There is an integrating device that acquires anonymized data from a certain device such as a server, causes the acquired data to be stored in a storage device for each of types of the data and integrates the acquired data for each of the types of the data. In response to a request provided by another device, the integrating device acquires the anonymized data from the storage device, releases anonymity of an item of the anonymized data and transmits the data including the data item of which the anonymity has been released to the other device that has requested the data. The other device that receives the data including the data item of which the anonymity has been released uses details of the data item to execute predetermined analysis.
FIG. 17 is a diagram illustrating an example of a system that includes the conventional integrating device. A system 99 illustrated in FIG. 17 includes devices 90a, 90b, 92a, 92b and 92c and an integrating device 91. The devices 90a and 90b are connected to the integrating device 90 through a network 98. In addition, the devices 92a, 92b and 92c are connected to the integrating device 91 through a network 97. The devices 90a and 90b and the integrating device 91 communicate with each other, while the devices 92a, 92b and 92c and the integrating device 91 communicate with each other.
The devices 90a and 90b have databases (DBs) 93a and 93b, respectively, while data that indicates purchase histories of purchasers who have purchased pets such as animals at pet shops is registered in the DBs 93a and 93b. FIG. 18 illustrates an example of data structures of the DBs 93a and 93b. A table is registered in the DBs 93a and 93b illustrated in FIG. 18 for each of types of data. Each of records of a table illustrated in FIG. 18 includes a “name” item, an “age” item, a “shop name” item and a “type” item. In the “name” item, the names of the purchasers of the pets are registered. The names of the purchasers of the pets are data that specifies the individuals. In the “age” item, the ages of the purchasers are registered. In the “shop name” item, the names of the shops at which the purchasers have purchased the pets are registered. In the “type” item, the types of the purchased pets are registered. The table illustrated in FIG. 18 has a “type ID” item in which a type ID that is an identification (ID) used to identify the type of the data registered in the table is registered. As described above, the data that indicates the purchase histories of the purchasers of the pets is registered in the table illustrated in FIG. 18. A type ID “1” that identifies the data indicating the purchase histories of the purchasers of the pets is registered in the “type ID” item of the table illustrated in FIG. 18.
The devices 90a and 90b acquire data of one or more records from the DBs 93a and 93b and make the acquired data anonymous. For example, the devices 90a and 90b use a predetermined key and a predetermined hash function to calculate hash values for the acquired data of items of the records and make the data anonymous. Then, the devices 90a and 90b add the type ID registered in the “type ID” item of the table to the anonymized data. Subsequently, the devices 90a and 90b transmit the data having the type ID added thereto to the integrating device 91. It is assumed that the system 99 includes a device (not illustrated) other than the devices 90a and 90b, while the device (not illustrated) makes various types of data anonymous using the same method and transmits the data to the integrating device 91.
The integrating device 91 integrates data for each of types of data. The integrating device 91 has tables 91a, 91b, . . . corresponding to the types of the data. FIG. 19 illustrates an example of data structures of the tables included in the conventional integrating device 91. The table 91a illustrated in 19 is a table in which hash values of the data that is of a type identified by the type ID “1” or indicates the purchase histories of the purchasers of the pets are registered.
When receiving data having a type ID added thereto from the devices 90a and 90b and the aforementioned device that is not illustrated, the integrating device 91 acquires the type ID added to the received data. Then, the integrating device 91 registers the received data in a table that is among the tables 91a, 91b, . . . corresponding to type IDs and corresponds to the acquired type ID. For example, when receiving data with the type ID “1” added thereto from the device 90a, the integrating device 91 registers the received data in the table 91a that is among the tables 91a, 91b, . . . corresponding to the type IDs and corresponds to the type ID “1”. Thus, the data that is made anonymous and indicates the purchase histories of the purchasers of the pets is registered in the table 91a corresponding to the type ID “1”.
In addition, when receiving, from the devices 92a, 92b and 92c, data transmission instructions that include a type ID of data be analyzed and items to be analyzed, the integrating device 91 executes the following process. That is, the integrating device 91 acquires data of all records registered in a table corresponding to the type ID included in the received instructions. For example, when the type ID included in the received instructions is “1”, the integrating device 91 acquires data of all records registered in the table 91a corresponding to the type ID “1”.
Then, the integrating device 91 releases anonymity of data that is included in the acquired data of all the records and has been registered in the items that are to be analyzed and are included in the received instructions. For example, the integrating device 91 uses the same key as a key used for making the data anonymous and the same hash function as a hash function used for making the data anonymous and thereby restores, to the original data, hash values that are included in data of acquired hash values and have been registered in the items to be analyzed. Then, the integrating device 91 transmits the data of which the anonymity has been released and that has been registered in the items to be analyzed to the devices 92a, 92b and 92c that have transmitted the instructions.
For example, when receiving, from the device 92a, a data transmission instruction that includes a type ID “1” of data to be analyzed and the “type” item to be analyzed, the integrating device 91 executes the following process. That is, the integrating device 91 acquires data of hash values of all records registered in the table 91a corresponding to the type ID “1” and restores, to the original data, hash values that are included in the acquired data of the hash values and have been registered in the “type” item to be analyzed. FIG. 20 illustrates an example of data of hash values when the hash values of the “type” item to be analyzed are restored to the original data by the conventional integrating device 91. For example, when acquiring the data of the hash values of all the records registered in the table 91a corresponding to the type ID “1”, the integrating device 91 restores a hash value “A01” of the “type” item to be analyzed to the original data “bird”, as illustrated in the example of FIG. 20. In addition, the integrating device 91 restores a hash value “B02” of the “type” item to be analyzed to the original data “dog”. The integrating device 91 restores a hash value “C03” of the “type” item to be analyzed to the original data “turtle”. The integrating device 91 restores a hash value “D04” of the “type” item to be analyzed to the original data “cat”. Then, the integrating device 91 transmits, to the device 92a, the original data illustrated in FIG. 20 and restored from the hash values of the “type” item to be analyzed.
When receiving, from the device 92b, a data transmission instruction that includes the type ID “1” of the data to be analyzed and the “shop name” item to be analyzed, the integrating device 91 executes the following process. That is, the integrating device 91 acquires the data of the hash values of all the records registered in the table 91a corresponding to the type ID “1” and restores, to the original data, hash values that are included in the acquired data of the hash values and have been registered in the “shop name” item to be analyzed. FIG. 21 illustrates an example of data of hash values when the hash values of the “shop name” item to be analyzed are restored to the original data by the conventional integrating device 91. For example, when acquiring the data of the hash values of all the records registered in the table 91a corresponding to the type ID “1”, the integrating device 91 restores a hash value “00” of the “shop name” item to be analyzed to the original data “shop A”, as illustrated in the example of FIG. 21. In addition, the integrating device 91 restores hash values “xx” of the “shop name” item to be analyzed to the original data “shop B”. The integrating device 91 restores a hash value “ΔΔΔ” of the “shop name” item to be analyzed to the original data “shop D”. Then, the integrating device 91 transmits, to the device 92b, the original data illustrated in FIG. 21 and restored from the hash values of the “shop name” item to be analyzed.
When receiving, from the device 92c, a data transmission instruction that includes the type ID “1” of the data to be analyzed and the “age” item to be analyzed, the integrating device 91 executes the following process. That is, the integrating device 91 acquires the data of the hash values of all the records registered in the table 91a corresponding to the type ID “1” and restores, to the original data, hash values that are included in the acquired data of the hash values and have been registered in the “age” item to be analyzed. FIG. 22 illustrates an example of data of hash values when the hash values of the “age” item to be analyzed are restored to the original data by the conventional integrating device 91. For example, when acquiring the data of the hash values of all the records registered in the table 91a corresponding to the type ID “1”, the integrating device 91 restores a hash value “12” of the “age” item to be analyzed to the original data “22”, as illustrated in the example of FIG. 22. In addition, the integrating device 91 restores a hash value “1” of the “age” item to be analyzed to the original data “32”. The integrating device 91 restores a hash value “24” of the “age” item to be analyzed to the original data “44”. The integrating device 91 restores a hash value “33” of the “age” item to be analyzed to the original data “52”. Then, the integrating device 91 transmits, to the device 92c, the original data illustrated in FIG. 22 and restored from the hash values of the “age” item to be analyzed.
The devices 92a, 92b and 92c are devices that execute various types of analysis. For example, the device 92a uses the data indicating the purchase histories of the purchasers of the pets and executes an application for counting the number of purchased pets for each of the types of the pets. The device 92a executes the application and thereby transmits, to the integrating device 91, the data transmission instruction that includes the type ID “1” of data to be analyzed and the item “type” to be analyzed. When receiving, from the integrating device 91, the original data restored from the hash values of the item “type” to be analyzed, the device 92a counts the number of purchased pets for each of the types of the pets.
The device 92b uses the data indicating the purchase histories of the purchasers of the pets and executes an application for counting the number of purchased pets for each of the pet shops. The device 92b executes the application and thereby transmits, to the integrating device 91, the data transmission instruction that includes the type ID “1” of the data to be analyzed and the “shop name” item to be analyzed. When receiving, from the integrating device 91, the original data restored from the hash values of the “shop name” item to be analyzed, the device 92b counts the number of purchased pets for each of the pet shops.
The device 92c uses the data indicating the purchase histories of the purchasers of the pets and executes an application for counting the number of purchased pets for each of the ages of the purchasers. The device 92c executes the application and thereby transmits, to the integrating device 91, the data transmission instruction that includes the type ID “1” of the data to be analyzed and the “age” item to be analyzed. When receiving, from the integrating device 91, the original data restored from the hash values of the “age” item to be analyzed, the device 92c counts the number of purchased pets for each of the ages of the purchasers.
In addition, there is a technique for using first key information to generate a certain hash value for information that is included in personal information and identifies the individual, using second key information to generate a new hash value for the generated certain hash value, and making anonymous the information identifying the individual.
For example, Japanese Laid-open Patent Publication No. 2010-237811, Japanese Laid-open Patent Publication No. 2005-301978, Japanese Laid-open Patent Publication No. 09-245043, Japanese Laid-open Patent Publication No. 2008-22145, Japanese Laid-open Patent Publication No. 04-273378 are issued.
The aforementioned system, however, has a problem that it is easy to interpret anonymized data. For example, when the devices 92a to 92c have the three data items illustrated in the examples of FIGS. 20 to 22, respectively, and the data items flow out of the devices 92a to 92c, a person may be identified by the following method on the basis of the data items that have flowed out of the devices 92a to 92c. That is, information that is registered in the “name” item and common to the three data items and is, for example, records in which a name “A12345” is registered is identified from the three data items, and information of which anonymity is released and that is “32”, “shop B” and “dog” is identified from the identified records. Thus, the fact that a person indicated by the information including the anonymous name “A12345” is 32 years old and has purchased a dog at the shop B is identified. Thus, it is easy to identify the person on the basis of the information indicating that the person is 32 years old and has purchased the dog at the shop B. The aforementioned system, therefore, has the problem that it is easy to interpret anonymized data.
A method for applying a technique for making anonymous information identifying an individual to the aforementioned system and making a purchaser's name registered in the “name” item anonymous may be considered. In this method, a hash value is generated using first key information for information of the name of a purchaser, and a new hash value is generated using second key information for the generated hash value. Even if this method is used, however, a record in which a newly generated hash value is registered may be identified from a plurality of data items transmitted from the integrating device, and information of which anonymity is released may be identified from the identified record. Thus, even if this method is used, there is a problem that it is easy to interpret anonymized data.