WO2022130507A1 - ユーザ情報管理システム、ユーザ情報管理方法、ユーザエージェントおよびプログラム - Google Patents
ユーザ情報管理システム、ユーザ情報管理方法、ユーザエージェントおよびプログラム Download PDFInfo
- Publication number
- WO2022130507A1 WO2022130507A1 PCT/JP2020/046774 JP2020046774W WO2022130507A1 WO 2022130507 A1 WO2022130507 A1 WO 2022130507A1 JP 2020046774 W JP2020046774 W JP 2020046774W WO 2022130507 A1 WO2022130507 A1 WO 2022130507A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- service provider
- user information
- provider server
- information
- Prior art date
Links
- 238000007726 management method Methods 0.000 title claims description 63
- 238000012795 verification Methods 0.000 claims description 24
- 238000012546 transfer Methods 0.000 claims description 19
- 238000012790 confirmation Methods 0.000 claims description 16
- 238000000034 method Methods 0.000 description 52
- 230000008569 process Effects 0.000 description 47
- 238000010586 diagram Methods 0.000 description 35
- 238000004891 communication Methods 0.000 description 30
- 238000012545 processing Methods 0.000 description 25
- 230000008520 organization Effects 0.000 description 14
- 230000006870 function Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 241000699666 Mus <mouse, genus> Species 0.000 description 1
- 241000699670 Mus sp. Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 239000004020 conductor Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Definitions
- the present invention relates to a user information management system for managing the distribution of user information, a user information management method, a user agent, and a program.
- Service providers such as major SNS (Social Networking Service) sites, search sites, and mail-order sites are not only in a monopoly position in their respective industries, but also in an advantageous position in that they hold the personal information of users. It is in. While there is an advantage that advanced services are provided by using personal information, there are cases where personal information is leaked or personal information is provided to a third party without the user's knowledge. It has become a social problem.
- SNS Social Networking Service
- self-sovereign ID management (Self-Sovereign Identity (SSI)) aims to enable users to manage (control) their own personal information instead of managing personal information by service providers. ) Is widespread (Non-Patent Document 1).
- user information user credentials
- the service endpoint Upon request from the service provider, the service endpoint sends user information.
- the user By controlling the access right to the user information on the service endpoint, the user can control the destination (distribution destination, transfer destination) of the user information.
- Non-Patent Document 2 the user terminal signs the service document of the service provider or the secondary business operator to approve the access right to the user information and manage the distribution destination of the user information. is doing.
- the distributed user information is limited to the range necessary for providing the service.
- the contractor can identify (integrate) names based on the same user's identification information and user information. Then, the outsourcer can grasp the user information such as the attribute information and the action history of the user held by the plurality of service providers. Further, even if the user uses the service using different user identification information, the outsourcer has the user information possessed by the different service providers as one user information. Then, one business operator (contractor) has more user information than the user intended, which is not desirable in terms of privacy protection.
- the present invention has been made in view of such a background, and an object of the present invention is to enable distribution control of user information that suppresses name identification.
- the user information management system is a user information management system including a user terminal used by a user, a user agent, and a service provider server.
- the user agent includes a registered user database in which the user identification information of the user and the user information of the user are stored in association with each other, the service provider server, and the user information provided to the service provider server.
- a request from the user terminal accompanied by a service provider service document is received, and the user information of the user of the user terminal already provided to the service provider server and the user information of the user corresponding to the user information type are obtained.
- the user information providing destination search unit to be transmitted to the user terminal and the service provider server provision permission user information indicating the user information to be provided to the service provider server are received from the user terminal, and the service provider server of the user receives the user information.
- a signature that generates a pseudo-user identification information that is user identification information and a pair of a private key and a public key associated with the pseudo-user identification information, and uses the private key to sign the service provider service document.
- a service provider service document is generated, and the pseudo user identification information and the signed service provider service document are transmitted to the user terminal.
- the user terminal includes a user information access right approval unit, and the user terminal is provided with the service.
- Provider server provision permission A user information provision request unit that transmits user information to the user agent, a service document transfer unit that transmits the pseudo-user identification information and the signed service provider service document to the service provider server.
- the service provider server comprises a user information requesting unit that transmits the pseudo-user identification information and the signed service provider service document to the user agent, and the user agent is the signed user.
- Service provider The signature of the service document is verified using the public key associated with the pseudo user identification information, and if the verification is successful, the service is provided.
- a user information providing unit that returns the user information authorized to provide the user server to the service provider server is further provided.
- FIG. 1 is a diagram showing an overall configuration of a user information management system 10 according to the present embodiment.
- the user information management system 10 includes a user agent 100, a user terminal 200, and a service provider server 300.
- the user information management system 10 may further include a contractor / collaborator server 400 of a service provided by a service provider to a user / a collaborator operated by a collaborator, a distributed ledger 810, and a user information issuing organization server 850.
- the user agent 100, the user terminal 200, the service provider server 300, the contractor / collaborator server 400, the distributed ledger 810, and the user information issuing organization server 850 can communicate with each other via the network 800.
- the user information issuing organization server 850 issues user information.
- the user information is given the signature of the user information issuing organization server 850.
- the user information is information such as the qualification acquired by the user and the institution to which the user belongs.
- the user information may be information such as the current address and the date of birth declared by the user himself / herself.
- the distributed ledger 810 is composed of a plurality of servers.
- the distributed ledger 810 stores the service documents issued by the service provider server 300, the outsourced / collaborated server 400, and the acquisition history of the user information issued by the user agent 100. Further, the distributed ledger 810 provides service documents and acquisition histories in response to requests from the user agent 100, the user terminal 200, the service provider server 300, and the contractor / collaborator server 400.
- the user information and the outline of the processing in the user information management system 10 that handles the user information are described. explain.
- User information In providing the service, the service provider server 300 and the contractor / collaborator server 400 acquire the user information at the time of application for registration to the service of the user or at the time of providing the service, and use it for providing the service, or are qualified to provide the service. Check if there is one. For example, in a mortgage service, a withholding slip issued by a user's office is obtained and used for loan screening, and a liquor sales site confirms that the user is an adult.
- the service provider server 300 and the contractor / collaborator server 400 describe the user information necessary for providing their own service in the service document.
- the user information described in the service document is a type of user information such as date of birth and educational background, and is also referred to as a user information type.
- the user refers to the service document of the service provider server 300, confirms the user information required by the service provider, and determines whether or not to use the service.
- the service provider server 300 does not stand alone but cooperates with (cooperates with) the contractor / collaborator server 400, the user uses the consignment described in the service document of the service provider server 300.
- the user information described in the service document of the destination / cooperation destination server 400 and the contractor / cooperation destination server 400 is confirmed, and it is determined whether or not to use the service.
- FIG. 2 is a flowchart showing an outline of processing in the user information management system 10 according to the present embodiment.
- a user registration process for the service provided by the service provider server 300 and a process to be prepared before the user registration process will be described.
- the service provider server 300 and the contractor / collaborator server 400 issue their own service documents and register them in the distributed ledger 810 (see FIG. 9 described later).
- the service document of the service provider server 300 includes identification information of the service provider server 300, a public key, and user information (user information type) necessary for providing the service of the service provider server 300.
- the service document includes identification information of the service consignee / collaborator / collaborator server 400.
- the service document may include the location of the service provider server 300.
- the service document of the outsourced / collaborated server 400 is the same as the service document of the service provider server 300, and the identification information and public key of the outsourced / collaborated server 400, the user information type required for service provision, etc. Is included.
- the service document may be signed by a service provider confirmation organization server (not shown) that has confirmed the authenticity of the service document.
- the user agent 100 Upon receiving the user registration request from the user terminal 200 in step S120, the user agent 100 registers the user (see FIG. 10 described later).
- the user terminal 200 requests the user information issuing organization server 850 to issue user information, acquires the user information, and registers the acquired user information in the user agent 100 (see FIG. 11 described later).
- step S140 the user terminal 200 registers a user in the service provider server 300 (user registration to the service). Registration includes steps S141-S144.
- step S141 the user terminal 200 applies to the service provider server 300 for registration of the user in the service (see FIG. 12 described later). At this time, the user terminal 200 obtains the service document of the service provider server 300. If the service provider has a contractor / collaborator, the user terminal 200 also obtains the service document of the contractor / collaborator server 400.
- step S142 the user terminal 200 requests the user agent 100 to provide user information to the service provider server 300 and the contractor / collaborator server 400 (see FIGS. 12 and 13 described later).
- the user determines whether or not to provide the user information requested by the service provider server 300 and the contractor / collaborator server 400 included in the service document. Further, the user refers to the user information provided to the service provider server 300 and the contractor / collaborator server 400 provided by the user agent 100, and determines whether or not to provide the user information.
- the user terminal 200 Upon receiving the input of the information permitted by the user, the user terminal 200 requests the user agent 100 to provide the user information. Requesting the provision of user information means that the user (user terminal 200) approves the access right to the user information to the service provider server 300 and the contractor / collaborator server 400.
- step S143 the user agent 100 signs the service document using the private key of the user (pseudo-user described later).
- the signed service document is transmitted to the service provider server 300 and the contractor / collaborator server 400 via the user terminal 200 (see FIGS. 13 and 14).
- This user-signed service document serves as a proof that the service provider server 300 and the contractor / collaborator server 400 have approved the access right to the user information.
- step S144 the service provider server 300 requests the user information from the user agent 100 with the user-signed service document (see FIG. 16). By verifying the user's signature given to the service document, the user agent 100 confirms that the service provider server 300 has the access right to the user information of the user information type described in the service document. , The user information is transmitted to the service provider server 300. The same applies to the outsourced / collaborated server 400 (see FIG. 17).
- the user information transmitted by the user agent 100 is not limited to the user information itself registered in step S130, but is the minimum range of information corresponding to the user information type described in the service document (coarse-grained information, high degree of abstraction). Information). For example, if the user information described in the service document is adult or not, the user agent 100 determines whether or not the user is an adult from the date of birth and transmits only the determination result. If the user information described in the service document is the prefecture of residence, the user agent 100 transmits only the prefecture except for the address of the registered address (see step S130).
- the user identification information registered in the service provider server 300 or the outsourced / collaborated server 400 is pseudo user identification information that differs for each registration. Pseudo-user identification information is adopted because if the same user identification information is registered, even if it is registered in different service provider servers 300, the names will be identified, and the provided user information and service usage history will be the same user. This is to avoid being grasped. In order to avoid name identification, users are registered in the service provider server 300 and the outsourced / collaborated server 400 as pseudo users of the pseudo user identification information.
- step S150 the user uses the service provided by the service provider server 300 by using the user terminal 200.
- FIG. 3 is a functional block diagram of the user agent 100 according to the present embodiment.
- the user agent 100 includes a control unit 110, a storage unit 120, and a communication unit 150.
- the communication unit 150 transmits / receives communication data to / from the user terminal 200, the service provider server 300, the contractor / collaborator server 400, and the like.
- the storage unit 120 is composed of a storage device such as a ROM (Read Only Memory), a RAM (Random Access Memory), and an SSD (Solid State Drive).
- the storage unit 120 includes a program 121, an encryption key 122, a registered user database 130 (described as a registered user DB (Database) in FIG. 3), and a provided user information database 140 (described as a provided user information DB in FIG. 3). Is remembered.
- the provided user information database 140 is data stored for each user registered in the user agent 100, and is one or more.
- the program 121 includes a user registration process (step S120 in FIG. 2, see FIG. 10 described later), an access right approval process (step S143, see FIG.
- the encryption key 122 is an encryption key for encrypting and authenticating communication data in communication with the user terminal 200, the service provider server 300, and the contractor / collaborator server 400.
- FIG. 4 is a data structure diagram of the registered user database 130 according to the present embodiment.
- the registered user database 130 is, for example, tabular data stored in the secure area of the user agent 100, and includes information relating to the user of the user terminal 200.
- One row (record) of the registered user database 130 indicates one user or pseudo-user, user identification information 131 (denoted as user ID in FIG. 4), authentication information 132, public key 133, private key 134, master. Includes columns (attributes) of secret 135, user information 136, and provided user information 137.
- the user identification information 131 is identification information of a user or a pseudo user.
- the authentication information 132 is information used for authentication of a user or the user terminal 200 in communication with the user terminal 200.
- the authentication information 132 is, for example, a public key of the user terminal 200 or a password used for user authentication.
- the public key 133 and the private key 134 are a key pair of public key cryptography.
- the master secret 135 is information used for the concealment processing described later.
- the user information 136 is one or more user information acquired and registered by the user from the user information issuing organization server 850. When the user is registered, the user information 136 does not include the user information.
- the user information 136 is stored in a concealed format using the master secret 135 (described in a readable format in FIG. 4).
- the user identification information 131 is the identification information of the pseudo user
- the user information 136 indicates the user information provided to the service provider server 300 or the outsourced / collaborated server 400.
- the provided user information 137 is the identification information of the provided user information database 140 of the user identified by the user identification information 131. Among the one or more provided user information databases 140, the provided user information 137 indicates the provided user information database 140 of the user.
- the user identification information 131 is "user73p”
- the user information 136 stores the user information of the date of birth.
- Information of the pseudo user is registered in the record 139, and the authentication information 132, the master secret 135, and the provided user information 137 are empty (“N / A”).
- FIG. 5 is a data structure diagram of the provided user information database 140 according to the present embodiment.
- the provided user information database 140 is, for example, tabular data, and stores information related to user information provided to the service provider server 300 and the contractor / collaborator server 400.
- One row (record) of the provided user information database 140 includes columns (attributes) of type 141, user information 142, and destination 143.
- the type 141 is the type of the provided user information 142. Types include e-mail addresses, handle names such as SNS, and addresses.
- the user information 142 is the provided user information.
- the provider 143 includes identification information of the service provider server 300 and the contractor / collaborator server 400 to which the user information 142 is provided, and pseudo user identification information at the time of provision (user registration). Instead of the identification information of the service provider server 300 and the contractor / collaborator server 400, the identification information of the business operator operating the service provider server 300 and the contractor / collaborator server 400 (for example, "service provider A", etc.) ) May be included.
- Record 149 indicates that the user is registered in the "server A" with the pseudo user identification information "ehd738" and the user information of the e-mail address "aaa@bb.ne.jp” is provided.
- the provided user information database 140 shown in FIG. 5 is a registered user database in which the provided user information 137 of the user whose user identification information 131 shown in record 138 (see FIG. 4) is “user73p” is “DB847345”. It is 130. From record 149, it can be seen that there is “ehd738” in the pseudo user identification information of the user. Further, it can be seen that record 139 indicates a pseudo-user of the user shown in record 138. Further, although the user information 136 of the user includes the date of birth, it can be seen that only "1983", which is the year of birth, was provided as the pseudo user.
- the control unit 110 includes a CPU (Central Processing Unit), and includes a key management unit 111, a user registration unit 112, a user information registration unit 113, a user information provision destination search unit 114, and a user information provision unit. It includes a pass / fail determination unit 115, a user information access right approval unit 116, and a user information providing unit 117.
- the key management unit 111 generates a public key 133 (see FIG. 4) and a private key 134 of a user or a pseudo user.
- the key management unit 111 generates a master secret 135, an encryption key used for communication, a challenge (random number) used for authentication of a communication partner, and the like.
- the key management unit 111 performs processing such as encryption, decryption, and signature using the encryption key 122.
- the user registration unit 112 executes a user registration process for the user agent 100 (see FIG. 10 described later). Specifically, the user registration unit 112 generates the user identification information 131 (see FIG. 4), the authentication information 132, the public key 133, the private key 134, and the master secret 135, stores them in the registered user database 130, and stores the user. sign up.
- the user information registration unit 113 executes a user information registration process (see FIG. 11 described later). Specifically, the user information transmitted from the user terminal 200 is registered in the registered user database 130.
- the user information providing destination search unit 114 searches for the user information provided to the service provider server 300 and the outsourced / collaborating destination server 400, and transmits the user information to the user terminal 200.
- the user information provision availability determination unit 115 determines the risk level of name identification due to the provision of user information associated with user registration to the service provider server 300. For example, it is assumed that the e-mail address "ccc@dd.com" has already been provided to the contractor / collaborator server 400. Assuming that the outsourcer / collaborator server 400 is included as the outsourcer of the service provider server 300 to be registered as a user this time, it is judged that providing the same "ccc@dd.com" has a high risk of name identification. And generate a message for the user to that effect.
- the user information provision availability determination unit 115 determines that the lower the abstraction level of the user information that is not the identification information, the higher the risk of name identification. For example, regarding the address, "Tokyo's 23 wards" has a lower level of abstraction than "Tokyo", and the user information provision availability determination unit 115 determines that the risk of name identification is high when the address is provided. Further, the user information provision availability determination unit 115 determines that even if the user information has a low risk level, the level becomes higher as the number of provided user information increases.
- the user information access right approval unit 116 enters the service document of the service provider server 300 or the outsourced / collaborated server 400 with the pseudo user's private key 134 (see FIG. 4). Sign using.
- This pseudo-user-signed service document serves as a certificate that the service provider server 300 and the contractor / collaborator server 400 are authorized to access the user information.
- the user information providing unit 117 provides user information in response to a request from the service provider server 300 or the outsourced / collaborated server 400 (see FIGS. 16 and 17 described later). Specifically, when the user information providing unit 117 succeeds in verifying the signature of the pseudo user given to the service document, the requested user information having access right to the service provider server 300 and the outsourced / collaborated server 400. To confirm. Next, the user information providing unit 117 acquires the user information corresponding to the requested user information from the user information 136, 142 (see FIGS. 4 and 5), converts it into the requested user information, and transmits it. ..
- the user information providing unit 117 sends only the prefecture of the address.
- Such a technique is also called concealment processing, and is described in the following documents, for example: Jan Camenisch and Anna Lysyanskaya, "An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation," Advances in Cryptology Eurocrypt . 93-117.
- the user information providing unit 117 uses the master secret 135 (see FIG. 4).
- FIG. 6 is a functional block diagram of the user terminal 200 according to the present embodiment.
- the user terminal 200 includes a control unit 210, a storage unit 220, a communication unit 240, and an input / output unit 250.
- the communication unit 240 transmits / receives communication data to / from the user agent 100, the service provider server 300, the user information issuing organization server 850, and the like.
- the input / output unit 250 exchanges data with user interface devices such as displays, keyboards, and mice.
- the storage unit 220 is composed of a storage device such as a RAM or an SSD.
- the program 221 and the encryption key 222 are stored in the storage unit 220.
- the program 221 is executed by the control unit 210 for user registration processing to the user agent 100 (step S120 in FIG. 2, see FIG. 10 to be described later), user information registration processing (step S130, see FIG. 11 to be described later), and service. Includes a description of the processing procedure of the user terminal 200 in the user registration process (step S140, see FIGS. 12, 13, and 14 described later) of the above.
- the encryption key 222 is an encryption key for encrypting and authenticating communication data in communication with a user agent 100, a service provider server 300, a user information issuing organization server 850, and the like.
- the control unit 210 includes a CPU, and includes a key management unit 211, a user registration unit 212, a user information registration unit 213, a service application unit 214, a user information provision request unit 215, and a service document transfer unit 216.
- the key management unit 211 generates an encryption key 222, a challenge (random number) used for authentication of a communication partner, and performs processing such as encryption, decryption, and signature using the encryption key 222.
- the user registration unit 212 executes a user registration process for the user agent 100 (step S120 in FIG. 2, see FIG. 10 described later).
- the user information registration unit 213 acquires user information from the user information issuing organization server 850 and registers it in the user agent 100 (see step S130 in FIG. 2 and FIG. 11 described later).
- the service application unit 214 applies to the service provider server 300 for registration of the user's service (see step S141 in FIG. 2 and FIG. 12 described later).
- the user information provision request unit 215 requests the user agent 100 to provide user information (access right approval) to the service provider server 300 and the contractor / collaborator server 400 (step S142 in FIG. 2, FIG. 12 described later). , See FIG. 13). Specifically, the user information provision request unit 215 inquires of the user whether or not the user information can be provided and acquires the information. Further, the user information provision request unit 215 requests the user agent 100 to provide the user information (approval of the access right of the user information). The service document transfer unit 216 acquires a signed service document indicating the access right of the user information from the user agent 100 and transmits it to the service provider server 300 (see FIG. 14 described later).
- FIG. 7 is a functional block diagram of the service provider server 300 according to the present embodiment.
- the outsourced / collaborated server 400 also has the same functional configuration as the service provider server 300.
- the service provider server 300 includes a control unit 310, a storage unit 320, and a communication unit 340.
- the communication unit 340 transmits / receives communication data to / from the user agent 100, the user terminal 200, the contractor / collaborator server 400, and the like.
- the storage unit 320 is composed of a storage device such as a RAM or an SSD.
- the storage unit 320 stores the program 321, the encryption key 322, and the service user database 330 (described as "service user DB" in FIG. 7, see FIG. 8 described later).
- the program 321 includes a service document issuance process executed by the control unit 310 (step S110 in FIG. 2, see FIG. 9 to be described later), a user information acquisition process from the user agent 100 (step S144, see FIG. 16 to be described later), and the like. Includes a description of the processing procedure of the service provider server 300 in.
- the encryption key 322 is an encryption key for encrypting and authenticating communication data in communication with a user agent 100, a user terminal 200, a contractor / collaborator server 400, and the like.
- the encryption key 322 includes a public key and a private key of the service provider server 300.
- FIG. 8 is a data structure diagram of the service user database 330 according to this embodiment.
- the service user database 330 is, for example, tabular data, and includes information relating to a user of a user terminal 200 who uses the service of the service provider server 300.
- One row (record) of the service user database 330 indicates one user and includes user identification information 331 (denoted as user ID in FIG. 8), authentication information 332, and user information 333.
- the user identification information 331 and the authentication information 332 are the identification information and the authentication information when the user uses the service.
- the user registered in the service provider server 300 is a pseudo user, and the pseudo user identification information is stored in the user identification information 331.
- the user information 333 is user information acquired from the user agent 100.
- the user identification information 131 of the record 339 is "ehd738", and the user information of the year of birth is registered in the user information 333.
- the user of record 339 is the same pseudo user as record 139 (see FIG. 4).
- control unit 310 includes a CPU, and includes a key management unit 311, a service document registration unit 312, a user registration unit 313, a user information acquisition unit 314, and a related service document transfer unit 315.
- the key management unit 311 generates an encryption key 322, a challenge (random number) used for authentication of a communication partner, and performs processing such as encryption, decryption, and signature using the encryption key 322.
- the service document registration unit 312 issues a service document and registers it in the distributed ledger 810 (step S110 described in FIG. 2, see FIG. 9 described later).
- the user registration unit 313 performs a process corresponding to the user's application for registration to the service (step S141, see FIG. 12 described later).
- the user information acquisition unit 314 (user information request unit, related user information request unit) presents a signed service document to the user agent 100, acquires user information, and registers the user information in the user record of the service user database 330. (See step S144, FIG. 16 described later).
- the related service document transfer unit 315 transfers the pseudo user identification information acquired from the user terminal 200, the signed service document of the service provider server 300, and the signed service document of the outsourced / collaborated server 400 to the outsourced / collaborated server 400. (See FIG. 14 below).
- FIG. 9 is a sequence diagram of a service document issuance process of the service provider server 300 according to the present embodiment.
- the processing content of step S110 (see FIG. 2) will be described with reference to FIG.
- the key management unit 311 of the service provider server 300 generates a public key / private key pair and stores it in the encryption key 322.
- the service document registration unit 312 of the service provider server 300 generates a service document. Specifically, the service document registration unit 312 generates identification information of the service provider server 300. Next, the service document registration unit 312 generates a service document including this identification information, the public key generated in step S201, and the user information type.
- the user information type is a type of user information necessary for the service provider server 300 to provide a service to a user, and is a type of user information acquired at the time of user registration or service use.
- the service document includes identification information of the contractor / collaborator server 400 as the distribution destination of the user information.
- the service document may also include the location of the service provider server 300.
- step S203 the service document registration unit 312 registers the service document generated in step S202 in the distributed ledger 810.
- the contractor / collaborator server 400 also generates a service document and registers it in the distributed ledger 810.
- FIG. 10 is a sequence diagram of a user registration process for the user agent 100 according to the present embodiment.
- the processing content of step S120 (see FIG. 2) will be described with reference to FIG. It is assumed that the communication between the user terminal 200 and the user agent 100 is encrypted, and the user terminal 200 authenticates the user agent 100 which is the communication partner.
- step S211 the user registration unit 212 of the user terminal 200 requests the user agent 100 to register the user.
- step S212 the user registration unit 112 of the user agent 100 generates user identification information (user identification information), authentication information, a public key / private key pair, and a master secret.
- the user registration unit 112 adds a record to the registered user database 130, and adds the generated user identification information, authentication information, public key, private key, and master secret to the user identification information 131 and authentication information of the added record. It is stored in 132, the public key 133, the private key 134, and the master secret 135, respectively.
- the authentication information is the authentication information of the user terminal 200 used when the user terminal 200 accesses the user agent 100 after this user registration process.
- step S213 the user registration unit 112 creates an empty provided user information database 140.
- the user registration unit 112 stores the identification information of the provided user information database 140 in the provided user information 137 of the record added in step S212.
- step S214 the user registration unit 112 transmits the user identification information and the authentication information generated in step S212 to the user terminal 200 to notify that the user registration is completed.
- the user terminal 200 stores the user identification information and the authentication information in the storage unit 220. Hereinafter, when the user terminal 200 accesses the user agent 100, this authentication information is used.
- FIG. 11 is a sequence diagram of the user information registration process according to the present embodiment.
- the processing content of step S130 (see FIG. 2) will be described with reference to FIG.
- the communication between the user terminal 200 and the user information issuing organization server 850 is encrypted and mutually authenticates the other party.
- the user information registration unit 213 of the user terminal 200 requests the user information issuing organization server 850 to issue user information.
- the request includes the type of user information to be issued.
- step S232 the user information issuing organization server 850 generates user information and transmits it to the user terminal 200.
- step S233 the user information registration unit 213 transmits the user information received in step S232 to the user agent 100.
- step S234 the user information registration unit 113 of the user agent 100 stores the user information received in step S233 in the registered user database 130. Specifically, the user information registration unit 113 specifies a record in the registered user database 130 (see FIG. 4) corresponding to the user of the user terminal 200. Next, the user information registration unit 113 adds the user information received in step S233 to the user information 136. In step S235, the user information registration unit 113 notifies the user terminal 200 that the registration is completed.
- FIG. 12 is a sequence diagram (1) of the registration process of the user in the service according to the present embodiment.
- FIG. 13 is a sequence diagram (2) of the registration process of the user in the service according to the present embodiment.
- FIG. 14 is a sequence diagram (3) of the registration process of the user in the service according to the present embodiment.
- the processing contents of steps S141 to S143 will be described with reference to FIGS. 12 to 14.
- the service provider server 300 and the contractor / collaborator server 400 may be abbreviated as the service provider and the contractor / collaborator, respectively.
- step S301 the service application unit 214 of the user terminal 200 applies to the service provider server 300 to register the user for the service.
- the user registration unit 313 of the service provider server 300 acquires the identification information of the contractor / collaborator server 400 from the contractor / collaborator server 400.
- step S303 the user registration unit 313 acquires the service document of the contractor / collaborator server 400 from the distributed ledger 810 based on the identification information acquired in step S302.
- step S304 the user registration unit 313 transmits the challenge (random number) generated by the key management unit 311 to the outsourced / collaborated server 400.
- step S305 the key management unit of the contractor / collaborator server 400 (see the key management unit 311 shown in FIG. 7) signs the challenge using its own private key (the private key corresponding to the public key in the service document). And send the signed challenge to the service provider server 300.
- the "signature of the ⁇ data ⁇ subject” indicates the "data” to which the signature generated by using the private key of the "subject” such as the service provider server 300 or the user is given.
- " ⁇ challenge ⁇ contractor / collaborator signature” indicates a challenge with a signature generated using the private key of the consignee / collaborator server 400.
- step S306 the user registration unit 313 verifies the signature of the challenge acquired in step S305 using the public key of the contractor / collaborator server 400 included in the service document acquired in step S303. If the verification is successful, the service provider server 300 has authenticated the outsourced / collaborated server 400. When the verification fails, the user registration unit 313 notifies the user terminal 200 of the error and cancels the process of FIG. 12. In the following, the explanation will be continued assuming that the authentication was successful.
- step S307 the user registration unit 313 requests the key management unit 311 to sign the identification information of the consignee / collaborator server 400 with its own private key.
- step S308 the user registration unit 313 transmits the signed identification information of the contractor / collaborator server 400 and the identification information of the service provider server 300 to the user terminal 200.
- step S309 the service application unit 214 of the user terminal 200 acquires the service documents of the contractor / collaborator server 400 and the service provider server 300 from the distributed ledger 810 based on the identification information received in step S308.
- step S310 the service application unit 214 transmits the challenge (random number) generated by the key management unit 211 (see FIG. 6) to the service provider server 300.
- step S311 the key management unit 311 (see FIG. 7) of the service provider server 300 uses its own private key (the private key corresponding to the public key in the service document) to generate a signature for the challenge and is signed.
- the challenge is transmitted to the user terminal 200.
- step S312 the service application unit 214 verifies the signature of the service provider server 300 given to the challenge acquired in step S311 by using the public key included in the service document of the service provider server 300 acquired in step S309. do. If this verification is successful, the user terminal 200 has authenticated the service provider server 300. Subsequently, the service application unit 214 verifies the signature of the service provider server 300 given to the identification information of the contractor / collaborator server 400 acquired in step S308. If the verification is successful, it can be confirmed that the outsourcer / collaborator server 400 exists as the outsourcer of the service provider server 300, and the genuine identification information of the outsourcer / collaborator server 400 is obtained.
- the service application unit 214 When the verification of any of the signatures fails, the service application unit 214 notifies the service provider server 300 of the error and cancels the process of FIG. 12. In the following, the explanation will be continued assuming that the signature has been successfully verified.
- the above steps S301 to S312 correspond to the process of the registration application in step S141 (described in FIG. 2).
- step S321 the user information provision request unit 215 of the user terminal 200 inquires of the user and acquires whether or not the user information can be provided. Specifically, the user information provision request unit 215 displays the type of user information (user information type) described in the service document acquired in step S309 (see FIG. 12), and displays the service provider server 300 and the contractor. / Inquires to the user whether or not to provide the user information requested by the collaborative server 400 (whether or not to approve the access). If it is not possible, the user information provision request unit 215 notifies the service provider server 300 of an error and cancels the process of FIG. 13. In the following explanation, it is assumed that it has been approved.
- user information provision request unit 215 displays the type of user information (user information type) described in the service document acquired in step S309 (see FIG. 12), and displays the service provider server 300 and the contractor. / Inquires to the user whether or not to provide the user information requested by the collaborative server 400 (whether or not to approve the access). If it is not possible, the user information provision
- step S322 the user information provision request unit 215 transmits the service documents of the service provider server 300 and the contractor / collaborator server 400 to the user agent 100.
- the user terminal 200 requests the user agent 100 for the user information provided to the service provider server 300 and the contractor / collaborator server 400.
- the user information providing destination search unit 114 of the user agent 100 searches for the provided user information.
- the user information provider search unit 114 includes the service provider server 300 included in the service document acquired in step S322 in the records of the provided user information database 140 (see FIG. 5) relating to the user of the user agent 100. And searches for records that include the identification information of the contractor / collaborator server 400 in the provider 143.
- the user information 142 of the record is the provided user information.
- the user information provision availability determination unit 115 transmits the provided user information, the registered user information (user information 136 shown in FIG. 4, see FIG. 11), and a message to the user terminal 200. Specifically, the user information provision availability determination unit 115 sets the user information provided to the service provider server 300 acquired in step S323 and the user information type included in the service document of the service provider server 300 acquired in step S322. The corresponding concealed (abstracted) user information is transmitted to the user terminal 200. Further, the user information provision availability determination unit 115 similarly transmits the provided user information and the user information to the outsourced / collaborated server 400.
- the message is a message generated by the user information provision availability determination unit 115, and is a message for the user displayed on the provision user information confirmation screen 600 (see FIG. 15 described later) described later. The message contains information about the risk of name identification.
- step S325 the user information provision request unit 215 of the user terminal 200 inquires of the user and acquires whether or not the user information can be provided to the service provider server 300 and the contractor / collaborator server 400.
- the user information provision request unit 215 displays the provision user information confirmation screen 600 (see FIG. 15 described later) described later on a display (not shown) connected to the input / output unit 250, and inquires about the provision of user information.
- step S321 the user information provision request unit 215 displays the user information type and inquires whether or not the user information corresponding to the user information type can be provided.
- the user information provision request unit 215 displays the user information itself and inquires whether or not the user information can be provided.
- FIG. 15 is a configuration diagram of the provided user information confirmation screen 600 according to the present embodiment.
- a provided user information list 610 including the provided user information acquired in step S324 and the registered user information is displayed.
- the provider information list 610 shown in FIG. 15 shows that the service provider server 300 is provided with the name, address, and date of birth, and the contractor / collaborator server 400 is provided with the name and date of birth. ing. Further, it is shown that the address and the date of birth have already been provided to the contractor / collaborator server 400.
- the text 620 "You are the contractor B " under the provided user information list 610 is a message sent by the user information provider search unit 114 in step S324.
- the user information provision availability determination unit 115 of the user agent 100 has already provided the user information to the outsourced / collaborated server 400, and in the user registration process for this service (see FIGS. 12 to 14), further If the same user information as the provided user information is provided, a message that there is a risk of name identification is generated. In addition, even if the user information is not the same, even if the particle size (abstraction level) is different, such as "Tokyo" and "Minami-ku, Tokyo", a message that there is a risk of name identification is generated (step). See S324).
- the user information provision availability determination unit 115 also generates a message for the user information provided to the service provider server 300.
- the user refers to the provided user information list 610 and the text 620 to determine whether or not to provide the user information.
- the user presses the "provide” button 631 when providing, and presses the "not provide” button 632 when not providing.
- the user information provision request unit 215 notifies the user agent 100 of the processing cancellation and cancels the processing of FIG. 13.
- the description will be continued assuming that the "provide” button 631 is pressed.
- the user information request unit 215 requests the signature of the service document.
- This request may include user information (provided user information) that permits provision to each of the service provider server 300 and the contractor / collaborator server 400.
- Requesting the signature of the service document means that the user (user terminal 200) permits the service provider server 300 and the contractor / collaborator server 400 to provide the user information, in other words, the access right is approved. Show that you did.
- the above processes of steps S321 to S326 correspond to the process of the user information provision request in step S142 (described in FIG. 2).
- step S327 the user information access right approval unit 116 generates pseudo user identification information.
- This pseudo user identification information is user identification information registered in the service provider server 300 or the outsourced / collaborated server 400 (see user identification information 331 shown in FIG. 8).
- the user information access right approval unit 116 adds a new record to the registered user database 130 (FIG. 4), and stores the generated pseudo user identification information in the user identification information 131. Further, the provided user information is stored in the user information 136. Subsequently, a new record is added to the provided user information database 140 corresponding to the user of the user terminal 200.
- the user information access right approval unit 116 stores the provider (identification information of the service provider server 300 or the contractor / collaborator server 400) and the pseudo user identification information in the provider 143 of the record. Further, the user information access right approval unit 116 stores the user information to be provided and the type thereof in the user information 142 and the type 141 of the record, respectively.
- the user information 142 is included in the user information 136 stored in the user record stored in the registered user database 130 (see FIG. 4), and is included in the service document (see step S322) as the user information type.
- the corresponding user information is converted (roughened / abstracted) according to the user information type included in the service document and concealed (anonymous). For example, if the user information included in the service document is the prefecture of residence, the address including the address in the user information 136 is concealed to the address of only the prefecture.
- the user information providing unit 117 performs the process of converting and concealing the user information according to the user information type.
- step S328 the user information access right approval unit 116 requests the key management unit 111 to generate a public key and a private key.
- the user information access right approval unit 116 stores the record added to the registered user database 130 in step S327 in the public key 133 and the private key 134, respectively.
- the public key and the private key are the public key and the private key corresponding to the pseudo user identification information.
- the user information access right approval unit 116 signs the service document acquired in step S322 with the private key corresponding to the pseudo user identification information.
- step S329 the user information access right approval unit 116 uses the pseudo user identification information, the service document of the service provider server 300 with the signature, and the service document of the contractor / collaborator server 400 with the signature as the user terminal. Send to 200.
- step S330 the service document transfer unit 216 of the user terminal 200 is given the pseudo user identification information received in step S329, the service document of the service provider server 300 with the signature, and the signature.
- the service document of the contractor / collaborator server 400 is transmitted to the service provider server 300.
- the user registration unit 313 of the service provider server 300 adds a new record to the service user database 330 stored by itself.
- the user registration unit 313 stores the received pseudo user identification information in the user identification information 331.
- step S331 the related service document transfer unit 315 of the service provider server 300 has the pseudo-user identification information received in step S330, the service document of the service provider server 300 with the signature, and the contractor / contractor with the signature.
- the service document of the collaborative server 400 is transmitted to the consignee / collaborator server 400.
- the user registration unit 313 of the outsourced / collaborated server 400 adds a new record to the service user database 330 stored by itself.
- the user registration unit 313 stores the received pseudo user identification information in the user identification information 331.
- the service provider server 300 and the contractor / collaborator server 400 each have their own service document signed by a pseudo-user.
- the service document contains the identification information of the service provider server 300 or the outsourced / collaborated server 400, the public key, and the requested user information type, and the signature of the pseudo user is given to these. .. Therefore, in the user agent 100 that refers to the signed service document, the user of the user terminal 200 has the right to access the user information about the service provider server 300 or the contractor / collaborator server 400 authenticated by the public key. It can be confirmed that the permission was granted.
- the above steps S327 to S331 correspond to the process of approving the access right in step S143 (described in FIG. 2).
- FIG. 16 is a sequence diagram of user information acquisition processing of the service provider server 300 according to the present embodiment.
- the processing contents of step S144 (see FIG. 2) of the service provider server 300 will be described with reference to FIG.
- step S341 the user information acquisition unit 314 of the service provider server 300 transmits the pseudo user identification information and its own service document with the signature of the pseudo user to the user agent 100.
- step S342 the user information providing unit 117 of the user agent 100 transmits the challenge (random number) generated by the key management unit 111 to the service provider server 300.
- step S343 the key management unit 311 (see FIG. 7) of the service provider server 300 uses its own private key (the private key corresponding to the public key in the service document) to generate a signature for the challenge and is signed. Send the challenge to the user agent 100.
- step S344 the user information providing unit 117 of the user agent 100 verifies the signature of the signed service document received in step S341.
- the public key 133 of the record included in the registered user database 130 (see FIG. 3), which is the pseudo user identification information received by the user identification information 131 in step S341, is used.
- the user information providing unit 117 verifies the signature given to the challenge by using the public key included in the signed service document received in step S341.
- the user information providing unit 117 authenticates the service provider server 300. By succeeding in these two signature verifications, the user information providing unit 117 can confirm that the service provider server 300 has the access right to the user information. If any of the signature verifications fails, the user information providing unit 117 notifies the service provider server 300 of an error, and ends the process of FIG.
- step S345 the user information providing unit 117 transmits the concealed user information to the service provider server 300. Specifically, the user information providing unit 117 acquires the user information corresponding to the user information (user information type) included in the service document from the user information 142 (see step S327 described in FIGS. 5 and 13).
- step S346 the user information acquisition unit 314 of the service provider server 300 stores the received user information in the user information 333 of the service user database 330 (see FIG. 8). Specifically, the user information acquisition unit 314 stores the received user information in the user information 333 of the record corresponding to the pseudo user identification information in the service user database 330.
- the user information providing unit 117 registers the user information providing history (providing history) in the distributed ledger 810. Specifically, the user information providing unit 117 describes the date and time, the identification information of the service provider server 300, the type of acquired user information (user information (user information type) described in the service document, for example, the prefecture of residence, etc.). Register the history including pseudo user identification information.
- FIG. 17 is a sequence diagram of user information acquisition processing of the contractor / collaborator server 400 according to the present embodiment.
- the process of FIG. 17 is almost the same as the process of replacing the service provider server 300 with the contractor / collaborator server 400 in the process of FIG.
- the points different from the processing of FIG. 16 will be described.
- the user information acquisition unit 314 of the outsourced / collaborated server 400 has the pseudo-user identification information received in step S331 (see FIG. 14), the service document of the service provider server 300 with the signature, and the signature.
- the service document of the assigned consignee / collaborator server 400 is transmitted to the consignee / collaborator server 400.
- step S354 the user information providing unit 117 of the user agent 100 verifies the signatures of the two service documents received in step S351 and the signatures of the challenges received in step S353 in the same manner as in step S344. Further, it is confirmed that the service document of the service provider server 300 includes the identification information of the consignee / collaborator server 400 as the consignee / collaborator. By succeeding in the verification of these three signatures and the confirmation of the identification information, the user information providing unit 117 states that the consignee / collaborator server 400 is the consignee / collaborator of the service provider server 300, and the user information is obtained. You can confirm that you have the access right of.
- the service document of the service provider server 300 includes the type of user information necessary for providing the service, in addition to the identification information and the public key of the service provider server 300.
- the user determines whether or not the service provider server 300 can access the user information (user information type) described in the service document. Judgment (see step S321 in FIG. 13). If accessible, the user terminal 200 sends a service document to the user agent 100 (see step S322).
- the user refers to the provided user information (see steps S323 and S324) searched by the user agent 100, and determines whether or not the user information can be provided including the risk of name identification (step S325, confirmation of the provided user information shown in FIG. 15). See screen 600). If available, the user agent 100 generates pseudo-user information and signs the service document with the pseudo-user's private key (see step S328). Further, the user agent 100 is stored in the provided user information database 140 as user information that provides concealed (abstracted) user information (see step S327).
- the signed service document indicates that the service provider server 300 and the contractor / collaborator server 400 have (approved) access rights to the user information.
- the user agent 100 verifies the signature of the service document and confirms that it has the access right (step). After (see S344 and S354), the stored user information is transmitted.
- the user identification information provided and registered to the service provider server 300 is pseudo user identification information (see FIGS. 14, 16, and 17). The pseudo user identification information is generated for each user registration to the service (see step S327 in FIG. 13), and name identification by the user identification information is avoided.
- the user agent 100 provides the user with the user information provided to the service provider server 300 and the contractor / collaborator server 400, and the risk of name identification, and decides whether or not to provide the service document. Inquire (steps S324, S325, see FIG. 15).
- the user will be able to determine whether or not to provide user information after considering the presence or absence of the risk of name identification and the magnitude (level) of the risk.
- the name identification using the user identification information is avoided, and the possibility of the name identification using the user information is further reduced.
- the provided user information is concealed (abstracted), further reducing the possibility of name identification. Therefore, it becomes possible to reduce privacy infringement due to name identification that the user does not know.
- FIG. 18 is a configuration diagram of the provided user information confirmation screen 600A according to the modified example of the present embodiment. Compared with the provided user information list 610 (see FIG. 15), the provided user information list 610A is provided with a column (column) of "whether or not it can be provided".
- the user can provide the user information (provided user information, service provider server provision permission) by checking the "Providence availability" column. User information and related service provider server provision permission user information) can be selected.
- the user terminal 200 transmits the user information to the user agent 100 and requests the signature of the service document (see step S326 in FIG. 13). By doing so, the user can select the means desired by himself / herself from a plurality of means (selectable user information) that reduce the risk of name identification.
- step S354 the user agent confirms that the service document of the service provider server 300 includes the consignee / collaborator server 400 as the consignee / collaborator. There is. Not limited to this, it may be confirmed at other timings.
- the user terminal 200 may confirm in step S312 (see FIG. 12).
- the user agent 100 may confirm after receiving the service document in step S322 (see FIG. 13) or after receiving the signature request in step S326.
- the user information is provided to two servers, the service provider server 300 and the contractor / collaborator server 400, but one of three or more servers or the service provider server 300. It may be in the form of providing user information to the server. Even when user information is provided to server A as a service provider and server B as a contractor in the past, and user information is newly provided to server B as a service provider, the risk of name identification is taken into consideration. It becomes possible to provide user information.
- the service document of the service provider server 300 signed by the private key of the pseudo user is sent from the user agent 100 to the service provider server 300 via the user terminal 200.
- the service document of the outsourced / collaborated server 400 is sent from the user agent 100 to the outsourced / collaborated server 400 via the user terminal 200 and the service provider server 300.
- Service documents may be sent via other routes. For example, it may be sent directly from the user agent 100 to the service provider server 300 or the contractor / collaborator server 400.
- the texts 620 and 620A displayed on the provided user information confirmation screens 600 and 600A are generated by the user agent 100 (see step S324 in FIG. 13).
- the user terminal 200 may generate the texts 620 and 620A based on the provided user information and the user information received in step S324.
- step S312 (FIG. 12), step S344 (FIG. 16), and step S354 (FIG. 17)
- the contractors / collaborators included in a plurality of signatures and service documents are verified, but the order of verification is not particularly restricted. do not have.
- the user information providing unit 117 signs the two service documents, the signature of the challenge received in step S353, and the service document of the service provider server 300 as a contractor / collaborator. It is confirmed that the identification information of the server 400 is included, but the order thereof is not particularly limited.
- FIG. 19 is a hardware configuration diagram showing an example of a computer 900 that realizes the functions of the user agent 100 according to the present embodiment.
- the user agent 100 according to the present embodiment is realized by, for example, a computer 900 having a configuration as shown in FIG.
- the computer 900 includes a CPU 901, a ROM 902, a RAM 903, an SSD 904, an input / output interface 905 (referred to as an I / O I / F (Input / Output Interface) in FIG. 19), a communication interface 906, and a media interface 907.
- I / O I / F Input / Output Interface
- the CPU 901 operates based on the program stored in the ROM 902 or the SSD 904, and is controlled by the control unit 110 of FIG.
- the ROM 902 stores a boot program executed by the CPU 901 when the computer 900 is started, a program related to the hardware of the computer 900, and the like.
- the CPU 901 controls an input device 910 such as a mouse and a keyboard and an output device 911 such as a display and a printer via the input / output interface 905.
- the CPU 901 acquires data from the input device 910 and outputs the generated data to the output device 911 via the input / output interface 905.
- the SSD 904 stores a program executed by the CPU 901, data used by the program, and the like.
- the communication interface 906 receives data from another device (for example, a user terminal 200 or a service provider server 300) (for example, a user terminal 200 or a service provider server 300) via a communication network and outputs the data to the CPU 901, and also outputs the data generated by the CPU 901 to the CPU 901. Send to other devices via the communication network.
- the media interface 907 reads the program or data stored in the recording medium 912 and outputs the program or data to the CPU 901 via the RAM 903.
- the CPU 901 loads the program from the recording medium 912 onto the RAM 903 via the media interface 907, and executes the loaded program.
- the recording medium 912 is an optical recording medium such as a DVD (Digital Versatile Disk), a magneto-optical recording medium such as MO (Magneto Optical disk), a magnetic recording medium, a conductor memory tape medium, a semiconductor memory, or the like.
- the CPU 901 of the computer 900 realizes the function of the user agent 100 by executing the program 121 (see FIG. 3) loaded on the RAM 903. do.
- the CPU 901 reads the program from the recording medium 912 and executes it.
- the CPU 901 may read a program from another device via a communication network, or may install and execute the program 121 on the SSD 904 from the recording medium 912.
- the user information management system 10 is a user information management system 10 including a user terminal 200 used by a user, a user agent 100, and a service provider server 300, and is a user agent 100. Is stored in the registered user database 130 in which the user identification information 131 of the user and the user information 136 of the user are associated with each other, the service provider server 300 (see the provider 143), and the service provider server 300.
- the storage unit 120 that stores the provided user information database 140 stored in association with the provided user information 142, the identification information of the service provider server 300, and the user information requested by the service provider server 300.
- the user information providing destination search unit 114 for transmitting the user information of the user to the user terminal 200 and the service provider server provision permission user information indicating the user information to be provided to the service provider server 300 are received from the user terminal.
- a pseudo user identification information (see user identification information 131), which is user identification information 331 in the service provider server 300 of the user, and a pair of a private key 134 and a public key 133 associated with the pseudo user identification information are generated and secret.
- the user terminal 200 includes an access right approval unit 116, and the user terminal 200 includes a user information provision request unit 215 that transmits service provider server provision permission user information to the user agent 100, pseudo-user identification information, and a signed service provider service.
- a user comprising a service document transfer unit 216 for transmitting a document to a service provider server 300, the service provider server 300 transmitting pseudo-user identification information and a signed service provider service document to a user agent 100.
- the user agent 100 includes an information request unit (user information acquisition unit 314), and the user agent 100 is a station.
- the signature of the named service provider service document is verified using the public key 133 associated with the pseudo user identification information, and if the verification is successful, the service provider server provision permission user information (see user information 142) is serviced. It is characterized by further including a user information providing unit 117 that returns to the provider server.
- the service provider server 300 can acquire the user information of the user corresponding to the user information type described in the service document signed by the user's private key. (See FIG. 16). Further, the user terminal 200 can provide the user with an opportunity to determine whether or not to provide the user information. Specifically, when the user terminal 200 requests the user agent 100 (user information access right approval unit 116) to give a signature to the service document, the user refers to the user information type described in the service document and uses the user information. It becomes possible to determine whether or not the provision is possible (see step S321 in FIG. 13). The user information providing destination search unit 114 of the user agent 100 searches for the provided user information and transmits it to the user terminal 200 (see steps S323 and S324). The user can refer to the provided user information and determine whether or not to provide the user information in consideration of the risk of name identification (see step S325).
- the user information management system 10 is configured to further include a related service provider server (contractor / collaborator server 400) that provides a service in cooperation with the service provider server 300, and provides related services.
- the person server includes a related user information request unit (user information acquisition unit 314)
- the service provider server 300 further includes a related service document transfer unit 315
- the service provider service document includes the related service provider.
- the identification information of the server is further included, and the provided user information database 140 is associated with the related service provider server (see the provider 143) and the user information 142 provided to the related service provider server.
- the stored user information provider search unit 114 of the user agent 100 is a user with a related service provider service document including the identification information of the related service provider server and the user information type requested by the related service provider server.
- the request from the terminal 200 is received, the user information of the user of the user terminal 200 that has already been provided to the related service provider server is transmitted to the user terminal 200, and the user information provision request unit 215 of the user terminal 200 provides the related service.
- the related service provider server provision permission user information indicating the user information to be provided to the user server is transmitted to the user agent 100, and the user information access right approval unit 116 of the user agent 100 uses the private key 134 to provide the related service provider service.
- a signed related service provider service document with a signature attached to the document is generated and transmitted to the user terminal 200 together with the pseudo user identification information and the signed service provider service document, and the service document transfer unit 216 provided in the user terminal 200 is provided.
- the signed related service provider service document is transmitted to the service provider server 300, and the related service document transfer unit 315 of the service provider server 300 uses the pseudo user identification information, the signed service provider service document, and
- the signed related service provider service document is sent to the related service provider server, and the related user information request unit (user information acquisition unit 314) of the related service provider server provides pseudo user identification information and the signed service provider service.
- Documents and Signed Related Service Providers Service Documents When the service is transmitted to the agent 100 and the user information providing unit 117 of the user agent 100 verifies the signature of the signed service provider service document using the public key 133 associated with the pseudo user identification information, and the verification is successful.
- the service is not the service provider server 300 alone, but a plurality of servers including the service provider server 300 and the related service provider server (contractor / collaborator server 400) cooperate with each other. It will be possible to respond even if it is provided. Specifically, the related service provider server will also be able to acquire user information.
- the user terminal 200 can provide the user with an opportunity to determine whether or not to provide the user information to the related service provider server. The user can determine whether or not to provide the user information by referring to the user information type described in the service document and the provided user information including the related service provider server.
- the user information providing unit 117 of the user agent 100 acquires the service provider server provision permission user information from the registered user database 130, and obtains the service provider server provision permission user information as a signed service provider service document. It is characterized in that it is abstracted into the user information corresponding to the user information type included in the service provider server 300 and returned to the service provider server 300.
- the user agent 100 is not the user information itself stored in the registered user database 130, but has an abstracted granularity according to the user information type described in the service document.
- the coarse user information is returned to the service provider server 300 (see step S327 in FIG. 13 and step S345 in FIG. 16).
- the minimum user information required to provide the service described in the service document will be provided. Therefore, even if the user information leaks from the service provider server 300, the amount of leaked information can be minimized, and the damage can be minimized.
- the possibility of name identification using user information can be reduced, and the risk of name identification can be reduced.
- the user information provision request unit 215 of the user terminal 200 is provided with user information provided to the service provider server 300, user information provided to the service provider server 300, and users provided to the related service provider server.
- the provision user information confirmation screen 600 including at least one of the information and the user information provided to the related service provider server is displayed, and the service provider server provision permission user information is acquired.
- the user terminal 200 can present the user information provided to the service provider server 300 and the provided user information to the user. The user will be able to determine whether or not to provide user information based on the presented information.
- User information management system 100 User agent 110 Control unit 111 Key management unit 112 User registration unit 113 User information registration unit 114 User information provider search unit 115 User information provision availability judgment unit 116 User information access right approval unit 117 User information provision unit 120 Storage unit 130 Registered user database 131 User identification information (pseudo user identification information) 133 Public key 134 Private key 136 User information 140 Provided user information database 142 User information 143 Destination 150 Communication unit 200 User terminal 215 User information provision request unit 216 Service document transfer unit 300 Service provider server 314 User information acquisition unit (user) Information Request Department, Related User Information Request Department) 315 Related Service Document Transfer Department 400 Outsourced / Collaborated Server (Related Service Provider Server) 600,600A Provided user information confirmation screen 800 Network 810 Distributed ledger 850 User information issuing organization server
Abstract
Description
以下に、本発明を実施するための形態(実施形態)におけるユーザ情報管理システムについて説明する。図1は、本実施形態に係るユーザ情報管理システム10の全体構成を示す図である。ユーザ情報管理システム10は、ユーザエージェント100、ユーザ端末200、およびサービス提供者サーバ300を含んで構成される。ユーザ情報管理システム10は、さらにサービス提供者がユーザに提供するサービスの委託先/協業先が運営する委託先/協業先サーバ400や分散型台帳810、ユーザ情報発行機関サーバ850を含んでもよい。ユーザエージェント100、ユーザ端末200、サービス提供者サーバ300、委託先/協業先サーバ400、分散型台帳810、およびユーザ情報発行機関サーバ850は、ネットワーク800を介して通信可能である。
分散型台帳810は、複数のサーバから構成される。分散型台帳810は、サービス提供者サーバ300や委託先/協業先サーバ400が発行するサービスドキュメント、ユーザエージェント100が発行するユーザ情報の取得履歴を保管する。また、分散型台帳810は、ユーザエージェント100やユーザ端末200、サービス提供者サーバ300、委託先/協業先サーバ400からの要求に応じてサービスドキュメントや取得履歴を提供したりする。
ユーザエージェント100、ユーザ端末200、サービス提供者サーバ300、および委託先/協業先サーバ400の構成を説明する前に、ユーザ情報と、このユーザ情報を扱うユーザ情報管理システム10における処理の概要とを説明する。
サービス提供にあたり、サービス提供者サーバ300や委託先/協業先サーバ400は、ユーザのサービスへの登録申し込み時やサービス提供時にユーザ情報を取得して、サービス提供に利用したり、サービス提供の資格があるか否かを確認したりする。例えば、住宅ローンサービスではユーザの勤務先が発行する源泉徴収票を取得してローンの審査に利用し、酒類販売サイトではユーザが成人であることを確認する。
図2は、本実施形態に係るユーザ情報管理システム10における処理の概要を示すフローチャートである。図2を参照しながら、サービス提供者サーバ300が提供するサービスへのユーザ登録処理や、その前に行われる準備となる処理を説明する。
ステップS130においてユーザ端末200は、ユーザ情報の発行をユーザ情報発行機関サーバ850に依頼して取得し、取得したユーザ情報をユーザエージェント100に登録する(後記する図11参照)。
ステップS141においてユーザ端末200は、サービス提供者サーバ300にユーザのサービスへの登録を申し込む(後記する図12参照)。このとき、ユーザ端末200は、サービス提供者サーバ300のサービスドキュメントを入手する。サービス提供者に委託先/協業先がいるならば、ユーザ端末200は、委託先/協業先サーバ400のサービスドキュメントも入手する。
ステップS150において、ユーザは、ユーザ端末200を利用してサービス提供者サーバ300が提供するサービスを利用する。
図3は、本実施形態に係るユーザエージェント100の機能ブロック図である。ユーザエージェント100は、制御部110、記憶部120、および通信部150を備える。通信部150は、ユーザ端末200やサービス提供者サーバ300、委託先/協業先サーバ400などとの間で通信データの送受信を行う。
プログラム121は、制御部110により実行されるユーザ登録処理(図2のステップS120、後記する図10参照)やアクセス権承認処理(ステップS143、後記する図13参照)、ユーザ情報取得処理(ステップS144、後記する図16、図17参照)などにおけるユーザエージェント100の処理手順の記述を含む。
暗号鍵122は、ユーザ端末200やサービス提供者サーバ300、委託先/協業先サーバ400との通信における通信データの暗号化や認証のための暗号鍵である。
図4は、本実施形態に係る登録ユーザデータベース130のデータ構成図である。登録ユーザデータベース130は、ユーザエージェント100のセキュア領域に記憶される、例えば表形式のデータであり、ユーザ端末200のユーザに係る情報を含む。登録ユーザデータベース130の1つの行(レコード)は、1人のユーザまたは疑似ユーザを示し、ユーザ識別情報131(図4ではユーザIDと記載)、認証情報132、公開鍵133、秘密鍵134、マスターシークレット135、ユーザ情報136、および提供済ユーザ情報137の列(属性)を含む。
認証情報132は、ユーザ端末200との通信において、ユーザやユーザ端末200の認証に用いられる情報である。認証情報132は、例えば、ユーザ端末200の公開鍵やユーザ認証に用いられるパスワードである。
公開鍵133と秘密鍵134は、公開鍵暗号の鍵のペアである。
マスターシークレット135は、後記する秘匿処理に用いられる情報である。
提供済ユーザ情報137は、ユーザ識別情報131で識別されるユーザの提供済ユーザ情報データベース140の識別情報である。1つ以上ある提供済ユーザ情報データベース140のなかで、提供済ユーザ情報137は、当該ユーザの提供済ユーザ情報データベース140を示す。
レコード139には、疑似ユーザの情報が登録されており、認証情報132、マスターシークレット135、提供済ユーザ情報137が空(「N/A」)となっている。
図5は、本実施形態に係る提供済ユーザ情報データベース140のデータ構成図である。提供済ユーザ情報データベース140は、例えば表形式のデータであり、サービス提供者サーバ300や委託先/協業先サーバ400に提供されたユーザ情報に係る情報を格納している。提供済ユーザ情報データベース140の1つの行(レコード)は、種別141、ユーザ情報142、および提供先143の列(属性)を含む。
ユーザ情報142は、提供したユーザ情報である。
提供先143は、ユーザ情報142の提供先であるサービス提供者サーバ300や委託先/協業先サーバ400の識別情報、および提供(ユーザ登録)したときの疑似ユーザ識別情報を含む。サービス提供者サーバ300や委託先/協業先サーバ400の識別情報に替わりに、サービス提供者サーバ300や委託先/協業先サーバ400を運営する事業者の識別情報(例えば「サービス提供者A」など)を含めるようにしてもよい。
なお、図5記載の提供済ユーザ情報データベース140は、レコード138(図4参照)に示されるユーザ識別情報131が「user73p」であるユーザの提供済ユーザ情報137が「DB847345」である登録ユーザデータベース130である。レコード149から、当該ユーザの疑似ユーザ識別情報に「ehd738」があることがわかる。さらに、レコード139は、レコード138に示されるユーザの疑似ユーザを示していることがわかる。また、当該ユーザのユーザ情報136には生年月日が含まれるが、疑似ユーザとしては生年である「1983」のみが提供されたことがわかる。
図3に戻って、制御部110は、CPU(Central Processing Unit)を含んで構成され、鍵管理部111、ユーザ登録部112、ユーザ情報登録部113、ユーザ情報提供先検索部114、ユーザ情報提供可否判断部115、ユーザ情報アクセス権承認部116、およびユーザ情報提供部117を備える。
鍵管理部111は、ユーザや疑似ユーザの公開鍵133(図4参照)および秘密鍵134を生成する。鍵管理部111は、マスターシークレット135や通信に用いられる暗号鍵、通信相手の認証に用いられるチャレンジ(乱数)などを生成する。また、鍵管理部111は、暗号鍵122を用いた暗号化や復号、署名などの処理を行う。
ユーザ情報登録部113は、ユーザ情報登録処理(後記する図11参照)を実行する。詳しくは、ユーザ端末200から送信されたユーザ情報を登録ユーザデータベース130に登録する。
ユーザ情報提供可否判断部115は、サービス提供者サーバ300へのユーザ登録にともなうユーザ情報の提供による名寄せのリスクレベルを判断する。例えば、委託先/協業先サーバ400に電子メールアドレス「ccc@dd.com」が提供済であるとする。今回、ユーザ登録するサービス提供者サーバ300の委託先として委託先/協業先サーバ400が含まれているとすると、同じ「ccc@dd.com」を提供することは名寄せのリスクが高いと判断して、その旨のユーザ向けメッセージを生成する。
図6は、本実施形態に係るユーザ端末200の機能ブロック図である。ユーザ端末200は、制御部210、記憶部220、通信部240、および入出力部250を備える。通信部240は、ユーザエージェント100やサービス提供者サーバ300、ユーザ情報発行機関サーバ850などとの間で通信データの送受信を行う。入出力部250は、ディスプレイやキーボード、マウスなどのユーザインタフェース機器とデータをやり取りする。
鍵管理部211は、暗号鍵222や通信相手の認証に用いられるチャレンジ(乱数)などを生成し、暗号鍵222を用いた暗号化や復号、署名などの処理を行う。
ユーザ登録部212は、ユーザエージェント100へのユーザ登録処理(図2のステップS120、後記する図10参照)を実行する。
サービス申し込み部214は、サービス提供者サーバ300にユーザのサービスへの登録申し込みを行う(図2のステップS141、後記する図12参照)。
サービスドキュメント転送部216は、ユーザ情報のアクセス権を示す署名付きサービスドキュメントをユーザエージェント100から取得して、サービス提供者サーバ300に送信する(後記する図14参照)。
図7は、本実施形態に係るサービス提供者サーバ300の機能ブロック図である。なお、委託先/協業先サーバ400もサービス提供者サーバ300と同様の機能構成である。サービス提供者サーバ300は、制御部310、記憶部320、および通信部340を備える。通信部340は、ユーザエージェント100やユーザ端末200、委託先/協業先サーバ400などとの間で通信データの送受信を行う。
ユーザ情報333は、ユーザエージェント100から取得されたユーザ情報である。
レコード339のユーザ識別情報131は「ehd738」であり、ユーザ情報333には生年のユーザ情報が登録されている。なお、レコード339のユーザは、レコード139(図4参照)と同一の疑似ユーザである。
鍵管理部311は、暗号鍵322や通信相手の認証に用いられるチャレンジ(乱数)などを生成し、暗号鍵322を用いた暗号化や復号、署名などの処理を行う。
サービスドキュメント登録部312は、サービスドキュメントを発行して分散型台帳810に登録する(図2記載のステップS110、後記する図9参照)を実行する。
ユーザ情報取得部314(ユーザ情報要求部、関連ユーザ情報要求部)は、署名付きサービスドキュメントをユーザエージェント100に提示して、ユーザ情報を取得し、サービス利用者データベース330のユーザのレコードに登録する(ステップS144、後記する図16参照)。
関連サービスドキュメント転送部315は、ユーザ端末200から取得した疑似ユーザ識別情報やサービス提供者サーバ300の署名付きサービスドキュメント、委託先/協業先サーバ400の署名付きサービスドキュメントを委託先/協業先サーバ400に転送する(後記する図14参照)。
図9は、本実施形態に係るサービス提供者サーバ300のサービスドキュメント発行処理のシーケンス図である。図9を参照しながらステップS110(図2参照)の処理内容を説明する。
ステップS201においてサービス提供者サーバ300の鍵管理部311は、公開鍵と秘密鍵のペアを生成し、暗号鍵322に格納する。
図9と同様にして委託先/協業先サーバ400もサービスドキュメントを生成して分散型台帳810に登録する。
図10は、本実施形態に係るユーザのユーザエージェント100へのユーザ登録処理のシーケンス図である。図10を参照しながらステップS120(図2参照)の処理内容を説明する。なお、ユーザ端末200とユーザエージェント100との間の通信は暗号化されており、ユーザ端末200は通信相手であるユーザエージェント100を認証しているものとする。
ステップS212においてユーザエージェント100のユーザ登録部112は、ユーザの識別情報(ユーザ識別情報)、認証情報、公開鍵と秘密鍵のペア、マスターシークレットを生成する。次にユーザ登録部112は、登録ユーザデータベース130にレコードを追加し、生成したユーザの識別情報、認証情報、公開鍵、秘密鍵、およびマスターシークレットを、追加したレコードのユーザ識別情報131、認証情報132、公開鍵133、秘密鍵134、およびマスターシークレット135にそれぞれ格納する。認証情報は、このユーザ登録処理以降にユーザ端末200がユーザエージェント100にアクセスするときに使われるユーザ端末200の認証情報である。
ステップS214においてユーザ登録部112は、ステップS212で生成したユーザ識別情報および認証情報をユーザ端末200に送信して、ユーザ登録が完了したことを通知する。ユーザ端末200は、ユーザ識別情報および認証情報を記憶部220に格納する。以降、ユーザ端末200がユーザエージェント100にアクセスするときには、この認証情報を用いる。
図11は、本実施形態に係るユーザ情報登録処理のシーケンス図である。図11を参照しながらステップS130(図2参照)の処理内容を説明する。なお、図11の処理において、ユーザ端末200とユーザ情報発行機関サーバ850との通信は暗号化され、相互に相手を認証しているものとする。
ステップS231においてユーザ端末200のユーザ情報登録部213は、ユーザ情報発行機関サーバ850にユーザ情報の発行を要求する。要求には、発行されるユーザ情報の種別が含まれる。
ステップS233においてユーザ情報登録部213は、ステップS232で受信したユーザ情報をユーザエージェント100に送信する。
ステップS235においてユーザ情報登録部113は、登録が完了したことをユーザ端末200に通知する。
図12は、本実施形態に係るユーザのサービスへの登録処理のシーケンス図(1)である。図13は、本実施形態に係るユーザのサービスへの登録処理のシーケンス図(2)である。図14は、本実施形態に係るユーザのサービスへの登録処理のシーケンス図(3)である。図12~図14を参照しながらステップS141~S143(図2参照)の処理内容を説明する。なお、図12~図18では、サービス提供者サーバ300および委託先/協業先サーバ400を、それぞれサービス提供者および委託先/協業先と略記する場合もある。
ステップS302においてサービス提供者サーバ300のユーザ登録部313は、委託先/協業先サーバ400から委託先/協業先サーバ400の識別情報を取得する。
ステップS303においてユーザ登録部313は、ステップS302において取得した識別情報をもとに分散型台帳810から委託先/協業先サーバ400のサービスドキュメントを取得する。
ステップS305において委託先/協業先サーバ400の鍵管理部(図7記載の鍵管理部311参照)は、自身の秘密鍵(サービスドキュメントにある公開鍵に対応する秘密鍵)を用いてチャレンジに対する署名を生成し、署名付きのチャレンジをサービス提供者サーバ300に送信する。
なお、図面で「{データ}主体の署名」と記した場合、サービス提供者サーバ300やユーザなど「主体」の秘密鍵を用いて生成された署名が付与された「データ」を示す。例えば、「{チャレンジ}委託先/協業先の署名」は、委託先/協業先サーバ400の秘密鍵を用いて生成された署名が付与されたチャレンジを示す。
ステップS308においてユーザ登録部313は、署名付きの委託先/協業先サーバ400の識別情報、およびサービス提供者サーバ300の識別情報をユーザ端末200に送信する。
ステップS310においてサービス申し込み部214は、サービス提供者サーバ300に鍵管理部211(図6参照)が生成したチャレンジ(乱数)を送信する。
ステップS311においてサービス提供者サーバ300の鍵管理部311(図7参照)は、自身の秘密鍵(サービスドキュメントにある公開鍵に対応する秘密鍵)を用いてチャレンジに対する署名を生成し、署名付きのチャレンジをユーザ端末200に送信する。
続いて、サービス申し込み部214は、ステップS308で取得した委託先/協業先サーバ400の識別情報に付与されたサービス提供者サーバ300の署名を検証する。検証に成功することで、サービス提供者サーバ300の委託先として委託先/協業先サーバ400が存在し、委託先/協業先サーバ400の真正な識別情報を得たことが確認できる。
何れかの署名の検証に失敗したときには、サービス申し込み部214は、サービス提供者サーバ300にエラーを通知し、図12の処理を中止する。以下では、署名の検証に成功したものとして説明を続ける。
以上のステップS301~S312の処理が、ステップS141(図2記載)の登録申し込みの処理に対応する。
メッセージは、ユーザ情報提供可否判断部115が生成したメッセージであって、後記する提供ユーザ情報確認画面600(後記する図15参照)に表示されるユーザ向けのメッセージである。メッセージは、名寄せのリスクに関する情報を含む。
なお、ステップS321では、ユーザ情報提供依頼部215はユーザ情報種別を表示して、当該ユーザ情報種別に対応するユーザ情報の提供の可否を問い合わせる。これに対して、ステップS325では、ユーザ情報提供依頼部215はユーザ情報そのものを表示して、当該ユーザ情報の提供の可否を問い合わせる。
「提供しない」ボタン632が押下された場合には、ユーザ情報提供依頼部215は、ユーザエージェント100に処理中止を通知して、図13の処理を中止する。以下、「提供する」ボタン631が押下されたとして説明を続ける。
以上のステップS321~S326の処理が、ステップS142(図2記載)のユーザ情報提供依頼の処理に対応する。
以上のステップS327~S331の処理が、ステップS143(図2記載)のアクセス権の承認の処理に対応する。
図16は、本実施形態に係るサービス提供者サーバ300のユーザ情報取得処理のシーケンス図である。図16を参照しながらサービス提供者サーバ300のステップS144(図2参照)の処理内容を説明する。
ステップS341においてサービス提供者サーバ300のユーザ情報取得部314は、疑似ユーザ識別情報と疑似ユーザの署名が付与された自身のサービスドキュメントとをユーザエージェント100に送信する。
ステップS343においてサービス提供者サーバ300の鍵管理部311(図7参照)は、自身の秘密鍵(サービスドキュメントにある公開鍵に対応する秘密鍵)を用いてチャレンジに対する署名を生成し、署名付きのチャレンジをユーザエージェント100に送信する。
ステップS346においてサービス提供者サーバ300のユーザ情報取得部314は、受信したユーザ情報をサービス利用者データベース330(図8参照)のユーザ情報333に格納する。詳しくは、ユーザ情報取得部314は、サービス利用者データベース330のなかで疑似ユーザ識別情報に対応するレコードのユーザ情報333に受信したユーザ情報を格納する。
ステップS351において委託先/協業先サーバ400のユーザ情報取得部314は、ステップS331(図14参照)で受信した疑似ユーザ識別情報、署名が付与されたサービス提供者サーバ300のサービスドキュメント、および署名が付与された委託先/協業先サーバ400のサービスドキュメントを委託先/協業先サーバ400に送信する。
ユーザ情報管理システム10において、サービス提供者サーバ300のサービスドキュメントには、サービス提供者サーバ300の識別情報、公開鍵の他に、サービス提供に必要なユーザ情報の種別が含まれる。ユーザは、サービス提供者サーバ300にユーザ登録する(ユーザのサービスへの登録を申し込む)際に、サービスドキュメントに記載されるユーザ情報(ユーザ情報種別)へのサービス提供者サーバ300によるアクセスの可否を判断する(図13のステップS321参照)。アクセス可であるならば、ユーザ端末200は、サービスドキュメントをユーザエージェント100に送信する(ステップS322参照)。
サービス提供者サーバ300に提供されて登録されるユーザの識別情報は、疑似ユーザ識別情報である(図14、図16、図17参照)。疑似ユーザ識別情報は、サービスへのユーザ登録ごとに生成されており(図13記載のステップS327参照)、ユーザ識別情報による名寄せを回避している。
上記した実施形態における提供ユーザ情報確認画面600(図15参照)では、ユーザは、ユーザ情報を提供するか否かを選択している。これに対して、同じ種別のユーザ情報が複数ある場合に、ユーザが提供するユーザ情報を選択できるようにしてもよい。
図18は、本実施形態の変形例に係る提供ユーザ情報確認画面600Aの構成図である。提供ユーザ情報一覧610(図15参照)と比較して提供ユーザ情報一覧610Aには、「提供可否」の欄(列)が備えられている。1つのユーザ情報の種別に対して複数のユーザ情報がある場合に、「提供可否」の欄にチェックを入れることで、ユーザは、提供するユーザ情報(提供許可ユーザ情報、サービス提供者サーバ提供許可ユーザ情報、関連サービス提供者サーバ提供許可ユーザ情報とも記す)を選択できるようになる。ユーザ端末200は、当該ユーザ情報をユーザエージェント100に送信してサービスドキュメントへの署名を依頼する(図13のステップS326参照)。このようにすることで、ユーザは、名寄せのリスクを下げる複数の手段(選択可能なユーザ情報)から、自身が所望する手段を選択できるようになる。
上記した実施形態では、ステップS354(図17参照)においてユーザエージェントが、サービス提供者サーバ300のサービスドキュメントに委託先/協業先サーバ400が委託先/協業先として含まれていることを確認している。これに限らず、他のタイミングで確認するようにしてもよい。例えば、ステップS312(図12参照)においてユーザ端末200が確認してもよい。または、ユーザエージェント100が、ステップS322(図13参照)においてサービスドキュメントの受信後や、ステップS326においてに署名依頼の受信後に確認してもよい。
なお、本発明は、上記した実施形態に限定されることなく、その趣旨を逸脱しない範囲で変更することができる。例えば、上記した実施形態では、サービス提供者サーバ300および委託先/協業先サーバ400の2つのサーバにユーザ情報を提供しているが、3つ以上のサーバ、ないしはサービス提供者サーバ300の1つのサーバにユーザ情報を提供する形態であってもよい。過去にサービス提供者としてのサーバAと委託先としてのサーバBとにユーザ情報を提供し、新たにサービス提供者としてのサーバBにユーザ情報を提供する場合であっても、名寄せのリスクを考慮してユーザ情報を提供することができるようになる。
図19は、本実施形態に係るユーザエージェント100の機能を実現するコンピュータ900の一例を示すハードウェア構成図である。本実施形態に係るユーザエージェント100は、例えば図19に示すような構成のコンピュータ900によって実現される。コンピュータ900は、CPU901、ROM902、RAM903、SSD904、入出力インターフェイス905(図19ではI/O I/F(Input/Output Interface)と記載)、通信インターフェイス906、およびメディアインターフェイス907を備える。
CPU901は、入出力インターフェイス905を介して、マウスやキーボードなどの入力装置910、およびディスプレイやプリンタなどの出力装置911を制御する。CPU901は、入出力インターフェイス905を介して、入力装置910からデータを取得するともに、生成したデータを出力装置911へ出力する。
以下に、ユーザ情報管理システム10の効果を説明する。
本実施形態に係るユーザ情報管理システム10は、ユーザが利用するユーザ端末200と、ユーザエージェント100と、サービス提供者サーバ300とを含めて構成されるユーザ情報管理システム10であって、ユーザエージェント100は、ユーザのユーザ識別情報131と、当該ユーザのユーザ情報136とが関連付けられて格納された登録ユーザデータベース130、および、サービス提供者サーバ300(提供先143参照)と、サービス提供者サーバ300に提供されたユーザ情報142とが関連付けられて格納された提供済ユーザ情報データベース140が記憶される記憶部120と、サービス提供者サーバ300の識別情報と、サービス提供者サーバ300が要求するユーザ情報の種別であるユーザ情報種別とを含むサービス提供者サービスドキュメントをともなうユーザ端末200からの要求を受け付け、サービス提供者サーバ300に提供済であるユーザ端末200のユーザのユーザ情報と、ユーザ情報種別に対応する当該ユーザのユーザ情報とをユーザ端末200に送信するユーザ情報提供先検索部114と、サービス提供者サーバ300に提供するユーザ情報を示すサービス提供者サーバ提供許可ユーザ情報を前記ユーザ端末から受け付け、ユーザのサービス提供者サーバ300におけるユーザ識別情報331である疑似ユーザ識別情報(ユーザ識別情報131参照)と、疑似ユーザ識別情報に関連付けられた秘密鍵134および公開鍵133のペアとを生成し、秘密鍵134を用いてサービス提供者サービスドキュメントに署名を付与した署名付きサービス提供者サービスドキュメントを生成し、当該疑似ユーザ識別情報と当該署名付きサービス提供者サービスドキュメントとをユーザ端末200に送信するユーザ情報アクセス権承認部116と、を備え、ユーザ端末200は、サービス提供者サーバ提供許可ユーザ情報をユーザエージェント100へ送信するユーザ情報提供依頼部215と、疑似ユーザ識別情報と、署名付きサービス提供者サービスドキュメントとをサービス提供者サーバ300に送信するサービスドキュメント転送部216と、を備え、サービス提供者サーバ300は、疑似ユーザ識別情報と、署名付きサービス提供者サービスドキュメントとをユーザエージェント100に送信するユーザ情報要求部(ユーザ情報取得部314)を備え、ユーザエージェント100は、署名付きサービス提供者サービスドキュメントの署名を疑似ユーザ識別情報に関連付けられた公開鍵133を用いて検証し、検証に成功した場合にはサービス提供者サーバ提供許可ユーザ情報(ユーザ情報142参照)をサービス提供者サーバに返信するユーザ情報提供部117を、さらに備えることを特徴とする。
詳しくは、ユーザ端末200がユーザエージェント100(ユーザ情報アクセス権承認部116)にサービスドキュメントへの署名付与を要求するときに、ユーザは、サービスドキュメントに記載のユーザ情報種別を参照して、ユーザ情報提供の可否を判断できるようになる(図13のステップS321参照)。
ユーザエージェント100のユーザ情報提供先検索部114は、提供済のユーザ情報を検索してユーザ端末200に送信する(ステップS323,S324参照)。ユーザは、提供済のユーザ情報を参照し、名寄せのリスクを考慮して、ユーザ情報提供の可否を判断できるようになる(ステップS325参照)。
100 ユーザエージェント
110 制御部
111 鍵管理部
112 ユーザ登録部
113 ユーザ情報登録部
114 ユーザ情報提供先検索部
115 ユーザ情報提供可否判断部
116 ユーザ情報アクセス権承認部
117 ユーザ情報提供部
120 記憶部
130 登録ユーザデータベース
131 ユーザ識別情報(疑似ユーザ識別情報)
133 公開鍵
134 秘密鍵
136 ユーザ情報
140 提供済ユーザ情報データベース
142 ユーザ情報
143 提供先
150 通信部
200 ユーザ端末
215 ユーザ情報提供依頼部
216 サービスドキュメント転送部
300 サービス提供者サーバ
314 ユーザ情報取得部(ユーザ情報要求部、関連ユーザ情報要求部)
315 関連サービスドキュメント転送部
400 委託先/協業先サーバ(関連サービス提供者サーバ)
600,600A 提供ユーザ情報確認画面
800 ネットワーク
810 分散型台帳
850 ユーザ情報発行機関サーバ
Claims (8)
- ユーザが利用するユーザ端末と、ユーザエージェントと、サービス提供者サーバとを含めて構成されるユーザ情報管理システムであって、
前記ユーザエージェントは、
前記ユーザのユーザ識別情報と、当該ユーザのユーザ情報とが関連付けられて格納された登録ユーザデータベース、および、前記サービス提供者サーバと、当該サービス提供者サーバに提供されたユーザ情報とが関連付けられて格納された提供済ユーザ情報データベースが記憶される記憶部と、
前記サービス提供者サーバの識別情報と、当該サービス提供者サーバが要求するユーザ情報の種別であるユーザ情報種別とを含むサービス提供者サービスドキュメントをともなう前記ユーザ端末からの要求を受け付け、当該サービス提供者サーバに提供済である当該ユーザ端末のユーザのユーザ情報と、前記ユーザ情報種別に対応する当該ユーザのユーザ情報とを前記ユーザ端末に送信するユーザ情報提供先検索部と、
前記サービス提供者サーバに提供するユーザ情報を示すサービス提供者サーバ提供許可ユーザ情報を前記ユーザ端末から受け付け、前記ユーザの前記サービス提供者サーバにおけるユーザ識別情報である疑似ユーザ識別情報と、当該疑似ユーザ識別情報に関連付けられた秘密鍵および公開鍵のペアとを生成し、当該秘密鍵を用いて前記サービス提供者サービスドキュメントに署名を付与した署名付きサービス提供者サービスドキュメントを生成し、当該疑似ユーザ識別情報と当該署名付きサービス提供者サービスドキュメントとを前記ユーザ端末に送信するユーザ情報アクセス権承認部と、を備え、
前記ユーザ端末は、
前記サービス提供者サーバ提供許可ユーザ情報を前記ユーザエージェントへ送信するユーザ情報提供依頼部と、
前記疑似ユーザ識別情報と、前記署名付きサービス提供者サービスドキュメントとを前記サービス提供者サーバに送信するサービスドキュメント転送部と、を備え、
前記サービス提供者サーバは、
前記疑似ユーザ識別情報と、前記署名付きサービス提供者サービスドキュメントとを前記ユーザエージェントに送信するユーザ情報要求部を備え、
前記ユーザエージェントは、
前記署名付きサービス提供者サービスドキュメントの署名を前記疑似ユーザ識別情報に関連付けられた公開鍵を用いて検証し、検証に成功した場合には前記サービス提供者サーバ提供許可ユーザ情報を前記サービス提供者サーバに返信するユーザ情報提供部を、さらに備える、
ことを特徴とするユーザ情報管理システム。 - 前記ユーザ情報管理システムは、
前記サービス提供者サーバと連携してサービスを提供する関連サービス提供者サーバを、さらに含んで構成され、前記関連サービス提供者サーバは、関連ユーザ情報要求部を備えており、
前記サービス提供者サーバは、関連サービスドキュメント転送部をさらに備え、
前記サービス提供者サービスドキュメントには、
前記関連サービス提供者サーバの識別情報が、さらに含まれ、
前記提供済ユーザ情報データベースには、
前記関連サービス提供者サーバと、当該関連サービス提供者サーバに提供されたユーザ情報とが関連付けられて格納され、
前記ユーザエージェントの前記ユーザ情報提供先検索部は、
前記関連サービス提供者サーバの識別情報と、当該関連サービス提供者サーバが要求するユーザ情報種別とを含む関連サービス提供者サービスドキュメントをともなう前記ユーザ端末からの要求を受け付け、当該関連サービス提供者サーバに提供済である当該ユーザ端末のユーザのユーザ情報を前記ユーザ端末に送信し、
前記ユーザ端末のユーザ情報提供依頼部は、
前記関連サービス提供者サーバに提供するユーザ情報を示す関連サービス提供者サーバ提供許可ユーザ情報を前記ユーザエージェントへ送信し、
前記ユーザエージェントの前記ユーザ情報アクセス権承認部は、
前記秘密鍵を用いて前記関連サービス提供者サービスドキュメントに署名を付与した署名付き関連サービス提供者サービスドキュメントを生成して、前記疑似ユーザ識別情報と前記署名付きサービス提供者サービスドキュメントとともに前記ユーザ端末に送信し、
前記ユーザ端末に備わる前記サービスドキュメント転送部は、
さらに、前記署名付き関連サービス提供者サービスドキュメントを前記サービス提供者サーバに送信し、
前記サービス提供者サーバの前記関連サービスドキュメント転送部は、
前記疑似ユーザ識別情報、前記署名付きサービス提供者サービスドキュメント、および、前記署名付き関連サービス提供者サービスドキュメントを前記関連サービス提供者サーバに送信し、
前記関連サービス提供者サーバの前記関連ユーザ情報要求部は、
前記疑似ユーザ識別情報と、前記署名付きサービス提供者サービスドキュメントと、前記署名付き関連サービス提供者サービスドキュメントとを前記ユーザエージェントに送信し、
前記ユーザエージェントの前記ユーザ情報提供部は、
前記署名付きサービス提供者サービスドキュメントの署名を前記疑似ユーザ識別情報に関連付けられた公開鍵を用いて検証し、
検証に成功した場合には当該署名付きサービス提供者サービスドキュメントに前記関連サービス提供者サーバの識別情報が含まれていることを検証し、
検証に成功した場合には前記署名付き関連サービス提供者サービスドキュメントの署名を前記疑似ユーザ識別情報に関連付けられた公開鍵を用いて検証し、
検証に成功した場合には前記関連サービス提供者サーバ提供許可ユーザ情報を前記関連サービス提供者サーバに返信する
ことを特徴とする請求項1に記載のユーザ情報管理システム。 - 前記ユーザエージェントの前記ユーザ情報提供部は、
前記サービス提供者サーバ提供許可ユーザ情報を前記登録ユーザデータベースから取得し、当該サービス提供者サーバ提供許可ユーザ情報を前記署名付きサービス提供者サービスドキュメントに含まれるユーザ情報種別に対応するユーザ情報に抽象化して、前記サービス提供者サーバに返信する
ことを特徴とする請求項1に記載のユーザ情報管理システム。 - 前記ユーザ端末の前記ユーザ情報提供依頼部は、
前記サービス提供者サーバに提供済のユーザ情報、前記サービス提供者サーバへ提供するユーザ情報、前記関連サービス提供者サーバに提供済のユーザ情報、および前記関連サービス提供者サーバへ提供するユーザ情報のうち少なくとも1つを含む提供ユーザ情報確認画面を表示して、前記サービス提供者サーバ提供許可ユーザ情報を取得する
ことを特徴とする請求項2に記載のユーザ情報管理システム。 - ユーザが利用するユーザ端末と、ユーザエージェントと、サービス提供者サーバとを含めて構成されるユーザ情報管理システムのユーザ情報管理方法であって、
前記ユーザエージェントは、
前記ユーザのユーザ識別情報と、当該ユーザのユーザ情報とが関連付けられて格納された登録ユーザデータベース、および、前記サービス提供者サーバと、当該サービス提供者サーバに提供されたユーザ情報とが関連付けられて格納された提供済ユーザ情報データベースが記憶される記憶部を備え、
前記ユーザエージェントは、
前記サービス提供者サーバの識別情報と、当該サービス提供者サーバが要求するユーザ情報の種別であるユーザ情報種別とを含むサービス提供者サービスドキュメントをともなう前記ユーザ端末からの要求を受け付け、
当該サービス提供者サーバに提供済である当該ユーザ端末のユーザのユーザ情報と、前記ユーザ情報種別に対応する当該ユーザのユーザ情報とを前記ユーザ端末に送信するステップを実行し、
前記ユーザ端末は、
前記サービス提供者サーバに提供するユーザ情報を示すサービス提供者サーバ提供許可ユーザ情報を前記ユーザエージェントへ送信するステップを実行し、
前記ユーザエージェントは、
前記ユーザの前記サービス提供者サーバにおけるユーザ識別情報である疑似ユーザ識別情報と、当該疑似ユーザ識別情報に関連付けられた秘密鍵および公開鍵のペアとを生成し、
当該秘密鍵を用いて前記サービス提供者サービスドキュメントに署名を付与した署名付きサービス提供者サービスドキュメントを生成し、
当該疑似ユーザ識別情報と当該署名付きサービス提供者サービスドキュメントとを前記ユーザ端末に送信するステップを実行し、
前記ユーザ端末は、
前記疑似ユーザ識別情報と、前記署名付きサービス提供者サービスドキュメントとを前記サービス提供者サーバに送信するステップを実行し、
前記サービス提供者サーバは、
前記疑似ユーザ識別情報と、前記署名付きサービス提供者サービスドキュメントとを前記ユーザエージェントに送信するステップを実行し、
前記ユーザエージェントは、
前記署名付きサービス提供者サービスドキュメントの署名を前記疑似ユーザ識別情報に関連付けられた公開鍵を用いて検証し、
検証に成功した場合には前記サービス提供者サーバ提供許可ユーザ情報を前記サービス提供者サーバに返信するステップを実行する
ことを特徴とするユーザ情報管理方法。 - ユーザが利用するユーザ端末と、ユーザエージェントと、サービス提供者サーバとを含めて構成されるユーザ情報管理システムの前記ユーザエージェントであって、
前記ユーザのユーザ識別情報と、当該ユーザのユーザ情報とが関連付けられて格納された登録ユーザデータベース、および、前記サービス提供者サーバと、当該サービス提供者サーバに提供されたユーザ情報とが関連付けられて格納された提供済ユーザ情報データベースが記憶される記憶部と、
前記サービス提供者サーバの識別情報と、当該サービス提供者サーバが要求するユーザ情報の種別であるユーザ情報種別とを含むサービス提供者サービスドキュメントをともなう前記ユーザ端末からの要求を受け付け、
当該サービス提供者サーバに提供済である当該ユーザ端末のユーザのユーザ情報と、前記ユーザ情報種別に対応する当該ユーザのユーザ情報とを前記ユーザ端末に送信するユーザ情報提供先検索部と、
前記サービス提供者サーバに提供するユーザ情報を示すサービス提供者サーバ提供許可ユーザ情報を受け付け、
前記ユーザの前記サービス提供者サーバにおけるユーザ識別情報である疑似ユーザ識別情報と、当該疑似ユーザ識別情報に関連付けられた秘密鍵および公開鍵のペアとを生成し、
当該秘密鍵を用いて前記サービス提供者サービスドキュメントに署名を付与した署名付きサービス提供者サービスドキュメントを生成し、
当該疑似ユーザ識別情報と当該署名付きサービス提供者サービスドキュメントとを前記ユーザ端末に送信するユーザ情報アクセス権承認部と、
前記サービス提供者サーバが前記ユーザ端末から取得して送信した前記署名付きサービス提供者サービスドキュメントの署名を前記疑似ユーザ識別情報に関連付けられた公開鍵を用いて検証し、
検証に成功した場合には前記サービス提供者サーバ提供許可ユーザ情報を前記サービス提供者サーバに返信するユーザ情報提供部とを、備える
ことを特徴とするユーザエージェント。 - コンピュータを請求項6に記載のユーザエージェントとして機能させるためのプログラム。
- ユーザが利用するユーザ端末と、ユーザエージェントと、サービス提供者サーバとを含めて構成されるユーザ情報管理システムの前記ユーザエージェントのユーザ情報管理方法であって、
前記ユーザエージェントは、
前記ユーザのユーザ識別情報と、当該ユーザのユーザ情報とが関連付けられて格納された登録ユーザデータベース、および、前記サービス提供者サーバと、当該サービス提供者サーバに提供されたユーザ情報とが関連付けられて格納された提供済ユーザ情報データベースが記憶される記憶部を備え、
前記サービス提供者サーバの識別情報と、当該サービス提供者サーバが要求するユーザ情報の種別であるユーザ情報種別とを含むサービス提供者サービスドキュメントをともなう前記ユーザ端末からの要求を受け付け、
当該サービス提供者サーバに提供済である当該ユーザ端末のユーザのユーザ情報と、前記ユーザ情報種別に対応する当該ユーザのユーザ情報とを前記ユーザ端末に送信するステップと、
前記サービス提供者サーバに提供するユーザ情報を示すサービス提供者サーバ提供許可ユーザ情報を受け付け、
前記ユーザの前記サービス提供者サーバにおけるユーザ識別情報である疑似ユーザ識別情報と、当該疑似ユーザ識別情報に関連付けられた秘密鍵および公開鍵のペアとを生成し、
当該秘密鍵を用いて前記サービス提供者サービスドキュメントに署名を付与した署名付きサービス提供者サービスドキュメントを生成し、
当該疑似ユーザ識別情報と当該署名付きサービス提供者サービスドキュメントとを前記ユーザ端末に送信するステップと、
前記サービス提供者サーバが前記ユーザ端末から取得して送信した前記署名付きサービス提供者サービスドキュメントの署名を前記疑似ユーザ識別情報に関連付けられた公開鍵を用いて検証し、
検証に成功した場合には前記サービス提供者サーバ提供許可ユーザ情報を前記サービス提供者サーバに返信するステップとを実行する
ことを特徴とするユーザ情報管理方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2022569373A JPWO2022130507A1 (ja) | 2020-12-15 | 2020-12-15 | |
PCT/JP2020/046774 WO2022130507A1 (ja) | 2020-12-15 | 2020-12-15 | ユーザ情報管理システム、ユーザ情報管理方法、ユーザエージェントおよびプログラム |
US18/267,672 US20240104241A1 (en) | 2020-12-15 | 2020-12-15 | User information management system, user information management method, user agent and program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2020/046774 WO2022130507A1 (ja) | 2020-12-15 | 2020-12-15 | ユーザ情報管理システム、ユーザ情報管理方法、ユーザエージェントおよびプログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022130507A1 true WO2022130507A1 (ja) | 2022-06-23 |
Family
ID=82059203
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2020/046774 WO2022130507A1 (ja) | 2020-12-15 | 2020-12-15 | ユーザ情報管理システム、ユーザ情報管理方法、ユーザエージェントおよびプログラム |
Country Status (3)
Country | Link |
---|---|
US (1) | US20240104241A1 (ja) |
JP (1) | JPWO2022130507A1 (ja) |
WO (1) | WO2022130507A1 (ja) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005022428A1 (ja) * | 2003-08-28 | 2005-03-10 | Ibm Japan, Ltd. | 属性情報提供サーバ、属性情報提供方法、およびプログラム |
JP2013239878A (ja) * | 2012-05-15 | 2013-11-28 | Nippon Telegr & Teleph Corp <Ntt> | 個人属性情報管理システム及び個人属性情報管理方法 |
-
2020
- 2020-12-15 US US18/267,672 patent/US20240104241A1/en active Pending
- 2020-12-15 JP JP2022569373A patent/JPWO2022130507A1/ja active Pending
- 2020-12-15 WO PCT/JP2020/046774 patent/WO2022130507A1/ja active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005022428A1 (ja) * | 2003-08-28 | 2005-03-10 | Ibm Japan, Ltd. | 属性情報提供サーバ、属性情報提供方法、およびプログラム |
JP2013239878A (ja) * | 2012-05-15 | 2013-11-28 | Nippon Telegr & Teleph Corp <Ntt> | 個人属性情報管理システム及び個人属性情報管理方法 |
Also Published As
Publication number | Publication date |
---|---|
JPWO2022130507A1 (ja) | 2022-06-23 |
US20240104241A1 (en) | 2024-03-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3424176B1 (en) | Systems and methods for distributed data sharing with asynchronous third-party attestation | |
US11443062B2 (en) | Selectively verifying personal data | |
US20190123895A1 (en) | Methods and apparatus for verifying a user transaction | |
US8752152B2 (en) | Federated authentication for mailbox replication | |
CN110493347A (zh) | 基于区块链的大规模云存储中数据访问控制方法及系统 | |
US7073195B2 (en) | Controlled access to credential information of delegators in delegation relationships | |
US8635679B2 (en) | Networked identity framework | |
JP2018537022A (ja) | デジタルアイデンティティを管理するためのシステム及び方法 | |
EP1662696B1 (en) | Method and system for delegating authority with restricted access right in an online collaborative environment | |
EP1662698B1 (en) | Method and system for delegating authority in an online collaborative environment | |
US8806195B2 (en) | User interface generation in view of constraints of a certificate profile | |
JP5422753B1 (ja) | ポリシ管理システム、idプロバイダシステム及びポリシ評価装置 | |
CN113056741A (zh) | 基于分布式账本的简档验证 | |
US20220321357A1 (en) | User credential control system and user credential control method | |
Bandara et al. | Casper: a blockchain-based system for efficient and secure customer credential verification | |
Radha et al. | Verifiable badging system for scientific data reproducibility | |
Cha et al. | A blockchain-based privacy preserving ticketing service | |
JP7367443B2 (ja) | 本人確認プログラム、管理装置及び本人確認方法 | |
WO2022130507A1 (ja) | ユーザ情報管理システム、ユーザ情報管理方法、ユーザエージェントおよびプログラム | |
WO2021176537A1 (ja) | ユーザ情報管理システム、ユーザ情報管理方法、ユーザエージェントおよびプログラム | |
JP4574085B2 (ja) | 仮想通信路および仮想通信路を制御するエージェント連携システムおよびエージェント連携方法 | |
Bertino et al. | Trust-: An XML Framework for Trust Negotiations | |
US20240146537A1 (en) | Computer-readable recording medium storing data management program, data management method, and data management apparatus | |
WO2023152797A1 (ja) | 検証方法、検証プログラムおよび情報処理装置 | |
US20230421399A1 (en) | Cross chain access granting to applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20965895 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2022569373 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18267672 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20965895 Country of ref document: EP Kind code of ref document: A1 |