In recent years, services in which it acquires attribute information (i.e. age, sex and address) and behavior information (i.e. position information and products buying information) of the privacy information holder, and utilizes them for distribution of advertisements that meet preference of the privacy information holder, is becoming popular.
In these services, because the attribute information and the behavior information are privacy information, when the privacy information user who is a service provider acquires or utilizes the attribute information and the behavior information one-sidedly, privacy of the privacy information holder will be invaded. Therefore, it is requested that the privacy information holder can control how to handle the privacy information (i.e. conditions of disclosure and data protection requirements or the like) by the privacy information user.
As a method of these kind of controls, there is a control method of a policy base using P3P (Platform for Privacy Preferences) or the like, which is described in Non-Patent Literature 1.
The P3P technology controls how to handle the privacy information as follows. As a presupposition, the privacy information user, who provides service, sets a policy file (hereinafter, referred to as “service policy”) written in XML which described privacy information to be collected and a handling method thereof. In addition, the privacy information holder sets a policy file (hereinafter, referred to as “user policy”) written in XML which described privacy information that can be provided and a data disclosure method thereof. Following to the P3P technology, it automatically or semi-automatically executes judgment on whether it discloses the data or not by investigating whether conditions of data disclosure are matched between the user policy and the service policy.
Following to the P3P technology, when the user policy and the service policy may conflict and it cannot reach to a consensus of the data disclosure (e.g. when conditions of the data disclosure do not match each other), the privacy information user cannot use the data any more or the privacy information holder cannot receive services any more. Therefore, it needs to build the consensus of policies between the privacy information holder and the privacy information user. This kind of consensus building method of the policies between two persons is called a policy arbitration method.
An example of the policy arbitration method is described in Non-Patent Literature 2. The policy arbitration method described in Non-Patent Literature 2 includes a privacy information holding terminal and a privacy information using terminal and these are connected through a network.
The policy arbitration method described in Non-Patent Literature 2 includes the following processes.
That is, the privacy information using terminal transmits a usage policy (i.e. service policy) to the privacy information holding terminal.
The privacy information holding terminal compares the usage policy and the privacy policy (i.e. user policy), and transmits attribute information on the privacy information holder when there is no conflict.
When there is a conflict, the privacy information holding terminal transmits conditions on usage and holding to the privacy information using terminal.
The privacy information using terminal creates a new usage policy so as to meet the conditions, and transmits the created usage policy to the privacy information holding terminal.
The policy arbitration method described in Non-Patent Literature 2 performs the policy arbitration by repeating the above-mentioned transmission and comparison of the policies, transmission of the conditions and creation of a new policy until it will be formed a mutual agreement.
The same technology as that described in Non-Patent Literature 2 is also disclosed in Patent Literature 1.
In addition, other technology in relation to the present invention is disclosed in Patent Literature 2.
Patent Literature 2 discloses an access restriction information output device which outputs contents of an access restriction corresponding to information that is accessible by an information processing terminal, as access restriction information.
According to Patent Literature 2, a storage means stores, on each set user, already set access restriction information that is access restriction information showing contents of already set access restriction in each item divided based on a specified criterion.
An output request reception means receives an output request of the access restriction information and designation of an item of a request target from a terminal device used by a requester.
A selection means selects at least one piece of the already set access restriction information of other person having contents similar to the already set access restriction information of the requester of the already set access restriction information stored in the storage means.
An output means outputs contents corresponding to the designated item among the contents shown by the selected already set access restriction information to a terminal device as access restriction information.
By adopting the aforementioned configuration, the access control information output unit disclosed in Patent Literature 2 can set access restriction information which matches with intention of the requester in a trouble-free manner.