WO2024024043A1 - System and method - Google Patents

System and method Download PDF

Info

Publication number
WO2024024043A1
WO2024024043A1 PCT/JP2022/029147 JP2022029147W WO2024024043A1 WO 2024024043 A1 WO2024024043 A1 WO 2024024043A1 JP 2022029147 W JP2022029147 W JP 2022029147W WO 2024024043 A1 WO2024024043 A1 WO 2024024043A1
Authority
WO
WIPO (PCT)
Prior art keywords
student
server
digital
information
card
Prior art date
Application number
PCT/JP2022/029147
Other languages
French (fr)
Japanese (ja)
Inventor
めぐみ 澤田
晋一 中島
靖子 石川
裕晶 飯田
優子 若山
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to JP2022568739A priority Critical patent/JP7218840B1/en
Priority to PCT/JP2022/029147 priority patent/WO2024024043A1/en
Priority to JP2023007919A priority patent/JP2024018875A/en
Publication of WO2024024043A1 publication Critical patent/WO2024024043A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/20Education
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services

Definitions

  • the present invention relates to systems and methods.
  • Patent Document 1 describes that a digital student ID conversion system for digitizing student ID cards is provided.
  • the digital student ID conversion system of Patent Document 1 is a system that displays a digital student ID on a portable electronic medium.
  • the system includes a school database, a student ID application, and an administration server.
  • the school database is a database in which information for converting students or student information owned by the school into a digital student ID card is input.
  • the student ID app is an app that converts your student ID into a digital student ID.
  • the operation management server manages and operates the student ID application and school database.
  • the school database is assigned a school account for each school for a digital student ID card by the management server, and has an ID and password for each student.
  • a student ID card is converted into a digital student ID card using a student ID application downloaded from a portable electronic medium based on an ID, password, and a face photo stored in a portable electronic medium. .
  • student ID cards may be digitized.
  • a student ID card is sometimes used as a document to prove the student's identity. Therefore, student ID cards are required to be reliable.
  • digitized information is easily subject to forgery, and it is necessary to ensure the reliability of digitized student IDs.
  • the main purpose of the present invention is to provide a system and method that contribute to improving the reliability of digital student IDs.
  • a first server that performs control regarding a digital student ID, a first ID linked to an electronic certificate stored in an identification card, and an educational institution that manages students. and a second server that stores the second ID of the student who wishes to use the digital student ID in association with the second ID. Notify a second server, and if the first ID corresponding to the notified second ID is valid, the second server receives the digital student ID of the student who wishes to use the digital student ID.
  • a system is provided for generating a digital student ID card and transmitting the generated digital student ID card to the first server.
  • a first server that performs control regarding a digital student ID card, a first ID linked to an electronic certificate stored in an ID card, and an educational institution that manages students.
  • a second ID for a student who wishes to use the digital student ID; and if the first ID corresponding to the notified second ID is valid, the second server notifies the second server of the digital student ID of the student who wishes to use the digital student ID.
  • a method is provided for generating a student ID and transmitting the generated digital student ID to the first server.
  • FIG. 1 is a diagram for explaining an overview of one embodiment.
  • FIG. 2 is a flowchart for explaining the operation of one embodiment.
  • FIG. 3 is a diagram illustrating an example of a schematic configuration of an information processing system according to the first embodiment.
  • FIG. 4 is a diagram for explaining the operation of the information processing system according to the first embodiment.
  • FIG. 5 is a diagram for explaining the operation of the information processing system according to the first embodiment.
  • FIG. 6 is a diagram illustrating an example of a display on a terminal according to the first embodiment.
  • FIG. 7 is a diagram showing an example of the processing configuration of the digital student ID server according to the first embodiment.
  • FIG. 8 is a diagram illustrating an example of the processing configuration of the ID management server according to the first embodiment.
  • FIG. 1 is a diagram for explaining an overview of one embodiment.
  • FIG. 2 is a flowchart for explaining the operation of one embodiment.
  • FIG. 3 is a diagram illustrating an example of a schematic configuration of an information processing system according
  • FIG. 9 is a diagram showing an example of the ID management database according to the first embodiment.
  • FIG. 10 is a flowchart illustrating an example of the operation of the digital student ID generation section according to the first embodiment.
  • FIG. 11 is a flowchart illustrating an example of the operation of the digital student ID generation section according to the first embodiment.
  • FIG. 12 is a sequence diagram illustrating an example of the operation of the information processing system according to the first embodiment.
  • FIG. 13 is a diagram illustrating an example of the hardware configuration of the ID management server according to the present disclosure.
  • the system includes a first server 101 and a second server 102 (see FIG. 1).
  • the first server 101 performs control regarding the digital student ID card.
  • the second server 102 associates and stores a first ID linked to an electronic certificate stored in an identification card and a second ID used by an educational institution to manage students.
  • the first server 101 notifies the second server 102 of the second ID of the student who wishes to use the digital student ID card (step S1 in FIG. 2). If the first ID corresponding to the notified second ID is valid, the second server 102 generates a digital student ID of the student who wishes to use the digital student ID, and applies the generated digital student ID. is transmitted to the first server 101 (step S2).
  • the second server 102 generates a digital student ID for a student who wishes to issue a digital student ID if the first ID of the student is valid.
  • the second server 102 issues a digital student ID when the electronic certificate (electronic certificate linked to the first ID) stored in the identification card (for example, My Number Card) is valid, and Do not issue a digital student ID if the electronic certificate is invalid. That is, the digital student ID card generated by the second server 102 has high reliability because it is issued to a student whose identity has been verified using an identification card.
  • FIG. 3 is a diagram showing an example of a schematic configuration of an information processing system (student ID management system, ID management system) according to the first embodiment.
  • the information processing system includes a digital student ID server 10, an ID management server 20, an authentication server 30, and a plurality of university servers 40.
  • the digital student ID server 10 is a server device (first server) that manages and controls student ID cards (digital student ID cards) issued to students of each university participating in the system.
  • the ID management server 20 is a server device (second server) that manages IDs issued to students.
  • the ID management server 20 associates and stores a first ID linked to an electronic certificate stored in an identification card and a second ID used by an educational institution to manage students. Details regarding these IDs will be described later.
  • the authentication server 30 is a server device (third server) that performs authentication work for electronic certificates requested by users.
  • the authentication server 30 performs control related to determining the validity of electronic certificates.
  • the authentication server 30 is managed by a business operator that performs authentication services for electronic certificates.
  • the university server 40 is a server device (fourth server) that controls the operations of each university participating in the system.
  • the university server 40 stores student information regarding current students.
  • the student operates the terminal 50 to access the digital student ID server 10, etc.
  • the servers shown in FIG. 3 are configured to be able to communicate with each other via a network.
  • the digital student ID server 10 and the ID management server 20 are connected by wired or wireless communication means and configured to be able to communicate with each other.
  • the configuration of the information processing system shown in FIG. 3 is an example, and is not intended to limit the configuration.
  • the information processing system may include a plurality of digital student ID servers 10 and the like.
  • the educational digital ID is an ID (second ID) for identifying a student within an educational institution.
  • the entering student starts the "digital student ID application" installed on the terminal 50 and requests the system to issue an educational digital ID from the application.
  • the identity verification is performed using an identification card issued by a public institution.
  • an IC (Integrated Circuit) card containing an electronic certificate is used for identity verification.
  • a My Number card will be explained as an example of an IC card (identification card) in which an electronic certificate is stored.
  • the terminal 50 reads out the electronic certificate (for example, the electronic certificate for user certification) stored in the My Number card in response to the operation of the user (enrolled student).
  • the terminal 50 transmits an "ID issuance request" including the read electronic certificate and contact information (for example, an e-mail address from which the terminal 50 can receive e-mail) to the authentication server 30 (step S01 in FIG. 4).
  • the enrolled student By sending an ID confirmation request, the enrolled student (terminal 50) requests the authentication server 30 to confirm his/her identity using the My Number card.
  • the authentication server 30 Upon receiving the ID issue request, the authentication server 30 requests a certificate authority server (not shown) to verify the electronic certificate included in the ID issue request. Specifically, the authentication server 30 transmits the acquired electronic certificate to the certificate authority server.
  • the certificate authority server is a server device managed by a corporation called J-LIS (Japan Agency for Local Authority Information Systems) jointly operated by the national and local governments.
  • J-LIS Japanese Agency for Local Authority Information Systems
  • the certificate authority server verifies the validity of the electronic certificate (my number card).
  • the certificate authority server transmits the verification result of the electronic certificate obtained from the authentication server 30 (whether the electronic certificate is valid or invalid) to the authentication server 30.
  • the authentication server 30 When the certificate authority server fails to verify the electronic certificate (the electronic certificate is invalid), the authentication server 30 notifies the terminal 50 that the issuance of the educational digital ID has failed.
  • the digital student ID application on the terminal 50 notifies the user (enrolled student) that the issuance of the educational digital ID has failed.
  • the terminal 50 may notify the user that the issuance of the educational digital ID has failed because the electronic certificate read from the My Number card is invalid.
  • the authentication server 30 issues an "end user ID" to the student who entered the above information.
  • the end user ID is a unique ID (first ID) that uniquely corresponds to the serial number of the electronic certificate.
  • the end user ID is an ID that is linked to the validity and invalidation of the My Number card. That is, when the My Number card becomes invalid, the end user ID also becomes invalid.
  • the authentication server 30 After issuing the end user ID, the authentication server 30 associates the issued end user ID with the serial number of the electronic certificate and stores them in the database.
  • the authentication server 30 upon issuing the end user ID, notifies the ID management server 20 of the issued end user ID. Specifically, the authentication server 30 transmits an "end user ID notification" including the end user ID and contact information to the ID management server 20 (step S02 in FIG. 4).
  • the ID management server 20 Upon receiving the end user ID notification, the ID management server 20 generates an educational digital ID.
  • the ID management server 20 associates the end user ID acquired from the authentication server 30 with the generated educational digital ID and stores them in the ID management database. Details of the ID management database will be described later.
  • the ID management server 20 notifies the digital student ID server 10 of the generated educational digital ID. Specifically, the ID management server 20 transmits an "educational digital ID notification" including the educational digital ID and contact information to the digital student ID server 10 (step S03 in FIG. 4).
  • the digital student ID server 10 Upon receiving the education digital ID notification, the digital student ID server 10 creates an account for managing the student's (enrolled student) digital student ID. When an account is created, the digital student ID server 10 stores the acquired educational digital ID as the student's login information.
  • the digital student ID server 10 notifies the educational digital ID to the terminal 50 (the terminal 50 corresponding to the contact information acquired from the ID management server 20). Specifically, the digital student ID server 10 transmits an "ID issue notification" including the educational digital ID to the terminal 50 (step S04 in FIG. 4). The terminal 50 stores the received educational digital ID (login information).
  • the authentication server 30 (third server) receives an ID issuance request including an electronic certificate from the terminal 50 owned by the student.
  • the authentication server 30 performs control regarding the validity determination of the received electronic certificate (requests the certificate authority server to determine the validity of the electronic certificate), and if the electronic certificate for which the validity determination has been performed is valid.
  • an end user ID (first ID) of the student for whom the ID is desired to be issued is generated.
  • the authentication server 30 associates and stores the generated end user ID and the serial number of the valid electronic certificate. Further, the authentication server 30 transmits the generated end user ID to the ID management server 20 (second server).
  • the ID management server 20 generates an educational digital ID (second ID) in response to receiving the end user ID.
  • the ID management server 20 stores the received end user ID and the generated educational digital ID in association with each other, and transmits the generated educational digital ID to the digital student ID server 10 (first server).
  • the digital student ID server 10 notifies the notified educational digital ID to the student who wishes to have the ID issued. At that time, the digital student ID server 10 notifies the student who wishes to be issued the ID using the notified educational digital ID as login information.
  • the student enrolled student
  • the entering student operates the terminal 50 to start the digital student ID application and logs into the account on the digital student ID server 10.
  • the digital student ID server 10 acquires information for identifying the enrolled student (student identification information).
  • the student identification information includes, for example, a name or a combination of a name and date of birth.
  • the student identification number may be used as the student identification information.
  • the digital student ID server 10 acquires information for identifying the university to which the incoming student will enroll (university identification information; for example, university name or university code).
  • the digital student ID server 10 After acquiring the student specific information and university specific information, the digital student ID server 10 transmits a "digital student ID generation request" including the educational digital ID, student specific information, and university specific information to the ID management server 20 ( Step S11 in FIG. 5).
  • the digital student ID server 10 requests the ID management server 20 to verify the validity of the educational digital ID by transmitting the educational digital ID to the ID management server 20.
  • the ID management server 20 Upon receiving the digital student ID generation request, the ID management server 20 requests the authentication server 30 to verify the validity of the end user ID corresponding to the educational digital ID. Specifically, the ID management server 20 accesses the ID management database and reads out the end user ID corresponding to the acquired educational digital ID. The ID management server 20 transmits an "end user ID verification request" including the read end user ID to the authentication server 30 (step S12 in FIG. 5).
  • the authentication server 30 Upon receiving the end user ID verification request, the authentication server 30 determines the validity of the electronic certificate (my number card) linked to the end user ID. Specifically, the authentication server 30 accesses a database that stores end user IDs and digital certificate serial numbers, and reads out the digital certificate serial number corresponding to the acquired end user ID.
  • the authentication server 30 transmits the read serial number to the certificate authority server (server operated by J-LIS) and requests the certificate authority server to determine the validity of the electronic certificate corresponding to the serial number of the electronic certificate. .
  • the authentication server 30 transmits a response to the ID management server 20 according to the response from the certificate authority server (the electronic certificate corresponding to the serial number is valid or invalid) (step S13 in FIG. 5).
  • the authentication server 30 upon receiving a response from the certificate authority server indicating that the electronic certificate is valid, transmits an affirmative response indicating that the end user ID is valid to the ID management server 20. Upon receiving a response indicating that the electronic certificate is invalid from the certificate authority server, the authentication server 30 transmits a negative response indicating that the end user ID is invalid to the ID management server 20.
  • the ID management server 20 determines that the educational digital ID acquired from the digital student ID server 10 is valid. If the educational digital ID is valid, the ID management server 20 requests the university to which the student enrolls (the university specified from the university identification information) to verify the student who wishes to issue a digital student ID. Specifically, the ID management server 20 transmits a "current student confirmation request" including the educational digital ID and student identification information to the university server 40 (step S14 in FIG. 5).
  • the ID management server 20 determines (verifies) whether or not the student who wishes to receive a digital student ID card is enrolled in the university specified by the student by sending a current student confirmation request to the university server 40. request to the relevant university.
  • the university server 40 that receives the current student confirmation request refers to the student information database that stores the name, date of birth, biometric information (e.g., facial image), affiliated faculty, etc. of the enrolled student, and identifies the student corresponding to the student identification information. (Enrolled student) Determines whether or not the student is registered in the database. The university server 40 transmits the determination result to the ID management server 20 (step S15 in FIG. 5).
  • the university server 40 sends a negative response to the ID management server 20 indicating that the student corresponding to the student specific information does not exist.
  • the university server 40 transmits an affirmative response including the student information (student information) corresponding to the student specific information to the ID management server 20.
  • the university server 40 stores the student's name, date of birth, university name, affiliated faculty, affiliated department, student ID number, biometric information, affiliated university location, affiliated university contact information, etc. as "student information" on the ID management server. Send to 20.
  • the university server 40 stores the educational digital ID acquired from the ID management server 20 in the student information database.
  • the university (university server 40) manages students using the educational digital ID as new student identification information. Specifically, the university server 40 stores educational digital IDs, student personal information (name, date of birth, etc.), biometric information (e.g. facial images), student ID number, department to which they belong, course information (information regarding grades; e.g. , acquisition unit, attendance information), etc. are stored in association with each other.
  • biometric information e.g. facial images
  • student ID number e.g. facial images
  • course information information regarding grades; e.g. , acquisition unit, attendance information
  • the ID management server 20 transmits a response to the digital student ID generation request to the digital student ID server 10 (step S16 in FIG. 5).
  • the ID management server 20 When notified by the authentication server 30 that the end user ID is invalid, the ID management server 20 sends a negative response to the digital student ID server 10 indicating that the digital student ID cannot be generated.
  • the ID management server 20 transmits the negative response to the digital student ID server 10.
  • the ID management server 20 When receiving a positive response from the university server 40, the ID management server 20 generates (issues) a digital student ID.
  • the ID management server 20 generates "card face information" to be written on the digital student ID card using the student information acquired from the university server 40, and generates a digital student ID card including the card face information.
  • the digital student ID card contains the student's name, date of birth, student ID number, biometric information (for example, facial image), information on the university to which the student belongs, etc.
  • the ID management server 20 After generating the digital student ID, the ID management server 20 transmits an affirmative response including the generated digital student ID to the digital student ID server 10.
  • the ID management server 20 stores student identification information (for example, student ID number) that identifies the student who received the digital student ID card and university identification information that identifies the university (for example, the university name) in the ID management database. That is, when a digital student ID card is issued to a student, the ID management server 20 stores the student's end user ID, educational digital ID, student ID number, and university name in association with each other.
  • student identification information for example, student ID number
  • university identification information that identifies the university (for example, the university name) in the ID management database. That is, when a digital student ID card is issued to a student, the ID management server 20 stores the student's end user ID, educational digital ID, student ID number, and university name in association with each other.
  • the digital student ID server 10 Upon receiving an affirmative response to the digital student ID generation request, the digital student ID server 10 notifies the student (enrolled student) that the issuance of the digital student ID has been completed. Alternatively, the digital student ID server 10 may display the issued digital student ID on the terminal 50. For example, the terminal 50 displays a digital student ID card as shown in FIG.
  • the student operates the terminal 50 to log in to the digital student ID server 10. Specifically, the student starts a digital student ID application and sends login information (educational digital ID) to the digital student ID server 10 via the application.
  • login information education digital ID
  • the digital student ID server 10 authenticates students using login information (educational digital ID). After logging into the account of the digital student ID server 10, the student operates the terminal 50 to perform a predetermined operation and requests display of the digital student ID.
  • the digital student ID server 10 Upon receiving a request to display a digital student ID, the digital student ID server 10 sends a "digital student ID generation request" to the ID management server 20, in the same way as when generating a digital student ID.
  • the ID management server 20 Upon receiving a digital student ID generation request, the ID management server 20 searches the ID management database using the educational digital ID included in the request as a key, and identifies the corresponding entry. If the student ID number is registered in the corresponding entry (if the digital student ID card has already been issued), the ID management server 20 handles the digital student ID generation request according to a predetermined policy (digital student ID control policy). Process based on
  • the digital student ID control policy includes a policy regarding validity verification of end user ID (validity verification of My Number card).
  • the policy regarding validation of end user ID includes, for example, rules (criteria) regarding frequency, timing, etc. of validating end user ID.
  • a policy regarding the validity of end user IDs might be, ⁇ Check the validity of the end user ID each time the digital student ID card is used,'' or ⁇ If a predetermined period of time has passed since the last validity check, the end user ID For example, "Check the validity of the ID.”
  • the policy regarding the validity check of the end user ID may be "confirm the validity of the end user ID after a predetermined period has elapsed.” For example, if the predetermined period is the "first half" or "second half", the end user ID may be confirmed once every six months.
  • the policy regarding end user ID validity confirmation may be ⁇ If the end user ID is not confirmed a predetermined number of times or more within a predetermined period, the validity of the end user ID will be confirmed after the predetermined number of times.'' It may also be. For example, if the predetermined period is 6 months and the predetermined number of times is 5 times, the validity of the end user ID will not be checked up to 5 times within 6 months, and the validity of the end user ID will be checked after the 6th time. .
  • the ID management server 20 executes the same process as the digital student ID generation process shown in FIG. 5.
  • the ID management server 20 transmits an end user ID verification request to the authentication server 30. Further, the ID management server 20 transmits a current student confirmation request to the university server 40 specified from the university identification information. Note that the ID management server 20 transmits a current student confirmation request that includes an educational digital ID or student ID number as student identification information.
  • the ID management server 20 generates a digital student ID when the end user ID is valid and student information can be acquired from the university server 40.
  • the ID management server 20 transmits the generated digital student ID to the digital student ID server 10.
  • the ID management server 20 transmits a current student confirmation request to the university server 40. In this case as well, the ID management server 20 transmits a current student confirmation request including the educational digital ID or student ID number as student identification information to the university server 40.
  • the ID management server 20 generates a digital student ID using the student information acquired from the university server 40.
  • the ID management server 20 transmits the generated digital student ID to the digital student ID server 10.
  • the digital student ID server 10 displays the digital student ID received from the ID management server 20 on the terminal 50. For example, students present their digital student ID card to a third party to prove their identity. For example, when purchasing a commuter pass with a student discount, students present their digital student ID to the railway company. Railway companies sell commuter passes by trusting digital student IDs whose identity is verified by My Number cards.
  • the digital student ID server 10 (first server) notifies the ID management server 20 (second server) of the educational digital ID (second ID) of the student who wishes to use the digital student ID. . If the end user ID (first ID) corresponding to the notified educational digital ID is valid, the ID management server 20 generates a digital student ID for the student who wishes to use the digital student ID, and uses the generated digital student ID. Send the student ID to the digital student ID server 10.
  • the ID management server 20 notifies the authentication server 30 (third server) of the end user ID corresponding to the notified educational digital ID, thereby requesting the authentication server 30 to make a determination regarding the validity of the end user ID. do.
  • the authentication server 30 performs control related to determining the validity of the electronic certificate corresponding to the notified end user ID, and notifies the ID management server 20 of the determination result.
  • the ID management server 20 receives the student information of the student who wishes to use the digital student ID card from the university server 40 (fourth server). If you are able to obtain a digital student ID, a digital student ID will be generated. Note that for students to whom a digital student ID has already been issued, the ID management server 20 determines whether or not to request the authentication server 30 to determine the validity of the end user ID, according to a predetermined policy.
  • FIG. 7 is a diagram showing an example of a processing configuration (processing module) of the digital student ID server 10 according to the first embodiment.
  • the digital student ID server 10 includes a communication control section 201, an ID issuing control section 202, a digital student ID control section 203, and a storage section 204.
  • the communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the ID management server 20. Furthermore, the communication control unit 201 transmits data to the ID management server 20. The communication control unit 201 passes data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 201.
  • the communication control unit 201 has a function as a reception unit that receives data from another device, and a function as a transmission unit that transmits data to the other device.
  • the ID issuance control unit 202 is a means for controlling the issuance of educational digital IDs.
  • the ID issuance control unit 202 processes educational digital ID notifications received from the ID management server 20.
  • the ID issuance control unit 202 Upon receiving the educational digital ID notification, the ID issuance control unit 202 generates an account for managing the digital student ID. When an account is generated, the ID issuance control unit 202 manages the student's educational digital ID as login information in the account. Note that the ID issuance control unit 202 may generate an ID other than the educational digital ID as the login information.
  • the ID issuance control unit 202 transmits an "ID issuance notification" to the terminal 50 owned by the enrolled student who wishes to be issued a digital student ID.
  • the ID issuance notification includes login information (educational digital ID).
  • the ID issuance control unit 202 may treat the educational digital ID as a login ID and request the enrolled student to set a password for logging into the account. Specifically, when sending the educational digital ID to the terminal 50, the ID issuance control unit 202 may prompt the enrolled student to determine a password for logging into the account via the terminal 50.
  • the digital student ID control unit 203 is a means for controlling the digital student ID.
  • the digital student ID control unit 203 identifies the student. Obtain information and university specific information.
  • the digital student ID control unit 203 displays a GUI (Graphical User Interface) or the like on the terminal 50, and displays student specific information (for example, a combination of name and date of birth) and university specific information (for example, a university name or code).
  • GUI Graphic User Interface
  • university specific information for example, a university name or code
  • the digital student ID control unit 203 Upon acquiring the student identification information and university identification information, the digital student ID control unit 203 transmits a “digital student ID generation request” including the educational digital ID, student identification information, and university identification information to the ID management server 20.
  • the digital student ID control unit 203 receives a response (affirmative response, negative response) to the digital student ID generation request.
  • the digital student ID control unit 203 If a positive response (response indicating that the digital student ID card was successfully generated) is received, the digital student ID control unit 203 notifies the enrolled student that the digital student ID card has been successfully issued. If a negative response (response to the effect that generation of the digital student ID card has failed) is received, the digital student ID control unit 203 notifies the enrolled student that the issuance of the digital student ID card has failed.
  • a logged-in student performs a predetermined action (for example, pressing the digital student ID display button displayed on the terminal 50)
  • a "digital student ID generation request" containing the educational digital ID and university specific information of the logged-in student is issued. ” to the ID management server 20.
  • the digital student ID control unit 203 processes the response from the ID management server 20 in the same way as when issuing a digital student ID.
  • the storage unit 204 is a means for storing information necessary for the operation of the digital student ID server 10.
  • FIG. 8 is a diagram showing an example of a processing configuration (processing module) of the ID management server 20 according to the first embodiment.
  • the ID management server 20 includes a communication control section 301, an ID management section 302, a digital student ID generation section 303, and a storage section 304.
  • the communication control unit 301 is a means for controlling communication with other devices.
  • the communication control unit 301 receives data (packets) from the digital student ID server 10. Furthermore, the communication control unit 301 transmits data to the digital student ID server 10.
  • the communication control unit 301 passes data received from other devices to other processing modules.
  • the communication control unit 301 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 301.
  • the communication control unit 301 has a function as a receiving unit that receives data from another device, and a function as a transmitting unit that transmits data to the other device.
  • the ID management unit 302 is a means for controlling and managing end user IDs and educational digital IDs.
  • the ID management unit 302 receives an “end user ID notification” from the authentication server 30. In response to receiving the end user ID, the ID management unit 302 generates an educational digital ID.
  • the educational digital ID may be any information as long as it uniquely corresponds to the end user ID. For example, the ID management unit 302 may assign a unique value to the educational digital ID each time it processes an end user ID notification.
  • the ID management unit 302 After generating the educational digital ID, the ID management unit 302 associates the end user ID and the educational digital ID and stores them in the ID management database (see FIG. 9). As shown in FIG. 9, the ID management database stores end user IDs, educational digital IDs, student ID numbers, and university names in association with each other. Although not shown in FIG. 9, the ID management database also stores a history regarding end user ID verification (date and time of transmitting the end user ID verification request and verification results).
  • the ID management database shown in FIG. 9 is an example, and is not intended to limit the items to be stored.
  • the generation date and time of the educational digital ID may be registered in the database.
  • the ID management unit 302 transmits an educational digital ID notification including the generated educational digital ID and contact information (for example, the contact information of the terminal 50 owned by the student who wishes to issue a digital student ID card) to the digital student ID server 10. .
  • the digital student ID generation unit 303 is a means for generating a digital student ID.
  • 10 and 11 are flowcharts showing an example of the operation of the digital student ID generation unit 303 according to the first embodiment. The operation of the digital student ID generation unit 303 will be explained with reference to FIGS. 10 and 11.
  • the digital student ID generation unit 303 Upon receiving a digital student ID generation request, the digital student ID generation unit 303 searches the ID management database using the educational digital ID included in the request as a key, and identifies the corresponding entry (database search; step S101).
  • the digital student ID generation unit 303 determines whether or not a student ID number is set in the "student ID number" field of the corresponding entry (determines the presence or absence of a student ID number; step S102).
  • step S103 If the student ID number has been set (step S103, Yes branch), the digital student ID generation unit 303 executes the processes from step S201 onward in FIG. The processing after step S102 will be described later.
  • step S103 If the student ID number is not set (step S103, No branch), the digital student ID generation unit 303 reads the end user ID of the specified entry. The digital student ID generation unit 303 transmits an "end user ID verification request" including the read end user ID to the authentication server 30 (step S104).
  • the digital student ID generation unit 303 receives a response to the end user ID verification request from the authentication server 30.
  • the digital student ID generation unit 303 sets the negative response in the response to be sent to the digital student ID server 10 (step S105, No branch). S106).
  • step S105 If a positive response (end user ID is valid) is received from the authentication server 30 (step S105, Yes branch), the digital student ID generation unit 303 sends an "existing" message to the university server 40 of the university specified from the university specific information. "School student confirmation request" is transmitted (step S107).
  • the current student confirmation request includes an educational digital ID and student identification information.
  • the digital student ID generation unit 303 receives a response to the current student confirmation request from the university server 40.
  • step S108 If a negative response (response indicating that the corresponding student is not enrolled) is received from the university server 40 (step S108, No branch), the digital student ID generation unit 303 responds to the response to be sent to the digital student ID server 10. A negative response is set (step S106).
  • step S108 If an affirmative response (response indicating that the corresponding student is enrolled) is received from the university server 40 (step S108, Yes branch), the digital student ID generation unit 303 responds to the response to be sent to the digital student ID server 10. A positive response is set (step S109).
  • the digital student ID generation unit 303 generates a digital student ID using the student information (card face information written on the digital student ID) included in the affirmative response received from the university server 40 (step S110).
  • the digital student ID generation unit 303 stores the student ID number and university name acquired from the university server 40 in the ID management database.
  • the digital student ID generation unit 303 transmits a response to the digital student ID generation request to the digital student ID server 10 (step S111). When transmitting an affirmative response, the digital student ID generation unit 303 transmits the generated digital student ID to the digital student ID server 10.
  • step S103 If the student ID number is set in the entry identified by searching the ID management database (step S103, Yes branch), the digital student ID generation unit 303 executes the process shown in FIG. 11.
  • the digital student ID generation unit 303 refers to a preset digital student ID control policy (refer to policy; step S201).
  • the digital student ID generation unit 303 refers to the digital student ID control policy and determines whether validity verification of the end user ID is performed (determines whether ID validity verification is performed; step S202).
  • step S203 If it is necessary to verify the validity of the educational digital ID (step S203, Yes branch), the digital student ID generation unit 303 executes the processes from step S104 shown in FIG. 10.
  • step S203 If the validity verification of the educational digital ID is not necessary (step S203, No branch), the digital student ID generation unit 303 executes the processes from step S107 shown in FIG. 10.
  • the digital student ID generation unit 303 If the student ID number has already been set in the ID management database (if a digital student ID card has already been issued to the student), the digital student ID generation unit 303 generates the student ID number instead of or in addition to the educational digital ID.
  • a current student confirmation request including the above may be sent to the university server 40. That is, the educational digital ID or student ID number may be transmitted to the university server 40 as information for identifying the student. Note that the digital student ID generation unit 303 does not need to transmit the student confirmation based on the digital student ID control policy.
  • the storage unit 304 is a means for storing information necessary for the operation of the ID management server 20.
  • the authentication server 30 receives the ID issuance request and generates an end user ID if the electronic certificate (my number card) is valid. For example, the authentication server 30 calculates a hash value of the serial number of the electronic certificate, and uses the calculated hash value as the end user ID. The authentication server 30 also processes end user ID verification requests received from the ID management server 20.
  • the university server 40 stores student information regarding current students including new students.
  • the university server 40 uses a student information database to manage students' names, dates of birth, facial images, departments to which they belong, and the like.
  • Examples of the terminal 50 include mobile terminal devices such as smartphones, mobile phones, game consoles, and tablets, computers (personal computers, notebook computers), and the like.
  • the terminal 50 can be any equipment or device as long as it accepts student operations and can communicate with the digital student ID server 10 and the like. Furthermore, descriptions of the processing configuration and the like regarding the terminal 50 will be omitted.
  • the student uses the digital student ID application installed on the terminal 50 to request the system to issue or display a digital student ID. Further, the terminal 50 reads out the electronic certificate from the My Number card by acquiring a four-digit password from the student or by performing authentication using facial information stored in the My Number card.
  • FIG. 12 is a sequence diagram illustrating an example of the operation of the information processing system according to the first embodiment.
  • the operation of the information processing system regarding the issuance of a digital student ID card will be explained with reference to FIG. 12.
  • the digital student ID server 10 transmits a digital student ID generation request including the student's educational digital ID to the ID management server 20 (step S21).
  • the ID management server 20 requests the authentication server 30 to verify the validity of the end user ID corresponding to the educational digital ID.
  • the ID management server 20 transmits an end user ID verification request including the end user ID to the authentication server 30 (step S22).
  • the ID management server 20 Upon receiving an affirmative response from the authentication server 30 that the end user ID is valid, the ID management server 20 requests the university specified by the student to confirm the existence of the student who wishes to issue a digital student ID. Specifically, the ID management server 20 transmits a current student confirmation request including an educational digital ID and student identification information to the university server 40 (step S23).
  • the ID management server 20 Upon receiving an affirmative response from the university server 40 indicating that the student is enrolled, the ID management server 20 generates a digital student ID card using the student information notified from the university server 40 (step S24).
  • the ID management server 20 transmits the generated digital student ID to the digital student ID server 10 (step S25).
  • the digital student ID server 10 presents the acquired digital student ID to the student (enrolled student) (step S26).
  • a temporary digital student ID may be issued when a new student requests issuance of an educational digital ID while the My Number card is expired.
  • the ID management server 20 may issue a true digital student ID card to the student for whom the end user ID has been issued after the fact.
  • the authentication server 30 assigns the enrolled student a provisional end user status. Issue an ID.
  • the temporary end user ID is stored in association with the contact information of the terminal 50.
  • the authentication server 30 transmits an end user ID notification including the temporary end user ID to the ID management server 20.
  • the ID management server 20 registers the temporary end user ID in the ID management database.
  • the ID management server 20 generates an educational digital ID in response to receiving the temporary end user ID, and notifies the terminal 50 of the educational digital ID via the digital student ID server 10.
  • the digital student ID server 10 When a student wishes to issue a digital student ID, the digital student ID server 10 sends a digital student ID generation request to the ID management server 20. If the end user ID corresponding to the educational digital ID included in the digital student ID issuance request is a temporary end user ID, the ID management server 20 will send the current student ID to the university server 40 without requesting the authentication server 30 for verification. Submit a confirmation request.
  • the ID management server 20 Upon acquiring student information in response to the transmission of the current student confirmation request, the ID management server 20 issues a temporary digital student ID using the acquired student information. The ID management server 20 provides a temporary digital student ID to the enrolled student via the digital student ID server 10.
  • the terminal 50 of the student who has been issued a temporary digital student ID displays the temporary digital student ID while clearly indicating that the issued digital student ID is temporary.
  • the student When the My Number Card is updated and becomes valid, the student operates the terminal 50 to request issuance of an educational digital ID. If the electronic certificate acquired from the terminal 50 is determined to be valid, the authentication server 30 determines whether a temporary end user ID linked to the contact information of the terminal 50 exists.
  • the authentication server 30 replaces the temporary end user ID with the true end user ID and stores it in the database (the serial number of the electronic certificate (stored in association with the number). Further, the authentication server 30 transmits the pair of the temporary end user ID and the true end user ID to the ID management server 20.
  • the ID management server 20 Upon receiving the pair of the two IDs, the ID management server 20 generates a true digital student ID for the student with the temporary end user ID, and notifies the terminal 50 that the true digital student ID has been issued. The ID management server 20 also updates the ID management database by rewriting the temporary end user ID with the true end user ID.
  • the ID management server 20 After the ID management database is updated, the ID management server 20 performs operations related to the normal control and management of the digital student ID card described above.
  • the ID management server 20 provides temporary information to the student who wishes to use the digital student ID. may generate a digital student ID.
  • the ID management server 20 may set a validity period to the temporary end user ID acquired from the authentication server 30. If the true end user ID is not received during the validity period (if the My Number Card is not updated during the validity period), the ID management server 20 may invalidate the temporary end user ID. Similarly, the ID management server 20 may also set an expiration date on the temporary digital student ID. In this case, if the My Number Card is not updated during the validity period of the temporary digital student ID, the temporary digital student ID will become invalid.
  • Terminal 50 can provide the digital student ID to other devices. Specifically, the terminal 50 can provide the face information of the digital student ID card to other devices using a two-dimensional barcode or non-contact communication means using NFC (Near Field Communication).
  • NFC Near Field Communication
  • Other devices can provide various services to students using ticket information obtained through two-dimensional barcodes and non-contact communication means.
  • a gate device installed at a university can allow students of its own university to pass by acquiring ticket information.
  • other devices may acquire the student's biometric information using a two-dimensional barcode or non-contact communication means.
  • the acquired biometric information may be used for a service using biometric authentication. For example, consider a case where a student purchases drinks or the like from a vending machine installed on campus. In this case, the vending machine acquires the student's biometric information using a two-dimensional barcode or the like. Additionally, the vending machine acquires biometric information of the student by photographing the student. The vending machine transmits the two acquired biometric information to the university server 40.
  • the university server 40 performs one-to-one matching using the two acquired biometric information.
  • the university server 40 performs matching using the acquired biometric information and pre-registered biometric information.
  • the person to be authenticated is identified through processing. Thereafter, the university server 40 performs payment processing using the account information (for example, credit card information) of the identified person to be authenticated. If the payment process is successful, the student can purchase drinks and the like.
  • the digital student ID card can provide biometric information to other devices through display of a two-dimensional barcode and non-contact communication using NFC.
  • Biometric information provided to other devices is used for services using biometric authentication.
  • the biometric information for example, a facial image
  • the biometric information provided to another device may be a facial image stored in a My Number card.
  • ⁇ Modification 3 by verifying the identity using the end user ID, the graduate can access the university server 40 directly or indirectly and obtain corresponding student information.
  • the obtained student information may be submitted to a third party (such as a company) at the discretion of the graduate.
  • the graduate operates the terminal 50 to request the authentication server 30 to verify the electronic certificate. If the verification result of the authentication server 30 is "the electronic certificate is valid", the terminal 50 requests the university server 40 to provide student information (for example, course certificate, etc.) along with the verification result of the authentication server 30. .
  • the university server 40 checks the verification result by the authentication server 30, and if the my number card (end user ID) is valid, sends the student information specified by the graduate to the terminal 50.
  • ⁇ Modification 4 according to the first embodiment>
  • graduates who graduate from universities can provide their student information (for example, course certificates, etc.) to third parties.
  • the graduate operates the terminal 50 to input a request to provide student information to the digital student ID server 10 via the digital student ID application.
  • the digital student ID server 10 transmits the educational digital ID of the graduate to the ID management server 20.
  • the ID management server 20 requests the authentication server 30 to verify the validity of the end user ID corresponding to the educational digital ID.
  • the ID management server 20 sends the educational digital ID to the university server 40, and the university server 40 receives student information (for example, course registration) of the graduate. certificate, etc.).
  • the ID management server 20 transmits the acquired student information to the terminal 50 owned by the graduate via the digital student ID server 10.
  • the graduate can submit the acquired student information to a third party (for example, a company, etc.) from the terminal 50.
  • a third party for example, a company, etc.
  • the graduate can obtain the corresponding student information from the university server 40 after receiving identity verification using the end user ID.
  • the obtained student information may be submitted to a third party (such as a company) at the discretion of the graduate.
  • the university server 40 does not provide the ID management server 20 with student information for students set to the student information provision prohibited state. As a result, the ID management server 20 cannot generate a digital student ID.
  • the authentication server 30 verifies the validity of the end user ID linked to the student's educational digital ID. Make a request. Upon receiving the request, the authentication server 30 determines that the end user ID is valid if the electronic certificate uniquely corresponding to the end user ID (the electronic certificate read from the student's My Number card) is valid. . That is, the ID management server 20 indirectly requests the authentication server 30 to determine the validity of the My Number card through the validity determination of the educational digital ID. If the educational digital ID is valid (if the My Number Card is valid), the ID management server 20 generates a digital student ID for the student who wishes to issue (or use) a digital student ID. As a result, the digital student ID card generated by the ID management server 20 has high reliability because it is issued to a student whose identity is verified by the My Number card.
  • FIG. 13 is a diagram showing an example of the hardware configuration of the ID management server 20.
  • the ID management server 20 can be configured by an information processing device (so-called computer), and has the configuration illustrated in FIG. 13.
  • the ID management server 20 includes a processor 311, a memory 312, an input/output interface 313, a communication interface 314, and the like.
  • the components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
  • the configuration shown in FIG. 13 is not intended to limit the hardware configuration of the ID management server 20.
  • the ID management server 20 may include hardware (not shown), and may not include the input/output interface 313 if necessary.
  • the number of processors 311 and the like included in the ID management server 20 is not limited to the example shown in FIG. 13; for example, a plurality of processors 311 may be included in the ID management server 20.
  • the processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
  • OS operating system
  • the memory 312 is a RAM (Random Access Memory), a ROM (Read Only Memory), an HDD (Hard Disk Drive), an SSD (Solid State Drive), or the like.
  • the memory 312 stores OS programs, application programs, and various data.
  • the input/output interface 313 is an interface for a display device or input device (not shown).
  • the display device is, for example, a liquid crystal display.
  • the input device is, for example, a device such as a keyboard or a mouse that receives user operations.
  • the communication interface 314 is a circuit, module, etc. that communicates with other devices.
  • the communication interface 314 includes a NIC (Network Interface Card).
  • the functions of the ID management server 20 are realized by various processing modules.
  • the processing module is realized, for example, by the processor 311 executing a program stored in the memory 312. Further, the program can be recorded on a computer-readable storage medium.
  • the storage medium can be non-transitory, such as a semiconductor memory, a hard disk, a magnetic recording medium, an optical recording medium, etc. That is, the present invention can also be implemented as a computer program product.
  • the above program can be updated via a network or by using a storage medium that stores the program.
  • the processing module may be realized by a semiconductor chip.
  • the digital student ID server 10 and the like can be configured by an information processing device in the same way as the ID management server 20, and the basic hardware configuration thereof is not different from the ID management server 20, so a description thereof will be omitted.
  • the ID management server 20 which is an information processing device, is equipped with a computer, and the functions of the ID management server 20 can be realized by having the computer execute a program. Furthermore, the ID management server 20 executes a method of controlling the ID management server 20 using the program.
  • the educational institution may also be a high school, a vocational school, or the like. Further, the educational institution is not limited to an educational institution in Japan, but may be an educational institution in a foreign country.
  • the My Number card was used as an example of an identification document that includes an electronic certificate for identity verification, but other identification documents may be used.
  • the user certification electronic certificate was explained as an example of the electronic certificate verified by the authentication server 30 (certification authority server), but the verification of the signature electronic certificate is server). That is, the authentication server 30 may manage the serial number of the signature electronic certificate and the end user ID in association with each other.
  • the ID management server 20 transmits a current student confirmation request to the university server 40 to acquire student information of a student who will receive a digital student ID card (step S14 in FIG. 5). S15).
  • the ID management server 20 stores student information of each university, these steps are unnecessary.
  • the procedure for issuing an end user ID and the procedure for issuing a digital student ID are described as separate processes, but the issuance of an end user ID and the issuance of a digital student ID may be performed in a series of procedures. good.
  • the ID management server 20 upon receiving the "end user ID notification" from the authentication server 30, acquires student information by transmitting a "current student confirmation request" to the university server 40.
  • the ID management server 20 generates a digital student ID using the acquired student information, and transmits the generated digital student ID to the digital student ID server 10.
  • the digital student ID server 10 provides educational digital IDs and digital student IDs to students. In this way, when the issuance of an end user ID and the issuance of a digital student ID card are performed in a series of procedures, verification of the end user ID (steps S12 and S13 in FIG. 5) may be omitted.
  • the student ID number of each student is registered in the ID management database in order to identify (manage) students to whom digital student ID cards have been issued (see FIG. 9).
  • the information for identifying the student to whom the digital student ID card has been issued may be any information other than the student ID number.
  • the ID management database may store a combination of email address, name, telephone number, student number, and department (faculty to which it belongs) as information for managing students who have been issued digital student IDs.
  • the ID management database may store a combination of a student ID number and a university name (discrimination information for the university to which the student belongs) as information for managing (identifying) students who have been issued digital student ID cards.
  • the digital student ID generation unit 303 of the ID management server 20 may determine whether or not the information stored in the ID management database is set in step S103 of FIG. For example, if the ID management database stores a combination of student number and university name as information for identifying a student, the digital student ID generation unit 303 determines whether the combination of student number and university name is set in the ID management database. All you have to do is judge.
  • the ID management server 20 generates a digital student ID.
  • other devices eg, digital student ID server 10 or university server 40
  • the university server 40 may generate the digital student ID with the digital signature of its own university attached thereto.
  • another device that has acquired a digital student ID using a two-dimensional barcode or the like may utilize the digital student ID if the digital signature given to the digital student ID is successfully verified.
  • the ID management server 20 determines whether or not verification of the end user ID is necessary based on the digital student ID control policy.
  • the digital student ID card control policy may be set differently for each university. For example, for students at university A1, the end user ID is verified each time they use their digital student ID cards, and for students at university A2, the end user ID is verified after a predetermined period of time has passed since the previous verification. A policy such as this may be set.
  • the digital student ID control policy may include a policy regarding confirmation of current students.
  • a policy may be set such as ⁇ Confirmation of current students is performed each time a digital student ID is used'' or ⁇ Confirmation of current students is performed when a digital student ID is used for the first time in a new academic year.''
  • each server may also be configured in an external database server or the like. That is, some functions of each server etc. may be implemented in another server.
  • all or part of the functions of the digital student ID server 10 may be implemented in the ID management server 20. That is, if the above-described "digital student ID control unit (digital student ID control means)", “digital student ID generation unit (digital student ID generation means)", etc. are implemented in any of the devices included in the system. good.
  • each device digital student ID server 10, ID management server 20, etc.
  • data transmitted and received between these devices may be encrypted.
  • Student identification information and the like are transmitted and received between these devices, and in order to appropriately protect this information, it is desirable that encrypted data be transmitted and received.
  • each embodiment may be used alone or in combination.
  • a first server that performs control regarding the digital student ID; a second server that associates and stores a first ID linked to an electronic certificate stored in an identification card and a second ID used by an educational institution to manage students; including; The first server notifies the second server of the second ID of the student who wishes to use the digital student ID, If the first ID corresponding to the notified second ID is valid, the second server generates a digital student ID of a student who wishes to use the digital student ID, and A system for transmitting a digital student ID to the first server.
  • [Additional note 2] further comprising a third server that performs control regarding validity determination of the electronic certificate, The second server notifies the third server of the first ID corresponding to the notified second ID, thereby making a determination regarding the validity of the first ID to the third server. request, The system according to appendix 1, wherein the third server performs control related to determining the validity of the electronic certificate corresponding to the notified first ID, and notifies the second server of the determination result.
  • [Additional note 3] further comprising a fourth server storing student information regarding current students; When the first ID corresponding to the notified second ID is valid, the second server receives information from the fourth server about the student who wishes to use the digital student ID.
  • the system according to supplementary note 2 which generates the digital student ID card using the student information acquired from the fourth server when student information can be acquired.
  • the third server receives an ID issuance request including an electronic certificate from a terminal owned by a student, the third server controls the validity determination of the received electronic certificate, and issues the electronic certificate whose validity has been determined. If the certificate is valid, generate the first ID of the student who wishes to be issued the ID, and store the generated first ID and the serial number of the valid electronic certificate in association with each other; The system described in Appendix 4.
  • the third server transmits the generated first ID to the second server,
  • the second server generates the second ID in response to receiving the first ID, stores the received first ID and the generated second ID in association with each other, and transmitting the generated second ID to the first server;
  • the system according to appendix 5 wherein the first server notifies the notified second ID to a student who desires to be issued the ID.
  • Supplementary Note 7 If the first ID corresponding to the notified second ID is invalid, the second server generates a temporary digital student ID of a student who wishes to use the digital student ID.
  • a first server that performs control regarding the digital student ID; a second server that associates and stores a first ID linked to an electronic certificate stored in an identification card and a second ID used by an educational institution to manage students; In a system that includes the first server notifying the second server of the second ID of the student who wishes to use the digital student ID; If the first ID corresponding to the notified second ID is valid, the second server generates a digital student ID of a student who wishes to use the digital student ID, and A method of transmitting a digital student ID to the first server.
  • Digital student ID server 20 ID management server 30 Authentication server 40 University server 50 Terminal 101 First server 102 Second server 201 Communication control unit 202 ID issuance control unit 203 Digital student ID control unit 204 Storage unit 301 Communication control unit 302 ID management unit 303 Digital student ID generation unit 304 Storage unit 311 Processor 312 Memory 313 Input/output interface 314 Communication interface

Landscapes

  • Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Engineering & Computer Science (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Educational Administration (AREA)
  • Primary Health Care (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Development Economics (AREA)
  • Educational Technology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Provided is a system that contributes to the improvement of the reliability of a digital student ID. The system includes a first server and a second server. The first server performs control relating to a digital student ID. The second server stores, in association with each other, a first ID linked to an electronic certificate stored in an identification card, and a second ID for the management of students by an educational institution. The first server notifies the second server of the second ID of a student wishing to use a digital student ID. If the first ID corresponding to the notified second ID is valid, the second server generates a digital student ID for the student wishing to use a digital student ID, and transmits the generated digital student ID to the first server.

Description

システム及び方法System and method
 本発明は、システム及び方法に関する。 The present invention relates to systems and methods.
 デジタル化された学生証に関する技術が存在する。 Technology exists for digitized student IDs.
 例えば、特許文献1には、学生証をデジタル化するデジタル学生証変換システムを提供する、と記載されている。特許文献1のデジタル学生証変換システムは、携帯する電子媒体にデジタル学生証を表示するシステムである。当該システムは、学校データベースと、学生証アプリと、運営管理サーバと、を備える。学校データベースは、学校が有する学生又は生徒情報からデジタル学生証に変換するための情報が入力されたデータベースである。学生証アプリは、学生証をデジタル学生証へと変換するためのアプリである。運営管理サーバは、学生証アプリ及び学校データベースを管理及び運営する。学校データベースは、運営管理サーバからデジタル学生証のための学校ごとの学校用アカウントが割り当てられ、かつ、学生又は生徒ごとのID及びパスワードを有する。特許文献1のシステムでは、携帯する電子媒体によりダウンロードされた学生証アプリによって、ID及びパスワードと、携帯する電子媒体に保存された顔写真をもとに、学生証がデジタル学生証に変換される。 For example, Patent Document 1 describes that a digital student ID conversion system for digitizing student ID cards is provided. The digital student ID conversion system of Patent Document 1 is a system that displays a digital student ID on a portable electronic medium. The system includes a school database, a student ID application, and an administration server. The school database is a database in which information for converting students or student information owned by the school into a digital student ID card is input. The student ID app is an app that converts your student ID into a digital student ID. The operation management server manages and operates the student ID application and school database. The school database is assigned a school account for each school for a digital student ID card by the management server, and has an ID and password for each student. In the system of Patent Document 1, a student ID card is converted into a digital student ID card using a student ID application downloaded from a portable electronic medium based on an ID, password, and a face photo stored in a portable electronic medium. .
特開2022-096624号公報JP2022-096624A
 特許文献1に開示されたように、学生証がデジタル化されることがある。学生証は、学生の身分を証明する証明書として用いられることがある。従って、学生証には信頼性が求められる。しかしながら、デジタル化された情報は偽造の対象となりやすく、デジタル化された学生証の信頼性を担保することが求められる。 As disclosed in Patent Document 1, student ID cards may be digitized. A student ID card is sometimes used as a document to prove the student's identity. Therefore, student ID cards are required to be reliable. However, digitized information is easily subject to forgery, and it is necessary to ensure the reliability of digitized student IDs.
 本発明は、デジタル学生証の信頼性を向上することに寄与する、システム及び方法を提供することを主たる目的とする。 The main purpose of the present invention is to provide a system and method that contribute to improving the reliability of digital student IDs.
 本発明の第1の視点によれば、デジタル学生証に関する制御を行う、第1のサーバと、身分証明書に格納された電子証明書に紐付いた第1のIDと、教育機関が学生を管理するための第2のIDと、を対応付けて記憶する、第2のサーバと、を含み、前記第1のサーバは、前記デジタル学生証の利用を希望する学生の前記第2のIDを前記第2のサーバに通知し、前記第2のサーバは、前記通知された第2のIDに対応する前記第1のIDが有効な場合、前記デジタル学生証の利用を希望する学生のデジタル学生証を生成し、前記生成されたデジタル学生証を前記第1のサーバに送信する、システムが提供される。 According to a first aspect of the present invention, a first server that performs control regarding a digital student ID, a first ID linked to an electronic certificate stored in an identification card, and an educational institution that manages students. and a second server that stores the second ID of the student who wishes to use the digital student ID in association with the second ID. Notify a second server, and if the first ID corresponding to the notified second ID is valid, the second server receives the digital student ID of the student who wishes to use the digital student ID. A system is provided for generating a digital student ID card and transmitting the generated digital student ID card to the first server.
 本発明の第2の視点によれば、デジタル学生証に関する制御を行う、第1のサーバと、身分証明書に格納された電子証明書に紐付いた第1のIDと、教育機関が学生を管理するための第2のIDと、を対応付けて記憶する、第2のサーバと、を含むシステムにおいて、前記第1のサーバが、前記デジタル学生証の利用を希望する学生の前記第2のIDを前記第2のサーバに通知し、前記第2のサーバが、前記通知された第2のIDに対応する前記第1のIDが有効な場合、前記デジタル学生証の利用を希望する学生のデジタル学生証を生成し、前記生成されたデジタル学生証を前記第1のサーバに送信する、方法が提供される。 According to a second aspect of the present invention, a first server that performs control regarding a digital student ID card, a first ID linked to an electronic certificate stored in an ID card, and an educational institution that manages students. a second ID for a student who wishes to use the digital student ID; and if the first ID corresponding to the notified second ID is valid, the second server notifies the second server of the digital student ID of the student who wishes to use the digital student ID. A method is provided for generating a student ID and transmitting the generated digital student ID to the first server.
 本発明の各視点によれば、デジタル学生証の信頼性を向上することに寄与する、システム及び方法が提供される。なお、本発明の効果は上記に限定されない。本発明により、当該効果の代わりに、又は当該効果と共に、他の効果が奏されてもよい。 According to aspects of the present invention, systems and methods are provided that contribute to improving the reliability of digital student IDs. Note that the effects of the present invention are not limited to the above. According to the present invention, other effects may be achieved instead of or in addition to the above effects.
図1は、一実施形態の概要を説明するための図である。FIG. 1 is a diagram for explaining an overview of one embodiment. 図2は、一実施形態の動作を説明するためのフローチャートである。FIG. 2 is a flowchart for explaining the operation of one embodiment. 図3は、第1の実施形態に係る情報処理システムの概略構成の一例を示す図である。FIG. 3 is a diagram illustrating an example of a schematic configuration of an information processing system according to the first embodiment. 図4は、第1の実施形態に係る情報処理システムの動作を説明するための図である。FIG. 4 is a diagram for explaining the operation of the information processing system according to the first embodiment. 図5は、第1の実施形態に係る情報処理システムの動作を説明するための図である。FIG. 5 is a diagram for explaining the operation of the information processing system according to the first embodiment. 図6は、第1の実施形態に係る端末の表示の一例を示す図である。FIG. 6 is a diagram illustrating an example of a display on a terminal according to the first embodiment. 図7は、第1の実施形態に係るデジタル学生証サーバの処理構成の一例を示す図である。FIG. 7 is a diagram showing an example of the processing configuration of the digital student ID server according to the first embodiment. 図8は、第1の実施形態に係るID管理サーバの処理構成の一例を示す図である。FIG. 8 is a diagram illustrating an example of the processing configuration of the ID management server according to the first embodiment. 図9は、第1の実施形態に係るID管理データベースの一例を示す図である。FIG. 9 is a diagram showing an example of the ID management database according to the first embodiment. 図10は、第1の実施形態に係るデジタル学生証生成部の動作の一例を示すフローチャートである。FIG. 10 is a flowchart illustrating an example of the operation of the digital student ID generation section according to the first embodiment. 図11は、第1の実施形態に係るデジタル学生証生成部の動作の一例を示すフローチャートである。FIG. 11 is a flowchart illustrating an example of the operation of the digital student ID generation section according to the first embodiment. 図12は、第1の実施形態に係る情報処理システムの動作の一例を示すシーケンス図である。FIG. 12 is a sequence diagram illustrating an example of the operation of the information processing system according to the first embodiment. 図13は、本願開示に係るID管理サーバのハードウェア構成の一例を示す図である。FIG. 13 is a diagram illustrating an example of the hardware configuration of the ID management server according to the present disclosure.
 はじめに、一実施形態の概要について説明する。なお、この概要に付記した図面参照符号は、理解を助けるための一例として各要素に便宜上付記したものであり、この概要の記載はなんらの限定を意図するものではない。また、特段の釈明がない場合には、各図面に記載されたブロックはハードウェア単位の構成ではなく、機能単位の構成を表す。各図におけるブロック間の接続線は、双方向及び単方向の双方を含む。一方向矢印については、主たる信号(データ)の流れを模式的に示すものであり、双方向性を排除するものではない。なお、本明細書及び図面において、同様に説明されることが可能な要素については、同一の符号を付することにより重複説明が省略され得る。 First, an overview of one embodiment will be explained. Note that the drawing reference numerals added to this summary are added to each element for convenience as an example to aid understanding, and the description of this summary is not intended to be limiting in any way. Furthermore, unless otherwise specified, the blocks depicted in each drawing represent the configuration of functional units rather than the configuration of hardware units. Connection lines between blocks in each figure include both bidirectional and unidirectional connections. The unidirectional arrows schematically indicate the main signal (data) flow, and do not exclude bidirectionality. Note that, in this specification and the drawings, elements that can be explained in the same manner are given the same reference numerals, so that redundant explanation can be omitted.
 一実施形態に係るシステムは、第1のサーバ101と、第2のサーバ102と、を含む(図1参照)。第1のサーバ101は、デジタル学生証に関する制御を行う。第2のサーバ102は、身分証明書に格納された電子証明書に紐付いた第1のIDと、教育機関が学生を管理するための第2のIDと、を対応付けて記憶する。第1のサーバ101は、デジタル学生証の利用を希望する学生の第2のIDを第2のサーバ102に通知する(図2のステップS1)。第2のサーバ102は、通知された第2のIDに対応する第1のIDが有効な場合、デジタル学生証の利用を希望する学生のデジタル学生証を生成し、当該生成されたデジタル学生証を第1のサーバ101に送信する(ステップS2)。 The system according to one embodiment includes a first server 101 and a second server 102 (see FIG. 1). The first server 101 performs control regarding the digital student ID card. The second server 102 associates and stores a first ID linked to an electronic certificate stored in an identification card and a second ID used by an educational institution to manage students. The first server 101 notifies the second server 102 of the second ID of the student who wishes to use the digital student ID card (step S1 in FIG. 2). If the first ID corresponding to the notified second ID is valid, the second server 102 generates a digital student ID of the student who wishes to use the digital student ID, and applies the generated digital student ID. is transmitted to the first server 101 (step S2).
 上記システムにおいて、第2のサーバ102は、デジタル学生証の発行を希望する学生の第1のIDが有効な場合に、当該学生のデジタル学生証を生成する。第2のサーバ102は、身分証明書(例えば、マイナンバーカード)に格納された電子証明書(第1のIDと紐付けられた電子証明書)が有効な場合にデジタル学生証を発行し、当該電子証明書が無効な場合にデジタル学生証を発行しない。即ち、第2のサーバ102により生成されるデジタル学生証は、身分証明書による本人確認が行われた学生に対して発行されるので、高い信頼性を有する。 In the above system, the second server 102 generates a digital student ID for a student who wishes to issue a digital student ID if the first ID of the student is valid. The second server 102 issues a digital student ID when the electronic certificate (electronic certificate linked to the first ID) stored in the identification card (for example, My Number Card) is valid, and Do not issue a digital student ID if the electronic certificate is invalid. That is, the digital student ID card generated by the second server 102 has high reliability because it is issued to a student whose identity has been verified using an identification card.
 以下に具体的な実施形態について、図面を参照してさらに詳しく説明する。 Specific embodiments will be described in more detail below with reference to the drawings.
[第1の実施形態]
 第1の実施形態について、図面を用いてより詳細に説明する。 [First embodiment]
The first embodiment will be described in more detail using the drawings.
[システムの構成]
 図3は、第1の実施形態に係る情報処理システム(学生証管理システム、ID管理システム)の概略構成の一例を示す図である。図3に示すように、情報処理システムには、デジタル学生証サーバ10と、ID管理サーバ20と、認証サーバ30と、複数の大学サーバ40と、が含まれる。 [System configuration]
FIG. 3 is a diagram showing an example of a schematic configuration of an information processing system (student ID management system, ID management system) according to the first embodiment. As shown in FIG. 3, the information processing system includes a digital student ID server 10, an ID management server 20, an authentication server 30, and a plurality of university servers 40.
 デジタル学生証サーバ10は、システムに参加する各大学の学生に発行される学生証(デジタル学生証)に関する管理、制御を行うサーバ装置(第1のサーバ)である。 The digital student ID server 10 is a server device (first server) that manages and controls student ID cards (digital student ID cards) issued to students of each university participating in the system.
 ID管理サーバ20は、学生に発行されるIDに関する管理を行うサーバ装置(第2のサーバ)である。ID管理サーバ20は、身分証明書に格納された電子証明書に紐付いた第1のIDと、教育機関が学生を管理するための第2のIDと、を対応付けて記憶する。これらのIDに関する詳細は後述する。 The ID management server 20 is a server device (second server) that manages IDs issued to students. The ID management server 20 associates and stores a first ID linked to an electronic certificate stored in an identification card and a second ID used by an educational institution to manage students. Details regarding these IDs will be described later.
 認証サーバ30は、利用者から依頼された電子証明書の認証業務を執り行うサーバ装置(第3のサーバ)である。認証サーバ30は、電子証明書の有効性判定に関する制御を行う。認証サーバ30は、電子証明書の認証業務を行う事業者により管理される。 The authentication server 30 is a server device (third server) that performs authentication work for electronic certificates requested by users. The authentication server 30 performs control related to determining the validity of electronic certificates. The authentication server 30 is managed by a business operator that performs authentication services for electronic certificates.
 大学サーバ40は、システムに参加する各大学の業務に関する制御を行うサーバ装置(第4のサーバ)である。大学サーバ40は、在校生に関する学生情報を記憶する。 The university server 40 is a server device (fourth server) that controls the operations of each university participating in the system. The university server 40 stores student information regarding current students.
 学生は、端末50を操作して、デジタル学生証サーバ10等にアクセスする。 The student operates the terminal 50 to access the digital student ID server 10, etc.
 図3に示す各サーバ(デジタル学生証サーバ10、ID管理サーバ20、認証サーバ30、大学サーバ40等)は、ネットワークを介して相互に通信可能に構成されている。例えば、デジタル学生証サーバ10とID管理サーバ20は、有線又は無線の通信手段により接続され、相互に通信が可能となるように構成されている。 The servers shown in FIG. 3 (digital student ID server 10, ID management server 20, authentication server 30, university server 40, etc.) are configured to be able to communicate with each other via a network. For example, the digital student ID server 10 and the ID management server 20 are connected by wired or wireless communication means and configured to be able to communicate with each other.
 図3に示す情報処理システムの構成は例示であって、その構成を限定する趣旨ではない。例えば、情報処理システムには複数のデジタル学生証サーバ10等が含まれていてもよい。 The configuration of the information processing system shown in FIG. 3 is an example, and is not intended to limit the configuration. For example, the information processing system may include a plurality of digital student ID servers 10 and the like.
[概略動作]
 続いて、第1の実施形態に係る情報処理システムの概略動作について説明する。 [Overview of operation]
Next, the general operation of the information processing system according to the first embodiment will be described.
<教育デジタルIDの発行>
 入学生は、入学する大学からデジタル学生証の発行を受ける。デジタル学生証の発行を受けるためには、入学生は、教育デジタルIDを取得する必要がある。教育デジタルIDは、教育機関内で学生を識別するためのID(第2のID)である。 <Issuance of educational digital ID>
Enrolling students will be issued a digital student ID card by the university they will enroll in. In order to receive a digital student ID card, enrolled students must obtain an educational digital ID. The educational digital ID is an ID (second ID) for identifying a student within an educational institution.
 教育デジタルIDを取得するためには、入学生は、端末50にインストールされた「デジタル学生証アプリケーション」を起動して、当該アプリケーションから教育デジタルIDの発行をシステムに依頼する。 In order to obtain an educational digital ID, the entering student starts the "digital student ID application" installed on the terminal 50 and requests the system to issue an educational digital ID from the application.
 その際、入学生は、本人確認のための情報をシステムに登録する必要がある。当該本人確認は、公的機関から発行された身分証明書を用いて行われる。具体的には、電子証明書が格納されたIC(Integrated Circuit)カードが本人確認に使用される。本願開示では、電子証明書が格納されたICカード(身分証明書)としてマイナンバーカードを例にとり説明を行う。 At that time, enrolled students will be required to register information for identity verification in the system. The identity verification is performed using an identification card issued by a public institution. Specifically, an IC (Integrated Circuit) card containing an electronic certificate is used for identity verification. In the present disclosure, a My Number card will be explained as an example of an IC card (identification card) in which an electronic certificate is stored.
 端末50は、利用者(入学生)の操作に応じて、マイナンバーカードに格納された電子証明書(例えば、利用者証明用電子証明書)を読み出す。端末50は、読み出した電子証明書及び連絡先(例えば、端末50がメールを受信可能なメールアドレス)を含む「ID発行要求」を認証サーバ30に送信する(図4のステップS01)。 The terminal 50 reads out the electronic certificate (for example, the electronic certificate for user certification) stored in the My Number card in response to the operation of the user (enrolled student). The terminal 50 transmits an "ID issuance request" including the read electronic certificate and contact information (for example, an e-mail address from which the terminal 50 can receive e-mail) to the authentication server 30 (step S01 in FIG. 4).
 ID確認要求を送信することで、入学生(端末50)は、マイナンバーカードを利用した本人確認を認証サーバ30に要求する。 By sending an ID confirmation request, the enrolled student (terminal 50) requests the authentication server 30 to confirm his/her identity using the My Number card.
 ID発行要求を受信すると、認証サーバ30は、当該ID発行要求に含まれる電子証明書の検証を認証局サーバ(図示せず)に依頼する。具体的には、認証サーバ30は、取得した電子証明書を認証局サーバに送信する。 Upon receiving the ID issue request, the authentication server 30 requests a certificate authority server (not shown) to verify the electronic certificate included in the ID issue request. Specifically, the authentication server 30 transmits the acquired electronic certificate to the certificate authority server.
 認証局サーバは、J-LIS(Japan Agency for Local Authority Information Systems)と称される国及び地方公共団体が共同して運営する法人により管理されるサーバ装置である。認証局サーバは、電子証明書(マイナンバーカード)の有効性を検証する。 The certificate authority server is a server device managed by a corporation called J-LIS (Japan Agency for Local Authority Information Systems) jointly operated by the national and local governments. The certificate authority server verifies the validity of the electronic certificate (my number card).
 認証局サーバは、認証サーバ30から取得した電子証明書の検証結果(電子証明書は有効、無効)を認証サーバ30に送信する。 The certificate authority server transmits the verification result of the electronic certificate obtained from the authentication server 30 (whether the electronic certificate is valid or invalid) to the authentication server 30.
 認証局サーバが電子証明書の検証に失敗すると(電子証明書が無効であると)、認証サーバ30は、教育デジタルIDの発行に失敗した旨を端末50に通知する。 When the certificate authority server fails to verify the electronic certificate (the electronic certificate is invalid), the authentication server 30 notifies the terminal 50 that the issuance of the educational digital ID has failed.
 この場合、端末50のデジタル学生証アプリケーションは、教育デジタルIDの発行に失敗した旨を利用者(入学生)に通知する。その際、端末50は、マイナンバーカードから読み出された電子証明書が無効であることが原因となって教育デジタルIDの発行に失敗した旨を利用者に通知してもよい。 In this case, the digital student ID application on the terminal 50 notifies the user (enrolled student) that the issuance of the educational digital ID has failed. At this time, the terminal 50 may notify the user that the issuance of the educational digital ID has failed because the electronic certificate read from the My Number card is invalid.
 認証局サーバが電子証明書の検証に成功すると(電子証明書が有効であると)、認証サーバ30は、上記入学生に対して「エンドユーザID」を発行する。エンドユーザIDは、電子証明書のシリアル番号と一意に対応する固有のID(第1のID)である。当該エンドユーザIDは、マイナンバーカードの有効無効と連動するIDである。即ち、マイナンバーカードが失効すると、エンドユーザIDも無効となる。 If the certificate authority server successfully verifies the electronic certificate (if the electronic certificate is valid), the authentication server 30 issues an "end user ID" to the student who entered the above information. The end user ID is a unique ID (first ID) that uniquely corresponds to the serial number of the electronic certificate. The end user ID is an ID that is linked to the validity and invalidation of the My Number card. That is, when the My Number card becomes invalid, the end user ID also becomes invalid.
 エンドユーザIDを発行すると、認証サーバ30は、当該発行したエンドユーザIDと電子証明書のシリアル番号を対応付けてデータベースに記憶する。 After issuing the end user ID, the authentication server 30 associates the issued end user ID with the serial number of the electronic certificate and stores them in the database.
 また、エンドユーザIDを発行すると、認証サーバ30は、当該発行したエンドユーザIDをID管理サーバ20に通知する。具体的には、認証サーバ30は、エンドユーザID及び連絡先を含む「エンドユーザID通知」をID管理サーバ20に送信する(図4のステップS02)。 Furthermore, upon issuing the end user ID, the authentication server 30 notifies the ID management server 20 of the issued end user ID. Specifically, the authentication server 30 transmits an "end user ID notification" including the end user ID and contact information to the ID management server 20 (step S02 in FIG. 4).
 エンドユーザID通知を受信すると、ID管理サーバ20は、教育デジタルIDを生成する。ID管理サーバ20は、認証サーバ30から取得したエンドユーザIDと上記生成した教育デジタルIDを対応付けてID管理データベースに記憶する。ID管理データベースの詳細は後述する。 Upon receiving the end user ID notification, the ID management server 20 generates an educational digital ID. The ID management server 20 associates the end user ID acquired from the authentication server 30 with the generated educational digital ID and stores them in the ID management database. Details of the ID management database will be described later.
 ID管理サーバ20は、上記生成した教育デジタルIDをデジタル学生証サーバ10に通知する。具体的には、ID管理サーバ20は、教育デジタルID及び連絡先を含む「教育デジタルID通知」をデジタル学生証サーバ10に送信する(図4のステップS03)。 The ID management server 20 notifies the digital student ID server 10 of the generated educational digital ID. Specifically, the ID management server 20 transmits an "educational digital ID notification" including the educational digital ID and contact information to the digital student ID server 10 (step S03 in FIG. 4).
 教育デジタルID通知を受信すると、デジタル学生証サーバ10は、学生(入学生)のデジタル学生証を管理するためのアカウントを生成する。アカウントを生成すると、デジタル学生証サーバ10は、取得した教育デジタルIDを上記学生のログイン情報として記憶する。 Upon receiving the education digital ID notification, the digital student ID server 10 creates an account for managing the student's (enrolled student) digital student ID. When an account is created, the digital student ID server 10 stores the acquired educational digital ID as the student's login information.
 また、デジタル学生証サーバ10は、教育デジタルIDを端末50(ID管理サーバ20から取得した連絡先に対応する端末50)に通知する。具体的には、デジタル学生証サーバ10は、教育デジタルIDを含む「ID発行通知」を端末50に送信する(図4のステップS04)。端末50は、受信した教育デジタルID(ログイン情報)を記憶する。 Additionally, the digital student ID server 10 notifies the educational digital ID to the terminal 50 (the terminal 50 corresponding to the contact information acquired from the ID management server 20). Specifically, the digital student ID server 10 transmits an "ID issue notification" including the educational digital ID to the terminal 50 (step S04 in FIG. 4). The terminal 50 stores the received educational digital ID (login information).
 このように、認証サーバ30(第3サーバ)は、学生が所持する端末50から電子証明書を含むID発行要求を受信する。認証サーバ30は、当該受信した電子証明書の有効性判定に関する制御(認証局サーバに電子証明書の有効性判定を依頼)を行い、当該有効性判定が行われた電子証明書が有効な場合に、IDの発行を希望する学生のエンドユーザID(第1のID)を生成する。認証サーバ30は、当該生成されたエンドユーザIDと有効な電子証明書のシリアル番号を対応付けて記憶する。さらに、認証サーバ30は、上記生成したエンドユーザIDをID管理サーバ20(第2のサーバ)に送信する。 In this way, the authentication server 30 (third server) receives an ID issuance request including an electronic certificate from the terminal 50 owned by the student. The authentication server 30 performs control regarding the validity determination of the received electronic certificate (requests the certificate authority server to determine the validity of the electronic certificate), and if the electronic certificate for which the validity determination has been performed is valid. Next, an end user ID (first ID) of the student for whom the ID is desired to be issued is generated. The authentication server 30 associates and stores the generated end user ID and the serial number of the valid electronic certificate. Further, the authentication server 30 transmits the generated end user ID to the ID management server 20 (second server).
 ID管理サーバ20は、エンドユーザIDの受信に応じて教育デジタルID(第2のID)を生成する。ID管理サーバ20は、受信したエンドユーザIDと上記生成された教育デジタルIDを対応付けて記憶すると共に、生成された教育デジタルIDをデジタル学生証サーバ10(第1のサーバ)に送信する。 The ID management server 20 generates an educational digital ID (second ID) in response to receiving the end user ID. The ID management server 20 stores the received end user ID and the generated educational digital ID in association with each other, and transmits the generated educational digital ID to the digital student ID server 10 (first server).
 デジタル学生証サーバ10は、通知された教育デジタルIDを上記IDの発行を希望する学生に通知する。その際、デジタル学生証サーバ10は、通知された教育デジタルIDをログイン情報として上記IDの発行を希望する学生に通知する。 The digital student ID server 10 notifies the notified educational digital ID to the student who wishes to have the ID issued. At that time, the digital student ID server 10 notifies the student who wishes to be issued the ID using the notified educational digital ID as login information.
<デジタル学生証の発行>
 教育デジタルIDの発行が完了すると、学生(入学生)は、デジタル学生証の発行を受けることができる。具体的には、入学生は、端末50を操作してデジタル学生証アプリケーションを起動し、デジタル学生証サーバ10のアカウントにログインする。 <Issuance of digital student ID>
Once the issuance of the educational digital ID is completed, the student (enrolled student) can receive the issuance of a digital student ID card. Specifically, the entering student operates the terminal 50 to start the digital student ID application and logs into the account on the digital student ID server 10.
 入学生がデジタル学生証の発行を希望すると、デジタル学生証サーバ10は、入学生を特定するための情報(学生特定情報)を取得する。学生特定情報には、例えば、氏名又は氏名と生年月日の組み合わせが例示される。あるいは、入学生が大学から事前に学籍番号の通知を受けている場合には、学籍番号が学生特定情報として用いられてもよい。 When an enrolled student wishes to be issued a digital student ID, the digital student ID server 10 acquires information for identifying the enrolled student (student identification information). The student identification information includes, for example, a name or a combination of a name and date of birth. Alternatively, if the enrolled student has been notified of his/her student identification number in advance from the university, the student identification number may be used as the student identification information.
 さらに、デジタル学生証サーバ10は、入学生が入学する大学を特定するための情報(大学特定情報;例えば、大学名又は大学コード)を取得する。 Further, the digital student ID server 10 acquires information for identifying the university to which the incoming student will enroll (university identification information; for example, university name or university code).
 学生特定情報及び大学特定情報を取得すると、デジタル学生証サーバ10は、ID管理サーバ20に対して、教育デジタルID、学生特定情報及び大学特定情報を含む「デジタル学生証生成要求」を送信する(図5のステップS11)。 After acquiring the student specific information and university specific information, the digital student ID server 10 transmits a "digital student ID generation request" including the educational digital ID, student specific information, and university specific information to the ID management server 20 ( Step S11 in FIG. 5).
 デジタル学生証サーバ10は、教育デジタルIDをID管理サーバ20に送信することで、当該教育デジタルIDの有効性検証をID管理サーバ20に依頼する。 The digital student ID server 10 requests the ID management server 20 to verify the validity of the educational digital ID by transmitting the educational digital ID to the ID management server 20.
 デジタル学生証生成要求を受信すると、ID管理サーバ20は、教育デジタルIDに対応するエンドユーザIDの有効性に関する検証を認証サーバ30に依頼する。具体的には、ID管理サーバ20は、ID管理データベースにアクセスし、取得した教育デジタルIDに対応するエンドユーザIDを読み出す。ID管理サーバ20は、当該読み出したエンドユーザIDを含む「エンドユーザID検証要求」を認証サーバ30に送信する(図5のステップS12)。 Upon receiving the digital student ID generation request, the ID management server 20 requests the authentication server 30 to verify the validity of the end user ID corresponding to the educational digital ID. Specifically, the ID management server 20 accesses the ID management database and reads out the end user ID corresponding to the acquired educational digital ID. The ID management server 20 transmits an "end user ID verification request" including the read end user ID to the authentication server 30 (step S12 in FIG. 5).
 エンドユーザID検証要求を受信すると、認証サーバ30は、当該エンドユーザIDに紐付く電子証明書(マイナンバーカード)の有効性を判定する。具体的には、認証サーバ30は、エンドユーザID及び電子証明書のシリアル番号を記憶するデータベースにアクセスし、取得したエンドユーザIDに対応する電子証明書のシリアル番号を読み出す。 Upon receiving the end user ID verification request, the authentication server 30 determines the validity of the electronic certificate (my number card) linked to the end user ID. Specifically, the authentication server 30 accesses a database that stores end user IDs and digital certificate serial numbers, and reads out the digital certificate serial number corresponding to the acquired end user ID.
 認証サーバ30は、当該読み出したシリアル番号を認証局サーバ(J-LISが運営するサーバ)に送信し、電子証明書のシリアル番号に対応する電子証明書の有効性判定を認証局サーバに依頼する。 The authentication server 30 transmits the read serial number to the certificate authority server (server operated by J-LIS) and requests the certificate authority server to determine the validity of the electronic certificate corresponding to the serial number of the electronic certificate. .
 認証サーバ30は、認証局サーバからの応答(シリアル番号に対応する電子証明書が有効、無効)に応じた応答をID管理サーバ20に送信する(図5のステップS13)。 The authentication server 30 transmits a response to the ID management server 20 according to the response from the certificate authority server (the electronic certificate corresponding to the serial number is valid or invalid) (step S13 in FIG. 5).
 具体的には、電子証明書が有効である旨の応答を認証局サーバから受信すると、認証サーバ30は、エンドユーザIDは有効である旨を示す肯定応答をID管理サーバ20に送信する。電子証明書が無効である旨の応答を認証局サーバから受信すると、認証サーバ30は、エンドユーザIDは無効である旨を示す否定応答をID管理サーバ20に送信する。 Specifically, upon receiving a response from the certificate authority server indicating that the electronic certificate is valid, the authentication server 30 transmits an affirmative response indicating that the end user ID is valid to the ID management server 20. Upon receiving a response indicating that the electronic certificate is invalid from the certificate authority server, the authentication server 30 transmits a negative response indicating that the end user ID is invalid to the ID management server 20.
 エンドユーザIDが有効の場合、ID管理サーバ20は、デジタル学生証サーバ10から取得した教育デジタルIDは有効であると判断する。教育デジタルIDが有効であると、ID管理サーバ20は、入学生が入学する大学(大学特定情報から特定される大学)に対して、デジタル学生証の発行を希望する学生に関する検証を要求する。具体的には、ID管理サーバ20は、大学サーバ40に対して、教育デジタルID及び学生特定情報を含む「在校生確認要求」を送信する(図5のステップS14)。 If the end user ID is valid, the ID management server 20 determines that the educational digital ID acquired from the digital student ID server 10 is valid. If the educational digital ID is valid, the ID management server 20 requests the university to which the student enrolls (the university specified from the university identification information) to verify the student who wishes to issue a digital student ID. Specifically, the ID management server 20 transmits a "current student confirmation request" including the educational digital ID and student identification information to the university server 40 (step S14 in FIG. 5).
 ID管理サーバ20は、在校生確認要求を大学サーバ40に送信することで、デジタル学生証の発行を希望する学生が、当該学生により指定された大学に在籍しているか否かの判定(検証)を当該大学に依頼する。 The ID management server 20 determines (verifies) whether or not the student who wishes to receive a digital student ID card is enrolled in the university specified by the student by sending a current student confirmation request to the university server 40. request to the relevant university.
 在校生確認要求を受信した大学サーバ40は、入学生の氏名、生年月日、生体情報(例えば、顔画像)、所属学部等を記憶した学生情報データベースを参照し、学生特定情報に対応する学生(入学生)が当該データベースに登録されているか否か判定する。大学サーバ40は、判定結果をID管理サーバ20に送信する(図5のステップS15)。 The university server 40 that receives the current student confirmation request refers to the student information database that stores the name, date of birth, biometric information (e.g., facial image), affiliated faculty, etc. of the enrolled student, and identifies the student corresponding to the student identification information. (Enrolled student) Determines whether or not the student is registered in the database. The university server 40 transmits the determination result to the ID management server 20 (step S15 in FIG. 5).
 学生特定情報に対応する学生が学生情報データベースに登録されていない場合、大学サーバ40は、学生特定情報に対応する学生は存在しない旨を示す否定応答をID管理サーバ20に送信する。 If the student corresponding to the student specific information is not registered in the student information database, the university server 40 sends a negative response to the ID management server 20 indicating that the student corresponding to the student specific information does not exist.
 学生特定情報に対応する学生が学生情報データベースに登録されている場合、大学サーバ40は、学生特定情報に対応する学生の情報(学生情報)を含む肯定応答をID管理サーバ20に送信する。例えば、大学サーバ40は、学生の氏名、生年月日、大学名、所属学部、所属学科、学籍番号、生体情報、所属大学の所在地、所属大学の連絡先等を「学生情報」としてID管理サーバ20に送信する。 If the student corresponding to the student specific information is registered in the student information database, the university server 40 transmits an affirmative response including the student information (student information) corresponding to the student specific information to the ID management server 20. For example, the university server 40 stores the student's name, date of birth, university name, affiliated faculty, affiliated department, student ID number, biometric information, affiliated university location, affiliated university contact information, etc. as "student information" on the ID management server. Send to 20.
 また、学生特定情報に対応する学生が学生情報データベースに登録されている場合、大学サーバ40は、ID管理サーバ20から取得した教育デジタルIDを学生情報データベースに記憶する。 Furthermore, if the student corresponding to the student identification information is registered in the student information database, the university server 40 stores the educational digital ID acquired from the ID management server 20 in the student information database.
 大学(大学サーバ40)は、教育デジタルIDを新たな学生特定情報として用いて学生の管理を行う。具体的には、大学サーバ40は、教育デジタルID、学生の個人情報(氏名、生年月日等)、生体情報(例えば、顔画像)、学籍番号、所属学部、履修情報(成績に関する情報;例えば、取得単位、出席情報)等を対応付けて記憶する。 The university (university server 40) manages students using the educational digital ID as new student identification information. Specifically, the university server 40 stores educational digital IDs, student personal information (name, date of birth, etc.), biometric information (e.g. facial images), student ID number, department to which they belong, course information (information regarding grades; e.g. , acquisition unit, attendance information), etc. are stored in association with each other.
 ID管理サーバ20は、デジタル学生証生成要求に対する応答をデジタル学生証サーバ10に送信する(図5のステップS16)。 The ID management server 20 transmits a response to the digital student ID generation request to the digital student ID server 10 (step S16 in FIG. 5).
 認証サーバ30から「エンドユーザIDが無効」と通知された場合、ID管理サーバ20は、デジタル学生証の生成不可を示す否定応答をデジタル学生証サーバ10に送信する。 When notified by the authentication server 30 that the end user ID is invalid, the ID management server 20 sends a negative response to the digital student ID server 10 indicating that the digital student ID cannot be generated.
 あるいは、在校生確認要求に対する応答として大学サーバ40から否定応答を受信した場合にも、ID管理サーバ20は、否定応答をデジタル学生証サーバ10に送信する。 Alternatively, even when receiving a negative response from the university server 40 as a response to the current student confirmation request, the ID management server 20 transmits the negative response to the digital student ID server 10.
 大学サーバ40から肯定応答を受信した場合、ID管理サーバ20は、デジタル学生証を生成(発行)する。ID管理サーバ20は、大学サーバ40から取得した学生情報を使ってデジタル学生証に記載する「券面情報」を生成し、当該券面情報を含むデジタル学生証を生成する。 When receiving a positive response from the university server 40, the ID management server 20 generates (issues) a digital student ID. The ID management server 20 generates "card face information" to be written on the digital student ID card using the student information acquired from the university server 40, and generates a digital student ID card including the card face information.
 デジタル学生証には、学生の氏名、生年月日、学籍番号、生体情報(例えば、顔画像)、所属大学の情報等が記載される。 The digital student ID card contains the student's name, date of birth, student ID number, biometric information (for example, facial image), information on the university to which the student belongs, etc.
 デジタル学生証を生成すると、ID管理サーバ20は、当該生成されたデジタル学生証を含む肯定応答をデジタル学生証サーバ10に送信する。 After generating the digital student ID, the ID management server 20 transmits an affirmative response including the generated digital student ID to the digital student ID server 10.
 また、デジタル学生証の発行が完了すると、ID管理サーバ20は、デジタル学生証の発行を受けた学生を特定する学生特定情報(例えば、学籍番号)と大学を特定する大学特定情報(例えば、大学名)をID管理データベースに登録する。即ち、デジタル学生証が学生に発行されると、ID管理サーバ20は、当該学生のエンドユーザID、教育デジタルID、学籍番号及び大学名を対応付けて記憶する。 Furthermore, when the issuance of the digital student ID card is completed, the ID management server 20 stores student identification information (for example, student ID number) that identifies the student who received the digital student ID card and university identification information that identifies the university (for example, the university name) in the ID management database. That is, when a digital student ID card is issued to a student, the ID management server 20 stores the student's end user ID, educational digital ID, student ID number, and university name in association with each other.
 デジタル学生証生成要求に対する肯定応答を受信すると、デジタル学生証サーバ10は、デジタル学生証の発行が完了した旨を学生(入学生)に通知する。あるいは、デジタル学生証サーバ10は、発行されたデジタル学生証を端末50に表示してもよい。例えば、端末50は、図6に示すようなデジタル学生証を表示する。 Upon receiving an affirmative response to the digital student ID generation request, the digital student ID server 10 notifies the student (enrolled student) that the issuance of the digital student ID has been completed. Alternatively, the digital student ID server 10 may display the issued digital student ID on the terminal 50. For example, the terminal 50 displays a digital student ID card as shown in FIG.
<デジタル学生証の利用>
 続いて、学生によるデジタル学生証の利用について説明する。学生は、デジタル学生証を身分証明書として利用できる。 <Use of digital student ID>
Next, we will explain how students use digital student ID cards. Students can use their digital student ID cards as identification documents.
 この場合、学生は、端末50を操作して、デジタル学生証サーバ10にログインする。具体的には、学生は、デジタル学生証アプリケーションを起動し、当該アプリケーションを介してログイン情報(教育デジタルID)をデジタル学生証サーバ10に送信する。 In this case, the student operates the terminal 50 to log in to the digital student ID server 10. Specifically, the student starts a digital student ID application and sends login information (educational digital ID) to the digital student ID server 10 via the application.
 デジタル学生証サーバ10は、ログイン情報(教育デジタルID)を用いて学生を認証する。デジタル学生証サーバ10のアカウントにログインすると、学生は、端末50を操作して所定の動作を行い、デジタル学生証の表示を要求する。 The digital student ID server 10 authenticates students using login information (educational digital ID). After logging into the account of the digital student ID server 10, the student operates the terminal 50 to perform a predetermined operation and requests display of the digital student ID.
 デジタル学生証の表示要求を受け付けると、デジタル学生証サーバ10は、デジタル学生証の生成時と同様に、「デジタル学生証生成要求」をID管理サーバ20に送信する。 Upon receiving a request to display a digital student ID, the digital student ID server 10 sends a "digital student ID generation request" to the ID management server 20, in the same way as when generating a digital student ID.
 デジタル学生証生成要求を受信すると、ID管理サーバ20は、当該要求に含まれる教育デジタルIDをキーとしてID管理データベースを検索し、対応するエントリを特定する。ID管理サーバ20は、対応するエントリに学籍番号が登録されている場合(デジタル学生証が既に発行済の場合)、デジタル学生証生成要求を、予め定められたポリシ(デジタル学生証制御ポリシ)に基づいて処理する。 Upon receiving a digital student ID generation request, the ID management server 20 searches the ID management database using the educational digital ID included in the request as a key, and identifies the corresponding entry. If the student ID number is registered in the corresponding entry (if the digital student ID card has already been issued), the ID management server 20 handles the digital student ID generation request according to a predetermined policy (digital student ID control policy). Process based on
 例えば、デジタル学生証制御ポリシには、エンドユーザIDの有効性検証(マイナンバーカードの有効性検証)に関するポリシが含まれる。 For example, the digital student ID control policy includes a policy regarding validity verification of end user ID (validity verification of My Number card).
 エンドユーザIDの有効性検証に関するポリシには、例えば、エンドユーザIDの有効性を確認する頻度、タイミング等に関する規則(基準)が含まれる。例えば、エンドユーザIDの有効性に関するポリシとして、「デジタル学生証が利用されるたびにエンドユーザIDの有効性を確認する」や「直前の有効性確認から所定期間経過している場合、エンドユーザIDの有効性を確認する」等が例示される。あるいは、エンドユーザIDの有効性確認に関するポリシは、「所定期間が経過することでエンドユーザIDの有効性を確認する」であってもよい。例えば、当該所定期間が「上期」、「下期」であれば、半年の間に1度エンドユーザIDの確認が行われればよい。あるいは、エンドユーザIDの有効性確認に関するポリシは、「所定期間内に所定回数以上のエンドユーザIDの確認が行われない場合には、当該所定回数以降はエンドユーザIDの有効性を確認する」でもあってもよい。例えば、所定期間が半年、所定回数が5回であれば、半年の間に5回まではエンドユーザIDの有効性確認が行われず、6回目の以降にエンドユーザIDの有効性が確認される。 The policy regarding validation of end user ID includes, for example, rules (criteria) regarding frequency, timing, etc. of validating end user ID. For example, a policy regarding the validity of end user IDs might be, ``Check the validity of the end user ID each time the digital student ID card is used,'' or ``If a predetermined period of time has passed since the last validity check, the end user ID For example, "Check the validity of the ID." Alternatively, the policy regarding the validity check of the end user ID may be "confirm the validity of the end user ID after a predetermined period has elapsed." For example, if the predetermined period is the "first half" or "second half", the end user ID may be confirmed once every six months. Alternatively, the policy regarding end user ID validity confirmation may be ``If the end user ID is not confirmed a predetermined number of times or more within a predetermined period, the validity of the end user ID will be confirmed after the predetermined number of times.'' It may also be. For example, if the predetermined period is 6 months and the predetermined number of times is 5 times, the validity of the end user ID will not be checked up to 5 times within 6 months, and the validity of the end user ID will be checked after the 6th time. .
 デジタル学生証制御ポリシに従い、エンドユーザIDの有効性の確認が必要と判定された場合、ID管理サーバ20は、図5に示すデジタル学生証の生成処理と同様の処理を実行する。 If it is determined that it is necessary to confirm the validity of the end user ID according to the digital student ID control policy, the ID management server 20 executes the same process as the digital student ID generation process shown in FIG. 5.
 具体的には、ID管理サーバ20は、認証サーバ30にエンドユーザID検証要求を送信する。また、ID管理サーバ20は、大学特定情報から特定される大学サーバ40に在校生確認要求を送信する。なお、ID管理サーバ20は、教育デジタルID又は学籍番号を学生特定情報として含む在校生確認要求を送信する。 Specifically, the ID management server 20 transmits an end user ID verification request to the authentication server 30. Further, the ID management server 20 transmits a current student confirmation request to the university server 40 specified from the university identification information. Note that the ID management server 20 transmits a current student confirmation request that includes an educational digital ID or student ID number as student identification information.
 ID管理サーバ20は、エンドユーザIDが有効であって、大学サーバ40から学生情報を取得できた場合に、デジタル学生証を生成する。ID管理サーバ20は、生成したデジタル学生証をデジタル学生証サーバ10に送信する。 The ID management server 20 generates a digital student ID when the end user ID is valid and student information can be acquired from the university server 40. The ID management server 20 transmits the generated digital student ID to the digital student ID server 10.
 デジタル学生証制御ポリシに従い、エンドユーザIDの有効性の確認は不要と判定された場合、ID管理サーバ20は、大学サーバ40に在校生確認要求を送信する。この場合にも、ID管理サーバ20は、教育デジタルID又は学籍番号を学生特定情報として含む在校生確認要求を大学サーバ40に送信する。 If it is determined that confirmation of the validity of the end user ID is unnecessary according to the digital student ID control policy, the ID management server 20 transmits a current student confirmation request to the university server 40. In this case as well, the ID management server 20 transmits a current student confirmation request including the educational digital ID or student ID number as student identification information to the university server 40.
 ID管理サーバ20は、大学サーバ40から取得した学生情報を用いてデジタル学生証を生成する。ID管理サーバ20は、生成したデジタル学生証をデジタル学生証サーバ10に送信する。 The ID management server 20 generates a digital student ID using the student information acquired from the university server 40. The ID management server 20 transmits the generated digital student ID to the digital student ID server 10.
 デジタル学生証サーバ10は、ID管理サーバ20から受信したデジタル学生証を端末50に表示する。例えば、学生は、自身の身分を証明する際、デジタル学生証を第三者に提示する。例えば、学割で定期券を購入する際、学生は、鉄道会社にデジタル学生証を提示する。鉄道会社は、マイナンバーカードにより本人であることが裏付けられたデジタル学生証を信用し、定期券を販売する。 The digital student ID server 10 displays the digital student ID received from the ID management server 20 on the terminal 50. For example, students present their digital student ID card to a third party to prove their identity. For example, when purchasing a commuter pass with a student discount, students present their digital student ID to the railway company. Railway companies sell commuter passes by trusting digital student IDs whose identity is verified by My Number cards.
 このように、デジタル学生証サーバ10(第1のサーバ)は、デジタル学生証の利用を希望する学生の教育デジタルID(第2のID)をID管理サーバ20(第2のサーバ)に通知する。ID管理サーバ20は、通知された教育デジタルIDに対応するエンドユーザID(第1のID)が有効な場合、デジタル学生証の利用を希望する学生のデジタル学生証を生成し、生成されたデジタル学生証をデジタル学生証サーバ10に送信する。 In this way, the digital student ID server 10 (first server) notifies the ID management server 20 (second server) of the educational digital ID (second ID) of the student who wishes to use the digital student ID. . If the end user ID (first ID) corresponding to the notified educational digital ID is valid, the ID management server 20 generates a digital student ID for the student who wishes to use the digital student ID, and uses the generated digital student ID. Send the student ID to the digital student ID server 10.
 その際、ID管理サーバ20は、通知された教育デジタルIDに対応するエンドユーザIDを認証サーバ30(第3のサーバ)に通知することで認証サーバ30にエンドユーザIDの有効性に関する判定を要求する。認証サーバ30は、通知されたエンドユーザIDに対応する電子証明書の有効性判定に関する制御を行い、判定結果をID管理サーバ20に通知する。 At this time, the ID management server 20 notifies the authentication server 30 (third server) of the end user ID corresponding to the notified educational digital ID, thereby requesting the authentication server 30 to make a determination regarding the validity of the end user ID. do. The authentication server 30 performs control related to determining the validity of the electronic certificate corresponding to the notified end user ID, and notifies the ID management server 20 of the determination result.
 ID管理サーバ20は、通知された教育デジタルIDに対応するエンドユーザIDが有効な場合であって、且つ、大学サーバ40(第4のサーバ)からデジタル学生証の利用を希望する学生の学生情報を取得できた場合に、デジタル学生証を生成する。なお、既にデジタル学生証が発行されている学生について、ID管理サーバ20は、予め定められたポリシに従い、認証サーバ30に対してエンドユーザIDの有効性に関する判定を要求するか否か判定する。 If the end user ID corresponding to the notified educational digital ID is valid, the ID management server 20 receives the student information of the student who wishes to use the digital student ID card from the university server 40 (fourth server). If you are able to obtain a digital student ID, a digital student ID will be generated. Note that for students to whom a digital student ID has already been issued, the ID management server 20 determines whether or not to request the authentication server 30 to determine the validity of the end user ID, according to a predetermined policy.
 続いて、第1の実施形態に係る情報処理システムに含まれる各装置の詳細について説明する。 Next, details of each device included in the information processing system according to the first embodiment will be described.
[デジタル学生証サーバ]
 図7は、第1の実施形態に係るデジタル学生証サーバ10の処理構成(処理モジュール)の一例を示す図である。図7を参照すると、デジタル学生証サーバ10は、通信制御部201と、ID発行制御部202と、デジタル学生証制御部203と、記憶部204と、を備える。 [Digital student ID server]
FIG. 7 is a diagram showing an example of a processing configuration (processing module) of the digital student ID server 10 according to the first embodiment. Referring to FIG. 7, the digital student ID server 10 includes a communication control section 201, an ID issuing control section 202, a digital student ID control section 203, and a storage section 204.
 通信制御部201は、他の装置との間の通信を制御する手段である。例えば、通信制御部201は、ID管理サーバ20からデータ(パケット)を受信する。また、通信制御部201は、ID管理サーバ20に向けてデータを送信する。通信制御部201は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部201は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部201を介して他の装置とデータの送受信を行う。通信制御部201は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。 The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the ID management server 20. Furthermore, the communication control unit 201 transmits data to the ID management server 20. The communication control unit 201 passes data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 201. The communication control unit 201 has a function as a reception unit that receives data from another device, and a function as a transmission unit that transmits data to the other device.
 ID発行制御部202は、教育デジタルIDの発行に関する制御を行う手段である。ID発行制御部202は、ID管理サーバ20から受信する教育デジタルID通知を処理する。 The ID issuance control unit 202 is a means for controlling the issuance of educational digital IDs. The ID issuance control unit 202 processes educational digital ID notifications received from the ID management server 20.
 教育デジタルID通知を受信すると、ID発行制御部202は、デジタル学生証を管理するためのアカウントを生成する。アカウントを生成すると、ID発行制御部202は、当該アカウントにおいて、学生の教育デジタルIDをログイン情報として管理する。なお、ID発行制御部202は、教育デジタルID以外のIDをログイン情報として生成してもよい。 Upon receiving the educational digital ID notification, the ID issuance control unit 202 generates an account for managing the digital student ID. When an account is generated, the ID issuance control unit 202 manages the student's educational digital ID as login information in the account. Note that the ID issuance control unit 202 may generate an ID other than the educational digital ID as the login information.
 また、学生のアカウントを生成すると、ID発行制御部202は、デジタル学生証の発行を希望する入学生が所持する端末50に対して「ID発行通知」を送信する。ID発行通知には、ログイン情報(教育デジタルID)が含まれる。 Furthermore, when a student account is generated, the ID issuance control unit 202 transmits an "ID issuance notification" to the terminal 50 owned by the enrolled student who wishes to be issued a digital student ID. The ID issuance notification includes login information (educational digital ID).
 なお、ID発行制御部202は、教育デジタルIDをログインIDとして扱い、アカウントにログインするためのパスワードの設定を入学生に要求してもよい。具体的には、ID発行制御部202は、教育デジタルIDを端末50に送付する際、端末50を介して、アカウントにログインするためのパスワードの決定を入学生に促してもよい。 Note that the ID issuance control unit 202 may treat the educational digital ID as a login ID and request the enrolled student to set a password for logging into the account. Specifically, when sending the educational digital ID to the terminal 50, the ID issuance control unit 202 may prompt the enrolled student to determine a password for logging into the account via the terminal 50.
 デジタル学生証制御部203は、デジタル学生証に関する制御を行う手段である。 The digital student ID control unit 203 is a means for controlling the digital student ID.
 ログイン情報(教育デジタルID)を使ってアカウントにログインした学生が所定の動作(例えば、端末50に表示されたデジタル学生証発行ボタンの押下)を行うと、デジタル学生証制御部203は、学生特定情報及び大学特定情報を取得する。 When a student who has logged in to their account using their login information (educational digital ID) performs a predetermined action (for example, pressing the digital student ID issue button displayed on the terminal 50), the digital student ID control unit 203 identifies the student. Obtain information and university specific information.
 例えば、デジタル学生証制御部203は、GUI(Graphical User Interface)等を端末50に表示して、学生特定情報(例えば、氏名と生年月日の組み合わせ)及び大学特定情報(例えば、大学名又は大学コード)を取得する。 For example, the digital student ID control unit 203 displays a GUI (Graphical User Interface) or the like on the terminal 50, and displays student specific information (for example, a combination of name and date of birth) and university specific information (for example, a university name or code).
 学生特定情報及び大学特定情報を取得すると、デジタル学生証制御部203は、教育デジタルID、学生特定情報及び大学特定情報を含む「デジタル学生証生成要求」をID管理サーバ20に送信する。 Upon acquiring the student identification information and university identification information, the digital student ID control unit 203 transmits a “digital student ID generation request” including the educational digital ID, student identification information, and university identification information to the ID management server 20.
 デジタル学生証制御部203は、デジタル学生証生成要求に対する応答(肯定応答、否定応答)を受信する。 The digital student ID control unit 203 receives a response (affirmative response, negative response) to the digital student ID generation request.
 肯定応答(デジタル学生証の生成に成功した旨の応答)を受信した場合、デジタル学生証制御部203は、デジタル学生証の発行に成功した旨を入学生に通知する。否定応答(デジタル学生証の生成に失敗した旨の応答)を受信した場合、デジタル学生証制御部203は、デジタル学生証の発行に失敗した旨を入学生に通知する。 If a positive response (response indicating that the digital student ID card was successfully generated) is received, the digital student ID control unit 203 notifies the enrolled student that the digital student ID card has been successfully issued. If a negative response (response to the effect that generation of the digital student ID card has failed) is received, the digital student ID control unit 203 notifies the enrolled student that the issuance of the digital student ID card has failed.
 また、ログインした学生が所定の動作(例えば、端末50に表示されたデジタル学生証表示ボタンの押下)を行うと、当該ログインした学生の教育デジタルID及び大学特定情報を含む「デジタル学生証生成要求」をID管理サーバ20に送信する。 In addition, when a logged-in student performs a predetermined action (for example, pressing the digital student ID display button displayed on the terminal 50), a "digital student ID generation request" containing the educational digital ID and university specific information of the logged-in student is issued. ” to the ID management server 20.
 デジタル学生証制御部203は、ID管理サーバ20からの応答をデジタル学生証の発行時と同様に処理する。 The digital student ID control unit 203 processes the response from the ID management server 20 in the same way as when issuing a digital student ID.
 記憶部204は、デジタル学生証サーバ10の動作に必要な情報を記憶する手段である。 The storage unit 204 is a means for storing information necessary for the operation of the digital student ID server 10.
[ID管理サーバ]
 図8は、第1の実施形態に係るID管理サーバ20の処理構成(処理モジュール)の一例を示す図である。図8を参照すると、ID管理サーバ20は、通信制御部301と、ID管理部302と、デジタル学生証生成部303と、記憶部304と、を備える。 [ID management server]
FIG. 8 is a diagram showing an example of a processing configuration (processing module) of the ID management server 20 according to the first embodiment. Referring to FIG. 8, the ID management server 20 includes a communication control section 301, an ID management section 302, a digital student ID generation section 303, and a storage section 304.
 通信制御部301は、他の装置との間の通信を制御する手段である。例えば、通信制御部301は、デジタル学生証サーバ10からデータ(パケット)を受信する。また、通信制御部301は、デジタル学生証サーバ10に向けてデータを送信する。通信制御部301は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部301は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部301を介して他の装置とデータの送受信を行う。通信制御部301は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。 The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the digital student ID server 10. Furthermore, the communication control unit 301 transmits data to the digital student ID server 10. The communication control unit 301 passes data received from other devices to other processing modules. The communication control unit 301 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 301. The communication control unit 301 has a function as a receiving unit that receives data from another device, and a function as a transmitting unit that transmits data to the other device.
 ID管理部302は、エンドユーザID及び教育デジタルIDに関する制御、管理を行う手段である。 The ID management unit 302 is a means for controlling and managing end user IDs and educational digital IDs.
 ID管理部302は、認証サーバ30から「エンドユーザID通知」を受信する。エンドユーザIDの受信に応じて、ID管理部302は、教育デジタルIDを生成する。教育デジタルIDは、エンドユーザIDを一意に対応する情報であればどのような情報であってもよい。例えば、ID管理部302は、エンドユーザID通知を処理するたびに一意な値を採番し教育デジタルIDとしてもよい。 The ID management unit 302 receives an “end user ID notification” from the authentication server 30. In response to receiving the end user ID, the ID management unit 302 generates an educational digital ID. The educational digital ID may be any information as long as it uniquely corresponds to the end user ID. For example, the ID management unit 302 may assign a unique value to the educational digital ID each time it processes an end user ID notification.
 教育デジタルIDを生成すると、ID管理部302は、エンドユーザIDと教育デジタルIDを対応付けてID管理データベースに記憶する(図9参照)。図9に示すように、ID管理データベースは、エンドユーザID、教育デジタルID、学籍番号及び大学名を対応付けて記憶する。なお、図9には図示を省略しているが、ID管理データベースは、エンドユーザIDの検証に関する履歴(エンドユーザID検証要求を送信した日時及び検証結果)も記憶する。 After generating the educational digital ID, the ID management unit 302 associates the end user ID and the educational digital ID and stores them in the ID management database (see FIG. 9). As shown in FIG. 9, the ID management database stores end user IDs, educational digital IDs, student ID numbers, and university names in association with each other. Although not shown in FIG. 9, the ID management database also stores a history regarding end user ID verification (date and time of transmitting the end user ID verification request and verification results).
 また、図9に示すID管理データベースは例示であって、記憶する項目等を限定する趣旨ではない。例えば、教育デジタルIDの生成日時が当該データベースに登録されていてもよい。 Furthermore, the ID management database shown in FIG. 9 is an example, and is not intended to limit the items to be stored. For example, the generation date and time of the educational digital ID may be registered in the database.
 ID管理部302は、生成した教育デジタルIDと連絡先(例えば、デジタル学生証の発行を希望する学生が所持する端末50の連絡先)を含む教育デジタルID通知をデジタル学生証サーバ10に送信する。 The ID management unit 302 transmits an educational digital ID notification including the generated educational digital ID and contact information (for example, the contact information of the terminal 50 owned by the student who wishes to issue a digital student ID card) to the digital student ID server 10. .
 デジタル学生証生成部303は、デジタル学生証を生成する手段である。図10及び図11は、第1の実施形態に係るデジタル学生証生成部303の動作の一例を示すフローチャートである。図10及び図11を参照し、デジタル学生証生成部303の動作を説明する。 The digital student ID generation unit 303 is a means for generating a digital student ID. 10 and 11 are flowcharts showing an example of the operation of the digital student ID generation unit 303 according to the first embodiment. The operation of the digital student ID generation unit 303 will be explained with reference to FIGS. 10 and 11.
 デジタル学生証生成要求を受信すると、デジタル学生証生成部303は、当該要求に含まれる教育デジタルIDをキーとしてID管理データベースを検索し、対応するエントリを特定する(データベースの検索;ステップS101)。 Upon receiving a digital student ID generation request, the digital student ID generation unit 303 searches the ID management database using the educational digital ID included in the request as a key, and identifies the corresponding entry (database search; step S101).
 デジタル学生証生成部303は、対応するエントリの「学籍番号」フィールドに学籍番号が設定されているか否か判定する(学籍番号の有無を判定;ステップS102)。 The digital student ID generation unit 303 determines whether or not a student ID number is set in the "student ID number" field of the corresponding entry (determines the presence or absence of a student ID number; step S102).
 学籍番号が設定されていれば(ステップS103、Yes分岐)、デジタル学生証生成部303は、図11のステップS201以降の処理を実行する。ステップS102以降の処理については後述する。 If the student ID number has been set (step S103, Yes branch), the digital student ID generation unit 303 executes the processes from step S201 onward in FIG. The processing after step S102 will be described later.
 学籍番号が設定されていなければ(ステップS103、No分岐)、デジタル学生証生成部303は、上記特定されたエントリのエンドユーザIDを読み出す。デジタル学生証生成部303は、当該読み出したエンドユーザIDを含む「エンドユーザID検証要求」を認証サーバ30に送信する(ステップS104)。 If the student ID number is not set (step S103, No branch), the digital student ID generation unit 303 reads the end user ID of the specified entry. The digital student ID generation unit 303 transmits an "end user ID verification request" including the read end user ID to the authentication server 30 (step S104).
 デジタル学生証生成部303は、認証サーバ30からエンドユーザID検証要求に対する応答を受信する。 The digital student ID generation unit 303 receives a response to the end user ID verification request from the authentication server 30.
 認証サーバ30から否定応答(エンドユーザIDは無効)を受信した場合(ステップS105、No分岐)、デジタル学生証生成部303は、デジタル学生証サーバ10に送信する応答に否定応答を設定する(ステップS106)。 If a negative response (the end user ID is invalid) is received from the authentication server 30 (step S105, No branch), the digital student ID generation unit 303 sets the negative response in the response to be sent to the digital student ID server 10 (step S105, No branch). S106).
 認証サーバ30から肯定応答(エンドユーザIDは有効)を受信した場合(ステップS105、Yes分岐)、デジタル学生証生成部303は、大学特定情報から特定される大学の大学サーバ40に対して「在校生確認要求」を送信する(ステップS107)。在校生確認要求には、教育デジタルIDと学生特定情報が含まれる。 If a positive response (end user ID is valid) is received from the authentication server 30 (step S105, Yes branch), the digital student ID generation unit 303 sends an "existing" message to the university server 40 of the university specified from the university specific information. "School student confirmation request" is transmitted (step S107). The current student confirmation request includes an educational digital ID and student identification information.
 デジタル学生証生成部303は、大学サーバ40から在校生確認要求に対する応答を受信する。 The digital student ID generation unit 303 receives a response to the current student confirmation request from the university server 40.
 大学サーバ40から否定応答(対応する学生は在籍していない旨を示す応答)を受信した場合(ステップS108、No分岐)、デジタル学生証生成部303は、デジタル学生証サーバ10に送信する応答に否定応答を設定する(ステップS106)。 If a negative response (response indicating that the corresponding student is not enrolled) is received from the university server 40 (step S108, No branch), the digital student ID generation unit 303 responds to the response to be sent to the digital student ID server 10. A negative response is set (step S106).
 大学サーバ40から肯定応答(対応する学生は在籍している旨を示す応答)を受信した場合(ステップS108、Yes分岐)、デジタル学生証生成部303は、デジタル学生証サーバ10に送信する応答に肯定応答を設定する(ステップS109)。 If an affirmative response (response indicating that the corresponding student is enrolled) is received from the university server 40 (step S108, Yes branch), the digital student ID generation unit 303 responds to the response to be sent to the digital student ID server 10. A positive response is set (step S109).
 デジタル学生証生成部303は、大学サーバ40から受信した肯定応答に含まれる学生情報(デジタル学生証に記載する券面情報)を用いてデジタル学生証を生成する(ステップS110)。 The digital student ID generation unit 303 generates a digital student ID using the student information (card face information written on the digital student ID) included in the affirmative response received from the university server 40 (step S110).
 なお、デジタル学生証を生成(新規に発行)すると、デジタル学生証生成部303は、大学サーバ40から取得した学籍番号及び大学名をID管理データベースに記憶する。 Note that when a digital student ID is generated (newly issued), the digital student ID generation unit 303 stores the student ID number and university name acquired from the university server 40 in the ID management database.
 デジタル学生証生成部303は、デジタル学生証生成要求に対する応答をデジタル学生証サーバ10に送信する(ステップS111)。肯定応答を送信する場合には、デジタル学生証生成部303は、上記生成したデジタル学生証をデジタル学生証サーバ10に送信する。 The digital student ID generation unit 303 transmits a response to the digital student ID generation request to the digital student ID server 10 (step S111). When transmitting an affirmative response, the digital student ID generation unit 303 transmits the generated digital student ID to the digital student ID server 10.
 ID管理データベースを検索して特定されたエントリに学籍番号が設定されていれば(ステップS103、Yes分岐)、デジタル学生証生成部303は、図11に示す処理を実行する。 If the student ID number is set in the entry identified by searching the ID management database (step S103, Yes branch), the digital student ID generation unit 303 executes the process shown in FIG. 11.
 具体的には、デジタル学生証生成部303は、予め設定されたデジタル学生証制御ポリシを参照する(ポリシの参照;ステップS201)。 Specifically, the digital student ID generation unit 303 refers to a preset digital student ID control policy (refer to policy; step S201).
 デジタル学生証生成部303は、デジタル学生証制御ポリシを参照し、エンドユーザIDの有効性検証の有無を判定する(ID有効性検証の有無を判定;ステップS202)。 The digital student ID generation unit 303 refers to the digital student ID control policy and determines whether validity verification of the end user ID is performed (determines whether ID validity verification is performed; step S202).
 教育デジタルIDの有効性検証が必要であれば(ステップS203、Yes分岐)、デジタル学生証生成部303は、図10に示すステップS104以降の処理を実行する。 If it is necessary to verify the validity of the educational digital ID (step S203, Yes branch), the digital student ID generation unit 303 executes the processes from step S104 shown in FIG. 10.
 教育デジタルIDの有効性検証が不要であれば(ステップS203、No分岐)、デジタル学生証生成部303は、図10に示すステップS107以降の処理を実行する。 If the validity verification of the educational digital ID is not necessary (step S203, No branch), the digital student ID generation unit 303 executes the processes from step S107 shown in FIG. 10.
 ID管理データベースに学籍番号が既に設定されている場合(学生に対して既にデジタル学生証が発行されている場合)、デジタル学生証生成部303は、教育デジタルIDに代えて又は加えて学籍番号を含む在校生確認要求を大学サーバ40に送信してもよい。即ち、教育デジタルID又は学籍番号が、学生を特定するための情報として大学サーバ40に送信されてもよい。なお、デジタル学生証生成部303は、デジタル学生証制御ポリシに基づいて、在校生確認を送信しなくてもよい。 If the student ID number has already been set in the ID management database (if a digital student ID card has already been issued to the student), the digital student ID generation unit 303 generates the student ID number instead of or in addition to the educational digital ID. A current student confirmation request including the above may be sent to the university server 40. That is, the educational digital ID or student ID number may be transmitted to the university server 40 as information for identifying the student. Note that the digital student ID generation unit 303 does not need to transmit the student confirmation based on the digital student ID control policy.
 記憶部304は、ID管理サーバ20の動作に必要な情報を記憶する手段である。 The storage unit 304 is a means for storing information necessary for the operation of the ID management server 20.
[認証サーバ]
 認証サーバ30に関する処理構成等の説明は省略する。認証サーバ30は、ID発行要求を受信し、電子証明書(マイナンバーカード)が有効であればエンドユーザIDを生成する。例えば、認証サーバ30は、電子証明書のシリアル番号のハッシュ値を計算し、当該計算されたハッシュ値をエンドユーザIDとする。また、認証サーバ30は、ID管理サーバ20から受信したエンドユーザID検証要求を処理する。 [Authentication server]
A description of the processing configuration and the like regarding the authentication server 30 will be omitted. The authentication server 30 receives the ID issuance request and generates an end user ID if the electronic certificate (my number card) is valid. For example, the authentication server 30 calculates a hash value of the serial number of the electronic certificate, and uses the calculated hash value as the end user ID. The authentication server 30 also processes end user ID verification requests received from the ID management server 20.
[大学サーバ]
 大学サーバ40に関する処理構成等の説明は省略する。大学サーバ40は、入学生を含む在校生に関する学生情報を記憶する。大学サーバ40は、学生情報データベースを用いて、学生の氏名、生年月日、顔画像、所属学部等を管理する。 [University server]
A description of the processing configuration and the like regarding the university server 40 will be omitted. The university server 40 stores student information regarding current students including new students. The university server 40 uses a student information database to manage students' names, dates of birth, facial images, departments to which they belong, and the like.
[端末]
 端末50には、スマートフォン、携帯電話機、ゲーム機、タブレット等の携帯端末装置やコンピュータ(パーソナルコンピュータ、ノートパソコン)等が例示される。端末50は、学生の操作を受け付け、デジタル学生証サーバ10等と通信可能であれば任意の機器、デバイスとすることができる。また、端末50に関する処理構成等の説明は省略する。学生は、端末50にインストールされたデジタル学生証アプリケーションを用いて、デジタル学生証の発行や表示をシステムに要求する。また、端末50は、学生から4桁の暗証番号を取得する、又は、マイナンバーカードに格納された顔情報を用いた認証を実行することで、マイナンバーカードから電子証明書を読み出す。 [Terminal]
Examples of the terminal 50 include mobile terminal devices such as smartphones, mobile phones, game consoles, and tablets, computers (personal computers, notebook computers), and the like. The terminal 50 can be any equipment or device as long as it accepts student operations and can communicate with the digital student ID server 10 and the like. Furthermore, descriptions of the processing configuration and the like regarding the terminal 50 will be omitted. The student uses the digital student ID application installed on the terminal 50 to request the system to issue or display a digital student ID. Further, the terminal 50 reads out the electronic certificate from the My Number card by acquiring a four-digit password from the student or by performing authentication using facial information stored in the My Number card.
[システムの動作]
 続いて、第1の実施形態に係る情報処理システムの動作について説明する。図12は、第1の実施形態に係る情報処理システムの動作の一例を示すシーケンス図である。図12を参照しつつ、デジタル学生証の発行に関する情報処理システムの動作を説明する。 [System operation]
Next, the operation of the information processing system according to the first embodiment will be explained. FIG. 12 is a sequence diagram illustrating an example of the operation of the information processing system according to the first embodiment. The operation of the information processing system regarding the issuance of a digital student ID card will be explained with reference to FIG. 12.
 学生がデジタル学生証の発行を希望すると、デジタル学生証サーバ10は、当該学生の教育デジタルIDを含むデジタル学生証生成要求をID管理サーバ20に送信する(ステップS21)。 When a student wishes to issue a digital student ID, the digital student ID server 10 transmits a digital student ID generation request including the student's educational digital ID to the ID management server 20 (step S21).
 ID管理サーバ20は、教育デジタルIDに対応するエンドユーザIDの有効性検証を認証サーバ30に依頼する。ID管理サーバ20は、エンドユーザIDを含むエンドユーザID検証要求を認証サーバ30に送信する(ステップS22)。 The ID management server 20 requests the authentication server 30 to verify the validity of the end user ID corresponding to the educational digital ID. The ID management server 20 transmits an end user ID verification request including the end user ID to the authentication server 30 (step S22).
 認証サーバ30からエンドユーザIDは有効である旨の肯定応答を受信すると、ID管理サーバ20は、学生が指定する大学に対してデジタル学生証の発行を希望する学生の存在確認を依頼する。具体的には、ID管理サーバ20は、教育デジタルID及び学生特定情報を含む在校生確認要求を大学サーバ40に送信する(ステップS23)。 Upon receiving an affirmative response from the authentication server 30 that the end user ID is valid, the ID management server 20 requests the university specified by the student to confirm the existence of the student who wishes to issue a digital student ID. Specifically, the ID management server 20 transmits a current student confirmation request including an educational digital ID and student identification information to the university server 40 (step S23).
 大学サーバ40から学生は在籍している旨の肯定応答を受信すると、ID管理サーバ20は、大学サーバ40から通知された学生情報を用いてデジタル学生証を生成する(ステップS24)。 Upon receiving an affirmative response from the university server 40 indicating that the student is enrolled, the ID management server 20 generates a digital student ID card using the student information notified from the university server 40 (step S24).
 ID管理サーバ20は、生成したデジタル学生証をデジタル学生証サーバ10に送信する(ステップS25)。 The ID management server 20 transmits the generated digital student ID to the digital student ID server 10 (step S25).
 デジタル学生証サーバ10は、取得したデジタル学生証を学生(入学生)に提示する(ステップS26)。 The digital student ID server 10 presents the acquired digital student ID to the student (enrolled student) (step S26).
 続いて、第1の実施形態に係る情報処理システムの変形例について説明する。 Next, a modification of the information processing system according to the first embodiment will be described.
<第1の実施形態に係る変形例1>
 上記実施形態では、認証サーバ30による電子証明書の検証が失敗した場合(エンドユーザIDが生成されない場合)には、デジタル学生証の発行がなされないことを説明した。しかし、エンドユーザIDが生成されない場合であっても、ID管理サーバ20は、暫定的なデジタル学生証を発行してもよい。 <Modification 1 according to the first embodiment>
In the above embodiment, it has been explained that if the verification of the electronic certificate by the authentication server 30 fails (if the end user ID is not generated), the digital student ID card will not be issued. However, even if an end user ID is not generated, the ID management server 20 may issue a temporary digital student ID.
 例えば、マイナンバーカードが失効している間に、入学生が教育デジタルIDの発行要求を行った場合などに暫定的なデジタル学生証が発行されてもよい。この場合、ID管理サーバ20は、事後的にエンドユーザIDの発行が行われた学生に対して真のデジタル学生証を発行してもよい。 For example, a temporary digital student ID may be issued when a new student requests issuance of an educational digital ID while the My Number card is expired. In this case, the ID management server 20 may issue a true digital student ID card to the student for whom the end user ID has been issued after the fact.
 端末50から送信されたID発行要求に応じて実施された認証局サーバによる電子証明書の検証結果が「電子証明書は無効」の場合、認証サーバ30は、入学生に対して仮のエンドユーザIDを発行する。当該仮のエンドユーザIDは、端末50の連絡先と対応付けられて記憶される。 If the verification result of the electronic certificate performed by the certification authority server in response to the ID issuance request sent from the terminal 50 is "the electronic certificate is invalid," the authentication server 30 assigns the enrolled student a provisional end user status. Issue an ID. The temporary end user ID is stored in association with the contact information of the terminal 50.
 認証サーバ30は、仮のエンドユーザIDを含むエンドユーザID通知をID管理サーバ20に送信する。ID管理サーバ20は、仮のエンドユーザIDをID管理データベースに登録する。ID管理サーバ20は、当該仮のエンドユーザIDを受信したことに応じて教育デジタルIDを生成し、デジタル学生証サーバ10を介して端末50に当該教育デジタルIDを通知する。 The authentication server 30 transmits an end user ID notification including the temporary end user ID to the ID management server 20. The ID management server 20 registers the temporary end user ID in the ID management database. The ID management server 20 generates an educational digital ID in response to receiving the temporary end user ID, and notifies the terminal 50 of the educational digital ID via the digital student ID server 10.
 学生がデジタル学生証の発行を希望すると、デジタル学生証サーバ10は、ID管理サーバ20に対してデジタル学生証生成要求を送信する。デジタル学生証発行要求に含まれる教育デジタルIDに対応するエンドユーザIDが仮のエンドユーザIDであれば、ID管理サーバ20は、認証サーバ30に検証を要求することなく、大学サーバ40に在校生確認要求を送信する。 When a student wishes to issue a digital student ID, the digital student ID server 10 sends a digital student ID generation request to the ID management server 20. If the end user ID corresponding to the educational digital ID included in the digital student ID issuance request is a temporary end user ID, the ID management server 20 will send the current student ID to the university server 40 without requesting the authentication server 30 for verification. Submit a confirmation request.
 在校生確認要求の送信に応じて学生情報を取得すると、ID管理サーバ20は、当該取得した学生情報を用いて仮のデジタル学生証を発行する。ID管理サーバ20は、仮のデジタル学生証を、デジタル学生証サーバ10を介して入学生に提供する。 Upon acquiring student information in response to the transmission of the current student confirmation request, the ID management server 20 issues a temporary digital student ID using the acquired student information. The ID management server 20 provides a temporary digital student ID to the enrolled student via the digital student ID server 10.
 仮のデジタル学生証の発行を受けた学生の端末50は、発行されたデジタル学生証は仮であることを明示しつつ、当該仮のデジタル学生証を表示する。 The terminal 50 of the student who has been issued a temporary digital student ID displays the temporary digital student ID while clearly indicating that the issued digital student ID is temporary.
 マイナンバーカードが更新されるなどしてマイナンバーカードが有効になると、学生は、端末50を操作して教育デジタルIDの発行を要求する。認証サーバ30は、端末50から取得した電子証明書が有効と判定された場合、端末50の連絡先と紐付けられた仮のエンドユーザIDが存在するか否か判定する。 When the My Number Card is updated and becomes valid, the student operates the terminal 50 to request issuance of an educational digital ID. If the electronic certificate acquired from the terminal 50 is determined to be valid, the authentication server 30 determines whether a temporary end user ID linked to the contact information of the terminal 50 exists.
 端末50の連絡先と紐付けられた仮のエンドユーザIDが存在する場合、認証サーバ30は、当該仮のエンドユーザIDを真のエンドユーザIDに置き換えてデータベースに記憶する(電子証明書のシリアル番号と対応付けて記憶する)。さらに、認証サーバ30は、仮のエンドユーザIDと真のエンドユーザIDのペアをID管理サーバ20に送信する。 If a temporary end user ID linked to the contact information of the terminal 50 exists, the authentication server 30 replaces the temporary end user ID with the true end user ID and stores it in the database (the serial number of the electronic certificate (stored in association with the number). Further, the authentication server 30 transmits the pair of the temporary end user ID and the true end user ID to the ID management server 20.
 当該2つのIDのペアを受信すると、ID管理サーバ20は、仮のエンドユーザIDの学生について真のデジタル学生証を生成し、真のデジタル学生証が発行された旨を端末50に通知する。また、ID管理サーバ20は、仮のエンドユーザIDを真のエンドユーザIDにより書き換えることでID管理データベースを更新する。 Upon receiving the pair of the two IDs, the ID management server 20 generates a true digital student ID for the student with the temporary end user ID, and notifies the terminal 50 that the true digital student ID has been issued. The ID management server 20 also updates the ID management database by rewriting the temporary end user ID with the true end user ID.
 ID管理データベースが更新された後は、ID管理サーバ20は、上記説明した通常のデジタル学生証の制御、管理に関する動作を行う。 After the ID management database is updated, the ID management server 20 performs operations related to the normal control and management of the digital student ID card described above.
 このように、ID管理サーバ20は、認証サーバ30から通知された教育デジタルIDに対応するエンドユーザIDが無効な場合(マイナンバーカードが無効な場合)、デジタル学生証の利用を希望する学生に仮のデジタル学生証を生成してもよい。なお、ID管理サーバ20は、認証サーバ30から取得した仮のエンドユーザIDに有効期間を設定してもよい。当該有効期間の間に真のエンドユーザIDを受信しなければ(有効期間の間にマイナンバーカードが更新されなければ)、ID管理サーバ20は、仮のエンドユーザIDを無効としてもよい。同様に、ID管理サーバ20は、仮のデジタル学生証にも有効期限を設けてもよい。この場合、仮のデジタル学生証の有効期間の間にマイナンバーカードが更新されなければ、仮のデジタル学生証は無効となる。 In this way, if the end user ID corresponding to the educational digital ID notified by the authentication server 30 is invalid (if the My Number Card is invalid), the ID management server 20 provides temporary information to the student who wishes to use the digital student ID. may generate a digital student ID. Note that the ID management server 20 may set a validity period to the temporary end user ID acquired from the authentication server 30. If the true end user ID is not received during the validity period (if the My Number Card is not updated during the validity period), the ID management server 20 may invalidate the temporary end user ID. Similarly, the ID management server 20 may also set an expiration date on the temporary digital student ID. In this case, if the My Number Card is not updated during the validity period of the temporary digital student ID, the temporary digital student ID will become invalid.
<第1の実施形態に係る変形例2>
 端末50は、デジタル学生証を他のデバイスに提供することができる。具体的には、端末50は、デジタル学生証の券面情報を、2次元バーコード、NFC(Near Field Communication)による非接触通信手段を用いて他のデバイスに提供することができる。 <Modification 2 according to the first embodiment>
Terminal 50 can provide the digital student ID to other devices. Specifically, the terminal 50 can provide the face information of the digital student ID card to other devices using a two-dimensional barcode or non-contact communication means using NFC (Near Field Communication).
 他のデバイスは、2次元バーコードや非接触通信手段により得た券面情報を用いて、学生に種々のサービスを提供することができる。例えば、大学に設置されたゲート装置は、券面情報を取得することで、自大学の学生の通行を許可するといった対応が可能となる。 Other devices can provide various services to students using ticket information obtained through two-dimensional barcodes and non-contact communication means. For example, a gate device installed at a university can allow students of its own university to pass by acquiring ticket information.
 あるいは、他のデバイスは、2次元バーコードや非接触通信手段を用いて学生の生体情報を取得してもよい。当該取得された生体情報は、生体認証を用いたサービスに利用されてもよい。例えば、学生が、大学内に設置された自動販売機から飲料等を購入する場合を考える。この場合、自動販売機は、2次元バーコード等により学生の生体情報を取得する。また、自動販売機は、学生を撮影することで当該学生の生体情報を取得する。自動販売機は、当該取得した2つの生体情報を大学サーバ40に送信する。 Alternatively, other devices may acquire the student's biometric information using a two-dimensional barcode or non-contact communication means. The acquired biometric information may be used for a service using biometric authentication. For example, consider a case where a student purchases drinks or the like from a vending machine installed on campus. In this case, the vending machine acquires the student's biometric information using a two-dimensional barcode or the like. Additionally, the vending machine acquires biometric information of the student by photographing the student. The vending machine transmits the two acquired biometric information to the university server 40.
 大学サーバ40は、取得した2つの生体情報を用いて1対1照合を実行する。1対1照合に成功すると(端末50の真の所有者が自動販売機を利用するこが確認されると)、大学サーバ40は、取得した生体情報と予め登録された生体情報を用いた照合処理により被認証者を特定する。その後、大学サーバ40は、当該特定された被認証者の口座情報(例えば、クレジットカードの情報)を用いて決済処理を行う。決済処理に成功すると、学生は、飲料等を購入することができる。 The university server 40 performs one-to-one matching using the two acquired biometric information. When the one-on-one matching is successful (when it is confirmed that the true owner of the terminal 50 is using the vending machine), the university server 40 performs matching using the acquired biometric information and pre-registered biometric information. The person to be authenticated is identified through processing. Thereafter, the university server 40 performs payment processing using the account information (for example, credit card information) of the identified person to be authenticated. If the payment process is successful, the student can purchase drinks and the like.
 このように、デジタル学生証は、2次元バーコードの表示、NFCによる非接触通信により生体情報を他のデバイスに提供することができる。他のデバイスに提供された生体情報は、生体認証を用いたサービスに活用される。なお、他のデバイスに提供される生体情報(例えば、顔画像)はマイナンバーカードに格納された顔画像であってもよい。 In this way, the digital student ID card can provide biometric information to other devices through display of a two-dimensional barcode and non-contact communication using NFC. Biometric information provided to other devices is used for services using biometric authentication. Note that the biometric information (for example, a facial image) provided to another device may be a facial image stored in a My Number card.
<第1の実施形態に係る変形例3>
 卒業生は、エンドユーザIDによる本人確認を行うことで、大学サーバ40へ直接または間接的にアクセスし、対応する学生情報を取得することができる。取得した学生情報は、卒業生の判断により第三者(企業等)に提出することができる。 <Modification 3 according to the first embodiment>
By verifying the identity using the end user ID, the graduate can access the university server 40 directly or indirectly and obtain corresponding student information. The obtained student information may be submitted to a third party (such as a company) at the discretion of the graduate.
 例えば、卒業生は、端末50を操作して、電子証明書の検証を認証サーバ30に依頼する。認証サーバ30の検証結果が「電子証明書は有効」であれば、端末50は、認証サーバ30による検証結果を添えて学生情報(例えば、履修証明書等)の提供を大学サーバ40に依頼する。 For example, the graduate operates the terminal 50 to request the authentication server 30 to verify the electronic certificate. If the verification result of the authentication server 30 is "the electronic certificate is valid", the terminal 50 requests the university server 40 to provide student information (for example, course certificate, etc.) along with the verification result of the authentication server 30. .
 大学サーバ40は、認証サーバ30による検証結果を確認し、マイナンバーカード(エンドユーザID)が有効であれば、卒業生が指定する学生情報を端末50に送信する。 The university server 40 checks the verification result by the authentication server 30, and if the my number card (end user ID) is valid, sends the student information specified by the graduate to the terminal 50.
<第1の実施形態に係る変形例4>
 大学を卒業した卒業生は、自身の学生情報(例えば、履修証明書等)を第三者に提供することができる。 <Modification 4 according to the first embodiment>
Graduates who graduate from universities can provide their student information (for example, course certificates, etc.) to third parties.
 卒業生は、端末50を操作して、学生情報の提供要求を、デジタル学生証アプリケーションを介してデジタル学生証サーバ10に入力する。デジタル学生証サーバ10は、当該卒業生の教育デジタルIDをID管理サーバ20に送信する。 The graduate operates the terminal 50 to input a request to provide student information to the digital student ID server 10 via the digital student ID application. The digital student ID server 10 transmits the educational digital ID of the graduate to the ID management server 20.
 ID管理サーバ20は、教育デジタルIDに対応するエンドユーザIDの有効性検証を認証サーバ30に要求する。 The ID management server 20 requests the authentication server 30 to verify the validity of the end user ID corresponding to the educational digital ID.
 エンドユーザIDが有効であれば(マイナンバーカードが有効であれば)、ID管理サーバ20は、教育デジタルIDを大学サーバ40に送信することで、大学サーバ40から当該卒業生の学生情報(例えば、履修証明書等)を取得する。 If the end user ID is valid (if the My Number Card is valid), the ID management server 20 sends the educational digital ID to the university server 40, and the university server 40 receives student information (for example, course registration) of the graduate. certificate, etc.).
 ID管理サーバ20は、取得した学生情報を、デジタル学生証サーバ10を介して、卒業生が所持する端末50に送信する。卒業生は、端末50から当該取得した学生情報を第三者(例えば、企業等)に提出できる。 The ID management server 20 transmits the acquired student information to the terminal 50 owned by the graduate via the digital student ID server 10. The graduate can submit the acquired student information to a third party (for example, a company, etc.) from the terminal 50.
 このように、卒業生は、エンドユーザIDによる本人確認を受け、大学サーバ40から対応する学生情報を取得することができる。取得した学生情報は、卒業生の判断により第三者(企業等)に提出することができる。 In this way, the graduate can obtain the corresponding student information from the university server 40 after receiving identity verification using the end user ID. The obtained student information may be submitted to a third party (such as a company) at the discretion of the graduate.
<第1の実施形態に係る変形例5>
 学生は、端末50やマイナンバーカードを紛失した際、一時的にデジタル学生証の利用を停止することができる。即ち、学生は、デジタル学生証の悪用を防止することができる。 <Modification 5 according to the first embodiment>
If a student loses their terminal 50 or their My Number Card, they can temporarily stop using their digital student ID card. That is, students can prevent misuse of their digital student ID cards.
 マイナンバーカードを紛失した場合、学生は、コールセンター等に連絡しマイナンバーカードの失効手続きを行う。マイナンバーカードが失効することで、認証サーバ30によるエンドユーザIDの有効性検証に失敗し、ID管理サーバ20は、デジタル学生証を生成できない。 If a student loses their My Number Card, they should contact the call center, etc. and complete the procedures to revoke their My Number Card. When the My Number card becomes invalid, the verification of the validity of the end user ID by the authentication server 30 fails, and the ID management server 20 cannot generate a digital student ID.
 端末50を紛失した場合には、学生は、大学に連絡し、自身の状態を「学生情報提供禁止」に設定してもらう。大学サーバ40は、学生情報提供禁止状態に設定された学生について学生情報をID管理サーバ20に提供しない。その結果、ID管理サーバ20は、デジタル学生証を生成できない。 If the terminal 50 is lost, the student contacts the university and has his or her status set to "prohibition of provision of student information." The university server 40 does not provide the ID management server 20 with student information for students set to the student information provision prohibited state. As a result, the ID management server 20 cannot generate a digital student ID.
 以上のように、第1の実施形態に係るID管理サーバ20は、デジタル学生証を生成する際又は表示する際、学生の教育デジタルIDに紐付くエンドユーザIDの有効性検証を認証サーバ30に依頼する。依頼を受けた認証サーバ30は、エンドユーザIDと一意に対応する電子証明書(学生のマイナンバーカードから読み出された電子証明書)が有効な場合に、エンドユーザIDが有効であると判定する。即ち、ID管理サーバ20は、教育デジタルIDの有効性判定を介して、間接的に、マイナンバーカードの有効性判定を認証サーバ30に依頼する。教育デジタルIDが有効な場合(マイナンバーカードが有効な場合)、ID管理サーバ20は、デジタル学生証の発行(又は利用)を希望する学生のデジタル学生証を生成する。その結果、ID管理サーバ20により生成されるデジタル学生証は、マイナンバーカードにより本人であることが裏付けられた学生に対して発行されるので、高い信頼性を有する。 As described above, when the ID management server 20 according to the first embodiment generates or displays a digital student ID, the authentication server 30 verifies the validity of the end user ID linked to the student's educational digital ID. Make a request. Upon receiving the request, the authentication server 30 determines that the end user ID is valid if the electronic certificate uniquely corresponding to the end user ID (the electronic certificate read from the student's My Number card) is valid. . That is, the ID management server 20 indirectly requests the authentication server 30 to determine the validity of the My Number card through the validity determination of the educational digital ID. If the educational digital ID is valid (if the My Number Card is valid), the ID management server 20 generates a digital student ID for the student who wishes to issue (or use) a digital student ID. As a result, the digital student ID card generated by the ID management server 20 has high reliability because it is issued to a student whose identity is verified by the My Number card.
 続いて、情報処理システムを構成する各装置のハードウェアについて説明する。図13は、ID管理サーバ20のハードウェア構成の一例を示す図である。 Next, the hardware of each device that makes up the information processing system will be explained. FIG. 13 is a diagram showing an example of the hardware configuration of the ID management server 20.
 ID管理サーバ20は、情報処理装置(所謂、コンピュータ)により構成可能であり、図13に例示する構成を備える。例えば、ID管理サーバ20は、プロセッサ311、メモリ312、入出力インターフェイス313及び通信インターフェイス314等を備える。上記プロセッサ311等の構成要素は内部バス等により接続され、相互に通信可能に構成されている。 The ID management server 20 can be configured by an information processing device (so-called computer), and has the configuration illustrated in FIG. 13. For example, the ID management server 20 includes a processor 311, a memory 312, an input/output interface 313, a communication interface 314, and the like. The components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
 但し、図13に示す構成は、ID管理サーバ20のハードウェア構成を限定する趣旨ではない。ID管理サーバ20は、図示しないハードウェアを含んでもよいし、必要に応じて入出力インターフェイス313を備えていなくともよい。また、ID管理サーバ20に含まれるプロセッサ311等の数も図13の例示に限定する趣旨ではなく、例えば、複数のプロセッサ311がID管理サーバ20に含まれていてもよい。 However, the configuration shown in FIG. 13 is not intended to limit the hardware configuration of the ID management server 20. The ID management server 20 may include hardware (not shown), and may not include the input/output interface 313 if necessary. Furthermore, the number of processors 311 and the like included in the ID management server 20 is not limited to the example shown in FIG. 13; for example, a plurality of processors 311 may be included in the ID management server 20.
 プロセッサ311は、例えば、CPU(Central Processing Unit)、MPU(Micro Processing Unit)、DSP(Digital Signal Processor)等のプログラマブルなデバイスである。あるいは、プロセッサ311は、FPGA(Field Programmable Gate Array)、ASIC(Application Specific Integrated Circuit)等のデバイスであってもよい。プロセッサ311は、オペレーティングシステム(OS;Operating System)を含む各種プログラムを実行する。 The processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
 メモリ312は、RAM(Random Access Memory)、ROM(Read Only Memory)、HDD(Hard Disk Drive)、SSD(Solid State Drive)等である。メモリ312は、OSプログラム、アプリケーションプログラム、各種データを格納する。 The memory 312 is a RAM (Random Access Memory), a ROM (Read Only Memory), an HDD (Hard Disk Drive), an SSD (Solid State Drive), or the like. The memory 312 stores OS programs, application programs, and various data.
 入出力インターフェイス313は、図示しない表示装置や入力装置のインターフェイスである。表示装置は、例えば、液晶ディスプレイ等である。入力装置は、例えば、キーボードやマウス等のユーザ操作を受け付ける装置である。 The input/output interface 313 is an interface for a display device or input device (not shown). The display device is, for example, a liquid crystal display. The input device is, for example, a device such as a keyboard or a mouse that receives user operations.
 通信インターフェイス314は、他の装置と通信を行う回路、モジュール等である。例えば、通信インターフェイス314は、NIC(Network Interface Card)等を備える。 The communication interface 314 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card).
 ID管理サーバ20の機能は、各種処理モジュールにより実現される。当該処理モジュールは、例えば、メモリ312に格納されたプログラムをプロセッサ311が実行することで実現される。また、当該プログラムは、コンピュータが読み取り可能な記憶媒体に記録することができる。記憶媒体は、半導体メモリ、ハードディスク、磁気記録媒体、光記録媒体等の非トランジェント(non-transitory)なものとすることができる。即ち、本発明は、コンピュータプログラム製品として具現することも可能である。また、上記プログラムは、ネットワークを介してダウンロードするか、あるいは、プログラムを記憶した記憶媒体を用いて、更新することができる。さらに、上記処理モジュールは、半導体チップにより実現されてもよい。 The functions of the ID management server 20 are realized by various processing modules. The processing module is realized, for example, by the processor 311 executing a program stored in the memory 312. Further, the program can be recorded on a computer-readable storage medium. The storage medium can be non-transitory, such as a semiconductor memory, a hard disk, a magnetic recording medium, an optical recording medium, etc. That is, the present invention can also be implemented as a computer program product. Furthermore, the above program can be updated via a network or by using a storage medium that stores the program. Furthermore, the processing module may be realized by a semiconductor chip.
 なお、デジタル学生証サーバ10等もID管理サーバ20と同様に情報処理装置により構成可能であり、その基本的なハードウェア構成はID管理サーバ20と相違する点はないので説明を省略する。 It should be noted that the digital student ID server 10 and the like can be configured by an information processing device in the same way as the ID management server 20, and the basic hardware configuration thereof is not different from the ID management server 20, so a description thereof will be omitted.
 情報処理装置であるID管理サーバ20は、コンピュータを搭載し、当該コンピュータにプログラムを実行させることでID管理サーバ20の機能が実現できる。また、ID管理サーバ20は、当該プログラムによりID管理サーバ20の制御方法を実行する。 The ID management server 20, which is an information processing device, is equipped with a computer, and the functions of the ID management server 20 can be realized by having the computer execute a program. Furthermore, the ID management server 20 executes a method of controlling the ID management server 20 using the program.
[変形例]
 なお、上記実施形態にて説明した情報処理システムの構成、動作等は例示であって、システムの構成等を限定する趣旨ではない。 [Modified example]
Note that the configuration, operation, etc. of the information processing system described in the above embodiments are merely examples, and are not intended to limit the configuration, etc. of the system.
 上記実施形態では、教育機関として大学を例にとり説明を行ったが、教育機関は、高校、専門学校等であってもよい。また、教育機関は、日本国内の教育機関に限らず外国の教育機関であってもよい。 Although the above embodiment has been described using a university as an example of an educational institution, the educational institution may also be a high school, a vocational school, or the like. Further, the educational institution is not limited to an educational institution in Japan, but may be an educational institution in a foreign country.
 上記実施形態では、本人確認のための電子証明書を備える身分証明書としてマイナンバーカードを例にとり説明を行ったが、他の身分証明書が用いられてもよい。 In the above embodiment, the My Number card was used as an example of an identification document that includes an electronic certificate for identity verification, but other identification documents may be used.
 上記実施形態では、認証サーバ30(認証局サーバ)が検証する電子証明書として利用者証明用電子証明書を例にとり説明を行ったが、署名用電子証明書の検証が認証サーバ30(認証局サーバ)により行われてもよい。即ち、認証サーバ30は、署名用電子証明書のシリアル番号とエンドユーザIDを対応付けて管理してもよい。 In the above embodiment, the user certification electronic certificate was explained as an example of the electronic certificate verified by the authentication server 30 (certification authority server), but the verification of the signature electronic certificate is server). That is, the authentication server 30 may manage the serial number of the signature electronic certificate and the end user ID in association with each other.
 上記実施形態では、ID管理サーバ20が、大学サーバ40に在校生確認要求を送信することで、デジタル学生証の発行を受ける学生の学生情報を取得する場合について説明した(図5のステップS14、S15)。ここで、ID管理サーバ20が、各大学の学生情報を記憶している場合には、これらの工程は不要である。 In the above embodiment, the ID management server 20 transmits a current student confirmation request to the university server 40 to acquire student information of a student who will receive a digital student ID card (step S14 in FIG. 5). S15). Here, if the ID management server 20 stores student information of each university, these steps are unnecessary.
 また、上記実施形態では、エンドユーザIDの発行手続きとデジタル学生証の発行手続きを別の工程として説明したが、エンドユーザIDの発行とデジタル学生証の発行は一連の手続きにて行われてもよい。具体的には、認証サーバ30から「エンドユーザID通知」を受信すると、ID管理サーバ20は、大学サーバ40に対して「在校生確認要求」を送信することで学生情報を取得する。ID管理サーバ20は、取得した学生情報を用いてデジタル学生証を生成し、デジタル学生証サーバ10に当該生成したデジタル学生証を送信する。デジタル学生証サーバ10は、教育デジタルIDとデジタル学生証を学生に提供する。このように、エンドユーザIDの発行とデジタル学生証の発行が一連の手続きで行われる場合には、エンドユーザIDの検証(図5のステップS12、S13)は省略されてもよい。 Furthermore, in the above embodiment, the procedure for issuing an end user ID and the procedure for issuing a digital student ID are described as separate processes, but the issuance of an end user ID and the issuance of a digital student ID may be performed in a series of procedures. good. Specifically, upon receiving the "end user ID notification" from the authentication server 30, the ID management server 20 acquires student information by transmitting a "current student confirmation request" to the university server 40. The ID management server 20 generates a digital student ID using the acquired student information, and transmits the generated digital student ID to the digital student ID server 10. The digital student ID server 10 provides educational digital IDs and digital student IDs to students. In this way, when the issuance of an end user ID and the issuance of a digital student ID card are performed in a series of procedures, verification of the end user ID (steps S12 and S13 in FIG. 5) may be omitted.
 上記実施形態では、デジタル学生証が発行された学生を特定(管理)するためにID管理データベースに各学生の学籍番号が登録されることを説明した(図9参照)。ここで、デジタル学生証が発行された学生を特定するための情報には、学籍番号に限らず任意の情報を用いることができる。例えば、ID管理データベースは、メールアドレス、氏名、電話番号及び学生番号と所属学科(所属学部)の組み合わせを、デジタル学生証の発行を受けた学生を管理する情報として記憶してもよい。あるいは、ID管理データベースは、学籍番号と大学名(学生が所属する大学が判別情報)の組み合わせを、デジタル学生証の発行を受けた学生を管理(特定)する情報として記憶してもよい。また、この場合、ID管理サーバ20のデジタル学生証生成部303は、図10のステップS103において、ID管理データベースが記憶する情報の設定有無を判定すればよい。例えば、ID管理データベースが学生を特定するための情報として学籍番号と大学名の組み合わせを記憶している場合、デジタル学生証生成部303は、ID管理データベースにおける学籍番号と大学名の組み合わせの設定有無を判定すればよい。 In the above embodiment, it has been explained that the student ID number of each student is registered in the ID management database in order to identify (manage) students to whom digital student ID cards have been issued (see FIG. 9). Here, the information for identifying the student to whom the digital student ID card has been issued may be any information other than the student ID number. For example, the ID management database may store a combination of email address, name, telephone number, student number, and department (faculty to which it belongs) as information for managing students who have been issued digital student IDs. Alternatively, the ID management database may store a combination of a student ID number and a university name (discrimination information for the university to which the student belongs) as information for managing (identifying) students who have been issued digital student ID cards. Further, in this case, the digital student ID generation unit 303 of the ID management server 20 may determine whether or not the information stored in the ID management database is set in step S103 of FIG. For example, if the ID management database stores a combination of student number and university name as information for identifying a student, the digital student ID generation unit 303 determines whether the combination of student number and university name is set in the ID management database. All you have to do is judge.
 上記実施形態では、ID管理サーバ20がデジタル学生証を生成する場合について説明した。しかし、他の装置(例えば、デジタル学生証サーバ10又は大学サーバ40)がデジタル学生証を生成してもよい。また、大学サーバ40がデジタル学生証を生成する場合には、大学サーバ40は、自大学のデジタル署名が付与されたデジタル学生証を生成してもよい。また、2次元バーコード等によりデジタル学生証を取得した他のデバイスは、デジタル学生証に付与されたデジタル署名の検証に成功した場合に、当該デジタル学生証を活用してもよい。 In the above embodiment, a case has been described in which the ID management server 20 generates a digital student ID. However, other devices (eg, digital student ID server 10 or university server 40) may generate the digital student ID. Furthermore, when the university server 40 generates a digital student ID, the university server 40 may generate the digital student ID with the digital signature of its own university attached thereto. Further, another device that has acquired a digital student ID using a two-dimensional barcode or the like may utilize the digital student ID if the digital signature given to the digital student ID is successfully verified.
 上記実施形態では、ID管理サーバ20は、デジタル学生証制御ポリシに基づいて、エンドユーザIDの検証要否を判定することを説明した。ここで、上記デジタル学生証制御ポリシは、大学ごとに異なるポリシが設定されていてもよい。例えば、大学A1の学生については、デジタル学生証の利用の都度、エンドユーザIDの検証が行われ、大学A2の学生については、直前の検証から所定期間経過後にエンドユーザIDの検証が行われる、といったポリシが設定されてもよい。 In the above embodiment, it has been explained that the ID management server 20 determines whether or not verification of the end user ID is necessary based on the digital student ID control policy. Here, the digital student ID card control policy may be set differently for each university. For example, for students at university A1, the end user ID is verified each time they use their digital student ID cards, and for students at university A2, the end user ID is verified after a predetermined period of time has passed since the previous verification. A policy such as this may be set.
 あるいは、デジタル学生証制御ポリシには、在校生確認に関するポリシが設定されていてもよい。例えば、「デジタル学生証の利用の都度、在校生確認が行われる」、「年度が替わって最初のデジタル学生証の利用時に在校生確認が行われる」といったポリシが設定されてもよい。 Alternatively, the digital student ID control policy may include a policy regarding confirmation of current students. For example, a policy may be set such as ``Confirmation of current students is performed each time a digital student ID is used'' or ``Confirmation of current students is performed when a digital student ID is used for the first time in a new academic year.''
 上記実施形態では、各サーバの内部に各種データベースが構成される場合について説明したが、当該データベースは外部のデータベースサーバ等に構築されてもよい。即ち、各サーバ等の一部の機能は別のサーバに実装されていてもよい。例えば、デジタル学生証サーバ10の全部又は一部の機能がID管理サーバ20に実装されていてもよい。即ち、上記説明した「デジタル学生証制御部(デジタル学生証制御手段)」、「デジタル学生証生成部(デジタル学生証生成手段)」等がシステムに含まれるいずれかの装置に実装されていればよい。 In the above embodiment, a case has been described in which various databases are configured inside each server, but the databases may also be configured in an external database server or the like. That is, some functions of each server etc. may be implemented in another server. For example, all or part of the functions of the digital student ID server 10 may be implemented in the ID management server 20. That is, if the above-described "digital student ID control unit (digital student ID control means)", "digital student ID generation unit (digital student ID generation means)", etc. are implemented in any of the devices included in the system. good.
 各装置(デジタル学生証サーバ10、ID管理サーバ20等)間のデータ送受信の形態は特に限定されないが、これら装置間で送受信されるデータは暗号化されていてもよい。これらの装置間では、学生特定情報等が送受信され、当該情報を適切に保護するためには、暗号化されたデータが送受信されることが望ましい。 The form of data transmission and reception between each device (digital student ID server 10, ID management server 20, etc.) is not particularly limited, but the data transmitted and received between these devices may be encrypted. Student identification information and the like are transmitted and received between these devices, and in order to appropriately protect this information, it is desirable that encrypted data be transmitted and received.
 上記説明で用いた流れ図(フローチャート、シーケンス図)では、複数の工程(処理)が順番に記載されているが、実施形態で実行される工程の実行順序は、その記載の順番に制限されない。実施形態では、例えば各処理を並行して実行する等、図示される工程の順番を内容的に支障のない範囲で変更することができる。 Although a plurality of steps (processes) are described in order in the flowcharts (flowcharts, sequence diagrams) used in the above description, the order in which the steps are executed in the embodiment is not limited to the order in which they are described. In the embodiment, the order of the illustrated steps can be changed within a range that does not affect the content, such as executing each process in parallel, for example.
 上記の実施形態は本願開示の理解を容易にするために詳細に説明したものであり、上記説明したすべての構成が必要であることを意図したものではない。また、複数の実施形態について説明した場合には、各実施形態は単独で用いてもよいし、組み合わせて用いてもよい。例えば、実施形態の構成の一部を他の実施形態の構成に置き換えることや、実施形態の構成に他の実施形態の構成を加えることも可能である。さらに、実施形態の構成の一部について他の構成の追加、削除、置換が可能である。 The above embodiments have been described in detail to facilitate understanding of the present disclosure, and it is not intended that all the configurations described above are necessary. Further, when a plurality of embodiments are described, each embodiment may be used alone or in combination. For example, it is also possible to replace a part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Furthermore, it is possible to add, delete, or replace some of the configurations of the embodiments with other configurations.
 上記の説明により、本発明の産業上の利用可能性は明らかであるが、本発明は、デジタル学生証を管理する情報処理システムなどに好適に適用可能である。 The industrial applicability of the present invention is clear from the above description, and the present invention is suitably applicable to information processing systems that manage digital student ID cards.
 上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。
[付記1]
 デジタル学生証に関する制御を行う、第1のサーバと、
 身分証明書に格納された電子証明書に紐付いた第1のIDと、教育機関が学生を管理するための第2のIDと、を対応付けて記憶する、第2のサーバと、
 を含み、
 前記第1のサーバは、前記デジタル学生証の利用を希望する学生の前記第2のIDを前記第2のサーバに通知し、
 前記第2のサーバは、前記通知された第2のIDに対応する前記第1のIDが有効な場合、前記デジタル学生証の利用を希望する学生のデジタル学生証を生成し、前記生成されたデジタル学生証を前記第1のサーバに送信する、システム。
[付記2]
 前記電子証明書の有効性判定に関する制御を行う、第3のサーバをさらに含み、
 前記第2のサーバは、前記通知された第2のIDに対応する前記第1のIDを前記第3のサーバに通知することで前記第3のサーバに前記第1のIDの有効性に関する判定を要求し、
 前記第3のサーバは、前記通知された第1のIDに対応する前記電子証明書の有効性判定に関する制御を行い、判定結果を前記第2のサーバに通知する、付記1に記載のシステム。
[付記3]
 在校生に関する学生情報を記憶する、第4のサーバをさらに含み、
 前記第2のサーバは、前記通知された第2のIDに対応する前記第1のIDが有効な場合であって、且つ、前記第4のサーバから前記デジタル学生証の利用を希望する学生の学生情報を取得できた場合に、前記第4のサーバから取得した学生情報を用いて前記デジタル学生証を生成する、付記2に記載のシステム。
[付記4]
 前記第2のサーバは、予め定められたポリシに従い、前記第3のサーバに対して前記第1のIDの有効性に関する判定を要求するか否か判定する、付記3に記載のシステム。
[付記5]
 前記第3のサーバは、学生が所持する端末から電子証明書を含むID発行要求を受信すると、前記受信した電子証明書の有効性判定に関する制御を行い、前記有効性判定が行われた電子証明書が有効な場合に、前記IDの発行を希望する学生の前記第1のIDを生成し、前記生成された第1のIDと前記有効な電子証明書のシリアル番号を対応付けて記憶する、付記4に記載のシステム。
[付記6]
 前記第3のサーバは、前記生成した第1のIDを前記第2のサーバに送信し、
 前記第2のサーバは、前記第1のIDの受信に応じて前記第2のIDを生成し、前記受信した第1のIDと前記生成された第2のIDを対応付けて記憶すると共に、前記生成された第2のIDを前記第1のサーバに送信し、
 前記第1のサーバは、前記通知された第2のIDを前記IDの発行を希望する学生に通知する、付記5に記載のシステム。
[付記7]
 前記第1のサーバは、前記通知された第2のIDをログイン情報として前記IDの発行を希望する学生に通知する、付記6に記載のシステム。
[付記8]
 前記第2のサーバは、前記通知された第2のIDに対応する前記第1のIDが無効な場合、前記デジタル学生証の利用を希望する学生の仮のデジタル学生証を生成する、付記7に記載のシステム。
[付記9]
 前記デジタル学生証に記載された情報は、2次元バーコード又は非接触通信手段により前記デジタル学生証の利用を希望する学生の端末から他のデバイスに提供される、付記8に記載のシステム。
[付記10]
 前記デジタル学生証には、少なくとも前記デジタル学生証の利用を希望する学生の生体情報が含まれる、付記1乃至9のいずれか一項に記載のシステム。
[付記11]
 前記身分証明書は、マイナンバーカードである、付記10に記載のシステム。
[付記12]
 デジタル学生証に関する制御を行う、第1のサーバと、
 身分証明書に格納された電子証明書に紐付いた第1のIDと、教育機関が学生を管理するための第2のIDと、を対応付けて記憶する、第2のサーバと、
 を含むシステムにおいて、
 前記第1のサーバが、前記デジタル学生証の利用を希望する学生の前記第2のIDを前記第2のサーバに通知し、
 前記第2のサーバが、前記通知された第2のIDに対応する前記第1のIDが有効な場合、前記デジタル学生証の利用を希望する学生のデジタル学生証を生成し、前記生成されたデジタル学生証を前記第1のサーバに送信する、方法。 Part or all of the above embodiments may be described as in the following additional notes, but are not limited to the following.
[Additional note 1]
a first server that performs control regarding the digital student ID;
a second server that associates and stores a first ID linked to an electronic certificate stored in an identification card and a second ID used by an educational institution to manage students;
including;
The first server notifies the second server of the second ID of the student who wishes to use the digital student ID,
If the first ID corresponding to the notified second ID is valid, the second server generates a digital student ID of a student who wishes to use the digital student ID, and A system for transmitting a digital student ID to the first server.
[Additional note 2]
further comprising a third server that performs control regarding validity determination of the electronic certificate,
The second server notifies the third server of the first ID corresponding to the notified second ID, thereby making a determination regarding the validity of the first ID to the third server. request,
The system according to appendix 1, wherein the third server performs control related to determining the validity of the electronic certificate corresponding to the notified first ID, and notifies the second server of the determination result.
[Additional note 3]
further comprising a fourth server storing student information regarding current students;
When the first ID corresponding to the notified second ID is valid, the second server receives information from the fourth server about the student who wishes to use the digital student ID. The system according to supplementary note 2, which generates the digital student ID card using the student information acquired from the fourth server when student information can be acquired.
[Additional note 4]
The system according to appendix 3, wherein the second server determines whether to request the third server to make a determination regarding the validity of the first ID, according to a predetermined policy.
[Additional note 5]
When the third server receives an ID issuance request including an electronic certificate from a terminal owned by a student, the third server controls the validity determination of the received electronic certificate, and issues the electronic certificate whose validity has been determined. If the certificate is valid, generate the first ID of the student who wishes to be issued the ID, and store the generated first ID and the serial number of the valid electronic certificate in association with each other; The system described in Appendix 4.
[Additional note 6]
The third server transmits the generated first ID to the second server,
The second server generates the second ID in response to receiving the first ID, stores the received first ID and the generated second ID in association with each other, and transmitting the generated second ID to the first server;
The system according to appendix 5, wherein the first server notifies the notified second ID to a student who desires to be issued the ID.
[Additional note 7]
The system according to appendix 6, wherein the first server notifies the student who wishes to be issued the ID using the notified second ID as login information.
[Additional note 8]
Supplementary Note 7: If the first ID corresponding to the notified second ID is invalid, the second server generates a temporary digital student ID of a student who wishes to use the digital student ID. system described in.
[Additional note 9]
The system according to appendix 8, wherein the information written on the digital student ID card is provided from a terminal of a student who wishes to use the digital student ID card to another device using a two-dimensional barcode or non-contact communication means.
[Additional note 10]
The system according to any one of Supplementary Notes 1 to 9, wherein the digital student ID card includes at least biometric information of a student who wishes to use the digital student ID card.
[Additional note 11]
The system according to appendix 10, wherein the identification card is a My Number card.
[Additional note 12]
a first server that performs control regarding the digital student ID;
a second server that associates and stores a first ID linked to an electronic certificate stored in an identification card and a second ID used by an educational institution to manage students;
In a system that includes
the first server notifying the second server of the second ID of the student who wishes to use the digital student ID;
If the first ID corresponding to the notified second ID is valid, the second server generates a digital student ID of a student who wishes to use the digital student ID, and A method of transmitting a digital student ID to the first server.
 なお、引用した上記の先行技術文献の各開示は、本書に引用をもって繰り込むものとする。以上、本発明の実施形態を説明したが、本発明はこれらの実施形態に限定されるものではない。これらの実施形態は例示にすぎないということ、及び、本発明のスコープ及び精神から逸脱することなく様々な変形が可能であるということは、当業者に理解されるであろう。即ち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得る各種変形、修正を含むことは勿論である。 Furthermore, each disclosure of the cited prior art documents mentioned above shall be incorporated into this document by reference. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. It will be understood by those skilled in the art that these embodiments are illustrative only and that various modifications can be made without departing from the scope and spirit of the invention. That is, it goes without saying that the present invention includes the entire disclosure including the claims and various modifications and modifications that can be made by those skilled in the art in accordance with the technical idea.
10 デジタル学生証サーバ
20 ID管理サーバ
30 認証サーバ
40 大学サーバ
50 端末
101 第1のサーバ
102 第2のサーバ
201 通信制御部
202 ID発行制御部
203 デジタル学生証制御部
204 記憶部
301 通信制御部
302 ID管理部
303 デジタル学生証生成部
304 記憶部
311 プロセッサ
312 メモリ
313 入出力インターフェイス
314 通信インターフェイス 10 Digital student ID server 20 ID management server 30 Authentication server 40 University server 50 Terminal 101 First server 102 Second server 201 Communication control unit 202 ID issuance control unit 203 Digital student ID control unit 204 Storage unit 301 Communication control unit 302 ID management unit 303 Digital student ID generation unit 304 Storage unit 311 Processor 312 Memory 313 Input/output interface 314 Communication interface

Claims (12)

  1.  デジタル学生証に関する制御を行う、第1のサーバと、
     身分証明書に格納された電子証明書に紐付いた第1のIDと、教育機関が学生を管理するための第2のIDと、を対応付けて記憶する、第2のサーバと、
     を含み、
     前記第1のサーバは、前記デジタル学生証の利用を希望する学生の前記第2のIDを前記第2のサーバに通知し、
     前記第2のサーバは、前記通知された第2のIDに対応する前記第1のIDが有効な場合、前記デジタル学生証の利用を希望する学生のデジタル学生証を生成し、前記生成されたデジタル学生証を前記第1のサーバに送信する、システム。     a first server that performs control regarding the digital student ID;
    a second server that associates and stores a first ID linked to an electronic certificate stored in an identification card and a second ID used by an educational institution to manage students;
    including;
    The first server notifies the second server of the second ID of the student who wishes to use the digital student ID,
    If the first ID corresponding to the notified second ID is valid, the second server generates a digital student ID of a student who wishes to use the digital student ID, and A system for transmitting a digital student ID to the first server.
  2.  前記電子証明書の有効性判定に関する制御を行う、第3のサーバをさらに含み、
     前記第2のサーバは、前記通知された第2のIDに対応する前記第1のIDを前記第3のサーバに通知することで前記第3のサーバに前記第1のIDの有効性に関する判定を要求し、
     前記第3のサーバは、前記通知された第1のIDに対応する前記電子証明書の有効性判定に関する制御を行い、判定結果を前記第2のサーバに通知する、請求項1に記載のシステム。     further comprising a third server that performs control regarding validity determination of the electronic certificate,
    The second server notifies the third server of the first ID corresponding to the notified second ID, thereby making a determination regarding the validity of the first ID to the third server. request,
    The system according to claim 1, wherein the third server performs control related to determining the validity of the electronic certificate corresponding to the notified first ID, and notifies the second server of the determination result. .
  3.  在校生に関する学生情報を記憶する、第4のサーバをさらに含み、
     前記第2のサーバは、前記通知された第2のIDに対応する前記第1のIDが有効な場合であって、且つ、前記第4のサーバから前記デジタル学生証の利用を希望する学生の学生情報を取得できた場合に、前記第4のサーバから取得した学生情報を用いて前記デジタル学生証を生成する、請求項2に記載のシステム。     further comprising a fourth server storing student information regarding current students;
    When the first ID corresponding to the notified second ID is valid, the second server receives information from the fourth server about the student who wishes to use the digital student ID. The system according to claim 2, wherein when student information is successfully acquired, the digital student ID card is generated using the student information acquired from the fourth server.
  4.  前記第2のサーバは、予め定められたポリシに従い、前記第3のサーバに対して前記第1のIDの有効性に関する判定を要求するか否か判定する、請求項3に記載のシステム。 The system according to claim 3, wherein the second server determines whether to request the third server to make a determination regarding the validity of the first ID, according to a predetermined policy.
  5.  前記第3のサーバは、学生が所持する端末から電子証明書を含むID発行要求を受信すると、前記受信した電子証明書の有効性判定に関する制御を行い、前記有効性判定が行われた電子証明書が有効な場合に、前記IDの発行を希望する学生の前記第1のIDを生成し、前記生成された第1のIDと前記有効な電子証明書のシリアル番号を対応付けて記憶する、請求項4に記載のシステム。 When the third server receives an ID issuance request including an electronic certificate from a terminal owned by a student, the third server controls the validity determination of the received electronic certificate, and issues the electronic certificate whose validity has been determined. If the certificate is valid, generate the first ID of the student who wishes to be issued the ID, and store the generated first ID and the serial number of the valid electronic certificate in association with each other; The system according to claim 4.
  6.  前記第3のサーバは、前記生成した第1のIDを前記第2のサーバに送信し、
     前記第2のサーバは、前記第1のIDの受信に応じて前記第2のIDを生成し、前記受信した第1のIDと前記生成された第2のIDを対応付けて記憶すると共に、前記生成された第2のIDを前記第1のサーバに送信し、
     前記第1のサーバは、前記通知された第2のIDを前記IDの発行を希望する学生に通知する、請求項5に記載のシステム。     The third server transmits the generated first ID to the second server,
    The second server generates the second ID in response to receiving the first ID, stores the received first ID and the generated second ID in association with each other, and transmitting the generated second ID to the first server;
    6. The system according to claim 5, wherein the first server notifies the notified second ID to a student who desires to be issued the ID.
  7.  前記第1のサーバは、前記通知された第2のIDをログイン情報として前記IDの発行を希望する学生に通知する、請求項6に記載のシステム。 7. The system according to claim 6, wherein the first server notifies the student who wishes to be issued the ID using the notified second ID as login information.
  8.  前記第2のサーバは、前記通知された第2のIDに対応する前記第1のIDが無効な場合、前記デジタル学生証の利用を希望する学生の仮のデジタル学生証を生成する、請求項7に記載のシステム。 The second server generates a temporary digital student ID of a student who wishes to use the digital student ID when the first ID corresponding to the notified second ID is invalid. The system described in 7.
  9.  前記デジタル学生証に記載された情報は、2次元バーコード又は非接触通信手段により前記デジタル学生証の利用を希望する学生の端末から他のデバイスに提供される、請求項8に記載のシステム。 9. The system according to claim 8, wherein the information written on the digital student ID card is provided from a terminal of a student who wishes to use the digital student ID card to another device using a two-dimensional barcode or contactless communication means.
  10.  前記デジタル学生証には、少なくとも前記デジタル学生証の利用を希望する学生の生体情報が含まれる、請求項1乃至9のいずれか一項に記載のシステム。 The system according to any one of claims 1 to 9, wherein the digital student ID card includes at least biometric information of a student who wishes to use the digital student ID card.
  11.  前記身分証明書は、マイナンバーカードである、請求項10に記載のシステム。 The system according to claim 10, wherein the identification card is a My Number card.
  12.  デジタル学生証に関する制御を行う、第1のサーバと、
     身分証明書に格納された電子証明書に紐付いた第1のIDと、教育機関が学生を管理するための第2のIDと、を対応付けて記憶する、第2のサーバと、
     を含むシステムにおいて、
     前記第1のサーバが、前記デジタル学生証の利用を希望する学生の前記第2のIDを前記第2のサーバに通知し、
     前記第2のサーバが、前記通知された第2のIDに対応する前記第1のIDが有効な場合、前記デジタル学生証の利用を希望する学生のデジタル学生証を生成し、前記生成されたデジタル学生証を前記第1のサーバに送信する、方法。     a first server that performs control regarding the digital student ID;
    a second server that associates and stores a first ID linked to an electronic certificate stored in an identification card and a second ID used by an educational institution to manage students;
    In a system that includes
    the first server notifying the second server of the second ID of the student who wishes to use the digital student ID;
    If the first ID corresponding to the notified second ID is valid, the second server generates a digital student ID of a student who wishes to use the digital student ID, and A method of transmitting a digital student ID to the first server.
PCT/JP2022/029147 2022-07-28 2022-07-28 System and method WO2024024043A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP2022568739A JP7218840B1 (en) 2022-07-28 2022-07-28 System, method, server, server control method and program
PCT/JP2022/029147 WO2024024043A1 (en) 2022-07-28 2022-07-28 System and method
JP2023007919A JP2024018875A (en) 2022-07-28 2023-01-23 Server, control method for server, program, and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/029147 WO2024024043A1 (en) 2022-07-28 2022-07-28 System and method

Publications (1)

Publication Number Publication Date
WO2024024043A1 true WO2024024043A1 (en) 2024-02-01

Family

ID=85158962

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/029147 WO2024024043A1 (en) 2022-07-28 2022-07-28 System and method

Country Status (2)

Country Link
JP (2) JP7218840B1 (en)
WO (1) WO2024024043A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017068654A (en) * 2015-09-30 2017-04-06 富士通株式会社 Information cooperation program, information cooperation server, and information cooperation method
JP2022096624A (en) * 2020-12-17 2022-06-29 日本カード製造株式会社 Digital school identification card conversation system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11339045A (en) * 1998-05-27 1999-12-10 Hitachi Ltd Method for confirming and issuing electronic data, executing device therefor, medium recorded with processing program therefor and electronic data recording medium
JP6151142B2 (en) * 2013-09-18 2017-06-21 株式会社東芝 IC card, portable terminal, and IC card processing system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017068654A (en) * 2015-09-30 2017-04-06 富士通株式会社 Information cooperation program, information cooperation server, and information cooperation method
JP2022096624A (en) * 2020-12-17 2022-06-29 日本カード製造株式会社 Digital school identification card conversation system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
IWASAKI CHIE: "Responses to the My Number system requested by private businesspersons and financial institutions. Knowledge Creation and Integration", NOMURA RESEARCH INSTITUTE, vol. 22, no. 11, 20 October 2014 (2014-10-20), pages 18 - 31, XP093133576 *
UMEYA, SHINNICHIROU: "No. 8 How will private businesses use the My Number in the future?", LOCAL GOVERNMENT SOLUTIONS MONTHLY, GYOSEI CORP., JP, vol. 2, no. 4, 1 November 2015 (2015-11-01), JP, pages 73 - 76, XP009553592 *

Also Published As

Publication number Publication date
JP2024018875A (en) 2024-02-08
JPWO2024024043A1 (en) 2024-02-01
JP7218840B1 (en) 2023-02-07

Similar Documents

Publication Publication Date Title
US10829088B2 (en) Identity management for implementing vehicle access and operation management
US20230245019A1 (en) Use of identity and access management for service provisioning
US7457950B1 (en) Managed authentication service
WO2018048662A1 (en) Architecture for access management
US11928905B2 (en) Systems and methods of access validation using distributed ledger identity management
US20210319116A1 (en) Systems and methods of access validation using distributed ledger identity management
KR100648986B1 (en) Service system and method for electronic name card, device and method for authentication of electronic name card
JP2010152492A (en) Device, system, and method for providing personal information
WO2024024043A1 (en) System and method
EP4050923A1 (en) Systems and methods of access validation using distributed ledger identity management
WO2022024281A1 (en) Authentication server, authentication system, authentication request processing method, and storage medium
EP4050579A1 (en) Systems and methods of access validation using distributed ledger identity management
US11296893B2 (en) Method and system for identity verification
JP2013020643A (en) Personal information providing device and personal information providing method
KR20150083178A (en) Method for Managing Certificate
JP7501822B1 (en) Server device, system, and method and program for controlling server device
JP7544305B1 (en) TERMINAL, SYSTEM, TERMINAL CONTROL METHOD AND PROGRAM
WO2023145081A1 (en) System, server device, control method for server device, and storage medium
WO2024075173A1 (en) System and method
JP7371818B1 (en) Terminal, system, terminal control method and program
KR102509634B1 (en) Blockchain decentralized identity based integrated authentication payment terminal, platform system capable of selective push notification and control method thereof
US20220321347A1 (en) System, method and apparatus for transaction access and security
WO2024090530A1 (en) Decentralized identity management apparatus, decentralized identity management system, decentralized identity management method, and decentralized identity management storage medium
TW202429852A (en) Electronic authentication system and electronic authentication method
KR20230016231A (en) Blockchain decentralized identity based integrated authentication payment terminal, platform system capable of selective promotion and control method thereof

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 2022568739

Country of ref document: JP

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22953132

Country of ref document: EP

Kind code of ref document: A1