JP7454890B1 - Authorization system, network service provision system, user determination system, authorization method, network service provision method, user determination method, and program - Google Patents

Abstract

[Problem] To provide an approval system that can avoid unauthorized use in applications, such as hijacking of user accounts, impersonation, or hacking, while also taking into consideration the acquisition of personal information. [Solution] When executing approval processing to approve whether a given action of a network service is being performed by a legitimate user, an approval server device 30 has a configuration that can determine whether a specific user meets given user conditions by using the difference between the current location and a past location, rather than the specific user's location itself. [Selected Figure] Figure 4

Description

The present invention relates to an approval system, a network service providing system, a user determination system, an approval method, a network service providing method, a user determination method, a program, and the like.

In recent years, unauthorized use, typified by so-called impersonation, has rapidly increased in services such as Internet bank services and online stores via the World Wide Web (WWW).

Therefore, recently, for example, when a user uses an ID and password to access a website that provides various services on the Internet, unauthorized access is detected based on information about the user's behavior. There are known techniques to do this.

In addition, a typical example is a system that uses location information to determine whether there is unauthorized use when accessing a website using an ID and password (i.e., when authenticating the person). (For example, Patent Document 1).

Japanese Patent Application Publication No. 2012-3299

However, in the system of Patent Document 1, unauthorized access is monitored by acquiring personal information such as the user's location information, so there is room for improvement from the perspective of protecting personal information.

The present invention has been made to solve the above problems, and its purpose is to prevent user accounts from being hijacked, spoofed, or The goal is to provide an approval system that can prevent unauthorized use of applications such as hacking.

(1) In order to solve the above problems, the present invention:
An approval system that approves a given action when allowing a user to enjoy a given network service, the system comprising:
a management means for managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance; ,
When the action is executed, identifying means for identifying a user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed;
Approval processing means that performs an approval process for approving execution of the action based on a determination result of the determination process at an action execution timing when the action is executed;
Equipped with
The determination processing means, as the determination process,
Difference information indicating the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing is provided at the action execution timing or an action execution related timing related to the action execution timing. Execute the location information acquisition process,
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

"Network services" include banking services for financial institutions, reservation services for restaurants, inns, transportation, etc., product sales services, SNS services, content provision services such as games, music, and videos, and e-mail. Indicates what is provided to users via a network, such as cloud services such as various applications, or information provision services including search and advertisements.

"Action" is a process executed by a user's instructions or a program, such as making or canceling a reservation for a service or purchasing a product, uploading or sending a comment or image to another user, or sending a video to another user. It shows processing related to the network services mentioned above, such as downloading and photo data, or using applications.

Further, "user information" is, for example, information such as a user ID registered in advance, or the user ID and password.
And "identifying the user as a specific user" means,
(A1) When specifying a specific user in a dedicated server device different from the service providing server device or terminal device where the action is executed, the user ID sent from the service providing server device or terminal device is used. to identify a specific user based on, or
(A2) When identifying a specific user in a service providing server device, this includes identifying the specific user based on the user ID logged into the server device.

Furthermore, "standard distance-related information that specifies the standard distance or information related to the distance for approving the execution of a user's action" refers to the case where each user moves from the position where he or she previously existed. This is information indicating the appropriate difference (positional difference that allows identification) of the user.

For example, "reference distance related information" may be the difference between longitude and latitude, or the difference in distance. As long as one of the latitudes can be limited, either one may be used.

Further, the "reference distance related information" may be height information, for example, information indicating the difference between the previous height above the ground and the current height above the ground.

The "action execution related timing" includes, for example, any timing specified by the user, random timing, timing before the action execution timing, and timing that occurs every predetermined period. is included.

Similarly to reference distance related information, "position difference information" may be, for example, the difference between two points in longitude and latitude, or the difference in distance, and for longitude and latitude, east-west or In the case of a region or national land that is long from north to south, either longitude or latitude may be used as long as either one can be defined.

The "determination process" includes a process of determining the validity of a procedure (instruction) for approving an action to be executed, or a process of verifying the identity of the user.

Furthermore, the "user conditions" include conditions such as, for example, that the position difference of a specific user belongs within the distance range of the reference distance related information registered as the specific user.

(2) The present invention also includes:
The determination processing means
As the location information acquisition process, for each timing predetermined as the action execution related timing, a difference indicating the difference between the current location of the specific user at the relevant timing and the location of the specific user at a past timing. get information,
registering the obtained difference information in the storage means as history information of the corresponding user;
At the action execution timing, perform the condition determination process of comparing the history information of the specific user and the reference distance related information and determining whether the result of the comparison satisfies the user condition. It has a configuration.

With this configuration, the present invention can determine suitability as a specific user by using the difference between the current location and the past location while taking into account the acquisition of personal information when executing an action. .

Note that "every predetermined timing" includes once a day or once a week, or every time the user logs into a service for conducting electronic commerce.

In addition to or in place of the above user conditions, in the "condition determination process", the position difference of the position difference information acquired at each predetermined timing is registered as the transaction target person. This includes conditions such as belonging to the distance range of the reference distance related information.

(3) Furthermore, the present invention includes:
The determination processing means
As the location information acquisition process, for each timing predetermined as the action execution related timing, a difference indicating the difference between the current location of the specific user at the relevant timing and the location of the specific user at a past timing. get information,
registering the obtained difference information in the storage means as history information of the corresponding user;
Either before the action execution timing or after the action is executed, the history information of the specific user and the reference distance related information are compared, and the result of the comparison is the use The present invention has a configuration that executes the condition determination process for determining whether or not the user condition is satisfied.

With this configuration, the present invention can determine the suitability of a specific user before executing an action in a network service or after the action is executed. It is possible to save time, and as a result, the user can take appropriate action at the desired timing.

Note that "before the action execution timing" is not limited to the timing as long as it is before the execution timing at which the action is executed.

(4) The present invention also includes:
The determination processing means is configured to execute, as the determination process, a determination process for determining the authenticity of the specific user when the action is executed, based on the determination result of the condition determination process. ing.

With this configuration, the present invention can determine the validity (i.e., authenticity) of the procedure (instruction) for approving an action as a specific target person, and therefore performs identity verification based on location information. You can perform identity verification processing for

(5) The present invention also includes:
The determination processing means
As the position information acquisition process, when acquiring the difference information, acquire time information indicating the time at the action execution timing or the action execution related timing,
The condition determination process is configured to determine whether or not the difference information based on the time information satisfies the user condition with respect to the reference distance related information.

With this configuration, the present invention can recognize the time at which a position difference occurs, and therefore can detect irrational movement, such as a transaction target person moving a long distance in an instant, for example.

Therefore, the present invention can more reliably determine whether a specific user's range of movement (i.e., range of activities) is reasonable, and therefore takes into consideration the acquisition of personal information in a given network service. At the same time, it is possible to avoid unauthorized use of the application, such as hijacking, impersonation, or hacking of a user's account.

Note that the "time information" includes, for example, information indicating a date synchronized with position information such as GPS, information indicating a date and time, or information indicating a time.

(6) Furthermore, the present invention includes:
The present invention is configured to further include providing means for providing the execution result of the action to the corresponding user.

With this configuration, the present invention can provide the user with the execution result of the action, so that the user can reliably recognize whether the action can be executed.

(7) Furthermore, in order to solve the above problems, the present invention:
A program that approves a given action when allowing a user to enjoy a given network service,
management means for managing reference distance-related information, which is information registered in advance in a storage means and defines a reference distance for approving execution of the action by the user or information related to the distance;
When the action is executed, identifying means for identifying the user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed; and
Approval processing means for performing an approval process for approving execution of the action based on the determination result of the determination process at the action execution timing when the action is executed;
make the computer function as
The determination processing means
Difference information indicating the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing is provided at the action execution timing or an action execution related timing related to the action execution timing. Execute the location information acquisition process,
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

(8) Furthermore, in order to solve the above problems, the present invention includes:
An approval method for approving a given action when allowing a user to enjoy a given network service, the method comprising:
managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance;
When the action is executed, the user who instructs the execution of the action is identified as a specific user based on user information regarding the user who executes the action;
executing a determination process for determining whether or not the specific user when the action is executed satisfies a given user condition;
performing an approval process for approving execution of the action based on a determination result of the determination process at an action execution timing when the action is executed;
including;
Difference information indicating the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing is provided at the action execution timing or an action execution related timing related to the action execution timing. Execute the location information acquisition process,
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

(9) Furthermore, in order to solve the above problems, the present invention includes:
A network service providing system that provides a network service to a user, including executing approval for a given action when allowing the user to enjoy a given network service, the system comprising:
a management means for managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance; ,
When the action is executed, identifying means for identifying a user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed;
Approval processing means that performs an approval process for approving execution of the action based on a determination result of the determination process at an action execution timing when the action is executed;
Execution control means for controlling execution of the action when execution of the action is approved by the approval process;
Equipped with
The determination processing means
Difference information indicating the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing is provided at the action execution timing or an action execution related timing related to the action execution timing. Execute the location information acquisition process,
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

(10) Furthermore, in order to solve the above problems, the present invention includes:
A program that provides a network service to a user, the program including executing approval for a given action when allowing the user to enjoy a given network service,
management means for managing reference distance-related information, which is information registered in advance in a storage means and defines a reference distance for approving execution of the action by the user or information related to the distance;
When the action is executed, identifying means for identifying the user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed;
an approval processing unit that performs an approval process for approving execution of the action based on a determination result of the determination process at an action execution timing when the action is executed;
Execution control means for controlling execution of the action when execution of the action is approved by the approval process;
make the computer function as
The determination processing means
Difference information indicating the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing is provided at the action execution timing or an action execution related timing related to the action execution timing. Execute the location information acquisition process,
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

(11) Furthermore, in order to solve the above problems, the present invention includes:
A network service providing method for providing a network service to a user, the method comprising: approving a given action when allowing the user to enjoy a given network service;
managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance;
When the action is executed, the user who instructs the execution of the action is identified as a specific user based on user information regarding the user who executes the action;
executing a determination process for determining whether or not the specific user when the action is executed satisfies a given user condition;
performing an approval process for approving execution of the action based on a determination result of the determination process at an action execution timing when the action is executed;
controlling execution of the action when execution of the action is approved by the approval process;
including;
Difference information indicating the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing is provided at the action execution timing or an action execution related timing related to the action execution timing. Execute the location information acquisition process,
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

(12) Furthermore, in order to solve the above problems, the present invention includes:
A user determination system that makes a determination regarding a user regarding a given action when allowing the user to enjoy a given network service, the system comprising:
a management means for managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance; ,
When the action is executed, identifying means for identifying a user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed;
providing means for providing a determination result of the determination process to an information processing device that executes the action;
Equipped with
The determination processing means
The difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing in the action execution timing at which the action is executed or the action execution related timing related to the action execution timing. Execute location information acquisition processing to acquire differential information indicating
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

Note that the "information processing device" may be a terminal device owned by a user, or a server device that provides network services.

(13) Furthermore, in order to solve the above problems, the present invention includes:
A program that makes a determination regarding a user regarding a given action when allowing the user to enjoy a given network service, the program comprising:
management means for managing reference distance-related information, which is information registered in advance in a storage means and defines a reference distance for approving execution of the action by the user or information related to the distance;
When the action is executed, identifying means for identifying the user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed; and
providing means for providing the determination result of the determination process to an information processing device that executes the action;
function as
The determination processing means
The difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing in the action execution timing at which the action is executed or the action execution related timing related to the action execution timing. Execute location information acquisition processing to acquire differential information indicating
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

(14) Furthermore, in order to solve the above problems, the present invention includes:
A user determination method for determining a user regarding a given action when allowing the user to enjoy a given network service, the method comprising:
managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance;
When the action is executed, the user who instructs the execution of the action is identified as a specific user based on user information regarding the user who executes the action;
executing a determination process for determining whether or not the specific user when the action is executed satisfies a given user condition;
providing a determination result of the determination process to an information processing device that executes the action,
The difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing in the action execution timing at which the action is executed or the action execution related timing related to the action execution timing. Execute location information acquisition processing to acquire differential information indicating
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

(15) Furthermore, in order to solve the above problems, the present invention includes:
An approval system that approves login when logging into a given network service provided to a user,
a management means for managing reference distance-related information that is registered in advance in a storage means and defines a distance serving as a reference for approving the login of the user or information related to the distance;
When the login is executed, specifying means for specifying the user who instructs the execution of the login as a specific user based on user information regarding the user executing the login;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the login is executed;
an authorization processing unit that performs an authorization process for approving execution of the login based on a determination result of the determination process at a login execution timing when the login is executed;
Equipped with
The determination processing means, as the determination process,
Difference information indicating the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing is provided at the login execution timing or a login execution related timing related to the login execution timing. Execute the location information acquisition process,
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

(16) Furthermore, in order to solve the above problems, the present invention includes:
A program that approves login when logging into a given network service provided to a user,
management means for managing reference distance-related information, which is information registered in advance in a storage means and defines a reference distance for approving the user's login or information related to the distance;
When the login is executed, specifying means for specifying the user who instructs the execution of the login as a specific user based on user information regarding the user executing the login;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the login is executed; and
Approval processing means for performing an approval process for approving execution of the login based on the determination result of the determination process at the login execution timing when the login is executed;
make the computer function as
The determination processing means, as the determination process,
Difference information indicating the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing is provided at the login execution timing or a login execution related timing related to the login execution timing. Execute the location information acquisition process,
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

(17) Furthermore, in order to solve the above problems, the present invention includes:
An approval method for approving a login when logging into a given network service provided to a user, the method comprising:
managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving the login of the user or information related to the distance;
When the login is executed, the user who instructs the execution of the login is identified as a specific user based on user information regarding the user executing the login;
executing a determination process for determining whether or not the specific user when the login is executed satisfies given user conditions;
performing an approval process for approving execution of the login based on a determination result of the determination process at a login execution timing when the login is executed;
including;
Difference information indicating the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing is provided at the login execution timing or a login execution related timing related to the login execution timing. Execute the location information acquisition process,
The method is configured to compare the acquired difference information and the reference distance related information, and execute a condition determination process to determine whether the result of the comparison satisfies a given user condition. There is.

With this configuration, the present invention can determine whether or not the specific user is appropriate by using the difference between the current location and the past location, rather than the specific user's location itself.

Therefore, the present invention can avoid unauthorized use of a user's account in an application, such as hijacking, impersonation, or hacking, while taking into account the acquisition of personal information in a given network service.

FIG. 1 is a system configuration diagram showing the configuration of a network service providing system in one embodiment. 1 is an example of a functional block diagram showing the configuration of a service management server device according to an embodiment; FIG. It is an example of the functional block diagram which shows the structure of the server apparatus for approval of one embodiment. FIG. 2 is a diagram for explaining an approval process executed in the approval server device of one embodiment and an authenticity determination process that is a criterion for the approval process. It is a figure showing an example of reference distance related information stored in a position related information storage part of one embodiment. It is a flowchart which shows the operation regarding the approval process performed by the server device for approval of one embodiment. FIG. 2 is a system configuration diagram showing the configuration of a network service providing system in Modification 1 of one embodiment. FIG. 7 is a diagram for explaining an approval process executed by an approval server device when a given action is executed on a terminal device in a first modification of one embodiment. FIG. 3 is a system configuration diagram showing the configuration of a network service providing system in a second modification of the first embodiment. FIG. 12 is a system configuration diagram showing the configuration of a network service providing system in a seventh modification of the first embodiment.

Embodiments according to the present invention will be described below with reference to the drawings.

The embodiment described below describes a service management server device that manages a network service, a terminal device used by a user who enjoys a network service, and an authorization device that approves an action of the network service. This is an embodiment in which the approval system, network service management system, etc. of the present application are applied to a network service providing system using a network having a server device.

In particular, the network service of this embodiment will be explained by taking as an example the buying and selling of products or the provision of services by electronic means on a network or computer.

[1] Overview of network service providing system First, the overview and system configuration of the network service providing system S1 of this embodiment will be explained using FIG.

Note that FIG. 1 is a system configuration diagram showing the configuration of the network service providing system S1 in this embodiment.

Moreover, in order to prevent the diagram from becoming complicated, FIG. 1 shows only the terminal devices 20 used by some users. That is, in the actual network service providing system S1, there are more terminal devices 20 than shown in FIG.

(System overview)
As shown in FIG. 1, the network service providing system S1 of this embodiment is a system for providing services (that is, network services) to users using a network.

The network service providing system S1 has a configuration that allows users to properly use the network service while avoiding unauthorized use of the network service, such as hijacking, impersonation, or hacking of the user's account. have.

In particular, the network service providing system S1 of this embodiment provides network services such as banking services for financial institutions, reservation services for restaurants, inns, transportation facilities, etc., product sales services, SNS services, games, music, and videos. It has a configuration for providing content provision services such as , cloud services such as various applications such as e-mail, or information provision services including search and advertising to users.

(System configuration)
As shown in FIG. 1, the network service providing system S1 of this embodiment includes a service management server device 10 that executes various processes for managing network services, and a service management server device 10 that executes various processes for managing network services. Terminal devices 20 (e.g., terminal devices 20A, 20B, 20C) connected to the device 10 and used by users who provide network services, and various devices that operate in conjunction with the service management server device 10 and approve network services. It consists of an approval server device 30 that executes processing.

The service management server device 10 is an information processing device that executes various processes related to network services using, for example, an API (application programming interface) or a predetermined platform.

In particular, the service management server device 10 has functions for providing services to users, including logging in users to network services, and when communicating between users, It has functions for such cooperation.

Further, the service management server device 10 may be composed of one (device, processor) or a plurality of (devices, processors).

In addition, when storing information regarding each network service used by a user, the service management server device 10 uses a distributed ledger technology such as blockchain that is difficult to tamper with, and stores information on multiple databases (not shown). ).

The terminal device 20 is a communication terminal device configured by an information processing device such as a PC (personal computer), a tablet type information communication terminal device, a smartphone, a mobile phone, or an HMD used by a user.

The terminal device 20 is a device that can be connected to the service management server device 10 via a network such as the Internet (WAN) or LAN, and establishes a communication line with the service management server device 10 by wire or wirelessly. It has a configuration for exchanging various data.

The terminal device 20 also has a communication control function for communicating with the service management server device 10 such as input information input by the user, a function to acquire the user's current location, and a service management server device 10. It has a configuration that includes a display function that performs display control using data received from the device 10.

Similar to the service management server device 10, the approval server device 30 performs various processes for approving a given action of a network service using, for example, an API (application programming interface) or a predetermined platform. This is an information processing device that executes.

Further, like the service management server device 10, the approval server device 30 may be configured with one device (processor) or may be configured with a plurality of devices (processors).

The approval server device 30 has a configuration that executes an approval process for approving the corresponding network service by determining whether or not the user is appropriate based on the user's location difference information. are doing.

[2] Service Management Server Device Next, the service management server device 10 of this embodiment will be described using FIG. 2.

Note that FIG. 2 is an example of a functional block diagram showing the configuration of the service management server device 10 of this embodiment.

The service management server device 10 of this embodiment includes a processing section 100, a storage section 170, an information storage medium 180, and a communication section 196, as illustrated in FIG.

Note that the service management server device 10 does not need to include all of the parts shown in FIG. 2, and may have a configuration in which some of them are omitted.

The storage unit 170 serves as a work area for the processing unit 100 and the like, and its functions can be realized by hardware such as RAM (VRAM).

Specifically, the storage unit 170 includes a main storage unit 171 that is used as a work area when performing various processes, and a user information storage unit 172 that stores user information.

Note that the storage unit 170 of this embodiment may have a configuration in which part of the configuration, such as the main storage unit 171 and the user information storage unit 172, is omitted.

The information storage medium 180 is readable by a computer, and programs, data, etc. are stored in the information storage medium 180. That is, the information storage medium 180 stores a program for making the computer function as each part of this embodiment (a program for making the computer execute the processing of each part).

Note that the processing unit 100 can perform various processes of this embodiment based on data read from the program (data) stored in the information storage medium 180.

For example, the information storage medium 180 is an optical disk (CD, DVD), a magneto-optical disk (MO), a magnetic disk, a hard disk, a flash memory such as a solid state drive, a magnetic tape, a memory (ROM), or a memory card. .

The communication unit 196 performs various controls for communicating with the outside (for example, the terminal device 20 or the approval server device 30), and its functions are performed by hardware such as various processors or communication ASICs. It is composed of programs, etc.

The processing unit 100 performs various processes of this embodiment based on programs (data) stored in the storage unit 170.

Note that the processing unit 100 of this embodiment reads programs and data stored in the information storage medium 180, temporarily stores the read programs and data in the storage unit 170, and performs processing based on the programs and data. You may do so.

Further, the processing unit 100 (processor) performs various processes using the main storage unit 171 in the storage unit 170 as a work area. The functions of the processing unit 100 can be realized by hardware such as various processors (CPU, DSP, etc.) and programs.

Specifically, the processing unit 100 includes a communication control unit 101 , a service provision management control unit 102 , a user information management control unit 103 , and a timer management unit 110 .

The communication control unit 101 establishes a communication line with the terminal device 20, the approval server device 30, etc. via the network, and communicates with each other.

The service provision management control unit 102 works in conjunction with the user's terminal device 20 and executes processing for managing transactions.

Specifically, the service provision management control unit 102 executes various processes such as logging in from a user and providing the various services described above.

In particular, the service provision management control unit 102 works in conjunction with the approval server device 30, and receives, for example, the result of the approval process in the approval server device 30 when an action related to a service is executed, and based on the received result. Then, each process related to execution or cancellation of the action is executed.

The user information management control unit 103 manages user information.

Specifically, the user information management control unit 103 registers and updates information necessary for logging into a service and information necessary for providing a service in the user information storage unit 172, for example. management.

The timer management unit 110 has a function of measuring from the current date and time or a predetermined timing, and outputs the current time and measurement results when the predetermined timing arrives.

[3] Approval Server Apparatus Next, the approval server apparatus 30 of this embodiment will be described using FIG. 3.

Note that FIG. 3 is an example of a functional block diagram showing the configuration of the approval server device 30 of this embodiment.

The approval server device 30 of this embodiment includes a processing section 300, a storage section 370, an information storage medium 380, and a communication section 396, as illustrated in FIG.

Note that the approval server device 30 does not need to include all of the parts shown in FIG. 3, and may have a configuration in which some of them are omitted.

The storage unit 370 serves as a work area for the processing unit 300 and the like, and its functions can be realized by hardware such as RAM (VRAM).

Specifically, the storage unit 370 has a main storage unit 371 that is used as a work area used when executing various processes, and a distance that serves as a reference for determining whether each user is appropriate. or information related to the distance (hereinafter referred to as "reference distance related information"), and information related to the user's location acquired from the terminal device 20 at each predetermined timing (hereinafter referred to as "location related information"). .) is stored.

In particular, the location-related information storage unit 372 stores, for each user of a network service, the distance or Reference distance related information in which information related to the distance is defined is stored.

Note that the storage unit 370 of this embodiment may have a configuration in which part of the configuration, such as the main storage unit 371 and the position-related information storage unit 372, is omitted.

The information storage medium 380 is readable by a computer, and programs, data, etc. are stored in the information storage medium 180. That is, the information storage medium 380 stores a program for causing the computer to function as each unit of this embodiment (a program for causing the computer to execute the processing of each unit).

Note that the processing unit 300 can perform various processes of this embodiment based on data read from the program (data) stored in the information storage medium 380.

For example, the information storage medium 380 is an optical disk (CD, DVD), a magneto-optical disk (MO), a magnetic disk, a hard disk, a flash memory such as a solid state drive, a magnetic tape, a memory (ROM), or a memory card. .

The communication unit 396 performs various controls for communicating with the service management server device 10, and its functions are configured by hardware such as various processors or communication ASICs, programs, etc. .

The processing unit 300 performs various processes of this embodiment based on programs (data) stored in the storage unit 170. Note that the processing unit 300 of this embodiment reads programs and data stored in the information storage medium 380, temporarily stores the read programs and data in the storage unit 170, and performs processing based on the programs and data. You may do so.

Further, the processing unit 300 (processor) performs various processes using the main storage unit in the storage unit 370 as a work area. The functions of the processing unit 300 can be realized by hardware such as various processors (CPU, DSP, etc.) or by a program.

Specifically, the processing section 300 includes a communication control section 301 , a location information management section 302 , a determination processing section 303 , an approval processing section 304 , a timer management section 310 , and an information provision section 311 .

The communication control unit 301 establishes a communication line with the service management server device 10 and the like via the network, and communicates with the service management server device 10 and the like.

The location information management unit 302 manages reference distance related information for each user, and also manages location related information of each user transmitted from each terminal device 20 at each predetermined timing as history information. .

The determination processing unit 303 determines a given timing such as a timing for executing a network service (hereinafter referred to as "action execution timing") or a timing related to the action execution timing (hereinafter referred to as "action execution related timing"). At the timing of , the user (hereinafter referred to as the "specific user") who instructs the execution of a given action on the network service based on the applicable standard distance related information for each user is appropriate (i.e., genuine). A determination process (hereinafter referred to as "authenticity determination process") is executed to determine whether or not the authenticity determination process is true.

In particular, the determination processing unit 303 is a process executed by a user's instruction or a program, such as executing or canceling a reservation for a service or purchasing a product, uploading a comment or image, or sending it to another user. , executes an authenticity determination process to determine the authenticity of a specific user who instructs to execute an action such as downloading video or photo data, or processing related to the above-mentioned network services such as using an application.

When an action for a network service is executed, the approval processing unit 304 executes an approval process to determine whether or not to approve the action based on the result of the authenticity determination process.

The timer management unit 310 has a function of measuring from the current date and time or a predetermined timing, and outputs the current time and measurement results when the predetermined timing arrives.

The information providing unit 311 provides the service management server device 10 with approval judgment result information indicating the judgment result of the approval process.

[4] Method of this embodiment [4.1] Overview Next, referring to FIG. 4, the approval process executed by the approval server device 30 of this embodiment and the authenticity determination process that is the criterion for the approval process will be described. I will explain about it.

Note that FIG. 4 is a diagram for explaining the approval process executed in the approval server device 30 of this embodiment and the authenticity determination process that is a criterion for the approval process.

The approval server device 30 of the present embodiment is used for specific use in order to instruct execution of a given action of a network service in the service management server device 10 at an action execution timing or at an action execution related timing. The system has a configuration that executes an approval process that determines whether the specific user is legitimate (that is, its authenticity) and approves whether the specific user is a legitimate user based on the result. are doing.

In other words, the approval server device 30 of the present embodiment can execute or cancel service reservations and product purchases, upload and send comments and images to other users, download video and photo data, or download applications. This is a device for approving execution of a given action of a network service based on the location of a specific user when a given action of a network service, such as the use of a network service, is executed.

On the other hand, in order to restrict the acquisition of personal information such as the user's location, the approval server device 30 of the present embodiment does not use the user's location itself, but the user's information acquired at a given timing. It has a configuration that determines the authenticity of a specific user by using the difference in position between points.

That is, the approval server device 30 of this embodiment performs approval processing to approve whether or not a given action of a network service is being executed by a valid user, based on the location of the specific user. Rather, it has a configuration that allows the authenticity of a specific user to be determined by using the difference between the current location and the past location.

Specifically, as shown in FIG. 4, the service management server device 10 of this embodiment uses pre-registered information that serves as a standard for approving the execution of an action by a corresponding user. It has a configuration for managing distance-related information.

In particular, it is preferable that the reference distance related information be stored in association with each user who executes a given action of the network service.

Further, as shown in FIG. 4, when an action is executed, the service management server device 10 selects a user who instructs the execution of the action based on user information regarding the user who executes the action. , has a configuration to be specified as a specific user.

Then, as shown in FIG. 4, the service management server device 10 performs a determination process (specifically, , authenticity determination processing), and performs an approval process for approving execution of the action based on the determination result of the authenticity determination processing at the action execution timing when the action is executed.

In particular, the service management server device 10, as shown in FIG.
(A1) Location information acquisition processing that acquires, at an action execution timing or an action execution related timing, difference information indicating the difference between the current location of a specific user at the relevant timing and the location of the specific user at a past timing. Run
(A2) A configuration that executes condition determination processing that compares the acquired difference information and reference distance related information of a specific user and determines whether the result of the comparison satisfies a given user condition. have.

Note that the service management server device 10 has a configuration that provides the result of the approval process to the service management server device 10, as shown in FIG.

FIG. 4 also shows acquisition of position difference information specified from position information based on a GPS signal transmitted from the GPS satellite 40, and transmission of the acquired position difference information to an approval server via the service management server device 10. An example of the terminal device 20 that transmits information to the device 30, sends a registration instruction to a network service, sends an instruction to execute a given action, receives the result of an approval process, and receives the result of the execution of the action is shown. has been done.

In particular, FIG. 4 shows an example in which a notebook (laptop) personal computer is used as the terminal device 20.

FIG. 4 shows registration processing for network services, management of user-related information used to execute various processes related to network services, execution of a given action for network services, and information related to the execution of the actions. An example of a service management server device 10 that performs processing is shown.

Furthermore, FIG. 4 shows a registration request for reference distance related information from the service management server device 10, acquisition of location difference information based on the current location of the terminal device 20, specific user identification processing, and authenticity determination processing (location An example of an approval server device 30 that executes an information acquisition process and a condition determination process), an approval process that approves execution of an action, and a provision process that provides a result of the approval process is disclosed.

By having such a configuration, the approval server device 30 of this embodiment uses the difference between the current location and the past location, rather than the location of the specific user, to determine the appropriateness of the specific user. It is now possible to determine whether or not.

The approval server device 30 of this embodiment takes into consideration the acquisition of personal information in a given network service, and prevents unauthorized use in applications such as hijacking, impersonation, or hacking of user accounts. It is now possible to avoid this.

[4.2] Reference Distance Related Information and Position Difference Information Next, reference distance related information and position difference information of this embodiment will be described using FIG. 5.

Note that FIG. 5 is a diagram showing an example of reference distance related information stored in the position related information storage unit of this embodiment.

(Reference distance related information)
Reference distance-related information is information that specifies a distance or information related to the distance that serves as a reference for determining the authenticity of a user who has instructed an action on a network service, and is information that specifies a distance that serves as a reference for determining the authenticity of a user who has instructed an action on a network service, and information that is related to the distance. This information indicates the difference in the authenticity of the user (positional difference that allows identification) when moving from the location where the user moved.

The reference distance related information is stored in the position related information storage unit 372 in association with user identification information (UID) for each user.

In other words, the reference distance-related information is information that serves as a criterion when determining the authenticity of a user (i.e., a specific user) who has instructed an action for a network service, and is the information that serves as a criterion when determining the authenticity of a user who has instructed an action for a network service. This information specifies the maximum movement range between points.

For example, the reference distance related information may be information indicating a difference in longitude and latitude, or a difference in distance. If one of the latitudes can be limited, this information indicates either one of the latitudes.

Then, when a user newly registers for a network service, the reference distance-related information is generated based on location-related information for each user identification information based on operation input of each user's terminal device 20 via the service management server device 10. The information is stored in the information storage section 372.

For example, the reference distance related information is as shown in FIG.
(A1) User ID (UID) as user identification information, and
(A2) Difference in longitude and latitude,
is included.

Note that the reference distance related information may specify a range of heights between two points of the user. For example, when the reference distance related information indicates height information, the reference distance related information becomes information indicating a difference in height indicating the difference between the previous height above the ground and the current height above the ground. However, the reference distance related information may be only height information, or may be included together with the above-mentioned difference in longitude and latitude, or information indicating a difference in distance.

Further, the reference distance related information may be stored in the position related information storage unit 372 not for each user but for all users or for each user attribute.

For example, the user attributes include the user's nationality, address, or residence, or the frequency of logging into the electronic commerce service or the frequency of performing an action.

In this case, for example, the distance difference in the reference distance related information may be changed depending on the user's nationality or address, or the distance difference may be increased if the login frequency or action execution frequency is high.

(Position difference information)
The position difference information of this embodiment is similar to the reference distance related information, for example, two points of longitude and latitude.
It consists of differences between points or differences in distance.

In particular, the position difference information of this embodiment is information on position differences calculated by each terminal device 20 of the user, and is provided at each action execution timing or action execution related timing when a network service is provided. The information is provided from the terminal device 20 to the approval server device 30 via the service management server device 10 or directly.

For example, the location difference information may include the previous action execution timing when a network service is being provided, and the current action execution timing of the terminal device 20 when the network service is being provided. This is a difference in longitude and latitude based on position, a difference in distance, a difference in height, or a difference in both. However, the previous action execution timing may be the action execution timing before the previous one, the previous action execution timing, or any timing in the past.

Further, the position difference information in this embodiment is specified by each terminal device 20 using a GPS signal or the like, and is basically provided from each terminal device 20 to the approval server device 30.

Note that the position difference information is provided to the approval server device 30 via the service management server device 10. However, the position difference information may be provided directly from each terminal device 20 to the approval server device 30.

In addition, as with reference distance related information, in the case of longitude and latitude, in the case of regions or national land that are long from east to west or north to south, if either longitude or latitude can be specified, then either one may be used. good.

The position difference information is stored in the position-related information storage section 372 in association with user identification information (UID) for each user, similarly to the reference distance-related information.

In particular, when location difference information for each user is acquired at each action execution timing when a network service is provided or at each action execution related timing, new location difference information is registered. Then, the position difference information registered in the past is stored in the position-related information storage section 372 as history information.

Note that the timing related to action execution includes, for example, any timing specified by the user, random timing, timing before the action execution timing, and every predetermined period (every day or every week). etc.) and the timing of arrival.

[4.3] Management of reference distance related information and position difference information Next, regarding the management of the user's reference distance related information and position difference information, which is a process executed in the approval server device 30 of this embodiment. explain.

The location information management unit 302 works in conjunction with the service management server device 10, and performs a given action for the network service for each user at a given timing, such as when the user registers for the network service. The reference distance related information, which is a reference for determining the authenticity of the instructed user, is acquired and registered in the location related information storage section 372.

In addition, when the location information management unit 302 acquires location difference information of a specific user at the action execution timing, at the action execution related timing, or for each action execution related timing, the location information management unit 302 registers the acquired location difference information in the location related information storage unit 372 in correspondence with each user.

In particular, the location information management unit 302 registers the location difference information for each specific user obtained through the specific process in the location-related information storage unit 372 at the action execution timing.

Then, when new position difference information is registered, the position information management unit 302 updates the previously registered position difference information as history information.

The location information management unit 302 also stores information related to action execution, such as arbitrary timing specified by the user, random timing, timing before the action execution timing arrives, or timing that arrives every predetermined period. When the position difference information of a specific user is acquired at each timing, the acquired position difference information is associated with each user and registered in the position-related information storage unit 372 as history information.

Note that, for example, the timing that arrives every predetermined period may be the timing requested by the e-commerce service provider (for example, once or the timing of using the e-commerce service), for example, one day or one week. This includes a specific timing, such as once per day, or the timing of logging into an electronic commerce service.

[4.4] Specification Processing Next, the specification processing in which a network service is executed, which is a process executed in the approval server device 30 of this embodiment, will be described.

The location information management unit 302 works in conjunction with the service management server device 10 to identify a specific user (that is, a person who will become a specific user in the future) when executing an approval process or an authenticity determination process. (including expected users).

In particular, the location information management unit 302 identifies the user based on the user ID that has logged into the network service.

Specifically, the location information management unit 302 receives the user identification information (for example, UID) of the user (that is, the user) transmitted from the service management server device 10 via the communication control unit 301.

The location information management unit 302 also searches the location-related information storage unit 372 based on the received user identification information of the user (hereinafter referred to as “receiving user identification information (receiving user ID)”).

When the location information management unit 302 detects user identification information that matches the received user identification information and is stored in the location-related information storage unit 372, the location information management unit 302 identify the person as a specific user.

Note that the user information is, for example, information such as a user ID registered in advance, or the user ID and password.

[4.5] Authenticity Determination Process Next, the authenticity determination process executed in the approval server device 30 of this embodiment will be described.

(Summary of authenticity determination process)
The determination processing unit 303 determines whether or not the specific user who has given the instruction for the action is genuine at the action execution timing when the action for the network service is performed.

In addition, the determination processing unit 303 determines the authenticity of the specific user as a user who exists as a user (including organizations such as companies) who lives a social life in the real world, and who does not belong to anti-social forces. Determine.

Specifically, the determination processing unit 303 performs the following as the authenticity determination process:
(A1) A location information acquisition process that acquires location difference information indicating the difference between the current location of a specific user and the location of the specific user at a past timing at an action execution timing or an action execution related timing, and
(A2) Compare the acquired position difference information with the reference distance related information of the user who becomes the corresponding specific user, and determine whether the result of the comparison satisfies the given user condition. Condition judgment processing,
Execute.

Then, the determination processing unit 303 determines the authenticity of the specific user based on the determination result of the executed condition determination process.

(location information acquisition process)
The determination processing unit 303 acquires the position difference information of the specific user from the service management server device 10 at the action execution timing when the action for the network service is executed in the terminal device 20 of the specific user.

In particular, the determination processing unit 303 determines the longitude and the current position of the action execution timing of the previous (that is, immediately previous) action for the network service and the current position of the action execution timing of the current network service for the specific user. The difference in latitude or the difference in distance is acquired from the service management server device 10 as position difference information.

Note that the determination processing unit 303 may directly acquire the position difference information from the corresponding terminal device 20 of the specific user.

In addition, the determination processing unit 303 uses past information such as the time before the previous time (the time before the previous time) or the time even before that, in place of the difference between the previous action execution timing and the current action execution timing in the position difference information. The difference between the action execution timing and the current action execution timing may be acquired as position difference information.

Then, each time the determination processing unit 303 acquires position difference information for each user, it registers it in the position-related information storage unit 372 in association with the already registered position difference information, and registers the position difference information for each user in the position-related information storage unit 372. Update the difference information as history information.

(Condition judgment processing)
The determination processing unit 303 performs condition determination processing by associating position difference information of a specific user acquired at the action execution timing when a given action for a network service is executed with a user who becomes the specific user. and the reference distance related information registered in the above information, and it is determined whether or not the result of the comparison satisfies the given user condition.

In particular, the determination processing unit 303 sets the user conditions such as, for example, that the distance indicated by the position difference information of the specific user falls within the distance range (for example, within 10 km) specified in the reference distance related information. Use the following conditions.

Further, in the authenticity determination process, the determination processing unit 303 determines that the specific user is authentic if the user conditions are met, and if the user conditions are not met, the determination processing unit 303 determines that the specific user is authentic. is determined to be inauthentic.

On the other hand, if the location difference information of the corresponding specific user is registered in the location-related information storage section 372 at each predetermined timing, the determination processing section 303 performs a process based on the history information of the corresponding specific user. Then, the condition determination process may be executed.

In this case, the determination processing unit 303 uses the position difference information indicated by the position difference information of the specific user acquired at the action execution timing and the corresponding specific user already registered in the position-related information storage unit 372. The condition determination process is executed based on the history information (position difference information) of the specific user and the reference distance related information registered as the user of the specific user.

In other words, in this case, the activity location of a specific user can be continuously recognized when executing a network service, so the difference between the current location and past location can be calculated while taking into account the acquisition of personal information. By using this, it is possible to determine the authenticity of a specific user.

Specifically, in this case, the determination processing unit 303 registers each position difference information of the corresponding user stored as history information of the specific user in association with the user who becomes the specific user. and the reference distance related information that has been provided, and determines whether all comparison results satisfy a given user condition.

Further, the determination processing unit 303 sets the user condition such that, for example, the position difference indicated by the position difference information of the specific user is within the distance range of the reference distance related information registered as the specific user. Use the following conditions.

Note that if the reference distance relationship information is stored for each attribute of the user, the determination processing unit 303 determines the attribute of the transaction source based on the already registered attributes when executing the condition determination process. may be specified, and reference distance related information may be acquired based on the specified attribute.

For example, already registered attributes include attributes specified based on information input by each user at a given timing, such as when registering for a commercial transaction service.

[4.6] Approval Process Next, the approval process executed in the approval server device 30 of this embodiment will be described.

The approval processing unit 304 approves the execution of the corresponding action if the specific user is determined to be authentic by the authenticity determination process at the action execution timing when a given action of the network service is executed. Execute approval process.

In particular, if the specific user is determined to be authentic by the authenticity determination process, the approval processing unit 304 approves the execution of the corresponding action, and if it is determined that the specific user is not authentic, the authorization processing unit 304 approves the execution of the corresponding action. , deny approval without approving the execution of the corresponding action.

Note that if the specific user is determined to be authentic through the authenticity determination process, the approval processing unit 304 determines that the specific user's identity has been verified, approves the execution of the corresponding action, and approves the specific user. If it is determined that the specific user is not authentic, it may be determined that the specific user's identity cannot be verified, and approval may be refused without approving the execution of the corresponding action. However, in this case, in order to increase the accuracy of the approval process, it may be used in conjunction with other authentication processes for verifying the identity, such as facial image authentication, two-step authentication, or one-time password.

[4.7] Providing Process Next, a providing process for providing the service management server device 10 with the result of the approval process executed in the approval server device 30 of this embodiment will be described.

When the information provision unit 311 rejects the approval through the approval process, the information providing unit 311 provides the service management server device 10 with result information indicating the result of the rejection through the approval process.

Note that at this time, the service management server device 10 notifies the corresponding terminal device 20 of the result information that the approval has failed, determines that the execution of the corresponding action has failed, and terminates the processing related to the corresponding action.

On the other hand, when the approval is successful in the approval process, the information providing unit 311 provides the service management server device 10 with result information indicating the result of the successful approval in the approval process.

Note that at this time, the service management server device 10 controls the execution of the corresponding action while notifying the corresponding terminal device 20 of the result information of the successful approval.

In addition to the above, the information providing unit 311 may provide the result information of the approval process to the terminal device 20 of the corresponding user via the service management server device 10 or directly.

Further, if the approval is successful in the approval process, the information providing unit 311 may provide the service management server device 10 with a notification that the specific user's identity has been confirmed. However, in this case, if the approval is rejected in the approval process, the information providing unit 311 determines that the specific user's identity cannot be verified and provides the service management server device 10 with a notification to that effect.

[5] Operation in this embodiment Next, the operation related to the approval process executed by the approval server device 30 of this embodiment will be described using FIG. 6.

Note that FIG. 6 is a flowchart showing the operation related to the approval process executed by the approval server device 30 of this embodiment.

In this operation, it is assumed that reference distance related information in which a distance serving as a reference for a plurality of users or information related to the distance is defined is registered in advance.

In addition, in this operation, it is assumed that the service management server device 10 is executing various processes related to network services with the corresponding terminal device 20, and the identification information and location difference information of the specific user have already been received from each terminal device 20. It is assumed that the information has been obtained.

First, when the location information management unit 302 receives a request for approval of a given action for a network service from the service management server device 10 (step S101), the location information management unit 302 receives a user request from the service management server device 10 to identify a specific user. The identification information is acquired as user information (step S102).

Next, the location information management section 302 searches the location-related information storage section 372 based on the acquired user identification information, and determines whether reference distance-related information based on the user identification information is stored in the location-related information storage section 372. It is determined whether or not there is one (step S103).

At this time, if the location information management unit 302 determines that the reference distance related information is stored in the location related information storage unit 372 in association with the acquired user identification information, the process proceeds to step S104. .

Further, if it is determined that the reference distance related information is not stored in the location related information storage unit 372 in association with any of the acquired user identification information, the information providing unit 311 provides a given information for the network service. A notification is sent to the service management server device 10 to the effect that approval for the execution of the action is rejected (step S111), and this operation is ended.

Next, if the location information management unit 302 determines that the reference distance related information is stored in the location related information storage unit 372 in association with the acquired user identification information, the location information management unit 302 selects the user corresponding to the user identification information. A specific process is executed to identify the user as a specific user who executes an action for the network service (step S104).

Next, the determination processing unit 303 executes a position information acquisition process to acquire position difference information indicating a position difference when executing a given action for the network service of the identified specific user from the service management server device 10. (Step S105).

Next, the determination processing unit 303 compares the acquired position difference information of the specific user with the reference distance related information, and determines whether the result of the comparison satisfies the given user condition. A sex determination process is executed (step S106).

At this time, if the determination processing unit 303 determines that the comparison result satisfies the given user condition, the process proceeds to step S107, and if the comparison result satisfies the given user condition. If it is determined that it has not been determined, the process moves to step S109.

Next, if the specific user is determined to be authentic by the authenticity determination process, the authorization processing unit 304 executes an authorization process to approve execution of a given action for the corresponding network service ( Step S107).

Next, the information providing unit 311 transmits a notification indicating that the execution of the corresponding action has been approved (that the approval has been successful) to the service management server device 10 (step S108), and ends this operation.

On the other hand, if it is determined that the specific user is not authentic, the approval processing unit 304 performs an approval process of refusing approval without approving execution of the corresponding action (step S109).

Next, the information providing unit 311 transmits a notification indicating that the approval of the corresponding action has not been successful to the service management server device 10 (step S111), and ends this operation.

[6] Modification [6.1] Modification 1
Next, a case where the above action is executed on the terminal device 20 such as an application will be described as a first modification of the above embodiment using FIGS. 7 and 8.

Note that FIG. 7 is a system configuration diagram showing the configuration of the network service providing system S2 in this modification, and FIG. 8 is a system configuration diagram showing a case where a given action is executed on the terminal device 20 in this modification. It is a figure for explaining approval processing performed by server device 30 for approval in .

The network service providing system S2 of this modification is a system for allowing users to enjoy network services using a given application registered in the terminal device 20, as shown in FIGS. 7 and 8.

In particular, the network service providing system S2 of this modification is an effective system for preventing a specific user from impersonating a legitimate user and using the terminal device 20 to execute a network service.

As shown in FIG. 7, the network service providing system S2 of this modification includes terminal devices 20 (for example, terminal devices 20A, 20B, and 20C) that directly execute network services with other terminal devices 20, and and an approval server device 30 that executes various processes for approval.

Specifically, the terminal device 20 uses a network service, for example, using an application, and also executes an action for the network service (that is, an action when the application executes processing on the network).

Then, when instructing execution of an action for the network service, the terminal device 20 transmits location difference information as a specific user to the approval server device 30, and also confirms that the terminal device 20 is approved as a specific user. control the execution of the action if the

At this time, the approval server device 30 is configured to manage distance reference information as a user, which is information registered in advance.

The approval server device 30 also identifies a specific user who instructs execution of an action for the network service based on the user information of the terminal device 20 that is the specific user sent from the terminal device 20 that executes the network service. It has a configuration that specifies.

Then, the approval server device 30, as shown in FIG.
(A1) Authenticity determination processing that determines the authenticity of a specific user when a given action for a network service is executed;
(A2) Approval processing for approving the network service based on the determination result of the authenticity determination processing at the action execution timing, and
(A3) Providing process of providing the result of the approval process to the terminal device 20 of the specific user;
It has a configuration that executes.

In particular, the approval server device 30 performs the authenticity determination process as in the above embodiment.
(A2-1) Indicate the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing in the action execution timing or the action execution related timing related to the action execution timing. a position information acquisition process for acquiring position difference information, and
(A2-2) Compare the acquired position difference information with the reference distance related information of the user who becomes the corresponding specific user, and check whether the result of the comparison satisfies the given user conditions. Judgment condition judgment processing,
It has a configuration in which the authenticity determination process is executed based on the determination result of the executed condition determination process.

Note that FIG. 8 shows acquisition of position difference information specified from position information based on a GPS signal transmitted from the GPS satellite 40, transmission of the acquired position difference information to the approval server device 30, and approval processing. An example of a terminal device 20 is shown that receives the results of a network service and performs a given action on a network service.

Furthermore, FIG. 8 shows management of reference distance related information, specific user identification processing, acquisition of location difference information based on the current location of the terminal device 20, authenticity determination processing (location information acquisition processing and condition determination processing), An example of an approval server device 30 that executes an approval process for approving execution of an action or a provision process for providing a result of the approval process is disclosed.

[6.2] Modification 2
Next, as a second modification of the present embodiment, a case where the service management server device 10 described above has each function of the approval server device 30 in the above embodiment will be described with reference to FIG.

Note that FIG. 9 is a system configuration diagram showing the configuration of the network service providing system S3 in this embodiment.

The service management server device 10 of this modification example verifies the authenticity of a specific user when a specific user performs a given action on a network service using user-related information about the managed user. The network service has a configuration that executes an authenticity determination process for determining the network service, and an approval process for approving the network service.

Specifically, the service management server device 10 is configured to manage distance reference information of a specific user, which is information registered in advance.

Further, the service management server device 10, as shown in FIG.
(A1) Authenticity determination processing that determines whether a specific user meets a given user condition when a given action for a network service is executed;
(A2) Approval processing for approving the network service based on the determination result of the authenticity determination processing at the action execution timing, and
(A3) Providing process of providing the result of the approval process to the terminal device 20 of the specific user;
It has a configuration that executes.

Then, the service management server device 10 performs the authenticity determination process as in the above embodiment.
(A2-1) Indicate the difference between the current position of the specific user at the relevant timing and the position of the specific user at a past timing in the action execution timing or the action execution related timing related to the action execution timing. a position information acquisition process for acquiring position difference information, and
(A2-2) Compare the acquired position difference information with the reference distance related information of the user who becomes the corresponding specific user, and check whether the result of the comparison satisfies the given user conditions. Judgment condition judgment processing,
It has a configuration in which the authenticity determination process is executed based on the determination result of the executed condition determination process.

[6.3] Modification 3
Next, as a third modification of the above embodiment, before executing a given action on a network service, the authenticity of a specific user is determined in advance, and an approval process is executed to approve the execution of the action based on the result. Let's explain the case.

(Characteristics of this modification)
In this modification, instead of performing the authenticity determination process and the approval process based on the location difference information of the specific user when executing a given action for a network service in the above embodiment, The feature is that an authenticity determination process is executed at a timing related to action execution, such as before or after the execution of the action, and based on the result of the authenticity determination process, the execution of the action is executed as an approval process. There is.

That is, the approval server device 30 of this modification example identifies a specific user at a stage before executing an action based on the user's position difference information acquired at a given timing or every predetermined timing. It has a configuration that determines the authenticity of a potential user.

Specifically, the approval server device 30:
(A1) As a location information acquisition process, for each predetermined timing related to action execution, the difference between the current location of the specific user at the relevant timing and the location of the specific user at a past timing is shown. Get position difference information,
(A2) Register the acquired position difference information in the position-related information storage unit 372 as history information of the corresponding user,
(A3) Either before a given action is executed for a network service or after the action is executed, the history information of the specific user and the information about the user as the specific user are collected. performing an authenticity determination process of comparing the registered reference distance related information and determining whether or not the result of the comparison satisfies the user condition;
It has a structure.

In particular, "before an action is executed" means the timing of logging into the network service (that is, the service management server device 10), the timing of executing a predetermined action such as saving data, or the predetermined timing (daily 0 (a predetermined time such as the hour). However, the timing is not limited as long as it is before the action execution timing.

Further, the approval server device 30 holds the results of the authenticity determination process, and executes the approval process based on the results of the authenticity determination process when executing an action.

On the other hand, after an action is executed, for example, the content of a comment is finalized and posted to a given web service, and after the content of the comment is confirmed, the posted comment is reflected in the web service. In this case, it indicates the timing of checking the contents of the comment or the timing of reflecting it on the web service.

[6.4] Modification 4
Next, as a fourth modification of the above embodiment, in the above embodiment or the above modification, when acquiring position difference information of a user, specifying the time when the position difference information is acquired, and A case will be described in which time information indicating . is used in the authenticity determination process.

The approval server device 30 of this modification acquires the position difference information of the user at the action execution timing, at the action execution related timing, or at each action execution related timing, and at that time, the position difference information is It has a configuration that specifies the time at which it was acquired.

The approval server device 30 of this modification has a configuration that executes the authenticity determination process based on each position difference information including time information indicating the specified time.

Specifically, when executing the authenticity determination process for a specific user using the time information of the position difference information, the determination processing unit 303 determines that the moving speed or acceleration of the user as the specific user is inconsistent. Determine whether or not there is.

For example, the determination processing unit 303 uses the time information associated with the previous position difference information, the time information associated with the currently acquired position difference information, and the distance between two points of the previous and current position difference information. The moving speed or acceleration of the specific user is calculated based on .

Then, the determination processing unit 303 determines that the calculated moving speed or acceleration corresponds to a predetermined value on the condition that the comparison result between the position difference information and the reference distance related information of the above embodiment meets the user condition. It is determined whether or not it is within the range, and if the calculated moving speed or acceleration is within a predetermined range, it is determined that the specific user is genuine.

In particular, the determination processing unit 303 determines whether the calculated moving speed or acceleration is less than or equal to a reference moving speed or acceleration (that is, a reference speed or reference acceleration) associated with the reference distance related information.

Then, the determination processing unit 303 determines that the specific user is genuine when the calculated moving speed or acceleration is equal to or less than the reference moving speed or reference acceleration.

Note that the time information in this modification is information indicating the period when the distance difference in the position difference information occurred (hereinafter referred to as "position difference period") instead of the information on the time when the position difference information was acquired. There may be.

That is, the information may be information for a position difference period from time information associated with the previous position difference information to time information associated with the currently acquired position difference information.

Also in this case, similarly to the above, the position difference period is used when calculating the moving speed or acceleration of the transaction target person.

[6.5] Modification 5
Next, as a fifth modification of the above embodiment, a case where a network service is executed based on the determination result of the authenticity determination process without executing the approval process in the above embodiment or the above modification. explain.

When the approval server device 30 of this modification determines that the specific user is authentic, the approval server device 30 provides the result to the service management server device 10 or terminal device 20 that executes a given action for the network service. It has a configuration that

Specifically, the approval server device 30 is configured to manage distance reference information of a specific user, which is information registered in advance.

The approval server device 30 also takes actions for the network service based on the user information of the terminal device 20, which is a specific user, sent from the service management server device 10 that executes the network service or the terminal device 20. It has a configuration that specifies a specific user who is the target of execution.

Then, the approval server device 30
(A1) Authenticity determination processing that determines the authenticity of a specific user when an action is executed;
(A2) A provision process of providing the determination result of the authenticity determination process to the service management server device 10 or the terminal device 20 at the action execution timing;
It has a configuration that executes.

In particular, the approval server device 30 performs the authenticity determination process as in the above embodiment.
(A2-1) A location for acquiring position difference information indicating the difference between the current position of a specific user at the relevant timing and the position of the specific user at a past timing at the action execution timing or action execution related timing. Information acquisition processing, and
(A2-2) Compare the acquired position difference information with the reference distance related information of the user who becomes the corresponding specific user, and check whether the result of the comparison satisfies the given user conditions. Judgment condition judgment processing,
It has a configuration in which the authenticity determination process is executed based on the determination result of the executed condition determination process.

[6.6] Modification 6
Next, as a sixth modification of the above embodiment, a case will be described in which network service approval processing is used for login processing in the above embodiment or modification.

The approval server device 30 of this modified example approves the specific user's login to the network service based on the determination result of the authenticity determination process at the timing of logging into the network service as the action execution related timing. It has a configuration for executing processing.

In particular, the approval server device 30 of this modification is as follows:
(A1) As the location information acquisition process, the current location of the specific user at the timing of logging into the network service, and the location of the specific user at past timing (for example, the timing of logging into the network service in the past), Obtain position difference information showing the difference between
(A2) When the login is executed, the acquired location difference information is compared with the registered reference distance related information of the user as the specific user, and the result of the comparison meets the user conditions. Executing an authenticity determination process to determine whether the
It has a structure.

Note that the approval server device 30 of this modification may perform the authenticity determination process at a timing related to login execution, such as before the user logs in to the network service.

In this case, the approval server device 30 of this modification may acquire the position difference information at another timing, such as when the user is not logged into the network service.

[6.7] Modification 7
Next, a network service providing system S4 composed of a plurality of server devices according to a seventh modification of the above embodiment will be described using FIG. 10.

Note that FIG. 10 shows the network service providing system S4 in modification example 7 of the embodiment.
FIG. 2 is a system configuration diagram showing the configuration of the system.

In the above embodiment or the above modification, the network service providing system S3 may be configured by a plurality of service management server devices 10 or a plurality of approval server devices 30.

That is, when the network service providing system S4 is configured by a plurality of service management server devices 10, the network service providing system S4 is configured to connect the specific user's terminal device 20 and the above-mentioned specific user, as shown in FIG. It has service management server devices 10A and 10B that execute processes related to users.

The service management server device 10A and the service management server device 10B establish a communication line via a network, mutually perform various processes, and execute various processes related to network services.

In addition, when the network service providing system S3 is configured by a plurality of approval server devices 30, the network service providing system S3 has a service management system that executes the process related to the above-mentioned specific user, as shown in FIG. Approval server devices 30A and 30B perform approval processing for specific users in conjunction with server devices 10A and 10B.

[7] Others The present invention is not limited to what has been described in the above embodiments, and various modifications can be made. For example, terms cited as broad or synonymous terms in the description or drawings can be replaced with broad or synonymous terms in other descriptions in the specification or drawings.

The present invention includes configurations that are substantially the same as those described in the embodiments (for example, configurations that have the same functions, methods, and results, or configurations that have the same objectives and effects). Further, the present invention includes a configuration in which non-essential parts of the configuration described in the embodiments are replaced. Further, the present invention includes a configuration that has the same effects or a configuration that can achieve the same purpose as the configuration described in the embodiment. Further, the present invention includes a configuration in which a known technique is added to the configuration described in the embodiment.

As mentioned above, the embodiments of the present invention have been described in detail, but those skilled in the art will easily understand that many modifications can be made without substantially departing from the novelty and effects of the present invention. . Therefore, all such modifications are included within the scope of the present invention.

S: Network service provision system 10: Service management server device 20: Terminal device 30: Approval server device 40: GPS satellite 100: Processing unit 101: Communication control unit 102: Service provision management control unit 103: User information management control unit 110: Timer management section 170: Storage section 171: Main storage section 172: User information storage section 180: Information storage medium 196: Communication section 300: Processing section 301: Communication control section 302: Location information management section 303: Determination processing section 304 : Approval processing unit 310 : Timer management unit 311 : Information providing unit 370 : Storage unit 371 : Main storage unit 372 : Location related information storage unit 380 : Information storage medium 396 : Communication unit

Claims (17)

An approval system that approves a given action when allowing a user to enjoy a given network service based on information provided from a terminal device having location information of the user, the system comprising:
a management means for managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance; ,
When the action is executed, identifying means for identifying a user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed;
Approval processing means that performs an approval process for approving execution of the action based on a determination result of the determination process at an action execution timing when the action is executed;
Equipped with
The determination processing means, as the determination process,
At the action execution timing or at an action execution related timing related to the action execution timing, without acquiring the location information of the specific user, the specific user's current location at the relevant timing and the identification at a past timing. Executing a location information acquisition process to acquire difference information indicating a difference between the user's location and the user's location from the terminal device ,
Approval characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether the result of the comparison satisfies a given user condition. system. The approval system according to claim 1,
The determination processing means
As the location information acquisition process, for each timing predetermined as the action execution related timing, a difference indicating the difference between the current location of the specific user at the relevant timing and the location of the specific user at a past timing. get information,
registering the obtained difference information in the storage means as history information of the corresponding user;
At the action execution timing, perform the condition determination process of comparing the history information of the specific user and the reference distance related information and determining whether the result of the comparison satisfies the user condition. Approval system. The approval system according to claim 1,
The determination processing means
As the location information acquisition process, for each timing predetermined as the action execution related timing, a difference indicating the difference between the current location of the specific user at the relevant timing and the location of the specific user at a past timing. get information,
registering the obtained difference information in the storage means as history information of the corresponding user;
Either before the action execution timing or after the action is executed, the history information of the specific user and the reference distance related information are compared, and the result of the comparison is the use An approval system that executes the condition determination process for determining whether or not a person's condition is met. In the approval system according to any one of claims 1 to 3,
An approval system, wherein the determination processing means executes, as the determination process, an authenticity determination process that determines the authenticity of the specific user when the action is executed, based on the determination result of the condition determination process. . In the approval system according to any one of claims 1 to 3,
The determination processing means
As the position information acquisition process, when acquiring the difference information, acquire time information indicating the time at the action execution timing or the action execution related timing,
The approval system determines, as the condition determination process, whether or not the difference information based on the time information satisfies the user condition with respect to the reference distance related information. In the approval system according to any one of claims 1 to 3,
An approval system further comprising providing means for providing the execution result of the action to a corresponding user. A program that approves a given action when allowing a user to enjoy a given network service based on information provided from a terminal device having location information of the user ,
management means for managing reference distance-related information, which is information registered in advance in a storage means and defines a reference distance for approving execution of the action by the user or information related to the distance;
When the action is executed, identifying means for identifying the user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed; and
Approval processing means for performing an approval process for approving execution of the action based on the determination result of the determination process at the action execution timing when the action is executed;
make the computer function as
The determination processing means, as the determination process,
At the action execution timing or at an action execution related timing related to the action execution timing, without acquiring the location information of the specific user, the specific user's current location at the relevant timing and the identification at a past timing. Executing a location information acquisition process to acquire difference information indicating a difference between the user's location and the user's location from the terminal device ,
A program characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether the result of the comparison satisfies a given user condition. . An approval method that uses a computer to approve a given action when allowing the user to enjoy a given network service, based on information provided from a terminal device having location information of the user. ,
managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance;
When the action is executed, the user who instructs the execution of the action is identified as a specific user based on user information regarding the user who executes the action;
executing a determination process for determining whether or not the specific user when the action is executed satisfies a given user condition;
performing an approval process for approving execution of the action based on a determination result of the determination process at an action execution timing when the action is executed;
including;
At the action execution timing or at an action execution related timing related to the action execution timing, without acquiring the location information of the specific user, the specific user's current location at the relevant timing and the identification at a past timing. Executing a location information acquisition process to acquire difference information indicating a difference between the user's location and the user's location from the terminal device ,
Approval characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether the result of the comparison satisfies a given user condition. Method. network services to a user, including performing approval for a given action in allowing the user to enjoy a given network service based on information provided by a terminal device having location information of the user; A network service provision system that provides services,
a management means for managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance; ,
When the action is executed, identifying means for identifying a user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed;
Approval processing means that performs an approval process for approving execution of the action based on a determination result of the determination process at an action execution timing when the action is executed;
Execution control means for controlling execution of the action when execution of the action is approved by the approval process;
Equipped with
The determination processing means, as the determination process,
At the action execution timing or at an action execution related timing related to the action execution timing, without acquiring the location information of the specific user, the specific user's current location at the relevant timing and the identification at a past timing. Executing a location information acquisition process to acquire difference information indicating a difference between the user's location and the user's location from the terminal device ,
A network characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether or not the result of the comparison satisfies a given user condition. Service delivery system. network services to a user, including performing approval for a given action in allowing the user to enjoy a given network service based on information provided by a terminal device having location information of the user; A program that provides services,
management means for managing reference distance-related information, which is information registered in advance in a storage means and defines a reference distance for approving execution of the action by the user or information related to the distance;
When the action is executed, identifying means for identifying the user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed;
an approval processing unit that performs an approval process for approving execution of the action based on a determination result of the determination process at an action execution timing when the action is executed;
Execution control means for controlling execution of the action when execution of the action is approved by the approval process;
make the computer function as
The determination processing means, as the determination process,
At the action execution timing or at an action execution related timing related to the action execution timing, without acquiring the location information of the specific user, the specific user's current location at the relevant timing and the identification at a past timing. Executing a location information acquisition process to acquire difference information indicating a difference between the user's location and the user's location from the terminal device ,
A program characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether the result of the comparison satisfies a given user condition. . Using a computer, the method comprises: performing approval for a given action in allowing the user to enjoy a given network service based on information provided from a terminal device having location information of the user ; A network service provision method for providing network services to the user, the method comprising:
managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance;
When the action is executed, the user who instructs the execution of the action is identified as a specific user based on user information regarding the user who executes the action;
executing a determination process for determining whether or not the specific user when the action is executed satisfies a given user condition;
performing an approval process for approving execution of the action based on a determination result of the determination process at an action execution timing when the action is executed;
controlling execution of the action when execution of the action is approved by the approval process;
including;
At the action execution timing or at an action execution related timing related to the action execution timing, without acquiring the location information of the specific user, the specific user's current location at the relevant timing and the identification at a past timing. Executing a location information acquisition process to acquire difference information indicating a difference between the user's location and the user's location from the terminal device ,
A network characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether or not the result of the comparison satisfies a given user condition. How we provide our services. A user determination system that makes a determination regarding a given user regarding a given action when allowing the user to enjoy a given network service based on information provided from a terminal device having the user's location information. hand,
a management means for managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance; ,
When the action is executed, identifying means for identifying a user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed;
providing means for providing a determination result of the determination process to an information processing device that executes the action;
Equipped with
The determination processing means, as the determination process,
At an action execution timing at which the action is executed or at an action execution related timing related to the action execution timing, the specific user's current location at the relevant timing and the past Execute a location information acquisition process of acquiring from the terminal device difference information indicating the difference between the specific user's location at the timing of , and
A use characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether or not the result of the comparison satisfies a given user condition. person judgment system. A program that makes a determination regarding a given user regarding a given action when allowing the user to enjoy a given network service based on information provided from a terminal device having the user's location information, the program comprising:
management means for managing reference distance-related information, which is information registered in advance in a storage means and defines a reference distance for approving execution of the action by the user or information related to the distance;
When the action is executed, identifying means for identifying the user who instructs the execution of the action as a specific user based on user information regarding the user who executes the action;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the action is executed; and
providing means for providing the determination result of the determination process to an information processing device that executes the action;
make the computer function as
The determination processing means, as the determination process,
At an action execution timing at which the action is executed or at an action execution related timing related to the action execution timing, the specific user's current location at the relevant timing and the past Execute a location information acquisition process of acquiring from the terminal device difference information indicating the difference between the specific user's location at the timing of , and
A program characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether the result of the comparison satisfies a given user condition. . Utilization that uses a computer to make judgments regarding a given user regarding a given action when allowing the user to enjoy a given network service, based on information provided from a terminal device that has the user's location information. A method for determining the identity of a person,
managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving execution of the action by the user or information related to the distance;
When the action is executed, the user who instructs the execution of the action is identified as a specific user based on user information regarding the user who executes the action;
executing a determination process for determining whether or not the specific user when the action is executed satisfies a given user condition;
providing a determination result of the determination process to an information processing device that executes the action,
At an action execution timing at which the action is executed or at an action execution related timing related to the action execution timing, the specific user's current location at the relevant timing and the past Execute a location information acquisition process of acquiring from the terminal device difference information indicating the difference between the specific user's location at the timing of , and
A use characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether or not the result of the comparison satisfies a given user condition. method of determining the person. An approval system that approves a login when logging into a given network service provided to a user based on information provided from a terminal device having location information of the user, the system comprising:
a management means for managing reference distance-related information that is registered in advance in a storage means and defines a distance serving as a reference for approving the login of the user or information related to the distance;
When the login is executed, specifying means for specifying the user who instructs the execution of the login as a specific user based on user information regarding the user executing the login;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the login is executed;
an authorization processing unit that performs an authorization process for approving execution of the login based on a determination result of the determination process at a login execution timing when the login is executed;
Equipped with
The determination processing means, as the determination process,
At the login execution timing or the action execution related timing related to the login execution timing , without acquiring the location information of the specific user, the current location of the specific user at the relevant timing and the identification at a past timing. Executing a location information acquisition process to acquire difference information indicating a difference between the user's location and the user's location from the terminal device ,
Approval characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether the result of the comparison satisfies a given user condition. system. A program that approves login when logging into a given network service provided to a user based on information provided from a terminal device having location information of the user ,
management means for managing reference distance-related information, which is information registered in advance in a storage means and defines a reference distance for approving the user's login or information related to the distance;
When the login is executed, specifying means for specifying the user who instructs the execution of the login as a specific user based on user information regarding the user executing the login;
determination processing means for performing determination processing for determining whether or not the specific user meets a given user condition when the login is executed; and
Approval processing means for performing an approval process for approving execution of the login based on the determination result of the determination process at the login execution timing when the login is executed;
make the computer function as
The determination processing means, as the determination process,
At the login execution timing or the action execution related timing related to the login execution timing , without acquiring the location information of the specific user, the current location of the specific user at the relevant timing and the identification at a past timing. Executing a location information acquisition process to acquire difference information indicating a difference between the user's location and the user's location from the terminal device ,
A program characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether the result of the comparison satisfies a given user condition. . An approval method that uses a computer to approve a login when logging into a given network service provided to the user, based on information provided from a terminal device having location information of the user. ,
managing reference distance related information which is information registered in advance in a storage means and defines a distance serving as a reference for approving the login of the user or information related to the distance;
When the login is executed, the user who instructs the execution of the login is identified as a specific user based on user information regarding the user executing the login;
executing a determination process for determining whether or not the specific user when the login is executed satisfies given user conditions;
performing an approval process for approving execution of the login based on a determination result of the determination process at a login execution timing when the login is executed;
including;
At the login execution timing or the action execution related timing related to the login execution timing , without acquiring the location information of the specific user, the current location of the specific user at the relevant timing and the identification at a past timing. Executing a location information acquisition process to acquire difference information indicating a difference between the user's location and the user's location from the terminal device ,
Approval characterized in that the acquired difference information and the reference distance related information are compared and a condition determination process is executed to determine whether the result of the comparison satisfies a given user condition. Method.

Images