JP2024038358A - Coordination system, coordination control method, and computer program therefor - Google Patents

Abstract

To set coordination relation between one service system and another service system so that a specific service provided by the one service system can be utilized from the other service system.SOLUTION: An authentication token for making a specific service of a first system 1 be utilized from a game device 22 of a second system 2 is provided for a second server 20 on the basis of a request from a user terminal device 23. The systems 1, 2 store data D1, D2 in which identification information on a user is associated with the authentication token, respectively. When utilization of the specific service is requested from the game device 22, an authentication token corresponding to identification information on a user of the game device 22 is identified on the basis of the data D2 and utilization of the specific service is requested by providing the acquired authentication token for a first server 10. The first server 10 authenticates the user on the basis of token information and the data D1 and permits utilization of the specific service from the game device 22 with respect to the authenticated user.SELECTED DRAWING: Figure 2

Description

The present invention relates to a cooperation system and the like for coordinating systems that provide services.

As a system for creating a cooperative relationship between multiple services provided via a network, for example, a cooperative system is interposed between multiple individual systems. At the same time, each individual system generates a card authentication code for the common card ID and associates the card authentication code with data for cooperation. If any individual system requests access to data for collaboration by specifying the authentication code for collaboration associated with the user ID, the collaboration system proposed a system that determines a card authentication code corresponding to a specified cooperation authentication code and permits an individual system to use data corresponding to the obtained card authentication code (Patent Document 1). reference).

Patent No. 6369617

The system of Patent Document 1 is for allowing individual systems to use collaboration data held in a collaboration system. However, there are cases where it is desired to link systems so that a specific service provided by one system can be used by another system. As a mechanism for realizing such service collaboration, an ID collaboration mechanism such as OpenID Connect has been proposed and is widely used in social networking systems and the like. However, when systems equipped with a user authentication mechanism are linked together, it is not necessarily necessary to share IDs. For example, collaboration can be achieved by connecting from the user's system to the user's system, authenticating the user by entering a user ID that is valid in the user's system, and allowing use. be. However, inputting information for user authentication each time the device is used is accompanied by inconveniences such as an increased burden on the user and a deterioration in usability. When using a dedicated client device such as a game device whose input environment for character information and the like is inferior to that of a general-purpose PC, the user's effort is further increased. If the client device is used by an unspecified number of users, such as an arcade game machine, the information necessary for user authentication in the system being used should be entered on the client device of the system being used. This is not desirable from a security perspective.

Therefore, an object of the present invention is to provide a cooperation system etc. suitable for setting up a cooperation relationship between both service systems so that a specific service provided by one service system can be used from another service system. do.

A cooperation system according to one aspect of the present invention includes a first service system that provides a first service to a user from a first server via a client device for the first server, and a first service system that provides a first service to a user from a second server to the first server. a second service system that provides a second service to the user via a client device for the second server, and includes a game device and a user terminal device as the client device; A cooperation system for coordinating a service system so that a specific service that is at least a part of the first service can be used, the first service system authenticating the user, and the game device authenticating the user. token information providing means for providing token information to the second server based on a request from the user terminal device; and providing the token information to the first service system. a first storage means for storing first association data recorded in association with first identification information for identifying the user in a state where the first server can refer to the token information; a second storage in which second association data recorded in association with second identification information used to identify the user in the second service system is stored in a state where the second server can refer to the second association data; and when the game device requests the use of the specific service, the token information corresponding to the second identification information of the user using the game device is acquired from the second token information based on the second association data. a usage requesting means for requesting the first server to use the specific service by providing the obtained token information from the second server to the first server; Based on the token information provided to the server and the first association data, the user of the game device is authenticated by the first server, and the authenticated user is not allowed to use the specific service from the game device. and usage control means for causing the first server to approve the usage.

A cooperative control method according to an aspect of the present invention includes a first service system that provides a first service to a user from a first server via a client device for the first server, and a first service system that provides a first service to a user from a second server to the first server via a client device for the first server. a second service system that provides a second service to the user via a client device for a second server, and includes a game device and a user terminal device as the client device; A cooperation control method for cooperating so that a specific service that is at least a part of the first service can be used from a service system, the method comprising authenticating the user in the first service system and connecting the game device to the service system. a step of providing token information to the second server based on a request from the user terminal device to allow the user to use the specific service; A procedure for storing first association data recorded in association with first identification information for identifying a user in a state that can be referenced by the first server, and storing the token information in the second service system. a step of storing second association data recorded in association with second identification information used to identify the user in a state where the second server can refer to the second association data; When the use of the service is requested, the second server is made to specify token information corresponding to the second identification information of the user who uses the game device based on the second association data, and the obtained token information is determined based on the second association data. a step of providing token information from the second server to the first server to request the first server to use the specific service; and a step of requesting the first server to use the specific service; a step of authenticating the user of the game device to the first server based on association data of the game device, and allowing the first server to allow the authenticated user to use the specific service from the game device; It includes.

A computer program according to one aspect of the present invention includes a first service system that provides a first service to a user from a first server via a client device for the first server, and a first service system that provides a first service from a second server to the first server. a second service system that provides a second service to the user via a client device for the second server, and includes a game device and a user terminal device as the client device; A computer program for coordinating a service system so that a specific service that is at least a part of the first service can be used, the computer program causing a predetermined computer to authenticate the user with the first service system, and authenticate the user with the first service system. token information providing means for providing the second server with token information to be used for allowing a game device to use the specific service based on a request from the user terminal device; a first storage means for storing first association data recorded in association with first identification information for identifying the user in a service system in a state where the first server can refer to the token information; , storing second association data recorded in association with second identification information used to identify the user in the second service system in a state where the second server can refer to the second association data; 2, the storage means stores the token information corresponding to the second identification information of the user using the game device based on the second association data when the game device requests the use of the specific service; usage requesting means for causing a second server to specify the service, and providing the obtained token information from the second server to the first server to request the first server to use the specific service; The user of the game device is authenticated by the first server based on the token information provided to the first server and the first association data, and the specific service from the game device regarding the authenticated user is authenticated. It is configured to function as a usage control means for allowing the first server to use the server.

1 is a diagram showing an example of the configuration of an amusement system incorporating a cooperation system according to an embodiment of the present invention. A diagram illustrating an overview of procedures such as cooperation settings necessary for using a specific service provided by one amusement system from a game machine of another amusement system. 2 is a flowchart showing an example of a procedure for setting a cooperative relationship between the amusement systems shown in FIG. 1; A flowchart showing an example of a procedure for using the payment service of one amusement system from a game machine of another amusement system. 3 is a flowchart illustrating an example of a procedure for canceling the association between a user ID and an authentication token.

An overview of a cooperation system according to one embodiment of the present invention will be explained with reference to FIG. As shown in FIG. 1, this embodiment targets a first amusement system 1 as an example of a first service system and a second amusement system 2 as an example of a second service system. The two amusement systems 1 and 2 are linked together so that the second amusement system 2 can use a specific service provided by the first amusement system 1. Below, the amusement systems 1 and 2 will be explained in order as a premise. In the following description, the first amusement system 1 will be abbreviated as the first system 1, and the second amusement system 2 will be abbreviated as the second system 2.

The first system 1 is configured as a client-server system including a server 10 as an example of a first server and a client device 11 for the server 10. The server 10 may be configured by a single physical server device, or may be configured as a logical server combining multiple physical server devices. Furthermore, the server 10 may be configured as a cloud server that combines a plurality of server devices connected to a WAN such as the Internet.

As an example, the client device 11 includes a game machine 12, a vending machine 13, a charging device 14, and a user terminal device 15. The game machine 12 is configured as a commercial game machine that provides various services associated with games to the user in exchange for payment of a predetermined fee by the user. This type of game machine is sometimes called an arcade game machine. The services provided by the game machine 12 include at least a service for playing games. In addition to the service for playing the game, the game machine 12 may appropriately provide a service for selling various contents such as items used in the game for a fee. The type of game played on the game machine 12 is not particularly limited. Various games may be playable on the game machine 12.

The vending machine 13 is a device that sells various products such as drinks for a fee. The charging device 14 is a device for a user to exchange cash into electronic currency and deposit it into his or her account. The exchanged electronic currency can be used as a value substituted for currency within the first system 1 for various payments such as payment of fees at the game machine 12 or the vending machine 13. The user terminal device 15 is a general-purpose information and communication terminal provided for the user's personal use. For example, a smartphone, a tablet, a PC, etc. may be used as the user terminal device 15 as appropriate.

In the first system 1, the server 10, the game machine 12, the vending machine 13, the charging device 14, and the user terminal device 15 cooperate as appropriate to provide various services to the user. For example, regarding the game machine 12, a service may be provided that stores the user's play data on the server 10 and provides the game machine 12 with the stored play data. Regarding the vending machine 13, a service may be provided in which, for example, the server 10 acquires the user's purchase history and gives the user points according to the acquired history.

Regarding the charging device 14, as described above, a service is provided for the user to deposit electronic currency. The exchange into electronic currency is not limited to the charging device 14, and may be performed by any appropriate method. For example, it may be possible to deposit electronic currency through access from the user terminal device 15. Regarding the user terminal device 15, services such as allowing the user to view play data managed by the server 10 in response to a user's request, or selling game-related content to the user may be provided, for example.

The server 10 is provided with an authentication processing section 101, a service processing section 102, and an account management section 103 as logical devices realized by a combination of the computer hardware and a predetermined server program PG1. In addition to these devices, various logical devices are appropriately provided in the server 10, but their illustrations are omitted. The authentication processing unit 101 is in charge of various processes necessary to authenticate users who use the first system 1. User authentication in the authentication processing unit 101 is performed using a user ID and password information known only to the user, such as a password. The user ID is an example of first identification information for identifying a user in the first system 1, and is uniquely valid in the first system 1.

The service processing unit 102 is in charge of processing necessary to provide various services to the authenticated user in cooperation with the client device 11. For example, a service that provides the game machine 12 with various contents necessary for playing a game on the game machine 12, a service that stores or provides user play data, and a service that allows the user terminal device 15 to view the play data. , a service that sells game-related content to users, etc. are realized by the processing of the service processing unit 102. The account management unit 103 manages the user's electronic currency account and is responsible for consuming electronic currency in response to a request from the client device 11 or adding electronic currency in response to a request from the charging device 14 or the like. do.

The authentication processing section 101, the service processing section 102, and the account management section 103 do not necessarily need to be provided on the same physical server device. As described above, the server 10 may be configured as a logical server combining a plurality of physical server devices. Therefore, the authentication processing section 101, the service processing section 102, and the account management section 103 may be realized by mutually different physical server devices. Further, the authentication processing section 101, the service processing section 102, or the account management section 103 may be provided in a plurality of physical server devices that are further divided according to the type of processing. In short, each of the authentication processing unit 101, service processing unit 102, and account management unit 103 is realized by a combination of computer hardware of a single or multiple physical server devices and a server program PG1 as software. It is sufficient if it is configured as a logical device.

The first system 1 is provided with a user database DB11, a content database DB12, an account management database DB13, and a cooperation management database DB14 as databases to be referenced by the server 10. The user database DB11 is a database that stores various data related to users in association with user IDs. For example, user data that records attributes such as user's personal information, play data that records the user's game play, etc. may be recorded in the user database DB11.

The content database DB12 is a database that stores various types of content provided in the game. The account management database DB13 is a database that stores data in which the amount (balance) of electronic currency held by a user is associated with an account ID. When a user holds an electronic currency account, data associating the user's user ID with the account ID is recorded in, for example, the user database DB11. Therefore, once a user's user ID is known, it is possible to specify the user's account ID and access the user's account. The cooperation management database DB14 is a database that stores data necessary for cooperation with the second system 2. Examples of data recorded in the collaboration management database DB14 will be described later.

On the other hand, like the first system 1, the second system 2 is configured as a client-server system including a server 20 and its client device 21. Server 20 is an example of a second server. The server 20 may be configured as a single physical server device, or may be configured as a logical server combining a plurality of physical server devices. Furthermore, the server 20 may be configured as a cloud server that combines a plurality of server devices on a WAN such as the Internet.

As the client device 21, a game machine 22 and a user terminal device 23 are provided, for example. The game machine 22 is an example of a game device, and like the game machine 12 of the first system 1, the game machine 22 provides various services associated with games to the user in exchange for payment of a predetermined fee by the user. It is configured as an arcade game machine. The services provided by the game machine 22 are not limited to services for playing games, and various services related to games may be provided as appropriate. The types of games played on the game machine 22 are not particularly limited, and various games may be playable on the game machine 22.

The user terminal device 23, like the user terminal device 15, is a general-purpose information communication terminal provided for the user's personal use. For example, a smartphone, a tablet, a PC, or the like may be used as the user terminal device 23 as appropriate. Note that the user terminal device 23 does not need to be a client device different from the user terminal device 15 used in the first system 1. The same information communication terminal device may be used as the user terminal devices 15 and 23 in the first system 1 and the second system 2, respectively.

The server 20 is provided with an authentication processing section 201, a service processing section 202, and a payment management section 203 as logical devices realized by a combination of the computer hardware and a predetermined server program PG2. In addition to these devices, various logical devices are appropriately provided in the server 20, but their illustrations are omitted. The authentication processing unit 201 is in charge of various processes necessary to authenticate users who use the second system 2. User authentication in the authentication processing unit 201 is performed using a user ID and password information known only to the user, such as a password. The user ID is an example of second identification information for identifying a user in the second system 2, and is uniquely valid in the second system 2. The user ID in the first system 1 and the user ID in the second system 2 are different from each other even if they are associated with the same user. There is no commonality or compatibility between the user IDs in both systems 1 and 2.

The service processing unit 202 is in charge of processing necessary to provide various services to the authenticated user in cooperation with the client device 21. For example, a service that provides the game machine 22 with various contents necessary for playing a game on the game machine 22, a service that stores or provides user play data, and a service that allows the user terminal device 23 to view the play data. , a service that sells game-related content to users, etc. are realized by the processing of the service processing unit 202. Note that the service processing unit 202 may be further divided into a plurality of logical devices depending on the type of service.

The payment management unit 203 is in charge of processing for paying fees for paid services within the second system 2. Unlike the first system 1, the second system 2 is not provided with payment means such as electronic currency that can be used within its own system. Therefore, the payment management unit 203 is configured to be in charge of processing necessary for paying fees using a payment service provided by an external business operator different from the business operator operating the second system 2. For example, the payment management unit 203 is in charge of processing necessary to execute payments using a credit card, payments using electronic currency provided by an external business, and the like.

Also in the second system 2, the authentication processing section 201, the service processing section 202, and the payment management section 203 do not necessarily need to be provided on the same physical server device. In other words, as in the example of the first system 1, each of the authentication processing unit 201, service processing unit 202, and payment management unit 203 is configured using computer hardware of a single or multiple physical server devices and software. The server program PG2 may be configured as a logical device realized in combination with the server program PG2.

The second system 2 is provided with a user database DB21, a content database DB22, and a collaboration management database DB23 as databases to be referenced by the server 20. The user database DB21 is a database that stores various data related to users in association with user IDs. For example, user data that records attributes such as the user's personal information, play data that records the user's game play, etc. may be recorded in the user database DB21. The content database DB22 is a database that stores various types of content provided in the game. The cooperation management database DB23 is a database that stores data necessary for cooperation with the first system 1. Examples of data recorded in the collaboration management database DB23 will be described later.

Next, cooperation between the first system 1 and the second system 2 will be explained. In this embodiment, a payment service using electronic currency provided by the first system 1 is taken as an example of a specific service, and both systems 1 and 2 are linked so that the payment service can be used from the second system 2. However, each of the first system 1 and the second system 2 identifies users using user IDs set independently from each other, and the first system 1 associates them with the user ID that is valid within the first system 1. manages electronic currency accounts. Therefore, in order to use the payment service of the first system 1 from the second system 2, it is necessary to specify which user ID of the first system 1 the user of the second system 2 corresponds to. It is. On the other hand, it is troublesome for the user to input the user ID and password of the first system 1 on the game machine 22 every time the second system 2 uses the payment service of the first system 1. In addition, the game machine 22 can be used by an unspecified number of users, and is installed at a facility such as a store where an unspecified number of people visit. Therefore, it is not preferable from a security perspective to have the user input the user authentication information of another system 1 on the game machine 22.

Therefore, in this embodiment, settings necessary for linking the first system 1 and the second system 2 (hereinafter sometimes referred to as linkage settings) are executed based on access from the user terminal device 23, The game machine 22 allows the payment service to be used without inputting user authentication information in the first system 1 according to the cooperation setting. An overview of the cooperation mechanism will be described below with reference to FIG. 2.

In FIG. 2, (a) to (c) show the procedure for cooperation setting based on access from the user terminal device 23, and (d) shows the procedure for using the payment service from the game machine 22. In the cooperation setting, first, a login process is performed between the user terminal device 23 and the server 20 of the second system 2, and user authentication in the second system 2 is performed. After completion of user authentication, when the user terminal device 23 requests cooperation settings as shown in FIG. be done. Accordingly, the access destination of the user terminal device 23 is changed to the server 10 of the first system 1. At this stage, the server 20 of the second system 2 provides the server 10 of the first system 1 with information that proves that the user requesting cooperation settings is a user authenticated by the second system 2. Good too.

Next, as shown in FIG. 4B, a login process is performed between the user terminal device 23 and the server 10 of the first system 1. The login process is a process in which the user inputs information necessary for user authentication of the first system 1, that is, the user ID and password of the first system 1, at the user terminal device 23, and the server 10 authenticates this. When a user logs into the server 10 of the first system 1, an authentication token is issued by the server 10 of the first system 1. The authentication token is an example of token information that should be used to authenticate the user of the second system 2 and allow the game machine 22 of the second system 2 to use the payment service. An authentication token is issued each time cooperation settings are requested. The authentication token is information indicating that the user has been authenticated by the first system 1 and that the user has received permission from the first system 1 to use the payment service. For example, an authentication token may be issued according to the specifications of an ID token for authenticating a user in OpenID Connect, and an access token for indicating the scope of the user's access authority.

When the authentication token is issued, in the first system 1, first association data D1 in which the user ID in the first system 1 and the authentication token are associated and recorded is stored in a state that can be referenced by the server 10. . For example, the association data D1 may be recorded in the cooperation management database DB14 (FIG. 1). Further, the issued authentication token is delivered to the server 20 of the second system 2. In the server 20, second association data D2 in which the user ID in the second system 2 and the given authentication token are recorded in association with each other is stored in a state that can be referenced by the server 20. For example, the association data D2 may be recorded in the cooperation management database DB23 (FIG. 1).

When using the payment service of the first system 1 from the game machine 22, a login process is performed between the game machine 22 and the server 20 of the second system 2, and user authentication in the second system 2 is performed. Must be running. When the game machine 22 requests the server 20 to use the payment service of the first system 1 as shown in FIG. 2(d) while the user is authenticated, the server 20 stores the association data D2. Based on this, an authentication token corresponding to the user ID of the user is determined, and the server 10 of the first system 1 is requested to use the payment service along with the obtained authentication token. In response to this, the server 10 authenticates the user based on the authentication token, and obtains the user ID corresponding to the authentication token from the association data D1. By further determining the account ID corresponding to the user ID, processing for consuming electronic currency from the user's account in response to the payment request from the game machine 22 is performed.

Next, with reference to FIGS. 3 to 5, an example of a specific procedure executed by each of the systems 1 and 2 to realize cooperation regarding payment services will be described. FIG. 3 shows an example of a procedure for realizing the cooperation settings necessary for using the payment service. When performing cooperation settings for using a payment service, the authentication processing unit 201 of the server 20 acquires the user ID and password of the second system 2 necessary for user authentication from the user terminal device 23, and executes the login process. (Steps S101, S111). Note that if the user authentication from the user terminal device 23 has already been completed at the time the process of FIG. 3 is started, the processes of steps S101 and S111 may be omitted.

When the user performs an operation necessary for the cooperation setting with the login process completed, the user terminal device 23 requests the server 20 to set up the cooperation (step S102), and in response to this, the server 20 The authentication processing unit 201 transfers the request for collaboration settings from the user to the server 10 of the first system 1 (step S112). The request for cooperation settings may be made, for example, by displaying a web page that includes cooperation settings as an option on the user terminal device 23 that has accessed the server 20, and requesting the processing when the user selects cooperation settings. . When requesting settings from the server 10 of the first system 1, the authentication processing unit 201 sends a certificate to the server 10 of the first system 1 indicating that the request is from a user who has been authenticated by the second system 2. etc. may be provided. Thereby, the server 10 of the first system 1 can confirm that the user authenticated in the second system 2 is accessing.

In response to the request for cooperation setting, the access destination from the user terminal device 23 is changed to the server 10 of the first system 1 using redirect processing or the like by the server 20. Subsequently, the authentication processing unit 101 of the server 10 acquires the user ID and password of the first system 1 necessary for user authentication from the user terminal device 23, and executes a login process (steps S103, S121). In this case, the server 10 of the first system 1 displays a web page on the user terminal device 23 for inputting a user ID and password for logging into the first system 1, acquires the information input by the user, and logs in. Processing may be performed.

When the login process to the first system 1 is completed, the authentication processing unit 101 of the server 10 requests the user's approval for the execution of the cooperation setting via the user terminal device 23, and obtains the user's approval via the user terminal device 23. (Steps S104, S122). If the user does not approve, subsequent processing is canceled. When the user approves the settings, the authentication processing unit 101 of the server 10 issues an authentication token corresponding to the user who requested the cooperation setting, and provides this to the authentication processing unit 201 of the server 20 (step S123). As described above, the authentication token is an example of token information indicating that the user has been authenticated by the first system 1 and that the user has received permission from the first system 1 to use the payment service.

Next, the authentication processing unit 101 of the server 10 generates association data D1 (see FIG. 2) that associates the issued authentication token with the user ID obtained in step S301, and stores this in the collaboration management database DB14 ( Step S124). This completes the processing on the first system 1 side necessary for cooperation. On the other hand, the authentication processing unit 201 of the server 20 of the second system 2 generates association data D2 (see FIG. 2) that associates the authentication token provided by the server 10 with the user ID acquired in step S111, and It is saved in the collaboration management database DB23 (step S113). In addition, in the process of step S124, if an authentication token corresponding to the user ID of the first system 1 exists, the stored authentication token is invalidated, and a newly issued authentication token is associated with the user ID. What is necessary is to record it in the Kanden attachment data D1. Such processing is necessary when reissuing an authentication token. Note that if there is an authentication token associated with the user ID on the second system 2 side, the existing authentication token is invalidated and the newly provided authentication token is associated with the user ID during the process of step S113. It may be stored in the association data D2.

After that, the authentication processing unit 201 specifies the user ID acquired in step S111 and notifies the payment management unit 203 that the cooperation setting is completed and the payment service of the first system 1 can be used (step S111). S114). In response, the payment management unit 203 associates the specified user ID with information indicating that the cooperation settings have been completed and the payment service of the first system 1 can be used. and records the setting completion, and notifies the user terminal device 23 of the completion of the setting (step S131). With the above steps, the process in FIG. 3 is completed.

FIG. 4 shows an example of a procedure when a user uses the payment service of the first system 1 from the game machine 22 of the second system 2. In this process as well, first, a login process regarding the second system 2 is performed between the game machine 22 and the authentication processing unit 201 of the server 20, and the user is authenticated (steps S201, S211). If the login process has already been completed, the processes in steps S201 and S211 may be omitted.

When a payment occurs on the game machine 22, the game machine 22 requests the payment management unit 203 to specify the fee to be paid as the payment details (step S202). In response to this, the payment management unit 221 determines whether or not the payment service of the first system 1 should be used, and if it is determined that the payment service should be used, it specifies the payment details to the authentication processing unit 201. A request is made to use the payment service of the first system 1 (step S221). For example, if the completion of the cooperation setting is recorded in step S131 of FIG. 3 and the user has previously selected to use the payment service of the first system 1, or the user specifies the payment service of the first system 1 at the time of payment. In this case, the payment management unit 203 may request the use in step S221.

When the use of the payment service of the first system 1 is requested, the authentication processing unit 201 obtains an authentication token corresponding to the user ID obtained in step S211 from the cooperation management database DB23 (step S212). Next, the authentication processing unit 201 transfers the usage request from the payment management unit 203 to the server 10 of the first system 1, along with the obtained authentication token (step S213). In response to this, the authentication processing unit 101 of the server 10 of the first system 1 authenticates the user of the second system 2 using the authentication token attached to the usage request (step S231). This process first uses an authentication token to determine whether the user is authorized to use the payment service of the first system 1, and if the user is authorized to use the payment service, the authentication token is associated with the user. The user ID of the first system 1 may be acquired from the association data D1 of the collaboration management database DB14. If the user cannot be authenticated using the authentication token, for example, if the authentication token is invalid, or if the user ID corresponding to the authentication token does not exist, appropriate error processing may be performed.

Note that user authentication using an authentication token may be performed by a simple method such as searching the cooperation management database DB14 using the authentication token as a key and acquiring a user ID corresponding to the authentication token. Validity may be determined regarding the authentication token. For example, if the elapsed time from the previous use exceeds a predetermined length of time, the authentication token may be invalidated and user authentication may be unsuccessful. Alternatively, an expiration date may be set for the authentication token, and if the expiration date has passed, the authentication token may be invalidated and user authentication may be unsuccessful. If the authentication token is invalid, the user may be guided to obtain the authentication token again through the process shown in FIG. Information indicating the validity of the authentication token (for example, flag information) is recorded in the cooperation management database DB14, and when a login process using the authentication token is requested, the validity of the authentication token is determined by referring to the information. Good too.

When the user is authenticated, the authentication processing unit 101 of the server 10 authorizes the authenticated user to use the payment service, and specifies the payment details sent from the second system 2 and the user ID acquired in step S231. Then, the account management section 103 is instructed to make a payment (step S232). In response to this, the account management unit 232 acquires the account ID corresponding to the specified user ID from the account management database DB13, and determines whether the account corresponding to the acquired account ID has a balance that can be settled. (Step S241). Note that if the account ID does not exist, error processing may be performed as appropriate, such as notifying the game machine 22 that payment cannot be made. When the account is confirmed, the account management unit 103 requests the user to approve the payment via the game machine 22, and obtains the user's approval from the game machine 22 (steps S203, S242). If the user does not approve, subsequent processing is canceled.

Note that the payment approval in step S203 may be performed via the server 20. For example, the server 10 of the first system 1 requests the server 20 of the second system 2 to approve the payment, and in response, the payment management unit 203 requests the user to approve the payment via the game machine 22, The result may be returned from the server 20 to the server 10 of the first system 1. In this case, there is no need to implement a function for direct communication between the game machine 22 and the server 10 of the first system 1 in the game machine 22, and the game machine 22 is one of the client devices 21 in the second system 2. It is sufficient if it functions as In other words, from the perspective of the game machine 22, even when using the payment service of the first system 1, the communication partner is only the server 20 of the own system 2, and the payment method provided by the second system 2 is the only communication partner. For one thing, the user can use the payment service without being aware that it is the payment service of the first system 1. Therefore, it is only necessary to implement a game on the game machine 22 by considering only the services of the second system 2, and it is possible to reduce the burden required to implement a game program, etc. on the game machine 22. . Furthermore, even if a function for using the payment service of the first system 1 is additionally implemented in the second system 2, this can be done by modifying the server 20, and the game machine 22 does not need to be modified.

When the user approves the payment, the account management unit 103 executes the payment by consuming an amount of electronic currency corresponding to the specified fee from the balance of the user's account (step S243). Thereafter, the account management unit 103 notifies the game machine 22 of the result of the payment process (step S244). With the above steps, the process in FIG. 4 is completed.

As is clear from the above description, in this embodiment, the cooperation settings necessary for using the payment service of the first system 1 from the game machine 22 of the second system 2 are executed based on the access from the user terminal device 23. be done. When using the payment service of the first system 1 from the game machine 22, if the user authentication regarding the second system 2 is completed between the game machine 22 and the server 20, the user can use the first system 1 on the game machine 22. There is no need to enter a user ID or password required for user authentication of the system 1. Therefore, it is possible to eliminate the trouble of inputting such information on the game machine 22 where the input environment is limited, and it is possible to input the user ID and password on the game machine 22 that is used by an unspecified number of people. There is no security risk associated with doing so.

Furthermore, it is sufficient to simply transmit and receive an authentication token between the first system 1 and the second system 2. There is no need to acquire the user ID and password of the second system 2 on the first system 1 side, and there is no need to acquire the user ID and password of the first system 1 on the second system 2 side. Therefore, the risk of information leakage between the systems 1 and 2 can be eliminated, and security can be ensured.

If inappropriate access to the first system 1 occurs due to fraudulent activity such as theft of an authentication token, the first system 1 releases the association between the user ID and the authentication token and removes the authentication token. Once invalidated, the payment service of the first system 1 cannot be used from the second system 2 thereafter. For example, as shown in FIG. 5, the authentication processing unit 101 of the server 10 of the first system 1 specifies the user ID to be disassociated (step S301), and sets the association data D1 corresponding to the user ID. The association between the user ID and the authentication token may be canceled by discarding the authentication token or deleting the association data D1 itself (step S302).

Even when the association between the authentication token and the user ID is canceled, the user authentication within the first system 1 or the user authentication within the second system 2 is not affected. Therefore, there is no need to take measures such as stopping the provision of services within each of the systems 1 and 2. Even if some change occurs regarding the payment processing settings on the second system 2 side, the first system 1 side only needs to manage whether or not to authorize the use of the payment service using the authentication token. There is no fear that the services within the system will be forced to change due to circumstances on the second system 2 side.

In the above embodiment, the authentication processing unit 101 of the server 10 of the first system 1 functions as an example of token information providing means by executing the process of step S123 in FIG. By executing the process in S123, the authentication processing unit 201 of the second system 2 functions as an example of the first storage unit, and by executing the process in step S118 in FIG. 3, it functions as an example of the second storage unit. The authentication processing unit 201 functions as an example of a usage requesting means by executing the processing in steps S212 and S213 in FIG. It functions as an example of a usage control means, and functions as an example of a cancellation means when the authentication processing unit 101 executes the processes of steps S301 and S302 in FIG. Furthermore, by implementing a function that causes each of the authentication processing unit 101 of the server 10 and the authentication processing unit 201 of the server 20 to execute the processing shown in FIGS. constitutes an example of a cooperative system. For example, the cooperation system implements the function of issuing an authentication token and user authentication using this in the server 10 as an API that can be used from the server 20, and the server 20 has the functions necessary to use the API. This can be achieved by implementing this.

The present invention is not limited to the form described above, and may be implemented in forms with appropriate modifications or changes. For example, the specific service is not limited to the payment service, and any appropriate service provided by the first service system may be made available as the specific service from the game device of the second service system. Use of the specific service is not limited to use from the game device of the second service system. In addition to use from a game device, the specific service may also be made available from an appropriate client device such as a user terminal device. The services of the first service system that can be used as specific services may be changed as appropriate depending on the type of service provided by the second service system. The first service system is not limited to the example that includes a game device as its client device. The client device of the first service system may be selected as appropriate.

In the above embodiment, an example is shown in which the functions of issuing an authentication token and user authentication using this are implemented in the authentication processing unit 101 of the server 10 of the first system 1. 101 may be realized by a logical device or a physical server.

Various aspects of the present invention derived from each of the embodiments and modifications described above will be described below. In the following description, in order to facilitate understanding of each aspect of the present invention, corresponding components illustrated in the accompanying drawings will be added in parentheses, but the present invention is not limited to the illustrated form. It's not something you can do.

A cooperation system according to one aspect of the present invention is a first service system (1) that provides a first service to a user from a first server (10) to a client device (11) for the first server. and a second service is provided to the user from a second server (20) to the second server via a client device (21), and the client device includes a game device (22) and a user terminal device. (23) and a second service system (2) that includes the above, so that a specific service that is at least a part of the first service can be used from the second service system. The system is configured to provide the first service system with token information to be used for authenticating the user and having the game device use the specific service based on a request from the user terminal device. a first association in which the token information is recorded in association with first identification information for identifying the user in the first service system; a first storage means (101, S124) for storing data (D1) in a state that can be referenced by the first server; a second storage means (201, S118) for storing second association data (D2) recorded in association with the second identification information being used in a state where the second server can refer to the second association data (D2); When the device requests the use of the specific service, the second server specifies token information corresponding to the second identification information of the user using the game device based on the second association data. , usage requesting means (201, S212, S213) for requesting the first server to use the specific service by providing the obtained token information from the second server to the first server; The user of the game device is authenticated by the first server based on the token information provided to the first server and the first association data, and the specific service from the game device regarding the authenticated user is authenticated. It is provided with a usage control means (101, S231, S232) that allows the first server to use the server.

A cooperative control method according to one aspect of the present invention provides a first service system (10) that provides a first service to a user from a first server (10) to a client device (11) for the first server. ), a second service is provided to the user from a second server (20) to the second server via a client device (21), and the client device includes a game device (22) and a user terminal. and a second service system (2) including the device (23), so that a specific service that is at least a part of the first service can be used from the second service system. The cooperative control method includes, based on a request from the user terminal device, token information to be used for authenticating the user in the first service system and allowing the game device to use the specific service. a step of providing the token information to the second server (S123); and first association data (D1) recorded by associating the token information with first identification information for identifying the user in the first service system. ) in a state that can be referenced by the first server (S124), and the token information is stored as second identification information used to identify the user in the second service system. a step (S118) of saving second association data (D2) recorded in association with the second server in a state where it can be referenced by the second server; and when the game device requests the use of the specific service, the game The second server specifies token information corresponding to the second identification information of the user who uses the device based on the second association data, and the obtained token information is transmitted from the second server to the second server. 1 server to request the first server to use the specific service (S212, S213); and based on the token information provided to the first server and the first association data. a step of authenticating the user of the game device to the first server and allowing the first server to allow the authenticated user to use the specific service from the game device (S231, S232); It includes.

A computer program (PG1, PG2) according to one aspect of the present invention provides a first service for providing a first service to a user from a first server (10) to a client device (11) for the first server. A second service is provided to the user via a service system (1) and a client device (21) from a second server (20) to the second server, and a game device (22) is provided as the client device. ) and a user terminal device (23), such that a specific service that is at least a part of the first service can be used from the second service system. A computer program for coordinating a predetermined computer (10, 20) with a token to be used to authenticate the user with the first service system and allow the game device to use the specific service. token information providing means (101, S123) for providing information to the second server based on a request from the user terminal device; a first storage means (101, S124) that stores first association data (D1) recorded in association with the first identification information in a state that the first server can refer to; a second association data (D2) recorded in association with second identification information used to identify the user in the second service system, and stored in a state where the second server can refer to the second association data (D2); 2 storage means (201, S118), when the game device requests the use of the specific service, the storage device (201, S118) stores token information corresponding to the second identification information of the user using the game device in the second association; A usage request that causes the second server to specify based on data, provides the obtained token information from the second server to the first server, and requests the first server to use the specific service. means (201, S212, S213), and authenticating the user of the game device to the first server based on the token information and the first association data provided to the first server, and authenticating the user of the game device to the first server. The first server is configured to function as a usage control means (101, S231, S232) that allows the first server to allow the user to use the specific service from the game device.

According to the above aspect, the issuance of token information necessary for using the specific service of the first service system from the second service system and the storage of the first and second association data are performed by the second service system. It is executed based on a request from a user terminal device in the system. When using a specific service from a game device of the second service system, if user authentication regarding the second service system is completed between the game device and the second server, the user authentication is performed. By identifying token information from the user's identification information and providing the obtained token information to the first server, the first server authenticates the user based on the token information and extracts the token from the first association data. It is possible to identify the user identification information corresponding to the information. Thereby, it is determined which user of the first service system the user of the second service system who is trying to use the specific service corresponds to, and the specific service of the first service system is transferred to the game of the second service system. It can be used according to the request from the device. There is no need for the user to input information necessary for user authentication of the first service system, such as authentication information such as a user ID and password, on the game device of the second service system. Therefore, it is possible to eliminate the trouble of inputting such information in a game device with a limited input environment. Even if the game device is not owned by the user, there is no need to input authentication information or the like necessary for using the first service system on the game device, which is advantageous in terms of ensuring security.

Furthermore, since it is possible to link the first service system and the second service system by simply transmitting and receiving token information, the first service system can communicate with the user of the second service system. There is no need to acquire authentication information, and there is no need for the second service system to acquire user authentication information of the first service system. Therefore, the risk of information leakage between service systems can be eliminated, and security can be further ensured.

Note that the computer program according to one aspect of the present invention may be provided in a state stored in a storage medium. If this storage medium is used, the system of the present invention can be realized using the computer, for example, by installing and executing the computer program according to the present invention on the computer. The storage medium storing the computer program may be a non-transitory storage medium such as a CDROM.

In the above aspect, the cooperation system may further include a canceling unit (101, S301, S302) for canceling the association between the token information and the first identification information in the first association data. According to this, if the token information is stolen and inappropriate access occurs to the first service system, the association between the first identification information of the first service system and the token information is canceled. By doing so, it is possible to eliminate the possibility that the specific service will be used illegally. Even if the association between the token information and the first identification information is canceled, the user authentication within each service system using the first or second identification information is not affected. Therefore, there is no need to take measures such as stopping the provision of services within each service system.

In the above aspect, the specific service may include a payment service. According to this, it becomes possible to use the payment service of the first service system as a means of payment for fees for paid services in the second service system.

Furthermore, the game device may be configured as an arcade game machine that provides game-related services in exchange for payment of fees. Compared to PCs and the like, arcade game machines have a more limited environment for inputting character information and the like, and operations other than playing games need to be completed as quickly as possible. Furthermore, since the arcade game machine is installed in a facility such as a store where an unspecified number of people visit, it is not desirable from a security perspective to require the user to input user authentication information for another service system on the game machine. By applying the above aspect in such a case, it is possible to allow the arcade game machine to use the specific service of the first service system quickly and safely, thereby fully utilizing the merits of the above aspect.

1 First amusement system (first service system)
2 Second amusement system (second service system)
10 first server 11, 21 client device 20 second server 22 arcade game machine (game device)
23 User terminal device 101 Authentication processing unit (token information providing means, first storage means, usage control means, release means)
201 Authentication processing unit (second storage means, usage requesting means)
D1 First association data D2 Second association data PG1, PG2 Server program

Claims (1)

a first service system that provides a first service to a user from a first server via a client device to the first server; and a first service system that provides a first service to the user from a second server to the second server via a client device; a second service system that provides a second service to the client device and includes a game device and a user terminal device as the client device; A collaboration system for cooperating so that a specific service can be used by a department,
Providing token information to the second server based on a request from the user terminal device, which should be used to authenticate the user in the first service system and allow the game device to use the specific service. token information providing means for
A first storage system that stores first association data recorded by associating the token information with first identification information for identifying the user in the first service system in a state where the first server can refer to the first association data; storage means, and
a state in which the second server can refer to second association data recorded by associating the token information with second identification information used to identify the user in the second service system; a second storage means for storing;
When the game device requests the use of the specific service, token information corresponding to the second identification information of the user using the game device is sent to the second server based on the second association data. usage requesting means for requesting the first server to use the specific service by providing the second server with the obtained token information from the second server to the first server;
Based on the token information provided to the first server and the first association data, the user of the game device is authenticated by the first server, and the identification from the game device regarding the authenticated user is performed. usage control means for allowing the first server to use the service;
A collaborative system with

Images