JP2015053007A - Control device, control method and control program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a control device, a control method and a control program for efficiently carrying out authentication of attribute information of a user by using contractor information retained in one of a plurality of communication carriers.SOLUTION: An API conversion device 10 includes: a communication carrier DB11 for storing reliability data indicating the probability that a user has respective contracts with a plurality of communication carriers for respective groups of terminal information for a user terminal 20; a service execution control unit 13 for receiving an authentication request of whether or not the attribute information for the user fulfills a specification condition which one of the plurality of communication carriers has along with the terminal information by standard API and returning the authentication result; a determination unit 15 for determining the order of the communication carriers estimated by the reliability data on the basis of the terminal information; and an API conversion unit 16 for converting the authentication request to standard API by converting the authentication request to unique API for an authentication server 40 for the communication carrier in order from the communication carrier of a high order.

Description

  The present invention relates to a control device, a control method, and a control program for converting an authentication request.

In recent years, Consumer Generated Media (CGM) such as SNS (Social Networking Service) or other community sites has become widespread. A service by CGM may be provided with some functions limited depending on age, for example. Therefore, certainty of age verification is required when using the service.
However, in online age confirmation, there is a problem that age misrepresentation is relatively easy and is difficult to handle because it is personal information.

Under such circumstances, a means for performing age authentication by associating user identification information such as a license or an IC card and personal information of the user has been proposed (for example, see Patent Document 1).
In addition, a service is provided in which a user can perform age authentication without consciously presenting user identification information when a telecommunications carrier notifies the CGM site of the user's age information (for example, non-patent literature). 1).

JP 2005-25285 A

January 19, 2011, [online], [August 19, 2013] Regarding the provision of the “age confirmation service” utilizing user information of au mobile phones and the response to this service of “au one GREE” Search], Internet <http: // www. kddi. com / corporate / news_release / 2011 / 0119a / index. html>

  However, in the method of presenting user identification information shown in Patent Literature 1, when authenticating attribute information such as age, it is necessary to input the user identification information each time, so the convenience for the user is reduced.

In addition, in the method disclosed in Non-Patent Document 1, if the method of holding contractor information in each of a plurality of communication carriers and the specification of key information are different, the operator of CGM is a service user. It is necessary to authenticate user attribute information with a different program logic for each telecommunications carrier to which the user belongs. For this reason, the maintainability of the system is lowered and the operation cost is increased.
Furthermore, if it is not possible to determine to which telecommunications carrier the user's terminal belongs, an authentication request is transmitted to a plurality of telecommunications carriers, resulting in useless transactions.

  The present invention relates to a control device, a control method, and a control program for converting an authentication request in order to efficiently authenticate user attribute information using contractor information held by any of a plurality of communication carriers. The purpose is to provide.

  The control device according to the present invention provides, for each group of identification data of a communication terminal, first reliability data indicating a probability that a user of the communication terminal in the group contracts with each of a plurality of communication carriers. And an authentication request as to whether or not the attribute information of the user possessed by any of the plurality of communication carriers includes a storage unit that stores the identification data of the communication terminal used by the user, A receiving unit that receives in a predetermined common format; a determination unit that determines a rank of a communication carrier that is estimated to be contracted by the user based on the first reliability data based on the identification data; A communication business having a high rank calculated by the determination unit until an authentication result is obtained from a communication carrier having attribute information or an authentication request is made to all of the plurality of communication carriers. Sequentially converting the authentication request into a format unique to the carrier and transmitting it to the authentication system of the carrier and receiving the authentication result and converting the authentication result into a predetermined common format; And a transmission unit that returns the authentication result converted into the common format to the transmission source of the authentication request.

  The control device may include an update unit that updates the first reliability data in accordance with the authentication result.

  The update unit obtains an authentication result determined to have the attribute information from a communication carrier different from the highest-level communication carrier determined by the first reliability data for the group to which the communication terminal belongs. If it is, the second reliability data for the communication terminal may be stored separately from the first reliability data.

  The update unit may delete the second reliability data and update the first reliability data when the second reliability data exceeds a predetermined amount.

  The authentication request includes operator data for identifying a service operator that is a transmission source of the authentication request, and the control device is predetermined data in which the operator data is permitted to respond to the authentication request. You may provide the authentication part which authenticates this.

  The identification data may include any one of a telephone number, an IP address, and an HTTP user agent.

  A control method according to the present invention is a method for controlling an authentication request by a computer, wherein the computer is configured such that, for each group of identification data of communication terminals, a user of a communication terminal in the group includes a plurality of communication carriers. The first reliability data indicating the probability of contracting with each is stored, accompanied by identification data of the communication terminal used by the user, and attribute information of the user possessed by any of the plurality of communication carriers A reception step of receiving an authentication request as to whether or not a specified condition is satisfied in a predetermined common format, and communication inferred that the user is contracted based on the first reliability data based on the identification data A determination step of determining the ranking of the operators, and an authentication result is obtained from the communication carrier having the attribute information, or all of the plurality of communication carriers are Until the authentication request is made, the authentication request is converted into a format unique to the communication carrier in order from the communication carrier having the highest order calculated in the determination step, and transmitted to the authentication system of the communication carrier, When the authentication result is received, the computer executes a conversion step of converting the authentication result into a predetermined common format, and a transmission step of returning the authentication result converted into the common format to the transmission source of the authentication request. To do.

  A control program according to the present invention is a control program for causing a computer to control an authentication request, wherein the computer includes a plurality of users of communication terminals in the group for each group of identification data of the communication terminal. The first reliability data indicating the probability of contracting with each of the telecommunications carriers is stored, and the user having one of the plurality of telecommunications carriers with identification data of the communication terminal used by the user. A receiving step of receiving an authentication request whether or not the attribute information satisfies a specified condition in a predetermined common format, and the user is contracted by the first reliability data based on the identification data A determination step for determining the rank of the estimated carrier, and an authentication result is obtained from the carrier having the attribute information, Until the authentication request is issued to all of the telecommunications carriers, the authentication request is converted into a format unique to the telecommunications carrier in order from the telecommunications carrier with the highest ranking calculated in the determination step. Transmitting to the authentication system of the user and receiving the authentication result, a conversion step of converting the authentication result into a predetermined common format, and a transmission of returning the authentication result converted into the common format to the transmission source of the authentication request And causing the computer to execute steps.

  According to the present invention, user attribute information can be efficiently authenticated using contractor information held by any of a plurality of communication carriers.

It is a figure which shows the structure of the authentication system which concerns on embodiment. It is a figure which illustrates the data format of the standard API which concerns on embodiment. It is a figure which shows the user table which concerns on embodiment. It is a figure which shows the network table which concerns on embodiment. It is a sequence diagram which shows the flow of the process which concerns on embodiment. It is a flowchart which shows the determination process which concerns on embodiment. It is a flowchart which shows the authentication agency process which concerns on embodiment. It is a figure which shows the 1st update process which concerns on embodiment. It is a figure which shows the 2nd update process which concerns on embodiment.

Hereinafter, an example of an embodiment of the present invention will be described.
FIG. 1 is a diagram illustrating a configuration of an authentication system 1 according to the present embodiment.

  The authentication system 1 of this embodiment includes an API conversion device 10 (control device), a user terminal 20 (communication terminal) operated by a service user, a content server 30 of a CGM operator, and a plurality of communication carriers. Is connected to the authentication server 40 via the network.

  Here, the network is a public line network such as the Internet, a telephone line network, a satellite communication network, and various LANs including Ethernet (registered trademark), WAN (Wide Area Network), and IP-VPN. A private network may be included.

The API conversion apparatus 10 standardizes an interface with the content server 30 and performs processing related to authentication of user attribute information depending on the authentication server 40.
The user attribute information is, for example, contractor information managed by a telecommunications carrier such as age, gender, and address. Hereinafter, age authentication will be described as an example.

The user terminal 20 makes a service request to one of the content servers 30 in order for the service user to use content provided by the CGM provider.
The user terminal 20 may be, for example, a mobile terminal, a PC (Personal Computer), a game machine, or the like, and is an information processing apparatus that can acquire terminal information (identification data) including line information and the like by software processing.

In response to the service request from the user terminal 20, the content server 30 requests age verification of the user who uses the content of the CGM provider. For example, the content server 30 transmits an age authentication query to the API conversion apparatus 10 together with the identifier of the user terminal 20 owned by the registrant to the new registrant.
At this time, the content server 30 issues an authentication request by calling a standard API defined in a common format regardless of the communication carrier to which the user terminal 20 belongs.

FIG. 2 is a diagram illustrating a data format of the standard API according to this embodiment.
The standard API acquires the age information of the subscriber who matches the query by specifying the query regarding the identification data of the CGM operator, the authentication age, the telephone number, the IP address, and the HTTP user agent as parameters.

Here, the query is a search expression composed of a constant (a character string enclosed in “”), a range operator ([from, to]), and a wild card.
Specifically, “sender” is a character string for assuring the API request source, and it is sufficient that the CGM provider can be uniquely identified. “Age” is an authentication condition and is expressed by designating an age region by a range operator.
“User” is a character string for uniquely identifying the person to be authenticated, and is a telephone number or line information described in the SIM. “Network” is a character string representing an IP address. “Agent” is a character string representing an HTTP user agent.

  The usage example is for authenticating whether or not the user whose telephone number is “080-1111-1111” is 20 years old or older. The CGM provider is identified by the character string “nanashi.corp”. In addition to the telephone number, the IP address “172.19.70.162” and the HTTP user agent “xxxx” are designated as terminal information.

  The API conversion apparatus 10 estimates a communication carrier to which the user terminal 20 belongs in response to authentication requests aggregated by the standard API by a process described later. Then, the API conversion apparatus 10 converts the format of the authentication request in accordance with the API unique to the estimated authentication server 40 of the communication carrier, and calls the API specific to the authentication server 40.

The authentication server 40 has a network communication function, an authentication function, a contractor information DB (database), and the like, and performs terminal authentication by comparing terminal information included in parameters with contractor information in response to a call to a specific API. .
Specifically, the authentication server 40 of each telecommunications carrier associates the telecommunications carrier's contractor information with the contract terminal information, and refers to the contractor information using the terminal information as a key. Returns authentication result such as NO.

  Here, the terminal information as a key for authentication uniquely associates the user terminal 20 with the contractor information such as terminal identification information and user identification ID within the communication carrier in addition to line information such as a telephone number. Any identification data may be used.

  When the API conversion apparatus 10 obtains an authentication result from the authentication server 40, the API conversion apparatus 10 reversely converts the authentication result unique to the authentication server 40 into a standard API format and responds to the content server 30 that is the authentication request source.

Next, the configuration of the API conversion apparatus 10 will be described in detail.
The API conversion apparatus 10 includes a communication carrier DB 11 (storage unit), a mapping DB 12, a service execution control unit 13 (reception unit, transmission unit), an authentication unit 14, a determination unit 15 (update unit), and an API conversion. Unit 16 (conversion unit).

  For each group of identification data included in the terminal information of the user terminal 20, the telecommunications carrier DB 11 has reliability data (first data) indicating the probability that a user in this group has a contract with each of a plurality of telecommunications carriers. 1 reliability data) is stored.

  Specifically, the telecommunications carrier DB 11 defines the relationship between each parameter of standard API (for example, telephone number, IP address, HTTP user agent) and each telecommunications carrier. For example, since line information such as a telephone number is managed by each telecommunications carrier, the telecommunications carrier is estimated from the telephone number. Similarly, the network operator can be estimated from the network information such as the IP address and the identification information of the terminal or the network operator included in the HTTP user agent.

  Here, the identification accuracy of the carrier based on each parameter varies depending on the type and value of the parameter. Therefore, based on this identification accuracy, the relationship between the parameter and the communication carrier is stored as a probability value, for example, in a predetermined table.

Specifically, the terminal information serving as the parameter may be reassigned and updated across telecommunications carriers. In this case, the communication carrier cannot be uniquely identified unless the DB is updated in response to the reallocation.
For example, with MNP (Mobile Number Portability), the user can change the carrier without changing the phone number, so the carrier cannot be uniquely specified from the phone number or the group of phone numbers.
In addition, there is a process of returning and reassigning an IP address to JPNIC (Japan Network Information Center). As a result, the returned IP address may be assigned to another telecommunications carrier, so that the telecommunications carrier cannot be uniquely specified from the IP address.
In addition, it may be difficult for the HTTP user agent to identify the communication carrier, for example, if the authentication interface is not created by HTTP, it will be blank.

FIG. 3 is a diagram showing a user table stored in the communication carrier DB 11 according to the present embodiment.
The user table stores reliability data indicating the probability that the user belongs to the carriers A, B, and C for each group (key information) of the telephone number (user) that is a parameter of the standard API.
For example, each piece of reliability data is a real number between 0 and 1, and is distributed so that the sum of reliability data for key information is 1.

  Here, differences in only the lower digits of the telephone number are managed as the same group. For example, in the case of a group that ignores the difference of the lower 4 digits and is distinguished by the upper 7 digits, this group includes 10,000 telephone numbers. Further, in the case of a group that ignores the difference of the lower 3 digits and is distinguished by the upper 8 digits, this group includes 1000 telephone numbers. Each group included in the table may have a different granularity, and can be set as appropriate.

FIG. 4 is a diagram showing a network table stored in the telecommunications carrier DB 11 according to the present embodiment.
The network table indicates the probability that the user belongs to the carriers A, B, and C, as in the user table (FIG. 3), for each (key information) group of the IP address (network) that is a parameter of the standard API. Store confidence data.

  Here, the key information includes a prefix indicating the granularity of the group together with an IP address indicating the group. For example, when the prefix is 24, this group indicates a group of IP addresses having a common 24-bit network address, and the difference of the lower 8 bits is ignored. When the prefix is 30, this group indicates a group of IP addresses having a common 30-bit network address, and the difference between the lower 2 bits is ignored. Each group included in the table may have a different granularity, and can be set as appropriate.

As shown in FIGS. 3 and 4, the reliability data is managed in groups, so that the number of items in the communication provider DB 11 is significantly reduced.
When the data is large or the group granularity is small, the table may be distributed and held in a plurality of servers in order to suppress an increase in DB size and search time. This distributed processing reduces processing addition. In order to improve processing efficiency, distributed processing in consideration of locality is preferable, such as arranging tables including spaces close to each other on the same server.

The mapping DB 12 stores a conversion rule between a standard API data format and an API data format unique to the authentication server 40 of each communication carrier.
The unique authentication API is created depending strongly on the program logic of each telecommunications carrier, for example, the SOAP format is used in some telecommunications carriers and the REST format is used in other telecommunications carriers. Therefore, the conversion rule is determined for each communication carrier.

  In the mapping table stored in the mapping DB 12, the standard API is defined by the standard schema, and the unique API is defined by the unique schema. Here, the unique schema includes, in addition to the XML schema, WSDL in which SOAP format service specifications are described, WADL in which REST format service specifications are described, and the like.

  The service execution control unit 13 holds an interface corresponding to the protocol or transmits / receives a message to / from an external device. Specifically, in order to execute transmission / reception related to the standard API request from the content server 30, an interface corresponding to each Web service protocol (for example, SOAP format or REST format) is held.

In addition, at the time of API call substitution, the service execution control unit 13 accompanies the terminal information of the user terminal 20 and determines whether or not the user attribute information (age) of any of the plurality of communication carriers satisfies the specified condition. An authentication request is received in a standard API format. In response to this, the service execution control unit 13 grasps the processing sequence that occurs sequentially, such as the authorization authorization of the caller and the selection of the callee, and performs a series of controls for executing processing requests to the respective processing units. .
Then, the service execution control unit 13 returns the authentication result converted into the standard API format to the content server 30 that is the transmission source of the authentication request.

The authentication unit 14 performs identity guarantee for the CGM provider that is the API request source. The contractor information such as age that the telecommunications carrier has is personal information and cannot be provided to an unspecified CGM carrier. Therefore, the identification data of the official CGM carrier who is permitted to respond to the authentication request in advance is stored. .
Specifically, the authentication request includes business data that identifies the CGM business that is the transmission source, and the authentication unit 14 determines that the business data is present in the stored predetermined identification data. If the authentication is successful, if it does not exist, the authentication is failed and an error is returned to the request source.

The determination unit 15 determines the rank of the communication carrier estimated that the user is contracted by the determination process described later using the reliability data of the communication carrier DB 11 based on the terminal information that is a parameter of the standard API. To do.
Further, the determination unit 15 updates the reliability data by an update process described later according to the authentication result obtained from the authentication server 40.

  The API conversion unit 16 converts the data format of the standard API into the data format of the specific API of the carrier according to the conversion rule of the mapping table. Further, the API conversion unit 16 calls the specific API to the authentication server 40 of the corresponding communication carrier using the converted data format. When the API conversion unit 16 receives an authentication result that is a return value of the specific API, the API conversion unit 16 reversely converts the authentication result into a data format of the standard API.

  Here, the API conversion unit 16 can obtain the authentication result from the authentication server 40 of the communication carrier that actually has the subscriber information including the age information of the user, or a plurality of communication in the communication carrier DB 11 and the mapping DB 12. Until an authentication request is made to all of the carriers, the authentication requests are transmitted in order from the communication carrier having the highest order calculated by the determination unit 15.

FIG. 5 is a sequence diagram showing a flow of processing in the authentication system 1 according to the present embodiment.
When the content server 30 calls a standard API in response to a content request from the user terminal 20 (step S1), the service execution control unit 13 first causes the authentication unit 14 to authenticate the CGM provider (step S2).

  When the CGM provider is authenticated, the service execution control unit 13 causes the determination unit 15 to determine the communication provider to which the user belongs (step S3). Subsequently, the service execution control unit 13 causes the API conversion unit 16 to convert the data format of the standard API into the data format of the determined unique API of the communication carrier (step S4).

The API conversion unit 16 calls the unique API using the converted data format (step S5), and causes the authentication server 40 to perform age authentication (step S6). When the API conversion unit 16 receives the authentication result as the return value of the unique API from the authentication server 40 (step S7), the API conversion unit 16 converts the authentication result from the data format of the specific API to the data format of the standard API (step S8).
The service execution control unit 13 responds to the content server 30 with the authentication result received from the API conversion unit 16 as a return value of the standard API (step S9).

  Thereafter, the service execution control unit 13 causes the determination unit 15 to perform an update process of the communication carrier DB 11 according to the authentication result (step S10).

  Next, the determination process (A) by the determination unit 15 in the sequence, the authentication proxy process (B) by the API conversion unit 16, and the update process (C) by the determination unit 15 will be described in detail.

FIG. 6 is a flowchart showing determination processing by the determination unit 15 according to the present embodiment.
In step S11, the determination unit 15 performs a loop as many as the number of terminal information (for example, “user”, “network”, and “agent”) (i = 0, 1, 2). Reliability data for each communication carrier for each terminal information is acquired from the carrier DB 11.
For example, when “i = 0”, the array responseivity [0] [] = (0.8, 0.1) as trust information from the user table (FIG. 3) for “user = 080-1111-1111”. , 0.1).

In step S13, the determination unit 15 performs a loop for the number (N) of communication carriers (j = 0,..., N−1), and further performs a loop for the number of terminal information in step S14 (k = 0). , 1, 2). In step S _<b > 15, the determination unit 15 uses, as an index for estimating which telecommunications carrier the user has contracted with, the reliability data total power for each telecommunications carrier (reliability for N _j = “user” × “ (reliability for “network” × reliability for “agent”).

In step S <b> 16, the determination unit 15 ranks communication carriers. For example, the determination unit 15 sorts the total power (N _j ) calculated in step S15 in descending order, and obtains a rearranged list of communication carriers “S ′ _j = Sort (S _j )”.
Note that, when the total power (N _j ) is the same among the communication carriers, the determination unit 15 compares the reliability with respect to “user”, for example, according to the priority of the terminal information. The reliability for “agent” is compared in order, and the larger one is prioritized.

In step S17, the determination unit 15 outputs the ranked result (S ′ _j ) as a return value.
The output form of the ranking result is not limited to this. For example, the determination unit 15 may give and output a ranking value for each communication carrier.

FIG. 7 is a flowchart showing authentication proxy processing by the API conversion unit 16 according to the present embodiment.
In step S <b> 21, the API conversion unit 16 reads the order of communication carriers that call the specific API from the ranking result output by the determination process (FIG. 6). Note that the initial value is “i = 0”.

  In step S22, the API conversion unit 16 refers to the specific schema of the target communication carrier in the mapping DB 12, and converts the authentication request into the data format of the specific API.

  In step S23, the API conversion unit 16 calls the specific API of the target authentication server 40 with the converted data format.

  In step S24, the API conversion unit 16 determines whether or not the return value (result) is an error. If this determination is YES, it is determined that the subscriber information does not exist in the target communication carrier, that is, the user belongs to another communication carrier, and the process proceeds to step S25. On the other hand, if the determination is NO, since the contractor information exists and the result of age authentication is obtained correctly, the process proceeds to step S27.

  In step S <b> 25, the API conversion unit 16 determines whether or not there remains a communication carrier that has not made an authentication request (i <N). If this determination is YES, the process proceeds to step S26, and if the determination is NO, the process proceeds to step S27.

  In step S26, the API conversion unit 16 sets “i = i + 1” to select the next communication carrier, and the process returns to step S21.

  In step S27, the API conversion unit 16 converts the return value (result) of the specific API into the data format of the standard API. This return value includes the result of age verification or an error.

  In step S28, the API conversion unit 16 returns an authentication result as a return value of the standard API.

FIG. 8 is a diagram illustrating a first update process performed by the determination unit 15 (update unit) according to the present embodiment.
This process occurs when, for example, specific contractor information is moved to another carrier by MNP or the like, and the call destination of the specific API is different from the assumption. In this case, there is an error in the reliability data for the specific terminal information.

  The determination unit 15 obtains an authentication result determined to have the contractor information from a communication carrier different from the highest communication carrier determined by the first reliability data for the group to which the user terminal 20 belongs. In this case, the new reliability data unique to the user terminal 20 (second reliability data) is stored in the communication provider DB 11 separately from the first reliability data for the group.

  For example, when only “user” = “080-1111-1111” is input as the terminal information, the determination unit 15 sets the calling order in the order of A, B, and C according to the user table before update. However, in reality, the contractor information of the user corresponding to “user” = “080-1111-1111” and “080-1111-2222” has been transferred from the communication carrier A to the communication carrier B. Therefore, the API conversion unit 16 does not obtain an authentication result based on the contractor information from the communication carrier A, and obtains an authentication result from the communication carrier B.

At this time, the determination unit 15 adds an exception record whose key information is “080-1111-1111” in the user table. The reliability data (second reliability data) of the record to be added is, for example, “1” for the carrier B who has obtained the authentication result and “0” for the others.
Similarly, when there is an authentication request of “user” = “080-1111-2222”, an exception record with key information “080-1111-2222” is added.

FIG. 9 is a diagram illustrating a second update process performed by the determination unit 15 (update unit) according to the present embodiment.
This process occurs, for example, when a specific group of subscriber information is moved to another carrier by reassigning the IP address space, and the call destination of the specific API is different from the assumption. In this case, there is an error in the reliability data for a specific group of terminal information.

  The determination unit 15 repeats the first update process described above, and when an exception record that originally belonged to the same group exceeds a predetermined amount, the determination unit 15 determines that the entire original group has moved to another telecommunications carrier. The record is deleted and the first reliability data for the group is updated.

  For example, when there is an authentication request for a user belonging to the key information “080-1112-xxxx”, the determination unit 15 sets the calling order in the order of A, B, and C according to the user table before the update. However, in reality, the contractor information of the user corresponding to “user” = “080-1112-xxxx” has been transferred from the communication carrier A to the communication carrier B. Therefore, the determination unit 15 creates exception records by the first update process.

  When the number of exception records exceeds a certain number, the determination unit 15 updates the reliability data for the key information “080-1112-xxxx”. For example, the reliability data may be replaced or added / subtracted to a certain value so that the communication carrier B that has obtained the authentication result has the highest order. Others may be initialized to “0” with “1”.

  Further, every time an exception record is added, the determination unit 15 decreases the value of the wrong communication carrier by a certain value (for example, the number belonging to 1 / group) and increases the value of the correct communication carrier. Good. In this case, the determination unit 15 determines that the first reliability data is incorrect when the value of the highest carrier is smaller than a predetermined value, and performs the above replacement, addition / subtraction, initialization, etc. Update data.

As described above, according to the present embodiment, the API conversion apparatus 10 can convert the data format so as to correspond to each communication carrier when there are a plurality of specific APIs having different specifications for each communication carrier. Therefore, a common standard API can be provided to CGM operators. As a result, the CGM provider can perform authentication by using the contractor information held by one of the communication carriers without being aware of the communication carrier with whom the service user has a contract. As a result, the CGM provider can construct a logic that does not depend on the communication provider at the time of service implementation, and the maintenance cost of the software is improved, so that the operation cost is reduced.
In this way, the CGM operator can efficiently authenticate the user attribute information using the contractor information held by any of the plurality of communication carriers.

  Furthermore, since the API conversion apparatus 10 can perform ranking based on reliability data in a situation where the telecommunications carrier cannot be uniquely identified from the user terminal information, it is useless with the telecommunications carrier that does not have the contractor information. The generation of transactions can be suppressed and the authentication process can be made more efficient.

Moreover, since the API conversion apparatus 10 can update reliability data according to the authentication result, the calling order can be optimized.
The API conversion device adds the second reliability data as an exception when there is an error in the estimation of the communication carrier, so that the estimation accuracy can be improved and the authentication process can be made efficient.
Furthermore, since the exception is deleted and the first reliability data is updated when the exception data exceeds a predetermined amount, an increase in processing load can be suppressed while improving the estimation accuracy.

  Further, since the API conversion apparatus 10 can authenticate the validity of the CGM carrier that is the authentication request source, the contractor information that the communication carrier has can be safely used only within a specific range.

  The API conversion apparatus 10 uses a telephone number, an IP address, and an HTTP user agent as terminal information with high identification accuracy when estimating a communication carrier, and manages each reliability data to improve the estimation accuracy. , Processing can be made more efficient.

  As mentioned above, although embodiment of this invention was described, this invention is not restricted to embodiment mentioned above. Further, the effects described in the present embodiment are merely a list of the most preferable effects resulting from the present invention, and the effects of the present invention are not limited to those described in the present embodiment.

  In the above-described embodiment, age authentication has been described as an example. However, the present invention can also be applied to authentication based on other contractor information (for example, age, sex, address, etc.) possessed by a communication carrier.

  The API conversion apparatus 10 is configured by an information processing apparatus (computer). The API conversion apparatus 10 may be conceptually configured as a single computer, and may be configured as a plurality of computers as a physical entity.

  The control method executed by the computer is realized by software. When realized by software, a program constituting the software is installed in a computer. Also, these programs may be recorded on a removable medium such as a CD-ROM and distributed to the user, or may be distributed by being downloaded to the user's computer via a network.

1 Authentication System 10 API Conversion Device (Control Device)
11 Communication carrier DB (storage unit)
12 Mapping DB
13 Service execution control unit (reception unit, transmission unit)
14 Authentication part 15 Judgment part (update part)
16 API conversion unit (conversion unit)
20 User terminal (communication terminal)
30 content server 40 authentication server

Claims (8)

A storage unit that stores, for each group of identification data of a communication terminal, first reliability data indicating a probability that a user of the communication terminal in the group contracts with each of a plurality of communication carriers;
An authentication request is received in a predetermined common format as to whether or not the attribute information of the user possessed by one of the plurality of communication carriers satisfies the specified condition, with identification data of the communication terminal used by the user. A receiver,
A determination unit that determines a rank of a communication carrier that is estimated to be contracted by the user based on the first reliability data based on the identification data;
Until the authentication result is obtained from the telecommunications carrier having the attribute information or until an authentication request is made to all of the plurality of telecommunications carriers, the order calculated by the determination unit in order from the telecommunications carrier is high, Converting the authentication request into a format unique to the carrier and transmitting it to the authentication system of the carrier, and receiving the authentication result, a conversion unit for converting the authentication result into a predetermined common format;
A control unit comprising: a transmission unit that returns an authentication result converted into the common format to a transmission source of the authentication request.   The control device according to claim 1, further comprising an update unit that updates the first reliability data according to the authentication result.   The update unit obtains an authentication result determined to have the attribute information from a communication carrier different from the highest-level communication carrier determined by the first reliability data for the group to which the communication terminal belongs. 3. The control device according to claim 2, wherein, when received, the second reliability data for the communication terminal is stored separately from the first reliability data.   4. The control device according to claim 3, wherein when the second reliability data exceeds a predetermined amount, the update unit deletes the second reliability data and updates the first reliability data. 5. . The authentication request includes provider data for identifying a service provider that is a transmission source of the authentication request,
5. The control device according to claim 1, further comprising: an authentication unit configured to authenticate that the business operator data is predetermined data that is permitted to respond to the authentication request.   The control device according to claim 1, wherein the identification data includes any one of a telephone number, an IP address, and an HTTP user agent. A method for controlling authentication requests by a computer,
The computer stores, for each group of identification data of a communication terminal, first reliability data indicating a probability that a user of the communication terminal in the group contracts with each of a plurality of communication carriers,
An authentication request is received in a predetermined common format as to whether or not the attribute information of the user possessed by one of the plurality of communication carriers satisfies the specified condition, with identification data of the communication terminal used by the user. Receiving step;
A determination step of determining a rank of a communication carrier estimated that the user is contracted based on the first reliability data based on the identification data;
Until the authentication result is obtained from the telecommunications carrier having the attribute information or until an authentication request is made to all of the plurality of telecommunications carriers, the telecommunications carrier having the higher rank calculated in the determination step in order, Converting the authentication request into a format specific to the carrier and transmitting it to the authentication system of the carrier, and converting the authentication result into a predetermined common format upon receiving the authentication result;
A control method in which the computer executes a transmission step of returning an authentication result converted into the common format to a transmission source of the authentication request. A control program for causing a computer to control authentication requests,
The computer stores, for each group of identification data of a communication terminal, first reliability data indicating a probability that a user of the communication terminal in the group contracts with each of a plurality of communication carriers,
An authentication request is received in a predetermined common format as to whether or not the attribute information of the user possessed by one of the plurality of communication carriers satisfies the specified condition, with identification data of the communication terminal used by the user. Receiving step;
A determination step of determining a rank of a communication carrier estimated that the user is contracted based on the first reliability data based on the identification data;
Until the authentication result is obtained from the telecommunications carrier having the attribute information or until an authentication request is made to all of the plurality of telecommunications carriers, the telecommunications carrier having the higher rank calculated in the determination step in order, Converting the authentication request into a format specific to the carrier and transmitting it to the authentication system of the carrier, and converting the authentication result into a predetermined common format upon receiving the authentication result;
A control program for causing the computer to execute a transmission step of returning an authentication result converted into the common format to a transmission source of the authentication request.

Images