WO2010090252A1 - アカウント発行システム、アカウントサーバ、サービスサーバおよびアカウント発行方法 - Google Patents
アカウント発行システム、アカウントサーバ、サービスサーバおよびアカウント発行方法 Download PDFInfo
- Publication number
- WO2010090252A1 WO2010090252A1 PCT/JP2010/051591 JP2010051591W WO2010090252A1 WO 2010090252 A1 WO2010090252 A1 WO 2010090252A1 JP 2010051591 W JP2010051591 W JP 2010051591W WO 2010090252 A1 WO2010090252 A1 WO 2010090252A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- unique
- terminal
- account
- public
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Definitions
- the present invention relates to an account issuing system, an account server, a service server, and an account issuing method.
- Non-Patent Document 1 When a user receives various services provided on the Internet, a service server that provides the service often issues an account for identifying the user (see Non-Patent Document 1).
- each of multiple service servers may issue the same account to different users. For this reason, if the user can set up an account, if the account of the first user is published, the second user, who is different from the first user, deliberately assigns the same account as the other service to another service. Can be set to receive. This allows the second user to impersonate the first user using that account.
- the account and personal identification information for example, ID
- the method of publishing can be considered.
- An object of the present invention is to provide an account issuance system, an account server, a service server, an account issuance method, and the like that solve the above problems.
- An account issuing system includes a terminal used by a user, a service server that provides a service to the user via the terminal, an account server that issues an account for the service server to identify the user,
- the terminal is configured to transmit the user's joint identification information set by the user to the account server, and to send the user from the account server to a third party different from the user.
- the public ID for identification When the public ID for identification is received, the public ID is transferred to the service server, and the account server stores the unique ID for uniquely identifying the user, and also from the terminal When the identification information is received, the public ID is generated using the joint identification information and the unique ID , And transmits the public ID to the terminal, the service server, the case of receiving a public ID, sets disclosable to the public ID to the outside from the terminal.
- An account server is an account server for issuing an account for identifying a user by a service server that provides a service to the user who uses the terminal via the terminal, in order to uniquely identify the user.
- a storage unit that stores the unique ID
- a reception unit that receives the user's joint identification information set by the user from the terminal, a joint identification information received by the reception unit, and the storage unit
- An ID generation unit that generates a public ID for identifying a third party different from the user by using a unique ID, and transmits the public ID to the terminal.
- a service server is a service server that provides a service to the user via a terminal used by the user, and a public ID for identifying the user from the terminal by a third party different from the user;
- a user registration receiving unit for receiving a unique ID for identifying the user by the service server;
- an ID storage unit for storing the public ID received by the user registration receiving unit; and
- a user temporary registration notifying unit that adds the unique ID to the user temporary registration notification indicating that the user has been temporarily registered and transmits the data with the unique ID to the communication device that can be transferred to the terminal.
- the public ID stored in the ID storage unit can be disclosed to the outside when a confirmation notification that the user temporary registration notification has been confirmed is received from the terminal. It has a user registration unit that sets a status, a.
- An account issuing method includes: a terminal used by a user; a service server that provides a service to the user via the terminal; and an account server that issues an account for identifying the user by the service server. And an account issuing method by an account issuing system in which the account server stores a unique ID for uniquely identifying the user, wherein the terminal is joint user identification information set by the user And when the account server receives the joint identification information from the terminal, the third party is different from the user by using the joint identification information and the unique ID.
- Generating a public ID for identification, and transmitting the public ID to the terminal When the public ID is received from the account server, the public ID is sent to the service server, and when the service server receives the public ID from the terminal, the public ID can be disclosed to the outside. Processing to set.
- a first program uniquely identifies a user to an account server that issues an account for identifying the user by a service server that provides a service to the user who uses the terminal via the terminal.
- the procedure for storing the unique ID the procedure for receiving the user's joint identification information set by the user from the terminal, the received joint identification information, and the stored unique ID
- a second program provides a service server that provides a service to the user via a terminal used by the user, a public ID for identifying the user from the terminal by a third party different from the user,
- the self-service server receives the unique ID for identifying the user, the procedure for storing the received public ID, and the temporary registration of the user is performed when the unique ID is received.
- a procedure for attaching the unique ID to the user temporary registration notification to the effect and transmitting the data with the unique ID to the communication device that can be transferred to the terminal, and confirming that the user temporary registration notification has been confirmed from the terminal When the notification is received, the stored public ID is set to a state that can be disclosed to the outside.
- the owner of the account in the service server can be disclosed to the outside without disclosing personal information.
- the account issuing system includes a user terminal 1 (hereinafter simply referred to as “terminal 1”), a service server 2, an account server 3, and a user contact device 4 (hereinafter simply referred to as “contact device 4”). And).
- the terminal 1, the service server 2, the account server 3, and the contact device 4 can be connected to each other via a communication network NW such as the Internet.
- Terminal 1 is used by the user. Further, the terminal 1 has a function of using a service provided by the service server 2 and a function of transmitting and receiving an electronic mail.
- the terminal 1 is, for example, a PC (Personal Computer) or a mobile phone.
- the service server 2 provides a service to the user of the terminal 1 via the communication network NW and the terminal 1.
- the service server is, for example, a web server that stores a service site on the Internet.
- the account server 3 issues an account of the service server 2 to the user of the terminal 1.
- the account is used for identifying the user when the service server 2 provides a service to the user.
- the communication device 4 can transfer data from the service server 2 and the account server 3 to the terminal 1.
- the contact device 4 is, for example, an e-mail server that transfers an e-mail to a destination of the e-mail.
- the terminal 1, the service server 2, the account server 3, and the communication device 4 perform the following processing in cooperation.
- the terminal 1 stores the user ID previously given to the user by the account server 3. Further, the account server 3 stores the user ID and the unique ID previously assigned to the user by the account server 3 in association with each other.
- the user ID is identification information used to identify the user when the account server 3 authenticates the user. In this embodiment, it is assumed that the user ID is “test0001”.
- the unique ID is unique identification information for the account server 3 to uniquely identify the user. That is, the unique ID is information with high personality that is given only one per user so as not to overlap among a plurality of users. Note that the unique ID is hidden from the service server 2 in order to protect the privacy of the user.
- the unique ID is an electronic mail address (test0001@mailserver_domain.jp) that designates the terminal 1 as a destination.
- the account server 3 transmits the unique ID to the communication device 4.
- the communication device 4 receives the unique ID from the account server 3 and stores the unique ID.
- the contact device 4 receives an e-mail from the service server 2 or the account server 3 to which the unique ID stored in itself is attached as a destination, the contact device 4 transfers the e-mail to the terminal 1.
- the terminal 1 requests the account server 3 to issue a unique ID or a public ID.
- the unique ID is identification information for the service server 2 to uniquely identify the user.
- the public ID is identification information for identifying a user by a third party different from the user, and is disclosed so that the third party can identify the user.
- the terminal 1 when requesting issuance of a unique ID or a public ID, the terminal 1 first transmits an authentication request for requesting user authentication and a user ID to the account server 3.
- the account server 3 compares the user ID with the user ID stored in itself. If the user IDs match each other, the account server 3 transmits authentication success information indicating successful authentication and screen information indicating the user screen to the terminal 1.
- the user screen is a screen that prompts the user to perform user registration, for example, as illustrated in FIG.
- the terminal 1 displays the user screen indicated by the screen information. Then, the user selects or inputs a service ID and a persona ID with reference to the user screen.
- the terminal 1 receives a service ID and a persona ID from the user, and transmits an ID request for requesting the issuance of a unique ID and a public ID to the account server 3 together with the service ID and the persona ID.
- Persona ID is the user's own solid identification information set by the user.
- the persona ID is used so that each of the service servers 2 allows the user to disclose the same public ID even when the account issuing system has a plurality of service servers 2. In the present embodiment, it is assumed that the persona ID is “test0001-p1”.
- the service ID is identification information for uniquely identifying the service server 2 (for example, URL (Uniform Resource Locator)).
- the service ID is “http://servicesite_url.jp”, which is the URL of the service server 2.
- the account server 3 When the account server 3 receives the ID request, the service ID, and the persona ID, the account server 3 generates a unique ID and a public ID using the service ID and the persona ID. More specifically, the account server 3 generates a unique ID using the service ID and the stored unique ID, and generates a public ID using the persona ID and the stored unique ID. .
- the account server 3 further stores the unique ID and the public ID in association with the association between the user ID and the unique ID stored therein.
- the account server 3 generates a user registration e-mail address (hereinafter simply referred to as “registration address”) based on the unique ID and the public ID.
- the account server 3 further stores a registration address in association with the user ID, the unique ID, the unique ID, and the public ID and stores it as user information.
- the user information is, for example, as shown in FIG.
- the registration address is alias contact information that is defined by an alias different from the unique ID and specifies the terminal 1 as a destination.
- the account server 3 includes information including a part of the service ID of the service server 2 (servicesite_url.jp), a unique ID (59271022109), and a public ID (PuIzDzNbYrelqEcVMX). To generate a registration address.
- the account server 3 transmits the generated unique ID, public ID, and registration address to the terminal 1 and transmits the registration address and the unique ID to the communication device 4.
- the account server 3 may transmit only the registration address to the terminal 1 because the registration address includes the unique ID and the public ID.
- the account server 3 may directly transmit the unique ID, the public ID, and the registration address to the terminal 1 or indirectly through another device such as the communication device 4.
- the account server 3 designates an e-mail as shown in FIG. 4 with the unique ID of the terminal 1 as the destination in order to transmit the unique ID, the public ID, and the registration address to the terminal 1.
- the communication device 4 receives the email from the account server 3 and transfers the email to the terminal 1.
- the contact device 4 When the contact device 4 receives the registration address and the unique ID from the account server 3, the contact device 4 stores the registration address and the unique ID in association with each other as mail address setting information as shown in FIG. As a result, when the communication device 4 receives an e-mail addressed to the registration address, the communication device 4 can transfer the e-mail to the terminal 1.
- the terminal 1 Upon receiving the registration address from the account server 3, the terminal 1 transmits the registration address and a registration request for performing user registration to the service server 2.
- the terminal 1 displays a user registration screen for performing user registration with the service server 2 as shown in FIG. 6, and transmits the registration address entered by the user referring to the user registration screen. May be.
- the terminal 1 transmits user public information about the user to the service server 2 together with the registration address.
- the user public information is information that can be disclosed (for example, a user name or the like), and does not include personal information that should be kept secret from a third party.
- the service server 2 determines whether the unique ID and the public ID included in the registration address are valid IDs that have not been falsified.
- the service server 2 analyzes the domain in the registration address, and determines whether or not the domain matches the domain (mailserver_domain.jp) to which the valid contact device 4 belongs. If the domains match each other, the service server 2 determines that the registered address is an e-mail address issued from the valid contact device 4, and the unique ID and public ID included in the registration address are determined. It is determined that the ID is valid.
- the service server 2 When it is determined that the unique ID and the public ID are valid IDs, the service server 2 stores the unique ID and the public ID included in the registration address in association with each other. Then, the service server 2 sends a registration address as a destination to the user temporary registration notification indicating that the user temporary registration has been performed, and transmits it to the communication device 4. When receiving the user temporary registration notification from the service server 2, the communication device 4 transfers the user temporary registration notification to the terminal 1 specified by the unique ID stored therein.
- the user temporary registration notification may include a login ID and a password used when receiving service provision from the service server 2. Further, the user temporary registration notification may include a URL serving as a connection destination of the terminal for notifying the service server 2 of a confirmation notification that the user has confirmed the user temporary registration notification.
- the service server 2 When the service server 2 receives the confirmation notification from the terminal 1, it performs user registration. In the user registration, the service server 2 sets the public ID and the user public information of the user to which the public ID is assigned in a state that can be disclosed to the outside. Further, when user registration is performed, the service server 2 can provide a service to the user.
- FIG. 8 is a block diagram showing a configuration of the terminal 1.
- the terminal 1 includes an ID request unit 1A, a data reception unit 1B, a storage unit 1C, a user registration request unit 1D, a user temporary registration notification reception unit 1E, and a confirmation notification transmission unit 1F.
- the ID request unit 1A requests the account server 3 to issue an ID (unique ID or public ID). More specifically, the ID request unit 1 ⁇ / b> A transmits an authentication request for requesting user authentication and a user ID to the account server 3.
- the ID request unit 1A receives the authentication success information and the screen information from the account server 3.
- the ID request unit 1A receives the service ID and persona ID selected by the user referring to the user screen indicated by the screen information.
- the ID request unit 1 ⁇ / b> A transmits the received service ID and persona ID and the ID request to the account server 3.
- the ID request is information indicating a request for issuing a public ID, a unique ID, and a registration address.
- the data receiving unit 1B transmits and receives various data of the service server 2, the account server 3, and the communication device 4.
- the data receiving unit 1B receives the e-mail shown in FIG. 4 that is transferred from the communication device 4 and has the account server 3 as a transmission source.
- the data receiving unit 1B writes the registration address included in the electronic mail in the storage unit 1C.
- the storage unit 1C stores various data. For example, the storage unit 1C stores the persona ID received from the user by the ID request unit 1A. The storage unit 1C stores a unique ID assigned to the user by the account server 3.
- the storage unit 1C stores the unique ID and the persona ID as shown in FIG.
- the storage unit 1C stores the registration address included in the electronic mail received by the data receiving unit 1B.
- the storage unit 1 ⁇ / b> C is in a state in which a registration address is further stored in addition to the unique ID and the persona ID.
- the user registration request unit 1D requests the service server 2 for user registration. More specifically, the user registration request unit 1D reads the registration address from the storage unit 1C, and transmits the registration address and the user registration request to the service server 2. In the present embodiment, the user registration request unit 1D transmits the same registration address as the registration address selected by the user with reference to the user registration screen.
- the user registration request unit 1D transmits user disclosure information that can be disclosed regarding the user of the terminal 1 together with the registration address to the service server 2.
- the user temporary registration notification receiving unit 1E receives the user temporary registration notification transmitted from the communication device 4 and having the service server 2 as a transmission source.
- the confirmation notification transmitting unit 1F transmits to the service server 2 a confirmation notification that the user has confirmed the user temporary registration notification received by the user temporary registration notification receiving unit 1E.
- FIG. 11 is a block diagram showing the configuration of the service server 2.
- the service server 2 includes a user registration receiving unit 2A, an ID analysis unit 2B, an ID storage unit 2C, and a user temporary registration notification unit 2D (hereinafter simply referred to as “temporary notification unit 2D”). , A confirmation notification receiving unit 2E and a user registration unit 2F.
- the user registration receiving unit 2A When receiving the user registration address, the user public information, and the user registration request from the terminal 1, the user registration receiving unit 2A associates the user registration address and the user public information and writes them in the ID storage unit 2C.
- the ID analysis unit 2B determines whether the unique ID and the public ID included in the registration address received by the user registration receiving unit 2A are valid IDs that have not been tampered with.
- the ID analysis unit 2B analyzes the domain in the registration address and determines whether or not the registration address is issued from the valid contact device 4.
- the ID analysis unit 2B determines that the registration address has been issued by the valid contact device 4. In this case, the ID analysis unit 2B determines that the unique ID and the public ID in the registration address are valid IDs, and extracts the unique ID and the public ID from the registration address.
- the ID analysis unit 2B writes the unique ID and the public ID in the ID storage unit 2C in association with the user registration address and the user public information, and notifies the provisional notification unit 2D of the writing.
- the ID analysis unit 2B may notify the terminal 1 that the user registration request is rejected.
- the ID analysis unit 2B When the ID analysis unit 2B notifies that it has been written, it generates an association between the login ID and the password, and associates the login ID and password with the user public information, the registration address, the unique ID, and the public ID. Is written in the ID storage unit 2C.
- the temporary notification unit 2D when notified from the ID analysis unit 2B that the data has been written, designates a user temporary registration notification indicating that the user temporary registration has been performed, designates the registration address of the terminal 1 as a destination, and the communication device 4 Send to.
- the user temporary registration notification is information used to receive a service provision from the service server 2 and information indicating a login ID and password, and for the user to notify a confirmation notification. And a URL to which the terminal is connected.
- the confirmation notification receiving unit 2E receives the confirmation notification from the terminal 1, and notifies the user registration unit 2F to that effect.
- the user registration unit 2F performs user registration when the confirmation notification receiving unit 2E is notified that the confirmation notification has been received.
- the user registration unit 2F sets the public ID and the user public information associated with the public ID in a state that can be disclosed to the outside. Then, the user registration unit 2F sets the service server 2 in a state where the service can be provided to the user.
- the user registration unit 2F transmits to the terminal 1 information indicating a user registration completion notification screen indicating that the user registration is completed.
- the user registration completion notification screen is, for example, a screen as shown in FIG.
- the user registration unit 2F compares the login ID and password pair received from the terminal 1 with the login ID and password pair associated with each other in the ID storage unit 2C.
- the user registration unit 2F displays the user public information and the public ID related to the user of the terminal 1, as shown in FIG.
- FIG. 14 is a block diagram showing the configuration of the account server 3.
- the account server 3 includes an ID generation request accepting unit 3A, an ID generating unit 3B, a storage unit 3C, an ID notification unit 3D, a registered address generating unit 3E, and a user information transmitting unit 3F.
- the ID generation request receiving unit 3A receives an authentication request and a user ID from the terminal 1.
- the ID generation request reception unit 3A compares the user ID received from the terminal 1 with the user ID in the user information UJ stored in the storage unit 3C.
- the ID generation request receiving unit 3A transmits authentication success information and screen information indicating the user screen to the terminal 1. Thereafter, when receiving the persona ID, service ID, and ID request from the terminal 1, the ID generation request receiving unit 3A outputs the persona ID and service ID to the ID generation unit 3B.
- the ID generating unit 3B Upon receiving the persona ID and the service ID from the ID generation request accepting unit 3A, the ID generating unit 3B generates a unique ID using the service ID and the unique ID in the storage unit 3C, and stores the unique ID in the storage unit Write to 3C.
- the ID generation unit 3B applies a unique ID by applying a predetermined hash function to data including a unique ID and a service ID (for example, data combined with a unique ID and a service ID). Generate.
- the ID generation unit 3B generates a public ID using the persona ID received from the ID generation request reception unit 3A and the unique ID in the storage unit 1C, and writes the public ID in the storage unit 3C.
- the ID generation unit 3B generates a public ID by applying a predetermined hash function to data including a persona ID and a unique ID.
- the ID generation unit 3B sets the unique ID and the public ID to the service server 2 so that the unique ID and the public ID can be decrypted using the decryption key. You may encrypt using the encryption key corresponding to a decryption key.
- the ID generation unit 3B may encrypt data obtained by further combining a unique ID with a unique ID and a service ID, and a random number or the like.
- the ID generation unit 3B further has a function of generating a user ID and a unique ID.
- the unique ID generated by the ID generation unit 3B is transmitted to the communication device 4 by the user information transmission unit 3F.
- the storage unit 3 ⁇ / b> C includes the unique ID given to the user of the terminal 1, the user ID, the unique ID, the public ID, the persona ID, the service ID, and the registration address. Store in association with each other.
- the storage unit 3C may store a user ID and data such as a password for identifying the user, data such as an electronic certificate and personal information in association with each other.
- the user ID may be the same as the unique ID.
- the ID notification unit 3D notifies the terminal 1 of the unique ID and the public ID generated by the ID generation unit 3B. At this time, the ID notification unit 3D combines the unique ID and the public ID, encrypts the unique ID and the public ID, and generates an electronic signature for indicating the validity of the unique ID and the public ID. Or may be added.
- the ID notification unit 3D transmits an e-mail in which a registration address, a unique ID, and a public ID as illustrated in FIG. 4 are described to the communication device 4 by specifying the unique ID of the terminal 1. .
- the registration address generation unit 3E generates a registration address based on the service ID received from the terminal 1 by the ID generation request reception unit 3A and the unique ID in the storage unit 3C, and the registration address is stored in the storage unit. Write to 3C.
- the user information transmission unit 3F transmits the registration address and the unique ID generated by the registration address generation unit 3E to the communication device 4.
- FIG. 15 is a block diagram showing the configuration of the communication device 4.
- the communication device 4 includes a user information receiving unit 4A, a storage unit 4B, a temporary registration notification receiving unit 4C, and a temporary registration notification transmitting unit 4D.
- the user information receiving unit 4A receives the unique ID and the registration address from the account server 3.
- the user information receiving unit 4A stores the unique ID received from the account server 3 and the registration address in the storage unit 4B in association with each other.
- the storage unit 4B stores the registration address and the unique ID in association with each other as in the mail address setting information shown in FIG.
- the temporary registration notification receiving unit 4C receives from the service server 2 a user temporary registration notification to which the registration address of the terminal 1 is attached as a destination.
- the temporary registration notification transmission unit 4D transmits the user temporary registration notification received by the temporary registration notification reception unit 4C by specifying the unique ID stored in the storage unit 4B in association with the registration address of the terminal 1 as a destination. To do.
- FIG. 16 is a sequence diagram for explaining an operation in which the account issuing system sets user public information to be publicly available.
- step 501 the account server 3 performs user authentication using the user ID received together with the authentication request from the terminal 1.
- the case where authentication is successful will be considered.
- step 502 the terminal 1 transmits the persona ID and the service ID to the account server 3.
- step 503 the account server 3 receives the persona ID and the service ID from the terminal 1, and generates a unique ID using the service ID and the unique ID stored in itself.
- the account server 3 writes the generated unique ID in the storage unit 3C.
- step 504 the account server 3 generates a public ID.
- step 505 the account server 3 transmits the user registration address and the unique ID to the communication device 4.
- step 506 when receiving the registration address and the unique ID, the communication device 4 stores the registration address and the unique ID in association with each other.
- step 507 the account server 3 transmits the unique ID and public ID generated in steps 503 and S 504 and the registration address to the terminal 1.
- the account server 3 designates the e-mail in which the unique ID, the public ID, and the registration address are described as the unique ID of the terminal 1 and the terminal via the contact device 4. 1 to send.
- the terminal 1 receives an e-mail in which the unique ID, the public ID, and the registration address that are transmitted from the account server 3 are described from the communication device 4.
- step 508 the terminal 1 transmits to the service server 2 the registration address and user public information input by the user referring to the user registration screen.
- step 509 the service server 2 determines whether the unique ID and the public ID included in the registration address from the terminal 1 are valid IDs.
- the service server 2 extracts the unique ID and public ID from the registration address.
- the service server 2 performs temporary registration of the user by storing the unique ID and the public ID, the user public information, and the registration address in association with each other. Further, in the temporary registration of the user, the service server 2 generates an association between the login ID and the password, and stores the association with the unique ID, the public ID, the registration address, and the user public information.
- the service server 2 may specify the identity of the user of the terminal 1 using the unique ID. If the extracted unique ID and public ID are stored in association with each other, the service server 2 may notify the terminal 1 that the user registration request is rejected.
- the service server 2 transmits a user temporary registration notification to the communication device 4 with the registration address received from the terminal 1 as a destination.
- the user temporary registration notification may include a login ID and a password together with the fact that the user has been temporarily registered.
- step 512 the communication device 4 designates the registration address and the user temporary registration notification transmitted from the service server 2 is stored in association with the registration address. Is transferred to the terminal 1 by designating as a destination.
- step 513 the terminal 1 receives the user temporary registration notification from the communication device 4.
- step 514 the terminal 1 transmits a confirmation notification indicating that the user temporary registration notification has been confirmed to the service server 2.
- the service server 2 receives the confirmation notification transmitted from the terminal 1.
- the service server 2 executes user registration.
- the service server 2 sets the public ID and the public user information provided with the public ID in a state that can be disclosed to the outside, and the service server 2 provides a service to the user. Set to the status.
- the service server 2 transmits to the terminal 1 information indicating a user registration completion notification screen indicating that the user registration is completed. Thereafter, when the login ID and password included in the user temporary registration notification are transmitted from the terminal 1, the service server 2 stores the association between the login ID and the password transmitted from the terminal 1 and the service server 2 itself. Compare the corresponding login ID and password. If the two match, the service server 2 displays the user public information and public ID regarding the user of the terminal 1 as shown in FIG.
- a public ID is generated using a unique ID given in advance to a specific user and a persona ID arbitrarily set by the user. Therefore, the same public ID is issued between different servers for the same persona ID used by the same user.
- a third party can identify a user. That is, the service server 2 can identify the user, and a third party can grasp that the owners of the same public ID published by each of the plurality of service servers are the same person. Further, the persona ID and unique ID may not be disclosed. Therefore, the owner of the account in the service server can be disclosed outside without disclosing personal information.
- the service can be made available after a temporary registration notification is transmitted to the user when the unique ID is used and a confirmation notification is received.
- the temporary registration notification when the temporary registration notification is transmitted, the temporary registration notification is automatically transmitted from the service server 2 to the communication device 3.
- the account server 3 may have the function of the communication device 4.
- the account server 3 may be configured so that the account server 3 includes each component (such as the user information receiving unit 4 ⁇ / b> A) of the communication device 4.
Abstract
Description
続いて、ステップ511にて、サービスサーバ2は、ユーザの仮登録を行った場合、ユーザ仮登録通知を、端末1から受信した登録用アドレスを宛先に指定して連絡装置4に送信する。なお、ユーザ仮登録通知は、ユーザの仮登録を行った旨とともに、ログインIDおよびパスワードを含んでいてもよい。
Claims (18)
- ユーザが使用する端末と、該端末を介して前記ユーザにサービスを提供するサービスサーバと、前記サービスサーバが前記ユーザを識別するためのアカウントを発行するアカウントサーバと、を有するアカウント発行システムであって、
前記端末は、前記ユーザにて設定された該ユーザの連帯識別情報を前記アカウントサーバに送信し、また、前記アカウントサーバから前記ユーザを該ユーザと異なる第三者が識別するための公開IDを受信した場合、該公開IDを前記サービスサーバに転送し、
前記アカウントサーバは、前記ユーザを一意に識別するための一意IDを記憶し、また、前記端末から前記連帯識別情報を受信した場合、該連帯識別情報と前記一意IDとを用いて前記公開IDを生成し、該公開IDを前記端末に送信し、
前記サービスサーバは、前記端末から前記公開IDを受信した場合、該公開IDを外部に公開可能に設定する、アカウント発行システム。 - 請求項1に記載のアカウント発行システムにおいて、
前記アカウントサーバは、前記連帯識別情報および前記一意IDを含むデータに対して所定のハッシュ関数を適用して、前記公開IDを生成する、アカウント発行システム。 - 請求項1または2に記載のアカウント発行システムにおいて、
前記アカウントサーバ、前記サービスサーバおよび前記端末に接続可能な連絡装置をさらに有し、
前記一意IDは、前記端末を宛先として指定し、
前記アカウントサーバは、前記端末から前記連帯識別情報とともに前記サービスサーバを識別するためのサービスIDを受信した場合、該サービスIDおよび前記一意IDを用いて、前記サービスサーバが前記ユーザを識別するための固有IDを生成し、該固有IDを前記公開IDとともに前記端末に送信し、該固有IDおよび前記一意IDを前記連絡装置に送信し、
前記端末は、前記連帯識別情報とともに前記サービスIDを前記アカウントサーバへ送信し、また、前記アカウントサーバから前記固有IDおよび前記公開IDを受信した場合、該固有IDおよび該公開IDを前記サービスサーバに転送し、前記連絡装置から前記ユーザの仮登録を行った旨のユーザ仮登録通知を受信した場合、該ユーザ仮登録通知を確認した旨の確認通知を前記サービスサーバへ送信し、
前記サービスサーバは、前記端末から前記公開IDおよび前記固有IDを受信した場合、前記ユーザ仮登録通知に前記固有IDを付けて前記連絡装置に送信し、前記端末から前記確認通知を受信した場合、前記公開IDを外部に公開可能に設定し、
前記連絡装置は、前記アカウントサーバから前記固有IDおよび前記一意IDを受信した場合、該固有IDおよび該一意IDを対応付けて記憶し、前記サービスサーバから前記ユーザ仮登録通知を受信した場合、該ユーザ仮登録通知を、該ユーザ仮登録通知に付けられた固有IDに対応する一意IDにて指定される端末に転送する、アカウント発行システム。 - 請求項3に記載のアカウント発行システムにおいて、
前記アカウントサーバは、前記一意IDおよび前記サービスIDを含むデータに対して所定のハッシュ関数を適用して、前記固有IDを生成する、アカウント発行システム。 - 端末を使用するユーザに該端末を介してサービスを提供するサービスサーバが該ユーザを識別するためのアカウントを発行するアカウントサーバであって、
前記ユーザを一意に識別するための一意IDを記憶する記憶部と、
前記端末から前記ユーザにて設定された該ユーザの連帯識別情報を受信する受付部と、
前記受付部が受け付けた連帯識別情報と、前記記憶部が記憶した一意IDとを用いて、前記ユーザを該ユーザと異なる第三者が識別するための公開IDを生成し、該公開IDを前記端末に送信するID生成部と、を有するアカウントサーバ。 - 請求項5に記載のアカウントサーバにおいて、
前記ID生成部は、前記連帯識別情報および前記一意IDを含むデータに対して所定のハッシュ関数を適用して、前記公開IDを生成する、アカウントサーバ。 - 請求項5または6に記載のアカウントサーバにおいて、
前記一意IDは、前記端末を宛先として指定し、
前記受付部は、前記連帯識別情報とともに、前記サービスサーバを識別するためのサービスIDを受信し、
前記ID生成部は、前記受付部が受け付けたサービスIDと、前記記憶部が記憶した一意IDとを用いて、前記サービスサーバが前記ユーザを識別するための固有IDを生成し、
前記ID生成部が生成した固有IDと、前記記憶部が記憶した一意IDとを、該一意IDにて指定される端末に該固有IDが付けられたデータを転送可能な連絡装置に送信するユーザ情報送信部を有するアカウントサーバ。 - 請求項7に記載のアカウントサーバにおいて、
前記ID生成部は、前記一意IDおよび前記サービスIDを含むデータに対して所定のハッシュ関数を適用して、前記固有IDを生成する、アカウントサーバ。 - ユーザが使用する端末を介して前記ユーザにサービスを提供するサービスサーバであって、
前記端末から、前記ユーザを該ユーザと異なる第三者が識別するための公開IDと、自サービスサーバが前記ユーザを識別するための固有IDとを受信するユーザ登録受付部と、
前記ユーザ登録受付部が受信した公開IDを記憶するID記憶部と、
前記ユーザ登録受付部が固有IDを受信すると、前記ユーザの仮登録を行った旨のユーザ仮登録通知に該固有IDを付けて、前記固有IDが付いたデータを前記端末に転送可能な連絡装置に送信するユーザ仮登録通知部と、
前記端末から前記ユーザ仮登録通知を確認した旨の確認通知を受信した場合、前記ID記憶部に記憶されている前記公開IDを外部に公開可能な状態に設定するユーザ登録部と、を有するサービスサーバ。 - ユーザが使用する端末と、該端末を介して前記ユーザにサービスを提供するサービスサーバと、前記サービスサーバが前記ユーザを識別するためのアカウントを発行するアカウントサーバとを有し、前記アカウントサーバが、前記ユーザを一意に識別するための一意IDを記憶するアカウント発行システムによるアカウント発行方法であって、
前記端末が、前記ユーザにて設定された該ユーザの連帯識別情報を前記アカウントサーバに送信する処理と、
前記アカウントサーバが、前記端末から前記連帯識別情報を受信した場合、該連帯識別情報と前記一意IDとを用いて、前記ユーザを該ユーザと異なる第三者が識別するための公開IDを生成し、該公開IDを前記端末に送信する処理と、
前記端末が、前記アカウントサーバから前記公開IDを受信した場合、該公開IDを前記サービスサーバに送信する処理と、
前記サービスサーバが、前記端末から前記公開IDを受信した場合、該公開IDを外部に公開可能に設定する処理と、を有するアカウント発行方法。 - 請求項10に記載のアカウント発行方法において、
前記アカウントサーバは、前記連帯識別情報および前記一意IDを含むデータに対して所定のハッシュ関数を適用して、前記公開IDを生成する、アカウント発行方法。 - 請求項10または11に記載のアカウント発行方法において、
前記アカウント発行システムは、前記アカウントサーバ、前記サービスサーバおよび前記端末に接続可能な連絡装置をさらに有し、
前記一意IDは、前記端末を宛先として指定し、
前記端末が、前記連帯識別情報とともに前記サービスサーバを識別するためのサービスIDを前記アカウントサーバへ送信する処理と、
前記アカウントサーバが、前記端末から前記連帯識別情報とともに前記サービスIDを受信し、該連帯識別情報と前記記憶している一意IDとを用いて、前記サービスサーバが前記ユーザを識別するための固有IDを生成する処理と、
前記アカウントサーバが、前記固有IDおよび前記一意IDを前記連絡装置に送信する処理と、
前記アカウントサーバが、前記固有IDを前記公開IDとともに前記端末に送信する処理と、
前記連絡装置が、前記アカウントサーバから前記固有IDおよび前記一意IDを受信し、該固有IDおよび該一意IDを対応付けて記憶する処理と、
前記端末が、前記アカウントサーバから前記固有IDおよび前記公開IDを受信し、該固有IDおよび公開IDを前記サービスサーバへ転送する処理と、
前記サービスサーバが、前記端末から前記公開IDおよび前記固有IDを受信する処理と、
前記サービスサーバが、前記ユーザの仮登録を行った旨のユーザ仮登録通知に前記固有IDを付けて前記連絡装置に送信する処理と、
前記連絡装置が、前記サービスサーバから前記ユーザ仮登録通知を受信した場合、該ユーザ仮登録通知に付けられた固有IDに対応する一意IDにて指定される端末に転送する処理と、
前記端末が、前記連絡装置から前記ユーザ仮登録通知を受信した場合、該ユーザ仮登録通知を確認した旨の確認通知を前記サービスサーバに送信する処理と、
前記サービスサーバが、前記端末から前記確認通知を受信した場合、前記記憶している前記公開IDを外部に公開可能な状態に設定する処理と、を有するアカウント発行方法。 - 請求項12に記載のアカウント発行方法において、
前記アカウントサーバは、前記一意IDおよび前記サービスIDに対して所定のハッシュ関数を適用して、前記固有IDを生成する、アカウント発行方法。 - 端末を使用するユーザに該端末を介してサービスを提供するサービスサーバが該ユーザを識別するためのアカウントを発行するアカウントサーバに、
前記ユーザを一意に識別するための一意IDを記憶する手順と、
前記端末から前記ユーザにて設定された該ユーザの連帯識別情報を受信する手順と、
前記受け付けられた連帯識別情報と、前記記憶された一意IDとを用いて、前記ユーザを該ユーザと異なる第三者が識別するための公開IDを生成する手順と、
前記生成された公開IDを前記端末に送信する手順と、を実行させるプログラム。 - 請求項14に記載のプログラムにおいて、
前記生成する手順では、前記連帯識別情報および前記一意IDを含むデータに対して所定のハッシュ関数を適用して、前記公開IDを生成する、プログラム。 - 請求項14または15に記載のプログラムにおいて、
前記連帯識別情報とともに、前記サービスサーバを識別するためのサービスIDを受信する手順と、
前記受け付けられたサービスIDと、前記記憶された一意IDとを用いて、前記サービスサーバが前記ユーザを識別するための固有IDを生成する手順と、
前記生成された固有IDと、前記記憶された一意IDとを、該一意IDにて指定される端末に該固有IDが付けられたデータを転送可能な連絡装置に送信する手順と、を前記アカウントサーバに実行させるプログラム。 - 請求項16に記載のプログラムにおいて、
前記固有IDを生成する手順では、前記一意IDおよび前記サービスIDを含む情報に対して所定のハッシュ関数を適用して、前記固有IDを生成する、プログラム。 - ユーザが使用する端末を介して前記ユーザにサービスを提供するサービスサーバに、
前記端末から、前記ユーザを該ユーザと異なる第三者が識別するための公開IDと、自サービスサーバが前記ユーザを識別するための固有IDとを受信する手順と、
前記受信された公開IDを記憶する手順と、
前記固有IDが受信されると、前記ユーザの仮登録を行った旨のユーザ仮登録通知に該固有IDを付けて、前記固有IDが付いたデータを前記端末に転送可能な連絡装置に送信する手順と、
前記端末から前記ユーザ仮登録通知を確認した旨の確認通知を受信した場合、前記記憶されている前記公開IDを外部に公開可能な状態に設定する手順と、を実行させるプログラム。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/147,974 US20110307939A1 (en) | 2009-02-09 | 2010-02-04 | Account issuance system, account server, service server, and account issuance method |
JP2010549504A JP5495194B2 (ja) | 2009-02-09 | 2010-02-04 | アカウント発行システム、アカウントサーバ、サービスサーバおよびアカウント発行方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009-027270 | 2009-02-09 | ||
JP2009027270 | 2009-02-09 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010090252A1 true WO2010090252A1 (ja) | 2010-08-12 |
Family
ID=42542144
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/051591 WO2010090252A1 (ja) | 2009-02-09 | 2010-02-04 | アカウント発行システム、アカウントサーバ、サービスサーバおよびアカウント発行方法 |
Country Status (3)
Country | Link |
---|---|
US (1) | US20110307939A1 (ja) |
JP (1) | JP5495194B2 (ja) |
WO (1) | WO2010090252A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012053527A (ja) * | 2010-08-31 | 2012-03-15 | Nec Corp | リモートアクセスシステム、サーバコンピュータ、リモートアクセス方法およびプログラム |
WO2015049948A1 (ja) * | 2013-10-01 | 2015-04-09 | 手島太郎 | 情報処理装置およびアクセス権限付与方法 |
JP6319675B1 (ja) * | 2017-08-03 | 2018-05-09 | 晴喜 菅原 | 情報処理システム |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103874047B (zh) * | 2012-12-17 | 2017-08-04 | 华为终端有限公司 | 服务信息发现方法及设备 |
US9154934B2 (en) | 2013-03-28 | 2015-10-06 | Futurewei Technologies, Inc. | System and method for pre-association discovery |
KR102436509B1 (ko) * | 2015-12-07 | 2022-08-25 | 삼성전자주식회사 | 임시 계정 정보를 제공하는 방법, 장치 및 시스템 |
US20220217136A1 (en) * | 2021-01-04 | 2022-07-07 | Bank Of America Corporation | Identity verification through multisystem cooperation |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003338849A (ja) * | 2002-05-22 | 2003-11-28 | Nec Corp | 電子メール転送システム及び転送方法 |
JP2006215590A (ja) * | 2003-09-19 | 2006-08-17 | Hikari Hiyo | 着信者主導による通信方法及び通信システム |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6760752B1 (en) * | 1999-06-28 | 2004-07-06 | Zix Corporation | Secure transmission system |
US20030014631A1 (en) * | 2001-07-16 | 2003-01-16 | Steven Sprague | Method and system for user and group authentication with pseudo-anonymity over a public network |
JP4390571B2 (ja) * | 2004-01-27 | 2009-12-24 | 富士通株式会社 | 位置情報処理方法及び装置 |
JP4633458B2 (ja) * | 2004-12-28 | 2011-02-16 | 株式会社インプレスホールディングス | ネットワーク上のid管理システム |
US8364711B2 (en) * | 2006-05-09 | 2013-01-29 | John Wilkins | Contact management system and method |
JP4812508B2 (ja) * | 2006-05-12 | 2011-11-09 | 富士通株式会社 | プレゼンス情報を取り扱うシステム |
JP4714641B2 (ja) * | 2006-06-08 | 2011-06-29 | エヌ・ティ・ティ・ソフトウェア株式会社 | メールアドレス管理装置 |
CN101627407B (zh) * | 2007-03-07 | 2013-08-21 | 日本电气株式会社 | 可达性实现服务器、管理系统、管理方法和实现程序 |
-
2010
- 2010-02-04 WO PCT/JP2010/051591 patent/WO2010090252A1/ja active Application Filing
- 2010-02-04 US US13/147,974 patent/US20110307939A1/en not_active Abandoned
- 2010-02-04 JP JP2010549504A patent/JP5495194B2/ja not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003338849A (ja) * | 2002-05-22 | 2003-11-28 | Nec Corp | 電子メール転送システム及び転送方法 |
JP2006215590A (ja) * | 2003-09-19 | 2006-08-17 | Hikari Hiyo | 着信者主導による通信方法及び通信システム |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012053527A (ja) * | 2010-08-31 | 2012-03-15 | Nec Corp | リモートアクセスシステム、サーバコンピュータ、リモートアクセス方法およびプログラム |
WO2015049948A1 (ja) * | 2013-10-01 | 2015-04-09 | 手島太郎 | 情報処理装置およびアクセス権限付与方法 |
JP5987158B2 (ja) * | 2013-10-01 | 2016-09-07 | Bank Invoice株式会社 | 情報処理装置およびアクセス権限付与方法 |
CN105580026B (zh) * | 2013-10-01 | 2018-06-29 | 邦克英沃斯株式会社 | 信息处理装置及访问权限赋予方法 |
US10762541B2 (en) | 2013-10-01 | 2020-09-01 | Amadellas Corporation | Devices and methods for information processing and access control |
JP6319675B1 (ja) * | 2017-08-03 | 2018-05-09 | 晴喜 菅原 | 情報処理システム |
Also Published As
Publication number | Publication date |
---|---|
JPWO2010090252A1 (ja) | 2012-08-09 |
US20110307939A1 (en) | 2011-12-15 |
JP5495194B2 (ja) | 2014-05-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109150548B (zh) | 一种数字证书签名、验签方法及系统、数字证书系统 | |
CN100574184C (zh) | 用于在计算机系统之间建立用于传递消息的安全上下文的方法和设备 | |
JP4800377B2 (ja) | 認証システム、ce機器、携帯端末、鍵証明発行局および鍵証明取得方法 | |
US8001588B2 (en) | Secure single sign-on authentication between WSRP consumers and producers | |
JP5495194B2 (ja) | アカウント発行システム、アカウントサーバ、サービスサーバおよびアカウント発行方法 | |
CN101772024B (zh) | 一种用户身份确定方法及装置和系统 | |
CN102427442A (zh) | 组合请求相关元数据和元数据内容 | |
WO2016201811A1 (zh) | 身份认证方法、装置及系统 | |
CN105993146A (zh) | 不访问私钥而使用公钥密码的安全会话能力 | |
TW200828944A (en) | Simplified management of authentication credientials for unattended applications | |
CN104702580B (zh) | 多通讯渠道认证授权平台系统和方法 | |
CN110278179B (zh) | 单点登录方法、装置和系统以及电子设备 | |
CN102823217A (zh) | 证书机构 | |
Sabadello et al. | Introduction to did auth | |
CN102811211A (zh) | 支持登录验证的设备和进行登录验证的方法 | |
JP5452192B2 (ja) | アクセス制御システム、アクセス制御方法およびプログラム | |
JP2012519995A (ja) | ネットワーク通信を保護する方法および装置 | |
JP6182080B2 (ja) | 認証システム、プログラム | |
JP2015194879A (ja) | 認証システム、方法、及び提供装置 | |
JP2015039141A (ja) | 証明書発行要求生成プログラム、証明書発行要求生成装置、証明書発行要求生成システム、証明書発行要求生成方法、証明書発行装置および認証方法 | |
KR101241864B1 (ko) | 사용자 중심의 아이덴터티 관리 시스템 및 그 방법 | |
JP6240102B2 (ja) | 認証システム、認証鍵管理装置、認証鍵管理方法および認証鍵管理プログラム | |
KR102171377B1 (ko) | 로그인 제어 방법 | |
KR102053993B1 (ko) | 인증서를 이용한 사용자 인증 방법 | |
JPWO2019234801A1 (ja) | サービス提供システム及びサービス提供方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10738583 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010549504 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13147974 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10738583 Country of ref document: EP Kind code of ref document: A1 |