JP2015170124A - Information processing apparatus, information processing method and information processing program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To collate a user matching a provision condition when an owner provides data in one aspect.SOLUTION: An information processing system 10 comprises: a reception part (36) which receives information indicating the storage location of data and information (26) indicating a provision condition determined by an owner and defining a user of a provision object of data from a data management part (20) for managing data (24) owned by the owner in order to mediate provision of data owned by the owner from the owner to a user; and a decision part (38) which decides a user having attribute matching the provision condition as the user of the provision object of the data on the basis of the information (26) indicating the provision condition and attribute information (44) stored in a storage part (34) and indicating the feature of each of the plurality of users managed by the own apparatus. Consequently, the information processing system can collate a user matching the provision condition when the owner provides data in a case of mediating provision of data from the owner to a user.

Description

  The disclosed technology relates to an information processing apparatus, an information processing method, and an information processing program.

  An owner who owns or manages the digitized data may want to provide the data only to users with certain attributes. As an example of the specific attribute, information representing the user's characteristics such as the user's gender, age, hobby, taste, and behavior of visiting a specific store is known. As an example of the owner providing data to the user, the business owner who owns or manages the data provides data such as advertisements that can be expected to be of interest to users with specific attributes in order to acquire new customers If you want to.

  2. Description of the Related Art A technique is known in which, when providing data owned or managed by an owner to a user, the mediator provides the user with the data of the owner. For example, when the advertising business that owns the advertising data is the owner and the viewer of the data such as the advertisement is the user, the information is received by notifying the user of the information indicating the storage location of the data such as the advertisement. An information processing apparatus that mediates provision of a user's data to a user is known. In this technique, data is owned or managed by an information processing device on the owner side (hereinafter referred to as an owner device). When data is provided from the owner side, information indicating the storage location of the data from the owner device and information indicating the provision conditions such as the age and gender of the user who wants to provide information on the mediator side providing the specific service Sent to a device (hereinafter referred to as an intermediary device). The intermediary device manages the attributes of the user who uses the specific service, and provides the specific service to the information processing device on the user side (hereinafter referred to as the user device). The intermediary device, when requested to provide a specific service by the user device, compares the provision conditions from the owner device with the attributes of the user, and stores the data received from the owner device if they match Is notified to the user side.

JP 2002-149690 A

  However, in the technique of collating the provision conditions with the user attributes when receiving a specific service, it is not possible to collate users who are candidates for the provision destination of data to be provided until the user operates the user device. In other words, when the user device is operated, collating the provision condition with the user attribute is to search for a provision condition that matches the user attribute from the plurality of provision conditions. However, when providing data, the owner may desire to collate with users who are candidates for the provision destination of data to be provided.

  In one aspect, an object of the present invention is to collate users who meet provision conditions before providing data to be provided to a user who is a provision destination.

  In the disclosed technique, the receiving unit receives information indicating a storage location of data to be provided and information indicating a provision condition that defines a user to whom the data is to be provided from a data management unit that manages data. Further, the determination unit determines the user before providing the data to be provided to the user who is the providing destination. In addition, the determination unit is configured to specify a user who has attribute information that matches the provision condition received by the reception unit based on the attribute information indicating the characteristics of each of the plurality of users stored in the storage unit. To be a user. Therefore, when mediating the provision of data from the owner to the user, the user who matches the provision condition is collated before the provision target data is provided to the user as the provision destination.

  One aspect has an effect that a user who meets the provision condition can be collated before the provision target data is provided to the user as the provision destination.

It is a block diagram which shows an example of the information processing apparatus which concerns on 1st Embodiment. It is a block diagram which shows an example of the relationship between the owner apparatus contained in the information processing apparatus which concerns on 1st Embodiment, an intermediary apparatus, and a user apparatus. It is a block diagram which shows an example of the information processing system implement | achieved with the computer system which concerns on 1st Embodiment. It is an image figure which shows an example of the data structure of a data management database. It is an image figure which shows an example of the data structure of an attribute database. It is an image figure which shows an example of provision conditions. It is a sequence flow which shows an example of the whole flow in the computer system concerning 1st Embodiment. It is a flowchart which shows an example of the flow of a process in an owner computer. It is a flowchart which shows an example of the flow of a process in an intermediary computer. It is a flowchart which shows an example of the flow of a process in a user's terminal device. It is a block diagram which shows an example of the information processing apparatus which concerns on 2nd Embodiment. It is a block diagram which shows an example which implement | achieves the information processing system concerning 2nd Embodiment with a computer system. It is an image figure which shows an example of the data structure of a matching result database. It is an image figure which shows an example of the data structure of an attribute database. It is an image figure which shows an example of the data structure of an authentication database. It is an image figure which shows an example of the data structure of a matching result database. It is an image figure which shows an example of the data structure of an attribute DB database. It is an image figure which shows an example of the data structure of an authentication database. It is an image figure which shows an example of the data structure of a matching result database. It is an image figure which shows an example of provision conditions. It is a sequence flow which shows an example of the whole flow in the computer system concerning 2nd Embodiment. It is a flowchart which shows an example of the flow of a process in an owner computer. It is a flowchart which shows an example of the flow of a process of the matching function in an intermediary computer. It is a flowchart which shows an example of the flow of a process of the authentication function in an intermediary computer. It is a flowchart which shows an example of the flow of a process in a user's terminal device. It is a block diagram which shows an example of the mediator computer in the case of implement | achieving the information processing system concerning 3rd Embodiment with a computer system. It is an image figure which shows an example of the data structure of an anonymization database. It is an image figure which shows an example of the data structure of a matching result database. It is a sequence flow which shows an example of the whole flow in the computer system concerning 3rd Embodiment. It is a flowchart which shows an example of the flow of a process of the matching function in an intermediary computer. It is a flowchart which shows an example of the flow of a process of the authentication function in an intermediary computer. It is an image figure which shows an example of the data structure of the anonymization database concerning 4th Embodiment. It is an image figure which shows an example of provision conditions. It is a sequence flow which shows an example of the whole flow in the computer system concerning 4th Embodiment. It is a flowchart which shows an example of the flow of a process of the matching function in an intermediary computer. It is an image figure which shows an example of provision conditions. It is a flowchart which shows an example of the flow of a process of the matching function in the mediator computer concerning 5th Embodiment.

  Hereinafter, an example of an embodiment of the disclosed technology will be described in detail with reference to the drawings. In the present embodiment, the disclosed technology is applied to an information processing apparatus that mediates provision of data from an owner to a user.

(First embodiment)
FIG. 1 shows an example of an information processing system 10 according to the first embodiment. FIG. 2 shows an example in which the owner device 12, the mediator device 28, and the user device 46 included in the information processing system 10 are connected via the network 48. In addition, in FIG. 2, an example in the case of providing the two user apparatuses 46 is shown.

  The information processing system 10 includes an owner device 12, an intermediary device 28, and a user device 46. The owner device 12 is an information processing device on the owner side that owns or manages the data 24, and includes a CPU 14 and a memory 16, and an information processing program 22 on the owner side is stored in the memory 16. The CPU 14 operates as the data management unit 20 by executing the information processing program 22 stored in the memory 16. The CPU 14 is connected to a storage unit 18 that stores data 24 and information 26 indicating provision conditions. The intermediary device 28 is an information processing device on the mediator side that mediates the provision of the data 24 on the owner side to the user, and includes a CPU 30 and a memory 32. The memory 32 includes an information processing program 42 on the mediator side. Is memorized. The CPU 30 operates as the receiving unit 36, the determining unit 38, and the notification unit 40 by executing the information processing program 42 stored in the memory 32. The CPU 30 is connected to a storage unit 34 in which attribute information 44 indicating user characteristics managed on the mediator side is stored. On the broker side, a user managed on the broker side by the broker device 28 can use the specific service. The user device 46 is an information processing device on the user side that uses a specific service on the mediator side.

  In the information processing system 10, information is transmitted from the data management unit 20 of the owner device 12 to the mediator device 28 when the owner desires to provide the data 24. The information transmitted by the data management unit 20 of the owner device 12 includes information indicating the storage location of the data 24 to be provided and information 26 indicating a provision condition that defines a user who provides the data to be provided. . Information 26 indicating the provision conditions is predetermined on the owner side.

  The intermediary device 28 receives the information indicating the storage location of the data 24 transmitted from the data management unit 20 of the owner device 12 and the information 26 indicating the provision conditions by the receiving unit 36. In addition, the determination unit 38 conforms to the provision condition based on the information 26 indicating the provision condition and the attribute information 44 indicating the characteristics of each of the plurality of users stored in the storage unit and managed on the mediator side. The user who has the attribute information 44 is determined to be the user who provides the data 24. Therefore, when mediating the provision of the data 24 from the owner to the user by the mediator device 28, the user who matches the provision conditions is collated before the provision target data is provided to the user as the provision destination. That is, when the owner side wants to provide the data 24 to the user, the user who matches the provision condition to the owner side is collated before the user uses the specific service.

  The information processing system 10 is an example of an information processing device in the disclosed technology, and the data management unit 20 of the owner device 12 is an example of a data management unit in the disclosed technology. The receiving unit 36, the determining unit 38, and the notifying unit 40 of the mediator device 28 are examples of the receiving unit, the determining unit, and the notifying unit in the disclosed technology. The information processing program 22 or the information processing program 42 is an example of an information processing program in the disclosed technology. Furthermore, the mediator device 28 is an example of a mediator device in the disclosed technology.

  FIG. 3 shows an example in which the information processing system 10 is realized by the computer system 50. The computer system 50 includes an owner computer 52 on the owner side and a terminal device 100 on the owner side. The owner computer 52 includes a CPU 54, a memory 56, and a nonvolatile storage unit 62. The CPU 54, the memory 56, and the storage unit 62 are connected to each other via a bus 69. In the owner computer 52, a device (IO device) 58 for reading from and writing to the recording medium 59 is connected to the bus 69. Further, the owner computer 52 includes a communication control unit 60 including an interface for connecting to the network 48. The storage unit 62 can be realized by an HDD (Hard Disk Drive) or a flash memory.

  The storage unit 62 stores an OS (Operating System) 62 and an owner-side program 66 for causing the owner computer 52 to function as the data management unit 20 (FIG. 1) of the owner device 12. The owner side program 66 includes a data management function process 67. The CPU 54 reads the owner-side program 66 from the storage unit 62, expands it in the memory 56, and executes the data management function process 67. The storage unit 62 also stores data 24 and a data management table (hereinafter referred to as a data management DB) 25 including information related to the data 24. The storage unit 62 corresponds to the storage unit 18 shown in FIG.

  The owner computer 52 operates as the owner device 12 shown in FIG. 1 or FIG. 2 when the CPU 54 reads the owner-side program 66 from the storage unit 62, expands it in the memory 56, and executes it.

  FIG. 4 shows an example of the data structure of the data management DB 25. Information related to the data 24 is registered in the data management DB 25. FIG. 4 shows an example in which each information of “data ID”, “owner ID”, “URL”, and “data name” is associated and registered as the data management DB 25. Information indicating “data ID” is identification information for identifying the data 24. The information indicating “owner ID” is identification information for identifying the owner who owns the data 24. Further, the information indicating “URL” is information indicating a storage position where data 24 such as a URL (Uniform Resource Locator) is stored. Furthermore, the “data name” information is information such as the name of data for enabling the contents of the data 24 to be grasped. In the data management DB 25, the owner can operate the terminal device 100 to register data.

  A computer system 50 shown in FIG. 3 includes a mediator computer 70 on the mediator side and a terminal device 120 on the mediator side. The mediator computer 70 includes a CPU 72, a memory 74, and a nonvolatile storage unit 80. The CPU 72, the memory 74, and the storage unit 80 are connected to each other via a bus 99. In the mediator computer 70, a device (IO device) 76 for reading from and writing to the recording medium 59 is connected to the bus 99. Further, the mediator computer 70 includes a communication control unit 78 including an interface for connecting to the network 48. The storage unit 80 can be realized by an HDD or a flash memory.

  The storage unit 80 stores an OS 82 and a mediator-side program 84 for causing the mediator computer 70 to function as the mediator device 28 (FIG. 1). The intermediary program 84 stored in the storage unit 80 includes a matching function process 86. The CPU 72 reads the mediator-side program 84 from the storage unit 80, expands it in the memory 74, and executes each process included in the mediator-side program 84. The storage unit 80 stores a database (hereinafter simply referred to as DB) 92 including an attribute database (hereinafter referred to as attribute DB) 94.

  The mediator computer 70 operates as the mediator device 28 shown in FIG. 1 or FIG. 2 when the CPU 72 reads the mediator-side program 84 from the storage unit 80, loads it in the memory 74, and executes it.

  FIG. 5 shows an example of the data structure of the attribute DB 94. In the attribute DB 94, attribute information indicating user characteristics managed by the mediator computer 70 is registered. FIG. 5 shows an example in which each information of “user ID”, “sex”, “age”, and “region” is registered in association with the attribute DB 94. The information indicating “user ID” is identification information for identifying a user managed by the mediator computer 70. The information indicating “gender” is information indicating the gender of the user, and the information indicating “age” is information indicating the age corresponding to the age of the user. Furthermore, the information indicating “area” is information indicating a predetermined area including the user's address or a user location such as a registered residence. The attribute DB 94 can be created or registered when a user registers with a service provided by the mediator computer.

  In addition, although sex, an age, and an area are shown as an example of the attribute information contained in attribute DB94, attribute information is not limited to sex, an age, and an area. That is, the attribute information may be other information as long as it is information indicating the characteristics of the user. Also, in the attribute DB 94 of the first embodiment, information indicating “user ID” is registered in association with information indicating “contact”. As information indicating “contact address”, information used when contacting the user with the user ID from the mediator computer 70 is registered. An example of information indicating “contact” is information such as an email address. If information indicating a contact is registered in the mediator computer 70 by a separate system or the like, registration in the attribute DB 94 is not necessary.

  The terminal device 100 on the owner side shown in FIG. 3 includes a CPU 102, a memory 104, and a recording unit 106 that records an operation program 108. The CPU 102, the memory 104, and the recording unit 106 are connected to each other via a bus 118. The terminal device 100 includes a display unit 110 such as a display and an input unit 112 such as a keyboard and a mouse. The display unit 110 and the input unit 112 are connected to a bus 118. In the terminal device 100, a device (IO device) 114 for reading from and writing to the recording medium 59 is connected to the bus 118. Further, the terminal device 100 includes a communication control unit 116 including an interface for connecting to the network 48. The recording unit 106 can be realized by an HDD or a flash memory.

  In addition, the mediator-side terminal device 120 includes a CPU 122, a memory 124, and a recording unit 126 that records an operation program 128. The CPU 122, the memory 124, and the recording unit 126 are connected to each other via a bus 138. The terminal device 120 includes a display unit 130 such as a display and an input unit 132 such as a keyboard and a mouse. The display unit 130 and the input unit 132 are connected to the bus 138. In the terminal device 120, a device (IO device) 134 for reading from and writing to the recording medium 59 is connected to the bus 138. Further, the terminal device 120 includes a communication control unit 136 including an interface for connecting to the network 48. The recording unit 126 can be realized by an HDD or a flash memory.

  Furthermore, a user side terminal device 140 that uses a specific service provided by the mediator computer 70 is connected to the network 48 shown in FIG.

  The terminal device 140 includes a CPU 142, a memory 144, and a nonvolatile recording unit 146. The CPU 142, the memory 144, and the recording unit 146 are connected to each other via a bus 158. The terminal device 140 includes a display unit 150 such as a display and an input unit 152 such as a keyboard and a mouse. The display unit 150 and the input unit 152 are connected to a bus 158. Further, the terminal device 140 is connected to the bus 158 with an IO device 154 for reading from and writing to the recording medium 39. Further, the terminal device 140 includes a communication control unit 156 including an interface for connecting to the network 48. The recording unit 146 can be realized by an HDD or a flash memory.

  In FIG. 3, one terminal apparatus 140 has been described as an example, but the terminal apparatus 140 may include a plurality of terminals. Further, since the plurality of terminal devices 140 have substantially the same configuration, when there is no special note, they are collectively referred to as the terminal device 140, and the same portions are denoted by the same reference numerals. Further, in the case where each of the plurality of terminal devices 140 or each of the elements included in the terminal device 140 is individually targeted, a reference numeral is separately assigned to distinguish between the terminal devices 140 or between the elements included in the terminal device 140. Treat separately.

  Examples of the terminal devices 100, 120, and 140 include devices such as personal computers or smartphones. Furthermore, information such as messages can be exchanged between any of the processes operating on the owner computer 52, the processes operating on the mediator computer 70, and the programs operating on the terminal devices 100, 120, and 140. is there.

  Next, the operation of the first embodiment will be described. 1st Embodiment demonstrates the process until the information which shows the place where the data 24 of the owner side were stored is provided to the user's terminal device 140 via the one intermediary computer 70. FIG. Specifically, a case will be described in which the URL of the owner data data1 is provided to a user who meets the provision conditions shown in FIG. 6 among the users managed on the mediator side.

  In the first embodiment, an access point is assigned to a process executed by a computer. The information indicating the access point is identification information for specifying the process executed by the computer when sending information such as a message to the process executed by the computer via the network. An example of information indicating the access point includes identification information for identifying each computer connected to the network 48 and identification information for identifying a process executed by the computer. Specifically, the identification information for specifying the computer includes a network address, and the identification information for specifying the process includes information indicating a function name of a process executed in the specified computer.

  In the first embodiment, when information (URL) indicating the storage location of data to be provided is transmitted by e-mail to a providing destination registered in the attribute DB 94 corresponding to the user ID for identifying the user. Will be explained.

  FIG. 7 shows an example of the overall flow in the computer system 50 according to the first embodiment as a sequence flow including the relationship between devices. FIG. 8 shows the flow of processing in the owner computer 52. FIG. 9 shows the flow of processing in the mediator computer 70. Furthermore, FIG. 10 shows a flow of processing in the user terminal device 140.

  In the computer system 50, the CPU 102 executes the operation program 108 in the terminal device 100 on the owner side, and the CPU 142 executes the operation program 148 in the terminal device 140 on the user side. In the owner computer 52, the CPU 54 executes the owner-side program 66, and in the mediator computer 70, the CPU 72 executes the mediator-side program 84.

  First, in the computer system 50, by providing the operation of the terminal device 100 on the owner side, the provision target data 24 in the data 24 managed by the owner computer 52 and the provision conditions for specifying the provision destination user are input. (Step J01 shown in FIG. 7). In other words, the provision of data is instructed to the data management function of the owner computer 52 by inputting the provision target data 24 and provision conditions that define the provision destination user. In the first embodiment, information indicating the storage location of the data 24 on the owner side is provided to the matching function of the mediator computer 70 on the mediator side. Further, the terminal device 100 on the owner side transmits a message to the data management function of the owner computer 52. Specifically, in the terminal device 100, a data ID for identifying the data 24 and information 26 indicating the provision conditions are input. Further, the terminal device 100 transmits a message including the data ID, the information 26 indicating the provision conditions, and the information indicating the access point of the matching function of the mediator computer 70 on the mediator side to the owner computer 52.

  The data management function of the owner computer 52 acquires the information 26 indicating the provision condition from the received message and the information (URL) indicating the storage location of the data 24 corresponding to the data ID, and the matching function of the mediator computer 70. (Step J02 shown in FIG. 7). Specifically, the CPU 54 of the owner computer 52 periodically and repeatedly executes the data management function process 67 shown in FIG. The CPU 54 makes a negative determination in step 200 until a message from the terminal device 100 is received. When the message is received, the CPU 54 makes an affirmative determination in Step 200, and in Step 202, specifies information indicating each of the data ID, the provision condition, and the access point of the matching function from the received message. Next, in step 204, the CPU 54 collates the information 26 indicating the specified provision condition and the data management DB 25 to obtain the URL corresponding to the data ID. Further, in the next step 206, the CPU 54 sends information including the acquired URL and information 26 indicating the providing condition as a message, giving information indicating an access point of the matching function of the mediator computer 70 as a destination, and transmits the message. .

  Based on the message transmitted from the data management function, the matching function of the mediator computer 70 determines a user who meets the provision conditions from among the users managed on the mediator side (step J03 shown in FIG. 7). Specifically, the CPU 72 of the mediator computer 70 periodically and repeatedly executes the matching function process 86 shown in FIG. The CPU 72 makes a negative determination in step 300 until a message including information indicating an access point of the matching function is received. When the CPU 72 receives a message whose destination is an access point of the matching function, the CPU 72 makes an affirmative determination in step 300, and in step 302, specifies the URL 26 included in the message and the information 26 indicating the provision condition. Next, in step 304, the CPU 72 obtains the information 26 indicating the specified providing condition and the user ID of the user having attribute information matching the providing condition by checking the attribute DB 94. In addition, the CPU 72 determines the user with the acquired user ID as a user that meets the provision conditions. Next, in step 306, the CPU 72 transmits a message including the URL to the terminal device 140 associated with the user ID of the user who meets the provision conditions.

  The terminal device 140 on the user side receives the URL transmitted from the matching function of the mediator computer 70 (step J04 shown in FIG. 7). Specifically, the CPU 142 of the terminal device 140 on the user side periodically and repeatedly executes the operation program 148 shown in FIG. CPU 142 makes a negative determination in step 400 until a message from mediator computer 70 is received. When the CPU 142 receives the message, the CPU 142 makes an affirmative determination in Step 400, and specifies the URL transmitted from the matching function in Step 402. In the first embodiment, an electronic mail is received by the user's terminal device 140, and the user can confirm the URL by confirming the received electronic mail.

  The process of step 302 executed by the CPU 72 is an example corresponding to the process of the receiving unit when the mediator computer 70 operates as an intermediary device. Moreover, the process of step 304 performed by CPU72 is an example corresponding to the process of the determination part in case the mediator computer 70 operate | moves as a mediator apparatus. Further, the processing of step 306 executed by the CPU 72 is an example corresponding to the processing of the notification unit when the mediator computer 70 operates as a mediator device.

  As described above, in the first embodiment, the owner can pass information indicating the data location to the user having the attribute indicated by the provision condition without directly knowing the user.

  In the first embodiment, when the provisioning condition and the URL of the data 24 are received by the matching function of the mediator computer 70, the provisioning condition is checked against the attribute DB 94, and a user having an attribute that matches the provisioning condition is specified. it can. Thereby, when it is desired to pass data to a user who has an attribute designated on the owner side, the location of the data can be passed via the mediator side computer 70.

(Second Embodiment)
Next, a second embodiment will be described. In the second embodiment, a process until information indicating a location where the owner-side data 24 is stored is provided to the user terminal device 140 via a plurality of mediator computers 70 will be described. In the second embodiment, each of the plurality of mediator computers 70 has an authentication function for authenticating a user. In addition, since 2nd Embodiment is the structure similar to 1st Embodiment, it attaches | subjects the same code | symbol to the same part, and abbreviate | omits detailed description.

  By the way, in 1st Embodiment, URL of the data 24 of the owner side provision object can be provided to the user who adapts the provision conditions among the users which the mediator manages via the mediator. Here, the owner may request confirmation that the user who referred to the data indicated by the provided URL is a user who meets the provision conditions. As an example of a technique for confirming a user, a technique that combines an authentication technique with data exchange is known. As an example of the authentication technique, the OpenID technique is known. There is an example of OpenID technology (http://openid.net/specs/openid-authentication-1_1.html). There is also another example technique of OpenID (http://gihyo.jp/dev/feature/01/openid/0001). If the OpenID technology is used, the owner of the data can confirm that the user who referred to the data is a user who meets the provision conditions.

  When the OpenID technology is applied to the information processing system 10 illustrated in FIG. 2, an intermediary (OpenIDProvider) having an authentication function is set as the intermediary device 28. Further, an owner (Relying Party) that is a service that accepts authentication by OpenID is assumed to be the owner device 12. Further, a user who uses the service is a user device 46. As will be described below, the owner is transferred to the mediator by using information exchange between the mediator as the mediator device 28, the owner as the owner device 12, and the user as the user device 46. You can request user authentication.

  First, as a first stage, the user inputs a user ID when using the service of the owner. As a second stage, the owner searches for an intermediary who can authenticate the user ID based on the input user ID. The owner and the intermediary exchange the common key in advance to prevent falsification of information including the authentication result. As a third step, the owner redirects the user ID to the mediator and requests user authentication. As a fourth step, the mediator authenticates the user, and further redirects to notify the owner of the authentication result. As a fifth stage, the owner can authenticate the user based on the authentication result from the mediator. The intermediary can confirm the attribute indicating the characteristics of the user. Therefore, the owner can confirm that the user has an attribute that conforms to the provision condition by the owner by requesting the user to authenticate the user.

  In the OpenID technique, if there is a single intermediary requesting data exchange, the owner can define an intermediary requesting user authentication. However, when there are a plurality of mediators, it is unclear which mediator has authenticated the user, so the mediator who requests authentication cannot be specified.

  Therefore, in the second embodiment, information indicating the location of data on the owner side is passed at a timing when it is desired to pass it to a specific user. In the second embodiment, when information indicating the location of data is passed to a user who meets the provision conditions via a plurality of intermediaries, the user is requested to authenticate when a data reference request is made. The mediator is specified on the owner side.

  FIG. 11 shows an example of the information processing system 10 according to the second embodiment. The information processing system 10 according to the second embodiment includes an owner device 12, a mediator device 28A on the first mediator side, a mediator device 28B on the second mediator side, a user device 46A, The user device 46B is connected to the network 48. The user device 46A is an information processing device used by a user of a service provided by the mediator device 28A. The user device 46B is an information processing device used by a user of a service provided by the mediator device 28B.

  FIG. 12 shows an example in which the information processing system 10 according to the second embodiment is realized by a computer system 50. The storage unit 62 of the owner computer 52 according to the second embodiment stores data 24, a data management DB 25, and a matching result database (hereinafter referred to as a matching result DB) 68.

  FIG. 13 shows an example of the data structure of the matching result DB 98 stored in the storage unit 62 of the owner computer 52. As will be described later, in the matching result DB 98, information indicating a user having attribute information matching the provision conditions transmitted from each of the mediator computers 70A and 70B is registered in association with information indicating the mediator. The matching result DB 68 shown in FIG. 13 shows an example in which information indicating “user ID” and “broker ID” is registered.

  A computer system 50 shown in FIG. 12 includes an intermediary computer 70A on the mediator A side and a terminal device 120A on the mediator A side, an intermediary computer 70B on the mediator B side, and a terminal on the mediator B side. Device 120B. That is, the computer system 50 according to the second embodiment includes a mediator computer 70A corresponding to the mediator device 28A and a mediator computer 70B corresponding to the mediator device 28B. Since the mediator computers 70A and 70B have substantially the same configuration, when there is no special note, they are collectively referred to as the mediator computer 70, and the same portions are denoted by the same reference numerals.

  The storage unit 80 of the mediator computer 70 stores an OS 82 and a mediator-side program 84 for causing the mediator computer 70 to function as the mediator device 28 (FIG. 1). The intermediary program 84 stored in the storage unit 80 includes a matching function process 86, an authentication function process 88, and a message distribution process 90. The CPU 72 reads the mediator-side program 84 from the storage unit 80, expands it in the memory 74, and executes each process included in the mediator-side program 84.

  The storage unit 80 also stores a DB 92 including an attribute DB 94, an authentication database (hereinafter referred to as an authentication DB) 96, and a matching result database (hereinafter referred to as a matching result DB) 98.

  FIG. 14 shows an example of the data structure of the attribute DB 94A of the mediator computer 70A. In the attribute DB 94A, attribute information indicating user characteristics managed by the mediator computer 70A is registered. The attribute DB 94A shown in FIG. 14 is the same as the attribute DB 94 shown in FIG.

  FIG. 15 shows an example of the data structure of the authentication DB 96A used in the mediator computer 70A. In the authentication DB 96A, information used for authenticating the user by the mediator computer 70A is registered. FIG. 15 shows an example in which “user ID” and “password” information are registered in association with each other as the authentication DB 96A. The information indicating “user ID” is identification information for identifying the user, and the information indicating “password” is password information for uniquely identifying the user.

  FIG. 16 shows an example of the data structure of the matching result DB 98A for registering information obtained by matching processing described later on the mediator computer 70A. In the matching result DB 98A, information indicating a user having attribute information that matches the provision conditions by the owner is registered. In the matching result DB 98A shown in FIG. 16, an example in which information of “user ID” is registered is shown.

  Similarly, FIG. 17 shows an example of the data structure of the attribute DB 94B of the mediator computer 70B. FIG. 17 shows an example in which each information of “user ID”, “sex”, and “selling well” is registered in association with the attribute DB 94B of the mediator computer 70B. Note that the attribute DB 94B includes information indicating “contact” as in the attribute DB 94A. FIG. 18 shows an example of the data structure of the authentication DB 96B used in the mediator computer 70B, similar to the authentication DB 96A. Further, FIG. 19 shows an example of the data structure of the matching result DB 98B in the mediator computer 70B, similarly to the matching result DB 98A.

  The terminal device 140 corresponding to the user device 46A will be described as a terminal device 140A. Similarly, the terminal device 140 corresponding to the user device 46B will be described as a terminal device 140B. The terminal devices 140A and 140B are not limited to one each. That is, the terminal device 140A can include a plurality of terminal devices 140A. Since the plurality of terminal devices 140A have substantially the same configuration, when there is no special note, they are collectively referred to as the terminal device 140A, and the same portions are denoted by the same reference numerals. In addition, when individually targeting each of the plurality of terminal devices 140A or each of the elements included in the terminal device 140A, for example, as shown by the terminal device 140Aa, a symbol is given at the end to distinguish and indicate. Similarly, the terminal device 140B can also include a plurality of terminal devices 140B. When there is no special note, the terminal device 140B is collectively referred to as the terminal device 140B, and the same portions are denoted by the same reference numerals. In addition, even when each of the plurality of terminal devices 140B or each of the elements included in the terminal device 140B is individually targeted, as shown by the terminal device 140Ba, a symbol is added at the end to distinguish it.

  Next, the operation of the second embodiment will be described. The second embodiment includes a user authentication process when a reference to the data 24 is requested from the user terminal device 140 by the information indicating the location where the data 24 provided via the mediator computer 70 is stored. Processing will be described. Specifically, a case will be described in which the URL of the owner data data1 is provided to a user who meets the provision conditions shown in FIG. 6 among the users managed on the mediator A side. Also, a case will be described in which the URL of the owner data data1 is provided to a user who meets the provision conditions shown in FIG. 20 among the users managed on the mediator B side. Furthermore, a description will be given of a case where when a URL is provided, it is confirmed whether a user who has accessed data data1 (requests to refer to data) is a regular user.

  FIG. 21 shows an example of the overall flow in the computer system 50 according to the second embodiment as a sequence flow including the relationship between apparatuses. FIG. 22 shows the flow of processing in the owner computer 52. FIG. 23 shows a flow of processing of the matching function in the mediator computer 70. Further, FIG. 24 shows a flow of processing of the authentication function in the mediator computer 70. Further, FIG. 25 shows a flow of processing in the user terminal device 140.

  The processing up to the processing until the information (URL) indicating the location of the data 24 is provided from the owner computer 52 to the user terminal device 140 via the mediator computer 70 is shown in FIGS. This is the same as the processing of the first embodiment.

  First, in the computer system 50, data provision is instructed (step J01 shown in FIG. 21), and the URL of the data 24 corresponding to the data ID and the information 26 indicating the provision conditions are transmitted to the matching function of the mediator computer 70 ( Step J02 shown in FIG. Next, the matching function of the mediator computer 70 determines a user who meets the provision conditions (step J03 shown in FIG. 21).

  In the second embodiment, a matching function and an authentication function are executed in the mediator computer 70. In the mediator computer 70, the message is distributed and passed to the matching function or authentication function process by the message distribution function. That is, when the message including information indicating the access point of the matching function is received by the mediator computer 70, the message is passed to the matching function by the message distribution function, and the first matching process similar to the process shown in FIG. Is executed.

  The user terminal device 140 receives the message transmitted from the matching function of the mediator computer (step J04 shown in FIG. 21). That is, the CPU 142 of the user terminal device 140 executes a first user process similar to the process shown in FIG. 10 at step 410 shown in FIG.

  Next, the matching function of the mediator computer 70 records a user ID indicating a user having attribute information matching the provision condition determined in step J03 in the matching result DB 98 (step J05 shown in FIG. 21). Specifically, in step 312, the CPU 72 records a user ID including attribute information matching the provision condition in the matching result DB 98. Next, in step 314, the CPU 72 gives information indicating the access point of the authentication function as the destination to the message including information indicating the recorded user ID and the mediator ID of the own machine, and the owner computer 52. To the data management function.

  Here, the matching result DB 98 recorded by the mediator computer 70A is the matching result DB 98A shown in FIG. 16, and the mediator computer 70B is the matching result DB 98B shown in FIG.

  Next, the data management function of the owner computer 52 records the message received from the matching function of the mediator computer 70 (step J06 shown in FIG. 21). That is, the CPU 54 of the owner computer 52 makes a negative determination until a message is received from the matching function of the mediator computer 70 in step 212 shown in FIG. When the CPU 54 receives a message from the matching function, the CPU 54 makes an affirmative determination in step 212, and in step 214, specifies information indicating the user ID and the mediator ID from the received message. Next, in step 216, the CPU 54 records information indicating the user ID and the mediator ID in the matching result DB 68. In step 216, information indicating the access point of the authentication function given to the message can be recorded in association with the mediator ID.

  Here, the matching result DB 68 recorded by the owner computer 52 is the matching result DB 68 shown in FIG. 13 including information indicating each mediator ID of the mediator computer 70A and the mediator computer 70B.

  On the other hand, based on the message from the matching function of the mediator computer, the user makes a request to refer to the data 24 by the URL included in the received message by operating the terminal device 140 (step J07 shown in FIG. 25). Specifically, in step 412, the CPU 142 of the user terminal device 140 transmits a message including a request for referring to the data 24 based on the user ID and URL to the data management function of the owner computer 52.

  The data management function of the owner computer 52 acquires a mediator ID on the mediator side corresponding to the user in response to a request from the terminal device 140 of the user (step J08 shown in FIG. 21). That is, the CPU 54 of the owner computer 52 makes a negative determination until a message is received from the user terminal device 140 in step 218 shown in FIG. When receiving a message from the user terminal device 140, the CPU 54 makes an affirmative determination in step 218, and in step 220, specifies information indicating a user ID and a URL from the received message. Next, in step 222, the CPU 54 collates the matching result DB 68 to obtain (specify) the mediator ID corresponding to the user ID. In step 224, the CPU 54 redirects the user ID to the authentication function of the mediator computer 70 with the mediator ID. That is, a message indicating a redirect instruction (redirect message) is transmitted to the terminal device 140. The redirect message includes information indicating an access point of the authentication function associated with the mediator ID as a destination, and information indicating an access point of the data management function of the owner computer 52 as a return destination. Further, the redirect message in step 224 includes information indicating the mediator ID and the user ID.

  The user terminal device 140 processes redirection from the data management function of the owner computer 52 (step J09 shown in FIG. 21). That is, the CPU 142 of the user terminal device 140 makes a negative determination in step 414 until a redirect message is received from the data management function of the owner computer 52 in step 414 shown in FIG. When the CPU 142 receives the redirect message, the CPU 142 makes an affirmative determination in step 414, and in step 416, specifies the redirect destination from the data management function based on the redirect message. Next, in step 418, the CPU 142 transmits information indicating the user ID and password to the authentication function of the redirect destination mediator computer 70. In other words, in step 418, a redirect message in which the information indicating the user ID and the password is added with the destination and return information is transmitted to the authentication function of the mediator computer 70.

  The authentication function of the mediator computer 70 authenticates the user based on the message transmitted from the terminal device 140 (step J10 shown in FIG. 21). Specifically, in the mediator computer 70, a message is passed to the authentication function process by the message distribution function. That is, when the information indicating the access point included in the message received by the mediator computer 70 is information indicating the access point of the authentication function, the authentication function process processing routine shown in FIG. 24 is executed.

  The CPU 72 of the mediator computer 70 makes a negative determination in step 320 until it receives a message including information indicating the access point of the authentication function. When the CPU 72 receives a message including information indicating the access point of the authentication function, the CPU 72 makes an affirmative determination in step 320, and in step 322, specifies information indicating a user ID and a password from the message. Next, in step 324, the CPU 72 checks the authentication DB 96 and executes first authentication for determining whether or not the specified user ID and password match the registered user ID and password. In step 324, the CPU 72 performs second authentication for checking the matching result DB 98 to determine whether or not the specified user ID matches the registered user ID. In step 324, it is assumed that the authentication result is successful when it is determined that the verification is suitable in both the first authentication and the second authentication. As an example of information indicating the authentication result, there is information indicating each of “success” and “failure”. Next, in step 326, the CPU 72 redirects the authentication result to the data management function of the owner computer 52. That is, a redirect message is transmitted to the terminal device 140. The redirect message includes information indicating an access point of the data management function as a destination and information indicating an authentication result.

  The user terminal device 140 processes redirection from the authentication function of the mediator computer 70 (step J11 shown in FIG. 21). In other words, the CPU 142 of the user terminal device 140 makes a negative determination in step 420 until it receives a redirect message from the authentication function of the mediator computer 70 in step 420 shown in FIG. When receiving the redirect message, the CPU 142 makes an affirmative determination in step 420, and in step 422, specifies information indicating the redirect destination from the authentication function and information indicating the authentication result from the redirect message. Next, in step 424, the CPU 142 transmits information indicating the authentication result to the data management function of the redirect destination owner computer 52.

  The data management function of the owner computer 52 provides the data 24 according to the information indicating the authentication result from the user terminal device 140 (step J12 shown in FIG. 21). That is, the CPU 54 of the owner computer 52 makes a negative determination until a message is received from the user terminal device 140 in step 228 shown in FIG. When the message is received from the user terminal device 140, the CPU 54 makes an affirmative determination in step 226, and in step 228, specifies the content of information indicating the authentication result from the message. The data management function of the owner computer 52 can confirm whether the user requesting to refer to the data 24 is a regular user based on the received information indicating the authentication result. That is, on the owner side, when the provision condition and the URL of the data 24 are sent from the owner side to the mediator side, it can be confirmed whether the user who has accessed the data 24 is a regular user.

  Note that the data management function of the owner computer 52 may permit access to the data 24 depending on whether or not the user requesting reference to the data 24 is an authorized user. May be recorded. That is, the data management function of the owner computer 52 is not limited to permitting access to the data 24 only when the user who requests reference to the data 24 is an authorized user.

  Further, in steps 212, 218, and 226 shown in FIG. 22, the case where a negative determination is made until a message is received has been described, but when a negative determination is repeated for a predetermined time, You may make it complete | finish a processing routine. Similarly, steps 414 and 420 shown in FIG. 25 have been described in the case where a negative determination is made until a message is received. However, when a negative determination is repeated for a predetermined time, You may make it complete | finish a processing routine.

  Note that the processing of step 324 executed by the CPU 72 is an example corresponding to the processing of the authentication unit when the mediator computer 70 operates as a mediator device. Moreover, the process of step 206, 214 performed by CPU54 is an example corresponding to the process of the transmission / reception part in case the owner computer 52 operate | moves as an owner apparatus. Furthermore, the process of step 216 executed by the CPU 54 is an example corresponding to the process of the holding unit when the owner computer 52 operates as the owner device. Furthermore, the process of step 224 executed by the CPU 54 is an example corresponding to the process of the request unit when the owner computer 52 operates as the owner device.

  As described above, in the second embodiment, information indicating the user ID and the mediator ID is passed to the data management function of the owner computer 52. For this reason, even when information indicating the location of data such as a URL is passed from the owner side to the plurality of mediator computers 70, the owner computer 52 is a mediator corresponding to the user who makes a data reference request. The computer 70 can be specified.

  Furthermore, in the second embodiment, since the mediator computer 70 includes an authentication function for authenticating the user, the mediator computer 70 can authenticate the user requested by the data management function of the owner computer 52.

  In the second embodiment, information indicating the user ID and the mediator ID is passed to the data management function of the owner computer 52. Therefore, the owner computer 52 can request an authentication process for confirming that the user is a legitimate user to the mediator computer 70 corresponding to the user who makes a data reference request.

  Further, in the second embodiment, the intermediary computer 70 authenticates that the user conforms to the provision conditions from the owner side. Therefore, the authentication accuracy for authenticating the user compared to simple authentication such as password authentication. Can be improved.

  In the second embodiment, the case where both the matching process by the matching function process and the authentication process by the authentication function process are executed in the mediator computer 70 has been described. It is not limited to the execution of processing by the device. For example, each of the matching process and the authentication process may be executed by an independent information processing apparatus. Further, at least one of the matching process and the authentication process may be processed by a plurality of information processing apparatuses.

(Third embodiment)
Next, a third embodiment will be described. In the second embodiment, information indicating user characteristics such as a user ID is provided to the owner computer 52 by the mediator computer 70. The third embodiment has a function of protecting information indicating user characteristics such as a user ID provided from the mediator computer 70 to the owner computer 52. In addition, since 3rd Embodiment is the structure similar to 2nd Embodiment, it attaches | subjects the same code | symbol to the same part, and abbreviate | omits detailed description.

  FIG. 26 shows an example of the mediator computer 70 when the information processing system 10 according to the third embodiment is realized by the computer system 50. The mediator computer 70 according to the third embodiment includes a random number generator 79 connected to the bus 99. The DB 92 stored in the storage unit 80 of the mediator computer 70 further stores an anonymization database (hereinafter referred to as anonymization DB) 97.

  In the third embodiment, a case where the mediator computer 70A on the mediator A side includes the random number generator 79 and includes the anonymization DB 97 will be described as the random number generator 79A and the anonymization DB 97A. Similarly, the mediator computer 70B on the mediator B side will be described as a random number generator 79B and an anonymization DB 97B.

  FIG. 27 shows an example of the data structure of the anonymization DB 97A of the mediator computer 70A. The anonymization DB 97A is registered by associating information indicating an anonymization ID with information indicating a user ID of a user managed by the mediator computer 70A. The information indicating the anonymization ID is information that is generated by the random number generator 79 and is difficult to uniquely identify the user ID. Since the anonymization DB 97B of the mediator computer 70B is the same as the anonymization DB 97A of the mediator computer 70A, the description thereof is omitted. FIG. 28 shows an example of the data structure of the matching result DB 68 stored in the storage unit 62 of the owner computer 52.

  Next, the operation of the third embodiment will be described.

  FIG. 29 shows an example of the overall flow in the computer system 50 according to the third embodiment as a sequence flow including the relationship between apparatuses. FIG. 30 shows a flow of processing of the matching function in the mediator computer 70. Further, FIG. 31 shows a flow of processing of the authentication function in the mediator computer 70.

  The processing up to the processing until the information indicating the storage location of the data 24 is provided from the owner side to the user via the mediator computer 70 is the same as the processing of the second embodiment shown in FIGS. It is the same. The processing in the owner computer 52 on the owner side is the same as the processing flow shown in FIG. Further, the processing in the user terminal device 140 is the same as the processing flow shown in FIG.

  In the third embodiment, as in the second embodiment, the URL of the data 24 and the provision conditions are transmitted from the data management function to the matching function, and the user is determined by the matching function (steps J01 to J03 shown in FIG. 29). ). In the third embodiment, no message is transmitted from the mediator computer 70 to the terminal device 140 in step J03. That is, the CPU 72 of the mediator computer 70 periodically and repeatedly executes the matching function process 86 shown in FIG. When the CPU 72 receives the message, it makes an affirmative decision in Step 300, specifies information indicating the URL and the provision condition in Step 302, and collates the attribute DB 94 in Step 304 to identify the user having attribute information that matches the provision condition. Obtain a user ID. In step 304, the user with the acquired user ID is determined as a user that meets the provision conditions.

  Next, the matching function of the mediator computer 70 obtains an anonymization ID corresponding to the user ID of the user that matches the provision condition determined in step J03 (step J20 shown in FIG. 29). That is, after determining the user ID in step 304 shown in FIG. 30, the CPU 72 of the mediator computer 70 acquires an anonymization ID corresponding to the user ID in step 330. In step 330, information indicating the anonymization ID generated by the random number generator 79 and uniquely corresponding to the user ID is obtained. In step 330, information indicating the user ID and information indicating the anonymization ID are associated with each other and registered in the anonymization DB 97. Next, in step 332, the CPU 72 transmits a message including information indicating the URL and information indicating the anonymization ID to the terminal device 140.

  The user terminal device 140 receives the message transmitted from the matching function of the mediator computer (step J04 shown in FIG. 29).

  Further, the matching function of the mediator computer 70 records the user ID of the user determined in step J03 in the matching result DB 98 (step J21 shown in FIG. 29). Specifically, as in the second embodiment, the CPU 72 records the user ID of the user including attribute information matching the provision conditions in the matching result DB 98 in step 312. Next, in step 334, the CPU 72 gives information indicating an access point of the authentication function to a message including information indicating the anonymization ID corresponding to the recorded user ID and information indicating the mediator ID of the own device. To the data management function of the owner computer 52.

  Next, the data management function of the owner computer 52 records a message received from the matching function of the mediator computer 70 (step J06 shown in FIG. 29). In the data management function of the owner computer 52, the user ID received from the matching function in step J06 is an anonymization ID. However, it is difficult for the data management function to confirm that the user ID is an anonymized ID.

  The matching result DB 68 recorded by the owner computer 52 includes a matching result DB 68 shown in FIG. 28 including a user ID that is an anonymization ID and information indicating each mediator ID of the mediator computer 70A or the mediator computer 70B. Become.

  On the other hand, when a request for referring to the data 24 is made by the user (step J07 shown in FIG. 29), information indicating a request for referring to the data 24 by the user ID and URL is sent from the user terminal device 140 to the data management function. A containing message is sent.

  The data management function of the owner computer 52 acquires the mediator ID of the mediator mediated to the user in response to a request from the terminal device 140 of the user (step J08 shown in FIG. 29). That is, when the CPU 54 of the owner computer 52 receives the message from the terminal device 140, it redirects the user ID to the authentication function of the mediator computer 70 of the mediator ID corresponding to the received user ID (step 218 shown in FIG. 22). ~ 224).

  The user terminal device 140 processes redirection from the data management function of the owner computer 52 (step J09 shown in FIG. 29). That is, when receiving the redirect message from the data management function, the CPU 142 of the user terminal device 140 transmits information indicating the user ID and password to the authentication function of the redirect destination (steps 414 to 418 shown in FIG. 25).

  The authentication function of the mediator computer 70 authenticates the user after obtaining the user ID corresponding to the anonymization ID (step J22 shown in FIG. 29) based on the message transmitted from the terminal device 140 (step J10). ).

  The CPU 72 of the mediator computer 70 receives information indicating the user ID and password from the terminal device 140 (step 322 after affirmative determination in step 320 shown in FIG. 31). In step 340, the CPU 72 acquires the user ID corresponding to the anonymization ID specified in step 322 using the anonymization DB 97. In addition, the CPU 72 executes the first authentication and the second authentication at step 324 using the user ID acquired at step 340, as in the second embodiment. Redirect to the data management function of the computer 52.

  As described above, in the third embodiment, it is confirmed whether or not the owner is an authorized user without passing unique information such as the user ID of the user managed by the broker from the broker to the owner. can do.

  Moreover, in 3rd Embodiment, since the anonymization ID corresponding to user ID is sent to the owner computer 52 as user ID, the protection performance of the information regarding the user managed by the mediator computer 70 can be improved.

(Fourth embodiment)
Next, a fourth embodiment will be described. In the third embodiment, information indicating user characteristics such as a user ID provided to the owner computer 52 is protected. The fourth embodiment has a function of further protecting information indicating user characteristics. In addition, since 4th Embodiment is the structure similar to 3rd Embodiment, it attaches | subjects the same code | symbol to the same part, and abbreviate | omits detailed description.

  FIG. 32 shows an example of the data structure of the anonymization DB 97A of the mediator computer 70A according to the fourth embodiment. In the anonymization DB 97A illustrated in FIG. 32, information indicating an anonymization ID is registered in association with information indicating a user ID of a user managed by the mediator computer 70A for each matching process. The anonymization DB 97A shown in FIG. 32 is an example in which an anonymization ID is generated and recorded every time the matching function is used. That is, the anonymization IDs AIDa2-1 and AIDa4-1 are generated and recorded in the anonymization DB 97A corresponding to the user IDs IDa2 and IDa4 that are the first matching results. Also, anonymized IDs AIDa1-2 and AIDa4-2 are generated in correspondence with IDa1 and IDa4, which are the second matching results by presenting new provision conditions (for example, “Region” is “Kanto”), Recorded in the anonymization DB 97A. Since the anonymization DB 97B of the mediator computer 70B is the same as the anonymization DB 97A of the mediator computer 70A, the description thereof is omitted.

  Next, the operation of the fourth embodiment will be described. In the fourth embodiment, a plurality of different provision conditions (in the example shown in FIG. 33, two provision conditions) are presented from the owner side, and for each different provision condition among users managed on the mediator side. A case where the URL of the data 24 is provided to a suitable user will be described.

  FIG. 34 shows an example of the overall flow in the computer system 50 according to the fourth embodiment as a sequence flow including the relationship between devices. FIG. 35 shows a flow of processing of the matching function in the mediator computer 70.

  Note that the difference between the sequence flow shown in FIG. 29 and the sequence flow shown in FIG. 34 is that steps J20 and J21 in the sequence flow shown in FIG. 29 are replaced with steps J30 and J31 in the sequence flow shown in FIG. Is a point. 30 is different from the flow of the matching function processing shown in FIG. 35 in that the steps 330 and 312 shown in FIG. 30 are replaced with steps 340 and 342 shown in FIG. Is a point. Hereinafter, the difference between the operation of the third embodiment and the operation of the fourth embodiment will be described.

  In the matching function of the mediator computer 70 in the fourth embodiment, an anonymization ID corresponding to the user ID of a suitable user is generated and recorded for each provision condition from the data management function (step J30 shown in FIG. 34). . That is, the CPU 72 of the mediator computer 70 generates an anonymization ID corresponding to the user ID in step 340 shown in FIG. In step 340, information indicating the user ID and information indicating the anonymization ID are registered in the anonymization DB 97 in association with each provision condition from the data management function. Further, the matching function of the mediator computer 70 records the determined user in the matching result DB 98 for each provision condition from the data management function (step J31 shown in FIG. 34). That is, in step 342, the CPU 72 records the user ID of the user including attribute information that matches the provision condition in the matching result DB 98 for each provision condition from the data management function.

  For example, when the user ID of the first matching result according to the first provision condition (No. 1 shown in FIG. 33) is IDa2 and IDa4, an anonymization ID (AIDA2- 1, AIDa4-1) is generated. The generated anonymization ID is recorded in the anonymization DB 97 in association with the user ID. When the user IDs of the second matching result according to the second new provision condition (No. 2 shown in FIG. 33) are IDa1 and IDa4, anonymized IDs (IDa1 and IDa4) correspond to the user IDs (IDa1 and IDa4). AIDa1-2 and AIDa4-2) are generated. The generated anonymization ID is recorded in the anonymization DB 97 in association with the user ID.

  Therefore, “IDa4”, which is the same user ID, is included as information indicating the user ID in both of the two matching results. However, the information indicating the user ID passed to the owner computer 52 is “AIDA4-1” for the first time and “AIDA4-2” for the second time, so that information indicating a different user ID is passed. Will be. For this reason, even if the information indicating the provision condition is passed from the owner computer 52 to the mediator computer 70 a plurality of times, it is difficult to guess that the same user is included in the matching result. Thereby, it becomes difficult to specify a user by a plurality of provision conditions.

  If the same user ID matches under different provision conditions, the owner will find that the user with the same user ID is “female”, “20s, 30s”, and “Kanto”. The details of the attribute information of the user will be recognized by the owner, which is not preferable.

  As described above, in the fourth embodiment, different anonymization IDs are transmitted as user IDs for each provision condition instructed from the data management function, so that information indicating user characteristics can be further protected.

(Fifth embodiment)
Next, a fifth embodiment will be described. In the first to fourth embodiments, a user who meets the provision conditions from the data management function is determined, and a user ID indicating the determined user is returned to the data management function. In the fifth embodiment, when a user ID is returned to the data management function, whether or not the user ID can be returned to the data management function is determined according to the number of users meeting the provision conditions. The fifth embodiment will be described by taking the case where it is applied to the second embodiment as an example. Since the fifth embodiment has the same configuration as that of the second embodiment, the same parts are denoted by the same reference numerals and detailed description thereof is omitted.

  Next, the operation of the fifth embodiment will be described. In the fifth embodiment, a case will be described in which the URL of the data 24 is provided to users who meet the provision conditions shown in FIG. A case will be described in which the owner requests confirmation of whether a user who has accessed (requested reference) the data 24 is a regular user.

  FIG. 37 shows a flow of processing of the matching function in the mediator computer 70 according to the fifth embodiment. The difference between the second embodiment and the fifth embodiment is that the processing flow of the matching function shown in FIG. 37 is obtained by adding steps 350 and 352 to the processing flow of the matching function shown in FIG. 23 (FIG. 23). This is the point. Hereinafter, the difference between the operation of the second embodiment and the operation of the fifth embodiment will be described.

  The matching function of the mediator computer 70 determines a user who meets the provision conditions (step J03 shown in FIG. 21). That is, the CPU 72 of the mediator computer 70 receives the message in step 302 shown in FIG. 37, identifies the URL and provision conditions, and determines the user ID in step 304. Next, in step 350, the CPU 72 determines whether or not the number of user IDs exceeds a predetermined value k. When the number of user IDs exceeds the predetermined value k (Yes in Step 350), the CPU 72 transmits a message including the URL to the terminal device 140 of the user ID of the matched user in Step 306.

  On the other hand, if the number of user IDs is equal to or less than the predetermined value k, the CPU 72 makes a negative determination in step 350 and proceeds to step 352. In step 352, the CPU 72 transmits information indicating a matching failure (matching failure) to the data management function of the owner computer 52 without returning the information indicating the user ID, and then ends this processing routine.

  Here, when the provision condition shown in FIG. 36 is instructed, the user who matches the provision condition is one user whose user ID is “IDa2”. When the predetermined value k of the number of users in the matching result is set to “1”, the CPU 72 determines a user whose user ID is “IDa2” in step 304, but a negative determination is made in step 350. That is, since the matching function is equal to or less than a predetermined value k (= 1) of the number of users in the matching result, the matching is determined to be unsuccessful, and the user ID of the matching result is not passed to the owner.

  As described above, in the fifth embodiment, the matching function in the mediator computer 70 is assumed to be a collation failure (matching failure) when the number of matching results is equal to or less than a predetermined value. Accordingly, it is possible to prevent the details of the user attribute information from being transmitted from the intermediary computer 70 to the owner computer 52 under the limited provision conditions given by the owner and being known to the owner.

  In the above description, an example in which the information processing system 10 is realized by the owner computer 52 has been described. However, the present invention is not limited to these configurations, and various improvements and modifications may be made without departing from the gist described above.

  Moreover, although the aspect by which the program was previously memorize | stored (installed) in the memory | storage part was demonstrated above, it is not limited to this. For example, the program in the disclosed technology can be provided in a form recorded on a recording medium such as a CD-ROM or a DVD-ROM.

  Regarding the above embodiment, the following additional notes are disclosed.

(Appendix 1)
A receiving unit that receives information indicating a storage location of data to be provided from a data management unit that manages data, and information indicating a provision condition that defines a user to which the data to be provided is provided;
Before providing the data to be provided to a user who is a providing destination, based on attribute information indicating the characteristics of each of a plurality of users stored in the storage unit, conforming to the provision condition received by the receiving unit An information processing apparatus comprising: a determination unit that determines a user having the attribute information to be a user to whom the provision target data is to be provided.

(Appendix 2)
The storage unit stores attribute information indicating the characteristics of the user specified by the identification information in association with identification information for identifying the user, and also stores identification information for identifying the own device. ,
The information processing apparatus according to claim 1, further comprising: a notification unit that notifies the data management unit of the determined identification information of the user who is the provision destination of the data and the identification information of the own device.

(Appendix 3)
In the storage unit, authentication information indicating that the user specified by the identification information is a user managed by the own device is stored in association with identification information for identifying the user,
The identification information and authentication information of the user who requests the provision of the data are input from the data management unit, and the input identification information and authentication of the user are input based on the identification information and authentication information of the user stored in the storage unit The information processing apparatus according to claim 2, further comprising: an authentication unit that authenticates that a user corresponding to the information is a user managed by the own device.

(Appendix 4)
The authentication unit authenticates that the user corresponding to the input user identification information and the authentication information is a user managed by the own device, and the user corresponding to the input user identification information is the determination unit. The information processing apparatus according to appendix 3, wherein the authentication is successful when included in the determined user who provides the data.

(Appendix 5)
The determination unit generates anonymization information corresponding to the identification information of the user who is the provision destination of the determined data,
The said notification part notifies the anonymization information of the user who becomes the provision destination of the produced | generated data, and the identification information of the said own apparatus to the said data management part. Information of any one of Additional remarks 2 to 4 Processing equipment.

(Appendix 6)
The determination unit generates anonymization information different from the previous anonymization information for each determination of a user to be provided with the data,
The said notification part notifies the anonymization information of the user who provides the generated data and the identification information of the own device to the data management part. apparatus.

(Appendix 7)
The determination unit determines that there is no user to whom the data is to be provided when the number of users having the attribute information that matches the provision condition is a predetermined number or less. Any one of Supplementary notes 1 to 6 The information processing apparatus according to item.

(Appendix 8)
Information indicating a storage location of the data to be provided and information indicating a provision condition for specifying a user to which the data to be provided is provided to an intermediary device that mediates providing the data to be provided to the user And a transmission / reception unit for receiving information sent from the mediator device;
A holding unit for holding identification information for identifying a user received from the mediator device received by the transmission / reception unit, and identification information for identifying the mediator device;
Based on the identification information of the user and the mediator device held in the holding unit when the provision of the provision target data is requested by the user who is the provision destination of the provision target data, An information processing apparatus comprising: a request unit that requests authentication of a user who has requested provision of data to be provided to the mediator apparatus corresponding to identification information of a user who has requested provision of data to be provided.

(Appendix 9)
The computer receives information indicating a storage location of data to be provided from a data management unit that manages data, and information indicating a provision condition that defines a user to whom the data to be provided is provided,
Before providing the data to be provided to a user who is a providing destination, based on attribute information indicating the characteristics of each of a plurality of users stored in the storage unit, conforming to the provision condition received by the receiving unit An information processing method comprising: determining a user having the attribute information to be a user who is a provision destination of the data to be provided.

(Appendix 10)
The storage unit stores attribute information indicating the characteristics of the user specified by the identification information in association with identification information for identifying the user, and also stores identification information for identifying the own device. And
The information processing method according to claim 9, wherein the data management unit is notified of the identification information of the user who is the provision destination of the determined data and the identification information of the own device.

(Appendix 11)
In the storage unit, authentication information indicating that the user specified by the identification information is a user managed by the own device is stored in association with identification information for identifying the user,
The identification information and authentication information of the user who requests the provision of the data are input from the data management unit, and the input identification information and authentication of the user are input based on the identification information and authentication information of the user stored in the storage unit The information processing method according to claim 10, wherein the user corresponding to the information is authenticated as a user managed by the own device.

(Appendix 12)
Authenticates that the user corresponding to the input user identification information and authentication information is a user managed by the own device, and the user corresponding to the input user identification information is the destination to which the determined data is provided The information processing method according to claim 11, wherein the authentication is successful when included in the user.

(Appendix 13)
Generate anonymization information corresponding to the identification information of the user who is the provision destination of the determined data,
The information processing method according to any one of Supplementary Note 10 to Supplementary Note 12, wherein the data management unit is notified of the anonymization information of the user who provides the generated data and the identification information of the own device.

(Appendix 14)
For each determination of the user to be provided with the data, generate anonymization information different from the previous anonymization information,
The information processing method according to any one of Supplementary Note 10 to Supplementary Note 12, wherein the data management unit is notified of the generated anonymization information of the user to be provided with the data and the identification information of the own device.

(Appendix 15)
The information according to any one of appendix 9 to appendix 14, wherein when the number of users having the attribute information matching the provision condition is equal to or less than a predetermined number, it is determined that there is no user to whom the data is to be provided. Processing method.

(Appendix 16)
Information indicating the storage location of the data to be provided and provision conditions for specifying the user to whom the data to be provided is provided to an intermediary device that mediates the provision of the data to be provided by the computer to the user. And receiving the information sent from the mediator device,
Holding identification information for identifying a user previously received from the mediator device, and identification information for identifying the mediator device;
When provision of the provision target data is requested by a user who is the provision destination of the provision target data, the provision target is determined based on the held identification information of the user and the identification information of the mediator device. An information processing method comprising: requesting authentication of the user who has requested the provision of the data to be provided to the mediator device corresponding to the identification information of the user who has requested the provision of data.

(Appendix 17)
Receiving information indicating a storage location of data to be provided from a data management unit that manages data in a computer, and information indicating a provision condition that defines a user to whom the data to be provided is provided;
Before providing the data to be provided to a user who is a providing destination, based on attribute information indicating the characteristics of each of a plurality of users stored in the storage unit, conforming to the provision condition received by the receiving unit An information processing program for executing processing including determining a user having the attribute information to be a user who is a provision destination of the provision target data.

(Appendix 18)
In the storage unit, authentication information indicating that the user specified by the identification information is a user managed by the own device is stored in association with identification information for identifying the user,
The identification information and authentication information of the user who requests the provision of the data are input from the data management unit, and the input identification information and authentication of the user are input based on the identification information and authentication information of the user stored in the storage unit The information processing program according to appendix 17, which authenticates that a user corresponding to information is a user managed by the own device.

(Appendix 19)
In the storage unit, authentication information indicating that the user specified by the identification information is a user managed by the own device is stored in association with identification information for identifying the user,
The identification information and authentication information of the user who requests the provision of the data are input from the data management unit, and the input identification information and authentication of the user are input based on the identification information and authentication information of the user stored in the storage unit The information processing program according to appendix 18, wherein the user corresponding to the information is authenticated as a user managed by the own device.

(Appendix 20)
Authenticates that the user corresponding to the input user identification information and authentication information is a user managed by the own device, and the user corresponding to the input user identification information is the destination to which the determined data is provided The information processing program according to attachment 19, wherein the authentication is successful when included in the user.

(Appendix 21)
Generate anonymization information corresponding to the identification information of the user who is the provision destination of the determined data,
The information processing program according to any one of appendix 18 to appendix 20, which notifies the data management unit of the anonymization information of the user who is the provision destination of the generated data and the identification information of the own device.

(Appendix 22)
For each determination of the user to be provided with the data, generate anonymization information different from the previous anonymization information,
The information processing program according to any one of appendix 18 to appendix 20, which notifies the data management unit of the generated anonymization information of the user to be provided with the data and the identification information of the own device.

(Appendix 23)
The information according to any one of appendix 17 to appendix 22, wherein when the number of users having the attribute information that matches the provision condition is equal to or less than a predetermined number, it is determined that there is no user to whom the data is to be provided. Processing program.

(Appendix 24)
Information indicating the storage location of the data to be provided and provision conditions for specifying the user to whom the data to be provided is provided to an intermediary device that mediates the provision of data to the computer to the user. And receiving the information sent from the mediator device,
Holding identification information for identifying a user previously received from the mediator device, and identification information for identifying the mediator device;
When provision of the provision target data is requested by a user who is the provision destination of the provision target data, the provision target is determined based on the held identification information of the user and the identification information of the mediator device. An information processing program for executing processing including requesting authentication of a user who has requested provision of data to be provided to the mediator device corresponding to identification information of a user who has requested provision of data.

10: Information processing system 12: Owner device 20: Data management unit 24: Data 28: Mediator device 30: CPU
32: Memory 34: Storage unit 36: Receiving unit 38: Determination unit 39: Recording medium 40: Notification unit 42: Information processing program 44: Attribute information 46: User device 50: Computer system 52: Owner computer 59: Recording medium 66: Owner-side program 67: Data management function process 70: Mediator computer 72: CPU
74: Memory 78: Communication control unit 80: Storage unit 84: Mediator side program 86: Matching function process 88: Authentication function process 90: Message distribution process 100: Terminal device

Claims (7)

A receiving unit that receives information indicating a storage location of data to be provided from a data management unit that manages data, and information indicating a provision condition that defines a user to which the data to be provided is provided;
Before providing the data to be provided to a user who is a providing destination, based on attribute information indicating the characteristics of each of a plurality of users stored in the storage unit, conforming to the provision condition received by the receiving unit An information processing apparatus comprising: a determination unit that determines a user having the attribute information to be a user to whom the provision target data is to be provided. The storage unit stores attribute information indicating the characteristics of the user specified by the identification information in association with identification information for identifying the user, and also stores identification information for identifying the own device. ,
The information processing apparatus according to claim 1, further comprising: a notification unit that notifies the data management unit of the determined identification information of the user who is the data providing destination and the identification information of the own device. In the storage unit, authentication information indicating that the user specified by the identification information is a user managed by the own device is stored in association with identification information for identifying the user,
The identification information and authentication information of the user who requests the provision of the data are input from the data management unit, and the input identification information and authentication of the user are input based on the identification information and authentication information of the user stored in the storage unit The information processing apparatus according to claim 2, further comprising an authentication unit that authenticates that a user corresponding to the information is a user managed by the own device. The determination unit generates anonymization information corresponding to the identification information of the user who is the provision destination of the determined data,
The information processing apparatus according to claim 2, wherein the notification unit notifies the data management unit of anonymization information of a user who is a supply destination of the generated data and identification information of the own device. Information indicating a storage location of the data to be provided and information indicating a provision condition for specifying a user to which the data to be provided is provided to an intermediary device that mediates providing the data to be provided to the user And a transmission / reception unit for receiving information sent from the mediator device;
A holding unit for holding identification information for identifying a user received from the mediator device received by the transmission / reception unit, and identification information for identifying the mediator device;
Based on the identification information of the user and the mediator device held in the holding unit when the provision of the provision target data is requested by the user who is the provision destination of the provision target data, An information processing apparatus comprising: a request unit that requests authentication of a user who has requested provision of data to be provided to the mediator apparatus corresponding to identification information of a user who has requested provision of data to be provided. The computer receives information indicating a storage location of data to be provided from a data management unit that manages data, and information indicating a provision condition that defines a user to whom the data to be provided is provided,
Before providing the data to be provided to a user who is a providing destination, based on attribute information indicating the characteristics of each of a plurality of users stored in the storage unit, conforming to the provision condition received by the receiving unit An information processing method comprising: determining a user having the attribute information to be a user who is a provision destination of the data to be provided. Receiving information indicating a storage location of data to be provided from a data management unit that manages data in a computer, and information indicating a provision condition that defines a user to whom the data to be provided is provided;
Before providing the data to be provided to a user who is a providing destination, based on attribute information indicating the characteristics of each of a plurality of users stored in the storage unit, conforming to the provision condition received by the receiving unit An information processing program for executing processing including determining a user having the attribute information to be a user who is a provision destination of the provision target data.

Images