JP2010205055A - Data providing device, operation device, data processing device, operation system, control method of data providing device, control method of operation device, control method of data processing device, control program, and computer-readable recording medium recording the control program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform authentication without impairing the convenience for a user while securing security. <P>SOLUTION: A service providing device 400 includes: a user identification information generation processing unit 441 which generates user identification information for use in authentication processing performed at the time of access from a display processing device 200; an image data generation processing unit 436 which generates image data including the generated user identification information and transmits the generated image data to an operation device 300; and a log-in request reception processing unit 442 which receives a pair of the user identification information included in the generated image data and a terminal ID of the display processing device 200 from the display processing device 200, and uses the received pair of the user identification information and the terminal ID to perform authentication processing. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a data providing device that provides operation data for an operation device to operate a data processing device, a data processing device that executes processing according to the operation data, an operation device that transmits operation data to the data processing device, and the like. is there.

  In recent years, portable devices (such as mobile phones and digital cameras) that support high-speed infrared communication protocols such as IrSS (registered trademark) (hereinafter referred to as IrSS) have become widespread, and image data captured by the portable devices can be stored in the above-described manner. It is possible to directly transmit from a portable device to an operation target device such as various AV devices in the home (such as a TV and an HDD recorder) by short-range wireless communication. Thereby, for example, the portable device can be operated to store the image data in the HDD recorder, or to display the image data on the television.

  In addition, recently, it is possible to store command information for operating the operation target device in an EXIF area included in image data such as JPEG (Joint Photographic Experts Group) format. It can be used as operation data for operating the target device. Therefore, by transmitting the operation data to each operation target device from an operation device such as a portable device, the operation device can be used as a remote controller for each operation target device.

  For example, the operation data stored in the EXIF area as the command information is a set of a URL (Uniform Resource Locator) and a command for accessing the Web site specified by the URL. Suppose that it was sent to In this case, the television that has received the operation data displays content such as a Web site specified by the URL in accordance with the command information. In this way, the user can easily display desired content on the TV by transmitting operation data from the mobile device to the TV, thus realizing an operation system with high operability and convenience. It becomes possible to do.

  In the operation system described above, a use case is assumed in which only a user who is given a predetermined authority can view content. In this case, in order to authenticate that the user is an authorized user, it is generally performed that a user inputs information necessary for authentication such as a user ID and a password on a login screen, for example.

  For example, Patent Document 1 discloses a system in which a recording device can use various services via a network by remotely operating the recording device with a mobile phone. In this system, the mobile phone is authenticated by a user. By using this service, it is possible to limit the use of the service. More specifically, when the authentication with the mobile phone is successful, the user account is supplied to the mobile phone. The user can use the service on the recording device by registering the user account in the recording device using the remote controller of the recording device.

  Further, Patent Document 2 discloses a technique for authenticating a terminal device with a server device. Specifically, in order to make it possible to use a network service using a communication network in the terminal device, (1) the security information is transmitted from the server device to the portable electronic device via a communication network different from the communication network. (2) When there is a request from the terminal device, the security information is transmitted from the portable electronic device to the terminal device by short-range wireless communication. (3) Using the security information transmitted from the terminal device. A technique of performing authentication by a server device is disclosed. Further, Patent Document 2 discloses that a network service can be used by transmitting terminal device identification information from the terminal device to the server device and determining whether the terminal device can use the service at the server device. It is disclosed that security information is transmitted only to a terminal device. Further, it is disclosed that new security information is generated and transmitted to a portable electronic device each time a network service becomes available in a terminal device, thereby preventing the damage caused by the leakage of the security information.

JP 2005-202536 A (publication date: July 28, 2005) JP 2004-086544 A (publication date: March 18, 2004)

  When the technique of Patent Document 1 is applied to the use case of the operation system, the following problem occurs.

  In the above use case, the TV that has received the operation data from the mobile phone displays a login screen for confirming the authority of the user and displays the user ID and password before displaying the content. Will do. At this point, the user cannot browse the desired content. According to the technique of Patent Document 1, a user must manually register an account, a password, and the like supplied to a mobile phone using a television remote controller in order to view content.

  In other words, when viewing content with restricted access on the TV, the user transmits operation data to the TV using a mobile phone, and then uses the mobile phone as a TV remote control to register an account (password). There is a problem that it is forced to perform complicated operations. An account is an enumeration of symbols (letters and numbers), and it is difficult for the user to recognize, so an input error or a recognition error occurs. Each time, it becomes necessary to input the account again, and the user is forced to perform complicated operations. This also impairs the original advantage (convenience) of the operation system, in which the operation target device can be easily operated remotely simply by transmitting operation data from the portable device.

  In the technique of Patent Document 1, since the user account is supplied to the mobile phone as it is and displayed on the display unit of the mobile phone, it cannot be said that the user account is in a state of being securely transmitted on the communication path.

  Further, when the technique of Patent Document 2 is applied to a use case of the operation system, the following problem occurs.

  According to the technique of Patent Document 2, security information received by a mobile phone, which is a portable electronic device, is transmitted to a terminal device in advance for authentication, but the security information is a list of symbols (characters and numbers). , When there are multiple security information, it is difficult for the user to see which service each security information corresponds to, and which account it corresponds to, The original advantage (convenience) of the operation system is impaired.

  In addition, in order to transmit security information from a portable electronic device to a terminal device, it is necessary to make a request from the terminal device and to transmit from the portable electronic device to the terminal device, and only a one-way communication reception function such as IrSS Cannot be used with AV equipment equipped with Further, since the terminal device that permits transmission of security information is identified by the portable electronic device, it is necessary to register the terminal device in the portable electronic device in advance, and the user is forced to perform complicated operations.

  The present invention has been made in view of the above-mentioned problems, and its purpose is to enable authentication to the system while ensuring security without impairing user convenience. The object is to provide a data providing device, an operation device, a data processing device, an operation system, and the like.

  In order to solve the above-described problem, a data providing apparatus according to the present invention provides an operation apparatus that transmits the operation data to a data processing apparatus that executes a process according to operation data including process designation information that designates a process to be executed. On the other hand, it is a data providing device that provides the operation data, and an authentication information generating unit that generates authentication information for use in authentication processing performed by the device itself when accessed from the data processing device. And the operation data generating means for generating the operation data including the authentication information generated by the authentication information generating means and including the process specifying information specifying the authentication process, and the operation data generated by the operation data generating means From the data processing unit, the authentication information included in the operation data, and The authentication information / device information receiving means for receiving the first device information that can identify the data processing device, and the authentication information / device information receiving means received by the authentication information / device information receiving means It is characterized by comprising authentication information / device information inspection means for performing authentication processing.

  In addition, the control method of the data providing apparatus according to the present invention provides a data processing apparatus that executes processing according to operation data including process designation information that designates a process to be executed, to the operation apparatus that transmits the operation data. A method for controlling the data providing device for providing the operation data, wherein the authentication information generating step generates authentication information for use in authentication processing performed by the device itself when accessed from the data processing device. Including the authentication information generated in the authentication information generation step, the operation data generation step for generating the operation data including the process specification information specifying the authentication process, and the operation data generation step The operation data is included in the operation data from the operation data transmitting step for transmitting operation data to the operation device and the data processing device. Authentication information / device information receiving step for receiving the authentication information and first device information capable of identifying the data processing device, and the authentication information and the first device received in the authentication information / device information receiving step And an authentication information / device information inspection step for performing the above-described authentication processing using a set of information.

  According to said structure, the said authentication information can be produced | generated for every operating device. Further, it is possible to generate operation data including the generated authentication information and including process specifying information specifying the authentication process. The generated operation data can be transmitted to the operation device. Also, authentication information and first device information included in the operation data can be received from the data processing device. Also, authentication processing can be performed using the received set of authentication information and first device information.

  Therefore, when the operating device that has received the generated operation data transmits the received operation data to the data processing device, the data processing device that has received the operation data receives the authentication information and data included in the operation data. Using the first device information of the processing device, the data providing device can be made to perform an authentication process. Therefore, the user of the operating device that operates the data processing device does not need to input the authentication information directly, and simply performs a simple operation of transmitting the generated operation data to the data processing device. Authentication is possible.

  Furthermore, since the first device information of the data processing device can be used in performing the authentication processing, it is possible to prevent authentication information from being transmitted from an unauthorized data processing device, and to improve security. Can do.

  Therefore, there is an effect that it is possible to perform authentication when accessing the data providing apparatus without impairing the convenience of the user and maintaining a predetermined security level.

  Furthermore, the data providing apparatus according to the present invention associates the authentication information generated by the authentication information generating means with the first apparatus information and stores the authentication information / apparatus information storage unit in the authentication information / apparatus information storage unit of the own apparatus. The authentication information / device information inspecting means further includes a device information storage means, wherein the authentication information / device information receiving means receives the authentication information / device information receiving means, and the authentication information / device information storage unit. The authentication processing may be performed by checking whether or not the authentication information stored in FIG. 2 matches the first device information set.

  According to said structure, it is investigated whether the set of the received authentication information and 1st apparatus information and the set of the authentication information and 1st apparatus information memorize | stored in the authentication information / apparatus information storage part correspond. The authentication process can be performed by.

  Therefore, by checking whether or not the received authentication information matches that stored in advance, it is possible to check whether or not access is made using correct authentication information, and the received first device information is Since it is possible to perform terminal authentication of the data processing device by checking whether or not it matches what is stored in advance, access from an unauthorized data processing device can be prevented, and security can be improved. .

  Therefore, it is possible to perform authentication when accessing the data providing apparatus in a state where a predetermined security level is secured.

  Further, in the data providing apparatus according to the present invention, the authentication information generating means generates an electronic signature as the authentication information, and the authentication information / apparatus information checking means is the authentication information / apparatus information receiving means. Verifies the validity of the electronic signature as the authentication information received by the user, and the first device information received by the authentication information / device information receiving means, and the first device information stored in advance in the own device, The authentication processing may be performed by checking whether or not the two match.

  According to the above configuration, the validity of the electronic signature as the received authentication information can be verified, and the received first device information and the first device information stored in the authentication information / device information storage unit can be verified. Authentication processing can be performed by checking whether or not the set matches.

  Therefore, by verifying the validity of the electronic signature as the received authentication information, it is possible to check whether or not the data processing apparatus has a valid electronic book name, and the received first apparatus information is Since it is possible to perform terminal authentication of the data processing device by checking whether or not it matches what is stored in advance, access from an unauthorized data processing device can be prevented, and security can be improved. .

  Therefore, it is possible to perform authentication when accessing the data providing apparatus in a state where a predetermined security level is secured.

  Furthermore, the data providing device according to the present invention includes a second device information storage unit that stores in advance second device information that can identify the operating device, a request for generating the authentication information from the operating device, and the above Authentication information generation request receiving means for receiving second device information, and the authentication information generating means are stored in the second device information received by the authentication information generation request receiving means and in the second device information storage unit. It is checked whether or not the second device information matches, and the second device information received by the authentication information generation request receiving means and the second device information stored in the second device information storage unit are If they match, the authentication information may be generated.

  According to said structure, the request | requirement which produces | generates authentication information and 2nd apparatus information can be received from an operating device. In addition, it is checked whether or not the received second device information matches the second device information stored in the second device information storage unit. If they match, authentication information can be generated.

  Therefore, when generating operation data including authentication information in response to a request from the operation device, terminal authentication of the operation device can be performed, so that it is possible to prevent an authentication information request from an unauthorized operation device. Improvements can be made.

  Therefore, there is an effect that operation data can be provided to the operation device in a state where a predetermined security level is ensured.

  Furthermore, the data providing device according to the present invention includes a first device information storage unit that stores the first device information in advance, a request for generating the authentication information from the data processing device, and the first device information. The received authentication information generation request receiving means, the authentication information generating means, the first device information received by the authentication information generation request receiving means, and the first device information stored in the first device information storage unit. If the first device information received by the authentication information generation request receiving means matches the first device information stored in the first device information storage unit, It may be configured to generate authentication information.

  According to said structure, the request | requirement which produces | generates authentication information and 1st apparatus information can be received from a data processor. Moreover, it is investigated whether the received 1st apparatus information and the 1st apparatus information memorize | stored in the 1st apparatus information storage part correspond, and authentication information can be produced | generated when it corresponds.

  Therefore, when operation data including authentication information is generated in response to a request from the data processing device, terminal authentication of the data processing device can be performed, so that an unauthorized request for authentication information from the data processing device can be prevented. , Security can be improved.

  Therefore, there is an effect that operation data can be provided to the operation device in a state where a predetermined security level is ensured.

  Furthermore, in the data providing apparatus according to the present invention, the operation data may be data that the operation apparatus can present to a user.

  According to the above configuration, the operation data may be data that can be presented to the user by the operation device. For example, the operation data is image data indicating an outline of the process specified in the process specifying information, and may be presented to the user by displaying the image data on the display unit of the operation device. .

  Therefore, the user can perform authentication when accessing the data providing apparatus while visually confirming the operation data on the operation apparatus (for example, while viewing the outline of the process).

  Therefore, it becomes possible for the user to visually recognize what kind of processing is performed by transmitting the operation data, and the convenience of the user is further improved.

  Further, in order to solve the above-described problem, the operating device according to the present invention is an authentication process performed when accessed from a data processing device that executes processing according to operation data including processing specifying information that specifies processing to be executed. An operation device for transmitting the operation data provided from a data providing device that generates authentication information to be used in response to a request from an external device to the data processing device, wherein the authentication information is received from the data providing device. Operation data receiving means for receiving the operation data including the process specifying information specifying the authentication process, and operation data transmitting means for transmitting the operation data received by the operation data receiving means to the data processing device It is characterized by comprising.

  In addition, the control method of the operating device according to the present invention includes authentication information used in authentication processing performed when accessed from a data processing device that executes processing according to operation data including processing specifying information that specifies processing to be executed. An operation device control method for transmitting the operation data provided from a data providing device generated in response to a request from an external device to the data processing device, the authentication information generated from the data providing device. Operation data receiving step for receiving the operation data including the process specifying information specifying the authentication process, and the operation data for transmitting the operation data received in the operation data receiving step to the data processing device A transmission step.

  According to the above configuration, the operation data including the generated authentication information and the process specifying information specifying the authentication process is received from the data providing apparatus that generates the authentication information in response to a request from the external apparatus. can do. Further, the received operation data can be transmitted to the data processing device.

  Therefore, when the received operation data is transmitted to the data processing device, the data processing device that has received the operation data can cause the data providing device to perform authentication processing using the authentication information included in the operation data. . Therefore, the user of the operating device that operates the data processing device does not need to input authentication information directly, and only needs to perform a simple operation of transmitting the generated operation data to the data processing device.

  Therefore, it is possible to perform authentication when accessing the data providing apparatus without impairing the convenience of the user.

  Furthermore, the operating device according to the present invention may further include authentication information requesting means for requesting the authentication information from the data providing device.

  According to said structure, authentication information can be further requested | required of a data provision apparatus.

  Therefore, the data providing device generates the operation data including the authentication information generated in response to the request from the operation device and including the processing designation information specifying the authentication process, and the operation device is generated by the data providing device. Operation data can be received. Therefore, the user of the operating device can acquire in advance operation data including processing designation information specifying the authentication processing from the data providing device before accessing the data providing device from the data processing device. When accessing the data providing apparatus from the data processing apparatus, authentication by the data providing apparatus can be performed only by performing a simple operation of transmitting the operation data acquired in advance to the data processing apparatus.

  Therefore, it is possible to perform authentication when accessing the data providing apparatus without impairing the convenience of the user. Further, since the operation data can be acquired in advance, the time required for the authentication can be shortened compared to the case where the operation data is acquired after the notification that the authentication is necessary.

  Furthermore, in the operating device according to the present invention, the authentication information requesting unit may transmit device information that can identify the device itself.

  According to the above configuration, in addition to requesting authentication information, device information that can identify the device itself can be transmitted to the data providing device.

  Therefore, the data providing device can authenticate the operating device that requested the authentication information using the device information of the operating device.

  Therefore, when the operation data including the authentication information is generated in the data providing apparatus, the terminal authentication of the operation apparatus that has requested the authentication information can be performed. When the terminal authentication is performed, an authentication information request from an unauthorized operating device can be prevented, and the security can be further improved.

  Furthermore, the operation device according to the present invention may further include a display unit that displays the operation data received by the operation data receiving unit, wherein the operation data is data that the device itself can present to the user. Good.

  According to the above configuration, the operation data may be data that can be presented to the user by the operation device. For example, the operation data is image data indicating an outline of the process specified in the process specifying information, and may be presented to the user by displaying the image data on the display unit of the operation device. .

  Therefore, the user can perform authentication when accessing the data providing apparatus while visually recognizing the operation data on the display unit of the operation apparatus (while viewing the processing outline).

  Therefore, it becomes possible for the user to visually recognize what kind of processing is performed by transmitting the operation data, and the convenience of the user is further improved.

  In order to solve the above problems, a data processing apparatus according to the present invention executes an operation provided from a data providing apparatus that generates authentication information used in an authentication process performed when accessed from an external apparatus to an operating apparatus. A data processing apparatus that executes a process according to operation data including process specifying information that specifies a process to be performed, the operation data including the authentication information and including the process specifying information that specifies the authentication process. The operation data receiving means received from the operation data receiving means, the authentication information extracting means for extracting the authentication information from the operation data received by the operation data receiving means, the authentication information extracted by the authentication information extracting means, and the own device It is characterized by comprising authentication information / device information transmitting means for transmitting identifiable device information to the data providing device.

  Also, the data processing device control method according to the present invention specifies the processing to be executed provided from the data providing device that generates the authentication information used in the authentication processing performed when accessed from the external device to the operating device. A method of controlling a data processing device that executes processing according to operation data including processing designation information, wherein the operation data including the authentication information and including the processing designation information specifying the authentication processing is received from the operating device. An operation data receiving step, an authentication information extracting step for extracting the authentication information from the operation data received in the operation data receiving step, the authentication information extracted in the authentication information extracting step, and the own device. An authentication information / device information transmission step of transmitting identifiable device information to the data providing device. There.

  According to the above configuration, it is possible to receive operation data including the authentication information and including the process specifying information specifying the authentication process from the operating device. Further, authentication information can be extracted from the received operation data. Further, the extracted authentication information and device information that can identify the device itself can be transmitted to the data providing device.

  Therefore, the data processing device that has received the operation data from the operation device can cause the data providing device to perform authentication processing by transmitting the authentication information included in the operation data to the data providing device. Therefore, the user of the operating device that operates the data processing device does not need to input the authentication information directly, and simply performs a simple operation of transmitting the generated operation data to the data processing device. Authentication is possible.

  Furthermore, since the device information of the data processing device is transmitted to the data providing device, it is possible to authenticate the terminal of the data processing device that has transmitted the authentication information when performing the authentication process in the data providing device. When the terminal authentication is performed, it is possible to prevent transmission of authentication information from an unauthorized data processing apparatus, and to improve the security.

  Therefore, there is an effect that it is possible to perform authentication when accessing the data providing apparatus without impairing the convenience of the user and maintaining a predetermined security level.

  The data processing apparatus according to the present invention may further include authentication information requesting means for requesting the authentication information to the data providing apparatus and transmitting apparatus information capable of identifying the own apparatus to the data providing apparatus. Good.

  According to said structure, while requesting | requiring authentication information from a data provision apparatus, the apparatus information which can identify an own apparatus can be transmitted to a data provision apparatus.

  Therefore, when the data providing apparatus is configured to generate authentication information in response to a request from an external apparatus, the data providing apparatus can generate authentication information in response to a request from the data processing apparatus. Furthermore, since the device information of the data processing device is transmitted to the data providing device, the data providing device can perform terminal authentication using the device information of the data processing device. When the terminal authentication is performed, it is possible to prevent an unauthorized data processing apparatus from requesting authentication information, and security can be improved.

  Therefore, there is an effect that the operation data can be generated by the data providing apparatus while a predetermined security level is secured.

  An operation system according to the present invention includes the data providing device, the operation device, and the data processing device.

  According to the above configuration, (1) the data providing device generates authentication information, generates operation data that includes the generated authentication information and includes processing designation information that specifies the authentication processing, and Send to. (2) When the operation device receives the operation data and transmits the received operation data to the data processing device, (3) the data processing device receives the operation data, and authentication information is received from the received operation data. And the extracted authentication information and first device information are transmitted to the data providing device.

  Therefore, according to the operation system, when the operation device that has received the operation data generated by the data providing device transmits the received operation data to the data processing device, the data processing device that has received the operation data Using the authentication information included in the operation data and the first device information of the data processing device, the data providing device can be made to perform the authentication processing. Therefore, the user of the operating device that operates the data processing device does not need to input the authentication information directly, and simply performs a simple operation of transmitting the generated operation data to the data processing device. Authentication is possible.

  Furthermore, since the first device information of the data processing device can be used in performing the authentication processing, it is possible to prevent authentication information from being transmitted from an unauthorized data processing device, and to improve security. Can do.

  Therefore, according to the above operating system, there is an effect that it is possible to perform authentication when accessing the data providing apparatus without impairing the convenience of the user and in a state where a predetermined security level is secured.

  The data providing device, the operating device, and the data processing device may be realized by a computer. In this case, the data providing device, the operating device, In addition, the data providing device, the operation device, the control program for the data processing device, and the computer-readable recording medium on which the data processing device is implemented so that the data processing device is realized by a computer fall within the scope of the present invention.

  As described above, the data providing device according to the present invention provides the operation device that transmits the operation data to the data processing device that executes the process according to the operation data including the process specifying information that specifies the process to be executed. A data providing device for providing the operation data, the authentication information generating means for generating authentication information for use in the authentication processing performed by the device itself when accessed from the data processing device; The operation data generating means for generating the operation data including the authentication information generated by the authentication information generating means and including the process specifying information specifying the authentication process, and the operation data generated by the operation data generating means The operation data transmitting means for transmitting to the operation device, and the authentication information included in the operation data and the data processing from the data processing device. Authentication information / device information receiving means for receiving first device information capable of identifying a device, and the authentication processing using the set of authentication information and first device information received by the authentication information / device information receiving means. Authentication information / apparatus information inspection means to perform.

  In addition, the control method of the data providing apparatus according to the present invention provides a data processing apparatus that executes processing according to operation data including process designation information that designates a process to be executed, to the operation apparatus that transmits the operation data. A method for controlling the data providing device for providing the operation data, wherein the authentication information generating step generates authentication information for use in authentication processing performed by the device itself when accessed from the data processing device. Including the authentication information generated in the authentication information generation step, the operation data generation step for generating the operation data including the process specification information specifying the authentication process, and the operation data generation step The operation data is included in the operation data from the operation data transmitting step for transmitting operation data to the operation device and the data processing device. Authentication information / device information receiving step for receiving the authentication information and first device information capable of identifying the data processing device, and the authentication information and the first device received in the authentication information / device information receiving step An authentication information / device information inspection step for performing the above-described authentication processing using a set of information.

  Therefore, when the operating device that has received the generated operation data transmits the received operation data to the data processing device, the data processing device that has received the operation data receives the authentication information and data included in the operation data. Using the first device information of the processing device, the data providing device can be made to perform an authentication process. Therefore, the user of the operating device that operates the data processing device does not need to input the authentication information directly, and simply performs a simple operation of transmitting the generated operation data to the data processing device. Authentication is possible.

  Furthermore, since the first device information of the data processing device can be used in performing the authentication processing, it is possible to prevent authentication information from being transmitted from an unauthorized data processing device, and to improve security. Can do.

  Therefore, there is an effect that it is possible to perform authentication when accessing the data providing apparatus without impairing the convenience of the user and maintaining a predetermined security level.

  The operating device according to the present invention also provides authentication information used in an authentication process that is performed when accessed from a data processing device that executes processing according to operation data including processing specifying information that specifies processing to be executed from an external device. An operation device that transmits the operation data provided from the data providing device generated in response to the request to the data processing device, including the authentication information and specifying the authentication processing from the data providing device. Operation data receiving means for receiving the operation data including the process designation information, and operation data transmission means for transmitting the operation data received by the operation data receiving means to the data processing device.

  In addition, the control method of the operating device according to the present invention includes authentication information used in authentication processing performed when accessed from a data processing device that executes processing according to operation data including processing specifying information that specifies processing to be executed. An operation device control method for transmitting the operation data provided from a data providing device generated in response to a request from an external device to the data processing device, the authentication information generated from the data providing device. Operation data receiving step for receiving the operation data including the process specifying information specifying the authentication process, and the operation data for transmitting the operation data received in the operation data receiving step to the data processing device A transmission step.

  Therefore, when the received operation data is transmitted to the data processing device, the data processing device that has received the operation data can cause the data providing device to perform authentication processing using the authentication information included in the operation data. . Therefore, the user of the operating device that operates the data processing device does not need to input authentication information directly, and only needs to perform a simple operation of transmitting the generated operation data to the data processing device.

  Therefore, it is possible to perform authentication when accessing the data providing apparatus without impairing the convenience of the user.

  Further, the data processing apparatus according to the present invention provides process designation information that designates a process to be executed provided from the data providing apparatus that generates authentication information to be used in an authentication process performed when accessed from an external apparatus to the operating device. An operation data receiving means for receiving the operation data including the authentication information and including the process designation information designating the authentication process from the operation device. The authentication information extracting means for extracting the authentication information from the operation data received by the operation data receiving means, the authentication information extracted by the authentication information extracting means, and device information that can identify the device itself, Authentication information / device information transmitting means for transmitting to the data providing device.

  Also, the data processing device control method according to the present invention specifies the processing to be executed provided from the data providing device that generates the authentication information used in the authentication processing performed when accessed from the external device to the operating device. A method of controlling a data processing device that executes processing according to operation data including processing designation information, wherein the operation data including the authentication information and including the processing designation information specifying the authentication processing is received from the operating device. An operation data receiving step, an authentication information extracting step for extracting the authentication information from the operation data received in the operation data receiving step, the authentication information extracted in the authentication information extracting step, and the own device. An authentication information / device information transmission step of transmitting identifiable device information to the data providing device.

  Therefore, the data processing device that has received the operation data from the operation device can cause the data providing device to perform authentication processing by transmitting the authentication information included in the operation data to the data providing device. Therefore, the user of the operating device that operates the data processing device does not need to input the authentication information directly, and simply performs a simple operation of transmitting the generated operation data to the data processing device. Authentication is possible.

  Furthermore, since the device information of the data processing device is transmitted to the data providing device, it is possible to authenticate the terminal of the data processing device that has transmitted the authentication information when performing the authentication process in the data providing device. When the terminal authentication is performed, it is possible to prevent transmission of authentication information from an unauthorized data processing apparatus, and to improve the security.

  Therefore, there is an effect that it is possible to perform authentication when accessing the data providing apparatus without impairing the convenience of the user and maintaining a predetermined security level.

It is a block diagram which shows the principal part structure of the operating device, the display processing apparatus, and service provision apparatus which are included in the operating system which concerns on one Embodiment of this invention. 1 is a block diagram illustrating a schematic configuration of an operation system according to an embodiment of the present invention. It is the schematic diagram which showed the outline of the data structure of the image data for operation handled with the operation system which concerns on one Embodiment of this invention. It is the schematic diagram which showed the outline of the data structure of the image data for operation handled with the operation system which concerns on one Embodiment of this invention. It is the schematic diagram which showed the outline of the data structure of the image data for operation handled with the operation system which concerns on one Embodiment of this invention. It is the schematic diagram which showed the outline of the data structure of the image data for operation handled with the operation system which concerns on one Embodiment of this invention. It is the schematic diagram which showed the outline of the data structure of the image data for operation handled with the operation system which concerns on one Embodiment of this invention. It is a block diagram which shows the principal part structure of each apparatus which comprises the operation system which concerns on one Embodiment of this invention. It is a figure which shows the flow of a process which accesses the Web site of a service provision apparatus in the operation system which concerns on one Embodiment of this invention. It is a figure which shows the flow of a process which performs the authentication (login) in a website by transmitting the image data acquired from the service provision apparatus to a display processing apparatus in the operation system which concerns on one Embodiment of this invention. In the operation system which concerns on one Embodiment of this invention, it is a figure which shows the flow of a process which authenticates (logs in) simultaneously with access to a Web site by transmitting the image data acquired from the service provision apparatus to a display processing apparatus. is there. The figure which shows the flow of a process which performs the authentication (purchase) required in the purchasing process of a content by transmitting the image data acquired from the service provision apparatus to a display processing apparatus in the operation system which concerns on one Embodiment of this invention. It is. In the operation system which concerns on one Embodiment of this invention, the figure which shows the flow of a process which performs authentication (login) in a website by transmitting the image data which the operation apparatus acquired beforehand from the service provision apparatus to a display processing apparatus. is there. In the operation system according to an embodiment of the present invention, based on a request from the display processing device, the operation device transmits the image data acquired from the service providing device to the display processing device, thereby authenticating the website (login). It is a figure which shows the flow of the process which performs). It is a block diagram which shows the principal part structure of the operating device, the display processing apparatus, and service provision apparatus which are included in the operating system which concerns on one Embodiment of this invention. 5 is a flowchart illustrating processing in each device when accessing a Web site that does not require authentication in the operation system according to the embodiment of the present invention. It is a schematic diagram which shows a mode that the list of the services which a user can select was displayed as a menu on the display part of the operating device which concerns on one Embodiment of this invention. It is a schematic diagram which shows a mode that the image information contained in the image data for site access was output to the display part of the operating device which concerns on one Embodiment of this invention. 6 is a flowchart illustrating processing in each device when the Web system that requires authentication (login) is first accessed in the operation system according to the embodiment of the present invention. It is a flowchart which shows the flow of the log-in authentication request process performed with the operating device which concerns on one Embodiment of this invention, and the image data generation process for authentication performed with the service provision apparatus which concerns on one Embodiment of this invention. It is a schematic diagram which shows a mode that the image information contained in the image data for authentication was output to the display part of the operating device which concerns on one Embodiment of this invention. In the operation system according to an embodiment of the present invention, after logging in once to a website that requires authentication (login), processing in each device when accessing again within a period in which authentication with a one-time password is valid is shown. It is a flowchart. It is a block diagram which shows the principal part structure of the operating device, the display processing apparatus, and service provision apparatus which are included in the operating system which concerns on one Embodiment of this invention. 6 is a flowchart showing processing in each device when accessing a Web site when the service providing device according to an embodiment of the present invention provides one piece of site access image data with authentication information. 7 is a flowchart showing processing in each device when accessing a Web site when the service providing device according to an embodiment of the present invention provides authentication image data and two site access image data. . It is a block diagram which shows the principal part structure of the operating device, the display processing apparatus, and service provision apparatus which are included in the operating system which concerns on one Embodiment of this invention. The flowchart which shows the flow of a process in each apparatus at the time of performing the authentication at the time of the content purchase in a service provision apparatus by transmitting image data from an operation apparatus to a display processing apparatus in the operation system which concerns on one Embodiment of this invention. It is. It is a flowchart which shows the flow of a process which acquires the image data for user identification in the operation system which concerns on one Embodiment of this invention. 6 is a flowchart showing a flow of processing for accessing a website requiring authentication (login) using image data for user identification in the operation system according to the embodiment of the present invention. It is a block diagram which shows the principal part structure of the operating device, the display processing apparatus, and service provision apparatus which are included in the operating system which concerns on one Embodiment of this invention. 6 is a flowchart showing a flow of processing for acquiring authentication image data in the operation system according to the embodiment of the present invention. 6 is a flowchart showing a flow of processing for accessing a website requiring authentication (login) using authentication image data in the operation system according to the embodiment of the present invention. It is a flowchart which shows the flow of the terminal registration process and the registration / update process of user information in the operating device and service provision apparatus which concern on one Embodiment of this invention. It is a schematic diagram which shows a mode that the image data produced | generated according to the user was displayed on the display part of the operating device which concerns on one Embodiment of this invention. It is a schematic diagram which shows a mode that the other image data produced | generated according to the user was displayed on the display part of the operating device which concerns on one Embodiment of this invention. It is a schematic diagram which shows a mode that the other image data produced | generated according to the user was displayed on the display part of the operating device which concerns on one Embodiment of this invention.

  In the following embodiments, image data will be described as an example of operation data received by the data processing device from the operation device. The image data given as an example here has a general format such as JPEG format, but is data that can include processing specification information 5 that specifies processing to be executed by the data processing apparatus and data to be processed. It is assumed that it has a structure. In each embodiment, the image data including the processing designation information 5 is also particularly referred to as operation image data 3. Details of the data structure of the operation image data 3 and the processing designation information 5 will be described later.

  Further, as a data processing apparatus according to each embodiment, a display processing apparatus that receives image data as operation data and displays various data according to the image data will be described as an example.

[System overview]
A schematic configuration of the operation system 100 according to each embodiment will be described with reference to FIG. FIG. 2 is a block diagram illustrating a schematic configuration of the operation system 100. As illustrated, the operation system 100 includes at least a display processing device (data processing device) 200, an operation device 300, and a service providing device (data providing device) 400. The operation system 100 allows the user to operate the display processing device 200 using the operation device 300, and thereby transmit various data (contents such as Web pages) provided as a service by the service providing device 400 to the communication network 500. This is a system that can be obtained through the browser and viewed on the display processing device 200.

  The display processing device 200 is a device owned by a user who uses the operation system 100 and is a device that executes various processes according to image data transmitted from the operation device 300. Therefore, the display processing device 200 can receive image data transmitted from the operation device 300. When the received image data includes the processing designation information 5, the display processing device 200 extracts the processing designation information 5 included in the received image data and performs a process according to the extracted processing designation information 5. (E.g., accessing a website).

  The operation device 300 is a device owned by a user who uses the operation system 100 and is a device for operating the display processing device 200. Therefore, the operation device 300 can transmit image data to the display processing device 200 using a user operation or the like as a trigger.

  The service providing apparatus 400 is a server apparatus that provides various services to a user who uses the operation system 100, and is an apparatus owned by a service provider. And various data (contents, such as a web page) according to the request | requirement from the display processing apparatus 200 etc. are provided.

  The service providing apparatus 400 also uses authentication information (one-time password or user identification) used in authentication processing performed when a user logs in to the operation system 100 and purchases content provided by the service providing apparatus 400. The image data in which the information (user ID or the like) is embedded as the processing designation information 5 is provided to the operation device 300. Since this is a feature of the present invention, details will be described later.

  In each embodiment, a mobile phone is assumed as the operation device 300. In addition, a television receiver is assumed as the display processing device 200. Further, it is assumed that the service providing apparatus 400 is a service providing server that provides content such as a Web page.

  The operation device 300 is connected to the communication network 500 via a mobile phone network (such as 3G or 3.5G) or a wireless communication network (such as a wireless LAN), and the display processing device 200 and the service providing device 400 are connected to the IP ( It is assumed that the communication network 500 is connected via the Internet Protocol) network. Further, communication between the operation device 300 and the display processing device 200 includes infrared communication (IR), short-range wireless communication (IrSS and Bluetooth (hereinafter referred to as Bluetooth)), wireless LAN, NFC (Near Field). Communication), etc.), and an IP network.

  The operation device 300 may be any device that can operate the display processing device 200 and is not limited to the above example. For example, it may be a PDA (Personal Digital Assistance), a PHS (Personal handy Phone System), a notebook personal computer, a portable game machine, or the like. Further, the display processing device 200 may be any device as long as it receives an operation signal transmitted from the operation device 300 and is controlled in operation, and may be a personal computer, a recording device, a music player, or the like.

  The various data provided by the service providing apparatus 400 may be text data, audio data, image data, video data, an application, or a combination thereof, and is limited to a specific format. is not.

(Operation image data 3)
The outline of the data structure of the operation image data 3 will be described with reference to FIGS. FIGS. 3 to 7 are schematic diagrams showing an outline of the data structure of the operation image data 3. As shown in the figure, the operation image data 3 is roughly JPEG format image data including an image area 610 and an EXIF area 620.

  The image area 610 is an area in which image information such as a photograph is compressed and stored. On the other hand, the EXIF area 620 is an area that mainly stores meta information related to image information stored in the image area 610. The EXIF area 620 includes a maker note area 621 that can be freely used by a service provider that provides the operation image data 3 distribution service. In the maker note area 621, one or a plurality of processing designation information 5 can be stored. For example, in the example shown in FIG. 3, one process designation information 5 (process designation information 5A) is stored. In the example shown in FIG. 4, two pieces of process designation information 5 (process designation information 5A and 5B) are stored. Note that the area in the maker note area 621 in which the processing designation information 5 is stored is not particularly limited.

  The image area 610 may store an image representing the content of the process specified by the process specifying information 5 stored in the maker note area 621. As a result, by displaying the operation image data 3 on the display unit of the operation device 300, the user recognizes what processing is executed when the operation image data 3 is transmitted to the display processing device 200. Can be easy to do.

  Furthermore, when the service provider provides the operation image data 3 to the user, the image information including information corresponding to the user is used rather than the image information stored in the image area 610 being image information common to each user. Therefore, it is expected that the operability of the user is improved. Examples of information according to the user include the name of the user and an image (avatar) representing the user, the name of the service that the user can log in to, and an icon that can identify the service, Operation contents are listed.

(Processing designation information 5)
The process designation information 5 is composed of a combination of a command name 6 that is a name of a command that designates a process to be executed by the display processing apparatus 200 and a parameter 7 that designates a command parameter and data to be processed. . Depending on the command, the parameter 7 may not be specified, or a plurality of parameters may be specified. Further, a code that can identify a command may be used instead of the command name 6. It is assumed that the command name 6 and the parameter 7 can be specified by being described by a predetermined tag or the like.

  The example of the operation image data 3 shown in FIG. 3 includes processing designation information 5A. In the processing designation information 5A, the command name 6 is “site access” and the parameter 7 is “URL: http: // www. .xxx.yyy ”. The process designation information 5A is for instructing to access the website indicated by the URL designated by the parameter 7 and obtain a web page. As in the example shown in FIG. 3, the operation image data 3 including the processing designation information in which the command name 6 is “site access” and the URL is designated in the parameter 7, in each embodiment, Also referred to as “site access image data 3A”.

  Next, the example of the operation image data 3 shown in FIG. 4 includes processing designation information 5B. The processing designation information 5B includes a command name 6 of “authentication” and a parameter 7 of “PW: 0123456789abcd”. is there. This process designation information 5B instructs to perform an authentication (login) process with the password designated by the parameter 7 (hereinafter also referred to as PW). As in the example shown in FIG. 4, the operation image data 3 including the processing designation information in which the command name 6 is “authentication” and the password is designated in the parameter 7 is expressed as “authentication” in each embodiment. Also referred to as “image data 3B”.

  As described above, a plurality of process designation information 5 can be stored in the maker note area 621. The example of the operation image data 3 shown in FIG. 5 is an example including two pieces of processing designation information, that is, processing designation information 5A and processing designation information 5B. As in the example illustrated in FIG. 5, the operation image data 3 including the process designation information whose command name 6 is “site access” and the process designation information whose command name 6 is “authentication” In particular, it is also referred to as “site access image data with authentication information 3C”.

  Further, the example of the operation image data 3 shown in FIG. 6 is an example including two pieces of processing designation information, that is, processing designation information 5A and processing designation information 5C. In the process designation information 5C, the command name 6 is “terminal ID” and the parameter 7 is “ID: 0001”. This processing designation information 5B means that the terminal ID has been sent with the ID designated by the parameter 7.

  The example of the operation image data 3 shown in FIG. 7 includes processing designation information 5E. The processing designation information 5E has a command name 6 of “user identification” and a parameter 7 of “UID (user ID)”. : 0123456789abcd ”. The process designation information 5E instructs to perform an authentication (login) process using the user ID as the user identification information designated by the parameter 7. As in the example shown in FIG. 7, the operation image data 3 including the processing designation information in which the command name 6 is “user identification” and the user identification information is designated in the parameter 7 is particularly selected in each embodiment. , Also referred to as “user identification image data 3E”.

[System configuration]
With reference to FIG. 8, the main configuration of each device constituting the operation system 100 will be described. FIG. 8 is a block diagram showing a main configuration of each device constituting the operation system 100.

(Configuration of display processing device)
The display processing device 200 includes a tuner 201, an audio output unit 202, a display processing device control unit 203, a display unit 204, an operation unit 205, a temporary storage unit 206, a display processing device storage unit 207, and an external communication unit 208, as illustrated. The display processing device first communication unit 209 and the display processing device second communication unit 210 are provided.

  The tuner 201 selects and receives a broadcast wave of a channel designated by the display processing device control unit 203, converts it into a predetermined signal, and outputs it. The display processing device 200 outputs video and audio of the received channel by performing processing such as decoding on this signal. The tuner 201 only needs to have a function of receiving a broadcast wave and converting the received broadcast wave into a predetermined signal. For example, a terrestrial digital tuner, a BS, a CS tuner, etc. Things can also be applied.

  The audio output unit 202 outputs audio to the outside of the display processing device 200 based on the output of the tuner 201 and the instruction of the display processing device control unit 203. The audio output unit 202 can be configured by a speaker, for example.

  The display processing device control unit 203 controls the operation of the display processing device 200 in an integrated manner, and can be configured by, for example, a CPU (Central Processing Unit). The display processing device control unit 203 operates using, for example, a temporary storage unit 206 configured by a RAM (Random Access Memory) or the like as a work area. The details of the processing performed by the display processing device control unit 203 will be described in detail later.

  The display unit 204 is a display device that displays an image based on an output from the tuner 201 and an instruction from the display processing device control unit 203. For example, an LC (Liquid Crystal) display panel, an EL (Electro Luminescence) display panel, a CRT (cathode-ray tube) display device, or the like can be used as the display unit 204. Although not shown, a configuration necessary for displaying an image such as a VDP (Video Display Processor) and a VRAM (Video RAM) is appropriately provided between the display processing device control unit 203 and the display unit 204. It has been.

  The display unit 204 is not necessarily provided in the display processing apparatus 200, and may be configured to be connected to the display processing apparatus 200 with a cable as an external apparatus. In this case, the external device is connected by a cable for image transmission such as a D terminal cable, HDMI (High Definition Multimedia Interface) cable, iLink cable, DVI (Digital Visual Interface) cable, and the output result is displayed on the external device. The

  The operation unit 205 is for the user to perform an input operation on the display processing device 200. The operation unit 205 is not particularly limited as long as the user can perform a desired input operation. Here, it is assumed that operation keys corresponding to various operation inputs are provided as the operation unit 205. Specifically, it is assumed that operation keys for input operations such as channel change, volume increase / decrease, and power on / off of the display processing device 200 are provided.

  The display processing device storage unit 207 stores programs and data as illustrated. The display processing device 200 executes a predetermined operation by causing the display processing device control unit 203 to read the program stored in the display processing device storage unit 207 into the temporary storage unit 206 and execute it.

  The external communication unit 208, the display processing device first communication unit 209, and the display processing device second communication unit 210 are for the display processing device 200 to communicate with external devices. The external communication unit 208 is configured to be connectable to a communication network 500 such as a public communication line. Although not shown, a LAN (Local Area Network) or the like is provided between the external communication unit 208 and the communication network 500. A configuration necessary for communication by a router or the like is appropriately provided.

  The display processing device first communication unit 209 and the display processing device second communication unit 210 are configured to be able to communicate with the operation device first communication unit 309 and the operation device second communication unit 310 of the operation device 300, respectively. Details of the display processing device first communication unit 209 and the display processing device second communication unit 210 will be described later.

  As described above, the display processing apparatus 200 is assumed to be a television receiver. Therefore, in addition to the above functions, the television receiver generally has functions (channel change, volume adjustment, screen brightness). Etc.).

(Configuration of operation device)
As illustrated, the operation device 300 includes a telephone / web communication unit 301, an audio input unit 302, an operation device control unit 303, a display unit 304, an operation unit 305, a temporary storage unit 306, an operation device storage unit 307, and an audio output unit. 308, an operating device first communication unit 309, and an operating device second communication unit 310.

  The telephone / web communication unit 301 makes a call with another mobile phone or a general phone via a mobile phone network such as 3G or 3.5G, or connects to the Internet to connect to an external device (here, a service providing device) 400). Therefore, the telephone / web communication unit 301 is configured to be connectable to the communication network 500. These functions are realized by a telephone network communication unit and a mobile line unit (not shown).

  The voice input unit 302 is for inputting a voice signal to the controller device 300 during a call, for example. The voice output unit 308 is based on a voice signal received by the telephone / web communication unit 301 during a call or the like. To output sound. The voice output unit 308 also outputs voice or the like indicating an incoming call or mail.

  The operation device control unit 303 controls the operation of the operation device 300 in an integrated manner, and can be configured by a CPU or the like, for example. The operating device control unit 303 operates using, for example, a temporary storage unit 306 configured by a RAM or the like as a work area. Details of the processing performed by the controller device control unit 303 will be described in detail later.

  The display unit 304 displays an image in accordance with an instruction from the operation device control unit 303. Although not shown, an image such as a VDP and a VRAM is displayed between the operation device control unit 303 and the display unit 304. The structure necessary for this is provided as appropriate. The display unit 304 can be configured by, for example, an LC display panel or an EL display panel.

  The operation unit 305 is for a user of the operation device 300 to perform an operation input to the operation device 300, and is not particularly limited as long as the user can perform a desired operation input. Here, it is assumed that the operation unit 305 is an operation key provided on the surface of the main body of the operation device 300. Specifically, as operation keys, various menu keys for displaying a menu screen related to website connection or the like on the display unit 304, and up / down / left / right direction keys for selecting items displayed on the display unit 304 are selected. It is assumed that a plurality of operation keys including a determination key for determining an item and a character input key for inputting numbers and characters are provided.

  The controller storage unit 307 stores programs and data as shown in the figure. The operation device 300 executes a predetermined operation by causing the operation device control unit 303 to read the program stored in the operation device storage unit 307 into the temporary storage unit 306 and execute the program. In addition, for example, HTML data received by the telephone / web communication unit 301 and data input by the user of the operation device 300 are stored in the operation device storage unit 307.

  The operation device first communication unit 309 and the operation device second communication unit 310 are for the operation device 300 to communicate with an external device. The operation device first communication unit 309 and the operation device second communication unit 310 are configured to be able to communicate with the display processing device first communication unit 209 and the display processing device second communication unit 210 of the display processing device 200, respectively. Details of the operation device first communication unit 309 and the operation device second communication unit 310 will be described later.

(Configuration of service providing device)
The service providing apparatus 400 includes an audio output unit 402, a service providing apparatus control unit 403, a display unit 404, an operation unit 405, a temporary storage unit 406, a service providing device storage unit 407, and an external communication unit 408, as illustrated. ing.

  The voice output unit 402 outputs voice to the outside of the service providing apparatus 400 based on an instruction from the service providing apparatus control unit 403. The audio output unit 402 can be configured by a speaker, for example.

  The service providing apparatus control unit 403 controls the operation of the service providing apparatus 400 in an integrated manner, and can be configured by a CPU or the like, for example. The service providing apparatus control unit 403 operates using, for example, a temporary storage unit 406 configured by a RAM or the like as a work area. Details of processing performed by the service providing apparatus control unit 403 will be described in detail later.

  The display unit 404 is a display device that displays a service setting screen or the like based on an instruction from the service providing device control unit 403. For example, an LC display panel, an EL display panel, a CRT display device, or the like can be used as the display unit 404.

  The operation unit 405 is used by the user to input an operation to the service providing apparatus 400. The operation unit 405 is not particularly limited as long as the user can perform a desired operation input. Here, a keyboard is assumed as the operation unit 405 in order to perform complicated operations such as setting of various services provided by the service providing apparatus 400 and maintenance of contents.

  The service providing device storage unit 407 stores programs and data as illustrated. The service providing apparatus 400 executes a predetermined operation by causing the service providing apparatus control unit 403 to read the program stored in the service providing apparatus storage unit 407 into the temporary storage unit 406 and execute it.

  The external communication unit 408 is for the service providing apparatus 400 to communicate with external devices (here, the display processing apparatus 200 and the operation apparatus 300). The external communication unit 408 is configured to be connectable to the communication network 500 and is not shown, but is necessary for communication between the external communication unit 408 and the communication network 500 such as a LAN or a router. Configurations are provided as appropriate.

(Communication between the display processing device 200 and the operation device 300)
As described above, the controller device first communication unit 309 is configured to be able to communicate with the display processing device first communication unit 209. The operation device second communication unit 310 is configured to be able to communicate with the display processing device second communication unit 210. That is, the operation device 300 and the display processing device 200 are configured such that the first communication path formed by the operation device first communication unit 309 and the display processing device first communication unit 209, the operation device second communication unit 310, and the display processing. Communication can be performed using a second communication path formed by the device second communication unit 210.

  The first communication path is used to transmit a signal (hereinafter also referred to as a remote control signal) instructing an operation from the operation device 300 to the display processing device 200. Here, it is assumed that infrared communication (IR) is applied to the first communication path. Therefore, it is assumed that the operating device first communication unit 309 is an infrared light emitting unit, and the display processing device first communication unit 209 is an infrared light receiving unit.

  The second communication path is used for transmitting and receiving image data between the controller device 300 and the display processing device 200. Here, it is assumed that short-range wireless communication using IrSS or Bluetooth is applied to the second communication path. That is, the controller device second communication unit 310 and the display processing device second communication unit 210 are communication units capable of transmitting and receiving signals through short-range wireless communication. The second communication path only needs to be able to transmit and receive data, and IEEE802.11 radio such as a wireless LAN, ZigBee (registered trademark), or the like can also be applied.

(Communication between display processing device 200 and service providing device 400)
As described above, the external communication unit 208 of the display processing device 200 is configured to be able to communicate with the communication network 500. Similarly, the external communication unit 408 of the service providing apparatus 400 is configured to be able to communicate with the communication network 500. That is, the display processing device 200 and the service providing device 400 can communicate using a communication path formed via the communication network 500. It is assumed that the display processing apparatus 200 and the service providing apparatus 400 are connected to the communication network 500 via, for example, an IP network.

(Communication between operation device 300 and service providing device 400)
As described above, the telephone / Web communication unit 301 of the controller device 300 is configured to be able to communicate with the communication network 500. That is, the controller device 300 and the service providing device 400 can communicate using a communication path formed via the communication network 500. It is assumed that the operation device 300 is connected to the communication network 500 via a mobile phone network such as 3G or 3.5G.

[Key points of the invention]
As described above, the operation system 100 allows the user to access the service providing apparatus 400 by operating the display processing apparatus 200 using the operation apparatus 300, and various services provided as services by the service providing apparatus 400. It is assumed that the system is capable of acquiring data (content such as a web page) and browsing it with the display processing apparatus 200. As described in the background section, some services provided in the operation system 100 require authentication (login). In a general method of inputting an ID and password, The operability and convenience may be impaired.

  Therefore, the main feature of the present invention is that the display processing device displays image data including information used for authentication (login) acquired from the service providing device 400 by the user who operates the display processing device 200 using the operation device 300. It is possible to perform authentication (login) when using the service provided by the service providing apparatus 400 simply by transmitting to 200. The information used for authentication (login) is assumed to be a password and user identification information, but is not limited to this.

  Hereinafter, five examples of transmitting image data including information used for authentication (login) acquired from the service providing apparatus 400 to the display processing apparatus 200 will be described. Here, a case where the service provided by the service providing apparatus 400 is a Web site that provides a predetermined Web page will be described as an example. Here, only the outline of the process will be described, and details will be described later.

(Example 1)
Referring to FIG. 9 and FIG. 10, after the user recognizes that authentication (login) is required from the accessed website, the authentication image data 3B is acquired from the service providing apparatus 400, An example of performing authentication (login) on the accessed website by transmitting the acquired authentication image data 3B to the display processing device 200 will be described.

  First, as shown in FIG. 9, by transmitting the site access image data 3A from the operation device 300 to the display processing device 200 (A1), the display processing device 200 analyzes the site access image data 3A. Then, an attempt is made to access the Web site of the service providing apparatus 400 specified by the URL included in the process specifying information 5 (A2). Then, as a response, display data that is content such as a Web page is transmitted from the service providing apparatus 400 (A3). Here, it is assumed that the display data transmitted in the flow A3 is information indicating that authentication (login) is necessary.

  In this case, the Web site of the service providing apparatus 400 cannot be accessed without authentication (login). Then, as shown in FIG. 10, subsequently, the user transmits a “login authentication request” for requesting acquisition of information for authentication (login) from the operation device 300 to the service providing device 400 (B1). . The login authentication request is transmitted including the terminal ID (second device information) of the controller device 300. The service providing apparatus 400 that has received the login authentication request first performs terminal authentication using the terminal ID included in the login authentication request (B2), and when the terminal authentication is successful, at the time of authentication (login) on the Web site A one-time password to be used is generated (B3). Then, authentication image data 3B including the generated one-time password is generated (B4), and the generated authentication image data 3B is transmitted to the controller device 300 (B5).

  Subsequently, by transmitting the authentication image data 3B from the operation device 300 that has received the authentication image data 3B to the display processing device 200 (B6), the display processing device 200 analyzes the authentication image data 3B. Then, the one-time password included in the process designation information 5 is transmitted to the service providing apparatus 400 (B7).

  Then, the service providing apparatus 400 performs authentication (login) using the received one-time password (B8), and when the authentication (login) is successful, transmits an authentication result (B9).

  As described above, according to the present invention, authentication (login) on the Web site of the service providing apparatus 400 can be performed by transmitting the authentication image data 3B from the operation apparatus 300 to the display processing apparatus 200.

(Modification of Example 1)
In the above description, in the flow B7, the one-time password is transmitted from the display processing device 200 to the service providing device 400. However, the following configuration may be used. That is, the authentication image data 3B received from the operation device 300 is transmitted as it is to the service providing device 400, and the service providing device 400 analyzes the authentication image data 3B. The time password may be extracted. According to this configuration, it is possible to confirm whether the authentication image data 3B is provided from the service providing apparatus 400 as well as the one-time password. That is, since it can be confirmed whether or not the authentication image data 3B has been illegally created or tampered, there is an effect that security is improved.

  In the above description, in the flow B3, the service providing device 400 generates the one-time password. However, the following configuration may be used. That is, (1) a one-time password is generated by the operating device 300, (2) a “login authentication request” including the generated one-time password is transmitted to the service providing device 400 in flow B1, and (3 ) In the flow B3, the one-time password included in the “login authentication request” may be extracted.

(Example 2)
Next, with reference to FIG. 11, image data including the URL for accessing the website acquired from the service providing apparatus 400 and the one-time password used for authentication (login) on the website is displayed. An example in which authentication (login) is performed at the same time as accessing the Web site by transmitting to the apparatus 200 will be described.

  First, as shown in FIG. 11, a “service start request” for requesting acquisition of information for accessing the Web site is transmitted from the operation device 300 to the service providing device 400 (C1). The service start request is transmitted including the terminal ID of the controller device 300 and the service ID for identifying the Web site to be accessed. The service providing apparatus 400 that has received the service start request first performs terminal authentication using the terminal ID included in the service start request (C2), and when the terminal authentication is successful, at the time of authentication (login) at the Web site A one-time password to be used is generated (C3), and site access image data 3C with authentication information including the generated one-time password and a URL for accessing the Web site specified by the service ID is generated. (C4). Then, the generated image data for site access 3C with authentication information is transmitted to the controller device 300 (C5).

  Then, by transmitting the site access image data 3C with authentication information to the display processing device 200 from the operation device 300 that has received the site access image data 3C with authentication information (C6), the display processing device 200 The site access image data 3C with authentication information is analyzed, and the Web site specified by the URL included in the process specifying information 5 is accessed, and the one-time password included in the process specifying information 5 is transmitted. (C7).

  Then, the service providing apparatus 400 performs authentication (login) using the received one-time password (C8), and when the authentication (login) is successful, it transmits display data to the display processing apparatus 200 (C9).

  As described above, according to the present invention, by transmitting the site access image data 3C with authentication information from the operation device 300 to the display processing device 200, authentication is performed simultaneously with the access to the Web site of the service providing device 400 ( Login).

(Modification of Example 2)
In the above description, the example in which the one-time password and the image data 3C for accessing the site with authentication information including the URL for accessing the Web site specified by the service ID is transmitted and received has been described. It is also possible to transmit and receive two pieces of image data: site access image data 3A including a URL for accessing a Web site to be accessed and authentication image data 3B including a one-time password.

  In the above description, in the flow C7, the Web site specified by the URL included in the process specifying information 5 is accessed, and the one-time password included in the process specifying information 5 is transmitted to the service providing apparatus 400. However, the following configuration is also possible. That is, the site access image data with authentication information 3C received from the operation device 300 is transmitted to the service providing device 400 as it is, and the service providing device 400 analyzes the site access image data with authentication information 3C to specify the processing. The one-time password included in the information 5 may be extracted. According to this configuration, it is possible to confirm whether the site access image data with authentication information 3C is provided from the service providing apparatus 400 as well as the one-time password. That is, since it is possible to confirm whether or not the site access image data with authentication information 3C has been illegally created or tampered with, it is possible to improve the security.

(Example 3)
Next, referring to FIG. 12, when purchasing content on the Web site, the image data is transmitted from the operation device 300 to the display processing device 200, so that the service providing device 400 is necessary for the content purchase processing. An example of performing authentication (purchase) will be described.

  First, when the user performs an operation of purchasing content using the operation device 300 while the content is displayed on the display processing device 200 in a purchaseable state, the display processing device 200 causes the service providing device 400 to perform the operation. Then, a “purchase request” that is a request to purchase content is transmitted (D1). Upon receiving the purchase request, the service providing apparatus 400 generates a one-term password used in authentication (purchase) processing at the time of content purchase (D2), and generates image data including the generated one-time password (D3). The generated image data is transmitted to the controller device 300 (D4). The generated image data may further include a URL of an authentication destination server device or the like. The image data generated at this time is also referred to as “purchase image data 3D” below.

  Then, the controller device 300 that has received the purchase image data 3D stores its own terminal ID in the processing designation information 5 of the purchase image data 3D (D5), and the purchase image data after storing the terminal ID. 3D is transmitted to the display processing apparatus 200 (D6).

  Then, the display processing device 200 analyzes the purchase image data 3D and transmits the terminal ID and the one-time password included in the processing designation information 5 to the service providing device 400 (D7). Then, the service providing apparatus 400 performs authentication (purchase) using the received terminal ID and one-time password (D8), and if the authentication (purchase) is successful, the result of the content purchase process is transmitted to the display processing apparatus 200. (D9).

  As described above, according to the present invention, authentication (purchase) at the time of purchase of content can be performed by transmitting purchase image data 3D from the operation device 300 to the display processing device 200.

(Modification of Example 3)
In the above description, in the flow D7, the terminal ID and the one-time password included in the process designation information 5 are transmitted to the service providing apparatus 400. However, the following structure may be used. That is, the purchase image data 3D received from the operation device 300 is transmitted as it is to the service providing device 400, and the service providing device 400 analyzes the purchase image data 3D, thereby including the one included in the processing designation information 5. The time password may be extracted. According to this configuration, it is possible to confirm whether or not the purchase image data 3D is provided from the service providing apparatus 400 as well as the terminal ID and the one-time password. That is, since it is possible to confirm whether or not the purchase image data 3D has been illegally created or tampered with, it is possible to improve the security.

  In the above description, the purchase image data 3D is transmitted from the service providing apparatus 400 to the operation apparatus 300 in the flow D4. However, instead of the purchase image data 3D, data including a URL for accessing the Web site is used. The image data for purchase 3D may be acquired from the Web site specified by the URL. At this time, the terminal ID of the controller device 300 is also transmitted when accessing the Web site, and after the terminal authentication by the service ID is performed by the service providing device 400, the purchase image data 3D is transmitted to the controller device 300. By doing so, there is an effect that security is improved.

  Further, in the above description, the purchase image data 3D is generated and processed in the flows D2, D3, and D5. However, when the purchase image data 3D is acquired from the website, the purchase image data is acquired on the website. The data 3D may be generated (the purchase image data 3D is not processed by the operation device 300). According to this configuration, there is no need to process the purchase image data 3D in the operation device 300, and the configuration of the operation device 300 can be simplified.

(Example 4)
Next, referring to FIG. 13, (1) the user identification image data 3E is acquired from the service providing apparatus 400 in advance by the operation apparatus 300, and (2) authentication (login) is performed from the accessed website. An example of performing authentication (login) on the accessed Web site by transmitting the acquired user identification image data 3E to the display processing device 200 when the user recognizes that it has been notified that it is necessary. explain.

  First, in order to acquire the user identification image data 3E, as shown in FIG. 13, a “user identification request” for requesting acquisition of information for user identification from the operation device 300 to the service providing device 400 is issued. Transmit (E1). The user identification request is transmitted including the terminal ID of the controller device 300. The service providing apparatus 400 that has received the user identification request first performs terminal authentication using the terminal ID of the operation apparatus 300 included in the user identification request (E2). If the terminal authentication is successful, authentication on the website is performed. User identification information used for (login) is generated (E3). Then, user identification image data 3E including the generated user identification information is generated (E4), and the generated user identification image data 3E is transmitted to the operation device 300 (E5).

  When terminal authentication based on the terminal ID of the operation device 300 is not performed, the user ID request transmitted in the flow E1 may not include the terminal ID of the operation device 300.

  On the other hand, when the site access image data 3A is transmitted from the operation device 300 to the display processing device 200 to access the Web site (E6), the display processing device 200 analyzes the site access image data 3A, An attempt is made to access the Web site of the service providing apparatus 400 specified by the URL included in the process specifying information 5 (E7). Then, as a response, display data that is content such as a Web page is transmitted from the service providing apparatus 400 (E8). Here, it is assumed that the display data transmitted in the flow E8 is information indicating that authentication (login) is necessary.

  In this case, the Web site of the service providing apparatus 400 cannot be accessed without authentication (login). Therefore, as shown in FIG. 13, by transmitting the user identification image data 3E to the display processing device 200 from the operation device 300 that has previously acquired the user identification image data 3E in the flows E1 to E5 (E9). The display processing device 200 analyzes the user identification image data 3E, and obtains the user identification information included in the processing designation information 5 and the terminal ID (first device information, device information) of the display processing device 200. Then, the data is transmitted to the service providing apparatus 400 that has attempted access in flow E7 (E10).

  Then, the service providing apparatus 400 performs authentication (login) using the received user identification information and the terminal ID of the display processing apparatus 200 (E11), and when the authentication (login) is successful, transmits an authentication result (E12).

  As described above, according to the present invention, the user identification image data 3E is acquired in advance by the operation device 300, and the acquired user identification image data 3E is transmitted to the display processing device 200. Authentication (login) at the Web site of the service providing apparatus 400 can be performed.

(Modification of Example 4)
In the above description, the terminal ID of the display processing apparatus 200 is transmitted in the flow E10, and authentication (login) is performed using the terminal ID in the flow E11. However, the following structure may be used. That is, when the terminal ID of the display processing apparatus 200 is not transmitted in the flow E10 and authentication (login) is performed in the flow E11, (1) an authentication URL is added from the service providing apparatus 400 to the operation apparatus 300. (2) When accessing the above authentication URL from the operating device 300, the terminal ID of the operating device 300 is also transmitted, and (3) the service providing device 400 The authentication (login) may be performed using the terminal ID of the transmitted operation device 300. According to this configuration, since authentication (login) is performed without using the terminal ID of the display processing device 200, even when the Web site is accessed from the display processing device 200 that is not registered in advance in the service providing device 400. Authentication (login) can be performed.

(Example 5)
Next, referring to FIG. 14, the user who has recognized that authentication (login) is required from the accessed website performs (1) authentication information issuance operation on the display processing device 200. Accordingly, the authentication image data 3B is transmitted from the service providing apparatus 400 to the operation apparatus 300, and (2) the authentication image data 3B is subsequently transmitted from the operation apparatus 300 to the display processing apparatus 200. An example of performing authentication (login) on the website will be described.

  First, as shown in FIG. 14, by transmitting the site access image data 3A from the operation device 300 to the display processing device 200 (F1), the display processing device 200 analyzes the site access image data 3A. Then, an attempt is made to access the Web site of the service providing apparatus 400 specified by the URL included in the process specifying information 5 (F2). Then, as a response, display data that is content such as a Web page is transmitted from the service providing apparatus 400 (F3). Here, it is assumed that the display data transmitted in the flow F3 is information indicating that authentication (login) is necessary.

  In this case, the Web site of the service providing apparatus 400 cannot be accessed without authentication (login). Then, as shown in FIG. 14, subsequently, an “authentication information issuance request” for requesting issuance of information for authentication (login) is transmitted from the display processing device 200 to the service providing device 400 by a user operation or the like. (F4). The authentication information issue request is transmitted including the terminal ID of the display processing device 200. The service providing apparatus 400 that has received the authentication information issuance request first performs terminal authentication using the terminal ID of the display processing apparatus 200 included in the authentication information issuance request (F5). A one-time password used for authentication (login) is generated (F6). Then, the authentication image data 3B including the generated one-time password is generated (F7), and the generated authentication image data 3B is transmitted to the controller device 300 (F8).

  When terminal authentication based on the terminal ID of the display processing device 200 is not performed, the authentication information issue request transmitted in the flow F4 may not include the terminal ID of the operation device 300.

  Subsequently, by transmitting the authentication image data 3B from the operating device 300 that has received the authentication image data 3B to the display processing device 200 (F9), the display processing device 200 analyzes the authentication image data 3B. Then, the one-time password included in the processing designation information 5 and the terminal ID of the display processing device 200 are transmitted to the service providing device 400 that attempted to access in the flow F2 (F10).

  Then, the service providing apparatus 400 performs authentication (login) using the received one-time password and the terminal ID of the display processing apparatus 200 (F11), and when the authentication (login) is successful, transmits an authentication result (F12). .

  As described above, according to the present invention, (1) the authentication image data 3B including the one-time password is transmitted from the service providing apparatus 400 to the operation apparatus 300 according to the authentication information issue request, and (2) the display is performed from the operation apparatus 300. The authentication image data 3B is transmitted to the processing device 200, and (3) the one-time password included in the authentication image data 3B and the terminal ID of the display processing device 200 are transmitted from the display processing device 200 to the service providing device 400. By doing so, authentication (login) at the Web site of the service providing apparatus 400 can be performed.

(Modification of Example 5)
In the above description, in the flow F6, the service providing apparatus 400 generates the one-time password. However, the following configuration may be used. That is, the flow F6 does not generate a one-time password, (1) the display processing apparatus 200 generates a one-time password, and (2) in the flow F4, “authentication information issuance including the generated one-time password”. (3) In the flow F7, the authentication image data 3B including the one-time password extracted from the “authentication information issue request” may be generated.

  In the above description, the terminal ID of the display processing device 200 is transmitted to the service providing device 400 in the flows F4 and F5, and the terminal authentication by the terminal ID of the display processing device 200 is performed by the service providing device 400. The flow F4 and F5 may be omitted, and a simple authentication (login) process using only the authentication image data 3B may be performed.

  Further, in the above description, in the flows F6 to F8, the service providing apparatus 400 generates the authentication image data 3B including the one-time password, and transmits the generated authentication image data 3B to the operation apparatus 300. The following configuration is also possible. That is, in the flows F6 to F8, the authentication image data 3B including the one-time password is not generated and transmitted, and (1) a URL indicating a partner who requests the generation and transmission of the authentication image data 3B including the one-time password. Link information such as the above information is transmitted from the service providing apparatus 400 to the operation apparatus 300. (2) When the operation apparatus 300 accesses the link destination indicated by the link information, the access information including the terminal ID of the operation apparatus 300 is accessed. (3) After performing terminal authentication using the terminal ID of the operation device 300 in the service providing device 400 accessed from the operation device 300, the authentication image data 3B including the one-time password is generated and generated. The authentication image data 3B may be transmitted to the operating device 300 that has accessed. In this case, since authentication is performed using both the terminal ID of the display processing device 200 and the terminal ID of the operation device 300, security is further improved.

  Further, when authentication using both the terminal ID of the display processing device 200 and the terminal ID of the operation device 300 is successful, a simple authentication process of completing authentication (login) on the website may be performed. .

  Example 1, Example 2, Example 3, Example 4 and Example 5 described above will be described in detail in Embodiments 1, 2, 3, 4 and 5, respectively.

[Embodiment 1]
In the present embodiment, when a web site provided by the service providing apparatus 400 is accessed, when it is notified that login is necessary, (1) in response to a request from the operation apparatus 300 By transmitting the authentication image data 3B including the one-time password from the providing device 400 to the operation device 300, and (2) transmitting the authentication image data 3B from the operation device 300 to the display processing device 200, the above Web site is obtained. A mode in which the user can log in will be described.

  An embodiment of the present invention will be described below with reference to FIGS.

(Detailed configuration of each device)
With reference to FIG. 15, more detailed configurations of the display processing device 200, the operation device 300, and the service providing device 400 according to the present embodiment will be described. FIG. 15 is a block diagram showing a main configuration of display processing apparatus 200, operation apparatus 300, and service providing apparatus 400 according to the present embodiment.

(More detailed configuration of the operating device)
First, a more detailed configuration of the operation device 300 will be described. As illustrated, the controller device storage unit 307 includes a service information storage unit 371, a terminal ID storage unit 372, a command storage unit 373, and an image data storage unit 374. The controller control unit 303 includes a terminal / user information registration processing unit 331, a service display processing unit 332, a command transmission processing unit 333, a login authentication request processing unit 334, an image data reception processing unit 335 (operation data receiving unit), And an image data transmission processing unit 336 (operation data transmission means).

  The service information storage unit 371 stores information related to services that can be enjoyed by the user (service name, service icon, etc.) in association with information (service ID) that can identify the service in a readable state. Is. Information relating to the service stored in the service information storage unit 371 is used by the service display processing unit 332 as data used when a menu or the like for the user to select a service is displayed.

  Next, the terminal ID memory | storage part 372 memorize | stores terminal ID which can identify an own apparatus.

  Next, the command storage unit 373 stores, in a readable state, a command name corresponding to a key operation on an application program (hereinafter referred to as an application) serving as a user interface for operating the display processing device 200. Is. The command name stored in the command storage unit 373 is used by the command transmission processing unit 333 as data to be included in the remote control signal transmitted to the display processing device 200.

  Next, the image data storage unit 374 stores the image data in a readable state. Examples of the image data stored in the image data storage unit 374 include image data including image information indicating an outline of a service, site access image data 3A, and authentication image data 3B.

  Next, the terminal / user information registration processing unit 331 requests the service providing apparatus 400 to register the terminal ID of the operation apparatus 300 using a user operation as a trigger (terminal registration request). At that time, the terminal ID of the operation device 300 acquired from the terminal ID storage unit 372 is included in the terminal registration request and transmitted to the service providing device 400.

  Further, the terminal / user information registration processing unit 331 receives a temporary registration notification including a temporary user name, which is notified from the service providing apparatus 400 as a result of registering the terminal ID of the operation apparatus 300 in the service providing apparatus 400. Are displayed on the display unit 304, and an input for updating the temporary user name to another user name is accepted. When there is a user operation for updating the temporary user name, a request for updating (user information update request) is transmitted to the service providing apparatus 400, and the response is transmitted from the service providing apparatus 400 as a response. A notification to accept the update request (update request acceptance notification) is received. The user information update request is transmitted including the terminal ID.

  Upon receiving the update request acceptance notification, the service providing apparatus accepts the user input of a new user name and updates the provisional user name held in the service providing apparatus 400 in order to update the provisional user name. 400. When a notification (update registration completion notification) indicating that the update has been made is transmitted from the service providing apparatus 400, the fact is displayed on the display unit 304.

  Next, the service display processing unit 332 reads information on the service stored in the service information storage unit 371 when the application is activated, and displays the information on the display unit 304 so that the user can select it. Further, image data including image information indicating an outline of the service selected by the user operation is read from the image data storage unit 374 and the image information included in the image data is output to the display unit 304.

  Next, the command transmission processing unit 333 generates a remote control signal corresponding to the key operation on the application. Then, the generated remote control signal is transmitted to the display processing device 200 via the operation device first communication unit 309.

  Next, the login authentication request processing unit 334 transmits a login authentication request to the service providing apparatus 400 via the telephone / Web communication unit 301 in response to a login start operation from the user. The login authentication request is a request for the service providing apparatus 400 to transmit the authentication image data 3B including the one-time password used at the time of authentication (login) to the Web site of the service providing apparatus 400. The login authentication request is transmitted including the terminal ID. The terminal ID is acquired from the terminal ID storage unit 372.

  Next, the image data reception processing unit 335 receives image data transmitted from an external device, and stores the received image data in the image data storage unit 374. Note that image information included in the received image data may be output to the display unit 304. Examples of the image data transmitted from the external apparatus include authentication image data 3B transmitted from the service providing apparatus 400.

  Next, the image data transmission processing unit 336 uses the image data transmission operation from the user as a trigger to display the image data stored in the image data storage unit 374 via the operation device second communication unit 310. 200.

(Detailed configuration of display processing device)
Next, a more detailed configuration of the display processing device 200 will be described. As illustrated, the display processing device storage unit 207 includes an image data storage unit 271 and a designation processing information storage unit 272. The display processing device control unit 203 includes a command reception processing unit 231, a power management unit 232, an image data reception processing unit 233 (operation data receiving unit), a process designation information extraction processing unit 234 (authentication information extraction unit), and a process execution. Section 235 and a login instruction reception processing section 236.

  The image data storage unit 271 stores the image data transmitted from the controller device 300 in a readable state.

  Next, the designation processing information storage unit 272 stores the processing designation information 5 included in the image data transmitted from the controller device 300.

  Next, the command reception processing unit 231 receives a remote control signal transmitted from the operation device 300 via the display processing device first communication unit 209. Then, an instruction corresponding to the command name included in the received remote control signal is given to each unit of the display processing device control unit 203. For example, when the received remote control signal includes a command to turn on or off the power, the command reception processing unit 231 gives an instruction to that effect to the power management unit 232.

  Next, in response to an instruction from the command reception processing unit 231, the power management unit 232 supplies power to each unit included in the display processing device 200 (that is, turns on the power), or supplies the above power supply. Switch between not to perform (that is, to enter a standby state). It is assumed that display processing apparatus 200 can receive a remote control signal including at least a command to turn on the power even in a standby state.

  Next, the image data reception processing unit 233 receives the image data transmitted from the operation device 300 via the display processing device second communication unit 210. Then, the image data reception processing unit 233 stores the received image data in the image data storage unit 271.

  Next, the processing designation information extraction processing unit 234 is triggered by the image data reception processing unit 233 storing the image data in the image data storage unit 271, and the processing designation information 5 is included in the stored image data. If the process designation information 5 is included, the process designation information 5 is extracted. Then, the extracted process designation information 5 is stored in the designation process information storage unit 272.

  Next, the process execution unit 235 executes various processes based on the process designation information 5 stored in the process designation information storage unit 272, with the completion of the process of the process designation information extraction processing unit 234 as a trigger. . For this purpose, the processing execution unit 235 includes an external access processing unit 2351 and a login request processing unit 2352.

  When the process designation information 5 whose command name 6 is “site access” is stored in the designation process information storage unit 272, the external access processor 2351 receives the process designation information 5 via the external communication unit 208. An access request to the Web site indicated by the URL designated by parameter 7 is made. When display data such as HTML data or content is received as a response to the access request, the received display data is output to the display unit 204.

  When the process designation information 5 having the command name 6 of “authentication” is stored in the designation process information storage unit 272, the login request processing unit 2352 passes the external communication unit 208 via the external communication unit 208. , A login request to a predetermined website (for example, a website being displayed on the display unit 204) is transmitted. The login request is transmitted including the one-time password designated by the parameter 7 of the processing designation information 5. If a URL is further specified in the parameter 7 of the process specifying information 5, a login request may be transmitted to the Web site specified by the URL. In addition, instead of transmitting the login request including the one-time password designated by the parameter 7 of the process designation information 5, the image containing the process designation information 5 stored in the image data storage unit 271 is stored. The data may be transmitted. When an authentication result is received, the received authentication result is output to the display unit 204.

  The login instruction reception processing unit 236 receives login instruction information transmitted from the service providing apparatus 400 via the external communication unit 208, and outputs information included in the received login instruction information to the display unit 204.

(Detailed configuration of service providing device)
Next, a more detailed configuration of the service providing apparatus 400 will be described. As illustrated, the service providing device storage unit 407 includes an image data storage unit 471, an authentication information storage unit 472 (authentication information / device information storage unit), a provided content storage unit 473, and a terminal / user information storage unit 474. It is out. Also, the service providing device control unit 403 includes a terminal / user information registration processing unit 431, an access request reception processing unit 432, a login instruction transmission processing unit 433, an authentication request reception processing unit 434, and a one-time PW generation processing unit 435 (authentication information). Generating unit), an image data generation processing unit 436 (operation data generation unit, operation data transmission unit), and a login request reception processing unit 437.

  The image data storage unit 471 stores a template of image data. The template of the image data is image data in a state where the processing designation information 5 and image information are not stored, and can be used as a template. In particular, the image data storage unit 471 stores a template of image data generated by the image data generation processing unit 436.

  In order for the image data generation processing unit 436 to be able to generate image data according to the user, the image data template stored in the image data storage unit 471 is associated with a user name or the like, You may memorize every. Further, the image information included in the image data may be stored in a state separated from the image data.

  Next, the authentication information storage unit 472 stores the one-time password generated by the one-time PW generation processing unit 435 for each operation device 300 in a state in which the one-time password is associated with the terminal ID of the operation device 300.

  Next, the provided content storage unit 473 stores various display data (HTML data, video content, etc.) to be transmitted to the display processing device 200 in response to a site access request from the display processing device 200.

  Next, the terminal / user information storage unit 474 issues the terminal ID of the operation device 300, the name of the user of the operation device 300, the last date and time when the user accessed the content, and the last one-time password for authentication to the user. Store at least a set of dates and times. The terminal / user information storage unit 474 may have a data structure shown in Table 1, for example.

  In the example shown in Table 1, for example, it is stored that the user name of the user of the operation device 300 whose terminal ID is “0001” is “Taro”. It is stored that the user last accessed “content A” and the date and time is “2008/5/27 12:18”. Further, it is stored that the date and time when the one-time password used at the time of authentication (login) was last issued to the user is “2008/5/27 12:10”.

  Next, when receiving the terminal registration request from the controller device 300, the terminal / user information registration processing unit 431 searches the terminal / user information storage unit 474 based on the terminal ID included in the received terminal registration request. It is checked whether or not the terminal ID has already been registered. If the terminal / user information registration processing unit 431 knows that the terminal has not been registered, the terminal / user information registration processing unit 431 generates a temporary user name, associates the temporary user name with the terminal ID, and stores the terminal / user information storage unit 474. Are stored (newly registered), and a temporary registration notification indicating that temporary registration has been performed is transmitted to the controller device 300. The provisional registration notification includes the provisional user name.

  Thereafter, when the user information update request transmitted from the operation device 300 is received, after confirming that the user is a registered user, a user information update request acceptance notification indicating that the user information update request has been accepted is sent to the operation device 300. Send. Thereafter, the user name stored in the terminal / user information storage unit 474 is updated with the user name transmitted from the controller device 300. Thereafter, an update registration completion notification indicating that the update has been completed is transmitted to the controller device 300.

  Next, the access request reception processing unit 432 checks whether or not authentication (login) has been completed in response to an access request from the external access processing unit 2351 of the display processing device 200. The instruction transmission processing unit 433 causes the display processing device 200 to transmit login instruction information including that login is necessary. On the other hand, if the user has logged in, the data to be provided is acquired from the provided content storage unit 473 and transmitted to the display processing device 200. If the accessed Web site does not require authentication (login), data to be provided is acquired from the provided content storage unit 473 without checking whether the login has been completed, and the display processing device 200. Send to.

  Next, the login instruction transmission processing unit 433 transmits login instruction information to the display processing device 200 in response to an instruction from the access request reception processing unit 432.

  Next, the authentication request reception processing unit 434 receives the login authentication request from the login authentication request processing unit 334 of the controller device 300. First, the terminal ID included in the received login authentication request is the terminal / user information storage unit. The terminal authentication is performed by checking whether it is registered in 474 or not. When the terminal authentication is successful, the one-time PW generation processing unit 435 generates a one-time password for authentication (login) and the image data generation processing unit 436 generates the authentication image data 3B. Each time the one-time PW generation processing unit 435 generates a one-time password, the date / time when the one-time PW generation processing unit 435 generates the one-time password is the final date and time when the one-time password is issued. The information is stored in the information storage unit 474.

  Next, the one-time PW generation processing unit 435 generates a one-time password for authentication (login) in response to an instruction from the authentication request reception processing unit 434. The generated one-time password is given a validity period (for example, 2 minutes), and a one-time password that has passed the validity period cannot be used to log in. The one-time PW generation processing unit 435 associates the generated one-time password with the terminal ID included in the login authentication request received by the authentication request reception processing unit 434, and the validity period of the one-time password is The information is stored in the authentication information storage unit 472 in a state where it can be referred to. The one-time password that has passed the validity period may be deleted from the authentication information storage unit 472.

  Next, the image data generation processing unit 436 generates authentication image data 3B in which the one-time password generated by the one-time PW generation processing unit 435 is stored. For the generation, a model of image data stored in the image data storage unit 471 is used. If a template is stored for each user, a template corresponding to the user corresponding to the operating device 300 that has requested the login authentication request is acquired, and authentication image data 3B is generated. The user corresponding to the operation device 300 that has requested the login authentication request searches for the user name obtained by searching the terminal / user information storage unit 474 using the terminal ID of the operation device 300 included in the login authentication request as a key. Can be specified by. Further, the image information included in the authentication image data 3B may be generated for each user. For example, the name of the user or an image (avatar) representing the user, the name of the service that the user is logging in or logging in, an icon that can identify the service, the operation content that the user can currently perform, etc. The image information may be generated.

  Note that the image data generation processing unit 436 may further include a URL for designating the Web site of the service providing apparatus 400 in the processing designation information 5 of the authentication image data 3B.

  Then, the image data generation processing unit 436 transmits the generated image data to the operation device 300 via the external communication unit 408.

  Next, the login request reception processing unit 437 receives the login request transmitted from the login request processing unit 2352 of the display processing device 200, and determines whether or not the one-time password included in the received login request is valid. Investigate. Specifically, whether or not the one-time password included in the received login request matches the one-time password stored in the authentication information storage unit 472 and whether or not the valid period has passed. Investigate.

  If it is valid (if the one-time password is correct and the valid period has not passed), authentication (login) processing is executed. If necessary, the access request reception processing unit 432 may acquire data to be provided from the provided content storage unit 473 and transmit the data to the display processing device 200. Each time content is transmitted, the date / time when the content is transmitted is stored in the terminal / user information storage unit 474 as the last date / time when the content was accessed.

  On the other hand, if it is not valid (if the one-time password is incorrect or the valid period has passed), the authentication (login) process is not executed.

  Note that the authentication (login) result may be transmitted to the display processing device 200 regardless of whether the authentication (login) process is executed or not.

(Process flow)
Next, with reference to FIG. 16, the flow of processing in each device when the user accesses the Web site in the operation system 100 will be described. Here, the flow of processing will be described for each of (1) access to a website that does not require authentication (login) and (2) access to a website that requires authentication (login).

(Processing flow 1: Access to a website that does not require authentication (login))
FIG. 16 is a flowchart illustrating processing in each device when the user accesses a Web site that does not require authentication (login) in the operation system 100. Here, a description will be given assuming that the user registration process is completed. First, the description will be made assuming that the power of the display processing device 200 is in an off state (standby state).

  First, in order to use a service provided on the website of the service providing apparatus 400, the user activates an application on the operation apparatus 300 (S101).

  When the application is activated, the service display processing unit 332 of the controller device 300 displays a list of available services on the display unit 304 as a menu (S102). When the user selects one of the services displayed in the list (S103), an image showing an outline of the selected service is displayed on the display unit 304 (S104). That is, image data including image information indicating the outline of the selected service is read from the image data storage unit 374 and the image information included in the image data is output to the display unit 304.

  Here, since the power of the display processing device 200 is currently turned off, the “TV power source” displayed on the display unit 304 by the user for the purpose of turning on the power of the display processing device 200 in advance. When the key is operated (S105), the command transmission processing unit 333 of the operating device 300 transmits a remote control signal for turning on the power to the display processing device 200 (S106). When the command reception processing unit 231 of the display processing device 200 receives the remote control signal (S107), the power management unit 232 turns on the power (S108).

  Next, the site access including the image displayed on the display unit 304 in step S104 for the purpose of accessing the Web site of the service providing apparatus 400 in order to use the service selected in step S103. When an operation for transmitting the image data 3A for display to the display processing device 200 is performed (S109), the image data transmission processing unit 336 transmits the site access image data 3A to the display processing device 200 (S110). It is assumed that “site access” is specified as the command name 6 and the URL indicating the Web site of the service providing apparatus 400 is specified as the parameter 7 in the image data 3A for site access.

  Then, when the image data reception processing unit 233 of the display processing device 200 receives the site access image data 3A (S111), the processing designation information extraction processing unit 234 subsequently receives the received site access image data 3A. Is analyzed (S112). Specifically, the processing designation information 5 included in the received site access image data 3A is extracted. In this case, “site access” is extracted as the command name 6 and the URL is extracted as the parameter 7.

  Then, for the purpose of making the user confirm the received site access image data 3A, the image information included in the received site access image data 3A is output to the display unit 204 (S113), and the extracted Since the command name 6 of the processing designation information 5 is “site access”, the external access processing unit 2351 requests access to the Web site indicated by the extracted URL (S114).

  When the access request reception processing unit 432 of the service providing apparatus 400 receives the access request (S115), display data (for example, a web page) to be displayed on the display unit 204 of the display processing apparatus 200 as a response thereto Are transmitted (HTML data, video content, etc.) (S116).

  Then, when the external access processing unit 2351 of the display processing device 200 receives the display data (S117), it outputs the received display data to the display unit 204 (S118).

(Screen example)
Here, an example of a screen displayed on the display unit 304 of the controller device 300 will be described with reference to FIGS. 17 and 18.

  FIG. 17 is a schematic diagram illustrating a state where a list of services that can be selected by the user is displayed as a menu on the display unit 304 of the controller device 300. This screen is an example of the screen in the process of step S102 described above. In this example, the user can select any one of “portal site (top)”, “photo sharing service”, “moving picture distribution service”, “communication board”, and “shopping”. If, for example, “portal site (top)” is selected in step S103 described above, the image shown in FIG. 18 is displayed on the display unit 304 in step S104.

  FIG. 18 is a schematic diagram illustrating a state in which image information included in the image data for site access 3A is output to the display unit 304 of the controller device 300. The image M2 is image information included in the site access image data 3A. Here, the image M2 is an image showing an outline of the top page of the general search site. Therefore, when the site access image data 3A is transmitted to the display processing device 200, a process of accessing the top page of the general search site is performed.

  When the “Send to TV” button M 3 is operated, the image data for site access 3 A is sent to the display processing device 200. This corresponds to the operation in step S109 described above. When the “TV power” button M4 is operated, a remote control signal for turning on the power is transmitted to the display processing device 200. This corresponds to the operation in step S105 described above.

(Processing flow 2: Access to a website that requires authentication (login))
Next, the flow of processing when a user accesses a website that requires authentication (login) will be described. Here, further, (2-1) a case where a website requiring authentication (login) is accessed first, and (2-2) a one-time password after logging in once to a website requiring authentication (login) Each of the cases where access is made again within the period during which the authentication by is valid is described.

(Processing flow 2-1: First access)
First, FIG. 19 is a flowchart illustrating processing in each device when the user first accesses a Web site that requires authentication (login) in the operation system 100.

  Here, a description will be given assuming that the application of the controller device 300 has already been activated. Further, the description will be made assuming that the power of the display processing device 200 is on.

  In addition, the processing up to step S115 and the processing after step S116 are the same processing as described above, and thus description thereof is omitted here.

  After receiving the access request in step S115, the access request reception processing unit 432 of the service providing apparatus 400 checks whether the operating device 300 has been authenticated (logged in) (S201). (NO in S202), the login instruction transmission processing unit 433 transmits login instruction information including that login is necessary to use the Web site to the display processing apparatus 200 (S203).

  When the login instruction reception processing unit 236 of the display processing apparatus 200 receives the login instruction information (S204), the received login instruction information is displayed on the display unit 204 (S205).

  When the user who visually recognizes the login instruction information displayed on the display unit 204 performs an operation to start the login process on the operation device 300 for the purpose of starting the login process (S206), the login authentication request process is performed. Is started (S207). Details of the login authentication process will be described later. When the login authentication process is performed, a login authentication request is transmitted from the operation device 300 to the service providing device 400.

  Upon receiving the login authentication request, the service providing apparatus 400 performs authentication image data generation processing (S208). When the authentication image data generation process is performed, a one-time password that allows the user of the operation apparatus 300 to log in to the service providing apparatus 400 is generated, and the generated one-time password is used as the processing designation information 5. The authentication image data 3B is transmitted to the controller device 300. Details of the authentication image data generation processing will be described later.

  Here, it is assumed that “authentication” is specified as the command name 6 and the one-time password for logging in to the Web site of the service providing apparatus 400 is specified as the parameter 7 in the authentication image data 3B. Further, a URL indicating the Web site of the service providing apparatus 400 may be designated.

  When the authentication image data 3B is received, the image data reception processing unit 335 of the controller device 300 displays the image information included in the received authentication image data 3B on the display unit 304 (S209).

  Then, an operation for transmitting the authentication image data 3B including the image displayed on the display unit 304 in step S209 to the display processing device 200 for the purpose of logging in to the Web site of the service providing device 400. (S210), the image data transmission processing unit 336 of the operation device 300 transmits the authentication image data 3B to the display processing device 200 (S211).

  Then, when the image data reception processing unit 233 of the display processing device 200 receives the authentication image data 3B (S212), the processing designation information extraction processing unit 234 analyzes the received authentication image data 3B. (S213). Specifically, the processing designation information 5 included in the received authentication image data 3B is extracted. In this case, “authentication” is extracted as the command name 6, and the one-time password is extracted as the parameter 7.

  Then, for the purpose of making the user confirm the received authentication image data 3B, the image information included in the received authentication image data 3B is output to the display unit 204 (S214), and the extracted process designation is performed. Since the command name 6 of the information 5 is “authentication”, the login request processing unit 2352 requests login to the Web site being displayed (S215). At this time, the extracted one-time password is also transmitted. Note that the authentication image data 3B may be transmitted instead of the one-time password.

  When the login request reception processing unit 437 of the service providing apparatus 400 receives the login request (S216), authentication (login) is performed based on the one-time password transmitted together with the login request (S217). ).

  When authentication image data 3B is transmitted instead of the one-time password in step S215, it is confirmed whether or not the received authentication image data 3B is the same as that generated in step S208. Analyze if they are the same. Specifically, the processing designation information 5 included in the received authentication image data 3B is extracted. In this case, since “authentication” is extracted as the command name 6 and the one-time password is extracted as the parameter 7, authentication (login) is performed based on the extracted one-time password.

  If the authentication is successful (YES in S218), display data for display on the display unit 204 of the display processing device 200 (for example, HTML data constituting a Web page, video content, etc.) is transmitted (S116). ).

  In step S214, the image information of the received authentication image data 3B is output to the display unit 204 for the purpose of confirming the user. However, the operation device 300 has already confirmed the image information, and the display unit 204 If it is not necessary to reconfirm, step S214 may be omitted.

(Login authentication request processing and authentication image data generation processing)
Next, the flow of the login authentication request process in step S207 and the authentication image data generation process in step S208 will be described. FIG. 20 is a flowchart showing the flow of the login authentication request process and the authentication image data generation process.

  In step S206, when the user performs an operation for starting the login process on the operation device 300, the login authentication request processing unit 334 displays on the display unit 304 that the login process is being performed (S301). . Then, login authentication is requested to the service providing apparatus 400 (S302). At this time, the terminal ID of the controller device 300 is also transmitted.

  When the authentication request reception processing unit 434 of the service providing apparatus 400 receives the login authentication request (S303), the terminal ID transmitted together with the login authentication request is registered in the terminal / user information storage unit 474. Terminal authentication is performed by checking whether or not it is completed (S304).

  If the terminal authentication is successful (YES in S305), the one-time PW generation processing unit 435 generates a one-time password (S306). Subsequently, the image data generation processing unit 436 generates authentication image data 3B including image information corresponding to the user of the operation device 300 that has transmitted the login authentication request (S307). Then, “authentication” and the generated one-time password are stored in each of the command name 6 and the parameter 7 of the processing designation information 5 of the generated authentication image data 3B (S308). Further, the URL of the Web site of the service providing apparatus 400 may be stored in the parameter 7.

  Then, the image data generation processing unit 436 transmits the stored authentication image data 3B to the operation device 300 (S309), and the transmitted authentication image data 3B is transmitted to the image data reception processing unit of the operation device 300. 335 receives (S310).

  Through the above flow, the operation device 300 obtains the one-time password issued by the service providing device 400 and necessary for logging in to the Web site of the service providing device 400 in a state included in the authentication image data 3B. be able to.

(Screen example)
Here, an example of a screen displayed on the display unit 304 of the controller device 300 will be described with reference to FIG. FIG. 21 is a schematic diagram illustrating a state where image information included in the authentication image data 3B is output to the display unit 304. The image M5 is image information included in the authentication image data 3B. Here, the image M5 is an image indicating that login is possible by transmitting the image data to the display processing device 200.

  When the “Send to TV” button M6 is operated, the authentication image data 3B is sent to the display processing device 200. This corresponds to the operation in step S210 described above.

(Processing flow 2-2: Accessing again within the period when the authentication is valid)
Next, FIG. 22 shows the operation system 100 in each apparatus when a user logs in once to a website that requires authentication (login) and then accesses again within a period in which authentication using a one-time password is valid. It is a flowchart which shows a process.

  Here, a description will be given assuming that the application of the controller device 300 has already been activated. Further, the description will be made assuming that the power of the display processing device 200 is on.

  Further, the processing up to step S206 and the processing after step S210 are the same processing as described above, and therefore the description thereof is omitted here.

  In step S206, when the user performs an operation to start the login process on the operation device 300, the valid period (for example, 2 minutes) of the one-time password included in the authentication image data 3B used at the previous login is set. If it has not expired, the login authentication request process is not started as in step S207, and the image information included in the authentication image data 3B received last time is displayed on the display unit 304 (S209). Thereafter, the user logs in to the Web site of the service providing apparatus 400 according to the same flow as the flowchart shown in FIG. If authentication based on the one-time password fails in step S217 (that is, if the validity period of the one-time password has expired), login to the website cannot be performed. In this case, the login authentication request process is performed again, the authentication image data 3B including the new one-time password is acquired from the service providing apparatus 400, and login is performed.

[Embodiment 2]
In the present embodiment, a mode in which login is performed simultaneously with access to a Web site provided by service providing apparatus 400 will be described.

  One embodiment of the present invention will be described below with reference to FIGS. For convenience of explanation, members having the same functions as those shown in the above-described embodiments are given the same reference numerals, and explanation thereof is omitted.

(Detailed configuration of each device)
A more detailed configuration of the display processing device 200, the operation device 300, and the service providing device 400 according to the present embodiment will be described with reference to FIG. FIG. 23 is a block diagram showing a main configuration of display processing apparatus 200, operation apparatus 300, and service providing apparatus 400 according to the present embodiment. Note that the display processing apparatus 200 according to the present embodiment has the same configuration as the display processing apparatus 200 according to the first embodiment, and thus description thereof is omitted here.

(More detailed configuration of the operating device)
The operating device 300 according to the present embodiment has substantially the same configuration as the operating device 300 according to the first embodiment. However, the operation device control unit 303 is different from the login authentication request processing unit 334 in that a service start request processing unit 337 is provided.

  The service start request processing unit 337 transmits a service start request to the service providing apparatus 400 via the telephone / Web communication unit 301 in response to a service start operation from the user. The service start request is a site access with authentication information including a URL for accessing the service providing apparatus 400 to a website corresponding to the service and a one-time password required for authentication (login) at the time of access. The transmission of the image data 3C for use is requested. The service start request is transmitted including the terminal ID and information for identifying the service (service ID). The terminal ID is acquired from the terminal ID storage unit 372. The service ID is acquired from the service information storage unit 371.

(Detailed configuration of service providing device)
Service providing apparatus 400 according to the present embodiment has substantially the same configuration as service providing apparatus 400 according to the first embodiment. However, the difference is that the service providing apparatus control unit 403 includes a service start request reception processing unit 438 instead of the authentication request reception processing unit 434.

  The service start request reception processing unit 438 receives the service start request from the service start request processing unit 337 of the controller device 300. First, the terminal ID included in the received service start request is stored in the terminal / user information storage unit 474. Terminal authentication is performed by checking whether or not it has been registered. If the terminal authentication is successful, the one-time PW generation processing unit 435 generates a one-time password for authentication (login), and the image data generation processing unit 436 receives the image data 3C for site access with authentication information. Generate.

  Note that the one-time PW generation processing unit 435 according to the present embodiment generates a one-time password for authentication (login) in response to an instruction from the service start request reception processing unit 438.

  Further, the image data generation processing unit 436 according to the present embodiment generates site information image data 3C with authentication information in which the one-time password generated by the one-time PW generation processing unit 435 is stored. For the generation, a model of image data stored in the image data storage unit 471 is used. If a template is stored for each user, a template corresponding to the user corresponding to the operation device 300 that has requested the service start request is acquired, and the image data 3C for site access with authentication information is generated. . Further, image information to be included in the image data for site access with authentication information 3C may be generated for each user. For example, the name of the user or an image (avatar) representing the user, the name of the service that the user is logging in or logging in, an icon that can identify the service, the operation content that the user can currently perform, etc. The image information may be generated.

(Process flow)
Next, with reference to FIGS. 24 and 25, the flow of processing in each device when the user accesses a Web site in the operation system 100 according to the present embodiment will be described. Here, in response to a service start request from the operation apparatus 300, the service providing apparatus 400 provides (1) one piece of site access image data 3C with authentication information, and (2) authentication image data 3B. The flow of processing will be described for each of the cases where two pieces of site access image data 3A are provided.

(Processing flow 1: When the service providing apparatus 400 provides one piece of site access image data 3C with authentication information)
FIG. 24 is a diagram illustrating a state where each service access device 400 accesses a Web site when the service providing device 400 provides one piece of site access image data 3C with authentication information in response to a service start request from the operation device 300. It is a flowchart which shows a process.

  Here, a description will be given assuming that the user registration process is completed. Further, the description will be made assuming that the power of the display processing device 200 is on. Further, the processing up to step S103 is as described in the first embodiment.

  In order to access the service selected in step S103, the service start request processing unit 337 transmits a service start request to the service providing apparatus 400 (S401). At this time, the terminal ID of the controller device 300 and information (service ID) for identifying the selected service are transmitted together.

  The service start request reception processing unit 438 that has received the service start request checks whether or not the terminal ID transmitted together with the service start request has been registered in the terminal / user information storage unit 474. (S403).

  If the terminal authentication is successful (YES in S404), the one-time PW generation processing unit 435 generates a one-time password (S405). Subsequently, the image data generation processing unit 436 generates image information corresponding to the user of the operating device 300 that has transmitted the service start request (S406), (1) the generated image information, and (2) a command name. 6 and parameter 7 are “site access” and processing designation information 5 which is the URL of the Web site, respectively. (3) Command name 6 and parameter 7 are “authentication” and the generated one-time password, respectively. The image data 3C for site access with authentication information including the process designation information 5 is generated (S407). Then, the generated image data for site access with authentication information 3C is transmitted to the controller device 300 (S408).

  When receiving the site access image data 3C with authentication information (S409), the controller device 300 outputs the image information included in the site access image data 3C with authentication information to the display unit 304 (S410). Then, in order for the user to access the Web site of the service providing apparatus 400, the image data 3C for site access with authentication information including the image displayed on the display unit 304 in step S410 is displayed on the display processing apparatus 200. When an operation to transmit is performed (S411), the image data transmission processing unit 336 transmits the site access image data with authentication information 3C to the display processing device 200 (S412).

  When the image data reception processing unit 233 of the display processing device 200 receives the above-mentioned site access image data 3C with authentication information (S413), the received site access image data 3C with authentication information is analyzed (S414). . Specifically, the processing designation information 5 included in the site access image data 3C with authentication information is extracted. In this case, in this case, the process designation information 5 in which the command name 6 is “site access” and the parameter 7 is a URL, and the process designation information in which the command name 6 is “authentication” and the parameter 7 is a one-time password. 5 are extracted.

  Then, for the purpose of making the user confirm the received site access image data 3C with authentication information, the image information included in the received site information image data 3C with authentication information is output to the display unit 304 ( In step S415, since the command name 6 of the extracted processing designation information 5 is “site access”, the external access processing unit 2351 requests access to the Web site indicated by the extracted URL (S416). At this time, in order to log in simultaneously with the access to the Web site, the extracted one-time password is also transmitted. Instead of the one-time password, site access image data 3C with authentication information may be transmitted. The subsequent processing is the same as steps S216 to S218 and S116 to S118 described in the first embodiment.

  If the site access image data with authentication information 3C is transmitted in step S416, the transmitted site access image data with authentication information 3C is the same as that generated in step S407 in step S217. If it is the same, analyze it. Specifically, the processing designation information 5 included in the site access image data 3C with authentication information is extracted. In this case, since “authentication” is extracted as the command name 6 and the one-time password is extracted as the parameter 7, authentication (login) is performed based on the extracted one-time password.

Through the above flow, the user of the operation device 300 can log in at the same time as accessing the Web site.
(Processing flow 2: When the service providing apparatus 400 provides the authentication image data 3B and the two site access image data 3A)
FIG. 25 illustrates a case where the service providing apparatus 400 accesses the Web site when the service providing apparatus 400 provides the authentication image data 3B and the two site access image data 3A in response to a service start request from the operation apparatus 300. It is a flowchart which shows the process in each apparatus.

  Here, a description will be given assuming that the user registration process is completed. Further, the description will be made assuming that the power of the display processing device 200 is on. The processing up to step S405 is the same as described above.

  In step S405, when the one-time PW generation processing unit 435 generates a one-time password, the image data generation processing unit 436 first generates authentication image data 3B storing the generated one-time password (S501). . Further, two pieces of site access image data 3A corresponding to the user are generated (S502). Here, it is assumed that site access image data 3A storing the URL of the top page of the site and site access image data 3A storing the URL of the subpage of the site are generated. Then, the generated image is transmitted to the controller device 300 (S503).

  When the operation device 300 receives the transmitted image data (S504), first, the image information (hereinafter referred to as the top page image) included in the site access image data 3A storing the URL of the top page of the site, and the site The image information (hereinafter referred to as subpage image) included in the site access image data 3A storing the URL of the subpage is output to the display unit 304 (S505).

  Then, for the purpose of allowing the user to access the top page of the website of the service providing apparatus 400, the display processing apparatus displays the site access image data 3A including the top page image displayed on the display unit 304 in step S505. When an operation to transmit to 200 is performed (S506), the image data for site access 3A and the image data for authentication 3B are transmitted to the display processing device 200 (S507).

  Upon receiving the site access image data 3A and the authentication image data 3B (S508), the display processing apparatus 200 first analyzes the received site access image data 3A (S509). Specifically, the processing designation information 5 included in the received site access image data 3A is extracted. In this case, the URL of the top page of the site is obtained.

  Further, the received authentication image data 3B is analyzed (S510). Specifically, the processing designation information 5 included in the received authentication image data 3B is extracted. In this case, a one-time password is obtained.

  Then, for the purpose of making the user confirm the received site access image data 3A, the image information included in the received site access image data 3A is output to the display unit 204 (S511), and an external access process is performed. The unit 2351 requests access to the Web site indicated by the extracted URL (S512). At this time, in order to log in at the same time, the extracted one-time password is also transmitted. Note that the authentication image data 3B may be transmitted instead of the one-time password. The subsequent processing is the same as steps S216 to S218 and S116 to S118 described in the first embodiment.

  When the authentication image data 3B is transmitted in step S512, it is confirmed in step S217 whether the transmitted authentication image data 3B is the same as that generated in step S501. Analyze if any. Specifically, the processing designation information 5 included in the authentication image data 3B is extracted. In this case, since “authentication” is extracted as the command name 6 and the one-time password is extracted as the parameter 7, authentication (login) is performed based on the extracted one-time password.

  On the other hand, for the purpose of allowing the user to access the subpage of the Web site of the service providing apparatus 400, the display processing apparatus displays the site access image data 3A including the subpage image displayed on the display unit 304 in step S505. When an operation to transmit to 200 is performed (S513), the site access image data 3A and authentication image data 3B are transmitted to the display processing device 200 (S514).

  Upon receiving the site access image data 3A and the authentication image data 3B (S515), the display processing apparatus 200 first analyzes the received site access image data 3A (S516). Specifically, the processing designation information 5 included in the received site access image data 3A is extracted. In this case, the URL of the subpage of the site is obtained.

  Further, the received authentication image data 3B is analyzed (S517). Specifically, the processing designation information 5 included in the received authentication image data 3B is extracted. In this case, a one-time password is obtained.

  Then, for the purpose of making the user confirm the received site access image data 3A, the image information included in the received site access image data 3A is output to the display unit 204 (S518), and external access processing is performed. The unit 2351 requests access to the Web site indicated by the extracted URL (S519). At this time, in order to log in at the same time, the extracted one-time password is also transmitted. Note that the authentication image data 3B may be transmitted instead of the one-time password. The subsequent processing is the same as steps S216 to S218 and S116 to S118 described in the first embodiment.

  If authentication image data 3B is transmitted in step S519, it is confirmed in step S217 whether the transmitted authentication image data 3B is the same as that generated in step S501. Analyze if any. Specifically, the processing designation information 5 included in the received authentication image data 3B is extracted. In this case, since “authentication” is extracted as the command name 6 and the one-time password is extracted as the parameter 7, authentication (login) is performed based on the extracted one-time password.

  Through the above flow, the user of the operation device 300 can log in at the same time as accessing the Web site.

[Embodiment 3]
In the present embodiment, a description will be given of a mode in which authentication is performed in the service providing apparatus 400 by transmitting image data from the operation apparatus 300 to the display processing apparatus 200 when purchasing content on a Web site.

  One embodiment of the present invention will be described below with reference to FIGS. For convenience of explanation, members having the same functions as those shown in the above-described embodiments are given the same reference numerals, and explanation thereof is omitted.

(Detailed configuration of each device)
With reference to FIG. 26, a more detailed configuration of the display processing device 200, the operation device 300, and the service providing device 400 according to the present embodiment will be described. FIG. 26 is a block diagram showing a main configuration of display processing apparatus 200, operation apparatus 300, and service providing apparatus 400 according to the present embodiment. Since operation device 300 according to the present embodiment has the same configuration as operation device 300 according to the first embodiment, the description thereof is omitted here.

(Detailed configuration of display processing device)
The display processing device 200 according to the present embodiment has substantially the same configuration as the display processing device 200 according to the first embodiment. However, the display processing device control unit 203 is further provided with a charging request processing unit 237, and the processing execution unit 235 is further provided with a charging authentication request processing unit 2353.

  When the remote control signal received by the command reception processing unit 231 is a signal to purchase content, the charging request processing unit 237 sends a request to the service providing apparatus 400 in response to an instruction from the command reception processing unit 231. Then, a request to purchase content (purchase request) is transmitted.

  The billing authentication request processing unit 2353 uses the one-time password and the terminal ID of the operation device 300 extracted from the processing designation information 5 of the purchase image data 3D by the processing designation information extraction processing unit 234 as authentication data at the time of content purchase. It transmits to the service providing apparatus 400. When the URL is further extracted from the processing designation information 5 of the purchase image data 3D, the one-time password and the terminal ID of the operation device 300 are transmitted to the server device designated by the URL. In addition, instead of transmitting the one-time password and the terminal ID of the operation device 300 to the service providing device 400 as the authentication data at the time of content purchase, the processing designation information 5 stored in the image data storage unit 271 is included. The image data may be transmitted to the service providing apparatus 400.

(Detailed configuration of service providing device)
Service providing apparatus 400 according to the present embodiment has substantially the same configuration as service providing apparatus 400 according to the first embodiment. However, the service providing apparatus control unit 403 further includes a billing processing unit 439, and the service providing apparatus storage unit 407 includes a terminal / user information storage unit 475 instead of the terminal / user information storage unit 474. Is different.

  The terminal / user information storage unit 475 is an extension of the data structure of the terminal / user information storage unit 474, and the data stored in the terminal / user information storage unit 474 (the terminal ID of the operation device 300, the operation device 300). In addition to the user's name, the last date and time when the user accessed the content, and the last date and time when the user issued a one-time password for authentication (login), authentication (purchase) for purchasing content The last date and time when the one-time password was issued to the user and the amount available for the user are stored. The terminal / user information storage unit 475 can have a data structure shown in Table 2, for example.

  In the example shown in Table 2, for example, it is stored that the user name of the user of the operation device 300 whose terminal ID is “0001” is “Taro”. It is stored that the user last accessed “content A” and the date and time is “2008/5/27 12:18”. Further, it is stored that the date and time when the one-time password used at the time of authentication (login) was last issued to the user is “2008/5/27 12:10”. Furthermore, it is stored that the date and time when the one-time password used at the time of authentication (purchase) was last issued to the user is “2008/5/27 12:12”. Furthermore, it is stored that the amount of money that the user can use when purchasing the content is “1200 yen”.

  The billing processing unit 439 receives the purchase request from the display processing device 200 and checks the available amount of the user who has requested the purchase. If the purchase is within the range of the available amount, a settlement process is performed. In addition, the one-time PW generation processing unit 435 generates a one-time password for authentication at the time of purchase, and the image data generation processing unit 436 generates the purchase image data 3D.

  Further, when a one-time password and a terminal ID are transmitted from the display processing device 200, an authentication process is performed using the one-time password and the terminal ID. If the authentication is successful, the content purchase process is performed, and the purchased content information is transmitted to the display processing device 200.

(Process flow)
Next, with reference to FIG. 27, in the operation system 100 according to the present embodiment, when content is purchased at a site, the service providing apparatus 400 is transmitted by transmitting image data from the operation apparatus 300 to the display processing apparatus 200. The flow of processing in each device when performing authentication (purchase) at the time of content purchase in FIG.

  FIG. 27 is a flowchart showing a flow of authentication (purchase) processing performed when content is purchased at a site in operation system 100 according to the present embodiment.

  Here, it is assumed that the application is activated in the operation device 300. Further, it is assumed that the authentication of the user A of the operation device 300 has been completed and the user is logged in.

  First, in step S601, it is assumed that content information and information related to a purchase operation are transmitted from the service providing apparatus 400 as display data to the display processing apparatus 200 (S601). Upon receiving the display data (S602), the display processing device 200 outputs the display data to the display unit 204 (S603).

  While viewing the display data displayed on the display unit 204, the user A performs an operation of selecting a service on the operation device 300 (S604), and operates an operation key (up / down / left / right key or determination key) on the application. By doing so, it is assumed that a remote control signal for purchasing content is transmitted to the display processing device (S605). The operation for selecting a service may use a remote control device attached to the display processing device 200.

  When the display processing device 200 receives the remote control signal (S606), the display processing device 200 analyzes the content of the display data determined by the remote control signal and determines that the operation is a content purchase operation (S607). In response to this, a request to purchase content (purchase request) is transmitted (S608). At this time, the purchase request is transmitted including information for identifying the content (content ID) and the terminal ID of the operation device 300.

  When the service providing apparatus 400 receives the purchase request (S609), the service providing apparatus 400 determines that the user A using the terminal ID has requested purchase of the content (S610), refers to the terminal / user information storage unit 475, and the user Check the available amount of A. Then, settlement processing is performed based on the available amount (S611).

  Thereafter, the one-time PW generation processing unit 435 generates a one-time password (S612). Subsequently, the image data generation processing unit 436 generates image information corresponding to the user A of the operation device 300 that has transmitted the content purchase request, and (1) the generated image information and (2) the command name 6. Then, the image data 3D for purchase including “authentication” and the processing designation information 5 which is the generated one-time password is generated (S613). Note that the URL of the authentication destination server device may be further stored as the process designation information 5. Then, the generated purchase image data 3D is transmitted to the controller device 300 (S614).

  Then, the image data reception processing unit 335 of the operation device 300 receives the purchase image data 3D (S615), and when the user performs an operation for displaying an image included in the purchase image data 3D ( In step S616, the image included in the purchase image data 3D is displayed on the display unit 304 (step S617). Thereafter, when the user performs an operation to transmit the purchase image data 3D to the display processing device 200 (S618), the terminal ID is further stored as the process designation information 5 of the purchase image data 3D ( S619), and transmits to the display processing device 200 (S620).

  When the display processing device 200 receives the purchase image data 3D (S621), the processing designation information extraction processing unit 234 analyzes the received site access image data 3A (S622). Specifically, the processing designation information 5 included in the received site access image data 3A is extracted. In this case, whether or not the URL is included and whether or not the one-time password and the terminal ID are included are analyzed and extracted. Then, the extracted one-time password and terminal ID are transmitted to the service providing apparatus 400 (S623). In the above analysis, if a URL is extracted, the extracted one-time password and terminal ID are transmitted to the service providing apparatus 400 to a server device or the like specified by the URL.

  Upon receiving the one-time password and terminal ID (S624), the service providing apparatus 400 performs authentication (purchase) based on the received one-time password and terminal ID (S625). Specifically, it is confirmed whether or not the received one-time password is valid and the received terminal ID is the terminal ID of the operation device 300 used by the user who issued the one-time password. . If authentication (purchase) is successful (YES in S625), purchase processing is performed (S626), and the purchased content is transmitted to the display processing device 200 (S627).

  When receiving the purchased content (S628), the display processing device 200 displays the purchased content on the display unit 204 (S629).

  Through the above flow, the user can perform authentication (purchase) at the time of content purchase by transmitting the purchase image data 3D acquired from the service providing apparatus 400 to the display processing apparatus 200.

  In steps S612 to S614, the purchase image data 3D is transmitted to the controller device 300. However, instead of the purchase image data 3D, a URL for accessing the Web site is transmitted, and the Web specified in the URL is transmitted. It is good also as a structure which acquires the image data 3D for purchase from a site. According to this configuration, when accessing the web site, the terminal ID of the operation device 300 is transmitted and the terminal ID is authenticated by the service providing device 400, and then the purchase image data 3D is displayed on the operation device. Since it can transmit to 300, there exists an effect that security improves.

  Further, the purchase image data 3D is generated and processed in steps S612, S613, and S619. When the purchase image data 3D is acquired from the website, the purchase image data 3D is acquired on the website. The image data for purchase 3D may not be processed by the operation device 300. According to this configuration, there is no need to process the purchase image data 3D in the operation device 300, and the configuration of the operation device 300 can be simplified.

[Embodiment 4]
In the present embodiment, when accessing the Web site provided by the service providing apparatus 400 is notified that login is necessary, the service providing apparatus 400 responds to a request from the operation apparatus 300. A mode in which login to the website can be performed by transmitting user identification image data 3E including user identification information transmitted in advance to the operation device 300 from the operation device 300 to the display processing device 200 will be described.

  One embodiment of the present invention will be described below with reference to FIGS. For convenience of explanation, members having the same functions as those shown in the above-described embodiments are given the same reference numerals, and explanation thereof is omitted.

(Detailed configuration of each device)
A more detailed configuration of the display processing device 200, the operation device 300, and the service providing device 400 according to the present embodiment will be described with reference to FIG. FIG. 1 is a block diagram illustrating a main configuration of a display processing device 200, an operation device 300, and a service providing device 400 according to the present embodiment.

(Detailed configuration of display processing device)
The display processing device 200 according to the present embodiment has substantially the same configuration as the display processing device 200 according to the first embodiment. However, the difference is that the display processing device storage unit 207 further includes a terminal ID storage unit 273. Further, the processing execution unit 235 is different from the login request processing unit 2352 in that it includes a login request processing unit 2354 (authentication information / apparatus information transmission unit).

  The terminal ID storage unit 273 stores a terminal ID that can identify the device itself.

  When the process designation information 5 having the command name 6 “user identification” is stored in the designation process information storage unit 272, the login request processing unit 2354 receives a predetermined website (for example, via the external communication unit 208). , A login request to the Web site being displayed on the display unit 204 is transmitted. The login request is transmitted including the user identification information specified by the parameter 7 of the processing specification information 5 and the terminal ID of the display processing device 200 acquired from the terminal ID storage unit 273. If a URL is further specified in the parameter 7 of the process specifying information 5, a login request may be transmitted to the Web site specified by the URL. Further, the login request includes the image data including the processing designation information 5 stored in the image data storage unit 271 instead of the user identification information designated by the parameter 7 of the processing designation information 5. You may send it. When an authentication result is received, the received authentication result is output to the display unit 204.

(More detailed configuration of the operating device)
The operating device 300 according to the present embodiment has substantially the same configuration as the operating device 300 according to the first embodiment. However, the operation device control unit 303 is different from the login authentication request processing unit 334 in that it includes a user identification request processing unit 338 (authentication information requesting unit).

  The user identification request processing unit 338 transmits a user identification request to the service providing apparatus 400 via the telephone / Web communication unit 301 in response to a user identification image acquisition operation from the user. The user identification request is a request for the service providing apparatus 400 to transmit user identification image data 3E including user identification information necessary for accessing a Web site corresponding to the service. The user identification request is transmitted including the terminal ID. The terminal ID is acquired from the terminal ID storage unit 372.

(Detailed configuration of service providing device)
Service providing apparatus 400 according to the present embodiment has substantially the same configuration as service providing apparatus 400 according to the first embodiment. However, the service providing apparatus control unit 403 replaces the authentication request reception processing unit 434, the one-time PW generation processing unit 435, and the login request reception processing unit 437 with the user identification request reception processing unit 440 (authentication information generation request reception). Means), a user identification information generation processing unit 441 (authentication information generation unit, authentication information / device information storage unit), and a login request reception processing unit 442 (authentication information / device information reception unit, authentication information / device information inspection unit). Is different.

  Further, the service providing device storage unit 407 does not include the authentication information storage unit 472, and instead of the terminal / user information storage unit 474, a terminal / user information storage unit 476 (authentication information / device information storage unit, The difference is that a first device information storage unit) is provided.

  The terminal / user information storage unit 476 is obtained by changing the data structure of the terminal / user information storage unit 474, and the data stored in the terminal / user information storage unit 474 (terminal ID of the operation device 300, operation device 300 The user's name, the last date and time when the user accessed the content), the last date and time when the authentication image data was issued to the user, the user ID as user identification information that uniquely identifies the user, and the display processing device 200 Is stored. The terminal / user information storage unit 476 can have a data structure shown in Table 3, for example.

  In the example shown in Table 3, for example, the user name of the user of the operation device 300 whose terminal ID is “0001” is “Taro”, the user ID of the user is “0123456789abcd”, and the user ID of the display processing device 200 used by the user is It is stored that the terminal ID is “000a”. It is stored that the user last accessed “content A” and the date and time is “2008/5/27 12:18”. Furthermore, it is stored that the date and time when the image data for user identification used at the time of authentication (login) was last issued to the user is “2008/3/27 12:10”.

  Next, the user identification request reception processing unit 440 receives the user identification request from the user identification request processing unit 338 of the controller device 300. First, the terminal ID of the controller device 300 included in the received user identification request is Whether or not registered in the terminal / user information storage unit 476 (that is, the terminal ID of the operation device 300 included in the user identification request and the terminal ID of the operation device 300 stored in the terminal / user information storage unit 476) Terminal authentication is performed by checking whether or not and match. If the terminal authentication is successful, the user identification information generation processing unit 441 generates user identification information for user identification used for authentication (login) on the website, and the image data generation processing unit 436 causes the user to authenticate. Identification image data 3E is generated.

  Next, the user identification information generation processing unit 441 generates user identification information based on the user ID stored in the terminal / user information storage unit 476 in response to an instruction from the user identification request reception processing unit 440. The generated user identification information is stored in the terminal / user information storage unit 476 in association with the terminal ID of the operation device 300.

  Note that the user identification information may use the user ID as it is, or may use a value converted according to a predetermined rule. For example, by encrypting the user ID, there is an effect that the security of the user identification information is increased.

  The image data generation processing unit 436 according to the present embodiment generates user identification image data 3E storing the user identification information generated by the user identification information generation processing unit 441. For the generation, a model of image data stored in the image data storage unit 471 is used. When a template is stored for each user, a template corresponding to the user corresponding to the operation device 300 that has requested the user identification request is acquired, and user identification image data 3E is generated. Moreover, you may produce | generate the image information included in the image data 3E for user identification for every user. For example, the name of the user or an image (avatar) representing the user, the name of the service that the user is logging in or logging in, an icon that can identify the service, the operation content that the user can currently perform, etc. The image information may be generated.

  Next, the login request reception processing unit 442 receives the login request transmitted from the login request processing unit 2354 of the display processing device 200, the user identification information included in the received login request, and the display processing device 200. It is checked whether the set of the terminal ID matches the set of the user ID as the user identification information stored in the terminal / user information storage unit 476 and the display processing device terminal ID. (Login) Processing is executed. In addition, when user identification information is converted according to a predetermined rule, it can be confirmed whether it matches by comparing user identification information and the result of converting user ID according to the predetermined rule. If necessary, the access request reception processing unit 432 may acquire data to be provided from the provided content storage unit 473 and transmit the data to the display processing device 200. On the other hand, if they do not match, the authentication (login) process is not executed.

  Note that the authentication (login) result may be transmitted to the display processing device 200 regardless of whether the authentication (login) process is executed or not.

(Process flow)
Next, with reference to FIGS. 28 and 29, the flow of processing in each device when a user accesses a Web site in the operation system 100 according to the present embodiment will be described. Here, (1) First, the flow of processing for acquiring the user identification image data 3E will be described with reference to FIG. 28. (2) Subsequently, the user identification image data 3E will be described with reference to FIG. Will be used to explain the flow of processing for accessing a Web site that requires authentication (login).

  Here, a description will be given assuming that the user registration process is completed. Further, the description will be made assuming that the power of the display processing device 200 is on. In the following description, it is assumed that the application of the operation device 300 is already activated.

(Processing flow 1: acquisition of user identification image data 3E)
As shown in FIG. 28, when the user performs an operation of acquiring user identification image data 3E (selection of a service that provides user identification image data 3E) (S801), the user identification request processing unit 338 provides the service. A user identification request is transmitted to the device 400 (S802). At this time, the terminal ID of the controller device 300 is also transmitted.

  When receiving the user identification request (S803), the user identification request reception processing unit 440 has registered the terminal ID of the controller device 300 transmitted together with the user identification request in the terminal / user information storage unit 476. Terminal authentication is performed by checking whether or not (S804).

  If the terminal authentication is successful (YES in S805), the user identification information generation processing unit 441 generates user identification information (S806). Subsequently, the image data generation processing unit 436 generates image information corresponding to the user of the operation device 300 that has transmitted the user identification request (S807), (1) the generated image information, and (2) a command name. 6 and parameter 7 respectively generate user identification image data 3E including “user identification” and processing designation information 5 which is the generated user identification information (S808). Then, the generated user identification image data 3E is transmitted to the controller device 300 (S809). At this time, in order to guarantee the validity of the user identification image data 3E, an electronic signature may be added to the user identification image data 3E.

  Upon receiving the user identification image data 3E (S810), the controller device 300 outputs the image information included in the user identification image data 3E to the display unit 304 (S811) and saves it in the image data storage unit 374 (S811). S812).

  Through the above flow, the user of the controller device 300 can acquire the user identification image data 3E.

(Processing flow 2: Access to a website that requires authentication (login))
The processes in steps S101 to S115 and S201 to 205 shown in FIG. 29 are as described in the first embodiment.

  The user who has visually recognized the login instruction information displayed on the display unit 204 in step S205 selects the user identification image data 3E stored in step S812 for the purpose of logging in to the Web site of the service providing apparatus 400. Then (S813), the selected user identification image data 3E is output to the display unit 304 (S814).

  When the user performs an operation to transmit the user identification image data 3E output to the display unit 304 to the display processing device 200 (S815), the image data transmission processing unit 336 of the operation device 300 causes the user to perform the operation. The identification image data 3E is transmitted to the display processing device 200 (S816).

  Then, when the image data reception processing unit 233 of the display processing device 200 receives the user identification image data 3E (S817), the processing designation information extraction processing unit 234 subsequently receives the received user identification image data 3E. Is analyzed (S818). Specifically, the processing designation information 5 included in the received user identification image data 3E is extracted. In this case, “user identification” is extracted as the command name 6 and user identification information is extracted as the parameter 7.

  Then, for the purpose of making the user confirm the received user identification image data 3E, the image information included in the received user identification image data 3E is output to the display unit 204 (S819), and the extracted Since the command name 6 of the processing designation information 5 is “user identification”, the login request processing unit 2352 requests login to the Web site being displayed (S820). At this time, the extracted user identification information and the terminal ID stored in the terminal ID storage unit 273 are transmitted together. The received user identification image data 3E may be transmitted instead of the user identification information and the terminal ID.

  When the login request reception processing unit 437 of the service providing apparatus 400 receives the login request (S821), authentication (login) is performed using the user identification information and the terminal ID transmitted together with the login request. Perform (S822).

  If the user identification image data 3E is transmitted instead of the user identification information and the terminal ID, it is confirmed whether or not the user identification image data 3E is the same as that generated in step S807. Analyze if any. Specifically, the processing designation information 5 included in the user identification image data 3E is extracted. In this case, since “user identification” is extracted as the command name 6 and user identification information is extracted as the parameter 7, authentication (login) is performed based on the extracted user identification information. Further, when an electronic signature is added to the image data 3E for user identification, authentication is performed by verifying the validity of the electronic signature instead of performing authentication (login) based on the user identification information. (Login) may be performed.

  The electronic signature is a hash value calculated from the secret key and the user identification image data 3E using a generally known signature generation algorithm. Whether the electronic signature is valid for the user identification image data 3E is verified using a public key. Specifically, the electronic signature is decrypted using the public key, and verification is performed by checking whether or not the hash value that is the decryption result matches the hash value calculated from the user identification image data 3E. To do.

  If the authentication (login) is successful (YES in S823), display data to be displayed on the display unit 204 of the display processing device 200 (for example, HTML data constituting a web page, video content, etc.) is transmitted. (S116). The subsequent processing is the same as steps S116 to S118 described in the first embodiment.

  In step S819, the image information of the received user identification image data 3E is output to the display unit 204 for the purpose of confirming the user, but the confirmation has already been performed by the operation device 300, and the display unit 204 If it is not necessary to reconfirm at step S819, step S819 may be omitted.

  Through the above flow, the user of the operation device 300 can log in to the Web site using the user identification image data 3E.

[Embodiment 5]
In the present embodiment, when a website provided by the service providing apparatus 400 is accessed, a user who recognizes that authentication (login) is required from the website is displayed on the display processing apparatus. The authentication image data 3B is transmitted from the service providing apparatus 400 to the operation apparatus 300 by performing an operation for requesting the authentication information issuance at 200, and then, the authentication apparatus transmits the authentication image data 3B from the operation apparatus 300 to the display processing apparatus 200. A mode in which authentication (login) to the accessed website can be performed by transmitting the image data 3B will be described.

  An embodiment of the present invention will be described below with reference to FIGS. For convenience of explanation, members having the same functions as those shown in the above-described embodiments are given the same reference numerals, and explanation thereof is omitted.

(Detailed configuration of each device)
With reference to FIG. 30, more detailed configurations of the display processing device 200, the operation device 300, and the service providing device 400 according to the present embodiment will be described. FIG. 30 is a block diagram illustrating a main configuration of the display processing device 200, the operation device 300, and the service providing device 400 according to the present embodiment.

(Detailed configuration of display processing device)
The display processing device 200 according to the present embodiment has substantially the same configuration as the display processing device 200 according to the fourth embodiment. However, the difference is that the process execution unit 235 includes a login request processing unit 2355 (authentication information / apparatus information transmission unit) instead of the login request processing unit 2354. Further, the processing execution unit 235 is further provided with an authentication information issue request processing unit 2356 (authentication information requesting unit).

  When the process designation information 5 whose command name 6 is “authentication” is stored in the designation process information storage unit 272, the login request processor 2355 receives a predetermined website (for example, A login request to the Web site being displayed on the display unit 204 is transmitted. The login request is transmitted including the one-time password designated by the parameter 7 of the processing designation information 5 and the terminal ID acquired from the terminal ID storage unit 273. If a URL is further specified in the parameter 7 of the process specifying information 5, a login request may be transmitted to the Web site specified by the URL. Further, the login request is transmitted by including the image data including the processing designation information 5 stored in the image data storage unit 271 instead of the one-time password designated by the parameter 7 of the processing designation information 5. May be. When an authentication result is received, the received authentication result is output to the display unit 204.

  The authentication information issuance request processing unit 2356, when the user performs an operation for transmitting an authentication information issuance request via the operation unit 205 or the like, via the external communication unit 208, a predetermined Web site (for example, display The authentication information issuance request to the Web site being displayed on the unit 204 is transmitted. The authentication information issue request is transmitted including the terminal ID of the display processing apparatus 200 stored in the terminal ID storage unit 273. The login instruction reception processing unit 236 may transmit an authentication information issuance request triggered by the reception of the login instruction information.

(More detailed configuration of the operating device)
The operating device 300 according to the present embodiment has substantially the same configuration as the operating device 300 according to the first embodiment. However, the operation device storage unit 307 is further provided with an electronic mail storage unit 375. Further, the controller device 303 is different in that the controller device 303 further includes an e-mail reception processor 339 (operation data receiving means).

  The e-mail storage unit 375 stores the e-mail in a readable state. The e-mail stored in the e-mail storage unit 375 includes e-mail (image data is image data including image data including image information indicating the outline of the service, image data for site access 3A, image data for authentication 3B). Attached e-mail) and e-mail including a URL for accessing the site.

  The e-mail reception processing unit 339 receives an e-mail transmitted from an external device, and stores the received e-mail in the e-mail storage unit 375. In addition, the fact that an e-mail has been received from an external device is output to the display unit 304, and the e-mail stored in the e-mail storage unit 375 is output to the display unit 304. Examples of the electronic mail transmitted from the external apparatus include an electronic mail including authentication image data 3B generated by the service providing apparatus 400. Note that the image data included in the e-mail may also be stored in the image data storage unit 374.

(Detailed configuration of service providing device)
Service providing apparatus 400 according to the present embodiment has substantially the same configuration as service providing apparatus 400 according to the first embodiment. However, the service providing apparatus control unit 403 replaces the authentication request reception processing unit 434 and the login request reception processing unit 437 with each other, and an authentication information issue request reception processing unit 443 (authentication information generation request reception unit) and a login request reception process. A difference is that it includes a unit 444 (authentication information / device information receiving unit, authentication information / device information inspection unit), and further includes an e-mail transmission processing unit 445 (operation data transmission unit). Also, the difference is that the service providing device storage unit 407 includes a terminal / user information storage unit 477 (second device information storage unit) instead of the terminal / user information storage unit 474.

  The terminal / user information storage unit 477 is an extension of the data structure of the terminal / user information storage unit 474 of the first embodiment, and the data stored in the terminal / user information storage unit 474 (the terminal of the operation device 300). In addition to the ID, the name of the user of the operation device 300, the last date and time when the user accessed the content, and the last date and time when the user issued a one-time password for authentication (login), an email address, and The terminal ID of the display processing device 200 is stored. The terminal / user information storage unit 477 can have a data structure shown in Table 4, for example.

  In the example shown in Table 4, for example, the user name of the user of the operation device 300 whose terminal ID is “0001” is “taro”, the electronic mail address of the user operation device 300 is “taroh@abc.efg”, It is stored that the terminal ID of the display processing device 200 used by the user is “000a”. It is stored that the user last accessed “content A” and the date and time is “2008/5/27 12:18”. Further, it is stored that the date and time when the one-time password used at the time of authentication (login) was last issued to the user is “2008/5/27 12:10”.

  Note that the data structure of the terminal / user information storage unit 477 is not limited to the data structure shown in Table 4, and for example, a data structure capable of storing a one-time password generated for the operation device 300. It is good. In this case, the service providing device storage unit 407 may not include the authentication information storage unit 472.

  Next, the authentication information issuance request reception processing unit 443 receives the authentication information issuance request from the authentication information issuance request processing unit 2356 of the display processing device 200. First, the display processing device included in the received authentication information issuance request 200 is registered in the terminal / user information storage unit 477 (that is, the terminal ID of the display processing device 200 included in the authentication information issuance request and the terminal / user information storage unit 477 are stored). Terminal authentication is performed by checking whether or not the displayed display processing device terminal ID matches. When the terminal authentication is successful, the one-time PW generation processing unit 435 generates a one-time password for authentication (login) and the image data generation processing unit 436 generates the authentication image data 3B.

  Subsequently, the authentication information issuance request reception processing unit 443 associates the e-mail address stored in the terminal / user information storage unit 477 in association with the terminal ID of the display processing device 200 included in the received authentication information issuance request. An e-mail including the authentication image data 3B generated by the image data generation processing unit 436 as a destination is generated, and the generated e-mail is transmitted to the e-mail transmission processing unit 445.

  Next, the login request reception processing unit 444 receives the login request transmitted from the login request processing unit 2355 of the display processing device 200. First, (1) the one-time password included in the received login request is valid. Check if there is any. Specifically, it is checked whether or not the one-time password matches the one-time password stored in the authentication information storage unit 472 and whether or not the valid period has passed. Further, the login request reception processing unit 444 (2) does the terminal ID of the display processing device 200 included in the received login request match the display processing device terminal ID stored in the terminal / user information storage unit 477? Check for no.

  (1) If the one-time password is valid (the one-time password is correct and has not expired) and (2) the terminal ID matches the display processing device terminal ID, authentication (login) ) Execute the process. If necessary, the access request reception processing unit 432 may acquire data to be provided from the provided content storage unit 473 and transmit the data to the display processing device 200.

  On the other hand, if (1) the one-time password is not valid (one-time password is not correct or has expired) or (2) the terminal ID does not match the display processing device terminal ID, authentication ( (Login) process is not executed.

  Note that the authentication (login) result may be transmitted to the display processing device 200 both when the authentication (login) process is executed and when it is not executed.

  If security is not required (for example, viewing a shared album), authentication (login) processing may be executed without using a one-time password.

  Next, in response to an instruction from the authentication information issuance request reception processing unit 443, the e-mail transmission processing unit 445 uses the e-mail generated by the authentication information issuance request reception processing unit 443 as the electronic designated in the e-mail. Transmission is performed via the external communication unit 408 with the mail address as the destination.

(Process flow)
Next, with reference to FIGS. 31 and 32, the flow of processing in each device when a user accesses a Web site in the operation system 100 according to the present embodiment will be described. Here, (1) First, the flow of processing for acquiring the authentication image data 3B including the one-time password will be described with reference to FIG. 31, and (2) the authentication process will be described with reference to FIG. A flow of processing for accessing a website requiring authentication (login) using the image data 3B will be described.

  Here, a description will be given assuming that the user registration process is completed. Further, the description will be made assuming that the power of the display processing device 200 is on. In the following description, it is assumed that the application of the operation device 300 is already activated.

(Processing flow 1: Acquisition of authentication image data 3B)
The processes from steps S101 to S115 and S201 to 205 shown in FIG. 31 are as described in the first embodiment.

  After the login instruction reception processing unit 236 displays the login instruction information on the display unit 204 (S205), the authentication information issuance request processing unit 2356 is triggered by an operation from the user for transmitting authentication information issuance. An authentication information issue request is transmitted to the Web site via the unit 208 (S901). At this time, the authentication information issue request is transmitted including the terminal ID of the display processing device 200 stored in the terminal ID storage unit 273. In step S901, the login instruction reception processing unit 236 may transmit an authentication information issuance request triggered by the reception of the login instruction information.

  When the authentication information issue request reception processing unit 443 of the service providing apparatus 400 receives the authentication information issue request (S902), the terminal ID of the display processing device 200 included in the authentication information issue request is the terminal / user information storage unit 477. Terminal authentication is performed by checking whether or not it has already been registered (S903).

  If the terminal authentication is successful (YES in S904), the one-time PW generation processing unit 435 generates a one-time password for authentication (login) (S905). Subsequently, the image data generation processing unit 436 generates authentication image data 3B including image information corresponding to the registered user (S906). Then, “authentication” and the generated one-time password are stored in each of the command name 6 and parameter 7 of the processing designation information 5 of the generated authentication image data 3B (S907). The parameter 7 may further store the URL of the Web site of the service providing apparatus 400.

  Then, the authentication information issuance request reception processing unit 443 generates an e-mail including the authentication image data 3B (S908). Then, the e-mail transmission processing unit 445 transmits the generated e-mail to the designated e-mail address (S909).

  When receiving the authentication image data 3B included in the transmitted e-mail (S910), the e-mail reception processing unit 339 of the controller device 300 stores the received e-mail in the e-mail storage unit 375 (S910). S911). Further, the fact that the e-mail has been received is output to the display unit 304, and the e-mail stored in the e-mail storage unit 375 is output to the display unit 304 (S912).

  Through the above flow, the operation device 300 obtains the one-time password issued by the service providing device 400 and necessary for logging in to the Web site of the service providing device 400 in a state included in the authentication image data 3B. be able to.

(Processing flow 2: Access to a website that requires authentication (login))
Next, the flow after step S912 will be described with reference to FIG. The authentication image included in the e-mail stored in step S911 for the purpose of allowing the user who has viewed the e-mail displayed on the display unit 304 in step S912 to log in to the website of the service providing apparatus 400. When the data 3B is selected (S913), the selected authentication image data 3B is output to the display unit 304 (S914).

  When the user performs an operation to transmit the authentication image data 3B output to the display unit 304 to the display processing device 200 (S915), the image data transmission processing unit 336 of the operation device 300 causes the authentication data data 3B to be transmitted. The image data 3B is transmitted to the display processing device 200 (S916).

  Then, when the image data reception processing unit 233 of the display processing device 200 receives the authentication image data 3B (S917), the processing designation information extraction processing unit 234 then analyzes the received authentication image data 3B. (S918). Specifically, the processing designation information 5 included in the received authentication image data 3B is extracted. In this case, “authentication” is extracted as the command name 6, and the one-time password is extracted as the parameter 7.

  Then, for the purpose of making the user confirm the received authentication image data 3B, the image information included in the received authentication image data 3B is output to the display unit 204 (S919), and the extracted process designation is specified. Since the command name 6 of the information 5 is “authentication”, the login request processing unit 2355 requests login to the Web site being displayed (S920). At this time, the extracted one-time password and the terminal ID stored in the terminal ID storage unit 273 are transmitted together. The received authentication image data 3B may be transmitted instead of the one-time password and the terminal ID.

  When the login request reception processing unit 437 of the service providing apparatus 400 receives the login request (S921), authentication (login) is performed based on the one-time password and terminal ID transmitted together with the login request. Perform (S922). If the authentication image data 3B is transmitted instead of the one-time password, it is confirmed whether or not the authentication image data 3B is the same as that generated in step S906. Specifically, the processing designation information 5 included in the received authentication image data 3B is extracted. In this case, since “authentication” is extracted as the command name 6 and the one-time password is extracted as the parameter 7, authentication (login) is performed based on the extracted one-time password and the terminal ID transmitted together with the extracted one-time password. Do.

  If the authentication is successful (YES in S923), display data for display on the display unit 204 of the display processing device 200 (for example, HTML data constituting a Web page, video content, etc.) is transmitted (S116). ). The subsequent processing is the same as steps S116 to S118 described in the first embodiment.

  Note that in step S919, the image information of the received authentication image data 3B is output to the display unit 204 for the purpose of confirming the user, but the confirmation has already been performed by the operation device 300, and the display unit 204 If it is not necessary to reconfirm, step S919 may be omitted.

  Through the above flow, the user of the operation device 300 can log in to the Web site.

  Note that even if the flow of steps S801 to S823 described in the fourth embodiment is performed and the authentication is successful in step S823, the processing after step S905 described in the present embodiment is performed. Good. That is, a configuration may be adopted in which authentication is performed using user identification image data 3E issued in advance and authentication is performed again using authentication image data 3B. In this case, there is an effect that the security is higher than the method of performing authentication using the user identification image data 3E and the terminal ID of the display processing device 200 described in the fourth embodiment.

[Additional notes]
(Terminal registration process and user information registration / update process flow)
In each of the above-described embodiments, the terminal registration process and the user information registration / update process in the operation apparatus 300 and the service providing apparatus 400 have been described as having been completed. Hereinafter, a flow of terminal registration processing and user information registration / update processing in the operation device 300 and the service providing device 400 will be described.

  FIG. 33 is a flowchart showing the flow of terminal registration processing and user information registration / update processing in the operation device 300 and the service providing device 400. The processing up to step S102 is as described above.

  When the user instructs registration processing (S701), the terminal / user information registration processing unit 331 of the operating device 300 transmits a terminal registration request for the operating device 300 to the service providing device 400 (S702). At that time, the terminal ID of the operation device 300 acquired from the terminal ID storage unit 372 is included in the terminal registration request and transmitted to the service providing device 400.

  When the terminal / user information registration processing unit 431 of the service providing apparatus 400 receives the terminal registration request from the operation apparatus 300 (S703), the terminal / user is based on the terminal ID included in the received terminal registration request. Information storage units 474, 475, 476, and 477 are searched to check whether or not the terminal ID has already been registered (S704). If the terminal / user information registration processing unit 431 knows that it has not been registered, the terminal / user information registration processing unit 431 generates a temporary user name (S705), associates the temporary user name with the terminal ID, and stores the terminal / user information. In addition to storing (new registration) in the registration processing unit 431 (S706), a temporary registration notification indicating that temporary registration has been performed is transmitted to the controller device 300 (S707). The provisional registration notification includes the provisional user name.

  Then, the terminal / user information registration processing unit 331 of the operation device 300 receives the temporary registration notification notified from the service providing device 400 (S708), displays the notification on the display unit 304 (S709), and the temporary user name. Accept input to update to another username. If there is a user operation for updating the temporary user name (S710), a request for updating (user information update request) is transmitted to the service providing apparatus 400 (S711).

  Upon receiving the user information update request transmitted from the operation device 300 (S712), the terminal / user information registration processing unit 431 of the service providing device 400 confirms that it is a registered user (S713), and then the user An information update request acceptance notification is transmitted to the controller device 300 (S714).

  When the terminal / user information registration processing unit 331 of the operation device 300 receives the update request acceptance notification transmitted from the service providing device 400 (S715), the received update request acceptance notification is displayed on the display unit 304 ( S716). When a user input of a new user name is received (S717), the received new user name is transmitted to the service providing apparatus 400 in order to update the temporary user name held in the service providing apparatus 400. (S718).

  When the terminal / user information registration processing unit 431 of the service providing device 400 receives the new user name transmitted from the operation device 300 (S719), the terminal / user information registration processing unit 431 stores the new user name in the terminal / user information storage units 474, 475, 476, and 477. The user name being updated is updated (S720). Thereafter, an update registration completion notification indicating that the update has been completed is transmitted to the controller device 300 (S721).

  Finally, when receiving the update registration completion notification, the terminal / user information registration processing unit 331 of the controller device 300 displays that fact on the display unit 304 (S722).

(Screen example that displays images according to the user)
In each of the above-described embodiments, it has been described that image data including image information corresponding to a user may be generated. Hereinafter, an example of a screen when image data including image information corresponding to the user is displayed on the display unit 304 of the controller device 300 will be described with reference to FIGS. 34 to 36.

  FIG. 34 is a schematic diagram showing a state in which the authentication image data 3B generated according to the user is displayed on the display unit 304 of the controller device 300. As illustrated, the image information N1 included in the authentication image data 3B includes a user name L1, an image (avatar) L2 representing the user, a name L3 of a service to which the user can log in, and an icon for identifying the service. L4 includes operation contents L5 that the user can perform. Therefore, it can be easily understood that the user ("Taro") who is viewing this image can log in to the service, if this image data is transmitted to the television.

  FIG. 35 is a schematic diagram showing a state in which the image data 3A for site access generated according to the user is displayed on the display unit 304 of the controller device 300. As shown in the figure, the image information N2 included in the site access image data 3A includes a user name L1, an image (avatar) L2 representing the user, a service name L3 that the user can log in, and the service can be identified. It includes an icon L4 and an operation content L6 that can be performed by the user. Therefore, it can be easily understood that the user viewing the image (“Taro”) can view the content A of the service by sending this image data to the television.

  FIG. 36 is a schematic diagram showing a state in which the purchase image data 3D generated according to the user is displayed on the display unit 304 of the controller device 300. As shown in the figure, the image information N3 included in the purchase image data 3D includes a user name L1, an image (avatar) L2 representing the user, a name L3 of a service to which the user can log in, and an icon for identifying the service. L4 includes operation contents L7 that can be performed by the user. Therefore, it can be easily understood that the user (“Taro”) who is viewing this image can purchase the content A of the service by sending this image data to the television.

[Additional Notes]
In each of the embodiments described above, the image data is assumed to be in the JPEG format. However, the image data may be image data in a format that can store the manufacturer note area 621. For example, the image data in the TIFF format may be configured by embedding data corresponding to the maker note area 621. Further, a text chunk of PNG (Portable Network Graphics) format image data may be configured by embedding a text chunk corresponding to the manufacturer note area 621. Further, it may be image data in a GIF (Graphics Interchange Format) format.

  In each of the above embodiments, the image data may include signature information for the purpose of preventing falsification of the image data. Here, it is assumed that the signature information proves that the processing designation information 5 included in the image data has not been falsified. Then, the display processing apparatus 200 refers to the signature information and processes the image data only when it is found that the image data is distributed from a reliable provider and has not been tampered with. Good. Further, when the image data is not distributed from a reliable provider, or when the signature information is not included in the image data, the user may be confirmed whether or not the image data is to be processed.

  In addition to the above, the embodiment can be expressed as follows.

  [1] The data providing apparatus according to the present invention provides the above operation to the operating device that transmits the operation data to the data processing device that executes the process according to the operation data including the process specifying information that specifies the process to be executed. A data providing device that provides data, and authentication information generating means for generating authentication information used in authentication processing performed when accessed from the data processing device for each operating device in response to a request from the operating device; Including authentication information provided to the operation device, terminal information storage means for storing terminal information of the data processing apparatus capable of using the authentication information in association with each other, and authentication information generated by the authentication information generation means, An operation for generating the operation data including the process designation information specifying the process for accessing the own apparatus by the data processing apparatus in a form that can be visually recognized. Data generation means, operation data transmission means for transmitting the operation data generated by the operation data generation means to the operation device, and authentication information reception for receiving authentication information and terminal information used in authentication processing from the data processing device Means, authentication information obtained from the authentication information receiving means, terminal information, and authentication information confirmation means for comparing the authentication information stored in the terminal information storage means with the terminal information. .

  [2] In addition, the operating device according to the present invention transmits the operation data provided from the data providing device to a data processing device that executes processing according to operation data including processing specifying information specifying processing to be executed. An operation device, the authentication information request means for requesting the authentication information used in the authentication process performed when the data providing device is accessed from the data processing device, and the operation data received from the data providing device Operation data receiving means, display means for displaying the operation data received by the operation data receiving means, operation data transmitting means for sending the operation data received by the operation data receiving means to the data processing device, May be provided.

  [3] The data processing device according to the present invention is a data processing device that executes processing according to operation data including processing designation information that specifies processing to be executed provided by the data providing device, received from the operating device. The operation data receiving means for receiving the operation data from the operation device, the authentication information extracting means for extracting the authentication information from the operation data, the terminal ID storage means for storing the terminal ID, and the authentication information extracting means The authentication information sending means for sending the extracted authentication information and the terminal ID acquired from the terminal ID storage means to the data providing apparatus may be provided.

  [4] Further, the data providing device according to the present invention provides a data processing device that executes processing according to operation data including processing designation information that designates processing to be executed, to the operating device that transmits the operation data. A data providing device that provides the operation data, and transmits authentication information used in authentication processing from the data processing device, terminal information of the data processing device that accepts a request for generating the authentication information, and the operation data. Terminal information storage means for storing the terminal information of the operating device in association with each other, receiving an authentication information generation request and the terminal information of the data processing apparatus from the data processing apparatus, and storing the terminal information in the terminal information storage means Authentication information issuance request receiving means for comparing with the terminal information being received, and authentication information used in the authentication processing performed when accessed from the data processing device. Authentication information generating means for generating the authentication information for each operating device in accordance with the comparison result of the authentication information generation request and the terminal information in the authentication information issue request receiving means, and the authentication information generated by the authentication information generating means. Including an operation data generation unit that generates the operation data including the process designation information that specifies the process for accessing the device itself, and the operation data generation unit. Operation data transmitting means for transmitting the operation data to the operation device stored in the terminal information storage means, authentication information receiving means for receiving authentication information used in authentication processing from the data processing device, and receiving the authentication information Authentication information confirmation means for comparing the authentication information obtained from the means with the authentication information stored in the terminal information storage means. May be.

  [5] In addition, the operating device according to the present invention transmits the operation data provided from the data providing device to a data processing device that executes processing in accordance with operation data including processing specifying information specifying processing to be executed. An operation device, the operation data receiving means for receiving the operation data from the data providing device, the display means for displaying the operation data received by the operation data receiving means, and the operation data received by the operation data receiving means Operation data transmission means for sending operation data to the data processing device may be provided.

  [6] The data processing device according to the present invention is a data processing device that executes processing according to operation data including processing designation information that specifies processing to be executed provided by the data providing device, received from the operating device. A terminal ID storage means for storing the terminal ID, an authentication information issue request transmission means for requesting the data providing apparatus to issue the operation data including the terminal ID stored in the terminal ID storage means, Operation data receiving means for receiving the operation data from the operation device, authentication information extraction means for extracting authentication information from the operation data, authentication information extracted from the authentication information extraction means, and the terminal ID storage means Authentication information sending means for sending the terminal ID to the data providing apparatus may be provided.

  [7] Further, the data processing device according to the present invention provides a data processing device that performs processing according to operation data including processing designation information that designates processing to be executed, to the operating device that transmits the operation data to the data processing device. A data providing device for providing the operation data, wherein authentication information generation is performed for each operation device in response to a request from the operation device, authentication information used in an authentication process performed when accessed from the data processing device Means, operation data generating means for generating the operation data including the processing designation information including the authentication information generated by the authentication information generating means, and specifying the processing by which the data processing apparatus accesses the own apparatus, Operation data transmission means for transmitting operation data generated by the operation data generation means to the operation device may be provided.

  Finally, the control units (service providing device control unit 403, display processing device control unit 203, and operation device control unit 303) may be realized by software using a CPU or may be configured by hardware logic. . When realized by software, the service providing device 400, the display processing device 200, and the operation device 300 are configured such that a CPU that executes instructions of a control program that realizes each function, a ROM that stores the program, a RAM that expands the program, A storage device (recording medium) such as a memory for storing the program and various data is provided. An object of the present invention is to provide program codes (execution format program, intermediate code program, source program) of control programs for the service providing apparatus 400, the display processing apparatus 200, and the operation apparatus 300, which are software for realizing the functions described above. The readable recording medium is supplied to the service providing device 400, the display processing device 200, and the operation device 300, and the service providing device 400, the display processing device 200, and the computer in the operation device 300 (or CPU or MPU (Micro This can also be achieved by the processing unit)) reading and executing the program code recorded on the recording medium.

  Examples of the recording medium include tapes such as magnetic tapes and cassette tapes, magnetic disks such as floppy (registered trademark) disks / hard disks, and disks including optical disks such as CD-ROM / MO / MD / DVD / CD-R. Card system such as IC card, IC card (including memory card) / optical card, or semiconductor memory system such as mask ROM / EPROM / EEPROM / flash ROM.

  Further, the service providing device 400, the display processing device 200, and the operation device 300 may be configured to be connectable to a communication network, and the program code may be supplied via the communication network. The communication network is not particularly limited. For example, the Internet, intranet, extranet, LAN, ISDN, VAN, CATV communication network, virtual private network, telephone line network, mobile communication network, satellite communication. A net or the like is available. Also, the transmission medium constituting the communication network is not particularly limited, and for example, an infrared ray such as IrDA, Bluetooth (Bluetooth) (IEEE1394 cable, USB cable, power line carrier, cable TV line, telephone line, ADSL line, etc.) (Registered trademark), IEEE802.11 radio, HDR, mobile phone network, satellite line, terrestrial digital network, and the like can also be used. The present invention can also be realized in the form of a computer data signal embedded in a carrier wave in which the program code is embodied by electronic transmission.

  The present invention is not limited to the above-described embodiments, and various modifications are possible within the scope shown in the claims, and embodiments obtained by appropriately combining technical means disclosed in different embodiments. Is also included in the technical scope of the present invention.

  The present invention relates to an operation system including a data processing device that executes processing according to operation data, an operation device that transmits operation data to the data processing device, and a data providing device that provides the operation data to the operation device. Can be applied.

3 Operation image data (operation data)
3A Image data for site access 3B Image data for authentication (operation data)
3C Site access image data with authentication information 3D Purchase image data 3E User identification image data (operation data)
100 operation system 200 display processing device (data processing device)
233 Image data reception processing unit (operation data receiving means)
234 Process designation information extraction processing unit (authentication information extraction means)
2354 Login request processing unit (authentication information / device information transmission means)
2355 Login request processing unit (authentication information / device information transmission means)
2356 Authentication information issue request processing unit (authentication information request means)
300 Operation Device 304 Display Unit 335 Image Data Reception Processing Unit (Operation Data Receiving Unit)
336 Image data transmission processing unit (operation data transmission means)
339 Email reception processing unit (operation data receiving means)
338 User identification request processing unit (authentication information requesting means)
400 Service providing device (data providing device)
435 One-time PW generation processing unit (authentication information generation means)
436 Image data generation processing unit (operation data generation means, operation data transmission means)
440 User identification request reception processing unit (authentication information generation request receiving means)
441 User identification information generation processing unit (authentication information generation means, authentication information / device information storage means)
442 Login request reception processing unit (authentication information / device information reception means, authentication information / device information inspection means)
443 Authentication information issue request reception processing unit (authentication information generation request receiving means)
444 Login request reception processing unit (authentication information / device information reception means, authentication information / device information inspection means)
445 E-mail transmission processing unit (operation data transmission means)
472 Authentication information storage unit (authentication information / device information storage unit)
476 terminal / user information storage unit (authentication information / device information storage unit, first device information storage unit)
477 terminal / user information storage unit (second device information storage unit)

Claims (22)

A data providing apparatus that provides the operation data to an operation device that transmits the operation data to a data processing device that executes the process according to operation data including process specification information that specifies a process to be executed.
Authentication information generating means for generating, for each operating device, authentication information used in authentication processing performed by the device itself when accessed from the data processing device;
Operation data generation means for generating the operation data including the authentication information generated by the authentication information generation means and including the process specification information specifying the authentication process;
Operation data transmission means for transmitting the operation data generated by the operation data generation means to the operation device;
Authentication information / device information receiving means for receiving from the data processing device the authentication information included in the operation data, and first device information capable of identifying the data processing device;
A data providing apparatus comprising: an authentication information / apparatus information inspecting means for performing the authentication process using a set of the authentication information and the first apparatus information received by the authentication information / apparatus information receiving means. Authentication information / device information storage means for associating the authentication information generated by the authentication information generation means with the first device information and storing them in the authentication information / device information storage unit of the own device;
The authentication information / device information inspecting means includes a set of the authentication information and the first device information received by the authentication information / device information receiving means, the authentication information stored in the authentication information / device information storage unit, and The data providing apparatus according to claim 1, wherein the authentication process is performed by checking whether or not the set of the first apparatus information matches. The authentication information generating means generates an electronic signature as the authentication information,
The authentication information / device information inspecting means verifies the validity of the electronic signature as the authentication information received by the authentication information / device information receiving means, and the authentication information / device information receiving means receives the first information received by the authentication information / device information receiving means. 2. The data providing apparatus according to claim 1, wherein the authentication process is performed by checking whether or not the one apparatus information matches the first apparatus information stored in advance in the own apparatus. A second device information storage unit that stores in advance second device information capable of identifying the operating device;
A request for generating the authentication information from the operating device, and an authentication information generation request receiving means for receiving the second device information;
The authentication information generation means checks whether the second device information received by the authentication information generation request reception means matches the second device information stored in the second device information storage unit, The authentication information is generated when the second device information received by the authentication information generation request receiving means matches the second device information stored in the second device information storage unit. The data provision apparatus of any one of Claim 1 to 3. A first device information storage unit for storing the first device information in advance;
A request for generating the authentication information from the data processing device, and an authentication information generation request receiving means for receiving the first device information;
The authentication information generation unit checks whether the first device information received by the authentication information generation request reception unit matches the first device information stored in the first device information storage unit, The authentication information is generated when the first device information received by the authentication information generation request receiving means matches the first device information stored in the first device information storage unit. The data provision apparatus of any one of Claim 1 to 3.   6. The data providing apparatus according to claim 1, wherein the operation data is data that the operation apparatus can present to a user. A data providing device that generates authentication information used in authentication processing when accessed from a data processing device that executes processing according to operation data including processing specifying information that specifies processing to be executed in response to a request from an external device An operation device that transmits the operation data provided by the data processing device to the data processing device;
Operation data receiving means for receiving the operation data including the generated processing information including the generated authentication information and specifying the authentication processing from the data providing device;
An operation apparatus comprising: operation data transmission means for transmitting the operation data received by the operation data reception means to the data processing apparatus.   The operation device according to claim 7, further comprising authentication information requesting means for requesting the authentication information from the data providing device.   The operation device according to claim 8, wherein the authentication information requesting unit further transmits device information capable of identifying the device itself. The operation data is data that the device can present to the user,
The operation device according to claim 7, further comprising a display unit that displays the operation data received by the operation data receiving unit. Data processing that executes processing according to operation data including processing designation information that specifies processing to be executed provided from the data providing device that generates authentication information used in authentication processing performed when accessed from an external device to the operating device A device,
Operation data receiving means for receiving, from the operating device, the operation data including the authentication information and including the process specifying information specifying the authentication process;
Authentication information extracting means for extracting the authentication information from the operation data received by the operation data receiving means;
A data processing apparatus comprising: the authentication information extracted by the authentication information extracting means; and authentication information / apparatus information transmitting means for transmitting to the data providing apparatus the apparatus information that can identify the self apparatus.   12. The data processing apparatus according to claim 11, further comprising authentication information requesting means for requesting the authentication information to the data providing apparatus and transmitting apparatus information capable of identifying the own apparatus to the data providing apparatus. .   An operation system comprising the data providing device according to claim 1, the operation device according to claim 7, and the data processing device according to claim 11. A control method of a data providing apparatus that provides operation data to an operation apparatus that transmits the operation data to a data processing apparatus that executes the process according to operation data including process specification information that specifies the process to be executed. And
An authentication information generating step for generating, for each operating device, authentication information used in an authentication process performed by the device itself when accessed from the data processing device;
An operation data generation step that includes the authentication information generated in the authentication information generation step and generates the operation data including the process specification information specifying the authentication process;
An operation data transmission step of transmitting the operation data generated in the operation data generation step to the operation device;
An authentication information / device information receiving step for receiving, from the data processing device, the authentication information included in the operation data, and first device information capable of identifying the data processing device;
An authentication information / device information inspection step for performing the authentication processing using a set of the authentication information and the first device information received in the authentication information / device information receiving step. Control method. A data providing device that generates authentication information used in authentication processing when accessed from a data processing device that executes processing according to operation data including processing specifying information that specifies processing to be executed in response to a request from an external device A method of controlling the operating device for transmitting the operating data provided by the data processing device to the data processing device,
An operation data receiving step for receiving the operation data including the generated processing information including the generated authentication information and specifying the authentication processing from the data providing device;
A control method for an operation device, comprising: an operation data transmission step of transmitting the operation data received in the operation data reception step to the data processing device. Data processing that executes processing according to operation data including processing designation information that specifies processing to be executed provided from the data providing device that generates authentication information used in authentication processing performed when accessed from an external device to the operating device An apparatus control method comprising:
An operation data receiving step for receiving from the operating device the operation data including the authentication information and including the process specifying information specifying the authentication process;
An authentication information extracting step for extracting the authentication information from the operation data received in the operation data receiving step;
A data processing apparatus comprising: an authentication information / apparatus information transmitting step for transmitting the authentication information extracted in the authentication information extracting step and apparatus information capable of identifying the own apparatus to the data providing apparatus. Control method.   A control program for operating a computer included in the data providing apparatus according to claim 1, wherein the control function causes the computer to function as each unit.   A control program for operating a computer included in the operating device according to any one of claims 7 to 10, wherein the control program causes the computer to function as each of the means.   13. A control program for operating a computer included in the data processing apparatus according to claim 11 or 12, wherein the control function causes the computer to function as each of the above-described means.   The computer-readable recording medium which recorded the control program of Claim 17.   The computer-readable recording medium which recorded the control program of Claim 18.   A computer-readable recording medium on which the control program according to claim 19 is recorded.

Images