JP2010140098A - Operation method and transfer server for system including service server for registering authentication information for receiving service - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve the problem that the sound protection and cultivation of youth is against the purpose when the purchase of merchandise or the use of service, in the Internet, is permitted without any restriction. <P>SOLUTION: In the operation method of a system which includes: a user terminal; a service server for providing the service to the user terminal in which the attribute information and individual identification information of the user are registered; and a transfer server for transferring the authentication information of the user to the service server, the operation method is provided with: the reply request of a user ID associated with the individual identification information is transmitted with the individual identification information of the user terminal from the user terminal to the service server; the user ID is replied from the service server to the user terminal; the identification information of the service server, the user ID, and the authentication information of the user are transmitted from the user terminal to the transfer server; the user ID and the authentication information of the user are transmitted from the transfer server to the service server identified by the identification information; and the service server stores the user ID and the authentication information of the user in association with each other. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a service server that provides a service in response to user authentication, a transfer server that transfers authentication information transmitted from the user, and a query and response related to the authentication information, and a user for receiving the service. Regarding terminals.

  It has become possible to purchase various products and use services via the Internet. However, if the purchase of goods and the use of services are allowed without limitation, it would be against the purpose of, for example, the healthy protection and development of youth. Therefore, a technique has been proposed in which a user is authenticated and a user attribute is confirmed each time a product is purchased or a service is used using a personal authentication card (see, for example, Patent Document 1).

  In addition, a law amending part of the Act on the Regulation of Acts for Attracting Children Using the Internet Heterogeneous Referral Business came into force on December 1, 2008, and part of the provision of services via the Internet However, it has come to be required to confirm attributes such as the age of service users.

JP 2008-165562 A

  Each time a user uses the service, if authentication is performed using a personal authentication card, there is a problem that the user will not be able to bear the trouble. In this regard, once authentication is performed with a personal authentication card, a password or the like is issued to the user, and by using the password or the like, authentication each time the service is used can be made unnecessary. However, when a user uses a service provided by a different service provider, the user needs to be authenticated by the different service provider, which is still complicated.

  Therefore, in one embodiment of the present invention, a user terminal identified by the individual identification information, a service server that provides a service to the user terminal in which the user's attribute information and individual identification information are registered, and a user And a transfer server that transfers the authentication information to the service server, the user terminal sending a request for returning a user ID associated with the individual identification information from the user terminal to the service server. The information is transmitted together with the information, the user ID is returned from the service server to the user terminal, the identification information of the service server, the user ID and the user authentication are transmitted from the user terminal to the transfer server. The user ID and the user authentication information are transmitted from the transfer server to the service server identified by the identification information. Sent at the service server, and stores in association with authentication information of the user ID and the user, the operation method of the system is provided.

  In this embodiment, an inquiry about attribute information registered in the second service server is transmitted from the second service server to the transfer server, and the inquiry is sent from the transfer server to the service server. The service server processes the inquiry to generate a response, the service server sends the response to the transfer server, the transfer server sends the response to the second service server, It is preferable to send a response.

  In an embodiment of the present invention, the user ID, the service server identification information, and the user authentication information received via the network from a service server that registers user attribute information in a database are provided. An authentication information receiving unit that is received from the user terminal and stored in the memory, and the user authentication information and the user ID stored in the memory to the service server identified by the identification information stored in the memory And a transfer server having an authentication information transmitting unit that transmits the information via a network.

  As described above, according to an embodiment of the present invention, a user transmits authentication information to a service server, and confirms attribute information registered in the registration database of the service server and extracts from authentication information. If the registered information is registered in the registration database and a password has been issued, registration of the service to use another service server will provide confirmation of attribute information, etc. by providing the issued password. Therefore, it is not necessary to send the authentication information again.

  In addition, when the user terminal is identified by the individual identification information, the service server can store the individual identification information and the authentication information in association with each other, so check the attributes such as the age of the service user. Can do.

  Hereinafter, the best mode for carrying out the present invention will be described as an embodiment. It should be noted that the present invention is not limited to the following embodiments, and can be implemented by being modified into various forms based on ordinary knowledge in the technical field belonging to the technical field of the present invention. These various forms also belong to the technical scope of the present invention.

(Embodiment 1)
FIG. 1 is a functional block diagram of a service providing system according to an embodiment of the present invention. The service providing system includes a service server 101, a user terminal 102, and a transfer server 103. In addition, the second service server 104 may be included. The service server 101, the user terminal 102, and the transfer server 103 can transmit and receive information via the network interfaces provided in each. The second service server 104 is also provided with a network interface so that information can be transmitted to and received from the transfer server 103.

  The service server 101 is a server device that provides a service to the user of the user terminal 102. For example, it is a server that provides a social networking service (SNS) to registered members of the service server 101. The server also provides a service for exchanging mails and messages between members. Alternatively, it is a server that provides specific music or video content. The service may be provided either for a fee or free of charge. In addition, the service server 101 may provide a service for presenting a questionnaire for marketing or the like to the user and collecting user responses. In this service, a user who answers the questionnaire may be given some privilege.

  In FIG. 1, the explanation is centered on member registration. That is, the service server 101 includes a registration information transmission unit 105, a registration database 106, and a recording unit 107. The service server 101 may further include a response unit 108. The service server 101 has other units, for example, a unit for providing a service, but is not shown.

  The registration information transmission unit 105 transmits information for registering user attribute information so that the user can receive a service from the service server 101. This information may be such that a user ID for uniquely identifying the user at least by the service server 101 is made to the service server 101 in response to the request. User attribute information is associated with the user ID and registered in the registration database 106. User attribute information includes any of name, address, age, gender, occupation, and the like. As an example of information for registering user attribute information, there is screen information used for inputting user attribute information, and the user ID may be included in this screen information. . This screen information is information on a screen described in, for example, HTML (HyperText Markup Language). Further, the information for registering user attribute information is not limited to information registered by a user who is not registered in the service server 101, but has already been registered in the service server 101. It can also be used by the user to register additional attribute information or to change already registered attribute information.

  The registration database 106 is a database that stores user attribute information. For example, user attribute information is stored in a relational database table format. The attribute information is stored in a non-volatile memory such as a hard disk. For example, attribute information including any of name, address, age, gender, occupation, etc. is stored as row data for each user. The registration database 106 may also store and manage information necessary for using the service provided by the service server 101, such as a user's login ID, password, and contact e-mail address. Furthermore, as will be described later with reference to FIG. 4 and the like, the registration database 106 can also be used to manage at which stage registration work of user attribute information is performed.

  In addition, although described as a user ID and a user's login ID, both may be the same information. Further, it may be the same as the individual identification information for uniquely identifying the user terminal. The individual identification information is transmitted together with the request when the user terminal transmits the request to the server.

  The recording unit 107 stores, based on the authentication information transmitted by the user, the determination result of whether all or part of the user attribute information stored in the registration database 106 is correct, and information extracted from the authentication information. 106 is a unit for recording in 106. For example, the recording unit 107 transmits a photographed image of an identification card such as a passport, health insurance card, or driver's license as authentication information to the user, and based on the photographed image, a registered name, address, age The determination result of whether the attribute information such as sex is correct is recorded in the registration database 106. Alternatively, the recording unit 107 extracts attribute information such as a face photograph from the photographed image and records it in the registration database 106. The recording unit 107 can also record the authentication information transmitted by the user in the registration database 106.

  Further, the authentication information may be an image obtained by photographing the appearance of the user. For example, the gender and age of the user may be estimated from the image of this appearance, and the result of the estimation and the attribute information may be matched, or the result of the estimation itself may be stored in the registration database 106.

  If it is determined that all or part of the user attribute information stored in the registration database 106 is not correct based on the authentication information, the user is provided with the correct attribute information using e-mail or the like. You may be asked to register. Moreover, you may take the measure that the user cannot use a service.

  The response unit 108 receives a query from another service server (for example, the second service server 104 in FIG. 1), and makes a response thereto. An inquiry here is an inquiry about the attribute information of a user registered in another service server, or a request for information stored in the registration database 106. For example, the other service server presents the individual identification information of the user terminal of the user, inquires whether the user of the user terminal identified by the individual identification information is an adult, Request attribute information such as age and face photo. Further, the authentication information itself may be requested.

  The user terminal 102 is, for example, a personal computer, a PDA (Personal Digital Assistance), a mobile phone, a game device, or a home appliance such as a digital television provided with data input means. These devices may include a CPU, a memory, and an input / output interface, which are connected to each other via a bus so that a program can operate. As illustrated in FIG. 1, the user terminal 102 includes a registered information browsing unit 109 and an authentication information processing unit 110.

  The registration information browsing unit 109 is a unit that transmits registration information request information to the service server 101 in accordance with the user's operation of the user terminal 102 and displays the registration information obtained as a reply. The registered information browsing unit 109 can also input information using the registered information. The registered information browsing unit 109 can also be realized by a program such as a browser.

  The authentication information processing unit 110 is a unit that processes authentication information in response to a command from the registered information browsing unit 109. The processing of authentication information is an operation including any of acquisition, display, transformation operation, transmission, and the like of authentication information. For example, if the authentication information is an identification card or photographing information of the user's appearance, the identification card or the user is used by using a function of an imaging unit such as a camera (not shown) provided in the user terminal 102. The image information is stored in the memory of the user terminal 102. Further, the image information of the stored identification card is displayed on a display (not shown) of the user terminal 102. For example, if the service server 101 determines whether the age is correct based on the authentication information, a mask process may be performed to delete a part unrelated to the age from the image information. For example, in the case of a driver's license, the next license renewal time portion is masked. Thereafter, the authentication information is transmitted to the transfer server 103 or the like. Which part of the mask processing is performed may be determined in accordance with the selection by allowing the user to select the type of identification card before and after photographing. Further, the type of identification card may be determined by automatically recognizing the photographed identification card.

  Note that the authentication information processing unit 110 may include a virtual machine that operates in the user terminal. The registration information browsing unit 109 displays the registration information returned from the service server 101, follows the URL for accessing the transfer server 103 included therein, and the program downloaded from the transfer server 103 operates on the virtual machine. You may come to do. When the user terminal 102 is provided with an imaging unit, the imaging unit is operated by this program, an identification card is photographed, and image information is acquired. The acquired image information is stored in the memory.

  The transfer server 103 is a server device that transfers authentication information. The transfer server 103 includes an authentication information transfer unit 111. The authentication information transfer unit 111 includes a reception unit that receives authentication information from the user terminal, and a transmission unit that transmits the received authentication information to the service server. The authentication information is stored in the memory of the transfer server 103 until the authentication information is received and transmitted. The transfer server 103 may further include a deletion unit. The deletion unit may delete the authentication information stored in the memory after the authentication information is transmitted to the service server 101 by the transmission unit. In addition, the transfer server 103 may transfer an inquiry from the second service server 104. For this reason, the transfer server 103 may further include an inquiry transfer unit 112.

  The transfer server 103 may have a download unit that downloads a program to the user terminal 102. As described above, if the user terminal 102 has a photographing unit, this program operates the photographing unit to photograph an identification card or the like. Also, a process of transmitting authentication information such as image information obtained by photographing an identification card to the transfer server 103 is performed.

  The second service server 104 is a server device that provides a service to a user. The second service server 104 is a server device different from the service server 101. The second service server 104 includes a registration information transmission unit 113, a registration database 114, and an inquiry unit 115.

  Since the registration information transmission unit 113 and the registration database 114 have the same definitions as the registration information transmission unit 113 of the service server 101 and the registration database 106, description thereof will be omitted.

  The inquiry unit 115 is a unit that inquires whether the attribute information registered in the registration database 114 is correct and requests attribute information extracted from the authentication information. For example, when a new registration of a user is performed in the registration database 114 using the registration information transmitted by the registration information transmission unit 113, the service server determines whether the registered user attribute information is correct. It is a part that inquires toward 101. The user attribute information may be requested. The inquiry by the inquiry unit 115 may be performed not only when the user is registered, but also when the user requests use of a service that requires authentication. For example, when a special game content is accessed, an inquiry as to whether the user's age is correctly registered may be made.

  FIG. 2 is a sequence diagram illustrating a data flow when registration of the user of the user terminal 102 is performed using the service server 101, the user terminal 102, and the transfer server 103.

  In step S <b> 201, a registration information request is transmitted from the user terminal 102 to the service server 101. For example, it is transmitted as a request for HTTP (HyperText Transfer Protocol). When the registration information request is transmitted, the individual identification information for identifying the user terminal 102 is also preferably transmitted and received by the service server 101. If the user terminal 102 is a mobile phone, the individual identification information is information known as a subscriber ID, for example. Further, if the user terminal 102 is a personal computer, the individual identification information is different information for each user terminal, such as a MAC (Media Access Control) address and a unique ID of the CPU.

  In step S202, the service server 101 returns registration information as a response to the request for registration information. The registration information to be returned preferably includes a service server ID. The service server ID is information for uniquely identifying the service server 101. For example, it is an FQDN (Fully Qualified Domain Name) of the service server 101, an IP address, or an identification number determined by an operator of the transfer server, for example. The registration information reply preferably includes a user ID. The user ID may be a user ID for using a service from the service server 101 or a temporary registration ID. Further, it may be the whole or a part of the email address randomly generated by the service server 101 or the like (for example, the user name on the left side of “@”). When individual identification information for identifying the user terminal 102 is transmitted in step S201, the individual identification information and the user ID are preferably stored in association with each other in the service server 101. As described above, the individual identification information and the user ID may be the same information.

  When the registration information is described in HTML, when the registration information is received by the user terminal 102 and displayed by the registration information browsing unit 109, for example, the display of FIG. For example, the link displayed together with the underline 301 includes the service server ID transmitted together with the registration information, and if there is a user ID, the user ID is a URL (Uniform) for accessing the transfer server 103. (Resource Locator) parameter and the like.

  In step S <b> 203, the user terminal 102 requests a registration screen to the transfer server 103 using the registration information. This corresponds to, for example, an operation in which the user follows the link displayed together with the underline 301. As described above, when the service server ID is included as a URL parameter for accessing the transfer server 103, it is transmitted from the user terminal 102 to the transfer server 103. Further, when the user ID is further included, the user ID is also transmitted from the user terminal 102 to the transfer server 103.

  In step S <b> 204, information on the registration screen is returned from the transfer server 103 to the user terminal 102. The information on the registration screen is information describing a screen used for the user terminal 102 to acquire authentication information and send it back to the transfer server 103.

  FIG. 3B shows an example of the screen display of the user terminal 102 performed based on the information on the registration screen. In this example, buttons 302 and 303 corresponding to whether a picture of an identification card used as authentication information is to be taken or has already been taken are displayed. When the button 302 is pressed, the camera provided in the user terminal 102 starts to operate, and it becomes possible to take a picture of an identification card and a user's appearance. When the button 303 is pressed, the camera operation is skipped.

  FIG. 3C shows an example of the screen display of the user terminal 102 after the shooting is performed or after the operation of the camera is skipped. In this example, when image information acquired by shooting is stored as a file (image file) such as a file system of the user terminal 102, an area 304 in which the path of the file is input is displayed. The user may input a path of an image file obtained by photographing an identification card or the like in this area 304. Alternatively, a path may be input to the area 304 by pressing the button 305, displaying a dialog, and selecting an image file. When the input of the path is completed, the user presses the button 306. Thereby, in step S205, the image file as the authentication information is transferred from the user terminal 102 to the transfer server 103.

  If the user terminal 102 is provided with a virtual machine, the registration screen information may include a program written according to the machine code executed by the virtual machine. 3B is displayed by this program, and when the button 302 is pressed, the camera is controlled, and when the button 306 in FIG. 3C is pressed, a communication session with the transfer server 103 is started. Authentication information is transmitted.

  Further, the authentication information may be transmitted from the user terminal 102 by an e-mail protocol. In this case, the user ID transmitted from the user terminal 102 to the transfer server 103 in step S203 is the e-mail address itself or a part of the transmission destination of the authentication information, and is used from the transfer server 103 in step S204. A reply is included in the information on the registration screen sent back to the user terminal 102. Alternatively, an e-mail address associated with the user ID transmitted from the user terminal 102 to the transfer server 103 in step S203 is randomly generated in the transfer server 103, for example, and the e-mail address is determined in step S204. It may be included in the information on the registration screen returned from the transfer server 103 to the user terminal 102.

  Then, for example, after the button 303 in FIG. 3B is pressed or the button 302 is pressed and shooting is performed by the camera, the registration returned from the transfer server 103 to the user terminal 102 in step S204. The mailer starts with the e-mail address included in the information on the screen as the destination. And when operation for attaching an image is performed, the screen of FIG.3 (c) may be displayed by the mailer.

  In step S205, the transfer server that has received the authentication information associates the service server ID and the user ID received in step S203, identifies the service server that transmits the authentication information and the user ID, In step S206, transmission is performed. The association between the service server ID and the user ID received in step S203 includes, for example, the unique identification information generated by the transfer server 103 in the registration screen information transmitted in step S204. The identification information can be returned in step S205 together with the authentication information. Further, when the transfer server 103 generates an e-mail address, it can be realized by associating the e-mail address with the received service server ID and user ID received in step S203. .

  Upon receiving the authentication information and the user ID in step S206, the service server 101 searches the registration database 106 using the user ID, reads the attribute information, and determines whether the attribute information is correct using the authentication information. . Alternatively, if the attribute information is included in the authentication information, the attribute information is extracted and stored in the registration database 106 in association with the user ID. Specifically, if the authentication information is an identification card, it is determined whether the name stored in the registration database 106 is correct. If it is correct, the fact that it has been confirmed is stored in the registration database 106. Alternatively, the date of birth, age, or whether it is over 20 years old is read from the identification card and stored in the registration database 106. If necessary, the authentication information is stored in the registration database 106. By storing the authentication information in the registration database 106, a detailed examination can be performed later.

  When the service server 101 receives the authentication information and can determine that the user attribute information stored in the registration database 106 is correct, or when the attribute information can be read from the authentication information and stored in the registration database 106, A password or the like may be issued to the user. For example, if the user's e-mail address is registered in the registration database, the password is transmitted to the e-mail address. As a result, when a user tries to use a service that requires authentication, authentication can be performed by inputting the password without transmitting authentication information again. In addition to authentication by password, by adding that the individual identification information of the user terminal 102 being used is the same as the individual identification information of the user terminal used in the process of FIG. Authentication can be performed more reliably.

  FIG. 4 shows an example of a table that is stored as the registration database 106 of the service server 101 and used to manage the stage of registration of user attribute information. As shown in FIG. 4A, the table includes columns of “user ID”, “terminal individual ID”, and “password”.

  When the user terminal requests registration information in step S201, a row having the user ID returned in step S202 and the individual identification information of the user terminal 102 is inserted into the table. For example, if the user ID is 123 and the individual identification information is 987654321, as a result of the insertion, the state shown in FIG.

  After that, the authentication information and the user ID transmitted from the transfer server 103 are received in step S206, the correctness of the attribute information and the attribute information are read using the authentication information, and the password is issued. The password column value is updated. For example, when the password abcd is issued to the user with the user ID 123, the state shown in FIG.

  For example, when a user having 123 as a user ID tries to use a service that requires authentication, the user ID among the rows inserted in the table of FIG. Can be read out to check whether or not the input password is equal to abcd and whether or not the individual identification information of the user terminal used by the user is 987654321.

(Embodiment 2)
FIG. 5 shows data when the second service server 104 makes an inquiry to the service server 101 to determine the correctness of the attribute information stored in the registration database 114 or to obtain the attribute information. FIG.

  In step S <b> 501, a registration request is transmitted from the user terminal 102 to the second service server 104. The registration request may be made for the same purpose as the registration information request in step 201 of FIG. 2, or may be different. For example, the service server 101 registers a user for conducting a questionnaire for marketing or the like, whereas the second service server 104 registers a user for providing an SNS service. .

  In step S <b> 502, information on the registration screen is returned from the second service server 104 to the user terminal 102. FIG. 6A shows an example of a screen displayed on the user terminal 102 based on information on the registration screen.

  In step S <b> 503, a password input screen request is transmitted from the user terminal 102 to the second service server 104. The password input screen request is transmitted by, for example, performing an operation of following the link formed by the underline 601 in FIG. 6A.

  In step S <b> 504, a password input screen is returned from the second service server 104 to the user terminal 102. FIG. 6B shows an example of a screen displayed on the user terminal 102 based on information on the registration screen. FIG. 6B shows a screen display including a text area 602 and a button 603. In the text area 602, after step S206 of FIG. 2, the service server 101 confirms the authentication information and the like, and the password returned to the user is input.

  In step S505, when the button 603 is pressed, the password input in the text area 602 is transmitted from the user terminal 102 to the second service server 104.

  In step S506, the inquiry unit 115 makes an authentication inquiry from the second service server 104 to the transfer server 103. The authentication query includes whether the attribute information stored in the registration database 114 is correct or a request for attribute information stored in the registration database 114. The password transmitted from the user terminal 102 to the second service server 104 in step S505 is included. The authentication query preferably includes the individual identification information of the user terminal 102 obtained in the communication session from step S501 to step S505.

  In step 507, the transfer server 103 transmits an authentication query to the service server 101. This transmission may be performed by one-to-one communication with the service server 101, or when there are a plurality of service servers, may be broadcast to a plurality of service servers. Alternatively, authentication queries may be sequentially transmitted to a plurality of service servers.

  In step S508, the service server 101 that has received the authentication query transmitted in step S507 searches the registration database 106 and the like, and makes an authentication response by the response unit 108.

  In step S509, the transfer server 103 transfers the authentication response to the second service server 104. If an authentication query is broadcast to a plurality of service servers in step S507, the authentication response received first is transferred. Alternatively, it may wait for two or more authentication responses, and transfer may be performed when the results of the authentication responses are all the same or the same by majority vote.

  After the authentication response is received in step S509, the second service server 104 registers the authentication result in the registration database 114, and displays a reply that is displayed on the user terminal 102 as shown in FIG. I do.

  Note that, when there are a plurality of service servers 101, the authentication query is broadcast as described above. However, the following may be performed. That is, when receiving the authentication information and the service server ID from the user terminal 102 (step S203), the transfer server 103 stores the individual identification information of the user terminal 102 and the service server ID in association with each other.

  FIG. 7A is an example of a table for storing individual identification information and a service server ID in association with each other. Such a table is stored in a non-volatile memory such as a hard disk of the transfer server 103. For example, when the authentication information received from the user terminal whose individual identification information is 9765654321 is transferred to the service server whose service server ID is XYZ, a row is inserted as shown in FIG.

  If the user terminal whose individual identification information is 9765654321 transmits the password in step S505 to the second service server 104, the second service server 104 transmits the individual identification information 9765654321 together with the authentication query and password to the transfer server. Then, the transfer server 103 searches the table of FIG. 7B with 9875654321 and transfers it to a service server having a service server ID of XYZ. Thereby, it is possible to prevent transmission of useless communication packets by broadcasting.

  As described above, according to an embodiment of the present invention, the user transmits authentication information to any of the service servers, confirms the attribute information registered in the registration database of the service server, and authentication information. If the information extracted from is registered in the registration database and a password has been issued, the registration of the service to use another service server can be performed. Therefore, there is no need to send the authentication information again.

  Further, since the individual identification information of the user terminal and the authentication information can be associated, it is possible to confirm that the user of the service server is the owner of the authentication information. Thereby, it is possible to prevent the provision of inappropriate content or the like for minors. Furthermore, it is possible to acquire correct attribute information of the user, and when conducting a marketing questionnaire, it is possible to accurately target people in a specific segment.

  The transfer server can also discard or delete the authentication information after transferring the authentication information to the service server. Therefore, it is not necessary for the transfer server to store information including personal information over a long period of time, and inadvertent leakage of personal information can be prevented.

  Also, when transferring an inquiry or request for attribute information from a service server to another service server, the service server that broadcasts the inquiry or request to other service servers and responded first You can also pay for it. As a result, it is possible to cause a plurality of other service servers to confirm the registered attribute information with the authentication information and to extract the attribute information from the authentication information.

  In addition, the transfer server holds the individual identification information of the user terminal and the identification information of the service server that transferred the authentication information transmitted from the user terminal in association with each other, so that an inquiry or request for attribute information can be made. It can be transferred to a specific service server, and the occurrence of useless communication data can be prevented by broadcasting. Even in this case, it is registered by transferring the inquiry or request of attribute information to a specific service server and paying the specific service server when a response is obtained. It is possible to facilitate the confirmation of the attribute information that is included in the authentication information and the extraction of the attribute information from the authentication information.

It is a functional block diagram of the service provision system which concerns on one Embodiment of this invention. It is a sequence diagram in case a user is registered in one Embodiment of this invention. It is a figure which shows the example of a display of the screen of the user terminal which concerns on one Embodiment of this invention. It is a figure which shows the example of the table which the service server which concerns on one Embodiment of this invention manages. It is a sequence diagram in case an authentication query is transferred in one embodiment of the present invention. It is a figure which shows the example of a display of the screen of the user terminal which concerns on one Embodiment of this invention. It is a figure which shows the example of the table which the transfer server which concerns on one Embodiment of this invention manages.

Explanation of symbols

101 service server 102 user terminal 103 transfer server 104 second service server 105 registration information transmission unit 106 registration database 107 recording unit 108 response unit 109 registration information browsing unit 110 authentication information processing unit 111 authentication information transfer unit 112 inquiry transfer unit 113 Registration Information Transmission Unit 114 Registration Database 115 Query Unit

Claims (11)

A user terminal identified by the individual identification information, a service server providing a service to the user terminal in which the user attribute information and the individual identification information are registered, and a transfer for transferring the user authentication information to the service server A method of operating a system including a server,
Sending together with the individual identification information a user ID reply request associated with the individual identification information from the user terminal to the service server,
The user ID is returned from the service server to the user terminal,
Transmitting the service server identification information, the user ID and the user authentication information from the user terminal to the transfer server;
Sending the user ID and the user authentication information from the transfer server to the service server identified by the identification information,
An operation method of the system, wherein the service server stores the user ID and the user authentication information in association with each other.   The system operation method according to claim 1, wherein the user authentication information is image information acquired by photographing the user identification or the user appearance. The user terminal includes a photographing unit,
The image information is acquired by operating the imaging unit by downloading a program to the user terminal by accessing a URL to the transfer server that is returned together with the user ID from the service server. The method of operating the system as described.   4. The system operating method according to claim 3, wherein the program selects a type of identification card to be photographed, and masks a position range where a predetermined item of the selected identification card is photographed. The system includes a second service server;
Sending an inquiry about the attribute information registered in the second service server from the second service server to the transfer server,
Send the inquiry from the transfer server to the service server,
In the service server, process the query and generate a response,
The response is returned from the service server to the transfer server,
The system operation method according to claim 1, wherein the response is transmitted from the transfer server to the second service server. There are a plurality of service servers in the system,
6. The system operating method according to claim 5, wherein when the inquiry is transmitted from the transfer server, the inquiry is broadcast to a plurality of service servers. Authentication that receives the user ID received from the service server that registers user attribute information in the database via the network, the identification information of the service server, and the authentication information of the user from the user terminal and stores them in the memory An information receiver;
An authentication information transmitting unit for transmitting the user authentication information and the user ID stored in the memory to a service server identified by the identification information stored in the memory, via a network;
A transfer server.   The transfer server according to claim 7, further comprising: a deletion unit that deletes the user authentication information from the memory after the authentication information transmission unit transmits the user authentication information.   The transfer server according to claim 7, further comprising a download unit that downloads to the user terminal a program that transmits authentication information stored in a memory of the user terminal to the transfer server.   When the user terminal is equipped with a photographing unit, the program downloaded by the downloading unit stores an image photographed by operating the photographing unit in a memory, and transmits it as authentication information to the transfer server. The transfer server according to claim 9. An inquiry receiving unit for receiving an inquiry about attribute information registered in the database of the second service server from a second service server;
The transfer server according to claim 7, further comprising: an inquiry transfer unit that broadcasts the inquiry to a service server.

Images