JP2024042294A - Information management system and information management method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To link four pieces of basic information to accurate mobile phone numbers in identity confirmation.

SOLUTION: An information management system includes: an external server that sends a confirmation request requesting identity confirmation of an inhabitant; an authentication server that performs public personal authentication using a personal card, which is a public certificate; a mobile carrier server that performs carrier authentication using carrier contract information with a telecommunications carrier that provides telecommunication services using phone numbers; and a management server. The management server includes: a public personal authentication control unit that executes a process for performing the public personal authentication by the authentication server in response to the confirmation request; a carrier authentication control unit that executes a process for performing the carrier authentication by the mobile carrier server; and an identity information generation unit that generates identity information linking four pieces of basic information on the inhabitant obtained by the public personal authentication, the carrier contract information on the inhabitant obtained by the carrier authentication, and a phone number of the inhabitant.

SELECTED DRAWING: Figure 1

COPYRIGHT: (C)2024,JPO&INPIT

Description

The present invention relates to an information management system and an information management method.

There is a technology that uses public personal identification (JPKI) as a means of online identity verification (for example, Patent Document 1). As My Number cards become more popular, it is expected that identity verification using JPKI will become more widespread.

JP2019-113911A

However, the information that can be obtained with JPKI is limited to four basic information (address, name, date of birth, and gender). When businesses, organizations, etc. try to use JPKI as a point of contact with consumers, the information they can use from the information obtained from JPKI is ``address'' and ``name.'' Since delivery using an address takes time and effort, it is better to have an easier and faster means of contact. It is conceivable to obtain contact information other than address by inputting a telephone number, e-mail address, etc. at the time of identity verification, but there are concerns about incorrect input, and there are problems with reliability.

The present invention was made in consideration of these circumstances, and its purpose is to provide an information management system and information management method that can link the four basic pieces of information with a highly reliable telephone number for identity verification.

In order to solve the above-mentioned problems, the information management system according to the present invention includes an external server that sends a confirmation request for verifying the identity of a consumer and that includes the phone number of the consumer, and a My Number card. An authentication server that performs public personal authentication using (personal number card) (personal card that is a public certificate), and a contract with a telecommunications carrier that provides communication services using telephone numbers to use said communication services. A mobile carrier server that performs carrier authentication using carrier contract information regarding a contract with a user, and a management server, wherein the management server performs the public personal authentication by the authentication server in response to the confirmation request. a public personal authentication control unit that executes processing for carrying out the carrier authentication by the mobile carrier server; and four basic information of the consumer obtained by the public personal authentication. and a personal information generation unit that generates personal information in which the carrier contract information of the consumer obtained through the carrier authentication and the consumer's telephone number are linked.

Further, in the information management system of the present invention, the confirmation request includes registration information regarding a service used by the consumer in a company corresponding to the external server, and the public personal authentication control unit: for performing the public personal authentication when the registration information included in the confirmation request and the notification registration information notified from the consumer terminal used by the consumer as the registration information of the consumer match; Execute processing.

Further, in the information management system of the present invention, the management server further includes an output control unit that outputs the personal information to an external server with the consent of the consumer.

Furthermore, in order to solve the above-mentioned problems, the information management method according to the present invention includes: an external server that transmits a confirmation request that requests the consumer's identity verification and includes the consumer's phone number; An authentication server that performs public personal authentication using my number card (individual card that is a public certificate), a communication carrier that provides communication services using telephone numbers, and the use of said communication services. An information management method performed by an information management system comprising: a mobile carrier server that performs carrier authentication using carrier contract information regarding a contract with a contract user; and a management server, the management server performing public personal authentication control. a carrier authentication control unit executes a process for performing the public personal authentication by the authentication server in response to the confirmation request, a carrier authentication control unit executes a process for performing the carrier authentication by the mobile carrier server, The personal information generation unit links the consumer's four basic information obtained through the public personal authentication, the carrier contract information of the consumer obtained through the carrier authentication, and the consumer's telephone number. Generate personal information.

According to the present invention, it is possible to link the four basic pieces of information with a highly reliable telephone number in identity verification. Furthermore, it becomes possible to link the four basic information, a highly reliable telephone number, and information regarding a user associated with a company or organization, such as information indicating a bank account number.

FIG. 1 is a block diagram showing an example of an information management system 1 according to an embodiment. It is a sequence diagram showing the flow of processing performed by the information management system 1 according to the embodiment. It is a sequence diagram showing the flow of processing performed by the information management system 1 according to the embodiment. It is a sequence diagram showing the flow of processing performed by the information management system 1 according to the embodiment. It is a block diagram showing an example of management server 10 concerning an embodiment. It is a diagram showing an example of personal information 120 according to the embodiment.

Hereinafter, one embodiment of the present invention will be described with reference to the drawings.

FIG. 1 is a block diagram showing an example of an information management system 1 according to an embodiment. The information management system 1 includes a management server 10, a consumer terminal 20, a mobile carrier server 30, an authentication server 40, and a company/organization server 50. A group of devices (management server 10, consumer terminal 20, mobile carrier server 30, authentication server 40, and company/organization server 50) constituting the information management system 1 are communicably connected via a communication network NW. .

The management server 10 is an information processing device that performs requests from companies or organizations corresponding to the company/organization server 50, specifically, the identity verification of consumers. The consumer here is, for example, a customer of a company or organization, and a user who uses the consumer terminal 20. As the management server 10, for example, a computer such as a server device or a personal computer (PC) can be applied. The management server 10 performs control to execute identity verification requested by the company/organization server 50.

The consumer terminal 20 is an information processing device used by a user (a consumer). As the consumer terminal 20, for example, a smartphone, a mobile phone, a computer such as a PC can be applied.

The consumer terminal 20 has a display unit such as a liquid crystal display that displays information, and an operation unit such as a touch panel that accepts operations by the consumer. The consumer terminal 20 responds to notifications related to identity verification from the management server 10.

The consumer terminal 20 is contracted by the consumer with the telecommunications company of the mobile carrier server 30 to use a communication service using the consumer terminal 20. The consumer terminal 20 is capable of communicating using the communication service provided by the contracted telecommunications company. The consumer terminal 20 is assigned a telephone number and has the function of communicating with this telephone number as the destination.

The card 200 is an IC (Integrated Circuit) card in which an electronic certificate 201 is stored. The card 200 is a card (personal card) that is a public certificate, and is, for example, a My Number card (personal number card). In this case, the card 200 stores an electronic certificate for signature and an electronic certificate for consumer certification as an electronic certificate 201 .

The mobile carrier server 30 is a server device managed by a communication carrier. The communication carrier is, for example, an MNO (Mobile Network Operator) that provides communication services using telephone numbers to consumer terminals 20 using communication lines that it owns or operates. . The mobile carrier server 30 communicates with the management server 10 and the consumer terminal 20 via the communication network NW.

The mobile carrier server 30 stores carrier contract information related to a contract with a consumer who has concluded a contract to use the consumer terminal 20 in a storage unit. The carrier contract information includes, for example, the consumer's telephone number, name, address, date of birth, and age. Further, the carrier contract information may include the contract period of the contract between the communication carrier and the contracted user (consumer). Further, the carrier contract information may be customer information regarding the consumer, which is registered for a service such as a messaging service that the consumer uses.

The authentication server 40 is, for example, a server device that provides a public personal authentication service operated by J-LIS (Local Government Information System Institute). The authentication server 40 communicates with the management server 10 via the communication network NW.
Furthermore, in this embodiment, the authentication server 40 also serves as a signature verifier (platform operator). The signature verifier here can receive revocation information and the like of the electronic certificate 201 issued by the public personal authentication service. The signature verifier can obtain the four basic information.

The company/organization server 50 is a server device managed by a company or organization. Examples of companies or organizations include banks, insurance companies, and local governments. The company/organization server 50 communicates with the management server 10 via the communication network NW. The company/organization server 50 requests the management server 10 to verify the identity of the consumer by notifying the consumer's telephone number.

Here, the flow of processing performed by the management server 10 will be explained using FIGS. 2 to 4. 2 to 4 are sequence diagrams showing the flow of processing performed by the information management system 1 according to the embodiment.

2 to 4, in the information management system 1, the exchange between the management server 10 and the consumer terminal 20, for example, in the processing corresponding to steps S16, S21, etc. described later, is performed using a message service. This will be explained by illustrating a case in which this is the case. The message service here is a communication service provided by a mobile carrier (mobile phone operator) corresponding to the mobile carrier server 30. With message services, messages such as text and images are exchanged using mobile phone numbers. The message service is, for example, RCS (Rich Communication Services).

However, the exchange between the management server 10 and the consumer terminal 20 is not limited to the message service. For the exchange of information between the management server 10 and the consumer terminal 20, notification means other than message services, such as e-mail, SNS (Social Networking Service), REST API, and so-called web service exchange, are applied. It's okay.
Although descriptions are omitted in steps S16 and S21 in FIG. 2, when communication using a message service is performed, a message is notified from the management server 10 to the consumer terminal 20 via the mobile carrier server 30. Ru. That is, as shown in steps S12 and S13, a distribution request is made from the management server 10 to the mobile carrier server 30 requesting that the message be distributed, and the message is notified to the consumer terminal 20 in response to the distribution request. be done.

As shown in FIG. 2, first, the company/organization server 50 transmits a confirmation request to the management server 10 (step S10). The confirmation request is a notification requesting the consumer to confirm his or her identity.

In step S10, the company/organization server 50 transmits a confirmation request including at least a telephone number to the management server 10. Alternatively, the company/organization server 50 sends a confirmation request to the management server 10 including information other than the consumer's telephone number, such as company/organization information and four basic information (address, name, date of birth, gender). You may also send it.

Company/organization information is information for consumers to use services provided by companies or organizations corresponding to the company/organization server 50. For example, if the procedure destination is a bank etc., the company/organization information is This is account information that shows the account number, etc. If the procedure destination is a securities company or the like, the company/organization information is securities information indicating a securities account or securities number.

When the management server 10 receives the confirmation request, it stores the telephone number of the consumer included in the confirmation request in the personal information 120 (see FIG. 5).

Furthermore, upon receiving the confirmation request, the management server 10 generates an individual URL (Uniform Resource Locator) (step S11). The individual URL is a URL used to perform the procedure corresponding to the confirmation request, and is a unique URL linked to the confirmation request. For example, the individual URL is information indicating a specific page for performing a procedure. For example, a site specified by an individual URL is a page to which access is restricted. For example, the individual URL is a so-called one-time URL that can be accessed only once, for a limited time, or for a limited number of times.

The management server 10 sends a message delivery request to the mobile carrier server 30 to request that a request message be delivered (step S12). The request message here is a message that requests the consumer to verify his/her identity in response to the verification request, and is a message that notifies the consumer terminal 20 of the individual URL created in step S11.

When the mobile carrier server 30 receives the message distribution request, it transmits a request message indicating the individual URL to the consumer terminal 20 (step S13). When the consumer terminal 20 receives the request message, the consumer terminal 20 stores the individual URL indicated in the request message in the consumer terminal 20 .

On the other hand, when the individual URL indicated in the response message is clicked by the user, the consumer terminal 20 accesses the page corresponding to the individual URL, and according to the guidance of the accessed page, necessary information and companies/organizations. The information is input, and the input necessary information and company/organization information are transmitted to the management server 10 (step S14). Necessary information is information necessary for the procedure, and is, for example, information indicating the consumer's address, name, telephone number, and date of birth. Note that information corresponding to the 4 basic information (address, name, date of birth, gender) needs to be requested in step S14, since it is possible to obtain the 4 basic information in step S19, which will be described later. It may be excluded from the information.

For example, the management server 10 displays an input screen for inputting necessary information and company/organization information on a page corresponding to the individual URL. The consumer terminal 20 inputs and replies necessary information and company/organization information according to the content displayed on the input screen. As a result, the management server 10 acquires necessary information and company/organization information.

The management server 10 performs a match determination (step S15). The match determination here is a process executed when a confirmation request including company/organization information is notified from the company/organization server 50 in step S10, and is a process of determining whether the company/organization information notified from the consumer terminal 20 in step S14 matches the company/organization information notified from the company/organization server 50 in the confirmation request in step S10. If the two pieces of information match in the match determination, the management server 10 stores the company/organization information in the consumer's personal information 120.

Note that the determination rule for the match determination in step S15 may be arbitrarily set. For example, as a determination rule, if all of the company/organization information (for example, securities account and securities number) completely matches, the match is determined to be OK, and if even one item of information does not match, the match is determined to be NG. Alternatively, a determination rule may be set in which the match is determined to be OK if at least one of the company/organization information (for example, securities account) matches.

On the other hand, if the company/organization information is not notified from the company/organization server 50 in the confirmation request in step S10, the management server 10 does not execute step S15, and in step S14, the management server 10 does not execute the company/organization information notified from the consumer terminal 20. The group information is stored in the consumer's personal information 120.

As a result, company/organization information is linked to the consumer's telephone number regardless of whether or not step S15 is executed.

Furthermore, the management server 10 uses the message service to transmit a guidance message for guiding public personal authentication to the consumer terminal 20 (step S16). The guidance message includes a guidance message instructing the user to perform public personal authentication to confirm the person's identity in order to complete the procedure, as well as an operation button with a message such as ``Perform public personal authentication.''

When a consumer touches an operation button labeled "Perform public personal authentication," etc., processing for public personal authentication is executed. Specifically, as a process for performing public personal authentication, PIN input, card touch operation, etc. are executed (step S17).

PIN input means inputting a PIN (Personal Identification Number) necessary for public personal authentication. The card touch operation is an operation in which the My Number card (card 200) for performing public personal authentication is brought close to the card touch screen.

For example, when a consumer touches an operation button, an input screen for entering a PIN is displayed along with a message such as "Please enter your personal identification number card's PIN." The consumer views the input screen and inputs the PIN according to the instructions displayed on the input screen. When the consumer terminal 20 stores the PIN input by the consumer, the consumer terminal 20 displays a touch screen on which a frame indicating the shape of the card, etc. is displayed along with a guidance message such as "Please touch your My Number Card."
A consumer performs a touch operation by bringing the card 200 close to the touch screen. By performing the touch operation, communication between consumer terminal 20 and card 200 is established.
When communication between the consumer terminal 20 and the card 200 is established, the consumer terminal 20 notifies the card 200 of the PIN and requests the consumer terminal 20 to notify the electronic certificate 201. If the PIN notified from the consumer terminal 20 matches the preset PIN, the consumer terminal 20 performs predetermined processing with the card 200 to receive the electronic certificate 201 and signature data. The predetermined information included is output to the management server 10.

The management server 10 requests the authentication server 40 to determine whether the resident's electronic certificate 201 is valid (validation confirmation) using the specified information notified from the resident's terminal 20 (step S18).

In response to a request from the management server 10, the authentication server 40 transmits the result of the validity check and the consumer's four basic information to the management server 10 (step S19).

The management server 10 receives the result of the validity check and the four basic information of the consumer from the authentication server 40, and if the result of the validity check shows that the electronic certificate 201 is valid, performs a match determination (step S20). . The match determination here is a process executed when a confirmation request including the four basic information is notified from the company/organization server 50 in step S10, and the four basic information notified from the authentication server 40 in step S19. This is a process of determining whether the information and the four basic information notified from the company/organization server 50 in the confirmation request in step S10 match. If the two pieces of information match in the match determination, the management server 10 stores the four basic pieces of information in the consumer's personal information 120.

Note that the determination rule for the match determination in step S20 may be arbitrarily set. For example, as a determination rule, if the address, name, date of birth, and gender all match completely, the match is determined to be OK, and if any of them do not match, the match is determined to be NG. Alternatively, a determination rule may be set in which the match is determined to be OK if at least one of address, name, and date of birth matches.

On the other hand, if the basic four information is not notified from the company/organization server 50 in the confirmation request in step S10, the management server 10 does not execute step S20, and if the electronic certificate 201 is valid, performs authentication in step S19. The four basic information notified from the server 40 is stored in the consumer's personal information 120.

As a result, regardless of whether step S20 is executed or not, the company/organization information and the four basic information are linked to the consumer's telephone number.

Further, as shown in FIG. 3, the management server 10 confirms whether the consumer agrees to perform carrier authentication (step S21). Carrier authentication is an authentication method that performs identity verification using carrier contract information regarding a contract between a communication carrier that provides communication services using telephone numbers and a contracted user who uses communication services.

For example, upon acquiring the four basic information from the authentication server 40, the management server 10 uses a message service to send a confirmation message to the consumer terminal 20 to obtain consent for carrier authentication. The confirmation message includes an instruction to perform carrier authentication in order to strictly verify the user's identity, as well as an operation button with a message such as "I agree to perform carrier authentication."

If the consumer agrees to carry out carrier authentication, an authentication request is made. In the authentication request, the consumer terminal 20 transmits authentication information for carrier authentication, such as a password, to the mobile carrier server 30. The management server 10 transmits the consumer's date of birth, address, name, etc., and makes an authentication request to the mobile carrier server 30 to perform carrier authentication of the consumer (step S22). When the mobile carrier server 30 receives the date of birth etc. from the management server 10, it determines whether the received date of birth etc. of the consumer matches the carrier contract information registered in advance (step S23), and The determination result is transmitted to the management server 10 (step S24).

It is assumed that the consumer's verification information is stored in the management server 10 in advance. For example, when a consumer uses a service that performs procedures via the management server 10, the consumer registers the consumer's personal information, such as address, name, date of birth, etc., in the management server 10. The management server 10 causes the registered consumer's personal information to be stored in the management server 10 as the consumer's verification information.

When the management server 10 receives the result of the match determination from the authentication server 40, if the match determination is OK, it stores the verification information (contract carrier information) of the resident in the resident's personal information 120. This links the company/organization information, the four basic pieces of information, and the contract carrier information to the resident's telephone number.

In step S23, the mobile carrier server 30 performs the matching determination, but the management server 10 may perform the matching determination. In this case, in step S24, the contract carrier information of the resident (e.g., address, name, date of birth, etc.) is sent from the mobile carrier server 30 to the management server 10. The management server 10 performs the matching determination by comparing the contract carrier information of the resident received from the mobile carrier server 30 with the verification information of the resident stored in advance in the management server 10.

Further, the determination rule for the match determination in step S23 may be arbitrarily set. For example, as a determination rule, if the address, name, and date of birth all match completely, the match is determined to be OK, and if any of the addresses, names, and dates of birth do not match, the match is determined to be NG. Alternatively, a determination rule may be set in which the match is determined to be OK if at least one of address, name, and date of birth matches.

Further, as shown in FIG. 4, upon receiving the determination result of the match determination from the mobile carrier server 30, the management server 10 transmits the determination result to the company/organization server 50 (step S25). Upon receiving the determination result from the management server 10, the company/organization server 50 confirms the content of the determination result (step S26). The company/organization server 50 transmits the confirmation result of the contents to the management server 10 (step S27). In this case, when the management server 10 receives the determination result of the match determination from the mobile carrier server 30, it may notify the consumer terminal 20 of the determination result. For example, upon receiving the match determination result from the mobile carrier server 30, the management server 10 generates a determination result message including the determination result, and sends a message distribution request requesting distribution of the determination result message to the mobile carrier server 30. It is transmitted to the carrier server 30. Then, upon receiving the message distribution request, the mobile carrier server 30 transmits a determination result message to the consumer terminal 20.

Note that, although an example has been described above in which the management server 10 performs a match determination in step S20, the present invention is not limited to this. The management server 10 may notify the company/organization server 50 of the four basic information notified from the authentication server 40 and the result of the match determination performed in step S20. In this case, for example, the company/organization server 50 uses its own judgment rules to determine whether the four basic information notified from the management server 10 and the information about the user held by the company or organization corresponding to the company/organization server 50 are the same. It becomes possible to check whether or not they match.
Furthermore, even when the management server 10 performs the match determination in step S23 instead of the mobile carrier server 30, the management server 10 similarly uses the four basic information notified from the authentication server 40 and the result of the match determination for the company. - The group server 50 may be notified.

In addition, in the confirmation request in step S10, if the confirmation request including the company/organization information and the four basic information is not notified from the company/organization server 50, that is, if the confirmation request including only the telephone number is notified, etc. The match determination in S15 and the match determination in step S20 may be configured to be executed by the company/organization server 50.
In this case, for example, the management server 10 checks whether the consumer agrees to the information collaboration. Information cooperation here means transmitting information indicating the result of identity verification, that is, identity information 120, to the company or organization corresponding to the company/organization server 50.
For example, the management server 10 uses a message service to send a confirmation message to the consumer terminal 20 to obtain consent for information collaboration. The confirmation message includes a message asking if it is OK to send information indicating the result of the identity verification to the company or organization corresponding to the company/organization server 50, along with an operation message such as "I agree to information sharing." button is shown.
When the consumer agrees to the information collaboration, the consumer terminal 20 transmits the consent to the management server 10. For example, when a consumer touches an operation button, a notification indicating consent to information collaboration is sent from the consumer terminal 20 to the management server 10.
When the management server 10 receives a notification indicating consent to information cooperation, it performs information cooperation by transmitting information indicating the result of identity verification to the company/organization server 50.
When the company/organization server 50 receives information indicating the result of identity verification from the management server 10, it performs a match determination based on the contents. For example, the company/organization server 50 determines whether the company/organization information in the personal information 120 notified from the management server 10 matches the consumer's company/organization information stored by the company/organization server 50. Further, the company/organization server 50 determines whether the four basic information in the personal information 120 notified from the management server 10 matches the four basic information of the consumer stored by the company/organization server 50.
In this case, the company/organization server 50 may, for example, notify the management server 10 of the match determination result. Furthermore, the management server 10 may notify the consumer terminal 20 of the match determination result notified from the company/organization server 50. In this case, upon receiving the confirmation result from the company/organization server 50, the management server 10 generates a confirmation result message including the confirmation result, and sends a message distribution request requesting delivery of the confirmation result message to the mobile carrier. Send to server 30. When the mobile carrier server 30 receives the message distribution request, it transmits a confirmation result message to the consumer terminal 20.

FIG. 5 is a block diagram showing an example of the management server 10 according to the embodiment. The management server 10 includes, for example, a communication section 11, a storage section 12, and a control section 13. The communication unit 11 communicates with the consumer terminal 20, the mobile carrier server 30, the authentication server 40, and the company/organization server 50.

The storage unit 12 is a storage medium such as an HDD (Hard Disk Drive), a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), a RAM (Random Access read/write Memory), a ROM (Read Only Memory), or any of these. configured by any combination of storage media. The storage unit 12 stores programs for executing various processes of the management server 10 and temporary data used when performing various processes.

The storage unit 12 stores, for example, personal information 120. The personal information 120 is the consumer's personal information obtained through identification, etc. performed for procedures.

FIG. 6 is a diagram showing an example of personal information 120 according to the embodiment. The personal information 120 stores, for example, information corresponding to items such as public personal authentication, message application, carrier authentication, and companies/organizations.

The four basic pieces of information obtained by performing the public personal authentication of a resident are stored in the public personal authentication, namely, the resident's address, name, date of birth, and gender. These are stored when the four basic pieces of information are notified from the authentication server 40 to the management server 10 in step S18.
The mobile phone number field stores the phone number of the resident obtained by using the message service. This is stored when a confirmation request is sent from the company/organization server 50 to the management server 10 in step S10.
In the carrier authentication, the contract carrier information of the consumer obtained by performing the carrier authentication is stored. This is stored when the mobile carrier server 30 notifies the management server 10 of the result of the match determination in step S24. Note that in the carrier authentication, only the result of the comparison with the official personal authentication, for example, information indicating a match or a mismatch, may be stored.
The company/organization information notified by the consumer is stored in the company/organization. This is stored when the company/organization information is notified from the consumer terminal 20 to the management server 10 in step S14.

In this way, in the personal information 120, the consumer's telephone number, company/organization information, four basic information, and contract carrier information are linked. Basic 4 information is information obtained through public personal authentication. Further, contract carrier information is information obtained by performing carrier authentication. Further, the contracted carrier information is information that is generated in association with a telephone number when a consumer contracts for a communication service. Therefore, it is possible to accurately determine whether or not the person performing the procedure matches the mobile phone subscriber using the respective authentication results of public personal authentication and carrier authentication. By collaborating the personal information 120 with a company or organization, it becomes possible to notify the company or organization of correct personal information and telephone number.

Returning to FIG. 5, the control unit 13 is realized by having a CPU (Central Processing Unit) that the management server 10 has as hardware execute a program. The control unit 13 comprehensively controls the management server 10. The control unit 13 includes, for example, an acquisition unit 130, a public personal authentication control unit 131, a carrier authentication control unit 132, a personal information generation unit 133, and an output control unit 134.

The acquisition unit 130 acquires various information. For example, the acquisition unit 130 acquires a confirmation request notified from the company/organization server 50 in step S10. When acquiring a confirmation request, the acquisition unit 130 outputs the acquired confirmation request to the public personal authentication control unit 131.

The public personal authentication control unit 131 executes processing for causing the authentication server 40 to perform public personal authentication. For example, the public personal authentication control unit 131 sends the request message to the consumer terminal 20 by requesting the mobile carrier server 30 to transmit a message (request message) for performing public authentication in step S12. In response to the reply from the consumer terminal 20, a process for performing public personal authentication is performed.

Carrier authentication control unit 132 executes processing for causing mobile carrier server 30 to perform carrier authentication. For example, in step S21, the carrier authentication control unit 132 notifies the consumer terminal 20 of a message (confirmation message) confirming whether or not you agree to perform carrier authentication, and responds to the reply from the consumer terminal 20. Processing to perform carrier authentication is performed.

The principal information generation unit 133 generates principal information 120. For example, when the management server 10 is notified of a confirmation request from the company/organization server 50 in step S10, the personal information generation unit 133 stores the telephone number of the consumer included in the confirmation request in the personal information 120.
Furthermore, when the management server 10 is notified of the basic 4 information from the authentication server 40 in step S19, the personal information generation unit 133 stores the basic 4 information in the personal information 120.
Further, when the determination result of the match determination is notified from the mobile carrier server 30 to the management server 10 in step S24, the personal information generation unit 133 converts the consumer's contract carrier information used for carrier authentication into the personal information 120. Make me remember.
Further, when the company/organization information is notified from the consumer terminal 20 to the management server 10 in step S14, the personal information generation unit 133 stores the company/organization information notified from the consumer terminal 20 in the personal information 120. .
In this way, the personal information generation unit 133 generates the personal information 120 by sequentially storing the consumer's telephone number, four basic information, contract carrier information, and company/organization information.

The output control unit 134 executes processing for information coordination. Specifically, the output control unit 134 outputs the personal information to the corporate server with the consumer's consent. For example, the output control unit 134 notifies the consumer terminal 20 of a message (confirmation message) confirming whether or not the consumer terminal 20 agrees to perform information coordination, and performs information coordination in response to a reply from the consumer terminal 20. Execute the processing for

As explained above, the information management system 1 of the embodiment includes the company/organization server 50 (external server), the authentication server 40, the mobile carrier server 30, and the management server 10. The company/organization server 50 sends a confirmation request requesting the consumer's identity verification by notifying the consumer's telephone number. The authentication server 40 performs public personal authentication using a card 200 (a personal card that is a public certificate of a consumer). The mobile carrier server 30 performs carrier authentication. Carrier authentication is authentication using carrier contract information. The carrier contract information is information regarding a contract between a communication carrier that provides a communication service (a communication service using the telephone number of a consumer terminal) and a consumer who uses the communication service. The management server 10 includes an acquisition section 130, a public personal authentication control section 131, and a carrier authentication control section 132. The acquisition unit 130 acquires the procedure request notified from the consumer terminal 20. The public personal authentication control unit 131 executes processing for causing the authentication server 40 to perform public personal authentication in response to the confirmation request. The carrier authentication control unit 132 executes processing for causing the mobile carrier server 30 to perform carrier authentication. The principal information generation unit 133 generates principal information 120. The personal information 120 is information that links the consumer's four basic information obtained through public personal authentication, the consumer's carrier contract information obtained through carrier authentication, and the telephone number of the consumer terminal 20.

As a result, in the information management system 1 of the present embodiment, carrier authentication can be performed in addition to public personal authentication, and the four basic pieces of consumer information obtained by public personal authentication and the consumer information obtained by carrier authentication can be used. Personal information 120 can be generated by linking the carrier contract information and the telephone number of the consumer terminal 20. Therefore, it is possible to link the four basic information to a highly reliable telephone number in identity verification.

Further, in the information management system 1 of the embodiment, the confirmation request includes company/organization information (registration information). The company/organization information is information registered in a company corresponding to the company/organization server 50 regarding services used by consumers. The public personal authentication control unit 131 performs public personal authentication when the company/organization information included in the confirmation request matches the information notified from the consumer terminal 20 as the consumer's company/organization information. Execute the processing for As a result, in the information management system 1 of the embodiment, public personal authentication can be performed when the company/organization information input by the consumer matches the company/organization information included in the confirmation request. Therefore, it is possible to perform public personal authentication after matching the company/organization information that the consumer recognizes with the company/organization information registered in the company/organization server 50.

Furthermore, in the information management system 1 of the embodiment, the management server 10 further includes an output control unit 134. The output control unit 134 outputs the personal information 120 to the company/organization server 50 with the consumer's consent. As a result, in the information management system 1 of the embodiment, the personal information 120 can be output to the company/organization server 50, and it is possible to check whether the consumer's personal information is erroneously registered on the company/organization server 50. , you can check to see if it has been updated. Moreover, since the personal information 120 is output with the consumer's consent, personal information can be appropriately managed.

All or part of the information management system 1 and the management server 10 in the embodiments described above may be realized by a computer. In that case, a program for realizing this function may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read into a computer system and executed. Note that the "computer system" herein includes hardware such as an OS and peripheral devices. Furthermore, the term "computer-readable recording medium" refers to portable media such as flexible disks, magneto-optical disks, ROMs, and CD-ROMs, and storage devices such as hard disks built into computer systems. Furthermore, a "computer-readable recording medium" refers to a storage medium that dynamically stores a program for a short period of time, such as a communication line when transmitting a program via a network such as the Internet or a communication line such as a telephone line. It may also include a device that retains a program for a certain period of time, such as a volatile memory inside a computer system that is a server or client in that case. Further, the above-mentioned program may be one for realizing a part of the above-mentioned functions, or may be one that can realize the above-mentioned functions in combination with a program already recorded in the computer system. It may be realized using a programmable logic device such as an FPGA (Field Programmable Gate Array).

Although the embodiments of the present invention have been described above in detail with reference to the drawings, the specific configuration is not limited to these embodiments, and includes designs within the scope of the gist of the present invention.

DESCRIPTION OF SYMBOLS 1... Information management system, 10... Management server, 12... Storage unit, 120... Personal information, 13... Control unit, 130... Acquisition unit, 131... Public personal authentication control unit, 132... Carrier authentication control unit, 133... Principal Information generation unit, 134... Output control unit, 20... Consumer terminal, 200... Card, 201... Electronic certificate, 30... Mobile carrier server, 40... Authentication server, 50... Company/organization server (external server)

Claims (4)

an external server that sends a confirmation request that requests the consumer's identity verification and includes the consumer's phone number;
an authentication server that performs public personal authentication using a personal card that is a public certificate;
a mobile carrier server that performs carrier authentication using carrier contract information regarding a contract between a communication carrier that provides a communication service using a telephone number and a contract user who uses the communication service;
management server,
Equipped with
The management server is
a public personal authentication control unit that executes processing for performing the public personal authentication by the authentication server in response to the confirmation request;
a carrier authentication control unit that executes processing for performing the carrier authentication by the mobile carrier server;
A person who generates personal information by linking the consumer's four basic information obtained through the public personal authentication, the carrier contract information of the consumer obtained through the carrier authentication, and the consumer's telephone number. Information generation section,
has,
Information management system. The confirmation request includes registered information regarding services used by the consumer at a company corresponding to the external server,
The public personal authentication control unit is configured to perform a process when the registration information included in the confirmation request and notification registration information notified from a consumer terminal used by the consumer as the registration information of the consumer match. executing the process for performing the public personal authentication;
The information management system according to claim 1. The management server is
further comprising an output control unit that outputs the personal information to an external server with the consent of the consumer;
The information management system according to claim 1. An external server that sends a confirmation request that includes the consumer's phone number to confirm the consumer's identity, and an authentication server that performs public personal authentication using a personal card that is a public certificate. information comprising: a mobile carrier server that performs carrier authentication using carrier contract information regarding a contract between a communication carrier that provides communication services using telephone numbers and a contracted user who uses the communication services; and a management server. An information management method performed by a management system, comprising:
In the management server,
a public personal authentication control unit executes processing for performing the public personal authentication by the authentication server in response to the confirmation request;
a carrier authentication control unit executes processing for performing the carrier authentication by the mobile carrier server,
The personal information generation unit links the consumer's four basic information obtained through the public personal authentication, the carrier contract information of the consumer obtained through the carrier authentication, and the consumer's telephone number. Generate personal information,
Information management method.

Images