JP6342035B1 - Recovery device, recovery method, and recovery program - Google Patents

Abstract

A recovery device, a recovery method, and a recovery program that perform account recovery that is convenient for a user are provided. A recovery apparatus includes a first acquisition unit, a second acquisition unit, a verification unit, and an execution unit. A 1st acquisition part acquires the 1st information which is the information regarding the user's action history in the 1st service. The second acquisition unit acquires second information that is information other than the first information and is information related to the user's behavior history. A verification part verifies a user's identity based on collation with the 1st information and the 2nd information. When the verification unit verifies the identity of the user, the execution unit executes recovery of the account that the user has in the first service. [Selection] Figure 1

Description

  The present invention relates to a recovery device, a recovery method, and a recovery program.

  Generally, when using a service via a network, a user creates his / her own account for each service. In addition, for example, when a user purchases a new terminal or forgets authentication information such as a password, the user performs settings for recovering the account in preparation for a situation where the account cannot be used for some reason. . For example, a user registers in advance with a service a pair of questions and answers (generally referred to as “secret questions” or the like) that only the user can know. When the user needs recovery, the user answers the question to prove that the user is the account owner. As a result, account recovery is performed by the service side.

  As a technology related to the verification of the user's identity (identification authentication), such as the above-mentioned secret question, the user's life log is acquired and the question about the life log is automatically generated to obtain an answer from the user. A technology for authenticating a person is known.

JP 2009-93273 A

  However, with the above-described conventional technology, it is difficult to perform account recovery that is highly convenient for the user. Specifically, in the related art, it is essential for the user to ask a question generated based on the life log. In addition, when authenticating by a method such as a secret question, the user must register the question and the answer in advance. For this reason, it is difficult to say that any method can perform account recovery that is convenient for the user.

  The present application has been made in view of the above, and an object thereof is to provide a recovery device, a recovery method, and a recovery program capable of performing account recovery that is highly convenient for the user.

  The recovery device according to the present application includes a first acquisition unit that acquires first information that is information related to a user's behavior history in a first service, and information other than the first information, the information relating to the user's behavior history A second acquisition unit that acquires the second information, a verification unit that verifies the identity of the user based on the comparison between the first information and the second information, and the identity of the user by the verification unit An execution unit that performs recovery of an account that the user has in the first service when the first service is verified.

  According to one aspect of the embodiment, there is an effect that account recovery that is highly convenient for the user can be performed.

FIG. 1 is a diagram (1) illustrating an example of a recovery process according to the embodiment. FIG. 2 is a diagram (2) illustrating an example of the recovery process according to the embodiment. FIG. 3 is a diagram illustrating a configuration example of the recovery system according to the embodiment. FIG. 4 is a diagram illustrating a configuration example of the recovery device according to the embodiment. FIG. 5 is a diagram illustrating an example of the first service information storage unit according to the embodiment. FIG. 6 is a diagram illustrating an example of the verification information storage unit according to the embodiment. FIG. 7 is a diagram illustrating an example of the definition information storage unit according to the embodiment. FIG. 8 is a diagram illustrating a configuration example of the first terminal according to the embodiment. FIG. 9 is a diagram illustrating a configuration example of the second service providing server according to the embodiment. FIG. 10 is a diagram illustrating an example of the second service information storage unit according to the embodiment. FIG. 11 is a flowchart illustrating a processing procedure of the recovery apparatus according to the embodiment. FIG. 12 is a flowchart illustrating a processing procedure of the user terminal according to the embodiment. FIG. 13 is a hardware configuration diagram illustrating an example of a computer that implements the function of the recovery device.

  Hereinafter, a mode for carrying out a recovery device, a recovery method, and a recovery program according to the present application (hereinafter referred to as “embodiment”) will be described in detail with reference to the drawings. Note that the recovery device, the recovery method, and the recovery program according to the present application are not limited by this embodiment. In addition, the embodiments can be appropriately combined within a range that does not contradict processing contents. In the following embodiments, the same portions are denoted by the same reference numerals, and redundant description is omitted.

[1. Example of recovery process)
First, an example of the recovery process according to the embodiment will be described with reference to FIG. FIG. 1 is a diagram (1) illustrating an example of a recovery process according to the embodiment. FIG. 1 shows an example in which processing for recovering an account of a predetermined service is executed by the recovery apparatus 100 according to the present application. In the following, a service for which an account is recovered may be referred to as a “first service”.

  A recovery device 100 illustrated in FIG. 1 is a server device that executes recovery processing according to the embodiment. In the embodiment, the recovery device 100 also functions as a service server that provides the first service. For example, the recovery apparatus 100 provides a service related to the portal site as the first service. Specifically, when the recovery apparatus 100 receives a login from a user who has registered an account, the recovery apparatus 100 provides a service that provides a customized portal site for the user. Note that the first service provided by the recovery apparatus 100 may include a search service provided on the portal site, a shopping service linked from the portal site, an information providing service (for example, a news service or a weather forecast service), and the like. Good.

  A user U01 shown in FIG. 1 is an example of a user who uses the first service. That is, the user U01 has an account in the first service provided by the recovery device 100. In the example shown in FIG. 1, the user U01 possesses a plurality of information processing terminals (devices). For example, the user U01 is a wearable device 30 that is an example of a wearable device that can be worn on the smartphone 20, a wrist, or the like (when it is not necessary to distinguish each device, these are collectively referred to as “user terminal 10”. Possess). Hereinafter, the user may be read as the user terminal 10 or the like. For example, the description “a user transmits a request for recovery” may actually indicate a situation where “the user terminal 10 used by the user transmits a request for recovery”.

  In the example shown in FIG. 1, it is assumed that the account held by the user U01 in the first service for a predetermined reason is not available. For example, the user U01 forgets the authentication information (for example, password) for logging in to the first service, replaces the terminal used to access the first service so far, or deletes the account by mistake. In such a case, the account held by the user U01 may become unavailable.

  The provider of the first service can recover the account based on a predetermined condition when the user U01 himself / herself wants to recover the account that has become unavailable. At this time, the provider of the first service verifies whether the user who wants to recover the account is truly the user U01. Then, the provider of the first service recovers the account when the user who desires recovery is verified as the user U01 himself. In general, in order to perform such recovery, the user U01 needs to register settings related to recovery for the first service in advance. For example, the user U01 registers in advance with the first service a “secret question and answer pair” composed of information that only the user U01 can know. When recovery is necessary, the user U01 transmits his answer to the secret question to the first service to prove his / her identity.

  However, in the above method, when the user U01 has not registered a secret question and answer in advance, the account recovery process cannot be executed. Therefore, the recovery apparatus 100 according to the embodiment executes the account recovery process without using the prior registration process by using the method described below. Specifically, the recovery device 100 relates to information related to the action history of the user U01 in the first service (hereinafter may be referred to as “first information”) and action history of the user U01 other than the first information. The identity of the user U01 is verified based on collation with information (hereinafter, sometimes referred to as “second information”). When the identity is verified, the user U01 is present in the first service. Perform recovery of the account that was being used. Hereinafter, the flow of the recovery processing according to the embodiment will be described with reference to FIG.

  In the example of FIG. 1, it is assumed that the user U01 uses the first service via the smartphone 20. As described above, a terminal used for logging in to the first service or requesting account recovery for the first service may be referred to as a “first terminal”. Further, a terminal other than the first terminal, such as the wearable device 30, that provides information used for the recovery process according to the embodiment (that is, the second information described above) is referred to as a “second terminal”. May be written.

  First, the user U01 whose account held in the first service becomes unusable transmits an account recovery request to the recovery apparatus 100 via the smartphone 20 (step S11).

  When receiving a request for account recovery, the recovery apparatus 100 requests information for specifying an account to be recovered. Specifically, the recovery apparatus 100 requests the user U01 to input the user ID set in the account (step S12).

  The user U01 transmits a user ID to the recovery device 100 via the smartphone 20 (step S13). The recovery apparatus 100 verifies the user ID transmitted from the smartphone 20 (step S14). The recovery apparatus 100 collates the transmitted user ID with the user ID set for the account to be recovered, and identifies the account for which recovery is requested.

  Subsequently, the recovery apparatus 100 tries to verify whether the user U01 who is going to recover the account is the user U01 himself / herself identified by the user ID. In other words, the recovery device 100 confirms the identity of the user U01. This is to prevent a situation in which an account is illegally acquired by impersonating the user U01 using a user ID illegally acquired by a third party, for example. Note that the recovery device 100 may request an identifier other than the user ID as long as it can confirm the identity of the user U01 in step S12. For example, the recovery apparatus 100 may request a telephone number, an e-mail address, or the like for which registration has been received from the user U01.

  Here, the recovery device 100 according to the embodiment specifies information to be used for the identity verification of the user U01 (step S15). For example, the recovery device 100 refers to first information stored in the first service, which is information that can be used to verify the identity of the user U01. Then, the recovery device 100 identifies the type of the first information that can be used for the verification process among the referenced first information. In other words, the recovery device 100 identifies the type of information that can be used to verify the identity of the user U01 based on the past action history of the first service.

  For example, it is assumed that the recovery device 100 acquires position information at the time when the user U01 logs in to the first service and accumulates the acquired position information in the operation of the first service. Specifically, the recovery apparatus 100 acquires the position information acquired by the GPS (Global Positioning System) function of the smartphone 20 at the time of login or every predetermined time during login (for example, every 10 minutes). get. Note that the position information acquired by the recovery device 100 is not limited to the position information acquired by the GPS function, and may be, for example, position information estimated from the IP address of the smartphone 20 that has accessed the first service. . Further, the position information may be a specific numerical value indicating longitude and latitude, or address information indicating a certain area.

  That is, before receiving the recovery request, the recovery apparatus 100 has acquired and acquired a considerable amount of position information of the user U01 (that is, the smartphone 20) during the period in which the user U01 has used the first service in the past. It is assumed that information is accumulated in a predetermined storage device.

  The recovery apparatus 100 that refers to the fact that the position information is stored as the first information determines that the position information at a predetermined past time can be used in the verification of the identity of the user U01. In other words, the recovery device 100 specifies the type of information used for the identity verification of the user U01 as “location information”. For example, the recovery apparatus 100 may perform identity verification by preferentially using the type of information with a large amount of information among the information stored as the first information.

  Note that the type of information used for verification and the verification method may be variously determined depending on, for example, definition information set by the administrator of the recovery apparatus 100. For example, without referring to the first information, the recovery device 100 may refer to information that is defined in advance to use location information in account recovery and perform identity verification according to the definition information. Details of such definition information will be described later.

  The recovery device 100 that has identified the information transmits an identity verification request to the smartphone 20 (step S16). The identity verification request transmitted from the recovery apparatus 100 includes, for example, a transmission request for second information necessary for performing identity verification of the user U01 in account recovery. Specifically, the recovery apparatus 100 is information for collating with an action history held in the first service (in the example of FIG. 1, location information acquired at the time of logging in to the first service or the like). Then, an action history other than the first service (position information held in the example other than the first service in the example of FIG. 1) is requested to the smartphone 20.

  The smartphone 20 that has received the request attempts to acquire the action history of the user U01 that is held other than the first service. For example, the smartphone 20 acquires information related to the action history of the user U01 via a device other than the smartphone 20 that is the first terminal. For example, the smartphone 20 performs a process of detecting a device in the vicinity of itself. For example, the smartphone 20 detects nearby devices by detecting radio waves such as WiFi (registered trademark) or Bluetooth (registered trademark) or by detecting devices using the same access point. In the example of FIG. 1, the smartphone 20 detects the wearable device 30.

  In the embodiment, the wearable device 30 is a device worn on the wrist or the like of the user U01, and is a device that acquires position information periodically (for example, every 5 minutes). In addition, it is assumed that the wearable device 30 caches the history of the position information of the user U01 in a predetermined period (for example, several months).

  Therefore, the smartphone 20 requests the wearable device 30 for data cached by the wearable device 30 (position information in the example of FIG. 1) (step S17). The wearable device 30 transmits the cached position information to the smartphone 20 (step S18). Thereby, the smartphone 20 acquires position information other than the first service, which is the second information requested from the recovery device 100.

  Then, in response to the identity confirmation request transmitted from the recovery device 100, the smartphone 20 transmits the position information cached by the wearable device 30 (step S19). In this case, the smartphone 20 may give information for identifying that the position information to be transmitted is not the own apparatus but the position information acquired by the wearable device 30.

  The recovery apparatus 100 verifies the identity of the user U01 using the transmitted position information (step S20). As described above, the recovery device 100 collates the action history (first information) of the user U01 in the first service with information (second information) related to the action history of the user U01 other than the first information. Specifically, the recovery device 100 includes “position information of the user U01 at the time of login to the first service at a predetermined date and time” that is an example of the first information and “the same predetermined date and time” that is an example of the second information. And the location information of the user U01 acquired by the wearable device 30 ". Note that the recovery device 100 may collate not only pieces of position information at a certain point in time but also pieces of position information at more points in time.

  That is, the recovery apparatus 100 verifies whether or not the position information in the first information and the second information match as the identity confirmation of the user U01. Thereby, the recovery apparatus 100 has the same position at the time of the login of the smartphone 20 when used for logging in to the first service in the past and the wearable device 30 which is a device other than the smartphone 20. Can be verified.

  This indicates a situation corresponding to the case where the recovery apparatus 100 transmits a question “Where were you at a predetermined time?” To the user U01 and the user U01 answered the question. That is, the recovery device 100 performs a process equivalent to creating a so-called “secret question” that can be answered only by the user U01 using the action history of the first service. Further, the user U01 uses a device other than the first terminal, which is the wearable device 30, and performs a process equivalent to transmitting information as a response to the recovery apparatus 100. Then, if the position information held by the recovery device 100 and the position information corresponding to the same time and the content indicated by the position information transmitted from the user U01 are information indicating approximately the same position, It is determined that the user U01 holding the transmitted position information has a high probability of being the user U01 himself. Through such processing, the recovery device 100 verifies the identity of the user U01.

  When the identity of the user U01 is verified, the recovery apparatus 100 performs recovery of the account held by the user U01 in accordance with the recovery request (step S21). Then, the recovery apparatus 100 notifies the user U01 that the account has been recovered (step S22). Note that if the identity of the user U01 cannot be verified, the recovery apparatus 100 may notify the user U01 that the account cannot be recovered.

  As described above, the recovery device 100 collates the action history of the user U01 in the first service with the action history held in other than the first service such as the wearable device 30, for example, so that the user U01 Verify identity. As a result, the recovery device 100 can respond only to the user U01, that is, information that can be known only by the user U01 as the action history in the first service, and action history other than the first service, without requiring prior registration. And can be matched. Then, the recovery device 100 recovers the account of the user U01 based on the collation result. That is, the recovery apparatus 100 can perform the recovery process without prior registration of a secret question or the like, and thus can provide a recovery process that is convenient for the user.

  The recovery apparatus 100 stores not only the action history cached in the wearable device 30 but also a service other than the first service (hereinafter may be referred to as “second service”) as the second information. The second information may be used. This point will be described with reference to FIG. FIG. 2 is a diagram (2) illustrating an example of the recovery process according to the embodiment.

  In the example illustrated in FIG. 2, the wearable device 30 transmits, to the second service providing server 200, information related to the action history of the user U01 that is periodically acquired (for example, position information, date and time when the position information is acquired). It shall be. The second service providing server 200, as a second service, presents information such as, for example, the daily travel distance of the user U01, the number of walks, and calories consumed due to travel, when accessed by the user U01. Is a server device that provides

  In the example illustrated in FIG. 2, the recovery device 100 acquires the second information acquired from the wearable device 30 in FIG. 1 from the second service providing server 200. The process flow in FIG. 2 will be described below. Note that steps S31 to S36 shown in FIG. 2 correspond to steps S11 to S16 shown in FIG.

  Following step S36 illustrated in FIG. 2, the smartphone 20 tries to acquire the action history of the user U01 held as the second information other than the first service. Specifically, the smartphone 20 requests the wearable device 30 for information used for verification (step S37).

  In the example illustrated in FIG. 2, it is assumed that the wearable device 30 does not hold information required for the smartphone 20 in its own device. Specifically, the date and time of the action history requested by the smartphone 20 is earlier than the date and time of the action history held in the wearable device 30, and the wearable device 30 corresponds to the action history corresponding to the request of the smartphone 20. Assume that (location information) is not cached.

  Therefore, the wearable device 30 requests the second service providing server 200 to use information that the device itself regularly uploads (step S38). Specifically, the wearable device 30 requests the second service providing server 200 for permission to use information related to the location information of the user U01 uploaded in the past. Note that the second service providing server 200 specifies the account of the user U01 in the second service, for example, by the device ID transmitted from the wearable device 30. And the 2nd service provision server 200 specifies the positional information etc. matched with the specified account as information which should be provided to the user U01.

  The second service providing server 200 that has received the request issues, for example, an access token (Access Token) for accessing information held in the own device (step S39). Then, the second service providing server 200 transmits the issued access token to the wearable device 30. Wearable device 30 transmits the received access token to smartphone 20 (step S40). The user terminal 10 transmits the received access token to the recovery device 100 (step S41). As will be described later, the access token may be transmitted from the wearable device 30 to the recovery device 100 without using the smartphone 20.

  The recovery device 100 that has received the access token accesses the second service providing server 200 (step S42). Then, the recovery device 100 acquires information used for verification, such as location information of the user U01 permitted to use with the access token (step S43).

  The recovery apparatus 100 verifies the identity of the user U01 by collating the information acquired from the second service providing server 200 with the action history of the user U01 in the first service (step S44). Such verification is performed by the same process as in step S20 of FIG. Then, when the identity of the user U01 is verified, the recovery apparatus 100 performs recovery of the account held by the user U01 (step S45). Then, the recovery apparatus 100 notifies the user U01 that the account has been recovered (step S46).

  As described above, the recovery device 100 collates the action history of the user U01 acquired from the second service side, which is a service other than the first service, with the action history of the first service, thereby comparing the action history of the user U01. You may verify your identity. According to such processing, the recovery apparatus 100 performs verification using information held by the second service, which is difficult for the user U01 to falsify. Therefore, impersonation by an unauthorized user is performed. A safer recovery process that can be prevented with high accuracy can be performed.

  In the example of FIG. 1 and FIG. 2, the position information is given as an example of the action history used for the recovery process. However, the recovery device 100 is not limited to the position information, and various types of actions held by the first service. A history may be used. For example, the recovery apparatus 100 may use a purchase history in which the user U01 has purchased a product using the first service. Specifically, the recovery apparatus 100 acquires information related to the delivery destination of the product purchased by the user U01. Further, the recovery device 100 acquires a delivery history of delivering the product to a delivery destination from a delivery company that delivers the product as a second service. Then, the recovery apparatus 100 collates the acquired two pieces of information, and determines whether the location of the delivered delivery destination and the delivery date and time match. If the location of the delivery destination and the delivery date and time match, the recovery device 100 estimates that the user U01 who made the purchase and the user U01 who requested the recovery are likely to be the same user. With this process, the recovery apparatus 100 can verify the identity of the user U01 and recover the account.

  Further, the user U01 may perform a process of linking the first service and the second service prior to the recovery process according to the embodiment. For example, the service provided to the user U01 performs so-called ID linkage such as using a common ID between services by confirming in advance that the user who has created an account with a plurality of services is the person himself / herself. There may be services that can.

  In the example shown in FIG. 1 and FIG. 2, when the above-described ID linkage is performed between the first service and the second service, the recovery device 100 does not necessarily include the first service in step S14. It is not necessary to receive the user ID related to the smartphone 20. For example, if the user U01 can receive from the second service an issuance of a temporary ID used for identity verification between the first service and the second service, the recovery apparatus 100 uses the temporary ID as the temporary ID. Based on this, an account in the first service may be specified.

  If ID linkage is performed between the first service and the second service, the recovery apparatus 100 receives an access token directly from the wearable device 30 without using the smartphone 20 in step S40. Also good. That is, since the recovery apparatus 100 can identify the second information of the user U01 held in the second service based on the linked ID even when receiving the access token directly from the wearable device 30, Information used for account recovery of the user U01 in the first service can be accurately acquired.

[2. Recovery system configuration)
Next, the configuration of the recovery system 1 including the recovery device 100 according to the embodiment will be described with reference to FIG. FIG. 3 is a diagram illustrating a configuration example of the recovery system 1 according to the embodiment. As illustrated in FIG. 3, the recovery system 1 according to the embodiment includes a user terminal 10, a recovery device 100, and a second service providing server 200. Further, the user terminal 10 includes a first terminal such as the smartphone 20 and a second terminal such as the wearable device 30. These various devices are communicably connected via a network N by wire or wireless.

  The user terminal 10 is, for example, an information processing terminal (device) such as a desktop PC (Personal Computer), a notebook PC, a tablet terminal, a mobile phone including a smartphone, or a PDA (Personal Digital Assistant). The user terminal 10 also includes a wearable device such as a watch-type terminal and a glasses-type terminal. Furthermore, the user terminal 10 may include various smart devices having an information processing function. For example, the user terminal 10 may include a smart home appliance such as a TV (Television), a smart vehicle such as an automobile, a drone, and a home robot.

  The recovery device 100 is a server device that recovers an account held by a user in the first service. In the embodiment, the recovery device 100 also functions as a web server that provides the first service. However, the recovery device 100 and the web server that provides the first service are separate devices. There may be.

  The second service providing server 200 is a server device that provides the user with the second service. For example, the second service providing server 200 accumulates various information transmitted from the user terminal 10 and provides a service that transmits useful information to the user based on the accumulated information. Specifically, the second service providing server 200 provides a service that presents information such as a user's daily travel distance, the number of walks, and calorie consumption due to travel, based on the acquired position information. In addition, in a predetermined case, the second service providing server 200 provides information used for user verification in the recovery processing according to the embodiment to the recovery device 100.

[3. Configuration of recovery device]
Next, the configuration of the recovery device 100 according to the embodiment will be described with reference to FIG. FIG. 4 is a diagram illustrating a configuration example of the recovery device 100 according to the embodiment. As illustrated in FIG. 4, the recovery device 100 includes a communication unit 110, a storage unit 120, and a control unit 130. The recovery device 100 includes an input unit (for example, a keyboard and a mouse) that receives various operations from an administrator who uses the recovery device 100, and a display unit (for example, a liquid crystal display) that displays various types of information. You may have.

(About the communication unit 110)
The communication unit 110 is realized by, for example, a NIC (Network Interface Card). The communication unit 110 is connected to the network N by wire or wirelessly, and transmits / receives information to / from the user terminal 10 and the second service providing server 200 via the network N.

(About the storage unit 120)
The storage unit 120 is realized by, for example, a semiconductor memory device such as a RAM (Random Access Memory) or a flash memory, or a storage device such as a hard disk or an optical disk. The storage unit 120 includes a first service information storage unit 121, a verification information storage unit 122, and a definition information storage unit 123.

(About the first service information storage unit 121)
The first service information storage unit 121 stores information related to the first service. Here, FIG. 5 illustrates an example of the first service information storage unit 121 according to the embodiment. FIG. 5 is a diagram illustrating an example of the first service information storage unit 121 according to the embodiment. In the example illustrated in FIG. 5, the first service information storage unit 121 includes “account ID”, “registered device ID”, “registered user”, “user ID”, “authentication information”, and “first service action history”. It has items such as. In addition, the first service action history has small items such as “use log ID”, “action history”, “action date”, and “position information”.

  “Account ID” indicates identification information for identifying an account in the first service. “Registered device ID” indicates identification information for identifying a device registered as a device used in the first service. “Registered user” indicates a user who holds an account. In the embodiment, the identification information such as the account ID is assumed to match the reference symbol used in the description. For example, the device whose registered device ID is “20” indicates the smartphone 20.

  “User ID” is identification information used for identifying a user who uses an account. For example, the user ID is composed of an arbitrary character string selected by the user when the user creates an account in the first service. As the user ID, for example, an e-mail address or the like registered in the smartphone 20 that is a registered device may be used.

  “Authentication information” indicates authentication information used to log in to the first service. In the example illustrated in FIG. 5, it is assumed that the authentication information is a password including a character string arbitrarily set by the user U01. For example, the user inputs a user ID and password pair associated with the account and logs in to the first service.

  The “first service action history” indicates an action history in the first service. “Usage log ID” indicates identification information for identifying a log when the user logs in to use the first service. In the example illustrated in FIG. 5, the usage log ID is assigned to each session from when the user logs in to the first service until the user logs out.

  “Behavior history” indicates a user's behavior history. Although not shown in FIG. 5, for example, an action history item is searched by inputting a query or an action when a user clicks an article in a portal site, an action of purchasing a product, or a query. Specific actions such as actions may be stored.

  “Action date / time” indicates the date / time corresponding to the user's action history. In the example illustrated in FIG. 5, the action date / time is stored every 10 minutes, but the action date / time may be stored in finer units (for example, 1 minute or 1 second). “Position information” indicates position information corresponding to the action history. For example, the recovery device 100 acquires the position information detected by the first terminal (smart phone 20) continuously when the user logs in to the first service or during the login, and corresponds to the action history. In addition, it is stored in the first service information storage unit 121. FIG. 5 shows an example in which conceptual information such as “G011” is stored in the position information item. Actually, however, the position information item includes specific numerical values such as longitude and latitude. In addition, information that can estimate position information (for example, the IP address of the smartphone 20) is stored.

  That is, in the example of FIG. 5, the smartphone 20 that is the device identified by the registered device ID “20” is registered in the account A01 identified by the account ID “A01”, and the registered user is “U01”. It shows that there is. The user ID corresponding to the account A01 is “XXXX”, and the authentication information (password) is “YYYY”. Further, in the account A01, logs identified by usage log IDs “B01” and “B02” are accumulated. For example, in the usage log B01, “login” is “March 1, 2017” as an action history. 12:00 ”, indicating that the position information of the smartphone 20 at that time is“ G011 ”.

(About the verification information storage unit 122)
The verification information storage unit 122 stores information used for verification of the user's identity (that is, second information). Here, FIG. 6 illustrates an example of the verification information storage unit 122 according to the embodiment. FIG. 6 is a diagram illustrating an example of the verification information storage unit 122 according to the embodiment. In the example illustrated in FIG. 6, the verification information storage unit 122 includes items such as “verification target user” and “second information”. The second information item has small items such as “second information log ID”, “action date and time”, and “position information”.

  “Verification target user” indicates a user whose identity is to be verified in the recovery process. In the example of FIG. 6, the verification target user is indicated by a reference sign such as “U01”. However, the verification target user may be indicated by using the user ID shown in FIG.

  The “second information” indicates a user's behavior history acquired in other than the first service, which is used for collation with the behavior history of the first service. The “second information log ID” indicates identification information for identifying each action history (log) that is the second information. “Action date and time” indicates the date and time corresponding to each log. “Position information” indicates position information that is an example of second information. As in FIG. 5, the position information in FIG. 6 is represented by a concept such as “H011”. Note that since the position information shown in FIG. 5 and the position information shown in FIG. 6 are information acquired by different devices, the file format or the like may be different. However, since any position information includes information indicating longitude and latitude, or information indicating an address, the recovery apparatus 100 may determine whether the two match or are similar. It shall be possible.

  That is, in the example of FIG. 6, the second information acquired to verify the verification target user “U01” is shown. For example, the second information log C01 identified by the second information log ID “C01” is the second information (action history) on “March 1, 2017 12:00”, and is the position information “H011”. It is shown that.

  In the example of FIG. 6, the position information is shown as an example of the second information, but the second information is not limited to the position information. For example, the second information may be various information that can be acquired by the second terminal or various information that is acquired in the second service. Details of these variations of the second information will be described later.

(About the definition information storage unit 123)
The definition information storage unit 123 stores definitions related to the verification method. Here, FIG. 7 illustrates an example of the definition information storage unit 123 according to the embodiment. FIG. 7 is a diagram illustrating an example of the definition information storage unit 123 according to the embodiment. In the example illustrated in FIG. 7, the definition information storage unit 123 includes items such as “definition information ID”, “verification level”, “verification information”, and “verification content”.

  “Definition information ID” indicates identification information for identifying definition information. The definition information is information that defines the type of information for verifying the user, a verification method, and a level indicating reliability when the user is verified by a certain verification method. The definition information can be read as a condition for verifying the identity of the user and authenticating the user as the identity.

  The “verification level” is a level indicating reliability regarding verification of the identity of the user. In the embodiment, it is assumed that the verification level is indicated by a numerical value in five stages, with “5” having the highest reliability and “1” having the lowest reliability. For example, the recovery apparatus 100 may determine at what verification level the user is verified according to the type of account to be recovered. As an example, when the first service is a service provided by a financial institution or the like and extremely high reliability is required for recovery, the recovery apparatus 100 uses a verification method whose verification level is defined as “5”. It may be determined that recovery is not performed unless the user is verified by using. On the other hand, if the first service is not a service that requires high reliability, the recovery apparatus 100 can use the account even when the user is verified using the verification method defined as the verification level “3”. Recovery may be performed. In other words, the recovery apparatus 100 may verify the user using different verification methods depending on the level of reliability required for recovery. For example, it is assumed that the defined verification level becomes higher as the type of information used for verification is increased or the information to be collated is increased.

  “Verification information” indicates the type of first information and second information used for user verification. “Verification content” indicates a content that defines what conditions should be verified when the first information and the second information are verified in the user verification.

  That is, in the example of FIG. 7, the definition information identified by the definition information ID “E01” indicates that the definition is related to the verification method having the verification level “3”. The definition information E01 indicates that, as a specific verification method, “position information” is used as verification information, and “verification of position information at any three time points” is determined as verification contents. Yes. Specifically, in the definition information E01, when the first information and the second information are compared with each other, and “matching position information at any three points in time” is found, the user who has requested the recovery is in the account This indicates that the registered user is verified.

(About the control unit 130)
The control unit 130 is, for example, a controller, and various programs (recovery according to the embodiment) stored in a storage device inside the recovery device 100 by a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or the like. (Corresponding to an example of a program) is implemented by executing the RAM as a work area. The control unit 130 is a controller, and is realized by an integrated circuit such as an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA).

  As illustrated in FIG. 4, the control unit 130 includes a reception unit 131, a first acquisition unit 132, a specification unit 133, a second acquisition unit 134, a verification unit 135, an execution unit 136, and a transmission unit 137. And implements or executes the functions and operations of information processing described below. Note that the internal configuration of the control unit 130 is not limited to the configuration illustrated in FIG. 4, and may be another configuration as long as the information processing described below is performed. In addition, the connection relationship between the processing units included in the control unit 130 is not limited to the connection relationship illustrated in FIG. 4, and may be another connection relationship.

(About the receiver 131)
The receiving unit 131 receives various information. For example, the receiving unit 131 receives a recovery request from the smartphone 20 which is an example of the user terminal 10 to the recovery device 100.

  The receiving unit 131 receives information for specifying an account corresponding to the recovery request. For example, the receiving unit 131 receives a user ID that is information for specifying an account. The receiving unit 131 sends the received information to the first acquisition unit 132.

(About the first acquisition unit 132)
The 1st acquisition part 132 acquires the 1st information which is information about a user's action history in the 1st service.

  Specifically, the first acquisition unit 132, when receiving a recovery request by the reception unit 131, first information related to the user among the first information accumulated in the first service information storage unit 121. To get. In addition, the 1st acquisition part 132 may acquire 1st information from the provider (service server) which provides a 1st service, when the provider which provides a 1st service is not the recovery apparatus 100. . In this case, the 1st acquisition part 132 specifies the user's account using the smart phone 20, and acquires the 1st information about the specified user from a service server.

  For example, the first acquisition unit 132 acquires, as the first information, date / time information such as the date / time when the user logged in to the first service, and the user's location information during login or while logged in.

  Moreover, the 1st acquisition part 132 may acquire various 1st information according to the classification of the service which a 1st service provides. For example, when the first service is a shopping service or an auction service, the first acquisition unit 132 may acquire user purchase information, payment information, or the like as the first information. In addition, the 1st acquisition part 132 may further acquire information, such as the address information of the user who purchased goods, and the date and time when goods are delivered to reception.

  Further, when the first service is an information providing service such as a news service, the first acquisition unit 132 may acquire content browsing information, content search information, and the like as the first information.

  In addition, when the first service is a travel reservation service, a transit guidance service for transportation, or the like, the first acquisition unit 132 may acquire information on a facility reserved by the user, date and time, and the like. In addition, when the first service is SNS (Social Networking service), the first acquisition unit 132, as the first information, the date and time when the user posted a text (for example, a tweet), the content of the posting, and the posting Post information including an image or the like may be acquired.

  Moreover, the 1st acquisition part 132 may acquire the information acquired by the 1st service side when a user uses a 1st service as 1st information. For example, the first acquisition unit 132 includes communication connection information to the first service (information on an access point used by the smartphone 20, a device ID of a device used for using the first service, etc.), and user attribute information. (Gender, age, etc. of the user) may be acquired.

(About the specific part 133)
The specifying unit 133 specifies the second information acquired from the user. For example, the specifying unit 133 specifies the type of information acquired as the second information.

  Specifically, the identifying unit 133 identifies information that can be collated with the first information corresponding to the user in the process of verifying the identity of the user who has requested the recovery. For example, when the location information is acquired from the user in the first service, the specifying unit 133 can collate the first information and the second information by acquiring the location information as the second information. It is determined that In this case, the specifying unit 133 specifies the type of the second information to be acquired as “position information”.

  Note that the specifying unit 133 may specify various types of information as the second information to be acquired according to the type of the first information acquired in the first service. For example, the specifying unit 133 acquires the above-described payment information, content browsing information, search information, reservation information, SNS posting information, communication connection information, user attribute information, and the like to be acquired. As specified. Further, the specifying unit 133 does not necessarily specify the same type of information as the first information as the second information. For example, even when the types of the first information and the second information are different, the specifying unit 133 can verify the identity of the user by indicating different predetermined types of information in the user. For example, information of a type different from the first information may be specified.

(About the second acquisition unit 134)
The second acquisition unit 134 acquires second information that is information other than the first information and is information related to the user's behavior history. For example, the second acquisition unit 134 transmits an identity confirmation request to the first terminal that transmitted the recovery request, and transmits information related to the type specified by the specifying unit 133. And the 2nd acquisition part 134 acquires the 2nd information from the 1st terminal which acquired the 2nd information via the 2nd terminal and the 2nd service.

  The 2nd acquisition part 134 acquires the information regarding a user's action history in the 2nd service which is a service provided from providers other than the provider of the 1st service as the 2nd information.

  Specifically, the second acquisition unit 134 acquires, as the second information, a user action acquired by another terminal (second terminal) other than the terminal device (first terminal) used in the use of the first service. Get information about history. In the example illustrated in FIG. 1, the second acquisition unit 134 acquires the action history of the user U01 accumulated in the wearable device 30 that is the second terminal as the second information. As illustrated in FIG. 2, the second acquisition unit 134 may acquire the second information from the second service providing server 200 that provides the second service instead of from the second terminal.

  The second acquisition unit 134 may acquire various types of information as the second information, similar to the first information. For example, the second acquisition unit 134 acquires at least one of position information, settlement information, content browsing information, search information, reservation information, SNS posting information, communication connection information, and user attribute information.

  The second acquisition unit 134 stores the acquired second information in the verification information storage unit 122. Note that the second acquisition unit 134 may store all of the acquired second information in the verification information storage unit 122, or store only the second information of the type specified by the specification unit 133 in the verification information storage unit 122. It may be stored.

(About the verification unit 135)
The verification unit 135 verifies the user's identity based on the comparison between the first information acquired by the first acquisition unit 132 and the second information acquired by the second acquisition unit 134.

  For example, the verification unit 135 extracts information of a type common to the first information and the second information, and verifies the user's identity based on the degree of coincidence or similarity between the extracted information.

  Specifically, the verification unit 135 verifies the user's identity according to the definition information stored in the definition information storage unit 123. For example, the verification unit 135 refers to the verification level required for the account to be recovered. The verification unit 135 identifies the verification level of the account to be recovered by referring to the verification level preset by the provider of the first service, for example. If the verification level is not set for the account to be recovered, the verification unit 135 may verify the user based on any arbitrarily selected definition information.

  Hereinafter, a case where the verification unit 135 verifies the identity of the user using the definition information E01 illustrated in FIG. 7 will be exemplified. The verification unit 135 extracts position information at arbitrary three points in time from the first information. Further, the verification unit 135 identifies position information at a time point corresponding to three time points extracted from the first information among the second information. Even if the time points of the first information and the second information do not completely match, the verification unit 135 extracts the second information (action history) at a time point within a predetermined range (for example, within 1 minute), for example. Processing may be performed flexibly.

  Then, the verification unit 135 verifies the matching of the position information at the three extracted time points. Specifically, the verification unit 135 verifies whether the position indicated by the position information of the first information matches the position indicated by the position information of the second information within a predetermined range at the time of extraction. To do. Then, when the positions indicated by the position information match at the three verified time points, the verification unit 135 determines that the user who requested the recovery is the user who held the account. Note that the position information may be a predetermined similar range even if it does not indicate a completely matched position. Such a similar range may be flexibly determined based on, for example, whether or not the predetermined range is within a predetermined range or a predetermined distance.

  Moreover, although the example which collates position information at 3 time points was shown above, the verification unit 135 may collate position information in a certain length of time instead of performing collation at the time point. For example, the verification unit 135 may collate the first information and the second information with respect to the transition of position information in a certain past 10 minutes.

  As described above, when the information to be compared is position information, the verification unit 135 extracts the position information included in the first information and the second information, and matches the position information in a predetermined number or a predetermined time length. The identity of the user is verified based on the degree or similarity.

  In addition, the verification unit 135 extracts different types of information from the first information and the second information, and based on whether the extracted different types of information indicate a predetermined action common to the user. You may verify your identity.

  For example, the verification unit 135 extracts the purchase information of the first information and the location information of the second information, and verifies the user's identity based on whether or not the user shows a predetermined common action. Also good. Specifically, the verification unit 135 refers to the delivery date and delivery destination of the product included in the purchase history of the user in the first service. Further, the verification unit 135 refers to the position information of the user at the date and time when the product is delivered in the second information. Then, the verification unit 135 determines whether the position indicated by the delivery destination of the product matches the position information of the user at the date and time when the product is delivered.

  When the information matches, the verification unit 135 determines that the user who purchased the product in the first service has a high probability of being the user who received the product at the delivery destination. That is, if the verification unit 135 determines that the first information and the second information have different types of information but the information indicates a predetermined action common to the user, the verification unit 135 identifies the user as the user. It can be verified that Through such processing, the verification unit 135 verifies the identity of the user. Note that information relating to these collations (such as which information is compared or what information can be compared) may be described in the definition information held in advance, or the recovery apparatus 100 It may be input as appropriate by the administrator.

  The verification unit 135 may perform verification based on various information. Specifically, the verification unit 135 includes position information, payment information, content browsing information, search information, reservation information, SNS posting information, communication connection information, and user attribute information as the types of first information and second information. The identity of the user may be verified using at least one of the above.

  Further, the verification unit 135 may verify the identity of the user based on the collation result of a plurality of pieces of information, not just one piece of collated information. That is, the verification unit 135 verifies the user's identity based on collation in at least two or more sets, with the first information and the second information indicating the common action history for a predetermined time as one set. Good. Thus, the verification unit 135 can improve the accuracy of verification by verifying the identity based on the multi-element information.

  The verification unit 135 may verify the identity of the user based on the comparison between the first information of the type selected by the user and the second information. For example, when receiving a recovery request, the receiving unit 131 may leave the selection of what information to perform verification to the user. For example, the user may select the type of information that can be transmitted to the recovery apparatus 100 from the information used for verification. Specifically, when the user has a wearable device 30 that can acquire position information, the user may select “position information” as the type of information. Thereby, the verification part 135 can perform the verification process according to a user's request. Specifically, the verification unit 135 can reduce the burden on the user by performing verification processing preferentially using information that the user can easily provide to the recovery apparatus 100.

  Note that the verification unit 135 may accept artificial settings for the above-described settings for similarity and matching determination, and for example, determine which time zone data to collate with each other. A verification data range derivation function may be provided. For example, when position information is used for collation processing, it may be difficult to specify at which time the latitude and longitude information are approximated in the first information and the second information. In addition, even if the position information at the same time exists in both the first information and the second information, since the accuracy of the detected information depends on the function and performance of the device, both position information Are unlikely to match exactly. For this reason, the verification unit 135 derives a collation data range such as which data range in which time range is collated or how much error is allowed, and appropriately extracts data to be collated. You may make it perform.

  Further, for example, the verification unit 135 may appropriately set the range of the second information acquired based on the access token acquired from the wearable device 30 as described above. For example, as illustrated in FIG. 5, the verification unit 135 accesses the second service providing server 200 when the position information G011, the position information G012, and the position information G013 are held as the position information of the user U01. When a token is acquired, it may be determined to acquire position information in a time zone range corresponding to the position information.

  Further, the verification unit 135 may perform processing for collating each other's data after obfuscation or conceptualization of the data to be collated. Taking the position information as an example, the verification unit 135 obscures certain position information within a predetermined time window (time window) into address information indicating a predetermined area (such as a municipality). Also good. Then, when the first information and the second information match information indicating a predetermined area such as a municipality, the verification unit 135 may determine that both pieces of position information match. By performing such information ambiguity, the verification unit 135 can perform the matching process on the first information and the second information within a predetermined allowable range as well as information that completely matches. .

(About the execution unit 136)
When the verification unit 135 verifies the user's identity, the execution unit 136 recovers the account that the user has in the first service.

  For example, when the verification unit 135 verifies that the conditions defined in the definition information are satisfied, the execution unit 136 determines that the user's identity has been verified, and recovers the account that the user has Execute.

  The execution unit 136 does not perform account recovery when the verification unit 135 does not verify the user's identity. In this case, the execution unit 136 may send a notification that the recovery has failed to the transmission unit 137 and cause the user to send a notification that the recovery has failed.

(About the transmitter 137)
The transmission unit 137 transmits various information. For example, the transmission unit 137 transmits the result of account recovery by the execution unit 136 to the user who has requested the recovery. In addition, when transmitting information indicating that account recovery has been performed, the transmission unit 137 may transmit, for example, information related to new authentication information (for example, notification regarding password resetting).

  In addition, when transmitting that the account recovery has not been executed, the transmitting unit 137 may transmit, for example, notifying that the second information required for the recovery is insufficient. . In addition, when there is a possibility that account recovery is performed when the user transmits new second information, the transmission unit 137 requests the user to newly transmit the second information required for verification. May be sent to.

[4. Configuration of user terminal]
Next, the configuration of the user terminal 10 according to the embodiment will be described with reference to FIG. FIG. 8 is a diagram illustrating a configuration example of the user terminal 10 according to the embodiment. As illustrated in FIG. 8, the user terminal 10 includes a communication unit 11, an input unit 12, a display unit 13, a detection unit 14, a storage unit 15, and a control unit 16. Note that the user terminal 10 according to the embodiment corresponds to, for example, the smartphone 20 or the wearable device 30. However, the user terminal 10 does not necessarily have to have all the configurations shown in FIG. For example, the wearable device 30 may not necessarily include a display unit such as a liquid crystal display.

(About the communication unit 11)
The communication part 11 is implement | achieved by NIC etc., for example. The communication unit 11 is connected to the network N in a wired or wireless manner, and transmits / receives information to / from the recovery apparatus 100, the second service providing server 200, an arbitrary device, and the like via the network N.

(About the input unit 12 and the display unit 13)
The input unit 12 is an input device that receives various operations from the user. For example, the input unit 12 is realized by an operation key or the like provided in the user terminal 10. The display unit 13 is a display device for displaying various information. For example, the display unit 13 is realized by a liquid crystal display or the like. In addition, when a touch panel is employ | adopted for the user terminal 10, a part of input part 12 and the display part 13 are integrated.

(About the detector 14)
The detection unit 14 detects various information related to the user terminal 10. Specifically, the detection unit 14 detects a user operation on the user terminal 10, location information of the user terminal 10, information about a device connected to the user terminal 10, an environment in the user terminal 10, and the like. To do.

  For example, the detection unit 14 detects a user operation based on information input to the input unit 12. In other words, the detection unit 14 detects that there has been an input of an operation for touching the screen to the input unit 12, an input of audio, or the like. Further, the detection unit 14 may detect that a predetermined application program (hereinafter simply referred to as “application”) is started by the user. When such an application is an application that operates an imaging function (for example, a camera) in the user terminal 10, the detection unit 14 detects that the imaging function is used by the user. Further, the detection unit 14 may detect an operation in which the user terminal 10 itself is moved based on data detected by an acceleration sensor, a gyro sensor, or the like provided in the user terminal 10.

  Further, the detection unit 14 detects the current position of the user terminal 10. Specifically, the detection unit 14 receives radio waves transmitted from a GPS (Global Positioning System) satellite, and obtains position information (for example, latitude and longitude) indicating the current position of the user terminal 10 based on the received radio waves. get.

  Moreover, the detection part 14 may acquire position information with various methods. For example, when the user terminal 10 has a function equivalent to that of a contactless IC card used at a station ticket gate or a store (or the user terminal 10 has a function of reading a history of the contactless IC card) ), The used position is recorded together with the information on the settlement of the boarding fee at the station by the user terminal 10. The detection unit 14 detects such information and acquires it as position information. Moreover, the detection part 14 may detect the positional information acquirable from an access point, when the user terminal 10 communicates with a specific access point. The position information may be acquired by an optical sensor, an infrared sensor, a magnetic sensor, or the like included in the user terminal 10. Moreover, when the position of the user terminal 10 can be estimated from the IP address or the like, the detection unit 14 may acquire an IP address or the like as an example of the position information.

  The detection unit 14 detects an external device connected to the user terminal 10. Note that the external device is a device other than the target user terminal 10 and may include other user terminals 10 different from the target. For example, when viewed from the smartphone 20, the wearable device 30 is recognized as an external device.

  The detection unit 14 detects the external device based on, for example, exchange of communication packets with the external device, a signal generated by the external device, or the like. Specifically, the detection unit 14 detects radio waves such as WiFi and Bluetooth used by the external device. The detection unit 14 may detect the type of connection with the external device when communication with the external device is established. For example, the detection unit 14 detects whether it is connected to an external device by wire or wireless communication. Moreover, the detection part 14 may detect the communication system etc. which are used by radio | wireless communication. The detection unit 14 may detect the external device based on information acquired by a radio wave sensor that detects a radio wave emitted by the external device, an electromagnetic wave sensor that detects an electromagnetic wave, or the like.

  In addition, the detection unit 14 detects an environment in the user terminal 10. The detection unit 14 uses various sensors and functions provided in the user terminal 10 to detect information about the environment. For example, the detection unit 14 is a microphone that collects sound around the user terminal 10, an illuminance sensor that detects illuminance around the user terminal 10, and an acceleration sensor that detects physical movement of the user terminal 10 (or A gyro sensor), a humidity sensor that detects the humidity around the user terminal 10, a geomagnetic sensor that detects a magnetic field at the location of the user terminal 10, and the like. And the detection part 14 detects various information using various sensors. For example, the detection unit 14 detects a noise level around the user terminal 10 and whether the surroundings of the user terminal 10 have illuminance suitable for imaging the user's iris. Further, the detection unit 14 may detect surrounding environment information based on a photograph or video taken by the camera.

  Further, the user terminal 10 may acquire context information indicating the context of the user terminal 10 based on the information detected by the detection unit 14. As described above, the user terminal 10 has various sensors such as position, acceleration, temperature, gravity, rotation (angular velocity), illuminance, geomagnetism, pressure, proximity, humidity, and rotation vector by various built-in sensors (detection unit 14). Is obtained as context information. In addition, the user terminal 10 may acquire, as context information, a connection status (for example, information regarding establishment of communication or a communication standard used) with various devices by using a built-in communication function. .

(About the storage unit 15)
The storage unit 15 stores various information. The storage unit 15 is realized by, for example, a semiconductor memory device such as a RAM or a flash memory, or a storage device such as a hard disk or an optical disk.

  For example, the storage unit 15 stores the position information detected by the detection unit 14 in association with the detected date and time. In addition, the storage unit 15 may store a use history related to the first service or the second service, a user action history in the first service or the second service, and the like.

(About the control unit 16)
The control unit 16 is a controller, and is realized, for example, by executing various programs stored in a storage device inside the user terminal 10 using the RAM as a work area by a CPU, an MPU, or the like. The control unit 16 is a controller, and is realized by an integrated circuit such as an ASIC or FPGA, for example.

  As illustrated in FIG. 8, the control unit 16 includes an acquisition unit 161, a reception unit 162, and a transmission unit 163, and implements or executes information processing functions and operations described below. Note that the internal configuration of the control unit 16 is not limited to the configuration illustrated in FIG. 8, and may be another configuration as long as the information processing described below is performed.

(About the acquisition unit 161)
The acquisition unit 161 acquires various types of information. For example, the acquisition unit 161 acquires various types of information detected by the detection unit 14.

(Receiver 162)
The receiving unit 162 receives various information. For example, the receiving unit 162 receives from the recovery device 100 a notification that an account recovery request has been received. In addition, the receiving unit 162 receives a notification that the second information is to be transmitted to the recovery device 100. The receiving unit 162 receives the result of recovery by the recovery device 100.

  The transmission unit 163 transmits various information. For example, the transmission unit 163 transmits an account recovery request for the first service to the recovery device 100 in accordance with a user operation. The transmission unit 163 transmits information (such as a user ID) for specifying an account to be recovered to the recovery device 100. In addition, when account recovery is performed, the transmission unit 163 transmits authentication information (such as a password) newly set for the recovered account to the recovery apparatus 100.

[5. Configuration of second service providing server]
Next, the configuration of the second service providing server 200 according to the embodiment will be described with reference to FIG. FIG. 9 is a diagram illustrating a configuration example of the second service providing server 200 according to the embodiment. As illustrated in FIG. 9, the second service providing server 200 includes a communication unit 210, a storage unit 220, and a control unit 230. In the following description, the description of the configuration common to the second service providing server 200 and the recovery device 100 is omitted.

(About the second service information storage unit 221)
The second service information storage unit 221 stores information related to the second service. Here, FIG. 10 illustrates an example of the second service information storage unit 221 according to the embodiment. FIG. 10 is a diagram illustrating an example of the second service information storage unit 221 according to the embodiment. In the example illustrated in FIG. 10, the second service information storage unit 221 includes items such as “second service account ID”, “registered device ID”, “registered user”, and “second service action history”. The items of the second service action history have small items such as “second information log ID”, “action date and time”, and “position information”.

  The “second service account ID” indicates identification information for identifying an account in the second service. “Registered device ID” indicates identification information for identifying a device registered as a device used for the second service. “Registered user” indicates a user who holds an account. The “second service action history” indicates an action history in the second service. In the embodiment, the second service providing server 200 provides the second service that accumulates the user's location information and analyzes the user's daily action amount in conjunction with the wearable device 30. Shall.

  That is, in the example of FIG. 10, the wearable device 30 that is the device identified by the registered device ID “30” is registered in the account F01 identified by the second service account ID “F01”, and the registered user is “U01” is indicated. The second information (action history) identified by the second information log ID “C01” is “March 1, 12:00” and the position information of the wearable device 30 at that time is “H011”. It shows that there is.

(About the control unit 230)
The control unit 230 is, for example, a controller, and is realized by executing various programs stored in the storage device inside the second service providing server 200 using the RAM as a work area by a CPU, MPU, or the like. The control unit 230 is a controller, and is realized by an integrated circuit such as an ASIC or FPGA, for example.

  As illustrated in FIG. 9, the control unit 230 includes a reception unit 231, an acquisition unit 232, and a transmission unit 233, and implements or executes information processing functions and operations described below. The internal configuration of the control unit 230 is not limited to the configuration illustrated in FIG. 9, and may be another configuration as long as the information processing described below is performed. Further, the connection relationship between the processing units included in the control unit 230 is not limited to the connection relationship illustrated in FIG. 9, and may be another connection relationship.

(Receiver 231)
The receiving unit 231 receives various information. For example, the receiving unit 231 receives a request regarding the use of the second service from the wearable device 30 that is an example of the user terminal 10 and that is an example of the second terminal. Specifically, the receiving unit 231 receives a request for creating an account related to the second service and a request for logging in to the account. For example, the receiving unit 231 accepts an account login request based on a device ID transmitted from the wearable device 30.

  In addition, the receiving unit 231 receives a request for permission to access the second service information storage unit 221. For example, the receiving unit 231 receives a request for issuing an access token for accessing information related to the second service, which is a request transmitted from the user.

(About the acquisition unit 232)
The acquisition unit 232 acquires various types of information. For example, the acquisition unit 232 acquires the second information from the user terminal 10 that uses the second service. Specifically, the acquisition unit 232 periodically acquires position information detected by the wearable device 30 or the like as the second information. Moreover, the acquisition part 232 acquires suitably the action log | history of the user who utilizes a 2nd service as 2nd information.

(About the transmission unit 233)
The transmission unit 233 transmits various information. For example, when the transmission unit 233 receives a request for issuing an access token from a user, the transmission unit 233 transmits an access token corresponding to the request. For example, the access token is a temporarily valid token that makes it possible to access the second information corresponding to the user who transmitted the request among the second information stored in the second service information storage unit 221. . The recovery apparatus 100 that has acquired the access token accesses the second service providing server 200 and acquires second information to be used for the verification process.

  Note that the method for the recovery apparatus 100 to acquire the second information is not limited to the process using the access token as described above. For example, the recovery device 100 may transmit a use request regarding the second information to the second service providing server 200. In addition, the transmission unit 233 may transmit the second information to the recovery device 100 in response to the request.

[6. Processing procedure)
Next, a recovery process procedure according to the embodiment will be described with reference to FIGS. 11 and 12. First, the procedure of processing related to the recovery device 100 will be described with reference to FIG. FIG. 11 is a flowchart illustrating a processing procedure of the recovery apparatus 100 according to the embodiment.

  As shown in FIG. 11, the recovery apparatus 100 determines whether an account recovery request has been received from the first terminal (step S101). If no recovery request has been received (step S101; No), the recovery apparatus 100 waits until a recovery request is received.

  On the other hand, when a recovery request is received (step S101; Yes), the recovery apparatus 100 acquires information for identifying an account to be recovered (for example, a user ID corresponding to the account) (step S102).

  Subsequently, the recovery device 100 acquires the first information for the account to be recovered (step S103). The recovery device 100 specifies the type of information (for example, position information) used for verification based on the acquired first information (step S104).

  Thereafter, the recovery device 100 transmits an identity confirmation request to the first terminal (step S105). The identity verification request includes information regarding the type of the specified second information and a notification that the second information is requested to be transmitted to the recovery device 100 side. That is, the first terminal specifies the second information to be transmitted to the recovery device 100 by receiving the request.

  Then, the recovery apparatus 100 determines whether or not second information that can be used for verification has been acquired (step S106). When the 2nd information which can be used for verification is not acquired (Step S106; No), recovery device 100 waits until it acquires the 2nd information.

  On the other hand, when the second information that can be used for verification is acquired (step S106; Yes), the recovery device 100 collates the first information and the second information according to the definition information (step S107).

  The recovery apparatus 100 determines whether or not the user's identity has been verified based on the result of the collation (step S108). When the identity of the user is verified (step S108; Yes), the recovery apparatus 100 performs account recovery (step S109). On the other hand, when the identity of the user is not verified (step S108; No), the recovery device 100 does not perform account recovery (step S110). Then, the recovery apparatus 100 transmits the result of step S109 or step S110 to the user (step S111).

  Next, with reference to FIG. 12, a processing procedure regarding the first terminal among the user terminals 10 will be described. FIG. 12 is a flowchart illustrating a processing procedure of the first terminal according to the embodiment.

  As shown in FIG. 12, the first terminal requests the recovery apparatus 100 to recover the account in the first service (step S201). Furthermore, when the recovery apparatus 100 is requested to transmit information (such as a user ID) for specifying an account, the first terminal transmits information for specifying the account to the recovery apparatus 100 (step S202). ).

  Thereafter, the first terminal receives the identity confirmation request transmitted from the recovery device 100 (step S203). The identity verification request includes information regarding the type of second information that the first terminal should transmit to the recovery device 100. The first terminal accesses the second terminal to acquire the second information to be transmitted to the recovery device 100 (step S204).

  The first terminal determines whether the second information has been acquired (step S205). When the second information has not been acquired (step S205; No), the first terminal stands by until the second information is acquired.

  On the other hand, when the second information is acquired (step S205; Yes), the first terminal transmits the second information to the recovery device 100 (step S206). If the first terminal acquires an access token or the like for enabling the recovery device 100 to access the second information instead of the second information, the first terminal stores the acquired access token or the like in the recovery device 100. You may send it. Thereafter, the first terminal receives the result of the account recovery (step S207).

[7. (Modification)
The recovery processing by the recovery device 100 described above may be implemented in various different forms other than the above embodiment. Therefore, in the following, other embodiments relating to the recovery device 100 and recovery processing will be described.

[7-1. Acquisition of second information]
In the said embodiment, the 1st terminal showed the example which acquires 2nd information via the 2nd terminal and the 2nd service provision server 200. Here, the second information may be acquired from the first terminal.

  A case where the first terminal is the smartphone 20 will be described. The smartphone 20 uses an application for using the first service (hereinafter referred to as “first application”) and an application for using the second service (hereinafter referred to as “second application”). ) And installed. It is assumed that the user uses the first service using the first application and uses the second service using the second application. Note that the second application is an application having a function of periodically acquiring position information of the smartphone 20 and realizes a function equivalent to the wearable device 30 illustrated in FIGS. 1 and 2.

  Here, in the recovery request, it is assumed that the recovery device 100 transmits an identification confirmation request to the smartphone 20 and requests transmission of the second information. At this time, the smartphone 20 is information held in the smartphone 20 by the function of the second application, and acquires the action history in the second service as the second information. Then, the smartphone 20 transmits the second information acquired by the second application to the recovery device 100.

  In other words, the recovery device 100 is information acquired by the smartphone 20 used in the use of the first service as the second information, and is a second application different from the first application used in the use of the first service. The information regarding the user's behavior history acquired by is acquired.

  As described above, the recovery apparatus 100 does not necessarily acquire information acquired by a device different from the first terminal as the second information, and the first terminal is used by the first service. When a function for acquiring information different from information is provided (in this example, the second application), the second information may be acquired from the first terminal.

  In addition, the aspect in which the above application is used is not limited to the aspect in which the application is installed in the smartphone 20 or the wearable device 30 itself. For example, the user may use a program that realizes the same processing as an application that is installed and operated on the smartphone 20 and that is used via a network. Specifically, the user may connect to a network using the smartphone 20 or the like, and may operate an emulator program placed on a predetermined server via the network. That is, the application according to the embodiment is not necessarily limited to the mode existing on the user terminal 10, and the same processing as the application existing on the user terminal 10 such as an emulator program placed on a predetermined server on the network is performed. Any program that can be realized may be realized in any manner.

[7-2. (Verification process)
The recovery apparatus 100 may perform a process of calculating a score indicating the identity of the user based on the match or similarity between the first information and the second information. For example, the recovery device 100 calculates a score according to the number of matching position information in the first information and the second information. Then, the recovery device 100 may determine that the user's identity has been verified when the calculated score exceeds a predetermined threshold. In this case, the recovery apparatus 100 performs a flexible process such as collation based on various kinds of information, not limited to the position information, and verifying the user's identity when the total score exceeds a predetermined threshold. May be performed.

[7-3. (Cooperation between devices)
In the above embodiment, an example in which the second terminal is the wearable device 30 has been described. However, there may be a plurality of second terminals. That is, when the user is using the second service using a terminal other than the wearable device 30, the user's action history (location information, physical information of the user, 2), the processing according to the above embodiment may be executed by regarding the other terminal as the second terminal.

  Moreover, 2nd information is not restricted to the information acquired from one 2nd terminal, The information totaled from several 2nd terminal may be sufficient. The first terminal may transmit information acquired from the plurality of second terminals to the recovery device 100 as second information. Thereby, since the user can acquire the second information by more means, the information used for verification can be easily acquired. As a result, the recovery apparatus 100 can perform highly convenient recovery for the user.

[7-4. Specific processing)
The recovery device 100 does not have to specify the type and the amount of information for the second information acquired from the first terminal. For example, the recovery device 100 may acquire all the second information accumulated by the second terminal. Or the recovery apparatus 100 may acquire some 2nd information at random among the 2nd information accumulate | stored by the 2nd terminal. Then, the recovery apparatus 100 may extract information that can be collated with the first information from the acquired second information, and perform the verification process.

[7-5. Acquisition process)
The recovery apparatus 100 may perform the acquisition process at a predetermined timing instead of always continuing the acquisition process in the process of acquiring or holding the first information or the like shown in FIG. For example, the recovery device 100 may acquire the first information as a predetermined timing when a predetermined application is activated on the smartphone 20. Further, when a change in context that exceeds a predetermined threshold is observed, the recovery apparatus 100 may hold the changed information as a log. Further, the recovery apparatus 100 logs the position information only when specific position information is observed (such as the position of the user U01's home or company, or a predetermined spot set in advance). You may make it hold | maintain. The recovery apparatus 100 may acquire position information at such timing when an application having a predetermined check-in function is activated on the smartphone 20 and check-in from the user is confirmed. Note that the check-in in this case indicates an action in which, for example, in SNS, an online game, or the like, the user himself makes a proposal to another user, or encourages the user to participate in the proposal. Note that the recovery apparatus 100 may handle a service related to check-in as the second service, and perform the recovery process according to the embodiment using the second information provided from the service.

  As described above, the recovery apparatus 100 can appropriately select the timing for acquiring various types of information and the information to be held. Thereby, the recovery apparatus 100 can reduce the processing load according to the embodiment, the burden on the storage device for holding the information, or the cost of the power amount and the communication amount related to the processing. .

[7-6. Treatment variations)
In each process of the above embodiment, various variations may exist in each process performed by the recovery apparatus 100.

  For example, it is assumed that the first service is a shopping service and the second service is a settlement service by a financial institution. At this time, the recovery device 100 acquires the purchase history of the user as the first information, and acquires the settlement history corresponding to the purchase history of the first information as the second information.

  For example, when the same amount as the purchase amount of the first service has been settled in the second service at the same date and time as the purchase history in the first service, the recovery device 100 has information on both of them. The identity of the user may be verified as information indicating common user behavior.

  Alternatively, the first service is a communication service that provides a communication network, and the second service is a settlement service by a financial institution. Then, the recovery device 100 acquires the usage amount of the user's smartphone 20 as the first information, and acquires the settlement history of the usage amount of the smartphone 20 as the second information.

  For example, when the usage amount of the smartphone 20 in the first service and the payment amount in the second service are the same, the recovery device 100 is assumed that both pieces of information are information indicating a common user action. The identity of the user may be verified.

  The position information in the above embodiment may be replaced with various environment information acquired by the user terminal 10. For example, the recovery device 100 may use temperature information, humidity information, illuminance information, communication environment information, and the like when the user performs a certain action.

[7-7. Third service]
The recovery apparatus 100 may execute the recovery process using information other than the first service for performing account recovery. For example, the recovery device 100 may execute the recovery process based on the user's behavior history in the second service and a third service that is a service other than the first and second services.

  For example, it is assumed that the user has linked user IDs in advance between the first service, the second service, and the third service. In this case, when using the second service or the third service, the user can use the user ID in the first service.

  It is assumed that the user requests account recovery in the first service. In this case, for example, the recovery device 100 may verify the identity of the user based on the coincidence or similarity between the action history in the second service and the action history in the third service.

  For example, it is assumed that the second service is a location information service and the third service is an SNS. For example, in the location information service, the location information of the user is periodically acquired. In addition, in the SNS service, when a user makes a post, the location information of the user is acquired. Then, when the location information in the second service matches the location information in the third service, the recovery apparatus 100 determines that the users who use both services are highly likely to be the same user. To do. In other words, the recovery apparatus 100 is a service that is linked to the first service without using the first information in the first service, and has a common user action that has action histories among a plurality of services. May be determined as verifying the identity of the user.

  That is, the recovery apparatus 100 may verify the identity of the user by determining the commonality of the action history in other services without necessarily using the action history corresponding to the account to be recovered. Thus, the recovery apparatus 100 can execute a flexible recovery process.

[7-8. (User terminal)
In the above embodiment, the configuration example of the user terminal 10 is shown using FIG. 8, but the user terminal 10 does not necessarily have all the configurations shown in FIG. 8. As described above, the user terminal 10 includes various devices such as a smart device such as the smartphone 20 and the wearable device 30, a glasses-type terminal having a communication function, and a heart rate measuring device that stores a user's heart rate. Includes wearable devices. In this case, the user terminal 10 does not necessarily receive an input from the user, but may have a function of automatically acquiring user information and transmitting the information to a communication network. That is, the user terminal 10 does not necessarily have the configuration shown in FIG. 8 as long as it is a device having a predetermined communication function that realizes so-called IoT (Internet of Things).

[8. Hardware configuration)
The recovery device 100, the user terminal 10, and the second service providing server 200 according to the embodiment described above are realized by a computer 1000 having a configuration as shown in FIG. 13, for example. Hereinafter, the recovery apparatus 100 will be described as an example. FIG. 13 is a hardware configuration diagram illustrating an example of a computer 1000 that implements the functions of the recovery device 100. The computer 1000 includes a CPU 1100, RAM 1200, ROM 1300, HDD 1400, communication interface (I / F) 1500, input / output interface (I / F) 1600, and media interface (I / F) 1700.

  The CPU 1100 operates based on a program stored in the ROM 1300 or the HDD 1400 and controls each unit. The ROM 1300 stores a boot program executed by the CPU 1100 when the computer 1000 is started up, a program depending on the hardware of the computer 1000, and the like.

  The HDD 1400 stores a program executed by the CPU 1100, data used by the program, and the like. The communication interface 1500 receives data from other devices via the communication network 500 (corresponding to the network N shown in FIG. 3), sends the data to the CPU 1100, and transmits the data generated by the CPU 1100 to the other devices via the communication network 500. Send to device.

  The CPU 1100 controls an output device such as a display and a printer and an input device such as a keyboard and a mouse via the input / output interface 1600. The CPU 1100 acquires data from the input device via the input / output interface 1600. Further, the CPU 1100 outputs the data generated via the input / output interface 1600 to the output device.

  The media interface 1700 reads a program or data stored in the recording medium 1800 and provides it to the CPU 1100 via the RAM 1200. The CPU 1100 loads such a program from the recording medium 1800 onto the RAM 1200 via the media interface 1700, and executes the loaded program. The recording medium 1800 is, for example, an optical recording medium such as a DVD (Digital Versatile Disc) or PD (Phase change rewritable disk), a magneto-optical recording medium such as an MO (Magneto-Optical disk), a tape medium, a magnetic recording medium, or a semiconductor memory. Etc.

  For example, when the computer 1000 functions as the recovery device 100 according to the embodiment, the CPU 1100 of the computer 1000 implements the function of the control unit 130 by executing a program (recovery program) loaded on the RAM 1200. The HDD 1400 stores data in the storage unit 120. The CPU 1100 of the computer 1000 reads these programs from the recording medium 1800 and executes them, but as another example, these programs may be acquired from other devices via the communication network 500.

[9. Others]
In addition, among the processes described in the above embodiment, all or part of the processes described as being automatically performed can be performed manually, or the processes described as being performed manually can be performed. All or a part can be automatically performed by a known method. In addition, the processing procedures, specific names, and information including various data and parameters shown in the document and drawings can be arbitrarily changed unless otherwise specified. For example, the various types of information illustrated in each drawing is not limited to the illustrated information.

  Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. For example, the specifying unit 133 and the verification unit 135 illustrated in FIG. 4 may be integrated. Further, for example, information stored in the storage unit 120 may be stored in a storage device provided outside via the network N.

  Further, for example, in the above-described embodiment, the recovery device 100 performs an acquisition process for acquiring the first information and the second information, a verification process for verifying the identity of the user, and an execution process for executing account recovery. An example is shown. However, the recovery device 100 described above may be separated into an acquisition device that performs an acquisition process, a verification device that performs a verification process, and an execution device that executes a recovery process. In this case, the processing by the recovery device 100 according to the embodiment is realized by the recovery system 1 including an acquisition device, a verification device, and an execution device.

  In addition, the above-described embodiments and modifications can be combined as appropriate within a range that does not contradict processing contents.

[10. effect〕
As described above, the recovery device 100 according to the embodiment includes the first acquisition unit 132, the second acquisition unit 134, the verification unit 135, and the execution unit 136. The 1st acquisition part 132 acquires the 1st information which is information about a user's action history in the 1st service. The second acquisition unit 134 acquires second information that is information other than the first information and is information related to the user's behavior history. The verification unit 135 verifies the identity of the user based on the comparison between the first information and the second information. When the identity of the user is verified by the verification unit 135, the execution unit 136 performs recovery of the account that the user has in the first service.

  As described above, the recovery apparatus 100 according to the embodiment verifies the identity of the user by comparing the first information held in the first service with the second information that is information other than the first information. As a result, the recovery device 100 can obtain information that only the user knows the action history in the first service and information that only the user can answer, that is, the action history other than the first service, without requiring prior registration. Can be verified. As a result, the recovery apparatus 100 can perform the recovery process without prior registration of a secret question or the like, and thus can provide a recovery process that is highly convenient for the user.

  Moreover, the 2nd acquisition part 134 acquires the information regarding a user's action history in the 2nd service which is a service provided from providers other than the provider of a 1st service as 2nd information.

  Thus, the recovery apparatus 100 according to the embodiment verifies the user's identity by comparing the user's behavior history acquired from the second service with the behavior history in the first service. As a result, the recovery apparatus 100 can perform verification using information that is difficult for the user U01 to falsify, so that impersonation by an unauthorized user can be prevented with high accuracy and more secure recovery processing can be performed. It can be carried out.

  In addition, the second acquisition unit 134 acquires, as the second information, a user action history acquired by a terminal other than the terminal device used in the use of the first service (corresponding to the second terminal in the embodiment). Get information about.

  As described above, the recovery device 100 according to the embodiment can execute the recovery process by using the information stored in the second terminal that is assumed to be used by the user on a daily basis. That is, the recovery device 100 can execute the recovery process without requiring the user to prepare the second information or register the second terminal in advance. Thereby, the recovery apparatus 100 can improve the usability in the recovery process.

  The second acquisition unit 134 is information acquired by the terminal device used in the use of the first service as the second information, and is an application program different from the application program used in the use of the first service. The information regarding the user's behavior history acquired by is acquired.

  As described above, the recovery device 100 according to the embodiment may perform processing by regarding the information as the second information as long as the information is acquired by different application programs even in the same terminal. Thereby, the recovery apparatus 100 can perform the recovery process without any trouble even for a user who does not have a plurality of terminals.

  Further, the verification unit 135 extracts information of a type common to the first information and the second information, and verifies the user's identity based on the degree of coincidence or similarity between the extracted information.

  As described above, the recovery apparatus 100 according to the embodiment performs user verification using information of a common type. As a result, the recovery apparatus 100 can accurately determine whether or not the collated information indicates a common action history for the same user, so that the verification accuracy can be improved.

  Further, the verification unit 135 extracts position information included in the first information and the second information, and based on the degree of coincidence or similarity between the position information in a predetermined number or a predetermined time length, Validate.

  Thus, the recovery device 100 according to the embodiment verifies the user's identity based on the position information. When the location information acquired at the same date and time between different services and terminals indicates a common location, it is assumed that users who have both information are highly likely to be the same user. For this reason, the recovery apparatus 100 can verify the user's identity with high accuracy by using the position information.

  In addition, the verification unit 135 extracts different types of information from the first information and the second information, and based on whether the extracted different types of information indicate a predetermined action common to the user. Verify the identity of

  As described above, the recovery device 100 according to the embodiment may perform verification using different types of information. For example, the recovery apparatus 100 can perform verification using position information and delivery destination information. That is, the recovery apparatus 100 can realize flexible recovery processing by using various information for processing.

  Further, the verification unit 135 includes at least one of position information, settlement information, content browsing information, search information, reservation information, SNS posting information, communication connection information, and user attribute information as types of the first information and the second information. Using one of these, the identity of the user is verified.

  Thus, the recovery apparatus 100 according to the embodiment may perform verification using various types of information. Thereby, the recovery apparatus 100 can implement a flexible recovery process that is not limited to specific information.

  Also, the verification unit 135 verifies the user's identity based on collation in at least two or more sets, with the first information and the second information indicating the common action history for a predetermined time as one set.

  As described above, the recovery apparatus 100 according to the embodiment may verify the user's identity on the condition that a plurality of pieces of information match. In general, it can be said that the accuracy of the verification process increases as the number of pieces of information to be collated increases. That is, the recovery apparatus 100 can improve the accuracy of the verification process by performing the verification process using a large amount of information like multi-factor authentication.

  The verification unit 135 verifies the identity of the user based on the comparison between the first information and the second information of the type selected by the user.

  Thus, the recovery device 100 according to the embodiment may leave the information used for verification to the user's selection. Thereby, the recovery apparatus 100 can perform the recovery process according to the user's situation.

  As described above, some of the embodiments of the present application have been described in detail with reference to the drawings. However, these are merely examples, and various modifications, including the aspects described in the disclosure section of the invention, based on the knowledge of those skilled in the art, It is possible to implement the present invention in other forms with improvements.

  In addition, the “section (module, unit)” described above can be read as “means” or “circuit”. For example, the receiving unit can be read as receiving means or a receiving circuit.

DESCRIPTION OF SYMBOLS 1 Recovery system 10 User terminal 20 Smartphone 30 Wearable device 100 Recovery apparatus 110 Communication part 120 Storage part 121 1st service information storage part 122 Verification information storage part 123 Definition information storage part 130 Control part 131 Reception part 132 1st acquisition part 133 specification Unit 134 second acquisition unit 135 verification unit 136 execution unit 137 transmission unit

Claims (13)

A first acquisition unit that acquires first information that is information related to a user's behavior history in the first service;
Second information that is information other than the first information and that is information related to the user's action history acquired by another terminal owned by the user other than the terminal device used in the use of the first service is acquired. A second acquisition unit to perform,
A verification unit that verifies the identity of the user based on the comparison between the first information and the second information;
When the verification unit verifies the identity of the user, an execution unit that performs recovery of the account that the user had in the first service;
A recovery device comprising: A first acquisition unit that acquires first information that is information related to a user's behavior history in the first service;
Second acquisition for acquiring second information which is information other than the first information and which is information related to the user's behavior history acquired by an application program different from the application program used in the use of the first service. And
A verification unit that verifies the identity of the user based on the comparison between the first information and the second information;
When the verification unit verifies the identity of the user, an execution unit that performs recovery of the account that the user had in the first service;
A recovery device comprising: The second acquisition unit includes
As the second information, obtaining information related to the user's behavior history in a second service that is a service provided from a provider other than the provider of the first service;
The recovery device according to claim 1, wherein The verification unit
Extracting information of a type common to the first information and the second information, and verifying the identity of the user based on the degree of coincidence or similarity between the extracted information;
The recovery device according to any one of claims 1 to 3 , wherein The verification unit
Extracting the position information included in the first information and the second information, and verifying the identity of the user based on the degree of coincidence or similarity between the position information in a predetermined number or a predetermined time length;
The recovery device according to claim 4 . The verification unit
Different types of information are extracted from the first information and the second information, and the identity of the user is determined based on whether the extracted different types of information indicate a predetermined behavior common to the user. Verify
The recovery device according to any one of claims 1 to 3 , wherein The verification unit
The types of the first information and the second information include at least position information, payment information, content browsing information, search information, reservation information, SNS (Social Networking service) posting information, communication connection information, and user attribute information. Using any one to verify the identity of the user;
The recovery device according to any one of claims 4 to 6 , wherein The verification unit
Verifying the identity of the user based on collation in at least two or more sets, with the first information and the second information indicating a common action history of a predetermined time as one set,
The recovery device according to any one of claims 1 to 7 , wherein The verification unit
Verifying the identity of the user based on the comparison between the first information and the second information of the type selected by the user;
The recovery device according to any one of claims 1 to 8 , wherein A recovery method performed by a computer,
A first acquisition step of acquiring first information which is information relating to a user's behavior history in the first service;
Second information that is information other than the first information and that is information related to the user's action history acquired by another terminal owned by the user other than the terminal device used in the use of the first service is acquired. A second acquisition step,
A verification step of verifying the identity of the user based on a comparison between the first information and the second information;
An execution step of performing recovery of an account that the user has in the first service when the identity of the user is verified by the verification step;
The recovery method characterized by including. A first acquisition procedure for acquiring first information that is information relating to a user's behavior history in the first service;
Second information that is information other than the first information and that is information related to the user's action history acquired by another terminal owned by the user other than the terminal device used in the use of the first service is acquired. A second acquisition procedure,
A verification procedure for verifying the identity of the user based on the comparison between the first information and the second information;
An execution procedure for performing recovery of an account held by the user in the first service when the identity of the user is verified by the verification procedure;
Recovery program characterized by causing a computer to execute A recovery method performed by a computer,
A first acquisition step of acquiring first information which is information relating to a user's behavior history in the first service;
Second acquisition for acquiring second information which is information other than the first information and which is information related to the user's behavior history acquired by an application program different from the application program used in the use of the first service. Process,
A verification step of verifying the identity of the user based on a comparison between the first information and the second information;
An execution step of performing recovery of an account that the user has in the first service when the identity of the user is verified by the verification step;
The recovery method characterized by including. A first acquisition procedure for acquiring first information that is information relating to a user's behavior history in the first service;
Second acquisition for acquiring second information which is information other than the first information and which is information related to the user's behavior history acquired by an application program different from the application program used in the use of the first service. Procedure and
A verification procedure for verifying the identity of the user based on the comparison between the first information and the second information;
An execution procedure for performing recovery of an account held by the user in the first service when the identity of the user is verified by the verification procedure;
Recovery program characterized by causing a computer to execute

Images