JP7336697B1 - Information processing device, terminal, service cooperation system, information processing method and program - Google Patents

Abstract

An object of the present invention is to enable a user who receives a service via a network to easily manage his or her own account information for the service. An information processing device according to an embodiment of the present disclosure is an information processing device associated with a first service, and includes a storage unit that stores first face image data of a user of the first service; 2. A transmitter that sends screen data for accepting consent to terms of service and provision of personal information to a terminal associated with the user, second facial image data of the user, and information indicating that consent has been obtained. and a receiving unit that receives from the terminal, authenticates the user using the first facial image data and the second facial image data in the first service, and at least confirms that the user has been authenticated in the first service and consents. and a control unit that stores information indicating that the first service and the second service are to be linked for the user on the condition that the first service and the second service are to be linked in the storage unit. [Selection diagram] Figure 2

Description

The present disclosure relates to an information processing device, a terminal, a service cooperation system, an information processing method, and a program.

Users of services provided via networks are generally required to enter their personal identification information (ID) and password as account information for the service for authentication when using the service. be. Therefore, the more services the user uses, the more troublesome it becomes to manage the account information for those services.

Note that Patent Literature 1 discloses a technique for realizing authentication in cooperation with social media.

JP 2022-54661 A

It is convenient for the user to centrally manage the user's account information for multiple services.

A non-limiting embodiment of the present disclosure includes an information processing device, a terminal, a service cooperation system, an information Contribute to the provision of processing methods and programs.

An information processing device according to an embodiment of the present disclosure is an information processing device associated with a first service, and includes a storage unit that stores first face image data of a user of the first service, and a second service. Terms of use and provision of personal information including screen data displaying a plurality of business operators to be provided and an explanation for the second service selected by the user from among the plurality of business operators to handle the first face image data screen data for accepting consent to the user, a transmission unit that transmits to the terminal associated with the user, the second face image data of the user, and information indicating that the consent has been obtained, the terminal and a receiving unit that receives from the first service using the first face image data and the second face image data to authenticate the user, and that the user has been authenticated at least in the first service; a control unit that stores, in the storage unit, information indicating that the first service and the second service are to be linked with respect to the user on condition that consent is obtained.

A terminal according to an embodiment of the present disclosure includes a transmitting unit configured to transmit first face image data and second face image data of a user associated with the terminal to an information processing device associated with a first service ; Terms of use including screen data displaying a plurality of businesses that provide 2 services and an explanation for the second service selected by the user from among the plurality of businesses to handle the first face image data ; a reception unit for receiving screen data for accepting consent to provision of personal information from the information processing device, wherein the transmission unit transmits information indicating that the consent has been obtained to the information processing device. , on the condition that the user has been authenticated using the first face image data and the second face image data in at least the first service and that the consent has been obtained, the first service for the user and the second service are linked.

A service collaboration system according to an embodiment of the present disclosure is a service collaboration system including an information processing device associated with a first service and a terminal associated with a user, wherein the information processing device screen data for displaying a plurality of business operators providing a second service ; Terms of use including an explanation for handling data and screen data for accepting consent to the provision of personal information are transmitted to the terminal, and the terminal receives the screen data from the information processing device and 2 transmit the face image data and information indicating that the consent has been obtained to the information processing device, and the information processing device indicates that the second face image data and the consent have been obtained and information from the terminal, authenticate the user in the first service using the first facial image data and the second facial image data, and authenticate the user in at least the first service. Information indicating that the first service and the second service are to be linked with respect to the user on the condition that the first service and the second service are obtained on the condition that the first service and the second service are obtained.

An information processing method according to an embodiment of the present disclosure is an information processing method executed by an information processing apparatus associated with a first service, wherein first facial image data of a user of the first service is stored , Terms of use including screen data displaying a plurality of businesses that provide 2 services and an explanation for the second service selected by the user from among the plurality of businesses to handle the first face image data ; screen data for accepting consent to the provision of personal information is transmitted to the terminal associated with the user, and the user's second face image data and information indicating that the consent has been obtained are transmitted to the terminal and authenticates the user in the first service using the first facial image data and the second facial image data, and at least the user is authenticated in the first service and the consent is obtained Information indicating that the first service and the second service are to be linked with respect to the user is stored on the condition that the first service and the second service are to be linked.

A program according to an embodiment of the present disclosure includes a process of storing first face image data of a user of the first service in an information processing device associated with the first service, and a plurality of businesses providing the second service. to receive consent to the provision of personal information and terms of use including screen data displaying the person and an explanation for the second service selected by the user from among the plurality of business operators to handle the first facial image data; and a process of transmitting the screen data to the terminal associated with the user, a process of receiving the user's second face image data and the information indicating that the consent has been obtained from the terminal; A process of authenticating the user using the first face image data and the second face image data in the first service, and at least the user being authenticated in the first service and the consent being obtained. and a process of storing information indicating that the first service and the second service are to be linked with respect to the user.

In addition, these general or specific aspects may be realized by systems, devices, methods, integrated circuits, computer programs, or recording media. may be realized by any combination of

According to an embodiment of the present disclosure, in the first service, on the condition that the user is authenticated using the user's face image data that is highly likely to be unique to the user, the user is identified as the first service. Since the second service is linked, the possibility of multiple accounts being created in the second service is reduced. Therefore, a user who receives services via a network can easily manage his/her own account information for other services such as the second service in the first service.

Further advantages and advantages of an embodiment of the present disclosure are apparent from the specification and drawings. Such advantages and/or advantages may be provided by some of the embodiments and features described in the specification and drawings, respectively, but not necessarily all provided to obtain one or more of the same features. no.

A diagram for explaining an overview of a data providing service according to an embodiment of the present disclosure A diagram showing a configuration example of a data provision system that realizes a data provision service Diagram showing an example of server block configuration A diagram showing an example of a screen related to the first consent of the two-step consent method A diagram showing an example of a screen for selecting and changing the provider of action data A diagram showing an example of a screen related to the second consent of the two-step consent method A diagram showing an example of a screen for selecting and changing behavior data to be provided to the receiving business operator Diagram showing a configuration example of user registration data stored in the server A diagram showing a configuration example of the destination-related data stored in the server Diagram showing a configuration example of action data stored in the server A diagram explaining an operation example related to the collection and provision of server behavior data A diagram showing an example of a screen for turning on external service linkage settings, or for enabling or disabling external service linkage. A diagram showing an example of a screen regarding consent to the terms of use and personal information terms for external services A diagram showing an example of a screen related to identity verification (authentication) or preprocessing for new registration in an external service A diagram showing an example of a screen related to identity verification (authentication) Figure showing an example of a screen related to new registration Figure showing an example screen for confirming new registration Figure showing an example screen for confirming new registration Diagram showing a configuration example of service linkage related data stored in the server Flowchart showing an example of operations related to server user registration and user settings Flowchart showing an example of operation related to provision of server behavior data Flowchart showing an operation example related to external service linkage of the server Flowchart showing an operation example related to external service linkage of the server Flowchart showing an operation example related to external service linkage of the server

Hereinafter, embodiments of the present disclosure will be described in detail with reference to the drawings as appropriate. However, more detailed description than necessary may be omitted. For example, detailed descriptions of well-known matters and redundant descriptions of substantially the same configurations may be omitted. This is to avoid unnecessary verbosity in the following description and to facilitate understanding by those skilled in the art.

It should be noted that the accompanying drawings and the following description are provided for a thorough understanding of the present disclosure by those skilled in the art and are not intended to limit the claimed subject matter.

<Overview of data provision service>
FIG. 1 is a diagram explaining an outline of a data providing service according to an embodiment of the present disclosure. FIG. 1 shows a user 1, a terminal 2, a data providing PF (PF: Platform) 3, cameras 4a to 4e, businesses 5a to 5c, and IC card systems 6a to 6c.

The user 1 uses the terminal 2 to access the data providing PF3 and register for the data providing service provided by the data providing PF3. At this time, the user 1 registers personal data with the data providing PF3. Personal data is, specifically, personal information that can be input by the user 1, such as name, age, gender, address, date of birth, financial account, credit card, face image, and the like. The behavior data is data indicating the behavior of the user 1. Specifically, purchase history of goods, movement flow line information, entrance/exit information, boarding/departing stations, visited facilities, and the like can be considered.

In addition, the user 1 uses the terminal 2 to select which of the behavior data of the user 1 may be provided to the data providing PF 3 and to which business operators 5a to 5c ( specify. That is, the user 1 can select businesses 5a to 5c to which the behavior data of the user 1 may be provided. The terminal 2 may be, for example, a device such as a smart phone, a tablet terminal, or a personal computer.

The data providing PF 3 shown in FIG. 1 is registered in the data providing PF 3 in advance by using face authentication for captured images including the user's face (hereinafter referred to as face image data) captured by the cameras 4a to 4e. A service (hereinafter referred to as data provision service). At this time, the user is authenticated using face authentication, but an authentication method other than face authentication may be used. In such a case, it is not necessary to include the user's face in the captured image captured by the camera. As for collection of action data, the use of a camera is exemplified, but a sensor or the like capable of collecting action data may be used. The data providing PF 3 may be managed by an operator (not shown) different from the operators 5a to 5c receiving the data providing service.

The operator managing the data providing PF 3, for example, uses the cameras 4a to 4e to solicit users from whom behavioral data may be collected. A user whose behavior data may be collected registers with the data providing service provided by the data providing PF3. When registering, as described above, the necessary personal data are entered and registered. At this time, the start of use of the service provided by the business operator managing the data providing PF 3 may trigger the recruitment. In the case of registering the data providing service together with the service, it is possible to secure convenience by permitting the provision of the target service at the same time as the registration. A user 1 shown in FIG. 1 indicates a user who has registered for a data providing service provided by the data providing PF 3 .

The data providing PF3 is a platform that implements data providing services. For example, the data providing PF 3 authenticates the user 1 based on the face image data of the user 1 captured by the cameras 4a to 4e, and collects (obtains) the action data of the user 1. Specifically, the data providing PF 3 authenticates the user 1 based on the facial image data of the user 1 captured by the cameras 4a to 4e, Collect behavioral data such as purchases of goods in stores.

More specifically, by authenticating the user 1 from face image data taken by a camera installed at the ticket gate for paying the fare, information on the station where the user 1 entered and exited can be collected, and installed in the station premises and on the street. By authenticating the user 1 from the face image data taken by the camera used for payment, the travel route of the user 1 can be collected, or by authenticating the user 1 from the face image data taken by the face payment camera at the store. Collect purchase information of goods.

The data providing PF 3 transmits the collected behavior data of the user 1 to the businesses 5a to 5c selected by the user 1. FIG. For example, if the user 1 has selected the businesses 5a and 5b, the data provider PF 3 transmits the collected behavior data of the user 1 to the businesses 5a and 5b.

The data providing PF3 performs cooperation between the data providing service provided by the data providing PF3 and the external service (hereinafter sometimes referred to as cooperation, cooperation service, service cooperation, service cooperation service, external service cooperation, or external service cooperation service). provide. An external service refers to a service via a network other than the data providing service provided by the data providing PF 3, and may be, for example, a service provided by the businesses 5a to 5c. In the following description, it is assumed that the external services are provided by the businesses 5a to 5c. In addition, linking a data providing service for a user with an external service (linking a data providing service and an external service for a user) links the user with the data providing service and the corresponding user of the external service. It may be understood as (associating, associating), associating a data providing service with an external service for a certain user, and the like. In addition, when the user of the data providing service is a valid user (that is, when the data providing service is successfully authenticated), the user can use the external service as a valid user also in the external service. . In this case, the data providing PF 3 (data providing service) may provide the external service by using the data providing PF 3's web application (application using a web browser) or a dedicated application, It may lead to a web application or dedicated application for external services.

The data providing PF 3 allows the user (for example, user 1) registered with the data providing PF 3 (data providing service) to cooperate with the external service in accordance with the user's consent to the terms of use and personal information regarding the external service. enable.

At that time, if the user is not registered with the external service (does not have an ID and password (account)), the data providing PF 3, if the user's authentication such as face authentication is successful, the user's above-mentioned Information necessary for new registration is selected from the obtained personal information, screen data including the necessary information is generated, and the screen data is transmitted to the user's terminal. The user confirms the necessary information, and if additional information is required for new registration, the user inputs the additional information and sends it to the data providing PF 3, so that the data providing PF 3 is a business operator that provides external services. to send all the information required for new registration. In this way, the data providing PF 3 takes over the new registration to the external service. After that, the user can use the external service.

On the other hand, if the user is registered with the external service (has an ID and password), the data providing PF 3 authenticates (confirms the identity of) the user based on the ID and password received from the user. conduct. After successful authentication, the user can use external services through the data providing PF3.

Note that the data providing PF 3 may provide all the functions provided by the external service, or may provide a part of the functions provided by the external service, by cooperating with the external service.

Cameras 4a to 4e are installed at various locations and photograph the user. The cameras 4a to 4e send the photographed face image data of the user to the data providing PF3. The data providing PF3 performs face authentication using the received face image data. Cameras are installed at traffic ticket gates, entrances and exits of venues, passage points such as checkpoints, in front of cash registers, entrances and exits of stores, and other places where people move. Also, these cameras may be cameras installed at gates or the like for managing entry and exit.

For example, the camera 4a is installed at a ticket gate and photographs a user passing through the ticket gate. The camera 4a transmits the photographed face image data of the user to the data providing PF3.

For example, the camera 4b is installed near a cash register in a store or the like, and photographs a user who has made a payment for an item. The camera 4b transmits the photographed face image data of the user to the data providing PF3.

For example, the camera 4c is installed near the entrance of a store or the like, and photographs a user who comes to the store or leaves the store. The camera 4c transmits the photographed face image data of the user to the data providing PF3.

For example, the camera 4d is installed in a structure such as a building or a utility pole, and captures an image of a user passing through a passage or a street in the building. The camera 4d transmits the photographed face image data of the user to the data providing PF3.

For example, the camera 4e is installed at a gate for entrance/exit management installed at the entrance of a place such as an amusement park or a theme park, and photographs a user passing through the gate. The camera 4e transmits the photographed face image data of the user to the entrance/exit management system and to the data providing PF3.

By installing the cameras 4a to 4e at various locations in this way, the data providing PF3 can collect behavior data of the user 1 registered in the data providing PF3 in a wide range. Note that the cameras 4a to 4e may be surveillance cameras.

In addition, although we collect face image data of users captured by cameras, we are not limited to face image data. may be collected. For example, by tracking the user 1 specified from the face image data in the captured images of a plurality of cameras, it is possible to collect action data such as the movement line of the user 1 as well.

The businesses 5a to 5c are provided with behavior data of the user 1 registered in the data providing PF3 from the data providing PF3. However, the business operators 5a to 5c are provided with the action data of the user 1 when selected by the user 1 as the provider of the action data. The businesses 5a to 5c may be, for example, businesses that manage amusement parks, commercial facilities, lodging facilities, retail stores, and the like. Further, the businesses 5a to 5c may be municipalities such as prefectures, cities, and wards.

Note that the user 1 can select detailed types of behavior data to be provided for each supply destination, and only the selected types of data are provided to the providers 5a to 5c of the supply destinations.

Business operators 5a to 5c may provide O2O (one to one) service to user 1 using behavior data of user 1 provided by data providing PF3. For example, business operators 5a to 5c enter the behavior data of user 1 provided by data provider PF 3 into artificial intelligence (hereinafter sometimes referred to as AI), and provide services suitable for user 1 (individual). may be provided. Further, the business operators 5a to 5c may determine the location of the store or the like by using the behavior data of the user 1 provided by the data providing PF3. For example, the business operators 5a to 5c input the behavior data of the user 1 (which may be behavior data of a plurality of people) provided by the data providing PF 3 into the AI, and determine the optimum store opening location. good.

The businesses 5a to 5c may cooperate (service) with the data providing PF3 to provide the user 1 with the services provided by the businesses 5a to 5c through the data providing PF3. In cooperation with the data providing PF3, the businesses 5a to 5c are provided with the personal information of the user 1 registered in the data providing PF3, etc. from the data providing PF3.

The IC card systems 6a to 6c are, for example, transportation IC card systems managed by transportation companies such as trains, buses, and airplanes. The IC card systems 6a to 6c, for example, cooperate with a camera installed near the entrance/exit location of the user, such as a ticket gate, to detect the entry/exit of the user to/from the premises, and transmit the detected data to the data providing PF3. The data providing PF 3 collects the behavior data of the user 1 based on the detection data of entry/exit and the face image data of a camera installed near the entry/exit location. That is, the data providing PF 3 may collect behavior data of the user 1 in cooperation with other systems such as the IC card systems 6a to 6c. In addition to the transportation IC card system, data may be collected by linking with a wide range of systems such as an entrance/exit management system monitoring system.

As will be explained below, the data provision service shown in FIG. 1 obtains two consents from user 1 . The first consent is consent to the data providing service in the data providing PF3. The second consent is consent to the use of action data by the business operators 5a to 5c selected by the user 1. FIG.

Further, as will be described below, the user 1 can select the type of action data to be provided to the businesses 5a to 5c. For example, the types of behavior data that the user 1 provides to the business operators 5a to 5c include behavior data related to entrance/exit logs of station ticket gates, behavior data related to travel routes within station premises, and behavior data related to payments within stores. can be selected.

Also, as will be described below, benefits such as points and coupons are given to the user 1 who provides the behavior data. By providing the privilege, the user 1 has an incentive to register for the data providing service shown in FIG. Also, the business operator managing the data providing PF 3 can easily solicit users whose behavior data may be collected. In addition, the business operator managing the data providing PF 3 can increase the number of business operators who want to receive provision of the user's behavior data by increasing the number of users whose behavior data can be collected.

In addition, as will be described below, at least the user 1 has been authenticated using face image data in the data provision service (successful authentication), and the user 1's terms of use for external services and personal information provision On the condition that consent has been obtained, the setting for cooperation between the data providing service and the external service is turned on for user 1 .

Data may also be referred to as information. User 1's behavior data may be regarded as personal information. The business operator managing the data providing PF 3 may be different from the business operator providing the data providing service. In the above description, the operator managing the data providing PF3 is different from the operators 5a to 5c, but one or more of the operators 5a to 5c manage the data providing PF3. may The face image data received from the cameras 4a to 4c may also include images of parts other than the face.

<System configuration example>
FIG. 2 is a diagram showing a configuration example of the data providing system 10 that implements the data providing service. In FIG. 2, the same components as in FIG. 1 are given the same reference numerals. As shown in FIG. 2, the data providing system 10 has cameras 4a to 4d and a server 11. As shown in FIG. The server 11 realizes the function of the data providing PF3 shown in FIG. The server 11 may be called an information processing device. The data providing system 10 further including the terminal 2 may be called a service cooperation system.

In addition to the data providing system 10, FIG. A server 21c is shown. In addition to the data providing system 10, FIG. 2 also shows a server 22a that constitutes the IC card system 6a, a server 22b that constitutes the IC card system 6b, and a server 22c that constitutes the IC card system 6c. There is.

The server 11 is connected to the cameras 4a to 4d via a network such as a LAN (Local Area Network), the Internet, and a wireless network such as a mobile phone network. The server 11 receives face image data of the user 1 captured by the cameras 4a to 4d via the network.

The server 11 is connected to servers 21a to 21c via networks such as LAN, Internet, and wireless networks. The server 11 transmits the collected behavior data of the user 1 to the servers 21a to 21c via the network. Also, the server 11 transmits the ID and password received from the user 1 via the terminal 2 to the servers 21a to 21c via the network. The server 11 also receives the telephone number of the user 1 registered with the businesses 5a-5c (stored in the servers 21a-21c) from the servers 21a-21c via the network.

The server 11 is connected to servers 22a to 22c via networks such as LAN, Internet, and wireless networks. The server 11 receives behavior data of the user 1 via the network.

The server 11 is connected to the terminal 2 via a network such as LAN, Internet, and wireless network. The server 11 transmits various screen data described below to the terminal 2 via the network. The server 11 also receives face image data captured by the camera of the terminal 2, the ID and password input by the user 1, and the like via the network.

<Server block configuration example>
FIG. 3 is a diagram showing a block configuration example of the server 11. As shown in FIG. As shown in FIG. 3 , the server 11 has a processor 31 , a RAM (Random Access Memory) 32 , a HDD (Hard Disk Drive) 33 , a communication interface 34 and a bus 35 .

The processor 31 controls the server 11 as a whole. The processor 31 may be, for example, a CPU (Central Processing Unit). A RAM 32 , an HDD 33 , and a communication interface 34 are connected to the processor 31 via a bus 35 .

The processor 31 functions as a control unit 31a by executing programs. The control unit 31a implements the functions of the data providing PF 3 described in FIG. 1, and implements the data providing service.

The RAM 32 temporarily stores an OS (Operating System) program and application programs to be executed by the processor 31 . In addition, the RAM 32 temporarily stores various data necessary for processing by the CPU 31 . Note that the RAM 32 is a storage device that temporarily stores programs and the like, and is not limited to the RAM. For example, the RAM 32 may be a storage device such as a DRAM (Dynamic RAM).

The HDD 33 stores an OS, application programs, and the like. Various data necessary for processing by the CPU 31 are stored in the HDD 33 . Note that the HDD 33 is a storage device that stores programs and the like, and is not limited to the HDD. For example, the HDD 33 may be a storage device such as an SSD (Solid State Drive).

The communication interface 34 communicates with the cameras 4a-4e via networks such as LAN, Internet, and mobile phone network. Also, the communication interface 34 communicates with the servers 21a to 21c and the servers 22a to 22c via networks such as LAN, Internet, and mobile phone network. Note that "the communication interface 34 transmits information to or receives information from another device" means that "the processor 31 (control unit 31a) transmits information (via the communication interface 34). "sending to or receiving information from another device".

The terminal 2 and the servers 21a-21c and 22a-22c may also have blocks similar to those shown in FIG. For example, if the user 1 has registered for a service provided by the businesses 5a to 5c, the storage devices of the servers 21a to 21c store the ID and password of the user 1 and other personal information for using the service. may be stored in association with the businesses 5a-5c or the relevant service.

The processor 31 and the controller 31a are examples of a controller according to the present disclosure. The RAM 32 and HDD 33 are examples of storage units according to the present disclosure. The communication interface 34 is an example of a transmission unit, a reception unit, and a communication unit according to the present disclosure.

<Handling of action data>
Explain how behavior data is handled. The behavior data is user 1's personal information. Therefore, the server 11 receives (obtains) consent from the user 1 via the terminal 2 regarding the handling of the behavior data of the user 1 . The server 11 collects behavior data of the user 1 when consent is obtained from the user 1 . The server 11 also transmits the collected behavior data to the servers 21a-21c of the business operators 5a-5c.

Server 11 employs a two-step consent scheme. That is, server 11 obtains two consents from user 1 via terminal 2 . The first consent is consent to the data providing service in the data providing PF3. The second consent is consent to the use of action data by the business operators 5a to 5c selected by the user 1. FIG.

Since the data providing PF3 does not provide the behavior data to the business operator unless the second consent is obtained, the business operator can utilize the data only within the scope of obtaining the second consent. The data provider PF3 does not use the acquired data for marketing its own service.

FIG. 4 is a diagram showing a screen example regarding the first consent of the two-step consent method. A screen 41 shown in FIG. 4 is displayed on the display of the terminal 2 by the server 11, for example, when the user 1 registers for the data providing service.

The screen 41 includes an explanation about the handling of action data (personal information) of the data providing service in the data providing PF3. For example, the screen 41 shows that the face image of the user 1 is saved for personal authentication, that the collected behavior data of the user 1 is provided to the third party business operators (business operators 5a to 5c), Contains content that indicates In addition, the screen 41 includes a content indicating that the use and purpose of behavior data shall be separately handled according to the handling (second consent) of the business to which the behavior data is provided (disclosure destination business). be

The screen 41 displays buttons 41a and 41b for asking the user 1 whether or not he or she agrees to the handling of action data shown on the screen 41 (hereinafter sometimes referred to as terms of use). For example, when the button 41a is pressed, the terminal 2 transmits information (signal) to the server 11 indicating that the user 1 has agreed to the first terms of use.

When the user 1 agrees to the terms of use of the data providing service in the data providing PF 3, the user 1 can select the provider (enterprise) of the behavior data of the user 1.

The user 1 can select the provider of behavior data at any time. For example, the user 1 may select the provider of the behavior data immediately after agreeing to the first terms of use or at a later date. Moreover, the user 1 can change the provider of the behavior data at any time.

FIG. 5 is a diagram showing an example of a screen for selecting and changing an action data provider. The screen 42 shown in FIG. 5 may be displayed on the display of the terminal 2, for example, when a button for selecting and changing the behavior data provider is pressed on the menu screen displayed on the display of the terminal 2. .

The screen 42 displays a list of business operators to whom action data is provided. In addition, on the screen 41, toggle switches 42a to 42d for selecting an action data provider are displayed corresponding to the action data provider.

The destination of the action data of the user 1 is selected according to the operation of the toggle switches 42a to 42d. For example, the toggle switches 42a and 42d shown in FIG. 5 indicate that the businesses corresponding to the toggle switches 42a and 42d (XX Corporation and ** real estate) have been selected as the behavior data provider. .

As shown in FIG. 5, a plurality of action data providers may be selected. Also, one action data provider may be selected, or none may be selected. If no action data provider is selected, user 1's action data is not provided to any operator.

When the toggle switches 42a to 42d are switched on and off, the terminal 2 transmits information on the switched state to the server 11. FIG. When the toggle switches 42a to 42d are switched from off to on, the server 11 transmits to the terminal 2 screen data including an explanation of how the behavior data is handled by the company that has been switched on. That is, the server 11 transmits screen data regarding the second consent of the two-step consent method to the terminal 2 .

FIG. 6 is a diagram showing a screen example regarding the second consent of the two-step consent method. A screen 43 shown in FIG. 6 is displayed on the display of the terminal 2 by the server 11 . The screen 43 includes an explanation (terms of use) regarding the handling of the behavior data of the business operator selected by the user 1 as the provider of the behavior data. Note that the terms of use are terms of use for each business operator, and differ from one business operator to another.

The screen 43 displays buttons 43 a and 43 b for asking the user 1 whether or not to agree to the terms of use shown on the screen 43 . For example, when the button 43a is pressed, the terminal 2 transmits to the server 11 information indicating that the user 1 has agreed to the second terms of use.

When the user 1 agrees to the terms of use (second terms of use) of the business to which the behavior data is provided shown on the screen 43, the user 1 selects the type of behavior data to be provided to the business that agrees to the second terms of use. You can choose.

User 1 can select the type of action data at any time. For example, the user 1 may select the type of action data immediately after agreeing to the second terms of use or at a later date. Moreover, the user 1 can change the type of behavior data to be provided to the provider at any time.

FIG. 7 is a diagram showing an example of a screen regarding selection and change of action data to be provided to the service provider. The screen 44 shown in FIG. 7 may be displayed on the display of the terminal 2, for example, when a button for selecting and changing the type of action data is pressed on the menu screen displayed on the display of the terminal 2.

The screen 44 displays a list of types of behavior data to be provided to the provider. The screen 44 also displays toggle switches 44a to 44e for selecting the type of action data corresponding to the type of action data.

Depending on the operation of the toggle switches 44a to 44e, the type of behavior data of the user 1 to be provided to the provider is selected. For example, the toggle switches 44a, 44c, and 44e shown in FIG. It indicates that it has been selected as behavior data to be provided to the user.

As shown in FIG. 7, multiple types of behavior data may be selected. Also, one action data provider may be selected. If no action data type has been selected (for example, all of the toggle switches 44a to 44e are off), the server 11 sends screen data prompting the user 1 to select one or more action data types to the terminal 2. may be sent to

Note that the type of behavior data may be set (or may be different) for each provider to which the behavior data is provided. For example, the type of action data may differ for each provider of action data selected on the screen 42 shown in FIG. This is because the types of desired behavior data may differ from business to business.

<Data configuration example 1>
FIG. 8 is a diagram showing a configuration example of user registration data stored in the server 11. As shown in FIG. As shown in FIG. 8, the user registration data 51 has an ID (identifier) for identifying a user, the user's name, sex, age and address, and the user's face image data. The user registration data may also include any other required personal data of the user.

When the user agrees to the first terms of use, the user's user registration data 51 is stored in the HDD 33 of the server 11 . That is, when the user agrees to the first terms of use, the user is registered with the data providing service provided by the data providing PF3.

The server 11 transmits screen data for accepting each information (data) of the user registration data 51 to the terminal 2 after obtaining the user 1's consent to the first terms of use. The terminal 2 receives each information of the user registration data 51 from the user 1 and transmits each received information to the server 11 . The server 11 stores each piece of information transmitted from the terminal 2 in the HDD 33 as user registration data 51 .

FIG. 9 is a diagram showing a configuration example of provision destination related data stored in the server 11. As shown in FIG. As shown in FIG. 9, the destination related data 52 has an ID for identifying a user, destination business operator information, and disclosure range information.

The destination business operator information of the destination related data 52 is stored in the HDD 33 of the server 11 when the user selects the behavior data destination business operator. For example, when the user with the ID “001” selects the action data provider “〇〇 Corporation” and “** real estate” on the screen 42 shown in FIG. Information indicating "Co., Ltd." and "** real estate" is stored in the provision destination company information column corresponding to the ID "001" of the provision destination related data 52. FIG.

The disclosure range information of the provision destination related data 52 is stored in the HDD 33 of the server 11 when the user selects the type of action data to be provided to the provision destination business operator. For example, when the user with the ID “001” selects the action data types “ticket entrance/exit log” and “in-store flow line” on the screen 44 shown in FIG. Information indicating the ticket gate entry/exit log” and the “traffic line in the store” is stored in the disclosure range information column corresponding to the ID “001” of the destination related data 52 .

FIG. 10 is a diagram showing a configuration example of action data stored in the server 11. As shown in FIG. As shown in FIG. 10, the behavior data 53 includes an ID for identifying the user, information regarding the user's entry into the facility or the like, and information regarding the user's exit from the facility or the like. The information on entry includes the date and time when the user entered the facility, etc., and information on the place of entry. The information on leaving includes the date and time when the user left the facility, etc., and the information on the place where the user left.

The server 11 receives face image data from the cameras 4a to 4e. The server 11 compares the face image data received from the cameras 4a to 4e with the face image data of the user registration data 51 described with reference to FIG. It is determined whether registered face image data is included. When the face image data received from the cameras 4 a to 4 e includes the face image data registered in the data providing service, the server 11 stores the behavior data of the user of the face image data in the HDD 33 .

The server 11 may acquire the date and time of entry and the date and time of exit of the user from the facility or the like, for example, based on the reception time of the face image data received from the cameras 4a to 4e. Further, the server 11 may acquire information on places (facility, etc.) where the user entered and exited based on the information on the installation places of the cameras 4a to 4e.

The behavior data 53 may also include information on user settlement and information on use of coupons. The information about the user's payment may include, for example, information on the date and time of payment and the place of payment (facilities, etc.). The information about the user's coupon use may include, for example, the date and time of coupon use and the place of coupon use (for example, the name of the facility, etc.).

<Explanation of action data collection and provision>
11A and 11B are diagrams for explaining an operation example related to collection and provision of action data of the server 11. FIG. The server 11 receives face image data from the cameras 4a to 4e. The server 11 extracts the feature amount of the received face image data and compares it with the face image data of the user registration data 51 described with reference to FIG. That is, the server 11 collates the face image data received from the cameras 4a to 4e with the face image data of users registered in the data providing service.

If the face image data received from the cameras 4a to 4e does not match the face image data of the user registered in the data providing service as a result of the collation, the server 11 confirms that the user of the face image data received from the cameras 4a to 4e It is determined that the user is not registered with the data providing service (see arrow A1 in FIG. 11). When the server 11 determines that the user of the face image data received from the cameras 4a to 4e has not registered for the data providing service, the server 11 discards the face image data received from the cameras 4a to 4e.

On the other hand, if the face image data received from the cameras 4a to 4e matches the face image data of the user registered in the data providing service as a result of the collation, the server 11 identifies the user of the face image data received from the cameras 4a to 4e. is registered with the data providing service (see arrow A2 in FIG. 11).

When the degree of matching between the face image data received from the cameras 4a to 4e and the face image data of the user registered in the data providing service is equal to or greater than a certain threshold, the server 11 detects the face image data received from the cameras 4a to 4e. It may be determined that the image data matches the face image data of the user registered with the data providing service.

When the server 11 determines that the user of the face image data received from the cameras 4a to 4e has registered with the data providing service, the server 11 stores the action data of the user of the face image data received from the cameras 4a to 4e ( See arrow A3 in FIG. 11). For example, the server 11 stores the behavior data 53 described with reference to FIG. 10 in the HDD 33 .

If the server 11 determines that the user of the face image data received from the cameras 4a to 4e is registered with the data providing service, the server 11 refers to the user registration data 51 described with reference to FIG. Get the user's ID. Based on the acquired ID, the server 11 refers to the destination related data 52 described in FIG. ) is stored.

When the server 11 determines that the registered user's destination business operator information is stored in the destination related data 52, the server 11 stores the behavior data of the registered user in the server of the destination business indicated by the destination business operator information. Send. At that time, the server 11 extracts the type of action data based on the disclosure range information of the registered user (see the provision destination related data 52 in FIG. 9), and transmits it to the server of the provision destination business indicated by the provision destination business entity information. (see arrow A4 in FIG. 11).

On the other hand, when the server 11 determines that the registered user's information on the provider is not stored in the provider-related data 52, the server 11 does not transmit the behavior data of the registered user to the provider's server (see arrow A5 in FIG. 11). ). For example, the server 11 does not transmit the behavior data of the registered user to the provider's server if the registered user has not selected any provider of behavior data on the screen 42 of FIG.

The server 11 may transmit the behavior data of the registered users in real time to the servers 21a to 21c of the provider. Further, the server 11 may transmit the behavior data of the registered user stored (accumulated) in the HDD 33 to the servers 21a to 21c of the service providers at a predetermined timing such as midnight.

In addition, if there is behavior data that has not been sent to the selected provider at the timing when the user selects the provider of the behavior data, the server 11 detects the unsent behavior data that goes back a certain period of time from the present to the past. may be transmitted to the server of the provider. In addition, at the timing when the type of behavior data is selected by the user, if there is any type of behavior data that has not yet been transmitted, the server 11 sends the untransmitted behavior data that goes back a certain period of time from the present to the server of the provider. may be sent to

<About service cooperation>
The data providing PF 3 is provided by the data providing service and the business operators 5a to 5c in response to the user 1 registered in the data providing service agreeing to the terms of use and the personal information agreement regarding the services provided by the business operators 5a to 5c. Enables service linkage with other services.

At that time, if the user 1 has not registered with the external service (does not have a valid ID and password, or does not have a valid ID and password stored in the storage devices of the servers 21a to 21c), the data providing PF 3 selects information necessary for new registration from personal information of the user 1, generates screen data including the necessary information, and transmits the screen data to the terminal 2. User 1 confirms the necessary information, and if additional information is required for new registration, enters the additional information and transmits it to data providing PF 3 via terminal 2, so that data providing PF 3 externally Send all the information necessary for new registration to the service provider. Since the registration data when registering for a service does not differ greatly depending on the service, the data providing PF 3 presents the necessary information to the user 1 in this way, thereby reducing the effort required for registration by the user 1. be able to.

On the other hand, when the user 1 is registered with the external service (has a valid ID and password, and the valid ID and password are stored in the storage devices of the servers 21a to 21c), the data providing PF3 Based on the ID and password received from the user 1 via the terminal 2, the user 1 is authenticated (personal identification).

FIG. 12 is a diagram showing an example of a screen for turning on the setting of external service cooperation, or for enabling or disabling external service cooperation. A screen 45 shown in FIG. 12 is displayed, for example, after the user 1 logs in to the data providing service via the terminal 2 through authentication such as face authentication, and then selects the external service cooperation item from the menu screen displayed on the display of the terminal 2 . is selected, and the server 11 transmits the corresponding screen data to the terminal 2 so that it is displayed on the display of the terminal 2 .

The screen 45 displays a list of services of providers whose external service linkage setting can be turned on. Such a service may be a service provided by the provider of behavior data selected by the user 1 as described above.

Also displayed on the screen 45 are toggle switches 45a, 45b, and 45d for enabling or disabling service cooperation, and a button 45c for turning on the setting of service cooperation, corresponding to the service. When the setting of service linkage is turned on (a toggle switch is displayed), the screen 45 displays buttons for setting details of service linkage (" Settings button) is also displayed.

Here, turning on the external service linkage setting may mean linkage between the data providing service and the external service. may be regarded as linking the data providing service and the external service. Further, enabling (service) cooperation may mean that an external service can be used using face image data (face authentication). For example, if the external service is credit card payment, if face authentication is successful in the data providing service, credit card payment can be made without entering personal information in the external service. Conversely, disabling (service) cooperation may mean that external services cannot be used using face image data (face authentication).

Depending on the operation of the toggle switches 45a, 45b, and 45d by the user 1, the service linkage is enabled or disabled (for example, ON indicates that the enabled state or activation is selected, and OFF indicates a disabled state or that disabled is selected). For example, when the toggle switch is operated by the user 1, the terminal 2 transmits information indicating that the service linkage is enabled or disabled to the server 11, and when the server 11 receives the information, the service linkage enable or disable For example, the toggle switches 45a and 45d shown in FIG. 12 are enabled to cooperate with the services of the operators corresponding to the toggle switches 45a and 45d (transportation IC service of company XX, entrance/exit management service of company XX). or that activation of the linkage has been selected. For example, the toggle switch 45b shown in FIG. 12 is in a state in which the cooperation with the service of the business operator corresponding to the toggle switch 45b (account transfer service of ** company) is disabled, or the disablement of the cooperation is selected. indicates that

When the cooperation is enabled, if the user 1 logs in to the data providing service by face authentication, for example, the user 1 also logs in to the external service by the service cooperation. Therefore, the convenience of using the external service is improved.

On the other hand, according to the operation (pressing or tapping) of the button 45c by the user 1, the process proceeds to the next step, which is acceptance of consent to the terms of use and the personal information terms. For example, when the button 45c is operated by the user 1, the terminal 2 proceeds to accept acceptance of consent to the terms of use and personal information terms relating to the service of the business operator corresponding to the button 45c (certificate issuing service of XX city). Information indicating that is transmitted to the server 11 . Then, when the server 11 receives the information, it generates screen data asking the user 1 whether or not to agree to the terms of use and the terms of personal information shown in FIG.

When the button 45c is pressed by the user 1 and the authentication of the user 1 is successful as described below, the service cooperation is activated as an initial state, similar to the toggle switches 45a and 45d. good. Alternatively, like the toggle switch 45b, service cooperation may be disabled. In this case, another step of setting (operation of a toggle switch) is required to enable service cooperation.

User 1 can enable or disable service linkage whenever the service linkage setting is turned on. In addition, the user 1 can turn on the setting of service cooperation whenever the setting of service cooperation is turned off. In addition, the user 1 can turn off the setting of service cooperation whenever the setting of service cooperation is turned on. Note that turning off the service linkage can be set on a screen (not shown) for setting the details of the service linkage by the user 1 operating the above-described "setting" button. For example, when the service linkage setting is turned off (service linkage is canceled), the server 11 receives information from the terminal 2 indicating that the service linkage setting for the user 1 is turned off. Deletion of User 1's account information by sending information requesting deletion of User 1's account information (information for deleting User 1 from an external service) to the server of the business operator that provides the corresponding external service. can be done.

FIG. 13 is a diagram showing an example of a screen regarding consent to the terms of use and personal information terms (provision of personal information) relating to external services. The screen 46 shown in FIG. 13 is displayed on the display of the terminal 2 by the server 11 transmitting the corresponding screen data to the terminal 2, for example, when the button 45c is operated as described above.

The screen 46 includes the terms of use and the terms of personal information (privacy policy) regarding the service provided by the operator (certificate issuing service of XX city).

Also, on the screen 46, a check box 46a indicating whether or not to agree to the terms of use shown on the screen 46, a check box 46b indicating whether or not to agree to the personal information agreement shown on the screen 46, and the next step, A button 46c for proceeding to personal identification (authentication) or preprocessing for new registration in an external service is displayed. Note that the button 46c is grayed out and cannot be operated (pressed, tapped) when at least one of the check boxes 46a and 46b is not input (checked), and both of the check boxes 46a and 46b are input (checked). is checked), it becomes operable.

For example, when the user 1 agrees to the terms of use and the terms of personal information and the user 1 operates the button 46c, the terminal 2 sends information indicating that the user 1 has agreed to the terms of use and the terms of the personal information to the server 11. Send to When receiving the information, the server 11 generates screen data for preprocessing for personal identification (authentication) or new registration shown in FIG.

FIG. 14 is a diagram showing an example of a screen regarding preprocessing for personal identification (authentication) or new registration in an external service. The screen 47 shown in FIG. 14 is displayed on the display of the terminal 2 by the server 11 transmitting the corresponding screen data to the terminal 2, for example, when the button 46c is operated as described above.

On the screen 47, different processing (identity Input fields 47a, 47b and buttons 47c, 47d relating to preprocessing for confirmation (authentication) or new registration) are displayed.

If the user 1 has a valid ID and password, the user 1 enters a valid ID in the input field 47a and a valid password in the input field 47b, and then performs identity verification (authentication). By operating (pressing or tapping) the button 47c for authentication, pre-processing of identity confirmation (authentication) (first stage identity confirmation (authentication)) is performed. At this time, the terminal 2 transmits the ID and password to the server 11 when the user 1 operates the button 47c. Then, when the server 11 receives the ID and password, the server 11 transmits the ID and password to the business operators 5a to 5c (servers 21a to 21c) that provide the service, thereby performing the first stage identity verification (authentication). Information indicating success or failure of the authentication and, if the authentication is successful, the mobile phone number of the user 1 registered in the service are received from the businesses 5a-5c (servers 21a-21c). When the server 11 receives the information indicating that the authentication has succeeded, the server 11 generates screen data for the second stage of personal identification (authentication) shown in FIG. Send an SMS (short message) containing a passcode to the number. On the other hand, when the server 11 receives the information indicating that the authentication has failed, the server 11 generates screen data including the content indicating that the authentication has failed, and transmits the screen data to the terminal 2 .

The ID and password of User 1 and the passcode are examples of "information for confirming that the user has registered with the second service (external service)" according to the present disclosure.

On the other hand, if the user 1 does not have a valid ID and password, the user 1 operates (presses or taps) the button 47d for new registration, thereby performing new registration for the external service. At this time, when the button 47d is operated by the user 1, the terminal 2 transmits to the server 11 information indicating that new registration is to be performed. Then, when receiving the information, the server 11 generates screen data for new registration shown in FIG. 16 and transmits it to the terminal 2 .

FIG. 15 is a diagram showing an example of a screen relating to (second stage) personal identification (authentication). The screen 48 shown in FIG. 15 is displayed on the display of the terminal 2 by the server 11 transmitting the corresponding screen data to the terminal 2, for example, when the button 47c is operated as described above.

On the screen 48, an SMS containing a passcode is sent to the mobile phone number of user 1 for identity verification (authentication), and the service linkage setting is turned on by entering the passcode and being authenticated. contains content indicating that it will be

The screen 48 also displays an input field 48a for inputting a passcode, and a button 48b for verifying (authentication) the user with the passcode input in the input field 48a.

For example, the terminal 2 transmits the passcode to the server 11 when the user 1 inputs the passcode written in the SMS into the input field 48a and the button 48b is operated (pressed or tapped) by the user 1. . Then, when the passcode is received, the server 11 checks the received passcode against the passcode transmitted by SMS, thereby performing identity verification (authentication). When the received passcode and the passcode sent by SMS match, the server 11 displays a screen including content indicating that the external service cooperation setting has been turned on and that the authentication has succeeded and the user has logged in to the external service. Data is generated and transmitted to the terminal 2 . On the other hand, if the received passcode and the passcode sent by SMS do not match, the server 11 generates screen data including content indicating that the authentication has failed, and transmits the screen data to the terminal 2 . When the second step of personal identification (authentication) is also successful in this way, the external service cooperation setting is turned on, and information indicating that the external service cooperation setting is turned on is stored in the storage device of the server 11. (For example, as shown in FIG. 17, the cooperation setting completion flag is set to 1).

FIG. 16 is a diagram showing an example of a screen regarding new registration. The screen 49 shown in FIG. 16 is displayed on the display of the terminal 2 by the server 11 transmitting corresponding screen data to the terminal 2 when the button 47d is operated as described above, for example.

The screen 49 displays a photographed image 49a (for example, the face image of the user 1) currently photographed by the camera of the terminal 2, and a button 49b for newly registering with an external service and linking with the service.

For example, the terminal 2 transmits face image data to the server 11 when the user 1 puts his or her face in the frame shown in FIG. When receiving the face image data, the server 11 performs face authentication by matching the face image data of the registered user 1 stored in the storage device with the received face image data. When the face authentication is successful, the server 11 selects personal information of the registered user 1 stored in the storage device to register with the service (or the business operators 5a to 5c that provide the service). Necessary information is selected, screen data including the necessary information is generated, and transmitted to the terminal 2. - 特許庁The user 1 confirms the necessary information in the screen displayed on the display of the terminal 2 (see, for example, FIG. 17A) and replies that there is no problem. Then, the server 11 transmits necessary information to the business operators 5a to 5c (servers 21a to 21c), thereby performing new registration. If the personal information of the registered user 1 stored in the storage device does not include a part or all of the information necessary for registering for the service, the server 11 performs new registration. , an input field for inputting additional information, a button for transmitting the input information to the server 11, and the like, and screen data is generated and transmitted to the terminal 2. User 1 confirms the necessary information in the screen displayed on the display of terminal 2 (see, for example, FIG. 17B), inputs further information, and responds. Then, the server 11 transmits all necessary information to the business operators 5a to 5c (servers 21a to 21c), thereby performing new registration. When the new registration is made, the server 11 generates screen data including contents indicating that the external service cooperation setting has been turned on and that the new registration has been made and the user has logged in to the external service, and transmits the screen data to the terminal 2. . When face authentication succeeds and new registration is performed in this way, the external service cooperation setting is turned on, and information indicating that the external service cooperation setting is turned on is stored in the storage device of the server 11. (For example, as shown in FIG. 17, the cooperation setting completion flag is set to 1).

FIG. 17A is a diagram showing an example of a screen regarding confirmation of new registration. The screen 50A shown in FIG. 17A is displayed on the display of the terminal 2 by the server 11 transmitting the corresponding screen data to the terminal 2, for example, when the button 47d is operated as described above. The screen example shown in FIG. 17A corresponds to the case where the personal information of the registered user 1 stored in the storage device of the server 11 contains all the information necessary for registering with the external service. .

The user 1 confirms the information already entered in the input field, and if there is any correction, enters the correct information in the input field requiring correction, and finally operates (presses or taps) the button 50Aa to perform new registration. can be performed by the data providing service.

FIG. 17B is a diagram showing an example of a screen regarding confirmation of new registration. The screen 50B shown in FIG. 17B is displayed on the display of the terminal 2 by the server 11 transmitting the corresponding screen data to the terminal 2, for example, when the button 47d is operated as described above. The screen example shown in FIG. 17B corresponds to a case where the personal information of the registered user 1 stored in the storage device of the server 11 does not include part of the information required to register with the external service. do.

User 1 confirms the information already entered in the input field, and if there is a correction, enters correct information in the input field requiring correction, enters further information in the input field 50Ba for entering further information, Finally, by operating (pressing or tapping) the button 50Bb, the data providing service can be made to perform new registration.

<Data configuration example 2>
FIG. 18 is a diagram showing a configuration example of data related to cooperation with an external service (referred to as service cooperation related data) stored in the server 11. As shown in FIG. As shown in FIG. 18, the service linkage related data 54 includes an ID (field), business operator information (field), service information (field), linkage set flag (field), and activation flag (field). and may have Note that the service cooperation related data 54 and the user registration data 51 and the like are associated with each other via an ID (field).

The ID field is a field for identifying users. The business operator information field is a field for identifying the business operator. The service information field is a field that identifies the service provided by the business identified by the business information field.

The cooperation setting flag field indicates whether or not the cooperation setting with the service identified by the service field is turned on (“1”: turned on; “0”: not turned on).

The activation flag field indicates whether or not linkage with the service identified by the service field is activated when the linkage setting flag field is 1 (“1”: activated; “0 ': disabled; '-(null)': if the cooperation setting flag field is 0).

A record of the service cooperation related data 54 shown in FIG. 18 is created by the server 11 and stored in the storage device of the server 11 when the user selects the provider of the action data. If the provider provides a plurality of services, records are created for the number of services.

In addition, as described above, the server 11, after the second-stage personal identification (authentication) has succeeded and logged in to the external service, or after new registration has been made and logged in to the external service, the corresponding user, business 1 is set to the cooperation setting completion flag corresponding to the user and the service. Note that the server 11 sets the cooperation setting completion flag to 0 when the setting for cooperation with the external service is turned off.

Further, as described above, when the server 11 receives the information indicating that the service linkage is enabled or disabled when the toggle switch (toggle switch 45a, etc.) is operated by the user, the corresponding user, business 1 or 0 for activation flags corresponding to users and services (and cooperation set flags).

Linking a data providing service with an external service (associating a user of a data providing service with a user of an external service, linking a user with a data providing service and an external service) sets the linkage set flag to 1. It may be regarded as setting.

<Example of operation of server 11>
FIG. 19 is a flow chart showing an operation example regarding user registration and user setting of the server 11 . The server 11 may execute the process of the flowchart shown in FIG. 19 in response to a user registration request from the user via the terminal 2, for example.

S1: The server 11 accepts consent from the user via the terminal 2 regarding the use of the data providing service. For example, the server 11 accepts consent for use of the data providing service from the user via the screen 41 of the terminal 2 described with reference to FIG. That is, the server 11 accepts the user's consent to the first terms of use.

S2: The server 11 registers users who have agreed to the first terms of use. For example, the server 11 receives information about user registration from the user via the terminal 2, and stores the received information in the HDD 33 (see user registration data 51 in FIG. 8).

S3: The server 11 receives, via the terminal 2, the provider of behavior data from the user. For example, the server 11 accepts the action data provider from the user via the screen 42 of the terminal 2 described with reference to FIG.

S4: The server 11 accepts, via the terminal 2, the user's consent to the terms of use of the service provider accepted in S3. For example, the server 11 accepts the user's consent to the service provider's terms of use via the screen 43 of the terminal 2 described with reference to FIG. That is, the server 11 accepts the consent to the second terms of use from the user. When the server 11 accepts the consent of the second terms of use, the server 11 stores in the HDD 33 the information on the supply destination company received in S3 (the supply destination related data 52 in FIG. 9). (see Business Information).

S5: The server 11 receives information on the disclosure range of action data from the user via the terminal 2 . For example, the server 11 receives disclosure range information (type of behavior data to be provided to the business operator) via the screen 44 of the terminal 2 described with reference to FIG. Note that the server 11 stores the disclosure range information received in S5 in the HDD 33 (see the disclosure range information of the provider related data 52 in FIG. 9).

By the above operation, the user is registered with the data providing service. In addition, information on the destination and type of user behavior data is set in the data providing service.

Note that the user registration and user setting processes are not limited to the order of the flowchart shown in FIG. For example, the server 11 may receive, at an arbitrary timing, a provider of action data from a user who has completed user registration. Further, the server 11 may receive action data disclosure range information at any timing from a user who has completed user registration.

FIG. 20 is a flow chart showing an example of the action data provision (transmission) of the server 11 . The server 11 may, for example, execute the process of the flowchart shown in FIG. 20 at regular intervals.

S11: The server 11 receives face image data from the cameras 4a to 4e.

S12: The server 11 authenticates the face image data received in S11. For example, the server 11 extracts the feature amount of the received face image data and compares it with the face image data of the user registration data 51 described with reference to FIG. That is, the server 11 collates the face image data received from the cameras 4a to 4e with the face image data of users registered in the data providing service.

S13: Based on the face authentication process of S12, the server 11 determines whether or not the user of the face image data received from the cameras 4a to 4e is a user registered with the data providing service. For example, if the degree of matching between the face image data received from the cameras 4a to 4e and the face image data of a user registered in the data providing service is equal to or greater than a certain threshold, the server 11 detects the faces received from the cameras 4a to 4e. It may be determined that the user of the image data is registered as a user.

S14: When the server 11 determines in S13 that the user of the face image data received from the cameras 4a to 4e is not a user registered with the data providing service (No in S13), the face image data received from the cameras 4a to 4e Discard the image data. This protects the privacy of users who have not registered with the data providing service. After discarding the face image data, the server 11 terminates the processing of the flowchart.

S15: When the server 11 determines in S13 that the user of the face image data received from the cameras 4a to 4e is the user (registered user) who has registered with the data providing service (Yes in S13), the registered user Store behavioral data. For example, the server 11 stores the behavior data 53 described with reference to FIG. 10 in the HDD 33 .

S16: The server 11 determines whether or not the provision destination related data 52 (see FIG. 9) stores the provision destination business operator information of the registered user determined as "Yes" in S13. For example, the server 11 refers to the user registration data 51 described with reference to FIG. 8, and obtains the ID of the registered user for whom "Yes" was determined in S13. The server 11 refers to the destination related data 52 of FIG. 9 based on the acquired ID, and determines whether or not the destination business information of the registered user is stored in the destination related data 52 . When the server 11 determines that the registered user's provider information is not stored in the provider related data 52 (No in S16), the processing of the flowchart ends. In other words, the server 11 does not transmit the behavior data of the registered users determined as "Yes" in S13 to the providers' servers 21a to 21c.

S17: When the server 11 determines that the registered user's provider information is stored in the provision destination related data 52 (Yes in S16), the registered user's disclosure range information (the provision destination related data in FIG. 9 52), and transmits it to the server of the destination company indicated by the destination company information.

By the above operation, the type of action data selected by the user is transmitted (provided) to the provider selected by the user.

The action data transmission process is not limited to the order of the flowchart shown in FIG. For example, the server 11 may provide the service provider with the behavior data of the registered user stored (accumulated) in the HDD 33 at a predetermined timing such as midnight.

FIG. 21 is a flow chart showing an operation example of the server 11 relating to external service cooperation. In the following description, it is assumed that the user has already registered for the data providing service provided by the data providing PF 3 and the external service cooperation setting has not been turned on.

S21: The server 11 receives face image data from the user via the terminal 2, and performs login authentication to the data providing service.

S22: When the login authentication is successful, the server 11 receives information indicating the linked service selected by the user from the user via the terminal 2 (see FIG. 12, for example).

S23: The server 11 indicates, via the terminal 2, that the user has agreed to the terms of use and the terms of personal information relating to the provider of the linked service (enterprise that provides the linked service) or the linked service itself. Receive information (see, for example, FIG. 13).

S24: The server 11 determines whether or not the user has registered for the linked service (whether or not the user has an ID and password). For example, as shown in FIG. 14, this determination may be made depending on whether the information associated with the operation of the button 47c or the information associated with the operation of the button 47d is received. good.

S25: When the server 11 determines in S24 that the user is registered in the cooperating service (Yes in S24), the user ID and password are used to log in to the cooperating service (for example, FIG. 14 , see FIG. 15).

S26: If the server 11 determines in S24 that the user has not registered for the linked service (No in S24), the server 11 accepts the user's face image data via the terminal 2, and 11 is compared with the face image data of the user stored in memory 11, and the identity is confirmed by face authentication (see, for example, FIG. 15).

S27: When the identity is confirmed, the server 11 uses the user's personal information and the like stored in the server 11 to newly register for the linked service (for example, FIG. 16, FIG. 17A, See Figure 17B). The server 11 logs in to the linked service when a new registration is made.

S28: When the user logs in to the linked service, the server 11 turns on the external service linkage setting, and stores information indicating that the linkage setting has been turned on in the storage device of the server 11 (for example, , see FIG. 18).

S29: The server 11 provides the user with all or part of the functions of the linked service.

The above operation enables cooperation between the data providing service and the external service, and allows the user to use the external service (using the user's face image data) via the data providing service.

FIG. 22A is a flowchart showing an operation example of the server 11 relating to external service cooperation. In the following description, it is assumed that the user has already registered for the data providing service provided by the data providing PF 3, the external service cooperation setting is turned on, and the user is logging in to the data providing service.

S31: The server 11 waits for information from the user's terminal indicating that the external service cooperation is enabled (the toggle switch is turned on) (see FIG. 12, for example).

S32: The server 11 determines whether or not it has received information indicating that the external service linkage is enabled. In S32, when the server 11 determines that the information indicating that the external service cooperation is enabled has not been received (No in S32), the flow returns to S31.

S33: When the server 11 determines in S32 that it has received information indicating that the external service cooperation is activated (Yes in S32), the corresponding user, business operator, and service (and the cooperation setting completion flag) is set to 1 to enable external service linkage (see, for example, FIG. 18).

By the above operation, the user can use the external service via the data providing service.

FIG. 22B is a flowchart showing an operation example of the server 11 relating to external service cooperation. In the following description, it is assumed that the user has already registered for the data providing service provided by the data providing PF 3, the external service cooperation setting is turned on, and the user is logging in to the data providing service.

S36: The server 11 waits for information from the user's terminal indicating that the external service cooperation is disabled (that the toggle switch is turned off) (see FIG. 12, for example).

S37: The server 11 determines whether or not it has received information indicating that the external service cooperation will be invalidated. If the server 11 determines in S32 that it has not received information indicating that the external service cooperation is disabled (No in S37), the flow returns to S36.

S38: When the server 11 determines in S37 that it has received information indicating that the external service cooperation is invalidated (Yes in S37), the corresponding user, business operator, and service (and cooperation setting completion flag) is set to 0 to disable external service linkage (see, for example, FIG. 18).

By the above operation, the user can temporarily stop using the external service via the data providing service.

<Summary of Embodiments>
As described above, the server 11 (information processing device) associated with the data providing service (first service) has the RAM 32 that stores the first facial image data of the user 1 as personal information of the user 1 of the data providing service. , HDD 33 (storage unit). The server 11 includes a processor 31, a control unit 31a, and a communication interface 34 (transmitting unit) that transmit screen data for receiving consent to provide personal information regarding an external service (second service) to the terminal 2 associated with the user 1. Prepare. The server 11 includes a processor 31, a control unit 31a, and a communication interface 34 (receiving unit) that receive the second face image data of the user 1 and the information indicating that the consent has been obtained from the terminal 2. The server 11 authenticates the user 1 using the first facial image data and the second facial image data in the data providing service, and at least confirms that the user 1 has been authenticated in the data providing service and that the above consent has been obtained. A processor 31 and a control unit 31a (control unit) are provided for storing, as a condition, information indicating that the data providing service and the external service are to be linked for the user 1 in the RAM 32 and the HDD 33 .

As a result, the data providing service and the external service are linked on the condition that authentication is performed using the face image data of user 1, which is highly likely to be unique to user 1, in the data providing service. It reduces the possibility of multiple accounts being created in external services. Therefore, the user 1 who receives the service via the network can easily manage his own account information for the external service in the data providing service.

Further, as described above, the terminal 2 transmits the first facial image data and the second facial image data of the user 1 associated with the terminal 2 to the server 11 (information server) associated with the data providing service (first service). processor 31, a control unit 31a, and a communication interface 34 (transmitting unit). The terminal 2 includes a processor 31, a control unit 31a, and a communication interface 34 (receiving unit) that receive screen data from the server 11 for receiving consent to provide personal information regarding an external service (second service). The processor 31, the control unit 31a, and the communication interface 34 transmit to the server 11 information indicating that the consent has been obtained. On the condition that the user 1 is authenticated at least by using the first facial image data and the second facial image data in the data providing service and that the above consent is obtained, the data providing service and the external service are provided for the user 1. be linked.

As a result, the data providing service and the external service are linked on the condition that authentication is performed using the face image data of user 1, which is highly likely to be unique to user 1, in the data providing service. It reduces the possibility of multiple accounts being created in external services. Therefore, the user 1 who receives the service via the network can easily manage his own account information for the external service in the data providing service.

<Modification 1>
The control unit 31a may give a privilege to the user 1 according to the type of action data selected. For example, the control unit 31a may give more points to the user 1 as the selected type of behavior data is more important to the businesses 5a to 5c. This provides the user 1 with an incentive to register for the behavior data providing service. In addition, the business operators 5a-5c can acquire action data with a high degree of importance for the business operators 5a-5c.

In addition to displaying the types of action data and the toggle switches 44a to 44e for selecting the type of action data shown in FIG. good. By doing so, when selecting the behavior data to be provided, the content of the privilege to be given is easy to see and serves as a selection criterion.

Further, the control unit 31a may stop giving the privilege when the selection of the type of action data is cancelled. As a result, the user 1 has an incentive to maintain the selection (provision) of behavior data.

<Modification 2>
Some users 1 may want to delete action data stored (accumulated) in the server 11 . Therefore, the control unit 31a may delete the action data stored in the server 11 in response to the user's 1 request. At that time, the control unit 31a may accept the action data deletion period. For example, the control unit 31a may accept an action data deletion period, such as a period preceding three months from the present.

When deleting the action data, the control unit 31a may collect the privilege given to the user 1. FIG. For example, the control unit 31a may subtract points according to the deletion period from the points given to the user 1 .

Moreover, the control part 31a may transmit the content of collection|recovery to the terminal 2 of the user 1, when collecting a privilege. For example, the control unit 31 a may transmit the number of points to be subtracted to the terminal 2 of the user 1 . Thereby, the user 1 can grasp the privilege amount collected by deleting the behavior data.

<Modification 3>
In the present disclosure, the action data of the user 1 collected by the data providing PF 3 is provided to the business operators 5a to 5c. It may be provided to persons 5a to 5c. At this time, the personal data provided to the business operators 5a to 5c are treated in the same manner as the behavior data, and it is possible to select the recipients of the data and to give benefits.

<Modification 4>
In the present disclosure, face authentication is performed based on the face image of user 1 acquired by data providing PF 3, and action data of user 1 is collected and provided to businesses 5a to 5c. Biometric authentication may be performed based on biometric information (fingerprint, voiceprint, vein, iris, gait, etc.) that identifies the user 1. In that case, biometric information acquisition means and authentication means are known methods. can be adopted. In addition, by combining face authentication and biometric authentication other than face authentication, necessary biometric information and action data of the user 1 based on the results of the biometric authentication are collected and provided to businesses 5a to 5c. good too.

In the above-described embodiments, the notation "... part" used for each component is "... circuitry", "... assembly", "... device", "...・Unit” or other notation such as “... module” may be substituted.

Although the embodiments have been described above with reference to the drawings, the present disclosure is not limited to such examples. It is obvious that a person skilled in the art can conceive of various modifications or modifications within the scope of the claims. It is understood that such modifications or modifications are also within the technical scope of the present disclosure. Further, each component in the embodiment may be combined arbitrarily within the scope of the present disclosure.

The present disclosure can be implemented in software, hardware, or software in conjunction with hardware. Each functional block used in the description of the above embodiments is partially or wholly realized as an LSI, which is an integrated circuit, and each process described in the above embodiments is partially or wholly implemented as It may be controlled by one LSI or a combination of LSIs. An LSI may be composed of individual chips, or may be composed of one chip so as to include some or all of the functional blocks. The LSI may have data inputs and outputs. LSIs are also called ICs, system LSIs, super LSIs, and ultra LSIs depending on the degree of integration.

The method of circuit integration is not limited to LSI, and may be realized by a dedicated circuit, a general-purpose processor, or a dedicated processor. Also, an FPGA (Field Programmable Gate Array) that can be programmed after the LSI is manufactured, or a reconfigurable processor that can reconfigure the connections and settings of the circuit cells inside the LSI may be used. The present disclosure may be implemented as digital or analog processing.

Furthermore, if an integration technology that replaces the LSI appears due to advances in semiconductor technology or another technology derived from it, that technology may naturally be used to integrate the functional blocks. Application of biotechnology, etc. is possible.

An embodiment of the present disclosure is useful for information processing apparatuses that enable service cooperation.

1 User 2 Terminal 3 Data providing PF
4a-4e Camera 5a-5c Business operator 6a-6c IC card system 11, 21a-21c, 22a-22c Server

Claims (21)

An information processing device associated with a first service,
a storage unit that stores the first face image data of the user of the first service;
Terms of use including screen data displaying a plurality of businesses that provide a second service and an explanation for handling the first face image data by the second service selected by the user from among the plurality of businesses and screen data for accepting consent to the provision of personal information to a terminal associated with the user;
a receiving unit that receives from the terminal the second face image data of the user and information indicating that the consent has been obtained;
authenticating the user using the first facial image data and the second facial image data in the first service;
Information indicating that the first service and the second service are to be linked with respect to the user on the condition that the user is authenticated and the consent is obtained in at least the first service is stored in the storage unit a control unit that stores
Information processing device. The receiving unit receives information from the terminal indicating that the cooperation is to be activated or deactivated,
the control unit stores information indicating to enable or disable the cooperation in the storage unit;
The information processing device according to claim 1 . If the user has not registered for the second service,
The transmission unit selects information necessary for registering the user for the second service before the control unit stores the information indicating the cooperation in the storage unit, generating screen data containing information and transmitting it to the terminal, transmitting information for registering the user for the second service to an information processing device associated with the second service;
When the user is registered for the second service, the control unit stores information in the storage unit indicating that the user is to log in to the second service and cooperate with the second service.
The information processing device according to claim 1 . The storage unit stores information about the user, including the first face image data,
The transmission unit transmits information about the user to the terminal,
The receiving unit receives information for registering the user from the terminal as a response to transmission of information about the user.
The information processing apparatus according to claim 3. If the user has registered for the second service,
The transmission unit transmits information for confirming that the user has registered for the second service to the terminal before the control unit stores the information indicating the cooperation in the storage unit. death,
When the control unit confirms that the user has registered with the second service, the control unit causes the user to log in to the second service and stores information indicating that the cooperation is to be performed in the storage unit.
The information processing device according to claim 1 . The receiving unit receives information from the terminal indicating that cooperation between the first service and the second service for the user is cancelled,
wherein the transmission unit transmits information for deleting the user from the second service to an information processing device associated with the second service;
The information processing device according to claim 1 . a terminal,
a transmitting unit configured to transmit first face image data and second face image data of a user associated with the terminal to an information processing device associated with a first service;
Terms of use including screen data displaying a plurality of businesses that provide a second service and an explanation for handling the first face image data by the second service selected by the user from among the plurality of businesses and a receiving unit that receives screen data for accepting consent to the provision of personal information from the information processing device;
with
The transmission unit transmits information indicating that the consent has been obtained to the information processing device,
on the condition that the user has been authenticated using the first facial image data and the second facial image data in at least the first service and that the consent has been obtained; linked with the second service;
terminal. A service cooperation system including an information processing device associated with a first service and a terminal associated with a user,
The information processing device is
storing first face image data of the user;
Terms of use including screen data displaying a plurality of businesses that provide a second service and an explanation for handling the first face image data by the second service selected by the user from among the plurality of businesses and screen data for accepting consent to the provision of personal information to the terminal,
The terminal is
receiving the screen data from the information processing device;
transmitting the user's second face image data and information indicating that the consent has been obtained to the information processing device;
The information processing device is
receiving the second face image data and information indicating that the consent has been obtained from the terminal;
authenticating the user using the first facial image data and the second facial image data in the first service;
Storing information indicating that the first service and the second service are to be linked for the user, provided that the user has been authenticated and the consent has been obtained in at least the first service;
Service linkage system. An information processing method executed by an information processing device associated with a first service,
storing first face image data of the user of the first service;
Terms of use including screen data displaying a plurality of businesses that provide a second service and an explanation for handling the first face image data by the second service selected by the user from among the plurality of businesses and screen data for accepting consent to the provision of personal information to the terminal associated with the user,
receiving the second face image data of the user and information indicating that the consent has been obtained from the terminal;
authenticating the user using the first facial image data and the second facial image data in the first service;
Storing information indicating that the first service and the second service are to be linked for the user, provided that the user has been authenticated and the consent has been obtained in at least the first service;
Information processing methods. receiving information from the terminal indicating that the cooperation is enabled or disabled;
storing information indicating to enable or disable the cooperation;
The information processing method according to claim 9 . If the user has not registered for the second service,
Before storing the information indicating the linking,
selecting information necessary for registering the user for the second service, generating screen data containing the necessary information, and transmitting the screen data to the terminal;
transmitting information for registering the user for the second service to an information processing device associated with the second service;
When the user is registered for the second service, storing information indicating that the user is logged in to the second service and linked.
The information processing method according to claim 9 . storing information about the user, including the first facial image data;
transmitting information about the user to the terminal;
receiving information from the terminal for registering the user in response to sending information about the user;
The information processing method according to claim 11. If the user has registered for the second service,
sending information to the terminal for confirming that the user has registered for the second service before storing the information indicating the cooperation;
When it is confirmed that the user has registered with the second service, storing information indicating that the user is logged in to the second service and linked to the second service;
The information processing method according to claim 9 . receiving information from the terminal indicating that cooperation between the first service and the second service for the user will be canceled;
sending information for deleting the user from the second service to an information processing device associated with the second service;
The information processing method according to claim 9 . In the information processing device associated with the first service,
a process of storing the first face image data of the user of the first service;
Terms of use including screen data displaying a plurality of businesses that provide a second service and an explanation for handling the first face image data by the second service selected by the user from among the plurality of businesses and screen data for accepting consent to the provision of personal information to a terminal associated with the user;
a process of receiving the user's second face image data and information indicating that the consent has been obtained from the terminal;
a process of authenticating the user using the first facial image data and the second facial image data in the first service;
a process of storing information indicating that the first service and the second service are to be linked with respect to the user on condition that the user has been authenticated and the consent has been obtained in at least the first service; ,
program to run. In the information processing device,
a process of receiving information from the terminal indicating that the cooperation is enabled or disabled;
a process of storing information indicating that the cooperation is to be enabled or disabled;
16. The program according to claim 15, causing the execution of In the information processing device,
If the user has not registered for the second service,
Before the process of storing the information indicating the linking,
a process of selecting information necessary for registering the user for the second service, generating screen data including the necessary information, and transmitting the screen data to the terminal;
a process of transmitting information for registering the user for the second service to an information processing device associated with the second service;
a process of storing information indicating that, when the user is registered for the second service, the user is logged into the second service and linked;
16. The program according to claim 15, causing the execution of In the information processing device,
a process of storing information about the user, including the first face image data;
a process of transmitting information about the user to the terminal;
A process of receiving information for registering the user from the terminal as a response to transmission of information about the user;
18. The program according to claim 17, causing the execution of In the information processing device,
If the user has registered for the second service,
A process of transmitting information to the terminal for confirming that the user is registered with the second service before the process of storing the information indicating the cooperation;
a process of storing information indicating that the user is logged in to the second service and linked to the second service when it is confirmed that the user is registered with the second service;
16. The program according to claim 15, causing the execution of In the information processing device,
a process of receiving information from the terminal indicating that the cooperation between the first service and the second service for the user is cancelled;
a process of transmitting information for deleting the user from the second service to an information processing device associated with the second service;
16. The program according to claim 15, causing the execution of the terms of use differ for each of the second services;
The information processing device according to claim 1 .

Images