JP2012208856A - Identity confirmation system and identity confirmation method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To confirm identity of a user using an identity assurance institution of a portable terminal used by the user from among a plurality of identity assurance institutions.SOLUTION: An identity confirmation request server 3 comprises identity confirmation request means 31 for transmitting an identity confirmation request to an identity confirmation base server 2 and acquisition means 32 for acquiring an authentication result using address information of the authentication result. The identity confirmation base server 2 comprises selection instruction acceptance means 21 for accepting a selection instruction of an identity assurance server from a user terminal 4 and password authentication means 23 for transmitting a generated first password to a portable terminal 5 and authenticating whether a second password inputted from the user terminal 4 matches the first password. The identity assurance server 1 comprises authentication means 11 for authenticating user information inputted from the user terminal 4 by referring user information storage means 12 and storing an authentication result in authentication result storage means 13 and transmission means 11 for transmitting address information of the authentication result to the identity confirmation request server 3.

Description

  The present invention relates to an identity confirmation system and an identity confirmation method for confirming the identity of a user.

  In recent years, with the spread of the Internet, various services are provided via a network. However, spoofing on the network and identity theft such as user ID / password have become problems. Therefore, there is a need for a technology that ensures higher security and verifies the identity. For example, Patent Document 1 describes a personal identification method in which identity verification is requested to a financial institution system, and the financial institution system performs identity verification on behalf of the requester.

JP 2005-215889 A

  By the way, in public institutions and financial institutions, in order to confirm the identity of the person securely, the user presents an identification card such as a passport or driver's license, confirms the identity of the user, registers the identity, and then services. Has been done to provide. However, such a strict identity confirmation process is costly and has a problem in convenience because it is necessary for the user to bring an identification card to a public institution.

  In addition, it is not realistic to perform strict identity verification as described above each time various services are used via a network. Therefore, it is conceivable to use the technique described in Prior Art Document 1, but the institutions in which each user performs the strict identity confirmation as described above are different for each user, and other than a predetermined financial institution. Some users have strict identity verification at other institutions.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to identify the identity of a user using a personal identification device of a mobile terminal used by the user from among a plurality of identity assurance organizations. It is to provide a confirmation system and an identification method.

  In order to solve the above-mentioned problems, the present invention provides an identity confirmation system comprising an identity confirmation request server, an identity confirmation infrastructure server, and an identity guarantee server for a plurality of mobile terminal communication carriers, the identity confirmation request server Receives a request from the user terminal and receives an identification result requesting means for transmitting a request for confirming the identity of the user of the user terminal to the identity verification base server and address information of an authentication result performed by the identity guarantee server. Acquiring the authentication result using the address information, and the identity verification infrastructure server receives a selection instruction of any identity guarantee server from the user terminal, and Based on the request from the identity guarantee server selected by the selection instruction, a first password is generated, and the generated first password is transmitted to the mobile terminal. And a password authenticating means for authenticating whether or not the second password inputted from the user terminal matches the first password, wherein the identity guarantee server provides each communication service. When the user information storage means storing the user information of the user of the portable terminal matches the first password and the second password, the user information input from the user terminal is stored in the user information storage means. Authentication means for referring to and authenticating the authentication result in the authentication result storage means as an identification result, and the address information of the authentication result stored in the authentication result storage means via the identity verification infrastructure server Transmitting means for transmitting to the confirmation request server.

  The present invention is an identity confirmation system having an identity confirmation request server, an identity confirmation base server, and an identity guarantee server for a plurality of mobile terminal carriers, wherein the identity confirmation request server receives a request from a user terminal. Receiving the identification confirmation request means for transmitting the identification confirmation request of the user of the user terminal to the identification confirmation base server, and receiving the address information of the authentication result performed by the identification guarantee server, and using the address information, Acquisition means for acquiring an authentication result, and the identity verification base server generates and generates a first password and a selection instruction reception means that receives an instruction to select any identity guarantee server from the user terminal. The transmitted first password is transmitted to the user terminal, and the second password inputted from the portable terminal matches the first password. Password authentication means for authenticating whether or not, wherein the identity assurance server includes user information storage means in which user information of a user of each mobile terminal providing a communication service is stored, and the first password Authentication means for authenticating user information input from the user terminal with reference to the user information storage means when the second password matches, and storing the authentication result in the authentication result storage means as an identity confirmation result; And transmitting means for transmitting the address information of the authentication result stored in the authentication result storage means to the identity confirmation request server via the identity confirmation infrastructure server.

  The present invention is an identity confirmation system comprising an identity confirmation request server, an identity confirmation base server, and an identity guarantee server for a plurality of mobile terminal carriers, wherein the identity confirmation request server receives user information from a user terminal. User information stored in the identity guarantee server from the identity verification base server using a password request means for transmitting a password input request to the user terminal upon receiving a request including the password input from the user terminal Authentication means for authenticating the user of the user terminal by collating the acquired user information with the user information included in the request from the user terminal, and When user information is received from the identity guarantee server, a first password is generated, and the generated first password is sent to the mobile terminal. In addition, it has password generation means for storing the first password in the password storage means in association with the user information, and the identity guarantee server stores user information of the user of each portable terminal providing the communication service. The received user information storage means and a request from the mobile terminal are received, the user information corresponding to the mobile terminal stored in the user information storage means is read, and transmitted to the identity verification infrastructure server via the mobile terminal User information transmitting means.

  The present invention is an identity confirmation method performed by an identity confirmation system having an identity confirmation request server, an identity confirmation base server, and an identity guarantee server of a plurality of mobile terminal carriers, wherein the identity confirmation request server is a user Receiving a request from the terminal, sending an identity confirmation requesting step for transmitting the identity confirmation request of the user of the user terminal to the identity confirmation base server, receiving address information of an authentication result performed by the identity guarantee server, and receiving the address Obtaining the authentication result using information, and the identity verification base server selecting a selection instruction receiving step of receiving an instruction to select one of the identity guarantee servers from the user terminal, and selecting with the selection instruction The first password is generated based on the request from the identified identity guarantee server, and the generated first password is stored in the mobile terminal. And performing a password authentication step of authenticating whether or not the second password input from the user terminal matches the first password, wherein the identity guarantee server provides each communication service When the user information storage unit storing the user information of the user of the portable terminal matches the first password and the second password, the user information input from the user terminal is stored in the user information storage unit. An authentication step of referring to and authenticating the authentication result in the authentication result storage unit as an identification result, and address information of the authentication result stored in the authentication result storage unit via the identity verification infrastructure server And a transmission step of transmitting to the confirmation request server.

  The present invention is an identity confirmation method performed by an identity confirmation system having an identity confirmation request server, an identity confirmation base server, and an identity guarantee server of a plurality of mobile terminal carriers, wherein the identity confirmation request server is a user Receiving a request from the terminal, sending an identity confirmation requesting step for transmitting the identity confirmation request of the user of the user terminal to the identity confirmation base server, receiving address information of an authentication result performed by the identity guarantee server, and receiving the address An acquisition step of acquiring the authentication result using information, wherein the identity verification base server receives a selection instruction reception step of receiving an instruction to select one of the identity guarantee servers from the user terminal, and a first password. The generated first password is transmitted to the user terminal, and the second password input from the portable terminal A password authentication step for authenticating whether or not the first passwords match, wherein the identity guarantee server stores user information of a user of each portable terminal that provides a communication service. When the first password and the second password match, the user information input from the user terminal is authenticated with reference to the user information storage unit, and the authentication result is used as the identification confirmation result. An authentication step for storing in the storage unit; and a transmission step for transmitting the address information of the authentication result stored in the authentication result storage unit to the identity confirmation requesting server via the identity confirmation infrastructure server.

  The present invention is an identity confirmation method performed by an identity confirmation system having an identity confirmation request server, an identity confirmation base server, and an identity guarantee server of a plurality of mobile terminal carriers, wherein the identity confirmation request server is a user When a request including user information is received from the terminal, a password request step for transmitting a password input request to the user terminal, and the password input from the user terminal, the identity verification base server to the identity guarantee server Obtaining the stored user information, comparing the obtained user information with the user information included in the request from the user terminal, and authenticating the user of the user terminal, and When the server receives the user information from the identity guarantee server, the server generates a first password and generates the generated first The password generation step of transmitting the password to the portable terminal and storing the first password in the password storage unit in association with the user information is performed, and the identity guarantee server is a user of each portable terminal that provides the communication service. The user information storage unit storing the user information and a request from the mobile terminal are received, the user information corresponding to the mobile terminal stored in the user information storage unit is read, and the identity is transmitted via the mobile terminal. And a user information transmission step of transmitting to the confirmation infrastructure server.

  In the present invention, it is possible to provide an identity confirmation system and an identity confirmation method for confirming the identity of a user using an identity guarantee organization of a mobile terminal used by the user from among a plurality of identity guarantee organizations.

1 is an overall configuration diagram of an identity confirmation system to which a first embodiment of the present invention is applied. It is a figure which shows the hardware structural example of each apparatus. It is a sequence diagram which shows a 1st identity confirmation request | requirement process. It is a figure which shows an example of an identity guarantee organization selection screen. It is a conceptual diagram which shows an example of the process which produces | generates a selection screen. It is a sequence diagram which shows a 2nd identity confirmation request | requirement process. It is a sequence diagram which shows a 3rd identity confirmation request | requirement process. It is a whole block diagram of the identity confirmation system to which the 2nd Embodiment of this invention was applied. It is a sequence diagram which shows the identity confirmation request | requirement process of 2nd Embodiment.

  Embodiments of the present invention will be described below.

<First Embodiment>
FIG. 1 is an overall configuration diagram of an identity confirmation system to which a first embodiment of the present invention is applied. The illustrated identity confirmation system includes a plurality of identity assurance servers 1, an identity confirmation infrastructure server 2, a plurality of identity confirmation request servers 3, a user terminal 4 (such as a PC) used by a user, and a portable terminal 5 (such as a portable device). These are connected via the network 9.

  The identity guarantee server 1 is a server of an identity guarantee organization such as a public institution such as a public office or a financial institution such as a bank or an insurance company, and performs user registration after executing strict identity confirmation (identity confirmation). To provide a predetermined service. The identity guarantee server 1 confirms the identity of the user in response to a request from the identity confirmation request server 3. The identity guarantee server 1 of the present embodiment is assumed to be a server of a mobile carrier company (mobile terminal communication carrier) that provides a communication service to the mobile terminal 5.

  The illustrated identity guarantee server 1 includes an identity guarantee unit 11, a user information storage unit 12, and an authentication result storage unit 13.

  The identity guarantee unit 11 (authentication unit, transmission unit) authenticates user information input from the user terminal 4 with reference to the user information storage unit 12, and stores the authentication result in the authentication result storage unit 13 as an identity confirmation result. . Further, the identity guarantee unit 11 transmits the address information of the authentication result stored in the authentication result storage unit 13 to the identity confirmation request server 3 via the identity confirmation infrastructure server 2. Further, the identity guarantee unit 11 may accept from the portable terminal 5 whether or not to transmit the address information of the authentication result to the identity confirmation request server 3.

  The user information storage unit 12 includes mobile terminal identification information, PIN (personal identification number), user information (name, gender, date of birth, address) of each mobile terminal that provides the communication service of the mobile carrier company of the identity guarantee server 1. Attribute information) is stored.

  The authentication result storage unit 13 stores an authentication result (identification confirmation result) of the user authenticated by the identity guarantee unit 11 in response to a request from the identity confirmation request server 3.

  The identity confirmation infrastructure server 2 is a server shared by a plurality of identity confirmation request servers 3. That is, the identity verification base server 2 is an ASP (Application Service Provider), which mediates between a plurality of identity confirmation request servers 3 and a plurality of identity assurance servers 1, and sends each identity confirmation server 1 to each identity confirmation request server 3. Provides the user authentication result (identification result).

  The illustrated identity confirmation base server 2 includes a selection instruction receiving unit 21, an identity confirmation requesting unit 22, an OTP (one-time password) authentication unit 23, a storage unit 24, and an OTP storage unit 25. The selection instruction receiving unit 21 receives a selection instruction for one of the identity assurance servers 1 transmitted from the user terminal 4. The identity confirmation request unit 22 generates a two-dimensional barcode for accessing the identity guarantee server 1 selected by the selection instruction, and transmits the two-dimensional barcode to the portable terminal 5.

  The OTP authentication unit 23 generates the first OTP, transmits the generated first OTP to the mobile terminal 5, and whether the second OTP input from the user terminal 4 matches the first OTP. Authenticate Alternatively, the OTP authentication unit 23 generates the first OTP, transmits the generated first OTP to the user terminal 4, and the second OTP input from the portable terminal 5 matches the first OTP. Authenticate whether or not.

  The storage unit 24 stores information related to each identity guarantee server 1 (for example, the name of the identity guarantee organization, identification information of the identity guarantee server 1, address information such as the URL of the identity guarantee server 1, etc.). The OTP storage unit 25 stores the OTP generated by the OTP authentication unit 23.

  The identity confirmation requesting server 3 is a server of a company that provides a service via a network, for example, and requests the identity guarantee server 1 to confirm the identity of the user via the identity confirmation infrastructure server 2. The illustrated identity confirmation requesting server 3 includes an identity confirmation requesting unit 31, an authentication result acquisition unit 32, a service providing unit 33, and a storage unit 34.

  The identity confirmation requesting unit 31 receives a request from the user terminal 4 and transmits an identity confirmation request for the user of the user terminal 4 to the identity confirmation infrastructure server 2. The authentication result acquisition unit 32 receives the address information of the authentication result performed by the identity guarantee server 1, and acquires the authentication result (identification confirmation result) using the address information. The service providing unit 33 provides a predetermined service to the user.

  The above-described identity guarantee server 1, identity confirmation base server 2, and identity confirmation request server 3 all include a CPU 901, a memory 902, an external storage device 903 such as an HDD, a keyboard, A general-purpose computer system including an input device 904 such as a mouse, an output device 905 such as a display or a printer, and a communication control device 906 for connecting to a network can be used. In this computer system, the CPU 901 executes a predetermined program loaded on the memory 902, thereby realizing each function of each device.

  For example, the functions of the identity guarantee server 1, the identity confirmation base server 2, the identity confirmation request server 3, and the user terminal 4 are the same as those for the identity guarantee server 1. This is realized by executing the CPU 901 of the identity confirmation base server 2 in the case of the program for the identification, and the CPU 901 of the identification confirmation request server 3 in the case of the program for the identification confirmation request server 3. In addition, about the input device 904 and the output device 905, each apparatus shall be provided as needed.

  Next, an identity confirmation request process (see FIG. 2) from the identity confirmation request server 3 to the identity guarantee server 1 will be described in detail. There are three methods of identity confirmation request processing.

  FIG. 3 is a sequence diagram illustrating the first identity confirmation request process.

  First, the user terminal 4 receives a user instruction and uses the service provided by the identity confirmation request server 3 for the identity confirmation request server 3 of the identity confirmation requesting company ("Company X" in the illustrated example). Therefore, a service use request (authentication request) is transmitted (S11). This service use request includes each authentication item that the identity confirmation requesting server 3 itself wants to authenticate (verify) as identity confirmation information and user information (identity information) of the authentication item. The identity confirmation requesting server 3 transmits an input screen or the like for inputting each authentication item required by the user to the user terminal 4 and allows the user to input it. The user inputs user information (for example, the user's name, sex, date of birth, address, etc.) corresponding to each authentication item instructed from the identity confirmation requesting server 3, and the user terminal 4 The service use request including the user information to be transmitted is transmitted to the identity confirmation request server 3.

  The identity confirmation requesting unit 31 of the identity confirmation requesting server 3 gives the person's consent (approval) for transmitting (cooperating) the user information transmitted from the user terminal 4 to the identity confirmation infrastructure server 2 and the identity confirmation requesting server 3 in S11. An agreement request (for example, an input screen such as a dialog box) for causing the user to input is transmitted to the user terminal 4 (S12). The user terminal 4 receives the consent instruction input by the user and transmits it to the identity confirmation request server 3 (S13).

  The identity confirmation requesting unit 31 of the identity confirmation requesting server 3 transmits an identity confirmation request (identity confirmation request) to the identity confirmation infrastructure server 2 (S14). This identity confirmation request includes an authentication item and user information transmitted from the user terminal 4 corresponding to the authentication item. In addition, the identity confirmation requesting unit 31 stores the authentication item and the user information in the storage unit 34.

  Upon receiving the identity confirmation request from the identity confirmation requesting server 3, the selection instruction receiving unit 21 of the identity confirmation infrastructure server 2 transmits a selection request for allowing the user to select one of the identity guarantee institutions to the user terminal 4 (S15). ).

  Specifically, the selection instruction receiving unit 21 uses the information in the storage unit 24 to generate a selection screen on which the names of each identity guarantee organization are displayed as shown in FIG. 4, for example, and the selection screen is displayed on the user terminal 4. Send to.

  The selection instruction receiving unit 21 may generate a selection screen on which the names of all identity guarantee organizations (mobile carrier companies) stored in the storage unit 24 are displayed or stored in the storage unit 24. It is also possible to generate a selection screen on which the names of some of the identified identity guarantee organizations (mobile carrier companies) are displayed.

  FIG. 5 is a conceptual diagram showing an example of processing when generating a selection screen on which names of some identity guarantee organizations are displayed. In the example shown in the figure, the identity confirmation requesting company is classified in advance (classification 1, 2, 3,...) According to the type of industry, and the identity guarantee organization is also classified into the type of industry, the identity confirmation level, the authentication level, the user information held, etc. Accordingly, it is assumed that they are classified in advance (classifications a, b, c...) And stored in the storage unit 24, respectively. In the storage unit 24, each business type (classification 1, 2, 3,...) Of the identity confirmation requesting company and classifications of identity guarantee agencies that can be used in the business type (classification a, b, c...) Are stored in association with each other.

  In this case, the selection instruction accepting unit 21 acquires the classification of the identity guarantee organization associated with the business type of the requesting identity verification request server 3 from the storage unit 24, and the identity guarantee organization belonging to the obtained classification of the identity guarantee organization Is extracted from the storage unit 24, and a selection screen in which only the name of the extracted identity guarantee organization is set is generated. In this way, the selection instruction receiving unit 21 generates a selection screen in which the identity guarantee organization (identity guarantee server 1) corresponding to the business type of the identity confirmation requesting company (identity confirmation request server 3) is set.

  Thereby, the identity verification infrastructure server 2 can dynamically generate a selection screen according to the type of business of the identity verification requesting company. In addition, the identity guarantee organization has an advantage that an identification confirmation request is not made from an unidentified identification confirmation requesting company because the type of identification confirmation requesting company is limited.

  As shown in FIG. 5, the identity guarantee organization provides the authentication result to the identity confirmation requesting company via the identity confirmation infrastructure server 2, and the identity confirmation requesting company corresponds to the provided authentication result (authentication process). It is assumed that the expense to be paid to the identity guarantee organization through the identity verification infrastructure server 2.

  Further, when generating a selection screen on which the names of some identity guarantee organizations are displayed, each identity confirmation requesting company (identification confirmation requesting server 3) and the identity confirmation requesting company can be used in the storage unit 24. It is also conceivable to store the identity guarantee organization (identity guarantee server 1) in association with each other. In this case, the selection instruction receiving unit 21 acquires the identity guarantee server 1 associated with the requested identity confirmation requesting server 3 from the storage unit 24 and generates a selection screen.

  When the user terminal 4 receives the selection request in S15, the user selects, as an identity guarantee organization, by clicking on one of the mobile carrier companies of the owned mobile phone. The user terminal 4 transmits the mobile carrier company (identity guarantee server 1) selected by the user to the identity verification infrastructure server 2 (S16).

  The identity confirmation requesting unit 22 of the identity confirmation base server 2 has a two-dimensional barcode for a mobile phone for accessing the identity assurance server 1 of the selected identity assurance organization ("mobile carrier A company" in the illustrated example). QR code) is generated. And the OTP input screen which set the produced | generated two-dimensional barcode and the OTP input column for making a user input OTP (one-time password) is transmitted to the user terminal 4 (S17). At this time, the information that the identity verification infrastructure server 2 knows is the authentication item that the identity confirmation request server 3 wants to authenticate (verify), the user information transmitted in S11, and the selected identity guarantee organization. .

  The user terminal 4 receives the two-dimensional barcode and displays it on the display. The user activates a two-dimensional barcode reading application of the mobile terminal 5 and photographs (close-up) the two-dimensional barcode. As a result, the address (URL, etc.) of the identity guarantee server 1 included in the two-dimensional barcode is displayed on the display of the mobile terminal 5, and the user selects the address, whereby the mobile terminal 5 1 is accessed (S18).

  The identity guarantee unit 11 of the identity guarantee server 1 transmits an consent request for allowing the user to input personal consent (approval) regarding information provision to the portable terminal 5 (S19). The portable terminal 5 transmits the consent instruction input by the user to the identity guarantee server 1 (S20). In addition, when accessing the identity guarantee server 1 from the portable terminal 5 in S18 and S20, the portable terminal 5 also transmits the portable terminal identification information of the own portable terminal 5 together.

  When receiving the consent instruction, the identity guarantee unit 11 of the identity guarantee server 1 transmits an OTP issue request including the mobile terminal identification information to the identity verification infrastructure server 2 (S21). The OTP authentication unit 23 of the identity verification infrastructure server 2 generates an OTP by a predetermined algorithm. Then, the generated OTP and the portable terminal identification information included in the OTP issue request are associated (linked) and stored in the OTP storage unit 25 (S22). Then, the OTP authentication unit 23 transmits the generated OTP to the identity guarantee server 1 (S23), and the identity guarantee server 1 transmits the OTP to the mobile terminal 5 (S24). The identity guarantee unit 11 of the identity guarantee server 1 associates (associates) the received OTP with the mobile terminal identification information received in S21 and stores it in a storage unit (not shown).

  The portable terminal 5 receives the OTP and displays it on the display. The user inputs the OTP displayed on the mobile terminal 5 into the OTP input screen transmitted in S <b> 17 and displayed on the user terminal 4. The user terminal 4 transmits the input OTP to the identity verification infrastructure server 2 (S25).

  The OTP authentication unit 23 of the identity verification infrastructure server 2 refers to the OTP storage unit 25 and acquires mobile terminal identification information corresponding to the OPT transmitted from the user terminal 4. Then, the acquired mobile terminal identification information is associated with the authentication item and user information received from the identity confirmation request server 3 in S14 based on the session information (S26). That is, the session information used when transmitting / receiving information in S11 to S17 is the same as the session information used for transmitting / receiving the OTP in S25. For this reason, it is possible to associate (link) the mobile terminal identification information corresponding to the OTP received in S25 with the authentication item and the user information received in S14 using the session information. The OTP authentication unit 23 transmits the OTP received in S25 and the corresponding mobile terminal identification information, authentication item, and user information to the identity guarantee server 1 (S27).

  The identity guarantee unit 11 of the identity guarantee server 1 uses the OTP transmitted from the identity confirmation infrastructure server 2, the mobile terminal identification information, the authentication item, and the user information, so that the user using the user terminal 4 can obtain user information. It authenticates (determines) whether there is a legitimate registered user stored in the storage unit 12 and stores the authentication result in the authentication result storage unit 13.

  That is, the identity assurance unit 11 determines whether or not the received OPT and the mobile terminal identification information are stored in a storage unit (not shown) in S24. The user information of the information (user information corresponding to the authentication item) is acquired from the user information storage unit 12 and collated with the received user information. If the received user information matches the corresponding user information acquired from the user information storage unit 12, it is determined that the user of the user terminal 4 is a valid registered user, and the authentication result (OK) and the verification result (All match) is stored in the authentication result storage unit 13.

  Further, when the received OPT and the mobile terminal identification information are stored in S24, and at least one of the received user information does not match the corresponding user information acquired from the user information storage unit 12, The user of the user terminal 4 is determined not to be a registered user, and the authentication result (NG) and the verification result (matched user information, mismatched user information, etc.) are stored in the authentication result storage unit 13.

  If the received OPT and the mobile terminal identification information are not stored in S24, it is determined that the user is not a registered user, and the authentication result (NG) and the verification result (such as non-verification) are stored in the authentication result storage unit 13. To do.

  Note that only the verification result may be stored in the authentication result storage unit 13 as the authentication result.

  Then, the identity assurance unit 11 transmits address information (pointer, URL, etc.) indicating the storage location of the authentication result and the verification result to the identity verification infrastructure server 2 (S28), and the identity verification infrastructure server 2 receives the received address information. Is transmitted to the identity confirmation requesting server 3 (S29).

  The authentication result acquisition unit 32 of the identity confirmation requesting server 3 accesses the identity guarantee server 1 using the address information of the authentication result and the verification result (S30), and stores it in the storage location (authentication result storage unit 13) indicated by the address information. The stored authentication result and collation result are acquired (S31).

  Then, the authentication result acquisition unit 32 of the identity confirmation requesting server 3 determines that if the authentication result is OK (when the verification results are all the same), the user is registered in the identity guarantee server 1 and the user whose identity is guaranteed. (S32). When it is determined that the user has a guaranteed identity, the service providing unit 33 of the identity confirmation requesting server 3 provides a service to the user terminal 4 (S33). In this case, the identity confirmation requesting server 3 generates a user ID for the identity confirmation requesting server 3, and registers the user information transmitted from the user terminal 4 in S11 together with the generated user ID in a user information storage unit (not shown). For example, user registration may be performed. On the other hand, when the authentication result is NG (when collation is impossible or there is mismatched user information), the service is not provided because the identity of the user is not guaranteed.

  In FIG. 3, the OTP acquisition process in the portable terminal 5 in S18 to S24 is performed after the process in the user terminal 4 in S11 to S17. However, the OTP acquisition process in the portable terminal 5 in S18 to S24 is performed. It is good also as performing the process in the user terminal 4 of S11 to S17 after that.

  In addition, the person's consent in S13 may be performed after the identity guarantee organization is selected in S16.

  Further, in the sequence diagram shown in FIG. 3, the location (S14, S29) where data is transmitted / received between the identity verification infrastructure server 2 and the identity verification request server 3, and between the identity verification infrastructure server 2 and the identity guarantee server 1 The locations (S21, S23, S27, S28) where data is transmitted and received are basically communication by redirection via the browser of the user terminal 4 or the mobile terminal 5. However, instead of communication by redirection via the user terminal 4 or the mobile terminal 5, the identity confirmation infrastructure server 2 and the identity confirmation request server 3 communicate directly, and the identity confirmation infrastructure server 2 and the identity guarantee server 1 communicate directly. It is good as well.

  FIG. 6 is a sequence diagram showing the second identity confirmation request process. In the first identity confirmation request process (see FIG. 3), the OTP generated by the identity confirmation infrastructure server 2 is acquired and displayed using the mobile terminal 5 and input from the user terminal 4, but the second identity confirmation In the request processing, the OTP generated by the identity verification infrastructure server 2 is acquired and displayed using the user terminal 4 and is input from the mobile terminal 5.

  Since S41 to S46 are the same as S11 to S16 of the first identity confirmation request process described in FIG. 3, the description thereof is omitted here.

  The identity confirmation requesting unit 22 of the identity confirmation infrastructure server 2 receives an instruction to select one of the identity guarantee organizations ("mobile carrier A" in the illustrated example) from the user terminal 4 in S46. Thereby, the identity confirmation requesting unit 22 generates a two-dimensional barcode (QR code) for a mobile phone for accessing the identity guarantee server 1 of the selected identity guarantee organization. The OTP authentication unit 23 generates an OTP by a predetermined algorithm. Then, the identity confirmation requesting unit 22 transmits a screen in which the generated two-dimensional barcode and OTP are set to the user terminal 4 (S47). At this time, the information that the identity verification base server 2 knows is the authentication item that the identity confirmation requesting server 3 wants to authenticate (verify), the user information transmitted in S41, and the selected identity guarantee organization. .

  The user terminal 4 displays the two-dimensional barcode and OTP on the display. The user activates a two-dimensional barcode reading application of the mobile terminal 5 and photographs (close-up) the two-dimensional barcode. As a result, the address (URL, etc.) of the identity guarantee server 1 included in the two-dimensional barcode is displayed on the display of the mobile terminal 5, and the user selects the address, whereby the mobile terminal 5 1 is accessed (S48).

  The identity guarantee unit 11 of the identity guarantee server 1 transmits an OTP input screen for allowing the user to input the OTP to the portable terminal 5 (S49). The portable terminal 5 transmits the OTP input by the user (OTP displayed on the user terminal 4) to the identity guarantee server 1 (S50).

  When receiving the OTP, the identity guarantee unit 11 of the identity guarantee server 1 transmits an OTP authentication request to the identity verification infrastructure server 2 (S51). The OTP authentication unit 23 of the identity verification infrastructure server 2 determines whether or not the received OTP matches the OTP generated in S47 (S52). If they match, the OTP authentication unit 23 of the identity verification request server 3 requested in S44. The identity confirmation requesting company name ("X company" in the illustrated example) and the authentication items and user information received from the identity confirmation requesting server 3 in S44 are transmitted to the identity guarantee server 1 (S53). If the OTP does not match, an error is transmitted to the identity guarantee server 1.

  The identity guarantee unit 11 of the identity guarantee server 1 transmits an agreement request for allowing the user to input personal consent (approval) regarding information provision to the portable terminal 5 (S54). This consent request includes the identity confirmation requesting company name received in S53 and a list of authentication items. Note that user information may also be included in the consent request.

  The portable terminal 5 displays the identity confirmation requesting company name included in the consent request and a list of authentication items on the display. And the portable terminal 5 receives a user's instruction | indication, and transmits an consent instruction | indication to the identity guarantee server 1 (S55). The user can input the consent instruction after grasping the identity confirmation requesting company name that uses the authentication processing in the identity guarantee server 1 and the authentication items used in the authentication processing.

  In addition, when accessing the identity guarantee server 1 from the portable terminal 5 in S48, S50, and S55, the portable terminal 5 also transmits the portable terminal identification information of the own portable terminal 5 together.

  When the identity guarantee unit 11 of the identity guarantee server 1 receives the consent instruction from the mobile terminal 5, the user information and the authentication item transmitted from the identity verification infrastructure server 2 in S 53 and the mobile terminal identification information transmitted from the mobile terminal 5. The user who uses the user terminal 4 authenticates (determines) whether there is a legitimate registered user stored in the user information storage unit 12 and stores the authentication result in the authentication result storage unit 13.

  That is, the identity guarantee unit 11 acquires user information (user information corresponding to the authentication item) of the mobile terminal identification information from the user information storage unit 12, and collates it with the user information received in S53. If the received user information matches the corresponding user information acquired from the user information storage unit 12, it is determined that the user of the user terminal 4 is a valid registered user, and the authentication result (OK) and the verification result (All match) is stored in the authentication result storage unit 13.

  When at least one of the received user information does not match the corresponding user information acquired from the user information storage unit 12, it is determined that the user of the user terminal 4 is not a registered user, and the authentication result (NG) and the verification result (Matched user information, mismatched user information, etc.) are stored in the authentication result storage unit 13. Further, when the user information of the received mobile terminal identification information is not registered in the user information storage unit 12, it is determined that the user is not a registered user, and the authentication result (NG) and the verification result (such as non-verification) are stored as the authentication result. Store in the unit 13.

  Note that only the verification result may be stored in the authentication result storage unit 13 as the authentication result.

  Then, the identity guarantee unit 11 transmits address information (pointer, URL, etc.) indicating the storage location of the authentication result and the verification result to the identity confirmation infrastructure server 2 (S56), and the identity confirmation infrastructure server 2 receives the received address information. Is transmitted to the identity confirmation requesting server 3 (S57).

  Subsequent S58 to S61 are the same as S30 to S33 of the first identity confirmation request process described with reference to FIG.

  In the sequence diagram shown in FIG. 6, the location (S44, S57) where data is transmitted / received between the identity verification infrastructure server 2 and the identity verification request server 3, and between the identity verification infrastructure server 2 and the identity guarantee server 1 The locations (S51, S53, and S56) where data is transmitted and received are basically communication by redirection via the browser of the user terminal 4 or the mobile terminal 5. However, instead of communication by redirection via the user terminal 4 or the mobile terminal 5, the identity confirmation infrastructure server 2 and the identity confirmation request server 3 communicate directly, and the identity confirmation infrastructure server 2 and the identity guarantee server 1 communicate directly. It is good as well.

  FIG. 7 is a sequence diagram showing a third identity confirmation request process. In the third identity confirmation request process, as in the second identity confirmation request process (see FIG. 6), the OTP generated by the identity confirmation infrastructure server 2 is acquired and displayed using the user terminal 4, and the portable terminal 5 It is input from. The difference between the third identity confirmation request process and the second identity confirmation request process is that, in the second identity confirmation request process, the identity confirmation request server 3 confirms each authentication item and user information in S44. In contrast to the transmission to the base server 2, in the third identity confirmation request process, the identity confirmation request server 3 transmits the identification information and address information indicating the storage location of the user information to the identity confirmation base server 2. .

  Hereinafter, the third identification confirmation request process will be described focusing on a process different from the second identification confirmation request process.

  S71 to S73 are the same as S41 to S43 of the first identity confirmation request process of FIG. In S74, the identity confirmation requesting unit 31 of the identity confirmation requesting server 3 transmits an identity confirmation request including address information indicating the storage location of each authentication item and user information to the identity confirmation infrastructure server 2. When receiving the user information from the user terminal 4 in S71, the identity confirmation requesting unit 31 stores the authentication information together with the authentication item in the storage unit 34, and transmits the address information in the storage unit 34 to the identity confirmation infrastructure server 2 in S74.

  S75 to S82 are the same as S45 to S52 of the first identity confirmation request process of FIG. In S83, when the OTP received from the identity guarantee server 1 matches the OTP generated in S77, the OTP authentication unit 23 of the identity verification infrastructure server 2 identifies the identification confirmation requesting company of the identity verification request server 3 requested in S74. The name (in the example shown, “Company X”), the authentication item received from the identity confirmation requesting server 3 in S74, and the address information of the user information are transmitted to the identity guarantee server 1 (S83). If the OTP does not match, an error is transmitted to the identity guarantee server 1.

  The identity guarantee unit 11 of the identity guarantee server 1 transmits an agreement request for allowing the user to input personal consent (approval) regarding information provision to the portable terminal 5 (S84). This consent request includes the identity confirmation requesting company name received in S53 and a list of authentication items. Note that user information may also be included in the consent request.

  The portable terminal 5 displays the identity confirmation requesting company name included in the consent request and a list of authentication items on the display. And the portable terminal 5 receives a user's instruction | indication, and transmits an consent instruction | indication to the identity guarantee server 1 (S85). The user can input the consent instruction after grasping the identity confirmation requesting company name that uses the authentication processing in the identity guarantee server 1 and the authentication items used in the authentication processing.

  Upon receiving the consent instruction from the portable terminal 5, the identity guarantee unit 11 of the identity guarantee server 1 accesses the identity guarantee server 1 using the authentication item received from the identity verification infrastructure server 2 and the address information of the user information in S83. The authentication item and the user information are acquired from the storage unit 34 of the identity guarantee server 1 (S87). The identity guarantee unit 11 stores the user using the user terminal 4 in the user information storage unit 12 using the acquired user information and authentication items and the mobile terminal identification information transmitted from the mobile terminal 5. It is authenticated (determined) whether or not there is a valid registered user, and the authentication result is stored in the authentication result storage unit 13.

  Subsequent S88 to S93 are the same as S56 to S61 of the second identity confirmation request process described with reference to FIG.

  In the sequence diagram shown in FIG. 7, the location (S 74, S 89) where data is transmitted / received between the identity verification infrastructure server 2 and the identity verification request server 3, and between the identity verification infrastructure server 2 and the identity guarantee server 1. The locations (S81, S83, S88) where data is transmitted and received are basically communication by redirection via the browser of the user terminal 4 or the portable terminal 5. However, instead of communication by redirection via the user terminal 4 or the mobile terminal 5, the identity confirmation infrastructure server 2 and the identity confirmation request server 3 communicate directly, and the identity confirmation infrastructure server 2 and the identity guarantee server 1 communicate directly. It is good as well.

  In the third identity confirmation request process, the identity confirmation infrastructure server 2 retains only the authentication item and the address information of the user information, so that higher security of the user information can be ensured.

In the present embodiment described above, the identity of the user is confirmed by an identity guarantee organization selected according to the mobile terminal used by the user from among a plurality of identity guarantee organizations (mobile carrier companies), and the identity confirmation result Can be used by the requester, and the identity of each company can be shared. Specifically, in this embodiment, each identity confirmation requesting server 3 can determine whether or not the user can use the service using the authentication result of the identity guarantee server 1 selected by the user. As a result, each identity confirmation requesting server 3 does not need to maintain an advanced authentication system, and thus can be easily used without incurring development costs and maintenance costs when constructing an advanced authentication system. be able to. Moreover, the convenience of the user can be further improved by allowing the user to select a desired identity guarantee organization (identity guarantee server 1).
In this embodiment, since only the address information of the authentication result is transmitted from the identity guarantee server 1 to the identity verification infrastructure server 2, the identity verification infrastructure server 2 does not acquire the user authentication result.

  Moreover, in this embodiment, the selection screen of the identity guarantee organization shown to a user can be produced | generated according to the business type of the identity confirmation request server 3, etc.

  Moreover, in this embodiment, since the user can be inquired for approval (consent) to transmit the authentication result to the identity confirmation requesting server 3, it is possible to prevent the authentication result from being transmitted against the user's intention. Can do.

<Second Embodiment>
FIG. 8 is an overall configuration diagram of an identity confirmation system to which the second exemplary embodiment of the present invention is applied. The illustrated identity confirmation system includes a plurality of identity assurance servers 1A, an identity confirmation infrastructure server 2A, a plurality of identity confirmation request servers 3A, a user terminal 4 (for example, a PC) and a portable terminal 5 (for example, portable) used by the user. These are connected via the network 9.

  The illustrated identity guarantee server 1A includes an identity guarantee unit (user information transmission means) 11A and a user information storage unit 12A. The identity guarantee unit 11A receives a request from the mobile terminal 5, reads the user information corresponding to the mobile terminal 5 stored in the user information storage unit 12A, and transmits the user information to the identity confirmation infrastructure server 2A via the mobile terminal 5. To do. The user information storage unit 12A includes mobile terminal identification information, PIN (personal identification number), user information (name, gender, date of birth, address) of each mobile terminal that provides the communication service of the mobile carrier company of the identity guarantee server 1A. Attribute information) is stored.

  The illustrated identity verification base server 2A includes a request receiving unit 21A, an OTP authentication unit 22A, and an OTP storage unit 23A. 21 A of request | requirements reception parts transmit the consent input screen for inputting the approval (agreement) of providing the user information registered into the identity guarantee server 1A to the identity confirmation request | requirement server 3 to the portable terminal 5. FIG. When receiving the user information from the identity guarantee server 1A, the OTP authentication unit 22A generates a first password, transmits the generated first password to the mobile terminal 5, and associates the first password with the user information. And stored in the password storage unit 23A.

  The illustrated identity confirmation requesting server 3A includes an OTP request unit 31A, an authentication unit 32A, a service providing unit 33A, and a storage unit 34A.

  Upon receiving a request including user information from the user terminal 4, the OTP request unit 31 </ b> A transmits an OTP input request to the user terminal 4. The authentication unit 32A acquires the user information stored in the identity guarantee server 1A from the identity verification infrastructure server 2A using the OTP input from the user terminal 4, and is included in the acquired user information and the request from the user terminal 4 The user of the user terminal 4 is authenticated by checking the user information. The service providing unit 33A provides a predetermined service to the user.

  FIG. 9 is a sequence diagram showing an identity confirmation request process according to this embodiment. In the present embodiment, the OTP generated by the identity verification infrastructure server 2 </ b> A is acquired and displayed using the mobile terminal 5 and input from the user terminal 4. Then, the user information held in the identity guarantee server 1A is temporarily held in the identity verification infrastructure server 2A, and the user information input from the user terminal 4 by the identity confirmation requesting server 3A using this user information. Perform verification.

  First, the user terminal 4 receives a user instruction and uses the service provided by the identity confirmation request server 3A for the identity confirmation request server 3A of the identity confirmation requesting company ("Company X" in the illustrated example). Therefore, a service use request (authentication request) is transmitted (S101). This service use request includes each authentication item that the identity confirmation requesting server 3A itself wants to authenticate (verify) as identity confirmation information and user information (identity information) of the authentication item.

  When receiving the service use request (authentication request), the OTP request unit 31A of the identity confirmation requesting server 3A transmits an OTP input screen for inputting the OTP to the requesting user terminal 4 (S102). The user terminal 4 displays an OTP input screen. Thereby, the user accesses the identity verification infrastructure server 2 </ b> A using the mobile terminal 5. The portable terminal 5 receives the user's operation and transmits an OTP issue request to the identity verification infrastructure server 2A (S103).

  The request receiving unit 21A of the identity verification infrastructure server 2A displays an agreement input screen for allowing the user to input personal consent (approval) for performing identity verification using the user information registered in the identity guarantee server 1A. (S104). This consent input screen includes an input field for inputting whether or not to agree, and an input field for inputting a PIN (personal identification number). The consent input screen is prepared for each mobile carrier company (telecommunications carrier) of the mobile terminal 5, and the request receiving unit 21 </ b> A receives the mobile carrier company (telecommunications) of the mobile terminal 5 that transmitted the OTP issue request. Send consent input screen according to (operator).

  The portable terminal 5 displays the consent input screen, and transmits the consent instruction and PIN input by the user on the screen to the identity guarantee server 1A (here, the identity guarantee server of the mobile carrier A company) (S105). Note that the mobile terminal 5 also transmits the mobile terminal identification information of the mobile terminal 5 to the identity guarantee server 1 together.

  The identity guarantee unit 11A of the identity guarantee server 1A determines whether the mobile terminal identification information and the PIN transmitted from the mobile terminal 5 are registered in the user information storage unit 12A (S106). Specifically, a PIN corresponding to the mobile terminal identification information transmitted from the mobile terminal 5 is acquired from the user information storage unit 12A, and it is determined whether or not it matches the PIN transmitted from the mobile terminal 5. If the PINs do not match, the identity guarantee unit 11 </ b> A transmits error information to the mobile terminal 5.

  If the PINs match, the identity assurance unit 11A reads the user information corresponding to the mobile terminal identification information from the user information storage unit 12A, and transmits the read user information to the identity verification infrastructure server 2A via the mobile terminal 5 ( S107, S108). Specifically, the identity assurance unit 11A transmits an OTP issue request (redirect request) to the mobile terminal 5 with the identity verification infrastructure server 2A as a redirect destination. When the portable terminal 5 receives an OTP issue request by the browser function, the portable terminal 5 transmits an OTP issue request including user information to the redirection destination identity verification infrastructure server 2A designated by the OTP issue request.

  When receiving the OTP issue request, the OTP authentication unit 22A of the identity verification infrastructure server 2A generates an OTP by a predetermined algorithm. Then, the generated OTP and the user information included in the OTP issue request are associated (linked) and stored in the OTP storage unit 23A (S109). Then, the OTP authentication unit 22A transmits the generated OTP to the mobile terminal 5 (S110).

  The portable terminal 5 receives the OTP and displays it on the display. The user inputs the OTP displayed on the mobile terminal 5 to the OTP input screen transmitted in S102 and displayed on the user terminal 4. The user terminal 4 transmits the input OTP to the identity confirmation requesting server 3A (S111).

  The authentication unit 32A of the identity confirmation requesting server 3A transmits a user information acquisition request including the OTP received from the user terminal 4 to the identity confirmation infrastructure server 2A (S112). The OTP authentication unit 22A of the identity verification infrastructure server 2A reads the user information corresponding to the OTP specified in the user information acquisition request from the OTP storage unit 23A (S113), and transmits it to the identity verification request server 3A (S114).

  The authentication unit 32A of the identity confirmation requesting server 3A collates each user information received from the user terminal 4 in S102 with each user information acquired from the identity confirmation infrastructure server 2A in S114 (S115). Note that the session information used for transmitting / receiving information in S101 and S102 is the same as the session information used for transmitting / receiving the OTP in S111. For this reason, it is possible to associate (link) the user information received in S101 and the OTP received in S111 using the session information.

  When the user information matches, it is determined that the user of the user terminal 4 is a valid user registered in the identity guarantee server 1A, and the service providing unit 33A provides a predetermined service to the user terminal 4. If the user information does not match, it is determined that the user of the user terminal 4 is not a valid user registered in the identity guarantee server 1A, and the service is not provided to the user terminal 4.

  In addition, in the sequence diagram shown in FIG. 9, the location (S112, S114) where data is transmitted / received between the identity verification infrastructure server 2 and the identity verification request server 3 is basically redirected via the browser of the user terminal 4. Communication by. However, instead of communication through redirection via the user terminal 4, the identity confirmation infrastructure server 2 and the identity confirmation request server 3 may communicate directly.

In the present embodiment described above, the user's identity is confirmed using user information registered in the identity guarantee organization corresponding to the mobile terminal used by the user from among a plurality of identity guarantee organizations (mobile carrier companies). be able to. Specifically, the identity confirmation requesting server 3 compares the user information acquired from the identity assurance server 1 via the identity confirmation infrastructure server 2 with the user information input from the user terminal 4 to confirm the user's identity. To do. Thereby, it is not necessary to hold user information on each identity confirmation requesting server 3 side, and therefore development costs and maintenance costs can be reduced.
In the present embodiment, the user can be inquired for approval (consent) to transmit the user information to the identity confirmation requesting server 3, so that the user information is prevented from being transmitted against the user's intention. Can do.

  Moreover, in this embodiment, the system construction load in the identity confirmation request server 3 and the identity guarantee server 1 (server of a portable carrier company) can be reduced as compared with the first embodiment.

  In addition, this invention is not limited to said embodiment, Many deformation | transformation are possible within the range of the summary.

  DESCRIPTION OF SYMBOLS 1: Identity guarantee server, 11: Identity guarantee part, 12: User information storage part, 13: Authentication result storage part, 2: Identity confirmation base server, 21: Selection instruction | indication reception part, 22: Identity confirmation request part, 23: OTP Authentication unit, 24: storage unit, 25: OTP storage unit, 3: identity confirmation request server, 31: identity confirmation request unit, 32: authentication result acquisition unit, 33: service providing unit, 34: storage unit, 4: user terminal 5: Mobile terminal, 9: Network

Claims (10)

An identity confirmation system comprising an identity confirmation request server, an identity confirmation infrastructure server, and an identity guarantee server of a plurality of mobile terminal carriers,
The identity confirmation request server
An identity confirmation requesting means for receiving a request from the user terminal and transmitting an identity confirmation request of the user of the user terminal to the identity confirmation infrastructure server;
Receiving the address information of the authentication result performed by the identity guarantee server, and obtaining the authentication result using the address information,
The identity verification infrastructure server is
Selection instruction accepting means for accepting a selection instruction for any identity guarantee server from the user terminal;
Based on the request from the identity guarantee server selected by the selection instruction, a first password is generated, the generated first password is transmitted to the portable terminal, and the second password input from the user terminal And password authentication means for authenticating whether or not the first password matches,
The identity guarantee server
User information storage means for storing user information of the user of each portable terminal providing the communication service;
If the first password and the second password match, the user information input from the user terminal is authenticated with reference to the user information storage means, and the authentication result is used as an authentication result storage means. Authentication means stored in
An identity verification system comprising: transmission means for transmitting address information of an authentication result stored in the authentication result storage means to the identity confirmation request server via the identity confirmation infrastructure server. An identity confirmation system comprising an identity confirmation request server, an identity confirmation infrastructure server, and an identity guarantee server of a plurality of mobile terminal carriers,
The identity confirmation request server
An identity confirmation requesting means for receiving a request from the user terminal and transmitting an identity confirmation request of the user of the user terminal to the identity confirmation infrastructure server;
Receiving the address information of the authentication result performed by the identity guarantee server, and obtaining the authentication result using the address information,
The identity verification infrastructure server is
Selection instruction accepting means for accepting a selection instruction for any identity guarantee server from the user terminal;
Password authentication for generating a first password, transmitting the generated first password to the user terminal, and authenticating whether or not the second password input from the portable terminal matches the first password Means,
The identity guarantee server
User information storage means for storing user information of the user of each portable terminal providing the communication service;
If the first password and the second password match, the user information input from the user terminal is authenticated with reference to the user information storage means, and the authentication result is used as an authentication result storage means. Authentication means stored in
An identity verification system comprising: transmission means for transmitting address information of an authentication result stored in the authentication result storage means to the identity confirmation request server via the identity confirmation infrastructure server. An identity verification system according to claim 2,
The identity confirmation requesting means of the identity confirmation requesting server stores the user information input from the user terminal in the storage means, and transmits the address information of the user information stored in the storage means to the identity confirmation infrastructure server. ,
The authentication means of the identity guarantee server acquires user information from the storage means of the identity confirmation request server using the address information of the user information acquired from the identity confirmation base server, and stores the acquired user information in the user information storage The identity verification system characterized by authenticating with reference to the means and storing the authentication result in the authentication result storage means as an identity confirmation result. An identity verification system according to claim 1 or claim 2,
The identity verification system according to claim 1, wherein the authentication means of the identity guarantee server receives from the user terminal whether or not to transmit the address information of the authentication result to the identity verification request server. An identity verification system according to claim 1 or claim 2,
The identity confirmation base server selection instruction reception means generates a selection screen in which an identity guarantee server corresponding to the type of business of the identity confirmation request server is set. An identity confirmation system comprising an identity confirmation request server, an identity confirmation infrastructure server, and an identity guarantee server of a plurality of mobile terminal carriers,
The identity confirmation request server
Upon receiving a request including user information from the user terminal, password request means for transmitting a password input request to the user terminal;
Using the password input from the user terminal, the user information stored in the identity guarantee server is acquired from the identity verification base server, and the acquired user information and the user information included in the request from the user terminal Verification means for verifying and authenticating the user of the user terminal,
The identity verification infrastructure server is
When user information is received from the identity guarantee server, a first password is generated, the generated first password is transmitted to the portable terminal, and the first password is associated with the user information in the password storage means. Having password generation means for storing;
The identity guarantee server
User information storage means for storing user information of the user of each portable terminal providing the communication service;
User information transmitting means for receiving a request from a portable terminal, reading user information corresponding to the portable terminal stored in the user information storage means, and transmitting the user information to the identity verification infrastructure server via the portable terminal; An identification system characterized by having. An identity confirmation method performed by an identity confirmation system having an identity confirmation request server, an identity confirmation base server, and an identity guarantee server of a plurality of mobile terminal carriers,
The identity confirmation request server
An identity confirmation requesting step for receiving a request from the user terminal and transmitting an identity confirmation request of the user of the user terminal to the identity confirmation infrastructure server;
Receiving address information of an authentication result performed by the identity guarantee server, and obtaining the authentication result using the address information; and
The identity verification infrastructure server is
A selection instruction receiving step for receiving a selection instruction for any identity guarantee server from the user terminal;
Based on the request from the identity guarantee server selected by the selection instruction, a first password is generated, the generated first password is transmitted to the portable terminal, and the second password input from the user terminal And a password authentication step for authenticating whether or not the first password matches,
The identity guarantee server
A user information storage unit that stores user information of users of mobile terminals that provide communication services;
When the first password and the second password match, the user information input from the user terminal is authenticated with reference to the user information storage unit, and the authentication result is used as an identification confirmation result. An authentication step stored in
And a transmitting step of transmitting address information of the authentication result stored in the authentication result storage unit to the identity confirmation requesting server via the identity confirmation infrastructure server. An identity confirmation method performed by an identity confirmation system having an identity confirmation request server, an identity confirmation base server, and an identity guarantee server of a plurality of mobile terminal carriers,
The identity confirmation request server
An identity confirmation requesting step for receiving a request from the user terminal and transmitting an identity confirmation request of the user of the user terminal to the identity confirmation infrastructure server;
Receiving address information of an authentication result performed by the identity guarantee server, and obtaining the authentication result using the address information; and
The identity verification infrastructure server is
A selection instruction receiving step for receiving a selection instruction for any identity guarantee server from the user terminal;
Password authentication for generating a first password, transmitting the generated first password to the user terminal, and authenticating whether or not the second password input from the portable terminal matches the first password And having steps,
The identity guarantee server
A user information storage unit that stores user information of users of mobile terminals that provide communication services;
When the first password and the second password match, the user information input from the user terminal is authenticated with reference to the user information storage unit, and the authentication result is used as an identification confirmation result. An authentication step stored in
And a transmitting step of transmitting address information of an authentication result stored in the authentication result storage unit to the identity confirmation requesting server via the identity confirmation infrastructure server. The identity verification method according to claim 8,
The identity confirmation requesting step of the identity confirmation requesting server stores user information input from the user terminal in a storage unit, and transmits address information of the user information stored in the storage unit to the identity confirmation base server. ,
The authentication step of the identity assurance server acquires user information from the storage unit of the identity verification request server using the address information of the user information acquired from the identity verification base server, and stores the user information in the user information storage unit And authenticating the authentication result, and storing the authentication result as an identification result in the authentication result storage unit. An identity confirmation method performed by an identity confirmation system having an identity confirmation request server, an identity confirmation base server, and an identity guarantee server of a plurality of mobile terminal carriers,
The identity confirmation request server
Upon receiving a request including user information from the user terminal, a password request step for transmitting a password input request to the user terminal;
Using the password input from the user terminal, the user information stored in the identity guarantee server is acquired from the identity verification base server, and the acquired user information and the user information included in the request from the user terminal Verifying and authenticating the user of the user terminal, and
The identity verification infrastructure server is
When user information is received from the identity guarantee server, a first password is generated, the generated first password is transmitted to the portable terminal, and the first password is associated with the user information in the password storage unit. Perform password generation step to remember,
The identity guarantee server
A user information storage unit that stores user information of users of mobile terminals that provide communication services;
A user information transmission step of receiving a request from a mobile terminal, reading out user information corresponding to the mobile terminal stored in the user information storage unit, and transmitting the user information to the identity verification infrastructure server via the mobile terminal; An identity verification method characterized by what is done.

Images