JP2013171395A - Method, system, terminal device, server device and program for managing data regarding user using near-field type radio communication device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve accessibility to data regarding individuals by integrally managing the data.SOLUTION: A trusted ID issued by a user data management server device 15 is stored in a smart phone 11, which is carried by a user, in association with an IDm of a built-in non-contact IC 12. As the user allows the smart phone 11 to touch a touch pad 14 of a shop when purchasing a merchandise article in the shop, the non-contact IC 12 transmits the trusted ID to a reader/writer 13 which is built in the touch pad 14. The touch pad 14 receives the trusted ID from the reader/writer 13, and transmits log data showing an amount or the like input by a shop clerk to the user data management server device 15 together with the trusted ID. The user accesses the user data management server device 15 by using the smart phone 11 and can view the log data which is recorded in association with the trusted ID.

Description

  The present invention relates to a technique for managing various data such as user behavior history.

  In recent years, cards called non-contact IC (Integrated Circuit) cards have become widespread. A non-contact IC card is a card with a built-in near-field wireless communication device. When a near-field wireless communication device is close to several centimeters or less from another reader-writer side near-field wireless communication device, electromagnetic waves are generated by radio waves emitted from the reader-writer side near-field wireless communication device. It is a small device that transmits and receives data to and from the near-field wireless communication device on the reader / writer side using the induced power, and reads and writes data from and to the memory.

  In Japan, FeliCa (registered trademark) is widely used as a near-field wireless communication standard. In addition, there are regions where near-field wireless communication standards different from FeliCa such as MIFARE (registered trademark) are widely used overseas. As a standard that integrates these different communication standards, an international standard called ISO / IEC 18092 has been created and is known as NFC (Near Field Communication).

  In addition, mobile terminal devices such as smartphones and touchpads with built-in near-field wireless communication devices are beginning to spread.

  As an example of a document that proposes a mechanism using a mobile terminal device incorporating a near-field wireless communication device, there is Patent Document 1, for example. Patent Document 1 describes a system for performing a stamp rally using a portable terminal with a built-in non-contact IC card.

JP 2007-305091 A

  Many people purchase goods and services using credit cards (hereinafter collectively referred to as “goods”) at actual stores. The purchase history of these goods is accumulated in a server device of a credit card company and used for marketing research, for example.

  Many people purchase goods on EC (Electronic Commerce) sites. Since the purchase of goods at the EC site is performed electronically, the purchase history is stored in the server device at the EC site. These data are also used for marketing research.

  Data relating to the purchase history described above is individually managed at each of the credit card company and the EC site. Therefore, the amount of information available to each credit card company and each EC site is not necessarily large.

  In addition, a purchaser of goods may want to know information about when, where, and how much the goods purchased before have been purchased. According to the conventional technology, since the purchase history of goods is managed individually for each credit card company and EC site, the purchaser uses which credit card to purchase the goods, or at which EC site If you do not know the information about whether you have purchased goods, you cannot get the information you want to know.

  Also, even if the credit card or EC site used to purchase the goods is found, the mechanism for viewing the purchase history of the goods is different for each credit card company or EC site. Inaccessible.

  For example, many credit card companies and EC sites provide web pages for browsing purchase history, but it is necessary to register in advance and issue a member ID and password for login . In order to view the purchase history, in order to log in to the purchase history browsing web page, the member ID and password must be entered. Those operations are troublesome.

  As mentioned above, the purchase history of goods has been described, but there are a lot of inconvenient information in use because it is managed individually besides the purchase history of goods. For example, in recent years, an increasing number of people manage their own schedules on Web pages. In order to view / modify his / her schedule, the member ID and password must be entered to log in to the schedule web page. Therefore, the troublesomeness similar to that described above with respect to browsing of purchase history is involved.

  In view of the circumstances described above, an object of the present invention is to make it possible to utilize data with a larger amount of information for marketing research and the like by centrally managing data related to various people. Another object of the present invention is to provide means for allowing a person to easily access target data by centrally managing various data related to him / her.

  In order to achieve the above object, the present invention proposes the following mechanism. First, there is a smartphone with a built-in non-contact IC. In this non-contact IC, identification data (IC identification data) such as IDm (manufacturing number) and IDi (issuer numbering number) for identifying the IC is recorded in a non-rewritable manner.

  When the smartphone user performs a predetermined operation for registration on the terminal device, the smartphone receives the IC identification data from the non-contact IC and transmits it to the server device. When the server device receives the IC identification data, the server device assigns identification data (terminal identification data) for identifying the smartphone that is the transmission source of the IC identification data, and stores the terminal identification data. The terminal identification data assigned as such is transmitted from the server device to the smartphone and is also stored in the smartphone.

  After the above registration process is completed, the smartphone user brings the smartphone close to a reader / writer for a non-contact IC placed at a spot (store cash register, booth entrance, etc.) (hereinafter referred to as “touch”). The non-contact IC receives the terminal identification data from the smartphone and transmits the terminal identification data to the reader / writer.

  The reader / writer is connected to the terminal device, and the reader / writer delivers the received terminal identification data to the terminal device. When the terminal device receives the terminal identification data, as data related to the user of the smartphone, for example, data indicating that the user has stopped at a specific spot (data indicating the store name or booth name, time data indicating the time at that time) Etc.). The terminal device transmits the data relating to the user thus generated to the server device together with the terminal identification data.

  The server device stores the terminal identification data transmitted from the terminal device and the data related to the user in association with each other.

  According to the above-described mechanism, simply touching the smartphone with the reader / writer transmits various data related to the user of the smartphone to the server device, and centrally manages the data in a form associated with the terminal identification data in the server device.

  Further, the following may be added to the mechanism according to the present invention described above. That is, when a user of a smartphone wants to browse data related to himself (such as an action history), the user requests the data to be browsed by operating the smartphone. In response to the operation, the smartphone transmits terminal identification data to the server device.

  The server device extracts data relating to the user stored in association with the terminal identification data, and transmits the data to the smartphone.

  According to the above mechanism, the user can display various information about himself / herself on the smartphone. As a result, the user can easily access information he / she wants to know.

  Further, the following may be added to the mechanism according to the present invention described above. That is, when the user touches the reader / writer with the smartphone and the terminal identification data is transferred from the smartphone to the terminal device connected to the reader / writer via the reader / writer, the terminal device uses the above-mentioned server as a trigger. Data is transmitted / received to / from another server device different from the device. The terminal device generates data related to the user using data acquired from another server device, and transmits the data related to the user to the above-described server device that manages the user data.

  According to the above mechanism, data related to processing performed by the terminal device in cooperation with other server devices regarding the smartphone user is stored in the server device as data related to the user, and is used for user browsing, marketing research, and the like. The

  Further, the following may be added to the mechanism according to the present invention described above. That is, when a user purchases goods with a credit card, for example, the smart phone is touched by a reader / writer connected to a terminal device placed at a cash register of a store. At that time, the terminal identification data of the smartphone is delivered to the cashier terminal device.

  Thereafter, the store staff inputs items such as merchandise, unit price, quantity, total amount, etc. to the terminal device, and swipes to a credit card card reader connected to the terminal device. The card reader transmits data such as a card number read from the credit card at the time of swiping together with data indicating the total amount of goods and the like to a settlement server device managed by the credit card company. The payment server device performs payment if the credit of the user of the smartphone is equal to or greater than the total amount of the product etc., and transmits data indicating that the purchase of the product etc. by the user has been established to the cashier terminal device.

  The cash register terminal device generates information (item, unit price, quantity, total amount, etc.) such as a product that has been successfully purchased as data relating to the user, and transmits the data to the server device.

  According to the above mechanism, the purchase history of products / services using a credit card can be centrally managed in the server device without changing the conventional credit card settlement mechanism.

  Further, the following may be added to the mechanism according to the present invention described above. That is, a secret key is stored in the smartphone, and a public key that is paired with the secret key is stored in the key server device. For example, when generating data related to a user such as purchase information of the user, the terminal device extracts data that is highly confidential to the extent that the user does not want to disclose it. The terminal device downloads the public key of the smartphone from the key server device, and encrypts the extracted data that seems to be highly confidential with the public key.

  The terminal device transmits data encrypted with the public key for data that seems to be highly confidential, and data that is not encrypted for data that seems to be less confidential to the server device as data about the user. . (For the purpose of preventing eavesdropping on communication between the terminal device and the server device, data relating to those users may be further encrypted according to SSL (Secure Socket Layer) or the like.)

  Data encrypted with the public key can be decrypted only with the private key. Therefore, only the smartphone storing the secret key can decrypt the encrypted highly confidential data. Therefore, even if an accident occurs in which data related to the user is extracted from the server device to the outside, the data that should be kept secret is not viewed by others.

  Further, the following may be added to the mechanism according to the present invention described above. In other words, the server device stores in advance data indicating a user-related condition and a process to be automatically executed when the condition is satisfied. Thereafter, while the data related to the user is accumulated in the server device, the server device continuously determines whether or not the condition is satisfied. If it is determined that the condition is satisfied, the server device automatically executes a predetermined process.

  According to the above mechanism, for example, it is easy to send detailed materials only to smartphone users who have visited the booth of the exposition, for example, who subsequently viewed the booth's corporate Web page. It becomes.

  The present invention provides a method executed in the above-described mechanism, a server device and a terminal device used to realize the above-described mechanism, a program for realizing them by a computer, and a mechanism described above. Propose the system to be used.

It is a figure showing the whole user data management system composition concerning a 1st embodiment. It is the figure which showed the function structure of the smart phone concerning 1st Embodiment. It is the figure which showed a mode that the private key was memorize | stored in the memory | storage part of the SIM card with which the smart phone concerning 1st Embodiment was mounted | worn. It is a figure for demonstrating the role of the non-contact IC concerning 1st Embodiment. It is the figure which showed the function structure of the non-contact IC concerning 1st Embodiment. It is the figure which showed the function structure of the reader / writer concerning 1st Embodiment. It is the figure which showed the function structure of the touchpad concerning 1st Embodiment. It is the figure which showed the function structure of the user data management server apparatus concerning 1st Embodiment. It is the figure which showed typically the data structure of the user basic database concerning 1st Embodiment. It is the figure which showed typically the data structure of the user log database concerning 1st Embodiment. It is the flowchart which showed the process regarding the apparatus registration step of the user data management system concerning 1st Embodiment. It is the flowchart (the first half) which showed the process regarding the data registration step of the user data management system concerning 1st Embodiment. It is the flowchart (latter half) which showed the process regarding the data registration step of the user data management system concerning 1st Embodiment. It is the flowchart which showed the process regarding the data utilization step of the user data management system concerning 1st Embodiment. It is the figure which showed the whole structure of the business card data management system concerning 2nd Embodiment. It is the figure which showed the function structure of the smart phone concerning 2nd Embodiment. It is the figure which showed the function structure of the touchpad concerning 2nd Embodiment. It is the figure which showed the function structure of the user data management server apparatus concerning 2nd Embodiment. It is the figure which showed typically the data structure of the user basic database concerning 2nd Embodiment. It is the figure which showed typically the data structure of the exhibition booth basic database concerning 2nd Embodiment. It is the figure which showed typically the data structure of the exhibition booth stop log database concerning 2nd Embodiment. It is the figure which showed typically the data structure of the questionnaire log database concerning 2nd Embodiment. It is the figure which showed typically the data structure of the web page browsing log database concerning 2nd Embodiment. It is a figure for demonstrating a mode that the various data regarding a user are integratedly managed in the system concerning this invention.

[First Embodiment]
Hereinafter, a user data management system 1 which is a specific example of the present invention will be described as a first embodiment. In the user data management system 1, when a smartphone user purchases a product or service in a store, the purchase history of the product or service is centrally managed in the server device simply by touching the smartphone to the reader / writer of the store. .

  FIG. 1 is a diagram schematically showing the overall configuration of the user data management system 1. The user data management system 1 includes a smartphone 11 (first terminal device) including a non-contact IC 12 (first near-field wireless communication device) and a reader / writer 13 (second near-field type) of a non-contact IC. A wireless communication device), a touch pad 14 (second terminal device), a user data management server device 15 (server device) that manages basic information and purchase history of the user of the smartphone 11, a credit card connected to the touch pad 14 A card reader 16 (card reader) that reads a credit card number from 17, a payment server device 18 (other server device) that performs payment processing when a product or service is purchased with a credit card, and is stored in the smartphone 11. A key server device 19 is provided for managing a secret key and a public key that is paired with the secret key.

  The smartphone 11 and the touch pad 14 exchange various data with the user data management server device 15 via the Internet 9. The touch pad 14 transmits and receives various data to and from the settlement server device 18 and the key server device 19 via the Internet 9.

  In FIG. 1, for the sake of simplification, only three settlement server devices 18 are displayed as an example, and only one other device is displayed. However, in actuality, the number of these devices varies arbitrarily. . For example, the number of smartphones 11 changes according to the number of users who use the user data management system 1. In addition, the number of touchpads 14 and credit cards 17 connected to the touchpads 14 changes according to the number of cash registers at the store that uses the user data management system 1.

  In addition, each of the user data management server device 15, the settlement server device 18 and the key server device 19 may be composed of a single server device. However, for the purpose of distributing the processing load and backing up when a failure occurs, Each of these devices may be composed of a collection of a plurality of server devices operating in cooperation with each other.

  The smartphone 11 is a portable PC (Personal Computer) having a telephone function and a wireless data communication function. Since the telephone function is not particularly used in the user data management system 1, a portable data communication terminal that does not have a telephone function may be used instead of the smartphone 11. In the following description, the smartphone 11 includes a touch panel, and the user inputs various data by a touch operation on the touch panel.

  A user of the smartphone 11 downloads an application program for the smartphone 11 according to the present invention (hereinafter referred to as “user application”) from a distribution server device (not shown) that distributes the application program, and installs the application program on the smartphone 11. The smartphone 11 functions as a device including the functional configuration unit illustrated in FIG. 2 by performing processing according to the user application.

The functional components included in the smartphone 11 are as follows.
Receiving means 111: Receives IDm, which is identification data unique to the non-contact IC 12 recorded in the non-contact IC 12 in a non-rewritable manner, from the non-contact IC 12.
Transmitting means 112: transmits various data to the user data management server device 15.
Receiving means 113: Receives various data transmitted from the user data management server device 15.
Storage means 114: stores various data.
Delivery means 115: Deliver a trusted ID (described later) to the non-contact IC 12 when the smartphone 11 is touched on the touch pad 14.
Decryption means 116: Decrypts the encrypted data among the user-related data sent from the user data management server device 15.

  The storage means 114 of the smartphone 11 identifies a smartphone in wireless communication via a memory card inserted into a memory card slot or a mobile phone network in addition to a storage unit such as a nonvolatile memory or a volatile memory built in the main body. Also included is a storage unit provided in a SIM card 111 (Subscriber Identity Module Card).

  In the user data management system 1, a secret key unique to the user of the smartphone 11 is stored in the storage unit of the SIM card 111 attached to the smartphone 11, as shown in FIG. In the user data management system 1, as will be described later, privacy data, which is data that should be kept secret from others among data related to users stored in the user data management server device 15, is encrypted. The secret key stored in the SIM card 111 is used to decrypt the encrypted privacy data in the smartphone 11.

  The SIM card 111 has a high tamper resistance so that data cannot be forged or tampered with in order to accurately identify the mobile phone when making / receiving calls, and to accurately manage mobile phone charges and wireless data communication charges. And the rewriting and reading of data in the SIM card 111 are strictly managed by the mobile phone carrier. Therefore, it is suitable as a secret key storage location with extremely high confidentiality.

  As described above, the smartphone 11 has the non-contact IC 12 built therein. When the non-contact IC 12 is brought close to the reader / writer 13 (usually about 10 cm or less), the electric power generated by electromagnetic induction using the radio wave transmitted from the reader / writer 13 is used between the reader / writer 13 and the reader / writer 13. Send and receive data with.

  FIG. 4 is a diagram for explaining the role of the non-contact IC 12 in the user data management system 1. Identification data unique to the non-contact IC 12 called IDm (manufacturing number) and IDi (issuer numbering number) is recorded in the non-contact IC 12 in a non-rewritable manner. In the user data management system 1, IDm is used among these identification data. It should be noted that IDi may be used as identification data for identifying the non-contact IC 12 in the user data management system 1 instead of or in addition to IDm.

  IDm is handed over from the non-contact IC 12 to the smartphone 11 in accordance with an instruction from the smartphone 11 and is transmitted from the non-contact IC 12 to the reader / writer 13 by near-field wireless communication when the reader / writer 13 is touched. Is done.

  Further, when the non-contact IC 12 approaches the reader / writer 13, the non-contact IC 12 receives character string data according to a URL (Uniform Resource Locator) format from the smartphone 11 and transmits the received character string data to the reader / writer 13. It has. In the user data management system 1, the non-contact IC 12 receives character string data in which the trusted ID is embedded from the smartphone 11 and transmits it to the reader / writer 13.

FIG. 5 is a diagram illustrating a functional configuration of the non-contact IC 12. The non-contact IC 12 includes the following functional components.
Delivery means 121: Deliver IDm to the smartphone 11.
Receiving means 122: Receives a trusted ID from the smartphone 11.
Transmission means 123: When the reader / writer 13 comes close, the trusted ID and IDm are transmitted to the reader / writer 13.

The reader / writer 13 is a near-field wireless communication device that transmits radio waves and transmits / receives data to / from the non-contact IC 12 in the vicinity. As shown in FIG. 6, the reader / writer 13 includes the following functional components.
Receiving means 131: Receives the trusted ID and IDm from the non-contact IC 12.
Delivery means 132: Deliver the trusted ID and IDm to the touch pad 14.

  The touch pad 14 is a terminal device arranged at a cash register in a store. The touch pad 14 is a tablet-type portable data communication terminal device that employs a touch panel display, and has a built-in reader / writer 13. Instead of the touch pad 14 with the built-in reader / writer 13, a configuration in which the reader / writer 13 is connected to the touch pad 14 by wire or wireless as an external device may be employed. Moreover, it replaces with the touchpad 14, and PC of other forms, such as a notebook PC, may be employ | adopted as a terminal device for shops.

  The store staff downloads the application program for the touchpad 14 (hereinafter referred to as “store app”) according to the present invention from a distribution server device (not shown) that distributes the application program, and installs it on the touchpad 14. To do. By performing the process according to the store application, the touch pad 14 functions as a device including the functional component shown in FIG.

The functional components included in the touch pad 14 are as follows.
Receiving means 141: When the non-contact IC 12 is brought close to the reader / writer 13, the trusted ID and IDm are received from the reader / writer 13.
Generation unit 142: Generates various data related to the user of the smartphone 11.
Transmitting means 143: Transmits various data to the user data management server device 15.
Receiving means 144: Receives various data transmitted from the user data management server device 15.
Acquiring unit 145: Acquires price data or the like indicating the price of the product / service input by the touch operation of the store staff.
Receiving means 146: Receives the credit card number (third identification data) of the credit card from the card reader 16.
Extraction unit 147: Extracts privacy data (such as detailed information of the purchased product / service) from the data acquired by the acquisition unit 145.
Conversion means 148: The privacy data extracted by the extraction means 147 is converted according to a predetermined rule, and the amount of information is reduced to convert it into non-privacy data with low confidentiality.
Encryption means 149: The privacy data extracted by the extraction means 147 is encrypted with the public key of the smartphone 11 acquired from the key server device 19.

  The user data management server device 15 stores and manages basic information such as the user's name and the purchase history of goods / services (goods) for each of all users who use the user data management system 1. It is.

  The user data management system 1 is realized, for example, by causing a general-purpose PC to perform processing according to the application program for the user data management server device 15 according to the present invention.

The user data management server device 15 includes the following functional components as shown in FIG.
Receiving means 151: Receives various data transmitted from the smartphone 11, the touch pad 14, and the settlement server device 18.
Assigning means 152: Assigns a unique trusted ID in the user data management system 1 as data for identifying the smartphone 11 to the IDm transmitted from the smartphone 11.
Storage means 153: Stores various data.

  The storage unit 153 of the user data management server device 15 includes a user basic database that stores typical and fixed data that does not vary much, such as a user's name, as a database for managing data related to the user, A user log database is stored that stores data that is added as needed, such as purchases of points and occurrence of points associated therewith.

  FIG. 9 is a diagram schematically showing the data structure of the user basic database. The data structure of the user basic database shown in FIG. 9 and the data structure of the user log database shown in FIG. 10 to be described later are merely examples, and what kind of database structure is adopted is a design matter.

The user basic database is a collection of data records regarding each of the smartphones 11 used by a user (a purchaser of goods / services) who uses the user data management system 1. Each data record comprises the following data fields.
Trusted ID: A trusted ID that is identification data of the smartphone 11 assigned by the user data management server device 15 is stored.
IDm: IDm that is identification data of the non-contact IC 12 built in the smartphone 11 is stored.
Login name: Stores the login name unique to the user. The login name is entered by the user when the user accesses the user data management server device 15 in order to view the purchase history of his / her product / service or change the basic information of the user, along with the password. Used for personal authentication.
Password: Stores an arbitrary password defined by the user. The password is used together with the login name for user authentication when the user accesses the user data management server device 15.
Address: Stores the user's address. It should be noted that the user address managed by the user data management server device 15 in the user data management system 1 cannot identify an individual, such as “Tokyo-ku-ku”, but is sufficient for marketing information. Rounded non-privacy data.
Gender: Stores the gender of the user.
Age: Stores the age of the user.
Email address: Stores the user's email address. The mail address is data (privacy data) that can identify a single individual managed by the user data management server device 15 without encryption. The e-mail address is used when an administrator of the user data management system 1 gives guidance to the user. Even if the e-mail address is leaked due to an accident, the user can avoid privacy infringement by changing the e-mail address relatively easily. Therefore, the e-mail address is managed without being encrypted by the user data management server device 15. Yes.

FIG. 10 is a diagram schematically showing the data structure of the user log database. The user log database stores, as log data, purchase history information and point grant information generated when a user using the user data management system 1 purchases a product / service at a store using the user data management system 1 It is a database for doing. Each log data (data record) included in the user log database includes the following data fields.
Trusted ID: A trusted ID that is identification data of the smartphone 11 assigned by the user data management server device 15 is stored.
Date and time: Stores the date and time when an event such as purchase of a product or service or the addition of points occurs. Note that the date and time managed by the user data management server device 15 is not for the purpose of personal behavior monitoring, so it may be determined according to a rough time zone such as “February 15, 2012 13:00:00 to 13:59”. Indicates the date and time.
Store name: Stores the name of a store where an event such as purchase of goods / services or points is given.
Event type: Stores data indicating the type of event indicated by the log data. The event type includes, for example, “product / service purchase”, “granting points”, “use of points”, “issue of coupons”, and the like.
Event content (privacy data): Stores encrypted data indicating the details of the event indicated by the log data. For example, if the event type is “product / service purchase”, the data indicating the content of the event is the name, price, quantity, etc. of the purchased product. For example, if a female user buys a branded bag at a bargain price, the user may want to keep that information secret. Therefore, in the user data management server device 15, the raw data encrypted with the public key of the smartphone 11 is stored in this data field.
Event content (non-privacy data): Stores unencrypted data obtained by converting the content of the event indicated by the log data so that the confidentiality is poor. For example, in the case of the above bag, data such as “item: bag, quantity: 1, price: 5,000 to 5,999 yen” is stored in this data field.

  Next, the operation of the user data management system 1 will be described. The operation of the user data management system 1 can be broadly divided into a device registration step for registering the smartphone 11 in the user data management server device 15 and log data generated when the user purchases goods / services in the user data management server device 15. It is divided into a data registration step for registration and a data utilization step for the user to browse his / her purchase history and the like.

  FIG. 11 is a flowchart showing details of the device registration step. First, the user operates the smartphone 11 to download a user application from the application distribution site and install it on the smartphone 11 (S101).

  When the user activates the user application on the smartphone 11 and touches an “initial registration” button displayed on the menu, for example, the smartphone 11 requests IDm from the non-contact IC 12 according to the operation (S102). The non-contact IC 12 reads IDm in response to the request and delivers it to the smartphone 11 (S103).

  The smartphone 11 transmits the IDm received from the non-contact IC 12 to the user data management server device 15 (S104). The user data management server device 15 checks whether the IDm received from the smartphone 11 has already been registered in the user basic database (S105).

  If IDm is an existing one (S105; Yes), the user data management server device 15 transmits an identity confirmation page to the smartphone 11 (S106). On the identity confirmation page displayed on the smartphone 11, the user inputs a login name and a password. Those input data are transmitted from the smartphone 11 to the user data management server device 15 (S107).

  When the user data management server device 15 receives the login name and password, whether the login name and password in the data record of the user basic database storing the IDm received in S104 in the data field “IDm” match those received. It is determined whether or not (S108).

  If it is determined in S108 that the login name and the password do not match (S108; No), the user data management server device 15 transmits a failure notification of identity verification to the smartphone 11 (S109). The smartphone 11 displays the failure of identity verification to the user (S110), prompts the user to input the login name and password again, and returns the process to S107.

  If the login name and the password match in the determination in S108 (S108; Yes), the user data management server device 15 trusts the data record of the user basic database that stores the IDm received in S104 in the data field “IDm”. The ID is transmitted to the smartphone 11 (S111).

  Note that the processes of S106 to S111 are processes that occur when the user has already registered the smartphone 11 in the past and the smartphone 11 is re-registered by initialization of the smartphone 11 or the like.

  Therefore, in many cases, the IDm received in S104 is not registered in the user basic database, and the determination in S105 is No. In this case, the user data management server device 15 transmits a login page of the login name, password, and basic user information (address, gender, age, and mail address) to the smartphone 11 (S112).

  On the registration page displayed on the smartphone 11, the user inputs his / her own login name and password, and inputs his / her address (by municipality unit), gender, age and e-mail address. The smartphone 11 transmits the input data to the user data management server device 15 (S113). The user manages the login name and password input in S113 by taking notes.

  Upon receiving the data in S113, the user data management server device 15 adds a new data record to the user basic database, and stores the received data in the corresponding data field of the data record (S114). In addition, the user data management server device 15 generates a unique trusted ID that is not yet used in the user basic database, and stores it in the newly added data record (S115).

  The user data management server device 15 transmits the trusted ID generated in S115 to the smartphone 11 (S116). The smartphone 11 stores the received trusted ID (S117).

  The smartphone 11 transmits the trusted ID acquired from the user data management server device 15 to the key server device 19 together with the SIM card ID (S118).

  The key server device 19 is a server device managed by, for example, a mobile phone carrier, and uses a SIM key ID, a secret key stored in the SIM card, and a public key that is a pair of the secret key as a key. Store and manage in database. When the key server device 19 receives the trusted ID together with the SIM card ID, the key server device 19 stores the trusted ID in the data record retrieved from the key database by the SIM card ID (S119).

  This completes the device registration step.

  12A and 12B (hereinafter referred to as “FIG. 12”) are flowcharts showing details of the data registration step. For example, when purchasing a product at a store using the user data management system 1, the user touches the smartphone 11 on the touch pad 14 arranged at the cash register of the store. In response to the touch operation, the non-contact IC 12 detects the proximity to the reader / writer 13 (S201), and requests the smartphone 11 for a trusted ID (S202).

  The smartphone 11 delivers the trusted ID to the non-contact IC 12 in response to the request (S203). The non-contact IC 12 transmits the received trusted ID together with IDm to the reader / writer 13 (S204). The reader / writer 13 delivers the received trusted ID and IDm to the touch pad 14 (S205).

  Subsequently, the store staff inputs the data of the product to be purchased, that is, the product name, unit price, and quantity to the touch pad 14. In addition, instead of the store staff inputting all of the data, for example, a bar code reader is connected to the touch pad 14 and the bar code printed on the merchandise package is scanned to easily input the merchandise name and unit price. A configuration may be adopted. The touch pad 14 acquires the input data and generates money amount data indicating the total amount of money associated with the product purchase (S206).

  Subsequently, the store staff receives the credit card 17 from the user and swipes the card reader 16. In response to the operation, the card reader 16 reads card information such as a credit card number and delivers it to the touch pad 14 (S207).

  Subsequently, the touch pad 14 displays a screen that prompts the user to input a password for the credit card 17. On the screen, the user inputs a password (S208). The touch pad 14 transmits a payment request including the data acquired in S206 and S207 to the payment server device 18 corresponding to the card information (S209).

  The three settlement server devices 18 shown in FIG. 1 are the settlement server devices 18 managed by different credit card companies. In fact, as described above, the number of settlement server devices 18 is arbitrarily changed according to the number of credit card companies. In practice, a server device of an intermediary company that mediates credit card settlement is often interposed between the server device directly managed by the credit card company and the touchpad 14 of the store. Since it is a mechanism, its description is omitted.

  After confirming the identity of the settlement server device 18 by comparing the received credit card number and password, the payment server device 18 determines whether or not the credit amount of the user is equal to or greater than the product purchase price indicated in the amount data. Whether or not settlement is possible is determined (S210). The settlement server device 18 transmits settlement result data indicating the result of the determination to the touch pad 14 (S211).

  When the settlement result data indicates a successful settlement, the settlement result data may be accompanied by data indicating contents such as points and coupons that are given to the user by the credit card company.

  When the settlement result data indicates unsuccessful settlement (S212; No), the touch pad 14 displays a message indicating that the settlement could not be performed (S213). On the other hand, when the settlement result data indicates successful settlement (S212; Yes), the touch pad 14 subsequently selects the data corresponding to the privacy data from among various data relating to the user's product purchase acquired in S206, S207, and S211. Extract (S214). For example, a credit card number, a product name of a purchased product, and the like are determined to be highly confidential and are extracted as privacy data.

  The touch pad 14 converts the private data extracted in S214 into non-private data according to a predetermined rule. For example, the product name is converted into the name of the product group to which the product belongs (S215). Also, the credit card number used for purchasing the merchandise is converted into a mask with the remaining four digits remaining.

  Subsequently, the touch pad 14 transmits a public key request to the key server device 19 (S216). This request includes the trusted ID acquired by the smartphone 11 in S205. In response to the request, the key server device 19 transmits the public key stored in association with the received trusted ID to the touch pad 14 (S217).

  The touch pad 14 encrypts the privacy data extracted in S214 with the public key received in S216 (S218). The touch pad 14 generates log data using the non-privacy data not extracted in S214, the non-privacy data obtained by converting the privacy data extracted in S214 in S215, and the privacy data encrypted in S217. (S219).

  The log data generated as described above is transmitted from the touch pad 14 to the user data management server device 15 (S220), and is registered in the user log database in the user data management server device 15 (S221).

  When a user using the user data management system 1 purchases a product or service using any credit card in a store that uses the user data management system 1, all log data generated with the purchase is stored. The data is transmitted to the user data management server device 15 and registered in the user log database.

  Therefore, data related to the purchase behavior of consumers, which has been conventionally managed individually for each credit card company in the settlement server device 18, is collected in the user data management server device 15 in the user data management system 1.

  The above is the description of the data registration step.

  FIG. 13 is a flowchart showing details of the data use step. When the user wants to know information such as purchase history of his / her product / service, credit card points acquired, coupons still valid, etc., the user operates the smartphone 11 and selects, for example, “Purchase” from the user application menu. Touch the “View Information” button. In response to the operation, the smartphone 11 displays a login screen.

  When the user inputs the login name and password on the login screen (S301), the smartphone 11 transmits the acquired login name and password together with the trusted ID to the user data management server device 15 (S302).

The user data management server device 15 searches the user basic database for a data record including the received login name, password, and trusted ID. If the search is successful, it is determined that the login is successful (S303; Yes), and if the search fails, the login is unsuccessful. (S303; No).

  When the login fails (S303; No), the user data management server device 15 transmits a login failure notification to the smartphone 11 (S304). After displaying the notification of the login failure (S305), the smartphone 11 returns the process to S301.

  On the other hand, when the login is successful (S303; Yes), the user data management server device 15 extracts log data including the trusted ID received in S302 from the user log database, and generates a browsing page using the extracted log data. (S306), it transmits to the smartphone 11 (S307). Note that the data of the browse page transmitted to the smartphone 11 in S307 includes encrypted privacy data.

  Upon receiving the browsing page, the smartphone 11 decrypts the encrypted privacy data with the private key stored in the SIM card (S308), and then displays the content of the browsing page (S309).

  On the browsing page, detailed information of purchased products / services is displayed in a list in order of purchase date and time, for example. In addition, a point balance for each credit card and a list of valid coupons are also displayed. That is, the user can list the information by logging in once without repeating the login to a plurality of credit card company web pages.

  The above is the description of the data use step.

  Various data related to users stored in the user basic database and the user log database are used by companies for the purpose of marketing research and the like. At that time, since the privacy data is encrypted and the user data management server device 15 does not store a secret key for decrypting the encryption, there is no risk of the privacy data being accidentally leaked to the company. .

  By the way, the data registration step described with reference to FIG. 12 is an operation flow of the user data management system 1 when a payment is made using a credit card. The user data management system 1 is not limited to payment by credit card, and can generate and store log data associated with purchase of goods / services even when payment is made using cash or points. In that case, the processing of S207 to S213 in FIG. 12 is simply skipped.

[Second Embodiment]
Hereinafter, a business card data management system 2 as another specific example of the present invention will be described as a second embodiment. The business card data management system 2 is common to the user data management system 1 in many respects. Therefore, in the following description, the business card data management system 2 will be described with a focus on differences from the user data management system 1. Moreover, the code | symbol used in the user data management system 1 is used for the thing which is common or respond | corresponds with the user data management system 1 among the structural parts with which the business card data management system 2 is provided.

  The business card data management system 2 eliminates the trouble of exchanging business cards with the staff of each exhibition booth by users visiting many exhibition booths at the event venue, and the company that hosts the exhibition visits the exhibition booth. It is a system that makes it possible to efficiently follow up users.

  FIG. 14 is a diagram schematically showing the overall configuration of the business card data management system 2. The business card data management system 2 includes a smartphone 11 incorporating a non-contact IC 12 carried by a user visiting an event venue, and a touch pad 14 incorporating a reader / writer 13 disposed at each entrance of an exhibition booth in the event venue. And a user data management server device 15 that manages data related to the user.

  In FIG. 14, only one user is shown for the sake of simplification, but in reality, there are a large number of users who visit the event venue, and each of these users carries a smartphone with a non-contact IC 12 built-in. 11 is included in the business card data management system 2.

  In FIG. 14, three exhibition booths are shown, and one touch pad 14 is arranged in each exhibition booth. However, the number of touch pads 14 and the number of exhibition booths arranged in each exhibition booth. Are various.

  FIG. 15 is a diagram illustrating a functional configuration of the smartphone 11 used in the business card data management system 2. Unlike the user data management system 1, since the business card data management system 2 does not extract and encrypt privacy data, the smartphone 11 used in the business card data management system 2 does not include the decryption unit 116. Other points are the same as those of the smartphone 11 of the user data management system 1.

  FIG. 16 is a diagram showing a functional configuration of the touch pad 14 used in the business card data management system 2. Since payment by credit card is not performed in the business card data management system 2, the touch pad 14 of the business card data management system 2 receives the credit card information from the acquisition means 145 that acquires purchase information of goods and services and the card reader 16. The means 146 is not provided.

  Further, as described above, since privacy data is not extracted and encrypted in the business card data management system 2, the touch pad 14 used in the business card data management system 2 includes the extraction unit 147, the conversion unit 148, and the encryption unit. 149 is not provided. Other points are the same as the touch pad 14 of the user data management system 1.

  FIG. 17 is a diagram showing a functional configuration of the user data management server device 15 used in the business card data management system 2. The business card data management system 2 has an automatic processing function for making it easy for companies to follow up on users who have visited an exhibition booth. As a specific example, when the condition that “the user browsed the Web page of the company that hosted the exhibition booth after the end of the event” is satisfied, “a notification to that effect is sent to the person in charge of the company The user data management server device 15 automatically performs the process “Yes”.

In order to realize the automatic processing function as described above, the storage unit 153 of the user data management server device 15 of the business card data management system 2 stores an arbitrary number of combinations of condition data and instruction data as exemplified below. Has been.
Condition data: “Users who visited the exhibition booth with the exhibition booth ID ####” and “Users who disclosed their address” and “By August 31, 2012, please visit http://xxx.co.jp Accessed user "
Instruction data: “Notify user basic information to email address info@xxx.co.jp”

In order to realize the automatic processing function as described above, the user data management server device 15 of the business card data management system 2 has the following functions in addition to the mechanism components of the user data management server device 15 of the user data management system 1. It has a component.
Determination means 154: It is determined whether or not the condition indicated by the condition data is satisfied for each user.
Processing unit 155: When it is determined that the condition indicated by the condition data is satisfied for a certain user, the process indicated by the instruction data is executed.

FIG. 18 is a diagram schematically showing the data configuration of the user basic database stored in the user data management server device 15 of the business card data management system 2. The user basic database in the business card data management system 2 includes the following data fields in addition to the data fields of the user basic database in the user data management system 1.
Name: Stores the user's name (real name).
Affiliated organization name: Stores the name of the organization to which the user belongs.
Title: Stores the title of the title of the user's organization.
Phone number: Stores the phone number of the user's organization.
FAX number: Stores the FAX number of the user's organization.

  The address stored in the user basic database of the business card data management system 2 is not the user's personal address but the address of the user's affiliated organization, and is a detailed address including the address and building name so that the mail can be delivered. .

  As described above, the information that is normally written on the business card is stored in the user basic database of the business card data management system 2.

  The storage means 153 of the business card data management system 2 stores an exhibition booth basic database for managing data for presenting basic information on the exhibition booth to a user who has visited the exhibition booth.

FIG. 19 is a diagram schematically showing the data structure of the exhibition booth basic database. The exhibition booth basic database is a collection of data records relating to each exhibition booth, and each data record includes the following data fields.
Exhibition booth ID: Stores an exhibition booth ID for identifying the exhibition booth.
Login name: Stores a login name used for identity verification when accessing the user data management server device 15 in order to browse basic information of a user who has visited the exhibition booth.
Password: A password for identifying the user when logging in to the user data management server device 15 is stored together with the login name.
Company name: Stores the name of the company that hosts the exhibition booth.
Person in charge: Stores the name of the person in charge of the exhibition booth sponsoring company.
Address: Stores the address of the company hosting the exhibition booth.
Telephone number: Stores the telephone number of the company that hosts the exhibition booth.
FAX number: Stores the FAX number of the company hosting the exhibition booth.
Email address: Stores the email address of the company hosting the exhibition booth.
URL: The URL of the Web page of the company hosting the exhibition booth is stored.

  The storage means 153 of the business card data management system 2 replaces the user log database in the user data management system 1 with an exhibition booth stop log database for recording a log of the user visiting the exhibition booth, and answers to user questionnaires And a web page browsing log database for recording a log when a user accesses a web page at any URL stored in the exhibition booth basic database.

  FIG. 20 is a diagram schematically showing the data structure of the exhibition booth stop log database. A data record in the exhibition booth stop log database is generated each time a user touches the smartphone 11 on the touch pad 14 arranged in the exhibition booth and performs a business card exchange operation (described later) on a business card exchange screen displayed on the touch pad 14. The

The data record of the exhibition booth stop log database includes the following data fields.
Trusted ID: A trusted ID for identifying a user who visited the exhibition booth is stored.
Date and time: Stores the date and time when you visited the exhibition booth.
Exhibition booth ID: Stores an exhibition booth ID for identifying the exhibition booth.
Disclosure item: Stores data indicating items that the user designates disclosure to the sponsor company of the exhibition booth out of the basic user information stored in the user basic database. For example, it is data in the form of “name: ○, address: ×,..., Email address: ○”, and the example on the left indicates that the name and email address are disclosed but the address is not disclosed. Yes.

  FIG. 21 is a diagram schematically showing the data structure of the questionnaire log database. The data record of the questionnaire log database is generated every time the user touches the smartphone 11 on the touch pad 14 arranged in the exhibition booth and inputs an answer on the questionnaire screen displayed on the touch pad 14.

The data record of the questionnaire log database includes the following data fields.
Trusted ID: A trusted ID for identifying a user who has answered the questionnaire is stored.
Date / time: Stores the date / time of the questionnaire response.
Exhibition booth ID: Stores an exhibition booth ID for identifying the exhibition booth.
Answer contents: The contents of the questionnaire answer are stored.

  FIG. 22 is a diagram schematically showing the data structure of the Web page browsing log database. The data record of the web page browsing log database is generated every time the user browses the web page of any company that hosts the exhibition booth using the browser of the smartphone 11.

The data record of the Web page browsing log database includes the following data fields.
Trusted ID: A trusted ID for identifying a user who has browsed the Web page is stored.
Date / time: Stores the date / time of browsing the Web page.
URL: The URL of the browsed web page is stored.

  When the user participates in an event corresponding to the business card data management system 2, the user completes the registration work for the user data management server device 15 of the smartphone 11 shown in FIG. At that time, basic information (name, address, etc.) input by the user in S113 is registered in the user basic database.

  The user visits the event venue and touches the smartphone 11 on the touch pad 14 arranged at the entrance gate. The touch pad 14 receives the trusted ID from the smartphone 11 and transmits it to the user data management server device 15. The user data management server device 15 determines whether or not the received trusted ID has been registered in the user basic database, and if registered, gives an instruction to open the gate to the gate opening / closing control device at the entrance. Thereby, the user can enter the event venue.

  The user freely visits the exhibition booth in the event venue, and touches the smartphone 11 on the touch pad 14 arranged in the visited exhibition booth. The touch pad 14 receives the trusted ID from the smartphone 11 and transmits it to the user data management server device 15 together with the exhibition booth ID of the exhibition booth where the touch pad 14 is arranged.

  The user data management server device 15 retrieves a data record from the exhibition booth stop log database using the trusted ID and the exhibition booth ID received from the touch pad 14 as search keys. If no data record is found, the user data management server device 15 determines that the business card exchange has not been completed, and instructs the touch pad 14 to display a business card exchange screen. On the other hand, if the data record is searched, the user data management server device 15 determines that the business card exchange has been completed, and instructs the touch pad 14 to display the questionnaire screen.

  When a business card exchange screen is displayed on the touch pad 14 by touching the smartphone 11, the user selects items (name, address, etc.) of his / her basic information that may be disclosed to the sponsor company of the exhibition booth on the screen To do. By this operation, a data record is added to the exhibition booth stop log database.

  As described above, the data record relating to the user who visited the exhibition booth is added to the exhibition booth stop log database, so that the staff of the exhibition booth sponsoring company can be distributed from the user data management server device 15 by operating the terminal device. By accessing the Web page for browsing the visitor basic information, it is possible to browse the basic information of the user who visited the exhibition booth of the company.

  That is, when the user data management server device 15 receives an access request to the Web page for browsing basic visitor information from a terminal device operated by the staff of the sponsoring company, the user data management server device 15 is first identified from the login name input by the staff at the time of login. A data record is extracted from the exhibition booth stop log database using the exhibition booth ID as a search key.

  Subsequently, the user data management server device 15 reads the basic information of the user from the basic user database according to the disclosed items of the data record, and generates a Web page for browsing basic visitor information. The user data management server device 15 transmits the Web page thus generated to the staff terminal device. As a result, the staff terminal device displays a list of basic information related to the items that each user has permitted to disclose to the sponsoring company.

  In addition, the user browses the basic information of the sponsoring company of the exhibition booth visited in the event by operating the smartphone 11 and accessing the Web page for browsing the exhibition booth basic information distributed from the user data management server device 15. can do.

  When the user data management server device 15 receives an access request to the Web page for browsing the exhibition booth basic information from the smartphone 11, first, the user data management server device 15 extracts a data record from the exhibition booth stop log database using the trusted ID received from the smartphone 11 as a search key. To do.

  Subsequently, the user data management server device 15 reads out the company basic information corresponding to the exhibition booth ID of the extracted data record from the exhibition booth basic database, and generates a Web page for browsing the exhibition booth basic information. The user data management server device 15 transmits the generated web page to the smartphone 11. As a result, the smartphone 11 displays a list of basic information related to the sponsoring company of the exhibition booth that the user has visited.

  As described above, according to the business card data management system 2, the business card between the user and the company can be obtained simply by touching the smartphone 11 with the touch pad 14 at the exhibition booth where the user stopped and selecting an item to be disclosed. The exchange is complete.

  When the user again touches the smartphone 11 with the touch pad 14 in the exhibition booth where the operation for exchanging the business cards is already completed, a questionnaire screen is displayed on the touch pad 14. In that case, the user inputs an answer to the questionnaire from the sponsoring company on the screen. By that operation, a data record is added to the questionnaire log database.

  The staff of the exhibition booth sponsoring company can browse the answers registered in the questionnaire log database as described above by accessing the web page for browsing the questionnaire answers.

  As described above, according to the business card data management system 2, the user does not need to repeatedly input basic information when answering a questionnaire at each exhibition booth.

  When the user accesses the Web page of the sponsoring company of any exhibition booth (URL registered in the exhibition booth basic database) with the browser of the smartphone 11, the log data is registered in the Web page browsing log database.

For example, when the following condition data and instruction data are registered in the user data management server device 15, the user data management server device 15 periodically refers to the user basic database, the exhibition booth stop log database, and the Web page browsing log database. For the user who satisfies the condition indicated by the condition data, the process indicated by the instruction data is executed.
Condition data: “Users who visited the exhibition booth with the exhibition booth ID ####” and “Users who disclosed their address” and “By August 31, 2012, please visit http://xxx.co.jp Accessed user "
Instruction data: “Notify user basic information to email address info@xxx.co.jp”

  According to the above example, the staff of the company hosting the exhibition booth did not just visit the exhibition booth, but also visited the company's web page after the event and seemed to have a strong interest in the company Since the user's notification can be received from the user data management server device 15, desired follow-up can be performed at an appropriate timing, such as mailing a document such as a corporate brochure to the visitor.

[Modification]
The above-described embodiments can be variously modified within the scope of the technical idea of the present invention. Examples of these modifications are shown below.

  In the user data management system 1 described above, the public key is distributed from the key server device 19 that is different from the user data management server device 15. However, even if the user data management server device 15 performs the distribution of the public key. Good.

  In this case, for example, the smartphone 11 transmits the SIM card ID and the trusted ID to the key server device 19, and the key server device 19 transmits the public key specified from the SIM card ID to the user data management server device 15 together with the trusted ID. Thus, the trusted ID and the public key in the user data management server device 15 can be associated with each other.

  Moreover, in the user data management system 1 and the business card data management system 2 described above, the smartphone 11, the touch pad 14, and the user data management server device 15 are used in a terminal device such as a general smartphone, a touch pad, or a PC. Although it is realized by performing processing according to such an application program, each of the functional components included in the application program may be configured as a dedicated machine realized by hardware.

  Further, according to the mechanism according to the present invention, data that has been individually managed conventionally is centrally managed, so that data having compatibility and substitutability can be integrated. For example, the integration of points given according to the purchase amount of goods / services is an example.

  Currently, points (mileage points, etc.) are awarded for each of a plurality of credit cards, a plurality of stores, a plurality of airlines, and the like. According to the mechanism of the present invention, as described with respect to credit card points in the user data management system 1, it is possible to display a list of points balances and usage histories based on log data.

  In addition, an original point system is introduced into the user data management system 1 so that the points can be exchanged between the original points and the points of each company.

  For example, a mechanism for exchanging credit card points for unique points of the user data management system 1 can be realized by modifying the processing flow described in FIG. 12 as follows.

  That is, in S211 of FIG. 12, the data related to the points given with the purchase of the product / service is transmitted from the settlement server device 18 to the touch pad 14 together with the settlement result data. In response to this, the touch pad 14 displays a selection screen as to whether or not to exchange the credit card points for the original points of the user data management system 1.

  The user performs a selection operation on the touch pad 14 to acquire credit card points as they are or to exchange them for original points. When the exchange to the unique point is selected, the touch pad 14 transmits data indicating acceptance of the point to the settlement server device 18. When the settlement server device 18 receives data indicating acceptance of points, it does not grant points to the user according to the data. On the other hand, the user data management system 1 gives unique points to the user.

  In addition, when credit card points are underwritten by the operator of the user data management system 1 as described above, the credit card company provides the operator of the user data management system 1 with the points corresponding to the points to be accepted. The amount will be paid.

  The user data management system 1 and the business card data management system 2 described above are examples of use of the user data management mechanism according to the present invention, and a server device for a terminal device connected to a near-field wireless communication device. The present invention can be applied to various other purposes as long as the system collects and manages data related to the user of the terminal device using the ID (trusted ID) issued by linking with the ID of the near-field wireless communication device It is.

  For example, data management such as a cloud calendar that performs schedule management on a web page and a combination of user names and passwords that are increasing daily is combined with the mechanism according to the present invention, so that it is conventionally managed individually. All of these data can be managed in association with the trusted ID.

  Specifically, when the user data management server device 15 has a function of distributing a calendar web page or a password management web page, and the smartphone 11 accesses the web page, the user data management from the smartphone 11 is performed. The trusted ID is transmitted to the server device 15. Thereafter, the user data management server device 15 is configured to manage all data registered / updated on the Web page in association with the trusted ID. As a result, the user can easily use various data regarding himself / herself by accessing the user data management server device 15 from the smartphone 11.

  Similarly, the medical data, messages exchanged at the SNS, entry / exit records and attendance records at the company, etc. are managed by the user data management server device 15 in association with the trusted ID, so that the user can access the data. improves.

  In addition, as described above, all data generated in accordance with the use of various services by the user is accumulated in the user data management server device 15, so that data conventionally managed individually for each service provider Can be mutually used among those service providers.

  FIG. 23 is a diagram schematically showing a state in which data individually managed in the past can be mutually used among a plurality of service providers by the mechanism according to the present invention.

  23 are, for example, a payment service, a business card data management service, a ticket reservation service, a product / service sales service, a schedule management service, a password management service, a medical chart management service, an SNS, etc. is there.

  Each service is usually provided by a plurality of service providers, and each service provider individually manages basic data and log data of users (customers).

  In the mechanism according to the present invention, when a user using a terminal device incorporating a near-field wireless communication device uses a service by touching the terminal device or directly using the terminal device, the service Log data generated with use is stored in the user data management server device according to the present invention in addition to the server device of the service provider.

  At that time, the log data related to the same user is associated with each other by the trusted ID in the user data management server apparatus, regardless of the log data generated in any service.

  Therefore, for example, when the service provider A1 acquires the name and address of the user and the service provider B2 acquires the name, sex and age of the same user, they are integrated in the user data management server device. . As a result, the service provider A1 acquires the gender and age that cannot be acquired directly from the user, and the service provider B2 acquires the address that cannot be acquired directly from the user from the user data management server device. Information that can be complemented.

  Similarly, log data acquired by each of different service providers can also be provided to each service provider after being integrated in the user data management server device.

  At that time, since the data provided from the user data management server device to the service provider is converted into data that is rounded to the extent that an individual cannot be specified as necessary, the unauthorized use of personal information is not performed. Absent.

DESCRIPTION OF SYMBOLS 1 ... User data management system, 2 ... Business card data management system, 9 ... Internet, 11 ... Smartphone, 12 ... Non-contact IC, 13 ... Reader / writer, 14 ... Touchpad, 15 ... User data management server apparatus, 16 ... Card Reader, 17 ... Credit card, 18 ... Payment server device, 19 ... Key server device, 111 ... SIM card, 111 ... Receiving means, 112 ... Sending means, 113 ... Receiving means, 114 ... Storage means, 115 ... Delivery means, 116 Decoding means 121 ... Delivery means 122 ... Reception means 123 ... Transmission means 131 ... Reception means 132 ... Delivery means 141 ... Reception means 142 ... Generation means 143 ... Transmission means 144 ... Reception means, 145 ... Acquisition means, 146 ... receiving means, 147 ... extraction means, 148 ... conversion means, 149 ... encryption means, 51 ... receiving unit, 152 ... allocating means, 153 ... storage unit, 154 ... determining unit, 155 ... processing unit, 161 ... reading means, 162 ... delivery means

Claims (18)

A method of managing data related to a user of a near field wireless communication device using a near field wireless communication device,
A device registration step of registering the first terminal device connected to the first near-field wireless communication device in the server device, and a data registration step of registering data relating to the user in the server device;
The device registration step includes:
First identification data, which is recorded in the first near-field wireless communication device in a non-rewritable manner and identifies the first near-field wireless communication device, is transmitted from the first terminal device to the server device. Steps sent to
Allocating second identification data, which is data for identifying the first terminal device, in response to reception of the first identification data by the server device;
The second identification data is transmitted from the server device to the first terminal device;
The first terminal device storing the second identification data; and
In the data registration step, when the first near-field wireless communication device is brought close to the second near-field wireless communication device,
Transmitting the second identification data from the first near-field wireless communication device to the second near-field wireless communication device;
The second terminal device receiving the second identification data from the second near-field wireless communication device;
Generating the data related to the user triggered by the second terminal device receiving the second identification data from the second near-field wireless communication device;
Transmitting the second identification data and the data relating to the user from the second terminal device to the server device;
The server device stores the data relating to the user in association with the second identification data. The first terminal device includes a data use step of using data related to the user;
The data utilization step includes:
The second identification data is transmitted from the first terminal device to the server device;
Triggered by transmission of the second identification data from the first terminal device to the server device, data relating to the user stored in the server device in association with the second identification data is received from the server device. The method according to claim 1, further comprising: transmitting to the first terminal device. In the data registration step, when the first near-field wireless communication device is brought close to the second near-field wireless communication device,
Data transmission / reception with another server device different from the server device triggered by the second terminal device receiving the second identification data from the second near field wireless communication device Having the steps of:
The method according to claim 1 or 2, wherein, in the step of generating data related to the user, the second terminal device generates data related to the user using data received from the other server device. The second terminal device transmits and receives data to and from the other server device,
The second terminal device acquiring price data indicating a price of the goods purchased by the user;
A card reader connected to the second terminal device reads third identification data, which is recorded in a rewritable manner on the user's credit card and is data for identifying the credit card;
Passing the third identification data from the card reader to the second terminal device;
Transmitting the price data and the third identification data from the second terminal device to the other server device;
Settlement result data indicating whether or not the purchase of the goods having the price indicated by the price data has been established by a settlement with a credit card identified by the third identification data is sent from the other server device to the second terminal device. A step to be transmitted, and
In the step of generating data relating to the user, the second terminal device, when the settlement result data indicates the successful purchase of the good, the data indicating that the purchase of the good having the price indicated by the price data is successful. The method according to claim 3, wherein the data is generated as data related to the user. The data registration step includes:
The second terminal device obtaining a public key paired with a secret key stored in the first terminal device;
The step of generating data related to the user by the second terminal device includes:
The second terminal device extracting data satisfying a predetermined condition relating to confidentiality from the data acquired by the second terminal device;
Generating data that does not satisfy the predetermined condition regarding confidentiality by converting data that satisfies the predetermined condition regarding confidentiality according to a predetermined rule;
Encrypting data satisfying a predetermined condition relating to the confidentiality using the public key,
In the step in which the second terminal device generates data relating to the user, data not satisfying the predetermined condition relating to the confidentiality and encrypted data satisfying the predetermined condition relating to the confidentiality are data relating to the user A method according to any of claims 1 to 4. An automatic process execution step in which the server device automatically executes a predetermined process;
The automatic process execution step includes:
Storing condition data indicating a condition related to a user by the server device, and instruction data for instructing a process to be executed by the server device when a condition indicated by the condition data is satisfied;
Determining whether or not the condition indicated by the condition data is satisfied by the content indicated by the data relating to the user stored by the server device in association with the second identification data in the data registration step;
The method according to any one of claims 1 to 5, further comprising: when the determination step determines that the condition is satisfied, the server device performs processing according to the instruction data. A first near-field wireless communication device in which first identification data for identifying the device itself is recorded in a non-rewritable manner; a first terminal device connected to the first near-field wireless communication device; Data communication between two near-field wireless communication devices, a second terminal device connected to the second near-field wireless communication device, and the first terminal device and the second terminal device And a server device for performing
The first terminal device is:
Receiving means for receiving the first identification data from the first near-field wireless communication device;
Transmitting means for transmitting the first identification data to the server device;
Receiving means for receiving second identification data transmitted from the server device as a response to transmission of the first identification data by the transmitting means;
Storage means for storing the second identification data;
Delivery means for delivering the second identification data to the first near-field wireless communication device when the first near-field wireless communication device is brought close to the second near-field wireless communication device; Prepared,
The first near-field wireless communication device is:
Delivery means for delivering the first identification data to the first terminal device;
Receiving means for receiving the second identification data from the first terminal device;
Transmitting means for transmitting the second identification data to the second near-field wireless communication device when approached to the second near-field wireless communication device;
The second near-field wireless communication device is:
Receiving means for receiving the second identification data from the first near-field wireless communication device when the first near-field wireless communication device is approached;
Delivery means for delivering the second identification data to the second terminal device,
The second terminal device is:
Receiving means for receiving the second identification data from the second near-field wireless communication device when the first near-field wireless communication device is brought close to the second near-field wireless communication device;
Generating means for generating data relating to a user of the first terminal device triggered by the reception of the second identification data by the receiving means;
Transmission means for transmitting the second identification data and data related to the user to the server device,
The server device
Receiving means for receiving the first identification data from the first terminal device;
Allocating means for allocating second identification data that is data for identifying the first terminal device in response to reception of the first identification data;
The receiving means of the server device receives the second identification data and data related to the user from the second terminal device,
The server device
A system comprising storage means for storing data relating to the user in association with the second identification data. The transmission means of the first terminal device transmits the second identification data to the server device;
The receiving means of the server device receives the second identification data from the first terminal device;
The transmission unit of the server device stores data relating to the user stored in association with the second identification data received from the first terminal device by the reception unit of the own device. The system of claim 7, wherein the system is transmitted to the device. Comprising another server device different from the server device,
The transmission unit of the second terminal device triggers the reception of the second identification data from the second near-field wireless communication device by the receiving unit of its own device to the other server device. Send data,
The second terminal device includes receiving means for receiving data transmitted from the other server device as a response to transmission of data by the transmitting means of the own device,
The system according to claim 7 or 8, wherein the generation unit of the second terminal device generates data related to the user by using data received from the other server device by the reception unit of the own terminal device. A card reader connected to the second terminal device;
The card reader is
Reading means for reading third identification data which is recorded on the user's credit card in a non-rewritable manner and which identifies the credit card;
Delivery means for delivering the third identification data to the second terminal device,
The second terminal device is:
Obtaining means for obtaining price data indicating a price of the goods purchased by the user;
Receiving means for receiving the third identification data from the card reader;
The transmission means of the second terminal device transmits the price data and the third identification data to the other server device;
The receiving means of the second terminal device indicates the price data transmitted from the other server device as a response to the transmission of the price data and the third identification data by the transmitting means of its own device. Receiving payment result data indicating whether or not the purchase of the goods of the price was made by payment with a credit card identified by the third identification data;
The generation unit of the second terminal device generates data indicating that the purchase of the goods having the price indicated by the price data is established as data relating to the user when the settlement result data indicates the establishment of the purchase of the goods. The system according to claim 9. The storage means of the first terminal device stores a secret key unique to the first terminal device,
The receiving means for receiving data from the second near-field wireless communication device of the second terminal device or the receiving means of the second terminal device obtains a public key paired with the secret key,
The second terminal device is:
Extraction means for extracting data satisfying a predetermined condition regarding confidentiality from data acquired by the own device;
Conversion means for generating data that does not satisfy the predetermined condition regarding confidentiality by converting data that satisfies the predetermined condition regarding confidentiality according to a predetermined rule;
Encryption means for encrypting data satisfying a predetermined condition relating to the confidentiality using the public key,
The generating means of the second terminal device uses, as data relating to the user, data that does not satisfy the predetermined condition relating to confidentiality and data that satisfies the predetermined condition relating to confidentiality encrypted by the encryption means. The system according to any one of claims 7 to 10. The storage unit of the server device stores condition data indicating a condition related to a user, and instruction data instructing a process to be executed by the server device when a condition indicated by the condition data is satisfied,
The server device
Determining means for determining whether or not a condition indicated by the condition data is satisfied by a content indicated by the data relating to the user stored in association with the second identification data in the storage means of the own machine;
The system according to claim 7, further comprising a processing unit that performs processing according to the instruction data when the determination unit determines that the condition is satisfied. A terminal device connected to the first near-field wireless communication device in which the first identification data for identifying the device itself is recorded in a non-rewritable manner;
Receiving means for receiving the first identification data from the first near-field wireless communication device;
Transmitting means for transmitting the first identification data to a server device;
Receiving means for receiving second identification data transmitted from the server device as a response to transmission of the first identification data by the transmitting means;
Storage means for storing the second identification data;
When the first near-field wireless communication device is brought close to a second near-field wireless communication device connected to another terminal device different from the own device, the second identification data is stored in the second identification data. A terminal device comprising: delivery means for delivering to the near-field wireless communication device. A terminal device connected to the second near-field wireless communication device,
When the first near-field wireless communication device is brought close to the second near-field wireless communication device, it is connected to the first near-field wireless communication device and identifies another terminal device different from its own device. Receiving means for receiving identification data to be received from the second near-field wireless communication device;
Generating means for generating data relating to a user of the other terminal device, triggered by receipt of the identification data by the receiving means;
A terminal device comprising: transmission means for transmitting the identification data and data related to the user to a server device. Receiving means for receiving, from the first terminal device, first identification data that is identification data of a first near-field wireless communication device connected to the first terminal device;
Allocating means for allocating second identification data that is data for identifying the first terminal device in response to reception of the first identification data;
The receiving means includes a second terminal device connected to the second near-field wireless communication device when the first near-field wireless communication device is brought close to the second near-field wireless communication device. Receiving the second identification data and the data relating to the user of the first terminal device from
A server apparatus comprising storage means for storing data relating to the user in association with the second identification data. Computer
A program for causing the terminal device according to claim 13 to function as the receiving unit, the transmitting unit, the receiving unit, the storage unit, and the delivery unit. Computer
15. A program causing the terminal device according to claim 14 to function as the receiving unit, the generating unit, and the transmitting unit. Computer
The program which functions as the said receiving means with which the server apparatus of Claim 15 is provided, the said allocation means, and the said memory | storage means.

Images