Apparatus and method for processing attribute information
阅读说明:本技术 用于处理属性信息的装置及方法 (Apparatus and method for processing attribute information ) 是由 堀井基史 于 2020-03-30 设计创作,主要内容包括:用于处理属性信息的装置及方法。信息处理装置在其中多个代理分别管理对应实体的属性信息的通信系统中提供与第一实体相对应的第一代理的功能。信息处理装置包括:处理器;以及存储器,其被配置为存储指示第一实体的属性的属性信息。当信息处理装置从与第二实体相对应的第二代理接收到属性请求时,处理器判定属性信息是否包括与第三实体有关的信息。当属性信息包括与第三实体有关的信息时,处理器基于第三实体的关于与第三实体有关的信息的公开的策略来编辑属性信息。处理器向第二代理发送经编辑的属性信息。(An apparatus and method for processing attribute information. An information processing apparatus provides a function of a first agent corresponding to a first entity in a communication system in which a plurality of agents manage attribute information of corresponding entities, respectively. The information processing apparatus includes: a processor; and a memory configured to store attribute information indicating an attribute of the first entity. When the information processing apparatus receives an attribute request from a second agent corresponding to a second entity, the processor determines whether the attribute information includes information about a third entity. When the attribute information includes information related to the third entity, the processor edits the attribute information based on a policy of the third entity regarding disclosure of the information related to the third entity. The processor sends the edited attribute information to the second agent.)
1. A method for processing attribute information in a first agent corresponding to a first entity in a communication system in which a plurality of agents respectively manage corresponding entities, the method comprising the steps of:
determining, when the first agent receives an attribute request from a second agent corresponding to a second entity, whether first attribute information indicating an attribute of the first entity includes information related to a third entity;
when the first attribute information includes information related to a third entity, editing the first attribute information based on a policy of the third entity regarding disclosure of the information related to the third entity; and
and sending the edited first attribute information to the second agent.
2. The method of claim 1, wherein,
the first agent
Making an inquiry to a third agent corresponding to the third entity as to whether or not to allow the information relating to the third entity to be disclosed to the second entity, and
editing the first attribute information based on a response to the query from the third agent, and sending the edited first attribute information to the second agent.
3. The method of claim 2, wherein,
when the response to the query from the third agent does not allow disclosure of the information related to the third entity, the first agent deletes the information related to the third entity from the first attribute information and transmits the first attribute information to the second agent.
4. The method of claim 2, wherein,
the attribute request includes second attribute information indicating an attribute of the second entity and policy information indicating a disclosure range of the second attribute information, wherein,
the first agent
Editing the second attribute information based on the policy information, and
sending the edited second attribute information to the third agent upon the query.
5. An information processing apparatus that provides a function of a first agent corresponding to a first entity in a communication system in which a plurality of agents manage attribute information of corresponding entities, respectively, comprising:
a processor; and
a memory configured to store attribute information indicating an attribute of the first entity,
wherein the processor
When the information processing apparatus receives an attribute request from a second agent corresponding to a second entity, determining whether the attribute information includes information relating to a third entity,
when the attribute information includes information relating to a third entity, the attribute information is edited based on a policy of the third entity regarding disclosure of the information relating to the third entity, and
sending the edited attribute information to the second agent.
6. A communication system in which a plurality of agents respectively corresponding to a plurality of entities are connected to a network, wherein,
when a first agent corresponding to a first entity receives an attribute request from a second agent corresponding to a second entity, the first agent determines whether first attribute information indicating an attribute of the first entity includes information related to a third entity,
when the first attribute information includes information relating to a third entity, the first agent edits the first attribute information based on a policy of the third entity regarding disclosure of the information relating to the third entity, and
the first agent sends the edited first attribute information to the second agent.
7. The communication system of claim 6,
the first agent making an inquiry to a third agent corresponding to the third entity as to whether the information relating to the third entity is allowed to be disclosed to the second entity,
the third agent determines whether or not to allow the information on the third entity to be disclosed to the second entity based on a policy of the third entity, and transmits a response indicating a result of the determination to the first entity, and
the first agent edits the first attribute information based on the response, and transmits the edited first attribute information to the second agent.
8. The communication system of claim 7,
when the first attribute information received from the first agent includes the information related to the third entity, the second agent requests third attribute information indicating an attribute of the third entity from the third entity.
9. The communication system of claim 7,
when disclosing the information about the third entity to the second entity, the third entity creates a signature of the third entity based on the content of the challenge and sends the signature to the first agent, and
the first agent sends the first attribute information and the signature to the second agent.
10. The communication system of claim 6, wherein
The first agent making an inquiry to a third agent corresponding to the third entity as to whether the information relating to the third entity is allowed to be disclosed to the second entity,
the third agent determines whether to allow the information relating to the third entity to be disclosed to the second entity based on a policy of the third entity,
the third entity transmits third attribute information indicating an attribute of the third entity to the first entity when the information about the third entity is disclosed to the second entity, and
and the first agent sends the first attribute information and the third attribute information to the second agent.
11. The communication system of claim 6,
each of the agents manages attribute information indicating an attribute of a corresponding entity and policy information indicating a range in which the attribute information is disclosed, and
the policy information includes an allowable hop count indicating an allowable forwarding range of the attribute information.
Technical Field
Embodiments discussed herein relate to an apparatus and method for processing attribute information.
Background
When the reliability of an individual is judged using a computer, attribute information of a target person is referred to. The attribute information may include the name, age, resident address, phone number, email address, profession, etc. of the target person. In this case, the computer estimates the reliability of the target person and performs an action according to the estimation result. For example, when the degree of reliability of the target person is estimated to be high, the computer discloses the specified information to the target person.
As a related art, a method has been proposed in which, when there is an information disclosure request from a first user for personal information about a second user having a relationship with the first user (there are one or more persons between the first user and the second user), it is determined whether or not to permit disclosure of information to the first user with reference to an access control rule and a user relationship list (for example, japanese patent laid-open No. 2015-201073). Meanwhile, a printing apparatus that prints and outputs personal information according to a specified format is known (for example, japanese patent laid-open No. 2008-250916).
In the above estimation of the degree of reliability, the attribute information may include information of a third person. For example, a target person who receives a request for attribute information from a server computer transmits attribute information of the target person himself to the server computer. At this time, in the case where the attribute information includes information about the third person, the third person may be adversely affected. This problem is not limited to personal information, but may also arise in terms of information related to various entities (individuals, organizations, IoT devices, and services).
It is an object of the present invention to provide a method for protecting attribute information on a network.
Disclosure of Invention
According to an aspect of the embodiment, an information processing apparatus provides a function of a first agent corresponding to a first entity in a communication system in which a plurality of agents manage attribute information of corresponding entities, respectively. The information processing apparatus includes: a processor; and a memory configured to store attribute information indicating an attribute of the first entity. When the information processing apparatus receives an attribute request from a second agent corresponding to a second entity, the processor determines whether the attribute information includes information about a third entity. When the attribute information includes information related to the third entity, the processor edits the attribute information based on a policy of the third entity regarding disclosure of the information related to the third entity. The processor sends the edited attribute information to the second agent.
Drawings
Fig. 1 illustrates an example of transmitting attribute information;
fig. 2 illustrates another example of transmitting attribute information;
FIG. 3 illustrates an example of a method for processing attribute information;
FIG. 4 illustrates an example of a communication system;
fig. 5A to 5C illustrate examples of attribute information;
fig. 6A to 6C illustrate examples of policy information;
FIG. 7 illustrates an example of a request phase;
figures 8 and 9 illustrate examples of interrogation phases;
FIG. 10 illustrates an example of a response phase;
FIGS. 11 and 12 illustrate another example of an interrogation phase;
FIG. 13 illustrates another example of a response phase;
FIG. 14 illustrates an example of a display phase;
fig. 15A and 15B illustrate graphics displayed on the terminal apparatus;
fig. 16 illustrates an example of a sequence of a method for processing attribute information;
fig. 17 illustrates another example of a sequence of a method for processing attribute information;
FIG. 18 illustrates a flow chart showing an example of a processing agent;
FIGS. 19A and 19B illustrate an example of a method for limiting the scope of the disclosure;
fig. 20 illustrates an example of a method for detecting that attribute information is not allowed to be disclosed;
FIG. 21 illustrates an example of a method for attribute information disclosure; and
fig. 22 illustrates an example of a hardware configuration of an information processing apparatus.
Detailed Description
Fig. 1 illustrates an example of transmitting attribute information. In this example, a plurality of agents 1(1a to 1c) exist in the communication system. Each of the
Each of the
The
Here, assume that Bob requests a meeting with Alice. In this case, the
Further, in the case where the user of the terminal device corresponding to the
Fig. 2 illustrates another example of transmitting attribute information. In this example, the attribute information of Bob transmitted from the
However, in this method, Charlie's personal information will be disclosed to Alice without Charlie's permission. At least Alice is to be disclosed with the fact that Charlie belongs to the same organization as Bob. That is, in this method, protection of attribute information or personal information may not be achieved.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:一种基于时间地理学的游记地名消歧方法