JP2024042678A - Management server and information management method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To link four pieces of basic information to highly certain phone numbers in identification confirmation.

SOLUTION: A management server includes: an acquisition unit that acquires a procedural request from an inhabitant terminal that sends the procedural request that requests a procedure involving identity confirmation and includes a phone number; a public personal authentication control unit that executes a process for performing public personal authentication by an authentication server that performs the public personal authentication in response to the procedural request; a carrier authentication control unit that executes a process for performing carrier authentication by a mobile carrier server that performs the carrier authentication using carrier contract information; an identity information generation unit that generates identity information linking four pieces of basic information on the inhabitant obtained by the public personal authentication, the carrier contract information on the inhabitant obtained by the carrier authentication, and the phone number of the inhabitant; and an output control unit that outputs the identity information to an external server with the consent of the inhabitant.

SELECTED DRAWING: Figure 1

COPYRIGHT: (C)2024,JPO&INPIT

Description

The present invention relates to a management server and an information management method.

There is a technology that uses public personal identification (JPKI) as a means of online identity verification (for example, Patent Document 1). As My Number cards become more popular, it is expected that identity verification using JPKI will become more widespread.

JP2019-113911A

However, the information that can be obtained with JPKI is limited to four basic information (address, name, date of birth, and gender). When businesses, organizations, etc. try to use JPKI as a point of contact with consumers, the information they can use from the information obtained from JPKI is ``address'' and ``name.'' Since delivery using an address takes time and effort, it is better to have an easier and faster means of contact. It is conceivable to obtain contact information other than address by inputting a telephone number, e-mail address, etc. at the time of identity verification, but there are concerns about incorrect input, and there are problems with reliability.

The present invention was made in view of the above circumstances, and its purpose is to provide a management server and an information management method that can link the four basic pieces of information with a highly reliable telephone number in identity verification. There is a particular thing.

In order to solve the above-mentioned problems, one aspect of the present invention is to obtain a procedure request that requests a procedure involving identity verification from a consumer terminal that sends a procedure request that includes a telephone number. and a public personal authentication control unit that executes the process for performing public personal authentication by the authentication server that performs public personal authentication using a personal card that is a public certificate in response to the procedure request. and processing for performing carrier authentication by a mobile carrier server that performs carrier authentication using carrier contract information regarding a contract between a communication carrier that provides communication services using telephone numbers and a contracted user who uses said communication services. a carrier authentication control unit that executes the above, the four basic information of the consumer obtained by the public personal authentication, the carrier contract information of the consumer obtained by the carrier authentication, and the telephone number of the consumer terminal. The management server includes a principal information generation section that generates linked principal information, and an output control section that outputs the principal information to an external server with the consumer's consent.

Further, in the above-mentioned management server, the present invention provides that, in response to the procedure request, the personal information generation unit sends registered information to the consumer regarding services used by the consumer at a company or organization corresponding to the external server. The personal information is obtained from the terminal and includes the acquired registration information, and the output control unit outputs the personal information including the registration information to the external server.

In addition, in order to solve the above-mentioned problems, one aspect of the present invention provides that the acquisition unit transmits a procedure request that requests a procedure involving identity verification from a consumer terminal that transmits a procedure request that includes a telephone number. After obtaining the procedure request, the public personal authentication control unit executes the process for performing the public personal authentication using the authentication server that performs the public personal authentication using the personal card, which is a public certificate, according to the procedure request. The carrier authentication control unit performs carrier authentication using carrier contract information regarding a contract between a carrier that provides a communication service using a telephone number and a contracted user who uses the communication service. The server executes the process for performing the carrier authentication, and the personal information generation unit generates the consumer's four basic information obtained by the public personal authentication and the carrier contract information of the consumer obtained by the carrier authentication. This is an information management method in which personal information is generated by linking the personal information and the telephone number of the consumer terminal, and an output control unit outputs the personal information to an external server with the consent of the consumer.

According to the present invention, it is possible to link the four basic pieces of information with a highly reliable telephone number in identity verification. Furthermore, it becomes possible to link the four basic information, a highly reliable telephone number, and information regarding a user associated with a company or organization, such as information indicating a bank account number.

FIG. 1 is a block diagram showing an example of an information management system 1 according to an embodiment. It is a sequence diagram showing the flow of processing performed by the information management system 1 according to the embodiment. It is a sequence diagram showing the flow of processing performed by the information management system 1 according to the embodiment. It is a sequence diagram showing the flow of processing performed by the information management system 1 according to the embodiment. FIG. 2 is a block diagram showing an example of a management server 10 according to the embodiment. It is a diagram showing an example of personal information 120 according to the embodiment.

Hereinafter, one embodiment of the present invention will be described with reference to the drawings.

FIG. 1 is a block diagram showing an example of an information management system 1 according to an embodiment. The information management system 1 includes a management server 10, a consumer terminal 20, a mobile carrier server 30, an authentication server 40, and a company/organization server 50. A group of devices constituting the information management system 1 (management server 10, consumer terminal 20, mobile carrier server 30, authentication server 40, and company/organization server 50) are communicably connected via a communication network NW. .

The management server 10 is an information processing device that mediates procedures requested by consumers, for example, procedures for companies or organizations corresponding to the company/organization server 50. As the management server 10, for example, a computer such as a server device or a personal computer (PC) can be applied. The management server 10 performs control to execute procedures requested by the consumer terminal 20.

The consumer terminal 20 is an information processing device used by a user (a consumer). As the consumer terminal 20, for example, a smartphone, a mobile phone, a computer such as a PC can be applied.

The consumer terminal 20 has a display unit such as a liquid crystal display that displays information, and an operation unit such as a touch panel that accepts operations by the consumer. The consumer terminal 20 requests the management server 10 to carry out a procedure with the company or organization corresponding to the company/organization server 50.

The consumer makes a contract with the communication carrier of the mobile carrier server 30 for the consumer terminal 20 to use a communication service using the consumer terminal 20 . The consumer terminal 20 is capable of communicating using a communication service provided by a communication carrier with which it has a contract. A telephone number is assigned to the consumer terminal 20, and it has a function to perform communication using this telephone number as a destination.

The card 200 is an IC (Integrated Circuit) card in which an electronic certificate 201 is stored. The card 200 is a card (personal card) that is a public certificate, and is, for example, a My Number card (personal number card). In this case, the card 200 stores an electronic certificate for signature and an electronic certificate for consumer certification as an electronic certificate 201 .

The mobile carrier server 30 is a server device managed by a communication carrier. The communication carrier is, for example, an MNO (Mobile Network Operator) that provides communication services using telephone numbers to consumer terminals 20 using communication lines that it owns or operates. . The mobile carrier server 30 communicates with the management server 10 and the consumer terminal 20 via the communication network NW.

The mobile carrier server 30 stores in a storage unit carrier contract information relating to a contract with a consumer who has concluded a contract to use the consumer terminal 20. The carrier contract information includes, for example, the consumer's telephone number, name, address, date of birth, age, etc. The carrier contract information may also include the contract period for which the telecommunications carrier and the contracted user (consumer) have a contract. The carrier contract information may also be customer information about the consumer that is registered for a service such as a messaging service used by the consumer.

The authentication server 40 is, for example, a server device that provides a public personal authentication service operated by J-LIS (Local Government Information System Institute). The authentication server 40 communicates with the management server 10 via the communication network NW.
Furthermore, in this embodiment, the authentication server 40 also serves as a signature verifier (platform operator). The signature verifier here can receive revocation information and the like of the electronic certificate 201 issued by the public personal authentication service. The signature verifier can obtain the four basic information.

The company/organization server 50 is a server device managed by a company or organization. Examples of companies or organizations include banks, insurance companies, and local governments. The company/organization server 50 communicates with the management server 10 via the communication network NW.

Here, the flow of processing performed by the management server 10 will be explained using FIGS. 2 to 4. 2 to 4 are sequence diagrams showing the flow of processing performed by the information management system 1 according to the embodiment.

In FIGS. 2 to 4, in the information management system 1, the communication between the management server 10 and the consumer terminal 20, for example, in the processing corresponding to steps S15, S19, S23, etc. described later, is performed using a message service. An example of a case in which this is done will be explained. The message service here is a communication service provided by a mobile carrier (mobile phone operator) corresponding to the mobile carrier server 30. With message services, messages such as text and images are exchanged using mobile phone numbers. The message service is, for example, RCS (Rich Communication Services).

However, the exchange between the management server 10 and the consumer terminal 20 is not limited to the message service. For the exchange of information between the management server 10 and the consumer terminal 20, notification means other than message services, such as e-mail, SNS (Social Networking Service), REST API, and so-called web service exchange, are applied. It's okay.
Although descriptions are omitted in steps S15, S19, and S23 in FIG. 2, when communication using a message service is performed, messages are sent from the management server 10 to the consumer terminal 20 via the mobile carrier server 30. Be notified. That is, as shown in steps S12 and S13, a distribution request is made from the management server 10 to the mobile carrier server 30 requesting that the message be distributed, and the message is notified to the consumer terminal 20 in response to the distribution request. be done.

As shown in FIG. 2, first, the consumer terminal 20 transmits a procedure request to the management server 10 (step S10). A procedure request is a notice of a request to start a procedure. The procedure here is a procedure for the company or organization corresponding to the company/organization server 50, and is, for example, a procedure for changing an address.

In step S10, consumer terminal 20 transmits a procedure request including at least a telephone number to management server 10. For example, when a procedure request is notified using a message service, the consumer terminal 20 notifies the management server 10 of the telephone number of the consumer terminal 20 as the notification source of the message service.
Alternatively, when a procedure request is notified using e-mail or SNS, the consumer terminal 20 sends a procedure request with the telephone number indicated in the body of the e-mail or SNS to the management server 10. A procedure request including the telephone number of the consumer terminal 20 is made to the management server 10.
In this case, the management server 10 performs processing to confirm the telephone number notified from the consumer terminal 20. For example, the management server 10 notifies the telephone number notified from the consumer terminal 20 of a number confirmation message using SMS (Social Networking Service) or the like. A number confirmation message is a message that notifies information for confirming a phone number (hereinafter referred to as a confirmation code), for example, ``This phone number was notified in a procedure request.The confirmation code is ``*** ＊” is displayed.
Furthermore, the management server 10 sends a notification (confirmation notification) to the consumer terminal 20 to confirm whether the number confirmation message has been received. For example, the management server 10 sends a message to the e-mail or SNS destination that received the notification of the procedure request from the consumer terminal 20 with the following message: ``Please enter the confirmation code.The confirmation code is sent via SMS to the phone number 090-*** A confirmation notification is sent by sending an input form for entering a confirmation code along with a message such as ``A notification will be sent to ``＊－＊＊＊＊''.
Consumer terminal 20 receives the number confirmation message. Furthermore, the consumer terminal 20 receives the confirmation notification. When the user inputs the confirmation code received in the number confirmation message into the input form of the confirmation notice and performs a reply operation, the consumer terminal 20 responds to the confirmation notice.
The management server 10 receives a response to the confirmation notification from the consumer terminal 20, and if the confirmation code shown in the received response matches the confirmation code notified in the number confirmation message, the management server 10 performs the processing shown in step S11 and thereafter. Execute. On the other hand, if the confirmation codes do not match, the management server 10 issues a notification indicating that the telephone number notified from the consumer terminal 20 in step S10 may be incorrect, for example. When receiving a procedure request including a new telephone number from the consumer terminal 20, the management server 10 performs the process shown in step S10.

When the management server 10 receives a procedure request, it stores the telephone number of the resident terminal 20 included in the procedure request in the personal information 120 (see Figure 5) as the telephone number of the resident.

Furthermore, upon receiving the procedure request, the management server 10 generates an individual URL (Uniform Resource Locator) (step S11). The individual URL is a URL used to perform a procedure corresponding to a procedure request, and is a unique URL linked to the procedure request. For example, the individual URL is information indicating a specific page for performing a procedure. For example, a site specified by an individual URL is a page to which access is restricted. For example, the individual URL is a so-called one-time URL that can be accessed only once, for a limited time, or for a limited number of times.

The management server 10 transmits a message distribution request requesting distribution of a response message to the mobile carrier server 30 (step S12). The response message here is a response to the procedure request, and is a message that notifies the consumer terminal 20 of the individual URL created in step S11.

When the mobile carrier server 30 receives the message distribution request, it transmits a response message to the consumer terminal 20 (step S13). Consumer terminal 20 receives the response message indicating the individual URL.

On the other hand, when the individual URL indicated in the response message is clicked by the user, the consumer terminal 20 accesses the page corresponding to the individual URL, and according to the guidance of the accessed page, necessary information and companies/organizations. The information is input and the input necessary information and company/organization information are transmitted to the management server 10 (step S14).

Necessary information is information necessary for the procedure, and is, for example, information indicating the consumer's address, name, telephone number, and date of birth. Note that information corresponding to the 4 basic information (address, name, date of birth, gender) needs to be requested in step S14, since it is possible to obtain the 4 basic information in step S18, which will be described later. It may be excluded from the information. In addition, company/organization information is information for consumers to use services provided by companies or organizations corresponding to the company/organization server 50. For example, if the procedure destination is a bank, company/organization information is account information indicating an account number, etc. If the destination of the procedure is a securities company, etc., the company/organization information is securities information indicating a securities account, securities number, etc.

For example, the management server 10 displays an input screen for inputting necessary information and company/organization information on a page corresponding to the individual URL. The consumer terminal 20 inputs necessary information and company/organization information according to the content displayed on the input screen. As a result, the management server 10 acquires necessary information and company/organization information.

The management server 10 stores the company/organization information received from the consumer terminal 20 in the consumer's personal information 120. As a result, company/organization information is linked to the consumer's phone number.

Furthermore, the management server 10 uses the message service to transmit a guidance message for guiding public personal authentication to the consumer terminal 20 (step S15). The guidance message includes a guidance message instructing the user to perform public personal authentication to confirm the person's identity in order to complete the procedure, as well as an operation button with a message such as ``Perform public personal authentication.''

When a consumer touches an operation button labeled "Perform public personal authentication," etc., processing for public personal authentication is executed. Specifically, as a process for performing public personal authentication, PIN input, card touch operation, etc. are executed (step S16).

PIN input is the input of a PIN (Personal Identification Number) required for official personal authentication. A card touch operation is the operation of bringing the My Number card (card 200) for official personal authentication close to the card touch screen.

For example, when a consumer touches an operation button, an input screen for inputting a PIN is displayed along with a message such as "Please enter your My Number card PIN." The consumer visually checks the input screen and inputs a PIN according to the message displayed on the input screen. When the consumer terminal 20 stores the PIN input by the consumer, it displays a touch screen showing a frame representing the shape of a card along with a message such as "Please touch your My Number card."
The consumer performs a touch operation by bringing the card 200 close to the touch screen. When the touch operation is performed, communication between the consumer terminal 20 and the card 200 is established.
When communication between the consumer terminal 20 and the card 200 is established, the consumer terminal 20 notifies the card 200 of the PIN and requests the card 200 to notify the consumer terminal 20 of the electronic certificate 201. If the PIN notified from the consumer terminal 20 matches a preset PIN, the consumer terminal 20 performs a predetermined process with the card 200, thereby outputting predetermined information including the electronic certificate 201 and signature data to the management server 10.

The management server 10 requests the authentication server 40 to determine whether the resident's electronic certificate 201 is valid (validity check) using the specified information notified from the resident's terminal 20 (step S17).

In response to a request from the management server 10, the authentication server 40 transmits the results of the validity check and the four basic pieces of information about the resident (address, name, date of birth, and gender) to the management server 10 (step S18).

The management server 10 receives the results of the validity check and the consumer's four basic information from the authentication server 40, and if the electronic certificate 201 is valid as a result of the validity check, the management server 10 transmits the received information to the consumer's information. It is stored in the personal information 120. As a result, company/organization information and four basic information are linked to the consumer's telephone number.

Further, as shown in FIG. 3, the management server 10 confirms whether the consumer agrees to perform carrier authentication (step S19). Carrier authentication is an authentication method that performs identity verification using carrier contract information regarding a contract between a communication carrier that provides communication services using telephone numbers and a contracted user who uses communication services.

For example, upon acquiring the four basic information from the authentication server 40, the management server 10 uses a message service to send a confirmation message to the consumer terminal 20 to obtain consent for carrier authentication. The confirmation message includes an instruction to perform carrier authentication in order to strictly verify the user's identity, as well as an operation button with a message such as "I agree to perform carrier authentication."

If the consumer agrees to carry out carrier authentication, an authentication request is made. In the authentication request, the consumer terminal 20 transmits authentication information for carrier authentication, such as a password, to the mobile carrier server 30. The management server 10 transmits the consumer's date of birth, address, name, etc., and makes an authentication request to the mobile carrier server 30 to perform carrier authentication of the consumer (step S20). When the mobile carrier server 30 receives the date of birth etc. from the management server 10, it determines whether or not the received date of birth etc. of the consumer matches the carrier contract information registered in advance (step S21). The determination result is transmitted to the management server 10 (step S22).

It is assumed that the consumer's verification information is stored in the management server 10 in advance. For example, when a consumer uses a service that performs procedures via the management server 10, the consumer registers the consumer's personal information, such as address, name, date of birth, etc., in the management server 10. The management server 10 causes the registered consumer's personal information to be stored in the management server 10 as the consumer's verification information.

When the management server 10 receives the match determination result from the authentication server 40, if the match determination is OK, the management server 10 stores the consumer's verification information (contract carrier information) in the consumer's personal information 120. As a result, company/organization information, four basic information, and contracted carrier information are linked to the consumer's telephone number.

Note that in step S21, a case where the mobile carrier server 30 performs the match determination is illustrated, but the management server 10 may also perform the match determination. In this case, in step S22, the consumer's contracted carrier information (for example, address, name, date of birth, etc.) is transmitted from the mobile carrier server 30 to the management server 10. The management server 10 performs a match determination by comparing the consumer's contract carrier information received from the mobile carrier server 30 with the consumer's verification information stored in advance in the management server 10.

Further, the determination rule for the match determination in step S21 may be arbitrarily set. For example, as a determination rule, if the address, name, and date of birth all match completely, the match is determined to be OK, and if any of the addresses, names, and dates of birth do not match, the match is determined to be NG. Alternatively, a determination rule may be set in which the match is determined to be OK if at least one of address, name, and date of birth matches.

Further, as shown in FIG. 4, the management server 10 confirms whether the consumer agrees to the information collaboration (step S23). Information cooperation here means transmitting information for performing procedures, such as necessary information and personal information 120, to the company or organization corresponding to the company/organization server 50.

For example, the management server 10 uses a message service to send a confirmation message to the resident terminal 20 to obtain consent to the information sharing. The confirmation message includes a statement asking whether it is OK to send information for carrying out the procedure to the company or organization corresponding to the company/organization server 50, as well as an operation button that says, for example, "Agree to information sharing."

If the consumer agrees to the information collaboration, the consumer terminal 20 transmits the consent to the management server 10 (step S24). For example, when a consumer touches an operation button, a notification indicating consent to information collaboration is sent from the consumer terminal 20 to the management server 10.

When the management server 10 receives the notification to the effect that the information cooperation is agreed, the management server 10 performs the information cooperation by transmitting information for performing the procedure to the company/organization server 50 (step S25).

When the company/organization server 50 receives the information for carrying out the procedure from the management server 10, it confirms the contents (step S26). For example, the company/organization server 50 checks whether the procedure can be performed based on the information for performing the procedure notified from the management server 10. The company/organization server 50 transmits the confirmation result of the contents to the management server 10 (step S27).

Upon receiving the confirmation result from the company/organization server 50, the management server 10 generates a confirmation result message including the confirmation result, and sends a message distribution request to the mobile carrier server 30 requesting that the confirmation result message be distributed. Transmit (step S28). When the mobile carrier server 30 receives the message distribution request, it transmits a confirmation result message to the consumer terminal 20 (step S29).

FIG. 5 is a block diagram showing an example of the management server 10 according to the embodiment. The management server 10 includes, for example, a communication section 11, a storage section 12, and a control section 13. The communication unit 11 communicates with a consumer terminal 20, a mobile carrier server 30, an authentication server 40, and a company/organization server 50.

The storage unit 12 is a storage medium such as an HDD (Hard Disk Drive), a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), a RAM (Random Access read/write Memory), a ROM (Read Only Memory), or any of these. configured by any combination of storage media. The storage unit 12 stores programs for executing various processes of the management server 10 and temporary data used when performing various processes.

The storage unit 12 stores, for example, personal information 120. The personal information 120 is the consumer's personal information obtained through identification, etc. performed for procedures.

FIG. 6 is a diagram showing an example of personal information 120 according to the embodiment. The personal information 120 stores, for example, information corresponding to items such as public personal authentication, message application, carrier authentication, and companies/organizations.

The four basic pieces of information obtained by performing the public personal authentication of a resident are stored in the public personal authentication, namely, the resident's address, name, date of birth, and gender. These are stored when the four basic pieces of information are notified from the authentication server 40 to the management server 10 in step S18.
The mobile phone number field stores the telephone number of the resident obtained by using the message service. This is stored when the procedure request is notified from the resident terminal 20 to the management server 10 in step S10.
In the carrier authentication, the contract carrier information of the consumer obtained by performing the carrier authentication is stored. This is stored when the mobile carrier server 30 notifies the management server 10 of the result of the match determination in step S22. Note that in the carrier authentication, only the result of the comparison with the official personal authentication, for example, information indicating a match or a mismatch, may be stored.
The company/organization information notified by the consumer is stored in the company/organization. This is stored when the company/organization information is notified from the consumer terminal 20 to the management server 10 in step S14.

In this way, in the personal information 120, the consumer's telephone number, company/organization information, four basic information, and contract carrier information are linked. Basic 4 information is information obtained through public personal authentication. Further, contract carrier information is information obtained by performing carrier authentication. Further, the contracted carrier information is information that is generated in association with a telephone number when a consumer contracts for a communication service. Therefore, it is possible to accurately determine whether or not the person performing the procedure matches the mobile phone subscriber using the respective authentication results of public personal authentication and carrier authentication. By collaborating the personal information 120 with a company or organization, it becomes possible to notify the company or organization of correct personal information and telephone number.

Returning to FIG. 5, the control unit 13 is realized by having a CPU (Central Processing Unit) that the management server 10 has as hardware execute a program. The control unit 13 comprehensively controls the management server 10. The control unit 13 includes, for example, an acquisition unit 130, a public personal authentication control unit 131, a carrier authentication control unit 132, a personal information generation unit 133, and an output control unit 134.

The acquisition unit 130 acquires various information. For example, the acquisition unit 130 acquires a procedure request notified from the consumer terminal 20 in step S10. When acquiring a procedure request, the acquisition unit 130 outputs the acquired procedure request to the public personal authentication control unit 131.

The public personal authentication control unit 131 executes processing for causing the authentication server 40 to perform public personal authentication. For example, the public personal authentication control unit 131 sends the response message to the consumer terminal 20 by requesting the mobile carrier server 30 to transmit a message (response message) for performing public authentication in step S12. In response to the reply from the consumer terminal 20, a process for performing public personal authentication is performed.

Carrier authentication control unit 132 executes processing for causing mobile carrier server 30 to perform carrier authentication. For example, in step S19, the carrier authentication control unit 132 notifies the consumer terminal 20 of a message (confirmation message) confirming whether or not the carrier authentication is to be performed, and responds to the reply from the consumer terminal 20. Processing to perform carrier authentication is performed.

The principal information generation unit 133 generates principal information 120. For example, when the consumer terminal 20 notifies the management server 10 of a procedure request in step S10, the principal information generation unit 133 stores the consumer's telephone number included in the procedure request in the principal information 120.
Further, when the management server 10 is notified of the basic 4 information from the authentication server 40 in step S18, the personal information generation unit 133 stores the basic 4 information in the personal information 120.
Furthermore, when the mobile carrier server 30 notifies the management server 10 of the match determination result in step S22, the personal information generation unit 133 converts the consumer's contract carrier information used for carrier authentication into the personal information 120. Make me remember.
Further, when the company/organization information is notified from the consumer terminal 20 to the management server 10 in step S14, the personal information generation unit 133 stores the company/organization information notified from the consumer terminal 20 in the personal information 120. .
In this way, the personal information generation unit 133 generates the personal information 120 by sequentially storing the consumer's telephone number, four basic information, contract carrier information, and company/organization information.

The output control unit 134 executes processing for information sharing. Specifically, the output control unit 134 outputs personal information to the company server with the consent of the resident. For example, in step S23, the output control unit 134 notifies the resident terminal 20 of a message (confirmation message) for confirming whether or not to agree to information sharing, and executes processing for information sharing in response to a reply from the resident terminal 20.

As explained above, the information management system 1 of the embodiment includes the consumer terminal 20, the authentication server 40, the mobile carrier server 30, and the management server 10. Consumer terminal 20 transmits a procedure request. A procedure request is a notice requesting a procedure that involves verifying the identity of the consumer. The authentication server 40 performs public personal authentication using a card 200 (a personal card that is a public certificate of a consumer). The mobile carrier server 30 performs carrier authentication. Carrier authentication is authentication using carrier contract information. The carrier contract information is information regarding a contract between a communication carrier that provides a communication service (a communication service using the telephone number of a consumer terminal) and a consumer who uses the communication service. The management server 10 includes an acquisition section 130, a public personal authentication control section 131, a carrier authentication control section 132, and an output control section 134. The acquisition unit 130 acquires the procedure request notified from the consumer terminal 20. The public personal authentication control unit 131 executes processing for causing the authentication server 40 to perform public personal authentication in response to the procedure request. The carrier authentication control unit 132 executes processing for causing the mobile carrier server 30 to perform carrier authentication. The principal information generation unit 133 generates principal information 120. The personal information 120 is information that links the consumer's four basic information obtained through public personal authentication, the consumer's carrier contract information obtained through carrier authentication, and the telephone number of the consumer terminal 20. The output control unit 134 outputs the personal information to the company/organization server 50 (external server) with the consumer's consent.

As a result, in the information management system 1 of the present embodiment, carrier authentication can be performed in addition to public personal authentication, and the four basic pieces of consumer information obtained by public personal authentication and the consumer information obtained by carrier authentication can be used. Personal information 120 can be generated by linking the carrier contract information and the telephone number of the consumer terminal 20. Therefore, it is possible to link the four basic information to a highly reliable telephone number in identity verification.

Further, in the information management system 1 of the embodiment, the principal information generation unit 133 generates principal information 120 including company/organization information (registration information). Company/organization information is information registered regarding services used by consumers in companies or organizations corresponding to the company/organization server 50 (external server) in response to procedural requests. The personal information generation unit 133 generates personal information 120 by acquiring company/organization information from the consumer terminal 20 and storing the acquired company/organization information in the personal information 120. The output control unit 134 outputs the personal information 120 including company/organization information (registration information) to the company/organization server 50 . As a result, in the information management system 1 of the embodiment, the company/organization server 50 can perform procedures based on company/organization information, and the procedures can be easily performed.

All or part of the information management system 1 and the management server 10 in the embodiments described above may be realized by a computer. In that case, a program for realizing this function may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read into a computer system and executed. Note that the "computer system" herein includes hardware such as an OS and peripheral devices. Furthermore, the term "computer-readable recording medium" refers to portable media such as flexible disks, magneto-optical disks, ROMs, and CD-ROMs, and storage devices such as hard disks built into computer systems. Furthermore, a "computer-readable recording medium" refers to a storage medium that dynamically stores a program for a short period of time, such as a communication line when transmitting a program via a network such as the Internet or a communication line such as a telephone line. It may also include a device that retains a program for a certain period of time, such as a volatile memory inside a computer system that is a server or client in that case. Further, the above-mentioned program may be one for realizing a part of the above-mentioned functions, or may be one that can realize the above-mentioned functions in combination with a program already recorded in the computer system. It may be realized using a programmable logic device such as an FPGA (Field Programmable Gate Array).

Although the embodiments of the present invention have been described above in detail with reference to the drawings, the specific configuration is not limited to these embodiments, and includes designs within the scope of the gist of the present invention.

DESCRIPTION OF SYMBOLS 1... Information management system, 10... Management server, 12... Storage unit, 120... Personal information, 13... Control unit, 130... Acquisition unit, 131... Public personal authentication control unit, 132... Carrier authentication control unit, 133... Principal Information generation unit, 134... Output control unit, 20... Consumer terminal, 200... Card, 201... Electronic certificate, 30... Mobile carrier server, 40... Authentication server, 50... Company/organization server (external server)

Claims (3)

an acquisition unit that acquires a procedure request that requests a procedure involving identity verification from a consumer terminal that sends a procedure request that includes a telephone number;
a public personal authentication control unit that executes, in response to the procedure request, processing for performing public personal authentication by an authentication server that performs public personal authentication using a personal card that is a public certificate;
Execute processing for carrier authentication by a mobile carrier server that performs carrier authentication using carrier contract information regarding a contract between a communication carrier that provides a communication service using a telephone number and a contracted user who uses the communication service. a carrier authentication control unit,
A person who generates personal information by linking the consumer's four basic information obtained through the public personal authentication, the carrier contract information of the consumer obtained through the carrier authentication, and the telephone number of the consumer terminal. Information generation section,
an output control unit that outputs the personal information to an external server with the consumer's consent;
has,
Management server. In response to the procedure request, the personal information generation unit obtains, from the consumer terminal, registered information regarding a service used by the consumer at a company or organization corresponding to the external server, and includes the acquired registered information. generating the personal information;
The output control unit outputs the personal information including the registration information to the external server.
The management server according to claim 1. The acquisition unit acquires a procedure request from a resident terminal that transmits a procedure request that requires identity verification, the procedure request including a telephone number;
a public personal authentication control unit executes a process for performing public personal authentication by an authentication server that performs public personal authentication using a personal card that is a public certificate, in response to the procedure request;
a carrier authentication control unit that executes a process for performing carrier authentication by a mobile carrier server that performs carrier authentication using carrier contract information related to a contract between a communication carrier that provides a communication service using a telephone number and a contracted user who uses the communication service;
an identity information generation unit generates identity information linking the four basic pieces of information of the consumer obtained by the public personal authentication, the carrier contract information of the consumer obtained by the carrier authentication, and a telephone number of the consumer terminal;
an output control unit outputs the personal information to an external server with the consent of the individual.

Images