Verification device, verification system, verification method, and program

The verification device and system address the issue of unnecessary personal information disclosure by selectively disclosing attribute information, enhancing privacy and promoting service utilization.

JP2026112590APending Publication Date: 2026-07-07NEC CORP

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
NEC CORP
Filing Date
2024-12-25
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Existing service provision systems risk disclosing unnecessary personal information to service providers, deterring users from utilizing such services.

Method used

A verification device and system that acquires, converts, and matches attribute information to determine service eligibility based on minimal disclosure, using methods like zero-knowledge proofs and redacted signatures to conceal unnecessary information.

Benefits of technology

Enhances user privacy by reducing the amount of information disclosed, thereby increasing the incentive to use services that require personal information.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026112590000001_ABST
    Figure 2026112590000001_ABST
Patent Text Reader

Abstract

To provide a verification device that can promote the use of services that utilize personal information by reducing the amount of information disclosed by the user. [Solution] The verification device according to this disclosure includes: an attribute information set acquisition unit that acquires a set of attribute information including a converted first attribute information which is information indicating the user's attributes; a second attribute acquisition unit that acquires second attribute information which is included in the first attribute information and indicates the disclosed user's attributes; a second attribute conversion unit that converts the second attribute information; an attribute matching unit that compares the second attribute information converted by the second attribute conversion unit with the converted first attribute information included in the attribute information set; and a service eligibility determination unit that determines whether or not to provide a service to the user based on the matching result in the attribute matching unit and the determination result of whether or not the second attribute information is subject to service provision.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present disclosure relates to a verification device, a verification system, a verification method, and a program.

Background Art

[0002] Techniques for providing services to users who meet predetermined conditions are known. In such services, users may be required to present a certificate indicating that they are the recipients of the services. For example, assume that the service provision condition is that the Body Mass Index (BMI) and blood pressure are within a predetermined range. In such a case, the user can receive the service by presenting, as a certificate, the results of a medical examination issued by a medical institution. By adding a digital signature (hereinafter simply referred to as "signature") of the issuer to such a certificate, the authenticity of the information can be ensured.

[0003] As a related technique, Patent Document 1 discloses a service provision device that uses signature information signed by an issuing institution to verify whether the user's attribute information included in distribution information is the attribute information issued by the issuing institution, and manages the distribution content based on the verification result.

Prior Art Documents

Patent Documents

[0004]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0005] When personal information is required for services like those described above, there is a risk that information other than what is necessary to receive the service may be disclosed to the service provider. For example, in the BMI example mentioned above, providing the results of a health checkup would result in information other than BMI (such as height and weight) being disclosed to the service provider. Therefore, users may refrain from using such services.

[0006] The purpose of this disclosure is, in light of the aforementioned issues, to provide a verification device, verification system, verification method, and program that can promote the use of services that utilize personal information by reducing the amount of information disclosed by the user. [Means for solving the problem]

[0007] The verification device relating to this disclosure is An attribute information set acquisition unit acquires a set of attribute information that includes a converted first attribute information, which is information indicating the user's attributes. A second attribute acquisition unit acquires second attribute information, which is information indicating the user's attributes that are included in the first attribute information and have been disclosed. A second attribute conversion unit that converts the aforementioned second attribute information, An attribute matching unit that compares the second attribute information converted by the second attribute conversion unit with the converted first attribute information included in the set of attribute information, The system includes a service eligibility determination unit that determines whether or not to provide the service to the user based on the matching result in the attribute matching unit and the determination result of whether or not the second attribute information is subject to service provision.

[0008] The verification system described in this disclosure is An attribute information set providing device that provides a set of attribute information including a converted first attribute information which is information indicating the user's attributes, The system includes a verification device that verifies a second attribute information, which is information indicating the user's attributes that are included in the first attribute information and disclosed, using the attribute information set provided by the attribute information set providing device, The verification device is An attribute information set acquisition unit that acquires the aforementioned set of attribute information, A second attribute acquisition unit that acquires the aforementioned second attribute information, A second attribute conversion unit that converts the aforementioned second attribute information, An attribute matching unit that compares the second attribute information converted by the second attribute conversion unit with the converted first attribute information included in the set of attribute information, The system includes a service eligibility determination unit that determines whether or not to provide the service to the user based on the matching result in the attribute matching unit and the determination result of whether or not the second attribute information is subject to service provision.

[0009] The verification method for this disclosure is as follows: An attribute information set acquisition step obtains an attribute information set that includes a transformed first attribute information, which is information indicating the user's attributes, A second attribute acquisition step involves acquiring second attribute information, which is information that is included in the first attribute information and indicates the disclosed user attributes, A second attribute conversion step for converting the aforementioned second attribute information, An attribute matching step which compares the second attribute information converted in the second attribute conversion step with the converted first attribute information included in the set of attribute information, The service eligibility determination step includes determining whether or not to provide the service to the user based on the matching result in the attribute matching step and the determination result of whether or not the second attribute information is subject to the provision of the service.

[0010] The program related to this disclosure is An attribute information set acquisition step obtains an attribute information set that includes a transformed first attribute information, which is information indicating the user's attributes, A second attribute acquisition step involves acquiring second attribute information, which is information that is included in the first attribute information and indicates the disclosed user attributes, A second attribute conversion step for converting the aforementioned second attribute information, An attribute matching step of matching the second attribute information converted in the second attribute conversion step with the converted first attribute information included in the set of the attribute information; A service availability determination step of determining whether or not to provide a service to the user based on the matching result in the attribute matching step and the determination result as to whether or not the second attribute information is a service target, which causes a computer to execute.

Advantages of the Invention

[0011] The verification device, verification system, verification method, and program according to the present disclosure enable promotion of use of a service using personal information by reducing information disclosed by a user.

Brief Description of the Drawings

[0012] [Figure 1] FIG. 1 is a block diagram showing a configuration of a verification device according to the present disclosure. [Figure 2] FIG. 2 is a flowchart showing a process flow performed by the verification device according to the present disclosure. [Figure 3] FIG. 3 is a diagram showing a usage example of VC according to the present disclosure. [Figure 4] FIG. 4 is a diagram showing an example of disclosing all information including information that a VP issuer does not wish to disclose. [Figure 5] FIG. 5 is a diagram showing an example of concealing information that a VP issuer does not wish to disclose. [Figure 6] FIG. 6 is a diagram for explaining an outline of a process in the verification system according to the present disclosure. [Figure 7] FIG. 7 is a block diagram showing a configuration of the verification system according to the present disclosure. [Figure 8] FIG. 8 is a flowchart showing a process flow performed by the verification device according to the present disclosure. [Figure 9] FIG. 9 is a block diagram showing a configuration of the verification system according to the present disclosure. [Figure 10]Figure 10 is a block diagram showing the detailed configuration of the lottery unit relating to this disclosure. [Figure 11] Figure 11 is a flowchart showing the processing flow performed by the verification device relating to this disclosure. [Figure 12] Figure 12 is a block diagram illustrating the hardware configuration of a computer that implements the verification device etc. related to this disclosure. [Modes for carrying out the invention]

[0013] Embodiments of the present disclosure will be described in detail below with reference to the drawings. In each drawing, the same or corresponding elements are denoted by the same reference numerals. For clarity of explanation, redundant explanations will be omitted where necessary.

[0014] <Embodiment 1> (Verification device 100) Figure 1 is a block diagram showing the configuration of the verification device 100 according to this disclosure. The verification device 100 comprises an attribute information set acquisition unit 103, a second attribute acquisition unit 101, a second attribute conversion unit 102, an attribute matching unit 105, and a service eligibility determination unit 106.

[0015] The attribute information set acquisition unit 103 acquires a set of attribute information, including the transformed first attribute information, which is information indicating the user's attributes. The second attribute acquisition unit 101 acquires the second attribute information, which is information indicating the user's attributes that are included in the first attribute information and have been disclosed. The second attribute conversion unit 102 converts the second attribute information.

[0016] The attribute matching unit 105 compares the second attribute information converted by the second attribute conversion unit 102 with the converted first attribute information included in the attribute information set. The service availability determination unit 106 determines whether or not to provide the service to the user based on the matching result from the attribute matching unit 105 and the determination result of whether or not the second attribute information is subject to service provision.

[0017] The verification device 100 includes a processor, memory, and storage device (not shown). The storage device stores a computer program on which the processing described herein is implemented. The processor can load the computer program from the storage device into memory and execute the computer program. In this way, the processor realizes the functions of the attribute information set acquisition unit 103, the second attribute acquisition unit 101, the second attribute conversion unit 102, the attribute matching unit 105, and the service availability determination unit 106.

[0018] Alternatively, the attribute information set acquisition unit 103, the second attribute acquisition unit 101, the second attribute conversion unit 102, the attribute matching unit 105, and the service availability determination unit 106 may each be implemented with dedicated hardware. Furthermore, some or all of each component may be implemented by general-purpose or dedicated circuits, processors, etc., or combinations thereof. These may be configured by a single chip or by multiple chips connected via a bus. Some or all of each component may be implemented by a combination of the aforementioned circuits, etc., and programs.

[0019] (Processing by verification device 100) Refer to Figure 2. The process performed by the verification device 100 will be explained. Figure 2 is a flowchart showing the flow of the process performed by the verification device 100.

[0020] First, the attribute information set acquisition unit 103 acquires a set of attribute information that includes the transformed first attribute information, which is information indicating the user's attributes (S1). Next, the second attribute acquisition unit 101 acquires the second attribute information, which is information indicating the user's attributes that are included in the first attribute information and have been disclosed (S2). Subsequently, the second attribute conversion unit 102 converts the second attribute information (S3).

[0021] Next, the attribute matching unit 105 matches the second attribute information converted by the second attribute conversion unit 102 with the converted first attribute information included in the attribute information set (S4). Then, the service availability determination unit 106 determines whether or not to provide the service to the user based on the matching result from the attribute matching unit 105 and the determination result of whether or not the second attribute information is subject to service provision (S5).

[0022] As explained above, the verification device 100 related to this disclosure determines whether or not to provide the service using the attributes disclosed by the user, thus reducing the amount of information that the user receiving the service needs to disclose. This allows the verification device 100 to promote the use of services that use personal information.

[0023] <Embodiment 2> Next, Embodiment 2 will be described. Embodiment 2 is a specific example of Embodiment 1 described above. First, the basic aspects of the VC (Verifiable Credential) used in this disclosure will be explained with reference to Figures 3 to 5. A VC represents a verifiable certificate issued by a predetermined issuer.

[0024] Figure 3 illustrates an example of VC usage. Figure 3 shows an overview of the process when a user obtains a university graduation certificate VC and submits it to a company during job hunting. In this example, VC issuer 1 is the university from which the user graduated. VP (Verifiable Presentation) issuer 2 is the user who obtains and submits the graduation certificate VC. The VP represents a verifiable presentation issued based on the VC. VP verifier 3 is the company that receives the graduation certificate VC from the user and verifies it.

[0025] As shown in Figure 3, VP Validator 3 requests VP Issuer 2 to submit a graduation certificate VC. VP Issuer 2 requests VC Issuer 1 to issue the graduation certificate VC. VC Issuer 1 issues the graduation certificate VC at the request of VP Issuer 2 and stores the graduation certificate VC in a digital wallet.

[0026] The graduation certificate VC includes the DID (Distributed Identity) of VC issuer 1, the DID of VP issuer 2, the graduation certificate (the data itself), and a signature by VC issuer 1. VC issuer 1 registers their DID and public key in a verifiable data registry such as a blockchain.

[0027] VP Issuer 2's digital wallet contains graduation certificate VCs issued by VC Issuer 1, as well as qualification certificate VCs and TOEIC score certificate VCs. VP Issuer 2 registers its DID and public key with the Verifiable Data Registry. VP Issuer 2 signs the graduation certificate VC and issues the graduation certificate VP. VP Issuer 2 presents the graduation certificate VP to VP Verifier 3.

[0028] VP Verifier 3 receives the necessary VC with the consent of VP Issuer 2. In the example in Figure 3, VP Verifier 3 receives a graduation certificate VP issued by VP Issuer 2 based on the graduation certificate VC. The graduation certificate VC is signed by VP Issuer 2. VP Verifier 3 uses the signatures of VC Issuer 1 and VP Issuer 2 contained in the graduation certificate VP to verify the authenticity of the data of VC Issuer 1 and VP Issuer 2.

[0029] VP Verifier 3 can verify that the graduation certificate VC was presented by the legitimate holder of the graduation certificate VC by verifying the signature by VP Issuer 2. For example, if the graduation certificate VC does not bear the holder's signature, VP Verifier 3 cannot distinguish whether the graduation certificate VC was presented by the legitimate holder or an illegitimate holder. Therefore, VP Verifier 3 may accept the presentation of a graduation certificate VC from someone other than the legitimate holder. On the other hand, if the graduation certificate VC bears the holder's signature, VP Verifier 3 can verify that the graduation certificate VC was presented by the legitimate holder by verifying the signature. This prevents VP Verifier 3 from accepting the presentation of a graduation certificate VC from someone other than the legitimate holder.

[0030] In this way, by receiving a certificate whose authenticity can be verified, the certificate verifier can verify the authenticity of the certificate without contacting the certificate issuer. This improves the persistence and scalability of the certificate.

[0031] Figures 4 and 5 illustrate the challenges that may arise when using a general signature. In Figures 4 and 5, VP issuer 2 issues a driver's license VP based on a driver's license VC to prove that they are 20 years of age or older, and presents the driver's license VP to VP verifier 3. VC issuer 1 is an organization such as a prefectural driver's license center or police station. VP issuer 2 is a user who holds a driver's license. VP verifier 3 is an organization such as a liquor store, police officer, or rental car company.

[0032] Figure 4 shows an example where all information is disclosed, including information that VP issuer 2 does not wish to disclose. The driver's license VC includes the user's name, nationality, date of birth, license type, and number of violations. The driver's license VC is also signed by VC issuer 1. VP issuer 2 signs the driver's license VC with their own signature and issues a driver's license VP, which is then presented to VP verifier 3.

[0033] In this case, if the driver's license VP is presented as is, VP issuer 2 would have to provide information that VP verifier 3 does not need. This could lead to the leakage of VP issuer 2's personal information. To prove that VP issuer 2 is 20 years of age or older, VP issuer 2 does not need to provide VP verifier 3 with any information other than their date of birth. Furthermore, if they can prove that they are 20 years of age or older, VP issuer 2 does not need to provide their date of birth information.

[0034] To address these issues, the leakage of personal information can be prevented by concealing the information contained in the driver's license VP (Virtual Certificate). Figure 5 shows an example of concealing information that VP issuer 2 does not wish to disclose. In the example in Figure 5, as indicated by the shading, information other than the date of birth is concealed in the driver's license VP. Furthermore, only the information that the person is "20 years of age or older" is disclosed as the date of birth, and the details of the date of birth are not disclosed. Techniques that enable such selective disclosure of information include, for example, methods using zero-knowledge proofs (ZKP) and redacted signatures.

[0035] (Overview of the process in verification system 50) Next, with reference to Figure 6, an overview of the processing in the verification system 50 relating to this disclosure will be explained. Figure 6 is a diagram illustrating the overview of the processing in the verification system 50. The verification system 50 is a system that enables users to receive the desired service by disclosing only the minimum necessary personal information to the verifier using the technology described above.

[0036] VC Issuer 1 is the administrator responsible for managing the first attribute information, which is information indicating the user's attributes. For the sake of explanation, the first attribute information will be referred to as "all attribute information" below. All attribute information represents all of the user's attributes that are subject to the issuance of VCs and VPs. User attributes include, but are not limited to, the user's name, nationality, date of birth, gender, age, blood pressure, or BMI. All attribute information includes the second attribute information (disclosed attribute information) described later.

[0037] The administrator is, for example, a certification body such as a medical institution. However, the VC issuer may also be a government agency, financial institution, company, or industry association. VP issuer 2 is the user seeking the service. The type and content of the service are arbitrary. VP verifier 3 is the service provider. The service provider may be, for example, a medical institution, insurance company, fitness club, beverage manufacturer, food manufacturer, or educational institution.

[0038] In this example, the user presents VP Validator 3 with a health check result VC showing the results of their health check in order to receive the service. As shown in VP Validator 3's block, the conditions for receiving the service are set as "BMI >= 25" and "Blood pressure >= 140 / 90 mmHg".

[0039] VC issuer 1 hashes all of the user's attribute information to generate hashed attribute information. In the diagram, the hashed attribute information is shown in shaded areas and has an "H" at the beginning of the data. As shown in the flow chart at the bottom of the diagram, VC issuer 1 issues a health check result VC based on the hashed attribute information and sends the health check result VC to VP issuer 2. VP issuer 2 adds its signature to the health check result VC and issues a health check result VP. VP issuer 2 sends the health check result VP to VP verifier 3.

[0040] Furthermore, as shown in the upper part of the diagram, VC issuer 1 provides VP issuer 2 with all of the user's attribute information as is. VP issuer 2 selects and presents only the attributes it wishes to show to VP verifier 3 from the total attribute information. In this case, VP issuer 2 presents only the BMI information. This BMI information is second attribute information, indicating the attributes disclosed by the user. For the sake of explanation, second attribute information will be referred to as "disclosed attribute information" below. Disclosed attribute information is information that indicates the attributes disclosed by the user from the total attribute information. Therefore, disclosed attribute information is a part of the total attribute information.

[0041] VP Verifier 3 hashes the presented disclosed attribute information to generate a hash value. VP Verifier 3 determines whether this hash value is equal to the hash value of the BMI included in the health checkup results VP. VP Verifier 3 also determines whether the signatures of VC Issuer 1 and VP Issuer 2 are valid. Using the results of each determination, VP Verifier 3 decides whether or not to provide the service to the user.

[0042] (Configuration of Verification System 50) Figure 7 is a block diagram showing the configuration of the verification system 50 according to this disclosure. The verification system 50 comprises a VC issuing device 10, a VP issuing device 20, and a verification device 30. The VC issuing device 10, the VP issuing device 20, and the verification device 30 communicate with each other via a network (not shown). The network is, for example, a wired or wireless communication line. The one-way arrows shown in the figure simply illustrate the flow of information (data or signals, etc.) and do not exclude the bidirectional nature of information.

[0043] The VC issuing device 10 is a device used by the VC issuer 1. The VC issuing device 10 issues a VC in response to a VC issuance request. A VC is a set of attribute information, including all attribute information that has been converted. By issuing a VC, the VC issuing device 10 provides the set of attribute information to other devices. For example, the VC issuing device 10 provides the set of attribute information to the verification device 30 via the VP issuing device 20, which issues a VP based on the VC. The VC issuing device 10 may also be called an attribute information set providing device.

[0044] The VP issuing device 20 is a device used by VP issuer 2 (user). The VP issuing device 20 issues VPs based on the VC issued by the VC issuing device 10.

[0045] Verification device 30 is a device used by VP verifier 3 (service provider). Verification device 30 acquires data from VC issuing device 10 and VP issuing device 20, and verifies the authenticity of the disclosed attribute information and VP based on the acquired data. Verification device 30 also determines whether or not to provide the service to the user based on the acquired data. Verification device 30 may also be called a service provision device.

[0046] (VC issuing device 10) The VC issuing device 10 includes an issuance request acquisition unit 11, a personal information acquisition unit 12, a signature generation unit 13, a VC issuing unit 14, and a private key storage unit 15.

[0047] The issuance request acquisition unit 11 acquires a VC issuance request from the VP issuing device 20 to request the issuance of a VC. The personal information acquisition unit 12 acquires all of the user's attribute information from the VP issuing device 20. In the example in Figure 6, the all attribute information is the user's personal information, including the user's name, nationality, date of birth, blood pressure, and BMI. The all attribute information includes attributes other than those disclosed by the user in order to receive the service (disclosed attribute information). The user can request the issuance of a VC from the VC issuing device 10 by sending the VC issuance request and personal information to the VC issuing device 10 using the VP issuing device 20.

[0048] The signature generation unit 13 generates a signature of VC issuer 1. This signature is a digital signature that proves the authenticity of the VC. The signature generation unit 13 generates the signature using a public-key cryptography scheme. However, the signature generation unit 13 may generate the signature using any method.

[0049] When a VC issuance request is received by the issuance request acquisition unit 11, the VC issuance unit 14 issues a VC to the VC issuance device 20. The VC issuance unit 14 hashes all attribute information acquired by the personal information acquisition unit 12 and generates a hash value. The VC issuance unit 14 generates the hash value using a hash function such as SHA-256. The VC issuance unit 14 adds the signature of VC issuer 1 to the hashed attribute information and issues the VC.

[0050] The private key storage unit 15 stores the private key used to generate the signature of VC issuer 1. At least a portion of the private key storage unit 15 is composed of non-volatile memory so that the data is retained even when the power to the VC issuing device 10 is turned off.

[0051] (VP issuing device 20) The VP issuing device 20 includes a VC acquisition unit 21, a signature generation unit 22, a VP issuing unit 23, and a private key storage unit 24.

[0052] The VC acquisition unit 21 acquires the VC from the VC issuing device 10. The signature generation unit 22 generates a signature of the VP issuer 2. This signature is a digital signature that proves the authenticity of the VP. The signature generation unit 22 generates the signature using a public-key cryptography scheme. However, the signature generation unit 22 may generate the signature using any method.

[0053] The VP issuing unit 23 issues a VP to the verification device 30 based on the VC acquired by the VC acquisition unit 21. The VP issuing unit 23 affixes the signature of VP issuer 2 to the VC and issues the VP.

[0054] The private key storage unit 24 stores the private key used to generate the signature of the VP issuer 2. At least a portion of the private key storage unit 24 is composed of non-volatile memory so that the data is retained even when the power to the VP issuing device 20 is turned off.

[0055] (Verification device 30) Verification device 30 is an example of the verification device 100 described above. Verification device 30 includes a disclosure attribute acquisition unit 31, a disclosure attribute conversion unit 32, a VP acquisition unit 33, a signature verification unit 34, an attribute matching unit 35, a service availability determination unit 36, and a public key storage unit 37.

[0056] The Disclosure Attribute Acquisition Unit 31 is an example of the Second Attribute Acquisition Unit 101 described above. The Disclosure Attribute Acquisition Unit 31 acquires disclosure attribute information (second attribute information), which is information that indicates the user's attributes that have been disclosed and is included in the total attribute information (first attribute information). The Disclosure Attribute Acquisition Unit 31 acquires as disclosure attribute information the attributes that have been selectively disclosed by the user from the total attribute information.

[0057] Disclosed attribute information is information that a user discloses, indicating the user's own attributes. Disclosed attribute information may be attributes that the user selectively discloses in order to receive the service. Disclosed attribute information may also include the user's biometric information. As shown in Figure 6, disclosed attribute information may include, for example, the user's BMI and blood pressure.

[0058] The disclosure attribute acquisition unit 31 acquires disclosure attribute information, for example, via a terminal device used by the user. Here, the user uses the VP issuing device 20 as the terminal device. The terminal device is, for example, a PC (Personal Computer), a smartphone, or a tablet device, but is not limited to these. The disclosure attribute acquisition unit 31 may also acquire disclosure attribute information via an input device (not shown) that accepts input from the user. For example, in the case of a beverage vending machine that offers a discount service, an input device may be provided in the vending machine.

[0059] The disclosure attribute conversion unit 32 is an example of the second attribute conversion unit 102 described above. The disclosure attribute conversion unit 32 converts the disclosure attribute information obtained by the disclosure attribute acquisition unit 31. In order to protect user privacy, the disclosure attribute conversion unit 32 converts the disclosure attribute information into a format that does not allow for direct identification. The disclosure attribute conversion unit 32 may convert the disclosure attribute information using any method. For example, the disclosure attribute conversion unit 32 converts the disclosure attribute information by hashing it and generates a hash value.

[0060] The VP acquisition unit 33 is an example of the attribute information set acquisition unit 103 described above. The VP acquisition unit 33 acquires attribute information sets, including those with all attribute information converted. For example, the VP acquisition unit 33 acquires VPs issued based on VCs from the VP issuing device 20 as attribute information sets.

[0061] The signature verification unit 34 verifies the signatures of VC issuer 1 and VP issuer 2 included in the VP obtained by the VP acquisition unit 33. The method of signature verification is arbitrary. For example, the signature verification unit 34 verifies the signatures of VC issuer 1 and VP issuer 2 using a public-key cryptography scheme. This allows the signature verification unit 34 to determine whether the signatures of VC issuer 1 and VP issuer 2 are legitimate.

[0062] The attribute matching unit 35 is an example of the attribute matching unit 105 described above. The attribute matching unit 35 compares the disclosed attribute information converted by the disclosed attribute conversion unit 32 with the converted total attribute information contained in the VP. Specifically, the attribute matching unit 35 compares the hash value generated by the disclosed attribute conversion unit 32 with the hash value contained in the VP. The attribute matching unit 35 identifies the hash value corresponding to the disclosed attribute information from among the hash values ​​contained in the VP and performs the comparison using the identified hash value. As a result, the attribute matching unit 35 determines whether the disclosed attribute information and the total attribute information are equal.

[0063] The service availability determination unit 36 ​​is an example of the service availability determination unit 106 described above. The service availability determination unit 36 ​​determines whether to provide the service to the user based on the matching result in the attribute matching unit 35 and the determination result of whether the disclosed attribute information is subject to the provision of the service. The service availability determination unit 36 ​​may also determine whether to provide the service based on the verification result in the signature verification unit 34. The following description will explain an example in which the service availability determination unit 36 ​​determines whether to provide the service based on the verification result in the signature verification unit 34, the matching result in the attribute matching unit 35, and the determination result of whether the disclosed attribute information is subject to the provision of the service.

[0064] The content of the services provided to the user is at the user's discretion. For example, the service availability determination unit 36 ​​may decide whether or not to provide services that may contribute to improving the user's health. Services that may contribute to improving the user's health may include, for example, providing a beverage that is expected to have the effect of suppressing blood pressure increases at a discounted price if the user's blood pressure is above a predetermined value. Other services may include discounts on movie tickets for those with a disability certificate, or a discount system on insurance premiums that applies if the user meets the health standards set by the insurance company. The services are not limited to these, and any services provided according to the user's attributes are acceptable.

[0065] The service eligibility determination unit 36 ​​determines that the service can be provided if the verification result from the signature verification unit 34, the matching result from the attribute matching unit 35, and the determination result of whether the disclosed attribute information is eligible for the service all meet the service provision conditions.

[0066] Specifically, the service eligibility determination unit 36 ​​decides to provide the service if the verification result in the signature verification unit 34 and the matching result in the attribute matching unit 35 are correct, and it is determined that the disclosed attribute information is eligible for the service. Conversely, the service eligibility determination unit 36 ​​decides that the service cannot be provided if at least one of these conditions is not met.

[0067] The public key storage unit 37 stores the public key used for verifying signatures. The public key storage unit 37 obtains a public key from the VC issuing device 10 to verify whether the signature of VC issuer 1 assigned to the VC is valid, and stores the said public key. The public key storage unit 37 also obtains a public key from the VP issuing device 20 to verify whether the signature of VP issuer 2 assigned to the VP is valid, and stores the said public key. At least a portion of the public key storage unit 37 is composed of non-volatile memory so that data is retained even when the power to the verification device 30 is turned off.

[0068] The configuration of the verification system 50 has been described above. The configuration of the verification system 50 described above is merely an example and can be modified as appropriate. For example, if some or all of the components of the VC issuing device 10, VP issuing device 20, and verification device 30 are implemented by multiple information processing devices or circuits, these multiple information processing devices or circuits may be centrally located or distributed. For example, the information processing devices or circuits may be implemented in a form in which each is connected via a communication network, such as a client-server system or a cloud computing system. Furthermore, the functions of the VC issuing device 10, VP issuing device 20, and verification device 30 may be provided in SaaS (Software as a Service) format.

[0069] Furthermore, although the above description shows the private key storage unit 15, private key storage unit 24, and public key storage unit 37 as being inside each device, these may be provided in an external device. Also, although the above description uses an example in which the user performs the various processes described above using the VP issuing device 20, the user may perform processes other than VP issuance using other devices. For example, the user may make a VC issuance request using a device other than the VP issuing device 20.

[0070] (Processing by verification device 30) Next, with reference to Figure 8, the processes performed by the verification device 30 will be explained. Figure 8 is a flowchart showing the flow of processes performed by the verification device 30. It should be assumed that the following processes have already been performed as preliminary preparations.

[0071] 1. Issuance of VC The user uses the VP issuing device 20 to send a VC issuance request and all attribute information to the VC issuing device 10. The VC issuing device 10 issues a VC based on the VC issuance request and all attribute information, and sends the VC to the VP issuing device 20.

[0072] 2. Issuance of VP The VP issuing device 20 issues a VP based on the VC and transmits the VP to the verification device 30.

[0073] Furthermore, in the following, the disclosed attribute information provided by the user will be referred to as "Attribute X". For example, as shown in Figure 6, Attribute X is the information "BMI: 26".

[0074] First, the disclosure attribute acquisition unit 31 acquires attribute X disclosed by the user (S11). For example, the disclosure attribute acquisition unit 31 acquires attribute X via the VP issuing device 20. Next, the disclosure attribute conversion unit 32 hashes attribute X and generates a hash value (S12). Subsequently, the VP acquisition unit 33 acquires the hash value of attribute X included in the VP acquired from the VP issuing device 20 (S13).

[0075] Next, the attribute matching unit 35 compares the hash value generated by the disclosed attribute conversion unit 32 with the hash value of attribute X included in the VP obtained by the VP acquisition unit 33, and determines whether the two hash values ​​are equal (S14). If it is determined that the two hash values ​​are different (NO in S14), the process proceeds to step S19.

[0076] If the two hash values ​​are determined to be equal (YES in S14), the signature verification unit 34 determines whether the signature of VC issuer 1 is correct (S15). If the signature of VC issuer 1 is determined to be incorrect (NO in S15), the process proceeds to step S19.

[0077] If the signature of VC issuer 1 is determined to be correct (YES in S15), the signature verification unit 34 determines whether the signature of VP issuer 2 is correct (S16). If the signature of VP issuer 2 is determined to be incorrect (NO in S16), the process proceeds to step S19.

[0078] If the signature of VP issuer 2 is determined to be correct (YES in S16), the service eligibility determination unit 36 ​​determines whether attribute X is eligible for the service (S17). For example, the service eligibility determination unit 36 ​​determines whether attribute X satisfies the condition "BMI >= 25" for receiving the service. In this example, since "BMI: 26", the service eligibility determination unit 36 ​​determines that attribute X is eligible for the service.

[0079] If attribute X is determined to be eligible for the service (YES in S17), the service availability determination unit 36 ​​decides to provide the service (S18). If attribute X is determined to be not eligible for the service (NO in S17), or if any of steps S14 to S16 is NO, the service availability determination unit 36 ​​decides not to provide the service (S19).

[0080] As explained above, the verification system 50 related to this disclosure can securely use users' personal information based on the user's consent. Since the verification system 50 can determine whether or not to provide a service using only the minimum necessary personal information, it can increase the user's incentive to use services that require the disclosure of personal information. In this way, the verification system 50 can contribute to promoting the use of services that utilize personal information.

[0081] <Embodiment 3> Next, Embodiment 3 will be described. Embodiment 3 is a modified version of Embodiment 2. In the following, the differences from Embodiment 2 will be the main focus of the description, and overlapping parts will be omitted as appropriate.

[0082] (Verification system 50a) Figure 9 is a block diagram showing the configuration of the verification system 50a according to this disclosure. The verification system 50a comprises a VC issuing device 10, a VP issuing device 20, and a verification device 30a. The verification device 30a has different functions from the verification device 30 described above.

[0083] In the above-described embodiment 2, an example was given in which a user cannot receive the service if the disclosed attribute information does not meet the service provision conditions. In this embodiment, even if the disclosed attribute information does not meet the service provision conditions, the user can receive the service by winning a lottery.

[0084] If personal information used when using a service (e.g., BMI or blood pressure) is made public, the very fact that a user is trying to use the service may become a matter of privacy protection. For example, in a service that offers beverages at a discounted price to users who meet the condition of "blood pressure >= 140 / 90 mmHg", it can be inferred that the blood pressure of users who have received or intend to receive the service meets this condition. Users may refrain from using the service because their privacy may be violated if the use of personal information related to the service becomes known to a third party. In this embodiment, the verification system 50a sets the service provision conditions so that users can receive the service randomly regardless of their attributes. This allows users to receive the service without using their personal information.

[0085] For example, in the example in Figure 6, the conditions for receiving the service were set as "BMI >= 25" and "blood pressure >= 140 / 90 mmHg". In the verification system 50a, in addition to these two conditions, a "random" condition is also set. "Random" indicates that users can receive the service with a predetermined probability, regardless of their attributes.

[0086] The verification system 50a conducts a lottery among users and determines that it is possible to provide the service to the winning users. The probability of winning in the lottery is, for example, 5%. As will be described later, the probability of winning is set to a level that protects user privacy.

[0087] (Verification device 30a) The verification device 30a includes a lottery unit 38 in addition to the configuration of the verification device 30 described above. The service eligibility determination unit 36 ​​performs a different process than the verification device 30.

[0088] The service availability determination unit 36 ​​outputs a notification to the lottery unit 38 if at least one of the following—the verification result from the signature verification unit 34, the matching result from the attribute matching unit 35, and the determination result of whether the disclosed attribute information is eligible for the service—does not satisfy the conditions for providing the service. As a result, the lottery unit 38 conducts a lottery. The service availability determination unit 36 ​​decides to allow the provision of the service to the users who win the lottery.

[0089] The lottery unit 38 conducts a lottery if at least one of the following—the verification result from the signature verification unit 34, the matching result from the attribute matching unit 35, and the determination result of whether the disclosed attribute information is eligible for the service—does not satisfy the conditions for providing the service. The lottery affects the decision made by the service eligibility determination unit 36 ​​regarding whether or not to provide the service to the user.

[0090] The lottery unit 38 conducts a lottery based on the winning probability set to satisfy a predetermined level of privacy. For example, the lottery unit 38 conducts a lottery based on the winning probability set using differential privacy as the predetermined level of privacy. In the following, ε-differential privacy is used as the differential privacy, but for example, local differential privacy may also be used.

[0091] In the typical service provision eligibility determination described in Embodiment 2, the criterion is whether the user's attributes meet the condition "BMI >= 25". In the method of this embodiment, the verification system 50a makes the service available to users selected by lottery (for example, 5% of users). This method of randomly determining the eligibility of service provision can be treated as a binary randomized response. This method satisfies ε-differential privacy.

[0092] Here, "the randomization function Q: D → R satisfies ε-difference privacy" means that for any databases D1, D2 ∈ D and any subset S ⊆ R, the following inequality (1) is satisfied.

[0093] Pr[Q(D1)∈S]<=exp(ε)*Pr[Q(D2)∈S] ···(1)

[0094] The probability p that satisfies ε-differential privacy is given by equation (2) below. p=(exp(ε)-1) / (exp(ε)+1) ···(2)

[0095] The lottery unit 38 sets the probability p within a range that satisfies ε-difference privacy. This allows the lottery to be conducted while protecting the user's privacy.

[0096] Figure 10 is a block diagram showing the detailed configuration of the lottery unit 38. The lottery unit 38 comprises a random information acquisition unit 381 and a winner determination unit 382. The random information acquisition unit 381 randomly generates lottery information to be used for the lottery. The random information acquisition unit 381 may also acquire lottery information that has been randomly generated by another device. For example, when external information is input, the random information acquisition unit 381 generates a random number using the input time of the external information as a seed, and acquires the generated random number as lottery information. The external information is such as a notification received from the service availability determination unit 36.

[0097] The winner determination unit 382 conducts a lottery using the generated lottery information and the probability p set in advance using the above-described formula (2). The winner determination unit 382 outputs the lottery result to the service availability determination unit 36. As a result, the service availability determination unit 36 ​​determines whether or not to provide the service.

[0098] (Processing by verification device 30a) Next, the processing performed by the verification device 30a will be explained with reference to Figure 11. Figure 11 is a flowchart showing the flow of processing performed by the verification device 30a. It should be assumed that the issuance of VC and VP as described in Embodiment 2 has been completed as a preliminary step. Also, steps S21 to S28 are the same as steps S11 to S18 described in Figure 8, so a detailed explanation will be omitted.

[0099] If the answer in any of steps S24 to S27 is NO, the lottery unit 38 performs a lottery (S29). For example, the random information acquisition unit 381 of the lottery unit 38 randomly generates lottery information using random numbers or the like. The winner determination unit 382 of the lottery unit 38 performs a lottery using the generated lottery information. The winner determination unit 382 outputs the lottery result to the service availability determination unit 36.

[0100] The service availability determination unit 36 ​​determines whether the user has won (S30). If it determines that the user has won (YES in S30), the service availability determination unit 36 ​​decides to provide the service (S28). If it determines that the user has not won (NO in S30), the service availability determination unit 36 ​​decides not to provide the service (S31).

[0101] As explained above, the verification system 50a enables users to receive the service with a predetermined probability, regardless of their attributes. The verification system 50a protects user privacy by making it difficult for third parties to infer whether or not personal information has been disclosed. This allows the verification system 50a to encourage users to use the service using their personal information.

[0102] <Example Hardware Configuration> Each functional component of the verification device 100, VC issuing device 10, VP issuing device 20, verification device 30, and verification device 30a (hereinafter referred to as "verification device 100, etc.") may be implemented by hardware that realizes each functional component (e.g., hardwired electronic circuits, etc.) or by a combination of hardware and software (e.g., a combination of electronic circuits and programs that control them, etc.). The case in which each functional component of the verification device 100, etc. is implemented by a combination of hardware and software will be further explained below.

[0103] Figure 12 is a block diagram illustrating the hardware configuration of a computer 900 that implements the verification device 100, etc. The computer 900 may be a dedicated computer designed to implement the verification device 100, etc., or it may be a general-purpose computer. The computer 900 may also be a portable computer such as a smartphone or tablet device.

[0104] For example, by installing a predetermined application on the computer 900, the various functions of the verification device 100, etc., are realized on the computer 900. The above application consists of a program for realizing the functional components of the verification device 100, etc.

[0105] Computer 900 comprises a bus 902, a processor 904, memory 906, a storage device 908, an input / output interface 910, and a network interface 912. The bus 902 is a data transmission path for the processor 904, memory 906, storage device 908, input / output interface 910, and network interface 912 to send and receive data to and from each other. However, the method of connecting the processor 904 and other components to each other is not limited to bus connection.

[0106] The processor 904 is a variety of processors such as a CPU (Central Processing Unit), GPU (Graphics Processing Unit), FPGA (Field-Programmable Gate Array), or quantum processor (quantum computer control chip). The memory 906 is the main memory, implemented using RAM (Random Access Memory), etc. The storage device 908 is the auxiliary storage, implemented using a hard disk, SSD (Solid State Drive), memory card, or ROM (Read Only Memory), etc.

[0107] The input / output interface 910 is an interface for connecting the computer 900 with input / output devices. For example, input devices such as keyboards and output devices such as display devices are connected to the input / output interface 910.

[0108] The network interface 912 is an interface for connecting computer 900 to a network. This network may be a LAN (Local Area Network) or a WAN (Wide Area Network).

[0109] The storage device 908 stores programs that implement each functional component of the verification device 100, etc. (programs that implement the aforementioned applications). The processor 904 reads these programs into memory 906 and executes them to implement each functional component of the verification device 100, etc.

[0110] Each processor executes one or more programs containing a set of instructions for causing the computer to perform an algorithm. These programs, when loaded into the computer, contain a set of instructions (or software code) for causing the computer to perform one or more functions described in the embodiments. The programs may be stored in various types of non-transitory computer-readable medium or tangible storage medium. Examples, but not limited to, include non-transitory computer-readable medium or tangible storage medium, such as RAM, ROM, flash memory, SSD or other memory technologies, CD-ROM, DVD (Digital Versatile Disc), Blu-ray® disc or other optical disc storage, magnetic cassette, magnetic tape, magnetic disk storage or other magnetic storage devices. The programs may also be transmitted over various types of transient computer-readable medium or communication medium. Examples, but not limited to, include transient computer-readable medium or communication medium, such as electrical, optical, acoustic or other forms of propagating signals.

[0111] Although the present disclosure has been described above with reference to embodiments, the present disclosure is not limited to the embodiments described above. Various modifications to the structure and details of the present disclosure are possible, as can be understood by those skilled in the art within the scope of the present disclosure. Furthermore, each embodiment can be combined with other embodiments as appropriate.

[0112] Each drawing is merely illustrative to illustrate one or more embodiments. Each drawing may be associated with one or more other embodiments rather than with only one specific embodiment. As those skilled in the art will understand, various features or steps described with reference to any one drawing can be combined with features or steps shown in one or more other drawings, for example, to create embodiments not explicitly shown or described. Not all features or steps shown in any one drawing to illustrate an exemplary embodiment are necessarily required, and some features or steps may be omitted. The order of steps shown in any of the drawings may be changed as appropriate.

[0113] Some or all of the above embodiments may also be described as follows, but are not limited to the following: (Note 1) An attribute information set acquisition unit acquires a set of attribute information that includes a converted first attribute information, which is information indicating the user's attributes. A second attribute acquisition unit acquires second attribute information, which is information indicating the user's attributes that are included in the first attribute information and have been disclosed. A second attribute conversion unit that converts the aforementioned second attribute information, An attribute matching unit that compares the second attribute information converted by the second attribute conversion unit with the converted first attribute information included in the set of attribute information, The system includes a service eligibility determination unit that determines whether or not to provide the service to the user based on the matching result in the attribute matching unit and the determination result of whether or not the second attribute information is eligible for the service. Verification device. (Note 2) The attribute information set acquisition unit acquires a VP (Verifiable Presentation) issued based on a VC (Verifiable Credential) as a set of attribute information. The system further includes a signature verification unit that verifies the signature of the VC issuer included in the VP and the signature of the VP issuer. The service availability determination unit, based on the verification results from the signature verification unit, further determines whether or not to provide the service to the user. The verification device described in Appendix 1. (Note 3) The second attribute acquisition unit acquires the attributes selectively disclosed by the user from the first attribute information as the second attribute information. The verification device described in Appendix 1 or 2. (Note 4) The second attribute conversion unit converts the second attribute information by hashing it. The verification device described in any one of the appendices 1 to 3. (Note 5) The system further includes a lottery unit that performs a lottery if at least one of the matching result in the attribute matching unit and the determination result of whether the second attribute information is eligible for service provision does not satisfy the conditions for providing the service. The service availability determination unit decides to allow the provision of the service to the user who won the lottery. The verification device described in any one of the appendices 1 to 4. (Note 6) The lottery unit performs the lottery based on the winning probability set to satisfy a predetermined level of privacy. The verification device described in Appendix 5. (Note 7) The lottery unit performs the lottery based on the winning probability set using differential privacy as the predetermined privacy strength. Verification device as described in Appendix 5 or 6. (Note 8) The lottery unit randomly generates lottery information to be used in the lottery, and performs the lottery using the generated lottery information. The verification device described in any one of the items 5 to 7 of the appendix. (Note 9) The signature verification unit verifies the signature of the VC issuer and the signature of the VP issuer using a public-key cryptography scheme. The verification device described in Appendix 2. (Note 10) The aforementioned second attribute information includes the user's biometric information, The aforementioned VC issuer is the administrator who manages the aforementioned biometric information, The aforementioned VP issuer is the aforementioned user, The aforementioned verification device is used by the service provider, The service availability determination unit determines whether or not to provide a service that can contribute to improving the user's health condition. Verification device as described in Appendix 2 or 9. (Note 11) An attribute information set providing device that provides a set of attribute information including a converted first attribute information which is information indicating the user's attributes, The system includes a verification device that verifies a second attribute information, which is information indicating the user's attributes that are included in the first attribute information and disclosed, using the attribute information set provided by the attribute information set providing device, The verification device is An attribute information set acquisition unit that acquires the aforementioned set of attribute information, A second attribute acquisition unit that acquires the aforementioned second attribute information, A second attribute conversion unit that converts the aforementioned second attribute information, An attribute matching unit that compares the second attribute information converted by the second attribute conversion unit with the converted first attribute information included in the set of attribute information, The system includes a service eligibility determination unit that determines whether or not to provide the service to the user based on the matching result in the attribute matching unit and the determination result of whether or not the second attribute information is eligible for the service. Verification system. (Note 12) An attribute information set acquisition step obtains an attribute information set that includes a transformed first attribute information, which is information indicating the user's attributes, A second attribute acquisition step involves acquiring second attribute information, which is information that is included in the first attribute information and indicates the disclosed user attributes, A second attribute conversion step for converting the aforementioned second attribute information, An attribute matching step which compares the second attribute information converted in the second attribute conversion step with the converted first attribute information included in the set of attribute information, The service eligibility determination step includes determining whether or not to provide the service to the user based on the matching result in the attribute matching step and the determination result of whether or not the second attribute information is subject to the provision of the service. Verification method. (Note 13) An attribute information set acquisition step obtains an attribute information set that includes a transformed first attribute information, which is information indicating the user's attributes, A second attribute acquisition step involves acquiring second attribute information, which is information that is included in the first attribute information and indicates the disclosed user attributes, A second attribute conversion step for converting the aforementioned second attribute information, An attribute matching step which compares the second attribute information converted in the second attribute conversion step with the converted first attribute information included in the set of attribute information, The computer is instructed to perform a service eligibility determination step, which determines whether or not to provide the service to the user based on the matching result in the attribute matching step and the determination result of whether or not the second attribute information is eligible for the service. program.

[0114] Some or all of the elements (e.g., configuration and function) described in Appendices 2 to 10 that are dependent on Appendice 1 may also be dependent on Appendices 11, 12, and 13 in the same manner as those described in Appendices 2 to 10. Some or all of the elements described in any appendice may be applicable to various hardware, software, recording means, systems, and methods for recording software. [Explanation of Symbols]

[0115] 1. VC Issuer 2 VP Issuers 3 VP Verifiers 10 VC issuing devices 11. Issuance Request Acquisition Section 12 Personal information acquisition department 13 Signature generation section 14 VC Publishing Department 15 Private key storage 20 VP issuing devices 21 VC Acquisition Department 22 Signature generation section 23 VP Publishing Department 24 Private key storage 30, 30a Verification device 31 Disclosure attribute acquisition unit 32 Disclosure Attribute Conversion Unit 33 VP Acquisition Department 34 Signature Verification Department 35 Attribute matching unit 36 Service Availability Decision Department 37 Public Key Storage 38. Lottery Department 50, 50a Verification System 100 Verification device 101 Second attribute acquisition part 102 Second Attribute Conversion Unit 103 Attribute information set acquisition unit 105 Attribute matching unit 106 Service Availability Decision Department 381 Random Information Acquisition Department 382 Selection Department 900 Computers 902 Bus 904 Processor 906 memory 908 Storage Devices 910 Input / Output Interface 912 Network Interface

Claims

1. An attribute information set acquisition unit acquires a set of attribute information that includes a converted first attribute information, which is information indicating the user's attributes. A second attribute acquisition unit acquires second attribute information, which is information indicating the user's attributes that are included in the first attribute information and have been disclosed. A second attribute conversion unit that converts the aforementioned second attribute information, An attribute matching unit that compares the second attribute information converted by the second attribute conversion unit with the converted first attribute information included in the set of attribute information, The system includes a service eligibility determination unit that determines whether or not to provide the service to the user based on the matching result in the attribute matching unit and the determination result of whether or not the second attribute information is eligible for the service. Verification device.

2. The attribute information set acquisition unit acquires a VP (Verifiable Presentation) issued based on a VC (Verifiable Credential) as a set of attribute information. The system further includes a signature verification unit that verifies the signature of the VC issuer and the signature of the VC issuer included in the VP, The service availability determination unit, based on the verification results from the signature verification unit, further determines whether or not to provide the service to the user. The verification apparatus according to claim 1.

3. The second attribute acquisition unit acquires the attributes selectively disclosed by the user from the first attribute information as the second attribute information. The verification device according to claim 1 or 2.

4. The second attribute conversion unit converts the second attribute information by hashing it. The verification device according to claim 1 or 2.

5. The system further includes a lottery unit that performs a lottery if at least one of the matching result in the attribute matching unit and the determination result of whether the second attribute information is eligible for service provision does not satisfy the conditions for providing the service. The service availability determination unit decides to allow the provision of the service to the user who won the lottery. The verification device according to claim 1 or 2.

6. The lottery unit performs the lottery based on the winning probability set to satisfy a predetermined level of privacy. The verification apparatus according to claim 5.

7. The lottery unit performs the lottery based on the winning probability set using differential privacy as the predetermined privacy strength. The verification apparatus according to claim 6.

8. The lottery unit randomly generates lottery information to be used in the lottery, and performs the lottery using the generated lottery information. The verification apparatus according to claim 5.

9. The signature verification unit verifies the signature of the VC issuer and the signature of the VP issuer using a public-key cryptography scheme. The verification apparatus according to claim 2.

10. The second attribute information includes the user's biometric information, The aforementioned VC issuer is the administrator who manages the aforementioned biometric information, The aforementioned VP issuer is the aforementioned user, The aforementioned verification device is used by the service provider, The service availability determination unit determines whether or not to provide a service that can contribute to improving the user's health condition. The verification apparatus according to claim 2.

11. An attribute information set providing device that provides a set of attribute information including a converted first attribute information which is information indicating the user's attributes, The system includes a verification device that verifies a second attribute information, which is information indicating the user's attributes that are included in the first attribute information and have been disclosed, using the attribute information set provided by the attribute information set providing device. The verification device is An attribute information set acquisition unit that acquires the aforementioned set of attribute information, A second attribute acquisition unit that acquires the aforementioned second attribute information, A second attribute conversion unit that converts the aforementioned second attribute information, An attribute matching unit that compares the second attribute information converted by the second attribute conversion unit with the converted first attribute information included in the set of attribute information, The system includes a service eligibility determination unit that determines whether or not to provide the service to the user based on the matching result in the attribute matching unit and the determination result of whether or not the second attribute information is eligible for the service. Verification system.

12. An attribute information set acquisition step involves acquiring an attribute information set that includes a transformed first attribute information, which is information indicating the user's attributes, A second attribute acquisition step involves acquiring second attribute information, which is information that is included in the first attribute information and indicates the disclosed user attributes, A second attribute conversion step for converting the aforementioned second attribute information, An attribute matching step which compares the second attribute information converted in the second attribute conversion step with the converted first attribute information included in the set of attribute information, The service eligibility determination step includes determining whether or not to provide the service to the user based on the matching result in the attribute matching step and the determination result of whether or not the second attribute information is subject to service provision. Verification method.

13. An attribute information set acquisition step involves acquiring an attribute information set that includes a transformed first attribute information, which is information indicating the user's attributes, A second attribute acquisition step involves acquiring second attribute information, which is information that is included in the first attribute information and indicates the disclosed user attributes, A second attribute conversion step for converting the aforementioned second attribute information, An attribute matching step which compares the second attribute information converted in the second attribute conversion step with the converted first attribute information included in the set of attribute information, The computer is instructed to perform a service eligibility determination step, which determines whether or not to provide the service to the user based on the matching result in the attribute matching step and the determination result of whether or not the second attribute information is eligible for the service. program.