WO2025005264A1 - アイデンティティ管理システム、アイデンティティ管理方法、及びプログラム - Google Patents

アイデンティティ管理システム、アイデンティティ管理方法、及びプログラム Download PDF

Info

Publication number
WO2025005264A1
WO2025005264A1 PCT/JP2024/023581 JP2024023581W WO2025005264A1 WO 2025005264 A1 WO2025005264 A1 WO 2025005264A1 JP 2024023581 W JP2024023581 W JP 2024023581W WO 2025005264 A1 WO2025005264 A1 WO 2025005264A1
Authority
WO
WIPO (PCT)
Prior art keywords
avatar
information
identity
user
qualification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2024/023581
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
裕子 小池
元 田村
千尋 金山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toppan Holdings Inc
Original Assignee
Toppan Holdings Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toppan Holdings Inc filed Critical Toppan Holdings Inc
Priority to JP2025530242A priority Critical patent/JPWO2025005264A1/ja
Priority to EP24832121.8A priority patent/EP4738235A1/en
Priority to CN202480035478.XA priority patent/CN121368779A/zh
Publication of WO2025005264A1 publication Critical patent/WO2025005264A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/40Business processes related to social networking or social networking services
    • G06Q10/48Business processes related to social networking or social networking services using social graphs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/60Information retrieval; Database structures therefor; File system structures therefor of audio data
    • G06F16/63Querying
    • G06F16/635Filtering based on additional data, e.g. user or group profiles
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services
    • G06Q50/265Personal security, identity or safety

Definitions

  • the present invention relates to an identity management system, an identity management method, and a program.
  • This application claims priority to Japanese Patent Application No. 2023-107259 filed in Japan on June 29, 2023, and Japanese Patent Application No. 2023-135662 filed in Japan on August 23, 2023, the contents of which are incorporated herein by reference.
  • credentials proof of identity, conditions required for certain items, authority, etc.
  • the credentials presented may differ. Considering this, it is preferable to efficiently manage the credentials related to the existence (identity) of real users, avatars, etc.
  • Each real user in the real world has a different personality.
  • the avatars that exist in the virtual world (metaverse) corresponding to each real user also have different personalities depending on the personality of the corresponding real user and their past actions in the virtual world. Considering this, it would be desirable to be able to effectively utilize information about the characteristics of identities such as real users and avatars in the activity space of the identities, as this would increase interest and convenience.
  • the present invention aims to enable efficient management of identity-related qualifications and to enable effective use of the characteristics of an identity in the identity's activity space.
  • the first aspect of the present invention that solves the above-mentioned problems is an identity management system that includes a qualification management unit that stores in a storage unit a number of predetermined qualifications among one or more pieces of qualification information that are assigned to an identity as a real user existing in real space and indicate that the user has a predetermined qualification, and one or more pieces of qualification information that are assigned to an identity as an avatar that corresponds to the real user and can exist in the metaverse, in association with one information storage medium owned by the real user.
  • a second aspect of the present invention is the identity management system described in the first aspect, in which the credential information includes identification information that attests to the identity.
  • a third aspect of the present invention is the identity management system described in the first or second aspect, in which the credential information includes authenticity certification information that proves the authenticity of the identity.
  • a fourth aspect of the present invention is the identity management system according to any one of the first to third aspects, in which the qualification management unit outputs, from the qualification information stored in the storage unit, the qualification information selected by a real user through an operation on the corresponding user terminal, as the qualification information to be used for qualification confirmation of the identity that is the subject of qualification confirmation.
  • the fifth aspect of the present invention is an identity management method in an identity management system, comprising a qualification management step in which a qualification management unit stores in a storage unit a plurality of predetermined qualifications out of one or more pieces of qualification information that are assigned to an identity as a real user existing in real space and indicate that the identity has a predetermined qualification, and one or more pieces of qualification information that are assigned to an identity as an avatar that corresponds to the real user and can exist in the metaverse, in association with one information storage medium possessed by the real user.
  • a sixth aspect of the present invention is a program for causing a computer in an identity management system to function as a qualification management unit that stores in a memory unit a number of predetermined qualifications, among one or more pieces of qualification information that are assigned to an identity as a real user existing in real space and indicate that the user has a predetermined qualification, and one or more pieces of qualification information that are assigned to an identity as an avatar that corresponds to the real user and can exist in the metaverse, in association with an information storage medium possessed by the real user.
  • the seventh aspect of the present invention which solves the above-mentioned problems, is an identity management system that includes a memory unit that stores identity individual information that corresponds to an identity as a real user existing in real space and an identity as an avatar that can exist in the metaverse and is individualized corresponding to the identity, and a feature word processing unit that extracts feature words and identifies associations between the feature words corresponding to the identity based on the content of the identity individual information stored in the memory unit, and generates feature word relationship information that indicates the identified associations.
  • An eighth aspect of the present invention is the identity management system of the seventh aspect, in which the characteristic word processing unit scores the characteristic words based on the identity individual information when extracting the characteristic words.
  • a ninth aspect of the present invention is the identity management system of the seventh or eighth aspect, in which the feature word processing unit generates feature word relationship display information that can visualize and present the relationships between feature words indicated by the feature word relationship information.
  • a tenth aspect of the present invention is the identity management system of the ninth aspect, in which the feature word processing unit causes the result of scoring the feature words to be displayed in a predetermined manner in the feature word relationship display information.
  • An eleventh aspect of the present invention is an identity management system according to any one of the seventh to tenth aspects, in which the characteristic word processing unit generates, for one identity, a plurality of characteristic word relationship information pieces each corresponding to a different characteristic of the identity.
  • a twelfth aspect of the present invention is an identity management system according to any one of the seventh to eleventh aspects, in which the feature word processing unit generates integrated feature word relationship information that integrates multiple feature word relationship information.
  • a thirteenth aspect of the present invention is the identity management system of the eleventh aspect, in which the feature word processing unit generates the integrated feature word relationship information so as to reconstruct the integrated feature word relationship information using a portion of the feature word relationship information selected from the plurality of feature word relationship information used to generate the integrated feature word relationship information.
  • a fourteenth aspect of the present invention is an identity management system according to any one of the seventh to thirteenth aspects, further comprising a matching unit that makes a determination regarding matching of the multiple identities based on the similarity status of the feature word relationship information corresponding to each of the multiple identities that are the subject of matching.
  • a fifteenth aspect of the present invention is the identity management system of the fourteenth aspect, in which the characteristic word processing unit generates integrated characteristic word relationship information that integrates the characteristic word relationship information for each identity matched by the matching unit.
  • the sixteenth aspect of the present invention is an identity management method in an identity management system, the identity management method including a feature word processing step in which a feature word processing unit extracts feature words and identifies relationships between feature words corresponding to identities based on the content of the identity individual information stored in a memory unit, the feature word processing unit corresponding to an identity as a real user existing in real space and an identity as an avatar that can exist in the metaverse, and the identity individual information is individual in correspondence with the identity, and generates feature word relationship information indicating the identified relationships.
  • a seventeenth aspect of the present invention is a program for causing a computer provided in an identity management system to function as a feature word processing unit that extracts feature words and identifies relationships between feature words in correspondence with an identity based on the content of the identity individual information stored in a storage unit, which corresponds to an identity as a real user existing in real space and an identity as an avatar that can exist in the metaverse, and which is individual in correspondence with the identity, and generates feature word relationship information indicating the identified relationships.
  • the qualifications associated with an identity can be managed efficiently, and the characteristics of the identity can be effectively utilized in the identity's activity space.
  • FIG. 1 is a diagram showing an example of the overall configuration of an avatar management system according to a first embodiment
  • FIG. 1 is a diagram illustrating an example of the configuration of an avatar generation system according to an embodiment of the present invention.
  • FIG. 2 is a diagram showing a flow of avatar generation according to the present embodiment.
  • 1 is a diagram illustrating an example of the configuration of an avatar management device according to an embodiment of the present invention.
  • FIG. 11 is a diagram showing an example of end user information according to the embodiment;
  • FIG. 4 is a diagram showing an example of avatar information according to the embodiment;
  • FIG. 4 is a diagram showing an example of a metafile according to the embodiment;
  • 11 is a diagram showing an example of information stored in a user VC storage unit according to the embodiment in association with a real user;
  • FIG. 11 is a diagram showing an example of information stored in an avatar VC storage unit according to the present embodiment in correspondence with a real user;
  • FIG. 11 is a diagram showing an example of the structure of issuer information according to the embodiment;
  • 10 is a sequence diagram showing an example of a processing procedure executed by the avatar management system according to the embodiment in relation to the generation and registration of avatars and the registration of avatar authentication information.
  • FIG. FIG. 2 is a diagram illustrating an example of qualification information management according to the embodiment.
  • FIG. 11 is a diagram showing an example of an operation procedure of an end user terminal corresponding to age authentication of a real user according to the present embodiment.
  • FIG. 11 is a diagram showing an example of an operation procedure of an end user terminal corresponding to age authentication of a real user according to the present embodiment.
  • FIG. 11 is a diagram showing an example of an operation procedure of an end user terminal corresponding to age authentication of a real user according to the present embodiment.
  • 11 is a sequence diagram showing an example of a processing procedure executed by an end user terminal and an avatar management device in response to age verification of a real user according to the present embodiment.
  • FIG. 11 is a sequence diagram showing an example of a processing procedure executed by an end user terminal, an avatar management device, and a service providing system in response to avatar qualification verification in the present embodiment.
  • FIG. FIG. 11 is a diagram illustrating an example of the overall configuration of an identity management system according to a second embodiment.
  • FIG. 1 is a diagram illustrating an example of the configuration of an avatar generation system according to an embodiment of the present invention.
  • FIG. 2 is a diagram showing a flow of avatar generation according to the present embodiment.
  • FIG. 2 is a diagram illustrating an example of a hardware configuration of an identity management device according to the present embodiment.
  • FIG. 2 is a diagram illustrating an example of a functional configuration of an identity management device according to the present embodiment.
  • FIG. 11 is a diagram showing an example of end user information according to the embodiment;
  • FIG. 4 is a diagram showing an example of avatar information according to the embodiment;
  • FIG. 4 is a diagram showing an example of a metafile according to the embodiment;
  • 11 is a diagram showing an example of information stored in a user VC storage unit according to the present embodiment in association with an avatar;
  • FIG. 11 is a diagram showing an example of information stored in an avatar VC storage unit according to the present embodiment in correspondence with a real user;
  • FIG. 2 is a diagram showing an example of the structure of identity history information according to the embodiment;
  • 11 is a diagram showing an example of the structure of issuer information according to the embodiment;
  • FIG. 11 is a sequence diagram showing an example of a processing procedure executed by the identity management system according to the embodiment in relation to the generation and registration of an avatar and the registration of avatar authentication information.
  • FIG. FIG. 2 is a diagram showing an example of a wallet management mode according to the embodiment.
  • FIG. 13 is a diagram showing an example of an identity management screen according to the embodiment.
  • 11A to 11C are diagrams showing examples of display forms of characteristic expression information according to the present embodiment.
  • 11A to 11C are diagrams showing examples of display forms of characteristic expression information according to the present embodiment.
  • 10 is a flowchart illustrating an example of a processing procedure executed by the identity management device according to the present embodiment in relation to generation of attribute expression information.
  • 10 is a flowchart illustrating an example of a processing procedure executed by the service providing system and the identity management device according to the embodiment in relation to displaying an identity attribute graph.
  • 10 is a flowchart illustrating an example of a processing procedure executed by the identity management device according to the present embodiment in response to identity matching.
  • First Embodiment 1 shows an example of the overall configuration of an avatar management system (an example of a credential management system) 2 of this embodiment.
  • the avatar management system (an example of a credential management system) 2 is included in an identity management system 1.
  • the avatar management system 2 of this embodiment includes, as components, an avatar generation system 100, a user interface environment 200, an avatar management device 400, a network service environment 500, a VC (Verifiable Credentials: identification information) issuing system 600, and a DPKI system 700.
  • the components of these systems are connected to each other via a network.
  • the avatar generating system 100 is a system that generates avatars to be used in a network service environment 500 . 2 shows an example of the configuration of the avatar generation system 100.
  • the avatar generation system 100 shown in the figure includes a plurality of avatar material providing systems 110 and one integrated system 120.
  • Each of the avatar material providing systems 110 is a system that generates a predetermined avatar material from among materials (avatar materials) that make up an avatar, and provides the generated avatar material.
  • Each of the avatar material providing systems 110 may be operated by a predetermined avatar material provider (company), for example.
  • the integration system 120 acquires the necessary avatar materials from the avatar materials provided by the avatar material providing system 110, and generates an avatar by integrating (combining) the acquired avatar materials.
  • the avatar material providing system 110 and the integrated system 120 may be connected via a network.
  • the number of avatar material providing systems 110 in the avatar generation system 100 is not particularly limited as long as it is 1 or more.
  • the number of integrated systems 120 is also not particularly limited as long as it is 1 or more.
  • FIG. 3 shows a schematic diagram of the flow of avatar generation in the avatar generation system 100.
  • the avatar in this embodiment may be, for example, a two-dimensional or three-dimensional (3D) character, or a three-dimensional real avatar of a person.
  • 3D three-dimensional
  • a real avatar is an avatar that realistically reproduces the appearance of an actual person PS, for example, based on information obtained by capturing an image of the original person PS.
  • the avatar generation system 100 in the figure is shown as an example equipped with six avatar material providing systems 110-1 to 110-6.
  • the avatar material providing system 110-1 generates 3D face (head) material as avatar material, and provides the generated face material MT-1.
  • the avatar material providing system 110-2 generates body material MT-2 as avatar material and provides the generated body material MT-2.
  • the body material MT-2 here is the human body excluding the head.
  • the avatar material providing system 110-2 may also generate body material MT-2 in a state where the body is wearing clothes.
  • the avatar material providing system 110-3 generates voice material MT-3 as avatar material and provides the generated voice material MT-3.
  • the voice material MT-3 is material for sounds uttered by an avatar.
  • the avatar material providing system 110-4 generates emotion material MT-4 as avatar material and provides the generated emotion material MT-4.
  • the emotion material MT-4 includes, for example, information for changing the facial expression of the face material and the movement of the body material MT-2 according to each predetermined emotion.
  • the emotion material MT-4 enables the avatar to express emotions.
  • the avatar material providing system 110-5 generates movement material MT-5 as avatar material and provides the generated movement material MT-5.
  • the movement material MT-5 includes information for imparting movement to the avatar. For example, if the avatar is a weather forecaster appearing in web content about a weather forecast, the movement material MT-5 generated corresponding to the weather forecaster can impart a movement corresponding to the weather forecaster, such as pointing at a weather chart.
  • the avatar material providing system 110-6 generates spatial material MT-6 as avatar material and provides the generated spatial material MT-6.
  • the spatial material MT-6 is material for the space in which an avatar exists.
  • an avatar material providing system 110-1 images an original person PS and generates face material MT-1 for the person PS
  • an avatar material providing system 110-2 images an original person PS and generates body material MT-2 for the person PS
  • an avatar material providing system 110-3 generates audio material MT-3 using data recording the audio of the original person PS.
  • the integration system 120 acquires the avatar materials (face material MT-1, body material MT-2, voice material MT-3, emotion material MT-4, movement material MT-5, and space material MT-6) generated by each of the avatar material providing systems 110-1 to 110-6.
  • the integration system 120 integrates the acquired avatar materials to generate the avatar AVT.
  • the avatar AVT does not have to use all of the avatar materials (face material, body material, voice material, emotion material, movement material, spatial material) illustrated in the figure.
  • the avatar AVT may generate an avatar using, for example, some of the avatar materials illustrated in the figure. Which avatar materials are used to generate an avatar may be changed depending on, for example, the network service in which the generated avatar is used or the metaverse environment in which the avatar will exist.
  • the user interface environment 200 is an environment that provides a user interface to end users who use the network service environment 500.
  • the user interface environment 200 includes one or more end user terminals 300 corresponding to each of the one or more end users.
  • the end user terminal 300 is a terminal that an end user uses to receive network services provided by the network service environment 500 .
  • the end user terminal 300 can connect to the service providing system 510 in response to the end user's operation, and can display, output audio, etc., applications and content corresponding to the network services provided by the connected service providing system 510.
  • the end user terminal 300 may be a personal computer, a smartphone, a tablet terminal, etc.
  • end users may be referred to as "real users.”
  • “Real users” is the name used when treating end users as user-related entities that exist in real space, and is used to contrast them with end-user avatars that exist in virtual space as the same user-related entities.
  • the avatar management device 400 manages avatars. Specifically, as part of its avatar management, the avatar management device 400 stores the avatars generated by the avatar generation system 100 as objects to be managed. The avatar management device 400 uploads the avatars stored as objects to be managed to the network service environment 500.
  • the network service environment 500 provides network services using the avatars provided by the network service environment 500 to end users.
  • the avatar management device 400 provides authenticity certification information to the avatars to be managed, thereby enabling the authenticity of the avatars to be confirmed.
  • the avatar management device 400 determines the authenticity of the avatar that is the subject of the inquiry and transmits the determination result to the end user terminal 300.
  • the avatar management device 400 causes the VC issuing system 600 to issue information (avatar identification information) as identification used for identifying the avatar itself as a managed object.
  • the avatar management device 400 can manage the avatar by storing the issued avatar identification information. Specifically, in response to an avatar identification request from a certain network service in network service environment 500, avatar management device 400 transmits avatar identification information of the avatar to be identified to the network service that has made the identification request. At this time, avatar management device 400 can affix a signature (digital signature) to (encrypt) the identification information to be transmitted, using a private key associated with the target avatar.
  • the avatar management device 400 may also manage wallets (an example of an information storage medium).
  • Wallets here may include wallets for storing assets in a cryptocurrency usage environment, as well as wallets for managing, for example, the qualification information (authenticity certification information, identity verification information (VC)) of real users and avatars related to a single end user.
  • Wallets may also include wallets used for various services such as payments provided by platform providers, wallets used for two-dimensional code payment apps, and the like.
  • the avatar management device 400 may be configured to manage wallet data using a blockchain.
  • the network service environment 500 is an environment that provides one or more network services.
  • the network service environment 500 includes one or more service providing systems 510 that provide specific network services.
  • the service providing systems 510 may be configured as, for example, web servers or application servers that are constructed according to the content of the network services to be provided.
  • the network services provided by the service providing system 510 may be websites, network games, web conference systems, etc. that use avatars.
  • the network services that use avatars in this way may include those that make avatars exist in a metaverse as a three-dimensional virtual space and act in the metaverse.
  • network services include a marketplace where avatars can purchase products at stores in the metaverse, a service where avatars can directly buy and sell between each other in the metaverse, a service where celebrities or specific characters exist in the metaverse, and other services such as providing weather forecasts with an avatar as a weather forecaster, medical consultations with an avatar as a doctor, and fortune telling with an avatar as a fortune teller.
  • the service providing system 510 may be capable of providing a plurality of network services.
  • the service providing system 510 that provides a metaverse as a network service may provide a plurality of metaverses.
  • the VC issuing system 600 is a system that issues identification information in response to an issuance request.
  • the VC issuing system 600 may be configured, for example, by one or more devices connected to a network.
  • the VC issuing system 600 of this embodiment is capable of issuing identification information to prove the identity of an end user (real user), and is also capable of issuing identification information to prove the identity of the avatar itself that is managed by the avatar management device 400.
  • the VC issuing system 600 may be capable of issuing multiple pieces of identification information corresponding to multiple different issuers (issuing sources).
  • the VC issuing system 600 can issue identification information (official identification information) of public issuers.
  • a public issuer is, for example, an issuer that is an institution operated by the government, an institution approved by the government, or an institution that has a certain level of social credibility.
  • public issuers can include, for example, institutions that issue licenses according to specified qualifications, approved companies, educational institutions, local governments, financial institutions, etc.
  • financial institutions may act as issuing authorities to issue public identification information used for payments in the metaverse.
  • public identification information for entering a specific facility in the metaverse may be issued by a company, educational institution, local government agency, etc. that operates the facility.
  • the VC issuing system 600 also issues identification information (private identification information) for private issuers.
  • a private issuer may be, for example, a private organization such as a volunteer group, a citizen sports group, or a school club.
  • the private identification information issued by such a private issuer can certify, for example, that an avatar belongs to a corresponding private organization, that a certificate or license issued by the corresponding private organization has been granted to the avatar, etc.
  • the private issuer may include, for example, a fan (supporter) of the artist.
  • the private identification information issued by the fan of the artist can be attached to, for example, the artist's avatar, thereby proving that the artist's avatar is an entity supported by the fan.
  • the private issuer may include an end user.
  • an end user as a private issuer may issue private identification information of a friend certificate.
  • An avatar to which the private identification information of the friend certificate is assigned can prove, for example, that it is in a friendship relationship with the avatar of the end user who is the private issuer.
  • the private issuer may be, for example, the operator of the service providing system 510.
  • the service providing system 510 as a private issuer may issue good-quality private identification information.
  • the end user's avatar to which the good-quality private identification information has been assigned can prove that the end user has not engaged in any fraudulent activities and is of good quality in, for example, the metaverse provided by the service providing system 510.
  • the private issuer may include an event organizer, etc.
  • the private issuer may issue private identification information as a ticket for an event held in the metaverse of a specified service providing system 510.
  • An avatar that has been given private identification information as a ticket can prove that it is eligible to participate in the event held in the metaverse of the specified service providing system 510.
  • private credentials can serve as proof of identity for an avatar or avatar-enabled user based on personal relationships and personal reputations by the private issuer.
  • Another example of issuing identification information based on relationships between individuals is private identification information that can be issued based on connections in a social network system (SNS).
  • the private identification information can be used to prove that a user or avatar is a friend of a friend of a private issuer in the SNS.
  • private identification information based on an individual's evaluation for example, private identification information based on a user's evaluation as a user (seller, buyer) in a network service in which transactions are conducted between individuals may be issued.
  • private identification information may be issued based on information indicating the user's trustworthiness (trustworthiness information) provided by a service that evaluates an individual's trustworthiness by inputting information such as the user's age, gender, occupation, purchasing history, etc.
  • trustworthiness information information indicating the user's trustworthiness provided by a service that evaluates an individual's trustworthiness by inputting information such as the user's age, gender, occupation, purchasing history, etc.
  • the identification information issued by the VC issuing system 600 in this embodiment may correspond to, for example, a VC (Verifiable Credential).
  • a VC Very Credential
  • an example is given in which the identification information in this embodiment corresponds to a VC.
  • the identification information issued by the VC issuing system 600 may be referred to as a VC.
  • the identification information that certifies the identity of the avatar itself is referred to as avatar identification information (avatar VC) to distinguish it from identification information that certifies the identity of the real user (end user) (user identification information (user VC)).
  • avatar VC avatar identification information
  • identification information or VC identification information
  • the DPKI system 700 manages public keys in accordance with the Decentralized Public Key Infrastructure (DPKI).
  • the VC issuing system 600 of this embodiment When issuing identification information as a VC, the VC issuing system 600 of this embodiment generates a pair of public and private keys corresponding to an issuer DID, which is a DID (Decentralized Identifier) that uniquely indicates an issuing agency, and also generates a pair of public and private keys corresponding to an owner DID (end user DID or avatar DID), which is a DID that uniquely indicates an owner (end user or avatar) of the identification information.
  • the VC issuing system 600 registers the generated public keys (a public key corresponding to the issuer DID and a public key corresponding to the holder DID) in the DPKI system 700.
  • the DPKI system 700 stores the registered public keys in association with the respective issuer DID and holder DID.
  • the DPKI system 700 may be configured to register a public key by storing the public key in a blockchain.
  • the DPKI system 700 may also be configured with a device that serves as a node corresponding to the blockchain that stores the public key.
  • the service providing system 510 obtains a public key associated with the owner DID of the target owner from the DPKI system 700.
  • the service providing system 510 can determine whether the identity information is valid (identity verification) by decrypting the identity information using the obtained public key.
  • Fig. 4 shows an example of the configuration of avatar management device 400.
  • the functions of avatar management device 400 shown in the figure are realized by a CPU (Central Processing Unit) included in avatar management device 400 executing a program.
  • the avatar management device 400 in the figure includes a communication unit 401 , a control unit 402 , and a storage unit 403 .
  • the communication unit 401 communicates via the network.
  • the control unit 402 executes various controls in the avatar management device 400.
  • the control unit 402 in the figure includes an avatar registration unit 421, an authenticity certification information management unit 422 (an example of a qualification management unit), an avatar provision control unit 423, a VC management unit 424 (an example of a qualification management unit), and a wallet management unit 425.
  • the avatar registration unit 421 registers the avatars generated by the avatar generation system 100 as objects to be managed. Here, registering an avatar is performed by storing avatar information (described later) of the avatars to be managed in the avatar information storage unit 432.
  • the avatars registered by the avatar registration unit 421 can be used by the service providing system 510 in the network service environment 500 in the network services it provides.
  • the authenticity certification information management unit 422 manages the authenticity certification information of the avatar. Specifically, the authenticity certification information management unit 422 assigns the authenticity certification information to the registered avatar. The authenticity certification information will be described later. Furthermore, the authenticity certification information management unit 422 may determine the authenticity of the avatar that is the target of authenticity confirmation, using the authenticity certification information assigned to the registered avatar, in response to an authenticity confirmation request from the end user terminal 300. The authenticity certification information management unit 422 may transmit the determination result regarding the authenticity to the end user terminal 300 that is the sender of the authenticity confirmation request.
  • the avatar provision control unit 423 executes control related to the provision of registered avatars to the service provision system 510 (transmission of avatar information).
  • the avatar management device 400 and each service provision system 510 are connected via an API, and the avatar provision control unit 423 may be configured to transmit avatar data to the service provision system 510 while in an online connected state.
  • the VC management unit 424 manages VCs (identification information) of identities that exist in the real space or the metaverse and are subject to management.
  • the VCs managed by the VC management unit 424 manage user identification information (user VC) corresponding to an identity as a real user and avatar identification information (avatar VC) corresponding to an identity as an avatar.
  • the VC management unit 424 requests the VC issuing system 600 to issue identification information of an identity (real user or avatar) via a network.
  • the VC issuing system 600 issues identification information of the target identity in response to the request.
  • the VC issuing system 600 transmits the issued identification information and the corresponding private key (private key corresponding to the issuer DID, private key corresponding to the holder DID) to the avatar management device 400.
  • the VC management unit 424 associates the transmitted identification information (avatar identification information or user identification information) with the private key and stores them in the avatar VC storage unit 433 or the user VC storage unit 434.
  • the wallet management unit 425 manages the wallets used by real users and avatars.
  • the storage unit 403 stores various information that is supported by the avatar management device 400.
  • the storage unit 403 includes an end user information storage unit 431, an avatar information storage unit 432, an avatar VC storage unit 433, a user VC storage unit 434, and a wallet management information storage unit 435.
  • the end user information storage unit 431 stores end user information.
  • End user information is information about an end user who has registered one or more avatars corresponding to the end user in the avatar management device 400.
  • the end user information in the figure includes fields for an end user ID and user profile information.
  • the end user ID field stores an end user ID that uniquely identifies the corresponding end user.
  • the user profile information field stores the user profile information of the corresponding end user.
  • the user profile information may include, for example, the end user's name, gender, address, etc.
  • the avatar information storage unit 432 stores avatar information. 6 shows an example of avatar information stored in the avatar information storage unit 432.
  • the avatar information storage unit 432 in the figure includes an object data storage unit 4321, a material group data storage unit 4322, and a metafile storage unit 4323.
  • the avatar information corresponding to one avatar includes, for example, object data, material group data, and a metafile.
  • the object data storage unit 4321 stores object data for each registered avatar.
  • the material group data storage unit 4322 stores material group data for each registered avatar.
  • the metafile storage unit 4323 stores metafiles for each registered avatar. Among the object data storage unit 4321, the material group data storage unit 4322, and the metafile storage unit 4323, the object data, material group data, and metafiles corresponding to the same avatar are associated with each other by the same avatar ID.
  • the object data A, material group data A, and metafile A stored in the object data storage unit 4321, material group data storage unit 4322, and metafile storage unit 4323, respectively, corresponding to avatar A, are associated with each other by the avatar ID [00000A] that uniquely identifies avatar A.
  • Object data is data on the actual object as the corresponding avatar.
  • Object data is formed by combining components such as the head and body that are generated using specific avatar materials, for example.
  • Material group data is data that includes one or more avatar materials that add a specific aspect to the substance of the avatar created by the object data.
  • Material group data may include, for example, audio materials, emotional materials, movement materials, spatial materials, etc.
  • the material group data allows the avatar object to speak, change facial expressions, move, and exist in a virtual space with a specific design.
  • the metafile contains one or more pieces of metadata that are to be attached to the corresponding avatar.
  • 7 shows an example of a metafile corresponding to one avatar.
  • the metafile in the figure includes metadata such as an avatar ID, source information, creator information, authentication code, authorized user information, avatar format, and action history information.
  • the avatar ID is an identifier that uniquely identifies an avatar in the avatar information stored in the avatar information storage unit 432.
  • the avatar ID may be issued by the avatar registration unit 421 when registering a corresponding avatar.
  • the avatar ID associates object data, material group data, and metafiles that correspond to the same avatar.
  • the origin information is information about the original person (originator) of the corresponding avatar.
  • the origin information may include, as information items, an origin ID, profile information of the originator, etc.
  • the origin information may be provided by the avatar generation system 100. If the originator is an end user, the end user ID of the corresponding end user may be used as the origin ID.
  • Creator information is information about the creator of the corresponding avatar.
  • the creator may be, for example, an organization such as a company or an individual that corresponds to the integrated system 120 that generated the corresponding avatar in the avatar generation system 100.
  • the authentication code is a code that the avatar management device 400 issues in association with the avatar to be provided when the service providing system 510 receives an avatar provided by the avatar management device 400 (transmission of avatar information).
  • the authorized user information is information about an authorized user.
  • An authorized user is a person who has the authority to use a corresponding avatar.
  • the authorized user may be an end user who is the creator of the avatar. In this case, the authorized user can make the avatar created by the authorized user exist in the metaverse provided by the service providing system 510 and act in the metaverse in response to, for example, the operation of the end user terminal 300.
  • the authorized user may also be an operator of a specific service providing system 510.
  • the authorized user information is information indicating such an authorized user.
  • the authorized user information may be a user account such as an authorized user ID, a user name, and a password registered by the authorized user. When the authorized user is an end user, the end user ID may be used as the authorized user ID.
  • the authorized user information may include, in addition to the original authorized user (primary authorized user), such as the end user from whom the avatar was generated, authorized users (secondary authorized users), such as other end users who have been granted authorization to use the avatar.
  • Avatar format indicates the compatible avatar format, such as the avatar file format and specifications.
  • the behavioral history information is information that indicates the history of the behavior of the corresponding avatar in the metaverse provided by each service providing system 510.
  • the behavioral history information of each avatar may be obtained from each service providing system 510, for example, by the avatar provision control unit 423.
  • the avatar VC storage unit 433 stores avatar identification information (avatar VC) for each registered avatar.
  • avatar VC avatar identification information
  • the avatar VC storage unit 433 also stores private keys associated with the avatar identification information (private key corresponding to issuer DID, private key corresponding to avatar DID).
  • FIG. 8 shows an example of information (avatar identification information and private key) stored in the avatar VC storage unit 433 in association with one avatar.
  • avatar identification information and a secret key corresponding to the avatar DID are stored in association with the avatar VC_ID and avatar ID in the avatar VC storage unit 433.
  • the avatar VC_ID is an identifier uniquely assigned to the corresponding avatar identification information. In this way, by associating the avatar identification information and the private key with the avatar ID, the avatar identification information and the private key can be managed in association with the avatar information of the corresponding avatar.
  • the avatar credential information includes fields of VC type, issuer DID, avatar DID, and avatar related information.
  • the VC type field stores information indicating the type (format) of the identification information.
  • the issuer DID field stores an issuer DID indicating the issuer of the avatar identification information.
  • the avatar DID field stores the avatar DID of the corresponding avatar.
  • the avatar-related information field stores avatar-related information of the corresponding avatar.
  • the content of the information included in the avatar-related information is not particularly limited, but may include, for example, information on rights, qualifications, etc. acquired by the avatar acting in the metaverse.
  • the avatar-related information may also include behavior history information similar to that stored in the avatar information.
  • At least one of the avatar identification information and the private key may be stored in the blockchain under the control of the VC management unit 424 of the avatar management device 400. If both the avatar identification information and the private key are stored in the blockchain, the avatar VC storage unit 433 may be omitted.
  • the user VC storage unit 434 stores user identification information (user VC) for each end user (real user) registered (stored) in the end user information storage unit 431.
  • the user VC storage unit 434 also stores private keys (private keys corresponding to issuer DIDs, private keys corresponding to user DIDs) associated with the user identification information.
  • FIG. 9 shows an example of information (user identification information and private key) stored in the user VC storage unit 434 corresponding to one real user.
  • the user VC storage unit 434 stores user identification information and a private key corresponding to the user DID in association with the user VC_ID and user ID.
  • the user VC_ID is an identifier uniquely assigned to the corresponding user identification information. In this way, by associating the user identification information and the private key with the user ID, the user identification information and the private key can be associated with the user information of the corresponding real user (end user) and managed.
  • the user credential information includes fields of VC type, issuer DID, user DID, and user related information.
  • the user-related information stores user-related information of the corresponding real user.
  • the content of the information included in the user-related information is not particularly limited, but may include, for example, information on rights, qualifications, etc. acquired by the real user as a result of the corresponding real user's actions in real space (shopping, moving to a specified location, etc.).
  • the user-related information may also include action history information on the actions of the corresponding real user in real space.
  • At least one of the user identification information and the private key may be stored in the blockchain under the control of the VC management unit 424 of the avatar management device 400. If both the user identification information and the private key are stored in the blockchain, the user VC storage unit 434 may be omitted.
  • the wallet management information storage unit 435 stores wallet management information.
  • the wallet management information corresponding to one wallet is information for integrating and managing the qualification information of an identity (real user, avatar) corresponding to one end user.
  • Fig. 10 shows an example of wallet management information corresponding to one wallet.
  • the wallet management information corresponding to one wallet has fields for a wallet ID, an identity list, and a qualification information list.
  • the wallet ID field stores a wallet ID that is an identifier that uniquely identifies the corresponding wallet.
  • the identity list stores identity IDs (user IDs, avatar IDs) that indicate identities that can use the corresponding wallet.
  • the credential list stores credential IDs (user VC_ID, avatar VC_ID, authenticity certificate ID, etc.) for each credential (VC, authenticity certificate, etc.) that is managed as being included in the corresponding wallet.
  • credential IDs user VC_ID, avatar VC_ID, authenticity certificate ID, etc.
  • wallet management information having such a structure, for example, it becomes possible to integrally manage the credential information (authenticity certificate information, VC, etc.) assigned to each identity (real user, avatar) corresponding to one end user as the credential information stored in the wallet held by one end user. Also, it becomes possible to share the credential information stored in the wallet between identities indicated by identity IDs (user ID, avatar ID) stored in the identity list.
  • the wallet management information may be stored in the blockchain under the control of the wallet management unit 425 of the avatar management device 400.
  • the wallet management information storage unit 435 may be omitted.
  • the avatar management device 400 may be configured as a single device, or may be realized by multiple devices connected to each other over a network and each device being assigned a specific function, and the multiple devices then working together to execute processing.
  • the VC issuing system 600 may also store a database relating to issuers (issuer database).
  • 11 shows an example of the structure of a record (issuer information) stored in the issuer database in association with one issuer.
  • the issuer information in the figure includes fields for an issuer ID, an issuer profile, and an issuing VC.
  • the issuer ID field stores the issuer ID of the corresponding issuer.
  • the issuer profile field stores an issuer profile.
  • the issuer profile is information indicating the profile of an issuer. As shown in the figure, the issuer profile may include fields such as issuer type and issuer name.
  • the issuer type field stores information indicating, for example, the type of the corresponding issuer, whether it is a public issuer or a private issuer.
  • the issuer name field stores the name of the corresponding issuer (issuer name).
  • the issuing VC field stores information about the identity verification information issued by the corresponding issuer.
  • the registration of an end user according to the example processing procedure in the same figure is a registration for enabling the end user corresponding to an avatar to be managed as a real user, which is one of identities.
  • Step S100 The end user operates the end user terminal 300 owned by the end user to carry out an end user registration procedure so that the end user himself/herself is registered in the avatar management device 400.
  • the end user may input information on predetermined items such as a user account and a user name to be included in the user profile information.
  • the avatar management device 400 In response to an end-user registration procedure from the end-user terminal 300 , the avatar management device 400 generates end-user information for the corresponding end user, and stores the generated end-user information in the end-user information storage unit 431 .
  • Step S102 In response to the user registration in step S100, the end user may carry out a procedure for issuing user identification information (user VC) corresponding to the end user.
  • the end user accesses the end user terminal 300 to the VC issuing system 600 and carries out an operation for issuing user identification information (user VC) corresponding to the end user.
  • the end user terminal 300 executes a process corresponding to the user identification information issuing procedure in response to the operation.
  • the end user terminal 300 may transmit an issuance request together with information on predetermined items in the user profile information to the VC issuing system 600.
  • the issuance request may also include information specifying the type of user identification information to be issued (e.g., driver's license, passport, insurance card, etc.).
  • Step S104 The VC issuing system 600 generates user identification information in response to the issuance request received in response to step S102. At this time, the VC issuing system 600 generates (issues) a user DID indicating the corresponding end user, and generates a public key/private key pair corresponding to the user DID. The VC issuing system 600 then signs (encrypts) the generated user identification information with the private key generated corresponding to the issuer DID indicating the issuing organization that it corresponds to.
  • Step S106 The VC issuing system 600 registers the user identification information generated in step S104 in the avatar management device 400. Specifically, the VC issuing system 600 transmits to the avatar management device 400 the user identification information signed with a private key corresponding to the issuer DID granted to the corresponding issuing agency, and the private key corresponding to the user DID of the corresponding end user. In the avatar management device 400, the VC management unit 424 stores the user identification information and the private key corresponding to the user DID received from the VC issuing system 600 in the user VC storage unit 434 in association with the avatar ID of the corresponding avatar.
  • Step S108 The VC issuing system 600 also registers the public keys (the effector key corresponding to the issuer DID and the public key corresponding to the user DID) generated in step S104 together with the user identification information in the DPKI system 700.
  • the issuance of user identification information in steps S102 to S108 may be performed every time it becomes necessary to issue new user identification information after the user registration.
  • Step S200 The end user operates the end user terminal 300 owned by the end user to access the avatar generation system 100 and perform an avatar generation operation.
  • the end user terminal 300 transmits an avatar generation instruction corresponding to the avatar generation operation to the avatar generation system 100.
  • Step S202 The avatar generation system executes a process to generate an avatar in response to the avatar generation instruction.
  • Step S204 The end user operates the end user terminal 300 to carry out an avatar registration procedure so that the generated avatar is registered in the avatar management device 400.
  • the end user specifies the avatar to be registered, and specifies the avatar management device 400 as the registration destination for the specified avatar.
  • Step S206 In response to the avatar registration procedure in step S204, avatar generation system 100 and avatar management device 400 execute processes corresponding to avatar registration.
  • avatar generation system 100 uploads, to avatar management device 400, the avatar information of the avatar designated as the registration target through the avatar registration procedure.
  • avatar registration unit 421 of the avatar management device 400 stores the uploaded avatar information in the avatar information storage unit 432 .
  • the authenticity certification information management unit 422 of the avatar management device 400 assigns authenticity certification information to the avatar that is the subject of the current registration.
  • the authenticity proof information is information that proves the authenticity of the avatar itself that exists in the metaverse of the service providing system 510.
  • the authenticity of an avatar means that the avatar is not fake or tampered with and is legitimate.
  • Examples of an avatar that is not legitimate (illegal) include an avatar that has been tampered with by replacing avatar materials such as facial materials with fake materials that are different from the original, and an avatar that has been copied without the permission of a person who has certain rights to the avatar, such as the creator.
  • the authenticity certification information management unit 422 may provide authenticity certification information to the target avatar by providing a digital watermark (an example of authenticity certification information) and a digital authenticity certificate (an example of authenticity certification information) as follows:
  • the authenticity proof information management unit 422 assigns information unique to the target avatar, such as an avatar ID, as a digital watermark to the object data of the target avatar.
  • the digital watermark assigned to the object data of the avatar in this way is preferably of an imperceptible type, but may also be of a perceptible type.
  • the authenticity certificate information management unit 422 assigns a digital authenticity certificate to the target avatar.
  • the authenticity certification information management unit 422 may be configured to assign an authenticity certificate to the target avatar that certifies the creator of the target avatar, the storage location (URL) of the target avatar, the service providing system 510 that uses the target avatar, etc.
  • the authenticity certificate may be issued by an authenticity certificate issuer (not shown) in the network by the authenticity proof information management unit 422 executing a predetermined transaction with the authenticity certificate issuer for the target avatar.
  • Such an authenticity certificate may be managed on the network in association with, for example, the avatar ID of the target avatar (an example of information unique to the avatar to be registered).
  • the authenticity certificate that the authenticity certificate information management unit 422 assigns to the avatar may be a non-fungible token (NFT) managed by a blockchain.
  • NFT non-fungible token
  • the authenticity certificate information management unit 422 may assign the authenticity certificate to the avatar by using, for example, an external NFT platform.
  • the authenticity certificate information management unit 422 may assign the authenticity certificate generated by using quantum-resistant cryptography or a quantum-resistant blockchain to the avatar.
  • the authenticity certificate that the authenticity certification information management unit 422 assigns to the avatar may be a soulbound token (SBT), which is a non-transferable NFT.
  • SBT soulbound token
  • the authenticity certification information management unit 422 may assign the SBT to the avatar as the authenticity certification information instead of the NFT, or may assign both the NFT and the SBT to the avatar.
  • the authenticity certification information management unit 422 may select and use either the NFT or the SBT to prove the authenticity of the avatar, or may use both the NFT and the SBT.
  • the authenticity proof information management unit 422 issues a unique authentication code to the avatar that is the subject of this registration.
  • the authentication code is provided together with the avatar data of the avatar to the service providing system 510 that provides network services using the avatar.
  • the authentication code is used to determine the authenticity of the avatar in response to a request from an end user, as described below. Since the authentication code is uniquely associated with the target avatar, for example, the avatar ID may be used. However, in order to strengthen security against, for example, the identification of the avatar or registration information that may include personal information of the user, it is preferable to use a code generated independently of the avatar ID as the authentication code.
  • the authenticity proof information management unit 422 adds the issued authentication code as one piece of metadata in the metafile stored in the metafile storage unit 4323 in association with the target avatar (FIG. 7).
  • Step S208 The end user who is the creator of the avatar registered in step S206 accesses the end user terminal 300 to the VC issuing system 600 and performs an operation for issuing the avatar identification information.
  • the end user terminal 300 executes the process of the issuing procedure in response to the operation.
  • the end user terminal 300 may transmit an issuance request together with the avatar information that is the target of the avatar identification information to the VC issuing system 600.
  • the issuance request may also include information that specifies the avatar identification information to be issued (issuance certificate specification information).
  • the VC issuing system 600 may determine the avatar credentials to be issued to the target avatar.
  • the end user terminal 300 may first acquire avatar information from the avatar management device 400 and then transmit the acquired avatar information to the VC issuing system 600, or may specify the avatar to be transmitted to the avatar management device 400 and have the avatar management device 400 transmit the avatar information to the VC issuing system 600.
  • Step S210 In response to the issuance request from the end user terminal 300 in step S208, the VC issuing system 600 generates avatar identification information that proves the identity of the avatar based on the avatar information received together with the issuance request in step S208. At this time, the VC issuing system 600 generates (issues) an avatar DID indicating the corresponding avatar, and generates a pair of a public key and a private key corresponding to the avatar DID. Then, the VC issuing system 600 signs (encrypts) the generated avatar identification information with a private key generated corresponding to the issuer DID indicating the issuing organization that the VC issuing system 600 corresponds to.
  • the VC issuing system 600 may include at least a portion of the content of the received avatar information in the identity information.
  • Step S212 The VC issuing system 600 registers the avatar identification information in the avatar management device 400. Specifically, it transmits to the avatar management device 400 the avatar identification information signed with a private key corresponding to the issuer DID granted to the corresponding issuing agency (an example of signed identification information) and the private key corresponding to the avatar DID of the corresponding avatar.
  • the VC management unit 424 of the avatar management device 400 stores the avatar identification information and the private key corresponding to the avatar DID received from the VC issuing system 600 in the avatar VC storage unit 433 in association with the avatar ID of the corresponding avatar.
  • Step S214 The VC issuing system 600 also registers the public keys (public key corresponding to the issuer DID and public key corresponding to the avatar DID) generated in step S210 together with the avatar identification information in the DPKI system 700.
  • a real user and an avatar can be registered as an identity corresponding to one end user by the processing procedure in Fig. 12 above, and after registration, qualification information can be assigned (issued) to the identity.
  • a user identification card can be assigned (issued) to the real user, and avatar identification information and authenticity certification information can be assigned to the avatar.
  • the wallet management unit 425 of the avatar management device 400 can set up a credential information wallet WL, which is a wallet that collectively stores the credential information assigned to an identity (real user, avatar), for each end user. That is, the wallet management unit 425 assigns one wallet ID in association with one end user.
  • the wallet management unit 425 generates wallet management information corresponding to the assigned wallet ID as follows.
  • the wallet management unit 425 stores an identity ID (user ID, avatar ID) for each corresponding identity in a field of a shared ID list in association with the assigned wallet ID. Furthermore, the wallet management unit 425 stores a list item of the credential information assigned to the corresponding identity in a field of a shared credential information list in association with the assigned wallet ID. The wallet management unit 425 stores the wallet management information generated in this manner in the wallet management information storage unit 435.
  • the shared ID list may store identity IDs of some identities among all identities corresponding to one end user.
  • the shared credential information list may store some credential information selected from all credential information assigned to each identity corresponding to one end user.
  • FIG. 13 shows an example of the identity and qualification information managed by the wallet management information corresponding to one end user.
  • the figure shows an example of the wallet management mode realized under the avatar management application AP installed on the end user terminal 300.
  • an example is shown in which a real user and three avatars, A, B, and C, are registered as identities that can use the credential information wallet WL corresponding to an end user. That is, in the shared ID list field of the wallet management information, the user ID of the corresponding real user and the avatar IDs of the three avatars, A, B, and C, are stored.
  • the credential information wallet WL corresponding to the real user and the three avatars A, B, and C holds user identification information (user VC) corresponding to the real user, and avatar identification information (avatar VC) corresponding to each of avatar A, B, and C.
  • the credential information wallet WL in the figure holds authenticity proof information such as NTF or SBT, which is assigned to each of avatar A, B, and C, as in token 1 to token 5, etc.
  • These identification information (VC) and tokens (authenticity proof information) are stored in the shared credential information list field of the corresponding wallet management information.
  • Tokens may include, for example, a driver's license, a membership card, an admission permit indicating that a specific place can be entered, and a ticket indicating that a specific event can be participated in, as NFT or SBT.
  • a driver's license indicating that a specific place can be entered
  • a ticket indicating that a specific event can be participated in, as NFT or SBT.
  • the end user terminal 300 can present the identity and credential information corresponding to the end user as follows.
  • FIG. 14A shows an example of an identity management screen displayed on the display unit of the end user terminal 300.
  • the identity management screen in the figure includes an identity selection area AR1, a qualification information selection area AR2, and a service selection area AR3.
  • the identity selection area AR1 is an area where operations such as authentication and metaverse entry are performed to select an identity.
  • buttons BT1 corresponding to real users and multiple avatars are arranged as identities corresponding to end users.
  • the button BT1 labeled “Real ID” corresponds to a real user
  • the buttons BT1 labeled "Business,” “Culture,” and “Game” each correspond to an avatar.
  • the credential selection area AR2 is an area in which an operation is performed to select the credential information that a real user will use to verify their credentials in the real space, or the credential information that an avatar will use to verify their credentials in the metaverse.
  • the qualification information selection area AR2 includes a certification information (VC) area AR21 and an authenticity certification information area AR22.
  • the identification information area AR21 is an area where an operation for selecting qualification information as identification information is performed.
  • buttons BT21 corresponding to each piece of identification information are arranged as options.
  • the authenticity certification information area AR22 is an area where an operation for selecting qualification information as authenticity certification information is performed.
  • buttons BT22 corresponding to each piece of identification information are arranged as options.
  • the service selection area AR3 is an area in which an operation is performed to select a service to be used by an identity from among services provided in the real world (real services) and services provided in the metaverse (network services).
  • Real services may include services that allow the use of specified cashless payments such as credit cards.
  • buttons BT3 corresponding to each service are arranged.
  • an end user when an end user, as a real user in real space, uses a service that has an age restriction, such as purchasing alcohol at a store, age verification is required.
  • age verification is required to be of a certain age or older.
  • the end user can handle age verification by using the avatar management system 2 of this embodiment as follows.
  • the end user performs an operation (operation on button BT1) in the identity selection area AR1 of the identity management screen in FIG. 14A to select a real user as a user who will be a target for using the service.
  • the end user performs an operation in the service selection area AR3 on the identity management screen to select a service to be used this time as a real user (operation on the button BT3). Furthermore, the end user performs an operation in the qualification information selection area AR2 to select qualification information that can prove the age required for the service to be used this time (operation on button BT2).
  • the display on the display unit of the end user terminal 300 transitions from the state shown in FIG. 14A to a credential information screen showing the contents of the credential information selected by the operation on the credential information selection area AR2, as shown in FIG. 14B, for example.
  • a code symbol CD generated based on the selected credential information is displayed below the credential information screen.
  • the code symbol CD is a code symbol of information (age verification information) that proves that the real user is over the age required by the target service.
  • the end user performs an operation on the code symbol CD displayed below the qualification information screen.
  • the display unit of the end-user terminal 300 transitions to displaying an enlarged code symbol CD, as shown in FIG. 14C.
  • the end user presents the enlarged code symbol CD to, for example, a store clerk.
  • the clerk has the presented code symbol CD read by a code reader.
  • the store terminal obtains the age verification information indicated by the read code symbol CD and notifies the end user by display or the like that the end user meets the age requirement.
  • the clerk can confirm that the end user meets the age requirement by the notification and provide the service.
  • Step S300 In this case, the end user performs an operation to select a real user in the identity selection area AR1 on the identity management screen (FIG. 14A). In response to this operation, the end user terminal 300 selects the real user as the identity that will be the target of this service usage.
  • Step S302 The end user also performs an operation to select the service to be used this time in the service selection area AR3 on the identity management screen.
  • the end user terminal 300 identifies the service to be used this time in response to the operation.
  • Step S304 The end user also performs an operation in the credential selection area AR2 on the identity management screen to select credential information that can prove that the user meets the age requirements for the service to be used.
  • the end user terminal 300 identifies the selected credential information in response to the operation.
  • Step S306 The end user terminal 300 transmits a credential information request to the avatar management device 400, requesting the credential information identified in step S304.
  • the credential information request may include, for example, a wallet ID associated with the end user and a credential information ID indicating the credential information identified in step S304.
  • Step S308 In this case, the credential information specified by the credential information request sent in step S306 was user identification information.
  • the VC management unit 424 in the avatar management device 400 acquires the user identification information specified by the received credential information request from the user VC storage unit 434, and transmits the acquired user identification information to the end-user terminal 300.
  • Step S310 The end user terminal 300 receives the user identification information sent in step S308, and refers to the age of the end user (real user) indicated in the received user identification information. Based on the referred age, the end user terminal 300 generates age verification information indicating that the age conditions required for the service to be used this time (the service selected in step S302) are met, and generates a code symbol indicating the generated age verification information.
  • the age verification information may be information indicating that the age conditions are met, or may be information indicating a specific age.
  • Step S312 The end user terminal 300 displays the code symbol generated in step S310 on the display unit.
  • Step S400 In this case, the end user performs an operation in the identity selection area AR1 on the identity management screen (FIG. 14A) to select one avatar to act in the metaverse.
  • the end user terminal 300 selects the avatar selected by this operation as the identity to be acted in the metaverse.
  • Step S402 The end user causes the end user terminal 300 to access a service providing system 510 that provides a metaverse that corresponds to the intended use of the target avatar.
  • the end user performs an avatar collaboration operation to make the avatar exist in the accessed service providing system 510.
  • the end user terminal 300 notifies the accessed service providing system 510 of the avatar ID of the target avatar to be made to exist in the metaverse as avatar collaboration control in response to the avatar collaboration operation.
  • Step S404 The service providing system 510 requests avatar information of the avatar indicated by the notified avatar ID from the avatar management device 400.
  • the avatar provision control unit 423 of the avatar management device 400 transfers the avatar based on the requested avatar information to the service providing system 510 that made the request.
  • the service providing system 510 makes the transferred avatar exist in the metaverse.
  • the end user terminal 300 accessing the service providing system 510 displays the presence of the target avatar in the metaverse.
  • Step S406 the avatar that has come to exist in the metaverse in step S404 is made to act in the metaverse under the control of the avatar provision control unit 423. That is, the avatar in this case is made to act spontaneously, without depending on the operation of the end-user terminal 300 by the end-user.
  • the control by the avatar provision control unit 423 to make the avatar act spontaneously may be performed based on a predetermined plan (scenario).
  • the control to make the avatar act spontaneously may be performed by the avatar provision control unit 423 using AI (Artificial Intelligence).
  • the avatar provision control unit 423 may make the avatar act using a learned model that has learned how to act in response to attributes such as occupation and personality set for the avatar, the environment of the metaverse in which the avatar exists, the content of communication with other avatars, and the like.
  • the end user may perform an operation to cause a target avatar existing in the service providing system 510 to act.
  • Step S408 Here, while the avatar is acting in the metaverse, a situation occurs in which it is necessary to confirm the avatar's qualifications (a situation requiring qualification confirmation). As a specific example, when an avatar attempts to participate in a certain event, it is necessary to confirm whether or not the avatar has a ticket that allows participation in the event, as a qualification for participation.
  • Step S410 In response to the occurrence of a situation requiring qualification confirmation, the service providing system 510, which acts as the qualification confirmer, transmits a qualification confirmation request to the end user terminal 300 corresponding to the target avatar.
  • the qualification confirmation request may include the avatar ID of the target avatar as information for identifying the target avatar.
  • Step S412 In response to receiving the qualification confirmation request, the end user terminal 300 may notify the end user, for example by displaying a message, that the qualification confirmation of the target avatar is required. The end user recognizes that the qualification confirmation of the target avatar is required by receiving the message. In this case, the end user performs an operation to select the qualification information to be used for the currently required qualification confirmation in the qualification information selection area AR2 on the identity management screen (FIG. 14A) displayed on the end user terminal 300. The end user terminal 300 transmits to the service providing system 510 a qualification confirmation request including the qualification information ID of the qualification information selected by the operation.
  • Step S414 In response to receiving the qualification confirmation request, the service providing system 510 transmits a qualification information request to the avatar management device 400.
  • the qualification information request includes the qualification information ID included in the received qualification confirmation request.
  • Step S416 The avatar management device 400 acquires the credentials indicated by the credentials ID included in the credentials request transmitted in step S414. If the credentials specified by the credentials ID included in the credentials request is authenticity proof information (authenticity certificate), the authenticity proof information management unit 422 may acquire the designated credentials from a network (e.g., a blockchain). Alternatively, if the credentials specified by the credentials ID included in the credentials request is avatar identification information (avatar VC), the VC management unit 424 may acquire the corresponding avatar VC from the avatar VC storage unit 433.
  • authenticity proof information authentication certificate
  • avatar management unit 424 may acquire the corresponding avatar VC from the avatar VC storage unit 433.
  • the VC management unit 424 may perform signing (encryption) using a private key corresponding to the avatar DID that is associated with the avatar identification information in the avatar VC memory unit 433.
  • Step S418 The authenticity certification information management unit 422 or the VC management unit 424 transmits the qualification information (authenticity certification information or avatar identification information) acquired in step S420 to the service providing system 510.
  • the qualification information authentication certification information or avatar identification information
  • avatar identification information is transmitted, the corresponding issuer DID and avatar DID may be added to the transmitted avatar identification information.
  • Step S420 The service providing system 510 executes a qualification verification process using the qualification information transmitted in step S418. If the received credentials are a token (authentication information), the service providing system 510 may, for example, check the contents of the authenticity information and determine whether the target avatar has legitimate credentials. Furthermore, if the received credential information is avatar identification information, the service providing system 510 may transmit a public key request to the DPKI system 700 to request a public key corresponding to the received avatar identification information. The public key request includes the issuer DID and the avatar DID that were added to the received avatar identification information.
  • a token authentication information
  • the service providing system 510 may, for example, check the contents of the authenticity information and determine whether the target avatar has legitimate credentials. Furthermore, if the received credential information is avatar identification information, the service providing system 510 may transmit a public key request to the DPKI system 700 to request a public key corresponding to the received avatar identification information.
  • the public key request includes the issuer DID and the avatar DID that were added to the received avatar identification information
  • the DPKI system 700 obtains from the blockchain a public key corresponding to the issuer DID and a public key corresponding to the avatar DID, which correspond to the issuer DID and avatar DID, respectively, included in the received public key request.
  • the DPKI system 700 transmits the two public keys (the public key corresponding to the issuer DID and the public key corresponding to the avatar DID) obtained by receiving the avatar identification information in step S418 to the service providing system 510 that sent the public key request.
  • the service providing system 510 uses the two transmitted public keys to decrypt the received avatar identification information. If the decryption is successful, the received avatar identification information is deemed valid, and the identity of the target avatar is authenticated. If the decryption is unsuccessful, the received avatar identification information is deemed invalid, and the identity of the target avatar cannot be authenticated.
  • Step S420 The service providing system 510 executes processing according to the confirmation result in step S420.
  • the credentials wallet WL as shown in FIG. 13, it is also easy to arbitrarily associate the credentials with the identity (real user, avatar) corresponding to the end user. As a result, for example, the credentials assigned to each identity corresponding to an end user can be shared and used between identities.
  • an example is given in which an identity (real user, avatar) exists corresponding to one end user.
  • avatars that can be associated with multiple specific or unspecified end users may exist.
  • the avatar provision control unit 423 may be configured to be able to act spontaneously in response to all or some of the many end users.
  • the avatar provision control unit 423 in this case may be configured to be able to make the avatar act in response to the operation of the avatar performed based on the consensus of the many end users or the operation of the avatar by some of the end users.
  • a credential information wallet WL storing credential information of multiple real users corresponding to multiple end users and credential information of a predetermined number of avatars may be made manageable corresponding to multiple end users.
  • the end user does not have to be limited to an individual, but may be, for example, an organization or group such as a company or an organization.
  • the avatar management system 2 of this embodiment is not limited to the configuration shown in the above embodiment.
  • a specific functional unit in the avatar management device 400 shown in FIG. 4 may be provided in the end user terminal 300.
  • the end user terminal 300 by providing the end user terminal 300 with functions such as a wallet management unit 425 and a wallet management information storage unit 435 related to the credential information wallet WL, the end user terminal 300 can collectively manage the credential information of the corresponding end user.
  • a program for realizing the functions of the above-mentioned avatar generation system 100, end user terminal 300, avatar management device 400, service provision system 510, VC issuing system 600, and DPKI system 700 may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read into a computer system and executed to perform processing as the above-mentioned avatar generation system 100, end user terminal 300, avatar management device 400, service provision system 510, VC issuing system 600, and DPKI system 700.
  • “reading a program recorded on a recording medium into a computer system and executing it” includes installing a program into a computer system.
  • “computer system” includes hardware such as an OS and peripheral devices.
  • “computer system” may include multiple computer devices connected via a network including communication lines such as the Internet, WAN, LAN, and dedicated lines.
  • the term "computer-readable recording medium” refers to portable media such as a flexible disk, an optical magnetic disk, a ROM, a CD-ROM, and the like, and storage devices such as an HDD and an SSD built into a computer system.
  • the recording medium storing the program may be a non-transient recording medium such as a CD-ROM.
  • the recording medium also includes a recording medium provided inside or outside the computer system that can be accessed by the distribution server in order to distribute the program.
  • the code of the program stored in the recording medium of the distribution server may be different from the code of the program in a format executable by the terminal device.
  • the format in which the program is stored in the distribution server does not matter as long as the program can be downloaded from the distribution server and installed in a format executable by the terminal device.
  • the program may be divided into multiple parts, downloaded at different times, and then combined in the terminal device, or the divided programs may be distributed by different distribution servers.
  • the term "computer-readable recording medium” refers to a storage medium that holds the program for a certain period of time, such as a volatile memory (RAM) in a computer system that becomes a server or a client when the program is transmitted via a network.
  • the program may also be for implementing part of the above-mentioned functions.
  • the above-mentioned functions may be realized in combination with a program already recorded in the computer system, i.e., a differential file (differential program).
  • One aspect of this embodiment is a qualification management system (identity management system) that includes a qualification management unit that stores in a memory unit a plurality of specified qualifications, including one or more pieces of qualification information assigned to an identity as a real user existing in real space and indicating that the user has specified qualifications, and one or more pieces of qualification information assigned to an identity as an avatar that corresponds to the real user and can exist in the metaverse, in association with one information storage medium possessed by the real user.
  • qualification information may include identification information that proves the identity of the identity.
  • qualification information may include authenticity certification information that proves the authenticity of the identity.
  • One aspect of this embodiment is the qualification management system described in any one of (1) to (3), in which the qualification management unit may output, from among the qualification information stored in the storage unit, qualification information selected by a real user through an operation on a corresponding user terminal, as the qualification information to be used for qualification verification of an identity that is the subject of qualification verification.
  • One aspect of this embodiment is a qualification management method (identity management method) in a qualification management system (identity management system), which includes a qualification management step in which a qualification management unit stores in a storage unit a plurality of predetermined qualifications among one or more pieces of qualification information that are assigned to an identity as a real user existing in real space and indicate that the identity has a predetermined qualification, and one or more pieces of qualification information that are assigned to an identity as an avatar that corresponds to the real user and can exist in the metaverse, in association with one information storage medium possessed by the real user.
  • One aspect of this embodiment is a program for causing a computer in a qualification management system (identity management system) to function as a qualification management unit that stores in a memory unit a number of specific qualifications, including one or more qualifications assigned to an identity as a real user existing in real space and indicating that the user has specific qualifications, and one or more qualifications assigned to an identity as an avatar that corresponds to the real user and can exist in the metaverse, in association with a single information storage medium held by the real user.
  • identity management system identity management system
  • One aspect of this embodiment is a non-volatile storage medium having recorded thereon a program for causing a computer in a qualification management system (identity management system) to function as a qualification management unit that stores in a memory unit a certain number of pieces of qualification information, including one or more pieces of qualification information assigned to an identity as a real user existing in the real space and indicating that the user has certain qualifications, and one or more pieces of qualification information assigned to an identity as an avatar that corresponds to the real user and can exist in the metaverse, in association with a single information storage medium held by the real user.
  • a qualification management system identity management system
  • FIG. 17 shows an example of the overall configuration of an identity management system (an example of an identity management system) 1A of this embodiment.
  • the identity includes an avatar that exists and acts in the metaverse.
  • Such an avatar may include an avatar that acts according to an operation or instruction of an end user, as well as an avatar (AI avatar) that can act autonomously without depending on an operation of a corresponding end user by using, for example, AI (Artificial Intelligence).
  • AI Artificial Intelligence
  • the metaverse is a virtual space (an example of an activity space) constructed in a network.
  • the identity may include an end user that is associated with an avatar and acts in a real space (an example of an activity space).
  • the end user as an identity may be referred to as a "real user.”
  • the term "real user” is used when treating the end user as a user-related entity that exists in real space, and is used in contrast to an avatar corresponding to the end user that exists in virtual space as the same user-related entity.
  • the identity may include organizations such as companies and groups.
  • the identity of such an organization may also include a real organization that exists in the real space and an organization that exists in the metaverse in correspondence with the real organization.
  • the identity in this embodiment may include a real user, a real organization, an avatar, etc., as an IP holder that holds intellectual property (IP) such as two-dimensional or three-dimensional images, text, and music.
  • IP intellectual property
  • the identity management system 1A of this embodiment comprises as its components an avatar generation system 100, a user interface environment 200, an identity management device 400A, a network service environment 500, a VC (Verifiable Credentials) issuing system 600, and a DPKI system 700.
  • the components of these systems are connected to each other via a network.
  • the avatar generating system 100 is a system that generates avatars to be used in a network service environment 500 .
  • 18 shows an example of the configuration of an avatar generation system 100.
  • the avatar generation system 100 shown in the drawing includes a plurality of avatar material providing systems 110 and one integrated system 120.
  • Each of the avatar material providing systems 110 is a system that generates a predetermined avatar material from among materials (avatar materials) that make up an avatar, and provides the generated avatar material.
  • Each of the avatar material providing systems 110 may be operated by a predetermined avatar material provider (company), for example.
  • the integration system 120 acquires the necessary avatar materials from the avatar materials provided by the avatar material providing system 110, and generates an avatar by integrating (combining) the acquired avatar materials.
  • the avatar material providing system 110 and the integrated system 120 may be connected via a network.
  • the number of avatar material providing systems 110 in the avatar generation system 100 is not particularly limited as long as it is 1 or more.
  • the number of integrated systems 120 is also not particularly limited as long as it is 1 or more.
  • Figure 19 shows a schematic diagram of the flow of avatar generation in the avatar generation system 100.
  • the avatar in this embodiment may be, for example, a two-dimensional or three-dimensional (3D) character, or a three-dimensional real avatar of a person.
  • 3D three-dimensional
  • a real avatar is an avatar that realistically reproduces the appearance of an actual person PS, for example, based on information obtained by capturing an image of the original person PS.
  • the avatar generation system 100 in the figure is shown as an example equipped with six avatar material providing systems 110-1 to 110-6.
  • the avatar material providing system 110-1 generates 3D face (head) material as avatar material, and provides the generated face material MT-1.
  • the avatar material providing system 110-2 generates body material MT-2 as avatar material and provides the generated body material MT-2.
  • the body material MT-2 here is the human body excluding the head.
  • the avatar material providing system 110-2 may also generate body material MT-2 in a state where the body is wearing clothes.
  • the avatar material providing system 110-3 generates voice material MT-3 as avatar material and provides the generated voice material MT-3.
  • the voice material MT-3 is material for sounds uttered by an avatar.
  • the avatar material providing system 110-4 generates emotion material MT-4 as avatar material and provides the generated emotion material MT-4.
  • the emotion material MT-4 includes, for example, information for changing the facial expression of the face material and the movement of the body material MT-2 according to each predetermined emotion.
  • the emotion material MT-4 enables the avatar to express emotions.
  • the avatar material providing system 110-5 generates movement material MT-5 as avatar material and provides the generated movement material MT-5.
  • the movement material MT-5 includes information for imparting movement to the avatar. For example, if the avatar is a weather forecaster appearing in web content about a weather forecast, the movement material MT-5 generated corresponding to the weather forecaster can impart a movement corresponding to the weather forecaster, such as pointing at a weather chart.
  • the avatar material providing system 110-6 generates spatial material MT-6 as avatar material and provides the generated spatial material MT-6.
  • the spatial material MT-6 is material for the space in which an avatar exists.
  • an avatar material providing system 110-1 images an original person PS and generates face material MT-1 for the person PS
  • an avatar material providing system 110-2 images an original person PS and generates body material MT-2 for the person PS
  • an avatar material providing system 110-3 generates audio material MT-3 using data recording the audio of the original person PS.
  • the integration system 120 acquires the avatar materials (face material MT-1, body material MT-2, voice material MT-3, emotion material MT-4, movement material MT-5, and space material MT-6) generated by each of the avatar material providing systems 110-1 to 110-6.
  • the integration system 120 integrates the acquired avatar materials to generate the avatar AVT.
  • the avatar AVT does not have to use all of the avatar materials (facial material, body material, voice material, emotional material, movement material, spatial material) illustrated in the figure.
  • the avatar AVT may generate an avatar using, for example, some of the avatar materials illustrated in the figure. Which avatar materials are used to generate an avatar may be changed depending on, for example, the network service in which the generated avatar will be used or the metaverse environment in which the avatar will exist.
  • the user interface environment 200 is an environment that provides a user interface to end users who use the network service environment 500.
  • the user interface environment 200 includes one or more end user terminals 300 corresponding to each of the one or more end users.
  • the end user terminal 300 is a terminal that an end user uses to receive network services provided by the network service environment 500 .
  • the end user terminal 300 can connect to the service providing system 510 in response to the end user's operation, and can display, output audio, etc., applications and content corresponding to the network services provided by the connected service providing system 510.
  • the end user terminal 300 may be a personal computer, a smartphone, a tablet terminal, etc.
  • the identity management device 400A manages identities (real users, avatars).
  • the identity management device 400A stores the avatars generated by the avatar generation system 100 as identities to be managed.
  • the identity management device 400A uploads the avatars stored as identities to be managed to the network service environment 500.
  • the network service environment 500 provides network services using the avatars provided by the network service environment 500 to end users.
  • the identity management device 400A provides authenticity certification information to the avatars to be managed, thereby enabling the authenticity of the avatars to be confirmed.
  • the identity management device 400A determines the authenticity of the avatar that is the subject of the inquiry and transmits the determination result to the end user terminal 300.
  • the identity management device 400A causes the VC issuing system 600 to issue information (avatar identification information) as an identification card used to identify the avatar itself as a management target.
  • the identity management device 400A can manage the avatar as a management target by storing the issued avatar identification information.
  • the identity management device 400A transmits avatar identification information of the avatar to be identified to the network service that has made the identification request in response to an avatar identification request from a certain network service in the network service environment 500.
  • the identity management device 400A can affix a signature (digital signature) to (encrypt) the identification information to be transmitted using a private key associated with the target avatar.
  • the identity management device 400A may also manage a wallet (an example of an information storage medium).
  • the wallet here may be used to store assets in a cryptocurrency usage environment, as well as to manage, for example, the credentials (authenticity certification information, identity verification information (VC)) of a real user or avatar associated with a single end user.
  • the identity management device 400A may be configured to manage wallet data in a blockchain.
  • the wallet may be configured as an application provided by the identity management device 400A.
  • the network service environment 500 is an environment that provides one or more network services.
  • the network service environment 500 includes one or more service providing systems 510 that provide specific network services.
  • the service providing systems 510 may be configured as, for example, web servers or application servers that are constructed according to the content of the network services to be provided.
  • the network services provided by the service providing system 510 may be EC (Electronic Commerce) used by real users, websites using avatars, network games, web conference systems, etc.
  • the network services using avatars in this way may include those in which avatars exist in a metaverse as a three-dimensional virtual space and act in the metaverse.
  • the network services include a marketplace where avatars can purchase products at stores in the metaverse, a service where avatars can directly buy and sell products between each other in the metaverse, a service where celebrities or specific characters exist in the metaverse, and other services such as providing weather forecasts with an avatar as a weather forecaster, medical consultations with an avatar as a doctor, and fortune telling with an avatar as a fortune teller.
  • the service providing system 510 may be capable of providing a plurality of network services.
  • the service providing system 510 that provides a metaverse as a network service may provide a plurality of metaverses.
  • the VC issuing system 600 is a system that issues identification information in response to an issuance request.
  • the VC issuing system 600 may be configured, for example, by one or more devices connected to a network.
  • the VC issuing system 600 of this embodiment is capable of issuing identification information that proves the identity of an end user (real user), and is also capable of issuing identification information that proves the identity of the avatar itself that is managed by the identity management device 400A.
  • the VC issuing system 600 may be capable of issuing multiple pieces of identification information corresponding to multiple different issuers (issuing sources).
  • the VC issuing system 600 can issue identification information (official identification information) of public issuers.
  • a public issuer is, for example, an issuer that is an institution operated by the government, an institution approved by the government, or an institution that has a certain level of social credibility.
  • public issuers can include, for example, institutions that issue licenses according to specified qualifications, approved companies, educational institutions, local governments, financial institutions, etc.
  • financial institutions may act as issuing authorities to issue public identification information used for payments in the metaverse.
  • public identification information for entering a specific facility in the metaverse may be issued by a company, educational institution, local government agency, etc. that operates the facility.
  • the VC issuing system 600 also issues identification information (private identification information) for private issuers.
  • a private issuer may be, for example, a private organization such as a volunteer group, a citizen sports group, or a school club.
  • the private identification information issued by such a private issuer can certify, for example, that an avatar belongs to a corresponding private organization, that a certificate or license issued by the corresponding private organization has been granted to the avatar, etc.
  • the private issuer may include, for example, a fan (supporter) of the artist.
  • the private identification information issued by the fan of the artist can be attached to, for example, the artist's avatar, thereby proving that the artist's avatar is an entity supported by the fan.
  • the private issuer may include an end user.
  • an end user as a private issuer may issue private identification information of a friend certificate.
  • An avatar to which the private identification information of the friend certificate is assigned can prove, for example, that it is in a friendship relationship with the avatar of the end user who is the private issuer.
  • the private issuer may be, for example, the operator of the service providing system 510.
  • the service providing system 510 as a private issuer may issue good-quality private identification information.
  • the end user's avatar to which the good-quality private identification information has been assigned can prove that the end user has not engaged in any fraudulent activities and is of good quality in, for example, the metaverse provided by the service providing system 510.
  • the private issuer may include an event organizer, etc.
  • the private issuer may issue private identification information as a ticket for an event held in the metaverse of a specified service providing system 510.
  • An avatar that has been given private identification information as a ticket can prove that it is eligible to participate in the event held in the metaverse of the specified service providing system 510.
  • private credentials can serve as proof of identity for an avatar or avatar-enabled user based on personal relationships and personal reputations by the private issuer.
  • Another example of issuing identification information based on relationships between individuals is private identification information that can be issued based on connections in a social network system (SNS).
  • the private identification information may prove that a user or avatar is a friend of a friend of a private issuer in the SNS.
  • private identification information based on an individual's evaluation for example, private identification information based on a user's evaluation as a user (seller, buyer) in a network service in which transactions are conducted between individuals may be issued.
  • private identification information may be issued based on information indicating the user's trustworthiness (trustworthiness information) provided by a service that evaluates an individual's trustworthiness by inputting information such as the user's age, gender, occupation, purchasing history, etc.
  • trustworthiness information information indicating the user's trustworthiness provided by a service that evaluates an individual's trustworthiness by inputting information such as the user's age, gender, occupation, purchasing history, etc.
  • the identification information issued by the VC issuing system 600 in this embodiment may correspond to, for example, a VC (Verifiable Credential).
  • a VC Very Credential
  • an example is given in which the identification information in this embodiment corresponds to a VC.
  • the identification information issued by the VC issuing system 600 may be referred to as a VC.
  • the identification information that certifies the identity of the avatar itself is referred to as avatar identification information (avatar VC) to distinguish it from identification information that certifies the identity of the real user (end user) (user identification information (user VC)).
  • avatar VC avatar identification information
  • identification information or VC identification information
  • the DPKI system 700 manages public keys in accordance with the Decentralized Public Key Infrastructure (DPKI).
  • the VC issuing system 600 of this embodiment When issuing identification information as a VC, the VC issuing system 600 of this embodiment generates a pair of public and private keys corresponding to an issuer DID, which is a DID (Decentralized Identifier) that uniquely indicates an issuing agency, and also generates a pair of public and private keys corresponding to an owner DID (end user DID or avatar DID), which is a DID that uniquely indicates an owner (end user or avatar) of the identification information.
  • the VC issuing system 600 registers the generated public keys (a public key corresponding to the issuer DID and a public key corresponding to the holder DID) in the DPKI system 700.
  • the DPKI system 700 stores the registered public keys in association with the respective issuer DID and holder DID.
  • the DPKI system 700 may be configured to register a public key by storing the public key in a blockchain.
  • the DPKI system 700 may also be configured with a device that serves as a node corresponding to the blockchain that stores the public key.
  • the service providing system 510 obtains a public key associated with the owner DID of the target owner from the DPKI system 700.
  • the service providing system 510 can determine whether the identity information is valid (identity verification) by decrypting the identity information using the obtained public key.
  • FIG 20 shows the hardware configuration of the identity management device 400A.
  • the identity management device 400A in the figure comprises a communication device 4001, a ROM (Read Only Memory) 4002, a RAM (Random Access Memory) 4003, storage 4004, and a CPU (Central Processing Unit) 4005.
  • the communication device 4001, ROM 4002, RAM 4003, storage 4004, and CPU 4005 are connected by a bus 4006.
  • the communication device 4001 is a device that supports communication via a network.
  • the ROM 4002 stores non-rewritable data.
  • the RAM 4003 temporarily stores data used in the calculations executed by the CPU 4005 .
  • the storage 4004 is, for example, a hard disk drive (HDD) or a solid state drive (SSD), and stores various types of data including, for example, program data.
  • the CPU 4005 executes programs stored in the storage 4004 to perform calculations according to various controls, processes, and the like.
  • the identity management device 400A may also be provided with a GPU (Graphics Processing Unit).
  • functionality equivalent to that of identity management device 400A may be obtained by multiple distributed network terminals capable of executing transactions in accordance with the blockchain.
  • Fig. 21 shows an example of the functional configuration of the identity management device 400A.
  • the functions of the identity management device 400A in the figure are realized by a CPU (Central Processing Unit) included in the identity management device 400A executing a program.
  • the identity management device 400A in the figure includes a communication unit 401, a control unit 402A, and a storage unit 403A.
  • the communication unit 401 communicates via the network.
  • the control unit 402A executes various controls in the identity management device 400A.
  • the control unit 402A in the figure includes an avatar registration unit 421, an authenticity certification information management unit 422 (an example of a qualification management unit), an avatar provision control unit 423, a VC management unit 424 (an example of a qualification management unit), a wallet management unit 425, and a feature word processing unit 426.
  • the avatar registration unit 421 registers the avatars generated by the avatar generation system 100 as objects to be managed. Here, registering an avatar is performed by storing avatar information (described later) of the avatars to be managed in the avatar information storage unit 432.
  • the avatars registered by the avatar registration unit 421 can be used by the service providing system 510 in the network service environment 500 in the network services it provides.
  • the authenticity certification information management unit 422 manages the authenticity certification information of the avatar. Specifically, the authenticity certification information management unit 422 assigns the authenticity certification information to the registered avatar. The authenticity certification information will be described later. Furthermore, the authenticity certification information management unit 422 may determine the authenticity of the avatar that is the target of authenticity confirmation, using the authenticity certification information assigned to the registered avatar, in response to an authenticity confirmation request from the end user terminal 300. The authenticity certification information management unit 422 may transmit the determination result regarding the authenticity to the end user terminal 300 that is the sender of the authenticity confirmation request.
  • the avatar provision control unit 423 executes control related to the provision of registered avatars to the service provision system 510 (transmission of avatar information).
  • the identity management device 400A and each service provision system 510 are connected via an API, and the avatar provision control unit 423 may be configured to transmit avatar data to the service provision system 510 while in an online connected state.
  • the VC management unit 424 manages VCs (identification information) of identities that exist in the real space or the metaverse and are subject to management.
  • the VCs managed by the VC management unit 424 manage user identification information (user VC) corresponding to an identity as a real user and avatar identification information (avatar VC) corresponding to an identity as an avatar.
  • the VC management unit 424 requests the VC issuing system 600 to issue identification information of an identity (real user or avatar) via a network.
  • the VC issuing system 600 issues identification information of the target identity in response to the request.
  • the VC issuing system 600 transmits the issued identification information and the corresponding private key (private key corresponding to the issuer DID, private key corresponding to the holder DID) to the identity management device 400A.
  • the VC management unit 424 associates the transmitted identification information (avatar identification information or user identification information) with the private key and stores them in the avatar VC storage unit 433 or the user VC storage unit 434.
  • the wallet management unit 425 manages the wallets used by real users and avatars.
  • the characteristic word processing unit 426 extracts words as multiple characteristic words corresponding to the characteristics of each identity, and generates information (an example of characteristic word relationship information) indicating the relationships of the extracted words (examples of characteristic words).
  • the information generated in this way is also referred to as "characteristic expression information" hereinafter, since it can be regarded as expressing the characteristics of the corresponding identity by indicating the relationships of the extracted words.
  • the characteristic word processing unit 426 is capable of visualizing the generated characteristic expression information and displaying it on the end-user terminal 300 .
  • the storage unit 403A stores various types of information that the identity management device 400A supports.
  • the storage unit 403A includes an end user information storage unit 431, an avatar information storage unit 432, an avatar VC storage unit 433, a user VC storage unit 434, a wallet management information storage unit 435, an identity history information storage unit 436, and a trait expression information storage unit 437.
  • the end user information storage unit 431 stores end user information.
  • End user information is information about an end user who has registered one or more avatars corresponding to the end user in the identity management device 400A.
  • the end user information in the figure includes fields for an end user ID and user profile information.
  • the end user ID field stores an end user ID that uniquely identifies the corresponding end user.
  • the user profile information field stores the user profile information of the corresponding end user.
  • the user profile information may include, for example, the end user's name, gender, address, etc.
  • the avatar information storage unit 432 stores avatar information.
  • 23 shows an example of avatar information stored in the avatar information storage unit 432.
  • the avatar information storage unit 432 in the figure includes an object data storage unit 4321, a material group data storage unit 4322, and a metafile storage unit 4323.
  • the avatar information corresponding to one avatar includes, for example, object data, material group data, and a metafile.
  • the object data storage unit 4321 stores object data for each registered avatar.
  • the material group data storage unit 4322 stores material group data for each registered avatar.
  • the metafile storage unit 4323 stores metafiles for each registered avatar. Among the object data storage unit 4321, the material group data storage unit 4322, and the metafile storage unit 4323, the object data, material group data, and metafiles corresponding to the same avatar are associated with each other by the same avatar ID.
  • the object data A, material group data A, and metafile A stored in the object data storage unit 4321, material group data storage unit 4322, and metafile storage unit 4323, respectively, corresponding to avatar A, are associated with each other by the avatar ID [00000A] that uniquely identifies avatar A.
  • Object data is data on the actual object as the corresponding avatar.
  • Object data is formed by combining components such as the head and body that are generated using specific avatar materials, for example.
  • Material group data is data that includes one or more avatar materials that add a specific aspect to the substance of the avatar created by the object data.
  • Material group data may include, for example, audio materials, emotional materials, movement materials, spatial materials, etc.
  • the material group data allows the avatar object to speak, change facial expressions, move, and exist in a virtual space with a specific design.
  • the metafile contains one or more pieces of metadata that are to be attached to the corresponding avatar.
  • Fig. 24 shows an example of a metafile corresponding to one avatar.
  • the metafile in Fig. 24 includes metadata such as an avatar ID, source information, creator information, authentication code, authorized user information, avatar format, and action history information.
  • the avatar ID is an identifier that uniquely identifies an avatar in the avatar information stored in the avatar information storage unit 432.
  • the avatar ID may be issued by the avatar registration unit 421 when registering a corresponding avatar.
  • the avatar ID associates object data, material group data, and metafiles that correspond to the same avatar.
  • the origin information is information about the original person (originator) of the corresponding avatar.
  • the origin information may include, as information items, an origin ID, profile information of the originator, etc.
  • the origin information may be provided by the avatar generation system 100. If the originator is an end user, the end user ID of the corresponding end user may be used as the origin ID.
  • Creator information is information about the creator of the corresponding avatar.
  • the creator may be, for example, an organization such as a company or an individual that corresponds to the integrated system 120 that generated the corresponding avatar in the avatar generation system 100.
  • the authentication code is a code that the identity management device 400A issues in association with the avatar to be provided when the service providing system 510 receives an avatar provided by the identity management device 400A (transmission of avatar information) from the identity management device 400A.
  • the authorized user information is information about an authorized user.
  • An authorized user is a person who has the authority to use a corresponding avatar.
  • the authorized user may be an end user who is the creator of the avatar.
  • the authorized user can make the avatar created by the authorized user exist in the metaverse provided by the service providing system 510, and can make the avatar act in the metaverse in response to, for example, the operation of the end user terminal 300.
  • the authorized user may also be an operator of a specific service providing system 510.
  • the authorized user information is information indicating such an authorized user.
  • the authorized user information may be a user account such as an authorized user ID, a user name, and a password registered by the authorized user.
  • the end user ID may be used as the authorized user ID.
  • the authorized user information may include, in addition to the original authorized user (primary authorized user), such as the end user from whom the avatar was generated, authorized users (secondary authorized users), such as other end users who have been granted authorization to use the avatar.
  • Avatar format indicates the compatible avatar format, such as the avatar file format and specifications.
  • the behavioral history information is information that indicates the history of the behavior of the corresponding avatar in the metaverse provided by each service providing system 510.
  • the behavioral history information of each avatar may be obtained from each service providing system 510, for example, by the avatar provision control unit 423.
  • the avatar VC storage unit 433 stores avatar identification information (avatar VC) for each registered avatar.
  • avatar VC avatar identification information
  • the avatar VC storage unit 433 also stores private keys associated with the avatar identification information (private key corresponding to issuer DID, private key corresponding to avatar DID).
  • FIG. 25 shows an example of information (avatar identification information and private key) stored in the avatar VC storage unit 433 in association with one avatar.
  • avatar identification information and a secret key corresponding to the avatar DID are stored in association with the avatar VC_ID and avatar ID in the avatar VC storage unit 433.
  • the avatar VC_ID is an identifier uniquely assigned to the corresponding avatar identification information. In this way, by associating the avatar identification information and the private key with the avatar ID, the avatar identification information and the private key can be managed in association with the avatar information of the corresponding avatar.
  • the avatar credential information includes fields of VC type, issuer DID, avatar DID, and avatar related information.
  • the VC type field stores information indicating the type (format) of the identification information.
  • the issuer DID field stores an issuer DID indicating the issuer of the avatar identification information.
  • the avatar DID field stores the avatar DID of the corresponding avatar.
  • the avatar-related information field stores avatar-related information of the corresponding avatar.
  • the content of the information included in the avatar-related information is not particularly limited, but may include, for example, information on rights, qualifications, etc. acquired by the avatar acting in the metaverse.
  • the avatar-related information may also include behavior history information similar to that stored in the avatar information.
  • At least one of the avatar identification information and the private key may be stored in the blockchain under the control of the VC management unit 424 of the identity management device 400A. If both the avatar identification information and the private key are stored in the blockchain, the avatar VC storage unit 433 may be omitted.
  • the user VC storage unit 434 stores user identification information (user VC) for each end user (real user) registered (stored) in the end user information storage unit 431.
  • the user VC storage unit 434 also stores private keys (private keys corresponding to issuer DIDs, private keys corresponding to user DIDs) associated with the user identification information.
  • FIG. 26 shows an example of information (user identification information and private key) stored in the user VC storage unit 434 corresponding to one real user.
  • the user VC storage unit 434 stores user identification information and a private key corresponding to the user DID in association with the user VC_ID and user ID.
  • the user VC_ID is an identifier uniquely assigned to the corresponding user identification information. In this way, by associating the user identification information and the private key with the user ID, the user identification information and the private key can be associated with the user information of the corresponding real user (end user) and managed.
  • the user credential information includes fields of VC type, issuer DID, user DID, and user related information.
  • the user-related information stores user-related information of the corresponding real user.
  • the content of the information included in the user-related information is not particularly limited, but may include, for example, information on rights, qualifications, etc. acquired by the real user as a result of the corresponding real user's actions in real space (shopping, moving to a specified location, etc.).
  • the user-related information may also include action history information on the actions of the corresponding real user in real space.
  • At least one of the user identification information and the private key may be stored in the blockchain under the control of the VC management unit 424 of the identity management device 400A. If both the user identification information and the private key are stored in the blockchain, the user VC storage unit 434 may be omitted.
  • the wallet management information storage unit 435 stores wallet management information.
  • the wallet management information corresponding to one wallet is information for integrating and managing the qualification information of an identity (real user, avatar) corresponding to one end user.
  • Fig. 27 shows an example of wallet management information corresponding to one wallet.
  • the wallet management information corresponding to one wallet has fields for a wallet ID, an identity list, and a qualification information list.
  • the wallet ID field stores a wallet ID that is an identifier that uniquely identifies the corresponding wallet.
  • the identity list stores identity IDs (user IDs, avatar IDs) that indicate identities that can use the corresponding wallet.
  • the credential list stores credential IDs (user VC_ID, avatar VC_ID, authenticity certificate ID, etc.) for each credential (VC, authenticity certificate, etc.) that is managed as being included in the corresponding wallet.
  • credential IDs user VC_ID, avatar VC_ID, authenticity certificate ID, etc.
  • wallet management information having such a structure, for example, it becomes possible to integrally manage the credential information (authenticity certificate information, VC, etc.) assigned to each identity (real user, avatar) corresponding to one end user as the credential information stored in the wallet held by one end user. Also, it becomes possible to share the credential information stored in the wallet between identities indicated by identity IDs (user ID, avatar ID) stored in the identity list.
  • the wallet management information may be stored in the blockchain under the control of the wallet management unit 425 of the identity management device 400A.
  • the wallet management information storage unit 435 may be omitted.
  • the identity history information storage unit 436 stores identity history information indicating a history of actions taken so far for each identity (real user or avatar).
  • the identity history information storage unit 436 may store identity history information, for example, for each real user (end user), in such a way that the identity history information of the real user (real user individual history information) corresponds to the identity history information of one or more avatars (avatar individual history information) associated with the real user.
  • Real user individual history information may be collected by the control unit 402A, for example, information on the website usage history and location information performed using the end user terminal 300 used by the corresponding end user, and the collected information may be stored in the identity history information storage unit 436 as identity history information.
  • the avatar individual history information may be acquired by, for example, the avatar provision control unit 423 from each service providing system 510.
  • the behavior history information in the metafile ( FIG. 24 ) of the avatar information stored in the metafile storage unit 4323 may be omitted, or each of the behavior history information may exist separately.
  • FIG. 28 shows an example of the management mode of identity history information stored in identity history information storage unit 436 in association with one real user.
  • identity history information corresponding to one real user is managed by associating real user individual history information with avatar individual history information for each avatar (avatar A, avatar B, etc.) for the real user ID of the corresponding real user.
  • FIG. 28 shows an example in which one real user individual information is associated with one real user, and one avatar individual history information is associated with each avatar.
  • one real user individual information is associated with one real user
  • one avatar individual history information is associated with each avatar.
  • multiple real user individual information may be associated with one real user
  • multiple avatar individual information may be associated with one avatar.
  • the feature expression information storage unit 437 stores the feature expression information generated by the feature word processing unit 426 .
  • the identity management device 400A may be configured as a single device, or may be realized by multiple devices connected to each other in a network and each device being assigned a specific function, and the multiple devices then working together to execute processing.
  • the VC issuing system 600 may also store a database relating to issuers (issuer database). 29 shows an example of the structure of a record (issuer information) stored in the issuer database in association with one issuer.
  • the issuer information in the figure includes fields for an issuer ID, an issuer profile, and an issuing VC.
  • the issuer ID field stores the issuer ID of the corresponding issuer.
  • the issuer profile field stores an issuer profile.
  • the issuer profile is information indicating the profile of an issuer. As shown in the figure, the issuer profile may include fields such as issuer type and issuer name.
  • the issuer type field stores information indicating, for example, the type of the corresponding issuer, whether it is a public issuer or a private issuer.
  • the issuer name field stores the name of the corresponding issuer (issuer name).
  • the issuing VC field stores information about the identity verification information issued by the corresponding issuer.
  • the registration of an end user according to the example processing procedure in the same figure is a registration for enabling the end user corresponding to an avatar to be managed as a real user, which is one of identities.
  • Step S100A The end user operates the end user terminal 300 owned by the end user to perform an end user registration procedure so that the end user as the end user is registered in the identity management device 400A.
  • the end user may input information on predetermined items such as a user account and a user name to be included in the user profile information.
  • the identity management device 400A generates end user information of the corresponding end user in response to an end user registration procedure from the end user terminal 300, and stores the generated end user information in the end user information storage unit 431.
  • Step S102A In response to the user registration in step S100A, the end user may carry out a procedure for issuing user identification information (user VC) corresponding to the end user.
  • the end user accesses the end user terminal 300 to the VC issuing system 600 and carries out an operation for issuing user identification information (user VC) corresponding to the end user.
  • the end user terminal 300 executes a process corresponding to the user identification information issuing procedure in response to the operation.
  • the end user terminal 300 may transmit an issuance request together with information on predetermined items in the user profile information to the VC issuing system 600.
  • the issuance request may also include information specifying the type of user identification information to be issued (e.g., driver's license, passport, insurance card, etc.).
  • Step S104A The VC issuing system 600 generates user identification information in response to the issuance request received in response to step S102A. At this time, the VC issuing system 600 generates (issues) a user DID indicating the corresponding end user, and generates a public key/private key pair corresponding to the user DID. The VC issuing system 600 then signs (encrypts) the generated user identification information with the private key generated in response to the issuer DID indicating the issuing organization that it corresponds to.
  • Step S106A The VC issuing system 600 registers the user identification information generated in step S104A in the identity management device 400A. Specifically, the VC issuing system 600 transmits to the identity management device 400A the user identification information signed with a private key corresponding to the issuer DID granted to the corresponding issuing authority, and the private key corresponding to the user DID of the corresponding end user. In the identity management device 400A, the VC management unit 424 stores the user identification information and the private key corresponding to the user DID received from the VC issuing system 600 in the user VC storage unit 434 in association with the avatar ID of the corresponding avatar.
  • Step S108A The VC issuing system 600 also registers the public keys (the effector key corresponding to the issuer DID and the public key corresponding to the user DID) generated in step S104A together with the user identification information in the DPKI system 700.
  • the issuance of user identification information in steps S102A to S108A may be performed every time it becomes necessary to issue new user identification information after the user registration.
  • Step S200A The end user operates the end user terminal 300 owned by the end user to access the avatar generation system 100 and perform an avatar generation operation.
  • the end user terminal 300 transmits an avatar generation instruction corresponding to the avatar generation operation to the avatar generation system 100.
  • Step S202A The avatar generation system executes a process to generate an avatar in response to the avatar generation instruction.
  • Step S204A The end user operates the end user terminal 300 to carry out an avatar registration procedure so that the generated avatar is registered in the identity management device 400A.
  • the avatar to be registered is specified, and the identity management device 400A is specified as the registration destination of the specified avatar.
  • Step S206A In response to the avatar registration procedure in step S204A, the avatar generation system 100 and the identity management device 400A execute processing corresponding to avatar registration.
  • the avatar generation system 100 uploads avatar information of an avatar designated as an avatar to be registered through the avatar registration procedure to the identity management device 400A.
  • the avatar registration unit 421 of the identity management device 400A stores the uploaded avatar information in the avatar information storage unit 432.
  • the authenticity certification information management unit 422 of the identity management device 400A assigns authenticity certification information to the avatar that is the subject of this registration.
  • the authenticity certification information is information that proves the authenticity of the avatar itself that exists in the metaverse of the service providing system 510.
  • an avatar having authenticity means that the avatar is not fake or tampered with and is legitimate.
  • Examples of an avatar that is not legitimate (unauthorized) include an avatar that has been tampered with by replacing avatar materials such as facial materials with fake materials that are different from the original, and an avatar that has been copied without the permission of a person who has certain rights to the avatar, such as the creator.
  • the authenticity certification information management unit 422 may provide authenticity certification information to the target avatar by providing a digital watermark (an example of authenticity certification information) and a digital authenticity certificate (an example of authenticity certification information) as follows:
  • the authenticity proof information management unit 422 assigns information unique to the target avatar, such as an avatar ID, as a digital watermark to the object data of the target avatar.
  • the digital watermark assigned to the object data of the avatar in this way is preferably of an imperceptible type, but may also be of a perceptible type.
  • the authenticity certificate information management unit 422 assigns a digital authenticity certificate to the target avatar.
  • the authenticity certification information management unit 422 may be configured to assign an authenticity certificate to the target avatar that certifies the creator of the target avatar, the storage location (URL) of the target avatar, the service providing system 510 that uses the target avatar, etc.
  • the authenticity certificate may be issued by an authenticity certificate issuer (not shown) in the network by the authenticity proof information management unit 422 executing a predetermined transaction with the authenticity certificate issuer for the target avatar.
  • Such an authenticity certificate may be managed on the network in association with, for example, the avatar ID of the target avatar (an example of information unique to the avatar to be registered).
  • the authenticity certificate that the authenticity certificate information management unit 422 assigns to the avatar may be a non-fungible token (NFT) managed by a blockchain.
  • NFT non-fungible token
  • the authenticity certificate information management unit 422 may assign the authenticity certificate to the avatar by using, for example, an external NFT platform.
  • the authenticity certificate information management unit 422 may assign the authenticity certificate generated by using quantum-resistant cryptography or a quantum-resistant blockchain to the avatar.
  • the authenticity certificate that the authenticity certification information management unit 422 assigns to the avatar may be a soulbound token (SBT), which is a non-transferable NFT.
  • SBT soulbound token
  • the authenticity certification information management unit 422 may assign the SBT to the avatar as the authenticity certification information instead of the NFT, or may assign both the NFT and the SBT to the avatar.
  • the authenticity certification information management unit 422 may select and use either the NFT or the SBT to prove the authenticity of the avatar, or may use both the NFT and the SBT.
  • the authenticity certification information management unit 422 issues a unique authentication code to the avatar that is the subject of this registration.
  • the authentication code is provided together with the avatar data of the avatar to the service providing system 510 that provides network services using the avatar.
  • the authentication code is used to determine the authenticity of the avatar in response to a request from an end user, as described below. Since the authentication code is uniquely associated with the target avatar, for example, the avatar ID may be used. However, in order to strengthen security against, for example, the identification of the avatar or registration information that may include personal information of the user, it is preferable to use a code generated independently of the avatar ID as the authentication code.
  • the authenticity proof information management unit 422 adds the issued authentication code as one piece of metadata in the metafile stored in the metafile storage unit 4323 in association with the target avatar (FIG. 24).
  • Step S208A The end user who is the creator of the avatar registered in step S206A accesses the end user terminal 300 to the VC issuing system 600 and performs an operation for issuing the avatar identification information.
  • the end user terminal 300 executes the process of the issuing procedure in response to the operation.
  • the end user terminal 300 may transmit an issuance request together with the avatar information that is the target of the avatar identification information to the VC issuing system 600.
  • the issuance request may also include information that specifies the avatar identification information to be issued (issuance certificate specification information).
  • the VC issuing system 600 may determine the avatar credentials to be issued to the target avatar.
  • the end user terminal 300 may first obtain avatar information from the identity management device 400A and then transmit the obtained avatar information to the VC issuing system 600, or may specify the avatar to be transmitted to the identity management device 400A and have the identity management device 400A transmit the avatar information to the VC issuing system 600.
  • Step S210A In response to the issuance request from the end user terminal 300 in step S208A, the VC issuing system 600 generates avatar identification information that proves the identity of the avatar based on the avatar information received together with the issuance request in step S208A. At this time, the VC issuing system 600 generates (issues) an avatar DID indicating the corresponding avatar, and generates a pair of a public key and a private key corresponding to the avatar DID. Then, the VC issuing system 600 signs (encrypts) the generated avatar identification information with a private key generated corresponding to the issuer DID indicating the issuing organization that the VC issuing system 600 corresponds to.
  • the VC issuing system 600 may include at least a portion of the content of the received avatar information in the avatar-related information.
  • Step S212A The VC issuing system 600 registers the avatar identification information in the identity management device 400A. Specifically, the avatar identification information signed with a private key corresponding to the issuer DID granted to the corresponding issuing agency (an example of signed identification information) and the private key corresponding to the avatar DID of the corresponding avatar are transmitted to the identity management device 400A.
  • the VC management unit 424 of the identity management device 400A stores the avatar identification information and the private key corresponding to the avatar DID received from the VC issuing system 600 in the avatar VC storage unit 433 in association with the avatar ID of the corresponding avatar.
  • Step S214A The VC issuing system 600 also registers the public keys (public key corresponding to the issuer DID and public key corresponding to the avatar DID) generated in step S210A together with the avatar identification information in the DPKI system 700.
  • a real user and an avatar can be registered as an identity corresponding to one end user by the processing procedure of Fig. 29 above, and after registration, qualification information can be assigned (issued) to the identity.
  • qualification information can be assigned (issued) to the identity.
  • a user identification card can be assigned (issued) to the real user, and avatar identification information and authenticity certification information can be assigned to the avatar.
  • the wallet management unit 425 of the identity management device 400A can set up a credentials information wallet WL, which is a wallet that collectively stores the credentials assigned to an identity (real user, avatar), for each end user. That is, the wallet management unit 425 assigns one wallet ID in association with one end user.
  • the wallet management unit 425 generates wallet management information corresponding to the assigned wallet ID as follows.
  • the wallet management unit 425 stores an identity ID (user ID, avatar ID) for each corresponding identity in a field of a shared ID list in association with the assigned wallet ID. Furthermore, the wallet management unit 425 stores a list item of the credential information assigned to the corresponding identity in a field of a shared credential information list in association with the assigned wallet ID. The wallet management unit 425 stores the wallet management information generated in this manner in the wallet management information storage unit 435.
  • the shared ID list may store identity IDs of some identities among all identities corresponding to one end user.
  • the shared credential information list may store some credential information selected from all credential information assigned to each identity corresponding to one end user.
  • FIG. 31 shows an example of an aspect of identity and qualification information managed by wallet management information corresponding to one end user.
  • the figure shows an example of wallet management aspect realized under an application compatible with avatar management installed on an end user terminal 300.
  • an example is shown in which a real user and three avatars, A, B, and C, are registered as identities that can use the credential information wallet WL corresponding to an end user. That is, in the shared ID list field of the wallet management information, the user ID of the corresponding real user and the avatar IDs of the three avatars, A, B, and C, are stored.
  • the credential information wallet WL corresponding to the real user and the three avatars A, B, and C holds user identification information (user VC) corresponding to the real user, and avatar identification information (avatar VC) corresponding to each of avatar A, B, and C.
  • the credential information wallet WL in the figure holds authenticity proof information such as NTF or SBT, which is assigned to each of avatar A, B, and C, as in token 1 to token 5, etc.
  • These identification information (VC) and tokens (authenticity proof information) are stored in the shared credential information list field of the corresponding wallet management information.
  • Tokens such as NFT and SBT may include, for example, a driver's license, a membership card, an admission permit indicating that a specific place can be entered, and a ticket indicating that a specific event can be participated in.
  • NFT and SBT may include, for example, a driver's license, a membership card, an admission permit indicating that a specific place can be entered, and a ticket indicating that a specific event can be participated in.
  • the end user terminal 300 can present the identity and credential information corresponding to the end user as follows.
  • the identity management screen in the figure may be displayed by a web browser installed in the end user terminal 300 accessing, for example, a web page of the identity management screen provided by the identity management device 400A.
  • the identity management screen may be displayed by an application installed in the end user terminal 300 that supports identity management.
  • the identity management screen in the figure includes an identity selection area AR1, a qualification information selection area AR2, and a service selection area AR3.
  • the identity selection area AR1 is an area where operations such as authentication and metaverse entry are performed to select an identity.
  • buttons BT1 corresponding to real users and multiple avatars are arranged as identities corresponding to end users.
  • the button BT1 labeled “Real ID” corresponds to a real user
  • the buttons BT1 labeled "Business,” “Culture,” and “Game” each correspond to an avatar.
  • the credential selection area AR2 is an area in which an operation is performed to select the credential information that a real user will use to verify their credentials in the real space, or the credential information that an avatar will use to verify their credentials in the metaverse.
  • the qualification information selection area AR2 includes a certification information (VC) area AR21 and an authenticity certification information area AR22.
  • the identification information area AR21 is an area where an operation for selecting qualification information as identification information is performed.
  • buttons BT21 corresponding to each piece of identification information are arranged as options.
  • the authenticity certification information area AR22 is an area where an operation for selecting qualification information as authenticity certification information is performed.
  • buttons BT22 corresponding to each piece of identification information are arranged as options.
  • the service selection area AR3 is an area in which an operation is performed to select a service to be used by an identity from among services provided in the real world (real services) and services provided in the metaverse (network services).
  • Real services may include services that allow the use of specified cashless payments such as credit cards.
  • buttons BT3 corresponding to each service are arranged.
  • end users can act in such a way that their corresponding identities (real users, avatars associated with those real users) can use various services.
  • each identity real user, avatar
  • each identity has different contents such as the contents and type of identification information (VC) issued by the VC issuing system 600, authenticity proof information (NFT, SBT, etc.), identity history information, wallet data, user-related information, avatar-related information, etc.
  • VC identification information
  • NFT authenticity proof information
  • identity history information identity history information
  • wallet data wallet data
  • user-related information avatar-related information
  • each identity has its own characteristics as an individual or individual.
  • the identity management system 1A can assign characteristic expression information to each identity as information indicating the characteristics of the identity.
  • the characteristic expression information is information indicating the relationship between multiple words extracted from the identity individual information.
  • the identity individual information may be, for example, the above-mentioned identification information (VC), authenticity proof information (NFT, SBT, etc.), wallet data, user-related information, avatar-related information, identity history information, etc.
  • identity individual information can be treated as indicating the characteristics of the corresponding identity. Therefore, the characteristic expression information is information that indicates the characteristics of the corresponding identity by words and the relationships between words.
  • the feature word processing unit 426 of the identity management device 400A may generate feature expression information and store it in the feature expression information storage unit 437. Then, the characteristic word processing unit 426 may generate an identity characteristic graph (an example of word relationship display information) that visualizes the characteristic expression information, and the generated identity characteristic graph may be displayed on the end-user terminal 300 or the metaverse.
  • an identity characteristic graph an example of word relationship display information
  • FIG. 33 shows an example of a display form of an identity trait graph based on trait expression information generated corresponding to one identity A.
  • the identity characteristic graph in the figure has a structure in which a main node MN to which the words of “identity A” correspond is the starting point, and sub-nodes SN corresponding to each word related to the main node MN are connected by edges based on the relationship with the main node MN or the relationship between the words.
  • the node to be the main node MN can be arbitrarily changed from among the nodes corresponding to each word.
  • Figure 34 shows an example of an identity trait graph in which the subnode SN corresponding to the word "programming" among the subnodes SN presented in the identity trait graph of Figure 33 is changed to a main node MN.
  • the identity trait graph of Figure 34 is changed so that the connection relationship of the nodes starting from the main node MN is reconstructed in accordance with the change in the main node MN from Figure 33.
  • the display of the nodes may be changed depending on, for example, the importance of the word. Also, in the identity trait graph, the thickness, color, and other aspects of the edges between nodes may be changed depending on the degree of relationship (connection).
  • the processing in the figure is processing related to the generation of characteristic expression information for a real user or an avatar as one identity.
  • Step S300A In the identity management device 400A, the characteristic word processing unit 426 collects identity individual information of the target identity.
  • the individual identity information to be collected may include the user profile information of the corresponding end user ( Figure 22), the user identification information of the target real user stored in the user VC memory unit 434 ( Figure 26), authenticity proof information associated with the target real user, wallet data, and the individual history information of the target real user stored in the identity history information memory unit 436 ( Figure 28), etc.
  • the individual identity information to be collected may be information stored in the metafile of the corresponding avatar ( Figure 24), user identification information of the target avatar stored in the avatar VC memory unit 433 ( Figure 25), authenticity certification information associated with the target avatar, wallet data, individual history information of the target avatar stored in the identity history information memory unit 436 ( Figure 28), etc.
  • Step S302A The characteristic word processing unit 426 extracts candidate words to be included in the characteristic expression information from the individual identity information collected in step S300A.
  • Step S304A The characteristic word processing unit 426 performs scoring (weighting) for each candidate word extracted in step S302A.
  • the characteristic word processing unit 426 may perform scoring for each candidate word based on the frequency of occurrence of the candidate word, the degree of reliability of the identity individual information from which the candidate word was extracted, the degree of co-occurrence between the candidate words, etc.
  • Step S306A The characteristic word processing unit 426 selects words (target words) to be included in the characteristic expression information from among the candidate words based on the results of the scoring in step S304A.
  • Step S308A The characteristic word processing unit 426 generates characteristic expression information in which each of the target words selected in step S306A is a node.
  • the characteristic word processing unit 426 may use the results of the scoring in step S304A when setting the associations (connections) between nodes (between words), the strength of the connections, the importance of the words themselves, etc.
  • the feature word processing unit 426 may use AI (artificial intelligence) to execute the processes in steps S302A to S308A.
  • AI artificial intelligence
  • the feature word processing unit 426 may execute processes such as word scoring, word extraction, and association between words, for example, using deep learning, clustering, etc.
  • Step S310A The characteristic word processing unit 426 stores the characteristic expression information generated in step S208A in the characteristic expression information storage unit 437.
  • the characteristic expression information may have a structure that stores information such as the strength of the relationship between each word and other words, the importance of the word itself, etc.
  • the characteristic word processing unit 426 may create an identity characteristic graph using the characteristic expression information stored in the characteristic expression information storage unit 437, and control the created identity characteristic graph to be displayed and visualized in the metaverse provided by the end user terminal 300 or the service providing system 510.
  • the identity trait graph is not limited to a form such as a co-occurrence network as shown in Figures 33 and 34.
  • the identity trait graph may be in a form that shows, for example, the degree of relationship of each word to the main word or the credibility of each word using a bar graph.
  • Step S400A For example, in response to a real user's access to a network service from the end-user terminal 300 or an avatar's activity in the metaverse, it becomes necessary to display an identity attribute graph corresponding to the real user or the avatar. Then, the corresponding service providing system 510 transmits an identity attribute graph request to the identity management device 400A.
  • the identity attribute graph request includes a user ID or an avatar ID indicating the target identity.
  • Step S402A The service providing system 510 receives the identity attribute graph sent from the identity management device 400A in response to the identity attribute graph request sent in step S400A.
  • Step S404A The service providing system 510 displays the identity attribute graph received in step S402A on the network service.
  • Step S500A In the identity management device 400A, the characteristic word processing unit 426 receives the identity attribute graph request sent in step S400A.
  • Step S502A The characteristic word processing unit 426 acquires characteristic expression information of the real user or avatar indicated by the user ID or avatar ID included in the received identity characteristic graph request from the characteristic expression information storage unit 437.
  • Step S504A The characteristic word processing unit 426 creates an identity characteristic graph using the characteristic expression information acquired in step S502A.
  • the identity attribute graph can be made to correspond to a plurality of formats. For example, when a format is specified by an identity attribute graph request, the characteristic word processing unit 426 creates an identity attribute graph in the specified format.
  • Step S506A The characteristic word processing unit 426 sends the created identity characteristic graph to the service providing system 510A.
  • the characteristic word processing unit 426 can also provide the characteristic expression information stored in the characteristic expression information storage unit 437 to the metaverse.
  • the provided characteristic expression information is used for a specific purpose.
  • trait expression information may be used to match identities together.
  • a corporate identity in the metaverse may be used to select a job seeker avatar that matches the company from among job seeker avatars in the same metaverse.
  • the flowchart in FIG. 37 shows an example of a processing procedure executed by the identity management device 400A in response to the above-mentioned identity matching.
  • the processing in the figure is, for example, a process of determining the degree of matching with one identity when a corporate identity selects a job seeker identity that matches the company's job vacancy.
  • the processing in the figure is performed to match companies that exist in the metaverse with avatars.
  • Step S600A Company A, which exists as one of the identities in the metaverse, makes a recruitment request to an agent operated in the same metaverse.
  • the agent makes a request to identity management device 400A to select an avatar to be employed as an employee by company A.
  • the agent registers information on avatars that wish to be matched with companies in order to gain employment at the companies in a human resources database.
  • the avatar provision control unit 423 acquires the characteristic expression information of one avatar from among the characteristic expression information of the requesting company and the characteristic expression information of the applicant's avatar registered in the agent's human resources database.
  • Step S602A The avatar provision control unit 423 calculates the degree of compatibility between the characteristic expression information of the requesting company acquired in step S600A and the characteristic expression information of the avatar, who is the human resource.
  • the characteristic word processing unit 426 may, for example, find the similarity between the characteristic expression information of the requesting company and the characteristic expression information of the avatar, who is the applicant.
  • the characteristic expression information of the company and the characteristic expression information of the avatar as human resources used in step S602A may use words that are considered to be of high importance in relation to the job offer as main nodes, rather than the corresponding identity words as in FIG. 33.
  • the characteristic expression information in FIG. 34 can be considered as something that an applicant avatar provides when applying for a job.
  • the characteristic expression information in FIG. 34 is something that the applicant avatar has registered in the human resources database with the purpose of highlighting his or her programming skills.
  • Step S604A The characteristic word processing unit 426 may perform a matching determination based on the compatibility calculated in step S602A. In other words, the characteristic word processing unit 426 may determine whether it is appropriate for the applicant's avatar to be employed by the requesting company.
  • steps S602A and S604A may be performed, for example, by the feature word processing unit 426 using AI.
  • Step S606A The characteristic word processing unit 426 notifies the determination result made in step S604A.
  • the characteristic word processing unit 426 may notify the determination result to both the requested company and the applicant's avatar, or may notify the determination result to both the requested company and the applicant's avatar.
  • the requested company may decide whether or not to employ the applicant's avatar based on the notified evaluation result.
  • the applicant's avatar may also decide whether or not to choose the matched company as a place of employment based on the notified evaluation result.
  • the characteristic word processing unit 426 may determine whether or not to employ the applicant's avatar at the requesting company (i.e., whether or not a match has been established) based on the result of the determination in step S604A.
  • the characteristic expression information corresponding to one identity may be generated as a single piece that comprehensively indicates the characteristics of the corresponding identity, or multiple pieces may be generated for each classification of the characteristics of the corresponding identity.
  • the characteristic word processing unit 426 may generate integrated characteristic expression information by integrating characteristic expression information of multiple identities for which matching has been established, for example.
  • integrated trait expression information may be generated by integrating the trait expression information of the two identities.
  • integrated trait expression information indicates the traits of a household composed of the two identities.
  • the characteristic word processing unit 426 may generate integrated characteristic expression information that integrates the characteristic expression information of the identity of the company and one or more employee identities.
  • integrated characteristic expression information represents the characteristics of the company that accurately reflect the characteristics of the employees.
  • the characteristic word processing unit 426 may also generate integrated characteristic expression information using characteristic expression information of multiple identities that have been predefined as targets for integration, rather than just the identities for which matching has been established.
  • the characteristic word processing unit 426 may perform integration using partial characteristic expression information based on a group of words in the characteristic expression information. In this case, when generating the integrated characteristic expression information, the characteristic word processing unit 426 may use characteristic expression information including all words for a certain identity, and partial characteristic expression information for another certain identity.
  • the characteristic word processing unit 426 may select trait expression information of some of multiple identities from the integrated trait expression information made up of the trait expression information of all identities according to specified conditions, and reconstruct the integrated trait expression information.
  • an avatar as an employee of a specific department, sales office, etc. in a company is selected from integrated characteristic expression information that integrates characteristic expression information of all avatars as employees working in a company existing in the metaverse.
  • the characteristic word processing unit 426 reconstructs the integrated characteristic expression information using the characteristic expression information of the employee avatar selected from the characteristic expression information of all employee avatars.
  • the integrated characteristic expression information reconstructed in this way represents the characteristics of the department, sales office, etc. selected in the company.
  • the transfer may be in the form of buying and selling or lending and borrowing.
  • characteristic expressing information between identities the content of the characteristic expressing information associated with an identity changes, and therefore the characteristics of the identity also change.
  • Such a change in characteristic makes it possible to impart new skills, qualifications, etc. to an identity such as an avatar.
  • an avatar may act as its own characteristics the characteristics of an identity indicated by integrated characteristic expression information obtained by integrating characteristic expression information of other identities with characteristic expression information originally corresponding to the avatar itself. This allows avatars in the metaverse to act using the newly acquired qualifications. Also, avatars in the metaverse can act to express themselves with a different personality than before.
  • the identity management device 400A may, for example, based on the contents of the identity individual information, identify identity elements that are lacking for the target identity to approach a target identity image, and make recommendations to the target identity so that the identified identity elements can be acquired. Specifically, if the goal of an avatar as a target identity is to achieve the highest rank in a fan club of a certain artist, the identity management device 400A analyzes the corresponding identity individual information and determines that the avatar has attended few live performances of the artist. In this case, the identity management device 400A may recommend to the target identity that the avatar should actively attend live performances of the artist. In this case, the goal set for the identity may be set by the corresponding end user, or may be set by the avatar registration unit 421 or the like based on the avatar's activity history to date as indicated by the contents of the identity individual information.
  • the identity management device 400A may also detect, among multiple avatars corresponding to one end user, avatars whose activity level is below a certain level or whose activities overlap, based on the past behavioral history of the avatars indicated by the identity individual information corresponding to one end user.
  • the identity management device 400A may recommend to the corresponding end user how to delete the detected avatar or how to make the avatar behave in the future.
  • the wallet management unit 425 of the identity management device 400A may manage identities to allocate assets based on the characteristics of the identities.
  • the characteristics here may be derived by the wallet management unit 425 based on the past history information and characteristic expression information of the identity to which assets are allocated.
  • the avatars A and B are made to act in the metaverse to manage the assets of the corresponding end user.
  • the avatars A and B have different investment tendencies due to their past investment experiences. For example, the avatar A is good at high-risk, high-return investments, and the avatar B tends to invest by steadily accumulating funds.
  • the wallet management unit 425 of the identity management device 400A may determine the amount of money that each of the avatars A and B will use for investment from the assets held by the end user so that the most efficient investment is made based on the investment tendencies of the avatars A and B. In determining such an investment amount, the wallet management unit 425 may use a learned model that has learned the relationship between the results of the determination of the investment amount in the avatar so far and the investment effect of the avatar. The wallet management unit 425 may be configured to manage the investment amount that the end user has determined and allocated to the avatar corresponding to him/her.
  • the avatar provision control unit 423 of the identity management device 400A may determine a space (place, country, etc.) and time in which it is preferable for the target identity to be active, based on the behavioral history and characteristic expression information of the target identity. In this case, the avatar provision control unit 423 may perform the determination not only for the identity as an avatar, but also for the identity as a real user. As an example, when the target identity is an AI avatar performing entertainment activities in the metaverse, the avatar provision control unit 423 may determine the activity location and activity time of the target identity based on the number of fans mobilized and the state of the fan's reaction indicated by the behavior history of the target identity, the personality setting (character setting) of the target identity as an entertainer indicated by the characteristic expression information of the target identity, and the like.
  • the avatar provision control unit 423 may propose the determined activity location and activity time for the target identity that is an AI avatar. Alternatively, the avatar provision control unit 423 may control the target identity to be active according to the determined activity location and activity time. In addition, such determination of the activity location and activity time may be performed for multiple identities performing entertainment activities in a group, for example. By having the identity act according to the determined activity location and activity time, it becomes possible to mobilize many spectators to a live performance or to find a new meaningful activity location.
  • a person may change the characteristics and personality they express depending on the person they are communicating with.
  • a person may change the characteristics and personality they express when communicating with a friend and when communicating with a business partner.
  • the characteristics presented to the other person with whom one is communicating may be changed to correspond to the identity of the person.
  • the control of changing the characteristics of the target identity according to the identity as a communication partner is performed, for example, by the characteristic word processing unit 426 referring to the characteristic expression information and behavior history of the identity as a communication partner in the metaverse.
  • the characteristic word processing unit 426 determines the characteristics to be expressed by the target identity according to the content of the characteristic expression information and behavior history of the identity as a communication partner that has been referred to. The determination of such characteristics may use a learned model that has learned characteristics suitable for the characteristic expression information and behavior history of the identity as a communication partner.
  • the characteristic word processing unit 426 generates characteristic expression information (adaptive characteristic expression information) that expresses the determined characteristics using the characteristic expression information originally possessed by the target identity.
  • the avatar provision control unit 423 may control the avatar as the target identity to act, speak, etc. according to the characteristics indicated by the generated adaptive characteristic expression information. Note that changing the characteristics of the identity using such adaptive characteristic expression information may also be applied to communication between real users.
  • the characteristic word processing unit 426 may refer to the characteristic expression information and behavioral history of the communication partner as a real user, determine the characteristics that the target real user should express, and suggest to the target real user how to behave in accordance with the determined characteristics.
  • the credentials wallet WL as shown in FIG. 31, it is also easy to arbitrarily associate the credentials with the identity (real user, avatar) corresponding to the end user. As a result, for example, the credentials assigned to each identity corresponding to an end user can be shared and used between identities.
  • an example is given in which an identity (real user, avatar) exists corresponding to one end user.
  • avatars that can be associated with multiple specific or unspecified end users may exist.
  • the avatar provision control unit 423 may be configured to be able to act spontaneously in response to all or some of the many end users.
  • the avatar provision control unit 423 in this case may be configured to be able to make the avatar act in response to the operation of the avatar performed based on the consensus of the many end users or the operation of the avatar by some of the end users.
  • a credential information wallet WL storing credential information of multiple real users corresponding to multiple end users and credential information of a predetermined number of avatars may be made manageable corresponding to multiple end users.
  • the end user is not limited to an individual, but may be, for example, an organization or group such as a company or an organization.
  • the identity management system 1A of this embodiment is not limited to the configuration shown in the above embodiment.
  • a specific functional unit in the identity management device 400A shown in FIG. 21 may be provided in the end user terminal 300.
  • the end user terminal 300 by providing the end user terminal 300 with functions such as a wallet management unit 425 and a wallet management information storage unit 435 related to the credential information wallet WL, the end user terminal 300 can collectively manage the credential information of the corresponding end user.
  • a program for realizing the functions of the above-mentioned avatar generation system 100, end user terminal 300, identity management device 400A, service providing system 510, VC issuing system 600, and DPKI system 700 may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read into a computer system and executed to perform processing as the above-mentioned avatar generation system 100, end user terminal 300, identity management device 400A, service providing system 510, VC issuing system 600, and DPKI system 700.
  • “reading a program recorded on a recording medium into a computer system and executing it” includes installing a program into a computer system.
  • the "computer system” here includes hardware such as an OS and peripheral devices.
  • the “computer system” may also include multiple computer devices connected via a network including communication lines such as the Internet, WAN, LAN, and dedicated lines.
  • the term "computer-readable recording medium” refers to portable media such as a flexible disk, an optical magnetic disk, a ROM, a CD-ROM, and the like, and storage devices such as an HDD and an SSD built into a computer system.
  • the recording medium storing the program may be a non-transient recording medium such as a CD-ROM.
  • the recording medium also includes a recording medium provided inside or outside the computer system that can be accessed by the distribution server in order to distribute the program.
  • the code of the program stored in the recording medium of the distribution server may be different from the code of the program in a format executable by the terminal device.
  • the format in which the program is stored in the distribution server does not matter as long as the program can be downloaded from the distribution server and installed in a format executable by the terminal device.
  • the program may be divided into multiple parts, downloaded at different times, and then combined in the terminal device, or the divided programs may be distributed by different distribution servers.
  • the term "computer-readable recording medium” refers to a storage medium that holds the program for a certain period of time, such as a volatile memory (RAM) in a computer system that becomes a server or a client when the program is transmitted via a network.
  • the program may also be for implementing part of the above-mentioned functions.
  • the above-mentioned functions may be realized in combination with a program already recorded in the computer system, i.e., a differential file (differential program).
  • One aspect of this embodiment is an identity management system that includes a memory unit that stores identity individual information that corresponds to an identity as a real user existing in real space and an identity as an avatar that can exist in the metaverse and is individual corresponding to the identity, and a feature word processing unit that extracts feature words and identifies relationships between the feature words corresponding to the identity based on the content of the identity individual information stored in the memory unit, and generates feature word relationship information that indicates the identified relationships.
  • One aspect of this embodiment is the identity management system described in (1), in which the feature word processing unit may score the feature words based on the identity individual information when extracting the feature words.
  • One aspect of this embodiment is the identity management system described in (1) or (2), in which the feature word processing unit may generate feature word relationship display information that can visualize and present the relationships between feature words indicated by the feature word relationship information.
  • One aspect of this embodiment is the identity management system described in (3), in which the feature word processing unit may display the result of scoring the feature words in a predetermined manner in the feature word relationship display information.
  • One aspect of this embodiment is an identity management system according to any one of (1) to (4), in which the characteristic word processing unit may generate, for one identity, multiple pieces of characteristic word relationship information each corresponding to a different characteristic of the identity.
  • One aspect of this embodiment is an identity management system according to any one of (1) to (5), in which the feature word processing unit may generate integrated feature word relationship information by integrating multiple feature word relationship information.
  • One aspect of this embodiment is the identity management system described in (6), in which the feature word processing unit may generate the integrated feature word relationship information so as to reconstruct the integrated feature word relationship information using a portion of the feature word relationship information selected from the plurality of feature word relationship information used to generate the integrated feature word relationship information.
  • One aspect of this embodiment is the identity management system described in any one of (1) to (7), which may further include a matching unit that makes a determination regarding matching of multiple identities based on the similarity status of feature word relationship information corresponding to each of the multiple identities that are the subject of matching.
  • One aspect of this embodiment is the identity management system described in (8), in which the feature word processing unit may generate integrated feature word relationship information that integrates feature word relationship information for each identity matched by the matching unit.
  • One aspect of this embodiment is an identity management method in an identity management system, the identity management method including a feature word processing step in which a feature word processing unit extracts feature words and identifies relationships between feature words corresponding to identities based on the content of the identity individual information stored in a memory unit, the identity individual information corresponding to an identity as a real user existing in real space and an identity as an avatar that can exist in the metaverse, and generates feature word relationship information indicating the identified relationships.
  • One aspect of this embodiment is a program for causing a computer provided by an identity management system to function as a feature word processing unit that extracts feature words and identifies relationships between feature words in accordance with an identity based on the content of identity individual information stored in a memory unit, which corresponds to an identity as a real user existing in real space and an identity as an avatar that can exist in the metaverse, and which is individual in accordance with the identity, and generates feature word relationship information indicating the identified relationships.
  • One aspect of this embodiment is a non-volatile storage medium having recorded thereon a program for causing a computer provided by an identity management system to function as a feature word processing unit that extracts feature words and identifies relationships between feature words corresponding to an identity based on the content of identity individual information stored in a memory unit, which corresponds to an identity as a real user existing in real space and an identity as an avatar that can exist in the metaverse and is individual corresponding to the identity, and generates feature word relationship information indicating the identified relationships.
  • the qualifications associated with an identity can be managed efficiently, and the characteristics of the identity can be effectively utilized in the identity's activity space.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Computer Security & Cryptography (AREA)
  • Tourism & Hospitality (AREA)
  • Marketing (AREA)
  • Finance (AREA)
  • Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • General Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Primary Health Care (AREA)
  • Software Systems (AREA)
  • Educational Administration (AREA)
  • Multimedia (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
PCT/JP2024/023581 2023-06-29 2024-06-28 アイデンティティ管理システム、アイデンティティ管理方法、及びプログラム Ceased WO2025005264A1 (ja)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP2025530242A JPWO2025005264A1 (https=) 2023-06-29 2024-06-28
EP24832121.8A EP4738235A1 (en) 2023-06-29 2024-06-28 Identity management system, identity management method, and program
CN202480035478.XA CN121368779A (zh) 2023-06-29 2024-06-28 身份管理系统、身份管理方法及程序

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2023-107259 2023-06-29
JP2023107259 2023-06-29
JP2023-135662 2023-08-23
JP2023135662 2023-08-23

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US19/435,347 Continuation US20260127255A1 (en) 2023-06-29 2025-12-29 Identity management system, identity management method, and program

Publications (1)

Publication Number Publication Date
WO2025005264A1 true WO2025005264A1 (ja) 2025-01-02

Family

ID=93939169

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2024/023581 Ceased WO2025005264A1 (ja) 2023-06-29 2024-06-28 アイデンティティ管理システム、アイデンティティ管理方法、及びプログラム

Country Status (4)

Country Link
EP (1) EP4738235A1 (https=)
JP (1) JPWO2025005264A1 (https=)
CN (1) CN121368779A (https=)
WO (1) WO2025005264A1 (https=)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7845724B1 (ja) * 2025-03-06 2026-04-14 Humanity Vision合同会社 認証装置、認証方法、及び、認証プログラム

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012003635A (ja) * 2010-06-18 2012-01-05 Sony Corp 情報処理装置、情報処理方法及びプログラム
JP2012069080A (ja) * 2010-09-27 2012-04-05 Dainippon Printing Co Ltd 購入反映システム、サーバ、購入反映方法、プログラム、記憶媒体
JP2016153925A (ja) * 2013-06-20 2016-08-25 シャープ株式会社 サーバ装置、端末装置及び処理方法
JP2022117111A (ja) 2021-01-29 2022-08-10 グリー株式会社 コンピュータプログラム、方法、及び、サーバ
JP2022187424A (ja) * 2021-06-07 2022-12-19 株式会社ネクストシステム プログラム、情報管理システム及び情報管理方法
JP2023107259A (ja) 2022-01-23 2023-08-03 株式会社タム 着脱式看板
JP2023135662A (ja) 2022-03-15 2023-09-28 株式会社chaintope 情報処理システム、サーバ、及び情報処理方法

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012003635A (ja) * 2010-06-18 2012-01-05 Sony Corp 情報処理装置、情報処理方法及びプログラム
JP2012069080A (ja) * 2010-09-27 2012-04-05 Dainippon Printing Co Ltd 購入反映システム、サーバ、購入反映方法、プログラム、記憶媒体
JP2016153925A (ja) * 2013-06-20 2016-08-25 シャープ株式会社 サーバ装置、端末装置及び処理方法
JP2022117111A (ja) 2021-01-29 2022-08-10 グリー株式会社 コンピュータプログラム、方法、及び、サーバ
JP2022187424A (ja) * 2021-06-07 2022-12-19 株式会社ネクストシステム プログラム、情報管理システム及び情報管理方法
JP2023107259A (ja) 2022-01-23 2023-08-03 株式会社タム 着脱式看板
JP2023135662A (ja) 2022-03-15 2023-09-28 株式会社chaintope 情報処理システム、サーバ、及び情報処理方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7845724B1 (ja) * 2025-03-06 2026-04-14 Humanity Vision合同会社 認証装置、認証方法、及び、認証プログラム

Also Published As

Publication number Publication date
CN121368779A (zh) 2026-01-20
EP4738235A1 (en) 2026-05-06
JPWO2025005264A1 (https=) 2025-01-02

Similar Documents

Publication Publication Date Title
US20230055618A1 (en) Systems and Methods for Management of Token Interactions
US11907916B2 (en) Digital securitization, obfuscation, policy and commerce of event tickets
US12335395B2 (en) Artifact origination and content tokenization
Hammi et al. Non-fungible tokens: A review
Pisa et al. Blockchain and economic development: Hype vs. reality
Sas et al. Exploring trust in Bitcoin technology: a framework for HCI research
US20230086644A1 (en) Cryptographically Enabling Characteristic Assignment to Identities with Tokens, Token Validity Assessments and State Capture Processes
JP7568171B2 (ja) アバター管理システム、アバター管理方法、及びプログラム
WO2020047116A1 (en) Techniques for data access control utilizing blockchains
KR102048944B1 (ko) 블록체인 기반 프로젝트 수행 과정에서 획득되는 저작물의 저작권 관리 방법 및 시스템
Kim et al. Digital authentication system in avatar using did and sbt
KR102042796B1 (ko) 전문가에 의해 생성되는 프로젝트 결과물을 빅데이터 기반으로 관리하는 방법 및 시스템
EP4587986A1 (en) Systems and methods for token-based asset ownership
Jaferian et al. Blockchain potentials for the game industry: a review
EP4738235A1 (en) Identity management system, identity management method, and program
KR102128874B1 (ko) 전문가에 의해 생성되는 프로젝트 결과물을 기여도 정보를 바탕으로 관리하는 방법 및 시스템
US20250385807A1 (en) Systems and Methods for Performing Secure Transactions on Blockchain
KR102128875B1 (ko) 전문가에 의해 생성되는 프로젝트 결과물에 대한 수익을 기여도 정보를 바탕으로 분배하는 방법 및 시스템
Khokhariya et al. DAMBNFT: document authentication model through blockchain and non-fungible tokens
US12506611B2 (en) Systems and methods for green proof of stake consensus mechanisms
US20260127255A1 (en) Identity management system, identity management method, and program
Thomas et al. Gallery defender: Integration of blockchain technologies into a serious game for assessment: A guideline for further developments
Shamsi et al. A secure and efficient approach for issuing KYC token as COVID-19 health certificate based on stellar blockchain network
Okokpujie et al. A single-user electronic ticketing system using ERC-721 protocol for smart contracts
JP7770735B1 (ja) 情報提供システム、情報提供方法及び情報提供プログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24832121

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2025530242

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2025530242

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2024832121

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2024832121

Country of ref document: EP

Effective date: 20260129

ENP Entry into the national phase

Ref document number: 2024832121

Country of ref document: EP

Effective date: 20260129