JP2005173895A - Authentication information registration server, authentication information registration intermediation server, authentication information registration method, authentication information registration intermediation method, authentication information registration program, authentication information registration intermediation program and storage medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To speedily register user authentication information which a user sets while a high security level is secured. <P>SOLUTION: In a procedure of substitute service of service entry, or password initialization, a key 1 and a key 2 which are code information are emitted as random character strings in the number of digits by which security can be secured. It is informed to the user by at least a different notification means or at different timing. When the user notifies the key 1 and the key 2, the user is determined to be the user, and the user is caused to set use authentication information such as user ID and a password. A service supply business unit receiving substitute service does not set user authentication information such as user ID and the password but the user oneself can speedily set it, and the high security level can be maintained. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an authentication information registration server, an authentication information registration mediation server, an authentication information registration method, an authentication information registration mediation method, an authentication information registration program, an authentication information registration mediation program, and a storage medium. Specifically, the present invention relates to a method for registering user authentication information after confirming the identity of the user using the first code information and the second code information.

In recent years, CE (Consumer Electronics) devices that can be connected to a network have become widespread.
These CE devices include audiovisual devices such as video decks, stereos, and TVs, home appliances such as rice cookers and refrigerators, and other electronic devices, and are provided by server devices via a network. You can use the service you want.
After purchasing the CE device, the user arranges the CE device so as to be connectable to a server that provides a service (a business server operated by a service providing business entity) via a network line such as the Internet.

  With this service, for example, when the CE device is a hard disk recorder, the program reservation table provided by the business entity server is displayed, and the recording reservation is easily made, or the business entity server is accessed from the outside using a portable terminal. Then, it is possible to make a recording reservation for a CE device at home.

When a user purchases a CE device, the device information such as device ID and serial number built in the CE device, user authentication information such as user ID and password, and user information such as name, address, and e-mail address Are registered in the business entity server, and the business entity server provides services after performing device authentication or user authentication using these pieces of information.
In some cases, an authentication server is provided separately from the business entity server, and device authentication and user authentication are collectively performed by the authentication server.

  In order to use a service (hereinafter referred to as a net service) provided by the above-mentioned business entity server, the user needs to subscribe to this service. Here, in order to increase the subscription rate to the net service, the user In order to provide convenience, a substituting service is provided.

In this agency service, when a user purchases a CE device, the retailer obtains the minimum information necessary for subscribing to the net service and sends it to the service provider. This is done by inputting this information.
Thereby, it is possible to easily subscribe to the network service without performing troublesome input on the Internet Web screen that is performed by a normal subscription action via the Internet.

FIG. 12A is a block diagram for explaining a conventional proxy service.
The service providing entity 204 operates an entity server 203 including a customer database 206 that stores user information. The business entity server 203 can provide various services to the CE device 205 via the network.

First, when the user purchases the CE device 205 at the retail store 207, the retail store 207 recommends that the user subscribe to the net service.
If the user wishes to subscribe to a net service, the retail store 207 fills in the application form provided to the user with the minimum user information (eg, name, address, telephone number, email address) required for subscription. This is transmitted to the service provider 204 by fax or the like together with the device information (device ID and the like) of the CE device 205.

In the service providing business entity 204, the operator receives the information and inputs it to the business entity server 203.
The business entity server 203 automatically sets a user ID, a password, and the like for the user at random with respect to the user authentication information.
The service providing entity 204 prints and mails the user ID, password, and password reminder (hereinafter referred to as “PW reminder”) automatically to the user when the subscribing service is completed and the user ID, password, and password reminder are automatically set. Or notify the user by sending it by e-mail.

Here, the PW reminder is a “question and answer” set by the user for performing a password initialization procedure when the user forgets the password.
In addition, the user ID, password, and PW reminder automatically set by the business entity server 203 will be used later to log in to the site of the service providing business entity 204 using these authentication information and reset it at their convenience. Can do.

In some cases, instead of using a proxy service for subscribing to a net service, the business site is accessed using the Internet or the like, and a subscription procedure is performed on the network.
In this case, the user information is input on the business site, and the business server automatically generates a user ID, a password, and a PW reminder.
Such authentication information is notified to the user by mail or electronic mail.

FIG. 12B is a diagram for explaining a conventional password initialization method performed when the user forgets the user ID or password. That is, it is a reissue of a password.
In a service using the Internet that requires a user ID and a password, when the user forgets the user ID and password, a procedure of password initialization can be performed.

First, the user accesses the site of the business entity server 203 from the user terminal 205a and inputs a part of personal profile information such as a name and an e-mail address and a user ID if he / she remembers it.
The business entity server 203 collates the input information with the information stored in the customer database 206, and if these information match, the business server 203 temporarily specifies the user as a regular user.

Next, if the user can post the question part of the PW reminder set by the user and the user can answer the question, the user is surely determined to be the person, and the business server 203 randomly sets the currently set password. Replace with the issued password.
Then, the user is notified of the password by mail or e-mail. The same applies when the user ID is forgotten.
As described above, there is an information registration device described in the following document as an invention for registering a user in a server device.

JP 2002-229950 A

In the present invention, personal information and a password from an information input terminal are received and temporarily registered, and then an input of the password is received from a mobile phone to formally register a user.
Thereby, the user does not need to input personal information from the numeric keypad of the portable terminal, and can easily register.

The conventional system described above has the following problems.
First, when mailing the user ID, password, or password issued by the password initialization procedure as described above, it takes 2-3 days for the mail to reach the user. Unable to receive services that require a password. In addition, there is a cost problem for enterprises that mail costs are required.

Further, when both the ID and password are notified to the user as in the case of a proxy service, security such as the use of the ID or password by another person or the use of the service or browsing of user information by theft of mail There can be the above problem.
In addition, when the user ID and password are transmitted by e-mail, they are viewed by a third party during e-mail communication, or viewed while leaving the seat with the e-mail displayed on the display in the office or the like. There is a possibility and a security problem exists.
In addition, in the conventional password initialization method using the PW reminder, the PW reminder is often forgotten, and in order to respond to inquiries from the user, a large amount of time and costs are spent at the business user's window. ing.

  Accordingly, an object of the present invention is to provide an authentication information registration server or the like that can quickly register user authentication information set by a user while realizing a high security level.

In order to achieve the above object, the present invention provides first code information acquisition means for acquiring first code information set by a user, and second code information corresponding to the acquired first code information. Second code information transmitting means for transmitting to the user, code information receiving means for receiving a set of the first code information and the second code information from a user terminal, and the acquired first User confirmation for confirming the user by comparing the code information and the second code information transmitted corresponding to the first code information with the set of the received first code information and second code information There is provided an authentication information registration server comprising: means and user authentication information acquisition means for acquiring user authentication information of the confirmed user (first configuration).
In the first configuration, user information acquisition means for acquiring user information associated with the first code information, the received user authentication information, and the acquired user information are associated with each other and stored in a storage device. And a storage unit (second configuration).
In the first configuration, the first code information may be configured by the user (third configuration).
Furthermore, in the first configuration, a first code information issuing means for issuing first code information to the user, and a first code information notification for notifying the user of the issued first code information And the first code information acquisition means can be configured to acquire the first code information issued by the first code information issue means (fourth configuration).
Further, in the first configuration, the second code information transmission means sends the second code information to the user via a different transmission means from that used to notify the user of the first code information. It can also be configured to transmit code information (fifth configuration).
Furthermore, in the first configuration, the second code information transmitting means is configured to transmit the second code information at a timing different from a timing at which the user is notified of the first code information. (Sixth configuration).
In the first configuration, the user authentication information acquisition unit may be configured to acquire the user authentication information by receiving the user authentication information set by the user and transmitted from the user terminal ( (Seventh configuration).
In the first configuration, further comprising: user authentication information issuing means for issuing user authentication information; and user authentication information transmitting means for transmitting the issued user authentication information to the user. The acquisition means can also be configured to acquire the issued user authentication information (eighth configuration).
Furthermore, in the first configuration, when the user authentication information acquired by the user authentication information acquisition unit is reissued to the user, the user authentication information obtained by reissuing the previously acquired user authentication information (9th structure).
In order to achieve the above object, the present invention accepts a purchase application for a product that is a target of user authentication information registration from the user and mediates registration of the user authentication information to the authentication information registration server of the first configuration. An authentication information registration intermediary server for receiving product specification information receiving means for receiving product specification information for specifying a product that the user desires to purchase from a user terminal, and for registering the authentication information in correspondence with the received product specification information A first code information sharing means for sharing the first code information with the server; a first code information notifying means for notifying the user of the shared first code information; and the received product specifying information. And an authentication information registration mediation server characterized by comprising product specifying information transmitting means for transmitting to the product shipping entity (tenth configuration).
In order to achieve the above object, the present invention provides a first code information acquisition unit, a second code information transmission unit, a code information reception unit, a user confirmation unit, a user authentication information acquisition unit, The first code information acquisition unit acquires the first code information set by the user in the first code information acquisition unit, and the second code information transmission unit acquires the acquired code information. A second code information transmission step for transmitting the second code information corresponding to the first code information to the user; and in the code information receiving means, from the user terminal, the first code information and the second code information A code information receiving step for receiving the set of code information, and in the user confirmation means, the acquired first code information and the second code information transmitted corresponding to the first code information. A user confirmation step of confirming the user by collating with the received set of the first code information and the second code information, and a user who acquires the user authentication information of the confirmed user in the user authentication information acquisition means An authentication information registration method comprising an authentication information acquisition step is provided (11th configuration).
In an eleventh configuration, the apparatus includes a user information acquisition unit and a storage unit, and the user information acquisition unit acquires user information associated with the first code information, and the storage unit. The user authentication information received and a storage step of associating the acquired user information with each other and storing them in a storage device can be configured (a twelfth configuration).
In the eleventh configuration, the first code information may be configured by a user (a thirteenth configuration).
The eleventh configuration further comprises a first code information issuing means and a first code information notifying means, wherein the first code information issuing means sends the first code information to the user. A first code information issuing step for issuing, and a first code information notifying step for notifying the user of the issued first code information in the first code information notifying means. In the code information acquisition step, the first code information issued in the first code information issue step may be acquired (fourteenth configuration).
Further, in the eleventh configuration, in the second code information transmission step, the second code information transmission step sends the second code information to the user via a transmission means different from that used to notify the user of the first code information. It is also possible to configure to transmit code information (fifteenth configuration).
Furthermore, in the eleventh configuration, in the second code information transmission step, the second code information is transmitted at a timing different from a timing at which the user is notified of the first code information. It is also possible (sixteenth configuration).
In addition, in the eleventh configuration, the user authentication information acquisition step may be configured to acquire the user authentication information by receiving the user authentication information set by the user and transmitted from the user terminal. (17th structure).
In the eleventh configuration, a user authentication information issuing unit and a user authentication information transmitting unit are provided, and a user authentication information issuing step for issuing user authentication information in the user authentication information issuing unit, and the user authentication information A transmission means for transmitting the issued user authentication information to the user, and configured to acquire the issued user authentication information in the user authentication information acquisition step. (18th configuration).
Furthermore, in the eleventh configuration, when the user authentication information acquired in the user authentication information acquisition step is reissued to the user, the user authentication information obtained by reissuing the previously acquired user authentication information (19th configuration).
In order to achieve the above object, the present invention accepts a purchase application for a product that is a target of user authentication information registration from a user, and performs user authentication to a computer that executes the authentication information registration method according to claim 11. An authentication information registration mediating method for mediating registration of information, comprising: product identification information receiving means; first code information sharing means; first code information notifying means; and product identification information transmitting means. In the computer, in the product specifying information receiving means, a product specifying information receiving step of receiving product specifying information for specifying a product that the user desires to purchase from a user terminal;
In the first code information sharing means, a first code information sharing step for sharing the authentication information registration method and the first code information in correspondence with the received product specifying information, and the first code information In the notification means, a first code information notification step for notifying the user of the shared first code information; and in the product specification information transmission means, the received product specification information is sent to the product shipping entity. An authentication information registration mediation method characterized by comprising a product specifying information transmitting step for transmitting to (20th configuration).
In order to achieve the above object, the present invention provides a first code information acquisition function for acquiring first code information set by a user, and a second code information acquisition function corresponding to the acquired first code information. A second code information transmission function for transmitting code information to the user; a code information reception function for receiving a set of the first code information and the second code information from a user terminal; The code information of 1 and the second code information transmitted corresponding to the first code information are checked against the set of the received first code information and second code information to confirm the user. An authentication information registration program for realizing a user confirmation function and a user authentication information acquisition function for acquiring the user authentication information of the confirmed user by a computer is provided (21st configuration).
In the twenty-first configuration, a user information acquisition function for acquiring user information associated with the first code information, the received user authentication information, and the acquired user information are associated with each other in a storage device. The storage function to be stored can be realized by a computer (a twenty-second configuration).
In the twenty-first configuration, the first code information may be configured by the user (a twenty-third configuration).
Also, in the twenty-first configuration, a first code information issuing function for issuing first code information to the user, and a first code information notification function for notifying the user of the issued first code information Can be realized by the computer, and the first code information acquisition function can be configured to acquire the first code information issued by the first code information issue function (24th configuration). ).
Further, in the twenty-first configuration, in the second code information transmission function, the second code information transmission function is sent to the user via a transmission function different from that used to notify the user of the first code information. It is also possible to configure to transmit code information (25th configuration).
In the twenty-first configuration, the second code information transmission function is configured to transmit the second code information at a timing different from the timing at which the first code information is notified to the user. (26th configuration).
Furthermore, in the twenty-first configuration, the user authentication information acquisition function can be configured to acquire the user authentication information by receiving the user authentication information set by the user and transmitted from the user terminal (first configuration). 27).
In the twenty-first configuration, the computer implements a user authentication information issuing function for issuing user authentication information and a user authentication information transmitting function for transmitting the issued user authentication information to the user, The user authentication information acquisition function can also be configured to acquire the issued user authentication information (28th configuration).
Furthermore, in the twenty-first configuration, when the user authentication information acquired by the user authentication information acquisition function is reissued to the user, the user authentication information obtained by reissuing the previously acquired user authentication information It is also possible to realize a replacement function to be replaced with (29th configuration).
In addition, in order to achieve the above object, the present invention accepts a purchase application for a product for which user authentication information is to be registered from a user, and performs user authentication on a computer that executes the authentication information registration program according to claim 21. An authentication information registration mediation program for mediating registration of information, including a product specification information receiving function for receiving product specification information for specifying a product that a user desires to purchase from a user terminal, and the received product specification information A first code information sharing function for correspondingly sharing the first code information with the authentication information registration server, and a first code information notification function for notifying the user of the shared first code information; An authentication information registration intermediary that implements a product specific information transmission function for transmitting the received product specific information to the product shipping entity. Providing a program (30th configuration).
In order to achieve the above object, the present invention provides a first code information acquisition function for acquiring first code information set by a user, and a second code information corresponding to the acquired first code information. A second code information transmission function for transmitting code information to the user; a code information reception function for receiving a set of the first code information and the second code information from a user terminal; The code information of 1 and the second code information transmitted corresponding to the first code information are checked against the set of the received first code information and second code information to confirm the user. A computer-readable storage medium storing an authentication information registration program for realizing a user confirmation function and a user authentication information acquisition function for acquiring the user authentication information of the confirmed user by a computer is provided. )
In the thirty-first configuration, a user information acquisition function for acquiring user information associated with the first code information, the received user authentication information, and the acquired user information are associated with each other and stored in a storage device. A storage medium storing the authentication information registration program for realizing a storage function by a computer is provided (32nd configuration).
In the thirty-first configuration, the first code information can be configured to be set by a user (a thirty-third configuration).
Further, in the thirty-first configuration, a first code information issuing function for issuing first code information to the user, and a first code information notification for notifying the user of the issued first code information And the first code information acquisition function can be configured to acquire the first code information issued by the first code information issue function (the 34th code). Constitution).
Further, in the thirty-first configuration, in the second code information transmission function, the second code information transmission function is sent to the user via a transmission function different from that used to notify the user of the first code information. It is also possible to configure to transmit the code information (35th configuration).
In the thirty-first configuration, the second code information transmission function is configured to transmit the second code information at a timing different from the timing at which the first code information is notified to the user. (36th configuration).
Furthermore, in the thirty-first configuration, the user authentication information acquisition function can be configured to acquire the user authentication information by receiving user authentication information set by the user and transmitted from a user terminal ( 37th configuration).
In the thirty-first configuration, the computer implements a user authentication information issuing function for issuing user authentication information and a user authentication information transmitting function for transmitting the issued user authentication information to the user, The user authentication information acquisition function can be configured to acquire the issued user authentication information (38th configuration).
Furthermore, in the thirty-first configuration, when the user authentication information acquired by the user authentication information acquisition function is reissued to the user, the user authentication information obtained by reissuing the previously acquired user authentication information It is also possible to realize a replacement function to be replaced with (39th configuration).
Further, in order to achieve the above object, the present invention accepts a purchase application for a product which is a target of user authentication information registration from a user and executes user authentication information on a computer executing an authentication information registration program in the thirty-first configuration. A storage medium storing an authentication information registration mediation program for mediating registration of the product, the product specification information receiving function for receiving the product specification information for specifying the product that the user wants to purchase from the user terminal, and the received A first code information sharing function for sharing the first code information with the authentication information registration server in correspondence with product specifying information, and first code information for notifying the user of the shared first code information A notification function and a product specification information transmission function for transmitting the received product specification information to the product shipping entity are realized by a computer. That provides authentication information registration intermediation program readable computer that stores the storage medium (40th configuration).

  According to the present invention, the security level can be increased and user authentication information can be quickly set. In addition, since mails associated with authentication information settings can be abolished and customer inquiries can be expected to decrease, costs can be reduced.

[Outline of the embodiment]
In this embodiment, in the proxy service for subscribing to the net service and the procedure for password initialization, the key 1 and the key 2 that are code information are issued as random character strings having a number of digits that can ensure a certain security, and are given to the user. The user is notified at least at different notification means and at different timing, and when the user posts the key 1 and the key 2, it is determined that the user is the user himself, and the user authentication such as the user ID and the password is made to the user himself / herself. Information is set.

In FIG. 1, when a user purchases a CE device at a retail store 7, the user information is displayed on an application form for a net service in which key 1 (a character string of a certain number of digits) that is first code information is printed in advance. Fill in. The application form is further filled with device information such as the device ID and serial number of the CE device by the retail store 7 and then transmitted to the service provider 4 by fax or the like.
The user receives a copy of the application form on which the key 1 is printed together with the CE device.

  In the service provider 4, the operator receives the information transmitted by fax on the application form, inputs temporary registration information (user information, device information) entered in the application form into the customer database 6 of the entity server 3, Temporarily register a user. Then, the business entity server 3 issues the key 2 (character string having a certain number of digits different from the key 1) as the second code information, stores it in the customer database 6 in correspondence with the key 1, Key 2 is sent to the e-mail address entered by the user on the application form.

After receiving the key 2, the user accesses the registration site of the business entity server 3 from the user terminal 5 and transmits the keys 1 and 2 to the business entity server 3.
The business entity server 3 compares these with the key 1 and key 2 stored in the customer database 6 and confirms that the user is the person (that is, the business entity server can know the key 1 and key 2). 3), the user ID, password, and PW reminder are requested.
On the other hand, the user transmits his / her convenient user ID, password, and PW reminder to the business entity server 3.
The business entity server 3 stores these as user authentication information in the customer database 6 and officially registers the user.

As described above, in this embodiment, the key 1 is notified when the proxy service is received, and after the proxy service is received, the key 2 is notified with a different transmission means and transmission timing different from the delivery of the key 1, and the user By presenting the key 1 and the key 2 received together, it is specified that the user has applied for the proxy service.
Therefore, the user authentication information such as the user ID and password is not set by the service provider 4 that has accepted the proxy service, but can be set quickly by the user himself and a high security level can be maintained. .

[Details of the embodiment]
FIG. 1 is a diagram for explaining an example of the configuration of the authentication information registration system of the present embodiment.
The authentication information registration system 1 is configured by arranging the user terminal 5 and the business entity server 3 so as to be connectable via a network line such as the Internet, and information on the user, the retail store 7, and the service providing business entity 4. Register user authentication information using the exchange.

The retail store 7 is, for example, a mass retailer of electrical products, and sells CE devices and other electrical products to users. A case where the retail store 7 is a net shop established on a network will be described in a modification of the embodiment.
In the present embodiment, an example of a product sold by the retail store 7 will be described as a CE device. However, the user registration function provided by the authentication information registration system 1 is not limited to the one related to the CE device, and user authentication information is provided. Can be widely used in systems that require registration.

CE devices sold by the retail store 7 include, for example, a video recorder with built-in hard disk, a stereo, and the like, and each of these CE devices holds a unique device ID and serial number in an internal storage device. It is also possible to attach a label printed with a device ID or serial number to the case of the CE device so that it can be seen from the outside.
These CE devices can connect to the business entity server 3 via a network and use various network services provided by the business entity server 3.

The retail store 7 has a function that allows the CE device to use the net service when the user purchases the CE device, and the user needs to be registered in advance to use the net service. Will be explained.
When the user wishes to register as a user, the retail store 7 asks the user to fill in an application form entrusted by the service provider 4 in advance.

  In this application form, for example, user information entry fields for entering personal information such as name, address, telephone number, e-mail address, credit card number, and device information such as the device ID and serial number of the CE device are entered. A device information entry field and a key 1 issued in advance by the service provider 4 are printed.

Here, the key 1 is composed of a random character string having, for example, the number of digits for ensuring a predetermined security level (for example, there are 12 trillion combinations of 12 digits for numbers from 0 to 9). .
The key 1 constitutes first code information to be used after being coded with the key 2 composed of a similar character string, and the key 2 constitutes second code information. Key 2 is a character string different from key 1.
In the present embodiment, the key 1 is issued so as not to be duplicated. However, it is possible to issue the key 1 in duplicate within the scope of security problems.

After the user enters the user information on the application form, the retail store 7 enters the device information (device ID, serial number) of the CE device purchased by the user in the device information entry column.
Then, a copy of the completed application form is handed to the user (for example, the application form is a copy type), and the information on the original sheet of the application form is sent to the service provider 4 by a fax machine. Send.

The user information and device information entered on the application form are temporary registration information for temporarily registering the user in the business entity server 3 and do not include user authentication information such as a user ID and a password.
The device information that the retail store 7 fills in the application form may be information that identifies the individual CE device. For example, security information such as a passphrase used for device authentication is not used. The level can be increased.

In this way, by issuing the application form on which the key 1 is printed in advance to the user, the key 1 can be set for the user, and the user can recognize the key 1 set for the user. .
Then, by transmitting the information described in the application form to the service providing entity 4 using a fax machine or the like, the service providing entity 4 allows the user information of the user and the device of the CE device purchased by the user. Information and the key 1 set for the user can be acquired.

In the present embodiment, the key 1 is printed on the application form in advance, but the user can set the key 1 as well.
In this case, a key 1 entry field on the application form and an explanatory note that a character string of a predetermined number of digits is entered in the key 1 entry field, and the user enters the key 1 himself in the key 1 entry field. What is necessary is just to comprise.

The service providing entity 4 is an operator that implements a net service. The service providing entity 4 includes an entity server 3 that provides a network service by connecting to a CE device via a network. The business entity server 3 constitutes an authentication information registration server.
The service providing entity 4 performs maintenance and management of the entity server 3, and also provides an agency service that performs input processing for a new user registration on the entity server 3 on behalf of the user.

  The service providing entity 4 is stationed with an operator who inputs temporary registration information (user information, device information, etc.) to the entity server 3 by a proxy service. The operator receives the fax information of the application form transmitted from the retail store 7 and inputs the temporary registration information and the key 1 described in the application form to the business entity server 3.

The business entity server 3 includes input means for accepting input of temporary registration information from an operator, and communication means for connecting to a terminal device such as the user terminal 5 or CE device or another server device via a network such as the Internet. Yes.
In this input means, the business entity server 3 constitutes first code information acquisition means for acquiring the key 1 and user information acquisition means for acquiring user information.

The business entity server 3 includes a customer database 6 for managing users. The customer database 6 has a registration area for each user.
In these registration areas, user information of each user, device information of CE devices owned by the user, user authentication information of the user, and the like are stored.
The customer database 6 constitutes a storage device that stores user information and user authentication information in association with each other, and the business entity server 3 includes storage means for storing these information in the customer database 6.

Upon receipt of the user's temporary registration information, the business entity server 3 generates a key 2 for this user and stores it in the customer database 6 in association with the key 1. The configuration of the key 2 is the same as that of the key 1, and is composed of, for example, a 12-digit character string.
Then, the business entity server 3 generates an electronic mail describing the key 2 and transmits it to an electronic mail address included in the temporary registration information (included in the user information of the temporary registration information).
Thereby, the 2nd code | symbol information transmission means of the entity server 3 is comprised.

In this way, the user can obtain the key 1 and the key 2 via another transmission means at another transmission timing, and those who know both the key 1 and the key 2 can Only the business entity server 3 is provided.
Therefore, when the user presents both the key 1 and the key 2 to the business entity server 3, the business entity server 3 can confirm the identity of the user.

Further, even if one of the keys 1 and 2 is known to a third party, the third party cannot impersonate the user unless the other one is obtained.
Furthermore, since the key 1 and the key 2 are transmitted at different transmission means and at different transmission timings, even if one of them is known to a third party, the possibility of the other being known to the third party is extremely low. .
For this reason, a high security level can be realized by notifying the user of the key 1 and the key 2 with at least one of another transmission means and another transmission timing.

  The business entity server 3 accepts an application for formal registration from a temporarily registered user, and at that time, the user is presented with the keys 1 and 2 to confirm the identity of the user. This is done by having the user terminal 5 transmit a set of key 1 and key 2 and the business entity server 3 receives it, and thus the business entity server 3 is provided with code information receiving means. Yes.

After confirming the identity, the user ID and password set by the user are obtained from the user, stored in the customer database 6 and formally registered.
Thus, the business entity server 3 includes a user confirmation unit and a user authentication information acquisition unit.
The above information exchange with the user is performed, for example, with the user terminal 5 via a network line, and the business entity server 3 uses a technology such as SSL (Secure Sockets Layer) as a communication path as necessary. Is encrypted.

The business entity server 3 provides the user with various network services such as transmission of program reservation table data and recording reservation by remote operation with a mobile phone after the user is officially registered.
Further, when performing network service, if user authentication is required, user authentication is performed using user authentication information stored in the customer database 6, and if device authentication is required, device authentication stored in the customer database 6 is performed. Device authentication is performed using.
In addition, when information that requires confidentiality such as a passphrase is required for device authentication, such information is added to the customer database 6 by a method of maintaining confidentiality.

The user terminal 5 is configured by a terminal device such as a personal computer configured to be connectable to a network, for example.
It is also possible to use a mobile terminal such as a mobile phone or a PDA (Personal Digital Assistant).
Further, the business entity server 3 may be accessed using a CE device purchased by the user or a CE device already owned by the user.

The user terminal 5 includes a main body device having a communication function and an arithmetic function, a display device for displaying character information and image information, an input device configured with a keyboard and a mouse for inputting character information and other information, and the like. ing.
The user terminal 5 includes a browser, and by specifying a predetermined URL (Uniform Resource Locators) on the browser, the user terminal 5 is connected to the site on the network specified by the URL and accessed. Can do.

The user can access his / her e-mail account established in a predetermined e-mail server (not shown) from the user terminal 5 and receive e-mail transmitted to him / her.
Thereby, the user can receive the electronic mail from the business entity server 3, and can recognize the information transmitted by the business entity server 3 such as the key 2 set in the user.

Also, the user can access the user registration site of the business entity server 3 by inputting the URL of the user registration site established by the business entity server 3 on the browser.
Then, the key 1 and the key 2 are transmitted from the user terminal 5 to the user registration site, and the business server 3 confirms the identity of the user, and then the user ID and password convenient for the user are transmitted to the user registration site for registration. can do. At this time, a PW reminder can also be set.

FIG. 2 is a diagram showing a logical configuration of a certain user's registration area secured in the customer database 6. From FIG. 2 (a) to FIG. 2 (c), the user is temporarily registered after being temporarily registered. It represents the transition of data until it is done.
As shown in FIG. 2A, each registration area for user registration has a logical configuration such as an ID / password area 6a, a user information area 6b, a reminder area 6c, a device information area 6d, and a code information area 6e. Contains elements.

FIG. 2A shows a temporary registration state immediately after the operator inputs user information, device information, and key 1, and no information is stored in the ID / password area 6a and the reminder area. In the user information area 6b and the device information area 6d, user information and device information described in the application form are stored, respectively.
In the code information area 6e, the key 1 described in the application form is stored, but the key 2 is not yet stored.

FIG. 2B shows the state of the registration area of the user after the business entity server 3 issues the key 2.
In the code information area 6e, the key 2 is stored in association with the key 1. For this reason, when a combination of key 1 and key 2 is received from the user, the combination of these code information is searched and checked in the code information area 6e set for the temporarily registered user, so that the user While confirming that the user is valid, the user can be specified.

FIG. 2C shows the state of the registration area of the user after the user has set the user ID, password, and PW reminder.
As shown in the figure, the ID / password area 6a stores the user ID and password set by the user, and the reminder area 6c stores the PW reminder set by the user.

  The PW reminder, for example, “What is your favorite movie title?” Or “What is your pet's name?” And other questions prepared by the service provider 4, for example, “ It is composed of a combination of answers set by the user such as “2000 Space Travel” or “Taro”, and the reminder area 6c stores information for identifying the question and the answer set by the user for this question. Yes.

Usually, a plurality of PW reminder questions are prepared and can be arbitrarily selected by the user.
Note that the PW reminder is auxiliary information for specifying the user when the user forgets the password, but as described later, in this embodiment, the PW reminder is used by using the code information and the user information. It is also possible to specify a user without using a reminder. In this case, it is not necessary to register a PW reminder.

FIG. 3 is a flowchart for explaining a procedure from when a user purchases a CE device to when the user is formally registered.
In the following procedure, information processing performed by the user terminal 5 and the business entity server 3 is performed by a CPU (Central Processing Unit) provided in the user terminal 5 and the business entity server 3 according to a predetermined program.
In this embodiment, the PW reminder is also registered as an example, and when the user forgets the password, the PW reminder can be used to confirm the identity of the user. However, as will be described later, the authentication information registration system 1 Then, it is possible to identify the user without using a PW reminder.

First, at the retail store 7, when a user purchases a CE device, a required item is filled in the application form, and a copy of the application form is given to the user. Thereby, key 1 can be set and notified to the user (step 70). This step is performed by the person in charge at the retail store 7.
Next, the person in charge at the retail store 7 faxes the information described on the base paper of the application form to the service provider 4. Thereby, temporary registration information (user information, device information) and the key 1 are transmitted to the service providing entity 4 (step 75).

In the service providing entity 4, the operator receives the information transmitted by fax, and inputs the provisional registration information and the key 1 described in this information to the entity server 3.
Thereby, the business entity server 3 stores the temporary registration information and the key 1 in the customer database 6 (step 30).
Next, the business entity server 3 issues a key 2 to this user and stores it in the customer database 6 in association with the key 1 (step 35).
Next, the business entity server 3 generates an e-mail describing the key 2 and transmits it to the e-mail address of the user included in the temporary registration information (step 40).

The user terminal 5 receives this electronic mail by the user's electronic mail receiving operation, and the contents described in the electronic mail are displayed on the display device of the user terminal 5.
Thereby, the user terminal 5 receives the key 2 transmitted by the business entity server 3 (step 5).
The user accesses a user registration site established by the business entity server 3 using a browser or the like (step 10).

FIG. 4 is a diagram showing an example of the display contents of the e-mail displayed on the display device of the user terminal 5.
In the e-mail 10, key 2 is displayed in the key display area 11, and “Please enter key 2 and key 1 printed on the subscription registration application form at the next user registration site”, etc. A display for instructing transmission of the keys 1 and 2 is made, and the URL of the user registration site is displayed in the URL display area 12.

The user can know the key 2 issued to the user from the display of the key display area 11.
When the URL displayed in the URL display area 12 is selected by clicking with a mouse, the URL is input to the URL field of the browser, and the user terminal 5 automatically enters the user registration site established in the business entity server 3. Connected.

As will be described later, in the present embodiment, the user himself / herself inputs the key 1 and the key 2 on the identity confirmation screen and transmits them to the business entity server 3, but the user sets the URL of the URL display area 12. The key 2 can be automatically transmitted to the business entity server 3 when selected.
In this case, the information input by the user is the key 1, and the burden on the user can be reduced.

  In the present embodiment, the user terminal 5 receives the e-mail from the business entity server 3, and the user terminal 5 accesses the user registration site of the business entity server 3. However, the present invention is not limited to this. The user terminal that receives the e-mail and the user terminal that accesses the user registration site may be different.

  For example, a mobile terminal such as a mobile phone having an e-mail transmission / reception function or other user terminal receives the e-mail and accesses a user registration site from another user terminal using a URL described in the e-mail. Or, after the user receives the e-mail at one user terminal, transfers the e-mail to another user terminal, and selects the URL in the URL display column 12 at the other terminal of the transfer destination. Can do.

Returning to the flowchart of FIG. 3, when the user inputs the URL of the user registration site and connects the user terminal 5 to the business entity server 3, the business entity server 3 receives access from the user terminal 5 to the user registration site. The personal identification screen data is transmitted to 5 (step 45).
The user terminal 5 receives the personal identification screen data transmitted from the business entity server 3, and the browser interprets this and displays the personal identification screen on the display device.

  Returning to the flowchart of FIG. 3, when the user selects a URL displayed in the URL display field 12, the browser on the user terminal 5 uses the URL to register the user terminal 5 on the business entity server 3. (Step 10).

Upon receiving access to the user registration site from the user terminal 5, the business entity server 3 transmits the personal identification screen data to the user terminal 5 (step 45).
The user terminal 5 receives the personal identification screen data transmitted from the business entity server 3, and the browser interprets this and displays the personal identification screen on the display device.

FIG. 5 is a diagram showing an example of the identity confirmation screen displayed on the display device of the user terminal 5.
On the identity verification screen 15, “Perform identity verification. Enter key 1 and key 2 in the following blanks and click the send button.” A display to transmit the key 1 and the key 2 is performed, and a key 1 input field 16, a key 2 input field 17, a transmission button 18, and a cancel button 19 are displayed.

The user inputs key 1 in the key 1 input field 16 and inputs key 2 in the key 2 input field 17 using an input device such as a keyboard.
Thereafter, when the transmission button 18 is selected by clicking with a mouse operation or the like, the user terminal 5 transmits the key 1 and the key 2 input by the user to the business entity server 3.
When the cancel button 19 is selected, the key 1 and key 2 input by the user are canceled, and the user inputs the key 1 and key 2 again.

Returning to the flowchart of FIG. 3, when the user inputs the keys 1 and 2 on the identity confirmation screen 15 and selects the transmission button 18, the user terminal 5 receives the key 1 and the key input by the user to the business entity server 3. Key 2 is transmitted (step 15).
The business entity server 3 receives the key 1 and the key 2 from the user terminal 5 and authenticates the code information (step 50).

In the authentication of the code information, the combination of the key 1 and the key 2 received from the user terminal 5 is referred to the combination of the key 1 and the key 2 stored in the code information area 6e of the customer database 6, and whether or not there is the same one. It is done by judging.
If there is the same thing, the registration area set for the user can be specified. Thereby, the business entity server 3 can specify the user who has accessed from the user terminal 5.
If there is no same thing, the business entity server 3 transmits an error message to the user terminal 5.

After identifying the user from the code information, the business entity server 3 transmits user authentication information input screen data to the user terminal 5 (step 55).
The user terminal 5 receives the user authentication information input screen data transmitted from the business entity server 3, and the browser interprets the data and displays the user authentication information input screen on the display device.

FIG. 6 is a diagram illustrating an example of a user authentication information input screen displayed on the display device of the user terminal 5.
The user authentication information input screen 21 has a user ID input field 22, a password input field 23, a secret question selection field 24, an answer input field, along with an instruction such as “Enter user authentication information and click the send button”. 25, a send button 26, a cancel button 27, and the like are displayed.

The user ID column 22 is a column for inputting a user ID, and can be arbitrarily set by the user.
The characters that can be used as the user ID are, for example, alphanumeric characters and are input so as to have a predetermined number of digits determined by the business entity server 3.
Since the user can set a user ID that is convenient to him / her, for example, his / her name can be used to set a user ID that is easy to remember, and troubles such as forgetting the user ID can be reduced. it can.

The password input field 23 is a field for inputting a password, and can be arbitrarily set by the user.
The characters that can be used as the password are, for example, alphanumeric characters and are input so as to have a predetermined number of digits determined by the business entity server 3.
The entered characters are displayed in a predetermined notation such as “*” in the password entry field 23, and even if a third party sees this while the user is entering the user authentication information entry screen 21, The password entered by the user is not known.

The secret question selection column 24 is a column for selecting a secret question used in the PW reminder.
There is a question list button at the right end of the secret question selection field 24. When this is selected by clicking with the mouse, for example, several secret questions are displayed, and the user can select one of them. ing.
The secret question is, for example, "What is your favorite movie title?", "What is your pet's name?" Or "What is your mother's maiden name?" It consists of a group of questions for drawing out.

The answer input column 25 is a column in which the user inputs an answer to the question selected in the secret question selection column 24.
For example, when the selected secret question is “What is your pet's name?”, An answer such as “Taro” is entered in the answer input field 25.

Here, the combination of the secret question selected by the user and the answer entered for this is that if the user forgets the password, user ID, etc., the business entity server 3 selects the user instead of the password, user ID, etc. It is used for confirmation.
For example, it is assumed that a user connects a CE device to the business entity server 3 in order to use a net service provided by the business entity server 3, and the business entity server 3 requests the user to transmit a password.

When the user cannot remember the password in response to this request, the business entity server 3 presents a secret question set by the user and requests the user to send an answer to the secret question.
Then, the business entity server 3 collates the answer sent by the user with the answer set by the user on the user authentication information input screen 21, and authenticates the user if they match, and performs authentication if they do not match. Absent.

When the user completes the input in each of the above fields and selects the transmission button 26 by clicking on the transmission button 26, the business entity server 3 selects the user ID, password, information specifying the secret question set by the user, and the secret The answer is transmitted to the business entity server 3.
Since these pieces of information require confidentiality, they are transmitted without being decrypted by a third party using an encryption technique such as SSL.
When the user clicks the cancel button 27 to select the information, the information input by the user in each column is canceled, and the user authentication information input screen 21 returns to the initial state.

Returning to the flowchart of FIG. 3, when the user selects the send button 26 on the user authentication information input screen 21, the user terminal 5 sends the user authentication information (user ID, password, secret identification information, The answer to the secret question is encrypted and transmitted (step 20).
The business entity server 3 receives the user authentication information from the business entity server 3, decrypts it, stores it in the customer database 6, and officially registers the user (step 60).
More specifically, information for storing the user ID and password set by the user in the ID / password area 6a (FIG. 2) of the registered area of the user and specifying the secret question selected by the user in the reminder area 6c; Remember the answer.

In addition, it can also comprise so that it can confirm that the user terminal 5 which issued session ID etc. and the user transmitted code | symbol information and the user terminal 5 which transmitted user authentication information are the same terminal devices.
Through the above processing, the business entity server 3 can register user authentication information and device information via the network.
Since the keys 1 and 2 stored in the code information area 6e are not necessary after registration, they are deleted. Or you may comprise so that it may reuse, when erasing a user, without deleting.

Next, the case where the password and user ID once set by the user using the authentication information registration system 1 are initialized will be described.
FIG. 7 is a block diagram for explaining a procedure for initializing a password and a user ID using the authentication information registration system 1. This process is mainly intended to initialize a password.
The procedure will be described below in correspondence with the numbers in the figure.

(1) Transmission of user identification information First, the user accesses the password initialization application site of the business entity server 3 from the user terminal 5 via the network.
This access can be performed by inputting the URL of the password initialization application site on the browser of the user terminal 5.
A CE device that has already been provided with a network service from the business entity server 3 can also be used as the user terminal 5.

Next, when the user forgets the password, the user transmits a user ID. When the user forgets the user ID, the user transmits the password to the business entity server 3.
On the other hand, the business entity server 3 transmits a secret question associated with the customer database 6 to the user terminal 5 with respect to the transmitted user ID or password, and the user answers Is transmitted to the business entity server 3.
The business entity server 3 uses the customer database 6 to determine the identity of the answer stored in the reminder area 6c, thereby confirming that the user is the person.

In the above example, at least one of the user ID and password and the PW reminder are used as the user identification information, but this is an example, and what information is used to confirm the user is a service provision Determined by the policy of business entity 4.
For example, the user may be confirmed using only the PW reminder, or the user information such as the PW reminder and the address may be combined.

(2) Display of Key 1 The business entity server 3 specifies the user who has accessed the password initialization application site, and after confirming that the user is the person, generates the key 1 and the key 2.
The configuration of the code information is the same as the code information used at the time of user registration, and is composed of, for example, a 12-digit character string.
The business entity server 3 stores a combination of the key 1 and the key 2.

Of these pieces of code information, the business entity server 3 transmits the key 1 to the user terminal 5 and displays the key 1 on the browser of the user terminal 5.
As a result, the user can know the key 1 and record it in the form of a note.

(3) Transmission of Key 2 Next, the business entity server 3 transmits an e-mail describing the key 2 to the e-mail address registered as a user for this user.
The user can know the key 2 by receiving and viewing this electronic mail.

Thus, since the key 1 is displayed on the browser while the key 2 is transmitted by e-mail, the code information is notified to the user by another transmission means and another transmission timing.
For this reason, it is difficult for a third party to obtain both the key 1 and the key 2, and the security level can be increased.
Even if a third party impersonates a user and applies for password initialization, the e-mail generated by the business entity server 3 is sent to a legitimate user, so the key 2 is passed to the third party. There is nothing.

(4) Transmission of key 1 and key 2 Next, the user accesses the password initialization site established by the business entity server 3, and transmits the key 1 and key 2 acquired by another means.
The business entity server 3 receives the code information and collates it with the combination of the key 1 and the key 2 stored in advance, thereby confirming that this user is the principal.

(5) Password initialization After the business entity server 3 confirms that the user is the user, the user transmits his / her convenient password and user ID from the user terminal 5 to the business entity server 3.
The business entity server 3 receives this, discards the password and user ID previously set for the user, and stores and registers the new password and user ID.
As a result, the password and user ID can be reissued, and the previously stored password and user ID can be replaced with the reissued password and user ID.

In this way, if any one of the password and the user ID is remembered, these can be initialized.
The password initialization is not limited to the case where the password is forgotten, but can be used by the user to initialize the password in order to increase security.

FIG. 8 is a flowchart for explaining a procedure for initializing a password using the authentication information registration system 1.
In this embodiment, a PW reminder is used as a means for confirming the user. However, as will be described later, for example, the user's address or other personal information is used to confirm that the user is the person himself / herself. It is also possible. In this case, it is not necessary to use a PW reminder.

First, the user inputs the URL of the password initialization application site in the browser of the user terminal 5, and connects the user terminal 5 to the business entity server 3 (step 100).
Then, the business entity server 3 transmits password initialization application screen data to the user terminal 5 (step 140).

The user terminal 5 receives the password initialization application screen data, and the browser interprets the data and displays the password initialization application screen on the display device of the user terminal 5.
On the password initialization application screen, either one of the user ID and the password can be input, and the user inputs one of the user authentication information that is remembered. Here, it is assumed that the password has been forgotten, and the user inputs the user ID and transmits it to the business entity server 3 (step 105).

The business entity server 3 receives the user ID transmitted from the user terminal 5 and searches the customer database 6 to identify the user. And the secret question set with respect to this user is acquired. Then, using this, reminder screen data is generated and transmitted to the user terminal 5 (step 143).
In the user terminal 5, the browser interprets the reminder screen data transmitted from the business entity server 3, and displays the reminder screen on the display device.

The reminder screen includes a field for inputting a secret question set by the user and an answer to the question, and the user inputs an answer to the question and transmits it to the business entity server 3 (step 108). ).
The business entity server 3 receives the answer to the secret question from the user terminal 5 and confirms that the user matches the answer stored in the customer database 6, thereby confirming that the user is the person ( Step 145).

After confirming that the user is the user, the business entity server 3 issues a key 1 and a key 2 and stores them in association with the user (step 150).
Next, the business entity server 3 generates key 1 display screen data using the issued key 1 and transmits it to the user terminal 5 (step 155).

The user terminal 5 receives the key 1 display screen data, and the browser interprets it and displays the key 1 display screen on the display device (step 110).
The user records the key 1 displayed on the key 1 display screen. After that, until the key 2 is transmitted from the business entity server 3, the user terminal 5 and the business entity server 3 may be temporarily disconnected and waited, or the connection with the business entity server 3 is maintained. May be.

After transmitting the key 1 display screen data to the user terminal 5, the business entity server 3 generates an e-mail describing the key 2 (step 160) and sends it to an e-mail address registered in advance by the user. Is transmitted (step 165).
The user can know the key 2 by receiving the key 2 by electronic mail at the user terminal 5 and browsing it (step 115).

After acquiring the key 1 and the key 2 in this way, the user accesses the password initialization site of the business entity server 3 (step 120). This can be done, for example, by inputting the URL of the password initialization site into the browser.
Upon receiving access to the password initialization site, the business entity server 3 transmits code information input screen data to the user terminal 5 (step 170).

The user terminal 5 receives this code information input screen data, and the browser interprets this and displays the code information input screen on the display device.
In the code information input screen, fields for inputting the keys 1 and 2 are provided, and the user inputs the keys 1 and 2 notified from the business entity server 3 into these business fields to the business entity server 3. Transmit (step 125).

The business entity server 3 verifies the code information by collating the set of the key 1 and the key 2 transmitted from the user terminal 5 with the set of the key 1 and the key 2 previously stored in step 150. Perform (step 175).
As a result of this authentication, it is understood that the user who has transmitted the key 1 and the key 2 is the user who answered the secret question, that is, the user confirmed in step 145.

After authenticating the code information, the business entity server 3 transmits password initialization screen data to the user terminal 5 (step 180).
The user terminal 5 receives this password initialization screen data, and the browser interprets this and displays the password initialization screen on the display device.
The password initialization screen has a password entry field for entering a new password, and the user enters his / her convenient password in this password entry field and transmits it to the business entity server 3 from the user terminal 5. (Step 130).

The business entity server 3 receives the new password from the user terminal 5, replaces the password of the user recorded in the customer database 6 with the new password, and registers it (step 185).
At this time, the old password is discarded to increase the security level.
At this time, a user ID can also be newly set. In this case, the business entity server 3 discards the old user ID and stores the new user ID in the customer database 6.
That is, the previously stored user authentication information is replaced with the reissued user authentication information.

It is also possible to confirm the user without using the PW reminder.
In this case, at least one of the user ID and password that the user remembers and at least one of user personal information such as an address, a telephone number, and a credit card number is transmitted to the business entity server 3 in step 105. The business server 3 can check this with the information stored in the customer database 6.
As described above, when the user information is used to confirm the identity, the PW reminder is unnecessary, and steps 143 and 108 can be omitted.
In addition, although the security level is lowered, it can be configured to perform user identity verification using only user information.

FIG. 9 is a diagram illustrating an example of a hardware configuration of the business entity server 3 according to the present embodiment.
In the present embodiment, the hardware configuration of the user terminal 5 is basically the same as this.

A CPU 121, a ROM (Read Only Memory) 122, and a RAM (Random Access Memory) 123 are connected by a bus 124.
The CPU 121 is a central processing unit that executes various processes in accordance with programs stored in the ROM 122 and programs loaded from the storage unit 128 to the RAM 123.

  In the present embodiment, the CPU 121 operates according to a predetermined computer program, accepts input of temporary registration information from an operator and registers it in the customer database 6, issues a key 2 to the temporarily registered user, User registration processing such as confirming a user using the key 1 and key 2 transmitted from the user terminal 5 or receiving user authentication information transmitted from the confirmed user and registering it in the customer database 6 I do.

  For users who wish to initialize passwords, key 1 and key 2 are issued and key 1 is sent for display on the browser, while key 2 generates and sends an email. The code information is authenticated using the combination of the key 1 and the key 2 transmitted from the user, and the password of the authenticated user is initialized.

The ROM 122 is stored with basic programs and parameters necessary for causing the business entity server 3 to function.
The RAM 123 provides a working area necessary for the CPU 121 to execute various processes such as temporary registration information input processing, code information authentication processing, and user authentication information registration processing.

The CPU 121, ROM 122, and RAM 123 are also connected to the input / output interface 125 via the bus 124.
An input unit 126, an output unit 127, a storage unit 128, a communication unit 129, a drive 130, and the like are connected to the input / output interface 125, and these components can transmit and receive signals to and from the CPU 121.
The input unit 126 includes input devices such as a keyboard and a mouse, for example, and an operator can input temporary registration information of the user using these input devices.

The output unit 127 includes a display device such as a CRT (Cathode-Ray Tube), an LCD (Liquid Crystal Display), a plasma display, an audio output device such as a speaker, and an output device such as a printer device.
The display device displays an input screen for inputting user temporary registration information, and the operator can input information transmitted from the retail store 7 by fax to this input screen.

  The storage unit 128 is configured by a large-capacity storage device such as a hard disk or a semiconductor memory, for example, and stores various programs to be executed by the CPU 121 and data of the customer database 6, and these programs are necessary. Accordingly, it is read and executed by the CPU 121.

Examples of the program stored in the storage unit 128 include an authentication information registration program for performing various processes from provisional registration to formal registration of a user, and a password initialization program for the user to initialize a password. An OS for realizing basic functions such as communication programs for establishing and maintaining communication with the user terminal 5, file input / output, and control of each component of the business entity server 3 (Operating System) and the like are stored.
In addition, a service program for providing a network service after registering a user is also stored.

The communication unit 129 includes a communication device such as a modem and a terminal adapter, and performs communication with the user terminal 5 and CE devices registered by the user.
The CPU 121 can accept access from the user terminal 5 via the communication unit 129.
A storage medium such as a magnetic disk, an optical disk, a magneto-optical disk, or a memory card is appropriately attached to the drive 130. The drive 130 drives these storage media and reads / writes data from / to them.

  If the above configuration is that of the user terminal 5, the storage unit 128 interprets a communication program for communicating with the business entity server 3 and various screen data transmitted from the business entity server 3. A browser program, an e-mail transmission / reception program, an OS, and the like displayed on the display device are stored.

  As described above, in the present embodiment, a key 1 can be issued to accept a user registration proxy service or a password initialization service. At that time, a key of a character string different from that of the key 1 is used. Number two. Furthermore, information that associates the key 1 and the key 2 with the temporarily registered user or the user who applied for password initialization is created on the customer database 6.

  In addition to notifying the user that the proxy service has been completed, or after notifying the user, and after accepting the password initialization application, a means different from the previous proxy service acceptance notification means or password initialization application acceptance means. The key 2 associated with the user information is notified to the user.

  The user who has received the notification of the completion of the proxy service and the key 2 accesses the entity server 3 via the network, and inputs the key 1 and the key 2 on the Web screen. Alternatively, the user who applied for password initialization can be specified, and user authentication information such as user ID and password, which are important information for the user, can be set on the screen by the user himself / herself.

The following effects can be obtained by the registration method using the authentication information registration system 1 described above.
(1) Since it is not necessary to notify the user by user of the user ID, password, or initialized password set for the user by the service substituting service, the operation cost is reduced.

(2) When the user ID or password is notified to the user by mail, it takes about 2 to 3 days until they are delivered to the user, and during that time the network service could not be received, the authentication information registration system 1 When a user purchases a CE device, the user can register for a short period of time (for example, on the day of purchase) and use a net service.

(3) When the user needs a user ID and password when using a service that requires a user ID and password, the user can set the ID and password by using the key 1 and the key 2 by himself / herself. Therefore, the possibility of forgetting the user ID and password is lower than when receiving a user ID and password set in advance on the third party (for example, service provider) side.

(4) Even in a registration form in which an operator performs a proxy service on the service providing entity 4 side, the user can set his / her user ID and password.
(5) In order to perform identity verification information for confirming the identity with the key 1 and the key 2 which are two code information, and further notify the user of the key 1 and the key 2 at different transmission means and at different transmission timings. It is very difficult for a third party to acquire both pieces of code information. Therefore, it is possible to maintain a high security level against impersonation of the user.

(6) The authentication information registration system 1 can perform identity verification without using a PW reminder. This eliminates the need for setting a PW reminder, reduces user input items during registration, and can be expected to reduce user convenience and the capacity of the customer database 6 on the service provider 4 side.
(7) When performing identity verification without using a PW reminder, the user does not need to remember the PW reminder during the password initialization procedure, and the burden on the user is reduced. Further, it is not necessary to respond to an inquiry from a user who has forgotten the PW reminder, thereby reducing the cost of the user window.

The present embodiment described above is an example, and various modifications can be made.
For example, in the authentication information registration system 1, the key 2 is notified to the user by e-mail both when a new user is registered and when the password is initialized. As long as the user can be notified at least one of different transmission timings.

Therefore, for example, when applying for a credit card, when a member ID and password are issued to a member of the credit card, the key 2 can be enclosed and sent to the user. In this case, the business entity server 3 prints out the key 2 and the operator encloses it.
In addition, when the user uses the CE device warranty extension service, the extended warranty card may be mailed to the user. In this case, the user can be notified of the key 2 by enclosing the key 2 in these mailings.

  In this case, even if the shipment is delivered to a third party, the key 1 is delivered to the user at another timing (at the time of application), so the third party cannot obtain the key 1 and It cannot be impersonated. Therefore, the security level is kept high. Further, since a new mail is not made to notify the key 2, the operation cost is not increased.

In this embodiment, the key 1 and the key 2 are used as the code information. However, more code information keys 3, keys 4,... Can be combined. The more code information that is combined, the higher the security level of the system.
Further, there may be a time limit from when the key 2 is transmitted to the user until the user receives access, and when the user transmits the key 1 and the key 2 within the time limit, the time may be accepted. it can. This further increases the security level.

In the present embodiment, the user sets the user ID and password and transmits the user ID and password to the business entity server 3, but in addition to this, the business entity server 3 generates the user ID and password to generate the user terminal 5 The user authentication information set by the business entity server 3 can be presented to the user.
In this case, the business entity server 3 transmits user authentication information issuing means for issuing user authentication information and the issued user authentication information to the user (for example, a screen for displaying the user authentication information issued to the user terminal 5) User authentication information transmitting means for transmitting data) is provided.

(Modification of the embodiment)
Next, a case where CE devices are sold at a net shop established on the network will be described.
FIG. 10 is a block diagram conceptually showing the system configuration of the authentication information registration system 1a according to this modification.
In addition, the same code | symbol is attached | subjected to the component corresponding to this Embodiment demonstrated previously, and the overlapping description is abbreviate | omitted.
The authentication information registration system 1a includes a business server 3 and a user terminal 5, as well as a net shop server 7a and a shipping point server 8.
The net shop server 7a constitutes an authentication information registration mediation server that mediates registration of user authentication information by the business entity server 3.

The net shop server 7a is a server device that establishes a sales site on the network.
This sales site sells CE equipment that is the target of a net service provided by a service providing entity 4 (an entity operating the entity server 3) (not shown) on the network.

The user can access the sales site from the user terminal 5 and other terminal devices, and can browse the CE device being sold.
Further, the sales site has an application page for placing an order when there is a CE device to be purchased. The user inputs user information such as name and address on this application page, and the net shop server. To 7a.

Thereby, the net shop server 7a can acquire the model number (corresponding to the product specifying information) and the number of purchased CE devices that the user desires to purchase, the user information input by the user, and the like. As described above, the net shop server 7a includes product specifying information receiving means for receiving the product specifying information.
On the application page, you can also specify other information such as specifying the payment method.

The net shop server 7a is arranged so as to be connectable to the business entity server 3 and the shipping point server 8 via the network, and when the CE device is ordered from the user, the user specifies the CE device that the user desires to purchase. The model number and information input by the user on the application page are transmitted to the business entity server 3 as temporary registration information and the key 1 is requested to be issued.
The business entity server 3 receives the provisional registration information from the net shop server 7a and stores it in the customer database 6, and issues the key 1 and key 2 and transmits the key 1 to the net shop server 7a.

The issued key 1 and key 2 are stored in the registration area of the user.
As described above, the business entity server 3 includes first code information issuing means for issuing the key 1 in response to a request from the net shop server 7a. The issued key 1 is to be displayed on the user terminal 5 via the net shop server 7a. Therefore, the function of transmitting the key 1 to the net shop server 7a is the first code information notification means. Is configured.
Further, the key 1 is stored in the registration area. For this reason, the business entity server 3 includes first code information acquisition means for acquiring the issued key 1.

The net shop server 7a receives the key 1 from the business entity server 3 and transmits it to the user terminal 5, and the user records this.
In this manner, when there is an order for a CE device from the user, the net shop server 7a can receive the key 1 for the CE device from the business entity server 3 and notify the user.

Further, by requesting the numbering of the key 1 and receiving it from the business server 3, the net shop server 7a can share the key 1 with the business server 3, and thus the net shop server 7a. Includes first code information sharing means.
Furthermore, the net shop server 7a includes first code information notification means for transmitting the key 1 shared with the business entity server 3 to the user terminal 5 and notifying the user.

  Further, the net shop server 7a transmits the shipping information to the shipping site server 8 to request the shipping of the CE device, and the device information set for the CE device related to the shipping is transmitted from the shipping site server 8. . The shipping information includes information such as the model number, number, and delivery destination of the CE device. As described above, the net shop server 7 a includes product specifying information transmitting means for transmitting the product specifying information to the shipping place server 8.

This process on the shipping site server 8 side may be performed automatically, or may be performed by an operator.
When the operator performs, it is also possible to install a fax machine instead of the shipping site server 8 and transmit the shipping information from the net shop server 7a to the fax machine.

The net shop server 7a transfers the device information of the CE device related to the shipment from the shipping point server 8 to the business entity server 3 together with information for identifying the user.
Then, the business entity server 3 stores the device information in the registration area of the user who has temporarily provisionally registered.
Thereby, the business entity server 3 can store user information, device information, and code information in the customer database 6.

The subsequent procedure is the same as that in the embodiment described above, and the business entity server 3 notifies the user of the key 2 by e-mail, and the user transmits the key 1 and the key 2 to the business entity server 3. To be verified. Then, after the business entity server 3 confirms the identity, the user transmits the user ID, password, and PW reminder set by the user to the business entity server 3, and the business entity server 3 stores them.
The CE device is shipped to the user from the shipping point server 8, but it is possible to complete the setting of the user authentication information before the CE device arrives at the user.

FIG. 11 is a flowchart for explaining a procedure from when a user purchases a CE device to when the user is officially registered in this modification.
Moreover, the same step number is attached | subjected to the step similar to this Embodiment (FIG. 3) demonstrated previously, and description is abbreviate | omitted.

First, the user connects the user terminal 5 to a sales site established by the net shop server 7a, and applies for purchase of a CE device (step 200).
To apply for purchase, enter user information such as name, address, telephone number, e-mail address, credit card number, the model number of the CE device to be ordered, the number of orders, and other necessary information on the application form provided by the sales site. And by transmitting to the net shop server 7a.

The net shop server 7a transmits these pieces of information received from the user terminal 5 to the business server 3 as temporary registration information, and transmits a request to issue the key 1 to notify the user to the business server 3 (step 270). ).
The business entity server 3 secures a registration area for the user in the customer database 6, stores the temporary registration information received from the net shop server 7a in the registration area, and gives the key 1 and key 2 to the user. Numbers are issued and stored in this registration area (step 230).

Next, the business entity server 3 transmits the issued key 1 to the net shop server 7a (step 235).
The net shop server 7a receives the key 1 from the business entity server 3, generates key 1 display screen data, and transmits it to the user terminal 5 (step 275).
The user terminal 5 receives the key 1 display screen data from the net shop server 7a, and the browser interprets this and displays the key 1 display screen on the display device of the user terminal 5 (step 205).

The user records key 1 displayed on the key 1 display screen.
In the above processing, the business entity server 3 has issued the key 1, but this is not restrictive, and the user is requested to set the key 1, and this is transmitted to the business entity server 3 for registration. It is also possible.

In this case, a field for setting the key 1 by the user is provided in the application form provided by the net shop server 7a, and the key 1 set by the user together with other information is transmitted to the net shop server 7a.
Then, the net shop server 7a transfers the key 1 received from the user terminal 5 to the business entity server 3, and the business entity server 3 stores this in the registration area of the user.

Returning to the flowchart of FIG. 11, the net shop server 7 a transmits the key 1 display screen data to the user terminal 5, and then transmits the shipping information to the shipping site server 8. Receive (step 280).
More specifically, the net shop server 7a generates shipping information including the model number and the number of CE devices to be shipped using the temporary registration information received from the net shop server 7a, the delivery destination of the user, and the like. To the site server 8.
In response to this, the shipping point server 8 specifies the device information of the CE device to be sent to the user and transmits it to the net shop server 7a.

Upon receiving the device information of the CE device sent to the user in this way, the business entity server 3 transmits this information to the business entity server 3 together with information for specifying the user (step 285).
The net shop server 7a specifies a user from the information received from the net shop server 7a, and records the device information received from the net shop server 7a in the registration area of the user.

By the above procedure, the business entity server 3 can store the user information, device information, and code information of the user in the registration area.
Since the following processing procedure is the same as that of the previously described embodiment, the description thereof is omitted.
That is, the business entity server 3 transmits the key 2 to the user by e-mail. Then, identification is performed by receiving a key 1 and key 2 pair from the user and collating them, and the user ID, password, and PW reminder set by the user are stored in the registration area of the user.
In addition, passwords can be initialized for CE devices sold by the net shop server 7a in the same manner as in the above-described embodiment.

In the present embodiment described above, the following effects can be obtained.
(1) Key 1 and key 2 can be issued to CE devices sold at a sales site established on a network such as the Internet, and the key 1 can be notified to the user.
(2) The device information of the CE device that the shipping point server 8 sends to the user can be managed in the business entity server 3 in association with the user.
(3) The user terminal 5 can make a purchase application for the CE device via the network and can quickly set the authentication information, and the user can use the network service simultaneously with the arrival of the CE device.

It is a figure for demonstrating an example of a structure of the authentication information registration system of this Embodiment. It is the figure which showed the logical structure of the registration area of a certain user ensured in the customer database. It is a flowchart for demonstrating the procedure after a user purchases CE apparatus until it officially registers as a user. It is the figure which showed an example of the display content of the email displayed on the user terminal. It is the figure which showed an example of the personal identification screen displayed on the user terminal. It is the figure which showed an example of the user authentication information input screen displayed on the user terminal. It is a block diagram for demonstrating the procedure which initializes a password. It is a flowchart for demonstrating the procedure which initializes a password. It is the figure which showed an example of the hardware-like structure of the business entity server which concerns on this Embodiment. It is a block diagram which expressed notionally the system configuration of the authentication information registration system concerning this modification. In this modification, it is a flowchart for demonstrating the procedure after a user purchases CE apparatus until it officially registers as a user. It is a figure for demonstrating a prior art example.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Authentication information registration system 3 Business entity server 5 User terminal 6 Customer database 7 Retail store 7a Net shop server 8 Shipping place server

Claims (40)

First code information acquisition means for acquiring first code information set by a user;
Second code information transmitting means for transmitting second code information corresponding to the acquired first code information to the user;
Code information receiving means for receiving a set of the first code information and the second code information from a user terminal;
The acquired first code information and the second code information transmitted corresponding to the first code information are collated with the set of the received first code information and second code information. User confirmation means for confirming the user;
User authentication information acquisition means for acquiring user authentication information of the confirmed user;
An authentication information registration server characterized by comprising: User information acquisition means for acquiring user information associated with the first code information;
Storage means for storing the received user authentication information and the acquired user information in a storage device in association with each other;
The authentication information registration server according to claim 1, further comprising:   The authentication information registration server according to claim 1, wherein the first code information is set by a user. First code information issuing means for issuing first code information to the user;
First code information notification means for notifying the user of the issued first code information;
Comprising
The authentication information registration server according to claim 1, wherein the first code information acquisition unit acquires the first code information issued by the first code information issue unit.   The second code information transmission means transmits the second code information to the user via a different transmission means from that used to notify the user of the first code information. The authentication information registration server according to claim 1.   2. The authentication according to claim 1, wherein the second code information transmission unit transmits the second code information at a timing different from a timing at which the first code information is notified to the user. Information registration server.   The authentication information registration server according to claim 1, wherein the user authentication information acquisition unit acquires the user authentication information by receiving user authentication information set by the user and transmitted from a user terminal. User authentication information issuing means for issuing user authentication information;
User authentication information transmitting means for transmitting the issued user authentication information to the user;
Comprising
The authentication information registration server according to claim 1, wherein the user authentication information acquisition unit acquires the issued user authentication information.   When the user authentication information acquired by the user authentication information acquisition means is reissued to the user, the previously acquired user authentication information is replaced with the reissued user authentication information. Item 4. The authentication information registration server according to Item 1. An authentication information registration mediation server that accepts a purchase application for a product that is a target of user authentication information registration from a user and mediates registration of user authentication information in the authentication information registration server according to claim 1,
Product specifying information receiving means for receiving product specifying information for specifying a product that the user desires to purchase from the user terminal;
First code information sharing means for sharing the first code information with the authentication information registration server in correspondence with the received product identification information;
First code information notification means for notifying the user of the shared first code information;
Product identification information transmitting means for transmitting the received product identification information to a shipping entity of the product;
An authentication information registration mediation server comprising: In a computer comprising first code information acquisition means, second code information transmission means, code information reception means, user confirmation means, and user authentication information acquisition means,
In the first code information acquisition means, a first code information acquisition step of acquiring the first code information set by the user;
A second code information transmitting step for transmitting, to the user, second code information corresponding to the acquired first code information in the second code information transmitting means;
In the code information receiving means, a code information receiving step of receiving a set of the first code information and the second code information from a user terminal;
In the user confirmation means, the acquired first code information and the second code information transmitted corresponding to the first code information are stored in the received first code information and second code information. A user confirmation step of confirming the user against a set;
In the user authentication information acquisition means, a user authentication information acquisition step of acquiring user authentication information of the confirmed user;
An authentication information registration method characterized by comprising: User information acquisition means and storage means,
In the user information acquisition means, a user information acquisition step of acquiring user information associated with the first code information;
In the storage unit, a storage step of storing the received user authentication information and the acquired user information in a storage device in association with each other;
The authentication information registration method according to claim 11, further comprising:   12. The authentication information registration method according to claim 11, wherein the first code information is set by a user. First code information issuing means, and first code information notifying means,
In the first code information issuing means, a first code information issuing step for issuing first code information to the user;
A first code information notification step of notifying the user of the issued first code information in the first code information notification means;
With
12. The authentication information registration method according to claim 11, wherein in the first code information acquisition step, the first code information issued in the first code information issue step is acquired.   In the second code information transmission step, the second code information is transmitted to the user via a transmission means different from that used to notify the user of the first code information. The authentication information registration method according to claim 11.   The authentication according to claim 11, wherein, in the second code information transmission step, the second code information is transmitted at a timing different from a timing at which the first code information is notified to the user. Information registration method.   12. The authentication information registration method according to claim 11, wherein in the user authentication information acquisition step, the user authentication information is acquired by receiving user authentication information set by the user and transmitted from a user terminal. A user authentication information issuing means, and a user authentication information transmitting means,
In the user authentication information issuing means, a user authentication information issuing step for issuing user authentication information;
In the user authentication information transmitting means, a user authentication information transmitting step for transmitting the issued user authentication information to the user;
With
12. The authentication information registration method according to claim 11, wherein in the user authentication information acquisition step, the issued user authentication information is acquired.   When the user authentication information acquired in the user authentication information acquisition step is reissued to the user, the previously acquired user authentication information is replaced with the reissued user authentication information. Item 12. The authentication information registration method according to Item 11. An authentication information registration mediation method for accepting a purchase application for a product to be registered for user authentication information from a user and mediating registration of user authentication information to a computer executing the authentication information registration method according to claim 11. ,
In a computer comprising product specifying information receiving means, first code information sharing means, first code information notifying means, and product specifying information transmitting means,
In the product specifying information receiving means, a product specifying information receiving step for receiving product specifying information for specifying a product that the user desires to purchase from a user terminal;
In the first code information sharing means, a first code information sharing step for sharing the first code information with the authentication information registration method in correspondence with the received product specifying information;
In the first code information notification means, a first code information notification step of notifying the user of the shared first code information;
In the product specifying information transmitting means, the product specifying information transmitting step for transmitting the received product specifying information to a shipping entity of the product,
An authentication information registration mediation method characterized by comprising: A first code information acquisition function for acquiring first code information set by a user;
A second code information transmission function for transmitting second code information corresponding to the acquired first code information to the user;
A code information receiving function for receiving a set of the first code information and the second code information from a user terminal;
The acquired first code information and the second code information transmitted corresponding to the first code information are collated with the set of the received first code information and second code information. A user confirmation function to confirm the user;
A user authentication information acquisition function for acquiring user authentication information of the confirmed user;
Authentication information registration program that realizes the above on a computer. A user information acquisition function for acquiring user information associated with the first code information;
A storage function for storing the received user authentication information and the acquired user information in a storage device in association with each other;
The authentication information registration program according to claim 21, wherein the authentication information registration program is realized by a computer.   The authentication information registration program according to claim 21, wherein the first code information is set by a user. A first code information issuing function for issuing first code information to the user;
A first code information notification function for notifying the user of the issued first code information;
Is realized by the computer,
The authentication information registration program according to claim 21, wherein the first code information acquisition function acquires the first code information issued by the first code information issue function.   In the second code information transmission function, the second code information is transmitted to the user via a transmission function different from that used to notify the user of the first code information. The authentication information registration program according to claim 21.   The authentication according to claim 21, wherein the second code information transmission function transmits the second code information at a timing different from a timing when the first code information is notified to the user. Information registration program.   The authentication information registration program according to claim 21, wherein the user authentication information acquisition function acquires the user authentication information by receiving user authentication information set by the user and transmitted from a user terminal. A user authentication information issuing function for issuing user authentication information;
A user authentication information transmission function for transmitting the issued user authentication information to the user;
Is realized by the computer,
The authentication information registration program according to claim 21, wherein the user authentication information acquisition function acquires the issued user authentication information.   When the user authentication information acquired by the user authentication information acquisition function is reissued to the user, a replacement function that replaces the previously acquired user authentication information with the reissued user authentication information is realized. Item 22. The authentication information registration program according to Item 21. An authentication information registration mediation program for accepting a purchase application for a product that is a target of user authentication information registration from a user and mediating registration of user authentication information in a computer that executes the authentication information registration program according to claim 21. There,
A product specification information receiving function for receiving product specification information for specifying a product that the user desires to purchase from a user terminal;
A first code information sharing function for sharing the first code information with the authentication information registration server in correspondence with the received product identification information;
A first code information notification function for notifying the user of the shared first code information;
A product specification information transmission function for transmitting the received product specification information to a shipping entity of the product;
Authentication information registration mediation program that implements A first code information acquisition function for acquiring first code information set by a user;
A second code information transmission function for transmitting second code information corresponding to the acquired first code information to the user;
A code information receiving function for receiving a set of the first code information and the second code information from a user terminal;
The acquired first code information and the second code information transmitted corresponding to the first code information are collated with the set of the received first code information and second code information. A user confirmation function to confirm the user;
A user authentication information acquisition function for acquiring user authentication information of the confirmed user;
A computer-readable storage medium storing an authentication information registration program for realizing the above in a computer. A user information acquisition function for acquiring user information associated with the first code information;
A storage function for storing the received user authentication information and the acquired user information in a storage device in association with each other;
32. The storage medium according to claim 31, wherein the authentication information registration program for realizing the above is realized by a computer.   32. The storage medium according to claim 31, wherein the first code information is set by a user. A first code information issuing function for issuing first code information to the user;
A first code information notification function for notifying the user of the issued first code information;
Is realized by the computer,
32. The storage medium according to claim 31, wherein the authentication information registration program is stored, wherein the first code information acquisition function acquires the first code information issued by the first code information issue function. .   In the second code information transmission function, the second code information is transmitted to the user via a transmission function different from that used to notify the user of the first code information. 32. The storage medium according to claim 31, wherein the authentication information registration program is stored.   In the second code information transmission function, the authentication information registration program is stored, wherein the second code information is transmitted at a timing different from a timing at which the first code information is notified to the user. 32. The storage medium according to claim 31.   The user authentication information acquisition function stores the authentication information registration program, wherein the user authentication information is acquired by receiving user authentication information set by the user and transmitted from a user terminal. The storage medium described in 1. A user authentication information issuing function for issuing user authentication information;
A user authentication information transmission function for transmitting the issued user authentication information to the user;
Is realized by the computer,
32. The storage medium according to claim 31, wherein the user authentication information acquisition function stores the issued user authentication information.   When the user authentication information acquired by the user authentication information acquisition function is reissued to the user, a replacement function for replacing the previously acquired user authentication information with the reissued user authentication information is realized. 32. The storage medium according to claim 31, wherein an authentication information registration program is stored. An authentication information registration mediation program for mediating registration of user authentication information in a computer executing a certification information registration program according to claim 31 while accepting a purchase application for a product subject to user authentication information registration from a user. A stored storage medium,
A product specification information receiving function for receiving product specification information for specifying a product that the user desires to purchase from a user terminal;
A first code information sharing function for sharing the first code information with the authentication information registration server in correspondence with the received product identification information;
A first code information notification function for notifying the user of the shared first code information;
A product specification information transmission function for transmitting the received product specification information to a shipping entity of the product;
A computer-readable storage medium storing an authentication information registration mediation program for realizing the above in a computer.

Images