JP2006209224A - Access code issuance system, access code issuance method and access code issuance program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce the labor of a person to be accessed, for the generation of an access code. <P>SOLUTION: A parent code G is generated, with the use of a secret key of a referral A, so as to include generation control contents for a disclosure address T (such as generation control contents specifying a disclosure relationship level R and disclosure conditions C included in the disclosure address T) and a subject of a public key corresponding to the secret key. When receiving the parent code G from a referrer B, a service center extracts the subject and generation control contents from the parent code G, and uses the public key of the referral A designated by the subject to verify the authenticity of the parent code G. The service center then uses the generation control contents extracted from the parent code G to generate the disclosure address T, and notifies the generated disclosure address T to the referrer B. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an access code issuing system, an access code issuing method, and an access code issuing program for issuing an access code including access control information for controlling access by an accessor to a service related to an accessed person.

  2. Description of the Related Art Conventionally, there is a system for controlling access by an accessor to a service related to an accessed person. For example, personal information related to a certain user A (for example, the name, address, date of birth, date of birth, credit number, etc. of the user who is the referenced person) is disclosed to the other user B who is the referring person. This is the case with systems related to information disclosure services.

  More specifically, when such an information disclosure service is implemented, if information related to the user A is disclosed without limitation, the user A who is a reference person may suffer a disadvantage. For this reason, in order to realize a practical information disclosure service, it is necessary to disclose personal information to the user B in a form that the user A is convinced. As conventional techniques to be realized, conventional techniques as described below are known.

  For example, Patent Document 1 (Japanese Patent Laid-Open No. 2002-229953) discloses a system for disclosing personal information of a user based on an access code in a personal information disclosure server. Specifically, in this system, when the referred person sends an access code issuance request including an attribute to be disclosed (information indicating which attribute is to be disclosed) to the server, the server accesses in accordance with this request. A code is generated, the access code and the attribute to be disclosed are associated with each other and stored in the database, and the access code is returned to the referenced person. Then, when the referred person notifies an access code to a reference who permits disclosure, and the reference person transmits a disclosure request including the access code to the server, the server stores the disclosure stored in the database in association with the access code. Notify the referrer of the target attribute. The access code is generated by encrypting the identification information of the referenced person and the expiration date of the access code.

JP 2002-229953 A

  By the way, the above-described conventional techniques have problems as described below from the viewpoints of the burden on the accessee accompanying the generation of the access code, the necessity of the issued access code, database resources, and the like.

  That is, in the above-described conventional technique, since an access code is issued in response to an issuance request by a person to be accessed (referenced person), there is a problem that the burden on the person to be accessed accompanying the generation of the access code is large. In particular, if the access code is reissued while frequently changing the key used for encryption from the viewpoint of preventing the access code from being decrypted, the accessee must issue an issuance request each time the access code needs to be reissued. As the number of access users permitted to access increases (the access code increases), the burden increases.

  In the above-described conventional technology, an access code that is not used is issued because the access code is issued in response to the accessee's request regardless of whether or not the accessor desires to use the access code. There is a problem that up to is issued unnecessarily. Furthermore, in the above-described conventional technology, since the attribute to be disclosed and the access code are stored in the database in association with the generation of the access code, the database resource increases in proportion to the number of access codes handled. There is a problem.

  As described above, the above-described conventional technology requires a large burden on the accessee accompanying the generation of the access code, is issued to an unnecessary access code, and further requires a huge amount of database resources. There's a problem. Such a problem is not limited to the access code in the case where access control is performed by the information disclosure service described above, but is similar if it is an access code for controlling access by an accessor to a service related to a certain accessed person. This can be a problem.

  Accordingly, the present invention has been made to solve the above-described problems of the prior art, and an access code issuance system and access code issuance that can reduce the labor of an accessed person accompanying the generation of an access code. It is an object to provide a method and an access code issuing program.

  In order to solve the above-described problems and achieve the object, the invention according to claim 1 issues an access code for issuing an access code including access control information for controlling access by an accessor to a service related to the accessed person. A first access code generation unit configured to generate a first access code including predetermined access control information; and an access control included in the first access code when the first access code is received from the accessor. And a second access code generating means for generating a second access code including predetermined access control information using the information.

  The invention according to claim 2 is the above invention, wherein the first access code generation means generates a first access code including generation control information related to a generation service of the second access code, and The two access code generation means generates a second access code including access control information for controlling access to a predetermined service other than the generation service, using the generation control information included in the first access code. It is characterized by that.

  According to a third aspect of the present invention, in the above invention, the first access code generation means generates a first access code using a different key for each person to be accessed, and the second access code generation means The second access code is generated using a common key for the accessed person.

  According to a fourth aspect of the present invention, in the above invention, the first access code generation unit generates a first access code using an asymmetric key of an asymmetric key system, and the second access code generation unit includes: A second access code is generated using a symmetric key symmetric key.

  According to a fifth aspect of the present invention, in the above invention, the first access code generating means generates a first access code having an expiration date after the expiration date of the second access code, and the second access The code generation means generates a second access code having an expiration date before the expiration date of the first access code.

  In the invention according to claim 6, in the above invention, the first access code generation means generates a first access code having an information amount equal to or larger than an information amount of the second access code, and the second access code The code generation means generates a second access code having an information amount equal to or smaller than the information amount of the first access code.

  According to a seventh aspect of the present invention, in the above invention, the second access code generation means includes an information disclosure service for disclosing information on the accessed person to the accessing person as the access control information, from the accessing person. Access for controlling access to a message delivery service for delivering a message sent to an accessed person, a telephone connection service for connecting a telephone connection request sent from the accessing person to the accessed person, or a combination thereof. A second access code including control information is generated.

  In the invention according to claim 8, in the above invention, the first access code generation means generates a first access code including access control information for controlling access to a predetermined service, and The two access code generating means updates the access control information included in the first access code, and generates a second access code including the updated access control information.

  The invention according to claim 9 is the above invention, wherein the first access code generation means generates a first access code including access control information that specifies at least a time limit for permitting access by the accessor. The second access code generation means updates the deadline designated by the access control information included in the first access code to a new deadline, and includes access control information that newly designates the updated deadline. The second access code is generated.

  The invention according to claim 10 is the above invention, wherein the first access code generation means generates a first access code including access control information that specifies at least an access person permitted to access, The second access code generation means updates the access person specified by the access control information included in the first access code to a new access person, and sets the access control information newly specifying the updated access person. A second access code including the second access code is generated.

  According to an eleventh aspect of the present invention, in the above invention, the first access code generation means controls update of the access control information in addition to access control information for controlling access to a predetermined service. A first access code including update control information for the first access code, and the second access code generating means generates the access control information included in the first access code according to the update control information included in the first access code. It is characterized by updating.

  The invention according to claim 12 is the invalidation table for storing information for specifying the first access code as an invalidation target when the second access code is generated in the above invention, It is necessary that the first access code is received from the accessor, whether or not the first access code is invalidated is determined based on the invalidation table, and the first access code is not invalidated. An access control means for permitting access by the access control information included in the first access code is further provided as a condition.

  The invention according to claim 13 is the above invention, wherein the first access code generation means generates a first access code including access control information for controlling access to a predetermined service, and 2 access code generation means generates a second access code including access control information for controlling access to a predetermined service other than the predetermined service, using the access control information included in the first access code. It is characterized by doing.

  According to a fourteenth aspect of the present invention, in the above invention, the second access code generation means diverts the access control information included in the first access code, and the same access control information as the access control information The second access code including the key is generated.

  In the invention according to claim 15, in the above invention, the first access code generation means controls diversion of the access control information in addition to the access control information for controlling access to a predetermined service. Generating a first access code including diversion control information, and the second access code generating means generates access control information included in the first access code according to the diversion control information included in the first access code. It is characterized by being diverted.

  The invention according to claim 16 is an access code issuing method for issuing an access code including access control information for controlling access by an accessor to a service related to an accessed person, wherein the predetermined access control information is A first access code generating step for generating a first access code including the first access code, receiving the first access code from the accessor, and using the access control information included in the first access code, And a second access code generation step of generating the included second access code.

  The invention according to claim 17 is the above invention, wherein the first access code generation step generates a first access code including generation control information related to the generation service of the second access code. The 2 access code generation step generates a second access code including access control information for controlling access to a predetermined service other than the generation service, using the generation control information included in the first access code. It is characterized by that.

  The invention according to claim 18 is the above invention, wherein the first access code generation step generates a first access code including access control information for controlling access to a predetermined service, and The second access code generation step updates the access control information included in the first access code, and generates a second access code including the updated access control information.

  The invention according to claim 19 is the above invention, wherein the first access code generation step generates a first access code including access control information for controlling access to a predetermined service, and The 2 access code generation step generates a second access code including access control information for controlling access to a predetermined service other than the predetermined service, using the access control information included in the first access code. It is characterized by doing.

  The invention according to claim 20 is an access code issuing program for causing a computer to execute a method for issuing an access code including access control information for controlling access by an accessor to a service related to an accessed person. A first access code generation procedure for generating a first access code including predetermined access control information, and receiving the first access code from the accessor, and using the access control information included in the first access code, A second access code generation procedure for generating a second access code including predetermined access control information is executed by a computer.

  The invention according to claim 21 is the above invention, wherein the first access code generation procedure generates a first access code including generation control information related to the generation service of the second access code, and The 2 access code generation procedure generates a second access code including access control information for controlling access to a predetermined service other than the generation service, using the generation control information included in the first access code. It is characterized by that.

  The invention according to claim 22 is the above invention, wherein the first access code generation procedure generates a first access code including access control information for controlling access to a predetermined service, and The 2-access code generation procedure updates the access control information included in the first access code, and generates a second access code including the updated access control information.

  The invention according to claim 23 is the above invention, wherein the first access code generation procedure generates a first access code including access control information for controlling access to a predetermined service, and The 2 access code generation procedure generates a second access code including access control information for controlling access to a predetermined service other than the predetermined service, using the access control information included in the first access code. It is characterized by doing.

  According to the first aspect of the present invention, since the first access code (parent code) is received from the accessor and the second access code (child code) is generated, the accessed person needs to be directly involved in the generation of the child code. Thus, it is possible to reduce the labor of the accessed person accompanying the generation of the child code. In addition, since the child code is not generated in response to the accessee's request, but in response to the accessor's request, the child code user can determine whether or not to generate the child code. It is entrusted to an accessor, and generation of unnecessary child code can be suppressed. Furthermore, when generating an access code, the access code and access control information are not stored in the database, but the access control information is included in the access code, so that access can be controlled without the need for such a database. It becomes possible.

  According to the invention of claim 2, instead of generating a child code for accessing a specific service from the beginning, a parent code for generating the child code is generated first, and this parent code is generated. Since the child code is generated by accepting the access code from the accessor, it is possible to reduce the effort of the accessed user accompanying the generation of the child code and to suppress the generation of unnecessary child code. Become. In particular, even if the child code is reissued by frequently changing the key used to generate the child code from the viewpoint of preventing the child code from being decrypted, the accesser only needs to present the parent code and receive a reissue. In addition, since it is not necessary for the accessed person to make a reissue request, it is possible to reduce the burden on the accessed person even if the number of access persons permitted to access increases. In addition, since child codes for specific services are generated via the parent code for issuance, it is possible to generate and use while pursuing safety with a parent code that has fewer opportunities for generation and use compared to the child code. As a whole, it is possible to efficiently achieve both safety and convenience, such as pursuing convenience by using a child code that has more opportunities than the parent code.

  According to the invention of claim 3, the parent code is generated using a different key for each accessed person, while the child code is generated using a common key without distinguishing the accessed person. The code generation process and verification process are complicated (to make it difficult for a malicious third party to illegally generate and alter the parent code), and to improve safety and simplify the child code generation process and verification process. Convenience can be improved. In addition, since the key used to generate the child code is common in the system, it is possible to update the key easily and frequently compared to the key for each accessed person, thereby improving the safety of the child code. Will also be possible.

  According to the invention of claim 4, since the parent code is generated using the asymmetric key, while the child code is generated using the symmetric key, the parent code generation process and the verification process are complicated (malicious code). It is possible to improve safety by making it difficult for a third party to illegally generate or alter the parent code, and to simplify the child code generation processing and verification processing to improve convenience.

  According to the invention of claim 5, since the expiration date of the child code is set before the expiration date of the parent code, it is possible to shorten the use period of the child code and improve the safety. On the other hand, since the expiration date of the parent code is after the expiration date of the child code, if the expiration date of the parent code has not yet reached even if the expiration date of the child code has arrived, the child code of the new expiration date will be It is possible to regenerate without involvement, etc., which can reduce the effort of the accessed person due to the regeneration of the child code and can also suppress unnecessary child code regeneration. become.

  According to the sixth aspect of the present invention, since the information amount of the child code is made equal to or less than the information amount of the parent code, it is possible to reduce the labor involved in managing and presenting the child code by the accessor and improve convenience. It becomes possible.

  According to the invention of claim 7, since the child code including the control contents executed in the information disclosure service, the message delivery service, and the telephone connection service is generated, both safety and convenience are achieved in these services. Can be achieved efficiently.

  According to the invention of claim 8, since the access control information included in the parent code for accessing a certain service is updated to generate a child code for accessing the same service, the access code is updated. It becomes possible to reduce the labor of the accessed person and to suppress unnecessary update of the access code.

  According to the invention of claim 9, since the child code is generated by updating the expiration date of the parent code, the accessor can continue the access similar to the parent code by the child code even after the expiration date of the parent code. Is possible.

  According to the invention of claim 10, since the access code is updated and the child code is generated, the new access person can take over the same access from the access person of the parent code.

  According to the invention of claim 11, since the access control information is updated according to the update control information included in the parent code, it is possible to prevent an unconditional update from the parent code to the child code. In addition, update control information or the like is not stored in the database when generating the access code, but the update control information is included in the access code, so that the access code can be updated without requiring such a database. It becomes possible.

  According to the twelfth aspect of the present invention, since access is not permitted for the access by the invalid parent code, the transfer from the parent code to the child code is ensured, and the situation where the parent code and the child code compete with each other. It can be avoided.

  According to the invention of claim 13, since the child code for accessing another service is generated from the parent code for accessing a certain service, the child code for another service is paid out while utilizing the parent code. Even in the case, it becomes possible to reduce the labor of the accessed person accompanying the generation of the child code, and it is also possible to suppress the generation of unnecessary child codes.

  According to the fourteenth aspect of the present invention, since the child code is generated by diverting the access control information included in the parent code, it is not necessary to newly accept the access control information when generating the code for another service. Child code can be generated.

  According to the invention of claim 15, since the access control information is diverted according to the diversion control information included in the parent code, it is possible to prevent the access control information from being diverted unconditionally. In addition, when the access code is generated, the diversion control information is not stored in the database, but the diversion control information is included in the access code. Therefore, the access code can be diverted without using such a database. It becomes possible.

  Exemplary embodiments of an access code issuing device, an access code issuing method, and an access code issuing program according to the present invention will be described below in detail with reference to the accompanying drawings. In the following, a case where an access code for a predetermined service is generated based on an access code for issue will be described as Embodiments 1 and 2, and the access code for the predetermined service is updated by updating the access code for the predetermined service. A case where a code is generated will be described as Examples 3 and 4, and a case where an access code for another service is generated by diverting an access code for a predetermined service will be described as Examples 5 and 6.

  In the first embodiment, a case where the present invention is applied to an information disclosure system that controls disclosure of personal information of a referenceee who is an accessed person, and an access code for information disclosure is generated based on an access code for issue is described. To do. In the following, after explaining the terms used in the first embodiment, the outline and features of the information disclosure system according to the first embodiment, the configuration of the information disclosure system, details of each device in the system, various processing procedures, Finally, effects of the first embodiment will be described.

[Explanation of Terms (Example 1)]
First, main terms used in Examples 1 and 2 will be described. “Information disclosure service (corresponding to“ predetermined service other than the generation service ”described in the claims”) is a service for disclosing information of a referee to a referrer. 4 and FIG. 5, personal information such as the telephone number (phone), e-mail address (e-mail), address (address), and schedule (schedule) of the referred person is disclosed to the reference person.

  In addition, “reference person B (corresponding to“ access person ”described in claims”) is a user on the side of referring to personal information, while “referenced person A (patent The term “corresponds to“ accessed person ”described in the claims.” ”Means a user who discloses personal information. In the present embodiment, the identification information of the reference person A is referred to as reference person identification information ID_A, and the identification information of the reference person B is referred to as reference person identification information ID_B.

  The “identification information” is information for uniquely identifying (specifying or limiting) the referred person A or the reference person B as a user. For example, the “identification information” includes a user ID such as a user name and a user number. In addition, user addresses and accounts associated with them (email addresses, telephone numbers, etc.), and further, user identifiers generated using these user IDs and user addresses (encrypted by encrypting user IDs and user addresses) Data).

  The “disclosure address T (corresponding to the“ second access code ”recited in the claims)” refers to the reference information that the reference person B refers to the personal information of the reference person A in the information disclosure service described above. This is an access code presented when making a request, and specifically, is generated including “disclosure control information” described later based on a “parent code” described later. In the first embodiment, since the disclosure address T is generated based on the parent code, the disclosure address T will be described as “child code” as appropriate.

  Here, the “disclosure control information (corresponding to“ access control information ”described in the claims”) included in the disclosure address T is the access of the reference person B to the information disclosure service related to the referenced person A. Specifically, “disclosure control content S”, “relationship level R”, “disclosure condition C”, and the like described later correspond to this.

  Among these, “disclosure control content S (referred to as“ disclosure policy ”as appropriate)” is control content related to information disclosure of the above-described information disclosure service. For example, as illustrated in FIG. “Disclose all phone numbers, email addresses, addresses, and schedules”, “Disclose phone numbers, email addresses, addresses, and public-schedule”, “Disclose only email addresses and addresses” The control content such as “Yes” corresponds to this. In the following first embodiment, the disclosure control content S in the form of listing information items (disclosure information items) that are permitted to be disclosed will be described as an example. It is described as “information item”.

  The “relationship level R” is identification information uniquely associated with the above disclosure control content S. For example, a friend, a colleague, a boss, etc. Information indicating the relationship corresponds to this. Further, the “relationship” referred to here is not limited to the relationship of the reference person B viewed from the referenced person A, but the relationship of the referenced person A viewed from the reference person B, the relationship between the both viewed from the third party, etc. , The relationship between the two can be understood from all perspectives. In Example 1 below, as illustrated in FIG. 6, the relationship information such as “friend, colleague, boss” is replaced with a code value (relation level value) “0, 1, 2” on the system. I am trying to process it.

  Further, “disclosure condition C (referred to as“ effective condition ”as appropriate)” is a condition required when executing the above-described disclosure control content S. For example, execution of the disclosure control content S is permitted. This is a condition that specifies the period (time limit), time, number of times, reference person (reference group), and the like. The “period (time limit)” here corresponds to the “expiration date of the second access code” recited in the claims.

  The “parent code G (corresponding to the“ first access code ”recited in the claims. It will be described as“ issue code ”as appropriate”) ”refers to the address T of the disclosure address T referred to by the referrer B. This is an access code presented when requesting generation, and specifically, it is generated including “generation control information” to be described later.

  Here, the “generation control information (corresponding to“ access control information ”described in the claims”) included in the parent code G is the generation of the disclosure address T that is a child code (the disclosure address T For example, “generation control content”, “generation relation level”, “generation condition”, etc., which will be described later. To do.

  Among them, “generation control content (referred to as“ generation policy ”as appropriate)” is information used when generating the disclosure address T described above, and is specifically exemplified in FIG. As described above, the information specifying the disclosure control content S, the disclosure relation level R, and the disclosure condition C included in the disclosure address T corresponds to this.

  The “generation relation level” is identification information uniquely associated with the above-described generation control content (see FIG. 31). Like the above-mentioned issuance relation level R, the above-mentioned referenceee is referred to. Information indicating the relationship between A and the reference person B corresponds to this.

  “Generation conditions (appropriately described as“ valid conditions ”)” is a condition required when generating the disclosure address T based on the parent code G (execution of the above-described generation control content). This is a condition that specifies the period (expiration), time, number of times, user (group), amount of money required for generation, etc. in which generation of the disclosure address T is permitted. The “period (expiration date)” here corresponds to the “expiration date of the first access code” recited in the claims.

[Outline and Features of Information Disclosure System (Example 1)]
Next, the outline and features of the information disclosure system according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram for explaining the outline of the information disclosure system according to the first embodiment.

  The outline of the information disclosure system according to the first embodiment is to issue a disclosure address T for controlling the access of the reference person B to the personal information of the referred person A, and accept the disclosure address T from the reference person B. Thus, the personal information of the referred person A is transmitted to the terminal of the reference person B and disclosed. The above-mentioned parent code G is used to issue the disclosure address T, and it is possible to reduce the labor of the reference person A accompanying the generation of the disclosure address T that is a child code. The main feature is that

  In brief, in the information disclosure system according to the first embodiment, a third party other than the referred person A and the reference person B (for example, a service center providing an information disclosure service) Is received from the referenced person A and stored in the personal information storage unit, and the disclosure policy, that is, the relationship level R and the disclosure control content S are received from the referenced person A and stored in the disclosure policy storage unit. (Refer to (1) in FIG. 1).

  Further, the referred person A generates a parent code G including the generation control content of the disclosure address T using the private key of the referred person A (see (2) in FIG. 1). In other words, the “subject” of the public key corresponding to the secret key, the “generation control content” specifying the disclosure relation level R and the disclosure condition C included in the disclosure address T, and further encrypting these pieces of information with the secret key The parent code G including the “signature data” obtained by converting into the signature is generated. In addition, “P” shown in the figure means that a key is used.

  Furthermore, the referred person A notifies the parent code G to the reference person B who wants to give the disclosure address T generated based on the parent code G (see (3) in FIG. 1). On the other hand, the service center receives the parent code G from the reference person B as a request for issuing the disclosure address T, and verifies the validity of the parent code (see FIGS. 1 (4) and (5)). That is, after extracting the subject, the generation control contents, and the signature data from the parent code G, the validity of the signature data is verified using the public key of the referenced person A specified by the subject. Note that “Q” shown in the figure means that extraction is performed using a key.

  Further, when the validity of the parent code G is recognized, the service center uses the generation control content extracted from the parent code G (information specifying the disclosure relation level R and the disclosure condition C included in the disclosure address T). Then, the disclosure address T is generated, and the generated disclosure address T is notified to the reference person B (see (6) and (7) in FIG. 1). In other words, a character obtained by concatenating the referenced person identification information ID_A corresponding to the subject and the falsification preventing code obtained by inputting the referenced person identification information ID_A, the relationship level R, and the disclosure condition C into a function determined from a predetermined key. A disclosure address T in a mail address format having the column “user name portion” is generated. Note that “P” shown in the figure means that a key is used as described above.

  When the service center receives an email from the referrer B with the disclosure address T as the destination address as a reference request for the personal information of the referee A, the service center determines whether or not to disclose the personal information to the referrer B. (Refer to (8) and (9) in FIG. 1). In other words, the validity of the disclosure address T is verified by inputting the referenced person identification information ID_A, the relationship level R, and the disclosure condition C included in the disclosure address T into a function determined from a predetermined key, and the disclosure address T Whether or not to execute the disclosure control content is determined using the disclosure condition C included in. Note that “Q” shown in the figure means that extraction is performed using a key, as described above.

  In addition, when the validity of the disclosure address T is confirmed and the execution of the disclosure control content is permitted, the service center refers to the disclosure mail in which the personal information of the referred person A is disclosed. B (see (10) in FIG. 1). That is, the personal information corresponding to the referred person identification information ID_A included in the disclosure address T among the personal information stored in the personal information storage unit is disclosed in the disclosure control content S stored in the disclosure policy storage unit. In accordance with the disclosure control content S corresponding to the relationship level R included in the address T, it is sent to the reference person B by mail and disclosed. For example, if the disclosure control content S corresponding to the relationship level R included in the disclosure address T received from the referrer B is “disclose only the mail address and address”, the mail address of the referee A And only the address is disclosed to the referrer B.

  Thus, according to the first embodiment, the child code (disclosure address T) for accessing a specific service is not generated from the beginning, but the parent code G for generating the child code is first generated. Since the parent code G is received from the reference person B and the disclosure address T as a child code is generated, the reference person A does not need to be directly involved in the generation of the disclosure address T. As the feature, it is possible to reduce the labor of the reference person A accompanying the generation of the disclosure address T. In particular, from the viewpoint of preventing decryption of the disclosure address T, even when the key used for generating the disclosure address T is frequently changed and the disclosure address T is reissued, the reference person B presents the parent code G. It is only necessary to receive a reissue, and it is not necessary for the referred person A to make a reissue request. Therefore, even if the number of reference persons B permitted to be referred to increases, the burden on the referred person A can be suppressed. become.

[Configuration of Information Disclosure System (Example 1)]
Next, the configuration of the information disclosure system according to the first embodiment will be described with reference to FIG. FIG. 2 is a diagram illustrating the configuration of the information disclosure system according to the first embodiment.

  As shown in the figure, this information disclosure system includes a referee terminal 1, a referee terminal 2, a user information server 10, a child code issuing server 20, and an information disclosure server 30 on a network (Internet 3). And a communication network formed by a LAN 4, a referee-side IP network, a referrer-side IP network, a router, a firewall, and the like. The role and configuration of each device will be described below.

[Referenced Terminal (Example 1)]
The referee terminal 1 is a terminal used by the referee A, such as a known personal computer, workstation, home game machine, Internet TV, PDA, or mobile communication terminal such as a mobile phone or PHS. And a role of generating the parent code G and a role of notifying the reference terminal 2 of the generated parent code G. Specifically, as closely related to the present invention, as illustrated in FIG. 2, a secret key holding unit 1a, a public key holding unit 1b, and a parent code generation unit 1c are provided. The parent code generation unit 1c corresponds to “first access code generation means” recited in the claims.

  Among these, the secret key holding unit 1a is a means for storing the secret key of the reference person A used for generating the parent code G. The public key holding unit 1b is a means for storing the public key of the referenceee A corresponding to the secret key stored in the secret key holding unit 1a (more specifically, a subject indicating the owner of the public key). is there. The parent code generation unit 1c is a processing unit that generates the parent code G including the generation control content of the disclosure address T using the secret key of the referenced person A. The parent code generation processing by the parent code generation unit 1c will be described in detail later with reference to FIG.

  By the way, when the referred person terminal 1 receives a start instruction of the parent code generation program from the reference person A, the screen related to the parent code generation request (parent code generation request screen) illustrated in FIG. It outputs and receives input of the generation control information of the disclosure address T (information specifying the disclosure relation level R and the disclosure condition C included in the disclosure address T) from the referenceee A. When the parent code G is generated based on the input information, a screen (parent code generation response screen) related to the parent code generation response as illustrated in FIG. 10 is output to a monitor or the like.

[Referencer terminal (Example 1)]
The referrer terminal 2 is the same as the above-mentioned referee terminal 1, such as a known personal computer, workstation, home game machine, Internet TV, PDA, or mobile communication terminal such as a mobile phone or PHS. Is a terminal used by. Then, mainly, the role of receiving the parent code G from the referred person terminal 1 and the mail (child code generation request mail) related to the request for generating the disclosure address T as illustrated in FIG. 11 are transmitted to the child code issuing server 20. A role of receiving a mail (child code generation notification mail) related to the generation notification of the disclosure address T as illustrated in FIG. 12 from the child code issuing server 20, and a disclosure address T as illustrated in FIG. The role of transmitting a mail related to a reference request as a destination (reference request mail) to the information disclosure server 30, and a mail related to information disclosure (information disclosure mail) in which personal information as disclosed in FIG. 30 to receive from 30.

  Further, as illustrated in FIG. 2, the referrer terminal 2 includes an address storage unit 2 a (so-called mail software address book) for storing the parent code G and the disclosure address T. However, the address storage unit 2a is not an essential component of the referrer terminal 2. For example, the address storage unit 2a stores and stores a mail in which the parent code G and the disclosure address T are written in a mail folder, or on a memo sheet or the like. The parent code G and the disclosure address T may be written down and saved.

[User Information Server (Example 1)]
The user information server 10 is a database device that stores data and programs necessary for various processes performed by the information disclosure system according to the first embodiment, and is mainly information of a user (referred person A) who discloses information through an information disclosure service. Have the role of managing Specifically, as shown in FIG. 2, a user information table 11 is provided as closely related to the present invention.

  Here, as illustrated in FIG. 3, the user information table 11 is associated with a “user ID” for uniquely identifying each person A to be referred to, a “password” used for user authentication, and a public key. A “subject (identifier for specifying the public key of the referenceee A)” used for identification is stored and configured.

[Child Code Issuing Server (Example 1)]
The child code issuing server 20 is a server device that generates a disclosure address T that is a child code. The child code issuing server 20 mainly receives a child code generation request mail (see FIG. 11) from the referrer terminal 2, and a child code generation request mail. The role of verifying the parent code G received in step 1, the role of generating the disclosure address T, the role of transmitting the child code generation notification mail including the generated disclosure address T (see FIG. 12) to the reference terminal 2, and the like Have. As closely related to the present invention, as shown in FIG. 2, a communication unit 21, a public key table 22, a parent code verification unit 23, an issue key storage unit 24, a child code generation unit 25, Is provided. The child code generation unit 25 corresponds to “second access code generation means” recited in the claims.

  Among these, the communication unit 21 is a processing unit that controls communication with the reference terminal 2 or the like in accordance with a communication protocol such as so-called SMTP or HTTP. Specifically, a process for receiving a child code generation request mail (see FIG. 11) from the reference terminal 2 and a child code generation notification mail (see FIG. 12) including the disclosure address T are transmitted to the reference terminal 2. Execute the process to perform.

  The public key table 22 is a means for storing the public key of the reference person A used for verification of the parent code G. Specifically, the public key table 22 is associated with the “subject” stored in the user information table 11 described above. The public key of each referenced person A is stored.

  The parent code verification unit 23 is a processing unit that verifies the validity of the parent code G included in the child code generation request mail using the public key stored in the public key table. The parent code verification process will be described in detail later with reference to FIG.

  The issuance key storage unit 24 is a means for storing an issuance key (master key) used to generate a disclosure address T that is a child code, and this issuance key is stored in a verification key storage unit 36 of the information disclosure server 30 described later. It is the same key as the verification key stored.

  The child code generation unit 25 is disclosed using the issue key stored in the issue key storage unit 24 and the generation control information included in the parent code G when the generation of the child code is permitted by the parent code verification unit 23. This is a processing unit that generates a service address T. The child code generation process will be described in detail later with reference to FIG.

[Information Disclosure Server (Example 1)]
The information disclosure server 30 is a server device that provides an information disclosure service. The information disclosure server 30 mainly receives and registers personal information and a disclosure policy from the referee terminal 1, and the disclosure address T from the reference terminal 2 is a destination address. The role of receiving the reference request mail (see FIG. 13), the role of determining whether disclosure is possible based on the disclosure address T included in the reference request mail, and the information disclosure mail based on the disclosure address T (see FIG. 14) For example, to the referrer terminal 2. As closely related to the present invention, as illustrated in FIG. 2, a communication unit 31, a user authentication unit 32, a personal information storage unit 33, a disclosure policy storage unit 34, an information update unit 35, A verification key storage unit 36, a disclosure determination unit 37, and a disclosure control unit 38.

  Among these, the communication unit 31 is a processing unit that controls communication with the referee terminal 1, the referrer terminal 2, and the like according to a communication protocol such as so-called SMTP or HTTP. Specifically, a process of receiving an update request message related to personal information or a disclosure policy from the referenced person terminal 1, a process of receiving a reference request mail (see FIG. 13) from the reference terminal 2, and an information disclosure mail (FIG. 14). For example) is transmitted to the referrer terminal 2.

  Here, when receiving the reference request mail, the communication unit 31 receives a limited disclosure request from the reference person B via the mail subject (SUBJECT). That is, as illustrated in FIG. 13, for example, a reference request command such as “sched 040401” is input as the subject from the reference person B who requests reference only for the schedule of April 1, 2004. Accept reference request emails.

  The user authentication unit 32 is a processing unit that authenticates whether or not the referred person A is a valid user who can receive the information disclosure service. Specifically, when a personal information or disclosure policy update request message is received from the referred person terminal 1, the identification information (user ID) and password included in the message are stored in association with the user information table 11. Authenticate whether or not. As a result, if the user authentication is successful, the information to that effect is transferred to the information updating unit 35 described later, and if the user authentication fails, a response to that effect is sent to the referenced user terminal 1.

  The personal information storage unit 33 is means for storing the personal information of the referenced person A received from the referenced person terminal 1. Specifically, as illustrated in FIG. 4 and FIG. 5, the telephone number (phone), mail address (e-mail), and address (of the referred person A) are associated with the user ID of each referenced person A. address) is stored in the basic information table, and the start date / time, end date / time, and contents of the schedule are stored in the schedule table. In the schedule table, for each schedule, whether it is a public schedule or a private schedule may be stored.

  The disclosure policy storage unit 34 is a means for storing the disclosure policy of the referenced person A received from the referenced person terminal 1. Specifically, as illustrated in FIG. 6, the disclosure control content S is stored for each relationship level R in association with the user ID of each referenced person A. Here, in the first embodiment, the disclosure control content S that uses different disclosure information items for each relationship level R is adopted. Therefore, as illustrated in the figure, the disclosure control content S includes “phone, e-mail, address, Information items permitted to be disclosed such as “schedule” are listed and defined. Note that “schedule” means that all schedules are disclosed regardless of whether they are public schedules or private schedules, and “public-schedule” means that only public schedules are disclosed. It is.

  The information update unit 35 is a processing unit that registers personal information and a disclosure policy in the personal information storage unit 33 and the disclosure policy storage unit 34, respectively. Specifically, after receiving the update request message for the personal information and the disclosure policy from the referenced person terminal 1, when the user authentication of the referenced person A is successful, the information updating unit 35 includes the updated individual included in the request message. Information and a disclosure policy are registered in the personal information storage unit 33 and the disclosure policy storage unit 34. This update process is executed each time personal information or a disclosure policy is received from the referenced user terminal 1, and is based on the preliminary code G generation process, the address generation process for the disclosure address T, and the disclosure address T. It can be executed at any time independent of the disclosure control process.

  The verification key storage unit 36 is a means for storing a verification key (master key) used for verification of the disclosure address T, and this verification key is an issuance key stored in the issuance key storage unit 24 of the child code issuance server 20. Is the same key.

  The disclosure determination unit 37 is a processing unit that determines whether personal information can be disclosed based on the disclosure address T received from the referrer terminal 2. The disclosure determination process will be described in detail later with reference to FIG.

  The disclosure control unit 38 is a processing unit that executes the disclosure control content S specified from the disclosure address T when the disclosure determination unit 37 permits the disclosure. The disclosure control process will be described in detail later with reference to FIG.

[Processing from generation of parent code to notification (Example 1)]
Next, the flow of processing from generation of the parent code G to notification will be described with reference to FIG. FIG. 7 is a sequence diagram showing a flow of processing from generation of the parent code G to notification.

  As shown in the figure, when receiving the parent code generation program start instruction from the referenceee A, the referred person terminal 1 starts the parent code generation program (step S701), and the parent terminal as illustrated in FIG. The code generation request screen is output to a monitor or the like (step S702), and the generation control information of the disclosure address T (information specifying the disclosure relation level R and the disclosure condition C included in the disclosure address T) from the referenceee A ) Is received (step S703).

  Subsequently, when receiving the generation control information of the disclosure address T from the referenced person A to the parent code generation request screen from the referenced person A, the referenced person terminal 1 generates a parent code G (step S704), and the generated parent code A parent code generation response screen (see FIG. 10) including G is output to a monitor or the like (step S705). In other words, the “subject” of the public key corresponding to the secret key, the “generation control content” specifying the disclosure relation level R and the disclosure condition C included in the disclosure address T, and further encrypting these pieces of information with the secret key The parent code G including the “signature data” obtained by converting into the signature is generated. The generation process of the parent code G will be described in detail later with reference to FIG.

  Thereafter, in response to the operation instruction of the referred person A, the referred person terminal 1 includes the generated parent code G in an electronic mail message such as an Internet mail or a mobile mail or a SIP message and transmits it to the reference terminal 2. Thus, the parent code G is notified to the reference person B (step S706). The parent code G can be obtained by the referrer B by publishing the parent code G on a homepage or bulletin board on the network, or a business card on which the parent code G is written (for example, the parent code G is printed as a two-dimensional barcode). If it is done through some means, whether it is online or offline, such as handing the business card) to the reference person B, or verbally transmitting the parent code G from the reference person A to the reference person B Good.

[Processing from Child Code Generation to Information Disclosure (Example 1)]
Next, the flow of processing from generation of a disclosure address T, which is a child code, to information disclosure will be described with reference to FIG. FIG. 8 is a sequence diagram showing a flow of processing from generation of child codes to information disclosure.

  As shown in the figure, the child code issuing server 20 receives a “child code generation request mail” as illustrated in FIG. 11 from the referrer terminal 2 (step S801). That is, as illustrated in FIG. 11, the mail in which the address of the child code issuing server 20 is input to the destination address (TO address) and the parent code G acquired from the referenced person A is input to the subject (SUBJECT) Receive.

  Then, when receiving the child code generation request mail, the child code issuance server 20 verifies the parent code G included in the child code generation request mail (step S802). That is, after extracting the subject, the generation control contents, and the signature data from the parent code G, the validity of the signature data is verified using the public key of the referenced person A specified by the subject. The parent code verification process will be described later in detail with reference to FIG.

  When the validity of the parent code G is recognized by the parent code verification process, the child code issuing server 20 generates the generation control contents extracted from the parent code G (the disclosure relation level R and the disclosure included in the disclosure address T). A disclosure address T is generated using information specifying the condition C (step S803). In other words, a character obtained by concatenating the referenced person identification information ID_A corresponding to the subject and the falsification preventing code obtained by inputting the referenced person identification information ID_A, the relationship level R, and the disclosure condition C into a function determined from a predetermined key. A disclosure address T in a mail address format having the column “user name portion” is generated. The child code generation process will be described in detail later with reference to FIG.

  Subsequently, the child code issuing server 20 creates a child code generation notification mail (see FIG. 12) including the generated disclosure address T, and transmits it to the referrer terminal 2 (step S804). Then, in the referrer terminal 2, the content of the child code generation notification mail as illustrated in FIG. 12 is output to a monitor or the like, and the disclosure address T is designated by the referrer B via the keyboard or mouse on this mail. Then, as the address storage process, the designated disclosure address T is registered in the address storage unit 2a (so-called mail software address book) (step S805). Note that as described above, a mail in which the disclosure address T is written may be stored and stored in a mail folder, or the disclosure address T may be written and stored on a memo sheet or the like.

  After that, the referrer terminal 2 responds to the referer's instruction or periodically at predetermined time intervals, as illustrated in FIG. Is transmitted to the information disclosure server 30 (step S806). Note that identification information for identifying the referrer B is also transmitted to the information disclosure server 30 as the sender address of the reference request mail.

  The information disclosure server 30 that has received the reference request mail determines whether or not to disclose personal information to the reference person B as a disclosure determination process (step S807). In other words, the validity of the disclosure address T is verified by inputting the referenced person identification information ID_A, the relationship level R, and the disclosure condition C included in the disclosure address T into a function determined from a predetermined key, and the disclosure address T Whether or not to execute the disclosure control content is determined using the disclosure condition C included in. The disclosure determination process will be described in detail later with reference to FIG.

  Then, the information disclosure server 30 transmits an information disclosure mail (see FIG. 14) in which the personal information of the referred person A is disclosed to the reference terminal 2 as a disclosure control process (step S808). That is, the personal information corresponding to the referred person identification information ID_A included in the disclosure address T among the personal information stored in the personal information storage unit is disclosed in the disclosure control content S stored in the disclosure policy storage unit. In accordance with the disclosure control content S corresponding to the relationship level R included in the address T (more specifically, according to the limited disclosure request entered in the subject of the reference request mail), the information is sent to the reference person B by mail. To do. The disclosure control process will be described in detail later with reference to FIG.

  By the way, although it is the timing of the reference person B who makes a generation request for the disclosure address T which is a child code, it is not limited to the case where the disclosure address T is acquired for the first time after obtaining the parent code. This is also performed when a new disclosure address T is acquired due to elapse of the expiration date of T, loss of the disclosure address T, leakage of the disclosure address T, or the like.

  Further, as described above, the update processing of the personal information and the disclosure policy in the information disclosure server 30 is referred to independently of the processing procedure from the generation of the parent code G and the disclosure address T to the information disclosure. This is executed each time the updated personal information or disclosure policy is received from the person terminal 1. Therefore, the updated personal information registered in the information disclosure server 30 when the reference request mail is received from the referrer terminal 2 is also in accordance with the updated disclosure policy registered in the information disclosure server 30 at that time. , Disclosed to reference B.

[Parent Code Generation Processing (Example 1)]
Next, the generation process of the parent code G by the referrer terminal 1 will be described with reference to FIG. FIG. 15 is a flowchart showing details of the parent code generation processing.

  As shown in the figure, in the referrer terminal 1, through the parent code generation request screen as illustrated in FIG. 9, the generation control information for the disclosure address T (the disclosure relation level R and the disclosure included in the disclosure address T) When the information specifying the condition C) is input, the parent code generation unit 1c generates the following data A from the public key subject (step S1501). That is, after obtaining the subject indicating the owner of the public key from the public key holding unit 1b, null (0x00) is added after the subject, null termination is performed, and this is integer-encoded to generate data A.

  Thereafter, the parent code generation unit 1c generates the following control code B1 from the relationship level R and the disclosure condition C (step S1502). That is, as shown below, a 5-bit control code B1 is generated, and this data B1 is set as an initial value of the data string B.

Control code B1: [b4 b3 b2 b1 b0]
b4: 1 if there is an expiry date specified, 0 if not present b3: 1 if the address of the referrer is specified, 0 if not present b2: 1 if the referrer domain is specified, 1 or not B1 to b0: value obtained by integer-coding the value of relation level R with 2 bits. That is, for example, there are expiration date designation and referrer address designation, and “1” is designated as relation level R. If it is, the control code B1 “11001” is generated.

  If the expiration date is specified in the disclosure condition C, the parent code generation unit 1c generates the following control code B2 from the number of days specified by the expiration date (step S1503). In other words, the number of days specified on the parent code generation request screen (specified number x 7 days for week specification, specified number x 30 days for month specification) is integer-coded with 13 bits to generate data B2. The data B2 is added to the end of the data string B.

  The parent code generation unit 1c generates the following signature data (data Z) from the data A and data B (step S1504). That is, signature data of data obtained by concatenating data B with data A is generated using the secret key of the secret key holding unit 1a, and this signature data is defined as data Z.

  Further, the parent code generation unit 1c generates the following parent code G from the data A, data B, and data Z (step S1505). In other words, data obtained by concatenating data A, data B, and data Z is BASE32-encoded to generate encoded data, and this encoded data is obtained as a parent code G.

[Parent Code Verification Process (Example 1)]
Subsequently, the verification process of the parent code G by the child code issuing server 20 will be described with reference to FIG. FIG. 16 is a flowchart showing details of the parent code verification processing.

  As shown in the figure, when the parent code G is input through the “child code generation request mail” illustrated in FIG. 11 in the child code issuing server 20, the parent code verification unit 23 starts from the parent code G. The following data A and data BZ are acquired (step S1601). That is, the base code G is BASE32-decoded to generate decoded data, the data from the beginning of the decoded data to null (0x00) is acquired as data A (Subject), and the data after null (0x00) is acquired. Obtained as data BZ.

  Further, the parent code verification unit 23 acquires the public key of the referred person A who generated the parent code G (step S1602). That is, using the data A (Subject) as a key, the public key corresponding to this Subject is acquired from the public key table 22.

  Thereafter, the parent code verification unit 23 acquires data B and data Z as described below (step S1603). That is, when the first bit of the data BZ is “1” (that is, when an expiration date is specified), the data from the head of the data BZ to the 18th bit is acquired as data B, and the 19 bits from the head Data after the first is acquired as data Z. On the other hand, when the first bit of the data BZ is “0” (that is, when the expiration date is not specified), the data from the head of the data BZ to the fifth bit is acquired as the data B, and 6 bits from the head. Data after the first is acquired as data Z. Note that data B is data generated in step S1502 or S1503 shown in FIG. 15, and data Z is data generated in step S1504 shown in FIG.

  Then, the parent code verification unit 23 verifies the data Z that is the signature code (step S1604). Specifically, after the data Z is decrypted with the public key to generate decrypted data, it is determined whether the data obtained by concatenating the data B with the data A matches the decrypted data. The parent code G is regarded as an illegal code, a response mail (mail that cannot generate a child code) is transmitted to the referrer terminal 2 and the parent code verification process is terminated.

  As a result, when the validity of the data Z as the signature code is recognized, the parent code verification unit 23, together with the verification result of “OK”, the data A (subject) acquired in step S1601 and the step S1603. The data B (control code) acquired in step S3 is output to the child code generation unit 25, and the parent code verification process is terminated.

[Child Code Generation Processing (Example 1)]
Next, a child code generation process performed by the child code issuing server 20 will be described with reference to FIG. FIG. 17 is a flowchart showing details of such child code generation processing.

  As shown in the figure, in the child code issuing server 20, the parent code verifying unit 23 performs the verification result “OK”, and the data A (subject) and the data B (control code) are input to the child code generating unit 25. Then, the child code generation unit 25 acquires the following control code D0 from the data B (step S1701). Specifically, data from the top of data B to 5 bits is acquired as control code D0, and this control code D0 is set as the initial value of data D.

  Subsequently, if the first bit from the top of the control code D0 is “1”, the child code generation unit 25 generates the following data D1 assuming that the expiration date is specified as the disclosure condition C (step S1702). ). That is, the data (13 bits) after the 6th bit is read from the beginning of the data B, and the number of days obtained by regarding the 13 bits as an integer value is added to the current date to obtain the date of expiration. Further, data D1 is generated by encoding the number of days from January 1, 2000 to the expiration date as an integer value of 15 bits, and this data D1 is added to the end of the data string D.

  Further, if the second bit from the top of the control code D0 is “1”, the child code generation unit 25 generates the following data D2 on the assumption that the address of the referrer is specified as the disclosure condition C (step S40). S1703). That is, the hash value of the address of the referrer B who is requesting the generation of the child code (source address of the child code generation request mail) is obtained, and the data D2 consisting of the last 15 bits of this hash value is obtained as the end of the data string D. Add to the tail.

  On the other hand, if the third bit from the beginning of the control code D0 is “1”, the child code generation unit 25 generates the following data D2 on the assumption that the domain of the referrer is specified as the disclosure condition C (step S40). S1704). That is, the hash value of the domain name (domain name at the sender address of the child code generation request mail) at the address of the referrer B who is requesting generation of the child code is obtained, and data D2 consisting of the last 15 bits of this hash value Is added to the end of the data string D.

  Thereafter, the child code generation unit 25 generates the following data D3 from the data A (subject) (step S1705). That is, after acquiring the user ID (referenced person identification information ID_A) corresponding to the data A (Subject) from the user information table 11 of the user information server 10, the data string D is added after the referenced person identification information ID_A. The generated character string Y is generated, and the value of the hash function with key of the character string Y is obtained using the issue key K of the issue key storage unit 24, and the data D3 including the last 25 bits of the hash value is obtained as the data string D. Add to the end of.

  Then, the child code generation unit 25 generates a disclosure address T including the following falsification preventing code (step S1706). Specifically, after the data string D is BASE32-encoded to generate a 12-character string X (tampering prevention code), a dot character “.” Is added after the referenced person identification information ID_A, and further behind The disclosure address T is generated by adding the character string X and adding “@ 121.anywhere.ne.jp” after the character string X. The domain name (for example, “@ 121.anywhere.ne.jp”) included in the disclosure address T is an address of a device that processes the disclosure address T. In the first embodiment, the domain name of the information disclosure server 30 This is the address. For this reason, the mail addressed to the disclosure address T is delivered to the information disclosure server 30.

[Disclosure Determination Processing (Example 1)]
Next, disclosure determination processing by the information disclosure server 30 will be described with reference to FIG. FIG. 18 is a flowchart showing details of the disclosure determination processing. In the following description, it is assumed that the source address of the reference request mail and the disclosure address T have already been input to the information disclosure server 30.

  As shown in the figure, the disclosure determination unit 37 of the information disclosure server 30 reads “character string X, verification data V, data string B, control code B0, referenceee identification from the disclosure address T as follows. Information ID_A ”is restored (step S1801).

  That is, as shown in FIG. 18, in the disclosure address T, the character string from the first dot character “.” To the end counted from the end of the user name portion is “character string X”, and the character string X is The last 25 bits of the data string obtained by BASE32 decoding is “verification data V”, and the part other than the last 25 bits of the data string obtained by BASE32 decoding of the character string X is “data string B”. The first five bits of “1” are restored as “control code B0”, and the character string immediately before the dot character “.” In the user name portion is restored as “referenced person identification information ID_A”.

  The disclosure determining unit 37 verifies the validity of the verification data V (falsification preventing code) extracted from the disclosure address T (step S1802). That is, the data string B is added after the referenced person identification information ID_A to generate the character string Y, and the value of the keyed hash function of the character string Y using the verification key K stored in the verification key storage unit 36. After generating the character string Vt consisting of the last 25 bits of the hash value, it is determined whether the character string Vt matches the verification data V (falsification prevention code). Judged as an illegal address and determined that disclosure is impossible.

Furthermore, the disclosure determination unit 37 restores the relationship level R and the disclosure condition C from the control code B0 as described below (step S1803).
In control code B0: [b4 b3 b2 b1 b0]
If b4: 1, the expiration date is specified, if 0, not specified b3: 1, referrer's address is specified, 0 is not specified, b2: 1: referrer's domain is specified, 0 is not specified, b1 to b0: 2 bits The relation level R is restored by decoding into an integer value.

  After that, when the expiration date is designated, the disclosure determination unit 37 determines whether or not the disclosure condition C is satisfied (step S1804). That is, the sixth and subsequent 15 bits from the beginning of the data string B are read, and the number (days) obtained by regarding the 15 bits as an integer value is added to January 1, 2000 to restore the expiration date. Then, it is determined whether the current date has passed the restored expiration date. If the expiration date has passed, it is determined that disclosure is not possible as the disclosure condition is not satisfied.

  Furthermore, when the address of the referrer is designated, the disclosure determination unit 37 determines whether or not the disclosure condition C is satisfied (step S1805). That is, the 15th bit after the 21st bit from the beginning of the data string B is read as the character string B2, and a hash value of the source address (source address of the reference request mail) is obtained, and consists of the last 15 bits of this hash value. Data B2t is acquired. Then, it is determined whether the character string B2 and the data B2t match. If they do not match, it is determined that the disclosure condition is not satisfied and the disclosure is impossible.

  Furthermore, when the referrer's domain is designated, the disclosure determination unit 37 determines whether or not the disclosure condition C is satisfied (step S1806). That is, the 15 bits starting from the 21st bit from the beginning of the data string B are read as the character string B2, and the hash value of the domain name in the source address (domain name in the source address of the reference request mail) is obtained. The data B2t consisting of the last 15 bits is acquired. Then, it is determined whether the character string B2 and the data B2t match. If they do not match, it is determined that the disclosure condition is not satisfied and the disclosure condition is not satisfied.

  As a result, when all of the above-described determinations (steps S1802, S1804, S1805, and S1806) are satisfied, the disclosure determination unit 37 sets the reference person identification information ID_A and the relationship level R to the disclosure determination result (disclosure permission). At the same time, it is output to the disclosure control unit 38. On the other hand, if it is determined that disclosure is not possible without satisfying any of the conditions, a response mail (not disclosed email) stating that fact is transmitted to the referrer terminal 2 and the disclosure determination process is terminated.

[Disclosure Control Processing (Example 1)]
Finally, disclosure control processing by the information disclosure server 30 will be described with reference to FIG. FIG. 19 is a flowchart showing details of the disclosure control process. In the following description, for the disclosure address T permitted to be disclosed in the above disclosure determination process, the referenceee identification information ID_A, the relationship level R, and the limited disclosure request have already been input to the information disclosure server 30. It shall be.

  As shown in the figure, the disclosure control unit 38 of the information disclosure server 30 refers to the disclosure policy storage unit 34 and discloses the disclosure control content (disclosure information item) S corresponding to the relationship level R of the referred person identification information ID_A. Is extracted (step S1901).

  Furthermore, when the limited disclosure request is included in the subject of the reference request mail, the disclosure control unit 38 extracts the overlapping range of the disclosure control content S extracted above and the limited request included in the mail (step) S1902). That is, out of the items included in the disclosure information item, the items included in the limitation request are extracted. For example, the disclosure control content S that “telephone number, e-mail address, address, and schedule are all disclosed”. On the other hand, when there is a limited disclosure request such as “sched 040401”, “all schedules of April 1, 2004” are extracted as disclosure information items in the overlapping range as a result.

  Thereafter, the disclosure control unit 38 refers to the personal information storage unit 33, and acquires personal information corresponding to the disclosure information item in the overlapping range from the personal information of the referred person identification information ID_A (step S1903). That is, in the above example, “all schedules for April 1, 2004” is acquired from the personal information of the referred person identification information ID_A.

  Then, the disclosure control unit 38 creates a disclosure mail (see FIG. 14) including the personal information acquired above as the disclosure information, and transmits the disclosure mail to the referrer terminal 2 (step S1904). That is, in the above example, a disclosure mail disclosing “all schedules for April 1, 2004” of the reference person A is created and transmitted to the reference person B.

[Effects of Example 1]
As described above, according to the first embodiment, the child code (disclosure address T) for accessing a specific service is not generated from the beginning, but the parent code G for generating the child code is generated. Is generated first, and the parent code G is received from the reference person B to generate the disclosure address T which is a child code. Therefore, the referred person A does not need to be directly involved in the generation of the disclosure address T, and is disclosed. Therefore, it is possible to reduce the labor of the reference person A accompanying the generation of the service address T. In particular, from the viewpoint of preventing decryption of the disclosure address T, even when the key used for generating the disclosure address T is frequently changed and the disclosure address T is reissued, the reference person B presents the parent code G. It is only necessary to receive a reissue, and it is not necessary for the referred person A to make a reissue request. Therefore, even if the number of reference persons B permitted to be referred to increases, the burden on the referred person A can be suppressed. become.

  Further, according to the first embodiment, the disclosure address T that is a child code is not generated in response to the request of the referred person A, but the disclosure address T is generated in response to the request of the reference person B. Judgment whether or not to generate the disclosure address T is left to the reference person B who is the user of the disclosure address T, and generation of unnecessary disclosure addresses T can be suppressed.

  Furthermore, according to the first embodiment, when generating any access code (parent code G and disclosure address T), the access code and access control information (generation control information, disclosure control information) are not stored in the database. Since the access control information is included in the access code, generation control and disclosure control can be performed without requiring such a database.

  In addition, according to the first embodiment, since a specific service disclosure address T is generated via the issuing parent code G, the generation and use opportunities are less than the disclosure address T. While pursuing safety by using the parent code G of the company, and pursuing convenience by using the disclosure address T in which generation and use opportunities are increased compared to the parent code G for issuance, overall safety and convenience are improved. It is possible to efficiently achieve both.

  Further, according to the first embodiment, the parent code G is generated using a different key for each referenced person A, while the disclosure address T, which is a child code, uses a common key without distinguishing the referenced person A. Since it is generated by using this, the generation process and verification process of the parent code G are complicated (to make it difficult for a malicious third party to illegally generate and alter the parent code G), and the safety is improved, and the disclosure address It becomes possible to improve the convenience by simplifying the T generation processing and verification processing. In the first embodiment, since the key used for generating the disclosure address T is common in the system, the key can be updated more easily and more frequently than the key for each referenced person A. It is also possible to improve the safety of the service address T.

  According to the first embodiment, the parent code G is generated using an asymmetric key (different keys are used for encryption and decryption), while the disclosure address T is generated using a symmetric key (encryption). The same key is used for decryption and decryption), so the generation process and verification process of the parent code G are complicated to improve safety, and the generation process and verification process of the disclosure address T are simplified to improve convenience. It becomes possible to make it.

  Further, according to the first embodiment, since the expiration date of the disclosure address T, which is a child code, is set to be before the expiration date of the parent code G, it is possible to improve the safety by shortening the usage period of the disclosure address T. It becomes possible. On the other hand, since the expiration date of the parent code G is made after the expiration date of the disclosure address T, if the expiration date of the disclosure address T comes, the expiration date of the parent code G has not come. The address T can be regenerated without the involvement of the referenced person A. This makes it possible to reduce the labor of the referenced person A accompanying the regeneration of the disclosure address T and is unnecessary. It is also possible to suppress the regeneration of the disclosure address T.

  According to the first embodiment, not the disclosure condition C itself (for example, limited to XX year, month, day, XX@yyyy.com, etc.) but the purpose of generating the disclosure condition C (for example, 1 from the date of issue) A parent code G including a monthly deadline, reference address of the referrer B, etc.) is generated, and the disclosure code T is changed to a disclosure address T in a situation where the parent code G is received from the referrer B (for example, the issue date or the source address is different). Since the disclosure condition C to be included is determined, a plurality of disclosure addresses T can be generated from a single parent code G according to the reception status of the parent code G. For this reason, the referred person A does not need to generate the same number of parent codes G as the disclosure addresses T that can be generated. It is also possible to generate a disclosure address T having the same meaning for each B.

  Although the information disclosure system according to the first embodiment has been described so far, the present invention may be implemented in various different forms other than the above-described embodiments. Therefore, in the following, as the second embodiment, various embodiments will be described by being divided into (1) to (15).

(1) Disclosure information In the above embodiment, a case has been described in which personal information such as the telephone number, mail address, address, schedule, etc. of the referred person A is disclosed as disclosure information, but the present invention is limited to this. Instead, as illustrated in FIG. 20, information such as the marital status (the presence or absence of a spouse) of the referenced person A, the family structure, etc., and the logged-on status, logon location, and telephone usage status of the referenced person with respect to the network Presence information indicating the dynamic attribute of the user in the network, such as information indicating, may be disclosed in the same manner.

  Further, the disclosure information is not limited to such information relating to an individual, and the present invention can be similarly applied even when disclosing information related to the referenced person A, which is an organization or an organization. That is, the present invention is stored and managed in association with the referenced person identification information A that uniquely identifies the referenced person A as a referenced subject regardless of whether it is an individual or an organization. It can be applied when all information is disclosed.

(2) Disclosure timing In the above embodiment, the case where information disclosure is performed at the timing when the reference request mail is received from the referrer B has been described. However, the present invention is not limited to this, and personal information is updated. Information may be disclosed at different timings. That is, in this case, when the reference request mail is received from the referrer B, the information disclosure server 30 performs a disclosure determination based on the disclosure address T included in the reference request mail, and disclosure is permitted by this disclosure determination. For the disclosed address T, as illustrated in FIG. 21, the reference identification information ID_B, the referenced person identification information ID_A, the disclosure control content S, and the disclosure information item derived from the limited disclosure request are associated with each other. Register in the update notification DB (database).

  Then, in the information disclosure server 30, when the personal information stored in the personal information storage unit 33 is updated, the personal identification information ID_B in which the personal information related to the update is entered as a disclosure information item from the database. And the disclosure mail including the personal information related to the update is transmitted to the referenceer identification information ID_B. As described above, if the personal information is disclosed to the reference person B at the timing when the personal information is updated, the reference person B can acquire the updated personal information at the time of the update.

(3) Disclosure condition In the above-described embodiment, the case where the reference permission period and the reference authorized person (referrer's mail address) that are permitted to be referred to are disclosed condition C, but the present invention is limited to this. For example, the period during which reference is permitted (for example, from year * month * day to x year * month * day), the period for which reference is permitted (for example, from time o to time o) (For example, ○ times. In this case, the history of the number of references is managed in a database, and the disclosure condition is determined while referring to the database), the reference permission group (for example, the domain name of the reference permission group, etc.), etc. It may be specified as the disclosure condition C. In other words, as illustrated in FIG. 22, a disclosure address T including a disclosure permission period, a disclosure permission deadline, a disclosure permission time, a disclosure permission number, a reference permitter, a reference permission group, or a combination thereof as a disclosure condition C. May be generated.

(4) Disclosure Control Content In the above embodiment, the case where the type of information to be disclosed is defined as the disclosure control content S has been described. However, the present invention is not limited to this, and is illustrated in FIG. In addition, other control contents such as the disclosed timing, the disclosed terminal (medium), and the processing for the disclosure may be defined in the disclosed control contents S.

  That is, as the disclosure timing, for example, disclosure at “request time (when sending a reference request mail)”, disclosure at “update time (when updating personal information)”, or the like may be specified. Further, as the disclosure terminal (medium), for example, the reference request mail is “PC mail (Internet mail)” based on the sender address of the reference request mail by the referrer B (this is the destination address of the disclosure mail). "If disclosed" and "mobile mail" may be disclosed. Further, as disclosure processing, for example, when disclosing a schedule, it may be specified that the name of the other party of the meeting is hidden and disclosed, or only the “scheduled” is disclosed by hiding the schedule content itself. When an address is disclosed, it may be specified to hide and disclose the street name.

(5) Disclosure Control Information Included in Disclosure Address In the above embodiment, the case where the disclosure address T including the relation level R and the disclosure condition C as disclosure control information is generated has been described. Without being limited, as shown in FIG. 24, disclosure address T including information related to disclosure control content (relation level or disclosure control content), information related to disclosure conditions (disclosure condition or disclosure condition specifying information) Disclosure address T including information, disclosure control content T and disclosure address T including information related to disclosure conditions, or disclosure address T including information specifying disclosure control content and disclosure conditions Good.

  That is, the present invention is not limited to the case where the disclosure address T including the relation level R is generated as the information related to the disclosure control content, and “telephone number disclosure, e-mail address disclosure” in the above-described embodiment, etc. The disclosure address T including the disclosure control content S itself may be generated by replacing the disclosure control content in FIG. 1 with a code of “0 (disclosed)” or “1 (disclosed)”. In this case, the information disclosure server 30 extracts the disclosure control content S from the disclosure address T and executes the disclosure control content S in the disclosure control process.

  Further, as information related to the disclosure condition, the present invention is not limited to the case where the disclosure address T including the disclosure condition C itself is generated. As illustrated in FIG. 25, the disclosure condition C and the disclosure The information disclosure server 30 includes a disclosure condition storage unit that associates and stores the disclosure condition specifying information for uniquely specifying the condition C, and the disclosure address T including the disclosure condition specifying information is used instead of the disclosure condition C. The child code issuing server 20 may generate the code. In this case, the information disclosure server 30 obtains the disclosure condition C corresponding to the disclosure condition specifying information from the disclosure condition storage unit after extracting the disclosure condition specifying information from the disclosure address T in the disclosure determination process. Whether or not the disclosure condition C is satisfied is determined.

  Further, the present invention is limited to the case where the disclosure address T including information related to the disclosure control content (relation level or disclosure control content) and information related to the disclosure condition (disclosure condition or disclosure condition specifying information) is generated. Instead, as illustrated in FIG. 26, a disclosure policy & disclosure condition storage unit that stores disclosure control content S and disclosure condition C in association with specific information for uniquely specifying both of them. May be included in the information disclosure server 30, and the child code issuing server 20 may generate the disclosure address T including the specific information. In this case, the information disclosure server 30 extracts the specific information from the disclosure address T in the disclosure determination process and the disclosure control process, and then discloses the disclosure condition C and the disclosure control content S corresponding thereto. & Obtained from the disclosure condition storage unit.

  In the above description, when the disclosure control content and the disclosure condition are stored in the information disclosure server 30, the disclosure control content and the disclosure condition customized for each referenceee A are stored (FIGS. 6, 25, 26), the present invention is not limited to this. For example, as illustrated in FIG. 27, the disclosure control contents and disclosure common in the system without distinguishing the referred person A, for example. The condition may be stored.

(6) Generation Control Information Included in Parent Code In the above embodiment, the parent code G including the relationship level R for disclosure and the type (generation purpose) of the disclosure condition C is used as the generation control content of the disclosure address T. Although the case of generating has been described (see FIGS. 9 and 15), the present invention is not limited to this, and as shown in FIG. 28, information related to the generation control content (relationship for generation control content or generation) Level), parent code G including information related to generation conditions (generation conditions or generation condition specifying information), parent code G including information related to generation control contents and information related to generation conditions, or The parent code G may include information for specifying the generation control content and generation conditions. Hereinafter, these parent codes G will be briefly described.

  That is, in FIG. 28, the “generation control content” included in the parent code G is access control information corresponding to the “disclosure control content” in the child code described above. Specifically, as illustrated in FIG. , Information related to the disclosure control content to be included in the generated disclosure address T (disclosure relation level itself or disclosure control content itself), information related to the disclosure condition to be included in the generated disclosure address T (type of disclosure condition) , The disclosure condition itself, or the disclosure condition specifying information itself) or a combination thereof may be generated.

  In this case, the child code issuing server 20 extracts the generation control contents from the parent code G and executes the generation control contents in the child code generation process. That is, when the relation level for disclosure and the disclosure control content are extracted as the generation control content, the disclosure address T including the disclosure relation level and the disclosure control content is generated, and the disclosure condition and disclosure are disclosed. When the condition specifying information is extracted as the generation control content, the disclosure address T including the disclosure condition and the disclosure condition specifying information is generated. In addition, for example, when accepting the disclosure control content itself included in the disclosure address T and the type of disclosure condition (generation purpose) included in the disclosure address T as a request for generating the parent code G, an example is illustrated in FIG. Such a “parent code generation request screen” is output to the monitor or the like.

  In FIG. 28, the “generation relation level” included in the parent code G is access control information corresponding to the “disclosure relation level” in the child code described above. That is, as the information related to the generation control content, the present invention is not limited to the case where the parent code G including the above-mentioned “generation control content” is generated. As illustrated in FIG. And the generation control information storage unit 20 that stores the generation control level that uniquely specifies the generation control content in association with each other, and the child code issuing server 20 includes the parent code G including the generation relation level. The referrer terminal 1 may generate it. In this case, in the child code generation process, the child code issuance server 20 extracts the generation relation level from the parent code G and then acquires the corresponding generation control content from the generation control information storage unit. Then, the disclosure address T is generated by executing such generation control content.

  In FIG. 28, the “generation condition” included in the parent code G is access control information corresponding to the “disclosure condition” in the child code described above. That is, as illustrated in FIG. 32, a period during which the generation of the disclosure address T is permitted (for example, from year * month * day to x year x month x day), and a period for which generation is permitted (for example, year * Month to day), time allowed to be generated (for example, from ○ hour to ○ hour), number of times that generation is permitted (for example, ○ times. In this case, the history of the number of generations is managed in a database, The generation condition is determined with reference to the generation permitter (for example, the e-mail address of the generation permitter. In this case, the generation permitter and the reference permitter are not necessarily the same person), the generation permission group (For example, the domain name of the generation permission group. In this case, the generation permission group and the reference permission group do not necessarily have to be the same group.), The generation amount (for example, Yen), or a combination thereof, etc. Including generation condition required to generate a use address T may generate the parent code G. When such a generation condition is received as a generation request for the parent code G, the referred person terminal 1 outputs a “parent code generation request screen” as illustrated in FIG. 33 to the monitor or the like.

  In this case, the child code issuing server 20 may extract a generation condition from the parent code G in addition to verifying the signature code included in the parent code G in the parent code verification process, and whether or not the generation condition is satisfied. By determining, it is determined whether or not the disclosure address T can be generated. In other words, the child code issuing server 20 needs to satisfy the generation permission period, generation permission time limit, generation permission time, generation permission number, generation permission person, generation permission group, generation amount or a combination thereof included in the parent code G. As a condition, the generation of the disclosure address T that is a child code is permitted.

  In FIG. 28, “generation condition specifying information” included in the parent code G is access control information corresponding to “disclosure condition specifying information” in the child code. That is, as the information related to the generation condition, the present invention is not limited to the case where the parent code G including the generation condition itself is generated, and as illustrated in FIG. 34, the generation condition and the generation condition The child code issuance server 20 includes a generation condition storage unit that stores the generation condition specifying information that uniquely specifies the generation condition specifying information, so that the referee terminal 1 generates the parent code G including the generation condition specifying information. It may be. In this case, the child code issuing server 20 extracts the generation condition specifying information from the parent code G in the parent code verification process, and then acquires the generation condition corresponding thereto from the generation condition storage unit for determination. I do.

  In FIG. 28, “information for specifying the generation control content and generation condition” included in the parent code G corresponds to “information for specifying the disclosure control content and the disclosure condition (see FIG. 26)” in the child code described above. Access control information. That is, when generating the parent code G including information related to the generation control content (relation level for generation or generation control content) and information related to the generation condition (generation condition or generation condition specifying information) as described above. The invention is not limited, and as illustrated in FIG. 35, generation control information storage that stores generation control contents S and generation conditions C in association with specific information for uniquely specifying both of them. The child code issuance server 20 may be provided, and the referenced person terminal 1 may generate the parent code G including the specific information. In this case, the child code generation server 20 extracts the specific information from the parent code G in the parent code verification process and the child code generation process, and then generates a generation condition and generation control content corresponding thereto. Obtained from the information storage unit.

  In the above description, when storing the generation control contents and generation conditions in the child code generation server 20, an example of storing the generation control contents and generation conditions customized for each referenced person A (FIGS. 31 and 34). However, the present invention is not limited to this. For example, as in the case illustrated in FIG. 27, the common generation control content in the system without distinguishing the referred person A, for example. Alternatively, the generation conditions may be stored.

  By the way, when generating the parent code G and the child code (disclosure address T) as described above, the information amount of the child code may be set to be equal to or less than the information amount of the parent code. In other words, for example, while generating a parent code that includes the e-mail address of the referrer as a generation control content, a child code that includes a part of the hash value of the e-mail address as a disclosure condition is generated. It is. In this way, if the information amount of the child code is made equal to or less than the information amount of the parent code, the length of the child code can be shortened, and further, the labor involved in managing and presenting the child code by the reference person B can be reduced. It is possible to improve convenience.

(7) Disclosure Address Format In the above-described embodiment, the case where the disclosure address T is generated in the email address format used for an electronic mail message such as Internet mail or mobile mail has been described. The disclosure address T may be generated in the form of a message address used for, for example, a so-called instant message, presence exchange message, SIP message such as an IP telephone control message. .

  The disclosure address T may be generated in a so-called URI (Uniform Resource Identifier) format without being limited to the message address format. That is, as illustrated in FIG. 37 and FIG. 38, a URL (Uniform Resource Locator) address having a character string obtained by concatenating the referred person identification information ID_A and the falsification prevention code of the above-described embodiment as a “path name portion”. You may form as. Hereinafter, the disclosure address T in the URL format will be specifically described.

  FIG. 37 is a diagram illustrating an example of a child code generation notification mail received by the referrer B, and FIG. 38 is a diagram illustrating an example of a screen related to information disclosure. Here, as illustrated in FIG. 37, the disclosure address T in the URL format is, for example, a reference person after “//www.anywhere.ne.jp” indicating the server name (address) of the information disclosure server. It is formed by concatenating the identification information “/ suzuki” and the falsification prevention code “/ bgxerasdqwiu”.

  When the reference terminal 2 receives an “address generation notification mail” as illustrated in FIG. 37 from the address issuing server, the content including the generated URL address is output to the monitor or the like of the reference terminal 2. However, when the URL address is designated by the referrer B via the keyboard or mouse on this mail, the designated URL address is registered in the address storage unit 2a (so-called web browser software favorite).

  After that, when a reference request message having the URL address (disclosure address T) as the connection destination address is transmitted to the information disclosure server using the Web browser software of the referrer terminal 2, the information disclosure server transmits the URL address (disclosure). 38, the disclosure determination process and the disclosure control process are performed, and a disclosure screen as illustrated in FIG. 38 is transmitted to the referrer terminal 2. In the case of the disclosure address T in the URL format, as illustrated in FIG. 38, a limited disclosure request command is input after the falsification prevention code.

  Further, the present invention is not limited to the disclosure address T in such message address format or URI format, and as shown in FIG. 36, for example, a telephone number format, a ticket format, a barcode format (for example, a two-dimensional barcode) The present invention can be similarly applied to any information member that can express the disclosure address T, such as various types of card information (for example, magnetic information of a card, built-in information of an IC card).

  That is, in the case of the disclosure address T expressed by a telephone number, a connection request with the telephone number as a connection destination is received from the telephone terminal of the reference person B by the connection device of the telephone line network, and disclosure determination processing and disclosure control are performed. Processing is performed and the disclosed information is returned to the telephone terminal. Further, in the case of the disclosure address T expressed by a barcode, the barcode-attached medium (for example, a business card or a prepaid card) is read by a barcode reader, and disclosure determination processing or disclosure control processing is performed. Disclosure information is output from a display device connected to the barcode reader. Further, in the case of the disclosure address T expressed in the ticket format or card information, the disclosure is performed by the same method as the above barcode.

(8) Parent Code Format In the above embodiment, the case where the ticket-type parent code G is used has been described. However, the present invention is not limited to this, and the message address is the same as the disclosure address T described above. The present invention can be similarly applied to any information member that can represent the parent code G, such as a format, a URI (Uniform Resource Identifier) format, a telephone number format, a ticket format, a barcode format, and various card information. .

  More specifically, the child code issuing server 20 receives the child code generation request by a message such as an email when the parent code G in the message address format is used. Further, when using a parent code in the telephone number format, a child code generation request with the telephone number as the connection destination is received from the telephone terminal of the referrer. Further, when using a parent code in the barcode format, for example, The child code generation request is accepted by reading the barcode-attached medium (for example, a business card or a prepaid card) with a barcode reader (corresponding to the child code issuing server 20 described above). That is, since the address of the child code issuing server 20 can be included in the parent code, there is no need for the reference person B to write the address of the child code issuing server 20 and the parent code in the mail.

(9) Notification of disclosure address T, etc. In the above embodiment, the case where the child code issuing server 20 notifies only the reference person B of the generation notification of the disclosure address T has been described. Instead, the reference person A may be notified that the disclosure address T has been issued to the reference person B together with the generation notification to the reference person B.

  In the above embodiment, the case where the child code generation request mail including the parent code G is received from the referrer B as the request for issuing the disclosure address T has been described. However, the present invention is not necessarily limited to this. For example, the parent code G or the like may be received from the reference person B through some means such as causing the reference person B to input the parent code G or the address of the reference person B on the Web page of the child code issuing server 20. Good.

(10) Generation and Verification of Parent Code G and Disclosure Address T In the above embodiment, the case where the referred person A generates the parent code G and the service center generates the disclosure address T has been described. The invention is not limited to this. The service center may generate the parent code G, and the referenced person A may generate the disclosure address T. Both the disclosure address T may be generated, and further, as illustrated in FIG. 39, the service center may generate both the parent code G and the disclosure address T.

  Further, in the above embodiment, the case where the service center performs verification and disclosure control of the disclosure address T has been described. However, the present invention is not limited to this, and the referenced person who is the terminal of the referenced person A is referred to. The person terminal 1 may perform verification and disclosure control of the disclosure address T. That is, for example, the disclosure address T generated at the service center may be received and processed by the referred person terminal 1 from the reference person B, and further, for example, the referenced person terminal. The disclosure address T generated in 1 may be received from the referrer B by the referee terminal 1 and processed.

  In the above embodiment, the case where the parent code G is generated using a different key for each referenced person A, while the disclosure address T is generated using the common key for the referenced person A has been described. However, the present invention is not limited to this. For example, the service center may generate the parent code G by using a common key for the referred person A. The referenceee A may generate the disclosure address T using a different key.

  In the above embodiment, the case where the parent code G is generated using the asymmetric key of the asymmetric key system and the disclosure address T is generated using the symmetric key of the symmetric key system has been described. Is not limited to this. For example, the parent code G may be generated using a symmetric key type symmetric key, and the disclosure address T is generated using an asymmetric key type asymmetric key. You may do it.

(11) Falsification prevention code etc. In the above embodiment, the case where the relation prevention level T is used to generate the falsification prevention code for the disclosure address T has been described. However, the present invention is not limited to this, and the relation level. A falsification preventing code may be generated using the disclosure control content S corresponding to R. That is, the falsification prevention code is not limited to that described in the above embodiment, and information included in the disclosure address T such as the referred person identification information ID_A, the relationship level R or the disclosure control content S, and the disclosure condition C ( The tamper-proof code may be generated by appropriately using any one of these (see FIG. 24) or a combination thereof.

  In the above-described embodiment, the case where the disclosure address T including the so-called falsification prevention code is generated has been described. However, the present invention is not limited to this, and instead of the falsification prevention code, a reference is made. The disclosure address T including encrypted data obtained by encrypting the person identification information ID_A, the relationship level R (or the disclosure control content S), the disclosure condition C, and the like with a predetermined key may be generated. That is, in this case, in the disclosure determination process by the information disclosure server 30, the validity of the encrypted data is verified by decrypting the encrypted data with a predetermined key. The encrypted data in this case may be generated using any one of the information included in the disclosure address T (see FIG. 24) or a combination thereof as in the case of the falsification preventing code. That's fine.

  In the above embodiment, the case where the signature code obtained by encrypting the generation control content is included in the parent code G has been described. However, the present invention is not limited to this, and the disclosure address T and the above disclosure address T Similarly, a falsification preventing code may be included in the parent code G. When generating such a signature code or falsification preventing code, as with the disclosure address T described above, the signature code is appropriately used by using any one of the information included in the parent code G (see FIG. 28) or a combination thereof. Codes and tamper-proof codes may be generated.

(12) Invalidation of parent code G In the above-described embodiment, the case where the parent code G once generated is valid semipermanently unless the generation permission time limit or the generation permission period elapses has been described. Is not limited to this. By invalidating the already generated parent code G, the parent code is verified before the child code is generated on the condition that the parent code G is not invalidated. May be. That is, in this case, the child code issuing server 20 further includes an invalidation table that stores information for specifying the parent code G to be invalidated, and the parent code received from the reference person B in the parent code verification process. It is further determined whether or not G is invalidated based on the invalidation table, and the child code generation process is executed on the condition that it is not invalidated.

  Here, as a method of invalidating the parent code G, as illustrated in FIG. 40, the parent code G itself to be invalidated is registered in the invalidation table, and the parent code G received from the reference person B is If it is registered in the invalidation table, it is possible to adopt a method in which child code cannot be generated. Further, information related to generation of the parent code G (for example, public key subject, information included as generation control content, etc.) is registered in the invalidation table, and the subject extracted from the parent code G received from the reference person B Or the like is registered in the invalidation table, it is possible to adopt a method in which the child code cannot be generated.

  Further, as illustrated in the figure, identification information separately included in the parent code G (for example, identification information for uniquely identifying a parent code generator, identification information provided for each parent code generation procedure, etc.) Can be registered in the invalidation table, and if the identification information extracted from the parent code G is registered in the invalidation table, it is possible to adopt a method in which the child code cannot be generated. In addition, the generation information separately included in the parent code G (for example, the generation number, the generation date and time, or a combination thereof having a larger value as it is generated later) is registered in the invalidation table and extracted from the parent code G. If the information is registered in the invalidation table, it is possible to adopt a method that makes it impossible to generate a child code, and further, a range of generation information separately included in the parent code G (for example, a generation number range, a generation date and time) If the generation information extracted from the parent code G belongs to the generation information range registered in the invalidation table, the child code cannot be generated. Etc. can also be adopted.

  As described above, if information for specifying the parent code G to be invalidated is registered in the invalidation table, a child based on the parent code G is used when a predetermined parent code G is misused. It becomes possible to reject code generation later. Although the invalidation of the parent code G has been described here, the disclosure address T, which is a child code, may be invalidated in the same manner as the parent code G.

(13) System Configuration, etc. Each component of each device illustrated in the above embodiment (for example, the child code issuing server and the information disclosure server illustrated in FIG. 2) is functionally conceptual, and is not necessarily physically It does not need to be configured as shown. That is, the specific form of distribution / integration of each device is not limited to the one shown in the figure. For example, the child code generation processing in the child code issuing server 20 and the disclosure control processing in the information disclosure server 30 are executed by the same device. All or a part of each device can be configured to be functionally or physically distributed / integrated in an arbitrary unit according to various loads or usage conditions. Further, all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.

  In addition, among the processes described in the above embodiments, all or part of the processes described as being performed automatically can be manually performed, or the processes described as being performed manually. All or a part of the above can be automatically performed by a known method. In addition, information including processing procedures, control procedures, specific names, various data and parameters (for example, information stored in a personal information storage unit, disclosure policy storage unit, etc.) shown in the above document or drawing Can be arbitrarily changed unless otherwise specified.

  In the above embodiment, each device (for example, a referee terminal, a referrer terminal, a child code issuing server, an information disclosure server, etc.) that realizes the present invention has been described in terms of functions. Can also be realized by causing a computer such as a personal computer or a workstation to execute the program. That is, the various processing procedures described in the first embodiment can be realized by executing a program prepared in advance on a computer. These programs can be distributed via a network such as the Internet. Further, these programs can be recorded on a computer-readable recording medium such as a hard disk, a flexible disk (FD), a CD-ROM, an MO, and a DVD, and can be executed by being read from the recording medium by the computer. That is, for example, a CD-ROM (a separate CD-ROM for each apparatus) storing a program for a referee terminal, a child code issuing server program, and an information disclosure server program as shown in the first embodiment. May be distributed, and each computer may read and execute the program stored in the CD-ROM.

(14) Message delivery service The case where the access code issuance and access control according to the present invention have been applied to the information disclosure service has been described so far, but the present invention is not limited to this. A "message delivery service" that delivers a message sent from B (accessor) to recipient A (accessee) or a phone call sent from caller B (accessor) to recipient A (accessee) The present invention can be similarly applied to any service accessed by the accessor B with respect to the accessed person A, such as a “telephone connection service” for connecting a connection request. Therefore, in the following, an embodiment when the access control according to the present invention is applied to the “message delivery service” and the “telephone connection service” will be described.

  FIG. 41 is a diagram for explaining an embodiment of the message delivery system. Here, the “message” handled by the message delivery system is a destination address such as an SIP message such as a so-called instant message, presence exchange message, IP phone control message, etc. in addition to an electronic mail message such as Internet mail or mobile mail. Various messages delivered with

  In this message delivery system, a third party other than the recipient A and the sender B (for example, a service center that provides a message delivery service) receives message delivery destination information from the recipient A and stores it in the delivery destination information storage unit. At the same time, the delivery policy, that is, the relationship level R and the delivery control content S are received from the called party A and stored in the delivery policy storage unit (see (1) in FIG. 41).

  Here, the “delivery destination information” is information indicating a delivery destination of a message whose destination is the recipient A, and corresponds to, for example, a mobile mail address of the recipient A, a PC mail address, or the like. The “delivery control content S” is control content related to delivery of the message delivery service. For example, as illustrated in FIG. 41, “deliver the message to the mobile phone of the recipient A and the PC. “The message is delivered only to the PC (personal computer) of the receiver A” corresponds to this.

  Then, the callee A generates a parent code G including the contents of generation control for the delivery address T using the private key of the callee A (see (2) in FIG. 41). In other words, the “subject” of the public key corresponding to the secret key, the “generation control content” specifying the delivery relation level R and the delivery condition C included in the delivery address T, and further encrypting these information with the secret key The parent code G including the “signature data” obtained by converting into the signature is generated. Further, the callee A notifies the parent code G to the caller B who wants to give the delivery address T generated based on the parent code G (see (3) in FIG. 41).

  On the other hand, the service center receives the parent code G from the caller B as a request for issuing the delivery address T, and verifies the validity of the parent code (see FIGS. 41 (4) and (5)). When the validity of the parent code G is recognized, the service center uses the generation control content extracted from the parent code G (information specifying the delivery relation level R and the delivery condition C included in the delivery address T). Then, a delivery address T is generated, and the generated delivery address T is notified to the caller B (see (6) and (7) in FIG. 41). That is, a character string obtained by concatenating the recipient identification information ID_A corresponding to the subject and the falsification prevention code obtained by inputting the recipient identification information ID_A, the relationship level R, and the delivery condition C into a function determined from a predetermined key. A delivery address T in a mail address format as “user name portion” is generated.

  When the service center receives a message (mail) having the delivery address T as the destination address from the caller B as a message delivery request to the callee A, the service center determines whether or not to deliver the message to the callee A. (Refer to (8) and (9) in FIG. 41). That is, the recipient identification information ID_A, the relationship level R, and the delivery condition C included in the delivery address T are input to a function determined from a predetermined key to verify the validity of the delivery address T, and to the delivery address T. Whether or not the delivery control content can be executed is determined using the delivery condition C included.

  In addition, when the validity of the delivery address T is recognized and the execution of the delivery control content is permitted, the service center out of the delivery destination information stored in the delivery destination information storage unit. The delivery control content corresponding to the relationship level R included in the delivery address T among the delivery control content S stored in the delivery policy storage unit with reference to the delivery destination information corresponding to the callee identification information ID_A contained in the address T The message is delivered to the callee A according to S (see (10) in FIG. 41). That is, for example, if the delivery control content S corresponding to the relationship level R included in the delivery address T received from the caller B is “deliver message to mobile phone and PC”, delivery is performed. The message from the caller B is delivered to the mobile phone and the PC terminal of the callee A using the mobile mail address and the PC mail address of the callee A stored in the destination information storage unit.

  In this message delivery system, access control (delivery control) similar to the access control (disclosure control) described in the information disclosure system according to the first and second embodiments is realized. That is, in the description of the first and second embodiments, for example, “Disclosure address” is “delivery address”, “Disclosure policy” is “delivery policy”, and “Disclosure control content” is “delivery control content”. The same access control can be applied.

(15) Telephone connection service FIG. 42 is a diagram for explaining an embodiment of the telephone connection system. In this telephone connection system, a third party other than the callee A and the caller B (for example, a service center handling the connection address T) receives the telephone connection destination information from the callee A and stores it in the connection destination information storage unit. At the same time, the connection policy, that is, the relation level R and the connection control content S are received from the called party A and stored in the connection policy storage unit (see (1) in FIG. 42).

  Here, the “connection destination information” is information indicating a connection destination of a telephone whose destination is the callee A. For example, a mobile phone number of the callee A, a home phone number, a company phone number, etc. This is the case. The “connection control content S” is control content related to the connection of the telephone connection service. For example, as illustrated in FIG. 42, “Connect to the mobile phone of the callee A”, “Incoming call”. The control content such as “Connect to the home phone of the person A” corresponds to this.

  Then, the callee A generates a parent code G including the generation control content of the connection address T using the private key of the callee A (see (2) in FIG. 42). In other words, the “subject” of the public key corresponding to the secret key, the “generation control content” specifying the connection relation level R and the connection condition C to be included in the connection address T, and further encrypting these information with the secret key The parent code G including the “signature data” obtained by converting into the signature is generated. Furthermore, the callee A notifies the parent code G to the caller B who wants to give the connection address T generated based on the parent code G (see (3) in FIG. 42).

  On the other hand, the service center receives the parent code G from the caller B as a request for issuing the connection address T, and verifies the validity of the parent code (see FIGS. 42 (4) and (5)). When the validity of the parent code G is recognized, the service center uses the generation control content extracted from the parent code G (information specifying the connection relation level R and connection condition C included in the connection address T). Then, the connection address T is generated, and the generated connection address T is notified to the caller B (see (6) and (7) in FIG. 42). That is, a character string obtained by concatenating the recipient identification information ID_A corresponding to the subject and the falsification prevention code obtained by inputting the recipient identification information ID_A, the relationship level R, and the connection condition C into a function determined from a predetermined key. A numeric string is generated by numerical encoding, and a connection address T in a telephone number format in which the numeric string is connected to a telephone number of a service center or the like that processes the connection address T is generated.

  When the service center receives a telephone connection request with the connection address T as the incoming call destination from the caller B as a telephone connection request to the callee A, the service center determines whether or not to connect the telephone to the callee A. (See (8) and (9) in FIG. 42). That is, the recipient identification information ID_A, the relation level R, and the connection condition C included in the connection address T are input to a function determined from a predetermined key to verify the validity of the connection address T, and the connection address T Whether or not to execute the connection control content is determined using the included connection condition C.

  In addition, when the validity of the connection address T is recognized and the execution of the connection control content is permitted, the service center makes a telephone connection among the connection destination information stored in the connection destination information storage unit. The connection corresponding to the relation level R included in the telephone connection address T of the connection control contents S stored in the connection policy storage unit with reference to the connection destination information corresponding to the callee identification information ID_A included in the address T According to the control content S, the telephone is connected to the called party A (see (10) in FIG. 42). In other words, for example, if the connection control content S corresponding to the relationship level R included in the telephone connection address T received from the caller B is “Connect to the mobile phone of the callee A”. The telephone connection request from the caller B is transferred to the mobile phone of the callee A using the mobile phone number of the callee A stored in the connection destination information storage unit.

  Also in this telephone connection system, access control (connection control) similar to the access control (disclosure control) described in the information disclosure system according to the first and second embodiments is realized. That is, in the above description of the first and second embodiments, for example, “disclosure address” is “connection address”, “disclosure policy” is “connection policy”, and “disclosure control content” is “connection control content”. The same access control can be applied.

(16) Relationship between parent code and child code The relationship between the parent code and the child code will be described below with reference to FIG. In the above embodiment, when the disclosure address T as a child code is generated based on the parent code for issuing the disclosure address T, or similarly, based on the parent code for issuing the delivery address T. In the case of generating the delivery address T which is a child code, the case where the connection address T which is a child code is generated based on the parent code for issuing the connection address T has been described.

  By the way, when generating the parent code including the generation control information for generating the predetermined service code in order to generate the child code including the access control information for the predetermined service as described above. The invention is not limited, and a parent code including generation control information for generating a plurality of service codes may be generated as shown in FIG. That is, for example, each of the above includes generation control information for generating a disclosure address T, generation control information for generating a transfer address T, and generation control information for generating a connection address T. The parent code may be generated.

  In this case, as illustrated in FIG. 43, a disclosure address T, a transfer address T, and a connection address T are generated according to the selection of the reference person B who receives the child code. Alternatively, a single child code (a child code including all of the disclosure control information, the transfer control information, and the connection control information) that serves as all of the disclosure address T, the transfer address T, and the connection address T may be used. You may make it produce | generate.

  In the above embodiment, the generation control information (for example, the generation control information for the information disclosure service, the generation control information for the message delivery service, the generation control information for the telephone connection service, etc.) specifying the predetermined service is used. Although the case where the included parent code is generated has been described, the present invention is not limited to this, and as illustrated in FIG. 43, generation control information that does not specify a service (for example, any service) A parent code including an applicable relation level, an access permission deadline, an access permission period, an access permitter, and the like may be generated. In this case, even for a new service born after generation of the parent code, a child code for the service can be generated based on the existing parent code.

  In the first and second embodiments, the case where the access code for issuance is “parent code” and the access code for a predetermined service is generated as “child code” based on this parent code has been described. In the third and fourth embodiments, the access code for a predetermined service (for example, the disclosure address T) is set as “parent code”, and the parent code is updated to generate the access code for the same service as “child code” Will be explained.

  That is, in the information disclosure system described below, the disclosure address T before update corresponds to the “first access code” recited in the claims, and the disclosure address T after update is the same as the “first access code”. This corresponds to “2 access code”. Then, the information disclosure system updates the disclosure control information (access control information) included in the already disclosed disclosure address T, and generates the disclosure address T including the updated disclosure control information. Main feature. In the following, the configuration of the information disclosure system according to the third embodiment, details of each device in the system, various processing procedures will be described, and finally the effects of the third embodiment will be described.

[Configuration of Information Disclosure System (Example 3)]
First, the configuration of the information disclosure system according to the third embodiment will be described with reference to FIG. FIG. 44 is a diagram illustrating the configuration of the information disclosure system according to the third embodiment. As shown in the figure, this information disclosure system includes a referee terminal 1, a reference terminal 2, a user information server 10, a child code issuing server 20, an information disclosure server 30, and a code update server 40. Are communicably connected to each other via a network (a communication network formed by the Internet 3, LAN 4, referee-side IP network, referrer-side IP network, router, firewall, etc.).

  Among these, the referee terminal 1, the referrer terminal 2, the user information server 10, the child code issuing server 20, and the information disclosure server 30 are the same as those described with the same reference numerals in the first embodiment. is there. However, in addition to the role described in the first embodiment, the referrer terminal 2 transmits a mail related to the update request for the disclosure address T illustrated in FIG. 46 (code update request mail) to the code update server 40. Further, it has a role of receiving mail (code update notification mail) related to the update notification of the disclosure address T as exemplified in FIG. 47 from the code update server 40.

  In addition to the role described in the first embodiment, the information disclosure server 30 further has a role of invalidating the disclosure address T before update. That is, as illustrated in FIG. 44, an invalidation table 39 that stores information (for example, invalidated disclosure address T itself) for specifying the disclosure address T before update invalidated by updating. Further, in the disclosure determination process, it is further determined based on the invalidation table 39 whether or not the disclosure address T received from the referrer has been invalidated, and it is a necessary condition that it is not invalidated. The disclosure control process is executed. As a result, after the disclosure address T is updated, the use of the old disclosure address T before the update is rejected.

[Configuration of Code Update Server (Example 3)]
The code update server 40 is a server device that updates the disclosure address T issued by the child code issuing server 20, and mainly receives a code update request mail (see FIG. 46) from the referrer terminal 2. A role of verifying the disclosure address T received by the code update request mail, a role of updating the disclosure address T, and a code update notification mail (see FIG. 47) including the updated disclosure address T are transmitted to the referrer terminal 2 Have a role to play. As shown in FIG. 44, the communication unit 41, the verification key table 42, the code verification unit 43, the issue key storage unit 44, and the code update unit 45 are provided as closely related to the present invention. . The code update unit 45 corresponds to “second access code generation means” recited in the claims.

  Among these, the communication unit 41 is a processing unit that controls communication with the reference terminal 2 or the like in accordance with a communication protocol such as so-called SMTP or HTTP. Specifically, a process of receiving a code update request mail (see FIG. 46) from the reference terminal 2 and a code update notification mail (see FIG. 47) including the updated disclosure address T are sent to the reference terminal 2. Execute processing to send.

  The verification key table 42 is means for storing a verification key (master key) used for verification of the disclosure address T before update. Specifically, this verification key is stored in the verification key storage of the information disclosure server 30 described above. This is the same key as the verification key stored in the unit 36.

  The code verification unit 43 verifies the disclosure address T before update included in the code update request mail using the verification key stored in the verification key table 42 (whether or not the update of the disclosure address T is permitted). Is a processing unit. Such code verification processing will be described later with reference to FIG.

  The issuance key storage unit 44 is a means for storing an issuance key (master key) used to generate the updated disclosure address T, and this issuance key is stored in the verification key storage unit 36 of the information disclosure server 30 described above. Is the same key as the verification key to be executed.

  When the update of the disclosure address T is permitted by the code verification unit 43, the code update unit 45 uses the issue key stored in the issue key storage unit 44 and the update control information included in the disclosure address T. The processing unit updates the disclosure address T. The code update process will be described in detail later with reference to FIG.

[Process from Code Update Request to Invalidation (Example 3)]
Next, a flow of processing from a code update request to invalidation will be described with reference to FIG. FIG. 45 is a sequence diagram showing a flow of processing from a code update request to invalidation. In the following description, the disclosure address T has already been generated by the child code generation processing described in the first embodiment. However, since the expiration date (disclosure permission time limit) of the disclosure address T is near, reference is made. Description will be made on the assumption that the user B makes a renewal request for the new address T for disclosure.

  As shown in the figure, the code update server 40 receives a code update request mail (see FIG. 46) from the referrer terminal 2 of the referrer B who uses the disclosure address T whose expiry date is near (step 46). S4501). That is, as illustrated in FIG. 46, an email is received in which the address of the code update server 40 is input to the destination address (TO address) and the disclosure address T for requesting the update is input to the subject (SUBJECT). In the third embodiment, it is assumed that the disclosure address T to be updated is generated by the child code generation process described with reference to FIG.

  When receiving the code update request mail, the code update server 40 verifies the disclosure address T included in the code update request mail (step S4502). That is, similar to the disclosure determination process described in the first embodiment, the reference identification information ID_A, the relationship level R, and the disclosure condition C included in the disclosure address T are input to a function determined from a predetermined key, and the disclosure address T And whether or not updating is possible is determined using the disclosure condition C included in the disclosure address T. The code verification process will be described in detail later with reference to FIG.

  When the validity of the disclosure address T is recognized by the code verification process, the code update server 40 updates the disclosure control information included in the disclosure address T to generate a new updated disclosure address T. (Step S4503). That is, in the disclosure control information included in the disclosure address T, after the expiration date included in the disclosure condition C is updated to a new expiration date, the updated disclosure is performed as in the child code generation process described in the first embodiment. A disclosure address T including control information is generated. The code update process will be described in detail later with reference to FIG.

  Subsequently, the code update server 40 creates a code update notification mail (see FIG. 47) including the disclosure address T generated by the code update process, and transmits this to the referrer terminal 2 (step S4504). As a result, the referrer B can continuously refer to the personal information of the referee A by sending a reference request mail to the information disclosure server 30 using the updated disclosure address T.

  Further, the code update server 40 transmits the disclosure address T before update (the code input in the subject field of the code update request mail) to the information disclosure server 30 as the invalidation target code (step S4505). Then, the information disclosure server 30 that has received the invalidation target code registers the disabling target code disclosure address T in the invalidation table 39 (step S4506). As a result, the information disclosure server 30 further determines whether or not the disclosure address T received from the referrer B is invalidated based on the invalidation table 39 in the disclosure determination process, and is invalidated. If so, the disclosure control process is not executed.

[Code Verification Processing (Example 3)]
Subsequently, a code verification process performed by the code update server 40 will be described with reference to FIG. FIG. 48 is a flowchart showing details of such code verification processing. In the following description, it is assumed that the source address of the update request mail and the disclosure address T have already been input to the code update server 40.

  As shown in the figure, the code verification unit 43 of the code update server 40 reads “character string X, verification data V, data string B, control code B0, referenceee identification” from the disclosure address T as follows. Information ID_A ”is restored (step S4801).

  That is, as shown in FIG. 48, in the disclosure address T, a character string from the first dot character “.” To the end counted from the end of the user name portion is “character string X”, and the character string X is The last 25 bits of the data string obtained by BASE32 decoding is “verification data V”, and the part other than the last 25 bits of the data string obtained by BASE32 decoding of the character string X is “data string B”. The first five bits of “1” are restored as “control code B0”, and the character string immediately before the dot character “.” In the user name portion is restored as “referenced person identification information ID_A”.

  Then, the code verification unit 43 verifies the validity of the verification data V (falsification preventing code) extracted from the disclosure address T (step S4802). That is, the data string B is added after the referenced person identification information ID_A to generate the character string Y, and the value of the keyed hash function of the character string Y using the verification key K stored in the verification key storage unit 36. After generating the character string Vt consisting of the last 25 bits of the hash value, it is determined whether the character string Vt matches the verification data V (falsification prevention code). It is regarded as an illegal address and it is determined that it cannot be updated.

Further, the code verification unit 43 restores the relation level R and the disclosure condition C from the control code B0 as described below (step S4803).
In control code B0: [b4 b3 b2 b1 b0]
If b4: 1, the expiration date is specified, if 0, not specified b3: 1, referrer's address is specified, 0 is not specified, b2: 1: referrer's domain is specified, 0 is not specified, b1 to b0: 2 bits The relation level R is restored by decoding into an integer value.

  Thereafter, when the expiration date is designated, the code verification unit 43 determines whether or not the disclosure condition C is satisfied (step S4804). That is, the sixth and subsequent 15 bits from the beginning of the data string B are read, and the number (days) obtained by regarding the 15 bits as an integer value is added to January 1, 2000 to restore the expiration date. Then, it is determined whether the current date has passed the restored expiration date. If the expiration date has passed, it is determined that the update is not possible.

  Further, when the address of the referrer is designated, the code verification unit 43 determines whether or not the disclosure condition C is satisfied (step S4805). That is, the 15th bit after the 21st bit from the beginning of the data string B is read as the character string B2, and a hash value of the source address (source address of the reference request mail) is obtained, and consists of the last 15 bits of this hash value. Data B2t is acquired. Then, it is determined whether the character string B2 and the data B2t match. If they do not match, it is determined that updating is not possible.

  Furthermore, when the referrer's domain is designated, the code verification unit 43 determines whether or not the disclosure condition C is satisfied (step S4806). That is, the 15 bits starting from the 21st bit from the beginning of the data string B are read as the character string B2, and the hash value of the domain name in the source address (domain name in the source address of the reference request mail) is obtained. The data B2t consisting of the last 15 bits is acquired. Then, it is determined whether the character string B2 and the data B2t match. If they do not match, it is determined that updating is not possible.

  As a result, when all of the above-described determinations (steps S4802, S4804, S4805, and S4806) are satisfied, the code verification unit 43 updates the reference identification information ID_A and the control code B0 with the update determination result (update permission). At the same time, it is output to the code update unit 45. On the other hand, if it is determined that the update is not possible without satisfying any of the conditions, a response mail (not updateable mail) stating that is transmitted to the referrer terminal 2 and the code verification process is terminated.

[Code update process (Example 3)]
Next, update processing of the disclosure address T by the code update server 40 will be described with reference to FIG. FIG. 49 is a flowchart showing details of such code update processing.

  As shown in the figure, in the code update server 40, the verification result of “update permission (OK)” is obtained by the code verification unit 43, and the referred person identification information ID_A and the control code B 0 are input to the code update unit 45. Then, the code update unit 45 generates the data B using the control code B0 as the initial value of the data B (step S4901).

  Subsequently, when the first bit from the head of the control code B0 is “1”, the code update unit 45 generates the following data B1 assuming that the expiration date is specified as the disclosure condition C (step S4902). . In other words, the number of days of a new effective period (for example, three months as a fixed value) is added to the current date to obtain a new effective date, and a new effective date from January 1, 2000 Data B1 is generated by encoding the number of days until the deadline as an integer value of 15 bits, and this data B1 is added to the end of the data string B.

  Further, when the second bit from the head of the control code B0 is “1”, the code update unit 45 generates the following data B2 on the assumption that the address of the referrer is specified as the disclosure condition C (step S4903). ). That is, the hash value of the address of the referrer B requesting the code update (source address of the code update request mail) is obtained, and the data B2 consisting of the last 15 bits of the hash value is added to the end of the data string B. to add.

  On the other hand, if the third bit from the top of the control code B0 is “1”, the code update unit 45 generates the following data B2 on the assumption that the domain of the referrer is specified as the disclosure condition C (step S4904). ). That is, the hash value of the domain name (domain name at the sender address of the code update request mail) at the address of the referrer B requesting the code update is obtained, and the data B2 consisting of the last 15 bits of the hash value is used as the data Append to the end of column B.

  Thereafter, the code update unit 45 generates the following data B3 from the referred person identification information ID_A (step S4905). That is, a character string Y in which the data string B is added after the referred person identification information ID_A is generated, and further, a value of the keyed hash function of the character string Y is obtained using the issue key K of the issue key storage unit 44. The data B3 consisting of the last 25 bits of the hash value is added to the end of the data string B.

  Then, the code update unit 45 generates a disclosure address T including the following falsification prevention code (step S4906). Specifically, after the data string B is BASE32-encoded to generate a 12-character string X (tampering prevention code), a dot character “.” Is added after the referred person identification information ID_A, and further behind An updated disclosure address T is generated by adding a character string X and adding “@ 121.anywhere.ne.jp” after the character string X. The domain name (for example, “@ 121.anywhere.ne.jp”) included in the disclosure address T is the address of the information disclosure server 30.

[Effects of Example 3 and the like]
As described above, according to the third embodiment, since the disclosure control information included in the disclosure address T for accessing the information disclosure service is updated to generate a new disclosure address T, the disclosure address T Thus, it is possible to reduce the labor of the reference person A associated with the updating of the information, and to suppress unnecessary updating of the disclosure address T.

  Further, according to the third embodiment, the expiration date of the disclosure address T is updated to generate a disclosure address T having a new expiration date, so that the reference person B is also new after the expiration date of the original disclosure address T. With this disclosure address T, the same access as before can be continued.

  In addition, according to the third embodiment, information disclosure is not permitted for a reference request using an invalid disclosure address T (disclosure address T before update). It is possible to avoid a situation in which the disclosure address T and the updated disclosure address T conflict.

  Although the information disclosure system according to the third embodiment has been described so far, the contents of the third embodiment described above and the contents of the first and second embodiments can be appropriately combined, and the present invention has been described above. The present invention may be implemented in various different forms other than the embodiments. Therefore, in the following, as the fourth embodiment, various embodiments will be described by being divided into (1) to (8).

(1) Disclosure control information that can be updated In the above embodiment, the case where the disclosure condition C, which is the disclosure permission period included in the disclosure address T, is updated has been described. However, the present invention is not limited to this. As shown in FIG. 50, disclosure relation level, disclosure control contents, disclosure conditions (disclosure permission period, disclosure permission deadline, disclosure permission count, reference permitter, reference permission group, or a combination thereof), disclosure condition specifying information The disclosure control information included in the disclosure address T, such as information specifying disclosure control contents and disclosure conditions, or a combination thereof, may be updated.

(2) Update control In the above embodiment, code verification similar to the disclosure determination process is performed (the validity of the falsification preventing code included in the disclosure address T is verified, and the disclosure included in the disclosure address T). The case where the disclosure condition C, which is the disclosure permission time limit included in the disclosure address T, is updated on the condition that the condition C is satisfied has been described. However, the present invention is not limited to this and is shown in FIG. In addition, a disclosure address T including update control information may be generated, and update control may be performed based on the update control information included in the disclosure address T, and the content after update (disclosure control information) ) May be received from the reference person B.

(3) Update Control Information Included in Disclosure Address That is, when update control is performed based on update control information included in disclosure address T, as shown in FIG. Disclosure address T including control content or update relation level), disclosure address T including information related to update conditions (update condition or update condition specifying information), information related to update control contents, and update conditions A disclosure address T including information or a disclosure address T including information for specifying update control contents and update conditions may be generated.

  The disclosure addresses T will be briefly described below. The update control information is included in the disclosure address T together with the disclosure control information when the child code issuing server 20 generates the disclosure address T. Further, when the code update server 40 updates the disclosure address T. It is newly included in the disclosure address T together with the updated disclosure address T. Further, what kind of update control information is included in the disclosure address T is designated by the referee A via the parent code generation request screen (see FIG. 9), or the child code that generates the disclosure address T When the issuing server 20 automatically designates or the child code issuing server 20 generates the disclosure address T in response to the generation request from the referenced person A, the update control information is received from the referenced person A. May be specified.

  In FIG. 52, “update control content” included in the disclosure address T is access control information corresponding to “disclosure control content” in the disclosure address T. For example, “disclosure relation level is 2”. To "update to disclosure control contents to disclosure of all items", "update the disclosure permission deadline to March from the current date", "update the disclosure permission deadline to the deadline received in the code update request email" The control contents such as “update the reference permitted person to the sender of the code update request mail” and “update the reference permitted person to the new reference permitted person accepted by the code update request mail” correspond to this.

  In this case, the code update server 40 extracts the update control content from the disclosure address T and executes the update control content in the code update process. That is, in the above example, a disclosure address T including the disclosure relation level “2” is generated, a disclosure address T including the disclosure control contents of all items disclosure is generated, and 3 from the current date is generated. A disclosure address T including the disclosure permission deadline after the month is generated, a disclosure address T including the disclosure permission deadline received by the code update request mail is generated, and reference to the sender of the code update request mail is permitted. The disclosure address T included as a reference is generated, and the disclosure address T including the new reference permitted person accepted by the code update request mail as the reference permitted person is generated.

  In FIG. 52, the “update relation level” included in the disclosure address T is access control information corresponding to the “disclosure relation level” in the disclosure address T. That is, as the information related to the update control content, the present invention is not limited to the case where the disclosure address T including the above-mentioned “update control content” is generated. As illustrated in FIG. The code update server 40 includes an update policy storage unit that stores the content and the relationship level for update that uniquely specifies the content of the update control in association with each other, and uses the disclosure address T including the relationship level for update as a child. The code issuing server 20 may generate the code. In this case, in the code update process, the code update server 40 extracts the update relation level from the disclosure address T, and then acquires the update control content corresponding thereto from the update policy storage unit. The disclosure address T is updated by executing such update control contents.

  In FIG. 52, the “update condition” included in the disclosure address T is access control information corresponding to the “disclosure condition” in the disclosure address T. That is, as illustrated in FIG. 54, a period during which the disclosure address T is permitted to be updated (for example, from year * month * day to x year x month x day), and a period for which update is permitted (for example, year * Month to day), update allowed time (for example, from ○ hour to ○ hour), number of times update is permitted (for example, ○ times. In this case, update history is managed in a database, The update condition is determined while referring to it), the update permitter (for example, the e-mail address of the update permitter. In this case, the update permitter and the reference permitter are not necessarily the same person), the update permission group (For example, the domain name of the update permission group. In this case, the update permission group and the reference permission group do not necessarily have to be the same group.) It may be generated disclosure address T containing update conditions necessary to update the use addresses T.

  In this case, the code update server 40 may extract the update condition from the disclosure address T in addition to the verification of the signature code included in the disclosure address T in the code verification process, and whether or not the update condition is satisfied. By determining, it is determined whether or not the disclosure address T can be updated. In other words, the code update server 40 needs to satisfy the update permission period, the update permission deadline, the update permission time, the update permission count, the update permitter, the update permission group, the update amount, or a combination thereof included in the disclosure address T. As a condition, update of the disclosure address T is permitted.

  In the above embodiment, the code verification process requests that the disclosure conditions included in the disclosure address T be satisfied. However, the present invention is not limited to this, and the signature included in the disclosure address T is not limited thereto. The update may be permitted when the validity of the code and the above update condition are satisfied, or the update may be permitted when all of the disclosure condition, the signature code, and the update condition are satisfied.

  In FIG. 52, “update condition specifying information” included in the disclosure address T is access control information corresponding to “disclosure condition specifying information” in the disclosure address T. That is, as the information related to the update condition, the present invention is not limited to the case where the disclosure address T including the update condition itself is generated. The update condition and the update condition for uniquely specifying the update condition are not limited. The code update server 40 may include an update condition storage unit that stores the specific information in association with each other, and the child code issuing server 20 may generate the disclosure address T including the update condition specifying information. In this case, in the code verification process, the code update server 40 extracts the update condition specifying information from the disclosure address T, and then acquires the update condition corresponding to the information from the update condition storage unit and makes a determination. Do.

  In FIG. 52, “information specifying update control contents and update conditions” included in the disclosure address T is “information specifying disclosure control contents and disclosure conditions (see FIG. 26)” in the disclosure address T. Corresponding access control information. That is, when generating the disclosure address T including the information related to the update control content (update relation level or update control content) and the information related to the update condition (update condition or update condition specifying information) as described above. The present invention is not limited, and the code update server 40 includes an update control information storage unit that stores update control contents and update conditions in association with specific information for uniquely specifying both of them, The child code issuing server 20 may generate the disclosure address T including the specific information. In this case, the code update server 40 extracts the specific information from the disclosure address T in the code verification process and the code update process, and then stores the update condition and update control content corresponding to the specific information in the update control information storage. Get from the department.

  Thus, if the disclosure control information is updated according to the update control information included in the disclosure address T, it is possible to prevent the disclosure address T from being updated unconditionally. Further, when the disclosure address T is generated, the disclosure address T and the update control information are not stored in the database, but the update control information is included in the disclosure address T, so that such a database is not required. The disclosure address T can be updated.

  In the above description, when the update control contents and update conditions are stored in the code update server 40, an example (see FIG. 53) of storing the update control contents and update conditions customized for each referenced person A is shown. However, the present invention is not limited to this. For example, as in the case illustrated in FIG. 27, the common update control contents and update conditions are stored in the system without distinguishing the referred person A. It may be.

(4) Receiving Update Content In the above embodiment, the case where the disclosure permission deadline after update is prepared as a fixed value in the system has been described. However, the present invention is not limited to this, and the update requester ( The updated disclosure permission deadline may be received from a reference person B or an update authorized person via a code update request mail, and a disclosure address T including the disclosure permission deadline may be generated. Similarly, as illustrated in FIG. 55, the address of the reference authorized person after the update is received in the code update request mail, and a disclosure address T including the address as reference authorized person information may be generated. Good. Thus, by updating the reference authorized person, it is possible to simply transfer or take over the reference right (access right). Note that the reception of the update content is not limited to these, and the updated content can be received for each piece of information shown in FIG.

(5) Shared use of disclosure control information In the above description, the case where update control is performed using the update control information included in the disclosure address T has been described. However, the present invention is not limited to this and is disclosed. The disclosure control information included in the address T may also be used as update control information. That is, for example, when the code update server 40 includes the update policy storage unit illustrated in FIG. 53, the disclosure relation level included in the disclosure address T is extracted as the update relation level. The update control content corresponding to the relationship level may be executed.

(6) Update Cancellation, Update Inquiry In the above description, the case of determining whether update is possible based on the update condition has been described. However, the present invention is not limited to this, and the update permission of the disclosure address T is canceled. Accordingly, whether or not the disclosure address T can be updated may be determined on the condition that the update permission has not been revoked. That is, similar to the invalidation of the parent code G described in the second embodiment, the update revocation table that stores information (for example, the disclosure address T itself) for specifying the disclosure address T for which the update permission is revoked is coded. The update server 40 further includes, in the code verification processing, further determining whether or not the disclosure address T has been revoked from the update permission based on the update revocation table, and the disclosure address T from which the update permission has been revoked. The code update process is executed as a necessary condition.

  Further, the present invention is not limited to the case where such an update cancellation table is provided. For example, the code update server 40 that has received the code update request mail extracts the referenceee identification information ID_A from the disclosure address T. Whether to send an update confirmation mail to the referenced person A based on the referenced person identification information ID_A and receive an update approval (update OK) reply mail from the referenced person A in response to the update confirmation mail. It may be determined whether or not the code update process is executed on the condition that the update approval reply mail is received.

(7) Update location, update time, update procedure In the above embodiment, the case where the disclosure address T is updated in the code update server 40 has been described. However, the present invention is not limited to this. The disclosure address T may be updated by other devices such as the code issuing server 20 and the information disclosure server 30.

  In the above embodiment, the case where the disclosure address T is updated at the time of the update request when the code update request mail is received has been described. However, the present invention is not limited to this. The disclosure address T may be updated when the reference request mail is received, or the disclosure address T is updated by detecting that the disclosure permission deadline is approaching in the information disclosure server 30. May be.

  Further, in the above embodiment, the case where the code update request is received by e-mail has been described. However, the present invention is not limited to this. For example, the code update is performed on the home page on the Web server corresponding to the code update server 40. Any update procedure, such as accepting a request, may be adopted. In the above embodiment, the case where the disclosure address T is updated has been described. However, the present invention is not limited to this. For example, the delivery address T and the connection address T described above may be used. Any access code for controlling access by the accessor to the service related to the accessor can be similarly applied.

(8) Program In the above embodiment, each device (for example, a referee terminal, a referrer terminal, a child code issuing server, an information disclosure server, a code update server, etc.) that realizes the present invention is described in terms of functions. However, each function of each device can also be realized by causing a computer such as a personal computer or a workstation to execute a program. That is, the various processing procedures described in the first embodiment can be realized by executing a program prepared in advance on a computer. These programs can be distributed via a network such as the Internet. Further, these programs can be recorded on a computer-readable recording medium such as a hard disk, a flexible disk (FD), a CD-ROM, an MO, and a DVD, and can be executed by being read from the recording medium by the computer. In other words, for example, a CD-ROM (a separate CD-ROM may be provided for each device) storing the program for the referred terminal and the code update server program as shown in the third embodiment is distributed. Then, each computer may read and execute the program stored in the CD-ROM.

  In the above embodiments 3 and 4, an access code for a predetermined service (for example, disclosure address T) is set as a “parent code”, and this parent code is updated to generate an access code for the same service as a “child code” In the following fifth and sixth embodiments, an access code for a predetermined service (for example, a disclosure address T) is set as a “parent code”, and this parent code is diverted to access codes for other services. A case will be described in which (for example, a delivery address T) is generated as a “child code”.

  That is, in the service system described below, the disclosure address T corresponds to the “first access code” recited in the claims, and the diverted delivery address T is also the “second access code”. It corresponds to. The main feature of the information disclosure system is that the delivery address T is generated using the disclosure control information (access control information) included in the disclosure address T. In the following, the configuration of the service system according to the fifth embodiment, details of each device in the system, various processing procedures will be described, and finally the effects of the fifth embodiment will be described.

[Configuration of Service System (Example 5)]
Subsequently, the configuration of the service system according to the fifth embodiment will be described with reference to FIG. FIG. 56 is a diagram illustrating the configuration of the service system according to the fifth embodiment. As shown in the figure, this service system includes a referee terminal 1, a reference terminal 2, a user information server 10, a child code issuing server 20, an information disclosure server 30, a code diversion server 50, The message delivery server 60 is configured to be communicable with each other via a network (a communication network formed by the Internet 3 or LAN 4, a referee-side IP network, a referrer-side IP network, a router, a firewall, etc.) Is done.

  Among these, the referee terminal 1, the referrer terminal 2, the user information server 10, the child code issuing server 20, and the information disclosure server 30 are the same as those described with the same reference numerals in the first embodiment. is there. However, in addition to the role described in the first embodiment, the referrer terminal 2 transmits to the code diversion server 50 a mail (code diversion request e-mail) related to the diversion request for the disclosure address T illustrated in FIG. Further, it has a role of receiving from the code diversion server 50 a mail (another code generation notification mail) related to the generation notification of the delivery address T as exemplified in FIG.

[Configuration of Code Diversion Server (Example 5)]
The code diversion server 50 is a server device that diverts the disclosure address T issued by the child code issuance server 20 and generates a delivery address T used by the message delivery server 60 described later. The role of receiving the code diversion request mail (see FIG. 58) from the referrer terminal 2, the role of verifying the disclosure address T received in the code diversion request mail, and diverting the disclosure address T to generate the delivery address T It has a role of transmitting another code generation notification mail (see FIG. 59) including the generated delivery address T to the referrer terminal 2. As shown in FIG. 56, as closely related to the present invention, a communication unit 51, a verification key table 52, a code verification unit 53, an issue key storage unit 54, and another code generation unit 55 are provided. Prepare. The separate code generation unit 55 corresponds to “second access code generation means” recited in the claims.

  Among these, the communication unit 51 is a processing unit that controls communication with the reference terminal 2 or the like in accordance with a communication protocol such as so-called SMTP or HTTP. Specifically, refer to the process of receiving the code diversion request mail (see FIG. 58) from the referrer terminal 2 and another code generation notification mail (see FIG. 59) including the delivery address T generated by diversion. The process etc. which transmit to person terminal 2 are performed.

  The verification key table 52 is a means for storing a verification key (master key) used for verification of the disclosure address T. Specifically, this verification key is stored in the verification key storage unit 36 of the information disclosure server 30 described above. It is the same key as the verification key stored.

  The code verification unit 53 verifies the disclosure address T included in the code diversion request mail using the verification key stored in the verification key table 52 (determines whether or not diversion of the disclosure address T is permitted). ) Processing unit. Such code verification processing will be described later with reference to FIG.

  The issuance key storage unit 54 is a means for storing an issuance key (master key) used for generating the delivery address T, and this issuance key is a verification key (delivery address T for use in a message delivery server 60 described later). Is the same key as

  When the code verification unit 53 permits the diversion of the disclosure address T, the separate code generation unit 55 uses the issue key stored in the issue key storage unit 54 and diversion control information included in the disclosure address T. And a processing unit for generating a delivery address T. Such another code generation process will be described in detail later with reference to FIG.

[Configuration of Message Delivery Server (Example 5)]
The message delivery server 60 is a server device that delivers a message having the delivery address T as the destination address. The message delivery server 60 mainly receives a delivery request mail having the delivery address T as the destination address from the sender B. It has a role of determining whether delivery is possible based on the delivery address T included in the request mail, a role of transmitting the delivery request mail to the referenced user terminal 1 based on the delivery address T, and the like.

  As shown in FIG. 56, the message delivery server 60 is closely related to the present invention. As shown in FIG. 56, the delivery destination information storage unit 61 exemplified in FIG. 41 and the delivery policy storage unit 62 exemplified in FIG. And a delivery control unit 63. Here, when the delivery control unit 63 receives a delivery request mail having the delivery address T as the destination address from the referrer (sender), the delivery control unit 63 determines whether to deliver the message to the referee (recipient). . That is, the recipient identification information ID_A, the relationship level R, and the delivery condition C included in the delivery address T are input to a function determined from a predetermined key to verify the validity of the delivery address T, and to the delivery address T. Whether or not the delivery control content can be executed is determined using the delivery condition C included.

  In addition, when the validity of the delivery address T is recognized and the execution of the delivery control content is permitted, the delivery control unit 63 stores the delivery destination information stored in the delivery destination information storage unit 61. Among them, the delivery destination information corresponding to the callee identification information ID_A included in the delivery address T is referred to, and the correspondence level R included in the delivery address T among the delivery control contents S stored in the delivery policy storage unit 62 is supported. In accordance with the delivery control content S to be delivered, the delivery request mail is delivered to the recipient A.

[Processing from Code Diversion Request to Generation of Another Code (Example 5)]
Subsequently, the flow of processing from the code diversion request to the generation of another code will be described with reference to FIG. FIG. 57 is a sequence diagram showing a flow of processing from a code diversion request to generation of another code. In the following description, the disclosure address T has already been generated by the child code generation processing described in the first embodiment, but it is assumed that the referrer B obtains the delivery address T and makes a transfer request. explain.

  As shown in the figure, the code diversion server 50 receives the code diversion request mail (see FIG. 58) from the referrer terminal 2 of the referrer B (step S5701). That is, as illustrated in FIG. 58, an email is received in which the address of the code diversion server 50 is input to the destination address (TO address) and the disclosure address T for requesting the update is input to the subject (SUBJECT). In the fifth embodiment, it is assumed that the disclosure address T used for the diversion request is generated by the child code generation process described with reference to FIG.

  When the code diversion request mail is received, the code diversion server 50 verifies the disclosure address T included in the code diversion request mail (step S5702). That is, as in the disclosure determination process described in the first embodiment and the code verification process described in the third embodiment, the referred person identification information ID_A, the relationship level R, and the disclosure condition C included in the disclosure address T are determined from a predetermined key. The validity of the disclosure address T is verified by inputting it into a fixed function, and whether or not updating is possible is determined using the disclosure condition C included in the disclosure address T. The code verification process will be described in detail later with reference to FIG.

  When the validity of the disclosure address T is confirmed by the code verification process, the code diversion server 50 generates the delivery address T from the disclosure address T (step S5703). That is, the disclosure relation level and the disclosure condition included in the disclosure address T are diverted as the delivery relation level and the delivery condition, and the delivery address T including the delivery relation level and the delivery condition is generated. Such another code generation process will be described in detail later with reference to FIG.

  Subsequently, the code diversion server 50 creates another code generation notification mail (see FIG. 59) including the delivery address T generated by the separate code generation process, and transmits this to the referrer terminal 2 (step S5704). . As a result, the referrer B can send the delivery request mail to the referenced person A by sending the delivery request mail to the message delivery server 60 using the delivery address T.

[Code Verification Processing (Example 5)]
Subsequently, a code verification process by the code diversion server 50 will be described with reference to FIG. FIG. 60 is a flowchart showing details of such code verification processing. In the following description, it is assumed that the source address of the code transfer request mail and the disclosure address T have already been input to the code transfer server 50.

  As shown in the figure, the code verification unit 53 of the code diversion server 50 performs “character string X, verification data V, data string B, control code B0, referenceee identification from the disclosure address T as follows. Information ID_A ”is restored (step S6001).

  That is, as shown in FIG. 60, in the disclosure address T, the character string from the first dot character “.” To the end counted from the end of the user name portion is “character string X”, and the character string X is The last 25 bits of the data string obtained by BASE32 decoding is “verification data V”, and the part other than the last 25 bits of the data string obtained by BASE32 decoding of the character string X is “data string B”. The first five bits of “1” are restored as “control code B0”, and the character string immediately before the dot character “.” In the user name portion is restored as “referenced person identification information ID_A”.

  Then, the code verification unit 53 verifies the validity of the verification data V (falsification preventing code) extracted from the disclosure address T (step S6002). That is, the data string B is added after the referenced person identification information ID_A to generate the character string Y, and the value of the keyed hash function of the character string Y using the verification key K stored in the verification key storage unit 36. After generating the character string Vt consisting of the last 25 bits of the hash value, it is determined whether the character string Vt matches the verification data V (falsification prevention code). It is regarded as an illegal address and it is determined that diversion is impossible.

Further, the code verification unit 53 restores the relation level R and the disclosure condition C from the control code B0 as described below (step S6003).
In control code B0: [b4 b3 b2 b1 b0]
If b4: 1, the expiration date is specified, if 0, not specified b3: 1, referrer's address is specified, 0 is not specified, b2: 1: referrer's domain is specified, 0 is not specified, b1 to b0: 2 bits Restore relation level R by decoding to integer value

  Thereafter, when the expiration date is designated, the code verification unit 53 determines whether or not the disclosure condition C is satisfied (step S6004). That is, the sixth and subsequent 15 bits from the beginning of the data string B are read, and the number (days) obtained by regarding the 15 bits as an integer value is added to January 1, 2000 to restore the expiration date. Then, it is determined whether the current date has passed the restored expiration date. If the expiration date has passed, it is determined that diversion is not possible.

  If the address of the referrer is specified, the code verification unit 53 determines whether or not the disclosure condition C is satisfied (step S6005). That is, the 15th bit after the 21st bit from the beginning of the data string B is read as the character string B2, and a hash value of the source address (source address of the reference request mail) is obtained, and consists of the last 15 bits of this hash value. Data B2t is acquired. Then, it is determined whether the character string B2 and the data B2t match. If they do not match, it is determined that diversion is impossible.

  Furthermore, when the referrer's domain is designated, the code verification unit 53 determines whether or not the disclosure condition C is satisfied (step S6006). That is, the 15 bits starting from the 21st bit from the beginning of the data string B are read as the character string B2, and the hash value of the domain name in the source address (domain name in the source address of the reference request mail) is obtained. The data B2t consisting of the last 15 bits is acquired. Then, it is determined whether the character string B2 and the data B2t match. If they do not match, it is determined that diversion is impossible.

  As a result, when all of the above-described determinations (steps S6002, S6004, S6005, and S6006) are satisfied, the code verification unit 53 uses the referred person identification information ID_A, the control code B0, and the expiration date as the transfer determination result ( Output to the separate code generation unit 55 together with the diversion permission). On the other hand, if it is determined that diversion is not possible without satisfying any of the conditions, a response e-mail (non-diversion e-mail) stating that is transmitted to the referrer terminal 2 and the code verification process is terminated.

[Another code generation process (Example 5)]
Subsequently, a code diversion process performed by the code diversion server 50 will be described with reference to FIG. FIG. 61 is a flowchart showing details of the code diversion process.

  As shown in the figure, in the code diversion server 50, the code verification unit 53 obtains the verification result of “diversion allowance (OK)”, and the referred person identification information ID_A, the control code B0, and the expiration date (disclosure permission deadline and When the same period) is input to the different code generation unit 55, the different code generation unit 55 generates data B using the control code B0 as the initial value of the data B (step S6101).

  Subsequently, when the first bit from the head of the control code B0 is “1”, the separate code generation unit 55 generates the following data B1 assuming that the expiration date is specified as the delivery condition C (step S6102). ). That is, the data B1 is generated by encoding the number of days from January 1, 2000 to the expiration date (the expiration date input from the code verification unit 53) as an integer value of 15 bits. Add to the end.

  Further, when the second bit from the head of the control code B0 is “1”, the separate code generation unit 55 generates the following data B2 on the assumption that the address of the referrer is specified as the delivery condition C (step S6103). That is, the hash value of the address of the referrer B who is requesting the code diversion (source address of the code diversion request mail) is obtained, and the data B2 consisting of the last 15 bits of this hash value is used at the end of the data string B. to add.

  On the other hand, if the third bit from the beginning of the control code B0 is “1”, the separate code generation unit 55 generates the following data B2 on the assumption that the domain of the referrer is designated as the delivery condition C (step S40). S6104). That is, the hash value of the domain name (domain name at the sender address of the code diversion request mail) at the address of the referrer B who is requesting code diversion is obtained, and data B2 consisting of the last 15 bits of this hash value is obtained as data. Append to the end of column B.

  Thereafter, the different code generation unit 55 generates the following data B3 from the referred person identification information ID_A (step S6105). Specifically, a character string Y in which a data string B is added after the referenced person identification information ID_A is generated, and further, a keyed hash function of the character string Y is generated using the issue key K of the issue key storage unit 54. A value is obtained, and data B3 consisting of the last 25 bits of this hash value is added to the end of the data string B.

  Then, the separate code generation unit 55 generates a delivery address T including the following falsification prevention code (step S6106). Specifically, after the data string B is BASE32-encoded to generate a 12-character string X (tampering prevention code), a dot character “.” Is added after the referred person identification information ID_A, and further behind A delivery address T is generated by adding a character string X and adding “@ haiso.anywhere.ne.jp” after the character string X. The domain name (for example, “@ haiso.anywhere.ne.jp”) included in the delivery address T is the address of the message delivery server 60.

[Effects of Example 5]
As described above, according to the fifth embodiment, since the delivery address T for accessing the message delivery service is generated from the disclosure address T for accessing the information disclosure service, the disclosure address T is utilized. However, even when a delivery address T for another service is paid out, it is possible to reduce the labor of the referred person (recipient) accompanying the generation of the delivery address T, and an unnecessary delivery address. It is also possible to suppress the generation of T.

  Further, according to the third embodiment, since the delivery address T is generated by diverting the disclosure control information included in the disclosure address T, it is not necessary to newly receive the delivery control information when generating the delivery address T. It becomes possible to easily generate the delivery address T.

  Although the service system according to the fifth embodiment has been described so far, the contents of the fifth embodiment described above and the contents of the first to fourth embodiments can be appropriately combined, and the present invention can be further implemented. Besides the examples, it may be implemented in various different forms. Therefore, in the following, as the sixth embodiment, various embodiments will be described by being divided into (1) to (5).

(1) Diversion control In the above embodiment, code verification similar to the disclosure determination process is performed (the validity of the falsification prevention code included in the disclosure address T is verified, and the disclosure included in the disclosure address T). The case where the disclosure condition C included in the disclosure address T is used as the delivery condition has been described on the condition that the condition C is satisfied. However, the present invention is not limited to this, and as shown in FIG. Alternatively, the disclosure address T including the diversion control information may be generated, and the diversion control may be performed based on the diversion control information included in the disclosure address T.

  That is, when diversion control is performed based on diversion control information included in the disclosure address T, information related to diversion control content (diversion control content or diversion relation level) is included as shown in FIG. Disclosure address T, disclosure address T including information relating to diversion conditions (diversion condition or diversion condition specifying information), disclosure address T including information relating to diversion control content and information relating to diversion conditions, or diversion A disclosure address T including information specifying the control content and the diversion condition may be generated.

  The disclosure addresses T will be briefly described below. The diversion control information is included in the disclosure address T together with the disclosure control information when the child code issuing server 20 generates the disclosure address T. Further, what kind of diversion control information is included in the disclosure address T is designated by the referred person A via the parent code generation request screen (see FIG. 9), or the child code that generates the disclosure address T When the issuing server 20 automatically designates or the child code issuing server 20 generates the disclosure address T in response to the generation request from the referenced person A, the diversion control information is received from the referenced person A. May be specified.

  In FIG. 63, “diversion control content” included in the disclosure address T is access control information corresponding to “disclosure control content” in the disclosure address T. "Redirect as a relationship level for delivery", "Revert the relationship level for disclosure by one and divert it as a relationship level for delivery", "Reuse the disclosure permission deadline as a delivery permission deadline", " The control content such as “divert as a delivery permitter as it is” corresponds to this.

  In this case, the code diversion server 50 extracts the diversion control content from the disclosure address T and executes the diversion control content in the separate code generation process. That is, in the above example, a delivery address T including the same level as the disclosure relation level is generated, and a delivery address T including a level one level lower than the disclosure relation level is generated. Then, a delivery address T including the same delivery permission deadline as the disclosure permission deadline is generated, and a delivery address T including information indicating the same delivery authorized person as the reference authorized person is generated.

  In FIG. 63, the “relationship relation level” included in the disclosure address T is access control information corresponding to the “disclosure relation level” in the disclosure address T. That is, as the information related to the diversion control content, the present invention is not limited to the case where the disclosure address T including the above-mentioned “diversion control content” is generated. As illustrated in FIG. The code diversion server 50 includes a diversion policy storage unit that associates and stores the contents and the diversion relation level that uniquely identifies the diversion control contents, and uses the disclosure address T including the diversion relation level as a child. The code issuing server 20 may generate the code. In this case, the code diversion server 50 extracts the diversion relation level from the disclosure address T and acquires the diversion control content corresponding thereto from the diversion policy storage unit in another code generation process. The delivery address T is generated by executing the diversion control content.

  In FIG. 63, “diversion condition” included in disclosure address T is access control information corresponding to “disclosure condition” in disclosure address T. That is, as illustrated in FIG. 65, a period during which the diversion of the disclosure address T is permitted (for example, from year * month * day to x year x month x day), and a period for which diversion is permitted (for example, year * Month to day), the time when diversion is permitted (for example, from ○ o to o o'clock), the number of times diversion is permitted (for example, o times. In this case, the history of the number of diversions is managed in a database. The diversion condition is determined while referencing), the diversion permitter (for example, the e-mail address of the diversion permitter. In this case, the diversion permitter and the reference permitter do not necessarily have to be the same person), the diversion permission group. (For example, the domain name of the diversion permission group. In this case, the diversion permission group and the reference permission group do not necessarily have to be the same group.) It may be generated disclosure address T containing diversion conditions necessary diversion of use address T.

  In this case, the code diversion server 50 may extract the diversion condition from the disclosure address T in addition to the verification of the signature code included in the disclosure address T in the code verification process, and whether or not the diversion condition is satisfied. Judgment is made on whether or not diversion is possible. In other words, the code diversion server 50 needs to satisfy the diversion permission period, diversion permission deadline, diversion permission time, diversion permission count, diversion permitted person, diversion permission group, diversion amount, or a combination thereof included in the disclosure address T. As a condition, the diversion of the disclosure address T is permitted.

  In the above embodiment, the code verification process requests that the disclosure conditions included in the disclosure address T be satisfied. However, the present invention is not limited to this, and the signature included in the disclosure address T is not limited thereto. Diversion may be permitted when the validity of the code and the above diversion conditions are satisfied, and diversion may be permitted when all of the disclosure conditions, the signature code, and the diversion conditions are satisfied.

  Further, in FIG. 63, “transfer condition specifying information” included in the disclosure address T is access control information corresponding to “disclosure condition specifying information” in the disclosure address T. That is, as the information relating to the diversion conditions, the present invention is not limited to the case where the disclosure address T including the diversion conditions themselves is generated. The diversion conditions and the diversion conditions for uniquely specifying the diversion conditions are not limited. The code diversion server 50 may include a diversion condition storage unit that associates and stores specific information, and the child code issuing server 20 may generate a disclosure address T including the diversion condition identification information. In this case, in the code verification process, the code diversion server 50 extracts the diversion condition specifying information from the disclosure address T, and then obtains the diversion condition corresponding to the information from the diversion condition storage unit for determination. Do.

  Further, in FIG. 63, “information specifying transfer control contents and transfer conditions” included in the disclosure address T is changed to “information specifying disclosure control contents and disclosure conditions (see FIG. 26)” in the disclosure address T. Corresponding access control information. That is, when generating the disclosure address T including the information related to the diversion control content (relationship relationship level or diversion control content) and the information related to the diversion condition (diversion condition or diversion condition specifying information) as described above. The present invention is not limited, and the code diversion server 50 includes a diversion control information storage unit that associates and stores diversion control contents and diversion conditions, and specific information for uniquely identifying both, The child code issuing server 20 may generate the disclosure address T including the specific information. In this case, the code diversion server 50 extracts the specific information from the disclosure address T in the code verification process and the code diversion process, and then stores the diversion conditions and diversion control contents corresponding to the specific information. Get from the department.

  As described above, when the disclosure control information is diverted according to the diversion control information included in the disclosure address T, it is possible to prevent the disclosure address T from being unconditionally diverted. Further, when the disclosure address T is generated, the disclosure address T and the diversion control information are not stored in the database, but the diversion control information is included in the disclosure address T, so that such a database is not required. The disclosure address T can be diverted.

  In the above description, when the diversion control content and diversion conditions are stored in the code diversion server 50, an example (see FIG. 53) of storing diversion control content and diversion conditions customized for each referenced person A is shown. However, the present invention is not limited to this. For example, as in the case illustrated in FIG. 27, the common diversion control contents and diversion conditions are stored in the system without distinguishing the referred person A. It may be.

(2) Shared use of disclosure control information In the above description, the case where the diversion control is performed using the diversion control information included in the disclosure address T has been described. However, the present invention is not limited to this and is disclosed. The disclosure control information included in the address T may also be used as diversion control information. That is, for example, when the code diversion server 50 includes the diversion policy storage unit illustrated in FIG. 53, the disclosure relation level included in the disclosure address T is extracted as the diversion relation level. The diversion control content corresponding to the relationship level may be executed.

(3) Diversion cancellation, diversion inquiry In the above description, the case where the diversion availability is determined based on the diversion conditions has been described. However, the present invention is not limited to this, and the diversion permission of the disclosure address T is revoked. Thus, whether or not the diversion permission is not revoked may be determined as a condition. That is, similar to the invalidation of the parent code G described in the second embodiment, the revocation revocation table that stores information for specifying the disclosure address T whose revocation permission is revoked (for example, the disclosure address T itself) is coded. The diversion server 50 further includes, in the code verification processing, further determining whether or not the disclosure address T has been revoked from diversion permission, based on the diversion revocation table, and the disclosure address T from which diversion permission has been revoked. Code diversion processing is executed as a necessary condition.

  In addition, the present invention is not limited to the case where such a conversion revocation table is provided. For example, the code diversion server 50 that has received the code diversion request mail extracts the referenceee identification information ID_A from the disclosure address T. Whether or not a diversion confirmation mail is transmitted to the reference person A based on the referenced person identification information ID_A, and a reply mail of diversion approval (diversion OK) is received from the reference person A in response to the diversion confirmation mail. The code diversion process may be executed on the condition that it is determined whether or not a reply mail of such diversion approval is received.

(4) Diversion location, diversion timing, diversion procedure In the above embodiment, the case where the code diversion server 50 diverts the disclosure address T to generate the delivery address T has been described, but the present invention is limited to this. For example, the disclosure address T may be diverted by another device such as the child code issuing server 20 or the information disclosure server 30.

  In the above-described embodiment, the case where the disclosure address T is diverted when the code diversion request mail is received has been described. However, the present invention is not limited to this. For example, the information disclosure server 30 You may make it divert the disclosure address T at the time of the reference request which received the reference request mail.

  Furthermore, in the above embodiment, the case where the code diversion request is received by mail has been described. However, the present invention is not limited to this. For example, the code diversion is performed on the home page on the Web server corresponding to the code diversion server 50. Any diversion procedure may be adopted such as accepting a request. In the above embodiment, the case where the delivery address T is generated by diverting the disclosure address T has been described. However, the present invention is not limited to this. For example, the disclosure address T, the delivery address T An access code for controlling access by an accessor to a service related to a certain accessed person, such as diverting the address T and the connection address T, can be similarly applied.

  Further, when an access code for a plurality of services is generated by diverting a certain access code, information for designating a diversion destination service is received in the code diversion request mail as illustrated in FIG. Also good. The example shown in the figure is an example in which the referrer B designates diversion to the delivery address T when the disclosure address T can be diverted to generate the delivery address T or the connection address T. is there.

(5) Program In the above embodiment, each device (for example, a referee terminal, a referrer terminal, a child code issuing server, an information disclosure server, a code diversion server, a message delivery server, etc.) that implements the present invention is used. Although described from the functional aspect, each function of each device can also be realized by causing a computer such as a personal computer or a workstation to execute a program. That is, the various processing procedures described in the first embodiment can be realized by executing a program prepared in advance on a computer. These programs can be distributed via a network such as the Internet. Further, these programs can be recorded on a computer-readable recording medium such as a hard disk, a flexible disk (FD), a CD-ROM, an MO, and a DVD, and can be executed by being read from the recording medium by the computer. In other words, for example, a CD-ROM (a separate CD-ROM for each device) storing a program for a referee terminal, a code transfer server program, and a message delivery server program as shown in the fifth embodiment. May be distributed, and each computer may read and execute the program stored in the CD-ROM.

  As described above, the access code issuance system, the access code issuance method, and the access code issuance program according to the present invention issue an access code including access control information for controlling access by the accessor to the service related to the accessed person. In particular, it is useful for reducing the labor of the accessed person accompanying the generation of the access code.

1 is a diagram for explaining an overview of an information disclosure system according to Embodiment 1. FIG. 1 is a diagram illustrating a configuration of an information disclosure system according to a first embodiment. It is a figure which shows the example of the information memorize | stored in a user information table. It is a figure which shows the example of the information memorize | stored in a basic information table. It is a figure which shows the example of the information memorize | stored in a schedule table. It is a figure which shows the example of the information memorize | stored in a disclosure policy memory | storage part. It is a sequence diagram which shows the flow of the process from the production | generation of a parent code to notification. It is a sequence diagram which shows the flow of a process from the production | generation of a child code to information disclosure. It is a figure which shows the example of the screen which concerns on a parent code generation request. It is a figure which shows the example of the screen which concerns on a parent code production | generation response. It is a figure which shows the example of the mail which concerns on a child code generation request. It is a figure which shows the example of the mail which concerns on a child code production | generation notification. It is a figure which shows the example of the mail which concerns on a reference request. It is a figure which shows the example of the mail which concerns on information disclosure. It is a flowchart which shows the detail of a parent code production | generation process. It is a flowchart which shows the detail of a parent code verification process. It is a flowchart which shows the detail of a child code production | generation process. It is a flowchart which shows the detail of a disclosure determination process. It is a flowchart which shows the detail of a disclosure control process. It is a figure for demonstrating disclosure information. It is a figure for demonstrating the Example which discloses disclosure information at the time of update of disclosure information. It is a figure which shows a disclosure condition. It is a figure for demonstrating the content of disclosure control. It is a figure for demonstrating disclosure control information. It is a figure for demonstrating the Example which memorize | stores disclosure conditions in a database. It is a figure for demonstrating the Example which memorize | stores a disclosure policy and a disclosure condition in a database. It is a figure for demonstrating the Example which performs common disclosure control in a system. It is a figure for demonstrating production | generation control information. It is a figure for demonstrating the production | generation control content. It is a figure for demonstrating reception of the production | generation control content. It is a figure for demonstrating the Example which memorize | stores the production | generation control content in a database. It is a figure for demonstrating production | generation conditions. It is a figure for demonstrating reception of generation conditions. It is a figure for demonstrating the Example which memorize | stores generation conditions in a database. It is a figure for demonstrating the Example which memorize | stores the production | generation control content and production | generation conditions in a database. It is a figure for demonstrating the format of the address for a disclosure. It is a figure for demonstrating the address for a disclosure of URI format. It is a figure for demonstrating the address for a disclosure of URI format. It is a figure for demonstrating the Example which produces | generates a parent code in a center. It is a figure for demonstrating invalidation of a parent code. It is a figure for demonstrating the Example of a message delivery system. It is a figure for demonstrating the Example of a telephone connection system. It is a figure for demonstrating the relationship between a parent code and a child code. FIG. 10 is a diagram illustrating a configuration of an information disclosure system according to a third embodiment. It is a sequence diagram showing a flow of processing from a code update request to invalidation. It is a figure which shows the example of the screen which concerns on a code update request. It is a figure which shows the example of the mail which concerns on a code update notification. It is a flowchart which shows the detail of a code verification process. It is a flowchart which shows the detail of a code update process. It is a figure for demonstrating the disclosure control information which can be updated. It is a figure for demonstrating the update method of a code. It is a figure for demonstrating update control information. It is a figure for demonstrating the Example which memorize | stores update control content in a database. It is a figure for demonstrating update conditions. It is a figure for demonstrating reception of update content. FIG. 10 is a diagram illustrating a configuration of a service system according to a fifth embodiment. It is a sequence diagram which shows the flow of the process from the code diversion request | requirement to the production | generation of another code. It is a figure which shows the example of the screen which concerns on a code diversion request | requirement. It is a figure which shows the example of the mail which concerns on another code production | generation notification. It is a flowchart which shows the detail of a code verification process. It is a flowchart which shows the detail of another code production | generation process. It is a figure for demonstrating the diversion technique of a code. It is a figure for demonstrating diversion control information. It is a figure for demonstrating the Example which memorize | stores the diversion control content in a database. It is a figure for demonstrating diversion conditions. It is a figure for demonstrating reception of the diversion content.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Referee terminal 1a Private key holding | maintenance part 1b Public key holding | maintenance part 1c Parent code generation part 2 Reference terminal 2a Address storage part 3 Internet 4 LAN (Local Area Network)
DESCRIPTION OF SYMBOLS 10 User information server 11 User information table 20 Child code issue server 21 Communication part 22 Public key table 23 Parent code verification part 24 Issue key memory | storage part 25 Child code production | generation part 30 Information disclosure server 31 Communication part 32 User authentication part 33 Personal information memory | storage Unit 34 Disclosure Policy Storage Unit 35 Information Update Unit 36 Verification Key Storage Unit 37 Disclosure Determination Unit 38 Disclosure Control Unit 39 Invalidation Table 40 Code Update Server 41 Communication Unit 42 Verification Key Storage Unit 43 Code Verification Unit 44 Issuance Key Storage Unit 45 Code Update unit 50 Code diversion server 51 Communication unit 52 Verification key storage unit 53 Code verification unit 54 Issuance key storage unit 55 Separate code generation unit 60 Message delivery server 61 Delivery destination information storage unit 62 Delivery policy storage unit 63 Delivery control unit

Claims (23)

An access code issuing system for issuing an access code including access control information for controlling access by an accessor to a service related to an accessed person,
First access code generation means for generating a first access code including predetermined access control information;
Second access code generation means for receiving the first access code from the accessor and generating a second access code including predetermined access control information using the access control information included in the first access code;
An access code issuing system characterized by comprising: The first access code generating means generates a first access code including generation control information related to the second access code generation service;
The second access code generation means uses the generation control information included in the first access code to generate a second access code including access control information for controlling access to a predetermined service other than the generation service. The access code issuance system according to claim 1, wherein the access code issuance system is generated. The first access code generation means generates a first access code using a different key for each accessed person,
3. The access code issuing system according to claim 2, wherein the second access code generating means generates a second access code using a common key for a person to be accessed. The first access code generating means generates a first access code using an asymmetric key type asymmetric key,
4. The access code issuing system according to claim 2, wherein the second access code generation unit generates a second access code using a symmetric key type symmetric key. 5. The first access code generating means generates a first access code having an expiration date after the expiration date of the second access code;
5. The access code issuing system according to claim 2, wherein the second access code generating unit generates a second access code having an expiration date before an expiration date of the first access code. The first access code generating means generates a first access code having an information amount equal to or greater than an information amount of the second access code;
The access code according to any one of claims 2 to 5, wherein the second access code generation unit generates a second access code having an information amount equal to or less than an information amount of the first access code. Issuing system.   The second access code generation means includes, as the access control information, an information disclosure service for disclosing information on the accessed person to the accessing person, a message delivery service for delivering a message transmitted from the accessing person to the accessed person, Generating a second access code including access control information for controlling access to a telephone connection service for connecting a telephone connection request transmitted from the accessor to a person to be accessed or a combination thereof; The access code issuing system according to any one of claims 2 to 6. The first access code generating means generates a first access code including access control information for controlling access to a predetermined service;
The said 2nd access code production | generation means updates the access control information contained in the said 1st access code, and produces | generates the 2nd access code containing the access control information after the said update. The access code issuance system described. The first access code generation means generates a first access code including access control information specifying at least a time limit for allowing access by the accessor;
The second access code generation means updates the deadline designated by the access control information included in the first access code to a new deadline, and includes access control information that newly designates the updated deadline. 9. The access code issuing system according to claim 8, wherein two access codes are generated. The first access code generation means generates a first access code including access control information that specifies at least an access person permitted to access,
The second access code generation means updates the access person specified by the access control information included in the first access code to a new access person, and sets the access control information newly specifying the updated access person. 9. The access code issuing system according to claim 8, wherein the second access code is generated. The first access code generating means generates a first access code including update control information for controlling update of the access control information in addition to access control information for controlling access to a predetermined service. ,
The access according to claim 8 or 9, wherein the second access code generation means updates the access control information included in the first access code in accordance with the update control information included in the first access code. Code issuing system. When the second access code is generated, an invalidation table that stores information for specifying the first access code as an invalidation target;
It is necessary that the first access code is received from the accessor, whether or not the first access code is invalidated is determined based on the invalidation table, and the first access code is not invalidated. As a condition, an access control means for permitting access by access control information included in the first access code;
The access code issuing system according to any one of claims 8 to 11, further comprising: The first access code generating means generates a first access code including access control information for controlling access to a predetermined service;
The second access code generation means includes a second access code including access control information for controlling access to a predetermined service other than the predetermined service, using the access control information included in the first access code. The access code issuing system according to claim 1, wherein:   The second access code generation means diverts access control information included in the first access code to generate a second access code including access control information similar to the access control information. The access code issuing system according to claim 13. The first access code generating means generates a first access code including diversion control information for controlling diversion of the access control information in addition to access control information for controlling access to a predetermined service. ,
The access code issuance according to claim 14, wherein the second access code generation means diverts the access control information included in the first access code according to the diversion control information included in the first access code. system. An access code issuing method for issuing an access code including access control information for controlling access by an accessor to a service related to an accessee,
A first access code generation step of generating a first access code including predetermined access control information;
A second access code generating step of receiving the first access code from the accessor and generating a second access code including predetermined access control information using the access control information included in the first access code;
An access code issuance method characterized by comprising: The first access code generation step generates a first access code including generation control information related to the second access code generation service;
The second access code generation step uses a generation control information included in the first access code to generate a second access code including access control information for controlling access to a predetermined service other than the generation service. The access code issuing method according to claim 16, wherein the access code issuance method is generated. The first access code generation step generates a first access code including access control information for controlling access to a predetermined service;
17. The second access code generation step updates the access control information included in the first access code, and generates a second access code including the updated access control information. The access code issuance method described. The first access code generation step generates a first access code including access control information for controlling access to a predetermined service;
The second access code generation step uses the access control information included in the first access code, and a second access code including access control information for controlling access to a predetermined service other than the predetermined service The access code issuing method according to claim 16, further comprising: generating an access code. An access code issuing program for causing a computer to execute a method of issuing an access code including access control information for controlling access by an accessor to a service related to an accessed person,
A first access code generation procedure for generating a first access code including predetermined access control information;
A second access code generation procedure for receiving the first access code from the accessor and generating a second access code including predetermined access control information using the access control information included in the first access code;
An access code issuance program characterized by causing a computer to execute. The first access code generation procedure generates a first access code including generation control information related to the second access code generation service,
The second access code generation procedure uses a generation control information included in the first access code to generate a second access code including access control information for controlling access to a predetermined service other than the generation service. 21. The access code issuing program according to claim 20, wherein the access code issuing program is generated. The first access code generation procedure generates a first access code including access control information for controlling access to a predetermined service,
21. The second access code generation procedure updates the access control information included in the first access code, and generates a second access code including the updated access control information. The access code issuance program described. The first access code generation procedure generates a first access code including access control information for controlling access to a predetermined service,
The second access code generation procedure includes a second access code including access control information for controlling access to a predetermined service other than the predetermined service using the access control information included in the first access code. 21. The access code issuance program according to claim 20, wherein the access code issuance program is generated.

Images