JP2017049691A - Information processing device, information processing system, information providing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing device for providing prescribed information to a user information terminal and capable of reducing illegal uses by a third party regardless of security countermeasures on an information terminal side.SOLUTION: An information processing device for providing prescribed information to the information terminal connected via a network comprises: a first authentication unit which authenticates the account which uses the information terminal on the basis of the account information registered in advance; a management unit which creates the first identification information corresponding to the account and stores the created information in a storage unit when the authentication by the first authentication unit is permitted; a transmission unit which transmits the created first identification information to the information terminal; a second authentication unit which permits authentication of the request information received from the information terminal when the request information contains the first identification information stored in the storage unit; and a provision unit which provides the prescribed information to the information terminal according to the request information in which the authentication is permitted by the second authentication unit.SELECTED DRAWING: Figure 4

Description

  The present invention relates to an information processing apparatus, an information processing system, an information providing method, and a program.

  2. Description of the Related Art A service providing system that provides information tailored to a user's preferences and preferences via a network such as the Internet to information terminals such as PCs (Personal Computers), tablet terminals, and smartphones used by users is known. Yes.

  In addition, when a user logs in to a service providing system using a web browser or the like from an information terminal, a technology that simplifies the login process by transmitting a cookie including user authentication information and the like. It is known (see, for example, Patent Document 1).

  In such an authentication method using cookies, a web browser or the like stores user authentication information or the like as cookie information in an information terminal. In some cases, it is not sufficient compared to the communication path. In addition, when a third party illegally obtains this cookie information and requests access to the service providing system, there is a problem that it is difficult for the web server side to detect the impersonation of the user.

  As described above, in the conventional technology, in an information processing apparatus (service providing system or the like) that provides predetermined information to a user's information terminal, unauthorized use by a third party without using security measures on the information terminal side. It was difficult to reduce this.

  Embodiments of the present invention have been made in view of the above-described problems. In an information processing apparatus that provides predetermined information to a user's information terminal, the first embodiment does not depend on security measures on the information terminal side. An object of the present invention is to provide an information processing apparatus that reduces unauthorized use by three parties.

  In order to solve the above problems, an information processing apparatus according to an embodiment of the present invention is an information processing apparatus that provides predetermined information to an information terminal connected via a network, and includes pre-registered account information. A first authentication unit that authenticates an account that uses the information terminal, and a first identification information corresponding to the account when authentication by the first authentication unit is permitted, and a storage unit A management unit stored in the transmission unit, a transmission unit that transmits the created first identification information to the information terminal, and the first identification information stored in the storage unit in the request information received from the information terminal. If included, a second authenticating unit that permits authentication of the request information, and a providing unit that provides the predetermined information to the information terminal according to the request information that has been authenticated by the second authenticating unit When, A.

  According to an embodiment of the present invention, in an information processing apparatus that provides predetermined information to a user's information terminal, information processing that reduces unauthorized use by a third party without relying on security measures on the information terminal side An apparatus can be provided.

It is a figure showing an outline of an information processing system concerning one embodiment. It is a figure which shows the structural example of the hardware of the computer which concerns on one Embodiment. It is a functional block diagram of the service provision system which concerns on 1st Embodiment. It is a function block diagram of the authentication part which concerns on 1st Embodiment. It is a figure which shows the example of the management data which concern on 1st Embodiment. It is a functional lineblock diagram of the information terminal concerning a 1st embodiment. It is a flowchart which shows the example of a process of the service provision system which concerns on 1st Embodiment. It is a flowchart which shows the example of the memory | storage process of the terminal identification information which concerns on 1st Embodiment. It is a sequence diagram which shows the example of a process of the information processing system which concerns on 1st Embodiment. It is a figure which shows the example of the display screen of the information terminal which concerns on 1st Embodiment. It is a figure which shows the example of the information which the terminal identification information storage part which concerns on 2nd Embodiment memorize | stores. It is a flowchart which shows the example of a process of the service provision system which concerns on 2nd Embodiment. It is a figure which shows the example of the information which the terminal identification information storage part which concerns on 3rd Embodiment memorize | stores. It is a flowchart which shows the example of the storage process of the terminal identification information which concerns on 3rd Embodiment. It is a figure which shows the example of the information which the terminal identification information storage part which concerns on 4th Embodiment memorize | stores. It is a flowchart which shows the example of the memory | storage process of the terminal identification information which concerns on 4th Embodiment.

  Embodiments of the present invention will be described below with reference to the accompanying drawings.

<System configuration>
First, an outline of the information processing system will be described.

  FIG. 1 is a diagram illustrating an overview of an information processing system according to an embodiment. The information processing system 100 includes, for example, a service providing system 110 connected to a network 140 such as the Internet or a LAN (Local Area Network), an external system 120, and an information terminal 130.

  The service providing system 110 acquires predetermined information from the external system 120 or the like, and uses the acquired information to provide various information and services to the user of the information terminal 130, or a plurality of information processing apparatuses It is a system including

  As a preferred example, the service providing system 110 distributes apartment information, city information, and the like to condominium residents.

  For example, the service providing system 110 uses the information acquisition unit 111 to acquire apartment information, surrounding area information, and the like from the external system 120 connected via the network 140 and stores the acquired information as information. Store in the unit 114. In addition, the service providing system 110 authenticates the user information terminal 130 using the access control unit 112, and uses the service providing unit 113 for various information (services) for the information terminal 130 for which authentication is permitted. Example).

  The service providing unit 113 includes, for example, an energy information providing unit 113a, an environment information providing unit 113b, an event information providing unit 113c, a commercial facility information providing unit 113d, a medical information providing unit 113e, and a mansho information providing unit 113f. .

  The energy information providing unit 113a provides, for example, information on usage fees and charges for electricity, gas, water, etc. of the user's residence. The environment information providing unit 113b provides information on the environment such as weather and temperature in the area where the user lives, for example. The event information providing unit 113c provides information related to various events held in a region where the user resides. The commercial facility information providing unit 113d provides, for example, information related to the area where the user lives and commercial facilities such as the nearest station.

  The medical information providing unit 113e provides, for example, information related to medical care in the area where the user resides. The apartment information providing unit 113f provides information on apartments such as information on shared facilities and management associations to residents of the apartments, for example.

  The external system 120 is, for example, an information processing system that provides a cloud service, and includes an energy information management system 121, an environment information management system 122, a regional information management system 123, and the like in the example of FIG.

  The energy information management system 121 collects information such as usage of electricity, gas, water, etc. from a plurality of houses including the above-mentioned apartments. Provide information on gas and water usage and charges.

  The environment information management system 122 acquires, for example, environment information such as weather, temperature, and humidity in a plurality of areas, and provides the service providing system 110 with environment information of the area where the apartment is located.

  The regional information management system 123 collects, for example, information on events in the area where the apartment is located, information on commercial facilities, information on medical institutions, information on apartments, and provides information to the service providing system 110, for example. To do.

  The information terminal 130 is a terminal device for a user to use the service providing system 110, and includes, for example, an interphone 131, a PC (Personal Computer) 132, a tablet terminal 133, a smartphone 134, and the like.

  The interphone 131 is, for example, an information terminal 130 provided in a condominium, and includes a display device. The PC 132, the tablet terminal 133, and the smartphone 134 are general-purpose information terminals 130 that are connected to the network 140 and can communicate with the service providing system 110.

  In the above configuration, the user of the service providing system 110 accesses the service providing system 110 using, for example, a web browser of the information terminal 130.

  When the request information from the information terminal 130 does not include terminal identification information described later, the service providing system 110 requests input of user authentication information (for example, user ID, password, etc.). Further, when authentication of the input authentication information is permitted, the service providing system 110 creates identification information (hereinafter referred to as terminal identification information) of the information terminal 130 corresponding to the user's account, and the created terminal The identification information is stored in the information storage unit 114 or the like. Further, the service providing system 110 transmits the created terminal identification information to the information terminal 130.

  The web browser or the like of the information terminal 130 stores the terminal identification information received from the service providing system 110 in, for example, cookie information instead of the user authentication information. Accordingly, when the service providing system 110 is used, the user terminal authentication information is not stored in the information terminal 130.

  Further, when the information terminal 130 requests the service providing system 110 to provide information, the information terminal 130 transmits the request information including the received terminal identification information. For example, the information terminal 130 transmits a cookie including terminal identification information together with request information requesting the service providing system 110 to provide information.

  When the request information received from the information terminal 130 includes the terminal identification information stored in the information storage unit 114, the access control unit 112 of the service providing system 110 permits authentication of the request information. In addition, the service providing unit 113 of the service providing system 110 provides the requested information to the information terminal 130 that transmitted the request information in response to the permission request information for authentication.

  Thus, in the information processing system 100 according to the present embodiment, when the service providing system 110 is used, the user terminal authentication information is not stored in the information terminal 130. Therefore, even when the security measures of the information terminal 130 are insufficient, it is possible to reduce the risk of unauthorized acquisition of user authentication information by a third party.

  In the present embodiment, the service providing system 110 can easily invalidate the terminal identification information by deleting the terminal identification information from the information storage unit 114.

  For example, when the user of the information terminal 130 logs out, the service providing system 110 deletes the terminal identification information transmitted to the information terminal 130 from the information storage unit 114. As a result, even if a third party illegally obtains cookie information including terminal identification information from the information terminal 130, after the user of the information terminal 130 logs out, a service is provided using the illegally obtained cookie information. The system 110 cannot be used.

  As described above, according to the present embodiment, in the service providing system 110 that provides predetermined information to the information terminal 130 of the user, unauthorized use by a third party is possible regardless of the security measures on the information terminal 130 side. Can be reduced.

  In addition, said description is an example and does not limit the scope of the present invention. For example, the service providing system 110 may provide services to users other than condominiums, for example, users such as town councils, shopping streets, and companies. Further, the service providing unit 113 may provide information other than the information shown in FIG.

  The user authentication information may be authentication information other than the user ID and password. For example, the user authentication information may include certificate information, a terminal ID, a contract ID, a mail address, a My Number of My Number system, and the like.

  Furthermore, the service providing system 110 provides information based not only on information acquired from the external system 120 but also on information managed in the service providing system 110, information acquired from the information terminal 130, and the like. Also good.

  Furthermore, the service providing unit 113 may be realized by a plurality of information processing apparatuses.

<Hardware configuration>
The hardware configuration of the service providing system 110 and the external system 120 according to the present embodiment includes an information processing apparatus having a general computer configuration or a combination of information processing apparatuses. Further, the hardware configuration of the information terminal 130 has a general computer configuration. Here, a typical hardware configuration example of a computer will be described.

  FIG. 2 is a diagram illustrating a hardware configuration example of a computer according to an embodiment. The computer 200 includes, for example, a CPU (Central Processing Unit) 201, a RAM (Random Access Memory) 202, a ROM (Read Only Memory) 203, a storage unit 204, a network I / F (Interface) unit 205, an input unit 206, and a display unit. 207, an external I / F unit 208, a bus 209, and the like.

  The CPU 201 is an arithmetic device that implements each function of the computer 200 by reading a program, data, and the like stored in the ROM 203, the storage unit 204, and the like onto the RAM 202 and executing processing. The RAM 202 is a volatile memory used as a work area for the CPU 201. The ROM 203 is a non-volatile memory that retains programs and data even when the power is turned off, and is configured by, for example, a flash ROM. The storage unit 204 is a storage device such as an HDD (Hard Disk Drive) or an SSD (Solid State Drive), and stores, for example, an OS (Operation System), applications, various data, and the like.

  A network I / F unit 205 is a communication interface such as a wired / wireless LAN for connecting the computer 200 to a network and transmitting / receiving data to / from other computers, electronic devices, and the like.

  The input unit 206 is an input device such as a keyboard, a mouse, or a touch panel that accepts an input for operating the computer 200. The display unit 207 is a display device such as an LCD (Liquid Crystal Display) that displays the processing results of the computer 200. Note that the input unit 206 or the display unit 207 may be provided outside the computer 200. Alternatively, the input unit 206 and the display unit 207 may be an integrated display input unit such as a touch panel display, for example.

  The external I / F unit 208 is an interface for connecting an external device to the computer 200. The external device includes, for example, a recording medium such as a USB (Universal Serial Bus) memory, a memory card, an optical disk, and various electronic devices.

  The bus 209 is commonly connected to each of the above components, and transmits an address signal, a data signal, various control signals, and the like.

<Functional configuration>
Next, the functional configuration of the service providing system 110 will be described.

[First Embodiment]
(Functional configuration of service providing system)
FIG. 3 is a functional configuration diagram of the service providing system according to the first embodiment. The service providing system 110 implements, for example, an application unit 310, a platform unit 320, a management data unit 330, a platform API (Application Programming Interface) 340, and the like by executing predetermined programs by the computer 200 shown in FIG. ing.

  The application unit 310 includes, for example, a first information providing application unit 311, a second information providing application unit 312, and a third information providing application unit 313. The first information providing application unit 311 is an application corresponding to one of the information providing units included in the service providing unit 113 in FIG. 1, for example. The same applies to the second information providing application unit 312 and the third information providing application unit 313.

  The first information providing application unit 311 realizes, for example, a web service corresponding to the energy information providing unit 113a in FIG. 1 and uses the usage amount of electricity, gas, water, etc. according to the request information permitted for authentication. Information about the fee is provided to the information terminal 130 of the user.

  Further, the second information providing application unit 312 realizes a web service corresponding to the environment information providing unit 113b in FIG. 1, for example, and information on the environment such as weather and temperature according to the request information permitted for authentication. Is provided to the information terminal 130 of the user.

  Further, the third information providing application unit 313 realizes, for example, a web service corresponding to the event information providing unit 113c in FIG. 1 and provides information on local events and the like according to request information permitted for authentication. Provided to the information terminal 130 of the user.

  In the following description, the first information providing application unit 311, the second information providing application unit 312, the third information providing application unit 313, and the like may be referred to as “information providing application unit”. .

  The platform API 340 is an interface for the application unit 310 to use the platform unit 320. The platform API 340 is a predefined interface provided for the platform unit 320 to receive a request from the application unit 310, and includes, for example, a function or a class. When the service providing system 110 is configured to be distributed among a plurality of information processing apparatuses, for example, a web API that can be used via a network can be used as the platform API.

  The platform unit 320 includes, for example, a communication unit 321, an external system cooperation unit 322, an authentication unit 323, an account information management unit 324, a data access unit 325, and the like.

  The communication unit 321 connects the service providing system 110 to the network 140 using, for example, the network I / F unit 205 of FIG. 2 and performs communication with the external system 120, the information terminal 130, and the like.

  The external system cooperation unit 322 acquires predetermined information from the external system 120 via the communication unit 321, and stores the acquired information in the data storage 333 or the like via the data access unit 325. The external system cooperation unit 322 corresponds to, for example, the information acquisition unit 111 in FIG.

  The authentication unit 323 performs authentication processing of the information terminal 130 or the like that uses the service providing system 110. The authentication unit 323 corresponds to, for example, the access control unit 112 in FIG. For example, as shown in FIG. 4, the authentication unit 323 includes an account authentication unit 401, a terminal identification information management unit 402, a terminal identification information transmission unit 403, a terminal identification information authentication unit 404, and the like.

  FIG. 4 is a functional configuration diagram of the authentication unit according to the first embodiment.

  The account authentication unit (first authentication unit) 401 uses the information terminal 130 based on the account information stored in the account information storage unit 332 that stores account information registered in the service providing system 110 in advance. Authenticate. The account includes, for example, users, contractors, households, etc. registered in the service providing system 110. Here, the following description will be made assuming that the account is a user.

  For example, when the terminal identification information is not included in the request information received from the information terminal 130, the account authentication unit 401 requests the user of the information terminal 130 to input authentication information (for example, user ID, password, etc.). To do. For example, when a combination of a user ID and a password input by the user is stored in the account information storage unit 332, the account authentication unit 401 permits the user authentication.

  For example, account information as shown in FIG. 5A is stored in the account information storage unit 332. In the example of FIG. 5A, for example, a user ID that is user identification information and a password corresponding to the user ID are stored in the account information. For example, in the example of FIG. 5A, it is indicated that the password corresponding to the user ID “aaa” is “AAA”.

  The terminal identification information management unit 402 in FIG. 4 creates terminal identification information (first identification information) corresponding to a user (account) authorized by the account authentication unit 401, and uses the created terminal identification information as a terminal. The identification information storage unit (storage unit) 331 stores the identification information. An example of the terminal identification information stored in the terminal identification information storage unit 331 is shown in FIG.

  In the example of FIG. 5B, the terminal identification information is stored in the terminal identification information storage unit 331 in association with information such as “user ID”, “terminal information”, and “issue date”.

  “User ID” is identification information of a user (account). In this embodiment, the terminal identification information management unit 402 manages terminal identification information corresponding to one user ID so as not to exceed a predetermined number (for example, three). Therefore, in the example of FIG. 5B, the terminal identification information storage unit 331 can store three pieces of terminal identification information for one user ID.

  “Terminal information” is information for identifying the information terminal 130. For example, a user can use the service providing system 110 with up to three information terminals 130 such as the interphone 131, the PC 132, and the tablet terminal in FIG. 1 using one user ID. The terminal identification information management unit 402 stores information for identifying these information terminals 130 as “terminal information” in association with the terminal identification information.

  In the example of FIG. 5B, as an example of information for identifying the information terminal 130, at least a part of the user agent information transmitted from the web browser of the information terminal 130 is stored as “terminal information”. Shall. The user agent information transmitted from the web browser of the information terminal 130 includes, for example, the browser type, browser version, and information terminal 130 information (for example, model name, serial number, manufacturer name, etc.).

  “Issued date / time” is information on the date / time when the terminal identification information management unit 402 created (issued) the terminal identification information.

  If the terminal identification information storage unit 331 has no available space as shown in the user ID “bbb” of FIG. 5B, for example, the terminal identification information management unit 402 deletes the terminal identification information with the oldest issue date and time, The newly created terminal identification information is stored. Note that deleting the terminal identification information with the oldest issue date is merely an example, and the terminal identification information management unit 402 may delete, for example, the terminal identification information with the newest issue date.

  The terminal identification information transmission unit 403 transmits the terminal identification information created by the terminal identification information management unit 402 and stored in the terminal identification information storage unit 331 to the information terminal 130 permitted to authenticate the user.

  If the terminal identification information stored in the terminal identification information storage unit 331 is included in the request information received from the information terminal 130 and requested to provide the service to the service providing system 110, the terminal identification information authentication unit 404 Allow authentication. For example, when the terminal identification information stored in the terminal identification information storage unit 331 is included in the cookie transmitted together with the request information from the information terminal 130, the terminal identification information authentication unit 404 permits authentication of the request information.

  The request information whose authentication is permitted by the terminal identification information authenticating unit 404 is the information providing application unit (first information providing application unit 311, second information providing application unit 312, third information providing application unit) of the application unit 310. 313,... The information providing application unit provides (transmits) the requested information to the information terminal 130 in accordance with the notified request information.

  Returning to FIG. 3, the description of the functional configuration of the service providing system 110 will be continued.

  The account information management unit 324 stores and manages authentication information and the like of an account (such as a user) registered in the service providing system 110 in the account information storage unit 332. For example, the account information management unit 324 stores account information as illustrated in FIG. 5A in the account information storage unit 332 and manages it.

  The data access unit 325 performs processing such as writing and reading of data to the data storage 333 of the management data unit 330.

  The management data unit 330 includes, for example, a terminal identification information storage unit 331, an account information storage unit 332, a data storage 333, and the like.

  The terminal identification information storage unit 331 stores the terminal identification information as shown in FIG. The account information storage unit 332 stores the account information as shown in FIG. The data storage 333 stores other data. The other data includes, for example, information collected by the external system cooperation unit 322 from the external system 120 or the like.

  The platform unit 320 includes functions common to a plurality of application units included in the application unit 310 or basic functions used from the plurality of application units. The function of each unit included in the platform unit 320 is disclosed to the application unit 310 via the platform API 340. In other words, the application unit 310 can use the functions of each unit included in the platform unit 320 within a range disclosed by the platform API 340.

  The configurations of the application unit 310, the platform API 340, the platform unit 320, and the management data unit 330 of the service providing system 110 illustrated in FIG. 3 are merely examples, and do not limit the scope of the present invention. For example, the service providing system 110 does not necessarily have a hierarchical configuration as shown in FIG.

(Functional configuration of information terminal)
FIG. 6 is a functional configuration diagram of the information terminal according to the first embodiment. For example, the information terminal 130 executes a predetermined program by the computer 200 illustrated in FIG. 2, thereby causing the communication unit 601, the input reception unit 602, the authentication request unit 603, the storage unit 604, the information request unit 605, and the display control unit. 606 etc. are realized.

  The communication unit 601 uses the network I / F unit 205 in FIG. 2 to connect the information terminal 130 to the network 140 and communicate with the service providing system 110 and the like.

  The input receiving unit 602 receives a user's input operation to the information terminal 130 using, for example, the input unit 206 of FIG.

  The authentication request unit 603 uses the user authentication information (for example, user ID, password, etc.) received by the input receiving unit 602 to transmit authentication request information for requesting user authentication to the service providing system.

  The storage unit 604 stores the terminal identification information transmitted from the service providing system 110 in, for example, the RAM 202 and the storage unit 204 shown in FIG.

  The information request unit 605 uses the terminal identification information transmitted from the service providing system 110 to transmit request information for requesting provision of information to the service providing system 110. For example, the information request unit 605 transmits a cookie including the terminal identification information transmitted from the service providing system 110 to the service providing system 110 together with the request information.

  The display control unit 606 displays various information provided from the service providing system 110, an authentication screen (login screen), and the like, for example, on the display unit 207 in FIG.

<Process flow>
Next, an example of information processing method processing by the information processing system 100 will be described.

(Service provision system processing)
FIG. 7 is a diagram illustrating an example of processing of the service providing system according to the first embodiment.

  In step S <b> 701, when the service providing system 110 receives the request information from the information terminal 130, the service providing system 110 executes the processes after step S <b> 702.

  In step S702, for example, the terminal identification information authentication unit 404 of the service providing system 110 determines whether the received request information includes terminal identification information. For example, if the terminal identification information is included in the cookie received together with the request information, the terminal identification information authentication unit 404 determines that the request information includes the terminal identification information. On the other hand, when the terminal identification information is not included in the cookie received together with the request information and when the cookie is not received together with the request information, the terminal identification information authenticating unit 404 determines that the terminal identification information is not included in the received request information. to decide.

  When terminal identification information is not included in the received request information, the terminal identification information authentication unit 404 shifts the processing to step S709. On the other hand, when the terminal identification information is included in the received request information, the terminal identification information authentication unit 404 shifts the processing to step S703.

  In step S703, the terminal identification information authentication unit 404 determines whether the terminal identification information included in the request information is valid.

  For example, when the terminal identification information included in the request information is stored in the terminal identification information storage unit 331, the terminal identification information authentication unit 404 determines that the terminal identification information included in the request information is valid. On the other hand, when the terminal identification information included in the request information is not stored in the terminal identification information storage unit 331, the terminal identification information authentication unit 404 determines that the terminal identification information included in the request information is not valid.

  If the terminal identification information included in the request information is not valid, the terminal identification information authentication unit 404 shifts the processing to step S709. On the other hand, when the terminal identification information included in the request information is valid, the terminal identification information authentication unit 404 shifts the processing to step S704.

  First, processing when the process proceeds to step S709 will be described. This process is executed when the information terminal 130 that has transmitted the request information does not have the terminal identification information stored in the terminal identification information storage unit 331.

  In step S709, the account authentication unit 401 displays a login screen 1001 as illustrated in FIG. 10A on the web browser of the information terminal 130, for example. For example, on the login screen 1001, when a user inputs a user ID and password and selects a login button, the account authentication unit 401 accepts user authentication information.

  In step S710, when the account authentication unit 401 receives the account authentication information, the account authentication unit 401 shifts the process to step S711.

  In step S711, the account authentication unit 401 determines whether the received account authentication information (for example, a combination of a user ID and a password) is stored in the account information storage unit 332. Authenticate.

  If the account authentication is not permitted, the account authentication unit 401 shifts the process to step S709 and repeats the same process. On the other hand, when the account authentication is permitted, the account authentication unit 401 shifts the processing to step S712.

  In step S712, the terminal identification information management unit 402 creates terminal identification information corresponding to an account that is permitted to be authenticated, and stores the created terminal identification information in the terminal identification information storage unit 331.

  Note that the terminal identification information created by the terminal identification information management unit 402 may be in any format as long as it is unique identification information within the service providing system 110. For example, the terminal identification information may be a number of 16 digits or more as shown in FIG. 5B, or a character string of 8 bytes or more.

  Also, the terminal identification information creation method by the terminal identification information management unit 402 may be any method. For example, the terminal identification information management unit 402 may create unique terminal identification information based on the issuance date / time, terminal information, user ID, etc., or may be unique based on serial numbers generated sequentially. It may be a device that generates terminal identification information.

  In step S713, the terminal identification information transmission unit 403 transmits the terminal identification information created by the terminal identification information management unit 402 to the information terminal 130 that is permitted to authenticate the account, and the process proceeds to step S701.

  At this time, the information terminal 130 to which the terminal identification information transmission unit 403 has transmitted the terminal identification information has valid terminal identification information stored in the terminal identification information storage unit 331. Accordingly, when the service providing system 110 receives the request information from the information terminal 130 again, the service providing system 110 moves the process to step S704 through steps S701 to S703.

  In step S704, the terminal identification information authentication unit 404 permits authentication of the request information received from the information terminal 130.

  In step S705, the information providing application unit provides (transmits) predetermined information requested from the information terminal 130 to the information terminal.

  In step S706, the terminal identification information management unit 402 determines whether the user of the information terminal 130 has logged out.

  If it is determined that the user of the information terminal 130 has not logged out, the terminal identification information management unit 402 returns the process to step S701, and the service providing system 110 repeats the same process. On the other hand, if it is determined that the user of the information terminal 130 has logged out, the terminal identification information management unit 402 shifts the processing to step S707.

  In step S707, the terminal identification information management unit 402 deletes the terminal identification information transmitted to the information terminal 130 from which the user has logged out from the terminal identification information storage unit 331. As a result, the terminal identification information transmitted to the information terminal 130 logged out by the user becomes invalid and cannot be used when the service providing system 110 is used.

  In step S708, the communication unit 321 performs communication disconnection processing.

  When the service providing system 110 receives the request information including the terminal identification information stored in the terminal identification information storage unit 331, the service providing system 110 provides the requested information to the information terminal 130 that has transmitted the request information.

  On the other hand, when the service providing system 110 receives request information that does not include terminal identification information stored in the terminal identification information storage unit 331, the service providing system 110 displays a login screen on the information terminal 130 that transmitted the request information, and authenticates the user. I do.

  In addition, when the user authentication is permitted, the service providing system 110 creates terminal identification information corresponding to the user, stores the created terminal identification information in the terminal identification information storage unit 331, and user information. It transmits to the terminal 130.

(Storage processing of terminal identification information)
As described above, in this embodiment, the terminal identification information management unit 402 manages the number of terminal identification information corresponding to one account so as not to exceed a predetermined number (for example, three). The method of managing the number of terminal identification information corresponding to one account so that the terminal identification information management unit 402 does not exceed a predetermined number may be any method, but here, as an example, issuance An example of deleting the terminal identification with the oldest date and time will be described.

  FIG. 8 is a flowchart illustrating an example of storage processing of terminal identification information according to the first embodiment.

  For example, when the terminal identification information management unit 402 creates terminal identification information corresponding to an account for which authentication is permitted in step S712 of FIG. 7, the terminal identification information created by the storage processing of the terminal identification information shown in FIG. Is stored in the terminal identification information storage unit 331.

  In step S801, the terminal identification information management unit 402 confirms the free state of the terminal identification information storage unit 331 corresponding to the account that created the terminal identification information.

  In step S802, the terminal identification information management unit 402 determines whether there is a vacancy in the terminal identification information storage unit 331 corresponding to the account that created the terminal identification information.

  For example, in the example of FIG. 5B, the terminal identification information management unit 402 corresponds to the account with the user ID “bbb” because the terminal identification information storage unit 331 corresponding to the account with the user ID “aaa” is empty. It is confirmed that there is no space in the terminal identification information storage unit 331 to be used.

  When the terminal identification information storage unit 331 has a free space, the terminal identification information management unit 402 stores the created terminal identification information in the terminal identification information storage unit 331 (step S804).

  On the other hand, if there is no free space in the terminal identification information storage unit 331, the terminal identification information management unit 402 deletes the terminal identification information having the oldest issue date and time from the terminal identification information storage unit 331 of the account that created the terminal identification information ( Step S803). Thereafter, the terminal identification information management unit 402 stores the created terminal identification information in the terminal identification information storage unit 331 (step S804).

  For example, through the above processing, the terminal identification information management unit 402 can manage the number of terminal identification information corresponding to one account so as not to exceed a predetermined value. Note that the processing in FIG. 8 is merely an example, and the method for managing the number of terminal identification information may be any method.

(Processing of information processing system)
FIG. 9 is a sequence diagram illustrating an example of processing of the information processing system according to the first embodiment. 9 is assumed to be a user who has already been registered in the service providing system 110 and is about to log in to the service providing system 110 using the information terminal 130.

  In step S901, the account authentication unit 401 of the service providing system 110 transmits, for example, a login screen as illustrated in FIG.

  In step S <b> 902, the display control unit 606 of the information terminal 130 displays the login screen received from the service providing system 110 on the display unit 207 of the information terminal 130.

  In step S903, when an input operation of authentication information (user ID, password, etc.) is performed by the user, in step S904, the input receiving unit 602 of the information terminal 130 receives the input of authentication information.

  In step S <b> 904, the authentication request unit 603 of the information terminal 130 transmits the authentication information (account authentication information) of the user who accepted the input to the service providing system 110.

  In step S906, the account authentication unit 401 of the service providing system authenticates user authentication information (account authentication information). Here, as described above, since the user has already been registered in the service providing system 110, the account authentication unit 401 permits user authentication.

  In step S907, the account authentication unit 401 of the service providing system 110 transmits a message indicating that the user authentication has been successful to the information terminal 130.

  In step S908, the terminal identification information management unit 402 of the service providing system 110 creates terminal identification information corresponding to the user's account, and stores the created terminal identification information in the terminal identification information storage unit 331.

  In step S909, the terminal identification information transmission unit 403 of the service providing system 110 transmits the created terminal identification information to the information terminal 130.

  In step S <b> 910, the information terminal 130 that has received the terminal identification information from the service providing system 110 stores the received terminal identification information in the storage unit 604.

  In step S911, for example, when an information request operation is performed by the user, the information request unit 605 of the information terminal 130 transmits request information including the terminal identification information stored in the storage unit 604 to the service providing system 110. .

  In step S913, when receiving the request information from the information terminal 130, the terminal identification information authentication unit 404 of the service providing system 110 authenticates the terminal identification information included in the request information. For example, when the received request information includes the terminal identification information stored in the terminal identification information storage unit 331, the terminal identification information authentication unit 404 permits authentication of the request information. On the other hand, when the received request information does not include the terminal identification information stored in the terminal identification information storage unit 331, the terminal identification information authentication unit 404 does not permit authentication of the request information.

  Here, it is assumed that the received request information includes the terminal identification information stored in the terminal identification information storage unit 331, and authentication of the request information is permitted.

  The service providing unit of the service providing system 110 transmits (provides) the requested information to the information terminal 130 in accordance with the request information whose authentication is permitted by the terminal identification information authenticating unit 404.

  In step S <b> 915, the display control unit 606 of the information terminal 130 displays the information received from the service providing system 110 on the display unit 207 of the information terminal 130. An example of the information display screen displayed on the display unit 207 of the information terminal at this time is shown in FIG.

  The information display screen 1002 shown in FIG. 10B is an example of energy management information provided by the energy information providing unit 113a in FIG. 1, for example, and displays information related to the usage amount of electricity, gas, water, and the like. Yes.

  As described above, in the information processing system 100 according to the present embodiment, the user can use the terminal identification information stored in the information terminal 130 to omit the login operation and easily provide the information to the service providing system 110. Will be able to request.

  At this time, since the user authentication information is not stored in the information terminal 130, even if the information terminal 130 is attacked by malware or the like, the user authentication information does not leak.

  Further, for example, when the user of the information terminal 130 logs out, the service providing system 110 can be easily invalidated by deleting the terminal identification information transmitted to the information terminal 130 from the terminal identification information storage unit 331. it can. Therefore, for example, even when the terminal identification information stored in the information terminal 130 is leaked to a third party, unauthorized use by the third party can be reduced.

[Second Embodiment]
In the first embodiment, an example in which the terminal identification information management unit 402 manages the number of terminal identification information corresponding to one account so as not to exceed a predetermined number has been described. In the second embodiment, an example in which the terminal identification information management unit 402 manages a period in which the terminal identification information can be used will be described.

  FIG. 11 is a diagram illustrating an example of information stored in the terminal identification information storage unit according to the second embodiment.

  FIG. 11A shows an example of terminal identification information stored in the terminal identification information storage unit 331. In the example of FIG. 11A, the terminal identification information is stored in the terminal identification information storage unit 331 in association with information such as “user ID”, “terminal information”, “issue date”, and “expiration date”. ing. Among these, the information of “user ID”, “terminal information”, and “issue date” is the same as the information stored in the terminal identification information storage according to the first embodiment shown in FIG.

  The “expiration date” is an example of information on a period during which the terminal identification information can be used. When the date and time stored in the “expiration date” is reached, the terminal identification information management unit 402 sends the corresponding terminal identification information to the terminal Delete from the identification information storage unit 331.

  Thereby, for example, even when the user of the information terminal 130 does not perform the logout process, the terminal information identification information whose expiration date has passed is automatically invalidated.

  FIG. 11B illustrates another example of terminal identification information stored in the terminal identification information storage unit 331. In the example of FIG. 11B, the period in which the terminal identification information can be used is managed by the “valid period” instead of the “valid period”.

  The “valid period” is an example of information of a period during which the terminal identification information can be used, and the terminal identification information management unit 402 stores the terminal identification information that has passed this “valid period” from the issue date and time. It is deleted from the part 331.

  In the example illustrated in FIG. 11A, the terminal identification information management unit 402 manages the number of terminal identification information corresponding to one account so as not to exceed a predetermined number, as in the first embodiment. Assumes that

  On the other hand, in the example illustrated in FIG. 11B, the terminal identification information management unit 402 does not manage the number of terminal identification information corresponding to one account, and performs terminal identification according to a period in which the terminal identification information can be used. It is assumed that information is managed.

  Thus, the terminal identification information management unit 402 according to the present embodiment deletes terminal identification information that has exceeded the period in which the terminal identification information can be used, from the terminal identification information storage unit 331. Further, the terminal identification information management unit 402 may manage the number of terminal identification information corresponding to one account together as in the first embodiment.

  The method for determining the period in which the terminal identification information can be used may be any method. For example, the interphone 131 installed in the apartment is relatively unlikely to be illegally used by a third party, and it is considered to be troublesome to input authentication information. May be set longer (for example, 24 hours). Further, the smartphone 134 may be misused by a third party due to misplacement, theft, etc., and the usage scene is considered to be mainly moving, so for example, the period in which the terminal identification information can be used is shortened ( For example, it may be set for 2 hours.

<Process flow>
FIG. 12 is a flowchart illustrating an example of processing of the service providing system according to the second embodiment. The processes in steps S701 to S705 and steps S706 to S713 in FIG. 12 are the same as those in the first embodiment shown in FIG.

  In step S <b> 1201, the terminal identification information management unit 402 of the service providing system 110 determines whether the terminal identification information storage unit 331 stores terminal identification information that exceeds the usable period.

  When the terminal identification information storage unit 331 does not store terminal identification information that exceeds the usable period, the terminal identification information management unit 402 causes the process to proceed to step S706.

  On the other hand, when the terminal identification information storage unit 331 stores terminal identification information that exceeds the usable period, the terminal identification information management unit 402 displays the terminal identification information that has exceeded the usable period in step S1202. After deletion, the process proceeds to step S706.

  As a result of the above processing, the terminal identification information that has exceeded the usable period among the terminal identification information stored in the terminal identification information storage unit 331 is automatically deleted from the terminal identification information storage unit 331.

[Third Embodiment]
The terminal identification information management unit 402 of the service providing system 110 may manage the terminal identification information stored in the terminal identification information storage unit 331 with priority.

  FIG. 13 is a diagram illustrating an example of information stored in the terminal identification information storage unit according to the third embodiment.

  FIG. 13A shows an example of terminal identification information stored in the terminal identification information storage unit 331. In the example of FIG. 13A, the terminal identification information is stored in the terminal identification information storage unit 331 in association with information such as “user ID”, “terminal information”, “issue date”, and “priority information”. Has been. Among these, the information of “user ID”, “terminal information”, and “issue date” is the same as the information stored in the terminal identification information storage according to the first embodiment shown in FIG.

  The “priority information” is information given by the terminal identification information management unit 402 to manage the priority of the terminal identification information for each user ID. For example, the smaller the value, the higher the priority. Yes.

  Note that the priority order determination method may be any method, but in the example of FIG. 13A, the higher the priority order is set for the terminal identification information with the new issue date and time. However, even if the date and time of issue are old, it may not be necessary for the terminal identification information to be automatically set. For example, it is excluded from the priority management as a “priority terminal” for a predetermined period of time due to user settings, etc. It may have a function that can.

  FIG. 13B shows another example of terminal identification information stored in the terminal identification information storage unit 331. In the example of FIG. 13B, the terminal identification information is associated with information such as “user ID”, “terminal information”, “issue date”, “valid period”, “priority information”, and the like. It is stored in the storage unit 331. Among these, the “user ID”, “terminal information”, “issue date”, and “valid period” information are information stored in the terminal identification information storage according to the second embodiment shown in FIG. It is the same.

  In the example of FIG. 13B, the terminal identification information management unit 402 sets the effective period of terminal identification information having a high priority to be long, and the effective period varies depending on the priority.

  Also in the example of FIG. 13B, the priority order determination method may be any method.

  For example, the terminal identification information management unit 402 may determine the priority of terminal identification information to be transmitted to an information terminal with relatively high security based on “terminal information”, for example. For example, when the information terminal 130 is the PC 132, it is considered that the lower the version of the web browser, the lower the security. In this case, the terminal identification information management unit 402 may set the priority of the terminal identification information to be transmitted to the PC 132 whose version of the web browser is not the latest (for example, “3”). Or the terminal identification information management part 402 may determine the priority of the terminal identification information transmitted to PC132 by the application of a web browser.

  Further, the terminal identification information management unit 402 may determine the priority according to the type of the information terminal 130 (interphone 131, PC 132, etc.).

<Process flow>
FIG. 14 is a diagram illustrating an example of storage processing of terminal identification information according to the third embodiment. The process of FIG. 14 is another example of the process shown in FIG. 8 in which the terminal identification information management unit 402 manages the number of terminal identification information corresponding to the user ID so as not to exceed a predetermined number.

  For example, when the terminal identification information management unit 402 creates terminal identification information corresponding to an account permitted for authentication in step S712 of FIG. 7, the terminal identification information created by the storage process of the terminal identification information shown in FIG. Is stored in the terminal identification information storage unit 331.

  In step S1401, the terminal identification information management unit 402 checks the number of terminal identification information corresponding to the account that created the terminal identification information.

  For example, in the example of FIG. 13A, the terminal identification information storage unit 331 stores two pieces of terminal identification information corresponding to the account with the user ID “aaa”. Therefore, when new terminal identification information corresponding to the user ID “aaa” is created, the number of terminal identification information corresponding to the account of the user ID “aaa” is three.

  Similarly, the terminal identification information storage unit 331 stores three pieces of terminal identification information corresponding to the account of the user ID “bbb”. Therefore, when new terminal identification information corresponding to the user ID “bbb” is created, the number of terminal identification information corresponding to the account of the user ID “bbb” is four.

  In step S1402, the terminal identification information management unit 402 has the number of terminal identification information stored in the terminal identification information storage unit 331 corresponding to the account that created the terminal identification information exceeds a predetermined number (for example, three). Determine whether or not.

  When the number of terminal identification information stored in the terminal identification information storage unit 331 does not exceed a predetermined number, the terminal identification information management unit 402 stores the created terminal identification information in the terminal identification information storage unit 331 (step S1404). ).

  On the other hand, when the number of terminal identification information stored in the terminal identification information storage unit 331 exceeds a predetermined number, the terminal identification information management unit 402 has a low priority for the terminal identification information of the account exceeding the predetermined number. It deletes in order from terminal identification information storage section 331 (Step S1403).

  Thereafter, the terminal identification information management unit 402 stores the created terminal identification information in the terminal identification information storage unit 331 (step S1404).

  For example, through the above processing, the terminal identification information management unit 402 can manage the number of terminal identification information corresponding to one account so as not to exceed a predetermined value according to the priority of the terminal identification information. .

[Fourth Embodiment]
In the present embodiment, an example will be described in which the terminal identification information management unit 402 further manages a contract ID including a plurality of user IDs.

  FIG. 15 is a diagram illustrating an example of information stored in the terminal identification information storage unit according to the fourth embodiment. In the example of FIG. 15, the terminal identification information is associated with information such as “contract ID”, “user ID”, “priority information”, “terminal information”, “issue date / time”, etc. 331. Among these, “user ID”, “priority information”, “terminal information”, and “issue date / time” information are stored in, for example, the terminal identification information storage according to the third embodiment shown in FIG. It is the same as the information made.

  “Contract ID (second identification information)” is identification information for identifying a contract including a plurality of user IDs. For example, it is assumed that the user of the service providing system 110 acquires a contract ID for each condominium household, and that each family living together has a different user ID.

  Further, the priority information is determined in advance at the time of the contract. For example, it is assumed that the householder, the owner of the apartment, and the like are set with high priority (for example, “1”).

  In the present embodiment, for example, the terminal identification information management unit 402 prevents the number of user IDs corresponding to one contract ID stored in the terminal identification information storage unit 331 from exceeding a predetermined value (for example, three). To manage. In addition, the terminal identification information management unit 402 allows, for example, one user to log in to the service providing system 110 using the plurality of information terminals 130 with the same user ID.

<Process flow>
FIG. 16 is a flowchart illustrating an example of storage processing of terminal identification information according to the fourth embodiment.

  For example, when the terminal identification information management unit 402 creates terminal identification information corresponding to an account permitted for authentication in step S712 of FIG. 7, the terminal identification information created by the storage process of the terminal identification information shown in FIG. Is stored in the terminal identification information storage unit 331.

  In step S1601, the terminal identification information management unit 402 checks the number of user IDs stored in the terminal identification information storage unit 331 corresponding to the account (contract ID) that created the terminal identification information.

  For example, in the example of FIG. 13, the terminal identification information storage unit 331 stores two user IDs corresponding to the account with the contract ID “XXXX”. Therefore, for example, when the terminal identification information of the new user ID “ddd” corresponding to the contract ID “XXXX” is created, the number of user IDs corresponding to the contract ID “XXXX” is four.

  On the other hand, for example, when the terminal identification information of the user ID “aaa” corresponding to the contract ID “XXXX” is created, the number of user IDs corresponding to the contract ID “XXXX” is three.

  In step S1602, the terminal identification information management unit 402 determines that the number of user IDs stored in the terminal identification information storage unit 331 corresponding to the account (contract ID) that created the terminal identification information is a predetermined number (for example, three). ) Or not.

  When the number of user IDs stored in the terminal identification information storage unit 331 does not exceed a predetermined number, the terminal identification information management unit 402 stores the created terminal identification information in the terminal identification information storage unit 331 (step S1604). .

  On the other hand, when the number of user IDs stored in the terminal identification information storage unit 331 exceeds a predetermined number, the terminal identification information management unit 402 displays the terminal identification information corresponding to the user ID having the lowest priority as the terminal identification information. It deletes from the memory | storage part 331 (step S1603).

  Thereafter, the terminal identification information management unit 402 stores the created terminal identification information in the terminal identification information storage unit 331 (step S1604).

  For example, by the above processing, the terminal identification information management unit 402 can manage the number of user IDs corresponding to one contract ID stored in the terminal identification information storage unit 331 so as not to exceed a predetermined value. it can.

<Summary>
An information processing apparatus (110) according to an embodiment of the present invention includes:
An information processing apparatus (110) that provides predetermined information to an information terminal (130) connected via a network (140),
A first authentication unit (401) for authenticating an account using the information terminal (130) based on pre-registered account information;
A management unit (402) that creates first identification information corresponding to the account and stores the first identification information in the storage unit (331) when authentication by the first authentication unit (401) is permitted;
A transmission unit (403) for transmitting the created first identification information to the information terminal (130);
When the request information received from the information terminal (130) includes the first identification information stored in the storage unit (331), a second authentication unit (404) that permits authentication of the request information; ,
Providing units (311 to 313) for providing the predetermined information to the information terminal (130) in response to the request information permitted to be authenticated by the second authentication unit (404);
Have

  Thereby, in the information processing apparatus (110) that provides predetermined information to the information terminal of the user, the information processing apparatus that reduces unauthorized use by a third party without depending on the security measures on the information terminal (130) side. (110) can be provided.

  The reference numerals and names in the parentheses are given for ease of understanding, and are merely examples, and are not intended to limit the scope of the present invention.

100 Information processing system 110 Service providing system (information processing apparatus)
130 Information terminal 401 Account authentication unit (first authentication unit)
402 Terminal identification information management unit (management unit)
403 Terminal identification information transmission unit (transmission unit)
404 Terminal identification information authentication unit (second authentication unit)
311 1st information provision application part (an example of a provision part)
312 Second information providing application unit (an example of a providing unit)
313 Third information providing application unit (an example of a providing unit)

JP 2002-236661 A

Claims (10)

An information processing apparatus that provides predetermined information to an information terminal connected via a network,
A first authenticating unit for authenticating an account using the information terminal based on pre-registered account information;
When authentication by the first authentication unit is permitted, a management unit that creates first identification information corresponding to the account and stores the first identification information in the storage unit;
A transmission unit that transmits the created first identification information to the information terminal;
When the request information received from the information terminal includes the first identification information stored in the storage unit, a second authentication unit that permits authentication of the request information;
A providing unit for providing the predetermined information to the information terminal in response to the request information permitted to be authenticated by the second authentication unit;
An information processing apparatus. The management unit
The information processing apparatus according to claim 1, wherein when the account using the information terminal logs out, the first identification information transmitted to the information terminal is deleted from the storage unit. The management unit
The information processing apparatus according to claim 1 or 2, wherein the number of the first identification information corresponding to the account is managed so as not to exceed a predetermined number. The management unit
Managing the priority of the first identification information stored in the storage unit;
4. The information processing apparatus according to claim 3, wherein when the number of the first identification information corresponding to the account exceeds a predetermined number, the first identification information is deleted in order from the lowest priority. The management unit
Storing information on a period in which the first identification information can be used in the storage unit;
The information processing apparatus according to any one of claims 1 to 4, wherein the first identification information that exceeds the usable period is deleted from the storage unit. The management unit
Managing the priority of the first identification information stored in the storage unit;
The information processing apparatus according to claim 5, wherein a period in which the first identification information can be used differs according to a priority order of the first identification information. The management unit
Storing identification information for identifying one contract including a plurality of the accounts in the storage unit,
The information processing apparatus according to claim 1, wherein the number of the accounts corresponding to the one contract stored in the storage unit is managed so as not to exceed a predetermined number. An information processing apparatus according to any one of claims 1 to 7,
An information terminal connected to the information processing apparatus via a network;
An information processing system including
The information terminal
An authentication request unit that requests authentication of the information processing apparatus using user authentication information;
An information requesting unit for transmitting request information for requesting acquisition of predetermined information to the information processing device using the first identification information transmitted from the information processing device in response to the authentication request;
An information processing system. A computer that provides predetermined information to an information terminal connected via a network,
A first authenticating unit for authenticating an account using the information terminal based on pre-registered account information;
When authentication by the first authentication unit is permitted, a management unit that creates first identification information corresponding to the account and stores the first identification information in the storage unit;
A transmission unit that transmits the created first identification information to the information terminal;
When the request information received from the information terminal includes the first identification information stored in the storage unit, a second authentication unit that permits authentication of the request information;
A providing unit for providing the predetermined information to the information terminal in response to the request information permitted to be authenticated by the second authentication unit;
Program to function as. An information providing method by a computer for providing predetermined information to an information terminal connected via a network,
The computer is
A first authentication step for authenticating an account using the information terminal based on pre-registered account information;
A management step of creating first identification information corresponding to the account and storing the first identification information in the storage unit when authentication by the first authentication step is permitted;
A transmitting step of transmitting the created first identification information to the information terminal;
When the request information received from the information terminal includes the first identification information stored in the storage unit, a second authentication step for permitting authentication of the request information;
A providing step of providing the predetermined information to the information terminal in response to the request information permitted to be authenticated by the second authentication step;
Information providing method including

Images