Program, information processing device, and information processing method

The program and information processing apparatus address the challenge of verifying the legitimacy of user data origins by enabling data acquisition, provision, and certification, ensuring authenticity and completeness of the data source.

JP7882800B2Active Publication Date: 2026-06-30JCB CO LTD

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Patents
Current Assignee / Owner
JCB CO LTD
Filing Date
2023-03-28
Publication Date
2026-06-30

AI Technical Summary

Technical Problem

Existing technologies do not enable the destination to confirm the legitimacy of the origin of user data, such as the operator and reliability of the data source.

Method used

A program and information processing apparatus that includes functions for acquiring, providing, and certifying user data, along with provider certification information, to verify the legitimacy of the data source upon request.

Benefits of technology

Enables the recipient to verify the legitimacy of the data source when providing user data, ensuring authenticity and completeness.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 0007882800000001
    Figure 0007882800000001
  • Figure 0007882800000002
    Figure 0007882800000002
  • Figure 0007882800000003
    Figure 0007882800000003
Patent Text Reader

Abstract

To provide a program, an information processing device, and an information processing method that allow a provision destination to check validity of a data source in response to a request of the provision destination in providing user data.SOLUTION: A program causes a computer to perform: an acquisition reception function of receiving an acquisition instruction to acquire user data of a user, from a user device of the user; a data acquisition function of acquiring the user data from a provision source device of a provision source, on the basis of the acquisition instruction; a provision reception function of receiving a provision instruction of providing the user data to a provision destination, from the user device or a provision destination device of the provision destination; a data provision function of providing the user data to be provided, to the provision destination device, on the basis of the provision instruction; a certificate reception function of receiving a request for a certificate of the provision source corresponding to the user data to be provided, from the provision destination device; a certificate acquisition function of acquiring provision source certificate information that certificates the provision source; and a certificate provision function of providing the provision source certificate information of the provision source to the provision destination device, on the basis of the certificate request.SELECTED DRAWING: Figure 3
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present invention relates to a program, an information processing apparatus, and an information processing method.

Background Art

[0002] In recent years, technologies for acquiring data related to users such as personal information (hereinafter also referred to as "user data") and providing it to a third party after ensuring the reliability of the user data are known. Patent Document 1 discloses an information cooperation system that accesses a database capable of registering and updating information, and calculates reliability information regarding the information stored in the database based on the reliability of the original information, the attributes of the organization that provided the information, and the like.

Prior Art Documents

Patent Documents

[0003]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0004] By the way, at the destination of the user data, there may be a case where it is desired to confirm the origin of the user data, such as which operator is the origin of the user data and how reliable the origin information is. However, in the above conventional technology, the destination cannot confirm the legitimacy of the origin of the user data.

[0005] Therefore, an object of the present invention is to provide a program, an information processing apparatus, and an information processing method that enable a destination to confirm the legitimacy of the origin of data in response to a request from the destination when providing user data.

Means for Solving the Problems

[0006] A program according to one aspect of the present invention enables a computer to implement: an acquisition reception function that receives an acquisition instruction from a user's user device to acquire user data relating to a user; a data acquisition function that acquires user data from a provider's provider device based on the acquisition instruction; a provision reception function that receives a provision instruction from the user's device or the provider's provider's provider device to provide user data to a recipient; a data provision function that provides the user data to be provided to the recipient device based on the provision instruction; a certification reception function that receives a certification request from the recipient device for the provider corresponding to the user data to be provided; a certification acquisition function that acquires provider certification information to prove the provider; and a certification provision function that provides the provider's provider certification information to the recipient device based on the certification request.

[0007] An information processing device according to one aspect of the present invention includes: an acquisition receiving unit that receives an acquisition instruction from a user's user device to acquire user data relating to a user; a data acquisition unit that acquires user data from a provider's provider device based on the acquisition instruction; a provision receiving unit that receives a provision instruction from the user's device or the provider's provider device to provide user data to a recipient; a data provision unit that provides the user data to be provided to the recipient device based on the provision instruction; a certification receiving unit that receives a certification request from the provider corresponding to the user data to be provided to the recipient device; a certification acquisition unit that acquires provider certification information to prove the provider; and a certification provision unit that provides the provider's provider certification information to the recipient device based on the certification request.

[0008] An information processing method according to one aspect of the present invention involves a computer receiving an acquisition instruction from a user's user device to acquire user data relating to a user, acquiring user data from a provider's provider device based on the acquisition instruction, receiving a provision instruction from the user's device or the provider's provider device to provide user data to a recipient, providing the user data to be provided to the recipient device based on the provision instruction, receiving a certification request from the recipient device for the provider corresponding to the user data to be provided, acquiring provider certification information to prove the provider, and providing the provider certification information to the recipient device based on the certification request. [Effects of the Invention]

[0009] According to the present invention, when providing user data, the recipient can verify the legitimacy of the data's source upon request. [Brief explanation of the drawing]

[0010] [Figure 1] This figure illustrates an example of the system configuration of the data mediation system according to this embodiment. [Figure 2] This figure illustrates an example of the data mediation system according to this embodiment. [Figure 3] This figure shows an example of the functional configuration of the intermediary device according to this embodiment. [Figure 4] This figure shows an example of the data structure of the data mediation system according to this embodiment. [Figure 5] This figure shows an example screen of the data mediation system according to this embodiment. [Figure 6] This figure shows an example screen of the data mediation system according to this embodiment. [Figure 7] This figure shows an example screen of the data mediation system according to this embodiment. [Figure 8] This figure shows an example screen of the data mediation system according to this embodiment. [Figure 9] This figure shows an example screen of the data mediation system according to this embodiment. [Figure 10] This figure shows an example of the operation of the intermediary device according to this embodiment. [Figure 11] This figure shows an example of the hardware configuration of the intermediary device according to this embodiment. [Modes for carrying out the invention]

[0011] A preferred embodiment of the present invention (hereinafter referred to as "this embodiment") will be described with reference to the attached drawings. In each drawing, components denoted by the same reference numerals have the same or similar configuration.

[0012] In the present invention, "part," "means," "apparatus," or "system" does not merely mean physical means, but also includes cases where the functions of such "part," "means," "apparatus," or "system" are realized by software. Furthermore, even if the functions of one "part," "means," "apparatus," or "system" are realized by a combination of two or more physical means, devices, or software modules, the functions of two or more "parts," "means," "apparatus," or "systems" may be realized by a single physical means, device, or software module.

[0013] The data intermediary system 1 according to this embodiment is a system for obtaining data about a user (hereinafter also referred to as "user data") from a provider based on the user's instructions and providing it to a recipient. Furthermore, when providing user data, the data intermediary system 1 can provide the recipient with information that proves the source of the user data (i.e., the provider) and the legitimacy of the data itself (e.g., authenticity or completeness).

[0014] Users of Data Intermediation System 1 (hereinafter also simply referred to as "Users") may include, for example, providers of user data, intermediaries who operate and manage Data Intermediation System 1, instructors who give various instructions regarding user data, updaters who update user data, generators who create (newly create) user data, users of Provider System 2 (hereinafter also referred to as "Provider Users"), or users of Destination System 3 (hereinafter also referred to as "Destination Users"). Users corresponding to user data may, for example, be Provider Users and / or Destination Users.

[0015] In this embodiment, an example of the mediation of user data between businesses will be described, but the mediation targets of the data mediation system 1 are not limited to this. For example, the data provider may be an individual, or the data recipient may be an individual. That is, the data mediation system 1 may be applied to the mediation of data between individuals, or may be applied to the mediation of data between a business and an individual.

[0016] <1. System Configuration> Referring to FIG. 1, an example of the system configuration of the data mediation system 1 according to this embodiment will be described. As shown in FIG. 1, the data mediation system 1 includes a mediation device 100, a first data provider device 200a, a second data provider device 200b, a recipient device 300, and a user device 400. Note that when there is no particular need to distinguish between the first data provider device 200a and the second data provider device 200b, they are also collectively referred to as the "data provider device 200".

[0017] The mediation device 100, the data provider device 200, the recipient device 300, and the user device 400 are communicably connected to each other via a network N in order to perform cooperation of user data and / or proof information such as the provider of the user data between the devices. Further, the mediation device 100 may be communicably connected to other external devices, for example, an authentication institution device 500 via the network N.

[0018] The proof information is information that proves the entity performing the proof (hereinafter, also simply referred to as the "entity"), or information that proves the validity of various data. The proof information may be, for example, an electronic certificate that proves the authenticity, integrity (non-tampering property), and / or existence after a specific point in time (so-called existence proof) of the entity or various data. The entity may be, for example, a data provider, a mediator, an instructing party, an updater, or a data provider user. The proof information may be, for example, an electronic signature, the entity's e-seal, a time stamp, information indicating the result of the entity's personal authentication (for example, the authentication of the user at the time of login, etc.) (hereinafter, also referred to as "authentication result information"), and / or information indicating the result of the entity's identity confirmation (hereinafter, also referred to as "identity confirmation result information").

[0019] [Intermediary device] The intermediary device 100 is an information processing device for realizing a platform that acquires user data from one or more providers, registers it in its own storage unit 130, and provides this registered user data to one or more recipients. By executing a predetermined program, the intermediary device 100 acquires user data from the provider's device 200 and implements a server function that provides the acquired user data and proof information such as the provider of the user data to the recipient device 300. The intermediary device 100 may be, for example, a Web server, an AP server, and / or a DB server if the data intermediary system 1 adopts a Web 3-tier architecture.

[0020] The intermediary device 100 may, for example, use the API (Application Programming Interface) provided by the provider device 200 when acquiring user data, etc. The intermediary device 100 may also provide the recipient device 300 with an API for providing user data and / or various certification information. The recipient device 300 may use this API to acquire user data, etc. Such inter-device cooperation (in other words, external I / F) may be implemented using an SDK (Software Development Kit) for the data intermediary system 1, which includes the API.

[0021] [Provider device] The provider device 200 is an information processing device used by the provider business or individual. For example, if the provider is a business that provides services and / or goods, the provider device 200 may be a device of a system (hereinafter also referred to as the "provider system") for providing services and / or goods to provider users. In this case, the data intermediary system 1 exchanges user data with the provider system 2. For example, if the provider system 2 adopts a Web 3-tier architecture, the provider device 200 may be a web server, an application server, and / or a database server.

[0022] [Destination device] The recipient device 300 is an information processing device used by the recipient business or individual. For example, if the recipient is a business that provides services and / or goods, the recipient device 300 may be a device of a system (hereinafter also referred to as the "recipient system") for providing services and / or goods to the provider user. For example, if the recipient system 3 adopts a Web 3-tier architecture, the recipient device 300 may be a web server, an application server, and / or a database server.

[0023] [User device] The user device 400 is an information processing device used by the user corresponding to user data, and is, for example, a terminal device such as a smartphone, laptop, or tablet. By executing a predetermined program, the user device 400 connects with the intermediary device 100 to send and receive various data, and accepts instruction input or request input from the user. This predetermined program may be, for example, a web browser that is standardly provided on the user device 400, or an application program specifically for the data intermediary system 1 installed on the user device 400.

[0024] [Certification Authority Equipment] The certification authority device 500 is a device of a certification authority (e.g., a government or a trusted third-party organization) capable of issuing electronic certificates of the subject's electronic signature. The certification authority may be a public or private organization. The certification authority may be, for example, a so-called trusted third-party organization (TTP), and specifically, a certification authority (CA).

[0025] [network] Network N consists of wireless or wired networks. Examples of networks include mobile phone networks or PHS (Personal Handy-phone System) networks, wireless LAN (Local Area Network, including communication compliant with IEEE 802.11 (so-called Wi-Fi®)), 3G (3rd Generation), LTE (Long Term Evolution), 4G (4th Generation), 5G (5th Generation), WiMAX®, infrared communication, visible light communication, Bluetooth®, wired LAN, telephone lines, power line communication networks, and networks compliant with IEEE 1394, etc.

[0026] <2. Overview> Referring to Figure 2, an example of the overview of the data mediation system 1 will be explained. As shown in Figure 2, the functions realized by the mediation device 100 are classified into the following four categories. In the data mediation system 1, cooperation (including information exchange and / or function exchange; the same applies hereinafter) is performed between the classified functions. • Proven history and processing verification function • Data management function • Dashboard function • Operation processing history function

[0027] This example describes a scenario where data holder A and data holder B are the providers of user data.

[0028] <Dashboard Features> (1) When the intermediary device 100 successfully authenticates the provider user during access (login) to the data intermediary system 1, it displays a dashboard screen (hereinafter also simply referred to as the "data dashboard") related to the provider user's user data on the user device 400. The data dashboard displays the status of acquisition and provision of user data managed by the data intermediary system 1, the status of providers and recipients that cooperate with the data intermediary system 1, etc.

[0029] The intermediary device 100 receives acquisition instructions from the user device 400 via the data dashboard to acquire user data. The intermediary device 100 also receives provision instructions via the data dashboard to provide the acquired user data to the recipient. Note that all or part of the data dashboard may use a user interface provided by a third-party system of another business operator instead of the user interface provided by the data intermediary system 1. Also, the instruction to acquire user data may also serve as an instruction to provide user data. In other words, the intermediary device 100 may acquire and provide user data in response to a single instruction input.

[0030] <Operation Processing History Function> (2) The intermediary device 100 registers in its storage unit 130 operation history information of operation inputs such as requests to access the data intermediary system 1 (including user authentication) and instructions to acquire user data for the data dashboard, as well as processing history information showing the history of processing performed by these operation inputs. When there is no particular need to distinguish between operation history information and processing history information, they are collectively referred to as "history information". The intermediary device 100 may also register in its storage unit 130, for example, certification information (hereinafter also referred to as "history certification information") that proves various histories indicated by this history information (specifically, the authenticity or completeness of various histories, etc.) in association with the history information.

[0031] Operation history information is information that shows the history of operation inputs. Operation history information may be, for example, a log file in which the content of user operation inputs is recorded for a predetermined period. Processing history information is information that shows the history of various processes executed in the data mediation system 1. Processing history information may be, for example, a log file that shows the execution results of each process, output by the devices of the data mediation system 1.

[0032] <Data Management Function> (3) Based on the acquisition instruction in (1) above, the intermediary device 100 acquires user data from the first provider device 200a of data holder A and the second provider device 200b of data holder B.

[0033] <Proven track record and processing verification function> (4) Based on the acquisition instruction in (1) above, the intermediary device 100 verifies from the storage unit 130 or each provider device 200 that data holder A and data holder B are providers of user data. The intermediary device 100 may also verify the provider using, for example, the following methods (a) to (c). (a) Verify the authenticity of data providers A and B, and generate information that certifies each provider (hereinafter also referred to as "provider certification information") based on the results of this verification. (b) The system requests the external certification authority device 500 to provide proof of authenticity for data providers A and B, and obtains provider certification information for each provider as a response to the request. (c) Obtain provider certification information for data holder A and data holder B, respectively, from the first provider device 200a and the second provider device 200b of data holder B.

[0034] The intermediary device 100 may, for example, associate the generated or acquired user data with the provider certification information and register it in its own storage unit 130.

[0035] The intermediary device 100 may, for example, certify the history of user data acquisition processing based on the acquisition instruction. Specifically, the intermediary device 100 may generate and / or acquire information that certifies the history of user data acquisition processing (hereinafter also referred to as "processing history certification information"). The intermediary device 100 may also, for example, certify the history of the provider user's operation input at the time of the acquisition instruction. Specifically, the intermediary device 100 may generate and / or acquire information that certifies the history of user operation input (hereinafter also referred to as "operation history certification information"). Processing history certification information and operation history certification information are forms of history certification information.

[0036] <Data Management Function> (5) Based on the provision instruction in (1) above, the intermediary device 100 provides the user data registered in the storage unit 130 to the recipient device 300 of the data provider C.

[0037] (6) The intermediary device 100 receives a request from the recipient device 300 to certify the provider (data holder A and data holder B) corresponding to the user data provided in (5) above (hereinafter also referred to as a "certification request"). Based on this certification request, the intermediary device 100 provides the recipient device 300 with provider certification information registered in association with the user data provided in (5) above.

[0038] The intermediary device 100 may, for example, accept, in addition to the provider, the history of operations and processing related to the acquisition of the above-mentioned user data, as well as a request for proof of said history. Based on this proof request, the intermediary device 100 may provide the recipient device 300 with the history information and history proof information registered in association with the user data provided in (5) above.

[0039] Under the above configuration, data intermediary system 1 can provide user data obtained from data providers A and B to the recipient, and can also provide information proving the identity of these providers upon the recipient's request. Therefore, when providing user data, data intermediary system 1 enables the recipient to verify the legitimacy of the data source upon their request.

[0040] Under the above configuration, the data intermediary system 1 can acquire and manage one or more user data points held by multiple providers based on user instructions via the data dashboard, and then provide them to the recipient. Therefore, users can easily link their user data in a one-stop manner from the data dashboard.

[0041] <3. Functional Configuration> Referring to Figure 3, the functional configuration of the intermediary device 100 according to this embodiment will be described. As shown in Figure 3, the intermediary device 100 comprises a control unit 110, a communication unit 120, and a storage unit 130.

[0042] The control unit 110 includes a reception unit 111, an acquisition unit 112, and a provision unit 113. The control unit 110 may also include, for example, a request unit 114, a certification unit 115, and / or a display unit 116.

[0043] [Reception Department] The reception unit 111 receives various instructions or requests from the provider device 200, the recipient device 300, and / or the user device 400, etc. The manner in which the reception unit 111 receives these instructions may be any manner. The reception unit 111 may, for example, receive information indicating instructions entered by the user via a screen such as a data dashboard displayed on the user device 400. The reception unit 111 may also receive and accept information indicating various instructions for an API or SDK library implemented by the intermediary device 100 from the device giving the instructions.

[0044] The reception unit 111 includes an acquisition reception unit 111a. The acquisition reception unit 111a receives an acquisition instruction from the user's user device 400 to acquire user data relating to the user.

[0045] The reception unit 111 includes a provision reception unit 111b. The provision reception unit 111b receives a provision instruction to provide user data to a recipient from the user device 400 of the user corresponding to the user data or from the recipient's recipient device 300.

[0046] The reception unit 111 includes a certification reception unit 111c. The certification reception unit 111c receives a certification request from the provider corresponding to the user data to be provided, from the recipient device 300 of the user data.

[0047] The certification reception unit 111c may, for example, receive a certification request for user data to be provided from the recipient device 300.

[0048] The certification reception unit 111c may, for example, receive a certification request from the recipient device 300 from the person who instructed the acquisition or provision of user data (for example, the user corresponding to the user data, or the recipient, etc.).

[0049] The certification reception unit 111c may, for example, receive a certification request from the recipient device 300 for the user data acquisition process by the acquisition unit 112 and / or the provision process by the provision unit 113.

[0050] The certification reception unit 111c may, for example, receive a certification request from the recipient device 300 for an operation input of an instruction to acquire user data or an operation input of an instruction to provide user data.

[0051] The certification reception unit 111c may, for example, receive a certification request from the recipient device 300 for the person who updated the data corresponding to the updated user data to be provided.

[0052] The certification reception unit 111c may, for example, receive a certification request for updated user data to be provided from the recipient device 300.

[0053] The certification reception unit 111c may, for example, receive a certification request from the service provider device 300 for a user data update process executed in response to an update instruction from the user.

[0054] The user data update process may also involve processing the user data, such as anonymization. This anonymization may involve, for example, deleting data items or cell values ​​from the user data, generalizing (pseudonymizing) all or part of the user data by abstracting, conceptualizing, or shortening it with numerical values, top (bottom) coding, data exchange, and / or adding noise (errors) to the target user data.

[0055] The user data update process may, for example, be a process that integrates multiple user data (including merging, consolidating, combining, mixing, simple join / internal join / external join). Alternatively, the user data update process may be a process that performs data wrangling on the user data.

[0056] The reception unit 111 may include, for example, an update reception unit 111d. The update reception unit 111d receives update instructions from the user device 400 or the recipient device 300 that instruct the user to update user data.

[0057] The reception unit 111 may, for example, receive a generation instruction from the user device 400 or the recipient device 300 that instructs the generation of user data.

[0058] [Acquisition Department] The acquisition unit 112 acquires various data from the provider device 200, the recipient device 300, and / or the user device 400, etc. The manner in which the acquisition unit 112 acquires various data may be any manner. For example, the acquisition unit 112 may request user data from the provider device 200 in an event-driven manner (or periodically) based on an acquisition instruction from the user device 400, and receive a data file indicating user data from the provider device 200 as a response to the request. For example, the acquisition unit 112 may instruct a library of an API or SDK implemented by the provider device 200 to refer to user data, history information, and / or proof information thereof, and acquire this data as a result.

[0059] The acquisition unit 112 includes a data acquisition unit 112a. The data acquisition unit 112a acquires user data from the provider's device 200 based on a user data acquisition instruction. User data may include various types of data related to the user.

[0060] <User Data> Here, we will explain an example of user data with reference to Figure 4. As shown in Figure 4, user data can be classified into, for example, the following (1) to (5), and there may be one or more user data entries for each classification. (1) Attribute information: Information linked to an individual user or a business that is a user. (2) Device information: Information associated with the user device 400 that the user will be using. (3) History information: Information regarding the history of transactions etc. performed by the user in the provider's system. (4) Permission information: Information indicating the user's permission regarding user data. (5) Usage data: Data used by users other than those described in (1) to (4) above, and which belongs to the user.

[0061] User data can take various forms, including still images, videos, audio data, text data (including source code), program files (compiled executable files), parameter files, etc. Furthermore, user data may include, for example, data identification information to identify each user data, the date and time of acquisition from the provider of each user data, the date and time of provision for each user data provision, and the last update date and time.

[0062] Returning to Figure 3, the explanation continues. The data acquisition unit 112a may, for example, acquire updated user data (hereinafter also referred to as "updated user data") based on an update request from the request unit 114 from the update device described later.

[0063] The acquisition unit 112 includes a certification acquisition unit 112b. The certification acquisition unit 112b acquires provider certification information to prove the source of the user data. The certification acquisition unit 112b may acquire provider certification information from the storage unit 130 or the provider device 200, etc., based, for example, on an instruction to acquire user data or a provider certification request.

[0064] The certification acquisition unit 112b may, for example, acquire data certification information that certifies user data. Specifically, the certification acquisition unit 112b may acquire data certification information from the storage unit 130 or the provider device 200, etc., based on a user data acquisition instruction or a user data certification request.

[0065] The certification acquisition unit 112b may, for example, acquire provider certification information and / or data certification information generated by the certification receiving unit 115 from the storage unit 130 based on a certification request received by the certification acceptance unit 111c.

[0066] The certification acquisition unit 112b may, for example, acquire instructioner certification information that certifies the person who issued the acquisition instruction and / or provision instruction received by the reception unit 111. Specifically, the certification acquisition unit 112b may acquire instructioner certification information from the storage unit 130 or user device 400, etc., based on the certification request, etc., received by the certification reception unit 111c.

[0067] The certification acquisition unit 112b may acquire, for example, processing history certification information that certifies the history of acquisition processing based on acquisition instructions and / or the history of provision processing based on provision instructions. The certification acquisition unit 112b may acquire processing history certification information from the storage unit 130, the providing device 200, and / or the receiving device 300, etc., based on certification requests for acquisition processing and / or provision processing.

[0068] The certification acquisition unit 112b may acquire, for example, operation history certification information that certifies the history of operation inputs for acquisition instructions and / or operation inputs for provision instructions. The certification acquisition unit 112b may acquire operation history certification information from the storage unit 130 and / or user device 400, etc., based on the operation input certification request.

[0069] The certification acquisition unit 112b may, for example, acquire updater certification information that certifies the person who updated the updated user data. Specifically, the certification acquisition unit 112b may acquire updater certification information from the updater device or storage unit 130 based on the update instruction received by the update reception unit 111d.

[0070] The certification acquisition unit 112b may, for example, acquire data certification information that certifies updated user data. Specifically, the certification acquisition unit 112b may acquire data certification information from the updater device or storage unit 130, etc., based on a certification request for updated user data and / or an instruction to update user data.

[0071] The certification acquisition unit 112b may, for example, in the event that the subject's encryption key is leaked, acquire a revocation request for an electronic certificate issued using this encryption key from a device used by the subject. If the certification acquisition unit 112b acquires this revocation request, it may register the electronic certificate in question (or the electronic signature encrypted with the encryption key contained in the electronic certificate) in the Certificate Revocation List (CRL).

[0072] The certification acquisition unit 112b may, for example, acquire the electronic signature generated by the certification unit 115 from the storage unit 130. Alternatively, as another example, the certification acquisition unit 112b may acquire the electronic signature of the subject from the subject's device. The electronic certificate may include information to prove the legitimacy of the electronic signature thus acquired (for example, the subject's key information).

[0073] [Provider] The data provider unit 113 provides various data to the source device 200, the destination device 300, and / or the user device 400, etc. The manner in which the data provider unit 113 provides various data may be any manner. For example, the data provider unit 113 may send a data file or message containing user data and / or certification information related to said user data to these devices in an event-driven manner. Alternatively, the data provider unit 113 may, as another example, cause the destination device 300 to display the certification information via a data dashboard. Alternatively, the data provider unit 113 may, as yet another example, provide this data to the destination device 300, etc., via a library of an API or SDK that it implements.

[0074] The provisioning unit 113 includes a data provisioning unit 113a. Based on the provisioning instructions received by the provisioning reception unit 111b, the data provisioning unit 113a provides the user data to be provided to the recipient device 300.

[0075] The data provision unit 113a may, for example, provide updated user data to the recipient device 300 based on a provision instruction received by the provision reception unit 111b or an update instruction received by the update reception unit 111d.

[0076] The provisioning unit 113 includes a certification provisioning unit 113b. The certification provisioning unit 113b provides the provider's provider certification information to the recipient device 300 based on the provider's certification request received by the certification receiving unit 111c. The certification provisioning unit 113b may, for example, provide the provider's e-seal or electronic signature to the recipient device 300 based on the provider's certification request.

[0077] According to the above configuration, the certification provision unit 113b enables the recipient to verify the legitimacy (authenticity) of the data's source upon request when providing user data. For example, the recipient can verify with a certain degree of certainty that the provided user data was not provided by a third party impersonating the provider.

[0078] The certification provision unit 113b may, for example, provide data certification information for user data to the receiving device 300 based on a certification request for user data received by the certification reception unit 111c. The certification provision unit 113b may, for example, provide the receiving device 300 with a timestamp for the user data, an electronic signature (message digest) based on the user data, and / or an electronic certificate including the electronic signature as data certification information based on a certification request for user data.

[0079] According to the above configuration, the certification provision unit 113b enables the recipient to verify the legitimacy (completeness) of the data itself when providing user data. For example, the recipient can verify with a certain degree of certainty that the provided user data has not been tampered with.

[0080] The certification provision unit 113b may, for example, provide the instructioner's instructioner certification information to the receiving device 300 based on the instructioner's certification request received by the certification reception unit 111c. The certification provision unit 113b may, for example, provide the instructioner's e-seal and / or electronic signature as certification information. The certification provision unit 113b may also, for example, provide the instructioner's identity verification result information and / or authentication result information as certification information.

[0081] According to the above configuration, when providing user data, the recipient can verify the legitimacy of the information of the person issuing the instruction to provide or update the data. For example, the recipient can verify with a certain degree of certainty that the provided user data was not provided by a third party impersonating the provider.

[0082] The certification provision unit 113b may, for example, provide processing history certification information to the recipient device 300 based on the user data acquisition process and / or provision processing certification request received by the certification reception unit 111c. The certification provision unit 113b may, for example, provide the recipient device 300 with a timestamp for the processing history information, an electronic signature (message digest) based on the processing history information, and / or an electronic certificate including the electronic signature as processing history certification information.

[0083] According to the above configuration, when user data is shared, the recipient can verify the legitimacy of the acquisition or provision process. For example, the recipient can verify with a certain degree of certainty that user data has not been provided through a process that impersonates a user and disguises the provision process of the data intermediary system 1.

[0084] The certification provision unit 113b may, for example, provide operation history certification information to the recipient device 300 based on the certification request for operation input received by the certification reception unit 111c. The certification provision unit 113b may, for example, provide the recipient device 300 with a timestamp for the operation history information, an electronic signature (message digest) based on the processing history information, and / or an electronic certificate including the electronic signature as operation history certification information.

[0085] According to the above configuration, when linking user data, the recipient can verify the legitimacy of the operation input related to the linking. For example, the recipient can confirm with a certain degree of certainty that user data has not been linked through operation input by a third party impersonating a user.

[0086] The certification provision unit 113b may, for example, provide renewal certificate information to the recipient device based on the renewal certificate request received by the certification reception unit 111c.

[0087] According to the above configuration, when updating user data, the recipient can verify the legitimacy of the person updating the data. For example, the recipient can confirm with a certain degree of certainty that user data updated by a third party impersonating the true updater has not been shared.

[0088] The certification provision unit 113b may, for example, provide data certification information to the recipient device 300 based on a certification request for updated user data received by the certification reception unit 111c.

[0089] According to the above configuration, when providing updated user data, the recipient can verify the authenticity (completeness) of the data itself. Therefore, for example, the recipient can confirm with a certain degree of certainty that the provided updated user data has not been tampered with.

[0090] [Request part] The request unit 114 makes various requests to the provider device 200, the recipient device 300, and / or the user device 400, etc. Based on the update instructions received by the update reception unit 111d, the request unit 114 requests the device of the person updating the user data (hereinafter also referred to as the "update device") to update the user data. The update device is typically the provider device 200, but is not limited to this. For example, the updater may be a different user from the provider, and in this case, the update device may be the user device 400. Another example is that the updater may be a different party from both the provider and the user, and in this case, the update device may be a different device from the provider device 200 and the user device 400.

[0091] The request unit 114 requests the generator's device (hereinafter also referred to as the "generation device") that generates user data to generate user data, for example, based on the generation instruction received by the update reception unit 111d. The generation device is typically the provider device 200, but is not limited thereto.

[0092] The request unit 114 may, for example, extract update candidate data from one or more user data registered in the storage unit 130. Specifically, the request unit 114 may compare multiple user data of the same user and of the same type (same data item), and as a result of this comparison, extract data that differs from other user data as update candidates. The request unit 114 may also request the update device to update this extracted update candidate data.

[0093] [Certification Section] The certification unit 115 generates various certification information, including provider certification information and / or data certification information. The certification unit 115 may, for example, generate (issue) an electronic certificate that certifies the provider or user data, acting as a so-called private CA. The certification unit 115 may register this generated certification information in the storage unit 130 in association with the corresponding user data.

[0094] The certification unit 115 may generate, for example, history certification information, instructioner certification information, updater certification information, and / or generator certification information. The certification unit 115 may register this generated certification information in the storage unit 130 in association with the corresponding user data.

[0095] According to the above configuration, the intermediary device 100 can provide the recipient device 300 with the certification information it generates itself. Therefore, for example, even if it cannot obtain certification information from the provider, it can verify the legitimacy of the provider and user data itself, generate certification information as a result of the verification, and provide it.

[0096] The certification unit 115 may generate a user's digital signature based, for example, on user data and / or history information. The certification unit 115 may register this generated digital signature in the storage unit 130. Specifically, the certification unit 115 may generate a hash value for all or part of the combination of processing record information. The certification unit 115 may generate a digital signature by encrypting the hash value thus generated using key information. The certification unit 115 may include this generated digital signature in a digital certificate.

[0097] Key information is, for example, information about the subject's encryption key. Key information may not be the encryption key itself, but rather a token that has the right to use the encryption key. The encryption key may be, for example, the symmetric key of a symmetric-key cryptosystem, or a public key and private key pair of a public-key cryptosystem. In the case of encryption of an electronic signature, the subject's private key may be used as key information, and the public key that forms the pair of the encrypted private key may be included in the electronic certificate.

[0098] The certification unit 115 may, for example, issue an electronic certificate based on the X.509 standard for Public Key Infrastructure (PKI) of the ITU-T (International Telecommunication Union - Telecommunication sector) when using a public key cryptography scheme as described above.

[0099] The certification unit 115 may, for example, generate a hash value for all or part of the certification information, such as an electronic certificate. The certification unit 115 may also encrypt the hash value thus generated using the key information of the provider, etc., and use that as the provider's electronic signature.

[0100] The certification unit 115 may, for example, set an expiration date for the generated certification information. The certification unit 115 may include the set expiration date in the certification information. The certification unit 115 may set the expiration date of the certification information based, for example, the classification of the corresponding user data, the last update date and time of the corresponding user data, the person who updated the corresponding user data, and / or the identity verification result information of the person who updated the data.

[0101] The certification unit 115 may, for example, request the certification authority device 500 to issue certification information such as user data, subject, and / or history information, without generating the certification information itself. The certification unit 115 may, for example, obtain the certification information issued by the certification authority device 500 as a response to this issuance request.

[0102] [Display] The display unit 116 displays various data related to the data intermediary system 1 on the user device 400 on a screen such as a data dashboard. For example, the display unit 116 associates user data with provider certification information corresponding to the user data, or information indicating the presence or absence of provider certification information, and displays them on the user device 400.

[0103] With the above configuration, the user can confirm user data and corresponding provider information, or whether such information exists, all at once from the screen display. After confirming this display, the user can, for example, provide user data or request provider verification from the intermediary device 100.

[0104] The display unit 116 may, for example, display information on the user device 400 to notify the update candidate data extracted by the request unit 114 (hereinafter also referred to as "update candidate notification information").

[0105] [Identity Verification Department] The certification unit 115 may include an identity verification unit 115a. The identity verification unit 115a verifies the user's identity based on user data in order to ensure and prove the user's authenticity. This identity verification electronically confirms the likelihood that the user is a real person (so-called eKYC), and may be, for example, Identity Proofing as defined by NIST (National Institute of Standards and Technology) SP 800-63-3. The identity verification unit 115a may use, for example, information classified as attribute information of user data as verification information for identity verification. For example, if the user whose identity has been verified is an instructor, updater, or generator, the identity verification unit 115a may register identity verification result information indicating the result of the identity verification as instructor certification information, updater certification information, or generator certification information, etc., in the storage unit 130.

[0106] [Authentication Department] The certification unit 115 may include an authentication unit 115b. The authentication unit 115b performs one or more user authentications in response to an authentication request received by the reception unit 111 in order to ensure and prove the authenticity of the user. The authentication unit 115b may use, for example, information classified as attribute information of user data as authentication information for user authentication. Performing user authentication multiple times may mean, for example, performing multi-factor authentication such as two-factor authentication which uses multiple authentication elements, or performing multi-stage authentication such as two-step authentication which performs authentication in stages. Another example is that performing user authentication multiple times may mean performing two or more authentications with different authentication levels. If the user is an instructor, updater, or generator, the authentication unit 115b may register authentication result information indicating the result of user authentication in the storage unit 130 as instructor certification information, updater certification information, or generator certification information, etc.

[0107] User authentication may be, for example, the authentication method defined in NIST SP 800-63-3. Furthermore, the authentication level applied to user authentication may be, for example, the Authenticator Assurance Level (AAL) defined in NIST SP 800-63B, as shown below. • Level 1: Requires the use of one or more of the three authentication factors (knowledge, possession, and biometric information), and has a certain level of trustworthiness in authenticating the person. In other words, it can be achieved by performing at least single-factor authentication. • Level 2: Requires the use of multiple factors out of three, such as an ID / password plus a one-time password, and provides a considerable level of trust in user authentication. Unlike Level 3, Level 2 can be achieved even if the second authentication factor is software-based. • Level 3: Two-factor authentication is required, and the second authentication method must use tamper-resistant hardware, resulting in a very high level of trust in authenticating the user (specifically, a PIN code + IC chip embedded card + My Number Card, etc.).

[0108] [g section] The communication unit 120 transmits and receives various types of data, such as user data, to the provider device 200, the recipient device 300, the user device 400, and / or other devices of the external system 5 via the network N.

[0109] [Storage] The storage unit 130 stores user data, history information, and / or proof information thereof. The storage unit 130 may store each data using a database management system (DBMS) or it may store each information using a file system. If a DBMS is used, the storage unit 130 may create a table for each of the above data and manage this data by associating these tables.

[0110] <4. Screen example> Refer to Figures 5-9 to explain an example screen of Data Intermediation System 1.

[0111] Figure 5 is a schematic diagram showing an example of the top screen of the data dashboard displayed on the user device 400. As shown in Figure 5, the top screen A1 is a screen that displays information about user data for each logged-in user in an overview format. The top screen A1 includes a user data list display area a11 that displays one or more user data items for a user in an overview format, a search screen display button a12 that displays the user data search screen A2, and a history list display area a13 that displays a history of user data acquisition processes, provision processes, and update requests in an overview format.

[0112] The user data list display area a11 may, for example, display the provider, provider certification information (in Figure 5, an icon indicating the presence or absence of such information is shown), classification, data name (a form of user data identification information), user data acquisition date and time, and last updated date and time (not shown) for each record of one or more user data. In addition, the user data list display area a11 may display the data of the update candidate (in the example in Figure 5, address data from site D) in an identifiable display manner (in the example in Figure 5, a "!" speech bubble icon) as update candidate notification information.

[0113] When the user presses the search screen display button a12, a request to display search screen A2 is sent from the user device 400 to the intermediary device 100. In response to this display request, display information for displaying search screen A2 is sent from the intermediary device 100 to the user device 400. The user device 400 then displays search screen A2 to the user based on this display information.

[0114] As shown in Figure 6, search screen A2 is a screen for users to input conditions for the user data they want to display and perform a search. Search screen A2 includes a search condition input area a21 for entering conditions for the user data to be searched, and a results screen display button a22 that displays the search results screen A3, which displays the user data extracted based on the conditions entered in the search condition input area a21.

[0115] When the user selects the results screen display button a22, a request to display the search results screen A3 (including information indicating the search conditions entered in the search condition input area a21) is sent from the user device 400 to the intermediary device 100. In response to this display request, display information for displaying the search results screen A3 is sent from the intermediary device 100 to the user device 400. The user device 400 then displays the search results screen A3 to the user based on this display information.

[0116] As shown in Figure 7, the search results screen A3 is a screen for displaying user data that matches the conditions entered in the search screen A2. The search results screen A3 includes a user data display area a31 that displays user data that matches the conditions, a provision instruction screen display button a32 that displays a provision instruction screen A4 for providing user data to a recipient, and an update request screen display button a33 that displays an update request screen A5 for updating user data.

[0117] The user data display area a31 displays one or more user data entries that match the conditions entered in the search screen A2 (in the example in Figure 7, three address data entries are assumed to have been extracted). The user data display area a31 may also display, for example, the content and last updated date and time of each of the one or more user data entries.

[0118] The user data display area a31 may also display a group of buttons a311 that display a viewer for each piece of certification information (for example, the content and expiration date of the certification information) to show whether or not certification information exists for each piece of user data (in the example in Figure 7, this would be source certification information, data certification information, and processing history certification information). In the group of buttons a311, for example, if certification information exists, the corresponding button may be enabled, and if certification information does not exist, the corresponding button may be disabled (grayed out in the example in Figure 7).

[0119] The user data display area a31 may display the update candidate data as update candidate notification information in a display manner that allows for identification (in the example in Figure 7, this includes a "!" callout icon, changes to the text formatting, and changes to the background color). The user data display area a31 may also include a target input means a312 (in the example in Figure 7, a checkbox) for specifying the data to be provided or updated.

[0120] When the user selects the "Display Offer Instruction Screen" button a32, a request to display the Offer Instruction Screen A4 (including data identification information to identify the user data specified by the target input means a312) is sent from the user device 400 to the intermediary device 100. In response to this display request, display information for displaying the Offer Instruction Screen A4 (including the user data specified as the target) is sent from the intermediary device 100 to the user device 400. The user device 400 then displays the Offer Instruction Screen A4 to the user based on this display information.

[0121] When the update request screen display button a33 is selected by the user, a request to display the update request screen A5 (including data identification information for identifying the user data specified by the target input means a312) is sent from the user device 400 to the intermediary device 100. In response to this display request, display information for displaying the update request screen A5 (including the user data specified as the target) is sent from the intermediary device 100 to the user device 400. The user device 400 then displays the update request screen A5 to the user based on this display information.

[0122] As shown in Figure 8, the provision instruction screen A4 is a screen for instructing the provision of user data. The provision instruction screen A4 includes a provision target display area a41 for displaying the user data to be provided, a recipient specification input area a42 for specifying the recipient, and a provision execution button a43 for executing the user data provision process.

[0123] The recipient designation input area a42 includes a recipient input means (in the example in Figure 8, this is a dropdown list) that accepts the designation of a business or individual to be designated as the recipient for each recipient.

[0124] When the user selects and inputs the "Provide" button a43, information indicating an instruction to provide user data (including information to identify the business or individual to whom the data is provided, as specified in the recipient designation input area a42) is transmitted from the user device 400 to the intermediary device 100. When the intermediary device 100 receives this information indicating the provision instruction from the user device 400, the instruction to provide user data is accepted by the provision reception unit 111b.

[0125] As shown in Figure 10, the update request screen A5 is a screen for requesting an update of user data. The update request screen A5 includes an update target display area a51 that displays the user data to be updated, an update content specification input area a52 for specifying the update content, and an update execution button a53 that executes the user data update process.

[0126] The update content specification input area a52 includes an update input means (a text form in the example of Figure 9) that accepts the input of the content to be updated (i.e., the content after the update) for each item of user data (in the example of Figure 9, this is the postal code and address).

[0127] When the user selects the update execution button a53, information indicating a user data update request (including the content to be updated as specified in the update content specification input area a52) is transmitted from the user device 400 to the intermediary device 100. When the intermediary device 100 receives this update request information from the user device 400, the user data update request is accepted by the update reception unit 111d.

[0128] <5. Example of operation> An example of the operation of the intermediary device 100 will be explained with reference to Figure 10. Note that the order of processing shown below is just one example and may be changed as appropriate.

[0129] Figure 10(a) is a flowchart showing the flow of user data acquisition processing in the intermediary device 100. As shown in Figure 10(a), the acquisition reception unit 111a of the intermediary device 100 receives an acquisition instruction to acquire user data from the user device 400 of this user (S10). Based on this acquisition instruction, the data acquisition unit 112a of the intermediary device 100 acquires user data from the provider device 200 (S11). Based on this acquisition instruction, the certification acquisition unit 112b of the intermediary device 100 acquires provider certification information to prove the provider (S12). The acquisition unit 112 of the intermediary device 100 associates the acquired user data with the provider certification information of this user data and registers it in the storage unit 130 (S13).

[0130] Figure 10(b) is a flowchart showing the flow of user data provision processing in the intermediary device 100. As shown in Figure 10(b), the provision receiving unit 111b of the intermediary device 100 receives a provision instruction to provide user data to the recipient from the user device 400 of the user corresponding to this user data or from the recipient's recipient device 300 (S21). Based on this provision instruction, the data provision unit 113a of the intermediary device 100 provides the user data to be provided to the recipient device 300.

[0131] Figure 10(c) is a flowchart showing the flow of the provider certification information provision process in the intermediary device 100. As shown in Figure 10(c), the certification reception unit 111c of the intermediary device 100 receives a certification request from the recipient device 300 for the user data to be provided (S30). Based on this certification request, the certification provision unit 113b of the intermediary device 100 provides the provider certification information to the recipient device 300 (S31).

[0132] <6. Hardware Configuration> Referring to Figure 11, an example of a hardware configuration when the aforementioned intermediary device 100 is implemented using a computer 800 will be explained. Note that the functions of each device can also be implemented by dividing them among multiple devices.

[0133] As shown in Figure 11, the computer 800 includes a processor 801, a memory 803, a storage device 805, an input I / F unit 807, a data I / F unit 809, a communication I / F unit 811, and a display device 813.

[0134] The processor 801 controls various processes in the computer 800 by executing programs stored in memory 803. For example, each functional unit of the control unit 110 of the intermediary device 100 can be realized by the processor 801 executing programs temporarily stored in memory 803.

[0135] Memory 803 is a storage medium such as RAM (Random Access Memory). Memory 803 temporarily stores the program code of the program executed by the processor 801, or data required during program execution.

[0136] The storage device 805 is a non-volatile storage medium, such as a hard disk drive (HDD) or flash memory. The storage device 805 stores the operating system or various programs for implementing the above configurations. In addition, the storage device 805 can also store tables for registering user data, history information, and / or certification information, and a database for managing those tables. Such programs or data are loaded into memory 803 as needed and accessed by the processor 801.

[0137] The input interface unit 807 is a device for receiving input from the user. Specific examples of the input interface unit 807 include a keyboard, mouse, touch panel, various sensors, and wearable devices. The input interface unit 807 may be connected to the computer 800 via an interface such as USB (Universal Serial Bus).

[0138] The data interface unit 809 is a device for inputting data from outside the computer 800. Specific examples of the data interface unit 809 include drive devices for reading data stored on various storage media. The data interface unit 809 may also be located outside the computer 800. In that case, the data interface unit 809 would be connected to the computer 800 via an interface such as USB.

[0139] The communication interface unit 811 is a device for performing data communication via the Internet N with external devices of the computer 800, either via wired or wireless connection. The communication interface unit 811 may also be located outside the computer 800. In that case, the communication interface unit 811 is connected to the computer 800 via an interface such as USB.

[0140] The display device 813 is a device for displaying various types of information. Specific examples of the display device 813 include, for example, a liquid crystal display, an organic EL (Electro-Luminescence) display, or a display for a wearable device. The display device 813 may be located outside the computer 800. In that case, the display device 813 is connected to the computer 800 via, for example, a display cable. Furthermore, if a touch panel is used as the input I / F unit 807, the display device 813 can be integrated with the input I / F unit 807.

[0141] The above embodiments are illustrative examples for explaining the present invention and are not intended to limit the present invention to those embodiments only. Furthermore, the present invention can be modified in various ways without departing from its essence. Moreover, those skilled in the art can adopt embodiments in which each of the elements described below is replaced with equivalent ones, and such embodiments are also included within the scope of the present invention.

[0142] [Differentiation] Although the present invention has been described based on the above embodiments, the following cases are also included in the present invention.

[0143] [Example 1] In the above embodiment, an example was described in which the provider, the recipient, and the user corresponding to the user data are all different entities. However, the provider, recipient, and user corresponding to the user data according to the present invention are not limited to this. For example, the provider and the user corresponding to the user data may be the same person. In this case, the provider device 200 and the user device 400 may be the same device. Another example is that the recipient and the user may be the same person. In this case, the recipient device 300 and the user device 400 may be the same device.

[0144] [Differentiation 2] At least a portion of each component of the intermediary device 100 according to the above embodiment may also be provided by the provider device 200, the recipient device 300, and / or the user device 400.

[0145] [Difference 3] In the above embodiment, an example was shown in which the storage unit for storing user data, history information, and / or certification information is the storage unit of the intermediary device 100, but the present invention is not limited to this. For example, at least a portion of these storage units may be provided by an external system device. [Explanation of Symbols]

[0146] 1...Data intermediary system, 100...Intermediary device, 110...Control unit, 111...Reception unit, 112...Acquisition unit, 113...Provision unit, 114...Request unit, 115...Certification unit, 116...Display unit, 120...Communication unit, 130...Storage unit, 200...Provider device, 300...Destination device, 400...User device, 500...Certification authority device, 800...Computer, 801...Processor, 803...Memory, 805...Storage device, 807...Input I / F unit, 809...Data I / F unit, 811...Communication I / F unit, 813...Display device

Claims

1. On the computer, A data acquisition reception function that receives an acquisition instruction from the user's user device to acquire user data about the user, A data acquisition function that acquires the user data from the provider's device based on the acquisition instruction, A provision receiving function that receives a provision instruction from the user device or the recipient device of the recipient to provide the user data, A data provision function that provides the user data to be provided to the recipient device based on the aforementioned provision instruction, A certification reception function that receives a certification request from the recipient device for the user data to be provided, A certification acquisition function that obtains provider certification information to prove the provider, A certification provision function is implemented which provides the provider's certification information to the recipient device based on the aforementioned certification request. The aforementioned certification acceptance function further accepts a request for certification of the history of acquiring or providing the user data from the recipient device. The aforementioned certification acquisition function acquires historical certification information that proves the history of the acquisition or provision of the user data based on the certification request. The aforementioned certification provision function provides the aforementioned historical certification information to the recipient device based on the certification request. program.

2. On the computer, The aforementioned certification acceptance function receives a certification request for the user data to be provided from the recipient device. The aforementioned certification acquisition function acquires data certification information that proves the user data, The aforementioned certification provision function provides the aforementioned data certification information to the recipient device based on the aforementioned certification request. The program according to claim 1.

3. The computer is further equipped with a certification function that generates the provider certification information and / or the data certification information. The certificate acquisition function acquires the generated provider certificate information and / or data certificate information. The program according to claim 2.

4. The computer further implements a display function that associates the user data with the provider certification information corresponding to the user data, or information indicating the presence or absence of the provider certification information, and displays it on the user device. The program according to claim 1 or 2.

5. The aforementioned certification acceptance function receives a certification request from the recipient device from the person who instructed the acquisition or provision of the user data. The aforementioned certification acquisition function acquires instructioner certification information that certifies the person who issued the acquisition instruction and / or the provision instruction. The aforementioned certification provision function provides the instructioner certification information to the recipient device based on the certification request. The program according to claim 1 or 2.

6. The aforementioned certification acceptance function receives a certification request for the user data acquisition process and / or provision process from the recipient device, The certification acquisition function acquires processing history certification information that certifies the history of acquisition processing by the acquisition instruction and / or the history of provision processing by the provision instruction, based on the certification request. The aforementioned certification provision function provides the processing history certification information to the recipient device based on the certification request. The program according to claim 1 or 2.

7. The aforementioned certification reception function receives a certification request for the operation input of the user data acquisition instruction or the operation input of the provision instruction from the provision destination device. The certification acquisition function acquires operation history certification information that certifies the history of operation inputs for the acquisition instruction and / or the history of operation inputs for the provision instruction, based on the certification request. The aforementioned certification provision function provides the aforementioned operation history certification information to the recipient device based on the certification request. The program according to claim 1 or 2.

8. To the aforementioned computer, An update reception function that receives an update instruction from the user device or the recipient device that instructs the user data to be updated, Based on the update instruction, the update device of the person updating the user data will be further provided with a request function to request the update of the user data. The data acquisition function acquires the updated user data, which has been updated based on the request, from the update device. The aforementioned certification acquisition function acquires renewal certificate information to prove the renewal person, The data provision function provides the updated user data to the recipient device based on the provision instruction or the update instruction. The aforementioned certification acceptance function receives a certification request from the recipient device for the updated user data corresponding to the updated user data to be provided. The certificate provision function provides the renewal user certificate information to the recipient device based on the certificate request. The program according to claim 1 or 2.

9. The aforementioned certification acceptance function receives a certification request for the updated user data to be provided from the recipient device. The aforementioned certification acquisition function acquires data certification information that proves the updated user data, The aforementioned certification provision function provides the aforementioned data certification information to the recipient device based on the aforementioned certification request. The program according to claim 8.

10. The aforementioned certification acceptance function receives a certification request for the user data update process from the recipient device. The aforementioned certification acquisition function acquires processing history certification information that proves the history of the update process based on the aforementioned update instruction, based on the aforementioned certification request. The aforementioned certification provision function provides the processing history certification information to the recipient device based on the certification request. The program according to claim 8.

11. An acquisition receiving unit receives an acquisition instruction from the user's user device to acquire user data about the user, Based on the aforementioned acquisition instruction, a data acquisition unit acquires the user data from the provider's device, A provision receiving unit that receives a provision instruction from the user device or the recipient device of the recipient to provide the user data, A data provision unit provides the user data to be provided to the recipient device based on the aforementioned provision instruction, A certification receiving unit receives a certification request from the recipient device for the user data to be provided, A certification unit that obtains provider certification information to prove the provider, A certification provision unit provides the provider certification information of the provider to the recipient device based on the certification request, The aforementioned certification receiving unit further receives a request for certification of the history of acquiring or providing the user data from the recipient device. The certification acquisition unit acquires historical certification information that certifies the history of the acquisition or provision of the user data based on the certification request. The certification provision unit provides the historical certification information to the recipient device based on the certification request. Information processing device.

12. Computers An acquisition instruction to acquire user data concerning the user is received from the user's user device. Based on the acquisition instruction, the user data is acquired from the provider's device. An instruction to provide the aforementioned user data to the recipient is received from the user device or the recipient's device. Based on the aforementioned provision instructions, the user data to be provided is provided to the aforementioned recipient device. The provider's certification request corresponding to the user data to be provided is received from the recipient device. Obtain provider certification information to prove the provider, Based on the aforementioned certification request, the provider provides the provider certification information of the provider to the recipient device. Furthermore, the recipient device receives a request for proof of the history of acquiring or providing the user data. Based on the said certification request, we obtain historical certification information that proves the history of the acquisition or provision of the user data, Based on the said certification request, the historical certification information is provided to the recipient device. Information processing methods.

13. A computer, A data acquisition reception function that receives an acquisition instruction from the user's user device to acquire user data about the user, A data acquisition function that acquires the user data from the provider's device based on the acquisition instruction, A provision receiving function that receives a provision instruction from the user device or the recipient device of the recipient to provide the user data, A data provision function that provides the user data to be provided to the recipient device based on the aforementioned provision instruction, A certification reception function that receives a certification request from the recipient device for the user data to be provided, A certification acquisition function that obtains provider certification information to prove the provider, A certification provision function is implemented which provides the provider's certification information to the recipient device based on the aforementioned certification request. The aforementioned certification acceptance function receives a certification request for the user data acquisition process and / or provision process from the recipient device, The certification acquisition function acquires processing history certification information that certifies the history of acquisition processing by the acquisition instruction and / or the history of provision processing by the provision instruction, based on the certification request. The aforementioned certification provision function provides the processing history certification information to the recipient device based on the certification request. program.

14. An acquisition receiving unit that receives an acquisition instruction from the user's user device to acquire user data relating to the user, Based on the aforementioned acquisition instruction, a data acquisition unit acquires the user data from the provider's device, A provision receiving unit that receives a provision instruction from the user device or the recipient device of the recipient to provide the user data, A data provision unit provides the user data to be provided to the recipient device based on the aforementioned provision instruction, A certification receiving unit receives a certification request from the recipient device for the user data to be provided, A certification unit that obtains provider certification information to prove the provider, A certification provision unit provides the provider certification information of the provider to the recipient device based on the certification request, The certification receiving unit receives a certification request for the user data acquisition process and / or provision process from the recipient device, The certification acquisition unit acquires processing history certification information that certifies the history of acquisition processing based on the acquisition instruction and / or the history of provision processing based on the provision instruction, based on the certification request. The certification provision unit provides the processing history certification information to the recipient device based on the certification request. Information processing device.

15. A computer, An acquisition instruction to acquire user data concerning the user is received from the user's user device. Based on the acquisition instruction, the user data is acquired from the provider's device. An instruction to provide the aforementioned user data to the recipient is received from the user device or the recipient's device. Based on the aforementioned provision instructions, the user data to be provided is provided to the aforementioned recipient device. The provider's certification request corresponding to the user data to be provided is received from the recipient device. Obtain provider certification information to prove the provider, Based on the aforementioned certification request, the provider provides the provider certification information of the provider to the recipient device. The recipient device receives a request for proof of the user data acquisition process and / or provision process. Based on the aforementioned certification request, process history certification information is obtained that certifies the history of the acquisition process pursuant to the acquisition instruction and / or the history of the provision process pursuant to the provision instruction. Based on the aforementioned certification request, the processing history certification information is provided to the recipient device. Information processing methods.

16. A computer, A data acquisition reception function that receives an acquisition instruction from the user's user device to acquire user data about the user, A data acquisition function that acquires the user data from the provider's device based on the acquisition instruction, A provision receiving function that receives a provision instruction from the user device or the recipient device of the recipient to provide the user data, A data provision function that provides the user data to be provided to the recipient device based on the aforementioned provision instruction, A certification reception function that receives a certification request from the recipient device for the user data to be provided, A certification acquisition function that obtains provider certification information to prove the provider, A certification provision function is implemented which provides the provider's certification information to the recipient device based on the aforementioned certification request. The aforementioned certification reception function receives a certification request for the operation input of the user data acquisition instruction or the operation input of the provision instruction from the provision destination device. The certification acquisition function acquires operation history certification information that certifies the history of operation inputs for the acquisition instruction and / or the history of operation inputs for the provision instruction, based on the certification request. The aforementioned certification provision function provides the aforementioned operation history certification information to the recipient device based on the certification request. program.

17. An acquisition receiving unit that receives an acquisition instruction from the user's user device to acquire user data relating to the user, Based on the aforementioned acquisition instruction, a data acquisition unit acquires the user data from the provider's device, A provision receiving unit that receives a provision instruction from the user device or the recipient device of the recipient to provide the user data, A data provision unit provides the user data to be provided to the recipient device based on the aforementioned provision instruction, A certification receiving unit receives a certification request from the recipient device for the user data to be provided, A certification unit that obtains provider certification information to prove the provider, A certification provision unit provides the provider certification information of the provider to the recipient device based on the certification request, The certification receiving unit receives a request for certification of the operation input for the user data acquisition instruction or the operation input for the provision instruction from the provisioning device. The certification acquisition unit acquires operation history certification information that certifies the history of operation inputs for the acquisition instruction and / or the history of operation inputs for the provision instruction, based on the certification request. The certification provision unit provides the operation history certification information to the recipient device based on the certification request. Information processing device.

18. A computer, An acquisition instruction to acquire user data concerning the user is received from the user's user device. Based on the acquisition instruction, the user data is acquired from the provider's device. An instruction to provide the aforementioned user data to the recipient is received from the user device or the recipient's device. Based on the aforementioned provision instructions, the user data to be provided is provided to the aforementioned recipient device. The provider's certification request corresponding to the user data to be provided is received from the recipient device. Obtain provider certification information to prove the provider, Based on the aforementioned certification request, the provider provides the provider certification information of the provider to the recipient device. The recipient device receives a request for proof of the operation input for the user data acquisition instruction or the operation input for the provision instruction. Based on the aforementioned certification request, operation history certification information is obtained that certifies the history of operation inputs for the acquisition instruction and / or the history of operation inputs for the provision instruction. Based on the aforementioned certification request, the operation history certification information is provided to the recipient device. Information processing methods.

19. A computer, A data acquisition reception function that receives an acquisition instruction from the user's user device to acquire user data about the user, A data acquisition function that acquires the user data from the provider's device based on the acquisition instruction, A provision receiving function that receives a provision instruction from the user device or the recipient device of the recipient to provide the user data, A data provision function that provides the user data to be provided to the recipient device based on the aforementioned provision instruction, A certification reception function that receives a certification request from the recipient device for the user data to be provided, A certification acquisition function that obtains provider certification information to prove the provider, A certification provision function that provides the provider certification information of the provider to the recipient device based on the certification request, An update reception function that receives an update instruction from the user device or the recipient device that instructs the user data to be updated, Based on the update instruction, the update device of the person updating the user data will be provided with a request function to request the update of the user data. The data acquisition function acquires the updated user data, which has been updated based on the request, from the update device. The aforementioned certification acquisition function acquires renewal certificate information to prove the renewal person, The data provision function provides the updated user data to the recipient device based on the provision instruction or the update instruction. The aforementioned certification acceptance function receives a certification request from the recipient device for the updated user data corresponding to the updated user data to be provided. The certificate provision function provides the renewal user certificate information to the recipient device based on the certificate request. program.

20. An acquisition receiving unit that receives an acquisition instruction from the user's user device to acquire user data relating to the user, Based on the aforementioned acquisition instruction, a data acquisition unit acquires the user data from the provider's device, A provision receiving unit that receives a provision instruction from the user device or the recipient device of the recipient to provide the user data, A data provision unit provides the user data to be provided to the recipient device based on the aforementioned provision instruction, A certification receiving unit receives a certification request from the recipient device for the user data to be provided, A certification unit that obtains provider certification information to prove the provider, A certification provision unit provides the provider certification information of the provider to the recipient device based on the certification request, An update reception unit receives an update instruction from the user device or the service provider device that instructs the user data to be updated, The update device of the updater who updates the user data based on the update instruction includes a request unit that requests the update of the user data, The data acquisition unit acquires the updated user data, which has been updated based on the request, from the update device. The certificate acquisition unit acquires renewal certificate information that proves the renewal person, The data provision unit provides the updated user data to the recipient device based on the provision instruction or the update instruction. The aforementioned certification receiving unit receives a certification request from the recipient device for the updated user data corresponding to the updated user data to be provided. The certificate provision unit provides the renewal user certificate information to the recipient device based on the certificate request. Information processing device.

21. A computer, An acquisition instruction to acquire user data concerning the user is received from the user's user device. Based on the acquisition instruction, the user data is acquired from the provider's device. An instruction to provide the aforementioned user data to the recipient is received from the user device or the recipient's device. Based on the aforementioned provision instructions, the user data to be provided is provided to the aforementioned recipient device. The provider's certification request corresponding to the user data to be provided is received from the recipient device. Obtain provider certification information to prove the provider, Based on the aforementioned certification request, the provider provides the provider certification information of the provider to the recipient device. An update instruction to update the user data is received from the user device or the recipient device. Based on the update instruction, the update device of the person updating the user data is requested to update the user data. The updated user data, updated based on the aforementioned request, is obtained from the update device. Obtain renewal certificate information to prove the aforementioned renewal person, Based on the provision instruction or update instruction, the updated user data is provided to the recipient device. The recipient device receives a request for proof of the updater corresponding to the updated user data to be provided, Based on the aforementioned certification request, the renewal user certification information is provided to the recipient device. Information processing methods.