JP7247411B1 - Information processing device and information processing method - Google Patents

Abstract

An information processing apparatus and an information processing method for providing a service provider with personal information that satisfies the accuracy required by the service provider. SOLUTION: An information processing device 1 associates an institution code for identifying each of a plurality of institutions holding personal information with a held information reliability level that is the reliability level of personal information held by the institution. A storage unit 12 for storing reliability information of held information; , on the condition that the held information reliability associated with the institution code of the prescribed institution in the reliability information of the held information of the institution is equal to or higher than the required reliability, which is the held information reliability required for the prescribed application and a provision control unit 138 that controls the institution server so that the institution server, which is a server of a prescribed institution, can provide the user's personal information in response to a prescribed application. [Selection drawing] Fig. 2

Description

The present invention relates to an information processing device and an information processing method.

Conventionally, an institution holding personal information of a user provides the personal information to a different institution (see, for example, Patent Literature 1).

Japanese Unexamined Patent Application Publication No. 2013-20643

There are multiple organizations that hold personal information, and the accuracy of personal information registered in each of the multiple organizations may differ. On the other hand, when a user applies for a service, the service provider may require a certain degree of accuracy in the personal information registered. It is required to make it possible.

Accordingly, the present invention has been made in view of these points, and it is an object of the present invention to provide a service provider with personal information that satisfies the accuracy required by the service provider.

An information processing apparatus according to a first aspect of the present invention includes institution identification information for identifying each of a plurality of institutions holding personal information, and held information reliability that is the degree of reliability of personal information held by the institution. and an acquisition request, which is a request to acquire the user's personal information from the personal information held by the predetermined organization in order for the user to make a predetermined application. a request receiving unit that acquires from the terminal of the user; a reliability level specifying unit that, upon acquiring the acquisition request, specifies a required reliability level that is the reliability level of retained information required for the predetermined application; On the condition that the held information reliability associated with the institution identification information of the prescribed institution in the held information reliability information is equal to or higher than the required reliability specified by the reliability specifying unit, the prescribed institution and a provision control unit for controlling the institution server so that the institution server, which is the server of the above, can provide the personal information of the user in response to the predetermined application.

The provision control unit specifies the types of personal information necessary for making the predetermined application, and on the condition that the predetermined institution possesses personal information corresponding to each of the specified types and controlling the institution server so that the institution server can provide the user's personal information in response to the predetermined application.

The information processing device, when the held information reliability associated with the institution identification information of the predetermined institution in the reliability information of the institution held information is less than the required reliability specified by the reliability specifying unit , referring to the reliability information of the institution-held information, identifying institution-identifying information associated with the degree of reliability of the held information equal to or higher than the identified required reliability, and generating a list of institutions indicated by the identified institution-identifying information. A list generation unit and a list transmission unit that transmits the generated list to the terminal, and the provision control unit associates the reliability information of the institution-owned information with the institution identification information of the predetermined institution. is less than the required reliability specified by the reliability specification unit, when one institution is selected from the plurality of institutions included in the list in the terminal, the The institution server, which is a server of one institution, may be controlled so as to be able to provide the user's personal information in response to the predetermined application.

An information processing apparatus according to a second aspect of the present invention includes institution identification information for identifying each of a plurality of institutions holding personal information, and held information reliability that is the degree of reliability of the personal information held by the institution. and an acquisition request, which is a request to acquire the user's personal information from the personal information held by the institution in order for the user to make a predetermined application. a request reception unit that acquires from the terminal of the above, a reliability specification unit that, when acquiring the acquisition request, specifies the required reliability that is the held information reliability required for the predetermined application, and the information held by the institution a list generation unit that refers to the reliability information, identifies institution identification information associated with retained information reliability equal to or higher than the identified required reliability, and generates a list of institutions indicated by the identified institution identification information; a list transmission unit configured to transmit the list to the terminal; and when one institution is selected from among a plurality of institutions included in the list in the terminal, an institution server, which is the server of the one institution, transmits the predetermined and a provision control unit for controlling the institution server so as to be able to provide the user's personal information in response to the application.

The list generation unit identifies the types of personal information required to make the predetermined application, identifies institutions holding personal information corresponding to all the identified types, and indicates the identified institutions. The list may be generated.
The reliability identification unit may identify the type of the predetermined application, and identify the reliability required for the predetermined application based on the identified type.

The information processing device updates the held information reliability associated with the institution identification information of the institution included in the reliability information of the institution held information based on the fulfillment status of a predetermined contract in the institution. You may further have a part.
The update unit reduces the reliability of held information associated with the institution identification information of the institution included in the reliability information of the institution held information when the institution fails to fulfill a predetermined contract. good too.

The update unit may update the held information reliability based on the number of occurrences of nonfulfillment of the predetermined contract in a unit period.
The update unit may update the held information reliability based on the length of a period during which the predetermined contract has not been breached.
The information processing device may further include a setting unit that sets an initial value of the held information reliability associated with the institution based on the country to which the institution belongs and the type of the institution.

An information processing method according to a third aspect of the present invention is a step of acquiring, from a terminal of the user, an acquisition request, which is a request to acquire the user's personal information from a predetermined institution in order for the user to make a predetermined application. a step of specifying a required reliability indicating a retained information reliability, which is a reliability of the personal information retained by the institution, requested for the predetermined application when the acquisition request is obtained; In organization-held information reliability information that associates organization identification information for identifying each of a plurality of organizations with a level of reliability of personal information held by the organization, the organization identification of the predetermined organization On the condition that the retained information reliability associated with the information is equal to or higher than the specified required reliability, the institution server, which is the server of the prescribed institution, provides the personal information of the user in response to the prescribed application. and controlling the agency server to enable it to provide a computer implemented information processing method.

According to the present invention, it is possible to provide a service provider with personal information that satisfies the accuracy required by the service provider.

1 is a diagram showing an overview of an information processing system according to a first embodiment; FIG. 1 illustrates a functional configuration of an information processing device according to a first embodiment; FIG. It is a figure which shows an example of agency information by country. FIG. 4 is a diagram showing an example of reliability information of institutionally-held information; It is a figure which shows an example of application requirement information. 3 is a diagram showing a functional configuration of a user terminal according to the first embodiment; FIG. 4 is a sequence diagram showing the flow of processing in the information processing system according to the first embodiment; FIG. 8 is a sequence diagram showing a flow of processing following the flow of processing shown in FIG. 7; FIG. It is a figure which shows an example of an application start screen. It is a figure which shows an example of a list screen. It is a figure which shows an example of a consent screen. FIG. 10 is a sequence diagram showing the flow of processing in the information processing system according to the second embodiment;

[First embodiment]
[Overview of information processing system S]
FIG. 1 is a diagram showing an outline of an information processing system S according to the first embodiment. The information processing system S is a system that enables a user to make a prescribed application by acquiring necessary personal information from an institution such as a bank. The information processing system S includes an information processing device 1, a user terminal 2 as a mobile communication terminal used by a user, and an agency server 3 used by an agency.

The predetermined application is, for example, an application for use of various services or an application for use of a product purchase service. The information processing device 1 functions as an application reception server that receives predetermined applications. The user terminal 2 is, for example, a mobile phone such as a smart phone. The institution is, for example, a financial institution, a communication carrier, a store, etc., and the institution server 3 holds personal information of users who use the institution. The information processing device 1, the user terminal 2, and the organization server 3 are communicably connected via a communication network such as the Internet or a wireless LAN. Although one user terminal 2 and one institution server 3 are shown in FIG. 1, it is assumed that a plurality of user terminals 2 and a plurality of institution servers 3 actually exist.

The user terminal 2 transmits an acquisition request, which is a request to acquire the user's personal information from a predetermined organization designated by the user, to the information processing device 1 ((1) in FIG. 1) in order for the user to make a predetermined application. ). When the information processing apparatus 1 acquires the acquisition request, the information processing apparatus 1 specifies the required reliability, which is the reliability of the personal information held by the institution, which is required for the predetermined application ((2) in FIG. 1). In the following description, the reliability of personal information held by an institution is also referred to as held information reliability.

The information processing device 1 stores information on the reliability of information held by an institution, which associates an institution code, which serves as institution identification information for identifying each of a plurality of institutions, with held information reliability, which is the degree of reliability of personal information held by the institution. I remember. In the information processing device 1, the held information reliability of a predetermined organization corresponding to the acquisition request, which is specified based on the reliability information of the organization held information, is equal to or higher than the required reliability required for the predetermined application. On this condition, the user's personal information can be provided in response to a prescribed application from the institution server 3 corresponding to the prescribed institution.

For example, the information processing device 1 causes the user terminal 2 to display a consent screen for allowing the organization server 3 to provide the user's personal information in response to a predetermined application. to the user terminal 2 ((3) in FIG. 1).

Upon receiving the display instruction information, the user terminal 2 transmits a permission screen acquisition request to the institution server 3 corresponding to the selected one institution ((4) in FIG. 1), and receives the consent screen from the institution server 3. ((5) in FIG. 1). When the institution server 3 receives permission from the user terminal 2 to provide the user's personal information in response to a predetermined application ((6) in FIG. 1), the institution server 3 sends the user's personal information of the user terminal 2 to the information processing device 1 ((7) in FIG. 1).

The information processing device 1 acquires the user's personal information for making a prescribed application from the institution server 3 and accepts the prescribed application. By doing so, the information processing apparatus 1 can provide the provider with the personal information that satisfies the accuracy required by the provider who provides the service related to the predetermined application.

[Functional Configuration of Information Processing Apparatus 1]
Next, the details of the configuration of the information processing device 1 will be described. FIG. 2 is a diagram showing the functional configuration of the information processing device 1 according to the first embodiment. The information processing device 1 has a communication section 11 , a storage section 12 and a control section 13 .
The communication unit 11 is a communication interface for transmitting and receiving data to and from external devices such as the user terminal 2 and the institution server 3 via a network such as the Internet.

The storage unit 12 is a storage medium that stores various data, and includes a ROM (Read Only Memory), a RAM (Random Access Memory), a hard disk, an SSD (Solid State Drive), and the like. Execution of the control unit 13 causes the storage unit 12 to store the control unit 13 as a registration unit 131, an update unit 132, a start reception unit 133, a list generation unit 134, a list transmission unit 135, a request reception unit 136, a reliability specification A program that functions as the unit 137, the provision control unit 138, and the application reception unit 139 is stored.

In addition, the storage unit 12 stores country-by-country agency information indicating agencies in each of a plurality of countries. FIG. 3 is a diagram showing an example of national agency information. As shown in Figure 3, the country-specific agency information consists of the country name, the agency code of the agency that can be used in the country indicated by the country name, the agency type, the agency name, and the personal information held by the agency. It is information associated with certain retained personal information. Agencies included in the country-specific agency information are agencies that are permitted to provide the user's personal information in accordance with the user's permission. The institution code is institution identification information for identifying each of a plurality of institutions. The country-by-country agency information is referenced to generate an agency list for selecting the agency used by the user.

The personal information includes, for example, the user's name, date of birth, age, sex, residential address, family structure, and the like. Personal information may include account information at a financial institution used by the user.

In addition, the storage unit 12 stores reliability information of the information held by the institution, which associates the institution code indicating the institution with the reliability of the information held by the institution, which is the reliability of the personal information held by the institution. FIG. 4 is a diagram showing an example of reliability information of the information held by the institution. As shown in FIG. 4, it can be confirmed that the held information reliability is associated with each institution code of a plurality of institutions.

In addition, the storage unit 12 stores an application ID for identifying the application type of each of a plurality of applications for which the information processing apparatus 1 accepts a use application, a retained information reliability required for the use application, It stores application requirement information associated with the type of personal information to be provided. FIG. 5 is a diagram showing an example of application requirement information. As shown in FIG. 5, it can be confirmed that the application ID of each of a plurality of applications is associated with the degree of reliability of retained information required for the application and the type of personal information required. In the following description, the retained information reliability required for an application is also referred to as required reliability.

The control unit 13 is, for example, a CPU (Central Processing Unit). By executing the programs stored in the storage unit 12, the control unit 13 executes the registration unit 131, the update unit 132, the start reception unit 133, the list generation unit 134, the list transmission unit 135, the request reception unit 136, the reliability specification It functions as a section 137 , a provision control section 138 and an application reception section 139 .

The registration unit 131 receives registration of national agency information from a management terminal (not shown) used by an administrator or the like of the information processing device 1 . For example, when the registration unit 131 receives the country name, the type of institution, the name of the institution, and the retained personal information from the management terminal, it generates an institution code. The registration unit 131 associates the generated agency code with the received country name, agency type, agency name, and retained personal information, and stores them in the storage unit 12 as country-specific agency information.

Further, the registration unit 131 functions as a setting unit, associates the organization code with the reliability of the held information, and stores it in the storage unit 12 as reliability information of the held information of the institution. For example, the registration unit 131 sets the initial value of the held information reliability associated with the institution based on the country to which the institution belongs and the type of the institution, and stores the set held information reliability and the institution code in association with each other. may be made.

The updating unit 132 updates the reliability of held information associated with the institution code included in the reliability information of the held information of the institution based on the status of fulfillment of a predetermined contract at the institution. The predetermined contract is, for example, a contract regarding predetermined financing or a contract regarding various periodic payments such as usage fees for mobile communication services.

The update unit 132 lowers the reliability of held information associated with the institution code of the institution included in the reliability information of the held information of the institution when the institution fails to fulfill a predetermined contract. For example, the updating unit 132 calculates the ratio of the number of persons who have failed to fulfill the contract to the number of persons who have concluded a predetermined contract with the institution. Then, the updating unit 132 updates the held information reliability so that the held information reliability becomes lower as the ratio of the number of persons who failed to fulfill the contract increases.

For example, if there are many people who have defaulted on the contract, there is a high probability that many users with low credibility are included. It is thought that the accuracy of the personal information of On the other hand, the information processing apparatus 1 updates the retained information reliability so that the retained information reliability decreases as the ratio of the number of people who have defaulted on the contract increases, thereby making the retained information reliability appropriate. value can be updated.

Note that the update unit 132 lowers the held information reliability associated with the institution code of the institution included in the reliability information of the held institution information when a predetermined contract is not fulfilled, but this is not the only option. do not have. The updating unit 132 may update the held information reliability based on the number of occurrences of nonfulfillment of a predetermined contract in a unit period. In this case, the updating unit 132 updates the held information reliability so that the higher the number of occurrences of nonfulfillment of the predetermined contract in the unit period, the lower the held information reliability.

Further, the updating unit 132 may update the held information reliability based on the length of a period during which a predetermined contract has not been breached. In this case, the updating unit 132 updates the held information reliability so that the longer the length of the period during which the predetermined contract has not been fulfilled, the higher the held information reliability. By doing so, it is possible to update the retained information reliability to an appropriate value, as in the case of updating the retained information reliability based on the ratio of the number of persons who have defaulted on the contract.

Details of the functions of the start reception unit 133, the list generation unit 134, the list transmission unit 135, the request reception unit 136, the reliability determination unit 137, the provision control unit 138, and the application reception unit 139 will be described later.

[Functional Configuration of User Terminal 2]
Next, the details of the configuration of the user terminal 2 will be described. FIG. 6 is a diagram showing the functional configuration of the user terminal 2 according to the first embodiment. The user terminal 2 has an operation unit 21 , a communication unit 22 , an imaging unit 23 , a display unit 24 , a storage unit 25 and a control unit 26 .

The operation unit 21 is an operation device that receives user operations, and is, for example, a touch panel provided on the surface of the display unit 24 . The operation unit 21 notifies the control unit 26 of a signal indicating the position touched by the user.
The communication unit 22 is a communication interface for transmitting and receiving data to and from external devices such as the information processing device 1 and the engine server 3 via a network such as the Internet.

The imaging unit 23 is, for example, a camera.
The display unit 24 is a display that displays various information.
The storage unit 25 is a storage medium that stores various data, and includes ROM, RAM, hard disk, SSD, and the like. The storage unit 25 stores programs executed by the control unit 26 . Storage unit 25 stores a program that causes control unit 26 to function as application request unit 261 , list acquisition unit 262 , selection reception unit 263 , permission reception unit 264 , personal information acquisition unit 265 and application unit 266 .

The control unit 26 is, for example, a CPU. The control unit 26 functions as an application request unit 261, a list acquisition unit 262, a selection reception unit 263, a permission reception unit 264, a personal information acquisition unit 265, and an application unit 266 by executing programs stored in the storage unit 25. do.

Next, with reference to a sequence diagram showing the flow of processing in the information processing system S, the details of the functions of the control unit 13 and the control unit 26 related to the process of accepting a predetermined application will be described. FIG. 7 is a sequence diagram showing the flow of processing in the information processing system S according to the first embodiment. FIG. 8 is a sequence diagram showing the flow of processing following the flow of processing shown in FIG.

First, when the application request unit 261 of the user terminal 2 receives an operation to display an application start screen for starting an application related to a predetermined application from the user, it transmits a request to display the application start screen to the information processing device 1 ( S1). In the present embodiment, information processing apparatus 1 accepts applications for using a plurality of services, and application requesting unit 261 accepts an application for using a service selected by the user from among the applications for using a plurality of services. do. The application start screen display request includes an application ID corresponding to the type of application selected by the user.

The start reception unit 133 of the information processing device 1 transmits the application start screen to the user terminal 2 in response to receiving the display request for the application start screen (S2). The application requesting unit 261 causes the display unit 24 to display the received application start screen.

FIG. 9 is a diagram showing an example of an application start screen. As shown in FIG. 9, on the application start screen, in order to allow the user terminal 2 to acquire narrowing-down information for narrowing down the institutions that store the user's personal information, a plurality of countries are displayed in a pull-down format. It can be confirmed that a list that accepts the selection of one country is displayed. Further, FIG. 9 is provided with an OK button, and when the OK button is pressed, country selection information indicating the selected country is transmitted to the information processing apparatus 1 as narrowing-down information.

Note that the narrowing-down information is not limited to country selection information indicating the selected country, and may be information for specifying the country to which the user belongs. In this case, the application start screen may display a message such as "Please read the two-dimensional code on the boarding pass." The application requesting unit 261 activates the imaging unit 23 in response to pressing of the activation button on the application start screen, and uses the information extracted from the two-dimensional code imaged by the imaging unit 23 to identify the country to which the user belongs. may be acquired as information for narrowing down.

When the country selection information is received from the user terminal 2 (S3), the list generation unit 134 of the information processing device 1 selects an institution from among a plurality of institutions based on the country selection information, and creates a list including the selected institution. An institution list is generated (S4).

Specifically, the list generator 134 identifies the country to which the user of the user terminal 2 belongs based on the received country selection information. In addition, when the information extracted from the two-dimensional code imaged by the imaging unit 23 is received as the narrowing-down information, the list generating unit 134 analyzes the narrowing-down information to specify the country to which the user belongs. good. For example, based on the information extracted from the two-dimensional code of the boarding pass of the aircraft, the country from which the user travels may be specified. The list generation unit 134 selects institutions associated with the specified country in the country-by-country institution information stored in the storage unit 12, and produces an institution list including the selected institutions.

The list generator 134 generates a list screen containing the generated institution list. FIG. 10 is a diagram showing an example of the list screen. In FIG. 10, it can be confirmed that a list for accepting selection of one institution from among a plurality of institutions included in the institution list is displayed in a pull-down format. FIG. 10 also includes an OK button labeled "login with bank ID". When the OK button is pressed, selection information indicating the selected institution is transmitted to the information processing device 1. .

The list transmission unit 135 of the information processing device 1 transmits a list screen including the generated institution list to the user terminal 2 (S5). The list acquisition unit 262 of the user terminal 2 acquires the list screen showing the institution list.

The selection accepting unit 263 of the user terminal 2 causes the display unit 24 to display the list screen acquired by the list acquiring unit 262, and accepts the selection of one institution from among the institutions included in the institution list indicated by the list screen. Selection accepting unit 263 includes institution selection information indicating one selected institution (predetermined institution) in response to one institution being selected on the list screen, and receives personal information from the one selected institution. An acquisition request, which is a request for acquisition, is transmitted to the information processing device 1 (S6).

The request accepting unit 136 of the information processing device 1 acquires from the user terminal 2 an acquisition request, which is a request to acquire personal information from one institution selected by the user to make a predetermined application.
The reliability identification unit 137 of the information processing device 1 identifies the required reliability, which is the reliability of retained information required for a predetermined application (S7). For example, the reliability identification unit 137 identifies a predetermined application type, and identifies the required reliability based on the identified type.

Specifically, the reliability identification unit 137 identifies the type of the predetermined application by acquiring the application ID included in the display request for the application start screen. The reliability identification unit 137 refers to the application requirement information stored in the storage unit 12 and identifies the required held information reliability associated with the acquired application ID as the required reliability.

The provision control unit 138 causes the reliability identification unit 137 to specify the held information reliability associated with the institution code of the selected one institution in the reliability information of the institution held information stored in the storage unit 12. On the condition that the required reliability is equal to or higher than the requested reliability, the institution server 3 is controlled so that the institution server 3, which is the server of the one institution, can provide personal information in response to a predetermined application.

For example, first, the provision control unit 138 refers to the reliability information of the held information stored in the storage unit 12, and identifies the held information reliability associated with the institution code of the selected one institution. . Subsequently, if the held information reliability specified for the selected one institution is equal to or higher than the required reliability specified by the reliability specifying unit 137 (YES in S8), the provision control unit 138 3 causes the user terminal 2 to display a permission screen for the institution server 3 to receive permission to provide the user's personal information in response to a predetermined application.

Here, the provision control unit 138 specifies the types of personal information required to make a predetermined application, and the selected one institution holds personal information corresponding to all of the specified types. On this condition, the institution server 3 may be able to provide the user's personal information in response to a predetermined application.

For example, the provision control unit 138 refers to the application requirement information stored in the storage unit 12, and identifies the type of personal information associated with the application ID included in the display request for the application start screen. , to identify the type of personal information required to make a prescribed application. The provision control unit 138 also refers to the country-specific agency information and identifies the type of personal information held by the selected one agency. Then, the provision control unit 138 requests the provision of personal information from the institution server 3 in response to a predetermined application on the condition that the selected institution possesses personal information corresponding to all of the specified types. make it possible. By doing so, the information processing apparatus 1 can prevent a shortage of personal information necessary for making a predetermined application.

The provision control unit 138, for example, displays a consent screen on the user terminal 2 according to the flow of processing specified in IDA (OpenID Connect for Identity Assurance), and the institution server 3 can provide personal information in response to a predetermined application. The engine server 3 is controlled so that

For example, the provision control unit 138 instructs the user terminal 2 to display a consent screen in order for the institution server 3 to receive permission for providing personal information in response to a predetermined application. Display instruction information to be displayed is transmitted to the user terminal 2 (S9). The display instruction information includes the URL of the login screen for authenticating the user with the institution server 3 corresponding to the selected one institution as the destination.

Upon receiving the display instruction information, the permission reception unit 264 of the user terminal 2 transmits a login screen acquisition request to the institution server 3 based on the URL of the login screen included in the display instruction information (S10). Upon receiving the login screen acquisition request, the institution server 3 transmits the login screen to the user terminal 2 (S11). The permission receiving unit 264 causes the display unit 24 to display the login screen, and in response to receiving the input of the login information from the user, transmits the login information to the institution server 3 (S12).

The institution server 3 authenticates the user based on the login information. When the institution server 3 determines that the user has been successfully authenticated, the institution server 3 transmits to the user terminal 2 a permission screen for accepting permission for the institution server 3 to provide personal information in response to a predetermined application (S13). The permission receiving unit 264 of the user terminal 2 displays a permission screen on the display unit 24, and receives permission from the user for the institution server 3 to provide personal information in response to a predetermined application.

FIG. 11 is a diagram showing an example of a permission screen. In the example shown in FIG. 11, it can be confirmed that permission to provide personal information to service X corresponding to a predetermined application has been accepted from A bank. Upon receiving the permission from the user, the permission receiving unit 264 transmits permission information indicating that the permission has been granted to the institution server 3 (S14).

Description is moved to FIG. When the institution server 3 receives the authorization information, the information processing device 1 that accepts the prescribed application transmits an authorization code for identifying the recipient of the personal information to the user terminal 2 (S15). The permission reception unit 264 of the user terminal 2 receives the authorization code from the institution server 3 .

The personal information acquisition unit 265 of the user terminal 2 acquires personal information from the institution server 3 of one institution in response to the acceptance of the permission by the permission reception unit 264, or transfers the personal information from the institution server 3 to the information processing device 1. get In addition, after the institution server 3 receives permission to provide personal information from the user terminal 2, the application reception unit 139 of the information processing device 1 acquires the personal information held by the institution server 3, accept applications for

Specifically, the personal information acquisition unit 265 of the user terminal 2 transmits the authorization code received from the institution server 3 to the information processing device 1 (S16). The application accepting unit 139 of the information processing device 1 receives the authorization code from the user terminal 2 .

The application reception unit 139 transmits the authorization code received from the user terminal 2 to the institution server 3 (S17). The institution server 3 determines whether or not the authorization code received from the information processing device 1 and the authorization code transmitted to the user terminal 2 match. When the authority server 3 determines that the authorization codes match, it identifies the information processing device 1 as the recipient of the personal information, issues an ID token, and transmits it to the information processing device 1 (S18). It is assumed that the ID token is associated with a user ID that identifies the user who provides the personal information, ie, the user of the user terminal 2 . Upon receiving the ID token, the application reception unit 139 of the information processing device 1 transmits a personal information acquisition request including the ID token to the institution server 3 (S19).

Upon receiving the personal information acquisition request, the institution server 3 transmits the user's personal information associated with the ID token included in the received acquisition request to the information processing device 1 (S20). When receiving the user's personal information from the institution server 3, the application accepting unit 139 of the information processing device 1 inputs the personal information necessary for a predetermined application out of the received personal information on the input screen for accepting the input of the personal information. do. Then, the application accepting unit 139 transmits an input screen in which personal information is entered to the user terminal 2 (S21), and accepts a predetermined application. The application unit 266 of the user terminal 2 causes the display unit 24 to display an input screen, and receives a predetermined application from the user. Since the personal information acquired from the institution server 3 is displayed on the input screen without input by the user, the burden on the user can be reduced.

The application unit 266, upon receiving a predetermined application from the user, transmits application information to the information processing device 1 (S22). The application information includes personal information entered on the input screen. The application accepting unit 139 accepts a predetermined application by receiving application information from the user terminal 2 .

In the sequences shown in FIGS. 7 and 8, the held information reliability associated with one institution identified by referring to the reliability information of the held information of the institution is the required reliability identified by the reliability identification unit 137. Although the flow of processing when the reliability level is equal to or higher than the reliability level has been described, the retained information reliability level associated with one specified organization may be less than the required reliability level specified by the reliability level specifying unit 137 .

In response to this, if the held information reliability corresponding to the specified one institution is less than the required reliability specified by the reliability specifying unit 137 (NO in S8), the list generation unit 134 By referring to the information reliability information, the organization code associated with the country to which the user belongs and the retained information reliability level equal to or higher than the required reliability level specified by the reliability level specifying unit 137 is specified. Then, the list generation unit 134 regenerates the list screen including the list of institutions indicated by the identified institution code. The list transmission unit 135 retransmits the generated list screen to the user terminal 2 .

If the held information reliability corresponding to the identified one institution is less than the required reliability identified by the reliability identification unit 137, the provision control unit 138 sends the list retransmitted by the list transmission unit 135 in the user terminal 2. When one institution is selected from a plurality of institutions included in the institution server, the institution server 3, which is the server of the one institution, can provide personal information in response to a predetermined application. 3. By doing so, even if the retained information reliability corresponding to one institution that the user first selects from the institution list is less than the required reliability required for a predetermined application, the user In addition, it is possible to select another organization and display the personal information that satisfies the required reliability on the input screen.

[Modification 1]
In the above-described embodiment, the list generating unit 134 generates an institution list indicating institutions corresponding to the institution code associated with the country indicated by the country selection information received from the user terminal 2, but the present invention is not limited to this. The list generating unit 134 receives one or more types of institutions from the user terminal 2, and generates an institution list that includes institutions corresponding to the accepted institution types and does not include institutions corresponding to unaccepted institution types. good too. By doing so, the user can select an institution corresponding to the type of institution desired by the user as the institution from which the personal information is obtained.

[Modification 2]
Further, in the above-described embodiment, the application requesting unit 261 reads a two-dimensional code and acquires information indicated by the two-dimensional code as narrowing-down information, but the present invention is not limited to this. The application requesting unit 261 reads the barcode displayed on the boarding pass or the travel information image displayed on the display unit of the boarding gate when the user presents the boarding pass at the boarding gate, and reads the barcode or You may acquire the information which an image shows as information for narrowing down.

Further, the application requesting unit 261 may acquire the telephone number assigned to the user terminal 2 as the narrowing-down information. In this case, a message such as "Please send an empty message to #1234." When accepting a short message transmission operation from the user, the application requesting unit 261 acquires the phone number assigned to the user terminal 2 and stored in the storage unit 25, and uses the phone number to send the short message. It is transmitted to the processing device 1 or a coordinating device cooperating with the information processing device 1 .

By receiving a short message transmitted by the user terminal 2 from the user terminal 2 or the cooperation device, the list generation unit 134 of the information processing device 1 is assigned to the user terminal 2 that is the transmission source of the short message. Acquire the phone number as information for narrowing down. Then, the list generating unit 134 identifies the country to which the user belongs based on the telephone number as the narrowing-down information. By doing so, the information processing apparatus 1 can specify the country to which the user belongs by having the user perform a simple operation of sending a short message.

[Effects of the information processing device 1 according to the first embodiment]
As described above, the information processing apparatus 1 according to the first embodiment transmits an acquisition request, which is a request for acquiring the user's personal information from a predetermined organization, to the user terminal 2 in order for the user to make a predetermined application. , the requested reliability, which is the reliability of retained information required for a given application, is specified. Then, the information processing device 1 allows the organization server 3, which is the server of the predetermined organization, to perform a predetermined control the institution server 3 so as to be able to provide the user's personal information in response to the application for By doing so, the information processing apparatus 1 can provide the service provider with the personal information that satisfies the accuracy required by the service provider.

[Second embodiment]
Next, a second embodiment will be described. In the information processing system S according to the second embodiment, when the information processing apparatus 1 receives an acquisition request, which is a request to acquire personal information in order to make a prescribed application, the information processing system S obtains the information trust required for the prescribed application. This embodiment is different from the first embodiment in that a list of organizations holding personal information with a held information reliability level equal to or higher than the required reliability level is created. An information processing system S according to the second embodiment will be described below. Note that the description of the same parts as in the first embodiment will be omitted as appropriate.

FIG. 12 is a sequence diagram showing the flow of processing in the information processing system S according to the second embodiment. First, when the application request unit 261 of the user terminal 2 receives an operation to display an application start screen for starting an application related to a predetermined application from the user, it transmits a request to display the application start screen to the information processing device 1 ( S101).

The start reception unit 133 of the information processing device 1 transmits the application start screen to the user terminal 2 in response to receiving the display request for the application start screen (S102). The application requesting unit 261 causes the display unit 24 to display the received application start screen. The application start screen is the same as the screen shown in FIG. When the country is selected and the decision button is pressed, the application requesting unit 261 of the user terminal 2 converts the country selection information into an acquisition request, which is a request for the user to acquire personal information in order to make a predetermined application. It is transmitted to the processing device 1 (S103).

The request reception unit 136 of the information processing device 1 receives the acquisition request from the user terminal 2 .
The reliability specification unit 137 specifies the required reliability, which is the information required for a given application (S104).
When the reliability specification unit 137 specifies the required reliability, the list generation unit 134 refers to the reliability information of the information held by the organization stored in the storage unit 12, and determines whether the held information reliability is equal to or higher than the specified required reliability. Identify the institution code associated with the . Then, the list generation unit 134 refers to the country-specific agency information, further specifies the agency code associated with the country indicated by the received country selection information from among the specified agency codes, and further specifies the agency code indicated by the specified agency code. An institution list, which is a list of institutions, is generated (S105).

Here, the list generation unit 134 identifies the types of personal information required to make a predetermined application, and identifies the institutions that hold personal information corresponding to all the identified types of personal information. An institution list may be generated that indicates institutions corresponding to the held information reliability level equal to or higher than the required reliability level specified by the unit 137 .

In this case, the list generation unit 134 refers to the application requirement information stored in the storage unit 12 and identifies information indicating the type of personal information necessary for making a predetermined application. In addition, the list generating unit 134 refers to the country-by-country agency information, and selects the institutions corresponding to the held information reliability level equal to or higher than the required reliability specified by the reliability specifying unit 137. Select multiple institutions that hold all types of personal information. The list generation unit 134 then generates an institution list that includes only the selected institutions. By doing so, the information processing apparatus 1 can prevent an institution lacking personal information for making a predetermined application from being selected.
The list transmission unit 135 transmits a list screen including the generated institution list to the user terminal 2 (S106).

The selection accepting unit 263 of the user terminal 2 causes the display unit 24 to display the list screen acquired by the list acquiring unit 262, and accepts the selection of one institution from among the institutions included in the list indicated by the list screen. When one institution is selected on the list screen, the selection reception unit 263 transmits institution selection information indicating the selected institution to the information processing device 1 (S107).

When one institution is selected from a plurality of institutions included in the institution list shown on the list screen on the user terminal 2, the provision control unit 138 of the information processing device 1 connects the institution server 3, which is the server of the one institution. controls the institution server 3 so that it is possible to provide personal information in response to a predetermined application. Since the flow of processing after S108 in the information processing system S according to the second embodiment is the same as the flow of processing after S9 shown in FIGS. 7 and 8, description thereof will be omitted.

[Effects of information processing apparatus 1 according to second embodiment]
As described above, the information processing apparatus 1 according to the present embodiment sends an acquisition request, which is a request to acquire personal information of a user from personal information held by a predetermined organization, in order for the user to apply for a predetermined application. When acquired from the user terminal 2, the held information reliability level, which is the reliability level of the personal information held by the institution requested for a predetermined application, is specified, and the specified held information reliability is specified in the reliability information of the institution held information A list of institutions indicated by the institution code associated with the held information reliability level equal to or higher than the degree is generated and transmitted to the user terminal 2 . Then, when one institution is selected from among a plurality of institutions included in the institution list, the information processing device 1 causes the institution server 3, which is the server of the one institution, to collect the user's personal information in response to a predetermined application. control the institution server 3 so as to be able to provide By doing so, the information processing apparatus 1 can provide the service provider with the personal information that satisfies the accuracy required by the service provider, as in the first embodiment.

In addition, one trust level may be given to personal information held by one institution, but each of a plurality of personal information held should be given a trust degree (for example, for institution A, If personal information 1 and personal information 2 are held, different points may be given for personal information 1 and personal information 2).

The present invention makes it possible to contribute to Goal 9 of the Sustainable Development Goals (SDGs) led by the United Nations, "Industry and technological innovation."

Although the present invention has been described above using the embodiments, the technical scope of the present invention is not limited to the scope described in the above embodiments, and various modifications and changes are possible within the scope of the gist thereof. be. For example, all or part of the device can be functionally or physically distributed and integrated in arbitrary units. In addition, new embodiments resulting from arbitrary combinations of multiple embodiments are also included in the embodiments of the present invention. The effect of the new embodiment caused by the combination has the effect of the original embodiment.

1 information processing device 2 user terminal 3 institution server 11 communication unit 12 storage unit 13 control unit 131 registration unit 132 update unit 133 start reception unit 134 list transmission unit 135 list transmission unit 136 request reception unit 137 reliability determination unit 138 provision control unit 139 Application reception unit 21 Operation unit 22 Communication unit 23 Imaging unit 24 Display unit 25 Storage unit 26 Control unit 261 Application request unit 262 List acquisition unit 263 Selection reception unit 264 Permission reception unit 265 Personal information acquisition unit 266 Application unit

Claims (12)

Stores information on the reliability of information held by an institution, which associates institution identification information for identifying each of a plurality of institutions holding personal information with the reliability of information held by the institution, which is the degree of reliability of personal information held by the institution. a storage unit;
a request receiving unit that acquires, from the terminal of the user, an acquisition request, which is a request for acquiring the user's personal information from the personal information held by a predetermined organization in order for the user to make a predetermined application;
a reliability identification unit that, upon obtaining the acquisition request, identifies a required reliability, which is the reliability of retained information required for the predetermined application;
On the condition that the held information reliability associated with the institution identification information of the prescribed institution in the reliability information of the institution held information is equal to or higher than the required reliability specified by the reliability specifying unit, the predetermined a provision control unit for controlling the institution server so that the institution server, which is the server of the institution, can provide the personal information of the user in response to the predetermined application;
Information processing device having The provision control unit specifies the types of personal information necessary for making the predetermined application, and on the condition that the predetermined institution possesses personal information corresponding to each of the specified types , controlling the institution server so that the institution server can provide the personal information of the user in response to the predetermined application;
The information processing device according to claim 1 . When the held information reliability associated with the institution identification information of the predetermined institution in the reliability information of the institution held information is less than the required reliability specified by the reliability specifying unit, the institution held information a list generation unit that refers to the reliability information, identifies institution identification information associated with the reliability of retained information equal to or higher than the identified required reliability, and generates a list of institutions indicated by the identified institution identification information;
a list transmission unit that transmits the generated list to the terminal;
further having
The provision control unit determines if the held information reliability associated with the institution identification information of the predetermined institution in the reliability information of the institution held information is less than the required reliability specified by the reliability specifying unit and when one institution is selected from among the plurality of institutions included in the list on the terminal, an institution server serving as a server of the one institution provides personal information of the user in response to the predetermined application. controlling the authority server to allow
The information processing apparatus according to claim 1 or 2. Stores information on the reliability of information held by an institution, which associates institution identification information for identifying each of a plurality of institutions holding personal information with the reliability of information held by the institution, which is the degree of reliability of personal information held by the institution. a storage unit;
a request receiving unit that acquires an acquisition request from the terminal of the user, which is a request to acquire the user's personal information from the personal information held by the institution in order for the user to make a predetermined application;
a reliability identification unit that, upon obtaining the acquisition request, identifies a required reliability, which is the reliability of retained information required for the predetermined application;
A list for generating a list of institutions indicated by the identified institution identification information by referring to the reliability information of the institution held information, identifying institution identification information associated with the degree of reliability of the held information equal to or higher than the identified required reliability. a generator;
a list transmission unit that transmits the generated list to the terminal;
When one institution is selected from among a plurality of institutions included in the list on the terminal, an institution server serving as a server of the one institution provides personal information of the user in response to the predetermined application. a provision control unit that controls the institution server so that
Information processing device having The list generation unit identifies the types of personal information required to make the predetermined application, identifies institutions holding personal information corresponding to all the identified types, and indicates the identified institutions. generating said list;
The information processing apparatus according to claim 4. The reliability identification unit identifies the type of the predetermined application, and identifies the reliability required for the predetermined application based on the identified type.
The information processing apparatus according to claim 1 or 4. further comprising an update unit that updates the held information reliability associated with the institution identification information of the institution included in the reliability information of the institution held information based on the fulfillment status of a predetermined contract in the institution,
The information processing apparatus according to claim 1 or 4. The update unit reduces the reliability of held information associated with the institution identification information of the institution included in the reliability information of the institution held information when the institution fails to fulfill a predetermined contract,
The information processing apparatus according to claim 7. The update unit updates the held information reliability based on the number of occurrences of nonfulfillment of the predetermined contract in a unit period.
The information processing apparatus according to claim 7. The update unit updates the held information reliability based on the length of a period during which the predetermined contract has not been breached.
The information processing apparatus according to claim 7. further comprising a setting unit that sets an initial value of the held information reliability associated with the institution based on the country to which the institution belongs and the type of the institution;
The information processing apparatus according to claim 1 or 4. the computer runs
a step of obtaining, from the user's terminal, an acquisition request, which is a request to acquire the user's personal information from a prescribed institution in order for the user to make a prescribed application;
When the acquisition request is acquired, identifying a requested reliability level indicating a held information reliability level, which is a reliability level of personal information held by an institution, required for the predetermined application;
Reliability information of institutionally held information that associates institution identification information for identifying each of a plurality of institutions holding personal information with held information reliability that is the reliability of personal information held by the institution, On the condition that the held information reliability associated with the institution identification information of the institution is equal to or higher than the specified required reliability, the institution server, which is the server of the prescribed institution, responds to the prescribed application controlling the authority server to enable it to provide user personal information;
An information processing method comprising:

Images