JP2008310575A - Personal information management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a personal information management system in which a corporation that works in a cooperation with a personal information ASP that registers personal information and stores/manages it, and conducts business based on personal information does not have to store and manage its customer's personal information by itself, and does not have to spend time and energy preventing leak or flow of the personal information, and there occur no obstructions to its business. <P>SOLUTION: A portal site that conducts business based on a customer's personal information is connected to a personal information ASP that registers personal information and stores/manages it. The customer can operate a screen held by the personal information ASP, and registers and stores the customer's personal information registered by the personal information ASP in the database of the personal information ASP with an ID and a password added thereto. The portal site has a database where only IDs and passwords are registered and stored, and conducts business by operating the screen held by the personal information ASP. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a personal information management system useful for a company that operates based on personal information, and in particular, when a company develops business, the company does not hold the customer's personal information but manages the customer's personal information. The present invention relates to a personal information management system that does not need to be performed and that can perform business without any problems.

  Due to the enforcement of the “Personal Information Protection Law”, the so-called Personal Information Protection Law, management of personal information in companies has become a problem. According to the Personal Information Protection Law, companies that handle personal information exceeding the specified number of people for a specified period of time become “persons that handle personal information” and are subject to certain obligations to protect personal information. . In particular, credit card companies, travel agencies, banks, securities companies, etc., who have a large number of individuals as customers, maintain and manage customer information individually, which requires a great deal of labor and cost, There is a high possibility that personal information registered and managed by the company will be leaked due to fraudulent acts or will be inadvertently leaked to the outside. It is also a problem of responsibility for the elderly, and the current situation is that they are nervous about their management.

FIG. 15 shows a configuration example of a general portal site. The customer 51 applies for membership registration to the portal site 50. At that time, the ID, password, name, date of birth, gender, address, mail address Enter or write personal information such as to register as a member. For the member who has registered as a member, the portal site 50 stores the personal information of the member in the database 52 owned by the portal site 50, and performs subsequent operations by the in-house system. For example, if the portal site 50 is a game portal, the customer 51 opens the login screen 53 by inputting the ID and password of the customer 51 registered in the database 52, and selects desired game titles # 1 to #n. And enjoy playing games.
As described above, when the member is specified by the registered member's personal information and the member accesses the Internet 54 or directly, a game or the like operated by the portal site 50 is played. The portal site 50 bears all responsibility for protection management. The portal site 50 also performs complaint processing from the customer 51, answers to registered information, and the like by collating with personal information held by the portal site 50 as necessary. Furthermore, when announcing events or the like in the game, the mail magazine gin is distributed using personal information held by the company.

  Regarding strengthening management of personal information, for example, in Japanese Patent Application Laid-Open No. 2007-4645 (Patent Document 1), a plurality of client terminals are connected to a plurality of client terminals so as to be able to communicate with each other via a network. A first client terminal that includes a personal information management server that manages a personal information file, and in which a plurality of client terminals reside a personal information search program for executing a search for a personal information file; and a personal information search program A first client information search means for searching for a personal information file by executing a personal information search program, and a file of the file in the first client terminal. Detection means for detecting additions and changes, and detection means When the addition / change of the file is detected, the personal information search program is started, and the first personal information search means executes a real-time search to determine whether the added / changed file is a personal information file. When the first control unit and the first personal information search unit determine that the file is a personal information file, the transmission unit transmits the determination result by the first personal information search unit to the personal information management server via the network. Second personal information search means for searching for a personal information file in the second client terminal via the network by executing a personal information search program by the personal information management server, and second personal information In the second client terminal at the time when the personal information file was last searched by the search means From the time when the file information storage means for storing information about the file, the latest information about the file in the second client terminal and the information stored in the file information storage means are compared, and the personal information file is lastly searched. Difference extraction means for periodically extracting a file added / changed up to the present time as a difference file from the second client terminal via the network, and the difference file extracted by the difference extraction means as a personal information file A second control means for causing the second personal information search means to execute a periodic search for determining whether or not there is, so that a personal information file newly created and added in each terminal can be searched efficiently and reliably Yes.

  Also, in Japanese Patent Application Laid-Open No. 2007-18162 (Patent Document 2), for a certain company, it is determined in advance from the transition of the number of personal information handled by that company that the threshold value for becoming a “personal information handling company” is exceeded. The company is warned about the prospect of becoming a “personal information handling business operator”, diagnoses the level of information protection of a company using existing technology, and the company has already established it. Depending on the level of information protection, the timing of warning regarding the prospect of becoming a “personal information handling business operator” can be changed to make necessary preparations for protecting personal information.

Furthermore, in Japanese Patent Application Laid-Open Publication No. 2007-79879 (Patent Document 3), there is an opportunity for an intervening person to visually observe the information in the storage and transmission system of personal information intervening from the viewpoint of personal information protection. Personal information is protected by eliminating the opportunity for an intervening person to view the information so as not to leak personal information intentionally or carelessly.
JP 2007-4645 A JP 2007-18162 A JP 2007-79879 A

  However, in the management system of Patent Document 1, the personal information management server and the file access management server are connected to the client terminal via the network, and it is possible to grasp that personal information has leaked or leaked even if periodic inspection is performed. However, it does not prevent leakage or spillage. Since personal information is electronic information, once information is leaked or leaked, it is impossible to return it to its original state even if it is discovered.

  The device of Patent Document 2 prepares conditions for a company that handles personal information to be a personal information protection business operator, and does not attempt to prevent leakage or leakage of personal information. The system described in Patent Document 3 is a system for recording and recording in a medium that cannot be viewed by a person in an intervening person's storage and transmission system for personal information, in which the person who intervenes cannot view the personal information. There is a problem that personal information is leaked or leaked through a person who records.

  The present invention has been made under the circumstances as described above, and the object of the present invention is to cooperate with personal information ASP (application service provider) that registers, stores and manages personal information, and operates based on the personal information. Providing a personal information management system that does not require the company itself to store and manage the customer's personal information, and therefore does not spend effort and time on leaking or leaking personal information and does not hinder business operations. There is.

  The present invention relates to a personal information management system, and the above object of the present invention is to connect a portal site that performs business based on customer personal information and a personal information ASP that registers, stores and manages the personal information via the Internet. The customer can operate the screen held by the personal information ASP, registers in the personal information ASP, and adds the customer's personal information registered in the personal information ASP with an ID and password to the individual. Register and store in the ASP database of the information ASP, the portal site has a portal site database that registers and stores only the ID and password, and the portal site operates a screen held by the personal information ASP This is achieved by performing the above-described operation.

  In addition, the above-mentioned object of the present invention is that a portal site that performs business based on customer personal information and a personal information ASP that registers, stores, and manages the personal information are connected via the Internet, and the customer The screen held by the personal information ASP can be operated, the personal information ASP is registered, and the customer's personal information registered by the personal information ASP is registered in the ASP database of the personal information ASP with an ID and a password. The portal site has a portal site database for registering and storing only the ID and password, and the portal site performs the operation by operating a screen held by the personal information ASP. And when the customer makes an inquiry by email, the email is sent to the personal information ASP, A reply to the customer from the personal information ASP, or a portal site that performs business based on the personal information of the customer, and a personal information ASP that registers, stores, and manages the personal information And the customer can operate the screen held by the personal information ASP, register in the personal information ASP, and enter the customer's personal information registered in the personal information ASP with an ID and password. In addition, the portal site has a portal site database in which only the ID and password are registered and stored in the ASP database of the personal information ASP, and the portal site is held by the personal information ASP. The business is performed by operating the screen, and the portal site performs the business. For example, when customer attribute information is selected on the screen held by the personal information ASP and mail magazine gin is transmitted, the personal information ASP extracts the mail address of the selected customer from the ASP database, and the mail magazine gin. Is sent from the personal information ASP to the customer of the extracted e-mail address, or a portal site that performs business based on the personal information of the customer, and the personal information ASP that registers, stores, and manages the personal information And the customer can operate the screen held by the personal information ASP, register in the personal information ASP, and enter the customer's personal information registered in the personal information ASP with an ID and password. Attach and store it in the ASP database of the personal information ASP. It has a portal site database for registering and storing only an ID and a password, and the portal site performs the business by operating a screen held by the personal information ASP. An agent system is connected, and the product purchase customer transmits the product purchase information to the settlement agent system and makes a settlement by performing a purchase operation on the portal site.

  According to the personal information management system of the present invention, an external personal information ASP provider performs registration, storage, and management of personal information, and provides services to customers and sells products based on the personal information ( Portal site) does not need to register, store and manage customer personal information at all. Therefore, companies that provide services to customers or sell products based on personal information do not spend effort and time on leaking or leaking personal information, and do business necessary for services using only IDs. As a result, it will not hinder the original business of the company.

  In addition, since the personal information ASP business is familiar with registering, storing and managing personal information, it is possible to fully implement countermeasures and management for leakage and leakage of personal information.

  The portal site that constitutes the system of the present invention has an e-mail magazine gin function for sending e-mail magazine gin without looking at an e-mail address, a trend investigation function for viewing member statistics without looking at personal information, and a DM or telephone without looking at personal information Can demonstrate marketing services and questionnaire services.

  Also, the personal information ASP side can notify the registered password to members who have changed their registered information and have forgotten their password.

  As shown in FIG. 1, the present invention is a company 10 (hereinafter simply referred to as “customer”, hereinafter referred to simply as “customer”) and a company 10 (hereinafter referred to simply as “customer support”, “mail delivery business”, etc.). Portal site ”) and personal information ASP 20 for registering and storing and managing personal information are connected via the Internet, and the personal information ASP 20 is displayed on the member registration screen of the portal site 10 based on a contract or the like. URL (Uniform Resource Locator) is linked (hyperlink). The portal site 10 includes a database 11, the personal information ASP 20 includes a database 21, the portal site 10 performs business for the customer 1, and the personal information ASP 20 registers and manages personal information from each portal site. I do.

  When registering as a member on the portal site 10, the customer 1 presses the “member registration” button hyperlinked to the URL of the personal information ASP 20, thereby jumping to the site of the personal information ASP 20, address, name along with ID and password. Enter personal information such as phone number, email address, date of birth, etc. At that time, personal information such as the address and name of the customer 1 is not registered in the database 11 of the portal site 10 but is registered and stored in the database 21 of the personal information ASP 20. Since the database 21 of the personal information ASP 20 stores ID and password together with the personal information, and only the ID and password are registered in the database 11 of the portal site 10, the database 11 of the portal site 10 and the database 21 of the personal information ASP 20 Are associated with an ID and a password.

  For example, if the portal site 10 is a game portal, the game 30 is provided to the customer 1 online, but an ID and a password are input on the login screen, and a desired game title # 1 to #n is selected to enjoy the game. .

  FIG. 2 shows a detailed configuration example of the personal information ASP 20, which is connected to the outside via the Internet 1 and the router 22, and also serves as a connection port for mailers and electronic mail distribution systems. The Web area, which is an area for accepting browser access from the customer 1, has a redundant configuration (in FIG. 2, two series of Web servers 23A and 23B) in order to increase reliability, and stores registration information of the customer 1. The area user database 21 includes a database server 21A and a disk 21B. The number of redundant web servers is arbitrary.

  In such a configuration, individual operations will be described below.

  FIG. 3 is a flowchart showing an example of the registration operation of personal information among the customer 1, the portal site 10 and the personal information ASP 20, and a standby screen as shown in FIG. 4 is displayed on the site of the portal site 10, for example. (Step S20), a new member registration from the customer 1 or a standby screen for playing a game (Step S21). When playing a game, since it is already registered as a member, an ID and a password are input, and desired game titles # 1 to #n are selected and played in the game.

  When the unregistered customer 1 who has come to the portal site 10 presses the “member registration” button on the standby screen (step S 10), the personal information ASP 20 linked to the “member registration” button uses the URL of the personal information ASP 20. The ASP 20 site is opened (step S22), and a registration screen as shown in FIG. 5 is displayed on the personal information ASP 20 website (step S30). The customer 1 inputs personal information such as ID, password, name, address, date of birth, sex, telephone number, mail address, etc. according to this registration screen (step S11), and the above step S30 until all personal information is input. And the above operation is repeated (step S31).

  When all the personal information to be input is input by the customer 1 (step S31), the customer presses a “confirm” button in the registration screen to confirm the input information (step S12). As a result, a confirmation screen as shown in FIG. 6 is displayed (step S32). If OK, the customer 1 presses a “registration” button in the screen (step S13). By this operation, the personal information ASP 20 temporarily registers the personal information together with the input ID and password in its own database 21 (step S1), communicates with the portal site 10 (step S34), and the portal site 10 has its own database 11 The ID and password of the customer 1 are registered in (Step S23).

  Thereafter, the personal information ASP 20 sends a test mail to the personal computer of the customer 1 in accordance with the registered customer 1's mail address (step S1). The customer 1 accesses the personal information ASP 20 through a hyperlink in the mail, and registers the registered contents. Confirm and press the “Confirm” button (step S15). When the customer 1 presses the “confirm” button, the personal information ASP 20 performs the main registration by an operation such as setting a flag in the temporary registration column (step S36), and a registration completion mail with an ID and a password for the customer 1 Is transmitted (step S37).

  In this way, the personal information such as the address, name, and email address is registered in the database 21 of the personal information ASP 20 together with the ID and password input by the customer 1, and the ID and password are stored in the database 11 on the portal site 10 side. Only the password is registered. No personal information is stored in the database 11.

  On the other hand, when the customer 1 plays a game using game software operated by the portal site 10, the customer 1 logs in to the game with an ID and a password according to the screen of FIG. At this time, since the ID and password of the customer 1 as a member are registered in the database 11, the game can be logged in. That is, the portal site 10 can provide game software to the customer 1 without using personal information such as the address of the customer 1.

  FIG. 7 is a flowchart showing an operation example of the mail processing, and the operator of the portal site 10 always performs the mail check accepted by the personal information ASP 20 (step S40). If the customer 1 cannot play a game due to, for example, a problem with his / her personal computer, the customer 1 sends an email to the personal information ASP 20 with a content such as “game cannot be played” (step S41). Since the personal information ASP 20 stores and manages the email address of the customer 1 and discloses the email address of the personal information ASP 20 to the customer 1, the customer 1 and the personal information ASP 20 do not pass through the portal site 10. You can send e-mail directly between them. Then, the operator of the portal site 10 browses the mail transmitted to the personal information ASP 20 (Step S42), answers the inquiry of the customer 1 (Step S43), and returns the reply mail to the customer 1. (Step S44).

  As described above, the customer 1 directly inquires of the personal information ASP 20 by e-mail, and the portal site 10 browses the contents of the e-mail and makes a reply. The e-mail reply is sent from the personal information ASP 20. Therefore, the portal site 10 can perform tasks such as providing online games without possessing the personal information of the customer 1.

  FIG. 8 shows an operation example in which the portal site 10 transmits an e-mail magazine to many customers 1 for marketing or the like. First, the portal site 10 opens the site of the personal information ASP 20 by the URL (step S50). Then, an attribute selection screen as shown in FIG. 9 is displayed (step S51). Then, the portal site 10 selects an attribute such as age, sex, region, etc. of a specific customer to which the mail magazine should be transmitted according to FIG. 9 (step S52), and notifies the end of the selection (step S52A). The personal information ASP 20 extracts a corresponding customer from the database 21 based on the selected attribute information (step S53). In addition, the portal site 10 creates a text to be transmitted in the mail magazine (step S54), and notifies the end of the creation (step S54A). After that, the personal information ASP 20 creates a mail magazine by fitting the extracted customer with the text (magazine information) created by the portal site 10 (step S55), and transmits the mail magazine to the customer (step S56).

  In this way, the portal site does not know the customer's e-mail address, and transmits the magazine information created by him as a mail magazine to a specific customer (for example, a woman aged 20-30 in Tokyo). Can do. When sending e-mail magazines, when registering personal information, make a flag indicating whether or not to subscribe to e-mail magazines, and send e-mail magazines only to customers who wish to subscribe to e-mail magazines. To do.

  Next, another configuration example (payable system) of the present invention will be described with reference to FIG.

  In this example, the payment agent system 30 is connected to the personal information ASP 20 via the Internet 2 or a dedicated line, and the customer 1 purchases products on the Internet 2 or provides services such as games on the portal site 10. When receiving and paying the price, the personal information registered in the database 21 of the personal information ASP 20 is used. In this case, the customer 1 and the payment agent system 30 are in a contract partnership relationship, and the mail address and URL of the payment agent system 30 are disclosed to the customer 1. The portal site 10 handles operations such as user support (inquiries), use of management functions (email distribution, registration change, etc.), customer approach, usage negotiation, contract conclusion, contract trouble handling, and personal information ASP 20 maintains the database system. , Customer support (inquiry contact), management function maintenance, mail delivery function maintenance, system trouble handling, etc., and the payment agent system 30 performs membership fee collection (card, convenience store, etc.), item billing, and the like.

  FIG. 11 shows an operation example when the customer 1 purchases a product on the Internet 2 and the payment agent system 30 pays the price. The customer 1 first uses the portal site 10 as shown in FIG. The ID and password are input on the product purchase screen (step S60), the product is purchased with a shopping cart or the like (step S61), and the “product purchase” button is pressed (step S62). The “product purchase” button is linked to the payment agent system 30, and the site of the payment agent system 30 is accessed by pressing the “product purchase” button.

  The settlement agent system 30 transmits the corresponding ID to the personal information ASP 20 based on the access from the customer 1 (step S70), and the personal information ASP 20 extracts the personal information from the database 21 based on this ID (step S71). The extracted personal information is transmitted to the payment agent system 30 (step S72).

  When the personal information is transmitted from the personal information ASP 20, the payment agent system 30 displays a payment screen as shown in FIG. 13 (step S73), and the customer 1 selects one of the payment methods and selects “Next”. When the "" button is pressed, a settlement screen as shown in FIG. 14 is displayed (step S74). When the customer 1 confirms the purchased product and the payment method on the payment screen and presses the “confirm” button, the payment processing is completed (step S74), and payment information is transmitted to the portal site 10 (step S75).

  In this way, the portal site 10 is not involved in personal information at all in the settlement, and the settlement agency system 30 can perform the settlement by acquiring the personal information necessary for the settlement from the personal information ASP 20.

  In addition, when changing registration information, the registration screen of personal information ASP20 is displayed by operating the change button of the portal site 10, the registration information to change is instructed, and the "change" button in it is operated. Enter and change registration information. The changed ID, password, name, date of birth, gender, address, telephone number, and e-mail address are re-registered in the database 21, and the ID and password after the change process are re-registered in the database 11 on the portal site 10 side. Is done.

  In addition, in order to withdraw from the member, the registration screen of the personal information ASP 20 is displayed by operating the withdrawal button of the portal site 10, the registration screen for entering the ID, password, and e-mail address is displayed. Enter the password and e-mail address and operate the withdrawal button. As a result, the ID, password, name, date of birth, gender, address, telephone number and e-mail address registered in the database 21 are deleted, and the ID and password registered in the database 11 on the portal site 10 side are also deleted. Is done.

  Member registration, registration information change, and member withdrawal procedures are performed by GET by https communication users.

It is a block diagram which shows the basic structural example of this invention. It is a block diagram which shows the basic structural example of personal information ASP. It is a flowchart which shows the example of registration operation | movement of personal information. It is a screen figure which shows an example of the standby screen of a portal site. It is a screen figure which shows an example of a registration screen. It is a screen figure which shows an example of a registration screen. It is a flowchart which shows the operation example of the mail processing from a customer. It is a flowchart which shows an example of the mail magazine transmission from a portal site. It is a screen figure which shows an example of an attribute selection screen. It is a block diagram which shows the other structural example (settlementable system) of this invention. It is a flowchart which shows the operation example (settlement) of this invention. It is a screen figure which shows an example of a goods purchase screen. It is a screen figure which shows an example of a price payment screen. It is a screen figure which shows an example of a payment screen. It is a block diagram which shows the structural example of the conventional general portal site system.

Explanation of symbols

1 Customer 10 Portal site 11, 21 Database (DB)
20 Personal information ASP
21A DB server 21B Disk 22 Router 23A, 23B Web server 30 Payment agency system

Claims (4)

A portal site that conducts business based on the personal information of a customer and a personal information ASP that registers, stores, and manages the personal information are connected via the Internet, and the customer displays a screen held by the personal information ASP. Registering with the personal information ASP, registering and storing the personal information of the customer registered with the personal information ASP in the ASP database of the personal information ASP with an ID and a password; An individual having a portal site database for registering and storing only the ID and password, wherein the portal site performs the business by operating a screen held by the personal information ASP. Information management system. A portal site that conducts business based on the personal information of a customer and a personal information ASP that registers, stores, and manages the personal information are connected via the Internet, and the customer displays a screen held by the personal information ASP. Registering with the personal information ASP, registering and storing the personal information of the customer registered with the personal information ASP in the ASP database of the personal information ASP with an ID and a password; It has a portal site database for registering and storing only the ID and password, and the portal site performs the business by operating a screen held by the personal information ASP. When making an inquiry, the email is sent to the personal information ASP, and the reply to the email is the personal information ASP. Personal information management system, characterized in that it is made to the customer from the SP. A portal site that conducts business based on the personal information of a customer and a personal information ASP that registers, stores, and manages the personal information are connected via the Internet, and the customer displays a screen held by the personal information ASP. Registering with the personal information ASP, registering and storing the personal information of the customer registered with the personal information ASP in the ASP database of the personal information ASP with an ID and a password; It has a portal site database that registers and stores only the ID and password, and the portal site is configured to perform the business by operating a screen held by the personal information ASP. In order to conduct business, customer attribute information is selected on the screen held by the personal information ASP. The personal information ASP extracts the mail address of the selected customer from the ASP database, and sends the mail magazine from the personal information ASP to the customer of the extracted mail address. Personal information management system characterized by A portal site that conducts business based on the personal information of a customer and a personal information ASP that registers, stores, and manages the personal information are connected via the Internet, and the customer displays a screen held by the personal information ASP. Registering with the personal information ASP, registering and storing the personal information of the customer registered with the personal information ASP in the ASP database of the personal information ASP with an ID and a password; A portal site database for registering and storing only the ID and password, and the portal site performs the business by operating a screen held by the personal information ASP; The payment agent system is connected, and the product purchase customer performs the purchase operation on the portal site, Personal information management system, characterized in that the settlement sends the purchase information to the pre-agent system.

Images