JP2011128697A - Service providing system and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a service providing system for reducing a burden in operation or cost related with issue, physical distribution and operation management concerning life cycle management for a hardware token. <P>SOLUTION: Instead of a conventional personally owned hardware token in which personal security attribute information is stored, a personal information management server 1 registers an initial service simultaneously with the registration of personal identification information in response to a request from a personal user terminal 3 or in response to a request from a service providing server 2 based on the request from the personal user terminal 3, and generates and registers the personal security attribute information with respect to the service in case of registering the service. After registering the personal identification information, the personal information management server 1 adds a service in response to the request from the service providing server 2 based on the request from the personal user terminal 3, and generates and registers the personal security attribute information with respect to the service during addition of the service, and updates/deletes the personal security attribute information in response to the request from the personal user terminal 3. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a service providing system and method for providing services based on personal information management and personal information.

When an individual uses any online service such as the Internet, a hardware token such as an IC card, which is determined in advance by a contract with the service provider, is used. Since the service provider generates and stores security attribute information such as the private key, public key certificate, and password of the individual in advance in the token, the service provider Upon request for use, the individual can be authenticated in cooperation with the token, or dedicated encrypted communication can be performed with the individual.
It is also possible to create a plurality of independent service management areas in one token for a plurality of services, store personal security attribute information in each area, and use it for personal authentication and the like. it can. The token is issued not by the service provider but by a token issuer who is a leasing contractor in the service management area. Using the online system provided by the token issuer, the personal security attribute information and the like for using the new service can be stored in the token.

  When an individual uses any service, it is a known technique that the service provider authenticates the individual in order to identify the individual and permit the use of the service. At the time of authentication, it is also known that security attribute information related to an individual is personal authentication information, and this is password information or a public key certificate. It is also known to use a hardware token provided by the service provider as a storage location of personal authentication information. It is also known that a plurality of service providers use tokens issued by others without issuing hardware tokens themselves.

  In addition to hardware tokens, personal security attribute information is encrypted and stored in some server system at the end of the network, and in conjunction with the token, use of some online services such as the Internet There is a concept of using it as an access key in case of

JP 2001-351073 A JP 2004-126865 A

"Distribution of IC card information for Global Platform specification, platform NICE and multi-purpose IC card ELWISE", NTT Service Integration Laboratories, Internet <URL: http://www.ntt.co.jp/journal/0402/files/jn200402046. pdf> “Server-Linked Multipurpose IC Card System-Importance of Tamper Resistant Technology”, Tokyo Institute of Technology, Image Information Engineering Research Facility, Nagaaki Oyama, Internet <URL: http://www.dvlsi.jst.go.jp/topics /081206ws/081206DVLSIWS%20ohyama.pdf>

  In order to use the service, personal security attribute information is required. In order to ensure confidentiality and portability as the storage location of this information, hardware tokens are used in the conventional technology. Token lifecycle management requires considerable operation and cost. Factors of operation include logistics operations associated with hardware token procurement, shipping, collection, and disposal, operations related to system operations for issuance and operation management, operations related to customer services that occur due to breakdown, loss, theft, etc. is there. Cost factors may include property costs for hardware token logistics operations, operator labor costs, and so on.

  In order to store security attribute information for new services in the hardware token that is being used by the online system provided to the individual by the token issuer, in order to realize cryptographic communication from the viewpoint of information security Generation and registration of information such as keys and certificates, installation of necessary application programs for the system, and an operating environment to which the reader / writer device for the token is connected. It has become.

  The present invention has been made in view of such problems, and an object of the present invention is to operate and cost related to issuance, logistics, and operation management related to life cycle management in hardware tokens that are lent and provided for each individual. It is an object of the present invention to provide a service providing system and method for reducing the burden on the user.

  In order to achieve the above object, a service providing system according to the present invention includes personal use terminals connected to each other via a network, a service providing server that provides services to individuals, and individual security attribute information for each individual and each service. A service providing system including a personal information management server that manages and processes services, wherein the service providing server issues a use request for a service that requires personal authentication to the service providing server from the personal use terminal. If accepted, the personal information management server is requested to confirm the personal authentication status at the time of request for use of the service, and if personal authentication is appropriate, the personal information management server is requested to execute the service. When the service execution result is received from the personal information management server, the service execution result In response to the use terminal, the personal information management server executes a service using the personal security attribute information registered in advance in response to the service execution request, and provides the service execution result as the service. It is returned to the server.

  In the service providing system of the present invention, when the service providing server makes a request for adding a service to the service providing server from the personal use terminal, the service adding server makes a request for adding the service to the personal information management server. If the personal authentication is appropriate, the personal information management server requests the personal information management server to add a service and register the personal security attribute information. , Adding a service in response to a request from the service providing server, generating and registering the personal security attribute information for the added service.

  In the service providing system of the present invention, when the personal information management server makes a personal registration request from the personal use terminal, the personal use identification information and security attribute information of the personal are sent to the personal use terminal. When a request is made and a response of the personal identification information and security attribute information of the individual is received from the personal use terminal, the personal identification information and security attribute information of the individual are registered after reviewing the information. To do.

  The personal information management server of the present invention generates and registers personal identification information and security attribute information in response to a request from an external system such as a personal user terminal, and receives processing requests for various services from the service providing server. An external connection unit that returns a processing result including an execution result of a service executed after personal authentication; and when executing the process in the external connection unit, the individual is specified by the personal identification information, and the service providing server In accordance with a control policy and a control rule defined between the access control unit to check whether or not the process can be executed and to call a service application corresponding to the service when it is determined that the process is executable The service call unit and the process of the called service are executed, and the execution result is sent to the external connection. And a service application unit for sending the parts, characterized in that it comprises a service managing unit that manages the personal identification information and the security attribute information is necessary for each individual each service in performing the processing of the service.

  In addition, the service providing method of the present invention manages personal security attribute information for each individual and for each service, a service providing server that provides services to individuals, a personal use terminal connected to each other via a network, and a service A service providing method in a service providing system having a personal information management server that performs the above processing, wherein the service providing server accepts a service use request requiring personal authentication from the personal use terminal to the service providing server. Requesting the personal information management server to confirm the personal authentication state at the time of requesting the use of the service, and requesting the personal information management server to execute the service if personal authentication is appropriate. And in response to the execution request for the service, the personal information management server Executing a service using the recorded personal security attribute information, returning a service execution result to the service providing server, and the service providing server receiving the service execution result from the personal information management server And a step of responding the execution result of the service to the user terminal.

  In the service providing method of the present invention, when the service providing server makes a request for adding a service to the service providing server from the personal use terminal, the service adding request is sent to the personal information management server. Requesting confirmation of the personal authentication status at the personal information, and requesting the personal information management server to add a service and register the personal security attribute information if the personal authentication is appropriate; and The server further includes a step of adding a service in response to a request from the service providing server, and generating and registering the personal security attribute information for the added service.

  According to the service providing method of the present invention, when the personal information management server makes a personal registration request from the personal use terminal, the personal use information of the personal identification information and security attribute information is sent to the personal use terminal. Making a request and receiving a response of the personal identification information and security attribute information of the individual from the personal user terminal, and after the review of the information, registering the personal identification information and security attribute information of the individual It is characterized by including.

The present invention can provide basic cryptographic services such as encryption, decryption, signature generation, signature verification, and authentication to the service of the service providing server. At that time, security attribute information such as personal private key, public key certificate, and password is generated and registered in advance and then used.
Further, the present invention does not have an upper limit number of logical service additions, so that a necessary number of services can be added when necessary.
Further, according to the present invention, when the added service AP (application) is used from the outside, it is necessary to pass the necessary access control by the access control unit through the external connection unit, and the service call Since the service AP is called and materialized only by the part, the unauthorized use of the service AP from the outside is difficult.
In the present invention, the personal security attribute information is managed by the service management unit for each individual and for each service, and the service AP (application) unit provides a specified interface provided for the service AP unit by the service management unit. Since the service AP itself cannot manage personal security attribute information, it is difficult to illegally use the personal security attribute information from the service AP. . Furthermore, when a plurality of service APs are registered in the system of the present invention, information utilized by other service APs cannot be utilized even through the interface.
By using the present invention as an authentication means when using a service, a service provider can reduce the operation and cost for issuing and operating tokens while ensuring the confidentiality of authentication information in the prior art. it can.
The present invention is equivalent in the confidentiality of stored information as compared with the IC card that is widely spread in hardware tokens in the prior art. The stored information is encrypted and stored in a tamper-resistant information storage unit.
In addition, the present invention is equivalent to or better in the ease of login as compared with the method of using a service using an IC card that is widely spread in hardware tokens in the prior art. Authentication information used for login may be an ID and a password, or a secret key or certificate in an IC card.
Furthermore, the present invention is superior in the versatility of the operating environment used by an individual as compared with a method for adding a service using an IC card that is widely used for hardware tokens in the prior art. Any terminal that can be equipped with a web browser is an operating environment.

1 is a system configuration diagram schematically showing a configuration of a service providing system according to an embodiment of the present invention. It is a figure which shows the detail of a structure of a personal information management server, and a structure of the cooperation process part of a service provision server. It is a figure which shows an example of the access control rule hold | maintained in an information storage part, and an access control part processes. It is a figure which shows the flow of access control, and the calling image of service AP. It is a figure which shows the management image of the information stored in a personal information management server. It is a figure which shows the conceptual image of the management information in a personal security attribute information management part. It is a figure which shows the image of concrete management information. It is a figure which shows an example of registration and management flow of personal information. It is a figure which shows an example of the flow of service of initial registration registration (document encryption, signature provision). It is a figure which shows an example of the flow of service addition after initial registration, and service utilization (signature provision).

Embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a system configuration diagram schematically showing the configuration of a service providing system according to an embodiment of the present invention.
The service providing system shown in FIG. 1 is an online service system comprising a token issuer's personal information management server 1, a service provider's service providing server 2, and an external system such as a personal use terminal 3 connected to each other via a network. It is configured as. The personal information management server 1 includes an external connection unit 10, an access control unit 20, a service calling unit 30, a service AP (application) unit 40, a service management unit 50, an information processing unit 60, and an information storage unit 70. And a communication processing unit 80. The service providing server 2 includes a cooperation processing unit 90, an information registration unit 100, an information generation unit 110, an information processing unit 120, an information storage unit 130, and a communication processing unit 140. The usage terminal 3 includes an information display unit 150, an information input unit 160, and a communication processing unit 170.

  In FIG. 1, (1) indicates a request for generation / registration of personal identification attribute information and security attribute information, (2) indicates generation / registration of identification attribute information and security attribute information, and (3) indicates personal authentication. (4) shows a request for generation / registration of the identified personal security attribute information and a service execution request using this, and (5) shows the security attribute information of the identified individual. (6) shows the service provision to the identified individual.

  FIG. 2 is a diagram showing details of the configuration of the personal information management server and the configuration of the cooperation processing unit of the service providing server. In FIG. 2, a indicates a request from the cooperation processing unit 90 to the external connection unit 10, and p indicates a response from the external connection unit 10 to the cooperation processing unit 90. b indicates a request from the external connection unit 10 to the access control unit 20, and c indicates a response from the access control unit 20 to the external connection unit 10. d indicates a request from the external connection unit 10 to the service call unit 30, and o indicates a response from the service call unit 30 to the external connection unit 10. e indicates a request from the service calling unit 30 to the service AP unit 40, and n indicates a response from the service AP unit 40 to the service calling unit 30. f indicates a request from the service AP unit 40 to the service management unit 50, and m indicates a response from the service management unit 50 to the service AP unit 40. g indicates a request from the service management unit 50 to the access control unit 20, and h indicates a response from the access control unit 20 to the service management unit 50. i indicates a request from the service management unit 50 to the information processing unit 60, and l indicates a response from the information processing unit 60 to the service management unit 50. j indicates a request from the information processing unit 60 to the information storage unit 70, and k indicates a response from the information storage unit 70 to the information processing unit 60.

The external connection unit 10 of the personal information management server 1 is an interface such as a WEB service that receives processing requests for various services from a system such as an external server or terminal and returns processing results.
Each parameter (external system identification information, personal identification information, service identification information, system control information, etc.) obtained when a service request is received is stored in a temporary storage area such as a memory in the system as takeover information. Hold.
As shown in FIG. 2, the external connection unit 10 includes a personal authentication processing unit 11, a personal identification information management unit 12, a service execution unit 13, and a service addition unit 14.

The personal authentication processing unit 11 is a personal authentication processing interface for identifying the requesting individual and confirming whether or not the user is the person. The personal security attribute information for identity verification is registered in advance in the information storage unit 70 in the server based on the contract and the operating rules between the individual and the server operator (token issuer). Suppose that
The personal authentication processing unit 11 may exist on a server different from the personal information management server 1.

  The personal identification information management unit 12 is a personal identification information management interface for registering, referring to, updating, and deleting information for identifying a person and other personal attribute information. Among personal attributes, service attribute information including security attribute information is not a management target here. The service adding unit 14 manages the association with the service AP (application) that the individual wants to use and the generation of various service attribute information including security attribute information that the service AP requires for processing execution. To do.

  The service execution unit 13 is a service execution interface that identifies the content of a service processing request using service identification information (service ID) and processing identification information (processing ID), and returns a processing result corresponding to the processing request. . It is valid only for service APs and processes that exist in this server and are registered and managed as available services.

  When the service AP unit 40 corresponding to an external system such as the service providing server 2 is deployed / implemented on this server, the service adding unit 14 does not function as it is. This is a service addition interface. Request management such as generation, registration, reference, update, and deletion of various service attribute information including security attribute information required when the service AP performs processing is also performed at the same time.

The access control unit 20 of the personal information management server 1 checks whether or not the process can be executed in accordance with a prescribed control policy and access control rule when executing the interface process in the external connection unit 10. The control policy is generated and held in advance in the information storage unit 70 as the setting information of this system, and the access control rule as the access control information.
FIG. 3 is a diagram illustrating an example of an access control rule held by the information storage unit and processed by the access control unit. The access control rule is defined by the type of external system, requested service, and interface. In the figure, ○ indicates application of access control.
FIG. 4 is a diagram showing an access control flow and a service AP call image.

  As shown in FIG. 2, the access control unit 20 corresponding to the prescribed policy includes a server confirmation unit 21, a server / service confirmation unit 22, an individual / service confirmation unit 23, an individual registration status confirmation unit 24, an individual An authentication status confirmation unit 25, an individual / service authorization unit 26, and an individual / service management information authorization unit 27 are provided.

  The server confirmation unit 21 is a part that confirms whether or not the requesting external server is a legitimate server using security attribute information such as a predetermined ID and passphrase for each server. Also check whether the requesting server can execute the process.

  The server / service confirmation unit 22 is a part for confirming whether or not the processing content of the interface requested by the requesting server is appropriate or usable in accordance with a prescribed access control rule.

  The personal / service confirmation unit 23 is a part for confirming whether or not the processing content of the interface requested by the individual who is the request source via the server is appropriate or usable in accordance with the prescribed rules. is there.

  The personal registration status confirmation unit 24 determines from the management information of the personal identification information management unit 12 whether or not the individual who is the request source is registered in the system, and whether or not it is valid. This is the part to check.

  The personal authentication status confirmation unit 25 is an authentication status information held by the personal authentication processing unit 11 indicating whether or not an individual who is a request source is logged in to this system, and how it is logged in. It is a part to confirm using.

  The personal / service authorization unit 26 is a part for confirming whether or not the service AP requested by the individual who is the request source is appropriate or usable in accordance with the prescribed rules.

  The personal / service management information authorization unit 27 is a part for confirming whether or not the service management information of the service AP requested by the individual who is the request source is appropriate or usable according to the prescribed rules. .

The service call unit 30 of the personal information management server 1 corresponds to the service execution unit 13 and the service addition unit 14 of the external connection unit 10, and the service execution unit 13 and the service addition unit 14 executed processing in response to an external request. Thereafter, the service AP associated with the service identification information (service ID) is identified, resolved, and called after name resolution. A conceptual flow is shown in FIG.
As shown in FIG. 2, the service call unit 30 that makes a call corresponding to the request includes an additional call unit 31 and an execution call unit 32. The additional call part 31 is a call part corresponding to the service addition part of the service AP part, and the execution call part 32 is a call part corresponding to the service execution part of the service AP part.

  The service AP unit 40 of the personal information management server 1 corresponds to an external request source server such as the service providing server 2 and is an actual part of the service that performs processing necessary for adding and executing the service to an individual. . In processing, the service management unit 50 can utilize a default interface provided for the service AP. As shown in FIG. 2, the service AP unit 40 includes a service addition unit 41 and a service execution unit 42. The service AP is called only from the service calling unit 30.

  The service adding unit 41 is a part that performs processing such as associating an individual with the service AP and generating and registering personal security attribute information and access control information thereof necessary for the individual to use the service. In processing, the interface provided by the service management unit 50 can be utilized. In this case, external system identification information, personal identification information, service identification information, system control information, and the like necessary for processing by the service management unit 50 cannot be set as parameters.

  The service execution unit 42 is a part that executes various processes requested by the requesting server in response to a request from an individual for a service to which a service has been added. Various types of processing include encryption and decryption of request source designation information, addition of a signature to the request source designation information, verification of the request source designation signature information, and authentication specific to the request source designation service. Various processes are not limited to these. In processing, the interface provided by the service management unit 50 can be utilized.

The service management unit 50 of the personal information management server 1 is a part that centrally executes processing related to generation, management, and utilization of personal security attribute information in the system among the processing executed by the service AP. The service management unit 50 provides interfaces corresponding to the following personal security attribute information generation unit 51, personal security attribute information management unit 52, and personal security attribute information utilization unit 53 for the service AP.
The external system identification information, personal identification information, service identification information, system control information, and the like necessary for the processing are not set from the service AP, but the external connection unit 10 takes over as the takeover information in this system. Information held in a temporary storage area such as a memory is used.

  The personal security attribute information generation unit 51 generates a key pair, a public key certificate, a password, and the like that are used via the interface in the service addition process of the service AP unit 40 and are required for the process requested by the service. It is a part to do. The key pair is generated securely and confidentially in the tamper resistant part of the information storage part 70. The public key certificate may be generated by creating a certificate issuance request (CSR) and then requesting issuance from an external server.

The personal security attribute information management unit 52 is a part that manages registration, reference, update, deletion, and the like of various information generated by the personal security attribute information generation unit 51 in the information storage unit 70. In managing personal security attribute information, access control information for the information corresponding to the operation policy of the system is also generated and registered in advance.
The personal security attribute information is managed as a service available for each individual and information used in the service. Among the information, information that should be managed in a secret manner is stored and managed in the tamper resistant unit 71 of the information storage unit 70. Management images are shown in FIGS.

FIG. 5 is a diagram showing a management image of information stored in the personal information management server. The individual (P1) holds the personal security attribute information 1 and the personal security attribute information 2 regarding the service (S1) and the service (S2). The individual (P2) holds the personal security attribute information 1 regarding the service (S3). The individual (P3) holds the personal security attribute information 1 and the personal security attribute information 3 regarding the service (S2). The personal security attribute information 1 is encrypted and managed by the tamper resistant unit 71. The personal security attribute information 2 and 3 is managed by the database unit 72.
FIG. 6 is a diagram showing a conceptual image of management information in the personal security attribute information management unit, and FIG. 7 is a diagram showing a specific image of management information.

  The personal security attribute information utilization unit 53 utilizes various information managed by the personal security attribute information management unit 52 to encrypt and decrypt request source designation information, assign a signature to the request source designation information, and specify the request source designation. This is a part for executing processing such as verification of signature information and authentication specific to a service specified by a request source. Note that processing other than those listed here can also be handled. When a private key or a secret key is used for processing, it is executed safely and confidentially in the tamper resistant unit 71 of the information storage unit 70.

The information processing unit 60 of the personal information management server 1 is a part that performs common processing in the external connection unit 10, access control unit 20, service call unit 30, service AP unit 40, and service management unit 50 in this server. It is. The information processing unit 60 includes an information storage unit connection unit 61 and a log output unit 62.
In the information storage unit connection unit 61, the external connection unit 10, the access control unit 20, and the service management unit 30 in the server perform various information operations (registration, reference, update, deletion) on the information storage unit 70. This is the part that performs connection processing to do this.
The log output unit 62 corresponds to each of the external connection unit 10, the access control unit 20, the service call unit 30, the service AP unit 40, and the service management unit 50 in this server, and generates a log in response to a request from each unit. This is the output part.

The information storage unit 70 of the personal information management server 1 temporarily stores various information used in the external connection unit 10, the access control unit 20, the service call unit 30, the service AP unit 40, and the service management unit 50 in the server. This is a part that is stored and processed manually or permanently. The information storage unit 70 includes a tamper resistant unit 71 and a database unit 72.
The tamper resistant unit 71 is a part that temporarily or permanently stores and processes personal security attribute information generated, managed, and utilized by the service management unit 50.
The database unit 72 is a part that temporarily or permanently stores and processes personal identification information, other attribute information, and system control information generated and managed by the external connection unit 10, the access control unit 20, and the service management unit 50. It is.

  The communication processing unit 80 of the personal information management server 1 communicates with a system such as an external server or terminal by a known communication means such as a WEB service using HTTP (S), and the external connection unit 10 and the access control unit 20. The service call unit 30, the service AP unit 40, and the service management unit 50 perform processing such as initialization.

  The cooperation processing unit 90 of the service providing server 2 receives a processing request from the information processing unit 120 of this server, makes a service processing request to the external connection unit 10 of the personal information management server 1, and receives the processing request from the personal information management server 1. This is a part that receives a service processing response from one external connection unit 10 and returns the processing response to the information processing unit 120 of this server. The cooperation processing unit 90 provides the information processing unit 120 with interfaces corresponding to the following personal authentication cooperation unit 91, personal identification information management cooperation unit 92, service execution cooperation unit 93, and service addition cooperation unit 94.

  In association with various requests received by the server from an external terminal or the like, the personal authentication linkage unit 91 receives an individual from the information processing unit 120 of the server in order to confirm whether or not the requesting individual is the principal. This is a part that makes a personal authentication processing request to the personal authentication processing unit 11 of the external connection unit 10 of the information management server 1 and returns a personal authentication processing result as a response to the information processing unit 120.

  The personal identification information management cooperation unit 92 is for registering, referring to, updating, and deleting information for identifying the requesting person and other personal attribute information in relation to various requests received by the server from an external terminal or the like. The information processing unit 120 of this server makes a personal identification information management request to the personal identification information management unit 12 of the external connection unit 10 of the personal information management server 1, and the personal identification information management result as a response is sent. This is the part that is returned to the information processing unit 120.

  The service execution cooperation unit 93 is connected to the external connection unit 10 of the personal information management server 1 from the information processing unit 120 of the server in order to execute the request in relation to various requests received by the server from an external terminal or the like. Various service execution requests identified by the service identification information (service ID) and the process identification information (process ID) are made to the service execution unit 13 of the service execution unit 13 and the service execution result as a response is sent to the information processing unit 120. The part to be returned to.

  The service addition cooperation unit 94 sends a personal information management server from the information processing unit 120 of this server in order to add a service on the personal information management server 1 in connection with various requests received by the server from an external terminal or the like. A part that makes a service addition request identified by the service identification information (service ID) to the service addition unit 14 of one external connection unit 10 and returns a service addition result as a response to the information processing unit 120 It is.

  The information registration unit 100 of the service providing server 2 is a part for registering personal identification information, service attribute information, and the like in the information storage unit 130 of this server in relation to an information input request from an external terminal or the like. .

  The information generation unit 110 of the service providing server 2 generates screen information, configuration information, control information, and the like for display and processing on an external terminal or the like in relation to an information display request from the external terminal or the like. Part.

  The information processing unit 120 of the service providing server 2 is a part that performs various processes on the cooperation processing unit 90 of the server in association with an information display request from an external terminal or the like.

  The information storage unit 130 of the service providing server 2 temporarily or permanently stores various information used in the information registration unit 100, the information generation unit 110, the information processing unit 120, and the information storage unit 130 in the server. And the part to process.

  The communication processing unit 140 of the service providing server 2 communicates with a system such as an external server or terminal by a known communication unit such as a WEB service using HTTP (S), and the cooperation processing unit 90, the information registration unit 100, This is a part that performs processing such as initialization of each unit of the information generation unit 110 and the information processing unit 120.

  The information display unit 150 of the user terminal 3 is a part that displays information generated by the service providing server 2 using a known display unit such as a browser.

  The information input unit 160 of the use terminal 3 is a part for inputting information for the purpose of presenting information to the service providing server 2 in the information such as the screen displayed on the information display unit 150.

  The communication processing unit 170 of the user terminal 3 is a part that communicates with a system such as an external server by a known communication means using HTTP (S).

Next, the operation of the service providing system of the present invention will be described.
As a premise,
1. The trust relationship between actors in this system is as follows.
(A) The individual trusts the token issuer.
(B) The service provider trusts the token issuer.
(C) The individual trusts the service provider authenticated by the token issuer.
(D) The service provider trusts the individual authenticated by the token issuer.
2. The personal authentication in the personal authentication processing unit of the personal information management server and the personal authentication cooperation unit of the service providing server is realized by implementation using a known authentication cooperation technology such as SAML.
3. Information used in this system is secured by the following known security implementation.
(A) In communication between terminals and servers ((1) (2) (3) (6) in FIG. 1) and between servers and servers ((4) (5) in FIG. 1) constituting this system Implementations relating to known network security such as SSL and VPN are applied appropriately, and any attacks such as wiretapping and tampering with communication information are invalid.
(B) The parts of the personal information management server other than the tamper resistant part, such as the secure OS, have been appropriately implemented with known operating system security and other attacks such as unauthorized access to control information, stored information, etc. Is invalid.
(C) A known tamper resistant implementation is appropriately applied to the tamper resistant part of the personal information management server, and all attacks such as wiretapping, tampering, unauthorized access, and physical destruction are invalid.

First, an example of the registration and management flow of personal information is shown in FIG.
When a service provider registration request is received from the service provider service provider server 2 to the token issuer personal information management server 1, the personal information management server 1 sends the service provider server 2 service identification information ( ID, etc.), security attribute information (password, etc.) is requested, and upon receiving a response of service identification information and security attribute information from the service providing server 2, the service provider's service identification information and security attributes are checked after reviewing these information Register information.
When a personal (P) registration request is sent from the personal (P) terminal 3 to the personal information management server 1, the personal information management server 1 sends the personal (P) personal identification information (such as ID) to the personal terminal 3. When requesting security attribute information (password, etc.) and receiving a response of personal identification information and security attribute information from the use terminal 3, the personal identification information and security attribute information of the individual (P) are registered after reviewing these information To do.

The individual (P) uses the use terminal 3 to request the personal information management server 1 to start personal information management, and when receiving a request for authentication operation from the personal information management server 1, the personal (P) responds to the authentication operation. The personal information management server 1 receives personal authentication necessary for managing personal (P) information (to use the service (S1)) and receives a personal information management start response from the personal information management server 1. Then, the personal information management server 1 is logged in (personal identification information and security attribute information used for personal authentication are registered in advance).
When the individual (P) makes a request for initial registration of a service user necessary for using the service (S1) to the service providing server 2 using the use terminal 3, the service providing server 2 (P) is registered in the personal information management server 1 and becomes a management target, and the personal information (P) held by the personal information management server 1 indicates whether or not the personal information management server 1 is logged in when the request is received. ) Confirm by the authentication status.
The service providing server 2 is necessary for the individual (P) to use the service (S1) in response to the request of the individual (P) when the authentication state of the individual (P) is appropriate (when logged in). The personal information management server 1 is requested to execute a service for generating / registering the security attribute information of an individual (P).
After confirming that the service providing server 2 is registered as a service provider, the personal information management server 1 generates and registers personal (P) security attribute information in response to a request from the service providing server 2 Then, the execution result is returned to the service providing server 2.
After receiving the response from the personal information management server 1, the service providing server 2 registers the individual (P) as a service user of the service (S 1) and registers the result as a request for initial registration of the user terminal 3. Respond to.
The individual (P) uses the terminal 3 to request the personal information management server 1 to end personal information management, receives a personal information management end response from the personal information management server 1, and logs out from the personal information management server 1. .

Next, FIG. 9 shows an example of the flow of using the initially registered service (document encryption, signature assignment).
The individual (P) uses the usage terminal 3 to request the service providing server 2 to start using various services of the service (S1).
The service providing server 2 requests the personal information management server 1 to execute personal authentication of the individual (P) via the use terminal 3.
The personal information management server 1 requests the user terminal 3 for an operation for personal authentication (such as password input).
The individual (P) uses the user terminal 3 to perform an operation for personal authentication in response to a personal authentication request from the personal information management server 1.
The personal information management server 1 receives a response from the use terminal 3, performs personal authentication, and returns an authentication result to the service providing server 2 via the use terminal 3.
The service providing server 2 enables the use terminal 3 to use various services of the service (S1) when correctly authenticated in response to the personal information management server 1.

The individual (P) uses the use terminal 3 to request the service providing server 2 to browse information related to the individual (P) held by the service providing server 2.
The service providing server 2 responds to the browsing request from the use terminal 3 with a list including the requested information (encrypted with the security attribute information (public key or the like) of the individual (P)).
The individual (P) uses the use terminal 3 to request the service providing server 2 to browse arbitrary information (decryption of the encrypted document) from the list.
The service providing server 2 confirms the authentication status of the individual (P) with the personal information management server 1 at the time of the request for the individual (P). Request decryption of
The personal information management server 1 uses the security attribute information (private key, etc.) of the individual (P) to decrypt the encrypted information requested by the service providing server 2, and uses the plaintext information as the service providing server. Respond to 2.
The service providing server 2 returns the plain text information to the use terminal 3 as a response.
The individual (P) uses the use terminal 3 to add reply information to the browsed information, and requests the service providing server 2 to give a signature in order to add the personal (P) signature to the reply information. To do.
The service providing server 2 confirms the authentication status of the individual (P) with the personal information management server 1 at the time of the request for the individual (P). Require signing of.
The personal information management server 1 generates and assigns a signature to the response information requested by the service providing server 2 using the security attribute information (such as a private key) of the individual (P). In response to the service providing server 2.
The service providing server 2 returns the response information with the signature attached to the use terminal 3 as a response.
The individual (P) uses the use terminal 3 to send a reply including the reply information with the signature to the service providing server 2.

Next, FIG. 10 shows an example of a flow of service addition and service use (signature assignment) after initial registration.
The individual (P) uses the use terminal 3 to request the service provider server 2 of the service provider to use various services of the service (S2).
The service providing server 2 requests the personal information management server 1 for personal authentication of the individual (P) via the use terminal 3.
The personal information management server 1 requests the user terminal 3 for an operation for personal authentication (such as password input).
The individual (P) uses the user terminal 3 to perform an operation for personal authentication in response to a personal authentication request from the personal information management server 1.
The personal information management server 1 receives a response from the use terminal 3, performs personal authentication, and returns an authentication result to the service providing server 2 via the use terminal 3.
The service providing server 2 disables the use of the various services of the service (S2) for the use terminal 3 when the personal information management server 1 does not authenticate correctly in response.

The individual (P) uses the usage terminal 3 to request the service providing server 2 to add a service for making the service (S2) available.
The service providing server 2 confirms the authentication status of the individual (P) with the personal information management server 1 at the time of the request for the individual (P), and if appropriate, is personally registered in the personal information management server 1 However, the service (S2) has not been registered for initial use and is currently logged in), and the personal information management server 1 adds services necessary for the individual (P) to use the service (S2) and The personal information management server 1 is requested to execute a service for generating / registering personal (P) security attribute information.
After confirming that the service providing server 2 is registered as a service provider, the personal information management server 1 adds a service (S2) in response to a request from the service providing server 2, and the personal information management server 1 (P) security attribute information is generated and registered, and the execution result is returned to the service providing server 2.
After receiving the response from the personal information management server 1, the service providing server 2 registers the individual (P) as a service user of the service (S 2) and registers the result as a request for adding the service of the user terminal 3. Respond to.
The individual (P) uses the usage terminal 3 to request the service providing server 2 to apply for the service (S2).
The service providing server 2 returns a use application input screen as a response.
The individual (P) uses the use terminal 3 to input the application information for the service (S2), and requests the service providing server 2 to give the signature in order to give the signature of the individual (P) to the application information. .
The service providing server 2 confirms the authentication status of the individual (P) with the personal information management server 1 at the time of the request for the individual (P). Require signing of.
The personal information management server 1 generates and assigns a signature to the application information requested by the service providing server 2 using the security attribute information (private key, etc.) of the individual (P). In response to the service providing server 2.
The service providing server 2 returns a response to the application information with the signature attached to the use terminal 3.
The individual (P) uses the use terminal 3 to send an application form including application information with a signature to the service providing server 2.

As described above, the present invention uses a tamper-resistant storage area of a personal information management system managed by a token issuer without using a hardware token premised on providing a loan to an individual. In this storage area, information such as security attributes for each individual and each service is stored and the management of the personal information is performed on its behalf, so issuance and logistics related to hardware tokens that are lent and provided for each individual In addition, it is possible to reduce operation and cost burden related to operation management.
The token issuer only needs to be able to authenticate an individual regardless of the service provider. Therefore, even if it is not a hardware token such as an IC card, authentication information such as an ID and a password can be authenticated by allowing an individual to input authentication information such as a browser using a general-purpose mechanism such as a browser. . In this case, there are fewer restrictions on the operating environment compared to the method using hardware tokens in the prior art.

DESCRIPTION OF SYMBOLS 1 Personal information management server 2 Service provision server 3 Use terminal 10 External connection part 11 Personal authentication process part 12 Personal identification information management part 13 Service execution part 14 Service addition part 20 Access control part 21 Server confirmation part 22 Server and service confirmation part 23 Individual / service confirmation unit 24 Individual registration status confirmation unit 25 Individual authentication status confirmation unit 26 Individual / service authorization unit 27 Individual / service management information authorization unit 30 Service call unit 31 Additional call unit 32 Execution call unit 40 Service AP unit 41 Service addition Unit 42 service execution unit 50 service management unit 51 personal security attribute information generation unit 52 personal security attribute information management unit 53 personal security attribute information utilization unit 60 information processing unit 61 information storage unit connection unit 62 log output unit 70 information storage unit 71 resistance Tamper part 7 Database unit 80 communication processing unit 90 cooperation module 100 information registration unit 110 information generation unit 120 information processing unit 130 information storage unit 140 communication processing unit 150 the information display unit 160 information input unit 170 communication processing unit

Claims (7)

A personal use terminal connected to each other by a network; a service providing server that provides services to individuals; and a personal information management server that manages personal security attribute information for each individual and for each service and that processes services A service providing system comprising:
When the service providing server receives a request for using the service requiring personal authentication from the personal use terminal, the service providing server sends the personal information management server the personal information at the time when the service is requested. When an authentication status confirmation request is made and personal authentication is appropriate, the personal information management server is requested to execute the service, and when the service execution result is received from the personal information management server, the service execution result is transmitted to the user terminal. In response to
The personal information management server executes a service using the personal security attribute information registered in advance in response to the service execution request, and returns a service execution result to the service providing server. Service providing system. When a service addition request is made from the personal user terminal to the service providing server, the service providing server sends the personal authentication status to the personal information management server at the time of the service addition request. When a confirmation request is made and personal authentication is appropriate, the personal information management server is requested to add a service and register the personal security attribute information.
The service according to claim 1, wherein the personal information management server adds a service in response to a request from the service providing server, and generates and registers the personal security attribute information for the added service. Offer system.   When a personal registration request is made from the personal user terminal, the personal information management server requests the personal personal identification information and security attribute information from the personal user terminal, and uses the personal user 3. The personal identification information and security attribute information of the individual are registered after the response of the personal identification information and security attribute information of the individual is received from the terminal after the examination of the information. Service provision system. A personal information management server constituting the service providing system according to any one of claims 1 to 3,
In response to a request from the individual user terminal, personal identification information and security attribute information are generated and registered, processing requests for various services are received from the service providing server, and execution results of services executed after personal authentication are displayed. An external connection part that returns the processing result including,
When executing the process at the external connection unit, the person is identified by the personal identification information, and whether or not the process can be executed is checked according to a control policy and a control rule defined between the service providing server and the control. An access control unit,
A service calling unit that calls a service application corresponding to the service when the process is determined to be executable;
A service application unit that executes the process of the called service and sends the execution result to the external connection unit;
A service management unit for managing the personal identification information and the security attribute information necessary for executing the processing of the service for each person and for each service;
A personal information management server comprising: A personal use terminal connected to each other by a network; a service providing server that provides services to individuals; and a personal information management server that manages personal security attribute information for each individual and for each service and that processes services A service providing method in a service providing system having:
When the service providing server receives a request for using the service requiring personal authentication from the personal use terminal, the service providing server sends the personal information management server the personal information at the time when the service is requested. Requesting confirmation of authentication status, and requesting execution of a service to the personal information management server if personal authentication is appropriate;
The personal information management server executes a service using the personal security attribute information registered in advance in response to the service execution request, and returns a service execution result to the service providing server;
The service providing server, upon receiving the service execution result from the personal information management server, responding the service execution result to the user terminal;
A service providing method comprising: When a service addition request is made from the personal user terminal to the service providing server, the service providing server sends the personal authentication status to the personal information management server at the time of the service addition request. Making a confirmation request and requesting the personal information management server to add a service and register the personal security attribute information if personal authentication is appropriate;
The personal information management server adds a service in response to a request from the service providing server, generates and registers the personal security attribute information for the added service; and
The service providing method according to claim 5, further comprising: When a personal registration request is made from the personal user terminal, the personal information management server requests the personal personal identification information and security attribute information from the personal user terminal, and uses the personal user Upon receiving a response of the personal identification information and security attribute information of the individual from the terminal, after reviewing these information, registering the personal identification information of the individual and security attribute information;
The service providing method according to claim 5, further comprising:

Images