JP2009245399A - Authentication server, change method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication server, a change method and a program, for easily updating user information, in a service using an IC card. <P>SOLUTION: This authentication server 100 changes personal information when an instruction is made to change the personal information of a user from a user terminal 200 or the like, and specifies a service providing server 300 for the service available for the user. The authentication server 100 transmits instruction information for updating the personal information of a member in the specified service providing server 300 in the same manner. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an authentication server, a changing method, and a program for changing personal information stored in a server or an IC card.

  Currently, various services (online shopping, net banking, etc.) using an IC card are provided (see, for example, Patent Document 1). In order to be able to use such a service, the user issues a dedicated IC card for each service, and corresponds to the identification information of the IC card and the user's personal information (name, address, telephone number, etc.) In addition, it is necessary to register with the service provider (server).

There are also various services that can be used by performing identity verification using an IC card identification card issued by an external organization such as a driver's license equipped with an IC chip (see, for example, Patent Document 2). In such a service, after confirming the identity, the ID and the personal information of the user stored in the IC card identification certificate are registered in the server, so that the service can be used with the IC card identification certificate thereafter. It becomes. In addition, since multiple IC card identification cards such as driver's licenses, passports, and Basic Resident Register cards can be used, multiple IC card identification cards can be used for multiple services. it can.
Japanese Patent Laid-Open No. 2007-4266 JP 2007-241647 A

  By the way, when the personal information such as the address is changed, the user needs to change the personal information for all the services used. For example, it is necessary to perform procedures for changing personal information for multiple banks using the updated Basic Resident Register card. If the update is neglected, the service provider will notify the user of the necessary information. There is a possibility that problems such as inability to occur. Prior art documents 1 and 2 do not provide a mechanism for reflecting changes in personal information in a certain service in other services, and cannot solve this problem.

  In addition, the user possesses multiple IC card identification cards such as a driver's license, passport, basic resident register card, etc., but if the personal information such as address is changed, all identification cards Therefore, it is necessary to go to each issuing organization and update the personal information on the IC card ID card. If the update is neglected, there is a possibility that the function as the identification card will not be performed in the first place. Prior art documents 1 and 2 do not provide a mechanism that makes it possible to update another IC card identification card based on the update information of a certain IC card identification card, and this problem cannot be solved.

  The present invention has been made in view of the above circumstances, and an object thereof is to provide an authentication server, a change method, and a program that can easily update user information in a service using an IC card.

In order to achieve the above object, an authentication server according to the first aspect of the present invention provides:
User information in which a card identifier of a plurality of IC cards possessed by a user, a type of each IC card, a service identifier of a service registered in each IC card, and personal information of the user of each IC card are associated with each other User information storage means for storing
Service information storage means for storing service information in which each service identifier is associated with access information to the service providing server of the service indicated by each service identifier;
Change instruction information acquisition means for acquiring change instruction information including change contents for changing personal information of a user together with a card identifier of an IC card from an external device or the service providing server;
Personal information changing means for changing the personal information of the user stored in the user information storage means based on the change instruction information acquired by the change instruction information acquiring means;
Service identifier acquisition means for acquiring from the user information storage means a service identifier of a service that can be used by a user whose personal information has been changed by the personal information change means;
Access information acquisition means for acquiring, from the service information storage means, access information to the service providing server of the service indicated by the service identifier acquired by the service identifier acquisition means;
Change instruction information transmitting means for transmitting the change instruction information to a service providing server indicated by the access information acquired by the access information acquiring means;
It is characterized by providing.

In order to achieve the above object, an authentication server according to the second aspect of the present invention provides:
User information storage means for storing user information in which a card identifier of a plurality of IC cards possessed by a user, personal information of users of each IC card, and change specifying information for specifying a change location of the personal information are associated with each other; ,
Card receiving means for receiving a card identifier of an IC card from an external device or the service providing server;
An update necessity determining means for determining whether or not the personal information stored in the IC card needs to be updated based on the information stored in the user information storage means;
A change information acquisition unit that acquires change information indicating a change content that can be specified from the change specification information stored in the user information storage unit when it is determined that the update necessity determination unit needs to be updated;
The key information for permitting the change indicated by the change information acquired by the change information acquiring means is acquired from the issuer of the IC card, and the card receiving means receives the card identifier using the key information. Card information changing means for causing the device or the service providing server to change the information stored in the IC card as indicated by the change information;
It is characterized by providing.

  The key information may permit the change indicated by the change information only once.

In order to achieve the above object, a changing method according to the third aspect of the present invention includes:
User information in which a card identifier of a plurality of IC cards possessed by a user, a type of each IC card, a service identifier of a service registered in each IC card, and personal information of the user of each IC card are associated with each other User information storage means for storing
Service information storage means for storing service information in which each service identifier is associated with access information to the service providing server of the service indicated by each service identifier;
A method for changing personal information performed by an authentication server comprising:
A change instruction information acquisition step for acquiring change instruction information including a change content for changing the personal information of the user together with the card identifier of the IC card from an external device or the service providing server;
Based on the change instruction information acquired in the change instruction information acquisition step, a personal information change step for changing the personal information of the user stored in the user information storage means;
A service identifier acquisition step of acquiring from the user information storage means a service identifier of a service that can be used by a user whose personal information has been changed in the personal information change step;
An access information acquisition step of acquiring, from the service information storage means, access information to the service providing server of the service indicated by the service identifier acquired in the service identifier acquisition step;
A change instruction information transmission step of transmitting the change instruction information to a service providing server indicated by the access information acquired in the access information acquisition step;
It is characterized by providing.

In order to achieve the above object, a changing method according to the fourth aspect of the present invention includes:
User information storage means for storing user information in which a card identifier of a plurality of IC cards possessed by a user, personal information of the user of each IC card, and change specifying information for specifying a change location of the personal information are associated with each other A method for changing personal information performed by an authentication server comprising:
A card receiving step of receiving a card identifier of an IC card from an external device or the service providing server;
An update necessity determining step for determining whether or not the personal information stored in the IC card needs to be updated based on information stored in the user information storage means;
When it is determined that the update necessity determination step needs to be updated, a change information acquisition step for acquiring change information indicating a change content that can be specified from the change specification information stored in the user information storage unit;
The key information for permitting the change indicated by the change information acquired in the change information acquisition step is acquired from the issuer of the IC card, and the card identifier is received in the card reception step using the key information. A card information changing step for causing the device or the service providing server to change the information stored in the IC card as indicated by the change information;
It is characterized by providing.

In order to achieve the above object, a program according to the fifth aspect of the present invention provides:
Computer
User information in which a card identifier of a plurality of IC cards possessed by a user, a type of each IC card, a service identifier of a service registered in each IC card, and personal information of the user of each IC card are associated with each other User information storage means for storing
Service information storage means for storing service information in which each service identifier is associated with access information to the service providing server of the service indicated by each service identifier;
Change instruction information acquisition means for acquiring change instruction information including change contents for changing the personal information of a user together with a card identifier of an IC card from an external device or the service providing server;
Personal information changing means for changing the personal information of the user stored in the user information storage means based on the change instruction information acquired by the change instruction information acquiring means;
Service identifier acquisition means for acquiring from the user information storage means a service identifier of a service that can be used by a user whose personal information has been changed by the personal information change means;
Access information acquisition means for acquiring, from the service information storage means, access information to the service providing server of the service indicated by the service identifier acquired by the service identifier acquisition means;
Change instruction information transmitting means for transmitting the change instruction information to a service providing server indicated by the access information acquired by the access information acquiring means;
To function as.

In order to achieve the above object, a program according to the sixth aspect of the present invention provides:
Computer
User information storage means for storing user information in which a card identifier of a plurality of IC cards possessed by a user, personal information of users of each IC card, and change specifying information for specifying a change location of the personal information are associated with each other; ,
Card receiving means for receiving a card identifier of an IC card from an external device or the service providing server;
An update necessity determining means for determining whether or not the personal information stored in the IC card needs to be updated based on the information stored in the user information storage means;
A change information acquisition unit that acquires change information indicating a change content that can be specified from the change specification information stored in the user information storage unit when it is determined that the update necessity determination unit needs to be updated;
The key information for permitting the change indicated by the change information acquired by the change information acquiring means is acquired from the issuer of the IC card, and the card receiving means receives the card identifier using the key information. A card information changing means for causing the device or the service providing server to change the information stored in the IC card as indicated by the change information;
To function as.

  According to the present invention, when a user's personal information is changed, the personal information of the service providing server that can be used by the user is also updated without human intervention. Further, another IC card identification card can be updated by updating information of a certain IC card identification card. Therefore, user information can be easily updated in a service using an IC card.

  Hereinafter, an information processing system 1000 including the authentication server 100 according to the embodiment of the present invention will be described. As illustrated in FIG. 1, the information processing system 1000 includes an authentication server 100 that authenticates a user, a plurality of user terminals 200 operated by the user, a plurality of service providing servers 300 that provide services to the user, and the identity of the user. And a card issuing institution server 400 that issues an IC card as a certificate.

  The present invention will be described by taking a bank online system (so-called Internet banking system) via the Internet as an example of the information processing system 1000. That is, the service providing server 300 is a server that executes processing for providing an Internet banking service to a user. However, the present invention is not limited to the Internet banking service and can be applied to a system that provides an arbitrary service.

The authentication server 100, the user terminal 200, and the service providing server 300 are connected by a communication network 500 such as the Internet, a LAN (Local Area Network), and a WAN (Wide Area Network).
The authentication server 100 and the card issuing authority server 400 are connected by a dedicated line.

In the service provided by each service providing server 300, the authentication server 100 performs a user authentication process when there is a process that needs to confirm that the user is indeed the user (hereinafter referred to as "user authentication process"). Can be executed on behalf of each service providing server 300. Therefore, the authentication server 100 may be called an identity verification proxy server. The authentication server 100 receives an authentication request from the service providing server 300, performs user authentication processing, and transmits an authentication result to the service providing server 300 that has made the authentication request.
As illustrated in FIG. 2, the authentication server 100 includes a control unit 110, a communication unit 120, and a storage unit 130.

  The control unit 110 includes a CPU and the like. The control unit 110 controls the entire authentication server 100, is connected to each component, and exchanges control signals and data. For example, when the control unit 110 receives information instructing change of user information from the user terminal 200, the control unit 110 determines a service available to the user, and instructs the service providing server 300 of the determined service to update the user information. To do.

  In addition, the control unit 110 functionally includes an identity verification proxy unit 111 and an account management unit 112.

  The identity verification proxy unit 111 performs user authentication. The identity verification proxy unit 111 includes an IC card identification / information reading unit 1111, an IC card processing distribution unit 1112, an identity authentication unit 1113, an IC card update determination unit 1114, and an IC card writing unit 1115. Is done.

  The IC card identification / information reading unit 1111 acquires the information stored in the IC card via the communication unit 120 and confirms that the IC card is registered in the IC card information management database 132 described later. Thereafter, the type of the IC card is determined.

  The IC card processing distribution unit 1112 acquires an authentication program optimal for the IC card whose type has been determined.

  The personal authentication unit 1113 authenticates the IC card using the authentication program acquired by the IC card processing distribution unit 1112. Also, the personal authentication unit 1113 registers the authentication result as a log in the trail management database 135 together with the time information at that time.

  The IC card update determination unit 1114 refers to the user card management table of the user information management database 131 and identifies a card for which the update flag is set among the cards that can be used by the user.

  The IC card writing unit 1115 transmits an instruction to change information stored in the IC card to the user terminal 200 or the service providing server 300.

  The account management unit 112 manages user account information. The account management unit 112 includes an inquiry reception / transmission IF (interface) 1121, an update information monitoring unit 1122, a user information acquisition unit 1123, and an authentication result acquisition unit 1124.

  The inquiry reception / transmission IF 1121 refers to a service information management database 134 to be described later, identifies the service providing server 300, and transmits update information.

  The update information monitoring unit 1122 monitors the presence or absence of update information with reference to a user information management database 131 (to be described later) periodically or based on a user inquiry.

  The user information acquisition unit 1123 changes personal information stored in a user information management database 131 described later based on the change information received via the communication unit 120. At this time, the change flag indicating the change is also updated.

  The authentication result acquisition unit 1124 reads the authentication result of the instructed service member with reference to the trail management database 135 and notifies the inquiry reception / transmission IF 1121.

  The content of the information transmitted from the user terminal 200 is, for example, personal information read by the IC card R / W unit 230 of the user terminal 200, a user name input to the user terminal 200 by the user, a password, or the like. .

The communication unit 120 includes a NIC (Network Interface Card) for connecting to the communication network 500 and the card issuing institution server 400. The control unit 110 can exchange data with the service providing server 300 or the user terminal 200 via the communication network 500 by the communication unit 120.
In addition, the control unit 110 can transmit and receive data to and from the card issuing institution server 400 connected via a dedicated line through the communication unit 120.

  The storage unit 130 includes a ROM, a RAM, a hard disk device, and the like. The storage unit 130 stores a program for executing user authentication processing, an OS, and the like in advance.

  As illustrated in FIG. 2, the storage unit 130 stores a user information management database 131, an IC card information management database 132, an authentication database 133, a service information management database 134, and a trail management database 135 in advance.

As shown in FIG. 3, the user information management database 131 includes a user card management table and a user use service management table.
The user card management table stores, for each user, information associated with each item such as a unique user ID, ID / number of a registered IC card, name, address, update flag, and availability information for each user. To do. The provision availability information is information indicating whether or not to provide registered IC card information as update information of other IC cards.
The user usage service management table includes, for each user, a user ID, a usage service that can be used by the user, an ID / number of a registered IC card that can use the service, an account ID and password required for service authentication, an update Information of each item such as a flag and updatable information is stored in association with each other. Note that the update availability information is information indicating whether or not to provide the change information as change information of another service when there is a change in information related to the registered service.
Note that the update flags of the user card management table and the user use service management table store information for specifying the item that has been changed most recently on the IC card.
For example, as shown in FIG. 3, the user having the user ID “A01” owns the cards A, B, and C. In addition, the user having the user ID “A01” uses “● × bank” as the use service, and “card A (card number: 123...) As an authentication card when using the“ ● × bank ”service. ..) ”,“ 1111 ”is registered as the account ID at that time, and“ 1234 ”is registered as the password at that time. Further, the user having the user ID “A01” uses “T city hall” as a use service, and “card B (card number: 999...)” As a card for authentication when using the service of “T city hall”. "9999" is registered as the account ID at that time, and "9999" is registered as the password at that time.

  In the IC card information management database 132, as shown in FIG. 4, a card identifier for uniquely identifying a card type, a card type, a file configuration, a file type, a file size, and an authentication key are associated with each other. Information is stored. The authentication server 100 reads information stored in the IC card based on information stored in the IC card information management database 132. The IC card information management database 132 stores an authentication key (public key, secret key, etc.) used for authentication.

  As shown in FIG. 5, the authentication database 133 stores an authentication program executed for authenticating the card for each type of card. The card type is, for example, a type of driver's license, health insurance card, social security card, basic resident register card, cash card, or the like.

As shown in FIG. 6, the service information management database 134 stores a service ID, a service name, an access method to the service providing server 300, an access destination URL, and the like for each service.
For example, the access destination URL “http; // www.bank” is accessed via the access method “Internet” to the service providing server 300 of the service bank “×” with the service ID “01”.

  In the trail management database 135, the authentication result of the IC card performed by the authentication server 100 is stored as a log.

  The IC card is a card issued by the card issuing institution server 400. The IC card physically contains an IC chip composed of a CPU, a coprocessor (encryption circuit), a ROM, a RAM, a nonvolatile memory, and the like. The IC card stores a card identifier representing a card type, a PIN, key information necessary for authentication, user personal information, and the like.

  Next, the configuration of the user terminal 200 will be described. As shown in FIG. 7, the user terminal 200 includes a control unit 210, a communication unit 220, an IC card reader / writer unit 230 (hereinafter referred to as “IC card R / W unit 230”), a storage unit 240, An input receiving unit 250 and an output unit 260 are provided.

  The control unit 210 includes a CPU (Central Processing Unit) and the like. The control unit 210 controls the entire user terminal 200, is connected to each component, and exchanges control signals and data. For example, the control unit 210 executes a program for executing processing on the user terminal 200 side of the Internet banking system.

  The communication unit 220 includes a NIC (Network Interface Card), a modem, and the like for connecting to a communication network 500 such as the Internet or a LAN.

IC card reader / writer unit 230 (hereinafter referred to as “IC card R / W unit”) is a driver's license, health insurance card, social security card, basic resident register card, cash card, credit card, etc. equipped with an IC chip. The information stored in the various IC cards is read. In order to use the service of the information processing system 1000, the user may have to perform identity verification using an IC card in addition to the user and password check.
Further, the IC card R / W unit 230 updates the storage information of the IC card using the update information received from the authentication server 100 and the key information for card update.

  The storage unit 240 includes a ROM (Read Only Memory), a RAM (Random Access Memory), a hard disk device, and the like. The storage unit 240 stores in advance a program, an operating system (OS), and the like for executing processing on the user terminal 200 side of the Internet banking system. In addition, intermediate data and result data when executing each process are also stored.

  The input receiving unit 250 includes an input device such as a keyboard and a mouse, and receives various instruction inputs from the user. The instruction input includes, for example, an instruction input for requesting establishment of a new account and an instruction input for requesting transfer.

  The output unit 260 includes a display device such as a display and an output device such as a speaker. The user can operate the user terminal 200 while viewing the screen displayed on the display device.

  As the user terminal 200, a known personal computer can be used.

  The service providing server 300 is a server installed by an organization that provides a predetermined service to the user. For example, the service providing server 300 includes various servers such as a server for Internet banking service installed by a bank, a server for administrative service installed by an administrative institution, and a server for medical service installed by a medical institution such as a hospital.

  The configuration of the service providing server 300 will be described. As shown in FIG. 8, the service providing server 300 includes a control unit 310, a communication unit 320, a storage unit 330, an IC card R / W unit 340, and an input reception unit 350.

The control unit 310 includes a CPU and the like. The control unit 310 controls the service providing server 300 as a whole, is connected to each component, and exchanges control signals and data. For example, the control unit 310 receives an authentication result of the user's IC card from the authentication server 100, and executes a service for the user based on the authentication result.
The control unit 310 includes a service execution unit 311 and a member information management unit 312.
The service execution unit 311 performs processing for providing a predetermined service to a user who is a member.
The member information management unit 312 performs processing such as registration, deletion, and change of members who can provide services. The member information management unit 312 receives personal information change information from the authentication server 100 and updates the member database 331 based on the change information. In addition, the member information management unit 312 periodically inquires of the authentication server 100 whether there is a change in member information.

  The communication unit 320 includes a NIC for connecting to a communication network 500 such as the Internet. The control unit 310 can transmit and receive data to and from the user terminal 200 via the communication network 500 by the communication unit 320. The control unit 310 can also transmit and receive data to and from the authentication server 100 or the user terminal 200 via the communication network 500 by the communication unit 320.

  The storage unit 330 includes a ROM, a RAM, a hard disk device, and the like. The storage unit 330 stores in advance a program, an OS, and the like for executing processing on the service providing server 300 side of the Internet banking system.

The storage unit 330 stores a member database 331. As shown in FIG. 9, the member database 331 stores account IDs, user names, addresses, telephone numbers, passwords, and the like in association with users (members) that the service providing server 300 can provide services.
For example, the control unit 310 performs a simple user authentication process without using an IC card by determining whether or not a password input by the user matches a password registered in the member database 331 in advance. can do.

The IC card R / W unit 340 reads information stored in various IC cards such as a driver's license, an health insurance card, a social security card, a basic resident register card, a cash card, and a credit card equipped with an IC chip. In order to use the service of the information processing system 1000, the user may have to perform identity verification using an IC card in addition to the user and password check.
Further, the IC card R / W unit 340 updates the stored information of the IC card using the update information received from the authentication server 100 and the key information for card update.

  The card issuing institution server 400 is a server installed by an institution that issues an IC card serving as an identification card such as a driver's license, passport, and basic resident register card to the user. For example, the card issuing organization server 400 includes various servers such as a server for issuing a license managed by the National Police Agency, a server managed by a public personal authentication service organization, a social security authentication infrastructure, and a server managed by various private authentication infrastructures. There is a server.

  The configuration of the card issuing organization server 400 will be described. As shown in FIG. 10, the card issuing institution server 400 includes a control unit 410, a communication unit 420, and a storage unit 430.

  The control unit 410 includes a CPU and the like. The control unit 410 controls the card issuing institution server 400 as a whole, is connected to each component, and exchanges control signals and data. For example, the control unit 410 issues key information for changing information stored in the IC card in response to a request from the authentication server 100.

  The communication unit 420 includes a NIC for connecting to the authentication server 100 via a dedicated line. The control unit 410 can transmit / receive data to / from the authentication server 100 via the dedicated line by the communication unit 420.

  The storage unit 430 includes a ROM, a RAM, a hard disk device, and the like. The storage unit 430 stores in advance a program, an OS, and the like for executing processing on the card issuing institution server 400 side of the Internet banking system.

  The operation of the information providing system 1000 having the above configuration will be described below.

  First, processing when the user changes his / her registered personal information will be described with reference to the functional diagram shown in FIG. 11 and the sequence diagram shown in FIG.

  First, the user presents the IC card to the user terminal 200 or the IC card R / W units 230 and 340 of the service providing server 300. The control units 210 and 310 control the IC card R / W units 230 and 340 to read the card identifier stored in the presented IC card (step S10) and transmit it to the authentication server 100 (step S20).

  When receiving the card identifier (step S30), the control unit 110 of the authentication server 100 executes an authentication process (step S40).

FIG. 13 shows details of the authentication process (step S40). First, the IC card identification / information reading unit 1111 determines whether or not the card identifier included in the card storage information included in the authentication request is stored in the IC card information management database 132 (step S41).
If it is determined that it is not stored (step S41; No), the IC card is unauthenticated, the process is interrupted, and the process ends.

If it is determined that it is stored (step S41; Yes), the IC card identification / information reading unit 1111 refers to the IC card information management database 132 and determines the type of the IC card from the stored card identifier. It discriminate | determines (step S42).
For example, the information shown in FIG. 4 is stored in the IC card information management database 132, and the IC card whose card identifier is “001” is determined as the type “card A”.

Subsequently, the IC card processing distribution unit 1112 refers to the authentication database 133 and acquires an authentication program (step S43).
For example, if the information shown in FIG. 5 is stored in the authentication database 133 and the determined IC card type is “card A”, the authentication program is determined to be “authentication program A”.

Subsequently, the personal authentication unit 1113 executes predetermined authentication such as validity check of the IC card and access control by executing the acquired authentication program (step S44).
Then, the personal authentication unit 1113 transmits an authentication completion notification indicating that the authentication has been completed to the user terminal 200 (step S45).
This completes the authentication process.

Returning to FIG. 12, when the authentication completion notification is received (step S50), the user of the user terminal 200 or the service providing server 300 performs a process for changing his / her personal information such as an address change.
For example, the user inputs the change contents via the user terminal 200 or the input reception units 250 and 350 of the service providing server 300. And the control parts 210 and 310 transmit change information to the authentication server 100 (step S60). When the update information is stored in the IC card itself, the control units 210 and 310 read the update information through the IC card R / W units 230 and 340 and transmit the change information to the authentication server 100.

When the change information is received (step S70), the user information acquisition unit 1123 of the authentication server 100 changes the personal information stored in the user information management database 131 as indicated by the change information (step S80).
Then, after the change is completed, the user information acquisition unit 1123 sets information for identifying the changed item in the change flag of the entry of the user use service management table of the changed user information management database 131 ( Step S90). For example, when the address is changed, an update flag such as “address” is set as the update flag.
Similarly, when the update is performed based on the update information stored in the IC card, an update flag such as “address” is set in the update flag of the user card management table.
In this way, the user's own personal information about a certain service is changed.

Next, the authentication server 100 performs processing for notifying update information of a certain service to another service (step S100). Specifically, the update information monitoring unit 1122 refers to the user use service management table of the user information management database 131, and the update availability information of the service that has been changed is “Yes”. Identify other services for users to be notified of updates. Then, the inquiry reception / transmission IF 1121 is notified of update information and information (for example, a service ID) for specifying the service to be notified.
For example, in the example of FIG. 3, when the user “A01” changes the address for the usage service “01”, the update availability information of this service is “possible”, so the user “A01” Update information is notified to the other services “02” and “03” used by.

  Subsequently, the inquiry reception / transmission IF 1121 refers to the service information management database 134 to identify the address (URL) of the identified service to the service providing server 300, and sends the change information to the identified service providing server 300. Transmit (step S110).

When the member information management unit 312 of the service providing server 300 of the identified service receives the update information (step S120), based on the update information, the member information member 331 stores the personal information of the user (member) stored in the member database 331. Update (step S130).
In this way, the authentication server 100 notifies update information of a certain service to other services.
Thus, the update process ends.

  As described above, in the present embodiment, when the personal information of the user stored in the authentication server 100 is changed, the personal information stored in the service providing server 300 of the service available to the user is similarly used. Be changed.

  In addition, this invention is not limited to the said embodiment, A various application and deformation | transformation are possible.

  For example, as described above, this processing may be performed immediately after the user changes the personal information about a certain service, or the update information monitoring unit 1122 periodically monitors the user information management database 131, Specify the user ID and service used for which the update flag of the user service management table is set, and if the updatable flag is “Yes”, other services of the user to be notified of the update The update information and the service information to be notified may be transmitted to the inquiry reception / transmission IF 1121.

  Further, the service providing server 300 can obtain the update information by inquiring of the authentication server 100 whether the personal information of the member managed in the member database 331 has been updated. In this case, the following processes (1) to (5) are performed.

(1) The member information management unit 312 of the service providing server 300 reads the member database 331 and transmits a member ID (account ID) and a service ID to the authentication server 100.
(2) The authentication server 100 receives the member ID and service ID information through the inquiry reception / transmission IF 1121 and transmits the information to the update information monitoring unit 1122.
(3) The update information monitoring unit 1122 refers to the user use service management table of the user information management database 131, identifies the user ID and use service for which update information is set, and the update availability information is “ If yes, it is checked whether the user is using the service of the service ID for which the inquiry has been made. If so, the inquiry reception / transmission IF 1121 is notified of the update information. Communicate information that identifies the service.
(4) Subsequently, the inquiry reception / transmission IF 1121 refers to the service information management database 134 to identify the address (URL) to the service providing server 300 of the identified service, and to the identified service providing server 300, Send change information.
(5) Upon receiving the update information, the member information management unit 312 of the service providing server 300 for the specified service updates the personal information of the user (member) stored in the member database 331 based on the update information. To do.

  Further, the member information management unit 312 of the service providing server 300 can collectively acquire the authentication information of the members managed in the member database 331 in the authentication server 100 as well as the update information of the personal information. In this case, the authentication server 100 receives the member ID and the service ID through the inquiry reception / transmission IF 1121, and the authentication result acquisition unit 1124 reads the authentication result of the corresponding member by referring to the trail management database 135, The authentication result is transmitted to the service providing server 300 through the joint reception / transmission IF 1121.

  Next, a process when the authentication server 100 is accessed with an IC card that does not reflect this update while the personal information of the user is updated will be described with reference to the sequence diagram shown in FIG.

  First, the user presents the IC card to the user terminal 200 or the IC card R / W units 230 and 340 of the service providing server 300. The control units 210 and 310 control the IC card R / W units 230 and 340 to read the card identifier stored in the presented IC card (step S210) and transmit it to the authentication server 100 (step S220).

  When receiving the card identifier (step S230), the control unit 110 of the authentication server 100 executes an authentication process (step S240). This authentication process is substantially equivalent to the process of step S40 in FIG.

When the authentication process is completed, the IC card update determination unit 1114 refers to the user card management table of the user information management database 131 and selects a card for which an update flag is set among cards that can be used by the user. Specify (step S250).
For example, in FIG. 3, the cards with the user ID “A01” registered in the user card management table of the user information management database 131 are the card A, the card B, and the card C, and the update flag is set. “Card A” is identified.

  Then, the IC card update determination unit 1114 confirms that the identified card is a card whose type is different from the card that has received the card identifier from the user terminal 200 (step S260). That is, this confirmation shows that the card that has received the card identifier from the user terminal 200 is an IC card that has not yet been updated.

  Subsequently, the IC card update determination unit 1114 transmits a change request including change information that can be specified from the update flag to the card issuing institution server 400 that is the issuing source of the card that has received the card identifier from the user terminal 200 (step S1). S270).

  When receiving the change request (step S280), the control unit 410 of the card issuing authority server 400 transmits to the authentication server 100 key information for IC card write permission that permits the change indicated by the change information included in the change request (step S280). Step S290). The key information for permitting writing may be set so that it can be used only once.

  When the key information for writing is received (step S300), the IC card writing unit 1115 transmits a change instruction including the key information to the user terminal 200 or the service providing server 300 (step S310).

When receiving the change instruction (step S320), the control unit 210 or 310 of the user terminal 200 or the service providing server 300 controls the IC reader R / W units 230 and 340 to store the information stored in the IC card. The change is made based on the change instruction (step S330).
This is the end of the process.

  As described above, when the personal information of the user is updated by this process, when the authentication server 100 is accessed from the user terminal 200 or the service providing server 300 with an IC card that has not been updated yet. It is determined that the IC card has not been updated, and the storage information of the IC card is updated.

  In addition, this invention is not limited to the said embodiment, A various application and deformation | transformation are possible.

  For example, in the present embodiment, an Internet banking service is assumed as a service provided by the information processing system 1000. However, it can also be applied to systems that provide other services. For example, there are various cases, such as a case where identity verification is performed at the time of processing such as issuance of a resident's card in an administrative service provided by an administrative organization, or a case where identity verification is performed at the time of medical reception in a medical service provided by a medical institution such as a hospital. The present invention can be used in the field.

  Further, the reading of the card identifier (steps S10 and S210) may be performed from the IC card R / W unit 340 of the service providing server 300 instead of the user terminal 200.

  In addition, in the process of step S100, among the services that can be used by the user, the service whose updateable flag in the user information management database 131 is “OK” is set as the update target. It is also possible to update all available services.

  The authentication server 100 can be realized using a normal computer system without depending on a dedicated system. For example, a computer program for executing the above operation is stored and distributed in a computer-readable recording medium (flexible disk, CD-ROM, DVD-ROM, etc.), and the computer program is installed in the computer. Thus, an apparatus that performs the above-described processing may be configured. Further, the computer program may be stored in a storage device included in a server device on a communication network such as the Internet, and the device may be configured by being downloaded by a normal computer system.

  In addition, when the functions of this system are realized by sharing of an OS (operating system) and an application program, or by cooperation between the OS and an application program, only the application program part is stored in a recording medium or a storage device. Also good.

  In addition, specific details of the configuration can be changed as appropriate.

1 is a configuration diagram of an information processing system according to an embodiment of the present invention. It is a block diagram which shows the structure of an authentication server. It is a figure which shows the structural example of a user information management database. It is a figure which shows the structural example of an IC card information management database. It is a figure which shows the structural example of an authentication database. It is a figure which shows the structural example of a service information management database. It is a block diagram which shows the structure of a user terminal. It is a block diagram which shows the structure of a service provision server. It is a figure which shows the structural example of a member database. It is a block diagram which shows the structure of a card issue organization server. It is a functional diagram of an information processing system concerning an embodiment of the present invention. It is a sequence diagram for demonstrating the process of the information processing system which concerns on embodiment of this invention. It is a flowchart for demonstrating an authentication process. It is a sequence diagram for demonstrating the process of the information processing system which concerns on embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Authentication server 200 User terminal 300 Service provision server 400 Card issuing organization server 500 Communication network 1000 Information processing system

Claims (7)

User information in which a card identifier of a plurality of IC cards possessed by a user, a type of each IC card, a service identifier of a service registered in each IC card, and personal information of the user of each IC card are associated with each other User information storage means for storing
Service information storage means for storing service information in which each service identifier is associated with access information to the service providing server of the service indicated by each service identifier;
Change instruction information acquisition means for acquiring change instruction information including change contents for changing the personal information of a user together with a card identifier of an IC card from an external device or the service providing server;
Personal information changing means for changing the personal information of the user stored in the user information storage means based on the change instruction information acquired by the change instruction information acquiring means;
Service identifier acquisition means for acquiring from the user information storage means a service identifier of a service that can be used by a user whose personal information has been changed by the personal information change means;
Access information acquisition means for acquiring, from the service information storage means, access information to the service providing server of the service indicated by the service identifier acquired by the service identifier acquisition means;
An authentication server comprising: change instruction information transmitting means for transmitting the change instruction information to a service providing server indicated by the access information acquired by the access information acquiring means. User information storage means for storing user information in which a card identifier of a plurality of IC cards possessed by a user, personal information of users of each IC card, and change specifying information for specifying a change location of the personal information are associated with each other; ,
Card receiving means for receiving a card identifier of an IC card from an external device or the service providing server;
An update necessity determining means for determining whether or not the personal information stored in the IC card needs to be updated based on the information stored in the user information storage means;
A change information acquisition unit that acquires change information indicating a change content that can be specified from the change specification information stored in the user information storage unit when it is determined that the update necessity determination unit needs to be updated;
The key information for permitting the change indicated by the change information acquired by the change information acquiring means is acquired from the issuer of the IC card, and the card receiving means receives the card identifier using the key information. Card information changing means for causing the device or the service providing server to change the information stored in the IC card as indicated by the change information;
An authentication server comprising: The key information permits the change indicated by the change information only once.
The authentication server according to claim 2, wherein: User information in which a card identifier of a plurality of IC cards possessed by a user, a type of each IC card, a service identifier of a service registered in each IC card, and personal information of the user of each IC card are associated with each other User information storage means for storing
Service information storage means for storing service information in which each service identifier is associated with access information to the service providing server of the service indicated by each service identifier;
A method for changing personal information performed by an authentication server comprising:
A change instruction information acquisition step for acquiring change instruction information including a change content for changing the personal information of the user together with the card identifier of the IC card from an external device or the service providing server;
Based on the change instruction information acquired in the change instruction information acquisition step, a personal information change step for changing the personal information of the user stored in the user information storage means;
A service identifier acquisition step of acquiring from the user information storage means a service identifier of a service that can be used by a user whose personal information has been changed in the personal information change step;
An access information acquisition step of acquiring, from the service information storage means, access information to the service providing server of the service indicated by the service identifier acquired in the service identifier acquisition step;
A change instruction information transmission step of transmitting the change instruction information to a service providing server indicated by the access information acquired in the access information acquisition step;
A change method characterized by comprising: User information storage means for storing user information in which a card identifier of a plurality of IC cards possessed by a user, personal information of the user of each IC card, and change specifying information for specifying a change location of the personal information are associated with each other A method for changing personal information performed by an authentication server comprising:
A card receiving step of receiving a card identifier of an IC card from an external device or the service providing server;
An update necessity determining step for determining whether or not the personal information stored in the IC card needs to be updated based on information stored in the user information storage means;
When it is determined that the update necessity determination step needs to be updated, a change information acquisition step for acquiring change information indicating a change content that can be specified from the change specification information stored in the user information storage unit;
The key information for permitting the change indicated by the change information acquired in the change information acquisition step is acquired from the issuer of the IC card, and the card identifier is received in the card reception step using the key information. A card information changing step for causing the device or the service providing server to change the information stored in the IC card as indicated by the change information;
A change method characterized by comprising: Computer
User information in which a card identifier of a plurality of IC cards possessed by a user, a type of each IC card, a service identifier of a service registered in each IC card, and personal information of the user of each IC card are associated with each other User information storage means for storing
Service information storage means for storing service information in which each service identifier is associated with access information to the service providing server of the service indicated by each service identifier;
Change instruction information acquisition means for acquiring change instruction information including change contents for changing the personal information of a user together with a card identifier of an IC card from an external device or the service providing server;
Personal information changing means for changing the personal information of the user stored in the user information storage means based on the change instruction information acquired by the change instruction information acquiring means;
Service identifier acquisition means for acquiring from the user information storage means a service identifier of a service that can be used by a user whose personal information has been changed by the personal information change means;
Access information acquisition means for acquiring, from the service information storage means, access information to the service providing server of the service indicated by the service identifier acquired by the service identifier acquisition means;
Change instruction information transmitting means for transmitting the change instruction information to a service providing server indicated by the access information acquired by the access information acquiring means;
Program to function as. Computer
User information storage means for storing user information in which a card identifier of a plurality of IC cards possessed by a user, personal information of users of each IC card, and change specifying information for specifying a change location of the personal information are associated with each other; ,
Card receiving means for receiving a card identifier of an IC card from an external device or the service providing server;
An update necessity determining means for determining whether or not the personal information stored in the IC card needs to be updated based on the information stored in the user information storage means;
A change information acquisition unit that acquires change information indicating a change content that can be specified from the change specification information stored in the user information storage unit when it is determined that the update necessity determination unit needs to be updated;
The key information for permitting the change indicated by the change information acquired by the change information acquiring means is acquired from the issuer of the IC card, and the card receiving means receives the card identifier using the key information. A card information changing means for causing the device or the service providing server to change the information stored in the IC card as indicated by the change information;
Program to function as.

Images