JP2007004642A - Client server system and service method using the same - Google Patents

Abstract

【Task】
In consideration of a request for protection of personal information, a system is provided that eliminates the inconvenience of a user re-setting personal information as a new registrant and makes it easy to transfer a client device from an old device to a new device.
[Solution]
The present invention is a client server system comprising a server device and a plurality of client devices that receive service provision from the server device based on personal information associated with the device identification information by receiving authentication with the device identification information and password, The client device has means for acquiring a special password from the server device as a service and means for transmitting the acquired special password, and the server device has received the special password and the means for receiving the special password from the client device. In some cases, a system having means for providing a service without authenticating with the device identification information and a service method using the system are provided.
[Selection] Figure 1

Description

  The present invention relates to a client server system for providing a service based on personal information using a special password, and a service providing method using the system.

  In a client server system that provides a service using personal information from a server device to a client device, the service is provided to prevent personal information from being misused by others and improper transfer due to impersonation. Generally, a cookie or a password is used as a means for determining whether or not it is possible. Specifically, the server device communicated in the past based on the result of comparison / judgment between the client device and the server device, and the server device comparing and judging the information against the information held by itself. The server apparatus can receive the service only when it is confirmed that the client apparatus is a client apparatus and the entity related to the personal information is the same as the client apparatus user. By configuring, such misuse is prevented.

For example, Patent Document 1 discloses a system and method for performing electronic commerce while performing authentication using a cookie and a password.
Japanese translation of PCT publication No. 2003-508838

  By the way, when a user of a client device fails or becomes irreparably damaged or becomes obsolete, the user may change from an old client device used until then to a new client device (replacement, replacement, etc.). is there. In this case, the user of the client device is the same, but the client device is changed from the old one to the new one. In this case, when the user accesses the server device using the new client device, the new client device communicates with the server device for the first time, and the device identification information of the new client device is not associated with the personal information. For this reason, the server device recognizes the user as a new user who intends to receive the service for the first time. Therefore, if a user intends to continue to provide services using a new client device, the user needs to re-set personal information such as password, address, name, bank account number, etc. as a completely new registrant. There is.

  However, personal information such as a new password is not always re-set as a completely new registrant simply because the client device is replaced with a new one by failure or replacement even though the user is the same. The fact that the service cannot be continuously provided is troublesome for the user. However, if you make it possible to use services based on the personal information from other devices without re-setting any personal information such as passwords that were used when using the old device, the password is leaked. For example, a service is provided to a person who impersonates a genuine user from another device, and there is a problem in protecting personal information.

  Therefore, the problem to be solved by the present invention is that the user sets personal information such as a new password as a completely new registrant in consideration of the above personal information protection request when transferring client devices. It is an object to provide a system in consideration of convenience for the user, which eliminates the inconvenience of having to re-work and makes it easy to transfer from an old client device to a new client device.

  In order to solve the above-described problems, the present invention provides a service based on personal information associated with a server device and device identification information and a password that uniquely identifies the server device and associated with the device identification information. A client server system comprising a plurality of client devices received from a server device, wherein the client device transmits a special password acquisition unit that acquires a special password from the server device as the service, and the acquired special password A special password transmission unit, and the server device receives the special password from the client device, and when receiving the special password, the server device does not authenticate with the device identification information. To provide services based on personal information We provide a service method using the client-server system and the same system and a service providing unit.

  In accordance with the present invention, a special password is used when transferring a client device, so that the user can receive personal information such as a new password as a completely new registrant in consideration of the request for protection of personal information as described above. It is possible to eliminate the complication of having to reset the setting, and to easily transfer from the old client device to the new client device, and to provide a system in consideration of convenience for the user.

  Examples of the present invention will be described below. The relationship between the embodiments and the claims of the claims is as follows.

  Example 1 Mainly relates to claims 1 and 7.

  Second Embodiment Mainly relates to claims 2 and 8.

  Third Embodiment Mainly relates to claims 3 and 9.

  [Embodiment 4] Mainly related to claims 4 and 10.

  Embodiment 5: Mainly related to claims 5 and 11.

  Example 6: Mainly related to claim 6 and the like.

  In addition, this invention is not limited to these Examples at all, and can be implemented in various modes without departing from the gist thereof.

  <Overview>

  The client server system of the present embodiment is a client server system that includes a server device and a plurality of client devices, and provides a service based on personal information associated with the device identification information of the client device using a special password. Thus, when the server device receives the special password from the client device, the server device performs the service without authenticating with the device identification information of the client device.

  <Configuration>

  FIG. 1 is a diagram illustrating an example of functional blocks of the client server system according to the present embodiment. Each unit, which is a component of the present invention, is configured by either hardware, software, or both hardware and software. For example, as an example for realizing these, when a computer is used, hardware composed of a CPU, a memory, a bus, an interface, peripheral devices, and the like, and software executable on these hardware are listed. Can do.

  Specifically, the functions of the respective units are realized by sequentially executing the programs developed on the memory, by processing, storing, and outputting data on the memory and data input through the interface.

  In the figure, a “client server system” 0100 according to the present embodiment includes a “server device” 0120 and a plurality of “client devices” 0110.

  Each of the plurality of “client devices” includes a “special password acquisition unit” 0111 and a “special password transmission unit” 0112. The “client device” receives the device identification information uniquely identifying itself and the authentication by the password from the server device, so that the server device receives a service based on the personal information associated with the device identification information. Is. The “device identification information” may be, for example, the device manufacturing number of the client device, or may be attached separately from the device manufacturing number, as long as it is identification information uniquely (as unique) attached to each device. It may be a thing. In either case, the device identification information may be unique in the world, or may be unique only within the scope of a server constituting the network including the device. Further, it is desirable that the device identification information has a structure in which the contents are not easily seen from the outside, that is, a structure held in the tamper-resistant region.

  Here, a configuration related to provision of a service based on personal information in the client server system of the present embodiment including a server device and a plurality of client devices will be described.

  FIG. 2 is a diagram illustrating an example of functional blocks related to a function for performing a service based on personal information in the client server system of the present embodiment. In the figure, a “client server system” 0200 of the present embodiment includes a “server device” 0220 and a plurality of “client devices” 0210. Among these, each of the plurality of “client devices” includes “device identification information holding unit” 0211, “cookie holding unit” 0212, “password information input unit” 0213, “control unit” 0214, and “client device” Communication section ”0215. Note that the cookie holding unit may not be provided (the functions related to the following cookies may not be provided in the same manner). The “device identification information holding unit” is configured to hold device identification information that is identification information unique to the client device. The “cookie holding unit” is configured to hold a cookie that is information indicating whether the server apparatus has communicated with the server in the past. The “password information input unit” is for inputting password information to be sent to the server device. In addition, the “control unit” performs control (here, processing necessary for the client device to receive service from the server device, for example, device identification information held in the device identification information holding unit) Widely including sending the cookie to the server device, sending the password information input by the password information input unit to the server device, etc.). Furthermore, the “client device communication unit” is for exchanging information with the server device, and is configured to enable communication with the server device.

  On the other hand, the “server device” includes “server device communication unit” 0221, “information acquisition registration unit” 0222, “device identification information comparison unit” 0223, “cookie determination unit” 0224, and “password information comparison unit”. 0225 and “service providing unit” 0226, and the service providing unit includes “normal service providing unit” 0227. The “server device communication unit” is for exchanging information with the client device. Specifically, the server device communication unit is configured to enable communication with the client device. Thereby, the above-described device identification information and password information can be received and cookies can be transmitted and received. Also, the server device can provide a service to the client device. The “information acquisition and registration unit” is configured to register information (device identification information, password information, etc.) sent from the client device as client device information in units of client devices so that services can be provided to the client device. Has been. The “device identification information comparison unit” is configured to compare the device identification information transmitted when the client device is about to receive a service with the device identification information stored in the information acquisition registration unit. The “cookie determination unit” is configured to determine whether an appropriate cookie has been acquired from the client device when the client device is to receive a service. The “password information comparison unit” is configured to compare the password information transmitted when the client apparatus is about to receive a service with the password information stored in the information acquisition registration unit. This comparison is a comparison of whether or not the password information sent from the client device matches the password information stored in the information acquisition / registration unit. In addition, the “normal service providing means” of the “service providing unit” is a service based on personal information (for example, bank deposit) when the comparison / determination results in the respective units match or are appropriate. An online shopping service using automatic debit from an account, automatic payment by credit card, etc. For convenience, it is configured to provide “normal service” hereinafter).

  With the above configuration, the server device provides a service to the client device only when the client device is authentic and the identity of the subject relating to the personal information and the subject that is the user of the client device can be confirmed. In the provision of a service based on such personal information, it is possible to prevent personal information from being misused by others or improper transfer due to impersonation.

  Next, in order to enable a user to easily transfer from an old client device (hereinafter referred to as “old device”) to a new client device (hereinafter referred to as “new device”), in the client server system of the present embodiment, In FIG. 1, the “special password acquisition unit” is configured to acquire a special password from the server device as the service.

  “Special password” is a subordinate concept of “password”, which is a number string, code string, etc. used to prevent leakage of personal information, but here it is easy to transfer from the old device to the new device. It is used for. In other words, when the user of the client device changes from the old device to the new device, a special password is issued in advance from the server device using the old device, and this is transmitted from the new device to the server device. Thus, the server device can confirm the identity of the user, and this is a password used for the purpose of eliminating the complexity of setting the personal information such as a new password by the user. Accordingly, the purpose of use is different from the password used for the client device to receive the provision of the normal service based on the personal information from the server device (for the sake of convenience, hereinafter referred to as “normal password”).

  Here, the significance of using the special password will be described. When a user who has received a service based on personal information from a server device using a client device changes the client device from the old device to the new device, it must go through some new authentication and registration procedures. Even if the server device is suddenly accessed by transmitting the normal password used in the old device from the new device, it is usually not possible to receive the same service from the server device until now. This is a case where a client device that the server device has not communicated with in the past accesses the server device using a normal password previously used in another device (1). ) After a genuine user who had received services on the old device switched to the new device, except when accessing from the new device using the conventional normal password, (2) impersonated the authentic user This is because there is a case in which a person illegally accesses from another device using the normal password, so that the two cannot be distinguished. In other words, considering only the case (1), it is convenient for the user to continue the service for the new device based on the normal password used in the old device so far. However, in the case of (2), it is necessary not to perform such a service. Therefore, in order to pursue the convenience of (1) while avoiding erroneous service in the case of (2), whether the access is the above case (1) or (2) A mechanism to distinguish is essential. In that case, passwords are usually used repeatedly and need to be remembered for a long time, so they are often relatively simple (for example, only four digits). Even if the same password as the normal password used in the old device is sent (1), since the risk of leakage and unauthorized use by a third party and the possibility of coincidence cannot be eliminated Immediately determining that this is a high risk. Therefore, it is possible to distinguish between (1) and (2) by using another means that is unlikely to be illegally used by a third party due to leakage or coincidence instead of the normal password, and reliably (1) Only when it can be determined that this is the case, a special password for transfer is used as means for realizing a mechanism that can continue to provide services using a conventional normal password. Specifically, for example, when the user first applies for a transfer to the server device using the old device, a special password is issued from the server device to the old device. Then, the server device disconnects the device identification information of the old device that was previously associated with the personal information, and associates the personal information with the special password instead. Thereafter, the user uses the new device to access the server device, and the new password is transmitted from the new device to the server device. Since this special password is unlikely to be leaked or accidentally matched, if the special password sent from the new device matches that issued to the old device, the server device can access from the new device. Can recognize that the person is a genuine user. Therefore, in this case, there is no problem even if the server apparatus continues to provide services to the new apparatus without the user of the new apparatus newly setting a normal password as a new registrant.

  Of course, in order to make such a mechanism effective, it is indispensable that the special password itself is not likely to be leaked or accidentally matched. Therefore, it is desirable that this special password is more complicated than a normal password. For example, it is possible to conceive a number of digits or a complicated combination of numbers and symbols compared to a normal password, which usually consists of only four digits (such as “AB1397X96GTZ”). This is unlikely to cause a coincidence. In addition, this special password is used only for transfer, and is usually used only once in a very short period of time until the service can be provided with the new device, and then used after that. It is unlikely to leak to a third party. On the other hand, in view of the fact that the special password is usually used only once in a very short time, it can be said that there is no inconvenience for the user even if the special password is made complicated in this way.

  In the above description, the acquisition of the special password performed by the special password acquisition unit has been described for the case where the special password is issued by the server device. However, it is not essential to issue the password by the server device. The user mails a document describing the special password to the user of the client device based on the “device transfer notification” issued from the client device, and the user inputs the document to the client device using a keyboard or the like based on the description. The client device may input the special password.

  The “special password transmission unit” is for transmitting the acquired special password to the server device. For this transmission, for example, the special password is entered on the screen that prompts the user to enter the special password that is displayed when clicking the icon indicating “Transfer” in the question field asking “New registration or transfer” on the registration screen of the server device. This is done by sending

  Next, in FIG. 1, the “server device” includes a “special password receiving unit” 0121 and a “service providing unit” 0122.

  The “special password receiving unit” is for receiving a special password transmitted from the client device.

  The “service providing unit” is for providing a service based on personal information without authentication based on device identification information when the server device receives a special password from the client device. Here, the “service based on personal information” performed when the server device receives the special password typically refers to a service for associating the new device with the personal information for transfer from the old device to the new device. In addition, a service based on personal information (ordinary service) performed using the new device after the new device is associated with the personal information can also be included in the “service based on personal information”. Specific services in this case include, for example, online shopping services using automatic debit from the above bank deposit account and automatic payment by credit card, movie and music distribution services, pay broadcasting and pay wired Broadcasting services for broadcasting, providing services for living information such as weather forecasts and shopping information can be considered. In addition, for example, failure diagnosis of household electrical appliances in the home (for example, a service that receives information on the status of malfunctions of household electrical appliances, identifies failure contents according to this, and supports repairs), household electrical appliances in the home Services that provide appropriate control of equipment (for example, services that receive information on the cooler's set temperature conditions and provide necessary advice), services that provide educational programs (eg, services that provide English conversation lessons), Medical services (for example, services that provide necessary advice by performing home health examinations), electronic voting services (for example, services that send candidates for popularity ranking voting of songs and receive answer votes), programs for electronic devices Version upgrade service, e-mail service, telephone service such as videophone , Or database providing services (e.g., services that use the ASP), etc. are considered.

  Also, in exceptional cases, a special password was issued for the old device once on the premise of switching to the new device, but there are cases where the old device will continue to receive services for some reason. Conceivable. For example, because the user intends to replace with a new device, the process for transfer using the old device was once performed, but the replacement of the new device was canceled due to the user's change, etc. If you continue to receive normal service using the old device, or the old device is considered to have failed beyond repair, it will be replaced with the new device. Although it was done, it was later found that the old device could be repaired, so it may be possible to continue using the old device for normal service. In this case, as a general rule, the association between the old device and the personal information is temporarily disconnected as will be described later, but in that case, a process for recovering the association between the old device and the personal information is required again. Such a process or a normal service performed using the old device again can be included in the “service based on personal information”.

  FIG. 3 is a conceptual diagram illustrating an example of a procedure for issuing, obtaining, and transmitting a special password performed between the old device, the new device, and the server device in order to realize the process for the transfer. Among these, FIG. 3A is a conceptual diagram showing an example of a procedure for issuing / obtaining a special password performed between the old apparatus and the server apparatus as the first stage. As shown in the figure, when the server device holds the device identification information of the old device and personal information such as a normal password in association with each other, when the user of the old device wants to transfer to the new device, (1) First, the old device issues a “device transfer notification” to the server device. This notification is performed by, for example, clicking on an icon for performing device transfer in the registration screen transmitted from the server device in advance. In the communication from the old device to the server device, the old device transmits its own device identification information to the server device. In this case, the old device transmits its device identification information and the “device transfer notification” associated therewith to the server device. In addition to this, the old device may send a cookie, which is information indicating whether the server device has communicated with the server device in the past, to the server device. (2) Next, in response to this, the server device inputs the normal password (herein, the normal password used when the user used the old device to receive services) to the old device. Information prompting is sent. At that time, in order to increase security, the information may be urged to input the user's member ID and the like together. (3) In response to this, the old device returns a normal password (or a member ID or the like in addition to this) to the server device. The transmission order of the “device transfer notification”, the device identification information, the normal password, and the like described above does not matter. (4) Based on the device identification information transmitted in (2), the server device collates whether or not the transmitted normal password or the like matches the registered normal password or the like. (5) If the collation results match, the server device transmits a special password to the old device. (6) Further, the server device holds the special password and personal information such as the password in association with each other. At this time, the association between the device identification information of the old device and the personal information is disconnected at this stage. This is because the device identification information of the old device is not used thereafter in principle, and it is not necessary to maintain such association. In addition, if the old device is released from the user's hand to a third party before the device identification information of the new device is associated with the personal information, the personal information is exposed from the device identification information of the old device. This is to prevent leakage and the risk of misuse by a third party. Therefore, from this point of view, it is desirable that the association between the device identification information of the old device and the personal information is cut off as soon as possible after the special password is issued from the server device. However, it is not essential to disconnect the association between the device identification information of the old device and the personal information at this stage, and it may be disconnected when associating the device identification information of the new device described later with the personal information. In such an exceptional case, when the old device is used to issue a special password and then the service is provided again using the old device, the configuration of the old device Since the device identification information and the personal information are still associated with each other, there is a merit that a process of re-associating the device identification information and the personal information of the old device once disconnected is unnecessary. However, in this case, there is still a risk of exposure / leakage of personal information when the above-mentioned old device leaves the user's hand and reaches the third party's hand. Therefore, when it is ensured that the user does not let go of the old device until the association between the old device and the personal information is disconnected and the association between the new device and the personal information is completed (for example, the new device is It is desirable that the device identification information and the personal information of the old device are always associated at this stage, except when the transfer process from the old device to the new device is performed at once.

  Next, FIG. 3B is a conceptual diagram showing an example of procedures such as transmission of a special password for associating the new device with the personal information performed between the new device and the server device as the second stage thereafter. is there. In this case, the server device holds the special password and the personal information in association with each other as described above. When the user performs a transfer using the new device, (1) First, the new device accesses the server device, and at that occasion, the new device transmits its own device identification information to the server device. (2) Next, the new device transmits the special password acquired in the first stage described above to the server device. The transmission is performed by, for example, inputting the special password on a screen prompting the user to input a special password that is displayed by clicking the icon indicating “transfer” in the question column of “new registration or transfer” on the registration screen of the server device. This is done by sending At that time, in order to enhance security, the user's member ID may be transmitted together with the special password. Further, the server device may transmit a cookie that is information indicating whether the server device has communicated with the server device in the past to the new device. (3) The server device checks whether the special password matches any of the special passwords held by the server device. Also, if the user's member ID etc. is sent together with the special password, it is also checked whether the transmitted member ID etc. matches the member ID etc. held in association with the special password. You may make it do. (4) When the above collation results match, the server device holds the personal information in association with the device identification information of the new device. As described above, the association between the device identification information of the old device and the personal information such as the normal password and the member ID may be disconnected at this stage. This completes the processing related to the association between the device identification information of the new device and the personal information by the exchange between the new device and the server device, and thereafter, the user of the new device is based on (or in accordance with) the device identification information. In addition, it is possible to receive service from the server device using personal information (based on the cookie judgment) using the normal password that was used when receiving the service using the old device. Become.

  FIG. 4 is a diagram illustrating an example of a system configuration viewed from the hardware viewpoint of the server device of the client server system. In the figure, a CPU 0401, a main memory 0402, a memory 0403, a communication interface 0404, and an I / O 0405 are connected to a bus line 0406. In the memory, device identification information 0407 to which a “device transfer notification” is sent from a client device (typically an old device) and a normal password 0408 sent from the device are stored. In addition to this, history information on sending cookies to the apparatus may be stored. A special password 0409 sent from the client device (typically a new device) is also stored. Note that these pieces of information may be stored in an external storage device such as an HDD. The main memory compares the device identification information stored in the memory and the like with the device identification information transmitted from the client device and acquired by the server device using the interface and I / O, and is stored in the memory. The password sent by the electronic device and the password obtained by the server device using the interface and I / O (or in addition to this, the judgment of the cookie in light of the history information of the cookie transmission stored in the memory etc.) And a control program for executing processing according to these results is developed. This program is, for example, a processing list table 0410 based on each comparison / determination result. Specifically, for example, a result of A is a result that when a device transfer notification is sent from a client device (typically an old device), it matches the device identification information held in advance by the device, and Program 1 Is a program that issues a special password to the device and commands to disconnect the association between the device identification information and the personal information. Alternatively, the result B is a result that when the special password is sent from the client device (typically a new device), the result matches the special password held in advance, and Program 2 is sent from the device. This is a program for instructing the association between the device identification information and the personal information. Then, processing according to the control program developed in the main memory by the CPU is executed.

  FIG. 5 is a diagram illustrating an example of a system configuration from the viewpoint of hardware of one of a plurality of client apparatuses of the client server system. In the figure, a CPU 0501, a main memory 0502, a memory 0503, a communication interface 0504, and an I / O 0505 are connected to a bus line 0506. In the memory, device identification information 0507 of the client device itself and a normal password 0508 are stored in advance. In addition, cookies may be stored. A special password 0509 issued from the server device is also stored. Note that these pieces of information may be stored in an external storage device such as an HDD. Also, these pieces of information are transmitted and received between the server apparatus using an interface and I / O.

  As is apparent from the above description, in the system configuration of the server device of this example, the device identification information of the client device, the cookie, the normal password, and the special password received by the server device are received via the communication interface. The received information is stored in a memory or the like. Processing execution for issuing services such as issuing special passwords to client devices and associating device identification information of client devices with personal information is performed by the CPU using a memory or the like.

  <Process flow>

  FIG. 6 is a diagram illustrating an example of a processing flow in the client server system of the present embodiment.

  First, in the special password acquisition step S0601, the client server system acquires the special password sent from the server device at the client device. Prior to this step, the client device issues a “device transfer notification” to the server device, the client device transmits its own device identification information to the server device, and the client device transmits to the server device. A step of sending a cookie, a step of sending information prompting the client device to input a normal password (or member ID, etc.) from the server device, a normal password (or member in addition to this) from the client device to the server device ID etc.) to the server device, the server device collating whether or not the normal password transmitted from the client device matches the registered normal password or the like, or when the collation result matches The server device has a special path to the client device Over de may be one of at least one of sending to take. If there is a step of issuing the above-mentioned “device transfer notification”, a step of transmitting device identification information, a step of returning a normal password (or member ID, etc.) to the server device, etc. The processing order does not matter.

  Next, in the special password transmission / reception step S0602, the client server system transmits the special password acquired in the special password acquisition step from the client device to the server device, and the server device receives the special password. In addition, the client device transmits its own device identification information to the server device at a communication opportunity for transmitting the special password from the client device to the server device. The user's member ID and the like may be transmitted together with the special password.

  Further, in the service providing step S0603, when the client server system receives the special password, the client server system is based on the personal information associated with the device identification information without authenticating with the device identification information uniquely identifying itself. Provide service. Prior to this step, the server device sends a cookie to the client device, the server device checks whether the special password matches one of the special passwords held by the server device, the special device When the user's member ID and the like are transmitted together with the password, at least one of the steps of checking whether the transmitted member ID or the like matches the member ID or the like held in association with the special password There may be. Further, when the server device provides a service based on personal information because the above collation results match, processing for associating the personal information with the device identification information of the new device is performed prior to this.

  <Effect>

  According to the client server system of the present embodiment, it is possible to easily change the client device from the old device to the new device using a special password. This eliminates the trouble that the user needs to reset personal information such as a new password as a completely new registrant, and is convenient for the user after considering the protection of personal information. It is possible to provide a system that considers

  <Overview>

  The client server system of the present embodiment is a client server system for providing a service based on personal information using a special password similar to that of the first embodiment, but the service using the special password provided by the server device Is characterized in that it is a service for associating personal information associated with device identification information with new device identification information.

  <Configuration>

  FIG. 7 is a diagram illustrating an example of functional blocks of the client server system according to the present embodiment. In the drawing, a “client server system” 0700 of this embodiment is composed of a “server device” 0720 and a plurality of “client devices” 0710. Among these, the “client device” includes “device identification information holding unit” 0711, “cookie holding unit” 0712, “password information input unit” 0713, “control unit” 0714, and “special password acquisition unit” 0715. And “Special Password Sending Unit” 0716 and “Client Device Communication Unit” 0717. The configuration of each unit of the client device is the same as the configuration of each unit described with reference to FIG. 2 for the client device of the client server system of the first embodiment.

  On the other hand, the “server device” includes “server device communication unit” 0721, “special password reception unit” 0722, “information acquisition registration unit” 0723, “device identification information comparison unit” 0724, and “cookie determination unit”. 0725, “password information comparison unit” 0726, and “service providing unit” 0727. The “special password receiving unit” includes a “special password authentication unit” 0728, and the “service providing unit” includes a “personal information association changing unit” 0729. “The special password authentication means determines whether or not the special password transmitted from the client device is already transmitted from the old device and matches the special password that is held. The “personal information association changing unit” receives information indicating that the special password has been authenticated from the special password authentication unit. The personal information already associated with the client device (old device) is newly sent from the client device (typically the new device) without authenticating with the device identification information of the old device. A service associated with the device identification information is provided.

  A specific example of the above will be described with reference to FIG. The device identification information “789” of the device is transmitted from the client device (typically a new device) to the personal information association changing means of the server device. On the other hand, the special password “AB1397X96GTZ” is transmitted from the client device to the special password authentication means of the server device. The special password authentication means determines whether or not the special password “AB1397X96GTZ” matches the special password issued to the client device (old device). Based on this, it authenticates that the device identification information of the new apparatus and personal information may be associated, and sends information to that effect to the personal information association changing means. In response to this, the personal information association changing means disconnects the association of the personal information “yamada.txt” that has been associated with the device identification information “123” of the old device, and newly creates the personal information “yamada.txt”. Is associated with the newly transmitted device identification information “789”.

  As described above, the service using the special password provided by the service providing unit of the server device (specifically, the personal information association changing unit) is configured to use the personal information already associated with the device identification information of the old device. This service associates with new device identification information without authenticating with the device identification information of the old device. In this case, as in the case of the client server system of the first embodiment, the association between the device identification information of the old device and the personal information is disconnected when the server device sends the special password to the old device in principle, and the special password is once set. And personal information are stored in association with each other. Therefore, the “service for associating personal information associated with device identification information with new device identification information” here typically refers to personal information associated with a special password after a predetermined collation. Means a service associated with the device identification information of the new device without authenticating with the device identification information of the old device. However, it is not essential that the association of the personal information with the device identification information of the old device is terminated, and the personal information is also associated with the device identification information of the old device, and the old device The device identification information and the personal information may be disconnected. Further, it is desirable that the server device receives the device identification information of the new device in association with the special password. Because, this makes it easy to smoothly provide a service for associating device identification information of the new device with personal information when the special password matches the special password set with the old device. It is.

  The above configuration eliminates the inconvenience that the user needs to set a new password as a completely new registrant after considering the protection of personal information when switching from the old device to the new device. However, the object is to make this easy.

  Since the rest of the configuration is the same as the configuration of the client server system in the first embodiment, a description thereof will be omitted.

  <Effect>

  According to the client server system of the present embodiment, it is possible to easily change the client device from the old device to the new device using a special password. This eliminates the trouble that the user needs to reset personal information such as a new password as a completely new registrant, and is convenient for the user after considering the protection of personal information. It is possible to provide a system that considers

  <Overview>

  The client server system of the present embodiment is a client server system for providing a service based on personal information using a special password similar to that of the first embodiment or the second embodiment. It is characterized in that it is configured to transmit device identification information that uniquely identifies itself in association.

  <Configuration>

  FIG. 8 is a diagram illustrating an example of functional blocks of the client server system according to the present embodiment. In the drawing, a “client server system” 0800 of the present embodiment includes a “server device” 0820 and a plurality of “client devices” 0810. Among these, the “client device” includes “device identification information holding unit” 0811, “cookie holding unit” 0812, “password information input unit” 0813, “control unit” 0814, and “special password acquisition unit” 0815. A “special password / device identification information associating unit” 0818, a “special password transmission unit” 0816, and a “client device communication unit” 0817. The “server device” includes a “server device communication unit” 0821, a “special password reception unit” 0822, an “information acquisition registration unit” 0823, an “apparatus identification information comparison unit” 0824, and a “cookie determination unit” 0825. , “Password information comparison unit” 0826 and “service provision unit” 0827. In addition, the “special password receiving unit” includes “special password authentication unit” 0828, and the “service providing unit” includes “personal information association changing unit” 0829. Further, the service using the special password provided by the server device of the client server system according to the present embodiment may be a service that associates personal information associated with the device identification information with new device identification information.

  The “special password / device identification information associating unit” of the client device is configured to associate the special password with device identification information that uniquely identifies itself. The special password transmission unit is configured to transmit the device identification information associated with the special password / device identification information association unit together with the special password acquired by the special password acquisition unit. This is because the server device that has acquired the device identification information collates whether the special password matches one of the special passwords held by itself, and the collation result matches. The server device holds the device identification information transmitted together with the special password in association with the personal information already held by the server device itself, so that the client device (typically a new device) can be used thereafter. The service based on the device identification information is set again with the personal information such as the normal password that was used when the user provided the service using the client device (typically the old device) that the user used before. The object is to enable provision by a simple transfer without re-working. Accordingly, the client device here is typically a new device in mind, but the client device may be an old device. As an example of the latter, when a special password is issued for an old device once, but it continues to receive normal services using the old device for some reason, in order to obtain authentication to continue receiving such services. For example, the old device may transmit its device identification information in association with a special password.

  Since the rest of the configuration is the same as that of the client server system of the first or second embodiment, the description thereof is omitted.

  <Effect>

  According to the client server system of the present embodiment, the old device can transmit the device identification information and the special password in association with each other, so that the client device can be easily transferred from the old device to the new device. This eliminates the trouble that the user needs to reset personal information such as a new password as a completely new registrant, and is convenient for the user after considering the protection of personal information. It is possible to provide a system that considers

  <Overview>

  The client server system of the present embodiment is a client server system for providing a service based on personal information using the same special password as that of the third embodiment. It is characterized in that it is a service that associates personal information associated with identification information with device identification information received in association with the special password.

  <Configuration>

FIG. 9 is a diagram illustrating an example of functional blocks of the client server system according to the present embodiment. In the drawing, a “client server system” 0900 of the present embodiment includes a “server device” 0920 and a plurality of “client devices” 0910. Among these, the “client device” includes “device identification information holding unit” 0911, “cookie holding unit” 0912, “password information input unit” 0913, “control unit” 0914, and “special password acquisition unit” 0915. And a “special password / device identification information associating unit” 0918, a “special password transmission unit” 0916, and a “client device communication unit” 0917. “Server device” includes “Server device communication unit” 0921, “Special password reception unit” 0922, “Information acquisition registration unit” 0923, “Device identification information comparison unit” 0924, and “Cookie judgment unit” 0925. , “Password information comparison unit” 0926 and “service providing unit” 0927. In addition, the “special password receiving unit” includes “special password authentication unit” 0929, and the “service providing unit” includes “personal information association changing unit” 0929. Further, the service using the special password provided by the server device of the client server system according to the present embodiment may be a service that associates personal information associated with the device identification information with new device identification information.

  Then, the “personal information association changing unit” of the service providing unit of the server device is configured so that the personal password already associated with the client device (old device) when the special password authenticating unit sends information indicating that the special password has been authenticated. When providing a service for associating information with device identification information newly transmitted from a client device (typically a new device) to the client device without authenticating the information with the device identification information of the old device, Is performed as a service for associating personal information already associated with the device identification information with the device identification information received in association with the special password. This facilitates the provision of the service described in the second embodiment in which the device identification information of the new device is associated with the personal information when the special password matches the special password set with the old device. This is a thorough effort to make the process easier.

  Since the rest of the configuration is the same as the configuration of the client server system in the third embodiment, description thereof is omitted.

  <Effect>

  With the client server system of this embodiment, the server device receives the special password transmitted from the new device in association with the device identification information of the client device, and performs the service for associating the personal information with the device identification information. It becomes possible to easily transfer from the old device to the new device. This eliminates the trouble that the user needs to reset personal information such as a new password as a completely new registrant, and is convenient for the user after considering the protection of personal information. It is possible to provide a system that considers

  <Overview>

  The client server system of the present embodiment includes a service for deleting personal information already associated with the device identification information in the service to be performed.

  <Configuration>

  FIG. 10 is a diagram illustrating an example of functional blocks of the client server system according to the present embodiment. In the drawing, a “client server system” 1000 according to this embodiment includes a “server device” 1020 and a plurality of “client devices” 1010. Among these, the “client device” includes “device identification information holding unit” 1011, “cookie holding unit” 1012, “password information input unit” 1013, “control unit” 1014, and “special password acquisition unit” 1015. And a “special password transmission unit” 1016 and a “client device communication unit” 1017. The “server device” includes a “server device communication unit” 1021, a “special password reception unit” 1022, an “information acquisition registration unit” 1023, a “device identification information comparison unit” 1024, and a “cookie determination unit” 1025. , “Password information comparison unit” 1026 and “service provision unit” 1027. The “special password receiving unit” includes a “special password authentication unit” 1028, and the “service providing unit” includes a “personal information association changing unit” 1029 and an “erasing unit” 1030. In addition, the client device has the “special password / device identification information associating unit” 1018 and information indicating that the “personal information association changing unit” of the service providing unit of the server device has authenticated the special password from the special password authenticating unit. The personal information that was already associated with the client device (old device) when it was sent was sent from the client device (typically the new device) without authenticating with the device identification information of the old device. When performing a service for associating with device identification information, the service may be configured as a service for associating personal information already associated with device identification information with the device identification information received in association with the special password.

  The “erasing unit” is configured to provide a service for erasing personal information already associated with the device identification information. That is, the client server system of the present embodiment includes a service for deleting personal information associated with the device identification information in the service performed.

  This is because it is no longer necessary to leave the personal information in the old device after the association between the personal information and the device identification information of the old device is broken and the personal information is associated with the device identification information of the new device. Nevertheless, the purpose is to prevent leakage of the information by leaving such information.

  For example, when the client apparatus is discarded, the erasure is performed by transmitting information including a command for erasing the personal information from the server apparatus to the client apparatus prior to the disposal. Or, when the client device is rented, the personal information of the old user is deleted based on the same information from the server device before being rented to a new user after being collected by a rental agent or the like Is also possible.

  The rest of the configuration is the same as the configuration of the client server system according to the second or fourth embodiment, and a description thereof will be omitted.

  <Effect>

  With the client server system of this embodiment, it is possible to prevent the risk of leakage of personal information when transferring from an old device to a new device using a special password.

  <Overview>

  The client server system of the present embodiment is a client server system similar to any one of the first to fifth embodiments, but is characterized in that the number of digits of the special password is larger than the number of digits of the password. is there.

  <Configuration>

  The “client server system” of this embodiment includes a “server device” and a plurality of “client devices”. The client device includes a “special password acquisition unit” and a “special password transmission unit”. At this time, the service using the special password provided by the service providing unit of the server device may be a service for associating personal information associated with the device identification information with new device identification information. The client device may be configured to transmit device identification information that uniquely identifies itself in association with the special password. The service using the special password may be a service that associates personal information associated with the device identification information with the device identification information received in association with the special password. Furthermore, the service performed by the client server system may include a service for deleting personal information associated with the device identification information.

  A special password used for providing such a service has a number of digits larger than that of a normal password. Specifically, for example, it is possible to increase the number of digits compared to a normal password, which usually consists of only four digits, or to combine numbers and symbols in a complicated manner (such as “AB1397X96GTZ”). . This is to make the special password more complex than the normal password so that the special password itself cannot be leaked or accidentally matched. The purpose is to effectively transfer to. On the other hand, this special password is used only for transfer, and is usually used only once in a very short time until the service can be provided with the new device, and then used after that. Therefore, even if the special password is complicated as described above, it can be said that there is no inconvenience for the user.

  <Effect>

  With the client server system of this embodiment, it is possible to eliminate the possibility of special password leakage or coincidence, and to safely construct a mechanism for switching from the old device to the new device using the special password.

The figure which shows an example of the functional block of the client server system of Example 1. FIG. The figure which shows an example of the functional block of the client server system of Example 1. FIG. The figure which shows an example of the process execution point in the client server system of Example 1. The figure which shows an example of the system configuration | structure of the client server system of Example 1. FIG. The figure which shows an example of the system configuration | structure of the client server system of Example 1. FIG. The figure which shows an example of the flow of a process in the client server system of Example 1. The figure which shows an example of the functional block of the client server system of Example 2. The figure which shows an example of the functional block of the client server system of Example 3. The figure which shows an example of the functional block of the client server system of Example 4. The figure which shows an example of the functional block of the client server system of Example 5.

Explanation of symbols

0100 Client server system 0110 Client device 0111 Special password acquisition unit 0112 Special password transmission unit 0120 Server device 0121 Special password reception unit 0122 Service provision unit

Claims (11)

A server device;
A plurality of client devices that receive provision of services based on personal information associated with the device identification information by receiving authentication using device identification information and a password that uniquely identifies the device; and
A client-server system comprising:
The client device is
A special password acquisition unit that acquires a special password from the server device as the service;
A special password transmission unit for transmitting the acquired special password,
The server device
A special password receiver for receiving a special password from the client device;
A service providing unit for providing a service based on the personal information without authentication by the device identification information when the special password is received;
A client-server system. The service using the special password provided by the service providing unit of the server device is:
The client server system according to claim 1, which is a service for associating personal information already associated with device identification information with new device identification information.   The client server system according to claim 1, wherein the special password transmission unit of the client device transmits device identification information that uniquely identifies itself in association with the special password. The service using the special password provided by the service providing unit of the server device is:
4. The client server system according to claim 3, wherein the client server system is a service for associating personal information already associated with device identification information with device identification information received in association with the special password.   5. The client server system according to claim 2, wherein the service includes a service for deleting personal information already associated with the device identification information.   6. The client server system according to claim 1, wherein the number of digits of the special password is larger than the number of digits of the password. A server device and a plurality of client devices that receive service identification based on personal information associated with the device identification information by receiving authentication with device identification information and a password uniquely identifying the server device. A client service method using a client server system,
A special password acquisition step of acquiring the special password sent from the server device in the client device;
A special password transmission / reception step of transmitting the special password acquired in the special password acquisition step from the client device to the server device, and receiving the special password in the server device;
A service providing step of providing a service based on personal information associated with the device identification information without authenticating with the device identification information when the special password is received in the special password transmission and reception step;
A client service method comprising:   8. The client service method according to claim 7, wherein the service provided in the service providing step is a service for associating personal information already associated with device identification information with new device identification information.   The client service method according to claim 7 or 8, wherein, in the special password transmission / reception step, the client server system transmits device identification information uniquely identifying itself in association with the special password from the client device.   10. The service using the special password provided in the service providing step is a service that associates personal information already associated with the device identification information with the device identification information received in association with the special password. Client server system.   11. The client service method according to claim 8, wherein the service includes a service for deleting personal information already associated with device identification information.

Images