JP2011210124A - Common id issuing system, service providing system, and method of issuing common id - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enhance both safety and convenience of a service to be provided through a network.SOLUTION: In the individual confirmation system 1, only a personal information management device 40 retains and manages personal information of a user formed on the basis of a public certificate of the user, and performs individual confirmation on behalf of a service providing device 20 or a common ID issuing device 30 when a common ID is issued or a service is provided to the user. Accordingly, providing of services through the Internet can be performed with high safety without impairing the convenience of the Internet.

Description

  The present invention relates to a common ID issuing system, a service providing system, and a common ID issuing method, and in particular, a common ID issuing system and a service capable of improving both safety and convenience of a service provided via a network. The present invention relates to a providing system and a common ID issuing method.

  Due to the widespread use of the Internet and broadbandization, face-to-face transactions that have been conventionally performed at stores and counters have been carried out in non-face-to-face transactions that do not require stores or counters (see, for example, Patent Document 1). As a result, businesses can reduce store assets and labor costs, and consumers can use services anytime and anywhere. For this reason, the demand for non-face-to-face transactions using the Internet will increase in the future.

  Non-face-to-face transactions are a cause of anxiety to users because their business partners are not visible, and in fact, crimes that take this in hand are also frequent. In order to establish and disseminate non-face-to-face transactions using the Internet, it is necessary to realize services with safety.

Japanese Patent Laid-Open No. 2003-67663

  As a method of improving the safety of such non-face-to-face transactions, service providers on the Internet can provide service users like Internet banking, which makes contracts and transactions involving money and assets over a certain amount. Face-to-face documents such as licenses and health insurance cards (public certificate) that can be used to prove the identity of the person are submitted in advance and registered after identification, and an ID and password are issued to the service user It is possible to do. If the ID and password issued in this way are used, the identity can be assured in the same manner as in the case of face-to-face identity verification, so that a service with safety can be realized.

  However, since the service user is forced to provide his / her personal information when using a plurality of services, registration becomes complicated and the convenience of services on the Internet is impaired. In addition, personal information may be dispersed and safety may be impaired.

  In addition, as a service provider, personal information registered to authenticate service users must be held and managed by themselves, and there is a risk of leakage of personal information and costs to prevent this. End up. Further, when registering, it is necessary to visually check whether the submitted document belongs to the party concerned, whether the location actually exists, or whether the expiration date has not expired, and it takes a corresponding human cost. In addition, payout information from the service provider based on the confirmation result must be performed on a mail basis, which requires laborious work.

  The present invention has been made to solve the above-described problems, and can provide both a common ID issuing system, a service providing system, and a service providing system that can improve both the safety and convenience of services provided via a network. An object is to provide a common ID issuing method.

  In order to achieve the above object, a common ID issuing system according to a first aspect of the present invention provides a user terminal and a predetermined service via a network when a user of the user terminal satisfies a predetermined condition. A common ID (Identification Data) issuing device connected to a service providing device provided to a user terminal via the network, and connected to the user terminal, the service providing device, and the common ID issuing device via the network. A personal information management device comprising a personal information database for registering the personal information of the user created based on the public certificate of the user in association with a login ID and a password, and the personal information management device A condition acquisition means for acquiring the predetermined condition from the service providing apparatus via the network, and the user. A registration determination for determining whether the login ID and the password are registered in the personal information database in response to receiving the login ID and the password transmitted from the user terminal via the network And the user who is stored in the personal information database in association with the login ID and the password when it is determined that the login ID and the password are registered in the personal information database. Based on the personal information of the user, the user determination means for determining whether or not the user satisfies the predetermined condition acquired by the condition acquisition means, and the user satisfies the predetermined condition by the user determination means If it is determined that the common I A condition satisfaction notifying means for notifying the issuing device, and when the user is notified that the user satisfies the predetermined condition by the condition satisfaction notifying means, the common ID issuing device A common ID enabling the service providing apparatus to provide the predetermined service is issued to the user terminal by logging in to the common ID issuing apparatus.

  In the common ID issuing system, the personal information management device is configured to acquire personal information of the user input by the user from the user terminal via the network, and log-in by the registration determination unit. When it is determined that the ID and the password are registered in the personal information database, the personal information of the user stored in the personal information database in association with the login ID and the password, and the personal information acquisition means And a match determination means for determining whether or not the personal information of the user acquired by the above is matched, wherein the condition satisfaction notification means matches the personal information of the user by the match determination means. And the user satisfies the predetermined condition by the user discrimination means. If it is determined that, the user is notified to the common ID issuing apparatus via the network to the effect that meets the predetermined condition, may be.

  In order to achieve the above object, a service providing system according to a second aspect of the present invention provides a predetermined service when connected to a user terminal via a network and the user of the user terminal satisfies a predetermined condition. A service providing device provided to the user terminal via the network, the user terminal and the service providing device connected to the user terminal via the network, and the user created based on the public certificate of the user; A personal information management device including a personal information database that registers personal information, a login ID, and a password in association with each other, and the service providing device provides the predetermined service from the user terminal via the network. In response to the request, it has already been confirmed that the user satisfies the predetermined condition. A confirmation determination means for determining whether or not the user has not yet been confirmed that the user satisfies the predetermined condition by the confirmation determination means, the predetermined condition is determined via the network. Condition notifying means for notifying the personal information management device, the personal information management device in response to receiving the login ID and the password transmitted from the user terminal via the network, A registration determination means for determining whether or not a login ID and the password are registered in the personal information database; and a case where the login determination means determines that the login ID and the password are registered in the personal information database. And stored in the personal information database in association with the login ID and the password. User determination means for determining whether or not the user satisfies the predetermined condition notified by the condition notification means based on the personal information of the user, and the confirmation determination means includes the user determination After the determination by the means is performed, it is determined again whether or not the user satisfies the predetermined condition, and the service providing apparatus determines whether the user has When it is determined that the predetermined condition is already confirmed, the predetermined service is provided to the user terminal via the network.

  The service providing system further includes a common ID issuing device connected to the user terminal, the service providing device, and the personal information management device via the network, and the common ID issuing device includes the user terminal A common ID database for registering the common ID enabling the provision of the predetermined service by the service providing apparatus by logging in to the common ID issuing apparatus and the security level of the user, and the user terminal The user registered in association with the common ID in the common ID database in response to logging in to the common ID issuing device after transmitting the common ID to the service providing device via the network Providing the security level of the service via the network Security level transmitting means for transmitting to the device, wherein the service providing device further includes security level receiving means for receiving the security level of the user transmitted by the security level transmitting means, and the confirmation determining means comprises: If the security level of the user received by the security level receiving means is equal to or higher than a predetermined threshold, it is determined that the user has already been confirmed whether or not the predetermined condition is satisfied. If the security level is less than the predetermined threshold, it is determined that whether or not the user satisfies the predetermined condition has not yet been confirmed, and the personal information management device uses the user determination means to If the user determines that the predetermined condition is met, the fact is A condition satisfaction notifying unit for notifying the common ID issuing device via the network, wherein the common ID issuing device is notified by the condition satisfaction notifying unit that the user satisfies the predetermined condition; The security level update means further updates the security level of the user registered in the common ID database to the predetermined threshold value, and the security level transmission means updates the security of the user updated by the security level update means. Level is transmitted again to the service providing apparatus via the network, and when the security level receiving unit receives the security level of the user again by the security level receiving unit, the user satisfies the predetermined condition. Has already been confirmed It is also possible to determine again whether or not it is.

  In order to achieve the above object, a common ID issuing method according to a third aspect of the present invention provides a user terminal and a predetermined service via a network when a user of the user terminal satisfies a predetermined condition. A common ID (Identification Data) issuing device connected to a service providing device provided to a user terminal via the network, and connected to the user terminal, the service providing device, and the common ID issuing device via the network. A common ID issuing system comprising: a personal information management device comprising a personal information database that registers personal information of the user created based on the public certificate of the user in association with a login ID and a password; An ID issuing method, wherein the personal information management device is connected to the service providing device via the network. A condition acquisition step for acquiring the predetermined condition, and in response to the personal information management device receiving the login ID and the password transmitted from the user terminal via the network, the login ID And a registration determination step for determining whether or not the password is registered in the personal information database, and the personal information management device has registered the login ID and the password in the personal information database in the registration determination step. If it is determined that the user satisfies the predetermined condition acquired by the condition acquisition step based on the user personal information stored in the personal information database in association with the login ID and the password. A user determination step of determining whether or not A condition satisfaction notifying step of notifying the common ID issuing device of the fact via the network when the information management device determines that the user satisfies the predetermined condition in the user determining step. When the common ID issuing device is notified by the condition satisfaction notifying step that the user satisfies the predetermined condition, the user terminal logs into the common ID issuing device, thereby providing the service providing device. A common ID enabling the provision of the predetermined service is issued to the user terminal.

  According to the present invention, it is possible to provide a common ID issuing system, a service providing system, and a common ID issuing method capable of enhancing both safety and convenience of services provided via a network.

It is a block diagram which shows the structural example of a principal confirmation system. It is a block diagram which shows the structural example of a user terminal. It is a block diagram which shows the structural example of a service provision apparatus. It is a block diagram which shows the structural example of a common ID issuing apparatus. It is a figure which shows the structural example of common IDDB. It is a block diagram which shows the structural example of a personal information management apparatus. It is a figure which shows the structural example of user information DB. It is a flowchart which shows an example of a personal identification process. It is a flowchart which shows an example of a personal identification process. It is a figure which shows the example of a screen display of a display part. It is a flowchart which shows an example of a common ID issuing process. It is a flowchart which shows an example of a common ID payment process. It is a flowchart which shows an example of a common ID payment process. It is a figure which shows the example of a screen display of a display part.

  Hereinafter, modes for carrying out the present invention will be described.

  First, the configuration of the identification system according to the present embodiment will be described with reference to the drawings.

  FIG. 1 is a block diagram illustrating a configuration example of the identity verification system.

  As shown in FIG. 1, the identity verification system 1 is roughly configured by a user terminal 10, a service providing device 20, a common ID (Identification Data) issuing device 30, and a personal information management device 40. They are connected to each other via a network.

  The user terminal 10 is operated by a user and includes, for example, a mobile communication terminal such as a mobile phone, and a communicable terminal such as a smart media, a game machine, an electronic book terminal, and a general-purpose computer.

  FIG. 2 is a block diagram illustrating a configuration example of the user terminal.

  As illustrated in FIG. 2, the user terminal 10 includes a display unit 11, an operation unit 12, a communication unit 13, and a control unit 14.

  The display unit 11 includes, for example, a liquid crystal display (LCD), and displays various input screens.

  The operation unit 12 includes, for example, a keyboard and a mouse, and is used when a user inputs a login ID, a password, and the like.

  The communication unit 13 is configured by, for example, a NIC (Network Interface Card) or the like, and transmits a common ID (for example, URL (Uniform Resource Locator)) or a password to the service providing apparatus 20 via a network, or receives a login ID or password. It transmits to the personal information management apparatus 40 via a network, or transmits a request destination code (for example, a financial institution code, etc.) for designating an identification request destination to the common ID issuing apparatus 30 via the network. The communication unit 13 receives a common ID transmitted from the common ID issuing device 30 via the network.

  The control unit 14 includes, for example, a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like. The CPU uses the RAM as a work memory, and a ROM and a storage unit (not shown). ) Etc. are appropriately executed to control the operation of each part of the user terminal 10.

  A service providing apparatus 20 shown in FIG. 1 is capable of providing a service via a network, and includes, for example, a server computer and a workstation.

  In addition, as a service here, it is necessary to check electronic monetary value such as electronic money transactions and point exchanges, mainly Internet transactions, transactions on the Internet with monetary values, and confirmation of user addresses. Delivery services such as luggage and documents are assumed.

  FIG. 3 is a block diagram illustrating a configuration example of the service providing apparatus.

  As shown in FIG. 3, the service providing apparatus 20 includes a communication unit 21, a storage unit 22, and a control unit 23.

  The communication unit 21 includes, for example, a NIC and receives a common ID and password transmitted from the user terminal 10 via the network.

  The storage unit 22 includes, for example, a hard disk drive, and stores conditions (service provision conditions) for the user to receive a service provided from the service provision apparatus 20. For example, the storage unit 22 provides services such as whether the user is over 20 years old, the user's account balance is 100,000 yen or more, and the user's account balance is 1 million yen or more. It is stored as a condition. The service providing conditions may be determined for each service providing device 20, or may be determined for each service provided by the service providing device 20 or for each type of service.

  The control unit 23 includes, for example, a CPU, a ROM, a RAM, and the like. The CPU provides services by appropriately executing various programs stored in the ROM, the storage unit 22, and the like using the RAM as a work memory. The operation of each part of the apparatus 20 is controlled.

  A common ID issuing device 30 shown in FIG. 1 issues a common ID that enables the service providing device 20 to provide a service when a user logs in to the common ID issuing device 30. For example, a server computer, a workstation, or the like It is composed of

  FIG. 4 is a block diagram illustrating a configuration example of the common ID issuing device.

  As illustrated in FIG. 4, the common ID issuing device 30 includes a communication unit 31, a storage unit 32, and a control unit 33.

  The communication unit 31 includes, for example, a NIC and receives a password transmitted from the service providing apparatus 20 via the network, or transmits a common ID and password to the user terminal 10 via the network.

  The storage unit 32 includes, for example, a hard disk drive and includes a common IDDB (Data Base) 320.

  FIG. 5 is a diagram illustrating a configuration example of the common IDDB.

  As shown in FIG. 5, the common ID DB 320 stores a common ID, a password, and a security level indicated by a number such as “0” to “4” in association with each other.

  The security level indicates the high reliability of the common ID, and an initial value “0” is set when no identity verification is obtained. On the other hand, when the identity of the user name, address, telephone number, and e-mail address is obtained, “1” is set as the security level. In addition to this, when the identity of the user is over 20 years old, the security level is set to “2” and the account balance of the user is 100,000 yen or more. When the identity confirmation is obtained, “3” is set as the security level. When the identity confirmation that the user's account balance is 1 million yen or more is obtained, “4” is set as the security level.

  The control unit 33 illustrated in FIG. 4 includes, for example, a CPU, a ROM, a RAM, and the like. The CPU uses the RAM as a work memory and appropriately executes various programs stored in the ROM, the storage unit 32, and the like. Thus, the operation of each part of the common ID issuing device 30 is controlled.

  The personal information management device 40 shown in FIG. 1 is operated by a financial institution or the like where strict identity confirmation is performed, and is composed of, for example, a server computer and a workstation.

  FIG. 6 is a block diagram illustrating a configuration example of the personal information management apparatus.

  As shown in FIG. 6, the personal information management device 40 includes a communication unit 41, a storage unit 42, and a control unit 43.

  The communication unit 41 includes, for example, a NIC and receives a login ID and a password transmitted from the user terminal 10 via the network.

  The storage unit 42 includes, for example, a hard disk drive and includes a user information DB 420.

  FIG. 7 is a diagram illustrating a configuration example of the user information DB.

  As shown in FIG. 7, the user information DB 420 is a user's personal information that is registered in association with the user's name, address, gender, date of birth, telephone number, e-mail address, account balance, login ID, password, and the like. (User information) is stored.

  Of these, the user's name, address, gender, and date of birth are registered at the financial institution's window after verifying their identity by presenting a public certificate such as a driver's license or health insurance card. Therefore, the reliability is extremely high. In addition, the security level is extremely high because other factor authentication that combines passwords of different methods such as a password using a random number table and a one-time password is used for the password.

  The control unit 43 illustrated in FIG. 6 includes, for example, a CPU, a ROM, a RAM, and the like, and the CPU appropriately executes various programs stored in the ROM, the storage unit 42, and the like using the RAM as a work memory. Thus, the operation of each part of the personal information management device 40 is controlled.

  Next, an operation executed by the identification system having the above configuration will be described with reference to the drawings.

  First, an identity verification process that is executed in common in both a common ID issuing process and a common ID settlement process to be described later will be described.

  8 and 9 are flowcharts showing an example of the identity verification process.

  In the identity verification process, first, the control unit 14 of the user terminal 10 displays the user registration screen shown in FIG. 10A on the display unit 11 in response to receiving the user registration request by the communication unit 13 ( Step S1) shown in FIG.

  Thereafter, the control unit 14 determines whether or not the user's name, address, telephone number, and e-mail address have been input by the operation of the operation unit 12 by the user and an instruction for identity verification has been given (step S2).

  Then, when an instruction for identity verification is given (step S2; Yes), the control unit 14 sends an identity verification request including the input user name, address, telephone number, and e-mail address from the communication unit 13 to the network. Is transmitted to the service providing apparatus 20 via step S3 (step S3).

  In the service providing apparatus 20, in response to the control unit 23 receiving the identity confirmation request at the communication unit 21, the name, address, telephone number, e-mail address, and storage unit 22 of the user included in the identity confirmation request. Is transmitted from the communication unit 21 to the common ID issuing device 30 via the network (step S4).

  In the common ID issuing device 30, the control unit 33 receives the user's name, address, telephone number, e-mail address, and service provision conditions at the communication unit 31 (step S5), and specifies the request destination for identity verification. A request destination designation request to be requested is transmitted from the communication unit 31 to the user terminal 10 via the network (step S6).

  In the user terminal 10, the control unit 14 displays a request destination designation screen shown in FIG. 10B on the display unit 11 in response to receiving the request destination designation request by the communication unit 13 (step S7).

  Thereafter, the control unit 14 determines whether or not an identification confirmation request destination is designated by the operation of the operation unit 12 by the user (step S8).

  When the request destination is specified (step S8; Yes), the control unit 14 transmits a request destination code (for example, a financial institution code) indicating the specified request destination from the communication unit 13 via the network. It transmits to the issuing apparatus 30 (step S9).

  In the common ID issuing device 30, the control unit 33 responds to the reception of the request destination code by the communication unit 31, and the user name, address, telephone number, e-mail address, received in the process of step S5, By transmitting the service provision condition from the communication unit 31 to the personal information management device 40 identified from the request destination code via the network (step S10), the personal identification process is shifted to control by the personal information management device 40.

  In the personal information management device 40, the control unit 43 receives the user's name, address, telephone number, e-mail address, and service provision conditions at the communication unit 41 (step S11), and communicates a login request for requesting login. The data is transmitted from the unit 41 to the user terminal 10 via the network (step S12).

  In the user terminal 10, the control unit 14 displays the login screen shown in FIG. 10C on the display unit 11 in response to the login request received by the communication unit 13 (step S13).

  Thereafter, the control unit 14 determines whether or not the login ID and the password are input by the operation of the operation unit 12 by the user (step S14).

  When the login ID and password are input (step S14; Yes), the control unit 14 transmits the input login ID and password from the communication unit 13 to the personal information management device 40 via the network ( Step S15).

  In the personal information management device 40, in response to the control unit 43 receiving the login ID and password by the communication unit 41, the user information including the received login ID and password is stored in the user information DB 420. Whether or not the user account exists is determined based on whether or not there is (step S16 shown in FIG. 9).

  Here, when it is determined that the user account exists (step S16; Yes), the control unit 43 receives the user name, address, telephone number, and e-mail address received in the process of step S11. It is determined whether or not the user name, address, telephone number, and e-mail address stored in the user information DB 420 match (step S17).

  Here, when it is determined that the user's name, address, telephone number, and e-mail address match (step S17; Yes), the service provision condition received in the process of step S11 is determined based on the user information. It is determined whether or not the condition is satisfied (step S18).

  For example, when the service providing condition is that the user's age is 20 years or older, the current age is calculated from the date of birth included in the user information, and the current age is 20 years or older. In this case, it is determined that the service provision condition is satisfied. Further, if the service provision condition is that the user's account balance is a predetermined amount (for example, “100,000 yen”) or more, the account balance included in the user information is the predetermined amount or more. It is determined that the service provision conditions are satisfied.

  When it is determined that the service provision condition is satisfied in this way (step S18; Yes), the control unit 43 transmits a service provision availability notification to that effect to the common ID issuing device 30 via the network. (Step S19), the identity verification process is terminated.

  On the other hand, when it is determined that the service provision condition is not satisfied (step S18; No), the control unit 43 transmits a service provision failure notification to that effect to the common ID issuing device 30 via the network. After that (step S20), the identity verification process is terminated.

  On the other hand, when it is determined that the user's account does not exist (step S16; No), or when it is determined that the user's name, address, telephone number, and e-mail address do not match (step S17). ; Yes), the control unit 43 transmits the identity confirmation failure notification for notifying that the identity confirmation has failed to the common ID issuing device 30 via the network (step S21), and ends the identity confirmation processing.

  Next, a common ID issuing process using the above-described identity verification process will be described.

  When the user terminal 10 is accessing the service providing apparatus 20 and the user issues an instruction to issue a common ID by operating the operation unit 12, the identity verification system 1 starts the common ID issuing process.

  FIG. 11 is a flowchart illustrating an example of the common ID issuing process.

  In the common ID issuance process, as shown in FIG. 11, first, the control unit 14 of the user terminal 10 sends a common ID issuance request for issuing a common ID from the communication unit 13 to the service providing apparatus 20 via the network. Transmit (step S101).

  In the service providing device 20, the control unit 23 shifts the common ID issuing process to control by the common ID issuing device 30 in response to receiving the common ID issue request by the communication unit 21 (step S102).

  In the common ID issuing device 30, the control unit 33 transmits a user registration request for requesting registration of the user's name, address, telephone number, and e-mail address from the communication unit 31 to the user terminal 10 via the network ( Step S103).

  Then, in the user terminal 10, the control unit 14 executes the personal identification process shown in FIG. 8 in response to receiving the user registration request (step S104).

  After execution of the identity verification process shown in FIG. 8, in the common ID issuing device 30, the control unit 33 determines whether or not the communication unit 31 has received a service provision available notification (step S105).

  At this time, if the service provision failure notification or the identity verification failure notification has been received (step S105; No), the control unit 33 ends the common ID issuing process as it is.

  On the other hand, when it is determined that a service provision available notification is received (step S105; Yes), the control unit 33 issues a common ID and a password and registers them in association with the common ID DB 320 (step S106). .

  Subsequently, the control unit 33 sets the security level stored in the common ID DB 320 in association with the common ID and the password based on the service provision condition received in the process of step S5 (step S107).

  For example, if the service provision condition is that the user's age is 20 years old or more, the service provision condition is that the security level is set to “2” and the account balance of the user is 100,000 yen. If the service provision condition is that the user's account balance is 1,000,000 yen, the security level is set to "4".

  Thereafter, the control unit 33 transmits the common ID and password issued in the process of step S106 from the communication unit 31 to the user terminal 10 via the network (step S108).

  In the user terminal 10, the control unit 14 receives the common ID and password by the communication unit 13 (step S109), and ends the common ID issuing process.

  Subsequently, a common ID settlement process using the above-described identity verification process will be described.

  When the user terminal 10 is accessing the service providing apparatus 20, when the user provides the service using the common ID and the settlement thereof by the operation of the operation unit 12, the identity verification system 1 displays the common ID. Start the payment process.

  12 and 13 are flowcharts showing an example of the common ID settlement process.

  In the common ID settlement process, first, the control unit 14 of the user terminal 10 displays the common ID input screen shown in FIG. 14 on the display unit 11 (step S201 shown in FIG. 12). Thereafter, the control unit 14 determines whether or not the common ID and the password are input by the operation of the operation unit 12 by the user (step S202).

  When the common ID and password are input (step S202; Yes), the control unit 14 transmits the input common ID and password from the communication unit 13 to the service providing apparatus 20 via the network (step S203). ).

  In the service providing apparatus 20, the control unit 23 responds to the reception of the common ID and password by the communication unit 21, and the received password is received from the communication unit 21 via the network by the received common ID (URL). By transmitting to the specified web page (step S204), the common ID settlement process is shifted to the control by the common ID issuing device 30.

  In the common ID issuing device 30, in response to the control unit 33 receiving the password at the communication unit 31, the received password and the URL (common ID) of the web page to which the password is transmitted are stored in the common ID DB 320. It is confirmed that the user's account exists based on whether or not it is stored in association (step S205).

  When the presence of the user account is confirmed in the process of step S205, the control unit 33 determines the security level stored in the common ID DB 32 corresponding to the common ID and password from the communication unit 31 via the network. It transmits to the service providing apparatus 20 (step S206).

  In the service providing apparatus 20, the control unit 23 receives the security level at the communication unit 21 (step S207), and transmits a service selection request for requesting service selection from the communication unit 21 to the user terminal 10 via the network. (Step S208).

  In the user terminal 10, the control unit 14 displays a service selection screen on the display unit 11 in response to receiving the service selection request by the communication unit 13 (step S209).

  Thereafter, the control unit 14 determines whether or not a desired service has been selected by the operation of the operation unit 12 by the user (step S210).

  When a desired service is selected (step S210; Yes), the control unit 14 transmits a service provision request for requesting provision of the selected service from the communication unit 13 to the service providing apparatus 20 via the network. (Step S211).

  In the service providing apparatus 20, the control unit 23 responds to reception of the service providing request by the communication unit 21, and the security level received in the process of step S 207 and the service providing conditions stored in the storage unit 22. Based on the above, it is determined whether or not it is possible to provide the service requested by the service provision request, in other words, whether or not the user has already confirmed that the service provision condition is satisfied (FIG. 14). Step S212).

  For example, when the service providing condition is that the user is over 20 years old, if the security level is less than “2”, it is determined that the service cannot be provided, while “2”. If it is above, it is determined that the service can be provided. Also, if the service provision condition is that the account balance of the user is 100,000 yen or more, if the security level is less than “3”, it is determined that the service cannot be provided, If it is “3” or more, it is determined that the service can be provided. Furthermore, when the service provision condition is that the account balance of the user is 1 million yen or more, if the security level is less than “4”, it is determined that the service cannot be provided, If “4”, it is determined that the service can be provided.

  Here, when it is determined that the service cannot be provided, in other words, when it is determined that the user has not yet confirmed that the service providing condition is satisfied (step S212; No), the control unit 23 The common ID settlement process is shifted to control by the common ID issuing device 30 (step S213).

  In the common ID issuing device 30, the control unit 33 transmits a user registration request from the communication unit 31 to the user terminal 10 via the network (step S214).

  And the control part 14 of the user terminal 10 responds to having received the user information input request, and performs the personal identification process shown in FIG. 8 (step S215).

  After executing the identity verification process shown in FIG. 8, in the common ID issuing device 30, the control unit 33 displays the security level stored in the common ID DB 320 in association with the common ID as a service provision possible notification, a service provision impossibility notification, And the identity verification failure notification are updated based on which communication unit 31 has received and the service provision conditions received in the process of step S5 (step S216).

  For example, when an identity verification failure notification is received, the security level is not updated. When a service provision failure notification is received, if the security level is “0”, the security level is updated to “1”. If it is 1 "or higher, the security level is not updated. On the other hand, when the service provision notice is received and the service provision condition is that the user's age is 20 years or older, the security level is updated to “2”, and the account balance of the user is When the service provision condition is 100,000 yen, the security level is updated to “3”. When the user account balance is 1,000,000 yen, the security level is updated. Update to “4”.

  Thereafter, the control unit 33 transmits the security level updated in the process of step S216 from the communication unit 31 to the service providing apparatus 20 via the network (step S217).

  In the service providing apparatus 20, the control unit 23 receives the security level at the communication unit 21 (step S 218), and provides a service based on the received security level and the service providing conditions stored in the storage unit 22. It is determined again whether the service requested by the request can be provided (step S219).

  When it is determined that the service can be provided by any one of the processes of step S212 and step S219, in other words, when it is determined that the user satisfies the service providing condition (step S212; Yes, In step S219; Yes, the control unit 23 performs a predetermined settlement process to provide the service via the network (step S220), and sends a settlement completion notification to that effect to the user terminal 10 via the network. Transmit (step S221).

  Specifically, in the payment process of step S220, the price of the service selected by the user is specified by referring to, for example, a price DB stored in the hard disk drive, and the transfer of the specified price is transferred from the communication unit 21. The personal information management device 40 is instructed via the network. In the personal information management device 40, the price instructed by the service providing device 20 is subtracted from the account balance of the user stored in the user information DB 420, and the price is added to the account balance of the operator of the service providing device 20. A process of adding is performed. Thereafter, the communication unit 41 notifies the service providing device 20 that the transfer of the price has been completed via the network. In response to the notification being received by the communication unit 21, the service providing device 20 The service selected by the user is provided via the network.

  In the user terminal 10, the control unit 14 displays a payment completion screen notifying that the payment is completed on the display unit 11 in response to receiving the payment completion notification by the communication unit 13 (step S 222). The common ID settlement process is terminated.

  On the other hand, if it is determined again that the service cannot be provided (step S219; No), the control unit 23 sends a payment incomplete notification notifying that payment has not been made via the network to the user terminal 10. (Step S223).

  In the user terminal 10, in response to receiving the payment incomplete notification by the communication unit 13, the control unit 14 displays on the display unit 11 a payment incomplete screen notifying that payment could not be performed (step S224). ), The common ID settlement process is terminated.

  As described above, in the identity verification system 1 in the present embodiment, only the personal information management device 40 holds and manages the personal information (user information) of the user created based on the user's public certificate, Identity verification is performed on behalf of the service providing device 20 and the common ID issuing device 30.

  As a result, the service providing device 20 and the common ID issuing device 30 do not need to hold and manage the user's personal information (user information), and thus the user's personal information (user information) is held and managed by a plurality of devices. It is possible to prevent leakage of personal information (user information) of the user as a result as much as possible. Further, the service providing device 20 and the common ID issuing device 30 can reduce the operational cost caused by possessing and managing the user's personal information (user information).

  Further, the user obtains the common ID issued by the common ID issuing device 30 without submitting an official certificate to the operator of the service providing device 20 or the common ID issuing device 30 for identity verification. Or the service provided by the service providing apparatus 20 can be received, and the service requiring strict identity verification can be received without impairing the convenience of the Internet.

  On the other hand, the service providing apparatus 20 can provide services to the user after performing strict identity verification based on the user's personal information (user information) created based on the user's public certificate. , Can improve the safety of internet transactions.

  As a result, in the identity verification system 1 in the present embodiment, both the safety and convenience of services provided via the network can be improved.

  Further, according to the identity verification system 1 in the present embodiment, the common ID issuing device 30 is provided by the service providing device 20 when the user terminal 10 requests the service providing device 20 to issue a common ID. The common ID is issued only when the service provision conditions for receiving the service are satisfied. If the common ID issued in this way is used, the user can receive the service provided by the service providing apparatus 20 without performing identity verification, so that safety and convenience are further improved.

  In addition, when the user intends to receive a service provided by the service providing apparatus 20 using the issued common ID, it is still confirmed whether the user satisfies the service providing conditions for receiving the service. If not, the service providing apparatus 20 requests confirmation from the personal information managing apparatus 40 via the common ID issuing apparatus 30 without waiting for an instruction from the user, so that safety and convenience are further improved. .

  In addition, this invention is not limited to the said embodiment, A various deformation | transformation and application are possible. Hereinafter, modifications of the above-described embodiment applicable to the present invention will be described.

  The above embodiment has been described on the assumption that the user is required to confirm the identity when issuing a common ID or providing a service. However, the present invention is not limited to this, and the control unit 43 of the personal information management apparatus 40 is updated when user information (for example, a user's address or telephone number) stored in the user information DB 420 is updated. Alternatively, the user may be requested to confirm the identity every certain period. Subsequently, the control unit 43 determines whether the current name, address, telephone number, and e-mail address input by the user in response to this request match the user information stored in the user information DB 420. If they match, the user information may be referred to determine again whether the service provision conditions are satisfied. If the determination result that the service provision condition is satisfied is obtained again, the control unit 43 transmits a service provision availability notification to the service provision device 30. In the common ID issuing device 30, the control unit 33 In response to reception of the provisionable notification, the security level stored in the common ID DB 320 may be updated in association with the common ID. As described above, since the reliability of the common ID can be maintained by sequentially updating the security level corresponding to the common ID when the user information is updated or every predetermined period, the service providing apparatus 20 is more secure. Can provide services to users.

  In the above embodiment, the common ID is issued only when the service provision availability notification is received. However, the present invention is not limited to this, and a common ID may be issued even when a service provision failure notification or an identity verification failure notification is received. In this case, in the process of step S107 shown in FIG. 11, the security level remains “0” when the identity verification failure notification is received, while when the service provision failure notification is received, the user name, address, Since the confirmation about the telephone number and the e-mail address has been obtained, the security level may be set to “1”. Further, in this case, if the service provision conditions are satisfied, the service provided by the service providing apparatus 20 can be received without performing identity verification again. If not satisfied, the service provided by the service providing apparatus 20 cannot be received unless the identity verification is performed again.

DESCRIPTION OF SYMBOLS 1 Identity verification system 10 User terminal 11 Display part 12 Operation part 13 Communication part 14 Control part 20 Service provision apparatus 21 Communication part 22 Storage part 23 Control part 30 Common ID issuing apparatus 31 Communication part 32 Storage part 33 Control part 40 Personal information management Device 41 Communication unit 42 Storage unit 43 Control unit 320 Common IDDB
420 User information DB

Claims (5)

A common ID (Identification Data) connected via the network to the user terminal and a service providing apparatus that provides a predetermined service to the user terminal via the network when the user of the user terminal satisfies a predetermined condition ) Issuing device,
Connected to the user terminal, the service providing apparatus, and the common ID issuing apparatus via the network, and corresponds to the personal information of the user created based on the public certificate of the user, a login ID, and a password. A personal information management device comprising a personal information database to be registered;
With
The personal information management device includes:
Condition acquisition means for acquiring the predetermined condition from the service providing apparatus via the network;
A registration determination for determining whether or not the login ID and the password are registered in the personal information database in response to receiving the login ID and the password transmitted from the user terminal via the network. Means,
If it is determined by the registration determining means that the login ID and the password are registered in the personal information database, the personal information of the user stored in the personal information database in association with the login ID and the password User determining means for determining whether or not the user satisfies the predetermined condition acquired by the condition acquiring means,
When the user determining means determines that the user satisfies the predetermined condition, a condition satisfaction notifying means for notifying the common ID issuing device to that effect via the network;
Including
When the user is notified that the user satisfies the predetermined condition by the condition satisfaction notifying unit, the common ID issuing device allows the service providing device to log in to the common ID issuing device. Issuing a common ID enabling the provision of the predetermined service to the user terminal;
A common ID issuing system characterized by that. The personal information management device includes:
Personal information acquisition means for acquiring personal information of the user input by the user from the user terminal via the network;
If it is determined by the registration determining means that the login ID and the password are registered in the personal information database, the personal information of the user stored in the personal information database in association with the login ID and the password And a match determination means for determining whether or not the personal information of the user acquired by the personal information acquisition means matches,
Further including
The condition satisfaction notifying means determines that the personal information of the user is matched by the match determining means, and if the user determines that the user satisfies the predetermined condition, Notifying the common ID issuing device via the network that the predetermined condition is satisfied,
The common ID issuing system according to claim 1. A service providing device connected to a user terminal via a network and providing a predetermined service to the user terminal via the network when a user of the user terminal satisfies a predetermined condition;
Personal information that is connected to the user terminal and the service providing apparatus via the network and registers the personal information of the user, the login ID, and the password associated with each other, created based on the public certificate of the user A personal information management device comprising a database;
With
The service providing apparatus includes:
Confirmation determination for determining whether or not the user satisfies the predetermined condition in response to a request for provision of the predetermined service from the user terminal via the network Means,
Condition notifying means for notifying the personal information management device of the predetermined condition via the network when the confirmation determining means determines that the user has not yet been confirmed to satisfy the predetermined condition; ,
Including
The personal information management device includes:
A registration determination for determining whether or not the login ID and the password are registered in the personal information database in response to receiving the login ID and the password transmitted from the user terminal via the network. Means,
If it is determined by the registration determining means that the login ID and the password are registered in the personal information database, the personal information of the user stored in the personal information database in association with the login ID and the password User determining means for determining whether or not the user satisfies the predetermined condition notified by the condition notifying means,
Including
After the determination by the user determination unit is performed, the confirmation determination unit again determines whether or not the user has already been confirmed to satisfy the predetermined condition,
The service providing device provides the predetermined service to the user terminal via the network when the confirmation determining unit determines that the user has already been confirmed to satisfy the predetermined condition. ,
A service providing system characterized by that. A common ID issuing device connected to the user terminal, the service providing device, and the personal information management device via the network;
The common ID issuing device is:
A common ID database that associates and registers the common ID that enables the service providing apparatus to provide the predetermined service when the user terminal logs into the common ID issuing apparatus, and the security level of the user; ,
After the user terminal transmits the common ID to the service providing apparatus via the network, the user terminal is registered in the common ID database in association with the common ID in response to logging in to the common ID issuing apparatus. Security level transmitting means for transmitting the security level of the user to the service providing apparatus via the network;
Including
The service providing apparatus further includes security level receiving means for receiving the security level of the user transmitted by the security level transmitting means,
The confirmation determination unit determines that the user has already confirmed whether or not the predetermined condition is satisfied when the security level of the user received by the security level reception unit is equal to or higher than a predetermined threshold. On the other hand, if the security level of the user is less than the predetermined threshold, it is determined that whether or not the user satisfies the predetermined condition has not yet been confirmed,
The personal information management device further includes a condition satisfaction notification means for notifying the common ID issuing device via the network when the user determination means determines that the user satisfies the predetermined condition. Including
The common ID issuing device, when notified by the condition satisfaction notifying means that the user satisfies the predetermined condition, sets the security level of the user registered in the common ID database to the predetermined threshold value. Further includes a security level updating means for updating to
The security level transmission means transmits again the security level of the user updated by the security level update means to the service providing apparatus via the network,
The confirmation determination unit performs again determination as to whether or not the user has already been confirmed to satisfy the predetermined condition when the security level reception unit receives the security level of the user again.
The service providing system according to claim 3. A common ID (Identification Data) connected via the network to the user terminal and a service providing apparatus that provides a predetermined service to the user terminal via the network when the user of the user terminal satisfies a predetermined condition ) The issuing device, the user terminal, the service providing device, and the common ID issuing device connected via the network and personal information and login ID of the user created based on the public certificate of the user And a personal information management device comprising a personal information management device comprising a personal information database that registers and associates passwords with each other,
A condition acquisition step in which the personal information management device acquires the predetermined condition from the service providing device via the network;
Whether the login ID and the password are registered in the personal information database in response to the personal information management device receiving the login ID and the password transmitted from the user terminal via the network. A registration determination step for determining whether or not,
If the personal information management device determines that the login ID and the password are registered in the personal information database in the registration determination step, the personal information management device stores the login ID and the password in association with each other. A user determination step of determining whether the user satisfies the predetermined condition acquired by the condition acquisition step based on the personal information of the user being
When the personal information management device determines that the user satisfies the predetermined condition in the user determination step, a condition satisfaction notification step for notifying the common ID issuing device to that effect via the network;
Including
When the common ID issuing device is notified by the condition satisfaction notifying step that the user satisfies the predetermined condition, the user terminal logs in to the common ID issuing device to allow the service providing device to Issuing a common ID enabling the provision of the predetermined service to the user terminal;
A common ID issuing method characterized by the above.