生成する付記1から付記10のいずれか1つに記載のユーザID匿名化装置と、
 前記ユーザID匿名化装置を用いて生成された匿名IDおよび前記ユーザに関する情報を対応付けて出力する情報出力部と、
 を備えた情報処理システム。
(付記12)
 前記情報出力部は、前記匿名IDおよび前記ユーザ位置情報を対応付けて出力することを特徴とする付記11に記載の情報処理システム。
(付記13)
 前記情報取得部は、前記ユーザ位置情報および前記ユーザIDに加えて、前記ユーザが前記ユーザ位置情報の示す位置にいた時刻を表す時刻情報をさらに取得し、
 前記ユーザID匿名化装置は、前記ユーザ位置情報および前記ユーザIDに加えて、前記時刻情報をさらに用いて前記匿名IDを生成することを特徴とする付記11または付記12に記載の情報処理システム。
(付記14)
 前記情報出力部は、前記ユーザID匿名化装置を用いて生成された匿名IDおよび前記ユーザに関する情報に加えて、前記時刻情報を対応付けて出力することを特徴とする付記13に記載の情報処理システム。
(付記15)
 ユーザの位置を示すユーザ位置情報に基づいて、前記位置を含む範囲を識別する区分ID(位置区分ID)を特定し、
 前記ユーザを識別するユーザIDおよび前記位置区分IDを用いて匿名IDを生成する、ユーザID匿名化方法。
(付記16)
 ユーザの位置を表すユーザ位置情報および前記ユーザを識別するユーザIDを取得し、
 前記ユーザ位置情報に基づいて、前記位置を含む範囲を識別する区分ID(位置区分ID)を特定し、
 前記ユーザIDおよび前記位置区分IDを用いて匿名IDを生成し、
 前記匿名IDおよび前記ユーザに関する情報を対応付けて出力する、情報処理方法。
(付記17)
 ユーザの位置を示すユーザ位置情報に基づいて、前記位置を含む範囲を識別する区分ID(位置区分ID)を特定する区分ID特定ステップと、
 前記ユーザを識別するユーザIDおよび前記位置区分IDを用いて匿名IDを生成する匿名ID生成ステップと、
 をコンピュータ装置に実行させるコンピュータ・プログラム。
(付記18)
 ユーザの位置を表すユーザ位置情報および前記ユーザを識別するユーザIDを取得する情報取得ステップと、
 前記ユーザ位置情報に基づいて、前記位置を含む範囲を識別する区分ID(位置区分ID)を特定する区分ID特定ステップと、
 前記ユーザIDおよび前記位置区分IDを用いて匿名IDを生成する匿名ID生成ステップと、
 前記匿名IDおよび前記ユーザに関する情報を対応付けて出力する情報出力ステップと、
 をコンピュータ装置に実行させるコンピュータ・プログラム。 (Appendix 1)
A section ID identifying unit that identifies a section ID (position section ID) for identifying a range including the position, based on user position information indicating the position of the user;
An anonymous ID generation unit that generates an anonymous ID using the user ID for identifying the user and the position classification ID;
A user ID anonymization device comprising:
(Appendix 2)
The section ID specifying unit further specifies a section ID (time section ID) for identifying a time range including the time based on time information indicating a time when the user was at a position indicated by the user position information.
The said anonymous ID production | generation part produces | generates the said anonymous ID using the said time division ID in addition to the said user ID and the said position division ID, The user ID anonymization apparatus of Additional remark 1 characterized by the above-mentioned.
(Appendix 3)
In the supplementary note 1 or the supplementary note 2, the anonymous ID generation unit sets information obtained by applying a one-way hash function to information including the user ID and the classification ID as the anonymous ID. The described user ID anonymization device.
(Appendix 4)
A section ID specifying information storage unit for storing information representing a correspondence relationship between the range of the position and the position section ID determined for the range;
From the supplementary note 1, the section ID specifying unit specifies a position section ID determined for a range including the position indicated by the user position information by referring to the section ID specifying information storage unit The user ID anonymization device according to any one of Appendix 3.
(Appendix 5)
When the user position information is a coordinate value,
The user ID anonymization according to appendix 4, wherein the section ID specific information storage unit stores information representing a correspondence relationship between a coordinate range and the position section ID defined for the range. apparatus.
(Appendix 6)
When the user position information is information representing a place,
In the supplementary note 4 or the supplementary note 5, the classification ID specifying information storage unit stores information representing a correspondence relationship between a combination of information representing a place and the position classification ID determined for the combination. The described user ID anonymization device.
(Appendix 7)
When the user position information is information representing an address,
Any one of the appendix 4 to the appendix 6, wherein the section ID specific information storage unit stores information representing a correspondence relationship between a range of addresses and the position section ID defined for the range. The user ID anonymization device described in 1.
(Appendix 8)
Any one of appendix 4 to appendix 7, wherein the segment ID specific information storage unit further stores information representing a correspondence relationship between a time range and the time segment ID defined for the range. The user ID anonymization apparatus as described in one.
(Appendix 9)
From the supplementary note 1, the section ID specifying unit switches the correspondence between the position range and the position section ID according to a predetermined condition, and specifies the position section ID based on the switched correspondence. The user ID anonymization device according to any one of appendix 8.
(Appendix 10)
From the supplementary note 2, the section ID identifying unit switches the correspondence between the time range and the time section ID according to a predetermined condition, and identifies the time section ID based on the switched correspondence. The user ID anonymization device according to any one of Appendix 9.
(Appendix 11)
An information acquisition unit for acquiring user position information representing the position of the user and a user ID for identifying the user;
The user ID anonymization device according to any one of Supplementary Note 1 to Supplementary Note 10, which generates the anonymous ID using the user position information and the user ID acquired by the information acquisition unit;
An information output unit that outputs the anonymous ID generated using the user ID anonymization device and information related to the user in association with each other;
Information processing system with
(Appendix 12)
The information processing system according to appendix 11, wherein the information output unit outputs the anonymous ID and the user position information in association with each other.
(Appendix 13)
In addition to the user position information and the user ID, the information acquisition unit further acquires time information indicating the time when the user was at the position indicated by the user position information,
13. The information processing system according to appendix 11 or appendix 12, wherein the user ID anonymization device generates the anonymous ID by further using the time information in addition to the user position information and the user ID.
(Appendix 14)
14. The information processing according to appendix 13, wherein the information output unit outputs the time information in association with the anonymous ID generated using the user ID anonymization device and the information related to the user. system.
(Appendix 15)
Based on the user position information indicating the position of the user, identify a section ID (position section ID) that identifies a range including the position,
The user ID anonymization method which produces | generates anonymous ID using the user ID and the said position division ID which identify the said user.
(Appendix 16)
Obtaining user location information representing the location of the user and a user ID identifying the user;
Based on the user position information, identify a section ID (position section ID) for identifying a range including the position,
An anonymous ID is generated using the user ID and the location classification ID,
An information processing method for outputting the anonymous ID and information related to the user in association with each other.
(Appendix 17)
A section ID specifying step for specifying a section ID (position section ID) for identifying a range including the position, based on user position information indicating the position of the user;
An anonymous ID generating step for generating an anonymous ID using the user ID for identifying the user and the position classification ID;
Is a computer program that causes a computer device to execute.
(Appendix 18)
An information acquisition step of acquiring user position information representing the position of the user and a user ID for identifying the user;
A section ID specifying step for specifying a section ID (position section ID) for identifying a range including the position based on the user position information;
An anonymous ID generating step for generating an anonymous ID using the user ID and the position classification ID;
An information output step for outputting the anonymous ID and information related to the user in association with each other;
Is a computer program that causes a computer device to execute.
 この出願は、2013年11月12日に出願された日本出願特願2013-234162を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority based on Japanese Patent Application No. 2013-234162 filed on November 12, 2013, the entire disclosure of which is incorporated herein.
 1  情報処理システム
 2、3、4  情報提供システム
 9  情報活用システム
 11、31  取得部
 13、23、33  出力部
 12、22、32、42  匿名化装置
 14、24、34、44  特定部
 15、25、35  生成部
 26、36、46  記憶部
 1001  CPU
 1002  RAM
 1003  ROM
 1004  記憶装置
 1005  ネットワークインタフェース DESCRIPTION OF SYMBOLS 1 Information processing system 2, 3, 4 Information provision system 9 Information utilization system 11, 31 Acquisition part 13, 23, 33 Output part 12, 22, 32, 42 Anonymization device 14, 24, 34, 44 Identification part 15, 25 , 35 Generation unit 26, 36, 46 Storage unit 1001 CPU
1002 RAM
1003 ROM
1004 Storage device 1005 Network interface

Claims (18)

  1.  ユーザの位置を示すユーザ位置情報に基づいて、前記位置を含む範囲を識別する位置区分IDを特定する特定手段と、
     前記ユーザを識別するユーザIDおよび前記位置区分IDを用いて匿名IDを生成する生成手段と、
     を備える匿名化装置。     A specifying means for specifying a position classification ID for identifying a range including the position, based on user position information indicating the position of the user;
    Generating means for generating an anonymous ID using the user ID for identifying the user and the position classification ID;
    Anonymization device comprising:
  2.  前記特定手段は、前記ユーザが前記ユーザ位置情報の示す位置にいた時刻を表す時刻情報に基づいて、前記時刻を含む時刻の範囲を識別する時刻区分IDをさらに特定し、
     前記生成手段は、前記ユーザIDおよび前記位置区分IDに加えて、前記時刻区分IDを用いて前記匿名IDを生成する請求項1に記載の匿名化装置。     The specifying means further specifies a time segment ID for identifying a time range including the time based on time information indicating a time when the user was at a position indicated by the user position information.
    The anonymization device according to claim 1, wherein the generation unit generates the anonymous ID using the time division ID in addition to the user ID and the position division ID.
  3.  前記生成手段は、前記ユーザIDおよび前記区分IDを含む情報に対して一方向性ハッシュ関数を適用して得られる情報を、前記匿名IDとする請求項1または請求項2に記載の匿名化装置。 The anonymization device according to claim 1, wherein the generation unit sets information obtained by applying a one-way hash function to information including the user ID and the classification ID as the anonymous ID. .
  4.  前記位置の範囲と、前記範囲に対して定められた前記位置区分IDとの対応関係を表す情報を記憶する記憶手段をさらに備え、
     前記特定手段は、前記ユーザ位置情報の示す位置を含む範囲に対して定められた位置区分IDを、前記記憶手段を参照することにより特定する請求項1から請求項3のいずれか1項に記載の匿名化装置。     Storage means for storing information representing a correspondence relationship between the range of the position and the position category ID determined for the range;
    4. The device according to claim 1, wherein the specifying unit specifies a position classification ID determined for a range including a position indicated by the user position information by referring to the storage unit. 5. Anonymization device.
  5.  前記特定手段は、前記位置の範囲および前記位置区分IDの対応関係を所定の条件に応じて切り替え、切り替えた対応関係に基づいて前記位置区分IDを特定する請求項1から請求項4のいずれか1項に記載の匿名化装置。 5. The device according to claim 1, wherein the specifying unit switches the correspondence relationship between the position range and the position division ID according to a predetermined condition, and specifies the position division ID based on the switched correspondence relationship. The anonymization device according to item 1.
  6.  ユーザの位置を表すユーザ位置情報および前記ユーザを識別するユーザIDを取得する取得手段と、
     前記取得手段によって取得された前記ユーザ位置情報および前記ユーザIDを用いて前記匿名IDを生成する請求項1から請求項5のいずれか1項に記載の匿名化装置と、
     前記匿名化装置を用いて生成された匿名IDおよび前記ユーザ情報を対応付けて出力する出力手段と、
     を備える情報処理システム。     Obtaining means for obtaining user position information representing the position of the user and a user ID for identifying the user;
    The anonymization device according to any one of claims 1 to 5, wherein the anonymization ID is generated using the user position information and the user ID acquired by the acquisition unit.
    An output unit that associates and outputs the anonymous ID generated using the anonymization device and the user information;
    An information processing system comprising:
  7.  前記出力手段は、前記匿名IDおよび前記ユーザ位置情報を対応付けて出力する請求項6に記載の情報処理システム。 The information processing system according to claim 6, wherein the output means outputs the anonymous ID and the user position information in association with each other.
  8.  ユーザの位置を示すユーザ位置情報に基づいて、前記位置を含む範囲を識別する位置区分IDを特定し、
     前記ユーザを識別するユーザIDおよび前記位置区分IDを用いて匿名IDを生成する、匿名化方法。     Based on the user position information indicating the position of the user, the position classification ID that identifies the range including the position is specified,
    An anonymization method of generating an anonymous ID using a user ID for identifying the user and the position classification ID.
  9.  ユーザの位置を表すユーザ位置情報および前記ユーザを識別するユーザIDを取得し、
     前記ユーザ位置情報に基づいて、前記位置を含む範囲を識別する位置区分IDを特定し、
     前記ユーザIDおよび前記位置区分IDを用いて匿名IDを生成し、
     前記匿名IDおよび前記ユーザ情報を対応付けて出力する、情報処理方法。     Obtaining user location information representing the location of the user and a user ID identifying the user;
    Based on the user location information, specify a location category ID that identifies a range including the location,
    An anonymous ID is generated using the user ID and the location classification ID,
    An information processing method for outputting the anonymous ID and the user information in association with each other.
  10.  ユーザの位置を示すユーザ位置情報に基づいて、前記位置を含む範囲を識別する位置区分IDを特定し、
     前記ユーザを識別するユーザIDおよび前記位置区分IDを用いて匿名IDを生成すること
    をコンピュータ装置に実行させるコンピュータ・プログラムを記録する記録媒体。     Based on the user position information indicating the position of the user, the position classification ID that identifies the range including the position is specified,
    A recording medium for recording a computer program that causes a computer device to generate an anonymous ID using a user ID for identifying the user and the position classification ID.
  11.  前記ユーザ位置情報が座標値であるとき、
     前記記憶手段は、座標の範囲と、その範囲に対して定められた前記位置区分IDとの対応関係を表す情報を記憶する請求項4に記載の匿名化装置。     When the user position information is a coordinate value,
    The anonymization device according to claim 4, wherein the storage unit stores information representing a correspondence relationship between a coordinate range and the position classification ID defined for the range.
  12.  前記ユーザ位置情報が場所を表す情報であるとき、
     前記記憶手段は、場所を表す情報の組み合わせと、その組み合わせに対して定められた前記位置区分IDとの対応関係を表す情報を記憶する請求項4または請求項11に記載の匿名化装置。     When the user position information is information representing a place,
    The anonymization device according to claim 4 or 11, wherein the storage unit stores information representing a correspondence relationship between a combination of information representing a place and the position classification ID determined for the combination.
  13.  前記ユーザ位置情報が住所を表す情報であるとき、
     前記記憶手段は、住所の範囲と、その範囲に対して定められた前記位置区分IDとの対応関係を表す情報を記憶する請求項4、請求項11、請求項12のいずれか1つに記載の匿名化装置。     When the user position information is information representing an address,
    The said storage means memorize | stores the information showing the correspondence of the range of an address, and the said position division ID defined with respect to the range. Anonymization device.
  14.  前記記憶手段は、時刻の範囲と、その範囲に対して定められた前記時刻区分IDとの対応関係を表す情報をさらに記憶する請求項4、請求項11から請求項13のいずれか1つに記載の匿名化装置。 The storage means further stores information representing a correspondence relationship between a time range and the time division ID determined for the range. The anonymization device described.
  15.  前記特定手段は、前記時刻の範囲および前記時刻区分IDの対応関係を所定の条件に応じて切り替え、切り 替えた対応関係に基づいて前記時刻区分IDを特定する請求項2から請求項4、請求項11から14のいずれか1つに記載の匿名化装置。 The said specifying means switches the correspondence of the said time range and the said time division ID according to predetermined conditions, and specifies the said time division ID based on the switched correspondence. Item 15. The anonymization device according to any one of Items 11 to 14.
  16.  前記取得手段は、前記ユーザ位置情報および前記ユーザIDに加えて、前記ユーザが前記ユーザ位置情報の示す位置にいた時刻を表す時刻情報をさらに取得し、
     前記匿名化装置は、前記ユーザ位置情報および前記ユーザIDに加えて、前記時刻情報をさらに用いて前記匿名IDを生成する請求項6に記載の情報処理システム。     In addition to the user position information and the user ID, the acquisition unit further acquires time information indicating the time when the user was at the position indicated by the user position information,
    The information processing system according to claim 6, wherein the anonymization device generates the anonymous ID by further using the time information in addition to the user position information and the user ID.
  17.  前記出力手段は、前記匿名化装置を用いて生成された匿名IDおよび前記ユーザに関する情報に加えて、前記時刻情報を対応付けて出力する請求項16に記載の情報処理システム。 The information processing system according to claim 16, wherein the output means outputs the time information in association with the anonymous ID generated using the anonymization device and the information related to the user.
  18.  ユーザの位置を表すユーザ位置情報および前記ユーザを識別するユーザIDを取得し、
     前記ユーザ位置情報に基づいて、前記位置を含む範囲を識別する位置区分IDを特定し、
     前記ユーザIDおよび前記位置区分IDを用いて匿名IDを生成し、
     前記匿名IDおよび前記ユーザに関する情報を対応付けて出力する、
     ことをコンピュータ装置に実行させるコンピュータ・プログラムを記録する記録媒体。     Obtaining user location information representing the location of the user and a user ID identifying the user;
    Based on the user location information, specify a location category ID that identifies a range including the location,
    An anonymous ID is generated using the user ID and the location classification ID,
    Outputting the anonymous ID and information related to the user in association with each other;
    A recording medium for recording a computer program that causes a computer device to execute the above-described operation.
PCT/JP2014/005333 2013-11-12 2014-10-21 Anonymization device, information processing system, anonymization method, information processing method, and recording medium for recording computer program WO2015072084A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2015547618A JPWO2015072084A1 (en) 2013-11-12 2014-10-21 Anonymization device, information processing system, anonymization method, information processing method, and computer program

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2013-234162 2013-11-12
JP2013234162 2013-11-12

Publications (1)

Publication Number Publication Date
WO2015072084A1 true WO2015072084A1 (en) 2015-05-21

Family

ID=53057037

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/005333 WO2015072084A1 (en) 2013-11-12 2014-10-21 Anonymization device, information processing system, anonymization method, information processing method, and recording medium for recording computer program

Country Status (2)

Country Link
JP (1) JPWO2015072084A1 (en)
WO (1) WO2015072084A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017162270A (en) * 2016-03-10 2017-09-14 株式会社東芝 Information collection system and gateway terminal
JP2018136625A (en) * 2017-02-20 2018-08-30 Kddi株式会社 Identification apparatus, identification method and identification program
US11184762B1 (en) 2020-06-26 2021-11-23 Moj.Io, Inc. Compute system with anonymization mechanism and method of operation thereof
JP2022002046A (en) * 2020-06-22 2022-01-06 トヨタ自動車株式会社 Data collection apparatus and data collection method
JP2022051695A (en) * 2020-09-22 2022-04-01 グラスパー テクノロジーズ エーピーエス Concept for anonymous re-identification

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5961593A (en) * 1997-01-22 1999-10-05 Lucent Technologies, Inc. System and method for providing anonymous personalized browsing by a proxy system in a network
JPH11331144A (en) * 1998-05-14 1999-11-30 Seiko Epson Corp Ciphering device, deciphering device, portable information processor, ciphering method, deciphering method and portable information processor control method
JP2002268950A (en) * 2001-03-07 2002-09-20 Sony Corp Information management system, information managing method, information processor, information processing method and program
US6496931B1 (en) * 1998-12-31 2002-12-17 Lucent Technologies Inc. Anonymous web site user information communication method
JP2006311112A (en) * 2005-04-27 2006-11-09 Hitachi Ltd Method and apparatus for managing id
JP2008072205A (en) * 2006-09-12 2008-03-27 Mitsubishi Electric Corp Server, terminal, and action recording system and method
WO2009009392A1 (en) * 2007-07-10 2009-01-15 Qualcomm Incorporated Peer to peer identifiers

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5961593A (en) * 1997-01-22 1999-10-05 Lucent Technologies, Inc. System and method for providing anonymous personalized browsing by a proxy system in a network
JPH11331144A (en) * 1998-05-14 1999-11-30 Seiko Epson Corp Ciphering device, deciphering device, portable information processor, ciphering method, deciphering method and portable information processor control method
US6496931B1 (en) * 1998-12-31 2002-12-17 Lucent Technologies Inc. Anonymous web site user information communication method
JP2002268950A (en) * 2001-03-07 2002-09-20 Sony Corp Information management system, information managing method, information processor, information processing method and program
JP2006311112A (en) * 2005-04-27 2006-11-09 Hitachi Ltd Method and apparatus for managing id
JP2008072205A (en) * 2006-09-12 2008-03-27 Mitsubishi Electric Corp Server, terminal, and action recording system and method
WO2009009392A1 (en) * 2007-07-10 2009-01-15 Qualcomm Incorporated Peer to peer identifiers

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017162270A (en) * 2016-03-10 2017-09-14 株式会社東芝 Information collection system and gateway terminal
JP2018136625A (en) * 2017-02-20 2018-08-30 Kddi株式会社 Identification apparatus, identification method and identification program
JP2022002046A (en) * 2020-06-22 2022-01-06 トヨタ自動車株式会社 Data collection apparatus and data collection method
JP7188416B2 (en) 2020-06-22 2022-12-13 トヨタ自動車株式会社 Data collection device and data collection method
US11184762B1 (en) 2020-06-26 2021-11-23 Moj.Io, Inc. Compute system with anonymization mechanism and method of operation thereof
JP2022051695A (en) * 2020-09-22 2022-04-01 グラスパー テクノロジーズ エーピーエス Concept for anonymous re-identification
JP7206343B2 (en) 2020-09-22 2023-01-17 グラスパー テクノロジーズ エーピーエス Concept of anonymous re-identification

Also Published As

Publication number Publication date
JPWO2015072084A1 (en) 2017-03-16

Similar Documents

Publication Publication Date Title
WO2015072084A1 (en) Anonymization device, information processing system, anonymization method, information processing method, and recording medium for recording computer program
AU2017399007B2 (en) Mobility gene for trajectory data
US11181382B2 (en) Generating maps of private spaces using mobile computing device sensors
WO2012090628A1 (en) Information security device and information security method
WO2011024298A1 (en) Service system
ATE548704T1 (en) PROVIDING A SERVICE BASED ON ACCESS RIGHTS TO SHARED DATA
JP2016540274A (en) Privacy-enhanced spatial analysis
JP6011259B2 (en) Proximity determination method, proximity determination device, proximity determination system, and proximity determination program
Holcer et al. Privacy in indoor positioning systems: A systematic review
US20120131030A1 (en) Information management apparatus, information management method, and information control program
CN110460563A (en) Data encryption, decryption method and device, system, readable medium and electronic equipment
TW201423377A (en) Data storage and system thereof
WO2011043429A1 (en) Information management device, data processing method thereof, and computer program
AU2017399008A1 (en) Mobility gene for visit data
WO2017004597A1 (en) Systems and methods for media privacy
Gupta et al. Technological and analytical review of contact tracing apps for COVID-19 management
JP6352441B2 (en) Anonymizing streaming data
US10165502B2 (en) Asynchronous information transfer between devices on different networks via a plurality of provider devices
US20210357531A1 (en) Privacy preserving location tracking
JP5351852B2 (en) Crossing statistics system, speech terminal, crossing statistics method
US20160092481A1 (en) Information integration and assessment
JP6015661B2 (en) Data division apparatus, data division system, data division method, and program
JP5948238B2 (en) Data management method and data management apparatus
US9755946B2 (en) Confidentially determining route diversity for network routes
JP2018156307A (en) Calculation device, calculation method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14862964

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2015547618

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14862964

Country of ref document: EP

Kind code of ref document: A1