JP2024042290A - Information management system and information management method - Google Patents

Abstract

[Problem] When verifying an individual's identity, four basic pieces of information are linked to a highly reliable telephone number.
[Solution] The system comprises a consumer terminal which sends a procedure request, an authentication server which performs public personal authentication using a personal card which is an official certificate, a mobile carrier server which performs carrier authentication using carrier contract information relating to a contract between a telecommunications company which provides a communication service using a telephone number and the consumer who uses the communication service, and a management server which executes processing to perform the public personal authentication by the authentication server in response to the procedure request, executes processing to perform the carrier authentication by the mobile carrier server, generates personal information linking four basic pieces of information of the consumer obtained by the public personal authentication, the carrier contract information of the consumer obtained by the carrier authentication, and the telephone number of the consumer terminal, and outputs the generated personal information to an external server with the consent of the consumer.
[Selected Figure] Figure 1

Description

The present invention relates to an information management system and an information management method.

There is a technology that uses public personal identification (JPKI) as a means of online identity verification (for example, Patent Document 1). As My Number cards become more popular, it is expected that identity verification using JPKI will become more widespread.

JP2019-113911A

However, the information that can be obtained from JPKI is limited to four basic pieces of information (address, name, date of birth, and gender). If businesses or organizations were to use it as a point of contact with consumers, the information that would likely be useful from the information obtained from JPKI would be "address" and "name." As delivery using an address takes time and effort, it would be better to have an easier and faster means of contact. It is possible to obtain contact information other than address by having users enter a phone number, email address, etc. when verifying their identity, but there are concerns about input errors and other issues, making this unreliable.

The present invention was made in view of the above circumstances, and its purpose is to provide an information management system and an information management method that can link four basic pieces of information with a highly reliable telephone number in identity verification. It's about doing.

In order to solve the above-mentioned problems, the information management system according to the present invention has a consumer terminal that sends a procedure request that requests a procedure involving identity verification that includes a telephone number, and a consumer terminal that sends a procedure request that requests a procedure that involves identity verification and that includes a telephone number. An authentication server that performs public personal authentication using a personal card) (a personal card that is a public certificate), a communication carrier that provides a communication service using a telephone number, and a contracted user who uses the communication service. A mobile carrier server that performs carrier authentication using carrier contract information regarding a contract, and a management server, wherein the management server performs processing for performing the public personal authentication by the authentication server in response to the procedure request. A public personal authentication control unit that executes the process, a carrier authentication control unit that executes the process for carrying out the carrier authentication by the mobile carrier server, the four basic information of the consumer obtained by the public personal authentication, and the carrier a personal information generation unit that generates personal information that links the carrier contract information of the consumer obtained through authentication with the phone number of the consumer terminal; , and an output control unit for outputting to an external server.

Further, in the information management system of the present invention, the personal information generation unit generates registered information regarding services used by the consumer in a company or organization corresponding to the external server in response to the procedure request. The output control unit outputs the personal information including the registration information to the external server.

In addition, in order to solve the above-mentioned problems, the information management method according to the present invention provides a consumer terminal that sends a procedure request that requests a procedure involving identity verification that includes a telephone number, and a My Number card (My Number Card). An authentication server that performs public personal authentication using a personal number card (personal card that is a public certificate), a communication carrier that provides communication services using telephone numbers, and contracted users who use the communication services. An information management method performed by an information management system comprising a mobile carrier server that performs carrier authentication using carrier contract information regarding a contract with a management server, and a management server, wherein a public personal authentication control unit: In response to the procedure request, the authentication server executes a process for performing the public personal authentication, and the carrier authentication control unit executes the process for performing the carrier authentication by the mobile carrier server, and generates personal information. The department collects personal information that links the consumer's four basic information obtained through the public personal authentication, the carrier contract information of the consumer obtained through the carrier authentication, and the telephone number of the consumer terminal. The output control unit outputs the personal information to an external server with the consumer's consent.

According to the present invention, it is possible to link the four basic pieces of information with a highly reliable telephone number in identity verification. Furthermore, it becomes possible to link the four basic information, a highly reliable telephone number, and information regarding a user associated with a company or organization, such as information indicating a bank account number.

FIG. 1 is a block diagram showing an example of an information management system 1 according to an embodiment. It is a sequence diagram showing the flow of processing performed by the information management system 1 according to the embodiment. It is a sequence diagram showing the flow of processing performed by the information management system 1 according to the embodiment. It is a sequence diagram showing the flow of processing performed by the information management system 1 according to the embodiment. FIG. 2 is a block diagram showing an example of a management server 10 according to the embodiment. FIG. 2 is a diagram showing an example of personal information 120 according to the embodiment.

Hereinafter, one embodiment of the present invention will be described with reference to the drawings.

FIG. 1 is a block diagram showing an example of an information management system 1 according to an embodiment. The information management system 1 includes a management server 10, a consumer terminal 20, a mobile carrier server 30, an authentication server 40, and a company/organization server 50. A group of devices constituting the information management system 1 (management server 10, consumer terminal 20, mobile carrier server 30, authentication server 40, and company/organization server 50) are communicably connected via a communication network NW. .

The management server 10 is an information processing device that mediates procedures requested by consumers, for example, procedures for companies or organizations corresponding to the company/organization server 50. As the management server 10, for example, a computer such as a server device or a personal computer (PC) can be applied. The management server 10 performs control to execute procedures requested by the consumer terminal 20.

The consumer terminal 20 is an information processing device used by a user (a consumer). As the consumer terminal 20, for example, a smartphone, a mobile phone, a computer such as a PC can be applied.

The consumer terminal 20 has a display unit such as a liquid crystal display that displays information, and an operation unit such as a touch panel that accepts operations by the consumer. The consumer terminal 20 requests the management server 10 to perform procedures for a company or organization corresponding to the company/organization server 50.

The consumer makes a contract with the communication carrier of the mobile carrier server 30 for the consumer terminal 20 to use a communication service using the consumer terminal 20 . The consumer terminal 20 is capable of communicating using a communication service provided by a communication carrier with which it has a contract. A telephone number is assigned to the consumer terminal 20, and it has a function to perform communication using this telephone number as a destination.

The card 200 is an IC (Integrated Circuit) card in which an electronic certificate 201 is stored. The card 200 is a card (personal card) that is a public certificate, and is, for example, a My Number card (personal number card). In this case, the card 200 stores an electronic certificate for signature and an electronic certificate for consumer certification as an electronic certificate 201 .

The mobile carrier server 30 is a server device managed by a communication carrier. The communication carrier is, for example, an MNO (Mobile Network Operator) that provides communication services using telephone numbers to consumer terminals 20 using communication lines that it owns or operates. . The mobile carrier server 30 communicates with the management server 10 and the consumer terminal 20 via the communication network NW.

The mobile carrier server 30 stores carrier contract information related to a contract with a consumer who has concluded a contract to use the consumer terminal 20 in a storage unit. The carrier contract information includes, for example, the consumer's telephone number, name, address, date of birth, and age. Further, the carrier contract information may include the contract period of the contract between the communication carrier and the contracted user (consumer). Further, the carrier contract information may be customer information regarding the consumer, which is registered for a service such as a messaging service that the consumer uses.

The authentication server 40 is, for example, a server device that provides a public personal authentication service operated by J-LIS (Local Government Information System Institute). The authentication server 40 communicates with the management server 10 via the communication network NW.
Furthermore, in this embodiment, the authentication server 40 also serves as a signature verifier (platform operator). The signature verifier here can receive revocation information and the like of the electronic certificate 201 issued by the public personal authentication service. The signature verifier can obtain the four basic information.

The company/organization server 50 is a server device managed by a company or organization. Examples of companies or organizations include banks, insurance companies, and local governments. The company/organization server 50 communicates with the management server 10 via the communication network NW.

Here, the flow of processing performed by the management server 10 will be explained using FIGS. 2 to 4. 2 to 4 are sequence diagrams showing the flow of processing performed by the information management system 1 according to the embodiment.

In FIGS. 2 to 4, in the information management system 1, the communication between the management server 10 and the consumer terminal 20, for example, in the processing corresponding to steps S15, S19, S23, etc. described later, is performed using a message service. An example of a case in which this is done will be explained. The message service here is a communication service provided by a mobile carrier (mobile phone operator) corresponding to the mobile carrier server 30. With message services, messages such as text and images are exchanged using mobile phone numbers. The message service is, for example, RCS (Rich Communication Services).

However, the exchange between the management server 10 and the consumer terminal 20 is not limited to the message service. For the exchange of information between the management server 10 and the consumer terminal 20, notification means other than message services, such as e-mail, SNS (Social Networking Service), REST API, and so-called web service exchange, are applied. It's okay.
Although descriptions are omitted in steps S15, S19, and S23 in FIG. 2, when communication using a message service is performed, messages are sent from the management server 10 to the consumer terminal 20 via the mobile carrier server 30. Be notified. That is, as shown in steps S12 and S13, a distribution request is made from the management server 10 to the mobile carrier server 30 requesting that the message be distributed, and the message is notified to the consumer terminal 20 in response to the distribution request. be done.

As shown in FIG. 2, first, the consumer terminal 20 transmits a procedure request to the management server 10 (step S10). A procedure request is a notice of a request to start a procedure. The procedure here is a procedure for the company or organization corresponding to the company/organization server 50, and is, for example, a procedure for changing an address.

In step S10, consumer terminal 20 transmits a procedure request including at least a telephone number to management server 10. For example, when a procedure request is notified using a message service, the consumer terminal 20 notifies the management server 10 of the telephone number of the consumer terminal 20 as the notification source of the message service.
Alternatively, when a procedure request is notified using e-mail or SNS, the consumer terminal 20 sends a procedure request with the telephone number indicated in the body of the e-mail or SNS to the management server 10. A procedure request including the telephone number of the consumer terminal 20 is made to the management server 10.
In this case, the management server 10 performs processing to confirm the telephone number notified from the consumer terminal 20. For example, the management server 10 notifies the telephone number notified from the consumer terminal 20 of a number confirmation message using SMS (Social Networking Service) or the like. A number confirmation message is a message that notifies information for confirming a phone number (hereinafter referred to as a confirmation code), for example, ``This phone number was notified in a procedure request.The confirmation code is ``*** *” is displayed.
Furthermore, the management server 10 sends a notification (confirmation notification) to the consumer terminal 20 to confirm whether the number confirmation message has been received. For example, the management server 10 sends a message to the e-mail or SNS destination that received the notification of the procedure request from the consumer terminal 20 with the following message: ``Please enter the confirmation code.The confirmation code is sent via SMS to the phone number 090-*** A confirmation notice is sent by sending an input form for entering a confirmation code along with a message such as "Notification will be sent to ``＊-＊＊＊＊''.
Consumer terminal 20 receives the number confirmation message. Furthermore, the consumer terminal 20 receives the confirmation notification. When the user inputs the confirmation code received in the number confirmation message into the input form of the confirmation notice and performs a reply operation, the consumer terminal 20 responds to the confirmation notice.
The management server 10 receives a response to the confirmation notification from the consumer terminal 20, and if the confirmation code shown in the received response matches the confirmation code notified in the number confirmation message, the management server 10 performs the processing shown in step S11 and thereafter. Execute. On the other hand, if the confirmation codes do not match, the management server 10 issues a notification indicating that the telephone number notified from the consumer terminal 20 in step S10 may be incorrect, for example. When receiving a procedure request including a new telephone number from the consumer terminal 20, the management server 10 performs the process shown in step S10.

When the management server 10 receives the procedure request, it stores the telephone number of the consumer terminal 20 included in the procedure request in the personal information 120 (see FIG. 5) as the consumer's telephone number.

Furthermore, when the management server 10 receives a procedure request, it generates an individual URL (Uniform Resource Locator) (step S11). The individual URL is a URL used to perform the procedure corresponding to the procedure request, and is a unique URL linked to the procedure request. For example, the individual URL is information indicating a specific page for performing the procedure. For example, the site identified by the individual URL is a page with restricted access. For example, the individual URL is a so-called one-time URL that can be accessed only once, or for a limited time, or only a limited number of times.

The management server 10 transmits a message distribution request requesting distribution of a response message to the mobile carrier server 30 (step S12). The response message here is a response to the procedure request, and is a message that notifies the consumer terminal 20 of the individual URL created in step S11.

When the mobile carrier server 30 receives the message distribution request, it transmits a response message to the consumer terminal 20 (step S13). Consumer terminal 20 receives the response message indicating the individual URL.

On the other hand, when the individual URL indicated in the response message is clicked by the user, the consumer terminal 20 accesses the page corresponding to the individual URL, and according to the guidance of the accessed page, necessary information and companies/organizations. The information is input, and the input necessary information and company/organization information are transmitted to the management server 10 (step S14).

Necessary information is information necessary for the procedure, and is, for example, information indicating the consumer's address, name, telephone number, and date of birth. Note that information corresponding to the 4 basic information (address, name, date of birth, gender) needs to be requested in step S14, since it is possible to obtain the 4 basic information in step S18, which will be described later. It may be excluded from the information. In addition, company/organization information is information for consumers to use services provided by companies or organizations corresponding to the company/organization server 50. For example, if the procedure destination is a bank, company/organization information is account information indicating an account number, etc. If the procedure destination is a securities company or the like, the company/organization information is securities information indicating a securities account or securities number.

For example, the management server 10 displays an input screen for inputting necessary information and company/organization information on a page corresponding to the individual URL. The consumer terminal 20 inputs necessary information and company/organization information according to the content displayed on the input screen. As a result, the management server 10 acquires necessary information and company/organization information.

The management server 10 stores the company/organization information received from the consumer terminal 20 in the consumer's personal information 120. As a result, company/organization information is linked to the consumer's phone number.

Furthermore, the management server 10 uses the message service to transmit a guidance message for guiding public personal authentication to the consumer terminal 20 (step S15). The guidance message includes a guidance message instructing the user to perform public personal authentication to confirm the person's identity in order to complete the procedure, as well as an operation button with a message such as ``Perform public personal authentication.''

When a consumer touches an operation button labeled "Perform public personal authentication," etc., processing for public personal authentication is executed. Specifically, as a process for performing public personal authentication, PIN input, card touch operation, etc. are executed (step S16).

PIN input means inputting a PIN (Personal Identification Number) necessary for public personal authentication. The card touch operation is an operation in which the My Number card (card 200) for performing public personal authentication is brought close to the card touch screen.

For example, when a consumer touches an operation button, an input screen for entering a PIN is displayed along with a message such as "Please enter your personal identification number card's PIN." The consumer views the input screen and inputs the PIN according to the instructions displayed on the input screen. When the consumer terminal 20 stores the PIN input by the consumer, the consumer terminal 20 displays a touch screen on which a frame indicating the shape of the card, etc. is displayed along with a guidance message such as "Please touch your My Number Card."
A consumer performs a touch operation by bringing the card 200 close to the touch screen. By performing the touch operation, communication between consumer terminal 20 and card 200 is established.
When communication between the consumer terminal 20 and the card 200 is established, the consumer terminal 20 notifies the card 200 of the PIN and requests the consumer terminal 20 to notify the electronic certificate 201. If the PIN notified from the consumer terminal 20 matches the preset PIN, the consumer terminal 20 performs predetermined processing with the card 200 to receive the electronic certificate 201 and signature data. The predetermined information included is output to the management server 10.

The management server 10 requests the authentication server 40 to determine whether or not the consumer's electronic certificate 201 is valid (validity confirmation) using predetermined information notified from the consumer terminal 20. (Step S17).

In response to a request from the management server 10, the authentication server 40 transmits the results of the validity check and the consumer's four basic information (address, name, date of birth, gender) to the management server 10 (step S18). ).

The management server 10 receives the results of the validity check and the consumer's four basic information from the authentication server 40, and if the electronic certificate 201 is valid as a result of the validity check, the management server 10 transmits the received information to the consumer's information. It is stored in the personal information 120. As a result, company/organization information and four basic information are linked to the consumer's telephone number.

Further, as shown in FIG. 3, the management server 10 confirms whether the consumer agrees to perform carrier authentication (step S19). Carrier authentication is an authentication method that performs identity verification using carrier contract information regarding a contract between a communication carrier that provides communication services using telephone numbers and a contracted user who uses communication services.

For example, when the management server 10 acquires the four basic pieces of information from the authentication server 40, it uses a message service to send a confirmation message to the consumer terminal 20 to obtain consent to carrier authentication. The confirmation message includes a guide to perform carrier authentication to perform strict identity verification, as well as an operation button that displays, for example, "I agree to perform carrier authentication."

If the consumer agrees to undergo carrier authentication, an authentication request is made. In the authentication request, the consumer terminal 20 transmits authentication information for performing carrier authentication, such as a password, to the mobile carrier server 30. The management server 10 transmits the consumer's date of birth, address, name, etc., and makes an authentication request to the mobile carrier server 30 to perform carrier authentication of the consumer (step S20). When the mobile carrier server 30 receives the date of birth, etc. from the management server 10, it determines whether the received date of birth, etc. of the consumer matches the pre-registered carrier contract information (step S21), and transmits the result of the determination to the management server 10 (step S22).

It is assumed that the consumer's verification information is stored in the management server 10 in advance. For example, when a consumer uses a service that performs procedures via the management server 10, the consumer registers the consumer's personal information, such as address, name, date of birth, etc., in the management server 10. The management server 10 causes the registered consumer's personal information to be stored in the management server 10 as the consumer's verification information.

When the management server 10 receives the match determination result from the authentication server 40, if the match determination is OK, the management server 10 stores the consumer's verification information (contract carrier information) in the consumer's personal information 120. As a result, company/organization information, four basic information, and contracted carrier information are linked to the consumer's telephone number.

Note that in step S21, a case where the mobile carrier server 30 performs the match determination is illustrated, but the management server 10 may also perform the match determination. In this case, in step S22, the consumer's contracted carrier information (for example, address, name, date of birth, etc.) is transmitted from the mobile carrier server 30 to the management server 10. The management server 10 performs a match determination by comparing the consumer's contract carrier information received from the mobile carrier server 30 with the consumer's verification information stored in advance in the management server 10.

Further, the determination rule for the match determination in step S21 may be arbitrarily set. For example, as a determination rule, if the address, name, and date of birth all match completely, the match is determined to be OK, and if any of the addresses, names, and dates of birth do not match, the match is determined to be NG. Alternatively, a determination rule may be set in which the match is determined to be OK if at least one of address, name, and date of birth matches.

Further, as shown in FIG. 4, the management server 10 confirms whether the consumer agrees to the information collaboration (step S23). Information cooperation here means transmitting information for performing procedures, such as necessary information and personal information 120, to the company or organization corresponding to the company/organization server 50.

For example, the management server 10 uses a message service to send a confirmation message to the consumer terminal 20 to obtain consent for information collaboration. The confirmation message includes a message asking if it is okay to send the information for carrying out the procedure to the company or organization corresponding to the company/organization server 50, as well as an operation button that says ``I agree to information collaboration.'' It is shown.

If the consumer agrees to the information collaboration, the consumer terminal 20 transmits the consent to the management server 10 (step S24). For example, when a consumer touches an operation button, a notification indicating consent to information collaboration is sent from the consumer terminal 20 to the management server 10.

When the management server 10 receives the notification of consent to information cooperation, it performs information cooperation by transmitting information for carrying out procedures to the company/organization server 50 (step S25).

When the company/organization server 50 receives the information for performing the procedure from the management server 10, it confirms the contents (step S26). For example, the company/organization server 50 checks whether the procedure can be performed based on the information for performing the procedure notified from the management server 10. The company/organization server 50 transmits the confirmation result of the contents to the management server 10 (step S27).

Upon receiving the confirmation result from the company/organization server 50, the management server 10 generates a confirmation result message including the confirmation result, and sends a message distribution request to the mobile carrier server 30 requesting that the confirmation result message be distributed. Transmit (step S28). When the mobile carrier server 30 receives the message distribution request, it transmits a confirmation result message to the consumer terminal 20 (step S29).

FIG. 5 is a block diagram showing an example of the management server 10 according to the embodiment. The management server 10 includes, for example, a communication section 11, a storage section 12, and a control section 13. The communication unit 11 communicates with the consumer terminal 20, the mobile carrier server 30, the authentication server 40, and the company/organization server 50.

The storage unit 12 is a storage medium such as an HDD (Hard Disk Drive), a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), a RAM (Random Access read/write Memory), a ROM (Read Only Memory), or any of these. configured by any combination of storage media. The storage unit 12 stores programs for executing various processes of the management server 10 and temporary data used when performing various processes.

The storage unit 12 stores, for example, personal information 120. The personal information 120 is the consumer's personal information obtained through identification, etc. performed for procedures.

FIG. 6 is a diagram showing an example of personal information 120 according to the embodiment. The personal information 120 stores, for example, information corresponding to items such as public personal authentication, message application, carrier authentication, and companies/organizations.

The public personal authentication stores four basic pieces of information obtained by performing the public personal authentication of the consumer, namely the consumer's address, name, date of birth, and gender. These are stored when the basic 4 information is notified from the authentication server 40 to the management server 10 in step S18.
In the mobile phone number field, a consumer's phone number obtained by using a message service is stored. This is stored in step S10 when the consumer terminal 20 notifies the management server 10 of the procedure request.
The carrier authentication stores the consumer's contracted carrier information obtained by performing the carrier authentication. This is stored when the mobile carrier server 30 notifies the management server 10 of the match determination result in step S22. Note that in carrier authentication, only the results of comparison with public personal authentication, for example, information indicating match or mismatch, may be stored.
Companies and organizations are notified by consumers and store company and organization information. This is stored when the company/organization information is notified from the consumer terminal 20 to the management server 10 in step S14.

In this way, the personal information 120 links the consumer's telephone number to company/organization information, basic four information, and contract carrier information. The basic four information is information obtained by performing public personal authentication. Furthermore, the contract carrier information is information obtained by performing carrier authentication. Furthermore, the contract carrier information is information generated in association with the telephone number when the consumer contracts for a communication service. Therefore, it is possible to accurately determine whether the person performing the procedure matches the mobile phone subscriber using the respective authentication results of public personal authentication and carrier authentication. By linking such personal information 120 with a company or organization, it is possible to notify the company or organization of error-free personal information and telephone number.

Returning to FIG. 5, the control unit 13 is realized by causing a CPU (Central Processing Unit) provided as hardware in the management server 10 to execute a program. The control unit 13 controls the management server 10 in an integrated manner. The control unit 13 includes, for example, an acquisition unit 130, a public personal authentication control unit 131, a carrier authentication control unit 132, a personal information generation unit 133, and an output control unit 134.

The acquisition unit 130 acquires various information. For example, the acquisition unit 130 acquires a procedure request notified from the consumer terminal 20 in step S10. When acquiring a procedure request, the acquisition unit 130 outputs the acquired procedure request to the public personal authentication control unit 131.

The public personal authentication control unit 131 executes processing to have the authentication server 40 perform public personal authentication. For example, the public personal authentication control unit 131 requests the mobile carrier server 30 to send a message (response message) for performing public authentication in step S12, thereby notifying the consumer terminal 20 of the response message, and performs processing to have the consumer terminal 20 perform public personal authentication in response to the reply from the consumer terminal 20.

Carrier authentication control unit 132 executes processing for causing mobile carrier server 30 to perform carrier authentication. For example, in step S19, the carrier authentication control unit 132 notifies the consumer terminal 20 of a message (confirmation message) confirming whether or not the carrier authentication is to be performed, and responds to the reply from the consumer terminal 20. Processing to perform carrier authentication is performed.

The principal information generation unit 133 generates principal information 120. For example, when the consumer terminal 20 notifies the management server 10 of a procedure request in step S10, the principal information generation unit 133 stores the consumer's telephone number included in the procedure request in the principal information 120.
Further, when the management server 10 is notified of the basic 4 information from the authentication server 40 in step S18, the personal information generation unit 133 stores the basic 4 information in the personal information 120.
Further, when the determination result of the match determination is notified from the mobile carrier server 30 to the management server 10 in step S22, the personal information generation unit 133 converts the consumer's contract carrier information used for carrier authentication into the personal information 120. Make me remember.
Further, when the company/organization information is notified from the consumer terminal 20 to the management server 10 in step S14, the personal information generation unit 133 stores the company/organization information notified from the consumer terminal 20 in the personal information 120. .
In this manner, the personal information generation unit 133 generates the personal information 120 by sequentially storing the consumer's telephone number, four basic information, contract carrier information, and company/organization information.

The output control unit 134 executes processing for information coordination. Specifically, the output control unit 134 outputs the personal information to the company server with the consumer's consent. For example, the output control unit 134 notifies the consumer terminal 20 of a message (confirmation message) confirming whether or not to agree to the information collaboration in step S23, and responds to the reply from the consumer terminal 20 with the information. Executes processing for collaboration.

As described above, the information management system 1 of the embodiment includes a consumer terminal 20, an authentication server 40, a mobile carrier server 30, and a management server 10. The consumer terminal 20 transmits a procedure request. The procedure request is a notification requesting a procedure involving identity verification of the consumer. The authentication server 40 performs public personal authentication using a card 200 (a personal card that is a public certificate of the consumer). The mobile carrier server 30 performs carrier authentication. The carrier authentication is authentication using carrier contract information. The carrier contract information is information regarding a contract between a telecommunications carrier that provides a communication service (a communication service using the telephone number of the consumer terminal) and a consumer who uses the communication service. The management server 10 includes an acquisition unit 130, a public personal authentication control unit 131, a carrier authentication control unit 132, and an output control unit 134. The acquisition unit 130 acquires a procedure request notified from the consumer terminal 20. The public personal authentication control unit 131 executes a process to have the authentication server 40 perform public personal authentication in response to the procedure request. The carrier authentication control unit 132 executes processing to have the mobile carrier server 30 perform carrier authentication. The personal information generation unit 133 generates personal information 120. The personal information 120 is information that links the four basic pieces of information of the consumer obtained by public personal authentication, the carrier contract information of the consumer obtained by carrier authentication, and the telephone number of the consumer terminal 20. The output control unit 134 outputs the personal information to the company/organization server 50 (external server) with the consent of the consumer.

As a result, in the information management system 1 of the present embodiment, carrier authentication can be performed in addition to public personal authentication, and the four basic pieces of consumer information obtained by public personal authentication and the consumer information obtained by carrier authentication can be used. Personal information 120 can be generated by linking the carrier contract information and the telephone number of the consumer terminal 20. Therefore, it is possible to link the four basic information to a highly reliable telephone number in identity verification.

Further, in the information management system 1 of the embodiment, the principal information generation unit 133 generates principal information 120 including company/organization information (registration information). Company/organization information is information registered regarding services used by consumers in companies or organizations corresponding to the company/organization server 50 (external server) in response to procedural requests. The personal information generation unit 133 generates personal information 120 by acquiring company/organization information from the consumer terminal 20 and storing the acquired company/organization information in the personal information 120. The output control unit 134 outputs the personal information 120 including company/organization information (registration information) to the company/organization server 50 . As a result, in the information management system 1 of the embodiment, the company/organization server 50 can perform procedures based on company/organization information, and the procedures can be easily performed.

The information management system 1 and the management server 10 in the above-mentioned embodiment may be realized in whole or in part by a computer. In that case, a program for realizing this function may be recorded in a computer-readable recording medium, and the program recorded in the recording medium may be read into the computer system and executed to realize the function. Note that the term "computer system" here includes hardware such as an OS and peripheral devices. Furthermore, the term "computer-readable recording medium" refers to portable media such as flexible disks, optical magnetic disks, ROMs, and CD-ROMs, and storage devices such as hard disks built into the computer system. Furthermore, the term "computer-readable recording medium" may include a medium that dynamically holds a program for a short period of time, such as a communication line when transmitting a program via a network such as the Internet or a communication line such as a telephone line, and a medium that holds a program for a certain period of time, such as a volatile memory inside a computer system that is a server or client in such a case. Furthermore, the above-mentioned program may be a program for realizing a part of the above-mentioned function, or may be a program that can realize the above-mentioned function in combination with a program already recorded in the computer system, or may be a program that is realized using a programmable logic device such as an FPGA (Field Programmable Gate Array).

Although the embodiments of the present invention have been described above in detail with reference to the drawings, the specific configuration is not limited to these embodiments, and includes designs within the scope of the gist of the present invention.

DESCRIPTION OF SYMBOLS 1... Information management system, 10... Management server, 12... Storage unit, 120... Personal information, 13... Control unit, 130... Acquisition unit, 131... Public personal authentication control unit, 132... Carrier authentication control unit, 133... Principal Information generation unit, 134... Output control unit, 20... Consumer terminal, 200... Card, 201... Electronic certificate, 30... Mobile carrier server, 40... Authentication server, 50... Company/organization server (external server)

Claims (3)

A consumer terminal that sends a procedure request that requests a procedure involving identity verification and that includes a telephone number;
an authentication server that performs public personal authentication using a personal card that is a public certificate;
a mobile carrier server that performs carrier authentication using carrier contract information regarding a contract between a communication carrier that provides a communication service using a telephone number and a contract user who uses the communication service;
management server,
Equipped with
The management server is
a public personal authentication control unit that executes processing for performing the public personal authentication by the authentication server in response to the procedure request;
a carrier authentication control unit that executes processing for performing the carrier authentication by the mobile carrier server;
A person who generates personal information by linking the consumer's four basic information obtained through the public personal authentication, the carrier contract information of the consumer obtained through the carrier authentication, and the telephone number of the consumer terminal. Information generation section,
an output control unit that outputs the personal information to an external server with the consumer's consent;
has,
Information management system. In response to the procedure request, the personal information generation unit obtains, from the consumer terminal, registered information regarding a service used by the consumer at a company or organization corresponding to the external server, and includes the acquired registered information. generating the personal information;
The output control unit outputs the personal information including the registration information to the external server.
The information management system according to claim 1. A consumer terminal that sends a procedure request that requests a procedure involving identity verification that includes a telephone number, an authentication server that performs public personal authentication using a personal card that is a public certificate, and a telephone An information management system comprising: a mobile carrier server that performs carrier authentication using carrier contract information regarding a contract between a communication carrier that provides a communication service using a number and a contract user who uses the communication service; and a management server. An information management method that performs
In the management server,
a public personal authentication control unit executes processing for performing the public personal authentication by the authentication server in response to the procedure request;
a carrier authentication control unit executes processing for performing the carrier authentication by the mobile carrier server,
The personal information generation unit links the consumer's four basic information obtained through the public personal authentication, the carrier contract information of the consumer obtained through the carrier authentication, and the telephone number of the consumer terminal. Generate personal information,
an output control unit outputs the personal information to an external server with the consumer's consent;
Information management method.

Images