JP6871296B2 - Mediation server, program, and information processing method - Google Patents

Description

The present invention relates to an intermediary server, a program, and an information processing method.

In recent years, in SaaS and the like, there is a system using a multi-tenant system in which one system environment is used by services of a plurality of companies. In a system using such a multi-tenant system, for example, a so-called platformer that provides a platform for services of these multiple companies serves as a contact point for customers, and services of these multiple companies are provided. Patent Document 1 below discloses a service providing program that constructs a platform in the cloud and provides a service that uses the constructed platform.

Japanese Unexamined Patent Publication No. 2018-142136

However, each company wants to provide a plurality of services including the services of other companies by itself as a contact point for customers, not as a platformer. On the other hand, there is a problem that it is not easy for oneself to construct and operate a platform for a plurality of services as described above.

Therefore, in order to solve the above problems, the present invention is for each company to serve as a contact point for customers and provide services of other companies without constructing a platform for a plurality of services as described above. An object of the present invention is to provide an intermediary server, a program, and an information processing method for intermediation.

The intermediary server according to one aspect of the present invention is an intermediary server capable of communicating with an external first server that provides a first function to a user and an external second server that provides a second function to a user. The information reception unit that accepts consent information including the availability of user information about the user for the two functions and the availability of the second function of the user from the first server, and the provision of user information for the second function based on the consent information. When possible, an information providing unit that acquires user information from the first server and provides user information to the second function, a request receiving unit that receives a user's second function usage request from the first server, and a request receiving unit. When the department receives the usage request, if the second function can be used based on the consent information, the instruction unit that instructs the second server to process the second function corresponding to the usage request. It includes a result providing unit that acquires the processing result of the second function from the second server and provides the processing result to the first server.

The program according to one aspect of the present invention causes the computer to function as an intermediary server capable of communicating with an external first server that provides the user with the first function and an external second server that provides the user with the second function. A second program based on the information reception function that accepts consent information from the first server, including whether or not user information about the user can be provided to the second function and whether or not the second function can be used, to the computer, and the consent information. When it is possible to provide user information for a function, the information providing function that acquires user information from the first server and provides the user information to the second server, and the user's request for use of the second function are received from the first server. When the request reception function and the request reception function receive the usage request, if the second function can be used based on the consent information, the processing of the second function corresponding to the usage request to the second server The instruction function for instructing the above and the result providing function for acquiring the processing result of the second function from the second server and providing the processing result to the first server are realized.

The information processing method according to one aspect of the present invention is information processing executed by a computer capable of communicating with an external first server that provides a first function to a user and an external second server that provides a second function to a user. In the method, the computer receives consent information from the first server including whether or not user information about the user can be provided for the second function and whether or not the second function can be used, and the second function is based on the consent information. When the user information can be provided, the step of acquiring the user information from the first server and providing the user information to the second server, the step of accepting the user's request for using the second function from the first server, and the use of the user information. When the request is received, if the second function can be used based on the consent information, the step of instructing the second server to process the second function corresponding to the usage request, and the step from the second server. It includes a step of acquiring the processing result of the second function and providing the processing result to the first server.

According to the above aspect, the intermediary server can acquire and provide the user information from the first server to the second function of the second server different from the first server based on the consent information of the user. it can. When the intermediary server receives a request from the first server to use the second function of the second server, the intermediary server instructs the second function to process based on the consent information, and outputs the processing result to the first server. Can be provided to.

According to the present invention, an intermediary server or program in which each company acts as a contact point for customers and acts as an intermediary to provide services of other companies without constructing a platform for a plurality of services as described above. , And an information processing method can be provided.

It is a figure for demonstrating the system configuration example of the intermediary system which concerns on 1st Embodiment. It is a figure for demonstrating an example of the outline of the intermediary system which concerns on 1st Embodiment. It is a figure for demonstrating an example of the outline of the intermediary system which concerns on 1st Embodiment. It is a figure which shows an example of the functional structure of the intermediary server which concerns on 1st Embodiment. It is a figure which shows an example of the data structure in the intermediary system which concerns on 1st Embodiment. It is a figure which shows the operation example of the intermediary server which concerns on 1st Embodiment. It is a figure which shows an example of the hardware configuration of the intermediary server which concerns on 1st Embodiment. It is a figure for demonstrating an example of the outline of the intermediary system which concerns on 2nd Embodiment. It is a figure for demonstrating an example of the outline of the intermediary system which concerns on 2nd Embodiment. It is a figure which shows an example of the functional structure of the intermediary server which concerns on 2nd Embodiment.

Preferred embodiments of the present invention will be described with reference to the accompanying drawings. In each figure, those having the same reference numerals have the same or similar configurations.

[First Embodiment]
The first embodiment of the present invention will be described. In the present embodiment, the first company uses the intermediary system 1 according to the present embodiment to serve as a contact point for users (customers) with its own service (hereinafter referred to as "first service") and the first company. Explains an example in which services of different second companies (hereinafter referred to as "second services") are collectively provided to a user.

In this example, the intermediary server 100 in the intermediary system 1 mediates between the first server 300a of the first company and the second server 300b of the second company. Through the intermediary, the first server 300a combines the first function of the first service with the second function of the second service, and the first service and the second service are collectively provided to the user. be able to.

In this example, for the sake of simplicity, an example in which the services of other companies collectively provided by the first company are the second services of the second company will be described, but the purpose is not limited to this. The mediation system 1 can mediate not only the second server 300b but also the servers of a plurality of other companies to the first server 300a, for example. Further, as the service serving as a contact point for the user, not only the first service of the first company but also the services of various other companies including the second service of the second company can serve as the contact point for the user.

The mediation system 1 may mediate between so-called platformers that integrate the services of a plurality of companies. The intermediary system 1 may collectively provide services integrated by the first company that is the platformer and the second company that is the platformer to both parties.

The "first function" means a function provided by the first server 300a to the user in order for the user to use the first service. The first function is not limited to the one provided directly to the user, but may include the one provided indirectly. The first function may include various functions depending on the content of the first service. For example, if the first service is a member registration service, the first function may include, for example, a member registration reception function, a member information management function, and the like. The "second function" means a function provided by the second server 300b to the user in order for the user to use the second service. Similar to the first function, the second function may include not only the one directly provided by the user but also the one indirectly provided by the user, and may include various functions depending on the content of the second service.

<1. System configuration>
A system configuration example of the intermediary system 1 according to the present embodiment will be described with reference to FIG.

The intermediary system 1 is a system for providing an intermediary service between services of a plurality of companies. As shown in FIG. 1, the intermediary system 1 includes an intermediary server 100. The intermediary server 100 is communicably connected to the first server 300a of the first company and the second server 300b of the second company via the network N in order to mediate between the services of the plurality of companies. ..

The first server 300a is connected to each other with the first terminal 200a used by the user to use the first function. The second server 300b is connected to and from the second terminal 200b used by the user to use the second function. The first terminal 200a and the second terminal 200b are collectively referred to as "terminal 200" when there is no particular need to distinguish them. Further, the servers of the intermediary company including the first server 300a and the second server 300b are collectively referred to as "company server 300" unless it is necessary to distinguish them. The corporate server 300 is communicably connected to the intermediary server 100.

The network N is composed of a wireless network and a wired network. Examples of networks include mobile phone networks, PHS (Personal Handy-phone System) networks, wireless LAN (Local Area Network), 3G (3rd Generation), LTE (Long Term Evolution), 4G (4th Generation), and WiMAX. There are networks compliant with (registered trademark), infrared communication, WiMAX (registered trademark), wired LAN, telephone line, power line network, IEEE1394, and the like.

The intermediary server 100 is an information processing device capable of communicating with the terminal 200 and the corporate server 300. The intermediary server 100 is a server that manages information related to intermediation (for example, consent information) in cooperation with the corporate server 300 and the like by executing a predetermined program, and controls the intermediary processing of services in each corporate server 300. Realize the function. Although only one intermediary server 100 is shown in FIG. 1 for the sake of simplicity, a plurality of intermediary servers 100 may be provided.

"Consent information" means the user's consent regarding the use of the functions provided by the servers 300 of various companies including the first function of the first server and the second function of the second server and the provision of user information for these functions. Information to represent. The consent information may include, for example, whether or not the user information can be provided and whether or not the second function can be used.

The "user information" is information about a user who uses the first service of the first company and the second service of the second company. The user information includes, for example, first identification information for identifying a user issued by the first server 300a, second identification information for identifying a user issued by the second server 300b, a name, a telephone number, an address, and an email. It may include personal information of the user such as address, personal number, gender, date of birth. In addition, the user information may include biological information regarding the biological characteristics of the user (for example, user's face image data, fingerprint information, eyeball iris information, voiceprint information, etc.). Further, the user information includes information on the use or transaction of the first service of the first company and the second service of the second company (for example, information on the current or past usage status of the service, or transaction history information). Good. The user information may include information about the device used by the user. Information about the device includes, for example, cookies, IP addresses, installed software (eg, operating systems and browser applications), configuration languages, location information, and so on.

The terminal 200 is a terminal device such as a smartphone or a laptop terminal capable of inputting from the user to the functions provided by each of the corporate servers 300, outputting to the user from these functions, and communicating with the corporate server 300. By executing a predetermined program, the terminal 200 connects to the corporate server 300 to send and receive information on the functions of the corporate server 300, displays screens related to the first service and the second service, and these users. Accepts instructions for service functions.

The corporate server 300 is a server for managing user information and providing the user with a function of a corporate service. The corporate server 300 cooperates with the intermediary server 100 to provide the functions of other corporate services.

<2. Overview>
An example of the outline of the intermediary system 1 will be described with reference to FIGS. 2 and 3. In FIGS. 2 and 3, the box surrounded by a thick frame represents each functional unit of the intermediary server 100 shown in FIG. In the example of FIG. 2, the first service serves as a contact point for the user U, and the user U performs the membership registration of the first service and the membership registration of the second service at the same time. Further, in the example of FIG. 3, the user U who has registered as a member of the first service and the second service has the first function provided by the first server 300a and the second server 300b using the first service as a window. An example of using the second function together with the provided second function will be described.

(1) As shown in FIG. 2, at the time of member registration, from the member registration site A1 of the first service and the second service provided by the first server 300a, the user U is the user of the user U for the member registration. Information (hereinafter referred to as "user information (U)") and consent information (hereinafter referred to as "consent information (U)") are input.

(2) When the first server 300a receives the input, the first server 300a transmits the consent information (U) to the intermediary server 100.

(3) The information receiving unit 111 of the intermediary server 100 receives the consent information (U) from the first server 300a.

(4) When the information providing unit 113 can provide the user information (U) for the second function of the second server 300b based on the consent information (U) received from the first server 300a, the first server 300a The user information (U) is acquired from. According to such a configuration, the information providing unit 113 acquires the user information only when the user agrees to provide the user information for the second function of the second server 300b, so that the highly confidential user information can be acquired. It can be suppressed to the minimum necessary.

(5) Even if the information providing unit 113 instructs the second server 300b to refer to the second user information regarding the user managed by the second server 300b, and obtains the result of the reference from the second server 300b. Good. Here, the "second user information" is information about a user managed by the second server 300b. The second user information includes, for example, the second identification information (in this example, an ID assigned to each user), a name, a telephone number, an address, an e-mail address, etc. for identifying a user issued by the second server. It may be included.

(6) The information providing unit 113 provides the user information (U) acquired from the first server 300a to the second function of the second server 300b based on the consent information (U) received from the first server 300a. The intermediary server 100 may transfer the user information from the first server 300a to the second server 300b without holding the user information in its own storage unit 120 or the like in the provision. According to such a configuration, the intermediary server 100 does not need to manage user information, and can omit a mechanism or process related to protection of highly confidential user information.

(7) The user determination unit 116 determines whether or not the user U is a new user on the second server 300b based on the user information (U) and the result of the reference of the above (5) acquired from the second server 300b. You may.

(8) As a result of the determination in (7) above, when the user U is a new user on the second server 300b, the user registration unit 117 issues the second identification information of the user to the second server 300b, and the second identification information is issued to the second server 300b. 2 The user information may be instructed to register the user U.

(9) The second server 300b registers a new user for the user U in the second identification information of the user U and the second user information according to the instruction of the intermediary server 100 in (8) above. The second server 300b may return the result of issuing the second identification information and the result of new user registration to the intermediary server 100 as the result of the above instruction.

(10) As shown in FIG. 3, when the function is used, the user U uses the first function and the second function from the integrated service site A2 of the first service and the second service provided by the first server 300a. To input. The sub-windows a2 and b2 of the integrated service site A2 are sub-windows for displaying the processing results of the first function and the second function.

(11) The first server 300a requests the intermediary server 100 to use the second function of the second server 300b.

(12) The request receiving unit 112 of the intermediary server 100 receives the request for using the second function of the above (11) from the first server 300a.

(13) When the instruction unit 115 receives the usage request of the above (11), if the second function can be used based on the consent information (U), the instruction unit 115 makes a usage request to the second server 300b. Instructs the processing of the second function corresponding to. According to such a configuration, each of the corporate servers 300 including the first server 300a does not have to manage the user's consent information, and the intermediary server 100 collectively manages the consent information of the plurality of corporate servers 300, and a plurality of companies. It is possible to respond to the function usage request between the servers 300.

(14) When the second server 300b receives the instruction of the processing of the second function of the above (13) from the intermediary server 100, the second server 300b executes the processing of the second function and returns the processing result to the intermediary server 100.

(15) The result providing unit 114 of the intermediary server 100 acquires the processing result of the second function of the above (13) from the second server 300b.

(16) The result providing unit 114 provides the first server 300a with the processing result of the second function acquired from the second server 300b in (14) above.

(17) The first server 300a integrates the processing result of the first function into the sub-window a2 of the comprehensive service site A2 and the processing result of the second function provided by the intermediary server 100 into the sub-window b2 of the comprehensive service site A2. indicate.

According to the above configuration, the first server 300a serves as a contact point for the user U without constructing a platform for a plurality of services including the second service, and services of other companies including the second service of the second company. Can be provided.

<3. Functional configuration of intermediary server>
The functional configuration of the intermediary server 100 according to the present embodiment will be described with reference to FIG. As shown in FIG. 4, the intermediary server 100 includes a control unit 110, a storage unit 120, and a communication unit 130.

The control unit 110 includes an information reception unit 111, a request reception unit 112, an information provision unit 113, a result provision unit 114, and an instruction unit 115. Further, the control unit 110 may include, for example, a user determination unit 116 and a user registration unit 117.

The information receiving unit 111 receives the user's consent information from the corporate server 300. The information receiving unit 111 may receive consent information from the first server 300a, including, for example, whether or not the user's user information can be provided for the second function and whether or not the user can use the second function. The information receiving unit 111 may receive various information including consent information from the company server 300 in any mode. For example, a message including consent information may be received from the company server 300 and received, or a predetermined mode may be received. The address destination may be cyclically monitored and the consent information stored in the address destination may be acquired.

The request reception unit 112 receives a request for using a function provided by another company server 300 from the company server 300. The request receiving unit 112 may, for example, receive a request for using the second function provided by the user's second server 300b from the first server 300a. The mode of receiving the function use request from the corporate server 300 in the request receiving unit 112 may be any mode as in the case of various information.

When the information providing unit 113 can provide the user information for the function of the specific company server 300 based on the consent information of the user, the information providing unit 113 acquires the user information from the other company server 300 and causes the specific company server 300 to obtain the user information. Provide user information. For example, when the information providing unit 113 can provide the user information of the user to the second function based on the consent information of the user, the information providing unit 113 acquires the user information from the first server 300a and performs the user in the second function. Provide information. The information providing unit 113 may provide various information including user information to the corporate server 300 in any mode, and a message including user information may be transmitted to the corporate server 300, or a predetermined address destination. It may be provided by storing user information in.

For example, when the information providing unit 113 provides the second server 300b with the user information acquired from the first server 300a, the information providing unit 113 instructs the second server 300b to refer to the second user information regarding the target user. May be good. At the time of the instruction, the information providing unit 113 may provide information that serves as a search key that can identify the target user, such as the user's name and telephone number.

The result providing unit 114 acquires the processing result of the function from the company server 300 in which the instruction unit 115, which will be described later, has instructed the processing of the function, and provides the processing result to the company server 300 which is the request source for using the function. For example, the result providing unit 114 may acquire the processing result of the second function from the second server 300b and provide the processing result to the first server 300a which is the usage request source of the second function.

According to the above configuration, the result providing unit 114 responds to the request for use of the function of the other company server 300 from the company server 300 based on the consent information of the user, and the result providing unit 114 is the processing result of the function of the other company server 300. Can be provided. Further, since the result providing unit 114 can provide various functions of the corporate server 300 based on the consent of the user, it is possible to provide a highly available intermediary service while maintaining confidentiality to the user. ..

When the request receiving unit 112 receives a request for using the function of another company server 300 from the company server 300, the instruction unit 115 determines that the function can be used based on the consent information of the user. Instructs the corporate server 300 of the above to process the function corresponding to the above usage request. For example, when the request receiving unit 112 receives the request for using the second function, the instruction unit 115 refers to the second server 300b when the second function can be used based on the consent information of the user. Instruct the processing of the second function corresponding to the above usage request. The instruction unit 115 may instruct any other server to process the function. For example, a message indicating the instruction may be transmitted to give an instruction, or the instruction destination server may instruct. You may instruct using the API to be implemented.

The usage request of the second function may include the first identification information, and the instruction unit 115 corresponds to the first identification information included in the usage request, for example, when the request reception unit 112 receives the usage request. The second identification information may be used to instruct the second server 300b to process the second function corresponding to the usage request.

According to the above configuration, the instruction unit 115 can instruct the second server 300b to process the second function so that the second server 300b can easily identify which user the instruction is related to.

The user determination unit 116 determines whether or not the user to be referred is a new user on the second server 300b based on the result of the reference of the second user information by the information providing unit 113. The user determination unit 116 acquires, for example, whether or not the second user information of the corresponding user exists from the second server 300b as a result of the reference based on the information provided by the information providing unit 113 as the search key. May be determined.

As a result of the above determination by the user determination unit 116, the user registration unit 117 issues the second identification information of the user to the second server 300b and the second user information when the user is a new user on the second server 300b. Is instructed to register the user. The user registration unit 117 may store the issued second identification information in the storage unit 120 in association with the first identification information of the corresponding user. According to such a configuration, even if the user is not registered in the second user information and is not managed by the second server 300b, the user registration unit 117 accompanies the provision of the user information to the second user of the user. It is possible to encourage new registration in the information.

The storage unit 120 stores various information related to mediation between the corporate servers 300. The storage unit 120 may store, for example, the user's consent information, the first identification information, the second identification information, and the like. The storage unit 120 may store each information by using a database management system (DBMS), or may store each information by using a file system. When using the DBMS, a table may be provided for each of the above information, and each information may be managed by associating the tables with each other.

The storage unit 120 may store, for example, the first identification information and the second identification information in association with each other. Here, an example of the association will be described with reference to FIG.

In this example, the association between the first company user ID including the first identification information and issued by the intermediary server 100 and the second company user ID including the second identification information and issued by the intermediary server 100 will be described. .. The first identification information and the second identification information are collectively referred to as "identification information". Further, the first company user ID and the second company user ID are collectively referred to as "company user ID". Regarding the difference between these identification information issued by the corporate server 300 and these corporate user IDs issued by the intermediary server 100, for example, when the first identification information is "abc1234", the first corporate user ID is the first. 1 It becomes "AAA-abc1234" to which the identification information "AAA" for each company issued by the intermediary server 100 is added to the identification information.

According to the above configuration, the first identification information and the second identification information can be specified, and further, which company's identification information can be specified. Further, in this example, the association is stored in the storage unit 120 as user ID information.

As shown in FIG. 5A, the user ID information may include, for example, a first company user ID and a second company user ID. In this example, in the user ID information, the first company user ID and the second company user ID are directly associated with each other. As the mode of the association, one-to-one, one-to-N (plurality), (plurality) N-to-one, (plurality) N-to-N (plurality), and the like can be considered.

As shown in FIG. 5B, the user ID information includes, for example, an intermediary user ID and a first intermediary user ID issued by the intermediary server 100 for each user in order to link each company user ID. It may be configured to include a company user ID, a second company user ID, a third company user ID, and the like. In this example, in the user ID information, the first company user ID and the second company user ID are indirectly associated with each other via the user ID.

As shown in FIG. 5C, the user ID information may be configured including, for example, an intermediary user ID as a primary key, an intermediary user ID, and a company user ID. In the corporate user ID, the corporate user IDs of the first corporate user ID, the second corporate user ID, or the third corporate user ID are collectively stored in one item. In this example, in the user ID information, the first company user ID and the second company user ID are indirectly associated with each other via the user ID.

The communication unit 130 transmits and receives various information to and from the terminal 200, the corporate server 300, the external system, and the like via the network N. For example, the communication unit 130 receives user information, consent information, and the like from the corporate server 300 via the network N, and gives instructions for processing the received user information and the functions of the corporate server 300 to the other corporate server 300. Or send to.

<4. Operation example>
An operation example of the intermediary system 1 will be described with reference to FIG. FIG. 6 shows that the intermediary system 1 receives consent information from the first server 300a, provides user information to the second server 300b based on the consent information, and uses the first server 300a as a contact point for the second server 300b. It is a flow diagram which shows the flow of the mediation process for providing a function to a user. The order of processing shown below is an example, and may be changed as appropriate.

As shown in FIG. 6, the information receiving unit 111 of the intermediary server 100 first obtains consent information including whether or not user information regarding the user can be provided for the second function of the second server 300b and whether or not the user can use the second function. Accept from server 300a (S10). When the information providing unit 113 can provide the user information for the second function based on the consent information (Yes in S11), the information providing unit 113 acquires the user information from the first server 300a and transfers the user information to the second function. Provide (S12).

The request receiving unit 112 receives the usage request of the second function of the user from the first server 300a (S13). When the request receiving unit 112 receives the usage request, the instruction unit 115 sends the second server 300b to the second server 300b when the second function of the user can be used based on the consent information (Yes in S14). On the other hand, the process of the second function corresponding to the usage request is instructed (S15). The result providing unit 114 acquires the processing result of the second function from the second server 300b and provides the processing result to the first server 300a (S16).

<5. Hardware configuration>
An example of the hardware configuration in the case where the above-mentioned intermediary server 100 is realized by the computer 800 will be described with reference to FIG. 7. The function of each device can be realized by dividing it into a plurality of devices.

As shown in FIG. 7, the computer 800 includes a processor 801 and a memory 803, a storage device 805, an input I / F unit 807, a data I / F unit 809, a communication I / F unit 811 and a display device. Includes 813.

The processor 801 controls various processes in the computer 800 by executing a program stored in the memory 803. For example, each functional unit or the like included in the control unit 110 of the intermediary server 100 can be realized as a program that is temporarily stored in the memory 803 and then mainly operates on the processor 801.

The memory 803 is a storage medium such as a RAM (Random Access Memory) or the like. The memory 803 temporarily stores the program code of the program executed by the processor 801 and the data required when the program is executed.

The storage device 805 is a non-volatile storage medium such as a hard disk drive (HDD) or a flash memory. The storage device 805 stores an operating system and various programs for realizing each of the above configurations. In addition, the storage device 805 can also store a table for registering consent information and user ID information and a DB for managing the table. Such programs and data are referred to by the processor 801 by being loaded into the memory 803 as needed.

The input I / F unit 807 is a device for receiving input from the user. Specific examples of the input I / F unit 807 include a keyboard, a mouse, a touch panel, various sensors, a wearable device, and the like. The input I / F unit 807 may be connected to the computer 800 via an interface such as USB (Universal Serial Bus).

The data I / F unit 809 is a device for inputting data from the outside of the computer 800. Specific examples of the data I / F unit 809 include a drive device for reading data stored in various storage media. It is also conceivable that the data I / F unit 809 is provided outside the computer 800. In that case, the data I / F unit 809 is connected to the computer 800 via an interface such as USB.

The communication I / F unit 811 is a device for performing data communication via the Internet N by wire or wirelessly with an external device of the computer 800. It is also conceivable that the communication I / F unit 811 is provided outside the computer 800. In that case, the communication I / F unit 811 is connected to the computer 800 via an interface such as USB.

The display device 813 is a device for displaying various information. Specific examples of the display device 813 include a liquid crystal display, an organic EL (Electro-Lumisensence) display, a display of a wearable device, and the like. The display device 813 may be provided outside the computer 800. In that case, the display device 813 is connected to the computer 800 via, for example, a display cable or the like. Further, when the touch panel is adopted as the input I / F unit 807, the display device 813 can be integrally configured with the input I / F unit 807.

[Second Embodiment]
Next, the second embodiment of the present invention will be described. This is a form in which a function of supporting the user's identity verification and identity authentication on the corporate server 300 is added to the intermediary server according to the first embodiment. Hereinafter, the points different from those of the first embodiment will be mainly described. Here, "identity verification" means that the user is the person himself / herself when the user and a company including a specific business operator (hereinafter, simply referred to as "specific business operator") under the Act on Prevention of Transfer of Criminal Proceeds make a transaction. It means confirming that there are no mistakes. Further, here, "personal authentication" means confirming the authenticity of the user who is qualified to receive the service from the company. The personal authentication may be, for example, authentication by a password when the user logs in to the service in order to use the service.

The intermediary server 100a of the intermediary system according to the present embodiment sets the strength of the confirmation (hereinafter referred to as “confirmation strength”) in the identity verification of the user, and processes the identity verification function according to the set confirmation strength. You may change the contents. The confirmation strength may be set in three stages of, for example, "high", "medium", and "low". When the confirmation strength is "high", for example, identity verification at a level equivalent to that of a specific business operator may be performed. In addition, with the confirmation strength "medium", for example, acquisition of identity verification documents, acquisition of the result of identity verification from the company server 300 of a specific business operator, etc., identity verification satisfying a part of the confirmation strength "high" is performed. May be good. In addition, when the confirmation strength is "low", for example, only the self-report by the user himself / herself is performed, and the authenticity check of the identity verification document at the confirmation strength "medium" level and the acquisition of the result of the identity verification from another company server 300 are performed. It does not have to be.

<1. System configuration>

A system configuration example of the intermediary system according to the present embodiment will be described. The intermediary server 100a of the intermediary system according to the present embodiment is communicably connected to an external third server 300c via a network N in addition to the first server 300a and the second server 300b. The third server 300c is a server used by a third company, and is a server that provides an identity verification function for verifying the identity of a user. The third server 300c may be one of the corporate servers 300, or may serve as a contact point for users and collectively provide services of other companies. Further, the third company may be a specific business operator. Further, the intermediary server 100a may be communicably connected to a plurality of external servers including the corporate server 300 or other than the corporate server 300 via the network N.

<2. Overview>

An example of the outline of the intermediary system according to the present embodiment will be described with reference to FIGS. 8 and 9. In FIGS. 8 and 9, the box surrounded by a thick frame represents each functional unit of the intermediary server 100a shown in FIG.

In the example of FIG. 8, when the first service of the first company confirms the identity of the user U in providing the first service, the intermediary server 100a provides the identity verification function to the first server 300a. To do. In this example, as a pattern of identity verification according to the above confirmation strength and the like, the intermediary server 100 itself confirms the identity based on (A) the user's confirmation information described later, or the user's confirmation information and the user's biometric information. A pattern, (B) a pattern for performing identity verification based on user confirmation information and past identity verification performed on the third server 300c, and (C) a pattern for performing past identity verification on the intermediary server 100 or the third server 300c. Three patterns, such as a pattern without confirmation, will be described. In the pattern (B) above, the intermediary server 100a may be combined with the implementation of identity verification in order to supplement the situation where the confirmation information of the user alone is insufficient for confirmation.

(1) As shown in FIG. 8, the first server 300a is the person who uses the first service from the service site A3 of the first service provided to the user U in the patterns (A) and (B) above. When confirmation is required, the user U's confirmation information (hereinafter referred to as "confirmation information (U)") for confirming the identity is input. Further, in the pattern (A) above, the first server 300a causes the user U to collate the confirmation information with the confirmation information in order to check the authenticity of the confirmation information (U) (hereinafter, "biological information"). (U) ") may also be input. Further, in the patterns (B) and (C) above, the first server 300a inquires the third server 300c whether or not the identity verification of the user U is performed in the third server 300c (hereinafter, "inquiry"). Information (U) may be input.

The "confirmation information" is information for confirming that the user is the user himself / herself. The confirmation information may be, for example, information that can be confirmed to a certain extent that the user is the user himself / herself. For example, a personal number card (my number card), a driver's license, a passport, etc. that can confirm the personal information. It may be confirmation document data for identity verification of image data such as a basic resident register card (with a user's face photo).

The "inquiry information" is information for inquiring whether or not the user's identity verification is performed on the third server 300c. The inquiry information may be, for example, information for inquiring to a specific business operator or the like whether or not the identity verification has been carried out within a predetermined period. Specifically, as for the inquiry information, when inquiring whether or not identity verification is performed to open an account with a bank, etc., the user's account information (store number, account number, account name, etc.) is credited to the credit card company. When inquiring about whether or not identity verification is performed for card issuance, credit card information (card brand type, member name, card number, expiration date, security code, etc.) may be used. Here, the "predetermined period" is a threshold value of the period during which the past identity verification is valid, and if one year, three years, five years, etc. are appropriately set depending on the content of the corporate service to be provided, etc. Good.

(2) When the first server 300a receives the input of (1) above, the first server 300a transmits the identity verification request of the user U to the intermediary server 100. The first server 300a may transmit at least one of the confirmation information (U), the biometric information (U), and the inquiry information (U) together with the identity verification request.

(3) The request receiving unit 112 of the intermediary server 100a receives the identity verification request from the first server 300a. The request reception unit 112 may also accept at least one of the confirmation information (U), the biometric information (U), and the inquiry information (U) included in the identity verification request.

(4) In the case of the above pattern (B) or when the third server 300c is used in the above pattern (C), the identity verification unit 118 receives the request for the above (3) identity verification. 3 The server 300c is inquired about whether or not the user's identity verification is performed during a predetermined period.

(5-1) In the case of the pattern (A) above, the identity verification unit 118 confirms the identity based on the confirmation information (U), the confirmation information (U), and the biological information (U). When the identity verification unit 118 confirms the identity based on the confirmation information (U), the identity verification unit 118 may perform the authenticity check of only the confirmation information. Further, when the identity verification unit 118 confirms the identity based on the confirmation information (U) and the biometric information (U), the identity verification unit 118 uses the confirmation information (U) and the biometric information (U) to check the authenticity of the confirmation information (U). You may collate with U). Specifically, when the confirmation information (U) is the license of the user U and the biometric information (U) is the face image data of the user U, the identity verification unit 118 obtains the face photo of the license and the face image data. It may be determined that there is no problem in the authenticity of the confirmation information (U) as long as it is collated and has a predetermined degree of agreement or more.

(5-2) In the case of the pattern (B), the identity verification unit 118 acquires the inquiry result of the above (4) from the third server 300c, and based on the confirmation information (U) and the inquiry result. , Confirm the identity of the user (U).

(5-3) When the third server 300c is used in the pattern of the above (C), the identity verification unit 118 confirms the identity of the user (U) on the third server 300c based on the inquiry result of the above (4). If has already been implemented, identity verification will not be performed. When the identity verification unit 118 does not use the third server 300c in the pattern (C) above, the identity verification of the user (U) has already been performed based on the result of the identity verification stored in the storage unit 120. Does not verify your identity. If the identity verification has been performed in the pattern (C) above, the identity verification unit 118 notifies the result providing unit 114 that the identity verification has been performed.

(6) In the case of the patterns (A) and (B) above, the result providing unit 114 provides the result of the identity verification of (5) above to the first server 300a. In the case of the pattern (C), the result providing unit 114 provides the first server 300a with a notification that the identity verification of the above (5-3) has been performed.

According to the above configuration, the intermediary server 100a can provide the corporate server 300 with its own identity verification function or an external server identity verification function. Further, the intermediary server 100a uses the past identity verification of its own or an external server in the patterns of (B) and (C) above, so that the personal information of the user included in the confirmation information and the biometric information is included in the confirmation information and the biometric information. It is possible to suppress the use of information and improve information security.

In the example of FIG. 9, the intermediary server 100a acquires the access information when the user U accesses a plurality of services including the first service and the second service, and additional personal authentication in the second server 300b (hereinafter, "" Using an example in which the acquired access information is provided for risk-based authentication), or the degree of risk in access to the corporate server 300 of the user U is provided for risk-based authentication in the first server 300a. I will explain.

(1) As shown in FIG. 9, the information receiving unit 111 of the intermediary server 100a is the first access information (hereinafter, the access information when the user U accesses the first server 300a using the first terminal 200a). , "First access information (U)") from the first server 300a, and second access information (hereinafter, referred to as "second access information") which is access information when the user U accesses the second server 300b using the terminal 200b. "Second access information (U)") is received from the second server 300b, respectively.

The "access information" is information related to the user's access to the server. The access information may include, for example, terminal information (MAC address, IP address, etc.) of the terminal used when the user accesses the server, location information (GPS information, etc.) of the terminal, access time, and the like. The intermediary server 100a may accept a plurality of access information when the user U accesses the plurality of servers from a plurality of external servers including the first server 300a and the second server 300b.

Access information includes, for example, knowledge elements such as passwords for multi-factor authentication such as SCA (Strong Consumer Authentication) (what only the person knows), and property elements such as encryption keys and security tokens (owned only by the person). It may include at least one of (what to do) and biological elements (biological information of the user himself / herself).

(2) The consent information (U) may include whether or not the first access information (U) can be provided for the second function, and the information providing unit 113 may provide the first access to the second function based on the consent information (U). When the information (U) can be provided, the first access information (U) is provided for the second function.

(3) The user U inputs the personal authentication using the terminal 200c on the personal authentication screen of the 1-2 service site A4 provided by the first server 300a.

(4) When the first server 300a receives the input of the above (3), the risk in the access of the user U to the first server 300a including the first access information (U') when the input is accessed. A determination request for determining the degree is transmitted to the intermediary server 100a.

(5) The request receiving unit 112 of the intermediary server 100a receives the determination request of (4) above.

(6) When the request receiving unit 112 receives the judgment request of the above (5), the risk judgment unit 119 includes the first access information (U') included in the judgment request, the first server 300a, and the second. Based on the plurality of access information received from the plurality of servers including the server 300b, the degree of risk in the above (3) access to the first server 300a by the user is determined.

(7) The result providing unit 114 provides the first server 300a with the degree of risk determined by the risk determination unit 119 of (6) above.

(8) The first server 300a performs risk-based authentication at the 1-2 service site A4 based on the degree of risk provided by the intermediary server 100a of (7) above.

According to the above configuration, the intermediary server 100a provides an identity verification function on behalf of the company service, or access information from the user for personal authentication in providing the service of the company or access from the user based on the access information. It can provide a degree of risk.

<3. Functional configuration of intermediary server>
An example of the functional configuration of the intermediary server 100a according to the present embodiment will be described with reference to FIG. The intermediary server 100a commonly includes the communication unit 130 of the intermediary server 100 according to the first embodiment, the storage unit 120 includes the identity verification storage unit 121, and the control unit 110 includes the information reception unit 111. The request receiving unit 112, the information providing unit 113, and the result providing unit 114 are provided in common, and in addition to these functional units, an identity verification unit 118 and a risk determination unit 119 are provided.

The information receiving unit 111 may receive, for example, the first access information when the user accesses the first server 300a from the first server 300a. Further, the information receiving unit 111 may receive a plurality of access information when the user accesses the plurality of servers from the plurality of servers.

The consent information may include whether or not the first access information can be provided to the second function, and the information providing unit 113 may provide the first access information to the second function based on the consent information, for example, the second. First access information may be provided for the function. According to such a configuration, the information providing unit 113 provides the first access information to the second server 300b when the corresponding user logs in from the function provided by the second server 300b and the person is authenticated. By providing the above, it is possible to support the determination of whether or not risk-based authentication is required for the user.

The request receiving unit 112 may accept a request for user's identity verification from the first server 300a, including confirmation information for confirming that the user is the user himself / herself.

The request receiving unit 112 may receive a request for identity verification of the user from the first server 300a, including inquiry information for inquiring whether or not the identity verification of the user is performed on the third server 300c.

The request receiving unit 112 may receive a determination request from the first server 300a for determining the degree of risk in accessing the first server of the user, including the first access information.

The result providing unit 114 may provide, for example, the result of the identity verification by the identity verification unit 118, which will be described later, to the first server 300a. According to such a configuration, the intermediary server 100a performs the identity verification of the user on behalf of the first server 300a, or entrusts the identity verification to the external third server 100c and causes them to the first server 300a. Results can be provided.

The result providing unit 114 may provide the first server 300a with a notification that the identity verification of the identity verification unit 118 has been performed.

The result providing unit 114 may provide, for example, the degree of risk determined by the risk determination unit 119, which will be described later, to the first server 300a. According to such a configuration, when a user accesses by logging in or the like from a function provided by the first server 300a and personal authentication is performed, the user's first server is based on a plurality of access information of the user. The degree of risk for access to 300a can be determined and provided.

The identity verification unit 118 provides the identity verification function to the corporate server 300. The identity verification unit 118 may, for example, check the authenticity of the confirmation information, read the information on a medium such as a driver's license or a passport by OCR technology, an IC, or the like, convert the information into confirmation document data, and generate the confirmation information. In addition, the identity verification unit 118 may check the authenticity of the confirmation information by collating the user's confirmation information with the biometric information of the user.

For example, when the request receiving unit 112 receives the user's identity verification request from the first server 300a, the identity verification unit 118 may perform the identity verification of the user based on the confirmation information included in the request. Good.

For example, when the request receiving unit 112 receives the request for identity verification from the first server 300a, the identity verification unit 118 performs the identity verification of the user based on the inquiry information included in the request on the third server 300c. You may make an inquiry and confirm the identity of the user based on the result of the inquiry. Specifically, if the answer is that the identity verification has been performed on the third server 300c in the predetermined period as a result of the inquiry, the identity verification unit 118 may confirm that the user is the user himself / herself. ..

According to the above configuration, the identity verification unit 118 can utilize the past identity verification performed by the external third server 300c without performing the authenticity check of the confirmation information for identity verification by itself. It is possible to respond to a request for identity verification to one server 300a.

The identity verification unit 118 may perform identity verification of the user, for example, based on the inquiry result and the confirmation information received together with the request for identity verification. According to such a configuration, the identity verification unit 118 can perform the past identity verification on the external third server 300c without collating the confirmation information for identity verification with the biometric information. By supplementing, it is possible to respond to the request for identity verification to the first server 300a.

When the request receiving unit 112 receives the user's identity verification request, the identity verification unit 118 collates the identity verification request with the identity verification result stored in the identity verification storage unit 121, which will be described later, and determines. If the identity verification of the user has been performed during the period, the result providing unit 114 may be notified that the identity verification of the user has been performed without performing the identity verification. Here, the "predetermined period" is a threshold value of the period during which the past identity verification is valid, and if one year, three years, five years, etc. are appropriately set depending on the content of the corporate service to be provided, etc. Good.

When the request receiving unit 112 receives the judgment request, the risk judgment unit 119 includes the first access information of the user received together with the judgment request and the plurality of access information of the user received from the plurality of servers. Based on the above, the degree of risk in accessing the first server 300a of the user is determined.

In the risk determination unit 119, for example, the terminal normally used by the user is the second terminal 200b, and the IP address B of the second terminal 200b is used for a plurality of access information received from a plurality of servers including the second server 300b. If so, when the IP address A of the first terminal 200a is used in the first access information included in the risk determination request received from the first server 300a, it is different from the IP address B used so far. It may be determined that the degree of risk is "high" because it is an IP address.

The risk determination unit 119 merges a plurality of access information, and based on the merged access information and the user's first access information received together with the determination request, the risk determination unit 119 is sent to the user's first server 300a. The degree of risk in access may be determined. Here, "merging" generally refers to a process of integrating a plurality of access information such as fusion, merging, merging, mixing, and merging. For example, the risk determination unit 119 may merge a plurality of access information by combining the plurality of access information to generate one access information according to a predetermined rule (for example, simple / inner / outer join, etc.). Good. Further, the risk determination unit 119 acquires the mode value for each item (for example, IP address, MAC address, etc.) of the plurality of access information, and adopts the mode value to generate one access information. You may merge by doing.

The storage unit 120 may store the user's access information in association with at least one of the user's first identification information and the second identification information.

The identity verification storage unit 121 stores the result of the identity verification of the user. The identity verification storage unit 121 may limit the storage period of the memory of the result of the user's identity verification to a predetermined period.

It should be noted that the above-described embodiment is an example for explaining the present invention, and the present invention is not intended to be limited only to the embodiment. Further, the present invention can be modified in various ways as long as it does not deviate from the gist thereof. Further, those skilled in the art can adopt an embodiment in which each element described below is replaced with an equal one, and such an embodiment is also included in the scope of the present invention.

[Modification example]
Although the present invention has been described based on the above-described embodiment, the following cases are also included in the present invention.

Although not shown in the above embodiment, the intermediary server 100 may mediate the function related to the settlement of transactions in the provision of services, products, etc. to the user to the corporate server 300. The intermediary server 100 requests, for example, (1) transmission of authority information and sales information for credit card payment when a user receives provision of corporate services, and (2) request for use of QR code payment function. When receiving from, the other company server 300 that provides the payment function is instructed to process the payment function, the requesting company server 300 is provided with the processing result, and (3) the bank or electronic money. When a request to use the remittance function for settlement by remittance to an account (including account transfer and account transfer) is received from the company server 300, the company server 300 that provides the remittance function is instructed to process the remittance function. , The processing result may be provided to the requesting company server 300. The intermediary server 100 may, for example, provide the functions (2) and (3) above to the company server 300 that requests the use of these functions.

1 ... Mediation system, 100, 100a ... Mediation server, 110 ... Control unit, 111 ... Information reception unit, 112 ... Request reception unit, 113 ... Information provision unit, 114 ... Result provision unit, 115 ... Instruction unit, 116 ... User judgment Unit 117 ... User registration unit, 118 ... Identity verification unit, 119 ... Risk determination unit, 120 ... Storage unit, 121 ... Identity verification storage unit, 130 ... Communication unit, 200 ... Terminal, 200a ... First terminal, 200b ... First 2 terminals, 200c ... 3rd terminal, 300 ... corporate server, 300a ... 1st server, 300b ... 2nd server, 300c ... 3rd server, 800 ... computer, 801 ... processor, 803 ... memory, 805 ... storage device, 807 ... Input I / F unit, 809 ... Data I / F unit, 811 ... Communication I / F unit, 813 ... Display device.

Claims (10)

An intermediary server capable of communicating with an external first server that provides a first function to a user and an external second server that provides a second function to the user.
An information receiving unit that receives consent information including whether or not user information about the user can be provided for the second function and whether or not the user can use the second function from the first server.
When it is possible to provide the user information to the second function based on the consent information, an information providing unit that acquires the user information from the first server and provides the user information to the second function.
A request receiving unit that receives a request for use of the second function of the user from the first server, and a request receiving unit.
When the request receiving unit receives the usage request, if the second function can be used based on the consent information, the second function corresponding to the usage request is provided to the second server. An instruction unit that instructs processing and
It includes a result providing unit that acquires the processing result of the second function from the second server and provides the processing result to the first server.
Mediation server. A storage unit that stores the first identification information issued by the first server for identifying the user and the second identification information issued by the second server for identifying the user in association with each other is provided.
The usage request of the second function includes the first identification information.
When the request receiving unit receives the usage request, the instruction unit uses the second identification information corresponding to the first identification information included in the usage request to the second server. Instruct the processing of the second function corresponding to the usage request,
The intermediary server according to claim 1. When providing the user information to the second server, the information providing unit instructs the second server to refer to the second user information regarding the user managed by the second server.
A user determination unit that determines whether or not the user is a new user on the second server based on the result of reference to the second user information by the information providing unit.
As a result of the determination by the user determination unit, when the user is a new user on the second server, the second identification information of the user is issued to the second server and the user is added to the second user information. A user registration unit that instructs the registration of
The intermediary server according to claim 2. The request receiving unit receives a request for identity verification of the user from the first server, including confirmation information for confirming that the user is the user himself / herself.
When the request receiving unit receives the request for identity verification, it is provided with an identity verification unit that confirms the identity of the user based on the confirmation information.
The result providing unit provides the result of the identity verification by the identity verification unit to the first server.
The intermediary server according to any one of claims 1 to 3. The intermediary server can communicate with an external third server that provides an identity verification function for verifying the identity of the user.
The request receiving unit receives a request for identity verification of the user from the first server, including inquiry information for inquiring whether or not the identity verification of the user is performed on the third server.
When the request receiving unit receives the request for identity verification, the third server is inquired to carry out the identity verification of the user based on the inquiry information, and the user's identity is based on the inquiry result. Equipped with an identity verification department to confirm
The result providing unit provides the result of the identity verification by the identity verification unit to the first server.
The intermediary server according to any one of claims 1 to 3. It is provided with an identity verification storage unit that stores the result of the identity verification of the user.
When the request receiving unit receives the user's identity verification request, the identity verification unit collates the identity verification request with the result of the identity verification stored in the identity verification storage unit, and determines a predetermined value. If the user's identity verification has been performed during the period, the result providing unit is notified that the user's identity verification has been performed without performing the identity verification.
The result providing unit provides the first server with a notification that the identity verification has been performed by the notification of the identity verification unit.
The intermediary server according to claim 4 or 5. The information receiving unit receives the first access information when the user accesses the first server from the first server.
The consent information includes whether or not the first access information can be provided for the second function.
The information providing unit provides the first access information to the second function when it is possible to provide the first access information to the second function based on the consent information.
The intermediary server according to any one of claims 1 to 6. The intermediary server is capable of communicating with a plurality of external servers, and is capable of communicating with a plurality of external servers.
The information receiving unit receives a plurality of access information when the user accesses the plurality of servers from the plurality of servers.
The request receiving unit receives a determination request from the first server for determining the degree of risk in accessing the first server of the user, including the first access information.
When the request receiving unit receives the determination request, the first server of the user is based on the first access information included in the determination request and the plurality of access information received from the plurality of servers. Equipped with a risk judgment unit that determines the degree of risk in accessing
The result providing unit provides the first server with the degree of risk determined by the risk determining unit.
The intermediary server according to claim 7. A program that causes a computer to function as an intermediary server capable of communicating with an external first server that provides a first function to a user and an external second server that provides a second function to the user.
On the computer
An information reception function that accepts consent information including whether or not user information about the user can be provided for the second function and whether or not the second function can be used is received from the first server.
When it is possible to provide the user information to the second function based on the consent information, an information providing function that acquires the user information from the first server and provides the user information to the second server.
A request reception function that accepts a user's request for use of the second function from the first server, and
When the request receiving function receives the usage request, if the second function can be used based on the consent information, the second function corresponding to the usage request is provided to the second server. An instruction function to instruct processing and
A result providing function of acquiring the processing result of the second function from the second server and providing the processing result to the first server is realized.
program. An information processing method executed by a computer capable of communicating with an external first server that provides a first function to a user and an external second server that provides a second function to the user.
The computer
A step of receiving consent information including the availability of user information about the user for the second function and the availability of the second function from the first server, and
When the user information can be provided to the second function based on the consent information, the step of acquiring the user information from the first server and providing the user information to the second server, and
A step of receiving the user's request for use of the second function from the first server, and
When the usage request is received, if the second function can be used based on the consent information, a step of instructing the second server to process the second function corresponding to the usage request. When,
A step of acquiring the processing result of the second function from the second server and providing the processing result to the first server is included.
Information processing method.

Images