JP4633458B2 - ID management system on network - Google Patents

Description

  The present invention relates to an ID and password management system for a membership Internet site or the like.

  Conventionally, when an individual user logs in to a site requiring authentication (hereinafter simply referred to as “limited site”) such as a membership-based Internet site, an ID and a password set individually for each of these limited sites And had to use.

  For this reason, as the number of limited sites accessed by individual users increases, the number of IDs and passwords that must be self-managed increases accordingly. From the viewpoint of individual users, the management of these IDs and passwords is complicated. It was.

  Furthermore, as an individual user, in order to receive supply of ID and password for each limited site, it has been necessary to provide a lot of personal information such as name, age, sex, and occupation. This is due to the fact that the type and degree of personal information required for each limited site is different, but the personal information is different for each individual site. Every time I entered it, I had to worry about the confidentiality of the information on these limited sites.

  On the other hand, from the limited server management side, individual users must collect personal information individually for each limited site with concern that individual users may enter different personal information for each limited site. It was.

As a prior art regarding a one-time password using a physical storage medium, there is US Pat. No. 6,615,353 (Patent Document 1).
US Pat. No. 6,615,353

  The present invention has been made in view of such points, and from the viewpoint of an individual user, it is possible to receive provision of an ID and a password without inputting personal information each time for a plurality of limited sites, From a limited site management side, a technical problem is to realize an ID management system capable of obtaining personal information input uniformly for each limited site.

  In order to solve the above problems, the present invention employs the following means.

According to a first aspect of the present invention, a user terminal connectable to a network, access from the user terminal via the network, personal information input at the user terminal, and input of the personal information are triggered. ID management including a database that holds a set of individual IDs and individual passwords of a plurality of limited sites that are generated when the unified ID is generated and associated with the unified ID. When the server is connected to the user terminal and the ID management server via a network and receives the input of the unified ID and the unified password from the user terminal, the individual ID and the individual password corresponding to the unified ID are The individual ID and individual password returned from the ID management server inquiring to the ID management server An ID management system on a network consisting of a limited site server to allow access by the.

  Here, the network is a general-purpose network such as the Internet, and the user terminal means a personal computer, a PDA, a mobile phone terminal, a video game device or the like having a communication function connectable to the Internet.

  When the ID management server receives the input of personal information from the user terminal, the ID management server issues a unified ID and a unified password, and sets a plurality of limited site server authentication IDs and passwords associated with the unified ID. Is generated.

  At this time, it is desirable to generate individual IDs and individual passwords of a large number of limited site servers that are expected to be accessed in advance in accordance with the occupations and specialties (personal information) of individual users.

  When this claim 1 is applied to the medical field, for example, when the individual user is a patient or a medical person, if the patient is a patient, a number of limited sites that provide medical information about the disease he or she is suffering from It is sufficient to create an individual ID and an individual password simultaneously. On the other hand, if it is a medical staff, ID and password for authentication of the Internet site (limited site server) of many same-company pharmaceutical sales companies that provide information on medicines that may be used from the viewpoint of their expertise Should be created at the same time. The individual ID and the individual password created in this way are not notified to the individual user at this stage, and thus become a potential individual ID / individual password.

  When the individual user accesses the limited server that has not actually issued the individual ID / individual password using the user terminal, the limited server first prompts the user to input the uniform ID / unified password. As a result, the ID management server supplies the individual ID and individual password of the limited server. The individual ID / individual password becomes apparent at this stage, and the individual user can access the limited site server.

  Note that the unified ID and the unified password are not necessarily required, and only the unified ID may be used. Also, fingerprint information and vein authentication information may be held instead of the ID and password.

  According to a second aspect of the present invention, when there is a request for providing personal information corresponding to a unified ID permitted to be accessed by the limited site server, the ID management server accesses the database and sends an e-mail address from the personal information. The ID management system on the network according to claim 1, wherein an inquiry notification as to whether or not to permit provision of personal information to the limited site server is permitted is sent to the mail address.

  Since personal information is unified and managed by the ID management server, it is not necessary to re-enter personal information for each limited site server from the viewpoint of an individual user, and for each limited site server from the limited site server management side. It is possible to prevent personal information with contradictions from being input. Further, when the limited site server obtains personal information, the ID management server issues a notification requesting permission to the individual, so that personal information unintended by the individual user can be prevented from being leaked. In this case, since it is possible to answer whether or not to allow the inquiry, the degree of provision of personal information can be controlled according to the intention of the individual user.

According to a third aspect of the present invention, the ID management server sends the unified ID to the user terminal.
2. The ID management system on the network according to claim 1, wherein when generating an individual ID and an individual password in response to generation of a password, screen data in which at least the individual password is invisible is generated and transmitted. .

  Further, according to a fourth aspect of the present invention, in the ID management system on a network according to the third aspect, the individual password portion on the screen is a mask character in the invisible state of the individual password. .

  According to the third and fourth aspects of the present invention, in the screen for managing individual IDs and individual passwords collectively, the individual passwords are not in the “visible” state, but in the “invisible” state, specifically, ●●●● ● is displayed (see FIG. 15). In this case, by adding a password control system for determining password release / protection, individual passwords must be kept non-hidden so that only users who should originally possess a unified ID and unified password can understand it. Can do. In a system that makes this individual password visible or invisible, confidentiality can be further strengthened by adding a new control password or a technology with higher secrecy such as a biometric authentication system. In addition, even if the unified ID and the unified password are known to others, it is possible to ensure the confidentiality of the individual passwords for using a plurality of limited sites.

  According to a fifth aspect of the present invention, when the individual ID is transmitted from the management server to the limited site server, the management server stores at least a part of the personal information input at the user terminal in the individual ID. 2. The ID management system on the network according to claim 1, wherein the combined individual ID is transmitted.

  According to this claim, when accessing the limited site via the management server that manages the individual ID and the individual password, the user terminal is authenticated at the user terminal by automatic setting of a cookie or delivery by e-mail. For example, by clicking (specifying and inputting) the corresponding URL described in the e-mail, access to the limited site is promoted, and the member registration is performed again by displaying an authentication screen on the user terminal at the limited site. Various login methods can be adopted according to the processing procedure for each limited site, such as setting a cookie and storing personal information in a database. At that time, if it is linked to the database or cookie information associated with the individual ID and linked to various personal information, the user logs in to the blog (blog) or database provided by the limited site, and stores the stored contents according to the personal information. It becomes possible to collect only the contents that are necessary. By distributing the collected contents to user terminals for mail addresses or blogs on the database where the integrated ID and password are registered, information can be freely collected from the limited site at any time and It becomes possible to construct a distribution mail service and a blog system for collecting only carefully selected contents.

  According to claim 6 of the present invention, the ID management server transmits and displays a limited site server permitting provision of personal information to the user terminal to prompt confirmation input of the user terminal, and the individual ID of the limited site server and 2. The network according to claim 1, wherein when there is an instruction input giving priority to the individual password from the user terminal, the already generated unified ID and unified password are replaced with the individual ID and individual password of the limited site server. This is the above ID management system.

Here, before receiving the provision of personal information from the ID management server, when a large number of users have already registered in the limited site, one user has two types of individual IDs and individual passwords for the same limited site. There can be a situation where you will have. This increases the complexity for the user. Therefore, in claim 6, whether or not the limited site individual ID and the limited site individual password that have already been registered are used in the registration process of the ID management server (unification ID / unification password issuing process) in the limited site. In response to the user's selection, for example, priority is given to the individual ID and individual password on the limited site, and the individual ID and individual password generated on the ID management server are erased. The individual ID and individual password on the limited site are validated as the individual ID and individual password of the ID management system. As a result, a user who has already registered in the limited site can use the ID management system of the present invention without changing the individual ID and individual password already registered in the limited site.

  As described above, according to the present invention, ID management on the network can be performed in a unified manner. From the viewpoint of individual users, IDs and passwords can be obtained without inputting personal information each time for a plurality of limited sites. From the management side of the limited site, it is possible to obtain unified personal information for each limited site. Further, from the viewpoint of an individual user, it is possible to ensure non-concealment in collective management of individual passwords for each limited site. From an individual user's point of view, you can either register the information you want to secure anonymity, such as the name of your illness, specialty, name, title, annual income, email address, etc. There is room to choose whether to register. Even if you do not want to register on a limited site as much as possible, you can have only the information that matches the minimum personal information elements sent to your email address, or you can have Blog collect it. become.

Next, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a diagram showing an outline of an ID management system according to an embodiment of the present invention.
As shown in the figure, the system configuration of this embodiment includes a user terminal (UST), an ID management server (DAIS), and a limited site (here, LS-A to C).

  Briefly explaining the features of this system, as shown in the lower part of the figure, in the prior art, when a user accesses three limited sites (LS-A to C) using a user terminal (UST), An ID and a password (PW) were set for each limited site (LS-A to C), and this combination had to be managed by the user himself.

  On the other hand, as shown in the upper part of the figure, in this embodiment, three limited sites (LS-A to C) can be accessed via the ID management server (DAIS), and the user is 1 It is only necessary to manage one ID / PW, and the provision of personal information is also limited.

  That is, the ID management server (DAIS) manages the individual ID and the individual password of each limited site (LS-A to C). When the user agrees to provide personal information to the limited site (LS-A) through an input instruction via the user terminal (UST), the ID management server (DAIS) notifies the limited site (LS-A). The confirmation mail is notified to the user terminal (UST) via the ID management server (DAIS).

  In the figure, an ID management server (DAIS) is a normal general-purpose computer that can be connected to a network. The central processing unit is used as a memory, a storage device such as a hard disk device, a display device, etc. via a bus. It has an input device such as an output device and a keyboard.

In addition to an operating system (OS), various application programs are stored in the hard disk device, and an ID management function described below is also registered as a program. That is, the management of the unified ID and the unified password is realized by the central processing unit sequentially reading and executing the program stored in the hard disk device via the bus and the memory.

  A personal information database is constructed in the hard disk device. In this personal information database, as shown in FIG. 3, a unified password (DAIS PASSWORD) and personal information such as name, address, and specialty are associated and registered using a unified ID (DAIS ID) as a key. .

  Also, individual IDs (A company ID, B company ID) and individual passwords (PASSWORD A, PASSWORD B) for accessing the limited sites (LS-A to C) are registered under the unified ID. . The ID management server (DAIS) is characterized in that a pair of an individual ID and an individual password for such a limited site (LS-A to C) is potentially generated and stored in a personal information database.

  The user terminal (UST) is a general-purpose personal computer, PDA, mobile phone terminal, game machine, or the like that can be connected to the network. Like the ID management server (DAIS), the user terminal (UST) is centered on a central processing unit via a bus. A storage device such as a memory and a hard disk device, an output device such as a display device, and an input device such as a keyboard.

  In addition to an operating system (OS), various application programs are stored in the hard disk device. In particular, access to the network is possible, and by specifying addresses (URL: Uniform Resource Locator) of various servers, the source of the address is stored. A browser program or the like that downloads a file (a file described in a display description language such as an HTML file or an XML file) and displays the file on a display device is stored.

  When a user accesses an ID management server (DAIS) using a user terminal (UST), if the user is a user who does not have an ID, the ID management server (DAIS) connects to the user terminal (UST). On the other hand, an input screen for personal information such as name, address, and specialty is generated and transmitted. The user inputs personal information such as a name through the input screen on a user terminal (UST).

  The ID management server (DAIS) registers the personal information input in this way in the personal information database shown in FIG. At this time, a unified ID and a unified password are generated, and a set of individual IDs and individual passwords for access to the limited site (LS-A to C) is generated for the limited site (LS-A to C). Keep it. However, the individual ID and the individual password of the limited sites (LS-A to C) generated in this way are invisible, and are not displayed on the user terminal (UST) at this stage.

Even when the individual IDs and individual passwords of the limited sites (LS-A to C) are made apparent as will be described later, the individual password is displayed in the “visible” state on the display screen of the user terminal (UST). Instead of displaying the “invisible” state, specifically, as shown in FIG. In this case, by adding a password control system for determining password release / protection, individual passwords must be kept non-hidden so that only users who should originally possess a unified ID and unified password can understand it. Can do. In a system that makes this individual password visible or invisible, confidentiality can be further strengthened by adding a new control password or a technology with higher secrecy such as a biometric authentication system. In addition, even if the unified ID and the unified password are known to others, it becomes possible to ensure the confidentiality of the individual passwords for using a plurality of limited sites (LS-A to C).

  At the stage where the individual ID and individual password are not manifested, as shown in FIG. 4, the user operates the user terminal (UST) to use each of the limited sites (LS-A˜) using the unified ID and the unified password. C) is accessed.

  At this time, the limited site (LS-A) makes an inquiry to the ID management server (DAIS) for access using the unified ID and the unified password, and the individual ID of the limited site (LS-A). (A company ID) and an individual password (PASSWORD A) are returned to the user terminal (UST). At this stage, potential individual IDs and individual passwords generated by the ID management server (DAIS) become apparent.

  Here, in the limited sites (LS-A to C), the screen shown in FIG. 14 may be generated and transmitted and displayed on the user terminal (UST). In this case, to the user terminal (UST) that has been accessed with the unified ID / unified password, the fact that it does not match the individual ID / individual password of the limited server is displayed, the ID management server (DAIS) is accessed, and the ID The individual ID / individual password may be received from the management server (DAIS), and the individual ID / individual password may be stored in the cookie area of the browsing program of the user terminal (UST).

  In the user terminal (UST), the individual ID (company A ID) and the individual password (PASSWORD A) returned from the ID management server (DAIS) in this way are stored in the communication program installed in the user terminal (UST). It is stored in a temporary storage data area such as a cookie.

  Next, when the user terminal (UST) accesses the limited site (LS-A), the limited site (LS-A) using the individual ID (company A ID) and the individual password (PASSWORD A) stored in the cookie. A) is accessed and information is acquired.

FIG. 5 is a diagram showing an information providing method in an ID management server (DAIS) using a blog.
Blog is an abbreviation for “weblog”, which means “records that remain on the Web”, but it is a generic term for “Web pages that are continuously updated”.

  The ID management server (DAIS) receives the updated blog information from each limited site (LS-A to C), and generates a blog unique to the ID management server (DAIS) for each specific theme.

  In the blog of the ID management server (DAIS), the gargle data is additionally updated every time information related to the theme is updated in the limited server.

  In contrast, the user can obtain organized blog information related to a specific theme by accessing the ID management server (DAIS) from the user terminal (UST).

  On the other hand, the ID management server (DAIS) may be charged by providing a blog of the specific theme to the user terminal (UST). In this case, charging is performed by an EC server linked with an ID management server (DAIS).

  FIG. 6 shows an input screen for revealing the individual ID and the individual password by accessing the ID management server (DAIS) from the user terminal (UST).

  This input screen is generated by the ID management server (DAIS) and transmitted / displayed on the user terminal (UST). When the user inputs the unified ID and the unified password on this input screen, the ID management server (DAIS) searches the personal information database, generates the screen shown in FIG. 7, and transmits it to the user terminal (UST).

  On this screen, as shown in the figure, the names of companies operating limited sites are listed.

  FIG. 8 is a confirmation screen for providing personal information of the user generated by the ID management server (DAIS). This screen displays the source file from the ID management server (DAIS) by designating and inputting the URL described in the e-mail (see the middle section of FIG. 1) delivered from the ID management server (DAIS) to the user terminal (UST). Is displayed on the user terminal (UST) by the browsing program downloaded to the user terminal (UST).

  On this confirmation screen, the user can select a limited site that provides his / her personal information. Only limited sites that do not want to provide personal information are selected, but conversely, only limited sites that want to provide personal information may be selected and input. Then, by selecting and inputting the button area of “I agree” or “I do not agree” with an input assisting means such as a mouse, this is sent from the user terminal (UST) to the ID management server (DAIS) as information provision permission confirmation information. ).

FIG. 9 to FIG. 11 show the process for making the individual ID and the individual password manifest all at once by screen transition.
First, when a user wishes to register an individual ID and an individual password in a batch, the user accesses the ID management server (DAIS), designates a URL for “batch registration”, and stores the source file stored in the URL. Download display on the terminal (UST).

  Then, on the screen shown in FIG. 9, the unified ID (here, Medipress ID) and the unified password (here, Medipress PW) are displayed, and the limited site is accessed with this unified ID and unified password, or Select whether to access with individual ID and individual password for each limited site. At that time, in FIG. 9, a limited site to be registered can be selected.

  FIG. 10 is a screen in which the individual IDs and individual passwords of the limited sites desired by the user are revealed and displayed as a list. When the user selects and inputs the confirmation button on this screen with the auxiliary input means, it becomes possible to access each limited site using this individual ID and individual password (see FIG. 11).

  In addition, the registration operation to the limited site in FIGS. 9 to 11 described above provides provision of an individual ID / individual password that is formally different from the temporary registration when accessing the limited site as temporary registration. It may be reset directly for each limited site and registered.

  In addition, in the temporary registration to the limited site shown in FIG. 10 and FIG. 11, the limited site that the user has already registered is selected from these limited sites, and the ID management server Instead of the individual ID / individual password potentially generated by (DAIS), the individual ID and individual password of the limited site server already used may be registered in the personal information database of the ID management server (DAIS).

That is, when a large number of users are already registered in the limited site, a situation may occur where one user has two types of individual IDs and individual passwords for the same limited site. This increases the complexity for the user. Therefore, in the limited site, a selection screen (not shown) indicating whether or not to use the individual ID and individual password of the limited site that has already been registered is displayed and the user is prompted to make a selection. For example, priority is given to individual IDs and individual passwords on a limited site, and individual IDs and individual passwords generated on the ID management server (DAIS) are erased, and then limited as individual IDs and individual passwords of the ID management system. The individual ID and individual password on the site are activated. As a result, a user who has already registered in the limited site can use the ID management system of the present invention without changing the individual ID and individual password already registered in the limited site.

  If you allow the provision of personal information to a limited site, the personal information will be sent to each limited site. After that, the information on the limited site (for example, blog) written from each limited site to the email address included in the personal information Is distributed to the user terminal (UST) of the user.

  The individual ID / individual password set above may be added to the URL of the limited site as cookie information generated by the browsing program. As a result, as shown in FIG. 13, the user can access each limited site without inputting an individual ID or an individual password (see FIG. 12).

  In addition to the embodiment described above, the function of the ID management server (DAIS) may be provided in the user terminal (UST) (see FIG. 2).

  In this case, an ID management program and a personal information database are registered in the hard disk device of the user terminal (UST). As described with reference to FIG. 3, the personal information database uses a unified ID (DAIS ID) as a key. In addition, a unified password and personal information such as name, address, and specialty are registered in association with each other, and an individual ID and an individual password for accessing a limited site are also registered under this unified ID. It has become.

  The present invention can be widely used in the network business for providing medical information in the medical field and further performing general membership management.

FIG. 1 shows an outline of an ID management system according to an embodiment of the present invention. FIG. 2 shows an outline of an ID management system according to an embodiment of the present invention. The figure explaining the outline of the first registration in ID management system Explanatory drawing showing provision of individual ID and individual password when using limited server Illustration of ID management system using blog Figure showing the user terminal confirmation screen (1) Figure (2) showing the confirmation screen of the user terminal Figure showing the user terminal confirmation screen (3) The figure which shows the confirmation screen of the user terminal (4) The figure which shows the confirmation screen of the user terminal (5) Fig. 6 shows a confirmation screen of the user terminal (6) Fig. 7 shows a confirmation screen of the user terminal (7) The figure which shows the confirmation screen of the user terminal (8) Fig. 9 shows a confirmation screen of the user terminal (9) The figure which shows the example of a display of individual ID of a user terminal, and an individual password

Explanation of symbols

DAIS ID management server LS-A to C Limited site UST User terminal

Claims (6)

A user terminal connectable to the network;
Access from the user terminal is possible via the network, and the personal information input at the user terminal, the unified ID generated when the personal information is entered, the unified password, and the creation of the unified ID An ID management server having a database that holds a set of individual IDs and individual passwords of a plurality of limited sites that are generated when triggered and associated with the unified ID;
When connected to the user terminal and the ID management server via a network and accepting the input of the unified ID and the unified password from the user terminal, an individual ID and an individual password corresponding to the unified ID are assigned to the ID management server. And a limited site server that permits access by the individual ID and the individual password returned from the management server. When the ID management server has a personal information provision request corresponding to a unified ID that is permitted to be accessed by the limited site server,
Read the email address from the personal information by accessing the database,
The ID management system on the network according to claim 1, wherein an inquiry notification as to whether or not to permit provision of personal information to the limited site server is transmitted to the mail address.   The ID management server generates and transmits screen data in which at least the individual password is invisible when the individual ID and the individual password are generated when the unified ID is generated. The ID management system on a network according to claim 1, wherein   4. The ID management system on a network according to claim 3, wherein in the invisible state of the individual password, the individual password portion on the screen is a mask character.   When transmitting an individual ID from the management server to the limited site server, the management server transmits an individual ID obtained by combining the individual ID with at least part of personal information input at the user terminal. The ID management system on the network according to claim 1.   The ID management server sends and displays a limited site server permitting the provision of personal information to the user terminal to prompt confirmation input of the user terminal, and inputs an instruction to prioritize the individual ID and individual password of the limited site server. 2. The ID management system on a network according to claim 1, wherein if there is a user terminal, the already generated unified ID and unified password are replaced with the individual ID and individual password of the limited site server.

Images