JP4971583B2 - Personal information processing system and method - Google Patents

Description

  The present invention relates to a personal information processing technique for preventing leakage of personal information such as an address and a name.

  In mail order sales using the Internet, telephone, etc., it is necessary for the user to notify the address, name, etc., or register in advance in order to confirm the identity of the orderer and ship the product. If personal information related to such transactions is disclosed, privacy may be infringed. In particular, in the case of the Internet in which personal information is exchanged as electronic information, processing such as data mining is easy, and personal information may be used in a manner not intended by the person, which may cause a serious infringement of privacy. Furthermore, when such personal information or information obtained by processing such personal information is not under sufficient management, the personal information leaks out and cannot be recovered.

  From such a viewpoint, a merchandise transaction system has been proposed in which a purchaser identifier and personal information are stored in association with each other on a reliable third party server, and only the purchaser identifier is disclosed to a sales site (sales server) ( Patent Document 1). In this conventional proposal, a third-party server is located at a delivery company site, for example, and the seller sends a product with a slip describing the purchaser identifier of the purchaser to the delivery company. The address, name, etc. are taken out from the address and printed as a destination for delivery work. According to such a method, it is possible to prevent the personal information of the user from being disclosed to the sales site or leaked from the sales site.

By the way, in such a technique, when the user enters an incorrect purchaser identifier due to an input error or misunderstanding, the wrong purchaser identifier may be missing, but it exists Has a problem that the product is delivered to a destination corresponding to the wrong purchaser identifier.
JP 2003-256681 A

  The present invention has been made in view of the above circumstances, and an object thereof is to provide a personal information processing technique capable of coping with a case where a user identifier is entered incorrectly.

  According to this invention, in order to achieve the above-mentioned object, the configuration as described in the claims is adopted. Here, prior to describing the invention in detail, supplementary explanations of the claims will be given.

  That is, a personal information management system according to one aspect of the present invention is an order information reception system that is provided at a seller site and receives order information including a user identifier of a user from a user terminal via a network in order to achieve the above-described object. Means; storage means provided in a third party site for storing the user's personal information in association with the user identifier of the user; obtaining a part of the personal information from the storage means and transferring it to the user terminal Personal information transfer means for verification; confirmation notification acceptance means for accepting a confirmation notice input from the user terminal for a part of the personal information provided at the seller site and transferred to the user terminal; Personal information corresponding to the user identification information included in the order information received by the order information receiving means is acquired from the storage means. And an addressed to name output means for outputting the addressed name for transmission.

  The third party site (third party entity) means an entity different from the seller or the user.

  In this configuration, basically, an order can be placed using a user identifier that does not disclose personal information, and a part of the personal information is presented to the user as information for verification so that the user can confirm it. In this range, it can be ensured that there is no error in the user identifier.

  The personal information transfer means for verification may be provided at the seller site or may be provided at a third party site. When provided at a third party site, personal information for verification may be directly transferred to the user terminal. The address output means is provided at a third party site (for example, a delivery company site). In some cases, the person in charge of the delivery company may hold in the mobile environment and output the shelf at the destination such as the collection destination.

  In order to achieve the above object, a personal information management system according to another aspect of the present invention is an order information reception provided on a dealer site and receiving order information including a user identifier of a user from a user terminal via a network. Means for storing personal information of the user in association with the user identifier of the user; one of the personal information stored in the storage means provided in the seller site; A collation personal information receiving means for collating personal information for collation for determining the validity of the input user identifier from the user terminal via the network; and collating with the collation personal information , A part of the personal information read from the storage means and the personal information for verification received by the personal information receiving means for verification. A collation means for collating the personal information corresponding to the user identification information included in the order information received by the order information receiving means from the storage means and outputting a destination address for delivery Means.

  In this configuration, basically, it is possible to place an order using a user identifier that does not disclose personal information, and the user discloses a part of the personal information as matching information according to the user identifier. Thus, it is possible to ensure that there is no error in the user identifier within the range by performing verification using a part of the personal information on the seller site or third party site.

  The verification means may be placed on one or both of the seller sites.

  Personal information refers to information belonging to individuals widely, such as name, address, age, date of birth, family, password, email address, hint information, handle name, and the like.

  The personal information for verification may include address information within a range necessary for calculating a delivery fee.

  The personal information for verification may be varied based on designation information for the user to specify the range of the personal information for verification.

  The present invention can be realized not only as an apparatus or a system but also as a method. Of course, a part of the invention can be configured as software. Of course, software products used to cause a computer to execute such software are also included in the technical scope of the present invention.

  These and other aspects of the invention are set forth in the appended claims and will be described in detail below with reference to examples.

  According to the present invention, privacy can be protected using a user identifier, and erroneous input of the user identifier can be avoided.

  Examples of the present invention will be described below.

  FIG. 1 shows an overall embodiment of a personal information processing system in which the present invention is applied to merchandise delivery. In this figure, a dealer site 10, a personal information management center 20, a delivery company site 30, a user home 40a, etc. Are connected by a communication network such as the Internet 50. A client terminal 40 used by the user is provided in the user home 40a. Although the dealer site 10, the personal information management center 20, and the delivery company site 30 are shown to be centrally installed, they may be distributed in a plurality of locations. In addition, the client terminal 40 may be a mobile terminal, and in this case, the user home 40a is used as one of the goods receiving places. Although there are usually a plurality of client terminals 40, only one is shown in the figure for convenience. There are usually a plurality of distributors and distributors, and a distributor site 10 and a distributor site 30 are provided, respectively, but only one is shown in the figure for convenience.

  The dealer site 10 is provided with, for example, a web server 11, an application server 12, a router 13, etc., and these are connected to a communication network (for example, LAN) 14. The web server 11 provides various interfaces for sales orders to the user (client terminal 40), and the application server 12 executes various services for sales orders. In this example, in particular, order information reception processing, A personal information transfer process for verification, a confirmation notification acceptance process, and the like are performed. In the figure, these processes are indicated by functional blocks as an order information receiving unit 12a, a collation personal information transfer unit 12b, and a confirmation notification receiving unit 12c. Details of these processes will be described later.

Personal information management center 20 is for storing managing personal information, it is a reliable entity. The delivery company site 30 may also serve as the personal information management center 20. The personal information management center 20 is provided with a web server 21, an application server 22, a database management system 23, a router 24, and the like, and these are connected to a communication network (for example, LAN) 25. The web server 21 is used for data communication with the seller site 10 and the delivery company site 30, and performs data communication using, for example, the POST method. Of course, other communication facilities may be used. The database management system 23 manages the personal information database 23a and the like, and the personal information database 23a is a unique identifier made up of a user code (user identifier. Symbol string such as numerals and alphabets) as shown in FIG. ) And an optional symbol string such as name, address, telephone number, e-mail address, date of birth, handle name, password, and hint information. Of course, the personal information is not limited to this, but includes information belonging to a wide range of individuals, and various information can be employed depending on the application. The application server 22 outputs collation personal information and address information. Further, based on the designation of the collation information level, various disclosure output ranges of collation personal information can be set with reference to the collation information level table 22c (see FIG. 3). The output of the personal information for verification and the output of the address information are indicated by functional blocks as a personal information output unit 22a for verification and an address information output unit 22b. Details of these processes will be described later.

The delivery company site 30 is a product purchased by the user using the sales site 10 (in the case of a business that manages content under the commission of the sales company, the content may be delivered as a product via a communication network or the like. In this case, the content may be recorded on a recording medium, delivered, or transmitted by communication means (in the case of transmission by communication means, the destination or address is a URL or mail address) to the user. This is the site of the delivery company. The delivery company site 30 is provided with a print management server 31, an address printer 32, a client terminal 33, a router 34, etc., and these are connected to a communication network 35. The client terminal 33 requests name printing to the print management server 31. The address printer 32 prints a predetermined address under the management of the print management server 31. The address print request may be processed for each individual destination or may be processed in batches. In this example, the client terminal 33 and the address printer 32 are shown to be arranged at one place together with the print management server 31. For example, the delivery staff possesses the client terminal 33 and the address printer 32 and collects the goods. Name printing may be performed first.

  The user uses the web browser 41 of the client terminal 40 of the home 40a to place an order for a product with respect to the seller site 10, for example. As described above, a mobile terminal may be used, or dedicated software may be used instead of the web browser 41.

  Next, details of this embodiment will be described with reference to an operation example.

  FIG. 4 shows an operation example of this embodiment. In FIG. 4, the basic process flow is as follows. The user (client terminal 40) places an order for a product with respect to the seller (the seller site 10). The seller requests delivery to the delivery company (delivery company site 30), and as a result, the product is delivered to the user. However, the user basically does not disclose detailed personal information such as name and address to the seller, but instead discloses a user code. In addition, in order to prevent erroneous input of the user code, personal information for verification corresponding to the input user code is presented to the user so that the user code can be confirmed.

  Details of the processing of FIG. 4 are as follows.

[Step X01]: The web server 11 of the seller site 10 transmits an order web page to the client terminal 40 of the user in response to a request from the user. Various web pages can be used for ordering. Usually consists of multiple web pages. In a simplified manner, as shown in FIG. 5, an order information (net order content) input field 110a, a user code input field 110b, and a collation information level input field 110c are included. In the order information input field 110a, the product to be ordered, the number, etc. are input. In the user code input field 110b, a unique user code registered in advance in the personal information management center 20 is input. For example, a collation information level as shown in FIG. 3 is entered in the collation information level input field 110c. Instead of the collation information level, specific personal information attributes such as “name” and “administrative division name” may be designated. Since the corresponding information is delivered from the personal information management center 20 to the merchant site 10 based on the designated collation information level and used to generate a collation web page, the personal information is disclosed to the merchant within this range. Is done. The user can specify the disclosure bell according to his / her preference. However, if the disclosure information is reduced, it becomes difficult to confirm the validity of the user code by itself, and it is difficult to prevent erroneous input of the user code.

[Step X02]: The user browses the order web page of FIG. 5 using the web browser 41 of the client terminal 40 and inputs order information including the user code and the collation information level.

[Step X03]: Order information including the user code and the verification information level is transmitted from the client terminal 40 to the web server 11 of the seller site 10.

[Steps X04, X05]: The web server 11 of the seller site 10 receives the order information including the user code and the verification information level, and the order information receiving unit 12a of the application server 12 receives the order information and stores the order information. The user code and the collation information level are extracted and the web server 21 of the personal information management center 20 is requested to transfer the collation information.

[Steps X06, X07]: Based on the verification information transfer request received by the web server 21 of the personal information management center 20, the verification personal information output unit 22a of the application server 22 of the personal information management center 20 stores the verification information level table 22c. Referring to the personal information corresponding to the user code, the personal information in the range of the collation information level is taken out and transferred to the seller site 10 as collation information.

[Steps X08, X09]: For example, the collation personal information transfer unit 12b of the seller site 10 generates a collation web page based on the collation information and transmits it to the user client terminal 40 via the web server 12. The collation web page is, for example, as shown in FIG. 6, and a confirmation is requested by showing a part of personal information. The example of FIG. 6 corresponds to level 2.

[Steps X10 and X11]: When the user confirms the collation information and operates the “OK” button, for example, a confirmation notification is made and sent to the web server 11 of the seller site 10 .

[Step X12]: When the confirmation notification receiving unit 12c of the application server 12 of the seller site 10 receives the confirmation notification via the web server 11, order processing is performed. The order processing itself is normal, and detailed description is omitted.

[Step X13]: When the order processing is completed, the seller requests the delivery company to collect the goods, and the delivery company collects the goods. A user code is affixed to the collected goods by a predetermined method.

[Steps X14 and X15]: The person in charge of the delivery company who has collected the cargo uses the client terminal 33 to request the print management server 31 for a print request for the transport slip. As described above, the print request may be made after returning to the delivery company site 30 or at a destination such as a collection destination. At this time, a user code is input as destination information. The print management server 31 sends a name information output request to the personal information management center 20 with the user code as an argument.

[Steps X16, X17, X18]: The address information output unit 22b of the application server 22 of the personal information management center 20 receives the name information output request via the web server 21, and sets the address information corresponding to the user code to the individual. The information is acquired from the information database 23a and returned to the print management server 31 of the delivery company site 30. The print management server 31 prints the name addressed to the delivery slip using, for example, the address printer 32 of the delivery company site 30. When the client terminal 33 sends a print request to the print management server 31, if the address printer 32 is designated, name printing can be performed using the predetermined address printer 32 at the destination.

[Step X19]: Delivery is performed by attaching a delivery slip printed with the address and the like to the product.

  According to this embodiment, it is possible to confirm whether or not the user code is wrong by using a part of the personal information, and it is possible to reliably request delivery of the product. In addition, it is possible to harmonize privacy protection and prevention of erroneous input of user code by adjusting the disclosure level of personal information. When the delivery fee is borne by the user, the seller site 10 requests disclosure of a part of the address information within the range necessary for determining the delivery fee, and this is disclosed after confirmation by the user. Good.

  The present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the spirit of the invention. For example, in the above example, a part of the personal information is presented to the user according to the user code. However, the user inputs a part of the personal information as part of the order information, and the personal information is based on this information. The verification may be performed at the information management center 20 or the dealer site 10.

  FIG. 7 shows an example of such a modification. FIG. 8 shows the operation of the example of FIG. In the example of FIG. 7, the application server 12 of the seller site 10 is provided with a collation personal information receiving unit 12d and a collation unit 12e as functional blocks. In this example, a collation information input field 110d (see FIG. 9) is provided on the order web page. Using this collation information input field 110d, the user inputs a part of personal information permitted by the user and transmits it as a part of order information (X03). At the merchant site 10, the order information is received by the order information receiving unit 12 a and the collation information is received by the collation personal information receiving unit 12 d, and the user information is sent to the personal information management center 20 as attribute information (name, address, etc.) of the collation information. Send (X05). The personal information management center 20 reads the corresponding personal collation information from the personal information database 23a and returns it to the seller site 10 (X07). The collation unit 12e of the application server 12 of the seller site 10 collates the collation information input by the user with the collation information returned from the personal information management center 20. It transmits to the terminal 40 (X28, X29). After that, the user performs confirmation input and the order is confirmed.

  In the example of FIG. 7, the user can input personal information according to his / her preference and avoid erroneous input of the user code. The personal information management center 20 may be provided with a collation unit, and collation information input by the user may be sent to the personal information management center 20 for collation. In addition, you may make it designate an essential input in a collation information input column. In this way, necessary information under various requests such as calculation of transportation charges can be acquired without fail.

  Further, the present invention can be applied not only to mail order using the Internet but also to mail order using a telephone. In this case, CTI (Computer Telephony Integration) technology can be adopted.

  In addition, the present invention can be widely applied to a case where an actual thing such as a product or content such as data is acquired without revealing the identity. For example, information such as an inquiry is obtained with a user code without revealing the identity of the information source (inquiry destination), and the obtained information is transferred to a corresponding e-mail address, URL, etc. by a third party site. You can also.

It is a figure explaining the structure of the Example of this invention. It is a figure explaining the example of the personal information memorize | stored linked | related with the user code in the personal information database of the said Example. It is a figure explaining the example of the collation information level of the above-mentioned Example. It is a figure explaining the operation example of the said Example. It is a figure explaining the example of the web page for order information transmission of the above-mentioned Example. It is a figure explaining the example of the web page for checking collation information etc. of the above-mentioned example. It is a figure explaining the modification of the above-mentioned Example. It is a figure explaining the operation example of the above-mentioned modification. It is a figure explaining the example of the web page for order information transmission of the above-mentioned modification.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Seller site 11 Web server 12 Application server 12a Order information reception part 12b Verification personal information transfer part 12c Confirmation notification reception part 12d Verification personal information reception part 12e Verification part 13 Router 14 Communication network 20 Personal information management center 21 Web server 22 application server 22a personal information output unit 22b for collation name information output unit 22c collation information level table 23 database management system 23a personal information database 24 router 25 communication network 30 delivery company site 31 print management server 32 address printer 33 client terminal 34 Router 35 Communication network 40 Client terminal 40a Home 41 Web browser 50 Internet 110a Order information input field 110b User code input field 11 c collation information level input field 110d verification information input field

Claims (4)

Order information receiving means provided on the seller site and receiving order information including the user identifier of the user from the user terminal via the network;
A storage means provided in a third party site for storing personal information of the user in association with the user identifier of the user;
Based on the user identifier included in the order information received by the order information receiving means provided at the seller site, the address is a part of the personal information stored in the storage means in association with the user identifier Personal information for collation that acquires at least one of personal information for collation that is at least one of a part of a name, a part of a name, a postal code, a pre-registered collation symbol string, and hint information from the storage means and transfers it to the user terminal Transfer means;
A confirmation notification accepting means for accepting a confirmation notification input from the user terminal for a part of the personal information provided in the seller site and transferred to the user terminal;
Personal information corresponding to the user identifier included in the order information received by the order information receiving means provided at the delivery company site is acquired from the storage means, and the confirmation notification is received by the confirmation notification receiving means. A personal information processing system comprising: address output means for outputting a delivery address on the condition. The matching personal information, personal information processing system as recited in claim 1, including a range address information necessary to calculate the shipping rates. Personal information processing system according to claim 1 or 2 which variable is based on the designation information for designating the user range of the matching personal information. Receiving order information including the user identifier of the user from the user terminal via the network by the order information receiving means provided on the dealer site;
Storing the personal information of the user in association with the user identifier of the user by storage means provided in a third party site;
The personal information stored in the storage means in association with the user identifier based on the user identifier included in the order information received by the order information receiving means by the collation personal information transfer means provided in the seller site Part of information, part of address, part of name, postal code, pre-registered collation symbol string, personal information for collation that is at least one of hint information is acquired from the storage means and the user Transferring to the terminal;
Receiving a confirmation notification input from the user terminal with respect to a part of the personal information transferred to the user terminal by a confirmation notification receiving means provided on the seller site;
Personal information corresponding to the user identifier included in the order information received by the order information receiving means is acquired from the storage means by the address output means provided in the delivery company site, and the confirmation notification receiving means And a step of outputting a delivery address on condition that the confirmation notification is received.

Images