WO2004053759A1 - 個人情報管理システム、仲介システム、および端末装置 - Google Patents
個人情報管理システム、仲介システム、および端末装置 Download PDFInfo
- Publication number
- WO2004053759A1 WO2004053759A1 PCT/JP2002/012988 JP0212988W WO2004053759A1 WO 2004053759 A1 WO2004053759 A1 WO 2004053759A1 JP 0212988 W JP0212988 W JP 0212988W WO 2004053759 A1 WO2004053759 A1 WO 2004053759A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- personal information
- user
- service
- terminal device
- service provider
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/18—Payment architectures involving self-service terminals [SST], vending machines, kiosks or multimedia terminals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Definitions
- the present invention relates to a system for managing personal information of a user.
- service providers have conventionally required input of a user ID and a passcode when determining whether or not a user who is going to receive a service is a legitimate user, and these inputs are not correct. Authenticated as a legitimate user.
- the following technologies have been proposed to manage personal information.
- the invention described in Japanese Unexamined Patent Application Publication No. 2002-992829 is connected to a network.
- customer information personal information
- customer management system is integrally stored in a database of a customer management system.
- the user publishes the title of the information to be provided at the information mediation terminal.
- the person who wants to obtain the information displays the title on the terminal's Web browser and specifies it.
- the user terminal transmits the information to the information mediation terminal when notified that the designation has been made.
- the information intermediary terminal holds the information so that the terminal of the service provider can acquire the information.
- the present invention provides a service provider with personal information necessary for receiving a service while securely managing the user's personal information by himself / herself.
- the purpose is to make the service available. Disclosure of the invention
- a personal information management system includes: a service provider system of a service provider; a terminal device of a user who wants to receive a service provided by the service provider; and personal information of the user to the service provider. And a mediation system that mediates for giving.
- the terminal device of the user has personal information storage means for storing personal information on one or more items of the user, and whether or not the user has authority to use the terminal.
- Personal authentication means for performing such authentication; and personal information transmission means for transmitting personal information of the user in accordance with a command from the mediation system.
- the service provider system of the service provider includes personal information requesting means for requesting the mediation system for the user's personal information on items necessary for the service provider to provide the service; Personal information receiving means for receiving the personal information of the user from the terminal device of the user.
- the intermediary system includes: a terminal suitability determination unit configured to determine whether the terminal device of the user is suitable for use for receiving the service; and a personal information request of the service provider system of the service provider.
- the personal information of the user for the necessary item requested by the means is transmitted to the personal authentication unit of the terminal device of the user, the user is authenticated as a person having the authority, and the terminal suitability determination unit is used.
- Transmission command means for instructing the terminal device to transmit to the service provider system when the terminal device is determined to be suitable for use for receiving the service by the terminal device And are provided.
- the service provider is An item storage means is provided for storing item information indicating items of personal information necessary for providing a service before starting reception of the service. Then, the transmission command means issues a command to transmit the personal information of the user regarding the item indicated in the item information.
- the item storage means may include, as the item information, first item information indicating an item of personal information directly necessary for the service provider, and personal information required for a secondary business acting on behalf of the service business.
- the transmission command means transmits the user's personal information for the item indicated in the first item information to the service provider, and stores the second item information indicating the item.
- the personal information transmitting unit issues an instruction to transmit the personal information of the user regarding the item indicated by the second item information to the secondary business, or the personal information transmitting unit transmits the personal information of the user, Each destination is encrypted using a public key cryptosystem using a different public key and transmitted.
- the personal information storage means stores, as the personal information of the user, personal information whose contents are recognized as correct by a person other than the user.
- the user terminal device includes: a feature information storage unit that stores feature information indicating a physical feature of the user; and a feature input unit that inputs the physical feature of the user.
- the personal authentication unit performs the authentication based on the physical characteristics input by the user and the characteristic information stored in the characteristic information storage unit.
- the terminal device includes a service requesting unit that requests the service provider to provide the service to the user when the user is authenticated as the authorized person.
- a service requesting unit that requests the service provider to provide the service to the user when the user is authenticated as the authorized person.
- FIG. 1 is a diagram showing an example of the overall configuration of a personal information management system according to the present invention.
- FIG. 2 is a diagram illustrating an example of a hardware configuration of the mediation system.
- FIG. 3 is a diagram illustrating an example of a functional configuration of the mediation system.
- FIG. 4 is a diagram illustrating an example of a functional configuration of the service providing system.
- FIG. 5 is a diagram illustrating an example of a functional configuration of the terminal device.
- FIG. 6 is a diagram showing an example of personal information.
- FIG. 7 is a diagram showing an example of personal information.
- FIG. 8 is a flowchart illustrating an example of a flow of preparation processing required for a service provider.
- FIG. 9 is a flowchart illustrating an example of a flow of a preparation process necessary for a user.
- FIG. 10 is a flowchart illustrating an example of a flow of processing for providing a service in the personal information management system.
- FIG. 11 is a flowchart illustrating an example of the flow of an authentication process.
- FIG. 12 is a flowchart illustrating an example of the flow of the availability determination process.
- Figure 13 is a flowchart explaining an example of the flow of the process of selecting a secondary operator.
- FIG. 14 is a flowchart illustrating an example of a flow of a necessary information collecting process.
- FIG. 1 is a diagram showing an example of the overall configuration of a personal information management system 1 according to the present invention.
- a personal information management system 1 according to the present invention includes an intermediary system 10, a service providing system 2, a terminal device 3, a network 4, and the like.
- the mediation system 10, the service providing system 2, and the terminal device 3 can be connected to each other via the network 4.
- the network 4 the Internet, a public line, or a dedicated line is used.
- a workstation in which a Web browser and an e-mail program are installed, a personal computer, a personal digital assistant (PDA), a mobile phone device, or the like is used.
- PDA personal digital assistant
- the service providing system 2 is provided for each service provider (for example, an Internet service provider or a financial institution) that provides services such as online shopping, ticket reservation, auction, or online banking to users of the terminal device 3. It is provided mainly for processing to provide these services.
- service provider for example, an Internet service provider or a financial institution
- services such as online shopping, ticket reservation, auction, or online banking to users of the terminal device 3. It is provided mainly for processing to provide these services.
- Service providers may need the user's personal information to provide the service to the user.
- a service provider that provides online shopping services may provide the address to which the product is shipped, a telephone number or e-mail address for contacting in case of trouble, or a credit card card used for payment.
- the personal information of the user is managed by the user's own terminal device 3.
- the service provider can acquire personal information on the minimum necessary items from the terminal device 3 of the user.
- the service provider does not directly request the necessary personal information to the user's terminal device 3 but to the mediation system 10.
- Request. The mediation system 10 instructs the terminal device 3 to transmit the requested personal information to the service providing system 2 of the service provider. That is, the mediation system 10 performs a mediation process of transmitting the request of the service providing system 2 to the terminal device 3.
- This intermediary system 10 is operated by a trusted organization that does not use personal information improperly, such as a government or government agency or an agency recognized by a public agency.
- the organization that operates the mediation system 10 is referred to as “mediation bureau”.
- the mediation bureau examines whether the content of the user's personal information is correct, and performs an electronic signature on the personal information that has passed the examination. Users cannot receive services from service providers without relying on personal information that has passed the examination and has been digitally signed.
- the user when the user receives the service provided by the service provider, the user is required to authenticate to the terminal device 3 used by the user that he / she is himself (that is, he / she is not another person impersonating the user). There must be. Furthermore, the mediation system 10 must authenticate whether the terminal device 3 is a terminal device that may be used when receiving a service. The user can receive the service if both the user authentication and the terminal device authentication are obtained.
- the mediation system 10 and the service providing system 2 for example, a server having functions such as an e-mail server, a CGI (Common Gateway Software), and a Web server is used. As shown in FIG. 1, the mediation system 10 may be configured by one server machine, or may be configured by combining a plurality of server machines and various devices.
- a server having functions such as an e-mail server, a CGI (Common Gateway Software), and a Web server is used.
- the mediation system 10 may be configured by one server machine, or may be configured by combining a plurality of server machines and various devices.
- FIG. 2 is a diagram showing an example of a hardware configuration of the mediation system 10
- FIG. 3 is a diagram showing an example of a functional configuration of the mediation system 10
- FIG. 4 is an example of a functional configuration of the service providing system 2.
- Fig. 5 shows an example of the functional configuration of the terminal device 3.
- FIG. 6 is a diagram showing an example of personal information 700
- FIG. 7 is a diagram showing an example of personal information 77.
- the mediation system 10 includes a CPU 10a, a RAM 10b, a ROM 10c, a magnetic storage device 10d, a display device 10e, and an input device 10 such as a mouse or a keyboard. f, a floppy disk drive or a removable disk drive such as a CD-R drive 10 g, and various interfaces.
- the magnetic storage device 10d has installed therein an operating system (OS), a program for realizing each of the above functions, and programs and data for realizing each of the functions shown in FIG. These programs and data are loaded into the RAM 10b as needed, and the programs are executed by the CPU 10a.
- OS operating system
- the hardware configurations of the service providing system 2 and the terminal device 3 are almost the same as the configurations of the mediation system 10 shown in FIG.
- programs and data for realizing the functions shown in FIGS. 4 and 5 are installed.
- a fingerprint input device, a microphone, a digital camera, or the like is connected to the terminal device 3 as necessary.
- the functions shown in Fig. 3, Fig. 4 and Fig. 5 are converted into functions for obtaining the reliability of personal information, functions for obtaining security and reliability of transactions, and services for enjoying and providing services.
- the function is roughly described.
- the intermediary station examines whether the content of the user's personal information is correct. For example, the user submits his / her personal information 700 regarding predetermined items as shown in FIG. The submission of personal information 700 should be done by mailing a form with these items or a removable disk such as a floppy disk or CD-ROM containing the recorded information to the agency. At this time, a copy of the user's ID is enclosed.
- the agency wants to make sure that the user is who he claims to be, he or she must accept the application only at the agency's window and ask for a photo ID, such as a license or passport. You may do it. If it is possible to confirm that the user is who he or she is, the application may be accepted by other methods.
- the examination of the contents of the personal information 700 is basically performed by the staff working for the intermediary bureau.
- the intermediary may ask the bank or card company to review personal information on items related to bank accounts or credit cards.
- the user may directly apply for the examination of these items to a bank or a force company without going through an intermediary office.
- the bank or card company will be one of the “brokers”.
- various organizations may conduct the examination according to the items.
- the signature personal information output unit 101 shown in FIG. 3 performs the electronic signature on the personal information 700 passed by the user, out of the personal information 700 submitted by the user, and performs the signature personal information. Generate 7 0 s. Then, the signature personal information 70 s is output to the terminal device 3 of the submitting user. If it does not pass the examination, it will notify the user to that effect along with the reason.
- the output of the signature personal information 70 s is to send an e-mail attached with the signature personal information 70 s to the e-mail address of the submitting user. Therefore, it may be performed. Alternatively, this may be performed by writing the signature personal information 70 s on a removable disk. In this case, the removable disk is sent to the user's address by registered mail or the like.
- the personal information input unit 301 shown in FIG. 5 inputs the electronically signed personal information, that is, the signature personal information 70 s, output from the intermediary system 10, to the terminal device 3.
- the input personal signature information 70 s is stored and managed in the personal information storage unit 302. All information and programs transmitted from the intermediary system 10 to the terminal device 3 should be subjected to signature processing in order to guarantee that there is no tampering as long as they access personal information.
- the characteristic information storage unit 303 stores bio information 71 for each user who has the authority to use the terminal device 3.
- Bioinformation 71 is information indicating physical characteristics of a human.
- Bio information 71 1, such as fingerprint, voiceprint
- the personal authentication unit 304 compares the input physical characteristics of the user (for example, the user's fingerprint input by the fingerprint input device) with the bio information 71 stored in the characteristic information storage unit 303. By doing so, it is determined whether or not the user has authority to use the terminal device 3. In other words, the user authentication process is performed by the method of biometric authentication (also called biometrics or biometric identification).
- biometric authentication also called biometrics or biometric identification
- the user authenticated by the personal authentication unit 304 as having the right to use can receive the service provided by the service provider.
- the terminal device 3 functions as a terminal device of the user.
- fingerprint When the user who has input the password is authenticated as the user A, the terminal device 3 functions as the terminal device of the user A.
- the user authentication may be performed when the terminal device 3 is started, or may be performed immediately before receiving the service.
- the individual information storage unit 102 shown in FIG. 3 stores, for each terminal device 3, individual information 72 indicating the characteristics of the terminal device 3 in association with the terminal identification code 73.
- “individual” means a terminal device used to receive the service of the service provider.
- the individual information 72 for example, information on the hardware configuration of the terminal device 3, the IP address or MAC address given to the terminal device 3, information on the model of the terminal device 3, or the terminal device 3 is a mobile phone device If so, the serial number, serial number, or mobile phone number given to the mobile phone device is used.
- the individual suitability determination requesting unit 201 shown in FIG. 4 determines whether the terminal device 3 currently used by the user is suitable for use when receiving the service of the service provider. In such a way, it performs the processing required for the mediation system 10. At this time, the individual suitability determination requesting unit 201 transmits the terminal identification code 73 acquired from the terminal device 3 to the mediation system 10.
- the individual suitability judging unit 103 shown in FIG. 3 is a terminal device indicated by the terminal identification code 73 transmitted from the service providing system 3.
- the terminal device 3 is suitable for receiving the service provided by the service provider. Is determined. The relevant determination is, for example, the state of the terminal device 3 currently used by the user and the individual information 72 stored in the individual information storage unit 102 corresponding to the terminal identification code 73. This is done by comparing. If the two match, the terminal device 3 currently used by the user is required to receive the service. It is determined that it is suitable for use. If they do not match, there is a possibility that another person may be trying to use the other terminal device 3 to impersonate the user and receive the service, so that it is determined to be inappropriate. The result of the determination is transmitted to the service providing system 2 of the request source as individual suitability information 74 indicating “fit” or “unfit”.
- TCPA Trusted Coupling P1 at form Al 1 time
- TCPS Trusted Computing Platform for m Specifications
- the determination may be made by a method. For example, when the terminal device 3 has a security circuit (security chip) conforming to the TCPA specification, the determination may be performed using the security circuit.
- a user accesses a web site of a service provider that provides a desired service, for example, by specifying a URL in a web browser.
- the following describes an example in which user A accesses the website of service provider X, which performs online shopping. User A selects the product (service he wants to provide) to purchase with reference to the description or image etc. described on the website and clicks on the product name or image of the product. To specify. As a result, the sale of the product, one service was selected.
- the service ordering section 307 shown in FIG. 5 places an order for the product (service request) with respect to the service providing system 2 of the service provider X.
- the service providing availability determining unit 202 determines whether or not the product may be sold to the user A. For example, if the product is liquor, if User A is over 20 years of age, it is determined that it is OK to sell. You. If the merchandise is limited to the sales area, it is determined that the user A can sell if the address of User A is in that area. The determination process is performed according to the following procedure.
- the service provision availability determination unit 202 requests the mediation system 10 to transmit personal information necessary for performing the determination.
- the service provider X notifies the intermediary bureau in advance of what items personal information is needed before starting the sale of the product (providing the service), and the intermediary system 10 Must be registered with For example, if you want to determine whether or not you can sell alcoholic beverages, register an item that indicates whether you are over the age of 20 and want to determine whether or not you can sell products that are limited to the sales area. In such a case, an item indicating whether the user's address is within the area must be registered. These items will be reviewed by the intermediary and registered when deemed necessary to provide the service. Therefore, if there are items that are not relevant to the provision of the service, registration will be refused.
- the response information transmission command unit 105 shown in FIG. 3 transmits the personal information of the item requested by the service provision availability determination unit 202 to the service providing system 2 of the service provider X so that the terminal of the user A Instructs device 3. Such a command is issued based on the item designation information 75 pre-registered in the item designation information storage unit 104.
- the command may be sent by transmitting a program for extracting the personal information of the requested item to the terminal device 3.
- the program in this case is described in a language such as Java applet or Java Script.
- the response information transmission unit 305 shown in FIG. 5 is configured to execute the transmitted program in accordance with a command from the response information transmission command unit 105 or Then, necessary personal information is extracted from the personal information 700 of the user A stored in the personal information storage section 302, and the answer information 76 is generated based on the extracted personal information.
- the service providing system 2 For example, when personal information indicating whether or not the user A is over 20 years old is obtained, the age information is extracted from the personal information 700 of the user A. Then, if the user is over 20 years old, answer information 76 indicating “Yes” is generated and transmitted, and if the user is under 20 years old, answer information 76 indicating “No” is generated. To send. However, this answer information 76 is encoded and transmitted in order to prevent information leakage.
- the service provision availability determination unit 202 of FIG. 4 receives the response information 76 as the requested personal information, and determines whether or not the product may be sold to the user A based on this. If it is determined that the terminal cannot be sold, the terminal A of the user A is notified of the fact.
- the encryption of the response information 76 is performed under PKI (Public Key Infrastru ture: public key infrastructure). That is, it is performed by the public key cryptosystem.
- the service provider X discloses the public key K x to all users and manages the private key F X corresponding to the public key ⁇ so that no one knows it.
- the terminal device 3 encrypts the response information 76 using the public key ⁇ .
- the service providing system 2 of the service provider X decrypts the encrypted answer information 76 using the secret key FX.
- transmission of personal information and the like from the terminal device 3 to the service providing system 2 is performed by such a public key cryptosystem.
- the secondary business selection section 203 shown in FIG. 4 performs a process for selecting a secondary business to deliver the product or collect the price of the product on behalf of the service business. Such processing is performed in the following procedure.
- service provider X distributes to East Japan homes as a secondary And a credit card company T1 and T2.
- the secondary business selection section 203 sets the address of user A to East Japan in order to select one carrier and one credit card company for the delivery of goods.
- the service provider X must register the item designation information 75 indicating these items in the mediation system 10 in advance in order to make these requests.
- the response information transmission command section 105 shown in FIG. 3 and the response information transmission section 305 shown in FIG. 5 perform the same processing as that described above.
- the response information transmission instructing unit 105 transmits the user A to the service provider X's service providing system 2 so as to transmit the personal information on the item related to the request from the secondary operator selecting unit 203 to the service providing system 2.
- the terminal 3 is instructed.
- the secondary business selection section 203 shown in FIG. 4 selects, for example, the carrier U 2 and the credit card company ⁇ 1 as the secondary business based on the response information 76.
- the personal information requesting unit 204 is required to sell products to the user ⁇ ⁇ ⁇ It requests the mediation system 10 to transmit the user A's personal information on the required items to the service provider X and each of the sub-carriers. For example, request that personal information about e-mail to contact user A be sent to service provider X in the event of trouble, and provide personal information about the name, address, and telephone indicating the delivery destination of the product. To the carrier U2 and to the credit card company T1 for personal information about the credit card to collect the money. However, as described above, the item designation information 75 indicating these necessary items must be registered in the mediation system 10 in advance.
- the item specification information 75 includes the first item information and the second item information described in claim 3.
- the personal information transmission command unit 106 shown in FIG. 3 transmits the personal information requested by the personal information requesting unit 204 to the service provider X and each of the secondary businesses so that the user A A command is issued to the terminal device 3. At this time, a program for extracting information related to the request may be transmitted to the terminal device 3 as in the case of the response information transmission command unit 105.
- the personal information transmitting section 303 shown in FIG. 5 extracts the requested personal information from the personal information 700 of the user A based on the command from the personal information transmitting command section 106, These are encrypted and transmitted to predetermined service providers and secondary providers.
- personal information 77 (77a-77c) as shown in FIGS. 7 (a)-(c) is extracted from the personal information 700 shown in FIG.
- the personal information 77a is transmitted to the service provider X
- the personal information 77b is transmitted to the carrier U2
- the personal information 77c is transmitted to the credit card company T1. Since personal information 77 is extracted and transmitted to each subcontractor, even if the encryption method described later is weakened, leakage of personal information due to improper decryption during transfer is avoided.
- these personal information The same order identification code is assigned to associate the information 77a to 77c with each other.
- the personal information 77a to 77c may be temporarily transmitted to the service providing system 2 of the service provider X once.
- the personal information 77a to 77c is encrypted using different public keys.
- the personal information 77a is encrypted using the public key Kx of the service provider X that is the transmission destination.
- the personal information 77 b and 77 c are decrypted using the public key Ku 2 of the carrier U 2 and the public key K t 1 of the credit card company T 1, respectively.
- Private keys Fx, Fu2, and Ft1 corresponding to these public keys Kx, Ku2, and Kt1 are respectively provided by service provider X, carrier U2, and Owned only by Jit Card Company T1. Therefore, these three cannot see the contents of personal information 77 addressed to anyone other than themselves. In other words, each service provider cannot browse personal information that it does not need to know for its own service.
- the personal information 77 is received by the service providing system 2 by the personal information receiving unit 205 shown in FIG.
- the personal information is transferred to the carrier U2 and the credit card company T1 by the personal information distribution unit 206, respectively.
- the service provider X and each of the sub-carriers perform processing for providing services, such as shipping goods or collecting fees.
- FIG. 9 is a flowchart illustrating an example of a flow of a preparation process required for a user
- FIG. 10 is a service in the personal information management system 1.
- FIG. 11 is a flowchart illustrating an example of the flow of the authentication process
- Fig. 12 is a flowchart of the process of determining whether or not the service can be used.
- FIG. 13 is a flowchart illustrating an example of a flow of a secondary business selection process
- FIG. 14 is a flowchart illustrating an example of a flow of a necessary information collecting process.
- Service providers must make preparations as shown in Figure 8 before providing services to users.
- the service provider requests the intermediary bureau to authorize the use of the mediation system 10 and provides information on the service provider (eg, the name of the service provider, the name of the representative, address, contact information, The person's name and e-mail address and the URL of the website are registered in the mediation system 10 (# 81 1).
- the intermediary bureau will examine the service provider and, if the result of the examination indicates that it is an unreliable service provider that does not fulfill the duty of keeping confidentiality of personal information, reject the registration.
- the item designation information 75 indicating what items of personal information are required when the service is provided is registered in the mediation system 10 (# 82). If you want to start offering a new service, such as starting to sell a new product, you may need to register new item designation information 75 accordingly.
- the user must prepare as shown in Figure 9 before receiving the service from the service provider. That is, the information about the terminal device 3 (individual) used when receiving the service is registered in the mediation system 10 (# 91). The user's own personal information is presented to the mediation bureau, and the content is examined for correctness (# 92). If the examination has passed, the personal information is stored in the terminal device 3 (# 933). Then, the terminal device 3 stores the user's fingerprint or voiceprint, etc. Is registered as bio information 71 (# 94). The processes of steps # 91, # 92 to # 93, and # 94 may be performed in parallel or may be performed in a different order.
- the service is provided from the service provider to the user, for example, according to the procedure shown in FIG. First, authentication processing is performed for the user who receives the service and the terminal device 3 of the user (# 1). Specifically, as shown in FIG. 11, in the terminal device 3, the user inputs his / her own fingerprint or the like, checks it against the bio information 71 registered in advance, and checks whether the user is the correct user. Authenticate or not (# 11 1). That is, biometric authentication is performed.
- the user is not authenticated (No in # 11), the user is treated as unable to receive the service (# 15). If the user is authenticated (Yes in # 11), the terminal 3 of the user is determined (authenticated) as to whether or not the terminal 3 is suitable for use in providing the service. Request the mediation system 10 via the service providing system 2 (# 12, # 13).
- the terminal device 3 If the terminal device 3 is authenticated as being suitable for use (Yes in # 14), it is determined that the user can receive the service from the service provider by the terminal device 3 currently in use. . Then, the processing after step # 2 in FIG. 10 is performed. Otherwise, it is determined that the service cannot be provided by the terminal device 3 and the process for the service is terminated (# 15).
- the service providing system 2 determines whether or not the service can be provided to the user as necessary (# 2). Specifically, first, as shown in Fig. 12, personal information necessary for such determination Request to the mediation system 10 to send the request to the service providing system 2 (# 21). For example, if you want to sell alcoholic beverages, you will be required to provide personal information on items that indicate whether the user is over 20 years old.
- the command by the intermediary system 10 can be issued by transmitting a program (determination program) for extracting personal information relating to the request. Good.
- the history information indicating that the response information 76 has been transmitted may be written and recorded in a log file (# 24).
- the storage location of the log file may be the mediation system 10 or the terminal device 3. In the case of a service regardless of the provider, the processing of steps # 21 to # 24, that is, the processing of step # 2 in FIG. 10 is unnecessary.
- a secondary operator is selected as needed (# 3).
- the user's personal information on the items required for selection is obtained from the user's terminal device 3, and selection is performed based on this.
- the process of acquiring such personal information is performed according to the procedure shown in FIG. First, request necessary personal information from the mediation system 10 ( # 3 1). For example, if you want to select a carrier, request personal information about the area where the user lives.
- the mediation system 10 issues a command to the terminal device 3 of the user to extract the requested personal information and transmit it to the service providing system 2 as in the case of step # 22 in FIG. (# 32).
- the terminal device 3 generates response information 76 based on the extracted personal information and transmits it to the service providing system 2 of the request source, as in the case of step # 23 (# 33). At this time, record the transmission history information in the log file (# 34).
- the service providing system 2 requests the mediation system 10 to transmit necessary personal information (# 41).
- the mediation system 10 instructs the user terminal device 3 to transmit the requested personal information to the service providing system 2 (# 42).
- Such a command may be performed by transmitting a program for extracting information.
- the terminal device 3 collects (extracts) the requested personal information from the personal information 700 of the user, and transmits the collected personal information to the service providing system 2 of the request source (# 43). At this time, the transmission history information is recorded in a log file as in step # 24 of FIG. 12 (# 44). The service providing system 2 transfers the received personal information to the secondary business as needed ( # 4 5).
- the service provider and each of the sub-carriers perform processing for providing a service to the user based on the personal information received (# 5).
- the service provider it is possible to provide the service provider with only the minimum necessary personal information to receive the service while managing the user's personal information by himself / herself. As a result, leakage and scattering of personal information can be prevented.
- the encryption of personal information and the like is performed by the public key cryptosystem, but may be a common key cryptosystem or a combination of both.
- the terminal device 3 may check whether the content of the personal information is correct. Before doing so, ask the credit card company to perform a credit check to see if the credit card has expired or exceeded its credit limit. You may. Similarly, city hall In response to this, it may be confirmed whether or not the address of the user has been changed due to moving or the like. A program for requesting these checks may be distributed from the mediation system 10 to the terminal device 3.
- the terminal device 3 Before transmitting the personal information or the like to the service providing system 2, the terminal device 3 may notify the user of specific items to be transmitted to the service providing system 2. . Then, when an operation such as clicking a button displayed on the Web browser is performed, transmission may be performed. Alternatively, it may be notified after the transmission.
- the personal information management system 1, the mediation system 10, the service providing system 2, the configuration of the whole or each part of the terminal device 3, the content of the personal information, the processing content, the processing order, etc. are appropriately set according to the spirit of the present invention. It can be changed. Industrial applicability
- the personal information management system, the mediation system, and the terminal device securely manage the personal information necessary for receiving the service while managing the user's personal information by himself / herself. It is useful in that it can be provided to service providers so that highly reliable services can be provided.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Medical Informatics (AREA)
- Human Computer Interaction (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Telephonic Communication Services (AREA)
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02786091A EP1574978A4 (en) | 2002-12-11 | 2002-12-11 | PERSONAL INFORMATION CONTROL SYSTEM, MEDIATION SYSTEM AND TERMINAL |
PCT/JP2002/012988 WO2004053759A1 (ja) | 2002-12-11 | 2002-12-11 | 個人情報管理システム、仲介システム、および端末装置 |
AU2002354202A AU2002354202A1 (en) | 2002-12-11 | 2002-12-11 | Personal information control system, mediation system, and terminal unit |
CNA028299957A CN1698055A (zh) | 2002-12-11 | 2002-12-11 | 个人信息管理系统、转接系统、以及终端装置 |
JP2004558379A JP4033865B2 (ja) | 2002-12-11 | 2002-12-11 | 個人情報管理システムおよび仲介システム |
US11/145,921 US20050228687A1 (en) | 2002-12-11 | 2005-06-07 | Personal information management system, mediation system and terminal device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2002/012988 WO2004053759A1 (ja) | 2002-12-11 | 2002-12-11 | 個人情報管理システム、仲介システム、および端末装置 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/145,921 Continuation US20050228687A1 (en) | 2002-12-11 | 2005-06-07 | Personal information management system, mediation system and terminal device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004053759A1 true WO2004053759A1 (ja) | 2004-06-24 |
Family
ID=32500620
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2002/012988 WO2004053759A1 (ja) | 2002-12-11 | 2002-12-11 | 個人情報管理システム、仲介システム、および端末装置 |
Country Status (6)
Country | Link |
---|---|
US (1) | US20050228687A1 (ja) |
EP (1) | EP1574978A4 (ja) |
JP (1) | JP4033865B2 (ja) |
CN (1) | CN1698055A (ja) |
AU (1) | AU2002354202A1 (ja) |
WO (1) | WO2004053759A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006323728A (ja) * | 2005-05-20 | 2006-11-30 | Ntt Data Corp | サービスシステムおよび最適サービス提供方法 |
JP2009104355A (ja) * | 2007-10-23 | 2009-05-14 | Taiheiyo Printing Co Ltd | 個人情報を秘匿した配送システム及び個人情報を秘匿した商品購入システム |
JP2010128535A (ja) * | 2008-11-25 | 2010-06-10 | Casio Computer Co Ltd | 配達確認システム、携帯端末及びプログラム |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8438385B2 (en) * | 2008-03-13 | 2013-05-07 | Fujitsu Limited | Method and apparatus for identity verification |
JP5267027B2 (ja) * | 2008-10-03 | 2013-08-21 | 富士通株式会社 | 個人情報システム |
US8364713B2 (en) | 2009-01-20 | 2013-01-29 | Titanium Fire Ltd. | Personal data manager systems and methods |
WO2010090822A2 (en) | 2009-01-20 | 2010-08-12 | Titanium Fire Ltd. | Personal data manager systems and methods |
US8645459B2 (en) * | 2009-11-18 | 2014-02-04 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method for a service provisioning platform for activating services in a communication network |
CN102930868A (zh) * | 2012-10-24 | 2013-02-13 | 北京车音网科技有限公司 | 身份识别方法和装置 |
CN103456303A (zh) * | 2013-08-08 | 2013-12-18 | 四川长虹电器股份有限公司 | 一种语音控制的方法和智能空调系统 |
US20220012346A1 (en) * | 2013-09-13 | 2022-01-13 | Vmware, Inc. | Risk assessment for managed client devices |
US10108965B2 (en) * | 2015-07-14 | 2018-10-23 | Ujet, Inc. | Customer communication system including service pipeline |
KR102257403B1 (ko) * | 2020-01-06 | 2021-05-27 | 주식회사 에스앤피랩 | 개인정보 관리 장치, 개인정보 관리 시스템, 그 개인정보 관리 방법, 및 이를 기록한 컴퓨터 판독가능 기록매체 |
CN111800509B (zh) * | 2020-07-07 | 2022-07-01 | 北京尚隐科技有限公司 | 个人信息访问请求系统及应用该系统的方法 |
CN113918994A (zh) * | 2021-10-28 | 2022-01-11 | 广州小鹏汽车科技有限公司 | 一种用户信息管理系统、用户信息管理方法及存储介质 |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH09134389A (ja) * | 1995-11-07 | 1997-05-20 | Toshiba Corp | 情報処理端末装置 |
JPH11134302A (ja) * | 1997-10-31 | 1999-05-21 | Mitsubishi Electric Corp | 端末のアクセス制御装置および認証カード |
JP2001148715A (ja) * | 1999-11-19 | 2001-05-29 | Mitsubishi Electric Corp | ネットワークシステム及び端末装置 |
JP2001331733A (ja) * | 2000-05-19 | 2001-11-30 | Catalog City Japan Kk | 電子商取引における個人情報開示制限システム |
JP2001357242A (ja) * | 2000-06-13 | 2001-12-26 | Nec Corp | 個人情報一元管理システム |
JP2002183617A (ja) * | 2000-12-12 | 2002-06-28 | Hitachi Ltd | インターネット環境における個人情報表示技法 |
JP2002207929A (ja) * | 2001-01-12 | 2002-07-26 | Nippon Telegr & Teleph Corp <Ntt> | 顧客認証方法、その装置、プロバイダ装置及びその処理方法、販売サービス提供装置及びその処理方法 |
JP2002245395A (ja) * | 2001-02-15 | 2002-08-30 | Dainippon Printing Co Ltd | ネットワーク個人情報自動入力装置、方法及びプログラム記録媒体 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5794210A (en) * | 1995-12-11 | 1998-08-11 | Cybergold, Inc. | Attention brokerage |
US6016476A (en) * | 1997-08-11 | 2000-01-18 | International Business Machines Corporation | Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security |
US6490601B1 (en) * | 1999-01-15 | 2002-12-03 | Infospace, Inc. | Server for enabling the automatic insertion of data into electronic forms on a user computer |
JP4536880B2 (ja) * | 2000-07-18 | 2010-09-01 | キヤノン株式会社 | 情報処理システム及びその制御方法、情報処理装置及び方法、並びに記憶媒体 |
US6580916B1 (en) * | 2000-09-15 | 2003-06-17 | Motorola, Inc. | Service framework for evaluating remote services based upon transport characteristics |
JP2002124951A (ja) * | 2000-10-12 | 2002-04-26 | Canon Inc | 通信端末装置、サービス提供システム、サービス利用方法及び記憶媒体 |
-
2002
- 2002-12-11 EP EP02786091A patent/EP1574978A4/en not_active Withdrawn
- 2002-12-11 WO PCT/JP2002/012988 patent/WO2004053759A1/ja active Application Filing
- 2002-12-11 CN CNA028299957A patent/CN1698055A/zh active Pending
- 2002-12-11 JP JP2004558379A patent/JP4033865B2/ja not_active Expired - Fee Related
- 2002-12-11 AU AU2002354202A patent/AU2002354202A1/en not_active Abandoned
-
2005
- 2005-06-07 US US11/145,921 patent/US20050228687A1/en not_active Abandoned
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH09134389A (ja) * | 1995-11-07 | 1997-05-20 | Toshiba Corp | 情報処理端末装置 |
JPH11134302A (ja) * | 1997-10-31 | 1999-05-21 | Mitsubishi Electric Corp | 端末のアクセス制御装置および認証カード |
JP2001148715A (ja) * | 1999-11-19 | 2001-05-29 | Mitsubishi Electric Corp | ネットワークシステム及び端末装置 |
JP2001331733A (ja) * | 2000-05-19 | 2001-11-30 | Catalog City Japan Kk | 電子商取引における個人情報開示制限システム |
JP2001357242A (ja) * | 2000-06-13 | 2001-12-26 | Nec Corp | 個人情報一元管理システム |
JP2002183617A (ja) * | 2000-12-12 | 2002-06-28 | Hitachi Ltd | インターネット環境における個人情報表示技法 |
JP2002207929A (ja) * | 2001-01-12 | 2002-07-26 | Nippon Telegr & Teleph Corp <Ntt> | 顧客認証方法、その装置、プロバイダ装置及びその処理方法、販売サービス提供装置及びその処理方法 |
JP2002245395A (ja) * | 2001-02-15 | 2002-08-30 | Dainippon Printing Co Ltd | ネットワーク個人情報自動入力装置、方法及びプログラム記録媒体 |
Non-Patent Citations (1)
Title |
---|
See also references of EP1574978A4 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006323728A (ja) * | 2005-05-20 | 2006-11-30 | Ntt Data Corp | サービスシステムおよび最適サービス提供方法 |
JP4588529B2 (ja) * | 2005-05-20 | 2010-12-01 | 株式会社エヌ・ティ・ティ・データ | サービスシステムおよび最適サービス提供方法 |
JP2009104355A (ja) * | 2007-10-23 | 2009-05-14 | Taiheiyo Printing Co Ltd | 個人情報を秘匿した配送システム及び個人情報を秘匿した商品購入システム |
JP2010128535A (ja) * | 2008-11-25 | 2010-06-10 | Casio Computer Co Ltd | 配達確認システム、携帯端末及びプログラム |
Also Published As
Publication number | Publication date |
---|---|
EP1574978A1 (en) | 2005-09-14 |
JP4033865B2 (ja) | 2008-01-16 |
AU2002354202A1 (en) | 2004-06-30 |
EP1574978A4 (en) | 2008-09-17 |
JPWO2004053759A1 (ja) | 2006-04-13 |
CN1698055A (zh) | 2005-11-16 |
US20050228687A1 (en) | 2005-10-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2292589C2 (ru) | Аутентифицированный платеж | |
US5883810A (en) | Electronic online commerce card with transactionproxy number for online transactions | |
US8898762B2 (en) | Payment transaction processing using out of band authentication | |
US20050228687A1 (en) | Personal information management system, mediation system and terminal device | |
US7953671B2 (en) | Methods and apparatus for conducting electronic transactions | |
US6807633B1 (en) | Digital signature system | |
US8893967B2 (en) | Secure Communication of payment information to merchants using a verification token | |
US20030046237A1 (en) | Method and system for enabling the issuance of biometrically secured online credit or other online payment transactions without tokens | |
US20130226813A1 (en) | Cyberspace Identification Trust Authority (CITA) System and Method | |
US20010051924A1 (en) | On-line based financial services method and system utilizing biometrically secured transactions for issuing credit | |
JP3975061B2 (ja) | 認証システム | |
US20040199469A1 (en) | Biometric transaction system and method | |
US20020083008A1 (en) | Method and system for identity verification for e-transactions | |
US20040030659A1 (en) | Transaction system and method | |
US20060248020A1 (en) | System and method for biometric authorization for financial transactions | |
US20090119756A1 (en) | Credential Verification using Credential Repository | |
WO2002059848A2 (en) | Payment instrument authorization technique | |
WO2007137368A1 (en) | Method and system for verification of personal information | |
JP2009534741A (ja) | セキュア・ネットワークの商取引 | |
JP2004506380A (ja) | 人中心アカウントベースのデジタル署名システム | |
EP0848343A2 (en) | Shopping system | |
US20020120585A1 (en) | Action verification system using central verification authority | |
JP2001331646A (ja) | 指紋照合を利用した金融取引システムおよび金融取引方法 | |
JP2001344550A (ja) | 電子決済方法及びシステム並びに電子決済用プログラムを記憶した記憶媒体 | |
KR100781610B1 (ko) | 전자 상거래의 보안 개선 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2004558379 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002786091 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020057008507 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20028299957 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11145921 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1020057008507 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2002786091 Country of ref document: EP |