JP2010282481A - System and method for confirming validity of user information - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To utilize information held in an ISP for confirming information input by a user's will without publishing the held information to the external from a viewpoint of personal information protection. <P>SOLUTION: A web site server 4 includes a means 6 for requesting an inquiry of user information and ISP member information to an ISP server 3. The ISP server 3 includes a means 5 for receiving the inquiry-requested user information, inquiring the received user information and the ISP member information and responding the inquiry result to the web site server 4. The means 6 transmits a notification IP address of a user information/user terminal 2 to the inquiry means 5 to request an inquiry. The inquiry means 5 retrieves a database storing the ISP member information by the notification IP address, collates the ISP member information to be a retrieval result with the inquiry-requested user information to find out an inquiry result. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a technique for confirming the validity of user information input on a website by an Internet user.

  As is well known, various websites exist on a network such as the Internet. This requires user registration, for example, e-commerce, banking, blog, SNS (Social Network Service), and after registration, it is a membership system website that uses ID / PW to authenticate and use services, or anonymous The number of Web research sites for questionnaires is increasing rapidly.

  The user of this membership system website can use the services of the website after being authenticated as a legitimate user at the time of login through the network. At this time, in the membership system Web site, a user who intends to become a member of the site inputs personal information on his / her own will. On the anonymous research Web research site, the answer is anonymously registered, but a part of user attributes such as address and age are input by the user's intention.

  As an input method, (1) manual input (including input in a selection format such as pull-down) as in Non-Patent Document 1, and (2) an IC card or magnetic card owned by the user in advance. A format for reading and sending information. At present, it is common to register user information manually.

  On the other hand, as for the user specifying method on the website side, Non-Patent Document 2 uses the IP address of the user. That is, when a user becomes an ISP (Internet Service Provider) user, the user dynamically receives an IP address and uses the Internet. There is also a fixed IP service. Therefore, in a service requiring high security, such as Internet banking, the IP address received by the user's terminal is received on the membership system website side and used as a user specifying means.

  Further, in Non-Patent Document 3, by conducting a survey (domain information search system or the like) in advance, the membership Web site identifies the ISP to which the member belongs from the received IP address, and determines the address. In Patent Document 1, assuming that electronic commerce is performed by distributing an IP address to the outside, user information held by the ISP, that is, an IP address is input and user information is output.

JP 2002-245389

“Goo ID new registration” [online], “April 27, 2009 search”, Internet <URL: https: // regist. mail. goo. ne. jp / id / regist? site = mail. goo. ne. jp & complete = http% 3A% 2F% 2Fprofile. mail. goo. ne. jp% 2Ftop% 2Findex> “EBANK IP Restriction Service” [online], “Search April 27, 2009”, Internet <URL: http: // www. ebank. co. jp / kojin / security / ilimit / index. html> “Various services for determining addresses from Gigazine IP addresses and displaying them on a map” [online], “Search April 27, 2009”, Internet <URL: http: // gitazine. net / index. php? / News / comments / 20070413_myipaddress />

  However, on the website, personal information is registered by the user's self-report as in Non-Patent Document 1, so impersonation of a third party or a fictitious person, input error or false contents may be registered. .

  Therefore, as in Non-Patent Document 2.3, although a method for specifying a user from an IP address issued by an ISP has been proposed, an IP address may be spoofed. There is a possibility that it is not possible to sufficiently suppress spoofing.

  In particular, in anonymous questionnaire collection, attribute information such as a residence may be falsified, and the user's attribute information may not be grasped only from an IP address. Patent Document 1 is not preferable from the viewpoint of personal information protection because user information held by the ISP is disclosed to the outside.

  The present invention has been made to solve the above-mentioned problems of the prior art. From the viewpoint of personal information protection, the information input by the user's intention is not distributed outside the ISP. Use it for confirmation.

  Therefore, the present invention makes an inquiry request for the input user information to the ISP server, and if the input user information matches the user information held by the ISP, the user information is regarded as effective user information. One aspect of the present invention is a system for confirming the validity of user information transmitted from a user terminal to a website server using ISP member information held by an ISP server, wherein the website server includes: Inquiry request means for requesting the ISP server to make an inquiry about user information and the ISP member information, wherein the ISP server receives the user information requested for the inquiry, and sends the received user information to the ISP member information. Inquiries and responds to the Web site server with the inquiry result, and the inquiry request means determines the validity of the user information according to the inquiry result.

  Another aspect of the present invention is a method for confirming the validity of user information transmitted from a user terminal to a website server using ISP member information held by the ISP server. The requesting means requests the ISP server to make an inquiry about the user information and the ISP member information, and the inquiry means of the ISP server accepts the user information requested by the inquiry and receives the inquiry. A query step for querying user information with the ISP member information and responding to the website server with the query result, and a validity determination in which the query requesting means determines the validity of the user information according to the query result. Steps.

  According to the present invention, the information held by the ISP is used for confirmation of the information input by the user without distributing the information held by the ISP to the outside.

The block diagram of the user information validity confirmation system which concerns on embodiment of this invention. Same chart The block diagram of the user information validity confirmation system which concerns on an Example. FIG. The correspondence figure of a user information registration screen and ISP user information database. Schematic of an application example. (A) is a conventional user-ISP / Web site relationship diagram, and (b) is a user-ISP / Web site relationship diagram after the introduction of the user information validity confirmation system.

  Hereinafter, a user information validity checking system according to an embodiment of the present invention will be described. According to this user information validity checking system, personal information entered on a website is collated with personal information held in an ISP database, so impersonation of a third party or a fictional person, false information, input mistakes, etc. Is effectively suppressed and its accuracy is improved.

  At this time, the Web site does not acquire information held in the database by the ISP from the viewpoint of protecting personal information. That is, this system determines whether or not the information input according to the user's will is correct without distributing the information held by the ISP to the outside (determination of validity).

  In this way, by clearly indicating that the website corresponding to this system is compatible, it is possible to differentiate by targeting the corresponding ISP member, and the website surrounds the member. Material. In addition, this system is based on the premise that the ISP is a terminal in an environment that uses the ISP from the viewpoint of enclosing the individual user, and access to a Web site via a company or a proxy server (access from outside the ISP) ) Is not covered.

≪Example of basic system configuration≫
FIG. 1 shows a basic configuration of the user information confirmation system. In this system 1, a user terminal 2, an ISP server 3 that operates an ISP, and a website server 4 that operates a website are connected to be able to transmit and receive data via the Internet. Here, a case where a user registers as a member on a membership website (hereinafter abbreviated as a website) will be described as an example.

  The user terminal 2 is constituted by a personal computer (PC) or a mobile phone. Here, each user registers ISP user information in the server 3 through the user terminal 2 and registers Web site user information in the server 4.

  This ISP user information means ISP member information, and includes both user information registered as an ISP member by an individual user or user information stored and managed by the ISP. Web site user information means user information registered by an individual who is a user to use the Web site. Each piece of user information is personal information such as an address, name, date of birth, sex, and credit card number possessed by an individual who uses the Internet.

  The server 3 is a management and management server for a provider that provides an Internet connection service such as an Internet service provider, and includes a management and management server for a provider that provides an access network such as an optical line or ADSL. Here, as indicated by an arrow P, an IP address is issued from the server 3 to the user terminal 2. This IP address is notified to the server 4 from the user terminal when the user registers Web site user information in the server 4 as indicated by an arrow Q.

  In this example, the server 4 is a management and operation server of a business operator that establishes a Web site on the Internet, registers user information at the user's will, and provides information etc. on a membership basis. Here, when there is a request for registration of the website user information from the user terminal 2, the server 4 requests the server 3 to inquire about the user information with the notification IP address and the website user information as indicated by an arrow R. . In addition, the server 4 determines the validity of the Web site user information according to the inquiry result of the arrow S received from the server 3, and notifies the user terminal 2 of the result of the registration request as indicated by the arrow T. To do.

  Each server 3.4 includes hardware resources of a normal computer, such as a CPU, a memory (RAM), a hard disk drive device, a communication device, etc., and data transmission / reception between the devices 3.4 is performed by each server 3.4. Is done through communication devices.

  FIG. 2 shows a basic process of user registration to a Web site using the system 1. Here, it is assumed that the user registers IPS user information in the server 3 in advance for using the Internet, and the IP address is issued from the server 3 as an ISP user, as indicated by a dashed arrow T.

  Explaining this basic process, first, the user requests the server 4 to register user information through the user terminal 2 in order to use the Web site of the server 4 (S01). Here, the user inputs Web site user information to the user terminal 2 and transmits the Web site user information input through the user terminal 2 to the server 4. At this time, the server 4 is notified of the IP address paid out from the server 3 together.

  Next, when the server 4 receives the Web site user information and the notification IP address from the user terminal 2, the server 4 transmits the received content to the server 3 to request the user information inquiry (S02). At this time, the server 3 searches the ISP user information held by itself for the Web site user information requested to be inquired using the notification IP address as a search key (S03). Here, the ISP user information obtained as a search result is collated with the Web site user information requested for inquiry. After this collation, the server 3 returns a user information inquiry result (complete match, mismatch, partial match) and a notification IP address to the server 4 (S04).

  The server 4 determines the validity of the Web user information according to the inquiry result of the server 3, and returns the determination result to the user terminal 2 (S05). That is, if the user information inquiry result is a perfect match, the server 4 validates the website user information and notifies the user terminal 2 of the completion of user information registration.

  On the other hand, if the user information inquiry result does not match or partially matches, there is a possibility that false user information or an input error exists. Therefore, it is assumed that the Web site user information is not valid (valid) and user information registration is not performed. In this case, user information registration incomplete is notified.

<Example>
FIG. 3 shows an embodiment in which the system 1 is used in an existing environment of an ISP and a Web site. Here, the ISP server 3 is provided with user information inquiry and inquiry result notifying means (hereinafter abbreviated as inquiry means) 5 by improving / adding the existing environment. Similarly, a user information inquiry request and result receiving means (hereinafter abbreviated as inquiry request means) 6 is provided. Also in this embodiment, it is assumed that the user registers as a member on the membership system website as described above.

  Specifically, the server 3 obtains an IP address assignment 7 for assigning an IP address to an ISP member in response to transmission of ISP user information from the user terminal 2, and ISP user information of each ISP member managed by the ISP. The ISP user information database 8 that is held and the inquiry means 5 that searches the database 8 in response to an inquiry request from the server 4 and returns the inquiry result to the server 4 are implemented.

  The server 4 also includes the inquiry requesting unit 6 for requesting the Web user information transmitted from the user terminal 2 to the inquiry unit 5, and a Web content database for storing / managing registered user information and Web content of the Web site. 9, the inquiry requesting unit 6 accepts a registration request to the Web site from the user terminal 2. That is, the inquiry request unit 6 receives the Web user information input to the Web display unit (browser or the like) 10 through the user terminal 2 and receives an IP address notification from the user terminal 2. Each database 8.9 is constructed on the hard disk drive device of the server 3.4.

  Hereinafter, the processing process will be specifically described with reference to FIG. Here too, the user registers IPS user information in the server 3 for use in the Internet in advance, and the IP address is issued as an ISP user from the payout means 3 as indicated by a broken line arrow T ′. And The ISP user information registered here is stored and held in the database 8.

  S11 to S14: First, the user accesses the server 4 with the user terminal 2 (S11), and displays the user registration screen of the website on the display means (browser or the like) 10 (S12). On the user registration screen, the user inputs necessary Web site user information using the input means of the user terminal 2 and requests the server 4 to register to the Web site (S13). At this time, the Web site user information input on the user registration screen is transmitted to the inquiry request means 6 and the IP address is notified from the user terminal 2.

  S14: Next, upon receiving the user registration request in S13, that is, the website user information and the notification IP address, the inquiry request means 6 requests the inquiry means 5 to inquire about the website user information. This inquiry request is made by transmitting the Web site user information and the notification IP address to the inquiry means 5.

  S15. S16: When the inquiry means 5 receives the inquiry request of S14, that is, the website user information and the notification IP address, as shown in FIG. 5, the inquiry means 5 accesses the database 8 to inquire user information (S15). ). Here, the database 8 stores ISP user information such as ISP member number, name, address, postal code, telephone number, date of birth, credit card number, and IP address issued from the issuing means 7 for each member. Assume that you have it.

  The inquiry process of the inquiry means 5 will be described. First, the database 8 is searched using the notification IP address as a search key. If the notification IP address does not exist in the information held in the database 8 as a result of this search, it is not a valid ISP member, and the inquiry request means 6 is informed that the inquiry is impossible.

  On the other hand, if the notification IP address exists in the information held in the database 8, since it corresponds to a valid ISP member, the ISP user information of the member is extracted from the database 8 and collated with the Web user information. Note that the extracted ISP user information may be stored in a memory (RAM) for verification.

  As a result of the collation, if both user information matches, it indicates that it is a complete match, if it does not match completely, it indicates a complete mismatch, and if it does not match completely, it indicates a partial match. This user information inquiry result is returned to the inquiry request means 6 (S16).

  S17. S18: The inquiry requesting means 6 transmits an inquiry result notification to the user terminal 2 according to the received user information inquiry result (S17). That is, if the user information inquiry result is a perfect match, the website user information is It is determined to be valid, and the website user information is registered in the web content database 9.

  After the registration is completed, the inquiry result notification is transmitted to the user terminal 2 to the user terminal 2, and a registration completion screen is displayed on the display means 10. Thereafter, the user can access the server 4 through the user terminal 2 (S18) and use the Web content of the content server 9.

  On the other hand, if the user information inquiry result is completely inconsistent or partially matched, it is determined that the website user information is not valid, and a re-input screen or the like is displayed on the display means 10 without registering the user information. Let In the case where the inquiry is impossible, the user information is similarly registered and the fact that the inquiry is impossible may be transmitted to the user terminal 2 and displayed on the display means 10.

  Since the Web user information input by the user's self-report is pre-inquired with the ISP user information stored in the database 8 on the server 3, the Web user information more accurate than before is registered. can do.

  Therefore, impersonation of a fictional person, false information, and registration of Web user information due to an input error are effectively suppressed, and the accuracy of the registration information is improved. Further, even if the IP address is spoofed, the user input Web site user information is collated with the ISP user information in the database 8, so that impersonation of a third party is also suppressed.

  At this time, since the server 3 returns only the inquiry result (complete match / partial match / complete mismatch) to the server 4, the ISP user information of the database 8 is not disclosed to the outside. In this respect, personal information is protected.

≪Application examples≫
FIG. 6 shows an application example of the system 1 to a web research site, that is, a site for conducting market research / public opinion survey on the Internet. Here, the server 4 is assumed to be a Web research site management server.

  In this Web research site, the user anonymously registers information in the server 4 through a questionnaire or the like. In this application example, a part of user attribute information such as an address and age (date of birth) is input from the user terminal 2 to the user, and the input user information is stored in the server 3 as in the application example 1. The database 8 is requested to inquire user information to improve the accuracy of registration information.

  Here, as an example, it is assumed that a user answers through the user terminal 2 to a web research site that wants to add a questionnaire on the assumption that he / she resides in XX Tokyo. Further, when a questionnaire response is transmitted from the user terminal 2, the IP address is notified to the server 4.

  At this time, the server 4 sends to the server 3 the questionnaire entry contents (for example, entry contents K1 and K2 in FIG. 6) and the IP address to the server 3 and requests an inquiry. In response to this request, the server 3 searches the holding information in the database 8 using the IP address as a search key. If the notification IP address does not exist in the holding information in the database 8, the server 3 is not a valid ISP member, A message indicating that the inquiry is impossible is returned to the server 4.

  On the other hand, if the notification IP address exists in the information held in the database 8, since it corresponds to a legitimate ISP member, the ISP user information of the member is extracted from the database 8 and collated with the contents entered in the questionnaire. Here, it is confirmed whether or not the ISP user information corresponds to the entry contents K1 “residence: Tokyo XX Ward”. As a result of the confirmation, if it corresponds to “Tokyo Metropolitan XX Ward”, a “match” inquiry result is returned to the server 4, and if not, a “mismatch” inquiry result is returned to the server 4.

  If the inquiry result is “match”, the server 4 determines that the entry K1 “residence: Tokyo XX Ward” is valid (valid) and registers the questionnaire response. The registered questionnaire responses are totaled to obtain a final questionnaire result. On the other hand, if the inquiry result is “mismatch”, it is determined that the entered content K1 “residence: Tokyo XX Ward” is not valid, and it is treated as invalid without registering the answer to the questionnaire.

  Therefore, even if the attribute information such as the place of residence is falsified, it can be excluded from the aggregation of the questionnaire responses, thereby obtaining a questionnaire result based on accurate attribute information and improving its credibility. If the IP address of the user who answered the questionnaire at this time is stored in the hard disk drive device of the server 4 for a certain period, it is possible to suppress multiple responses from the same person.

≪Expected increase in members≫
In recent years, since similar member-based Web sites have become prosperous, each Web site needs to be differentiated in order to acquire members. Here, an example will be shown in which the system 1 can be differentiated to a specific ISP member by introducing the system 1 into the website.

  Conventionally, as shown in FIG. 7 (a), since ISPs and websites are generally operated independently of each other, benefits for specific ISP members (for example, discounts and various points are increased). It was difficult to do limitedly.

  On the other hand, by introducing the system 1 on the Web site, as shown in FIG. 7B, it is possible to realize a limited service (incentive) to a specific ISP member.

  More specifically, a website A. that develops a similar website. Assume that B exists. First, the user makes a website A.D. B is selected and user registration is performed through the user terminal 2. Here, it is assumed that the Web site A and ISP (1) have introduced the system 1.

  At that time, the Web site A shall give a privilege such as a discount to the member of the ISP (1). That is, Web site A inquires that it is a member of ISP1 (1) at the time of user registration, and gives a privilege according to the result.

  As a result, the website A can differentiate the member of the ISP (1) by being differentiated from the website B, and an increase in the number of users can be expected. As a result, if the system 1 is introduced, the website provides an incentive to the ISP member by providing a service limited to the specific ISP member, and the website differentiates the specific ISP member to the user. For this reason, the incentive works when registering a website member.

DESCRIPTION OF SYMBOLS 1 ... User information validity confirmation system 2 ... User terminal 3 ... ISP server 4 ... Web site server 5 ... User information and inquiry result notification means (reference request means)
6 ... User information inquiry request and result receiving means (inquiry means)
7 ... IP address issuing means 8 ... ISP user information database (database)
9 ... Web content database 10 ... Web display means

Claims (4)

A system for confirming the validity of user information transmitted from a user terminal to a website server using ISP member information held by an ISP server,
The Web site server includes inquiry request means for requesting the ISP server to make an inquiry about the user information and the ISP member information.
The ISP server includes the inquiry unit that receives the user information requested for the inquiry, inquires the accepted user information with the ISP member information, and responds to the website server with the inquiry result,
The inquiry request means determines the validity of the user information according to the inquiry result, and the user information validity confirmation system. The inquiry requesting unit transmits the user information and a notification IP address from the user terminal to the inquiry unit to request the inquiry,
The inquiry means searches the database holding the ISP member information with the notification IP address,
The user information validity check system according to claim 1, wherein the ISP member information corresponding to the search result is compared with the user information requested for inquiry to obtain the inquiry result. A method for confirming the validity of user information transmitted from a user terminal to a website server using ISP member information held by an ISP server,
An inquiry requesting step for requesting the ISP server to inquire about the user information and the ISP member information;
A querying step in which the query means of the ISP server receives the user information requested for the query, queries the received user information with the ISP member information, and responds to the website server with the query result;
A validity determination step in which the inquiry request means determines the validity of the user information according to the inquiry result;
A method for confirming validity of user information, comprising: In the inquiry request step, the user information and the notification IP address from the user terminal are transmitted to the inquiry means to request the inquiry,
In the inquiry step, search the database holding the ISP member information with the notification IP address,
The user information validity check method according to claim 3, wherein the ISP member information corresponding to the search result is compared with the user information requested to be inquired to obtain the inquiry result.

Images