JP2021174338A - Use service management device - Google Patents

Abstract

To provide a use service management device capable of achieving an agreement management platform which does not need cooperation with other services by facilitating the management of external services.SOLUTION: A use service management device 1 capable of managing an external service to be used in accessing a user website provided by a user server is provided with a CMP tag generation part 7 for generating a CMP tag including a script code for providing a user interface for enabling a user to perform use setting of approval or rejection of the external service when the user accesses the user website. The CMP tag is configured so as to perform use restriction of the external service by permitting only access to a prescribed domain by a content security policy specified by a world wide web consortium.SELECTED DRAWING: Figure 1

Description

The present invention relates to a utilization service management device.

In recent years, the protection of personal data and privacy has become stricter in order to comply with the General Data Protection Regulation (GDPR) enforced in Europe. Under such circumstances, the user who visits the website can set the permission or denial of the external service (advertisement, access analysis, etc.) generated from the website, and the setting is regarded as the user's consent. The Consent Management Platform (CMP), which sets the usage of external services, is attracting attention.

Patent Document 1 discloses a system that restricts the use of external services by managing external services in a group of browser cookies and controlling the operation of tags that generate unauthorized cookies.

U.S. Pat. No. 100135777

However, the system of Patent Document 1 has a problem that it takes a lot of time and effort to manage an external service for each cookie. Another problem is that it is difficult to control the generation of cookies unless it is linked with other services such as a tag manager. More specifically, if you do not fully understand which cookie is generated from which tag, tags that do not understand the behavior may unintentionally use the external service, and management There is a problem that it is not easy.

Therefore, an object of the present invention is to provide a usage service management device that can easily manage an external service and can realize a consent management platform that does not require cooperation with other services.

The present invention is a usage service management device capable of managing an external service used when accessing a user website provided by a user server for the purpose of solving the above problems, and is the user web. The CMP tag generator is provided with a CMP tag generator that generates a CMP tag containing a script code that provides a user interface that allows the user to set the permission or denial of external services when the user accesses the site. Tags are configured to restrict the use of external services by allowing access only to certain domains according to the content security policy stipulated by the Worldwide Web Consortium. Provide a management device.

According to the present invention, it is possible to provide a usage service management device that can easily manage an external service and can realize a consent management platform that does not require cooperation with other services.

It is a schematic block diagram of the utilization service management apparatus which concerns on one Embodiment of this invention. It is a figure which shows an example of an external service database. It is a figure which shows an example of the CMP management screen. (A) to (c) are diagrams showing an example of a user interface. (A) is a flow chart showing an operation flow when generating a CMP tag, and (b) is a flow chart showing an operation flow of restricting the use of an external service by the CMP tag.

[Embodiment]
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.

FIG. 1 is a schematic configuration diagram of the utilization service management device 1 according to the present embodiment. The usage service management device 1 is a consent management platform (CMP) that enables a function to specify an external service to be used when accessing a predetermined website and a permission or denial of the external service by a user who visits the website. : Consent Management Platform) and the function of prohibiting access to specific external services (blocking specific external services) according to the request of the website administrator. External services include, for example, advertising, analysis such as access analysis, data collection, web tools, interactions, and the like.

(Explanation of configuration for identifying external services)
First, the configuration for identifying the external service will be described. As shown in FIG. 1, the usage service management device 1 includes an analysis target URL receiving unit 2, an external request extraction unit 3, an external service database (external service DB) 4, and a usage service specifying unit 5. There is. The analysis target URL receiving unit 2, the external request extraction unit 3, the external service database 4, and the used service specifying unit 5 are mounted on the used service management server 10, and are a CPU (Central Processing Unit) and a semiconductor memory. It is realized by appropriately combining storage devices such as RAM (Random Access Memory), ROM (Read Only Memory), and HDD (Hard Disk Drive), software, and interfaces.

The usage service management device 1 identifies an external service that is used when accessing the registered website. Here, as an example, a case where a user website provided by the user server 14 is registered will be described. The user server 14 and the usage service management server 10 are different servers.

The analysis target URL receiving unit 2 receives the analysis target URL, that is, the URL of the user website. In the present embodiment, a predetermined URL is assigned to the usage service management server 10, and it is possible to provide a website (referred to as a usage service management website) via the Internet. When using the user service management device 1, the user 15 who manages the user server 14 accesses and uses the user service management website provided by the user service management server 10 by using a terminal such as a personal computer. Register (enter and send) the URL of the user website provided by the personal computer server 14. The analysis target URL receiving unit 2 receives the URL of the user website registered via the usage service management website as the analysis target URL. The method in which the user 15 transmits the URL of the user website to the user service management server 10 (analysis target URL receiving unit 2) is not limited to this.

The external request extraction unit 3 accesses the analysis target URL (here, the URL of the user website) received by the analysis target URL receiving unit 2, and extracts the URL in which access to a domain other than the analysis target URL domain occurs. .. More specifically, the external request extraction unit 3 activates an Internet browser to access the user server 14 that provides the user website. Further, the external request extraction unit 3 monitors the HTTP request transmitted after accessing the user server 14, and extracts the URL in which the access occurs from the HTTP request message. Further, the external request extraction unit 3 excludes the URLs having the same domain as the user website from the extracted URLs. As a result, the URL of the external service providing server that is being accessed when the analysis target URL is accessed is specified. Hereinafter, an access request to a user website other than the domain is referred to as an external request. The extracted URL of the external request is stored in a predetermined storage area in the memory of the usage service management server 10.

It is conceivable to extract the URL of the external request by extracting the URL included in the HTML source received from the user server 14, but in this case, another external service is included in the script of the external service. When the description to be used is included, the other external service cannot be extracted. By monitoring the transmitted HTTP request message as in the present embodiment, it is possible to extract another external service used by the external service as described above.

Further, the external request extraction unit 3 has an external request occurrence number counting unit 3a that counts the number of times an external request has occurred (hereinafter referred to as an external request occurrence number). The number of external request occurrences counted by the external request occurrence count unit 3a is stored in a predetermined storage area in the memory of the usage service management server 10.

As shown in FIG. 2, the external service database 4 stores the domain and path of the external service, the service name and the service type in association with each other, and is predetermined in the memory of the service management server 10 in advance. It is stored in the storage area of. The URL is generally composed of a scheme, a domain, a path, a parameter, and a fragment, but in the external service database 4, the path and subsequent paths (path, parameter, and fragment) are represented by regular expressions. The service name represents the name of an external service such as an advertisement service or an access analysis service, and the service type represents the type of service such as an advertisement or access analysis. Although not shown in FIG. 2, in this embodiment, the service provider of the external service (the name of the company that provides the external service) is also stored in the external service database 4. Further, information about the service provider (URL of the company providing the external service, privacy policy URL of the company, URL containing an explanation about refusal to use the external service of the company, etc.) is also stored in the external service database 4. I am trying to do it.

The service specifying unit 5 refers to the external service database 4, and the service name, service type, and service provider (hereinafter referred to as service name, etc.) corresponding to the domain and path of the URL of the external request extracted by the external request extraction unit 3. Is to identify. The used service specifying unit 5 stores the specified service name and the like in a predetermined storage area in the used service management server 10.

If the service name or the like corresponding to the domain and path of the URL of the external request does not exist in the external service database 4, the used service specifying unit 5 stores it as an undefined request in a predetermined storage area in the used service management server 10. Will be done. When the URL of the external request whose service name or the like is unknown exists, the used service specifying unit 5 may be configured to notify the administrator who manages the used service management device 1 of the URL of the external request.

Further, the usage service specifying unit 5 has a usage service number counting unit 51 that counts the number of external services being used. The number of used external services counted by the number of used services counting unit 51 is stored in a predetermined storage area in the used service management server 10.

By the way, the external services used when accessing a website are not always the same, and the number of external services used may increase or decrease or may be changed to other external services. Therefore, it is desirable to update the external service being used every predetermined period (for example, every few days). That is, it is more desirable that the external request extraction unit 3 and the service identification unit 5 repeatedly specify the service name and the like at predetermined intervals.

(Configuration to provide the functions of the consent management platform)
Next, a configuration for providing the functions of the consent management platform (hereinafter, CMP) will be described. Returning to FIG. 1, the usage service management device 1 includes a script code that provides a user interface that allows the user to set the permission or denial of the external service when the user accesses the user website. It includes a CMP tag generation unit 7 that generates a CMP tag. The CMP tag generation unit 7 is mounted on a usage service management server 10 different from the user server 14, and is realized by appropriately combining a CPU, a storage device such as a semiconductor memory RAM and ROM, an HDD, software, and an interface. Will be done.

In the present embodiment, the CMP tag generated by the CMP tag generation unit 7 is transferred to a predetermined domain according to the content security policy (hereinafter referred to as CSP) defined by the World Wide Web Consortium (W3C). It is configured to restrict the use of external services by allowing only access.

The CSP is originally intended to detect and mitigate attacks such as cross-site scripting, but in the present embodiment, a specific external device is used by using the CSP function that can limit the domain of the content to be acquired. The service is blocked.

First, the setting of CMP by the user 15 will be described. In generating the CMP tag, the user uses an external service that enables the user's usage settings (referred to as a configurable external service) and an external service that is used in the initial state in which the user's usage settings are not set (initial use external). ) Is set. At this time, the external service that is not set in the initial use external service and is not set in the configurable external service is not used in the user website and is blocked. In addition, the external service that is set as the initial use external service and is not set as the configurable external service is an indispensable external service that is always used on the user website regardless of the user's setting. That is, the user can set the external service to be blocked and the essential external service by setting the configurable external service and the initial use external service.

The CMP tag generation unit 7 has a reception unit 7a that receives a configurable external service and an initial use external service from the user 15 (user 15's personal computer or the like). The method of receiving the configurable external service and the initial use external service from the user 15 (user 15's personal computer, etc.) is not particularly limited, but for example, the dedicated CMP management screen of the user 15 is displayed. It may be provided on the web page so that the external service that can be set and the external service for initial use can be set on the CMP management screen. In this case, the receiving unit 7a of the CMP tag generation unit 7 can provide a management web page capable of selecting a configurable external service and an initial use external service from the list of external services specified by the service specifying unit 5. It should be configured so that the selections on the management web page can be received.

For example, as shown in FIG. 3, on the CMP management screen 21, a list of external services specified by the service specifying unit 5 is displayed, and the user can check the check box to set the external service and the initial use. Set up an external service. In the illustrated example, if the "Use" check box is checked, the external service is set as the initial use external service, and if the "Allow" check box is checked, the external service is set as the configurable external service. Here, the case where the service name, the provider, and the service type are displayed in the list of external services is shown, but the items to be displayed in the list can be set as appropriate. In order to improve the convenience of the user 15, it is more preferable to provide a function of sorting external services by service name or the like. In the illustrated example, each item can be sorted in ascending or descending order by clicking the triangular icon displayed next to the item.

Further, on the CMP management screen 21, an external service that could not be specified by the service specifying unit 5 is displayed as an undefined request, and it is possible to set whether or not to use the undefined request. It is desirable to be able to set whether to use undefined requests for each domain or path. For example, if the unique domain used for image distribution or the like managed by the user 15 is not included in the external service database 4, it will be classified as an undefined request, but such a unique domain needs to be set for use. .. The CMP management screen 21 in FIG. 3 is just an example, and the screen layout, the selection method of the external service, and the like can be arbitrarily set. For example, on the CMP management screen 21, the user may be able to select an external service to be blocked or an essential external service with a check box or the like.

Further, although not shown, it is more preferable that the CMP management screen 21 is configured so that the user interface (personal data management screen 31 and the like) described later can be customized. For example, the display position of the position on the screen where the user interface is displayed when the user accesses the user website, the display format of the user interface (for example, the format corresponding to GDPR, CCPA (California Consumer Privacy Act)). ), Format corresponding to the Personal Information Protection Law, etc.), display style such as color and button shape, editing of message content (wording), etc. can be set. The setting contents on the CMP management screen 21, that is, the setting contents received by the receiving unit 7a are stored in the CMP setting storage unit 8.

Next, the function of the CMP tag and the like will be described. The CMP tag generation unit 7 generates a CMP tag based on the CMP setting contents received by the reception unit 7a and stored in the CMP setting storage unit 8. Specifically, the CMP tag generation unit 7 includes CSP initial setting information including information on the initial use external service, and prohibits access to a domain other than the initial use external service based on the CSP initial setting information. Generate a security policy and generate a CMP tag containing a script code that adds the contents of the generated CSP to the user website. That is, the CMP tag generates a CSP that allows only the initial use external service based on the CSP initial setting information included in the user in a state where the usage setting is not made by the user, and the content of the generated CSP is used on the user web site. Add to the site. As a result, access to domains other than the initial use external service is prohibited, and external services other than the initial use external service are not used.

Further, the CMP tag generation unit 7 generates a CMP tag including a script code that provides a user interface that allows the user to use and set only the configurable external service. At this time, it is advisable to generate the script code by reflecting the customized contents such as the display position and format of the user interface.

4 (a) to 4 (c) are diagrams showing an example of a user interface. For example, at the same time when the user website is displayed on the screen, or when a predetermined button in the user website is clicked, the personal data management screen 31 of FIG. 4A is displayed by the script of the CMP tag. .. In the illustrated example, service types such as mandatory, advertisement, and access analysis are displayed on the personal data management screen 31, and when the check boxes corresponding to each service type are checked, all external services belonging to that service type are checked. It is supposed to be (licensed). If the check box corresponding to each service type is unchecked, all the external services belonging to that service type are unchecked (rejected). For essential external services, the check box cannot be unchecked.

In FIG. 4 (a), when "required" is clicked, a display is displayed to display the external services that are set to be mandatory (set to the initial use external service and not set to the configurable external service) as shown in FIG. 4 (b). The screen 32 is displayed, and the user can confirm the external service that is always used on the user website. On the display screen 32, the check box cannot be unchecked. On the display screen 32, a link to the privacy policy of each external service is displayed, and the privacy policy of each external service can be confirmed by clicking the link. Clicking the back button 34 returns to the personal data management screen 31 of FIG. 4A.

Further, in FIG. 4 (a), when "advertisement" is clicked, as shown in FIG. 4 (c), a display displaying the external service of the available advertisement (the external service of the advertisement set as the configurable external service). The screen 33 is displayed. The user can individually set the external service to be permitted or denied by checking or unchecking the check box on the display screen 33. Although not shown, the same applies to other service types.

When the save button 31a is clicked on the personal data management screen 31 of FIG. 4A, the usage settings by the user are saved. Specifically, the CMP tag includes a script code that saves consent management information, which is information on usage settings of an external service by a user, in a storage area (local storage or the like) of a browser. In addition, the CMP tag generates a CSP that prohibits access to the external service domain denied by the user based on the consent management information stored in the storage area of the browser, and the content of the generated CSP is posted on the user website. Includes script code to add. In the present embodiment, the CMP tag determines whether the consent management information exists in the storage area of the browser, and when the consent management information exists, the CMP tag generates a CSP based on the CSP initial setting information and the consent management information. When the consent management information does not exist, the CSP is generated based only on the CSP initial setting information. As a result, the user's usage settings will be reflected the next time the user's website is reloaded or the user's website is accessed.

The CMP tag may be configured so that the presence / absence of display of the user interface can be switched according to the language setting information of the browser. This is because in some countries including Japan, it is not obligatory to obtain the consent of the user when using the external service, and in such a case, the consent procedure is omitted to improve the convenience of the user. be.

FIG. 5A is a flow chart showing an operation flow when generating a CMP tag, and FIG. 5B is a flow chart showing an operation flow of restricting the use of an external service by the CMP tag.

As shown in FIG. 5A, the user service management device 1 receives the URL of the user website as the analysis target URL in step S21. After that, in step S22, the external request extraction unit 3 starts an Internet browser to access the analysis target URL (URL of the user website), and in step S23, the external request extraction unit 3 extracts the URL of the external request. Extract. In a subsequent step S24, the external request occurrence number counting unit 3a counts the external request occurrence number and proceeds to step S25. In step S25, the service specifying unit 5 refers to the external service database 4 and specifies the service name and the like corresponding to the URL of the external request extracted by the external request extracting unit 3. After that, in step S26, the number of used services counting unit 51 counts the number of external services being used, and the process proceeds to step S27.

In step S27, the user 15 accesses the usage service management device 1 with a personal computer or the like, and sets the configurable external service and the initial usage external service on the CMP management screen 21. The setting contents are received by the receiving unit 7a and stored in the CMP setting storage unit 8. After that, in step S26, the CMP tag generation unit 7 generates a CMP tag based on the setting contents stored in the CMP setting storage unit 8, and transmits the generated CMP tag to the user 15. The user embeds the received CMP tag in HTML of the user website and uploads it to the user server 14.

As shown in FIG. 5B, when accessing the user website from the visitor terminal 16, first, in step S31, the user server 14 receives the HTTP request from the visitor terminal 16. In step S32, the user server 14 that has received the HTML request transmits HTML data in which a display tag is embedded in response to the request. After that, in step S33, the visitor terminal 16 receives and executes HTML data. Then, in step S34, the script of the CMP tag determines whether the consent management information exists in the storage area of the browser. If YES is determined in step S34, the CMP tag script generates a CSP based on the CSP initial setting information and the consent management information, and the generated CSP is added to the user website. Then, the process proceeds to step S37. If NO is determined in step S34, the CMP tag script generates a CSP based only on the CSP initial setting information included in the CMP, and the generated CSP is added to the user website. Then, the process proceeds to step S37. In step S37, the CSP is applied to the visitor terminal 16, and the access restriction of the CSP restricts the access of the domain other than the external service licensed by both the user 15 and the user, and the user 15 and the external denied by the user. Service is blocked.

In order to block the external service, the CMP tag needs to be executed before other scripts, and the CSP needs to be generated in HTML by the script of the CMP tag. Therefore, when embedding a CMP tag in HTML of a user's website, it is desirable to place the CMP tag at a position where the execution priority of the tag is high (for example, the top of <head> </ head>).

(Actions and effects of embodiments)
As described above, in the usage service management device 1 according to the present embodiment, the CMP tag is configured to restrict the use of external services by allowing only access to a predetermined domain by the CSP. There is.

As a result, it becomes possible to manage the external service unit (the domain unit of the HTTP request), and the management of the external service becomes easier as compared with the conventional Cookie unit management. In addition, it becomes unnecessary to cooperate with other services such as a tag manager as in the past, and it becomes possible to realize a consent management platform that is very easy for the user 15 to manage.

Although the embodiments of the present invention have been described above, the embodiments described above do not limit the invention according to the claims. It should also be noted that not all combinations of features described in the embodiments are essential to the means for solving the problems of the invention. In addition, the present invention can be appropriately modified and implemented without departing from the spirit of the present invention.

For example, in the above embodiment, the case where the consent management information (information on the usage setting of the external service by the user) is saved in the storage area of the browser has been described, but the present invention is not limited to this, and the CMP tag is a service used via the network. Consent management information may be stored in a specific server such as the management server 10. In this case, the CMP tag may include a script for acquiring consent management information from a specific server, and generate a CSP based on the acquired consent management information.

Further, the user's consent management information may be shared with other services. For example, when a member registration function exists on a website, the consent management information of the user is associated with the member information of the user and stored in the user server 14 or the like, and the user 15 who is the user website administrator. The CMP tag can also be configured so that the user can grasp the consent status of the external service of the user.

In addition, a CMP tag may be configured to share consent management information with an application that can be installed in a specific browser (such as a browser extension). By sharing the consent management information with other applications, for example, it becomes possible to store the user's consent management information in the other application.

Furthermore, in order to support the IAB Europe Transparency and Consent Framework (TCF), etc., the CMP tag is a function that delivers a signal of the user's consent status to the advertising network and allows only the advertising services for which consent has been obtained to be posted. May be included in.

Further, in the above embodiment, the CSP initial setting information is included in the CMP tag, but the CSP initial setting information is stored in a specific server such as the usage service management server 10 and stored in the server by the CMP tag. It can also be configured to access and acquire CSP initialization information.

1 ... Used service management device 2 ... Analysis target URL receiving unit 3 ... External request extraction unit 4 ... External service database 5 ... Used service specifying unit 7 ... CMP tag generation unit 7a ... Receiving unit 10 ... Used service management server 14 ... Used Person server 15 ... User

Claims (6)

It is a usage service management device that can manage external services used when accessing the user website provided by the user server.
A CMP tag generator that generates a CMP tag containing a script code that provides a user interface that allows the user to set the permission or denial of external services when the user accesses the user website. Prepare,
The CMP tag is configured to restrict the use of external services by allowing only access to a predetermined domain according to the content security policy defined by the World Wide Web Consortium.
Usage service management device. The CMP tag generation unit has a receiving unit that receives a configurable external service, which is an external service that enables the usage setting of the user, from the user who manages the user server.
The CMP tag generator generates the CMP tag including a script code that provides the user interface that allows the user to use and configure only the configurable external service received by the receiver.
The usage service management device according to claim 1. The receiving unit is configured to be able to receive from the user an initial use external service which is an external service used in an initial state in which the usage setting is not made by the user.
The CMP tag generation unit includes CSP initial setting information including information on the initial use external service received by the reception unit, and accesses a domain other than the initial use external service based on the CSP initial setting information. Generate the prohibited content security policy, and generate the CMP tag containing the script code to add the contents of the generated content security policy to the user website.
The usage service management device according to claim 2. An external request extraction unit that accesses the user website and extracts a URL that causes access to a domain other than the domain of the user website.
An external service database in which the domain and path of the external service and the service name are associated and stored,
A service specifying unit that refers to the external service database and specifies a service name corresponding to the domain and path of the URL extracted by the external request extracting unit is further provided.
The receiving unit is configured to be able to provide a management web page in which at least one of the configurable external service and the initial use external service can be selected from the list of service names specified by the service specific unit. Yes,
The usage service management device according to claim 3. The CMP tag is
In addition to including the script code that saves the consent management information, which is the information on the usage settings of the external service by the user, in the storage area of the browser.
A script that generates a content security policy that prohibits access to the external service domain denied by the user based on the consent management information, and adds the content of the generated content security policy to the user website. Including code,
The usage service management device according to any one of claims 1 to 4. The CMP tag is configured to be able to switch whether or not to display the user interface according to the language setting information of the browser.
The usage service management device according to any one of claims 1 to 5.

Images