JP2005346250A - Access control system, access control method, and access control program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To easily confine user groups having the same relationship to the same access control. <P>SOLUTION: A service center stores the personal information of a referred person A in a personal information storage part and also stores the disclosure policy (disclosure control contents S for each relation level R) of the referred person A in a disclosure policy storage part. In addition, the service center receives a relation level R, a referred person identification information ID_R and effective conditions C from the referred person A, and generates a disclosure-target address T in which the above subjects thus received are embedded with a prescribed key. Then, the service center determines whether the disclosure is to be permitted by using a prescribed key and the effective conditions C when it receives the disclosure-target address T from a referring person B. Then, the service center transmits by mail and discloses personal information corresponding to the referred person identification information ID_A included in the disclosure-target address T among the personal information stored in the personal information storage part according to the disclosure control contents S corresponding to the relation level R included in the disclosure-target address T among the disclosure control contents S stored in the disclosure policy storage part to the referring person B. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an access control system, an access control method, and an access control program for controlling access by an accessor to a service related to an accessed person.

  Conventionally, there is a system for controlling access of a user B to a service related to a certain user A. For example, personal information related to a certain user A (for example, the name, address, date of birth, date of birth, credit number, etc. of the user who is the referenced person) is disclosed to the other user B who is the referring person. This is the case with systems related to information disclosure services.

  More specifically, when such an information disclosure service is implemented, if information related to the user A is disclosed without limitation, the user A who is a reference person may suffer a disadvantage. For this reason, in order to realize a practical information disclosure service, it is necessary to disclose personal information to the user B in a form that the user A is convinced. As conventional techniques to be realized, conventional techniques as described below are known.

  For example, Patent Document 1 (Japanese Patent Laid-Open No. 2002-229953) discloses a system for disclosing personal information of a user based on an access code in a personal information disclosure server. Specifically, in this system, when the referred person sends an access code issuance request including an attribute to be disclosed (information indicating which attribute is to be disclosed) to the server, the server accesses in accordance with this request. A code is generated, the access code and the attribute to be disclosed are associated with each other and stored in the database, and the access code is returned to the referenced person. Then, when the referred person notifies an access code to a reference who permits disclosure, and the reference person transmits a disclosure request including the access code to the server, the server stores the disclosure stored in the database in association with the access code. Notify the referrer of the target attribute. The access code is generated by encrypting the identification information of the referenced person and the expiration date of the access code.

  Further, for example, in Patent Document 2 (Japanese Patent Laid-Open No. 2001-5833) and Patent Document 3 (Japanese Patent Laid-Open No. 2001-297159), the identification information of a user whose disclosure is permitted for each personal information of the referred person. A system for disclosing personal information while managing information is disclosed. In other words, in these systems, each personal information is associated with the identification information of the permitted user for disclosure in response to a setting request from the referenced person (setting request as to which user is permitted to disclose which personal information). And store it in the database. When a disclosure request for predetermined personal information is received from a user who is a referrer, the above-described database is referred to, and if disclosure is permitted for the referrer, personal information related to disclosure permission is disclosed.

JP 2002-229953 A JP 2001-5833 A JP 2001-297159 A

  However, as described below, the above-described conventional technique has problems in terms of setting control contents for a group of users having a similar relationship and from the viewpoint of database resources.

  That is, in the prior art that discloses the user's personal information based on the access code (the technique disclosed in Patent Document 1), the user A who is the referenced person is the subject of disclosure for each user B who is the referring person. It is necessary to specify an attribute (control content) and make an access code issue request. For this reason, even when it is desired to execute the same control contents for a user group having a similar relationship (for example, a relationship between friends, colleagues, etc.) among the plurality of users B, the use of such a user group is used. There is a problem that it is necessary to make an access code issuance request having the same control content for each user B many times, and the setting of the control content for the user group having the same relationship is complicated.

  Further, in the prior art (technique disclosed in Patent Documents 2 and 3) for managing the identification information of a user whose disclosure is permitted for each personal information of the referenced person, the user A who is the referenced person is subject to disclosure. It is necessary to make a setting request by designating identification information of the user B who is permitted to be disclosed for each personal information (in other words, control content). For this reason, even when it is desired to execute the same control contents for a user group having a similar relationship (for example, a relationship between friends, colleagues, etc.) among the plurality of users B, the use of such a user group is used. It is necessary to make a setting request for specifying the identification information of the user B for the same personal information (control content) for each user B many times, and the setting of the control content for the user group having the same relationship is complicated. There is a problem that it is.

  In addition to such problems, in the above-described conventional technique (the technique disclosed in Patent Document 1), the attribute to be disclosed and the access code are stored in the database in association with each other according to the generation of the access code. There is a problem that database resources increase in proportion to the number of access codes handled. In particular, when there are a lot of disclosure destinations (reference persons to whom the referenceee permits disclosure) or when the expiration date extends for a long time, a lot of resources are required, which is not practical.

  Similarly, in the above-described prior art (the techniques disclosed in Patent Documents 2 and 3), each personal information is associated with the identification information of the permitted authorized user in the database in response to a setting request from the referred person. Since the data is stored, there is a problem in that the database resources increase in proportion to the number of disclosure-permitted users.

  As described above, the above-described prior art of the information disclosure service has problems from the viewpoint of setting the control content for the user group having the same relationship and the database resource. This problem is not limited to the case where access control is performed by the information disclosure service described above. If the user B tries to control access to a service related to a certain user A, the same problem may occur. This is a potential problem.

  Therefore, the present invention has been made to solve the above-described problems of the prior art, and simply performs similar access control on a group of users having a similar relationship, and an access code is generated. An object of the present invention is to provide an access control system, an access control method, and an access control program that can eliminate the necessity of newly storing predetermined information in a database each time it is performed.

  In order to solve the above-described problems and achieve the object, an invention according to claim 1 is an access control system for controlling access by an accessor to a service related to an accessee, the accessee and the accessor. An access code generating means for acquiring an access code for specifying the access control content to be executed according to the relation information, and an access code generated by the access code generating means. Access control means for receiving access from the accessor and executing access control content specified by the access code.

  Further, in the invention according to claim 2, in the above invention, the access code generation means uniquely identifies the access control content executed according to the relation information and the person to be accessed. Generating access code including accessee identification information and / or accessor identification information for uniquely identifying the accessor, wherein the access control means includes the accessee identification information included in the access code and Access control is executed using accessor identification information.

  According to a third aspect of the present invention, in the above invention, the access code generation means uniquely identifies the access control content executed according to the relation information and the accessed person. An access code including identification information to be accessed and / or accessor identification information for uniquely identifying the accessor is generated using a predetermined key, and the access control means includes a predetermined key, the access code The access control is executed using the accessee identification information and / or accessor identification information included in the access point.

  According to a fourth aspect of the present invention, in the above invention, for one or a plurality of relationship information indicating a relationship between users, an access control content executed according to each relationship information is stored in association with each other. Control content storage means, wherein the access code generation means acquires relation information indicating a relation between the accessed person and the access person, generates an access code including the relation information, and the access control means When the access code is received from the accessor, the access control content corresponding to the relationship information included in the access code is executed out of the access control content stored in the access control content storage means. And

  Further, the invention according to claim 5 is the above-described invention, wherein the access control content executed according to each relationship information is stored in association with each other for each one or a plurality of relationship information indicating the relationship between users. Control content storage means, wherein the access code generation means acquires relationship information indicating a relationship between the accessed person and the accessee, and among the access control contents stored in the access control content storage means, Generating an access code including access control content corresponding to the relationship information, and the access control means, when receiving the access code from the accessor, executing the access control content included in the access code Features.

  The invention according to claim 6 further comprises verification means for verifying the validity of the access code when the access code is received from the accessor in the above invention, wherein the access code generation means comprises: The access code is generated using a predetermined key, the verification means verifies the validity of the access code received from the accessor using a predetermined key, and the access control means is When the validity of the access code is confirmed, the access control content specified from the access code is executed.

  In the invention according to claim 7, in the above invention, the access code generation means includes an access code including a tamper-proof code obtained by inputting the relation information or access control content into a function determined from a predetermined key. And the verification means verifies the validity of the access code by inputting the relation information or access control content into a function determined from the predetermined key.

  In the invention according to claim 8, in the above invention, the access code generation means generates an access code including encrypted data obtained by encrypting the relation information or access control content with a predetermined key. The verification unit verifies the validity of the access code by decrypting the encrypted data included in the access code with a predetermined key.

  The invention according to claim 9 further comprises execution determination means for determining whether or not to execute the access control content specified from the access code when the access code is received from the accessor in the above invention. The access code generation means generates an access code further including an execution condition related to execution of the access control content, and the execution determination means uses the execution condition included in the access code received from the accessor. Whether or not the access control content can be executed is determined, and the access control means executes the access control content specified from the access code when the execution is permitted by the execution determination means.

  In the invention according to claim 10, in the above invention, the access code generation means includes a period, a time, a user, or a combination thereof, in which execution of the access control content is permitted, as the execution condition. An access code is generated.

  The invention according to claim 11 is characterized in that, in the above-mentioned invention, the access code generating means generates an access code including the falsification preventing code or encrypted data obtained by further using the execution condition. And

  The invention according to claim 12 is characterized in that, in the above-mentioned invention, a terminal of a third party other than the accessed person and the access person comprises the access code generation means and the verification means. .

  The invention according to claim 13 is the above invention, wherein the accessed person and a third party terminal other than the accessing person comprise the access code generating means, and the accessed person terminal is the verification means. It is provided with.

  The invention according to claim 14 is the above invention, wherein the terminal of the accessed person comprises the access code generating means, and the terminal of a third party other than the accessed person and the accessing person is the verification means. It is provided with.

  The invention according to claim 15 is characterized in that, in the above-mentioned invention, the terminal of the person to be accessed comprises the access code generation means and the verification means.

  Further, in the invention according to claim 16, in the above invention, when the access code is generated by the third party terminal other than the accessed person and the access person, the access code is generated. It is characterized by further comprising notification means for notifying the terminal of the person to be accessed.

  The invention according to claim 17 is the above invention, wherein the access code and the third party terminal other than the access person, when the access code is generated by the access code generation means, The information processing device further includes notification means for notifying an accessor's terminal.

  The invention according to claim 18 is the above invention, wherein the notifying means creates a generation notification message including the access code generated by the access code generating means, and the message is sent to a person to be accessed or It transmits to an accessor's terminal, It is characterized by the above-mentioned.

  According to a nineteenth aspect of the present invention, in the above invention, the access code generating means generates the access code in a mail address format, and the access control means is a mail having the mail address as a destination address. Is received from the terminal of the accessor, and the access code is received.

  According to a twentieth aspect of the present invention, in the above invention, the access code generation unit generates the access code in a URL (Uniform Resource Locator) format, and the access control unit generates the URL as an access destination address. The access code is received by receiving an access request from the accessor's terminal.

  In the invention according to claim 21, in the above invention, the access code generation means generates the access code in a telephone number format, and the access control means uses the telephone number as a connection destination address. The access code is received by receiving a request from the accessor's terminal.

  The invention according to claim 22 is the above invention, wherein the service is an information disclosure service for disclosing information of an accessed person to an accessing person, and the access control means includes the accessed person and the access. Disclosure control is performed in accordance with the relationship information indicating the relationship with the person.

  Further, the invention according to claim 23 is the above invention, wherein the service is a message delivery service for delivering a message transmitted from an accessor to an accessed person, and the access control means includes the accessed person. And delivery control is performed in accordance with relationship information indicating the relationship between the user and the accessor.

  The invention according to claim 24 is the above invention, wherein the service is a telephone connection service for connecting a telephone connection request transmitted from an accessor to an accessed person, and the access control means includes the access control means. Connection control is performed according to relationship information indicating a relationship between the accessor and the accessor.

  The invention according to claim 25 is an access control method for controlling access by an accessor to a service related to an accessed person, acquiring relationship information indicating a relationship between the accessed person and the accessing person, and An access code generation step for generating an access code for specifying the access control content to be executed according to the relationship information, and an access code generated by the access code generation step is received from the accessor and specified from the access code And an access control step for executing the access control content.

  According to a twenty-sixth aspect of the present invention, in the above invention, the access code generation step uniquely identifies the access control content executed according to the relation information and the accessed person. Generating an access code including accessee identification information and / or accessor identification information for uniquely identifying the accessor, wherein the access control step includes the accessee identification information included in the access code and Access control is executed using accessor identification information.

  According to a twenty-seventh aspect of the present invention, in the above invention, the access code generation step uniquely identifies the access control content executed according to the relation information and the accessed person. An access code including accessee identification information to be accessed and / or accessor identification information for uniquely identifying the accessor is generated using a predetermined key, and the access control step includes the predetermined key, the access code The access control is executed using the accessee identification information and / or accessor identification information included in the access point.

  The invention according to claim 28 is an access control program for causing a computer to execute an access control method for controlling access by an accessor to a service related to an accessee, wherein the relationship between the accessee and the accessor is determined. An access code generation procedure for generating an access code for acquiring access information for acquiring access information for identifying the access control content to be executed in accordance with the related information, and the access code generated by the access code generation procedure And an access control procedure for executing the access control content specified from the access code.

  In the invention according to claim 29, in the above invention, the access code generation procedure uniquely identifies information for specifying access control contents to be executed according to the relation information and the person to be accessed. Generating access code including accessee identification information and / or accessor identification information uniquely identifying the accessor, wherein the access control procedure includes the accessee identification information included in the access code and Access control is executed using accessor identification information.

  The invention according to claim 30 is the above invention, wherein the access code generation procedure uniquely identifies information for specifying access control contents to be executed according to the relation information and the person to be accessed. An access code including identification information to be accessed and / or accessor identification information for uniquely identifying the accessor is generated using a predetermined key, and the access control procedure includes a predetermined key, the access code The access control is executed using the accessee identification information and / or accessor identification information included in the access point.

  According to the invention of claim 1, 25 or 28, since the access code is generated by acquiring the relation information instead of the access control content, the complicated process of receiving the same access control content many times is not necessary. The same access code can be generated by a simple process of accepting the relationship information, and the same access code can be easily obtained for a group of users having the same relationship (relationship between friends, colleagues, etc.) among a plurality of accessors. Access control can be performed. In addition, since the generated access code is not managed in a database, the necessity of newly storing predetermined information in the database every time an access code is generated is eliminated, and such a database is not used. Access control can be performed.

  According to the invention of claim 2, 26 or 29, the access code including the accessee identification information and the accessee identification information is generated. For example, when there are a plurality of users who can be the accessee. Thus, it is possible to perform specific access control for each of a plurality of accessed users, or to perform specific access control for each of a plurality of users when there are a plurality of users who can be accessors. In addition, for example, by including accessee identification information that is not known to other users other than the accessed user in the access code, other users can impersonate the accessed user and access related to the service of the accessed user It is possible to prevent fraud such as generating code. In addition, for example, by including accessor identification information that is not known to other users than the accessor in the access code, it is possible to eliminate fraudulent acts such as access by other users impersonating the accessor. It becomes possible.

  According to the invention of claim 3, 27 or 30, since the access code including the accessee identification information and the accessor identification information is generated using the key, for example, for each of the plurality of the accessees and the accessees. Even when performing access control peculiar to, it is difficult to illegally generate or falsify an access code by a malicious third party, making it possible to perform highly secure access control. In other words, the malicious third party impersonates the accessed person and generates an access code related to the service of the accessed person, and the malicious act such as the malicious third party impersonating the accessed person and accesses the service is excluded. It becomes possible.

  Further, according to the invention of claim 4, since the relation information and the access control content are not managed in the database for each generated access code, but the relation information is included in the access code, it is proportional to the number of access codes created. Such database itself can be made unnecessary without increasing database resources. In addition, while the relation information is included in the access code, the access control contents corresponding to the relation information are managed in a table that is referred to in the access control, so even after the access code is generated, the control contents can be simplified simply by updating the table. It is possible to change all at once.

  Further, according to the invention of claim 5, since the relation information and the access control content are not managed in the database for each generated access code, but the access control content is included in the access code, it is proportional to the number of access codes created. Thus, the database itself does not become large, and such a database itself can be made unnecessary. In addition, since an access code including access control content is generated, it is not necessary to use a table in which relationship information and access control content are associated with each other for access control. Control can be performed at high speed.

  According to the invention of claim 6, since the access code is generated using the key, it is difficult to illegally generate or falsify the access code by a malicious third party, and highly secure access control can be performed. It becomes possible.

  According to the invention of claim 7, since the tamper-proof code obtained from the key function is included in the access code, the encrypted data obtained by encryption (in the case of block encryption, the data block length of the encryption algorithm) In some cases, it is possible to generate a short access code with a short tamper-proof code, as compared to the case of including short encrypted data.

  According to the invention of claim 8, since the encrypted data obtained by the key encryption is included in the access code, there is no restriction on the data length, and it is difficult to decrypt the encrypted data in a long sentence or a variety of related information or An access code including access control content can be generated. Also, since the access code is generated by encryption, both the encryption key and the decryption key must be strictly managed. The common key encryption method (the method using the same key common to the generation side and the verification side) ) As well as a public key cryptosystem that requires strict management of either the encryption key or the decryption key (a method in which the generation side and the verification side use two keys, a secret key and a public key, respectively) ) Can be adopted.

  According to the invention of claim 9, since the access code including the predetermined execution condition is generated, it is possible to eliminate unauthorized access that does not satisfy the execution condition. In addition, since the execution condition included in the access code is used for the determination, it is not necessary to use a database (DB that defines the execution condition for each access code) when determining the execution condition, and it is possible to execute without causing a database management burden. The condition determination process can be performed at high speed.

  In addition, according to the invention of claim 10, since the access code includes the period, time, user, etc. in which the execution of the access control content is permitted as an execution condition, the same is achieved without causing the management burden of the execution condition. It becomes possible to perform common or individual practical access control among related users.

  Further, according to the invention of claim 11, since the access code includes the period, time, user, etc., in which the execution of the access control content is permitted, as an execution condition, the same is achieved without causing the management burden of the execution condition. It becomes possible to perform common or individual practical access control among related users.

  According to the invention of claim 12, since the third party such as the issuing server and the verification server has the authority to generate the access code and the verification authority, access control with high reliability is performed for the accessed person and the accessing person. It becomes possible.

  According to the invention of claim 13, since the accessee has the authority to verify the access code, the burden of verifying the access code by a third party such as a verification server is distributed, and the access is flexibly performed at the user level. The code can be verified.

  According to the fourteenth aspect of the present invention, since the accessee has the authority to generate an access code, the burden of generating an access code by a third party such as an issuing server is distributed and the access is flexibly performed at the user level. It becomes possible to generate code.

  According to the invention of claim 15, since the accessed person has the access code generation authority and the verification authority, it becomes possible to perform self-initiated access control with a high degree of freedom for the accessed person.

  According to the invention of claim 16, since the access code generated by the third party is notified from the third party to the person to be accessed, the service access related to the person to be accessed is contrary to the will of the person to be accessed. It is possible to prevent a situation where code is generated.

  According to the invention of claim 17, since the access code generated by the third party is notified from the third party to the accessor, it is possible to save the trouble of the accessed person notifying the access code of the access code. It becomes possible.

  According to the invention of claim 18, since the generation notification message including the generated access code in the message body is transmitted directly to the accessor or via the accessed person, for example, the message is included in the message body. The accessor can select the access code (email address, URL, etc.) to be accessed and use an ordinary communication software having a function of registering it in a predetermined place (address book, favorite, etc.). Can be easily registered and managed, and the access code can be easily used.

  According to the invention of claim 19, since the access code in the mail address format is generated, the access person can easily manage the access code using the address book in the existing mail software, It is possible to easily access a service related to a person to be accessed simply by sending mail using existing mail software.

  According to the invention of claim 20, since the access code in the URL format is generated, the accessor can easily manage the access code using “favorites” in the existing browser software. By simply issuing an access request using existing browser software, it becomes possible to easily access a service related to the accessed person.

  According to the invention of claim 21, since the access code in the telephone number format is generated, the accessor can easily manage the access code by using the telephone directory in the existing telephone software, By simply issuing a connection request using an existing telephone terminal, it becomes possible to easily access a service related to the accessed person.

  According to the invention of claim 22, in the information disclosure service for disclosing information on the accessed person to the accessing person, it becomes possible to easily perform the same disclosure control for a user group having the same relationship. .

  According to the twenty-third aspect of the present invention, in a message delivery service for delivering a message sent from an accessor to an accessed person, a message sent from a group of users having a similar relationship can be simply and similarly delivered. Control can be performed.

  According to the invention of claim 24, in the telephone connection service for connecting the telephone connection request transmitted from the accessing person to the accessed person, the telephone connection request transmitted from the user group having the same relationship can be simplified. It is possible to perform similar connection control.

  Exemplary embodiments of an access control system, an access control method, and an access control program according to the present invention will be explained below in detail with reference to the accompanying drawings. In the following, the concept of access control according to the present invention will be described, and various embodiments (embodiments 1, 2 and 3) will be described.

[Explanation of terms]
Before describing the concept of access control according to the present invention, main terms used in the description will be described. The term “service” used below refers to a service that a certain accessor accesses with respect to a certain person to be accessed. For example, information on the person to be referred to (such as the telephone number, mail address, address, schedule, etc. of the person to be accessed) “Information Disclosure Service” for disclosing personal information to the referrer (accessor), “Message Delivery Service” for delivering a message sent from the accessor to the accessed person, and sent from the accessor to the accessed person This includes “telephone connection service” for connecting telephone connection requests.

  In addition, “accessor B” used below is a user who accesses the service (for example, “referencer” in the above information disclosure service), while “accessed person A” Is a user on the accessed side (for example, “referenced person” in the above information disclosure service). In the present embodiment, the identification information of the person A to be accessed is denoted as identification information ID_A, and the identification information of the access person B is denoted as identification information ID_B.

  The “identification information” used below is information for uniquely identifying (specifying or limiting) the person A to be accessed or the user B as a user. For example, a user such as a user name or a user number In addition to IDs, user addresses (such as e-mail addresses and telephone numbers) associated with such user IDs, and user identifiers generated using these user IDs and user addresses (generated from user IDs and user addresses) Such as a hash value and encrypted data obtained by encrypting the same).

  Further, the “relation information R” used in the following is information indicating the relationship between the person A to be accessed and the person B to be accessed. For example, access from the person A to be accessed such as a friend, a colleague, and a boss. Information indicating the relationship of the person B corresponds to this. Further, the “relationship” mentioned here is not limited to the relationship of the accessee B as viewed from the accessee A, but the relationship of the accessee A as viewed from the accessor B, the relationship between the both viewed from a third party, etc. , The relationship between the two can be understood from all perspectives.

  Further, “access control content S (appropriately expressed as“ access policy ”)” used below is control content executed when the accessor B accesses the above service. For example, in the information disclosure service, as illustrated in FIG. 12, “telephone number, email address, address, and schedule are all disclosed”, “phone number, email address, address, and public schedule (public -schedule) "," Disclose only email addresses and addresses ", and so on.

  Further, “effective condition C (corresponding to“ execution condition ”described in claims)” used in the following is a condition required for executing the access control content S described above. In the information disclosure service described above, as illustrated in FIG. 15, a condition that specifies a period (time limit) during which the disclosure control content S is permitted, a time, a referer, or a combination thereof corresponds to this. These conditions are specified by the person A to be accessed.

  The “access code T” used below is a code presented when the accessor B accesses the above service, and access control is performed based on the access code T. The access code T is issued prior to access by the accessor B to the service.

[Access control concept]
Next, the concept of access control according to the present invention will be described with reference to FIGS. 1 to 7 are diagrams for explaining the concept of access control according to the present invention. In addition, since access control of a different method is executed for each access code T generation method, the concept of access control will be described below by dividing into access code T generation methods (1) to (7). To do.

(1) Access code T including relation information R
The access control illustrated in FIG. 1 includes an access policy table in which access control contents S are stored in association with each other for each of a plurality of pieces of relation information R (friends, colleagues, bosses, etc.) as illustrated in FIG. And the access code production | generation part receives the relationship information R with the access person B from the to-be-accessed person A so that it may illustrate in the same figure. That is, in the prior art, as the access code generation request, the accessor identification information ID_B and the service content (access control content) for the accessor B are accepted, but in this embodiment, the relationship information R with the accessor B is received. Only accept.

  Then, as illustrated in FIG. 1, the access code generator generates an access code T for specifying the access control content S executed in accordance with the relationship information R, that is, an access code T including the relationship information R. The access code T is generated and notified to the accessor B. That is, in the prior art, after a predetermined access code is generated, this access code is stored in the access code table in association with the accessor identification information ID_B and the access control content. The code is not stored in the access code table.

  On the other hand, the access control unit accepts an access request accompanied by an access code T from the accessor B as illustrated in FIG. Then, the access control unit extracts the access control content S corresponding to the relation information R included in the access code T from the access control content S stored in the access policy table, as illustrated in FIG. By executing the control content S, the access of the accessor B is controlled.

  That is, a specific example will be described. For example, in the information disclosure service, based on the relationship information R included in the access code T received from the accessor B, “phone number, mail address, address, and When the access control content S, “disclose all schedules,” is extracted, the “phone number, mail address, address, schedule” of the accessed person A is disclosed to the accessing person B. In the prior art, the access control content corresponding to the access code received from the accessor B is extracted from the access control content stored in the access code table.

  As described above, according to the access control described above, not the access control content S but the related information R is acquired and the access code T is generated, so that a complicated process of receiving the same access control content S many times is not necessary. A similar access code T can be generated by a simple process of accepting similar relationship information R, and a group of users having a similar relationship (a relationship of friends, colleagues, etc.) among a plurality of access users B On the other hand, the same access control can be easily performed.

  Further, according to the above access control, the relation information R and the access control content S are not managed in the database for each generated access code T, but the relation information R is included in the access code T, so that the access code T is generated. Database resources are not increased in proportion to the number, and such a database itself can be made unnecessary.

  Furthermore, according to the above access control, the access information T is included in the access code T, while the access control content S corresponding to the relationship information R is managed by the access policy table referred to in the access control. Even after generation, it is possible to easily change the control contents all at once by simply updating the table.

(2) Access code T including access control content S
In the other access control illustrated in FIG. 1, the access code generation unit is executed according to the relationship information R when the relationship information R with the access person B is received from the accessed person A as illustrated in FIG. The access code T for specifying the access control content S, that is, the access code T including the access control content S corresponding to the relationship information R among the access control content S stored in the access policy table is generated.

  Then, as illustrated in FIG. 1, when the access control unit receives the access code T from the accessor B, the access control unit extracts the access control content S included in the access code T and executes the access control content S. The access of the accessor B is controlled.

  As described above, according to the above access control, the relation information R and the access control content S are not managed in the database for each generated access code T, but the access control content S is included in the access code T. Database resources do not increase in proportion to the number of T created, and such a database itself can be made unnecessary.

  Further, according to the access control described above, the access code T including the access control content S is generated. Therefore, a table (access policy table) in which the relationship information R and the access control content S are associated is used for the access control. It is not necessary, and access control can be performed at a higher speed than the access code T including the relationship information R.

(3) Access code T including R or S, accessee identification information ID_A
In the access control illustrated in FIG. 2, the access code generation unit receives the accessee identification information ID_A together with the relationship information R with the accessor B from the accessee A, as illustrated in FIG. An access code T including R or access control content S and accessee identification information ID_A is generated.

  When the access control unit receives the access code T from the accessor B, the access control unit executes the access control content S using the accessee identification information ID_A included in the access code T. That is, for example, when an access policy table storing a specific access control content for each of a plurality of accessed users A (accessed persons A1, A2,...) Is included, it is included in the access code T. After specifying any one of the accessees A using the accessee identification information ID_A, the specific access control content S stored in the access policy table of the specified accessee A is executed.

  As another example, the accessee identification information ID_A that is not known to other users other than the user A to be accessed A is included in the access code T, so that the person to be accessed included in the access code T is identified. The information ID_A is used as the signature of the accessed person A. That is, access control is executed after determining whether or not the accessee identification information ID_A included in the access code T is valid. The “identification information” mentioned here includes a user ID, a user address, and a user identifier generated using these as described above.

  As described above, according to the above access control, the access code T including the accessee identification information ID_A is generated. For example, when there are a plurality of users who can be accessed users, It becomes possible to perform access control peculiar to every.

  In addition, according to the above access control, for example, by including the accessee identification information ID_A that is not known to other users other than the accessed user A in the access code, other users can access the accessed user. It is possible to prevent an illegal act of impersonating A and generating an access code T related to the service of the accessed person A.

(4) Access code T including R or S, accessor identification information ID_B
In the access control illustrated in FIG. 3, the access code generation unit receives the accessor identification information ID_B together with the relationship information R with the accessor B from the accessed person A, as illustrated in FIG. Alternatively, the access code T including the access control content S and the accessor identification information ID_B is generated.

  When the access control unit receives the access code T from the accessor B, the access control unit executes the access control content S using the accessor identification information ID_B included in the access code T. That is, for example, in addition to the access control contents of the access policy table, the expiration date of the access code T is associated with each identification information ID_B of a plurality of accessors B (accessors B1, B2,...). Is stored in the access code T, the accessor identification information ID_B included in the access code T is used to identify any accessor B, and the accessor B is specific to the specified accessor B. The access control content S is executed in consideration of the valid conditions.

  As another example, by including in the access code T accessor identification information ID_B that is not known to other users than the accessor B, the accessor identification information ID_B included in the access code T is included. Used as a signature for accessor B. That is, access control is executed after determining whether or not the accessor identification information ID_B included in the access code T matches the accessor identification information received from the accessor. The “identification information” mentioned here includes a user ID, a user address, and a user identifier generated using these as described above.

  Thus, according to the above access control, the access code T including the accessor identification information ID_B is generated. For example, when there are a plurality of users who can be accessors, the access code T is unique to each accessor. It is possible to perform access control.

  In addition, according to the above access control, for example, by including accessor identification information ID_B that is not known to other users other than the accessor B in the access code T, other users can access the accessor B. It is possible to eliminate fraudulent acts such as spoofing and accessing services.

(5) Access code T including R or S, ID_A, ID_B
In the access control illustrated in FIG. 4, the access code generation unit, as illustrated in FIG. 4, has accessee identification information ID_A and accessor identification information ID_B together with relationship information R from the accessed person A to the accessor B. And the access code T including the relationship information R or the access control content S, the accessee identification information ID_A, and the accessor identification information ID_B is generated.

  When the access control unit receives the access code T from the accessor B, the access control unit illustrated in FIGS. 2 and 3 uses the accessee identification information ID_A and the accessor identification information ID_B included in the access code T. The access control content S is executed in the same manner as described above. That is, for example, when an access policy table in which the access control content S and the effective conditions are stored for each of a plurality of accessed users and access users is provided, the accessed user identification information ID_A included in the access code T The access policy table of the corresponding accessee A is specified using the accessor identification information ID_B included in the access code T, and the access control content S of the corresponding accessor B, the effective condition, etc. And the access control content S is executed based on the validity condition.

  Thus, according to the above access control, the access code T including the accessee identification information ID_A and the accessor identification information ID_B is generated. For example, when there are a plurality of users who can be accessees. Thus, it is possible to perform specific access control for each of a plurality of accessed users, or to perform specific access control for each of a plurality of users when there are a plurality of users who can be accessors.

(6) Depending on the key, access code T including R or S, ID_A, ID_B
In the access control shown in FIG. 5, the access code generation unit, together with the relationship information R from the accessed person A to the accessing person B, together with the accessed person identification information ID_A and the accessing person identification information ID_B, as illustrated in FIG. And the access code T including the related information R or the access control content S, the accessee identification information ID_A, and the accessor identification information ID_B by a key is generated. In addition, “P” shown in the figure means that a key is used.

  Then, when the access control unit accepts the access code T from the accessor B as illustrated in the figure, the access control unit verifies the validity of the access code T with the key, and then identifies the accessee included in the access code T The access of the accessor B is controlled by executing the access control content S using the information ID_A and the accessor identification information ID_B.

  That is, for example, the access code generation unit is obtained by inputting the relationship information R or the access control content S, the accessee identification information ID_A, and the accessor identification information ID_B into a function determined from a predetermined key. The access control unit generates an access code T including a falsification prevention code to be generated, and the access control unit similarly includes the relationship information R or the access control content S, the accessee identification information ID_A, and the accessor identification information. The validity of the access code T is verified by inputting ID_B.

  For example, the access code generation unit encrypts the relationship information R or the access control content S, the accessee identification information ID_A, and the accessor identification information ID_B with a predetermined key. The access control unit verifies the validity of the access code T by decrypting the encrypted data included in the access code T with a predetermined key.

  As described above, according to the above access control, the access code including the accessee identification information ID_A and the accessor identification information ID_B is generated using the key. Even when performing specific access control, it is possible to make it difficult to illegally generate or falsify an access code by a malicious third party, and to perform highly secure access control. That is, fraudulent acts such as a malicious third party impersonating the person being accessed A and generating an access code related to the service of the accessed person A, or a malicious third party impersonating the accessor B and accessing the service Can be eliminated.

  Further, according to the above access control, for example, the tamper-proof code obtained from the key function is included in the access code, so that the encrypted data obtained by encryption (in the case of block encryption, the data block of the encryption algorithm) Since the length of the data is determined by the length, short encrypted data may not be generated.) In some cases, it is possible to generate a short access code with a short tamper-proof code.

  In addition, according to the above access control, for example, encrypted data obtained by key encryption is included in the access code T. Therefore, encrypted data that is difficult to decipher in a long sentence and various relations without restriction on the data length. An access code including the information R or the access control content S can be generated. In addition, since the access code T is generated by encryption, a common key encryption method in which both the encryption key and the decryption key must be strictly managed (the same key common to the generation side and the verification side is used) Method), public key encryption method (the generation side and the verification side use two keys, that is, a secret key and a public key) that only need to strictly manage either the encryption key or the decryption key. Method).

  Here, the access code T including “R or S, ID_A, ID_B” using a key has been described as an example. However, for example, an access code T including only related information R or access control content S using a key. May be generated, which makes it difficult to illegally generate or falsify the relationship information R or the access control content S, thereby enabling highly secure access control.

  Similarly, the access code T including the relationship information R or the access control content S and the accessee identification information ID_A or the accessor identification information ID_B by a key may be generated. It becomes difficult to illegally generate or alter the accessee identification information ID_A or the accessee identification information ID_B, and it is possible to perform highly secure access control.

(7) Depending on the key, access code T including R or S, ID_A, ID_B, and valid condition C
In the access control shown in FIG. 6, the access code generation unit, together with the relationship information R from the accessed person A to the accessing person B, the accessed person identification information ID_A and the accessing person identification information ID_B, as illustrated in FIG. And the valid condition C is received, and the access code T including the relation information R or the access control content S, the accessee identification information ID_A, the accessor identification information ID_B, and the valid condition C with a key is generated.

  Then, as illustrated in the figure, when the access control unit receives the access code T from the accessor B, the access control unit verifies the legitimacy of the access code T with the key and accesses the access code T according to the valid condition C included in the access code T. After determining whether the control can be executed, the access of the accessor B is controlled by executing the access control content S using the accessee identification information ID_A and the accessor identification information ID_B included in the access code T. .

  As described above, according to the above access control, the access code T including the predetermined effective condition C is generated. Therefore, in addition to the effect of the access control illustrated in FIG. Can be eliminated.

  Further, according to the above access control, the effective condition C included in the access code T is used for the determination. Therefore, when determining the effective condition C, it is necessary to use a database (DB defining the effective condition C for each access code T). In addition, the effective condition determination process can be performed at high speed without causing a database management burden.

  In addition, according to the above access control, the access code T in which the execution condition is embedded by the key is generated, so that it is difficult for a malicious third party to illegally generate and alter the valid condition C, and the access control with high safety is achieved. It becomes possible to do.

  Here, the access code T including “R or S, ID_A, ID_B, C” has been described as an example. However, for example, the relationship information R or the access control content S and the valid condition C are set using a key. The access code T including the access code T, the relationship information R or the access control content S, and the accessee identification information ID_A or the accessor identification information ID_B using a key may be generated.

(8) Summary To summarize the above, the generation method of the access code T used for access control according to the present invention has four generation options independently as illustrated in FIG. That is, as the first option, there are two ways of “whether the relation information R is included or whether the access control content S is included”, and the second option is “accessee identification information ID_A and Does not include any of the accessor identification information ID_B, includes only the accessee identification information ID_A, includes only the accessor identification information ID_B, or both the accessee identification information ID_A and the accessor identification information ID_B There are four ways to include.

  The third option is “whether valid condition C is not included or valid condition C is included”, and the fourth option is “whether it is included without using a key”. Or include it with a key? As described above, the generation method of the access code T used for the access control according to the present invention must include the “relation information R or the access control content S”. As a result, 32 generation methods having different meanings and effects can be adopted.

  Next, as a specific example of the access control described above, the access code T including the relationship information R, the accessee identification information ID_A, the accessor identification information ID_B, and the valid condition C using the key is used. An information disclosure system (Example 1) for controlling disclosure of personal information will be described. In the following, after describing the terms used in the first embodiment, the outline and features of the information disclosure system according to the first embodiment, the configuration of the information disclosure system, the details of each device in the system, and the disclosure address generation to the information disclosure Will be described, and finally the effects of the first embodiment will be described.

[Explanation of terms]
First, main terms used in Example 1 will be described. The “information disclosure service (corresponding to the“ service ”described in the claims)” used in the first embodiment discloses the information of the referred person (accessee A) to the reference person (accessor B). For example, as illustrated in FIGS. 10 and 11, the telephone number (phone), mail address (e-mail), address (address), schedule, etc. Disclose personal information to referrer B.

  The “reference person B (corresponding to“ access person ”described in the claims”) used in the first embodiment is a user who refers to personal information. The reference person A (corresponding to “accessee” described in the claims) is a user who discloses personal information. In this embodiment, the identification information of the reference person A is referred to as reference person identification information ID_A, and the identification information of the reference person B is referred to as reference person identification information ID_B.

  The “identification information” used in the first embodiment is information for uniquely identifying (specifying or limiting) the referred person A or the reference person B as a user, such as a user name or a user number. In addition to a user ID, a user address (such as an e-mail address or a telephone number) associated with the user ID, and a user identifier generated using these user ID and user address (from the user ID and user address) This corresponds to a generated hash value, encrypted data obtained by encrypting these, and the like.

  Further, “relationship level R (corresponding to“ relationship information ”described in claims)” used in the first embodiment is information indicating the relationship between the above-mentioned reference person A and reference person B. For example, information indicating the relationship of the accessor B viewed from the accessee A, such as a friend, a colleague, and a boss, corresponds to this. Further, the “relationship” referred to here is not limited to the relationship of the reference person B viewed from the referenced person A, but the relationship of the referenced person A viewed from the reference person B, the relationship between the both viewed from the third party, etc. , The relationship between the two can be understood from all perspectives. In the following first embodiment, as illustrated in FIG. 12, the relationship information such as “friend, colleague, boss” is replaced with a code value (relation level value) “0, 1, 2”. I am trying to process it.

  Further, “disclosure control content S (corresponding to“ access control content ”described in claims) and also appropriately expressed as“ disclosure policy ”) used in the first embodiment is the information disclosure described above. This is control content related to information disclosure of services. For example, as shown in FIG. 12, “telephone number, e-mail address, address, and schedule are all disclosed.”, “Telephone number, e-mail address, address” In addition, the contents of control such as “disclosure of public schedule (public-schedule)” and “disclosure only e-mail address and address” correspond to this. In the following first embodiment, the disclosure control content S in the form of listing information items (disclosure information items) that are permitted to be disclosed will be described as an example. It is described as “information item”.

  The “effective condition C (corresponding to the“ execution condition ”described in the claims)” used in the first embodiment is a condition required for executing the above-described disclosure control content S. For example, as illustrated in FIG. 15, a condition that specifies a period (time limit) during which the disclosure control content S is permitted, a time, a referrer, or a combination thereof corresponds to this. Note that these conditions are specified by the reference person A.

  Further, the “disclosure address T (corresponding to the“ access code ”recited in the claims)” used in the first embodiment refers to the personal information of the reference person A by the reference person B in the information disclosure service described above. This is the access code that is presented when requesting reference. In the first embodiment, as described above, the disclosure address T including the relationship level R, the accessee identification information ID_A, the accessor identification information ID_B, and the valid condition C is generated.

[Outline and Features of System (Example 1)]
Next, the outline and characteristics of the information disclosure system according to the first embodiment will be described with reference to FIG. FIG. 8 is a diagram for explaining the outline of the information disclosure system according to the first embodiment.

  The outline of the information disclosure system according to the first embodiment is to transmit the personal information of the referred person A (accessed person A) to the terminal of the referring person B (accessing person B) for disclosure. The disclosure address T is used for the disclosure control of the personal information. This makes it possible to simply perform the same disclosure control for the reference group having the same relationship, and the access code is The main feature is that it eliminates the need to newly store predetermined information in the database each time it is generated.

  In brief, in the information disclosure system according to the first embodiment, a third party (for example, a service center that handles the disclosure address T) other than the referred person A and the reference person B receives an individual from the referenced person A. When the information is received, it is stored in the personal information storage unit (see (1) in FIG. 8). Further, the third-party service center receives the disclosure policy, that is, the relationship level R and the disclosure control content S from the referenced person A, and stores them in the disclosure policy storage unit (see (2) in FIG. 8).

  On the other hand, the service center receives the relationship level R, the referenced person identification information ID_A, and the valid condition C from the referenced person A as a request for issuing the disclosure address T to be given to the referring person B (see (3) in FIG. 8). ). Then, the service center concatenates the referenced person identification information ID_A and the falsification prevention code obtained by inputting the referenced person identification information ID_A, the relationship level R, and the validity condition C into a function determined from a predetermined key. A disclosure address T in the form of a mail address in which the character string is “user name portion” is generated (see (4) in FIG. 8). Further, the service center delivers the generated disclosure address T to the reference person B (see (5) in FIG. 8).

  Then, the service center receives an email from the referrer B with the disclosure address T as the destination address as a reference request for the personal information of the referee A (see (6) in FIG. 8). After that, the service center inputs the referenced person identification information ID_A, the relationship level R, and the valid condition C into a function determined from a predetermined key to verify the validity of the disclosure address T, and is included in the disclosure address T. Whether or not the disclosure control content can be executed is determined using the valid condition C (see (7) in FIG. 8). Note that “Q” shown in the figure means that extraction is performed using a key.

  After that, when the validity of the disclosure address T is recognized and the execution of the disclosure control content is permitted, the service center, among the personal information stored in the personal information storage unit, the disclosure address T The personal information corresponding to the referenced person identification information ID_A included in the reference is referenced according to the disclosure control content S corresponding to the relationship level R included in the disclosure address T among the disclosure control content S stored in the disclosure policy storage unit. The information is transmitted to the person B and disclosed (see (8) in FIG. 8). That is, if the disclosure control content S corresponding to the relationship level R included in the disclosure address T received from the referrer B is “disclose only the mail address and address”, the mail address of the referee A And only the address is disclosed to the referrer B.

  As described above, according to the first embodiment, in the information disclosure service for disclosing the information of the accessed person A to the accessor B, the disclosure level T is acquired instead of the disclosure control content S and the disclosure address T is generated. Thus, a complicated process of receiving the same disclosure control content S many times is not necessary, and a similar disclosure address T can be generated by a simple process of receiving a similar relationship level R, as described above. The same disclosure control can be easily performed on a group of users having a similar relationship (a relationship between friends, colleagues, etc.) among the plurality of access users B.

  In addition, according to the first embodiment, since the generated disclosure address T is not managed in the database, predetermined information is newly accumulated in the database every time an access code is generated as described above. Therefore, disclosure control can be performed without using such a database. That is, the relationship level R and the disclosure control content S are not managed in the database for each generated disclosure address T, but the relationship level R is included in the disclosure address, so that it is proportional to the number of disclosure addresses T created. Such database itself can be made unnecessary without increasing database resources.

[System Configuration (Example 1)]
Next, the configuration of the information disclosure system according to the first embodiment will be described with reference to FIG. FIG. 9 is a diagram illustrating a configuration of the information disclosure system according to the first embodiment.

  As shown in the figure, this information disclosure system includes a referee terminal 1, a reference terminal 2, a user information server 10, an address issuing server 20, and an information disclosure server 30 on a network (Internet 3 or (Communication network formed by a LAN 4, a router, etc.) is connected to be communicable with each other. Below, after describing the outline | summary of each apparatus, the detail of each apparatus is demonstrated.

  The referee terminal 1 and the referee terminal 2 are known personal computers or workstations, home game machines, Internet TVs, PDAs, mobile phones, or the like installed with communication software such as e-mail software and browser software. A mobile communication terminal such as PHS.

  More specifically, the referenced person terminal 1 is a terminal used by the referenced person A, and mainly plays a role of transmitting personal information and a disclosure policy to the information disclosure server 30 and an issue request message for the disclosure address T. For transmitting to the address issuing server 20, and for receiving an address generation notification from the address issuing server 20.

  On the other hand, the referrer terminal 2 is a terminal used by the referrer B, and mainly discloses the role of receiving and registering the disclosure address T from the address issuing server 20 and disclosing the reference request mail with the disclosure address T. It has a role of transmitting to the server 30 and a role of receiving a disclosure mail including personal information related to disclosure from the information disclosure server 30.

  The user information server 10 is a database device that stores data and programs necessary for various processes performed by the information disclosure system according to the first embodiment, and mainly manages information of a user who receives an information disclosure service (referenced person A). Have a role.

  The address issuing server 20 is a server device of a trader who provides an information disclosure service, similar to the information disclosure server 30 described later. The address issuing server 20 mainly has a role of receiving an address issue request message from the referee terminal 1, and a disclosure address T It has a role to generate, a role to transmit the generated disclosure address T to the referee terminal 1 and the referee terminal 2, and the like. The address issuing server 20 corresponds to the access code generation unit described above.

  The information disclosure server 30 is a known server device that provides an information disclosure service. The information disclosure server 30 mainly receives a personal information and a disclosure policy from the referred person terminal 1 and registers the information, and a disclosure address T from the reference terminal 2. The role of receiving the accompanying reference request mail, the role of determining whether disclosure is possible based on the disclosure address T included in the reference request mail, and transmitting and disclosing personal information to the referrer terminal 2 based on the disclosure address T Have a role. The information disclosure server 30 corresponds to the access control unit described above.

[Referenced Terminal (Example 1)
As described above, the referee terminal 1 has a role of transmitting personal information and a disclosure policy to the information disclosure server 30 and issues an issue request message for the disclosure address T as described above. It has a role of transmitting to the server 20 and a role of receiving an address generation notification from the address issuing server 20.

  Here, the transmission of personal information (that is, the referred person information such as a telephone number, an e-mail address, an address, a schedule, etc.) is performed in accordance with an instruction from the referred person A, regularly every predetermined time, or personally. When the information is changed, it is performed by transmitting an update request message including the referred person identification information ID_A, a user authentication password, and personal information.

  In addition, transmission of a disclosure policy (that is, information composed of the relationship level R and the disclosure control content S) is also changed in response to an instruction from the referee A, periodically at predetermined time intervals, or in the disclosure policy. At that time, it is performed by transmitting an update request message including the referred person identification information ID_A, a password for user authentication, and a disclosure policy.

  The issue request message is transmitted through a “disclosure address issue page” as illustrated in FIG. That is, after accessing the address issuing server 20, if user authentication is successful through the user authentication page as illustrated in FIG. 14, the “disclosure address issue page” as illustrated in FIG. However, the relationship level R, valid condition C (expiration date designation, referrer designation), and disclosure address T (referencer identification information ID_B) for such a page are displayed via a keyboard or mouse. When input from the referenceee A, an address issue request message including these pieces of input information is transmitted to the address issue server 20.

  The address generation notification is received by receiving an “address issuance response page” as illustrated in FIG. 16 from the address issuance server 20 and outputting the page to the monitor of the referee terminal 1 or the like.

[Referencer terminal (Example 1)]
As described above, the referrer terminal 2 receives the registration address T from the address issuing server 20 and registers the reference request mail with the disclosure address T as information closely related to the present invention. It has a role of transmitting to the disclosure server 30 and a role of receiving a disclosure mail including personal information related to disclosure from the information disclosure server 30.

  Here, the disclosure address T is received and registered through an “address generation notification mail” as illustrated in FIG. That is, when an “address generation notification mail” as illustrated in FIG. 17 is received from the address issuing server 20, the content including the disclosure address T is output to the monitor or the like of the referrer terminal 2. When the disclosure address T is designated by the reference person B via the keyboard or the mouse, the designated disclosure address T is registered in the address storage unit 2a (so-called mail software address book).

  Further, the reference request mail is transmitted by transmitting a “reference request mail” as illustrated in FIG. 18 to the information disclosure server 30 in accordance with an instruction from the reference person B or periodically at predetermined time intervals. Is called. That is, as illustrated in FIG. 18, when a reference request mail addressed to the disclosure address T is created by the reference person B via the keyboard or mouse of the reference terminal 2, the created reference request mail is Send.

  When transmitting such a reference request mail, the referrer B can make a limited disclosure request via the mail subject (SUBJECT) as illustrated in FIG. In other words, for example, when a reference is requested only for the schedule of April 1, 2004, a limited disclosure request command such as “sched 040401” is input to the subject.

  The referenceee information is received by receiving a “disclosure mail” as illustrated in FIG. 19 from the information disclosure server 30. That is, as illustrated in FIG. 19, an e-mail containing the name of the disclosure subject (referred person A) and the limited disclosure request command together with the information on the referenced person to be disclosed is received.

[User Information Server (Example 1)]
As described above, the user information server 10 has a role of managing information of a user (referee) who receives an information disclosure service, as described above. Specifically, as shown in FIG. 9, a user information table 11 is provided. The user information table 11 stores a password for user authentication, an e-mail address, and the like in association with the user ID of each user. Configured.

[Address issuing server (Example 1)]
As illustrated in FIG. 9, the address issuing server 20 includes a communication unit 21, a user authentication unit 22, an issue key storage unit 23, and an address generation unit 24 as closely related to the present invention. The communication unit 21 corresponds to “notification unit” described in the claims, and the address generation unit 24 also corresponds to “access code generation unit”.

  Among these, the communication unit 21 is a processing unit that controls communication with the referenced person terminal 1 according to a so-called HTTP communication protocol. Specifically, a process for receiving an access request from the referenced person terminal 1 and transmitting a user authentication page (see FIG. 14) to the referenced person terminal 1, a user authentication request message comprising information entered on the user authentication page Is received from the referenced person terminal 1, and is received from the referenced person terminal 1, for example, an address issue request message composed of information input on the disclosure address issue page (see FIG. 15).

  Further, when the disclosure address T is generated by the address generation unit 24 to be described later, the communication unit 21 generates the address issuance response page (see FIG. 16) in addition to the process of transmitting to the referenced person terminal 1. A process for generating a generation notification mail including the disclosed disclosure address T (see FIG. 17) and transmitting the generation notification mail to the referrer terminal 2 is also executed.

  The user authentication unit 22 is a processing unit that authenticates whether or not the referred person A is a valid user who can request the issuance of the disclosure address T. Specifically, when a user authentication request message including information input on the user authentication page (see FIG. 14) is received from the referenced person terminal 1, the identification information and password included in the request message are stored in the user information table. 11 is authenticated whether or not it is stored in association with 11. As a result, if the user authentication is successful, information to that effect is passed to the address generation unit 24 described later, and if the user authentication fails, a response to that effect is sent to the referenced user terminal 1.

  The issuance key storage unit 23 is a means for storing an issuance key (master key) used for generating the disclosure address T. This issuance key is a verification key stored in a verification key storage unit 36 of the information disclosure server 30 described later. It is the same key as the key.

  The address generation unit 24 is a processing unit that receives information used for generating the disclosure address T from the referenced user terminal 1 and generates the disclosure address T. Specifically, through the “disclosure address issuance page” illustrated in FIG. 15, the relationship level R, valid condition C (expiration date designation, referrer designation), and disclosure address T notification destination (referrer identification information) ID_B) is received. The referred person identification information ID_A is accepted without waiting for input with the user name written in the above-described user authentication page.

  Then, the address generation unit 24 issues the issuance key stored in the issuance key storage unit 23, the relationship level R received from the referenced person A, the valid condition C (expiration date designation, reference designation), and the referenced person identification information ID_A. Is used to generate the disclosure address T in the mail address format described above. Specifically, as shown in FIG. 16 and FIG. 17, the reference person identification information ID_A, the relation level R, and the valid condition C are input to a function determined from a predetermined key. A disclosure address T in a mail address format is generated in which a character string concatenated with the tampering prevention code is “user name part”.

[Information Disclosure Server (Example 1)]
As illustrated in FIG. 9, the information disclosure server 30 is closely related to the present invention. As illustrated in FIG. 9, the communication unit 31, the user authentication unit 32, the personal information storage unit 33, the disclosure policy storage unit 34, The update part 35, the verification key memory | storage part 36, the disclosure determination part 37, and the disclosure control part 38 are provided. The disclosure policy storage unit 34 corresponds to the “access control content storage unit” recited in the claims, the disclosure determination unit 37 corresponds to the “verification unit” and the “execution determination unit”, and the disclosure control unit 38. Corresponds to “access control means”.

  Among these, the communication unit 31 is a processing unit that controls communication with the referee terminal 1, the referrer terminal 2, and the like according to a so-called SMTP or HTTP communication protocol. Specifically, a process for receiving an update request message related to personal information or a disclosure policy from the referenced person terminal 1, a process for receiving a reference request mail for personal information (see FIG. 18) from the reference person terminal 2, and a disclosure A process of transmitting a disclosure mail (see FIG. 19) including personal information to the referrer terminal 2 is executed.

  Here, when receiving the reference request mail, the communication unit 31 receives a limited disclosure request from the reference person B via the mail subject (SUBJECT) as described above. That is, as illustrated in FIG. 18, for example, a reference request command such as “sched 040401” is input from the referrer B who requests reference only for the schedule of April 1, 2004. Accept reference request emails.

  The user authentication unit 32 is a processing unit that authenticates whether or not the referred person A is a valid user who can receive the information disclosure service. Specifically, whether or not the identification information and the password included in the message are stored in association with the user information table 11 when the personal information or disclosure policy update request message is received from the referenced person terminal 1. Certify. As a result, if the user authentication is successful, the information to that effect is transferred to the information updating unit 35 described later, and if the user authentication fails, a response to that effect is sent to the referenced user terminal 1.

  The personal information storage unit 33 is means for storing the personal information of the referenced person A received from the referenced person terminal 1. Specifically, as illustrated in FIGS. 10 and 11, the telephone number (phone), mail address (e-mail), and address (of the referenced person A are associated with the user ID of each referenced person A. address) is stored in the basic information table, and the start date / time, end date / time, and contents of the schedule are stored in the schedule table. In the schedule table, for each schedule, whether it is a public schedule or a private schedule may be stored.

  The disclosure policy storage unit 34 is a means for storing the disclosure policy of the referenced person A received from the referenced person terminal 1. Specifically, as illustrated in FIG. 12, the disclosure control content S is stored for each relationship level R in association with the user ID of each referenced person A. Here, in the first embodiment, the disclosure control content S that uses different disclosure information items for each relationship level is adopted, so that the disclosure control content S includes “phone, e-mail, address, schedule” as illustrated in FIG. ”And the like are listed and specified. Note that “schedule” means that all schedules are disclosed regardless of whether they are public schedules or private schedules, and “public-schedule” means that only public schedules are disclosed. It is.

  The information update unit 35 is a processing unit that registers personal information and a disclosure policy in the personal information storage unit 33 and the disclosure policy storage unit 34, respectively. Specifically, after receiving the update request message for the personal information and the disclosure policy from the referenced person terminal 1, when the user authentication of the referenced person A is successful, the information updating unit 35 includes the updated individual included in the request message. Information and a disclosure policy are registered in the personal information storage unit 33 and the disclosure policy storage unit 34. Such update processing is executed every time personal information or a disclosure policy is received from the referenced user terminal 1, and can be executed at any time independently of address generation processing, disclosure determination processing, and disclosure control processing.

  The verification key storage unit 36 is a unit that stores a verification key (master key) used for verification of the disclosure address T. The verification key is an issue key stored in the issue key storage unit 23 of the address issue server 20. It is the same key.

  The disclosure determination unit 37 is a processing unit that determines whether personal information can be disclosed based on the disclosure address T received from the referrer terminal 2. Specifically, when the reference request mail is received from the referrer terminal 2, the reference target identification information ID_A, the relation level R, and the valid condition C are input to a function determined from a predetermined key to verify the validity of the disclosure address T ( Whether or not the same falsification prevention code as the falsification prevention code included in the disclosure address T is output) and whether or not the disclosure control contents can be executed using the effective condition C included in the disclosure address T (see Whether or not the user designation or the expiration date designation is satisfied.

  The disclosure control unit 38 is a processing unit that executes the disclosure control content S specified from the disclosure address T when the disclosure determination unit 37 permits the disclosure. Specifically, of the personal information stored in the personal information storage unit 33, the personal information corresponding to the referenced person identification information ID_A included in the disclosure address T is stored in the disclosure policy storage unit 34. Disclosure is performed in accordance with the disclosure control content S corresponding to the relationship level R included in the disclosure address T in S (more specifically, according to the limited disclosure request input in the subject of the reference request mail).

[Processing Procedure from Generation of Disclosure Address to Information Disclosure (Example 1)]
Next, a processing procedure from generation of the disclosure address T to information disclosure will be described with reference to FIG. FIG. 13 is a sequence diagram illustrating a processing procedure from disclosure address generation to information disclosure.

  As shown in the figure, when the referee terminal 1 transmits an access request message to the address issuing server 20 (step S1301), the address issuing server 20 accesses an “user authentication page” as illustrated in FIG. A response message is transmitted to the referee terminal 1 (step S1302).

  Subsequently, a user name (referred person identification information ID_A) and a password are input to the “user authentication page” in the referred user terminal 1, and a user authentication request message including these input information is transmitted to the address issuing server 20. If so (step S1303), the address issuing server 20 authenticates whether the identification information and the password included in the request message are stored in association with the user information table 11 (step S1304). The user authentication is not limited to the password authentication as described above, and any other authentication method such as a digital certificate may be adopted.

  As a result, if the user authentication is successful, the address issuing server 20 transmits a response message including a “disclosure address issuing page” as illustrated in FIG. 15 to the referenced user terminal 1 (step S1305). If the user authentication fails, a response to that effect is sent to the referenced user terminal 1.

  Then, with respect to the “disclosure address issuance page” at the referee terminal 1, the relationship level R, valid condition C (expiration date designation, referrer designation), and disclosure address T notification destination (referrer identification information ID_B) When the address issuance request message composed of the input information is transmitted to the address issuance server 20 (step S1306), the address issuance server 20 generates a disclosure address T (step S1307). That is, a character string obtained by concatenating the reference identification information ID_A and the falsification prevention code obtained by inputting the reference identification information ID_A, the relationship level R, and the valid condition C into a function determined from a predetermined key is expressed as “user”. An address T for disclosure in the form of a mail address “name part” is generated.

  Subsequently, the address issuance server 20 transmits an address issuance response page (see FIG. 16) including the generated disclosure address T to the referee terminal 1 and a generation notification including the generated disclosure address T. A mail (see FIG. 17) is created and this generation notification mail is transmitted to the referrer terminal 2 (steps S1308 and S1309).

  Then, in the referrer terminal 2, the content of the generation notification mail as illustrated in FIG. 17 is output to a monitor or the like, and the disclosure address T is designated by the referrer B via the keyboard or mouse on this mail. As the address storage process, the designated disclosure address T is registered in the address storage unit 2a (so-called mail software address book) (step S1310).

  After that, the referrer terminal 2 responds to the referer's instruction or periodically every predetermined time, as illustrated in FIG. Is transmitted to the information disclosure server 30 (step S1311). Note that the referenceer identification information ID_B is also transmitted to the information disclosure server 30 as the sender address of the reference request mail.

  The information disclosure server 30 that has received the reference request mail verifies the validity of the disclosure address T included in the reference request mail and discloses it using the validity condition C included in the disclosure address T as a disclosure determination process. It is determined whether or not the control content S can be executed (step S1312). That is, whether the same falsification prevention code as the falsification prevention code included in the disclosure address T is output by inputting the referred person identification information ID_A, the relation level R, and the valid condition C into a function determined from a predetermined key. And whether or not the valid condition C (referencer designation or expiration date designation) included in the disclosure address T is satisfied is determined.

  Then, as the disclosure control process, the information disclosure server 30 converts the personal information corresponding to the referenced person identification information ID_A included in the disclosure address T into the disclosure control content S corresponding to the relationship level R included in the disclosure address T. (In detail, according to the limited disclosure request entered in the subject of the reference request mail), a disclosure mail (see FIG. 19) to be disclosed is created, and the disclosure mail is transmitted to the reference terminal 2 ( Step S1313).

  By the way, as described above, the update processing of the personal information and the disclosure policy in the information disclosure server 30 is performed after the update from the referenced terminal 1 independently of the processing procedure from the generation of the disclosure address to the information disclosure. It is executed every time when personal information or disclosure policy is received. Therefore, the updated personal information registered in the information disclosure server 30 when the reference request mail is received from the referrer terminal 2 is also in accordance with the updated disclosure policy registered in the information disclosure server 30 at that time. Will be disclosed to the reference person B.

[Effects of Example 1]
As described above, according to the first embodiment, in the information disclosure service for disclosing the information of the referred person A to the reference person B, the disclosure level T is acquired instead of the disclosure control content S and the disclosure address T is generated. The same disclosure control can be easily performed on a group of users who have a similar relationship (a relationship between friends, colleagues, etc.) among the plurality of referents B.

  In addition, according to the first embodiment, the relationship level R and the disclosure control content S are not managed in the database for each disclosure address T to be generated, but the relationship level R is included in the disclosure address. Database resources do not increase in proportion to the number of files created, and such a database itself can be made unnecessary.

  Further, according to the first embodiment, the disclosure level T is included in the disclosure address T, while the disclosure control content S corresponding to the relationship level R is referred to during disclosure control (disclosure policy storage unit of the information disclosure server 30). 34), even after the disclosure address T is generated, the disclosure control content S can be easily and collectively changed only by updating the disclosure policy storage unit 34.

  Further, according to the first embodiment, since the disclosure address T is generated using a key, it is difficult to illegally generate or alter the disclosure address T by a malicious third party, and highly secure disclosure control is performed. It becomes possible. Furthermore, since the disclosure address T in which the valid condition C is also embedded by the key is generated, it becomes difficult to illegally generate or alter the valid condition by a malicious third party, and it is possible to perform highly secure disclosure control. .

  Further, according to the first embodiment, since the falsification prevention code obtained from the key function is included in the disclosure address T, the encrypted data obtained by encryption (in the case of encryption, depending on the data block length of the encryption algorithm) Since the length of the data is determined, it is impossible to generate short encrypted data.) Compared to the case of including the data, it is possible to generate a short disclosure address T with a short tampering prevention code.

  Further, according to the first embodiment, since the disclosure address T including the execution condition C is generated, it is possible to eliminate an unauthorized disclosure request that does not satisfy the execution condition C. More specifically, since the disclosure period T includes the period, time, referrer, and the like during which the execution of the disclosure control content S is permitted, as the execution condition C, it is common or individual among the referrer groups having the same relationship. It becomes possible to perform practical disclosure control.

  Further, according to the first embodiment, since the disclosure address T in the mail address format is generated, the referrer B can easily manage the disclosure address T using the address book in the existing mail software. Furthermore, it becomes possible to simply request disclosure of personal information simply by sending a reference request mail using existing mail software.

  Further, according to the first embodiment, since the third party such as the address issuing server 20 and the information disclosure server 30 has the authority to generate and verify the disclosure address T, the reference person A and the reference person B trust each other. It becomes possible to perform highly reliable disclosure control.

  Further, according to the first embodiment, the disclosure address T generated by the address issuing server 20 which is a third party is notified from the address issuing server 20 to the referenced person A. It is possible to prevent a situation where a disclosure address T for disclosing the personal information of the referred person A is generated.

  Further, according to the first embodiment, the disclosure address T generated by the address issuing server 20 which is a third party is notified from the address issuing server 20 to the reference person B. It is possible to save the trouble of notifying the reference person B.

  Further, according to the first embodiment, since the generation notification mail including the generated disclosure address T in the message body is transmitted to the referrer B, for example, the mail address included in the message body is selected and instructed. By simply using general mail software having a function of registering in the address book, the referrer B can easily register and manage the disclosure address T, and the disclosure address T can be easily used. It becomes possible.

  Although the information disclosure system according to the first embodiment has been described so far, the present invention may be implemented in various different forms other than the above-described embodiments. Therefore, in the following, as the information disclosure system according to the second embodiment, various different embodiments will be described by dividing them into (1) to (18).

(1) Disclosure Timing In the above embodiment, the case where information disclosure is performed at the timing when the reference request mail is received from the referrer B has been described. However, the present invention is not limited to this, and personal information is updated. Information disclosure may be performed at the determined timing.

  That is, in this case, when the reference request mail is received from the reference person B, the disclosure determination is performed based on the disclosure address T included in the reference request mail, and the disclosure address T permitted to be disclosed by this disclosure determination is determined. , The reference identification information ID_B, the reference identification information ID_A, the disclosure control content S, and the disclosure information items derived from the limited disclosure request are stored in the database in association with each other.

  Then, when the personal information stored in the personal information storage unit is updated, the reference information ID_B in which the personal information related to the update is entered as a disclosure information item is searched from the database, and the reference person A disclosure mail including personal information related to the update is transmitted to the identification information ID_B. Thus, by disclosing personal information to the reference person B at the timing when the personal information is updated, the reference person B can acquire the updated personal information at the time of update.

(2) Common Disclosure Policy In the above embodiment, the case where the disclosure policy is stored for each referenceee has been described. However, the present invention is not limited to this, and as illustrated in FIG. You may make it memorize | store a common disclosure policy in a system, without distinguishing a reference person. In this case, it is possible to omit the disclosure policy storage process by the referenced person A, and the referenced person A can smoothly start using the information disclosure service. In the above-described embodiment, the case where there are a plurality of relationship levels R is shown, but the present invention can be similarly applied even when there is only one relationship level R.

(3) Relation information In the above embodiment, the relation information such as “friend, colleague, boss” is replaced with the code value (relation level value R) of “0, 1, 2” and processed on the system. As described above, the present invention is not limited to this, and it is used without replacing related information with code values, such as including raw information (keywords) such as “friend, colleague, boss” in the disclosure address T as it is. You may make it do. In this way, by using raw relational information, there is no need to assume a boundary such as a code sphere (a range in which the meaning of the code is valid), and the disclosure address T can be freely used in a wide range. Is possible.

(4) Disclosure Control Contents Disclosure control contents such as “telephone number disclosure, e-mail address disclosure” in the above embodiment are replaced with a code of “0 (cannot be disclosed)” or “1 (can be disclosed)” on the system. Or may be replaced with more complex code values. On the other hand, the disclosure control content may be used without replacing it with a code value, such as including raw information (keyword) such as “telephone number disclosure, email address disclosure” as it is in the disclosure address T. In the latter case, as described above, the disclosure address T can be freely used in a wide range.

  In the above embodiment, the case where the type of information to be disclosed is defined in the disclosure control content S has been described. However, the present invention is not limited to this and is disclosed as illustrated in FIG. Other control contents such as the timing to be disclosed, the terminal (medium) to be disclosed, and the processing for the disclosure may be defined in the disclosure control contents S.

  That is, as the disclosure timing, for example, disclosure at “request time (when sending a reference request mail)”, disclosure at “update time (when updating personal information)”, or the like may be specified. Further, as the disclosure terminal (medium), for example, the reference request mail is “PC mail (Internet mail)” based on the sender address of the reference request mail by the referrer B (this is the destination address of the disclosure mail). "If disclosed" and "mobile mail" may be disclosed.

  Further, as disclosure processing, for example, when disclosing a schedule, it may be specified that the name of the other party of the meeting is hidden and disclosed, or only the “scheduled” is disclosed by hiding the schedule content itself. When an address is disclosed, it may be specified to hide and disclose the street name. In this way, by executing the disclosure control content that defines the disclosure timing, disclosure processing, disclosure terminal (medium), etc., the same disclosure information types and disclosures can be easily made for the reference groups having the same relationship. Personal information can be disclosed with timing, disclosure processing, and disclosure medium.

  Note that when the other control contents as described above are defined in the disclosure control contents S, the reference person B can make a disclosure request in a limited manner. In other words, for example, when two disclosure timings “at request” and “at update” are defined, it is possible to request disclosure only at “request”.

(5) Identification Information In the above-described embodiment, the case where a user ID such as a user name or a user number is used as identification information of the referred person A or the reference person B has been described, but the present invention is limited to this. User IDs associated with user IDs (email addresses, telephone numbers, etc.), and user identifiers generated using these user IDs and user addresses (hash generated from user IDs and user addresses) Values and encrypted data obtained by encrypting these values can also be used as identification information.

(6) Effective condition In the above-described embodiment, the case where the time limit for allowing the execution of the disclosure control content or the reference person is specified as the effective condition has been described, but the present invention is not limited to this, for example, You may make it designate other effective conditions, such as the period (for example, only a weekend) and time (for example, only daytime) in which execution of the disclosure control content is permitted.

(7) Message Address In the above embodiment, the case where the disclosure address T is generated in the form of a mail address used for an electronic mail message such as Internet mail or mobile mail has been described, but the present invention is not limited to this. For example, the disclosure address T may be generated in the form of a message address used for a so-called instant message, presence exchange message, SIP message such as an IP telephone control message.

(8) Disclosure Address in URL Format Further, the disclosure address T may be generated in a so-called URL (Uniform Resource Locator) format without being limited to such a message address format. That is, as illustrated in FIG. 22 and FIG. 23, a URL (Uniform Resource Locator) address having a character string obtained by concatenating the referred person identification information ID_A and the falsification prevention code of the above-described embodiment as a “path name portion”. You may form as. Hereinafter, the disclosure address T in the URL format will be specifically described.

  FIG. 22 is a diagram illustrating a configuration example of a creation notification mail received by the referrer B, and FIG. 23 is a diagram illustrating a configuration example of a screen related to information disclosure. Here, as illustrated in FIG. 22, the disclosure address T in the URL format is, for example, a person referred to after “//www.anywhere.ne.jp” indicating the server name (address) of the information disclosure server. It is formed by concatenating the identification information “/ suzuki” and the falsification prevention code “/ bgexrasdqwiu”.

  When the reference terminal 2 receives an “address generation notification mail” as illustrated in FIG. 22 from the address issuing server, the content including the generated URL address is output to the monitor or the like of the reference terminal 2. However, when the URL address is designated by the referrer B via the keyboard or mouse on this mail, the designated URL address is registered in the address storage unit 2a (so-called web browser software favorite).

  After that, when a reference request message having the URL address (disclosure address T) as the connection destination address is transmitted to the information disclosure server using the Web browser software of the referrer terminal 2, the information disclosure server transmits the URL address (disclosure). A disclosure determination process and a disclosure control process are performed based on the address T), and a disclosure screen as illustrated in FIG. In the case of the disclosure address T in the URL format, as illustrated in FIG. 23, a limited disclosure request command is input after the falsification prevention code.

  In this way, by generating the URL format disclosure address T, the reference B can easily manage the disclosure address T using “favorites” in the existing browser software. It is possible to simply request disclosure of personal information simply by sending a disclosure request using the browser software.

(9) Disclosure address T in other format
Further, the present invention is not limited to the disclosure address T in the message address format or URL format, and for example, a telephone number, a barcode (for example, a two-dimensional barcode), various card information (for example, magnetic information of the card). The present invention can be similarly applied to any information member that can express the disclosure address T, such as information stored in the IC card).

  More specifically, in the case of the disclosure address T expressed by a telephone number, a connection request with the telephone number as a connection destination is received from the telephone terminal of the referrer B by the connection device of the telephone network, and the disclosure determination process Or disclosure control processing is performed, and disclosure information is returned to the telephone terminal. Further, in the case of the disclosure address T expressed by a barcode, the barcode-attached medium (for example, a business card or a prepaid card) is read by a barcode reader, and disclosure determination processing or disclosure control processing is performed. Disclosure information is output from a display device connected to the barcode reader. Further, in the case of the disclosure address T expressed by the card information, the disclosure is performed by the same method as the above barcode.

(10) Notification of Disclosure Address T In the above embodiment, the case where the address issuing server directly notifies the referrer B of the generated disclosure address T has been described. However, the present invention is not limited to this. 24, the generated disclosure address T may be transmitted only to the referenced person A, and the reference person B may acquire the disclosure address T from the referenced person A.

  Further, in the above-described embodiment, the case where the disclosure address T is notified to the referrer B by e-mail has been described. However, such notification does not necessarily have to be performed by e-mail. It is sufficient that the referrer B obtains the disclosure code through some means, such as offline notification or verbal notification.

(11) Disclosure Address T Generating Body In the above embodiment, the case where a third party (service center) who is not the referred person A generates the disclosure address T has been described. However, the present invention is not limited to this. Instead, as illustrated in FIG. 25, the disclosure address T may be generated by the referenced person terminal 1 which is the terminal of the referenced person A. That is, in this case, the referenced person terminal 1 generates the disclosure address T using the private key of the referenced person A, and the information disclosure server 30 uses the public key of the referenced person A to determine disclosure. I do.

  As described above, the reference person A has the authority to generate the disclosure address T, so that the burden of generating a disclosure address T by a third party such as a service center is distributed and the disclosure level is flexible at the user level. It becomes possible to generate the address T.

(12) Disclosure address T verification subject In the above embodiment, a case where a third party (service center) who is not the referred person A performs disclosure address T verification and disclosure control has been described. The present invention is not limited to this, and as illustrated in FIG. 25, verification of disclosure address T and disclosure control may be performed by the referenced person terminal 1 that is the terminal of the referenced person A.

  That is, for example, the disclosure address T generated at the service center may be received from the referrer B by the referee terminal 1 and processed. In this way, the reference person A has the authority to verify the disclosure address T (and also the authority to control disclosure), so that the burden of verifying the disclosure address T by a third party such as a service center (and further disclosure control). And the disclosure address T can be verified flexibly (and disclosure control can be performed flexibly) at the user level.

  For example, the disclosure address T generated by the referenced person terminal 1 may be received from the referring person B by the referenced person terminal 1 and processed. As described above, the referee A has the authority to generate the disclosure address T and the authority to verify (and the authority to control disclosure), so that the referee A can perform self-led disclosure control with a high degree of freedom. Is possible.

(13) Disclosure address T including disclosure control content S
In the above embodiment, the case where the disclosure address T including the relationship level R received from the referenced person A has been described. However, the present invention is not limited to this, and the receiving address T is accepted from the referenced person A. Instead of the relationship level R, a disclosure address T including the disclosure control content S corresponding to the relationship level R may be generated.

  That is, in this case, the address issuing server 20 has the disclosure policy storage unit 34, and extracts the corresponding disclosure control content S from the disclosure policy storage unit 34 based on the relationship level R received from the referenced person A. The disclosure address T including the disclosure control content S is generated. Thus, by generating the disclosure address T including the disclosure control content S, it is necessary to use a table (disclosure policy storage unit 34) in which the relationship level R and the disclosure control content S are associated with each other for disclosure control. As compared with the case where the disclosure address T including the relationship level R is processed, the disclosure control can be performed at high speed.

(14) Encrypted Data In the above embodiment, the case where the disclosure address T including the so-called falsification preventing code is generated has been described. However, the present invention is not limited to this, and the falsification preventing code is not limited thereto. Instead, a disclosure address T including encrypted data obtained by encrypting the referenced person identification information ID_A, the disclosure control content S, and the valid condition C with a key may be generated.

  In this way, by including the encrypted data obtained by key encryption in the disclosure address T, it includes encrypted data that is difficult to decipher in a long sentence and various disclosure control contents S without restriction on the data length. It becomes possible to generate the disclosure address T.

  In this case, not only a common key encryption method (a method in which the generation side and the verification side use the same key) that must strictly manage both the encryption key and the decryption key, Adopting a public key cryptosystem (a scheme in which the generation side and the verification side use two keys, a private key and a public key), in which only either the encryption key or the decryption key must be strictly managed Is possible.

(15) Generation of Disclosure Address T Using Key In the above embodiment, the case where the falsification preventing code is generated using the relationship level R has been described, but the present invention is not limited to this, and the relationship The falsification preventing code may be generated using the disclosure control content S corresponding to the level R. That is, the falsification prevention code is not limited to that described in the above embodiment, and can be obtained by appropriately using the referred person identification information ID_A, the relationship level R or the disclosure control content S, the effective condition C, or a combination thereof. Any tamper-proof code may be used.

  In the above embodiment, the case where the encrypted data is generated using the disclosure control content S has been described. However, the present invention is not limited to this, and the encrypted data is generated using the relationship level R. You may make it do. That is, the encrypted data is not limited to that described in the above embodiment, and can be obtained by appropriately using the referred person identification information ID_A, the relationship level R or the disclosure control content S, the effective condition C, or a combination thereof. Any encrypted data may be used.

(16) Source of personal information and disclosure policy In the above embodiment, the case where the personal information and the disclosure policy received from the referred person A are stored in the service center has been described. However, the present invention is limited to this. Rather than sending the personal information and disclosure policy, such as storing personal information and disclosure policy of the referenced person A received from a third party other than the referenced person A (for example, the family and boss of the referenced person A) The source is not necessarily the referee A itself (see FIG. 26).

(17) Other Disclosure Information In the above embodiment, the case where personal information such as the telephone number, mail address, address, schedule, etc. of the referred person is disclosed has been described. However, the present invention is not limited to this. For example, information on the marital status of a referenced person (whether or not a spouse), family structure, etc., as well as information indicating the logged-on status, logon location, and telephone usage status of the referenced person with respect to the network. You may make it disclose the presence information which shows a dynamic attribute.

  Furthermore, the present invention is not limited to such information related to an individual, and the present invention can be similarly applied even when information related to a referenced person A, which is an organization or a group, is disclosed. That is, the present invention is stored and managed in association with the referenced person identification information A that uniquely identifies the referenced person A as a referenced subject regardless of whether it is an individual or an organization. It can be applied when all information is disclosed.

  Further, in the above-described embodiment, a case has been described in which the referred person A updates the disclosure information (information stored in the basic information table and the schedule table), but the present invention is not limited to this. For example, the reference person B can also update the information of the reference person A such that the reference person B adds a new schedule to the reference person A's schedule and changes the already added schedule. You may do it.

  Further, when such an update by the reference person B is permitted, the reference person A may be allowed to set whether to permit the update for each reference person B or for what information item. That is, like the disclosure information item S stored in the disclosure policy storage unit 34 (see FIG. 12), the control content defining the information item permitted to be updated by the reference person B is stored in association with the relationship level R. It may be. As a result, update control based on the access code can be realized as well as disclosure control based on the access code.

(18) Interlocked Issuance of Disclosure Address T In the above embodiment, a disclosure address T for controlling access of another user U2 (accessor) to an information disclosure service related to a certain user U1 (accessee). (Hereinafter referred to as T (U1)) has been described, but the present invention is not limited to this, and as illustrated in FIG. 27, it relates to the user U2 (accessed person). A disclosure address T (hereinafter referred to as T (U2)) for controlling the access of another user U1 (accessor) to the information disclosure service is also issued in conjunction with the disclosure address T (U1). You may make it do.

  In this way, by issuing the disclosure address T (U2) in conjunction with the disclosure address T (U1), only one user causes an unfairness such as obtaining the disclosure address T first. Accordingly, both users can fairly obtain the disclosure address T at the same time and access the information disclosure service from the same time.

  Further, regarding the generation of the disclosure address T (U2), the relation level R or the disclosure control content S and the effective condition C included in the disclosure address T (U2) are linked to the disclosure address T (U1), so that the same conditions are obtained. The same disclosure control may be executed. As a result, both users can receive the same quality information disclosure service without unfairness.

(19) System configuration etc. In addition, among the processes described in the above embodiments, all or a part of the processes described as being automatically performed can be performed manually or manually. All or part of the processing described as being performed can be automatically performed by a known method. In addition, information including processing procedures, control procedures, specific names, various data and parameters shown in the document and drawings (for example, information stored in a personal information storage unit or disclosure policy storage unit, etc.) Can be arbitrarily changed unless otherwise specified.

  In addition, each component of each device illustrated in the above embodiment (for example, the address issuing server and the information disclosure server illustrated in FIG. 9) is functionally conceptual and is not necessarily physically configured as illustrated. You don't need to be. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. Further, all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.

  In the above embodiment, each device (for example, a referee terminal, a referrer terminal, an address issuing server, an information disclosure server, etc.) that realizes the present invention has been described from the functional aspect. It can also be realized by causing a computer such as a personal computer or a workstation to execute the program. That is, the various processing procedures described in the first and second embodiments can be realized by executing a program prepared in advance on a computer. These programs can be distributed via a network such as the Internet. Further, these programs can be recorded on a computer-readable recording medium such as a hard disk, a flexible disk (FD), a CD-ROM, an MO, and a DVD, and can be executed by being read from the recording medium by the computer. In other words, for example, a CD-ROM (may be a separate CD-ROM for each apparatus) storing the address issuing server program as shown in the first embodiment and the information disclosure server program is distributed. Then, each computer may read and execute the program stored in the CD-ROM.

  The case where the access control according to the present invention is applied to the information disclosure service has been described so far. However, the present invention is not limited to this. For example, the caller B (accessor B) to the callee A “Message delivery service” for delivering a message sent to (accessed person A) or a telephone connection request sent from calling party B (accessing person B) to called party A (accessed person A) The present invention can be similarly applied to any service accessed by the accessor B with respect to the accessed person A, such as “telephone connection service”. Therefore, in the following, an embodiment when the access control according to the present invention is applied to the “message delivery service” and the “telephone connection service” will be described.

(1) Message Delivery Service FIG. 28 is a diagram for explaining a message delivery system according to another embodiment. In this message delivery system, a third party (for example, a service center handling the delivery address T) other than the callee A (accessee A) and the caller B (accessee B) sends the delivery destination information from the callee A. Is stored in the delivery destination information storage unit (see (1) in FIG. 28).

  Here, the “message” refers to various kinds of mails delivered with a destination address such as so-called instant messages, presence exchange messages, IP telephone control messages, etc. in addition to electronic mail messages such as Internet mail and mobile mail. It is a message. The “delivery destination information” is information indicating the delivery destination of a message whose destination is the recipient A. For example, the mobile email address of the recipient A, the PC email address, and the like correspond to this.

  In the third-party service center, such delivery destination information is received from the recipient A and stored in the delivery destination information storage unit (see (1) in FIG. 28). Further, the service center receives the delivery policy, that is, the relationship level R and the delivery control content S from the receiver A, and stores them in the delivery policy storage unit (see (2) in FIG. 28).

  Here, “delivery control content S” is control content related to delivery of the message delivery service. For example, as illustrated in FIG. 28, “delivery the message to the mobile phone and PC of the recipient A”. “The message is delivered only to the PC (personal computer) of the receiver A” corresponds to this.

  On the other hand, as a request for issuing a delivery address T (corresponding to the “access code” described in the claims) issued to the caller B, the service center sends a relationship level R, caller identification information from the caller A. ID_A and valid condition C are received (see (3) in FIG. 28). The service center then combines the caller identification information ID_A and the tampering prevention code obtained by inputting the callee identification information ID_A, the relationship level R, and the validity condition C into a function determined from a predetermined key. A delivery address T in the mail address format having the column “user name portion” is generated (see (4) in FIG. 28). Further, the service center delivers the generated delivery address T to the caller B (see (5) in FIG. 28).

  Then, the service center receives a message (mail) having the delivery address T as the destination address from the caller B as a message delivery request to the callee A (see (6) in FIG. 28). After that, the service center inputs the recipient identification information ID_A, the relation level R, and the validity condition C into a function determined from a predetermined key to verify the validity of the delivery address T, and also validates the validity included in the delivery address T. Whether or not the delivery control content can be executed is determined using the condition C (see (7) in FIG. 28).

  In addition, when the validity of the delivery address T is recognized and the execution of the delivery control content is permitted, the service center out of the delivery destination information stored in the delivery destination information storage unit. The delivery control content corresponding to the relationship level R included in the delivery address T among the delivery control content S stored in the delivery policy storage unit with reference to the delivery destination information corresponding to the callee identification information ID_A contained in the address T According to S, the message is delivered to the callee A (see (8) in FIG. 28).

  That is, for example, if the delivery control content S corresponding to the relationship level R included in the delivery address T received from the caller B is “deliver message to mobile phone and PC”, delivery is performed. The message from the caller B is delivered to the mobile phone and the PC terminal of the callee A using the mobile mail address and the PC mail address of the callee A stored in the destination information storage unit.

  According to the message delivery system described above, in a message delivery service for delivering a message sent from the caller B to the person A to be accessed, the same delivery can be easily made for messages sent from a group of users having the same relationship. Control can be performed.

  Also in this message delivery system, access control (delivery control) similar to the access control (disclosure control) described in the information disclosure system according to the first and second embodiments is realized. That is, in the description of the first and second embodiments, for example, “Disclosure address T” is “delivery address”, “Disclosure policy” is “delivery policy”, and “Disclosure control content” is “delivery control content”. The same access control can be applied.

(2) Telephone connection service FIG. 29 is a diagram for explaining a telephone connection system according to another embodiment. In this telephone connection system, a third party (for example, a service center that handles a telephone connection address T) other than the callee A (accessee A) and the caller B (accessor B) is connected from the callee A to the connection destination. When the information is received, it is stored in the connection destination information storage unit (see (1) in FIG. 29).

  Here, the “connection destination information” is information indicating a connection destination of a telephone whose destination is the callee A. For example, a mobile phone number of the callee A, a home phone number, a company phone number, etc. This is the case. In the third-party service center, such connection destination information is received from the callee A and stored in the delivery destination information storage unit (see (1) in FIG. 29).

  Further, the service center receives the connection destination policy, that is, the relationship level R and the connection control content S from the callee A, and stores them in the connection policy storage unit (see (2) in FIG. 29). Here, the “connection control content S” is control content related to the connection of the telephone connection service. For example, as illustrated in FIG. 29, “Connect to the mobile phone of the callee A”, “Incoming call”. The control content such as “Connect to the home phone of the person A” corresponds to this.

  On the other hand, the service center issues a relationship level R, a recipient identification from the recipient A as a request for issuing a telephone connection address T (corresponding to the “access code” described in the claims) given to the sender B. Information ID_A and valid condition C are received (see (3) in FIG. 29). The service center then combines the caller identification information ID_A and the tampering prevention code obtained by inputting the callee identification information ID_A, the relationship level R, and the validity condition C into a function determined from a predetermined key. A numeric string is generated by numerically encoding the sequence, and a telephone connection address T in the form of a telephone number in which the numeric string is connected to a telephone number of a service center or the like that processes the telephone connection address T is generated ((( 4)). Further, the service center transfers the generated telephone connection address T to the caller B (see (5) in FIG. 29).

  Then, the service center receives a telephone connection request with the telephone connection address T as the incoming call destination from the caller B as a telephone connection request to the called party A (see (6) in FIG. 29). Thereafter, the service center inputs the callee identification information ID_A, the relation level R, and the valid condition C into a function determined from a predetermined key to verify the validity of the telephone connection address T and includes it in the telephone connection address T. Whether to execute the connection control content is determined using the effective condition C (see (7) in FIG. 29).

  In addition, when the validity of the telephone connection address T is recognized and the execution of the connection control content is permitted, the service center calls the telephone of the connection destination information stored in the connection destination information storage unit. The connection destination information corresponding to the callee identification information ID_A included in the connection address T is referred to, and the connection control content S stored in the connection policy storage unit corresponds to the relationship level R included in the telephone connection address T. In accordance with the connection control content S, the telephone is connected to the called party A (see (8) in FIG. 29).

  That is, for example, if the connection control content S corresponding to the relationship level R included in the telephone connection address T received from the caller B is “Connect to the mobile phone of the callee A”, The telephone connection request from the caller B is transferred to the mobile phone of the callee A using the mobile phone number of the callee A stored in the connection destination information storage unit.

  According to the above-described telephone connection system, in the telephone connection service for connecting the telephone connection request transmitted from the caller B to the callee A, the telephone connection request transmitted from the user group having the same relationship can be simplified. Similar connection control can be performed.

  Also in this telephone connection system, access control (connection control) similar to the access control (disclosure control) described in the information disclosure system according to the first and second embodiments is realized. That is, in the description of the first and second embodiments, for example, “Disclosure address T” is “Telephone connection address”, “Disclosure policy” is “Connection policy”, and “Disclosure control content” is “Connection control”. By replacing “content”, the same access control can be applied.

(3) Composite Service In the above-described embodiment, the case where one access code T is used for one service (any one of information disclosure service, message delivery service, and telephone connection service) has been described. However, the present invention is not limited to this, and a plurality of services may be accessed with one access code T.

  That is, in this case, as illustrated in FIG. 30, the access control content S (service control) of each service (service SA, service SB. Contents policy SA, service control contents SB,...) Are stored in association with each other. Then, as illustrated in the figure, the access code generation unit receives the relationship information R with the access person B from the accessed person A, generates an access code T including the relationship information R, and the access code T Is notified to the accessor B.

  On the other hand, as illustrated in the figure, the access control unit accepts an access request from the accessor B together with the access code T and service identification information ID_S for specifying the service desired to be accessed. Then, as illustrated in the figure, the access control unit determines the desired service from the service identification information ID_S, and then corresponds to the relationship information R included in the access code T in the access control content S of the determined service. The access control content S is extracted from the access policy table, and by executing the access control content S, access of the service desired by the accessor B is controlled.

  That is, to explain with a specific example, when an access code T as illustrated in FIG. 31 is generated, for example, access of an information disclosure service (assuming that service identification information ID_S is “SA”). As shown in the figure, the accessor B who wishes to receive a mail at a destination address with “sa.” Added as the service identification information ID_S at the beginning of the access code T, and a message delivery service ( From the accessor B who wishes to access the service identification information ID_S as “SB”, the service code “sb.” Is received as the service identification information ID_S at the head of the access code T, and the desired service is received. It will be determined.

  In this way, by generating one access code T that can access a plurality of services, the complexity of generating the access code T for each service and the complexity of the accessor managing the access code T for each service are eliminated. It becomes possible to do. Here, the case where the service identification information ID_S is included in the destination address has been described. However, the present invention is not necessarily limited to this. For example, the service identification information is included together with the access request such as being described in the subject field (subject name) of the mail. Any mode is acceptable as long as ID_S can be acquired.

  In the above description, the case where a plurality of services can be directly accessed with one access code T has been described. However, the present invention is not limited to this, and a plurality of services can be accessed with one access code T in two stages. You may do it.

  This will be described in detail with reference to FIG. 32. The access code T generated by the access code generation unit (first access code generation unit) includes the relationship information R as in the above embodiment. However, the access control content S associated with the relationship level R is an issuance policy that enumerates services that are allowed to issue addresses. That is, as illustrated in FIG. 32, the control contents such as “issue an information disclosure address, a message delivery address, and a telephone connection address”, “issue only an information disclosure address and a message delivery address”, etc. Includes an issuance policy table associated with the relationship information R.

  When the access control unit (second access code generation unit) receives the access code T from the accessor B, the access control unit (second access code generation unit) responds from the issuance policy table (issuance permission service) based on the relationship information R included in the access code T. ) To generate an address (information disclosure address TA, delivery address TB, telephone connection address TC) for the permitted service. These addresses include the relationship information R and valid conditions C similar to the access code T, and each service destination (the domain name of the mail server that performs the information disclosure service or the mail server that performs the message delivery service). Domain name, etc.).

  In this way, the accessor B obtains addresses (information disclosure address TA, delivery address TB, telephone connection address TC) for accessing each service, and information disclosure address TA, delivery address. By using the TB and the telephone connection address TC, the information disclosure service, the message delivery service, and the telephone connection service can be individually accessed. In other words, the access code T generated first by the first access code generation unit is an access code for controlling access by the accessor to the address issuing service related to the accessed person, and subsequently the second access code generation. Each address generated by the section is an access code for controlling access by the accessor to an actual service (information disclosure service, message delivery service, telephone connection service, etc.) related to the accessed person.

  In the first to third embodiments, the case where the access code T including the relationship information R, the accessee identification information ID_A, the accessor identification information ID_B, and the valid condition C with a key is applied as an example. However, the present invention is not limited to this, and the various access codes described in the above “concept of access control” can be similarly applied to the first to third embodiments.

  As described above, the access control system, the access control method, and the access control program according to the present invention are useful for controlling the access of the accessor B to the service related to the accessed person A, and particularly have the same relationship. It is suitable for simply performing similar access control on a user group and eliminating the necessity of newly storing predetermined information in a database each time an access code is generated.

It is a figure for demonstrating the concept of the access control which concerns on this invention. It is a figure for demonstrating the concept of the access control which concerns on this invention. It is a figure for demonstrating the concept of the access control which concerns on this invention. It is a figure for demonstrating the concept of the access control which concerns on this invention. It is a figure for demonstrating the concept of the access control which concerns on this invention. It is a figure for demonstrating the concept of the access control which concerns on this invention. It is a figure for demonstrating the concept of the access control which concerns on this invention. 1 is a diagram for explaining an overview of an information disclosure system according to Embodiment 1. FIG. 1 is a diagram illustrating a configuration of an information disclosure system according to a first embodiment. It is a figure which shows the structural example of the information memorize | stored in a personal information storage part (basic information table). It is a figure which shows the structural example of the information memorize | stored in a personal information storage part (schedule table). It is a figure which shows the structural example of the information memorize | stored in a disclosure policy memory | storage part. It is a sequence diagram which shows the process sequence from address generation for disclosure to information disclosure. It is a figure which shows the structural example of the screen which concerns on a user authentication request | requirement. It is a figure which shows the structural example of the screen which concerns on the address issuing request for a disclosure. It is a figure which shows the structural example of the screen which concerns on an address issue response. It is a figure which shows the structural example of the mail for creation notifications which a referer receives. It is a figure which shows the structural example of the reference request mail which a referer transmits. It is a figure which shows the structural example of the disclosure mail which a referer receives. FIG. 10 is a diagram for explaining a disclosure policy according to a second embodiment. FIG. 10 is a diagram for explaining a disclosure policy according to a second embodiment. FIG. 10 is a diagram for explaining a disclosure address according to the second embodiment. FIG. 10 is a diagram for explaining a disclosure address according to the second embodiment. FIG. 10 is a diagram for explaining notification of a disclosure address according to the second embodiment. FIG. 10 is a diagram for explaining generation and verification of a disclosure address according to the second embodiment. FIG. 10 is a diagram for explaining acquisition of a relationship level according to the second embodiment. FIG. 10 is a diagram for explaining interlocked issue of a disclosure address according to the second embodiment. It is a figure for demonstrating the message delivery system which concerns on another Example. It is a figure for demonstrating the telephone connection system which concerns on another Example. It is a figure for demonstrating the composite service which concerns on another Example. It is a figure for demonstrating the composite service which concerns on another Example. It is a figure for demonstrating the composite service which concerns on another Example.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Referee terminal 2 Referer terminal 2a Address memory | storage part 3 Internet 4 LAN (Local Area Network)
DESCRIPTION OF SYMBOLS 10 User information server 11 User information table 20 Address issue server 21 Communication part 22 User authentication part 23 Issue key memory | storage part 24 Address generation part 30 Information disclosure server 31 Communication part 32 User authentication part 33 Personal information storage part 34 Disclosure policy storage part 35 Information update unit 36 Verification key storage unit 37 Disclosure determination unit 38 Disclosure control unit

Claims (30)

An access control system for controlling access by an accessor to a service related to an accessee,
Access code generating means for acquiring relationship information indicating a relationship between the accessed person and the accessed user, and generating an access code for specifying access control content executed according to the relationship information;
An access control means for accepting an access code generated by the access code generating means from the accessor and executing access control content specified by the access code;
An access control system comprising: The access code generation means includes an access including the relation information or access control content, accessee identification information for uniquely identifying the accessed person, and / or accessor identification information for uniquely identifying the accessee. Generate code,
The access control means executes access control using the relation information or access control content, accessee identification information and / or accessor identification information included in the access code. Access control system. The access code generation means includes an access including the relation information or access control content, accessee identification information for uniquely identifying the accessed person, and / or accessor identification information for uniquely identifying the accessee. Generate a code with a given key,
The access control means executes access control using a predetermined key, the relation information or access control content included in the access code, accessee identification information and / or accessor identification information. Item 3. The access control system according to Item 2. For each one or a plurality of relationship information indicating the relationship between users, the access control content storage means for storing the access control content executed according to each relationship information in association with each other,
The access code generation means acquires relationship information indicating a relationship between the accessed person and the access person, and generates an access code including the relationship information,
When the access control unit receives the access code from the accessor, the access control unit executes the access control content corresponding to the relation information included in the access code among the access control content stored in the access control content storage unit The access control system according to any one of claims 1 to 3, wherein: For each one or a plurality of relationship information indicating the relationship between users, the access control content storage means for storing the access control content executed according to each relationship information in association with each other,
The access code generation means acquires relation information indicating a relation between the accessed person and the access person, and access control corresponding to the relation information among the access control contents stored in the access control content storage means Generate an access code that includes the content,
The access according to any one of claims 1 to 3, wherein the access control means executes the access control contents included in the access code when the access code is received from the accessor. Control system. When the access code is received from the accessor, the access code further comprises verification means for verifying the validity of the access code,
The access code generation means generates the access code using a predetermined key,
The verification means verifies the validity of the access code received from the accessor using a predetermined key,
6. The access control means according to claim 1, wherein when the validity of the access code is recognized by the verification means, the access control content specified by the access code is executed. Access control system described in one. The access code generation means generates an access code including an alteration prevention code obtained by inputting the relation information or access control content into a function determined from a predetermined key,
7. The access control system according to claim 6, wherein the verification unit verifies the validity of the access code by inputting the relation information or access control content into a function determined from the predetermined key. The access code generation means generates an access code including encrypted data obtained by encrypting the relationship information or access control content with a predetermined key,
The access control system according to claim 6, wherein the verification unit verifies the validity of the access code by decrypting the encrypted data included in the access code with a predetermined key. When the access code is received from the accessor, further comprising an execution determination unit that determines whether or not the access control content specified from the access code can be executed,
The access code generation means generates an access code further including an execution condition related to execution of the access control content,
The execution determination means determines whether or not the access control content can be executed using an execution condition included in an access code received from the accessor,
9. The access control unit according to claim 1, wherein when the execution is permitted by the execution determination unit, the access control unit executes the access control content specified from the access code. Access control system.   The access code generation unit generates an access code including a period, a time, a user, or a combination thereof, in which execution of the access control content is permitted, as the execution condition. Access control system.   The access control system according to claim 9 or 10, wherein the access code generation unit generates an access code including the falsification preventing code or encrypted data obtained by further using the execution condition.   The access control according to any one of claims 6 to 11, wherein the accessee and a third party terminal other than the accessee include the access code generation means and the verification means. system.   12. The access target and a third party terminal other than the access person include the access code generation unit, and the access target terminal includes the verification unit. The access control system according to claim 1.   The terminal of the accessed person includes the access code generation means, and the terminal of a third party other than the accessed person and the accessing person includes the verification means. The access control system according to claim 1.   The access control system according to any one of claims 6 to 11, wherein the terminal of the accessed person includes the access code generation unit and the verification unit.   The accessee and a third party terminal other than the accessor further comprise notification means for notifying the accessee terminal of the access code when the access code is generated by the access code generation means. The access control system according to any one of claims 1 to 15.   The accessee and a third party terminal other than the accessor further comprise a notification means for notifying the accessor terminal of the access code when the access code is generated by the access code generation means. The access control system according to any one of claims 1 to 15, wherein   17. The notification means creates a generation notification message including the access code generated by the access code generation means, and transmits the message to the accessee or the accessee's terminal. Or the access control system according to 17. The access code generation means generates the access code in the form of an email address,
The said access control means receives the said access code by receiving the mail which makes the said mail address a destination address from the said accessor's terminal, The one of Claims 1-18 characterized by the above-mentioned. Access control system. The access code generation means generates the access code in a URL (Uniform Resource Locator) format,
The said access control means receives the said access code by receiving the access request which uses the said URL as an access destination address from the said accessor's terminal, The Claim 1 characterized by the above-mentioned. Access control system. The access code generating means generates the access code in the form of a telephone number;
The said access control means receives the said access code by receiving the connection request which uses the said telephone number as a connection destination address from the said accessor's terminal, It is any one of Claims 1-18 characterized by the above-mentioned. Access control system. The service is an information disclosure service for disclosing information of a person to be accessed to an accessor,
The access control system according to any one of claims 1 to 21, wherein the access control unit performs disclosure control according to relation information indicating a relation between the accessed person and the access person. . The service is a message delivery service for delivering a message transmitted from an accessor to an accessed person,
The access control system according to any one of claims 1 to 21, wherein the access control unit performs delivery control according to relationship information indicating a relationship between the accessed person and the accessed person. . The service is a telephone connection service for connecting a telephone connection request transmitted from an accessor to an accessed person,
The access control system according to any one of claims 1 to 21, wherein the access control unit performs connection control according to relation information indicating a relation between the accessed person and the accessed person. . An access control method for controlling access by an accessor to a service related to an accessed person,
An access code generating step of acquiring relationship information indicating a relationship between the accessed person and the accessed user, and generating an access code for specifying an access control content to be executed according to the relationship information;
An access control step of receiving the access code generated by the access code generation step from the accessor and executing the access control content specified from the access code;
An access control method comprising: The access code generation step includes an access including the related information or access control content, accessee identification information for uniquely identifying the accessed person, and / or accessor identification information for uniquely identifying the accessee. Generate code,
26. The access control process according to claim 25, wherein the access control step executes access control using the relationship information or access control content, accessee identification information and / or accessor identification information included in the access code. Access control method. The access code generation step includes an access including the related information or access control content, accessee identification information for uniquely identifying the accessed person, and / or accessor identification information for uniquely identifying the accessee. Generate a code with a given key,
The access control step executes access control using a predetermined key, the relation information or access control content included in the access code, accessee identification information and / or accessor identification information. Item 27. The access control method according to Item 26. An access control program for causing a computer to execute an access control method for controlling access by an accessor to a service related to an accessed person,
An access code generation procedure for acquiring relation information indicating a relation between the accessed person and the access person, and generating an access code for specifying access control content executed according to the relation information;
An access control procedure for receiving an access code generated by the access code generating procedure from the accessor and executing the access control content specified from the access code;
An access control program for causing a computer to execute. The access code generation procedure includes the access including the relation information or access control content, accessee identification information for uniquely identifying the accessed person, and / or accessor identification information for uniquely identifying the accessee. Generate code,
The access control procedure executes access control using the relation information or access control content, accessee identification information and / or accessor identification information included in the access code. Access control program. The access code generation procedure includes the access including the relation information or access control content, accessee identification information for uniquely identifying the accessed person, and / or accessor identification information for uniquely identifying the accessee. Generate a code with a given key,
The access control procedure executes access control using a predetermined key, the relation information or access control content included in the access code, accessee identification information and / or accessor identification information. Item 30. The access control program according to Item 29.

Images