An anonymization (distributed anonymization) technology is known, that avoid identifications of individuals and estimations of attributes when pieces of information which are distributed and stored are combined.
The technology in a Non-Patent Document 1, for example, abstracts pieces of personal information which two business operators store and generates an initial anonymity table, when pieces of data are combined between the two business operators. The technology in the Non-Patent Document 1 gradually varies the abstracted pieces of personal information into detailed information while evaluating whether anonymity is satisfied or not.
In order to generalize the pieces of personal information, one of the business operators determines a candidate for a separating point of the pieces of personal information and informs the other business operator of a list of user identifiers separated at the separating point. When separating the pieces of data at the informed separating point, the business operator storing sensitive information confirms whether or not two indices, k-anonymity and i-diversity, are satisfied. Where, the sensitive information means information which is not intended to change in order to use for information processing of the combined pieces of data. An individual cannot be identified based on the pieces of data which satisfies the two indices.
By providing users with only the pieces of data which satisfy the two indices, identifications of individuals based on the provided pieces of data is avoidable. In other words, the technology in the Non-Patent Document 1 can avoid identifications of the individual sensitive information.
A Non-Patent Document 2 expresses a technology concerning Open ID.