JP4901521B2 - Electronic certification device and method. - Google Patents

Description

  The present invention relates to an electronic certification system and method for providing third party certification information related to a user to a partner connected to the user's terminal via a communication network.

In recent years, various electronic commerce transactions have been performed using a communication network such as the Internet. For example, various products can be purchased at shopping malls on the Internet, and financial transactions with banks and securities companies can be executed via the Internet. Various paid information is also available via the Internet.
In order to ensure the safety of such electronic commerce, it is necessary for the business operator to confirm that the other party (user) of the transaction is not different from the person who is grasped in advance. Conventionally, in this type of confirmation, in addition to telephone identity verification and residence confirmation, the business operator provides the user with an ID and password in advance, and when performing electronic commerce, these ID and password As disclosed in Japanese Patent Application Laid-Open Publication No. 2003-259542 and the method of requesting input, the IC reader storing the authentication information is read by the card reader connected to the terminal of the user, and the authentication information is transmitted to the business operator. The method to do was adopted.
JP 2002-123495 A

However, user authentication using an ID, password, and IC card can no longer ensure the safety of the transaction if the ID, password, or IC card is stolen.
On the other hand, if e-commerce is executed, the location where the user is accessing is accurately identified, and if the location matches the usage location known in advance, the user may be a legitimate user. Is expensive. Of course, it is unthinkable for someone to illegally use the user's terminal to execute electronic commerce, but the probability of such illegal activities entering the user's home is at least an ID, password, It seems that it is extremely low compared with the probability that an IC card is stolen.

  The present invention has been made in view of such circumstances, and an object of the present invention is to provide a third-party specific business operator to prove the access location of the user and contribute to ensuring the safety of electronic commerce and the like.

In order to achieve the above object, the present invention provides an electronic certification system for transmitting third-party certification information related to a user to a partner connected to the user's terminal via a communication network,
An operator management space within the user's premises where the user's terminal is installed and managed by a specific operator;
Installed in the operator management space, managed by a specific operator, recorded third-party certification information about the user generated by the specific operator, and with the same connection route as the user's terminal A third-party certification information transmission source connected to a communication network and transmitting third-party certification information in response to a request from a partner or a user;
It is characterized by including.

  The third-party certification information transmission source is installed in the operator management space managed by a specific operator on the site of the user. Therefore, it can be strictly managed by a specific company. This third party certification information transmission source is connected to the communication network through the same connection route as the user terminal, and transmits the third party certification information. This third party certification information is generated by a specific business operator. Therefore, the specific business operator can identify and prove the access location of the user based on the third-party certification information transmitted from the third-party certification information transmission source.

For example, a power company that is a specified company uses the space in the electricity meter box on the user's premises as a company management space, and installs a third party certification information source in this electricity meter box Then, by constructing a system for transmitting third-party certification information therefrom, it is possible to identify the user's access location based on the third-party certification information and prove it.
In addition, the specific company is not limited to the electric power company. For example, a gas company having a gas meter box on the user's premises and a water station having a water meter box on the user's premises are also specified business. It is possible to become a person.

  Here, the third party certification information source is preferably configured to transmit the third party certification information on condition that the access key set by the specific operator is received. By confirming that the person who requested third-party certification information using such an access key is a legitimate partner, the request for unauthorized third-party certification information is rejected and proper system operation is performed. Can be achieved.

When the user terminal is connected to a communication network via a LAN (Local Area Network) or a broadband router, the third party certification information source is connected to the LAN via a wireless LAN unit or a power line carrier unit. It is possible.
Thereby, it is possible to connect the third party certification information transmission source to the communication network with the same connection route as the user terminal with a simple configuration.

The electronic certification method of the present invention using the electronic certification system described above is
The other party accesses the third party certification information source at the request of the user and requests transmission of the third party certification information;
Transmitting the third party certification information from the third party certification information source to the destination in response to a request from the other party.

  Here, it is preferable that the third party certification information is encrypted by a specific business operator and recorded in the third party certification information transmission source. In that case, the other party sends the third-party certification information received from the third-party certification information source to the specified company, and the specified company decrypts the third-party certification information sent from the other party. In addition, the user information associated with the third party certification information may be transmitted to the other party at the request of the user.

  As described above, according to the present invention, it is possible for a specific business operator to prove the access location of the user based on the third-party certification information transmitted from the third-party certification information transmission source.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
In the present embodiment, an example is shown in which an electronic certification system of the present invention is constructed with an electric power company as a specific business operator. An electric power company has concluded an electric contract with a customer who supplies electric power, and customer information obtained at that time is stored in a computer system in the company. The customer information includes the customer's address and name, and is stored in a database with an electric contract number assigned to each contract customer.
In addition, a watt hour meter box is installed in the premises of customers who have signed an electrical contract, and the watt hour meter is disposed inside the box. As is well known, the watt-hour meter is a device for measuring the amount of power supplied to the customer, and the electricity bill is calculated based on a guideline indicated by the watt-hour meter. Therefore, the watt-hour meter and the watt-hour meter box that stores it are under the control of the power company, and the door of the box is sealed, and even if it is a customer, the seal is opened without permission, It is not allowed to open the instrument box.

In this embodiment, paying attention to such special circumstances, a third-party proof of the customer is obtained by using a power meter box located in the customer's premises and under the control of the power company (specific business operator). To build a system that is implemented by an electric power company. In other words, a predetermined number of electronic commerce users (hereinafter sometimes simply referred to as “users”) with respect to businesses (hereinafter referred to as “electronic commerce businesses”) that conduct various electronic commerce via a communication network such as the Internet This is an electronic certification system for an electric power company to provide third party certification information at the request of a user.
In the electronic certification system of this embodiment, the location where the user is accessing via the communication network, that is, the location of the user terminal is in the power company based on the electric contract concluded between the user and the power company. A power company as a third party proves that it is a registered address.

FIG. 1 is a block configuration diagram showing an example of a main configuration of an electronic certification system according to an embodiment of the present invention.
In recent years, a LAN (Local Area Network) has become widespread in ordinary homes, and a system configuration in which peripheral devices such as a terminal (user terminal) 11 such as a personal computer, a broadband router 12 and a printer are mutually connected through the LAN 10. It is becoming common. The broadband router is an interface device for connecting to a communication network such as the Internet. Devices including these user terminals 11 are provided in the user's home, and access to the electronic commerce business operator is performed from the user terminals via the communication network 100 such as the Internet.

  In addition, a watt hour meter box 20 that houses the watt hour meter 21 is installed in the user's premises as described above, and a third party certification information transmission source is provided in the box space (operator management space). 30 is provided. The third-party certification information transmission source 30 includes a storage unit 31, a wireless LAN module 32, and a communication interface 33, and these components are connected via a power supply unit 34 from a home service line (electric wire). Electric power is supplied and controlled by a central control unit (CPU) 35.

  The storage unit 31 stores predetermined third-party certification information. The third party certification information can be arbitrarily set by the power company as the specific business operator and input to the storage unit 31. In the present embodiment, as will be described later, “source information” and “related information” such as the expiration date and update date of the information are stored in the storage unit 31 as third-party certification information (FIG. 3). reference).

The input of the third party certification information to the storage unit 31 can be executed by a staff of an electric power company, which is a specific business operator, by using the dedicated portable information terminal 40 by going to the vicinity of the electricity meter box 20. Information communication with the portable information terminal 40 is performed via the communication interface 33. That is, the communication interface 33 receives the third party certification information transmitted from the portable information terminal 40 and inputs it to the storage unit 31.
Communication between the portable information terminal 40 and the communication interface 33 should be executed with a special communication protocol using encryption or the like in order to prevent unauthorized alteration of the third party certification information stored in the storage unit 31. Is preferred. It is also preferable that a communication password is set for access to the third party certification information transmission source 30 and the access is permitted only when the CPU 35 recognizes the match of the communication password. Furthermore, in this embodiment, the third party certification information is encrypted and stored in the storage unit 31.

  In this embodiment, the third-party certification information source 30 is connected to the LAN 10 built in the user's home via the wireless LAN modules 32 and 13. The wireless LAN module 13 connected to the LAN side built in the user's home is preferably connected to the LAN 10 by, for example, lending to the user from an electronic commerce company. On the other hand, the third party certification information source 30 has a built-in wireless LAN module 32 in advance.

From a communication network 100 such as the Internet, a small plug-in program that allows the user terminal 11 to access the third-party certification information source 30 is automatically downloaded from an electronic commerce company and started. As a result, the third party certification information source 30 can be accessed from the user terminal 11 via the LAN 10 and the wireless LAN modules 13 and 32.
Thus, the user terminal 11 and the third party certification information transmission source 30 exist in the same place by connecting the third party certification information transmission source 30 to the communication network 100 through the same connection route as the user terminal 11. It is guaranteed.
The e-commerce business operator receives the third-party certification information from the third-party certification information transmission source 30 provided in the user's premises, thereby determining the location (that is, the access location) of the user terminal 11. It can be specified by third party certification information.

FIG. 2 is a diagram conceptually showing a business model of an electronic certification service using the electronic certification system according to the present embodiment.
An electric power company (specific business operator) that provides an electronic certification service and an electronic commerce business operator that uses the service have a service use contract in advance (A1). As a precondition, in order to prevent the abuse of the service, it is preferable that the electric power company conducts a strict examination regarding the electronic commerce business operator to which the electronic certification service is provided.

  A person (user) who wants to use a service or the like provided by an electronic commerce business operator via the communication network 100 is connected to a communication network from a terminal (user terminal) 11 installed at home as shown in FIG. The user accesses the homepage of the electronic commerce company through 100 and makes a use application (A2).

  When there is an application for use, the e-commerce business operator concludes a use contract with the user (A3). In order to ensure the strict handling of personal information, it is preferable to include a clause or a written consent that the user agrees to use the electronic certification service provided by the electric power company. The electric power company generates an access key to the third party certification information source 30 in the user's premises and issues it to the electronic commerce business operator on condition that the consent is obtained from the user (A4). (A5, A6). Of course, if the user's consent cannot be obtained, the electronic certification service should not be provided from the viewpoint of personal information protection.

Using the received access key, the electronic commerce business operator accesses the third party certification information source 30 located in the user's premises via the communication network 100 to the user terminal 11 (A7), and the third party The certification information is received (A8). By receiving this third party certification information, it becomes possible to specify the access location of the user.
The third party certification information sent from the third party certification information transmission source 30 to the electronic commerce company may be read by somebody on the communication network 100 such as the Internet. Therefore, it is preferable that the content is limited and limited from the viewpoint of protecting personal information of the user. Therefore, if necessary, the electric power company can provide additional information about the user in more detail to the electronic commerce company from the in-house computer system (A9). For this information provision, it is preferable to use a communication method that ensures high security such as encryption communication.

FIG. 3 is a flowchart showing an electronic certification method using the electronic certification system according to the present embodiment.
First, the user provides the “password” provided by the e-commerce company when applying for use, “consent confirmation data regarding the use of the electronic certification service (hereinafter referred to as consent confirmation data)”, and “electric contract number” Transmission is performed from the terminal (user terminal 11) at home to the electronic commerce company via the communication network 100 (S1).
The electronic commerce business operator adds the “business operator No” given by the electric power company to the “consent confirmation data” and the “electric contract number” received from the user and transmits them to the electric power company (S2). In addition, the electric power company manages the electronic commerce business operator, which provides the electronic certification service, with the “business enterprise number”.

  The electric power company that has received the “Business No.”, “Consent Confirmation Data”, and “Electric Contract Number” is an electronic commerce business operator that has been properly contracted by checking the “Business No.”, and Confirm the validity of the “consent confirmation data” and “electric contract number” from the user, and access the third party certification information source 30 installed at the customer's residence from the “electric contract number” A key is generated and returned to the electronic commerce business operator (S3, S4).

  The electronic commerce business operator accesses the third-party certification information source 30 via the communication network 100 to the user terminal 11 using the received access key (S5). The third party certification information transmission source 30 confirms the authenticity of the received access key, and when it is determined as a legitimate access key, transmits the stored third party certification information (S6). In the present embodiment, the “source number” assigned to each third party certification information source 30 and the “related information” such as “expiration date” and “update date” are used as third party certification information. It is stored in the storage unit 31 (see FIG. 1). This third party certification information is encrypted and stored in the storage unit 31, and is updated regularly and irregularly. In addition, the electric power company manages the third party certification information transmission source 30 in association with the “transmission source number” stored in the third party certification information transmission source 30 using an in-house computer system.

  In general, the “electric contract number” is information that only a person who has made an electric contract knows, and this information is transmitted by the user (S1), and the power company makes third party certification information based on the “electric contract number”. The access key is generated by specifying the transmission source 30 (S3). Therefore, the e-commerce business operator receives the third-party certification information from the third-party certification information source 30 so that the user's access location (that is, the installation location of the user terminal 11) is based on the electric contract. It can be estimated that the customer address is registered in the customer database of the power company (S7).

In this embodiment, the third-party certification information is encrypted in order to prevent leakage of personal information. Therefore, the electronic commerce business operator cannot confirm the personal information about the user only by receiving the third party certification information. Therefore, when an electronic commerce business operator wishes to obtain additional information about the user, the “third-party certification information” received from the third-party certification information source 30 is attached with “business number”. Send to the company (S8).
The electric power company checks the “operator number” to confirm that it is a legitimately contracted electronic commerce business operator, decrypts the “third party certification information”, confirms the “source number”, and The customer information in which the third party certification information transmission source 30 corresponding to the transmission source number is installed in the home is searched from the database, and is provided to the electronic commerce company as arbitrary additional information (S9).

As the additional information, various information stored in the customer database of the electric power company such as the customer's address, name, and telephone number can be provided. It is also possible to provide user credit information based on the payment status of electricity charges. However, as a matter of course, provision of additional information should be limited to a range obtained by the user's consent.
By obtaining at least information on the user's address and name, the electronic commerce business operator can collate it with the address and name at the time of application for use and use it for the safety of the transaction. Since the third party certification information source 30 is connected to the communication network 100 through the same connection route as the user terminal 11 as described above, the third party certification information transmission source 30 is used for the address provided by the power company based on the third party certification information. It is guaranteed that the user terminal 11 exists.

In addition, this invention is not limited to embodiment mentioned above.
For example, if the next generation Internet protocol “IPv6” becomes widespread in the near future, a global IP address is assigned to each device connected to the home LAN. It is also possible to access the person certification information transmission source 30.

Further, even with the current Internet protocol, for example, if functions such as “forwarding” and “DMZ (DeMilitarized Zone) of the broadband router 12 are used, the broadband router 12, the LAN 10, and the wireless network are communicated from the communication network 100 such as the Internet. It is also possible to access the third party certification information source 30 via the LAN modules 13 and 32.
Thereby, the third party certification information transmission source 30 is connected to the communication network 100 through the same connection route as the user terminal 11 (that is, through the same broadband router 12). Thus, the user terminal 11 and the third party certification information transmission source 30 exist in the same place by connecting the third party certification information transmission source 30 to the communication network 100 through the same connection route as the user terminal 11. Guaranteed to do.
When viewed from the communication network 100 via the same broadband router 12, the user terminal 11 and the third party certification information source 30 appear to have the same IP address (global IP address). Therefore, the electronic commerce business operator can easily confirm whether the user terminal 11 is accessing through the same connection route as the third party certification information source 30 by confirming this IP address.
However, the location (that is, the access location) of the user terminal 11 cannot be specified only by the IP address. Therefore, the electronic commerce business operator accesses the third party certification information transmission source 30 provided in the site of the user and receives the third party certification information from the third party certification information transmission source 30. The access location by the user terminal 11 can be confirmed with the third party certification information.

In the previous embodiment shown in FIG. 1, the LAN 10 to which the user terminal 11 is connected and the third party certification information source 30 are connected via the wireless LAN modules 13 and 32. Instead of 32, a power line communication (PLC) unit that is expected to be spread to general households in the near future can be used. For example, as shown in FIG. 4, if the PLC modem 15 is connected to the LAN 10 to which the user terminal 11 is connected and the PLC modem 36 is built in the third party certification information source 30 in advance, Thus, the third party certification information source 30 can be connected to the LAN 10. Even with such a configuration, the third party certification information source 30 can be connected to the communication network 100 through the same connection route as the user terminal 11.
Also in this case, it is preferable that the PLC modem 15 connected to the LAN side built in the user's house is connected to the LAN 10 by, for example, lending to the user from an electronic commerce company.

  Further, as a method of inputting the third party certification information to the storage unit 31 of the third party certification information transmission source 30, in addition to using the dedicated portable information terminal 40, the third party certification information is inputted by remote operation. It is also possible to configure. For example, as shown in FIG. 4, a dedicated network 200 using an optical fiber is constructed from a power company sales office 201 to a utility pole 202 installed in the vicinity of the user, and the utility pole 202 is installed in the user's premises. By connecting to the installed third party certification information transmission source 30 by power line conveyance using the PLC modem 203, the third party certification information transmission source 30 can be remotely operated from the sales office 201 of the power company, and the storage unit It becomes possible to write third-party certification information to 31.

Furthermore, by making the communication interface 33 and the portable information terminal 40 compatible with a general public telephone line such as a cellular phone or PHS, the third-party certification information can be written to the recording unit 31 by remote operation from the portable information terminal 40. Is possible.
However, for security reasons, it is preferable that only the storage unit 31 of the third party certification information source 30 can be accessed from the sales office 201 of the electric power company and the portable information terminal 40.

  Furthermore, IDs that do not need to be updated are given to the third party certification information transmission source, and the relationship between these IDs and the third party certification information transmission source is managed on the specific business operator (for example, power company) side, By identifying the ID transmitted from the third party certification information source with the management data of the specific provider side, the location of the third party certification information source (that is, the access location of the user terminal) is specified. It can also be configured. The “source number” described above can also be managed as this kind of ID that does not require updating.

  On the other hand, user information (user address, name, etc.) required by the recipient of the electronic certification service (for example, an electronic commerce company) is stored in a third party certification information source, and these The information may be directly transmitted from a third party certification information source. In this case, it goes without saying that user information leakage prevention measures should also be constructed.

It is a block block diagram which shows the principal part structural example of the electronic certification | authentication system which concerns on embodiment of this invention. It is a figure which shows notionally the business model of the electronic certification service using the electronic certification system which concerns on this embodiment. It is a flowchart which shows the electronic certification method using the electronic certification system which concerns on this embodiment. It is a block block diagram which shows the other principal part structural example of the electronic certification system which concerns on this invention.

Explanation of symbols

10: LAN, 11: user terminal, 12: broadband router, 13: wireless LAM module, 15: PLC modem, 20: electricity meter box, 21: electricity meter,
30: Third party certification information source 31: Storage unit 32: Wireless LAN module 33: Communication interface 34: Power supply unit 35: Central control unit (CPU) 36: PLC modem 40: Mobile information Terminal,
100: communication network, 200: dedicated network, 201: sales office, 202: utility pole, 203: PLC modem

Claims (6)

An electronic certification device that transmits third-party certification information about a user to a partner connected to the user's terminal via a communication network,
It is managed by a specific company, records third-party certification information about the user generated by the specific company, and has a third-party certification information source,
The third-party certification information source is located in the user's premises where the user's terminal is installed, is installed in an operator management space managed by the specific operator, and the user's terminal An electronic certification device that is connected to the communication network through the same connection route as a terminal and transmits the third party certification information in response to a request from the other party or the user . 2. The electronic certification apparatus according to claim 1, wherein the specific company is an electric power company, and the company management space is a space in an electricity meter box. The electronic device according to claim 1 or 2, wherein the third-party certification information transmission source is configured to transmit the third-party certification information on condition that the access key set by the specific business operator is received. Proof device . The electronic certification device according to any one of claims 1 to 3, wherein the user terminal is connected to a communication network via a LAN or a broadband router.
The electronic certification apparatus, wherein the third party certification information source is connected to a LAN connected to the user terminal via a wireless LAN unit. The electronic certification device according to any one of claims 1 to 3, wherein the user terminal is connected to a communication network via a LAN or a broadband router.
The electronic certification apparatus, wherein the third party certification information source is connected to a LAN to which the user terminal is connected via a power line carrier unit. An electronic certification method for transmitting third-party certification information about a user to a counterpart connected to the user's terminal via a communication network using the electronic certification device according to claim 1,
The counterparty accesses the third party certification information source under the request of the user and requests transmission of third party certification information;
Transmitting the third party certification information from the third party certification information source to the destination in response to a request from the other party.

Images