WO2007077638A1 - 電子機器の認証についての識別管理システム - Google Patents

電子機器の認証についての識別管理システム Download PDF

Info

Publication number
WO2007077638A1
WO2007077638A1 PCT/JP2006/306966 JP2006306966W WO2007077638A1 WO 2007077638 A1 WO2007077638 A1 WO 2007077638A1 JP 2006306966 W JP2006306966 W JP 2006306966W WO 2007077638 A1 WO2007077638 A1 WO 2007077638A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
service
electronic device
server
identification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2006/306966
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
Masaaki Tojo
Kohtaro Fukui
Koji Tomita
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Holdings Corp
Original Assignee
Matsushita Electric Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co Ltd filed Critical Matsushita Electric Industrial Co Ltd
Priority to EP06730914A priority Critical patent/EP1983465A1/en
Priority to US12/159,499 priority patent/US20100223381A1/en
Publication of WO2007077638A1 publication Critical patent/WO2007077638A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • the present invention relates to an identification management system for authentication of electronic devices.
  • a service providing system that provides a service required by an electronic device and performs a settlement procedure for the provided service (see, for example, Patent Document 1).
  • an operation management form called vertical integration is usually used.
  • the operator of the service providing system manages the determination server for authenticating the electronic device, and the service provider providing the service to the electronic device makes a contract with the operator of the service providing system, Provide services only to electronic devices that have been judged legitimate by the decision server.
  • This form of operation management services can be provided only to electronic devices that have been judged legitimate through processing such as authentication by a decision server managed by the operator of the service provision system.
  • the owner of the electronic device can also reliably collect the consideration for the service provision, and for the service provider, the operator of the service provision system can collect the consideration for the service provision. There is a merit that it can be received.
  • Patent Document 1 Japanese Unexamined Patent Application Publication No. 2004-227055
  • an object of the present invention is to provide an identification management system that can use a plurality of service systems used by different users in a cross-sectional manner. To do.
  • the present invention is output from the first determination server based on the use request of the second determination server from the first electronic device used by the first user in order to solve the hard problem.
  • the identification management server that received the warranty request searches for the second user who has master-slave relationship with the first user, and the first user can use the service of the second user who has master-slave relationship.
  • the first determination server outputs a service request with proof to the second determination server based on this guarantee.
  • the identification management server that has received a service request with a guarantee request from the first determination sano based on the use request of the second determination server for the first electronic device power used by the first user,
  • the second user having a master-slave relationship with the user may be searched, and based on the search, the service request with proof may be output by the identification management server itself to the second determination server.
  • the second determination server that received the service request from the first determination sano identifies the warranty request. It may be output to the management server.
  • the identification management server searches for the second user who has a master-slave relationship with the first user, and based on the search result. Therefore, the guarantee may be output to the second determination server.
  • the relationship between the claims recited in the claims and the embodiments described below is as follows.
  • the first embodiment mainly relates to claims 1, 2, 7, 8, 9, 10, 11 and 12.
  • the second embodiment mainly relates to claims 3, 4, 13, 14, 15, 16, 17, and 18.
  • the third embodiment is mainly related to claims 5, 6, 19, 20, 21, 22, 23, 24.
  • Embodiment 1 Overview>
  • Embodiment 1 is a powerful system including a service server group, an electronic device, a determination server, and an identification management server.
  • a first service provision system consisting of a first electronic device, a first service server group, and a first determination server used by the first user for each form of operation management of vertical integration, and a second user
  • a second service providing system comprising a second electronic device, a second service server group, and a second determination server.
  • Figure 1 shows an example of a conventional system. In the conventional system in Fig. 1, user A (sak ura) enjoys user B (momo), user C (hanako), and user D (taro)! When a request for use is made to the second decision server via the first decision server, the identification method in each service system is different.
  • FIG. 2 is a diagram showing the concept of the present invention for solving such a problem.
  • the example shown in FIG. 2 has a first service providing system and an identification management server capable of accessing the second service providing system.
  • the master-slave relationship information is managed in the identification management server in FIG.
  • Master-slave relationship information is information indicating the relative relationship between the first user and the second user, and one "master” user (for example, the first user) This is information indicating the relationship in which the service of the other “subordinate” user (for example, the second user) can be used. Specific examples include the relationship between parents and children in a family and the relationship between managers and employees in a company. This master-slave relationship information does not necessarily have to be based on economic or social relationships. For example, friends can have a master-slave relationship. The master-slave relationship does not necessarily have to be a relationship between natural persons. For example, the relationship between a company (corporate) and an employee (natural person) can be treated as having a master-slave relationship!
  • FIG. 3 is a diagram showing an example of the master-slave relationship indicated by the master-slave relationship information.
  • FIG. 3 (a) shows that the service used by father (E) is available to mother (F) and child (G).
  • Figure 3 (b) shows the state where the child (G) can use the services used by the father (E) and mother (F).
  • master-detail relationships For example, as shown in Fig. 3 (c) to (e), the relationship between friends or between teachers and students is also included in the example of master-slave relationships, and the relationship between managers and employees is also a master-slave relationship. Included in an example. In the example of Fig. 3, the person (main) shown on the right in each figure has been described as being able to use the service of the person (secondary) shown on the left.
  • the person (subordinate) shown in (1) may be able to use the services of the person (primary) shown on the right.
  • the father (E) it is also possible for the father (E) to inquire about the call records of other companies' mobile phones used by the child (G) by using the present invention.
  • Fig. 3 (e) there is a case where an employee (subordinate) makes a request for delegation of the decision-making right of the manager (main).
  • the right to vote here is assumed to be something like an electronic signature, and with this right to authorize, it is possible to make a decision in the in-house system.
  • the decision-making right is sent from the service server that issues the decision-making right to the terminal belonging to the internal system A to which the employee belongs. In this way, even if an unexpected situation occurs, the loss can be minimized by using the present invention.
  • FIG. 4 is a diagram showing an outline of the first embodiment.
  • the general process flow in Figure 4 is as follows. The meaning of each term will be explained later.
  • the first judgment server Upon receiving the first guarantee, the first judgment server outputs a service request with proof to the second judgment server.
  • the second determination server that receives the service request with proof in this manner receives the service request. Assuming that the service request is valid, it is possible to provide the first electronic device and the second electronic device with services according to the request.
  • FIG. 5 illustrates a functional block diagram of the system according to the first embodiment.
  • Embodiment 1 includes a “first service server group” (502) that performs a first service on a first electronic device (501) based on a first determination, and a second service on a second electronic device based on a second determination.
  • “Second service server group” (504) to be performed in (503) “First electronic device” (501) used by the first user and receiving the first service from the first service server group (502), “Second electronic device” (503) used by the second user and receiving the second service from the second service server group (504) and the first service server group (502) also receive the first service.
  • the second electronic device (53) is determined based on the second electronic device identification information! (520) and the “identification management server that manages the master-slave relationship information between the first user and the second user based on the common identification information that uniquely identifies the user in the system by the identification management unit (531).
  • (530) is a system (500).
  • first determination and the “second determination” mean that the first determination server (510) and the second determination server (520) are the first electronic device (501) and the second electronic device, respectively. Judgment to determine whether the electronic device identification information provided by the device (503) is legitimate for receiving the first service or the second service.
  • “Electronic device identification information” is information for uniquely identifying an electronic device. For example, the serial number of the electronic device. The serial number may consist of a part that identifies the manufacturer that identified the electronic device and a part that indicates the serial number of the manufacturer. If the electronic device is a mobile phone, the phone number or a number that uniquely identifies the mobile phone on the mobile phone network is the electronic device identification information. Further, the electronic device identification information may include information for identifying the user.
  • Electronic device identification information is information that is normally given to electronic devices and is difficult to tamper with. For this reason, when using electronic device identification information, it is highly reliable V. Therefore, each service system uses this electronic device identification information for various services. One screw can be used. Note that the electronic device identification information may be held in a tamper-resistant area of the electronic device.
  • First service and “second service” refer to services provided to electronic devices by the first service server group (502) and the second service server group (504), respectively. For example, communication such as browsing of content such as Internet web pages, browsing of content managed by the first service server group (502) and the second service server group (504), downloading of content, sending and receiving of e-mails, etc. It means to let you use.
  • a service may consist of multiple items that do not need to be a single service.
  • the power of the letters “first service server group”, “second service server group”, and “group” is because it is assumed that there will be a plurality of servers depending on the service items.
  • the 1st service server group and the 2nd service server group may be comprised by the single server apparatus.
  • the first electronic device identification information and the second electronic device identification information are the electronic device identification information of the first electronic device (501) and the second electronic device (503), respectively.
  • “First user” and “second user” are those who use the first electronic device (501) and the second electronic device (503), respectively, and do not indicate the same user. Nah ...
  • FIG. 6 shows an example of information stored and managed by the identification management unit (531) of the identification management server (530).
  • such information is represented in a form stored in a table.
  • the identification management unit (531) manages master-slave relationship information between the first user and the second user based on the common identification information.
  • Common identification information is information that uniquely identifies a user in the system. This common identification information is a concept that is necessary when using a plurality of services as the object of the present invention. In other words, in multiple services, the power with which each vertically integrated service system is configured. The identification information used in each service system is different depending on the service system! .
  • the electronic device identification information of an electronic device belonging to the service system is used as identification information, but in another service system, another service system corresponding to the other service system is used. Identify different electronic device identification information It is used as information. For this reason, when using multiple services across multiple services, information that can uniquely identify the user in the system is required. For this reason, the common identification information is managed by the identification management unit, and the master-slave relationship information is managed by the identification management unit based on such common identification information.
  • a table row is prepared for each common identification information.
  • the common identification information of the user who is the “primary” and the common identification information of the user who is the “secondary” the user identified by the common identification information that is the “primary” This indicates that the service to which the user identified by the common identification information belongs can be used.
  • the user identified by sakura can use the service received by the electronic device used by the user identified by momo, hanako, and taro.
  • the master-slave relationship is a relationship determined according to the relative relationship between users.
  • master-slave relationship information can be registered through each determination server.
  • a confirmation request is made from the identification management server to the judgment server that requested the registration of the common identification information that becomes “subordinate”, and its validity is confirmed.
  • the common identification information that is the “subordinate” may be handled as the master-subordinate relationship information.
  • the master-slave relationship information does not necessarily have to clarify the relationship between “master” and “slave”. In other words, it is related to one user, so that it is possible to construct a system that has a mutual relationship that allows the user of the other user to receive the service of the other user. Also good.
  • the master-slave relationship information is used not only by the master-slave relationship but also by the second user who is the "slave”. May be managed in association with the second service. In such cases, it is possible to respond appropriately to various subdivided services by registering the “primary” primary user corresponding to each service in the identification management server. .
  • the first determination server makes a first determination based on the first electronic device identification information in order for the first electronic device to receive provision of the first service from the first service server group.
  • the “first electronic device identification information” is information for uniquely identifying the first electronic device within at least the first service server group and the first determination server, as already described. However, it may be user identification information for identifying a user as long as the first service is provided via the first electronic device, not the first electronic device itself.
  • the first electronic device identification information is identification information that is normally used by the first determination server to determine whether or not the first electronic device is an appropriate electronic device for which the service is provided. Generally, it is identification information for a system that is uniquely constructed to receive the provision of the first service.
  • the first determination server can receive the first service from the first service server group based on the first electronic device identification information. Make a first decision as to whether it is possible. This determination process is performed when the first electronic device requests provision of the first service by transmitting its own first electronic device identification information to the first determination server.
  • the first electronic device identification information is information uniquely given to each electronic device, and is usually information that is stored in a state that cannot be tampered with.
  • the first service is provided to the highly reliable first electronic device unique to the system.
  • these processes are processes that remain in the first service-related system, and are inherent processes in the first service system system (power is also increasing the reliability of the first electronic device).
  • the present invention provides such cross-sectional use between specific systems beyond vertical services within specific systems. It is for.
  • the first determination server (510) includes a first association holding unit (511), a first assurance request output unit (512), a first assurance receiving unit (513), And a service request output unit with a guarantee (514).
  • the "first association holding unit” (511) holds the common identification information of the first user and the first electronic device identification information in association with each other.
  • a table including a column for storing the value of the common identification information of the first user and a column for storing the value of the first electronic device identification information is held in the storage unit.
  • the user identified by the common identification information is identified by the first electronic device identification information.
  • “Common identification information” is information for uniquely identifying a user within the system. Originally, it is not necessary to use what is common identification information at the time when the system X in the above example is constructed.
  • Common identification information is the concept information that is first introduced to promote the use of services in electronic devices used by other users belonging to the second judgment server by users of electronic devices belonging to the server. . It is assumed that this common identification information is generally given to the decision server according to the intention of the user who owns the electronic device.
  • Distribution routes for providing the common identification information to the determination server are not limited to one.
  • this explanation is only an example, and when building a system that realizes a unique service system, it is possible to design in advance to use common identification information together with device identification information, which is a unique identification information system. It is.
  • the common identification information will be further described.
  • identification information when the user receives the first service and the second service identification information different from the first electronic device identification information and the second electronic device identification information is used. Since these are unique identification information in different service systems, it is usually asked whether the user is the same person or another person. Instead, it becomes different identification information.
  • the second electronic device used by the second user enjoys the first electronic device identification information of the first electronic device used by the first user. It cannot be determined that the second service may be provided to the first electronic device.
  • the common identification information used to receive the benefits of this system ie, cross-use between different service systems
  • the uniqueness of the system for the first and second users is guaranteed.
  • the identification management server checks the validity of the master-slave relationship based on the common identification information, and outputs a request with the result as a guarantee to the second determination server, for example, One user can receive the second service used by the second user's second electronic device.
  • FIG. 7 illustrates a table held by the first association holding unit (511).
  • the first user identified by sakura uses the first electronic device identified by device- ABC.
  • the "first warranty request output unit" (512) outputs a first warranty request including the common identification information of the first user based on the usage request of the second determination server of the first electronic equipment.
  • the output destination of the first assurance request is the identification management server.
  • the process of outputting the first warranty request by the first warranty request output unit is a process that is first performed from the first judgment sano to the outside for the cross-use between the different service systems aimed by the present invention.
  • a request for use of the second judgment server may be transmitted by the first electronic device in order to request payment of the usage fee for the first service via the second judgment server.
  • Another example of the usage request is a request to execute the first service in the second electronic device via the first electronic device power second determination server.
  • the first electronic device used by the first user was able to receive the service only within the first service system, but by breaking the barrier and receiving the prescribed service in other service systems as well. It is for trying.
  • the purpose is to use the second determination server. More specifically, in the first electronic device that the first user uses the encrypted content downloaded by the second electronic device used by the second user who is a different user from the first user. To make it available, restore it via the second decision server.
  • the password In order to make it possible for the first electronic device to view the request for obtaining the key number and the personal information (schedule, medical record, etc.) downloaded by the second electronic device, the password must be entered via the second decision server. This includes requests for acquisition.
  • a request to make a payment for the first electronic device using the billing service performed by the second electronic device is applicable.
  • a wake-up service as the second service is simultaneously applied to the second electronic device used by other users.
  • GPS Global Positioning System
  • these processes are processes that were originally impossible for the first electronic device to enjoy. Because the first electronic device can receive services within the first service system system, these processes can be enjoyed only by the second electronic device within the second service system system. It was also the power.
  • FIG. 8 shows an example of the usage request. It is indicated that the first user requests the use of the second determination server via the electronic device that is owned, occupied, or managed and identified by device- ABC. Then, as the use of the second determination server, a user having a master-slave relationship with the second determination server (second user) enjoys the second service server group (in the example of FIG. 8, the wake-up execution service). ) Is included in the usage request.
  • the usage request includes other types of usage of the second judgment server, designation of the second judgment server, designation of servers in the second service server group, second service server group. Additional information such as the designation of the service provided by the service and the billing method for the service provision may be included. Also, these additional information may be output to the first assurance request output unit (512) in association with the first assurance request.
  • FIG. 9 shows an example of the first assurance request output from the first assurance request output unit of the first determination server based on the use request of the second determination server shown in FIG.
  • the common identification information sakum of the first user is included. This is because the first association holding unit (511) holds the first electronic device identification information and the common identification information of the first user in association with each other. This is the ability to acquire the common identification information of the user of the first electronic device (that is, the first user) by searching the first association holding unit using the electronic device identification information as a key. Even if the first electronic device identification information is not included in the usage request, the first electronic device identification information at the start of the session can be used in the same session.
  • the first electronic device identification information may be extracted from the cookie holder. After the search, if the common identification information is retained, it is acquired, included in the first assurance request, and output to the identification management server.
  • the first user and the master-slave are used.
  • the request for confirmation of the second user having the relationship may be included in the first assurance request.
  • the first assurance request includes the common identification information of the first user (sakum in the example shown in the figure). 1S
  • additional information such as information for identifying the second determination server May be included.
  • the first assurance request there is a guarantee that the first user identified by the common identification information from the identification management sano exists, and there is only a second user who has a master-slave relationship with the first user. Guarantees (including the fact that there are multiple second users, each of which is the same in this document), and also allows the first user to use the services used by the second user. It is output to get a guarantee about being.
  • the purpose of this system is to enable the first user to enjoy the second service enjoyed by the second user belonging to a different service system. From the point of view of the second determination server, it is very difficult to determine whether or not the user is truly a first user who may receive a request for the second service.
  • the uniqueness of the user is guaranteed.
  • the identification management server identifies that the first user whose uniqueness is guaranteed has a master-slave relationship with the second user who is also guaranteed uniqueness. And the second It is possible to prove that the first user and the second user have a true master-slave relationship.
  • the second determination server that receives the guarantee sends the second service to the first user. Can be received.
  • the "first warranty reception unit” (513) includes the master-slave relationship information returned from the identification management server in response to the first warranty request output from the first warranty request output unit (512). Receive a guarantee. Processing in the identification management server will be described later.
  • the first guarantee includes information that guarantees the existence of a master-slave relationship based on the common identification information of the first user included in the first guarantee request.
  • the user identified by the common identification information of the first user is a “main” relationship in the relative relationship with the user identified by the common identification information of the second user who has a master-slave relationship.
  • it includes information that guarantees that the service used by the second user can be received or the service used by the second user can be executed.
  • this guaranteed information is, for example, a signature using a secret key possessed by the identification management server (for example, an entity that signs the hash value of information to be guaranteed) Information encrypted with a private key).
  • the first guarantee received by the first guarantee receiver is information that guarantees that the common identification information of the first user and the common identification information of the second user are managed by the identification management server. Is also included.
  • the guarantee contents of the first guarantee for example, the guarantee that the first user can use the service used by the second user who is assumed to have a master-slave relationship in the master-slave relationship information
  • One of the guarantees is the uniqueness of the user indicated by the master-detail relationship information. In this way, it is possible to request all the services of all second users who have a master-slave relationship with the first user.
  • a certain point is a feature of the present invention.
  • error information may be received instead of the first guarantee, If the timer is set and there is no response from the identification management server for a certain period of time, it may be determined that the first guarantee has been received in error. Further, if an error occurs in receiving the first guarantee, error information may be transmitted to the first electronic device. If the first user's common identification information itself is managed by the identification management server, but there is no second user who has a master-slave relationship with the first user, the error Error information of a type different from the information may be received instead of the first guarantee.
  • "Guaranteed service request output unit" (514) outputs a guaranteed service request including the master-slave relationship information based on the first guarantee received by the first guarantee receiving unit (513)! .
  • the contents of the service request can be changed between the first determination server and the second determination server, which are different service systems. Can be trusted as correct. In other words, it can be recognized that one user's power is a service requested by another user with the consent of both parties.
  • the user requesting the service and the user requesting the service can each identify the existence in the system by the common identification information, so that the service enjoyed by the unintended user is mistaken. If requested, it will be possible to prevent processing.
  • the master-slave relationship information is included in the service request with proof, the service is provided on the second determination server side to all the second users shown in the master-slave relationship.
  • FIG. 10 shows an example of a service request with proof.
  • the first user power identified by sakura is used by the second decision server used by the second user identified by momo, hanako, and taro who has the master-slave relationship (first This indicates that the user wants two users to wake up.
  • common identification information sakura exists and is managed by the identification management server. It is identified by the common identification information sakum and the second user's common identification information momo, hanako, and taro.
  • Information power about guaranteeing that the second user has a master-slave relationship It is arranged in the part surrounded by “>”. This part corresponds to the first guarantee received by the first guarantee receiving unit (603).
  • the first warranty includes items such as the type of usage of the second judgment server, the designation of the second judgment server, the designation of the servers of the second service server group, and the billing method for service provision. Or may be associated with each other.
  • the information placed in the part surrounded by “ku assurance data” and “ku guarantee data” must be managed by the identification management server. It may correspond to information that guarantees
  • identification information such as the first electronic device that receives the service and the first determination server may be included.
  • Figure 10 (b) shows a pattern that does not include the specified items for the services provided by the second service server group corresponding to " ⁇ usage contents>" in Figure 10 (a).
  • the pattern shown in Fig. 10 (b) is an example where the service can be uniquely identified if a second user is specified.
  • FIG. 11 is a diagram illustrating an example of a flowchart for explaining the flow of processing of the first determination server.
  • the first determination server executes the processing of this flowchart every time it becomes possible to obtain a use request for the second determination server from the first electronic device.
  • the first electronic device power also obtains a usage request for the second determination server. For example, a read system call in communication using a socket is executed in the first assurance request output unit (512).
  • the common identification information of the first user is obtained from the first electronic device identification information.
  • the first electronic device identification information of the first electronic device that has transmitted the use request in step S1101 is acquired, and the first association holding unit (511) or the like is searched using the acquired first electronic device identification information.
  • the common identification information of the first user is obtained.
  • a first assurance request including the common identification information of the first user is generated.
  • the first assurance request illustrated in FIG. 9 is generated and stored in the memory.
  • a first guarantee request is output.
  • a communication connection is established with the identification management server, and a write system call is executed in the first assurance request output unit (512) using the obtained socket.
  • step S1105 the first guarantee including master-slave relationship information is received. For example, first read system call using the socket of the communication connection established in step S1104. This is executed in the certificate receiving unit (513).
  • step S1106 a service request with proof including master-slave relationship information is generated based on the received first proof. For example, the information illustrated in FIG. 10 is generated and stored in the memory.
  • step S1107 a service request with proof is output. For example, a communication connection to the second determination server is established, and a write system call is executed in the guaranteed service request output unit (514) using the obtained socket.
  • the first determination server transfers the service provision to the first electronic device used by the first user. If the service request with proof includes the first electronic device identification information, the service may be provided directly from the second determination server or the second service server group to the first electronic device.
  • the second determination server makes a second determination based on the second electronic device identification information in order for the second electronic device to receive the second service server group power second service.
  • the second electronic device is an electronic device used by a second user who is a different user from the first user.
  • “Second electronic device identification information” is information for uniquely identifying the second electronic device within at least the range of the second service server group and the second determination server. However, it may be user identification information for identifying a user in the meaning as long as the second service is provided through the second electronic device. That is, the second electronic device identification information is identification information that is normally used by the second determination server to determine whether or not the second electronic device is an appropriate electronic device for receiving the service. Generally, it is identification information for a system that is uniquely built to receive the provision of the second service.
  • the second determination server (520) includes a second related holding unit (521) and a service request receiving unit with guaranty (522).
  • the “second association holding unit” (521) holds the common identification information of the second user and the second electronic device identification information in association with each other.
  • This common identification information is generally assumed to be given to the determination server according to the intention of the user who owns the electronic device.
  • Common Various distribution routes for providing the identification information to the determination server are conceivable and are not limited to one.
  • this explanation is only an example, and it can be designed to use common identification information together with device identification information that is a unique identification information system in advance when constructing a system that realizes a unique service system. is there.
  • the second determination server makes a second determination as to whether or not the second electronic device can receive the second service server group power second service based on the second electronic device identification information. This determination process is performed when the second electronic device requests provision of the second service by transmitting its second electronic device identification information to the second determination server. These processes remain in the second service related system and are specific processes in the second service system system. The present invention is intended to provide such cross-sectional use between specific systems rather than the vertical service within the specific system.
  • FIG. 12 illustrates a table held by the second association holding unit (521).
  • the second user identified by momo uses an electronic device identified by device—DEF.
  • the “guaranteed service request receiving unit” receives the guaranteed service request. Since the guaranteed service request is generated based on the first guarantee, it can be said to be highly reliable. Therefore, the second determination server may provide a service according to the received service request. This is because the second determination server has a trust relationship with the identification management server, and the warranty is given to the identification management server, so that the service request is valid. This is because it can be determined by the determination server.
  • the first guarantee output from the identification management server may be signed or encrypted with the private key of the identification management server. At this time, the encrypted service request has an encrypted guarantee.
  • the second decision server performs decryption with the identification management server's public key !, and the authenticity of the guarantee contents (authentication such as signatures attached to certificates with master-slave relationships) May be confirmed.
  • the second determination server may perform a search based on the service request using the common identification information of the second user as a key.
  • FIG. 13 illustrates a functional block diagram of the second determination server when a search is performed using the common identification information of the second user as a key based on the service request. Compare Figure 5 with Figure 13 Then, a second search unit (1323) is added to the second determination server (1320) of FIG.
  • the "second search unit" uses the second related holding unit (1321) based on the guaranteed service request received by the guaranteed service request receiving unit (1322) as the common for the second user. Search using the identification information as a key.
  • the search using the second user's common identification information as a key is to extract the second user's common identification information included in the guaranteed service request, and the matching common identification information is stored in the second association holding unit. This is a search for whether or not it is held. If matching common identification information is obtained, provide services according to guaranteed service requests (execution of wake-up service, acquisition of location information, payment of usage fee for the first service, encryption content, etc.) (Decryption key transmission, password transmission, etc.) may be performed.
  • the search result may be transmitted to the first determination server or the second electronic device (which may pass through the second service server group). Then, it is possible to provide a service that is powerful for all the second users indicated in the master-slave relationship information.
  • the second determination server uses the second electronic device identification information in order to identify an electronic device that can provide a service on a regular basis. That is, the second electronic device identification information is used for the second determination. Therefore, although the second determination server can trust the partner having the second electronic device identification information, in principle, the reliability of the partner and the reliability of the information provided by the partner cannot be confirmed by other means.
  • the common identification information and the second electronic device identification information are associated with each other in the second determination server, this may be used.
  • the meaning of the association with the common identification information is, for example, that the user who uses the electronic device identified by the second electronic device identification information (for example, “devi Ce — DEF”) and the common identification information (for example, “momo ”) Means that the other party identified is the same second user. If there is a request to use the second determination server for the second user identified by the common identification information for the second determination server, the second determination server Therefore, it can be determined that this request is a request for the second user identified by the second electronic device identification information.
  • the first determination server and the second determination server are distinguished for convenience, it does not prevent both of them from having the same function. Also, in other embodiments, the first determination server and the second determination server are distinguished for convenience, but both have the same function.
  • FIG. 14 illustrates a flowchart for explaining the flow of processing of the second determination server in the system according to the present embodiment.
  • the second determination server executes the processing of the flowchart of FIG.
  • step S1401 a guaranteed service request is received. For example, after detecting that a service request with a guarantee can be received, a communication connection with the first determination server is established, and a read system call is issued using the obtained socket with a service request reception section with a guarantee (522). Run with.
  • step S1402,! / The common identification information of the second user is obtained from the master-slave relationship information included in the guaranteed service request received in step S1401.
  • step S1403 the authenticity of the guaranteed service request received in step S1401 is confirmed. For example, the signature and the like are verified using the public key of the identification management server. Also, a proof that the second user identified by the common identification information obtained in step S 1402 has a master-slave relationship with the first user is obtained. [0055] In step S1404, it is confirmed that the common identification information of the second user obtained in step S1402 is held in the second association holding unit. As a result of this confirmation, it is confirmed that the second user indicated by the master-slave relationship information included in the guaranteed service request is a user of the second electronic device that provides the service by the determination at the second determination server. Can be confirmed. As a result, the second determination server can perform billing processing such as consideration for service provision. This confirmation process is performed for all second users included in the master-slave relationship information.
  • step S1405 based on the confirmation in step S1404, the provision of service to the first electronic device is permitted.
  • the server of the second service server group is instructed to provide a service toward the first electronic device.
  • the command includes the common identification information of the first user that can be included in the guaranteed service request obtained in step S1401. It's good.
  • the servers of the second service server group can determine the first user who provides the service, for example, whether or not the same type or the same service has already been provided. . Based on this judgment, the first user who has already provided the same or the same service will be provided with a discounted price or free of charge! Yo! /
  • the identification management server holds master-slave relationship information based on the common identification information and manages each server. There is a trust relationship between the identification management server and the first determination server, and between the identification management server and the second determination server.
  • the identification management server (530) includes an identification management unit (531), an identification management unit search unit (532), and a first assurance output unit (533).
  • the identification management unit (531) has already been described.
  • the identification management unit (531) manages master-slave relationship information between the first user and the second user based on the common identification information that uniquely identifies the user in the system. It is assumed that the common identification information is issued by pre-registration by a user or the like and is given to the first determination server and the second determination server. However, because common identification information is given to the decision server There are various types of distribution channels, and it is not limited to one. This common identification information ensures that the identification information in this system is unique. Similarly, master-slave relationship information based on the common identification information is assumed to be registered in advance with the identification management server by a user or the like. Then, by managing the master-slave relationship information between the first user and the second user based on the common identification information, for example, the first user has a “main” in the relative relationship with the second user. It can be guaranteed that
  • the "identification management unit search unit" searches the master-slave relationship information of the identification management unit using the common identification information of the first user included in the first assurance request output from the first determination server as a key. Search. First, the common identification information of the first user included in the first assurance request is extracted, and a search is performed to determine whether the record of master-slave relationship information that matches this is managed by the identification management unit. In such a search, first, the uniqueness of the first user in the system can be guaranteed by the common identification information of the first user. It can also be guaranteed that the first user and the second user have a master-slave relationship. Also, the uniqueness of the second user who has a master-slave relationship in the system can be guaranteed by the common identification information of the second user.
  • the “first proof output unit” (533) outputs the first proof based on the search result in the identification management unit search unit.
  • the output destination of the first guarantee is the first determination server. For example, if master-slave relationship information with the primary identification of the primary user's common identification information is obtained in the search in the identification management unit search unit, the master-slave relationship is established between the first user and the second user. Can be output as a guarantee. If the primary user's common identification information does not exist as a primary key, but is in a subordinate relationship with other users, the primary user is “primary”. Therefore, it is not necessary to output the first guarantee. For example, if common identification information of users cannot be obtained, this may be output separately as error information.
  • the first guarantee output to the first determination server may be encrypted using the secret key of the identification management server.
  • the second decision server that receives the service request with proof performs decryption with the public key of the identification management server and confirms the guarantee, it is beneficial to prevent tampering and spoofing.
  • FIG. 15 illustrates a flowchart for explaining the flow of processing of the identification management server.
  • the identification management server performs the flowchart shown in FIG. 15 every time the first assurance request can be received.
  • the first guarantee request is received. For example, a read system call is executed using the socket generated in response to the request for establishment of the communication connection from the first determination server, to the identification management unit search unit (532).
  • step S1502 common identification information of the first user included in the first assurance request is obtained.
  • step S 1503 based on the common identification information of the first user obtained in step S 1502, the identification management unit is searched for whether the master-slave relationship information is managed by the identification management unit (531). To confirm.
  • step S1504 it is searched whether there is a record whose primary key is the common identification information of the first user.
  • step S1504 a first guarantee is generated based on the confirmation in step S1503 and temporarily stored in a storage means such as a memory.
  • step S1505 the first guarantee generated and stored in step S1504 is output.
  • the first proof output unit (533) executes the write system call using the socket by the communication connection established in step S1501.
  • Embodiment 1 Process Flow of Entire System>
  • FIG. 16 shows a specific example of the processing flow of the entire system of the first embodiment.
  • FIG. 17 is a diagram showing an overall image of the processing flow shown in FIG.
  • the request for executing the wake-up process to the second user as the second service via the second determination server is illustrated.
  • the present invention is particularly effective when requesting a common service used by a plurality of users.
  • information indicating that the first determination service has already been charged may be output to the second determination server as the price.
  • the first electronic device outputs a wake-up request for a user who has a master-slave relationship with itself to the first determination server.
  • “devi Ce — ABC” is also output as the first electronic device identification information.
  • Step S1601 can be routed through the first service server.
  • the first determination server that has received the wake-up request extracts the common identification information (sakum) of the first user associated with the first electronic device identification information (device— ABC) ( S1602). Based on this usage request, the first determination server outputs a first assurance request including the common identification information (sakum) of the first user to the identification management server (S16 03).
  • S1603 specifically guarantees the uniqueness of the common identification information (sakura) of the first user and the master-slave relationship with the second user identified by the common identification information associated with the sakum. Output the request.
  • the identification management server that receives the guarantee request searches the identification management unit that manages master-slave relationship information using the common identification information (sakura) of the first user included in the first guarantee request output by the first determination server as a key. Based on the search result, a first guarantee including master-slave relationship information is generated (S1604).
  • the guarantee generated in S1604 is specifically the guarantee of uniqueness of the first user and the user identified by the common identification information of the first user (here, “sakum” for convenience) Is the “main” relationship of the user (here, “momo, hanako, taro” for convenience) identified by the common identification information of the second user, It is generated as power assurance data that the user (sakura) can use the services used by the second user (momo, ha nako, taro).
  • the uniqueness of the second user is also generated as a guarantee. At this time, based on the search result, whether or not the first guarantee is to be output may be judged.
  • the first determination server receives the first guarantee including the master-slave relation information returned from the identification management server, and based on the first guarantee, the master-slave relation information (main “sakum”, “sub” mom o, A wake-up request (guaranteed service request) is output to a user who has a master-slave relationship with “sakura” including hanako, taro) (S1606).
  • the second determination server receives the wake-up request (guaranteed service request) to the users “momo”, “hanak 0 ”, and “t a ro”.
  • the second determination server further searches based on the received service request with proof whether the common identification information (momo, hanako, taro) of the second user is registered in the server (S 1607). . Specifically, the S1607 holds the second user's common identification information (momo, hanako, taro) and the second electronic device identification information (device—DEF, GHI, JKL) in association with each other. The second related holding unit is searched using the common identification information (momo, hanako, taro) of the second user as a key. This search process is executed for each second user.
  • the common identification information (momo, hanako, taro) of the second user is detected, so that it is associated with the common identification information.
  • a wake-up request is output to all the second electronic devices identified by the second electronic device identification information (S1608).
  • the wake-up request may be requested via a server in the second service server group.
  • the alarm is activated by the second electronic device that has received the alarm request (S1609).
  • the second determination server outputs a wake-up request to the second electronic device, and then notifies the first electronic device via the first determination server which user made the wake-up request. May be performed.
  • Embodiment 1 Realization>
  • FIG. 18 shows an example of an implementation of the first embodiment.
  • the first determination server (183 0) will be described as an example.
  • the physical configuration of the first judgment server (1830) is realized as powerful hardware (1831) such as a CPU, memory, hard disk, input / output device, and network interface (IZO). Is done.
  • the operating system (1832) which is the basic software for abstracting the functions of the hardware (1831) and managing the operation of the hardware (1831), operates on top of it.
  • the second determination server (1840) and the identification management server (1850) are also realized by operating an operating system on the hard disk and operating a program having modules that implement each unit on the operating system. What you can do is similar.
  • the first electronic device (1810) and the second electronic device (1820) have a module that operates an operating system on hardware and implements each unit on the hardware. This can be realized by operating the program.
  • electronic equipment identification information is stored in association with hardware (1811, 1821).
  • one electronic device is not bound by one service system, and the barrier of the service system can be removed.
  • the first electronic device used by the first user can be given the service that the second electronic device used by the second user in another service system can use.
  • the improvement of sex can be expected.
  • the convenience can be further improved when there are multiple second users. I can expect.
  • Embodiment 2 Overview>
  • the second embodiment will be described below.
  • the second embodiment is based on the same service server group, electronic device, determination server, identification management server, and the second request server usage request of the force first electronic device force as the first embodiment.
  • the identification management server that has received the service request with warranty request that outputs the first judgment server searches the identification management unit, and the service request with guarantee is output from this identification management server to the second judgment server.
  • FIG. 20 is a diagram illustrating an example of the concept of the present embodiment. The general processing flow in Fig. 20 is as follows. The meaning of each term will be explained later.
  • the first electronic equipment used by user A also makes a usage request for the second judgment server to the first judgment server. This usage request may be requested to the first determination server or may be requested via the first service server group.
  • the second determination server Upon receiving the usage request, the second determination server makes a warranty request service request to the identification management server. (3) For the identification management server that has received the service request with warranty request, for the second determination server identified by the second determination server identification information included in the service request with warranty request. The service request with proof including the master-slave relationship information based on the common identification information of user A included in the service request with proof request is output.
  • the first determination server outputs a service request with a guarantee request based on the use request of the second determination server of the first electronic device power, and the identification tube that receives the request.
  • the management server is characterized in that it searches the identification management unit and outputs a guaranteed service request to the second determination server based on the search result without going through the first determination server.
  • FIG. 21 illustrates a functional block diagram of the system according to the second embodiment.
  • the first service server group (2101) that performs the first service to the first electronic device (2103) based on the first determination and the second service based on the second determination
  • the second service server group (2102) used by the second user and the second service server group (2102) receives the second service
  • the first service server group (2101) receives the first service.
  • a second determination server that determines the second electronic device (2104) based on the second electronic device identification information.
  • an identification management server (2130) that manages the master-slave relationship information between the first user and the second user based on the common identification information that uniquely identifies the user in the system. ) Is a system (2100).
  • Embodiment 1 communication between the first determination server (510) and the identification management server (530) is performed, and then communication between the first determination server (510) and the second determination server (520).
  • the second embodiment communication between the first determination server (2110) and the identification management server (2130) is performed, and then the identification management server (2130) and the second determination server (2120) are communicated. ) And communication.
  • the first determination server (2110) includes a first relation holding unit (2111) and a service request output unit with warranty request (2112).
  • the "first association holding unit" (2111) is configured to identify the first user's common identification information and the first electronic device identification. Associate and hold information. That is, the definition of the first association holding unit (2111) is the same as that of the first association holding unit (511) in the first embodiment.
  • Service request output unit with warranty request (2112) is based on the second determination server usage request from the first electronic device and is shared by the second determination server identification information and the first user.
  • a service request with warranty request including identification information is output.
  • “Second determination server identification information” is information for identifying the second determination server. For example, the fully qualified domain name (FQDN) assigned to the second determination server or the IP address assigned to the second determination server.
  • FQDN fully qualified domain name
  • a service request is made to the second determination server using the second determination server identification information.
  • the second determination server identification information may be information held in the first determination server, or may be information included in the usage request for the first electronic device. .
  • the reason why the service request with warranty request includes information for identifying the second determination server is that, unlike Embodiment 1, Embodiment 2 makes a service request to the second determination server via the identification management server. For this reason, the identification management server needs the identification information of the second determination server that is the service request destination.
  • the service request output unit with warranty request (2112) performs a process first performed from the first determination server to the outside for the purpose of cross-use between different service systems aimed by the present invention.
  • This service request with a guarantee request is output to the identification management server.
  • a request for using the second determination server may be sent by the first electronic device in order to request payment of the usage fee for the first service via the second determination server. Examples of other usage requests include a request to execute the first service on the second electronic device via the first electronic device power second determination server.
  • the first electronic device was able to receive services only within the first service system, but it was intended to break through the barrier and receive the prescribed service in other service systems. It is.
  • the purpose is to use the second determination server in particular, and the service in the other service system received by the second user who is a different user from the first user is used for the first use. It is intended to be received by a person.
  • a decryption key is provided via the second determination server.
  • a wake-up service as a second service is provided to the second electronic device used by another user.
  • these processes are processes that were originally impossible for the first electronic device to enjoy. Because the first electronic device can receive services within the first service system system, these processes can be enjoyed only by the second electronic device within the second service system system. It is also the power.
  • the first electronic device identification information of the first electronic device is output together with the first determination server.
  • the service request output unit acquires the common identification information of the first user based on the first electronic device identification information. Also, obtain second judgment server identification information (for example, IP address) that is information about the second judgment server that is the target of the usage request.
  • FIG. 22 shows an example of a service request with proof request.
  • the difference between FIG. 22 (a) and FIG. 22 (b) is due to whether or not the contents of use as the designation of the service provided by the second service server group are specified.
  • the second determination server is identified by the IP address 123. 45. 6 7. 89, and the common identification information of the first user is specified by sakum.
  • the usage details of the service request include information requesting acquisition of location information of the second user.
  • the service request with warranty request may include other methods such as specifying a server in the second service server group and charging a fee for providing the service.
  • FIG. 23 illustrates a flowchart explaining the flow of processing of the first determination server in the system according to the second embodiment.
  • the first determination server executes the process shown in this flowchart every time a use request for the first electronic device power second determination server can be acquired.
  • a request for using the second determination server is obtained from the first electronic device.
  • a read system call in communication using a socket is executed in the service request output unit with guarantee request (2112).
  • the common identification information of the first user is obtained from the first electronic device identification information. For example, by acquiring the identification information of the electronic device that transmitted the use request in step S2301 from information indicating the communication connection, etc., and searching the first related holding unit (2111) with the acquired identification information, The common identification information of the first user is obtained.
  • a service request with proof request including the second determination server identification information and the common identification information of the first user is generated with reference to the information obtained in steps S2301 and S2302.
  • the service request with proof request illustrated in FIG. 22 is generated.
  • the generated service request with proof request may be temporarily stored in the memory.
  • a service request with a guarantee request is output. For example, a communication connection with the identification management server is established, a service request with a guarantee request stored in a memory or the like is read, and a write system call is output using a socket obtained by establishing the communication connection. This is executed in the unit (2112).
  • the second determination server (2120) includes a second association holding unit (2121) and a second service request receiving unit with proof (2122).
  • the “second association holding unit” (2121) holds the common identification information of the second user and the second electronic device identification information in association with each other.
  • the “second service request receiving part with proof” (2122) receives the second service request with proof including the master-slave relationship information output from the identification management server.
  • the second service request with proof is returned from the identification management sano of the system according to the present embodiment based on the service request with proof output from the first determination server. Processing in the identification management server of the system according to this embodiment will be described later.
  • FIG. 24 shows an example of a second service request with proof.
  • the difference between Fig. 24 (a) and Fig. 24 (b) is the ability to clearly indicate the service usage.
  • the service request with the second guarantee illustrated in FIG. 24 includes master-slave relationship information.
  • This master-slave relationship information includes sakum as the common identification information for the first user, and momo, hanako, taro as the common identification information for the second user who has a master-slave relationship with the first user. It is. As a result, a request regarding the service received by the electronic device used by the second user identified by momo, hanako, and taro is received. In addition, data such as signatures by the identification management server to guarantee the authenticity of common identification information and master-slave relationship information is placed between “ku assurance data” and “ku guarantee data”. Yes.
  • the service request with the second guarantee may include the designation of the service provided by the second service server group and the billing method for the service provision, etc. The information may be placed between “ku guarantee data” and “ku guarantee data”.
  • the second determination server may perform a search using the common identification information of the second user as a key based on the second service request with proof. .
  • FIG. 25 illustrates a functional block diagram of the second determination server when a search is performed using the common identification information of the second user as a key based on the second service request with proof.
  • the second search unit (2523) is added to the second determination server (2520) of FIG.
  • the “second search unit” (2523) uses the second association holding unit (2521) as a key for the common identification information of the second user. Search for.
  • the search using the common identification information of the second user as a key is the common identification information that is extracted from the common identification information of the second user indicated by the master-slave relationship information included in the guaranteed service request and matches this To search whether or not is held in the second association holding unit. If matching common identification information is obtained, service is provided according to the guaranteed service request (payment of usage fee for the first service, transmission of decryption key for encrypted content, password transmission, alarm processing, location information, etc. Acquisition etc.). Also The search result may be transmitted to the first determination server or the second electronic device (may be routed through the second service server group).
  • FIG. 26 exemplifies a flowchart for explaining the flow of processing of the second determination server in the system according to the present embodiment.
  • the second determination server executes the flowchart of FIG. 26 every time it can receive the second guaranteed service request.
  • step S2601 a second service request with proof including master-slave relationship information is received. For example, after detecting that it is possible to receive a service request with a second guarantee, establish a communication connection with the identification management server, and use the obtained socket to make a read system call with a service request with a second guarantee. Receive (2122) [Click here to execute.
  • step S2602 obtain the common identification information of the master-slave relationship information power second user included in the second guaranteed service request received in step S2601.
  • step S2603 the authenticity of the second guaranteed service request received in step S2601 is confirmed. For example, signatures are verified using the public key of the identification management server.
  • step S2604 it is confirmed that the common identification information of the second user obtained in step S2602 is held in the second association holding unit.
  • the second user indicated by the master-slave relationship information included in the second guaranteed service request is the user of the second electronic device that provides the service by the determination at the second determination server. I can confirm that. Thereby, on the second determination server side, for example, position information can be acquired and the information can be output to the first electronic device.
  • the identification management server (2130) includes an identification management unit (2131), a service request receiving unit with warranty request (2132), an identification management unit search unit (2133), and a second server with warranty. And a service request output unit (2134).
  • the "identification manager" (2131) manages master-slave relationship information between the first user and the second user based on the common identification information that uniquely identifies the user in the system! .
  • the common identification information is issued by being registered in advance by a user or the like, and is assumed to be given to the first determination server and the second determination server. However, there are various possible distribution routes for common identification information to be given to the decision server, and the distribution route is limited to one. Not. This common identification information ensures that the identification information in this system is unique.
  • the master-slave relationship information based on the common identification information is assumed to be registered in advance with the identification management server by a user or the like. Then, by managing the master-slave relationship information between the first user and the second user based on the common identification information, for example, the first user has a “main” in the relative relationship with the second user. We can guarantee that we have the relationship.
  • the “service request reception unit with warranty request” (2132) receives the service request with warranty request output from the first determination server.
  • the service request with a warranty request may be received separately from the warranty request and the service request.
  • a guarantee request may be output first from the first determination server, and the identification management unit may be searched by the identification management server based on this. Then, the guarantee that is the search result may be returned to the first determination server, and the first determination server that received the guarantee may output the service request.
  • the "identification management unit search unit" (2133) uses the common identification information of the first user included in the service request with warranty request received by the service request reception unit with warranty request as a key.
  • the master-slave relationship information is searched. That is, the common identification information of the first user included in the first assurance request is extracted, and a search is performed to determine whether the record of master-slave relationship information that matches this is managed by the identification management unit.
  • the uniqueness of the first user in the system can be guaranteed by the common identification information of the first user. It can also be guaranteed that the first user and the second user have a master-slave relationship.
  • the uniqueness of the second user who has a master-slave relationship in the system can be guaranteed by the common identification information of the second user.
  • the “second-guaranteed service request output unit” (2134) outputs the second-guaranteed service request based on the search result in the identification management unit retrieval unit.
  • the output destination of the second service request with proof is the second determination server. If master-slave relationship information with the primary key of the common identification information of the first user is obtained by the search in the identification management unit search unit, the first user and the second user have a master-slave relationship. It is possible to output a service request with assurance that the service has been performed. If the common identification information of the first user does not exist as a primary key, but the relationship is subordinate to another user, the first user Since it does not have a “main” relationship, it is not necessary to output a second service request with proof.
  • the second service request with proof output to the second determination server may be encrypted with the secret key of the identification management server.
  • the second decision server that receives the second service request with proof performs decryption using the public key of the identification management server and confirms the guarantee, it is beneficial to prevent tampering and spoofing.
  • the identification management server may hold the second determination server identification information.
  • the second determination server identification information included in the service request with proof request is compared with the second determination server identification information. The uniqueness and correctness of the server may be determined.
  • FIG. 27 exemplifies a flowchart for explaining the processing flow of the identification management server of the system according to the present embodiment.
  • the identification management server executes the processing shown in this flowchart every time a service request with a guarantee request can be received.
  • a service request with a guarantee request is received.
  • a read system call that refers to the socket of the communication connection established by a request from the first determination server is executed in the service request receiving unit with proof request (2132).
  • step S2702 the common identification information of the first user included in the received service request with proof request is obtained.
  • the obtained result is temporarily stored in a memory, for example.
  • a service request included in the service request with proof request is also obtained, and may be temporarily stored in a memory or the like.
  • the master-slave relationship information is managed by the identification management unit (2131) based on the common identification information of the first user. Specifically, it is searched whether there is a record whose primary key is the common identification information of the first user.
  • a second service request with proof including master / slave relationship information is generated based on the result of step S2703. The generated second service request with proof is temporarily stored in a memory, for example.
  • the second determination server identification information included in the service request with proof request received in step S2701 is obtained.
  • the obtained second determination server identification information is, for example, a memo It is temporarily stored in In step S2706, the second service request with proof generated in step S2704 is output to the second determination server. For this step, for example, a communication connection with the second determination server is established using the second determination server identification information obtained in step S2705, and the second assurance is established using the socket obtained by this establishment. In the attached service request output unit (2134), the write system call is executed.
  • FIG. 28 shows a specific example of the processing flow of the entire system according to the second embodiment.
  • FIG. 29 is a diagram showing an overall image of the processing flow shown in FIG.
  • the second electronic device used by the second user can also obtain the location information of the second electronic device used by the first user.
  • the request for obtaining the location information of the second user via the judgment server is illustrated.
  • the first electronic device outputs a position information acquisition request (use request) to the first determination server.
  • “devi ce — ABC” is also output as the first electronic device identification information.
  • S2801 may pass through the first service server group.
  • the common identification information (sakum) of the first user associated with the first electronic device identification information (device- ABC) Is extracted (S2802). Then, based on the received location information acquisition request, a service request with a guarantee request including the second determination server identification information (IP123. 45. 67. 89) and the common identification information (sakum) of the first user is identified. (S2803). Specifically, S2803 outputs a guarantee request for the master-slave relationship with the second user identified by the common identification information associated with the common identification information (sakum) of the first user.
  • the identification management server receives this service request with warranty request (location information acquisition request with warranty request) output from the first judgment server, and based on the received service request with warranty request, the master-slave relationship
  • the identification management unit that manages the information is searched using the common identification information of the first user as a key. Then, a second service request with proof including master-slave relationship information is generated based on the search result (S2804).
  • the guarantee generated in S2804 is specifically the guarantee of the uniqueness of the first user and the user identified by the common identification information of the first user (here called “sakum” for convenience).
  • the common identification information of the second user It is in the “main” relationship of the user to be separated (for convenience, “momo, hanako, taro”), that is, the first user (sakura) is the second user (momo, hanako, It is generated as guarantee data that the service used by taro) can be used.
  • the uniqueness of the second user is also generated as a guarantee.
  • determination processing may be performed as to whether or not the second service request with proof should be output based on the search result.
  • the identification management server requests the second determination server to obtain the user's location information including a guarantee that the user (mo mo, hanako, taro) associated with sakum has a master-slave relationship (S2805).
  • the second determination server receives the second service request with proof (position information acquisition request with proof) including the master-slave relationship information output from the identification management server.
  • the second determination server further searches whether the common identification information (momo, hanako, taro) of the second user is registered in this server based on the received second guaranteed service request.
  • the S2806 has a second association holding unit that holds the common identification information (momo, hanako, taro) of the second user and the second electronic device identification information (device—DEF, GHI, JKL) in association with each other.
  • the second user's common identification information (momo, hanako, taro) is searched for as a key. This search process is executed for each second user.
  • the common identification information (momo, hanako, taro) of the second user is detected, so that it is associated with the common identification information.
  • the position information of the second electronic device is acquired by outputting a position information acquisition request to all the second electronic devices identified by the second electronic device identification information (S28).
  • the location information acquisition process may be performed via a server in the second service server group. Thereafter, the second determination server outputs the acquired position information to the first electronic device (S2808). Note that the location information transmitted in S2808 may be transmitted via the first determination server.
  • FIG. 30 shows an example of an implementation of the second embodiment.
  • the identification management server (305 0) will be described as an example.
  • the physical configuration of the identification / determination server (3050) consists of a CPU, memory, hard disk, input / output device, network interface, and other hardware. It is realized as software (3050).
  • the operating system (3052) which is the basic software for abstracting the functions of the hardware (3051) and managing the operation of the hardware (3051), operates, and the identification management module (3053), service request reception module with warranty request (3054), identification management unit search module (3055), second service request output module with warranty (3056), identification management unit (2131), with warranty request, respectively
  • the first determination server (3030) and the second determination server (3040) an operating system is operated on the hardware, and a program having a module for realizing each unit is operated on the operating system. What can be realized by this is the same. Also, for each of the first electronic device (3010) and the second electronic device (3020), as with each server, a program having a module that operates an operating system on the hardware and realizes each unit on the operating system. It can be realized by operating. Note that electronic device identification information is stored in association with hardware (3011, 3021).
  • Embodiment 2 Main Effects>
  • the embodiment is the same as the first embodiment in that the service server group, the electronic device, the determination server, and the identification management server are powerful systems, but the difference from the first embodiment is that the first determination server
  • the ID management server that has received the service request with proof request output from the server searches the ID management unit, and the ID management server outputs the service request with proof based on the search result.
  • user identification management in the form of vertically integrated system operation management in the first electronic device, first service server, and first determination server is linked with other vertically integrated system operation management forms. More flexible services.
  • a service request with a guarantee is given from the identification management server, so that a trust relationship that enables service provision even when there is no cooperation between the determination servers can be generated.
  • the first user has a master-slave relationship with himself. Because it is possible to request the services of all the second users at the same time, further improvement in convenience can be expected when there are multiple second users.
  • Embodiment 3 Overview>
  • Embodiment 3 will be described below.
  • the present embodiment is a powerful system including a service server group, an electronic device, a determination server, and an identification management server.
  • the second judgment server that directly receives the first service request from the first judgment server outputs the second assurance request to the identification management server, and the identification management server that received the second assurance request
  • the identification management unit is searched, and the guarantee is output to the second determination server based on the search result.
  • FIG. 31 is a diagram showing an example of the concept of the present embodiment. The rough processing flow in Fig. 31 is as follows. The meaning of each term will be explained later. (1) Power of first electronic device used by user A A request for using the second determination server is sent to the first determination server.
  • This use request may be requested to the first determination server or may be requested via the first service server group.
  • the first determination server makes a first service request to the second determination server.
  • the second determination server that has received the first service request outputs a second assurance request to the identification management server.
  • the identification management server that received the second assurance request outputs a second assurance including master-slave relationship information based on the common identification information of User A included in the second assurance request. In this way, the second determination server that has obtained the second guarantee provides the first electronic device with a service according to the request, assuming that the service request from the first determination server is valid. be able to.
  • Embodiment 3 Configuration>
  • FIG. 32 illustrates an overall functional block diagram of the system according to the second embodiment.
  • the third embodiment includes a first service server group (3201) that performs the first service on the first electronic device (320 3) based on the first determination, and a second service based on the second determination.
  • the second service server group (3202) that provides services to the second electronic device (3204) and the first electronic device that the first user uses and the first service server group (3201) also receives the first service (3203) When, In order to receive the first service from the second electronic device (3204) used by the second user and receiving the second service from the second service server group (3202), and the first service server group (3201), In order to receive the second service from the first determination server (3210) and the second service server group (3202) for determining the first electronic device (3203) based on the first electronic device identification information! Second electronic equipment (3204) based on the second electronic equipment identification information!
  • the second determination server (3220) that makes the second determination, and the master / slave relationship information between the first user and the second user ( 32 (31) is a system (3200) comprising an identification management server (3230) managed by the system.
  • communication between the first determination server (510) and the identification management server (530) is first performed, and then the first determination server (510) and the second determination server (520) are communicated.
  • communication is first performed between the first determination server (3210) and the second determination server (3220) and then identified from the second determination server (3220). It differs in that it communicates with the management server (3230).
  • the first determination server (3210) includes a first association holding unit (3211) and a first service request output unit (3212).
  • the “first association holding unit” (3211) holds the common identification information of the first user and the first electronic device identification information in association with each other. That is, the definition of the first association holding unit (3211) is the same as that of the first association holding unit (511) in the first embodiment.
  • the "first service request output unit” (3212) outputs the first service request including the common identification information of the first user based on the usage request of the second determination server of the first electronic equipment.
  • the The output destination of the first service request is the second determination server.
  • the first service request output unit (3212) performs processing first performed from the first determination server to the outside for cross-sectional use between different service systems aimed by the present invention.
  • a request for use of the second determination server may be transmitted by the first electronic device in order to request payment of the usage fee for the first service via the second determination server.
  • the usage request there is a request for executing the first service on the second electronic device via the first electronic device power second determination server.
  • the first electronic device is the first service system.
  • the power of being able to receive services only within the system is to break through the barrier and try to receive the prescribed services in other service systems.
  • the purpose is to use the second determination server, and the service in the other service system that is received by the second user who is a different user from the first user is used for the first use. It is intended for those who receive it.
  • the first electronic device used by the first user to use the encrypted content downloaded by the second electronic device used by the second user
  • the wake-up service as the second service is provided to the second electronic device used by another user. For example, to obtain the location information of the second electronic device all at once using the GPS function that the second electronic device may have, etc. Can be mentioned. To reiterate, these processes are processes that were originally impossible for the first electronic device to enjoy. Because the first electronic device can receive service within the first service system system, these processes can only be enjoyed by the second electronic device within the second service system system. It is also the power.
  • FIG. 33 shows an example of the first service request.
  • the difference between Fig. 33 (a) and Fig. 33 (b) is whether or not the service usage is clearly stated.
  • the common identification information (sakum) of the first user is included as information for identifying the service requesting user.
  • the first service request may include the contents of the service of the second service server group.
  • the first service request may include a designation of a server of the second service server group, a billing method for service provision, and the like.
  • the first service request may include a request request for causing the second determination server to confirm the master-slave relationship between the first user and the second user to the identification management server.
  • FIG. 34 illustrates a flowchart explaining the flow of processing of the first determination server in the system according to the third embodiment.
  • the first determination server executes the process shown in this flowchart every time a use request for the first electronic device power second determination server can be acquired.
  • the first electronic device power also obtains a usage request for the second determination server. For example, a read system call in communication using a socket is executed in the first service request output unit (3212).
  • step S3402 common identification information of the first user is obtained from the first electronic device identification information.
  • the first electronic device identification information of the first electronic device that has transmitted the use request in step S3401 is acquired based on the information indicating the communication connection! /, And the acquired first electronic device identification information is used. By searching the first association holding unit (32 11), the common identification information of the first user can be obtained.
  • step S3403 the first service request including the common identification information of the first user is generated with reference to the information obtained in steps S3401 and S3402.
  • the generated first service request may be temporarily stored in a memory or the like.
  • step S3404 the first service request is output. For example, a communication connection is established with the second determination server, a first service request stored in memory or the like is read, and a write system call is sent to the first service request output unit (using a socket obtained by establishing the communication connection) ( 3212).
  • the first service request is output to the second determination server.
  • the second determination server (3220) includes a second association holding unit (3221), a service request receiving unit (3222), a second warranty request output unit (3223), and a second warranty And a receiver (322 4).
  • the "second association holding unit" (3221) holds the common identification information of the second user and the second electronic device identification information in association with each other.
  • the “service request receiving unit” (3222) receives the first service request output from the first determination server force S of the system according to the present embodiment.
  • the received first service request includes the common identification information of the first user, but the second user does not include the common identification information, and there is a master-slave relationship between the users. Since there is no guarantee to confirm that the service has been received, the service is immediately provided when the first service request is received. I can't do it.
  • the "second warranty request output unit" (3223) outputs a second warranty request including the common identification information of the first user based on the first service request received by the service request receiving unit (3222).
  • the output destination of the second guarantee request is the identification management server.
  • the first assurance request is a guarantee that there is only one primary user identified by the common identification information from the identification management server.
  • the second assurance request includes the common identification information of the first user, but may also include information for identifying the first determination server.
  • the "second warranty reception unit" (3224) includes the second warranty reception information including the master-slave relationship information output from the identification management server based on the second warranty request output from the second warranty request output unit (3223). Receive a testimonial. Processing in the identification management server will be described later.
  • the second guarantee includes information that guarantees the existence of a master-slave relationship based on the common identification information of the first user included in the second guarantee request.
  • the user identified by the common identification information of the first user is the “main” relationship in the relative relationship with the user identified by the common identification information of the second user who has a master-slave relationship.
  • it includes information that guarantees that there is a relationship in which the service used by the second user can be received and the service used by the second user can be executed.
  • the second guarantee output from the identification management server may be encrypted with the secret key of the identification management server. At this time, the second determination server decrypts the second guarantee with the public key of the identification management server. You may be able to confirm the warranty details.
  • FIG. 35 exemplifies a functional block diagram of the second determination server in the case where a search is performed using the common identification information of the second user as a key based on the second guarantee.
  • a second search unit (3525) is added to the second determination server (3520) of FIG. [0120]
  • the "second search unit" (3525) generates a second related holding unit (3521) based on the first service request received by the service request receiving unit and the second guarantee received by the second guarantee receiving unit. ) Is searched using the common identification information of the second user as a key.
  • a search using the common identification information of the second user as a key is to extract the common identification information of the second user included in the second warranty, and the common identification information that matches this is extracted by the second association holding unit.
  • the search result may be transmitted to the first determination server or the second electronic device (which may be routed through the second service server group).
  • FIG. 36 illustrates a flowchart for explaining the flow of processing of the second determination server in the system according to the present embodiment.
  • the second determination server executes the flowchart of FIG. 36 every time reception of the first service request becomes possible.
  • the first service request is received. For example, after detecting that the first service request can be received, a communication connection with the first determination server is established, and a read system call is executed in the service request reception unit (3222) using the obtained socket. .
  • a second assurance request including the common identification information of the first user is generated. This generation is performed based on the content of the first service request received at step S3601. The generated second guarantee request is temporarily stored in a memory, for example.
  • a second warranty request is sent.
  • step S3604 This transmission is performed by establishing a communication connection with the identification management server and executing a write system call using the socket obtained by this establishment in the second assurance request output unit (3223).
  • step S3604 the second guarantee including master-slave relationship information is received. This reception is performed by executing a read system call using the socket in the second proof receiving unit (3224).
  • step S3605 the service is permitted to the first electronic device based on the first service request received in step S3601 and the second guarantee received in step S3604.
  • the identification management server (3230) includes an identification management unit (3231), an identification management unit search unit (3232), and a second assurance output unit (3233).
  • the “identification manager” (3231) is the same as that described in the first embodiment.
  • the "identification management unit search unit" (3232) uses the common identification information of the first user included in the second assurance request output from the second determination server as a key, and the master / slave of the identification management unit (3231). Search for relationship information. That is, the common identification information of the first user's common identification information included in the first assurance request is extracted, and a search is performed as to whether or not a record of master-slave relationship information that matches this is managed by the identification management unit. In such a search, first, the uniqueness of the first user in the system can be guaranteed by the common identification information of the first user. It can also be assured that the primary user and secondary user have a master-slave relationship. In addition, the uniqueness of the second user who has a master-slave relationship in the system can be guaranteed by the common identification information of the second user.
  • the “second guarantee output unit” (3233) outputs the second guarantee based on the search result in the identification management unit.
  • the output destination of the second guarantee is the second determination server. If master / slave relationship information with the primary user's common identification information as the primary key is obtained in the search by the identification management unit search unit, the first user and the second user have a master / slave relationship. Can be output as a guarantee. If the primary user's common identification information does not exist as a primary key, but the relationship is subordinate to another user, the primary user has a “primary” relationship. Therefore, it is not necessary to output the second guarantee. Also, for example, if the common identification information of the user cannot be obtained, this may be output as error information separately.
  • the second guarantee output to the second determination server may be encrypted with the secret key of the identification management server.
  • the second judgment server that received the second guarantee performs decryption using the public key of the identification management server and can confirm the guarantee, it is beneficial to prevent tampering and spoofing.
  • FIG. 37 illustrates a flowchart for explaining the flow of processing of the identification management server of the system according to the present embodiment.
  • the identification management server executes the processing shown in this flowchart every time the second guarantee request can be received.
  • a second warranty request is received.
  • a read system call referring to a socket of a communication connection established by a request from the second determination server is executed in the identification management unit search unit (3232).
  • the common identification information of the first user included in the received second assurance request is obtained.
  • the obtained result is temporarily stored in a memory, for example.
  • it is confirmed that the master-slave relationship information is managed based on the common identification information of the first user.
  • step S3704 a search is made as to whether or not there is a record whose primary key is the common identification information of the first user.
  • step S3704 a second guarantee including master-slave relationship information is generated based on the result of step S3703.
  • the generated second guarantee is temporarily stored in, for example, a memory.
  • step S3705 the second guarantee generated in step S3704 is output to the second determination server.
  • the write system call is executed in the second assurance output unit (3233) using the communication connection established in step S3701.
  • FIG. 38 and FIG. 39 show a specific example of the processing flow of the system of the third embodiment.
  • FIG. 40 is a diagram showing an overall image of the processing flow shown in FIGS. 38 and 39.
  • a request for paying the usage fee for the first service via the second determination server is illustrated.
  • an electronic device for collection belonging to the first service server group that collects taxes, national pensions, etc. may make a request by adding charges such as these taxes to the charge for call charges such as mobile phones. It is done.
  • the payment procedure is simplified, and depending on the tax collection side, the second user does not want to stop the second service he uses.
  • the first electronic device outputs a billing request for a user who has a master-slave relationship with itself to the first determination server.
  • “devi ce — ABC” is also output as the first electronic device identification information.
  • Step S3801 can also be routed through the first service server.
  • the first determination server that has accepted the billing request (usage request) extracts the common identification information (sakum) of the first user associated with the first electronic device identification information (device-ABC).
  • the first determination server Based on this use request, the first determination server outputs a first service request including the common identification information (sakum) of the first user (S3803).
  • the S3803 outputs a billing request (first service request) to the second user who has a master-slave relationship with the common identification information (sakum) of the first user.
  • the second determination server receives the first service request output from the first determination server, and based on the received first service request, the common identification information of the first user ( The second guarantee request including sakum) is output to the identification management server (S3804).
  • the guarantee request of the user who has master-slave relationship with sakum is output.
  • the identification management server that received the guarantee request searches the identification management unit that manages the master-slave relationship information using the common identification information (sakum) of the first user as a key, and based on the search result, A second proof including related information is generated (S3805).
  • the guarantee generated by S3805 is specifically the guarantee of the uniqueness of the first user and the user identified by the common identification information of the first user (here called “sakum” for convenience) Is the “main” relationship of the user (here, “momo, hanako, taroj”) identified by the common identification information of the second user, that is, the first user ( It is generated as guarantee data that the service used by the second user (momo, hanako, taro) can be used by sakum).
  • the uniqueness of the second user is also generated as a guarantee.
  • a determination process may be performed as to whether or not the second guarantee should be output based on the search result.
  • the generated second guarantee including master-slave relationship information is output from the identification management server to the second determination server (S3806).
  • the second determination server receives the second guarantee output from the identification management server.
  • the second determination server further determines whether the common identification information (momo, hanako, taro) of the second user is registered in this server based on the received first service request and second guarantee. Search is performed (S3807).
  • the S3807 is a second related holding unit that holds the common identification information (momo, hanako, taro) of the second user and the second electronic device identification information (device—DEF, GHI, JKL) in association with each other. Is searched using the common identification information (momo, hanako, taro) of the second user as a key. This search process is executed for each second user.
  • the second determination server as a result of searching the second association holding unit, the common identification information (momo, hanako, taro) of the second user is detected, so that it is associated with the common identification information.
  • the second electronic device identified by the second electronic device identification information is charged, and the charge execution notification is output to the second electronic device (S3808).
  • the second determination server sends a charge completion notification via the first determination server after the charge is executed (S3809).
  • S3809 may be notified via the identification management server or directly to the first electronic device.
  • FIG. 41 shows an example of implementation of the third embodiment.
  • the second determination server (4140) will be described as an example.
  • the physical configuration of the second determination server (4140) is realized as powerful hardware (4140) such as a CPU, memory, hard disk, input / output device, and network interface.
  • the operating system (4142) which is basic software for abstracting the functions of the hardware (4141) and managing the operation of the hardware (4141), operates, and on top of that, Two related holding modules (4143), service request receiving module (4144), second warranty request output module (4145), second warranty receiving module (4146), and second search module (4147), respectively.
  • Consists of modules that implement an association holding unit (3221), service request receiving unit (3222), second warranty request output unit (3223), second warranty receiving unit (3224), and second search unit (3525) Run the program. This program executes, for example, the processing illustrated in FIG. Note that the second search module (3525) is not an essential implementation.
  • This embodiment is the same as the first embodiment in that it is a service server group, an electronic device, a determination server, an identification management server, and a powerful system, but receives a first service request from the first determination server.
  • the second determination server outputs the second guarantee request to the identification management server, and in response to this, the identification management server searches the identification management unit and outputs the guarantee.
  • Different By linking user identification management in the operation management form of the vertically integrated system in the first electronic device, first service server, and first determination server with the operation management form of other vertically integrated systems, More flexible services can be provided.
  • the assurance provided by the identification management sano increases the reliability of the system and ensures a safe service provision environment.
  • the first user can request the services of all the second users who have a master-slave relationship with him or her at the same time, the convenience is expected to be further improved when there are multiple second users. it can.
  • FIG. 4 is a conceptual diagram for explaining the first embodiment.
  • FIG. 6 is a diagram showing an example of information stored and managed by the identification management unit of the identification management server of the first embodiment.
  • FIG. 7 is a diagram illustrating an example of a table held by the first related holding unit according to the first embodiment.
  • FIG. 11 is a diagram illustrating the processing flow of the first determination server according to the first embodiment.
  • FIG. 12 is a diagram illustrating an example of a table held by the second related holding unit according to the first embodiment.
  • FIG. 13 is a second functional block diagram of the first embodiment.
  • ⁇ 14] A diagram for explaining the processing flow of the second determination server in the first embodiment.
  • FIG. 16 is a sequence diagram illustrating a specific example of the processing flow of the entire system according to the first embodiment.
  • FIG. 17 is a diagram for explaining the overall image of the processing flow of the entire system of the first embodiment.
  • FIG. 18 is a diagram showing an example of an implementation form of Embodiment 1.
  • FIG. 21 is a functional block diagram of the second embodiment.
  • FIG. 22 A diagram showing an example of a service request with a warranty request in embodiment 2.
  • ⁇ 23 A diagram for explaining the processing flow of the first determination server in the second embodiment.
  • FIG. 27 is a diagram showing an example of the processing flow of the identification management server of the second embodiment.
  • FIG. 28 is a sequence diagram illustrating a specific example of the processing flow of the entire system according to the second embodiment.
  • FIG. 29 is a diagram for explaining the overall processing flow of the entire system of the second embodiment.
  • FIG. 30 is a diagram illustrating an example of an implementation mode of the second embodiment.
  • FIG. 33 is a diagram showing an example of the first service request according to the third embodiment.
  • ⁇ 34 A diagram for explaining the processing flow of the first determination server according to the third embodiment.
  • FIG. 37 is a diagram showing an example of the processing flow of the identification management server of the third embodiment.
  • FIG. 38 is a first sequence diagram illustrating a specific example of the processing flow of the entire system according to the third embodiment.
  • FIG. 40 is a diagram for explaining an overall image of the processing flow of the entire system of the third embodiment.
  • FIG. 41 is a diagram illustrating an example of an implementation mode of the third embodiment.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Telephonic Communication Services (AREA)
PCT/JP2006/306966 2005-12-28 2006-03-31 電子機器の認証についての識別管理システム Ceased WO2007077638A1 (ja)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP06730914A EP1983465A1 (en) 2005-12-28 2006-03-31 Identification managing system for authentication of electronic device
US12/159,499 US20100223381A1 (en) 2005-12-28 2006-03-31 Identification managing system for authentication of electronic device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2005-379900 2005-12-28
JP2005379900A JP4898219B2 (ja) 2005-12-28 2005-12-28 電子機器の認証についての識別管理システム

Publications (1)

Publication Number Publication Date
WO2007077638A1 true WO2007077638A1 (ja) 2007-07-12

Family

ID=38227999

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/306966 Ceased WO2007077638A1 (ja) 2005-12-28 2006-03-31 電子機器の認証についての識別管理システム

Country Status (4)

Country Link
US (1) US20100223381A1 (enExample)
EP (1) EP1983465A1 (enExample)
JP (1) JP4898219B2 (enExample)
WO (1) WO2007077638A1 (enExample)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9235863B2 (en) 2011-04-15 2016-01-12 Facebook, Inc. Display showing intersection between users of a social networking system
US9256724B2 (en) * 2011-08-30 2016-02-09 Securepush Ltd. Method and system for authorizing an action at a site
JP7017086B2 (ja) * 2018-01-31 2022-02-08 ブラザー工業株式会社 サーバシステム

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004046366A (ja) * 2002-07-09 2004-02-12 Seiko Epson Corp 利用権限設定システム、サービス提供装置、利用権限管理用サーバ、利用権限設定システム制御プログラム、サービス提供装置制御プログラム及び管理用サーバ制御プログラム
JP2004227055A (ja) 2003-01-20 2004-08-12 Mitsubishi Electric Corp サービス提供装置及び移動体通信装置及び決済システム及び決済方法及び決済プログラム
JP2004362045A (ja) * 2003-06-02 2004-12-24 Sony Corp グループ認証システム,サーバ装置,プログラム,記録媒体及びグループ認証方法。

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4887204A (en) * 1987-02-13 1989-12-12 International Business Machines Corporation System and method for accessing remote files in a distributed networking environment
US5555376A (en) * 1993-12-03 1996-09-10 Xerox Corporation Method for granting a user request having locational and contextual attributes consistent with user policies for devices having locational attributes consistent with the user request
JP2544581B2 (ja) * 1994-02-14 1996-10-16 インターナショナル・ビジネス・マシーンズ・コーポレイション 会議システム制御方法、会議装置及び会議システム
US5897635A (en) * 1995-06-07 1999-04-27 International Business Machines Corp. Single access to common user/application information
US5715453A (en) * 1996-05-31 1998-02-03 International Business Machines Corporation Web server mechanism for processing function calls for dynamic data queries in a web page
US5938721A (en) * 1996-10-24 1999-08-17 Trimble Navigation Limited Position based personal digital assistant
JPH10177552A (ja) * 1996-12-17 1998-06-30 Fuji Xerox Co Ltd 認証応答方法およびその方法を用いた認証応答装置
US6310889B1 (en) * 1998-03-12 2001-10-30 Nortel Networks Limited Method of servicing data access requests from users
CA2220578A1 (en) * 1997-11-10 1999-05-10 Northern Telecom Limited Distributed service network
US6119165A (en) * 1997-11-17 2000-09-12 Trend Micro, Inc. Controlled distribution of application programs in a computer network
US6189008B1 (en) * 1998-04-03 2001-02-13 Intertainer, Inc. Dynamic digital asset management
US6370588B2 (en) * 1998-11-09 2002-04-09 Unisys Corporation Cool ice service handler
US20040095237A1 (en) * 1999-01-09 2004-05-20 Chen Kimball C. Electronic message delivery system utilizable in the monitoring and control of remote equipment and method of same
US6438594B1 (en) * 1999-08-31 2002-08-20 Accenture Llp Delivering service to a client via a locally addressable interface
JP2001306790A (ja) * 2000-04-21 2001-11-02 Nec Corp ユーザ登録システム
US6917976B1 (en) * 2000-05-09 2005-07-12 Sun Microsystems, Inc. Message-based leasing of resources in a distributed computing environment
US6484033B2 (en) * 2000-12-04 2002-11-19 Motorola, Inc. Wireless communication system for location based schedule management and method therefor
JP2003132022A (ja) * 2001-10-22 2003-05-09 Nec Corp ユーザ認証システムおよび方法
US20050273493A1 (en) * 2004-06-04 2005-12-08 John Buford Proximity reminder system using instant messaging and presence

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004046366A (ja) * 2002-07-09 2004-02-12 Seiko Epson Corp 利用権限設定システム、サービス提供装置、利用権限管理用サーバ、利用権限設定システム制御プログラム、サービス提供装置制御プログラム及び管理用サーバ制御プログラム
JP2004227055A (ja) 2003-01-20 2004-08-12 Mitsubishi Electric Corp サービス提供装置及び移動体通信装置及び決済システム及び決済方法及び決済プログラム
JP2004362045A (ja) * 2003-06-02 2004-12-24 Sony Corp グループ認証システム,サーバ装置,プログラム,記録媒体及びグループ認証方法。

Also Published As

Publication number Publication date
US20100223381A1 (en) 2010-09-02
JP4898219B2 (ja) 2012-03-14
EP1983465A1 (en) 2008-10-22
JP2007179473A (ja) 2007-07-12

Similar Documents

Publication Publication Date Title
JP4881615B2 (ja) 電子機器の認証についての識別管理システム
Chadwick Federated identity management
KR102542880B1 (ko) 개인정보 관리 장치 및 방법
US8321918B2 (en) Apparatus and method for sharing user control enhanced digital identity
US20080105742A1 (en) Device and method of electronic voting using mobile terminal
CN112468506B (zh) 获取、下发电子证件的实现方法和装置
US12182254B2 (en) Method and system for providing an electronic credential associated with electronic identification information
EP3477891A1 (en) Methods for recording and sharing a digital identity of a user using distributed ledgers
KR20090064672A (ko) 유비쿼터스 환경에서의 아이덴티티 공유 장치 및 방법
EP4014145B1 (en) Secure information sharing systems and methods
US11128604B2 (en) Anonymous communication system and method for subscribing to said communication system
TW200842648A (en) Provisioning of digital identity representations
EP1162780B1 (en) System and method for cross directory authentication in a public key infrastructure
CN104798083A (zh) 用于验证访问请求的方法和系统
JPH0964870A (ja) ネットワークシステムとその運用処理方法および使用アクセス方法
KR101013935B1 (ko) 계약자 인증을 이용하는 계약 인증 시스템 및 그 계약 인증방법
KR100866470B1 (ko) 이동통신단말의 sms를 이용하여 계약을 인증하는 계약인증 시스템 및 그 계약 인증 방법
JP4898219B2 (ja) 電子機器の認証についての識別管理システム
WO2025173847A1 (ko) 컨텍스트 간 신원검증 및 법적 신원을 제공하는 시스템 및 방법
JP2004297333A (ja) デジタル証明書の認定システム、デジタル証明書の認定サーバ、pkiトークン、デジタル証明書の認定方法、及びプログラム
KR20240059302A (ko) 분산 id 기반 서비스의 암복호화 통신 방법 및 장치
JP4863711B2 (ja) 電子機器の認証についての識別管理システム
WO2008004750A1 (en) The preliminary verification system which has a authentication by phone on the internet environment
Hauser et al. Verification and modelling of authentication protocols
JPH10285156A (ja) 認証システムにおける利用者情報管理装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 12159499

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2986/KOLNP/2008

Country of ref document: IN

Ref document number: 2006730914

Country of ref document: EP