[go: up one dir, main page]

WO2025062777A1 - Terminal, système, procédé de commande de terminal et support de stockage - Google Patents

Terminal, système, procédé de commande de terminal et support de stockage Download PDF

Info

Publication number
WO2025062777A1
WO2025062777A1 PCT/JP2024/023145 JP2024023145W WO2025062777A1 WO 2025062777 A1 WO2025062777 A1 WO 2025062777A1 JP 2024023145 W JP2024023145 W JP 2024023145W WO 2025062777 A1 WO2025062777 A1 WO 2025062777A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
terminal
certificates
service provider
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/JP2024/023145
Other languages
English (en)
Japanese (ja)
Inventor
真司 秩父
日菜彌 三富
一史 星
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Publication of WO2025062777A1 publication Critical patent/WO2025062777A1/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services

Definitions

  • the present invention is based on the priority claim of Japanese Patent Application: Patent Application No. 2023-150845 (filed on September 19, 2023), the entire contents of which are incorporated herein by reference.
  • the present invention relates to a terminal, a system, a terminal control method, and a program.
  • Patent Document 1 describes that it provides a management server, ID registration system, ID registration method, and program that can securely register ID information indicated by an existing ID card to a mobile terminal with a simple procedure.
  • the management server in Patent Document 1 has a communication unit and a processor.
  • the communication unit communicates with the mobile terminal.
  • the processor receives information including the result of reading the code image from the mobile terminal that reads a code image generated in response to an application to register ID information indicated by an existing ID card to the mobile terminal, via the communication unit.
  • the processor confirms the legitimacy based on the result of reading the code image included in the information received from the mobile terminal, it transmits the ID information to be registered on the mobile terminal via the communication unit to the mobile terminal.
  • a service provider may require multiple certificates when providing a service to a user.
  • the service provider will inform the user of the required certificates, and the user will operate their smartphone to select multiple certificates specified by the service provider and present them to the service provider.
  • the user may find the certificates stored on their smartphone difficult to handle (may find them inconvenient).
  • the main objective of the present invention is to provide a terminal, a system, a terminal control method, and a program that contribute to improving the convenience of users who receive services from a service provider that uses multiple certificates to provide services.
  • a terminal includes a storage means for storing a plurality of certificates in a digital wallet, and a usage control means for providing at least two or more certificates designated by a service provider from among the plurality of certificates stored in the digital wallet to the service provider.
  • a system includes a service provider device and a terminal, the terminal having a storage means for storing a plurality of certificates in a digital wallet, and a usage control means for transmitting at least two or more certificates designated by the service provider from among the plurality of certificates stored in the digital wallet to the service provider device.
  • a method for controlling a terminal in which a plurality of certificates are stored in a digital wallet in the terminal, and at least two or more certificates designated by the service provider are provided to the service provider from among the plurality of certificates stored in the digital wallet.
  • a program is provided to cause a computer installed in a terminal to execute a process of storing a plurality of certificates in a digital wallet, and a process of providing at least two or more certificates designated by a service provider from among the plurality of certificates stored in the digital wallet to the service provider.
  • a terminal, a system, a terminal control method, and a program are provided that contribute to improving the convenience of a user who receives a service from a service provider that uses multiple certificates to provide the service.
  • the effects of the present invention are not limited to the above.
  • the present invention may achieve other effects instead of or in addition to the above effects.
  • FIG. 1 is a diagram for explaining an overview of an embodiment.
  • FIG. 2 is a flow chart illustrating the operation of one embodiment.
  • FIG. 3 is a diagram illustrating an example of a schematic configuration of an information processing system according to an embodiment of the present disclosure.
  • FIG. 4 is a diagram illustrating an example of a display of a terminal according to an embodiment of the present disclosure.
  • FIG. 5 is a diagram for explaining the operation of the information processing system according to the embodiment of the present disclosure.
  • FIG. 6 is a diagram illustrating an example of a processing configuration of a terminal according to an embodiment of the present disclosure.
  • FIG. 7 is a diagram for explaining the operation of the terminal according to the embodiment of the present disclosure.
  • FIG. 1 is a diagram for explaining an overview of an embodiment.
  • FIG. 2 is a flow chart illustrating the operation of one embodiment.
  • FIG. 3 is a diagram illustrating an example of a schematic configuration of an information processing system according to an embodiment of the present disclosure.
  • FIG. 4 is a diagram
  • FIG. 8 is a diagram illustrating an example of a processing configuration of a server device according to an embodiment of the present disclosure.
  • FIG. 9 is a diagram illustrating an example of a user management database according to an embodiment of the present disclosure.
  • FIG. 10 is a diagram illustrating an example of a processing configuration of a carrier terminal according to an embodiment of the present disclosure.
  • FIG. 11 is a sequence diagram illustrating an example of the operation of the information processing system according to the embodiment of the present disclosure.
  • FIG. 12 is a diagram for explaining the operation of an information processing system according to a modified example of the embodiment of the present disclosure.
  • FIG. 13 is a diagram illustrating an example of a hardware configuration of a terminal according to the present disclosure.
  • the terminal 100 includes a storage means 101 and a usage control means 102 (see FIG. 1).
  • the storage means 101 stores multiple certificates in a digital wallet (step S1 in FIG. 2).
  • the usage control means 102 provides the service provider with at least two or more certificates designated by the service provider from among the multiple certificates stored in the digital wallet (step S2).
  • the terminal 100 stores multiple certificates (electronic certificates) issued to the user in a digital wallet.
  • the terminal 100 When the terminal 100 is requested by a service provider to provide at least two or more certificates, it reads out the specified certificates from the certificates stored in the digital wallet and provides the read out at least two or more certificates to the service provider.
  • the user does not need to select the certificates necessary to enjoy the service, improving the user's convenience.
  • the service provider requests the user to provide numerous certificates, the user can receive services from the service provider without increasing the burden on the user.
  • the information processing system includes at least one certificate issuer and at least one service provider.
  • a certificate issuer is an entity that issues certificates to users.
  • a certificate issuer is an organization that has the authority to issue the certificate desired by the user.
  • a certificate issuer issues certificates that attest to the user's identity, certificates that attest to the user's belonging to its organization, certificates that attest to the qualifications held by the user, etc.
  • certificate issuers For example, public institutions that issue identification documents such as driver's licenses, passports, and My Number cards are equivalent to certificate issuers. Alternatively, companies that issue employee ID cards to their employees and educational institutions such as universities and vocational schools that issue student ID cards to students are equivalent to certificate issuers. Alternatively, organizations, associations, etc. that issue certificates to certify the qualifications or language skills required for a specified job are equivalent to certificate issuers.
  • Each certificate issuer is equipped with a server device 10.
  • the server device 10 is a server that performs the processes and operations necessary to carry out the business of the certificate issuer.
  • the server device 10 may be managed and operated by the certificate issuer, or may be outsourced to another business entity.
  • the server device 10 may be installed in the building of the certificate issuer, or may be installed on a network (cloud).
  • a certificate issuer issues a certificate when a user becomes part of its organization.
  • a company issues an employee ID card (digital employee ID card) to an employee when he or she joins the company.
  • a university issues a student ID card (digital student ID card) to a student when he or she enrolls.
  • a certificate issuer issues a certificate in response to a request from a user.
  • a company issues a certificate of employment (digital certificate of employment) in response to a request from an employee.
  • a public institution in response to a user's request, a public institution will issue an electronic certificate (electronic certificate for storage on a smartphone, etc.) that corresponds to the electronic certificate installed on the My Number card.
  • an electronic certificate electronic certificate for storage on a smartphone, etc.
  • My Number electronic certificate the electronic certificate for storage on a smartphone, etc.
  • a service provider is a business that provides services to users.
  • examples of service providers include banks and securities companies that provide financial services.
  • businesses that operate transportation such as trains, buses, and airplanes could be service providers.
  • businesses such as retail stores and restaurants could be service providers.
  • Service providers are not limited to private companies, and public institutions such as city halls, and organizations such as NGOs (Non-Governmental Organizations) and NPOs (Non-Profit Organizations) are also included in the service providers disclosed in this application.
  • the same business may act as both a certificate issuer and a service provider.
  • the service provider requires the user to present at least two or more certificates according to the company's (organization's) business, etc.
  • a bank may require a user applying for a mortgage to present an identification card and a certificate of employment.
  • Each service provider has a service server 20 for providing services to users.
  • the service server 20 provides services to users via a specific website.
  • the service provider may provide the service to the user via an employee or the like.
  • the service provider may be equipped with a business operator terminal 21.
  • the business operator terminal 21 may be a terminal such as a personal computer, a tablet-type terminal, or a POS (Point of Sale) terminal.
  • the employee or the like of the service provider operates the business operator terminal 21 to provide the service to the user.
  • the service server 20 and the business operator terminal 21 verify at least two or more certificates presented by the user. If the verification of each certificate is successful, the service is provided to the user.
  • the user possesses the terminal 30.
  • the user operates the terminal 30 to request (demand) the issuance of a certificate from a certificate issuer.
  • the user also uses the terminal 30 to provide the service provider with the certificate requested by the service provider (for example, a My Number electronic certificate or a digital certificate of employment).
  • Each device shown in FIG. 3 is connected to a network.
  • the server device 10 the service server 20, the operator terminal 21, and the terminal 30 are connected to the network by wired or wireless communication means.
  • each certificate issuer may include multiple server devices 10.
  • each service provider may include multiple service servers 20 and multiple business terminals 21.
  • the user terminal 30 has a digital wallet function.
  • the digital wallet is an electronic information storage service that guarantees information security such as data integrity, reliability, and availability.
  • the user installs an application to realize a digital wallet on the terminal 30 that the user owns.
  • an application to realize a digital wallet on the terminal 30 that the user owns.
  • the user can store various digital content on the terminal 30, such as identification documents such as a passport, driver's license, My Number card, employee ID card, student ID card, various ticket information such as airline tickets and boarding passes, and electronic money.
  • the user's terminal 30 stores digital content as shown in FIG. 4.
  • the digital content stored in the terminal 30 includes official identification documents such as passports, driver's licenses, and My Number cards, as well as employee ID cards issued by companies.
  • a user acquires digital content to be stored in a digital wallet. For example, when a user joins a company, the user can acquire an employee ID card (digital employee ID card).
  • the user operates the terminal 30 to input information such as the user's name, sex, address, date of birth, employee number, department, contact information, and biometric information (face information) into the server device 10 of the company where the user works.
  • the server device 10 When the server device 10 acquires the employee's name, etc., it creates an account for that employee (employee account). After creating the employee account, the server device 10 creates a digital employee ID card and sends it to the terminal 30.
  • the user operates the terminal 30 to request the certificate issuer to issue a certificate.
  • the user requests a public institution to issue a My Number electronic certificate.
  • the digital wallet application requests a public institution to issue a My Number electronic certificate.
  • the user operates the terminal 30 to request the issuance of a certificate of employment from the company where the user works.
  • the terminal 30 internally stores certificates (e.g., digital employee ID cards, My Number electronic certificates, digital employment certificates) obtained from certificate issuers such as companies and public institutions, and manages them so that they can be used in the digital wallet.
  • certificates e.g., digital employee ID cards, My Number electronic certificates, digital employment certificates
  • a user provides a service provider with a certificate required by the service provider.
  • the user provides the service provider with multiple certificates (e.g., a My Number electronic certificate and a digital employment certificate).
  • the terminal 30 reads the certificate required by the service provider from the digital wallet and provides the read certificate to the service provider's device (service server 20, business operator terminal 21).
  • the service provider's service server 20 or the business terminal 21 transmits a "certificate request" to the terminal 30 (see FIG. 5).
  • the certificate request describes information about at least two or more certificates required by the service provider to provide the service (certificates required to determine whether the service can be provided).
  • the certificate request describes the type of certificate the service provider requests to be provided.
  • the terminal 30 reads the certificate specified by the certificate provision request and transmits it to the service server 20 or the operator terminal 21.
  • the service server 20 and the business operator terminal 21 verify the acquired certificate.
  • the service server 20 and the business operator terminal 21 verify the digital signature attached to the certificate to confirm that the acquired certificate has not been tampered with.
  • the service server 20 and the business operator terminal 21 successfully verify each of the acquired certificates, they can provide the service to the user.
  • FIG. 6 is a diagram illustrating an example of a processing configuration (processing module) of the terminal 30 according to an embodiment of the present disclosure.
  • the terminal 30 includes a communication control unit 201, an acquisition control unit 202, a usage control unit 203, and a storage unit 204.
  • the communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the server device 10. The communication control unit 201 also transmits data to the server device 10. The communication control unit 201 passes data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 201.
  • the communication control unit 201 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
  • the acquisition control unit 202 is a means for controlling the acquisition of certificates. As described above, there are two ways to acquire a certificate: the user registers their own information with a certificate issuer (e.g., the company where they work), and the user requests a certificate issuer (e.g., a public institution) to issue a certificate.
  • a certificate issuer e.g., the company where they work
  • a certificate issuer e.g., a public institution
  • the acquisition control unit 202 accesses the server device 10 of the certificate issuer (the user's employer) in accordance with the user's operations.
  • the user enters their name, date of birth, etc., on a website or the like provided by the server device 10.
  • the server device 10 sends to the terminal 30 a certificate (e.g., a digital employee ID or digital student ID) that proves that the user belongs to the organization.
  • a certificate e.g., a digital employee ID or digital student ID
  • the acquisition control unit 202 stores the received certificate in a digital wallet.
  • the acquisition control unit 202 acquires a certificate from a certificate issuer by requesting the certificate issuer to issue a certificate. That is, the acquisition control unit 202 acquires the certificate desired by the user by requesting the certificate issuer to issue the certificate desired by the user.
  • the acquisition control unit 202 stores the acquired certificate in a digital wallet.
  • the acquisition control unit 202 controls the acquisition of the certificate desired by the user.
  • the acquisition control unit 202 acquires the information required to request the issuance of a certificate using a GUI (Graphical User Interface) or the like. First, the acquisition control unit 202 acquires the certificate (type of certificate) that the user wishes to acquire.
  • GUI Graphic User Interface
  • the acquisition control unit 202 acquires information necessary for the certificate issuer to issue the certificate, if necessary.
  • the acquisition control unit 202 acquires a predetermined PIN (a four-digit number or six to sixteen alphanumeric characters) from the user and reads the electronic certificate from the My Number card.
  • a predetermined PIN a four-digit number or six to sixteen alphanumeric characters
  • the acquisition control unit 202 acquires an employee number (employee ID) or the like to identify the user (employee).
  • the acquisition control unit 202 sends a "certificate issuance request" including the type of certificate requested to be issued and information required to issue the certificate (e.g., electronic certificate and employee number) to the server device 10 of the certificate issuer (see FIG. 7).
  • the acquisition control unit 202 sends the certificate issuance request to the server device 10 corresponding to the certificate (certificate type) selected by the user.
  • the acquisition control unit 202 acquires the destination of the certificate issuance request by referring to table information that stores the type of certificate in association with the address of the server device 10 of the certificate issuer that issues the certificate.
  • the acquisition control unit 202 receives a response (positive or negative response) to the certificate issuance request from the server device 10.
  • the acquisition control unit 202 If a negative response (certificate not issued) is received, the acquisition control unit 202 notifies the user that the certificate was not issued.
  • the acquisition control unit 202 stores the certificate received from the certificate issuer in the digital wallet. At that time, the acquisition control unit 202 may verify the electronic signature attached to the certificate, and store the successfully verified certificate in the digital wallet.
  • the acquisition control unit 202 acquires information necessary for the certificate issuer to issue a certificate from the user, and transmits a certificate issuance request including the information necessary to issue the acquired certificate to the server device 10 managed by the certificate issuer. By transmitting the certificate issuance request, the acquisition control unit 202 acquires the certificate desired by the user from the server device 10.
  • the usage control unit 203 receives a "certificate provision request" from the service provider's service server 20 or the business operator terminal 21.
  • the certificate request includes information identifying at least two or more certificates required by the service provider (e.g., the type of certificate).
  • the usage control unit 203 reads the certificate specified by the service provider in response to the certificate provision request from the digital wallet.
  • the usage control unit 203 sends an affirmative response including the two or more certificates that were read to the service provider's device (service server 20, business operator terminal 21).
  • the usage control unit 203 sends a negative response to the service provider's device (service server 20, business operator terminal 21) indicating that the specified certificate does not exist.
  • the usage control unit 203 receives a certificate provision request from the service provider's device, the certificate provision request including information identifying at least two or more certificates required when the service provider provides a service to a user.
  • the usage control unit 203 reads from the digital wallet a certificate corresponding to the information identifying the at least two or more certificates included in the certificate provision request, and transmits the at least two or more certificates that have been read to the service provider's device.
  • the storage unit 204 is a means for storing information necessary for the operation of the terminal 30.
  • the storage unit 204 stores multiple certificates (multiple electronic certificates) in a digital wallet.
  • the storage unit 204 stores information (e.g., employee number) required by the certificate issuer to issue a certificate, as necessary.
  • [Server device] 8 is a diagram illustrating an example of a processing configuration (processing module) of the server device 10 according to the embodiment of the present disclosure.
  • the server device 10 includes a communication control unit 301, a user management unit 302, an issuance request processing unit 303, and a storage unit 304.
  • the communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the terminal 30. The communication control unit 301 also transmits data to the terminal 30. The communication control unit 301 passes data received from other devices to other processing modules. The communication control unit 301 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 301.
  • the communication control unit 301 has a function as a receiving unit that receives data from other devices, and a function as a transmitting unit that transmits data to other devices.
  • the user management unit 302 is a means for managing users belonging to the organization.
  • the user management unit 302 acquires the user's name, sex, date of birth, address, contact information (telephone number, email address, etc.), biometric information (facial image), etc. from a specified web page, etc.
  • the user management unit 302 generates a user ID for identifying the user.
  • the user ID may be any information that can uniquely identify the user.
  • the user management unit 302 may assign a unique value each time a user is registered as the user ID.
  • the user management unit 302 stores the generated user ID and the acquired name, etc. in a user management database (see FIG. 9).
  • a user management database see FIG. 9.
  • the user management database shown in FIG. 9 is an example and is not intended to limit the items, etc., to be stored.
  • the user management database stores not only the names of the users, but also information about the year of employment (year of enrollment), work-related information, grades, etc.
  • the user management unit 302 When an entry is added to the user management database and an account is created, the user management unit 302 generates a certificate (e.g., an employee ID or student ID). Specifically, the user management unit 302 generates the certificate by attaching the digital signature of the user's organization to a file that includes information such as the user's name, date of birth, department (affiliated department), and contact information.
  • a certificate e.g., an employee ID or student ID.
  • the user management unit 302 generates the certificate by attaching the digital signature of the user's organization to a file that includes information such as the user's name, date of birth, department (affiliated department), and contact information.
  • the user management unit 302 sends the generated certificate to the terminal 30.
  • the issuance request processing unit 303 is a means for processing the "certificate issuance request" received from the terminal 30.
  • the issuance request processing unit 303 uses the information contained in the certificate issuance request to determine whether or not the specified certificate can be issued.
  • the issuance request processing unit 303 searches the user management database using the employee number (employee ID) included in the certificate issuance request as a key.
  • the issuance request processing unit 303 sends a negative response to the terminal 30 indicating that the certificate issuance has failed.
  • the issuance request processing unit 303 If the search is successful, the issuance request processing unit 303 generates a certificate of employment using the information stored in the user management database. The issuance request processing unit 303 generates a certificate of employment by attaching the company's digital signature to a digital file that includes the years of employment, etc. The issuance request processing unit 303 sends an affirmative response including the generated certificate (e.g., a certificate of employment) to the terminal 30.
  • the generated certificate e.g., a certificate of employment
  • the issuance request processing unit 303 determines the validity of the electronic certificates (signature electronic certificate, user authentication electronic certificate) included in the request.
  • the issuance request processing unit 303 sends the electronic certificate to a certification authority called J-LIS (Japan Agency for Local Authority Information Systems) to request a determination of validity.
  • J-LIS Joint Agency for Local Authority Information Systems
  • the issuance request processing unit 303 sends a negative response to the terminal 30 indicating that the certificate issuance has failed.
  • the issuance request processing unit 303 If the certification authority determines that the electronic certificate is valid, the issuance request processing unit 303 generates an electronic certificate to store in the terminal 30 and transmits an affirmative response including the generated electronic certificate to the terminal 30.
  • the memory unit 304 is a means for storing information necessary for the operation of the server device 10.
  • FIG. 10 is a diagram illustrating an example of a processing configuration (processing module) of the operator terminal 21 according to the embodiment of the present disclosure.
  • the operator terminal 21 includes a communication control unit 401, a service provision control unit 402, and a storage unit 403.
  • the communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the service server 20 of the service provider. The communication control unit 401 also transmits data to the service server 20. The communication control unit 401 passes the data received from other devices to other processing modules. The communication control unit 401 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data with other devices via the communication control unit 401.
  • the communication control unit 401 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
  • the service provision control unit 402 is a means for executing control regarding the services provided to users.
  • the service provision control unit 402 acquires information about the service desired by the user in response to operations by employees of the service provider, etc. For example, the service provision control unit 402 of the business operator terminal 21 installed at a bank acquires "application for a mortgage.”
  • the service provision control unit 402 identifies the type of certificate (at least two or more certificates required to provide the service) corresponding to the acquired service. In the above example, a "My Number electronic certificate” and a “certificate of employment” are identified.
  • the service provision control unit 402 sends a "certificate provision request" including the identified certificate type to the user's terminal 30.
  • the terminal 30 and the operator terminal 21 communicate with each other using short-range wireless communication such as Bluetooth (registered trademark) or NFC (Near Field Communication).
  • short-range wireless communication such as Bluetooth (registered trademark) or NFC (Near Field Communication).
  • the service provision control unit 402 receives a response (positive or negative response) to the certificate provision request from the terminal 30.
  • the service provision control unit 402 If a negative response is received, the service provision control unit 402 notifies employees of the service provider that the necessary certificate cannot be obtained. For example, the service provision control unit 402 displays a message to that effect on an LCD monitor or outputs it from a speaker.
  • the service provision control unit 402 verifies the validity of each certificate acquired from the terminal 30. Specifically, when the service provision control unit 402 acquires a certificate with a digital signature, if the verification of the digital signature is successful, the service provision control unit 402 determines that the certificate is valid.
  • the service provision control unit 402 when the service provision control unit 402 obtains a My Number electronic certificate, it sends the electronic certificate to a certification authority such as J-LIS and requests that it determine its validity.
  • a certification authority such as J-LIS
  • the service provision control unit 402 notifies employees of the service provider that the required certificate cannot be obtained.
  • the service provision control unit 402 If each of the acquired certificates is valid, the service provision control unit 402 notifies the service provider (such as an employee of the service provider) of that fact. Alternatively, the service provision control unit 402 provides the certificate (the contents of the certificate) to the employee, etc., as necessary. For example, the service provision control unit 402 prints the certificate, displays the contents of the certificate on a display, etc., or transmits the certificate to a terminal held by the employee, etc.
  • the service provision control unit 402 prints the certificate, displays the contents of the certificate on a display, etc., or transmits the certificate to a terminal held by the employee, etc.
  • the memory unit 403 is a means for storing information necessary for the operation of the operator terminal 21.
  • the service server 20 may obtain a certificate required for providing a service by using a web page or the like.
  • the service server 20 may obtain two or more certificates required for providing a service by performing an operation similar to that of the service provision control unit 402 of the business operator terminal 21.
  • FIG. 11 is a sequence diagram showing an example of the operation of the information processing system according to the embodiment disclosed herein. The operation of the information processing system according to the first embodiment will be described with reference to FIG. 11.
  • the user's terminal 30 sends a "certificate issuance request" to the server device 10 of the certificate issuer that has the authority to issue the certificate (step S01).
  • the server device 10 generates a certificate based on the information contained in the certificate issuance request and sends it to the terminal 30 (step S02).
  • the terminal 30 stores the received certificate (electronic certificate) in a digital wallet (stores the certificate; step S03).
  • the business terminal 21 of the service provider transmits a "certificate provision request" to the terminal 30 of the user (step S11).
  • the business terminal 21 transmits the certificate provision request, which includes information identifying each of the multiple certificates (certificate type), to the terminal 30.
  • the terminal 30 reads the multiple certificates specified by the certificate provision request from the digital wallet, and transmits the multiple certificates that have been read to the operator terminal 21 (step S12).
  • the business operator terminal 21 determines the validity of each of the multiple certificates acquired and notifies employees of the service provider of the determination result (step S13).
  • the terminal 30 may obtain the unstored certificate from the certificate issuer.
  • the usage control unit 203 of the terminal 30 notifies the acquisition control unit 202 of the certificates (certificate types) that are not stored in the digital wallet, among the certificates specified by the service provider's service server 20 or the business operator terminal 21.
  • the acquisition control unit 202 acquires the notified certificate from the certificate issuer. Specifically, the acquisition control unit 202 transmits to the server device 10 a "certificate issuance request" that includes the type of certificate requested to be issued and the information necessary to issue the certificate. At that time, the acquisition control unit 202 acquires, as necessary, information from the user that is necessary for the certificate issuer to issue the certificate (for example, an employee number or an electronic certificate stored on a My Number card).
  • the acquisition control unit 202 When the acquisition control unit 202 acquires a certificate from the certificate issuer (server device 10), it stores the acquired certificate in a digital wallet. The acquisition control unit 202 also notifies the usage control unit 203 that the certificate has been stored in the digital wallet.
  • the terminal 30 requests the employer to issue a certificate of employment.
  • the terminal 30 sends the acquired certificate of employment and My Number electronic certificate to the bank (bank service server 20 or business operator terminal 21).
  • the terminal 30 acquires an insurance premium card deduction certificate from the insurance company.
  • the terminal 30 transmits the acquired deduction certificate, My Number electronic certificate, etc. to the service server 20 of the employer's company, etc.
  • the acquisition control unit 202 of the terminal 30 requests the certificate issuer to issue the certificate. More specifically, the acquisition control unit 202 requests the certificate issuer that has the authority to issue the certificate that is not stored in the digital wallet to issue the certificate that is not stored in the digital wallet. The acquisition control unit 202 acquires the certificate that is not stored in the digital wallet by sending a certificate issuance request to the server device 10 of the certificate issuer that has the authority to issue the certificate that is specified by the service provider and is not stored in the digital wallet.
  • ⁇ Modification 2> the issuance of a certificate is assumed to be based on a so-called public key infrastructure.
  • the certificate issuer may issue verifiable credentials (VCs) as a certificate, which does not require the presence of a certificate authority and whose contents can be verified online.
  • VCs verifiable credentials
  • the user's terminal 30 generates a pair of a public key and a private key.
  • the terminal 30 also generates a decentralized identifier (DID).
  • the terminal 30 registers the generated DID (holder ID) and public key in the blockchain (step S21 in FIG. 12).
  • the user's terminal 30 presents the holder ID and requests the certificate issuer (server device 10) to issue a VC (VC issuance request; step S22).
  • the server device 10 In response to this request, the server device 10 generates a VC with an issuer ID and holder ID assigned. First, the server device 10 generates the issuer's DID, private key, and public key. The server device 10 then generates a VC that includes metadata including the type of VC, the issuing organization name, the date and time of issue, etc., the credential information body, and the issuer's public key information, electronic signature, etc. Specific information certified by the issuer (for example, information about the employee's employment status and language achievements, etc.) is described in the credential information body.
  • the server device 10 sends the generated VCs to the terminal 30 of the user (VCs holder; VCs issuance requester) (VCs issuance; step S23).
  • the server device 10 registers the issuer ID and the generated public key in the blockchain (step S24).
  • the terminal 30 stores the received VCs in the digital wallet. For example, when the terminal 30 held by an employee requests the issuance of an employment certificate from the employer, the terminal 30 stores the VCs related to the employment certificate in the digital wallet.
  • the terminal 30 In response to a request from a service provider (verifier), the terminal 30 provides the service provider with the VCs (certificates) stored in the digital wallet.
  • the terminal 30 provides the VCs to the service provider's operator terminal 21 or the like using short-range wireless communication means or the like (presentation of VCs; step S25).
  • the terminal 30 selects specified VCs (multiple VCs) from among the multiple VCs stored in the digital wallet.
  • the terminal 30 signs the selected multiple VCs using a private key corresponding to its own DID (holder ID).
  • the terminal 30 transmits the signed VCs to the service provider's operator terminal 21 or the like.
  • the service provider's operator terminal 21 acquires the issuer ID and holder ID contained in each received VC.
  • the operator terminal 21 acquires the public key corresponding to the acquired issuer ID and the public key corresponding to the acquired holder ID from the blockchain, and verifies the VCs (signature) (step S26). Specifically, the operator terminal 21 verifies the holder's signature attached to the multiple VCs and the issuer's signature attached to each VC. By verifying these signatures, the operator terminal 21 verifies that the VCs acquired from the user (the holder of the VCs) have not been tampered with and are VCs issued by a trusted issuer, etc.
  • the provider terminal 21 If the provider terminal 21 successfully verifies the VCs, it provides the service to the user (service provision; step S27).
  • the terminal 30 stores multiple certificates (electronic certificates) issued to a user in a digital wallet.
  • the terminal 30 When the terminal 30 is requested by a service provider to provide at least two or more certificates (when requested from an external source), it reads out the specified certificate from the digital wallet.
  • the terminal 30 provides the service provider with the at least two or more certificates that it has read out. Since the user does not need to select the certificate required to receive a service from the service provider, convenience for the user is improved.
  • the certificates issued to a user from each certificate issuer are linked (linked) in the digital wallet, so the terminal 30 can smoothly respond to requests to present multiple certificates even when such requests are made.
  • digital employee ID cards, My Number electronic certificates, employment certificates, etc. are stored and managed in association with each other in the digital wallet, so the terminal 30 can instantly provide information required by public institutions, employers, etc.
  • Figure 13 is a diagram showing an example of the hardware configuration of terminal 30.
  • the terminal 30 can be configured by an information processing device (so-called a computer) and has the configuration shown in FIG. 13.
  • the terminal 30 has a processor 311, a memory 312, an input/output interface 313, and a communication interface 314.
  • the components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
  • the terminal 30 may include hardware not shown, and may not include the input/output interface 313 as necessary.
  • the number of processors 311 and the like included in the terminal 30 is not intended to be limited to the example shown in FIG. 13, and for example, the terminal 30 may include multiple processors 311.
  • the processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
  • OS operating system
  • Memory 312 may be a RAM (Random Access Memory), a ROM (Read Only Memory), a HDD (Hard Disk Drive), a SSD (Solid State Drive), etc. Memory 312 stores the OS program, application programs, and various data.
  • RAM Random Access Memory
  • ROM Read Only Memory
  • HDD Hard Disk Drive
  • SSD Solid State Drive
  • the input/output interface 313 is an interface for a display device and an input device (not shown).
  • the display device is, for example, a liquid crystal display.
  • the input device is, for example, a device that accepts user operations such as a keyboard or mouse.
  • the communication interface 314 is a circuit, module, etc. that communicates with other devices.
  • the communication interface 314 includes a NIC (Network Interface Card), etc.
  • the functions of the terminal 30 are realized by various processing modules.
  • the processing modules are realized, for example, by the processor 311 executing a program stored in the memory 312.
  • the program can be recorded on a computer-readable storage medium.
  • the storage medium can be a non-transitory medium such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium.
  • the present invention can also be embodied as a computer program product.
  • the program can be downloaded via a network, or updated using a storage medium that stores the program.
  • the processing modules may also be realized by a semiconductor chip.
  • server device 10 the service server 20, the business operator terminal 21, etc. can also be configured using information processing devices, just like the terminal 30, and their basic hardware configurations are no different from those of the terminal 30, so a description of them will be omitted.
  • the terminal 30, which is an information processing device, is equipped with a computer, and the functions of the terminal 30 can be realized by having the computer execute a program.
  • the terminal 30 also executes a control method for the terminal 30 by means of the program.
  • the server device 10 is equipped with a computer, and the functions of the server device 10 can be realized by having the computer execute a program.
  • the server device 10 also executes a control method for the server device 10 by means of the program.
  • the terminal 30 may perform identity verification using an identification card (passport, driver's license, My Number card, etc.).
  • the terminal 30 may open a digital wallet if one-to-one authentication using the biometric information recorded on the identification card and the biometric information of the digital wallet creator (the user who operates the terminal 30) is successful.
  • the user has one terminal 30.
  • the user may have multiple terminals 30.
  • the user may open a digital wallet on each terminal 30.
  • each terminal 30 may share the certificate stored in the digital wallet.
  • the user can utilize the certificate stored in each terminal 30.
  • each terminal 30 performs identity verification when opening a digital wallet as described above, and the certificate is shared between terminals 30 for which identity verification has been completed.
  • two terminals 30 communicate by short-range wireless communication such as Bluetooth (registered trademark), and verify whether the communication partner is a terminal 30 for which identity verification of the user has been completed. If the communication partner is a terminal 30 for which identity verification has been completed, the terminal 30 transmits and receives the certificate stored in each other's digital wallet to synchronize the digital wallets.
  • the terminal 30 may obtain consent from the user to submit the certificate before submitting the certificate to the service provider.
  • the terminal 30 may provide the service provider only with certificates for which consent has been obtained from the user.
  • Some of the functions of the terminal 30 may be implemented in another apparatus, device, etc. More specifically, the above-described “acquisition control unit (acquisition control means)” and “usage control unit (usage control means)” may be implemented in any of the apparatuses included in the system.
  • each device e.g., server device 10, service server 20, business operator terminal 21, terminal 30
  • data transmitted and received between these devices may be encrypted. Certificates and the like are transmitted and received between these devices, and in order to appropriately protect this information, it is desirable to transmit and receive encrypted data.
  • each embodiment may be used alone or in combination.
  • [Appendix 1] a storage means for storing a plurality of certificates in a digital wallet; a usage control means for providing at least two or more certificates designated by a service provider from among the plurality of certificates stored in the digital wallet to the service provider;
  • a terminal comprising: [Appendix 2] The terminal described in Appendix 1, wherein the usage control means receives a certificate request from the service provider's device, the certificate request including information identifying the at least two or more certificates required when the service provider provides a service to a user, reads a certificate from the digital wallet corresponding to the information identifying the at least two or more certificates included in the certificate request, and transmits the at least two or more certificates read to the service provider's device.
  • Appendix 3 The terminal described in Appendix 2, further comprising an acquisition control means for acquiring the certificate desired by the user by requesting issuance of the certificate desired by the user from a certificate issuer that has the authority to issue the certificate desired by the user, and storing the acquired certificate in the digital wallet.
  • Appendix 4 The terminal described in Appendix 3, wherein the acquisition control means acquires information necessary for the certificate issuer to issue the certificate from the user, and transmits a certificate issuance request including the information necessary to issue the acquired certificate to a server device managed by the certificate issuer, thereby acquiring the certificate desired by the user from the server device.
  • Appendix 5 The terminal described in Appendix 4, wherein, when there is a certificate that is not stored in the digital wallet among at least two or more certificates specified by the service provider, the acquisition control means acquires the certificate that is not stored in the digital wallet by requesting the certificate issuer that has the authority to issue the certificate that is not stored in the digital wallet to issue the certificate that is not stored in the digital wallet.
  • a service provider device A terminal, Including, The terminal includes: a storage means for storing a plurality of certificates in a digital wallet; a usage control means for transmitting at least two or more certificates designated by a service provider from among the plurality of certificates stored in the digital wallet to the service provider's device;
  • a system comprising: [Appendix 7] On the terminal, Store multiple certificates in a digital wallet, A method for controlling a terminal, comprising providing at least two or more certificates designated by a service provider from among a plurality of certificates stored in the digital wallet to the service provider.
  • Appendix 8 The computer installed in the terminal storing the plurality of certificates in a digital wallet; A process of providing at least two or more certificates designated by a service provider from among the plurality of certificates stored in the digital wallet to the service provider; A program for executing.
  • Server device 20
  • Service server 21
  • Business operator terminal 30
  • Terminal 100
  • Storage means 102
  • Usage control means 201
  • Communication control unit 202
  • Acquisition control unit 203
  • Usage control unit 204
  • Storage unit 301
  • Communication control unit 302
  • User management unit 303 Issue request processing unit 304
  • Storage unit 311 Processor 312 Memory 313 Input/output interface 314
  • Communication interface 401

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Tourism & Hospitality (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Strategic Management (AREA)
  • Primary Health Care (AREA)
  • General Business, Economics & Management (AREA)
  • Marketing (AREA)
  • Human Resources & Organizations (AREA)
  • Economics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention concerne un terminal qui contribue à l'amélioration de la commodité pour utilisateur qui bénéficie de la fourniture d'un service par un fournisseur de services qui fournit le service à l'aide d'une pluralité de certificats. Le terminal comprend un moyen de stockage et un moyen de contrôle d'utilisation. Le moyen de stockage stocke la pluralité de certificats dans un portefeuille numérique. Le moyen de commande d'utilisation fournit, au fournisseur de services, au moins deux certificats spécifiés par le fournisseur de services parmi la pluralité de certificats qui sont stockés dans le portefeuille numérique.
PCT/JP2024/023145 2023-09-19 2024-06-26 Terminal, système, procédé de commande de terminal et support de stockage Pending WO2025062777A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2023-150845 2023-09-19
JP2023150845 2023-09-19

Publications (1)

Publication Number Publication Date
WO2025062777A1 true WO2025062777A1 (fr) 2025-03-27

Family

ID=95072658

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2024/023145 Pending WO2025062777A1 (fr) 2023-09-19 2024-06-26 Terminal, système, procédé de commande de terminal et support de stockage

Country Status (1)

Country Link
WO (1) WO2025062777A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002324049A (ja) * 2001-04-25 2002-11-08 Nippon Telegr & Teleph Corp <Ntt> アクセス制御方法及びシステム
JP2005267520A (ja) * 2004-03-22 2005-09-29 Ntt Comware Corp 証明書相互認証システム、及び証明書相互認証方法
JP7151944B1 (ja) * 2021-09-30 2022-10-12 日本電気株式会社 認証端末、システム、認証端末の制御方法及びプログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002324049A (ja) * 2001-04-25 2002-11-08 Nippon Telegr & Teleph Corp <Ntt> アクセス制御方法及びシステム
JP2005267520A (ja) * 2004-03-22 2005-09-29 Ntt Comware Corp 証明書相互認証システム、及び証明書相互認証方法
JP7151944B1 (ja) * 2021-09-30 2022-10-12 日本電気株式会社 認証端末、システム、認証端末の制御方法及びプログラム

Similar Documents

Publication Publication Date Title
US20210287770A1 (en) Electronic patient credentials
US20220277295A1 (en) Systems and methods for use in managing complex user credentials
US10721077B2 (en) Using multiple digital identification documents to control information disclosure
CN102271040B (zh) 身份验证系统和方法
JP7687505B2 (ja) 端末、情報処理装置、端末の制御方法及びプログラム
JP7639825B2 (ja) 認証サーバ、認証システム、認証要求処理方法及びプログラム
KR20230016231A (ko) 선택적 프로모션 제공이 가능한 블록체인 did 기반 통합인증결제 단말기, 플랫폼 시스템 및 그것의 제어 방법
WO2024024043A1 (fr) Système et procédé
WO2025057526A1 (fr) Terminal, système, procédé de commande de terminal et support de stockage
WO2025062777A1 (fr) Terminal, système, procédé de commande de terminal et support de stockage
WO2020202326A1 (fr) Programme, dispositif et procédé de traitement d&#39;informations
JP2024112432A (ja) サーバ、それを備えた情報管理システム、および情報管理方法
JP7758263B1 (ja) 端末、端末の制御方法及びプログラム
JP7485187B1 (ja) 端末、システム、端末の制御方法及びプログラム
JP7740609B1 (ja) サーバ装置、端末、サーバ装置の制御方法及びプログラム
CN115867908A (zh) 基于生物特征信息的电子认证书管理方法
KR20220070104A (ko) 선택적 푸시 알림 제공이 가능한 블록체인 did 기반 통합인증결제 단말기, 플랫폼 시스템 및 그것의 제어 방법
JP7501822B1 (ja) サーバ装置、システム、サーバ装置の制御方法及びプログラム
JP2021150705A (ja) 電子認定証受渡システムおよびプログラム
JP2025110643A (ja) サーバ装置、サーバ装置の制御方法及びプログラム
JP2021150704A (ja) 電子認定証受渡システムおよびプログラム
WO2025257933A1 (fr) Terminal, procédé de commande de terminal et support de stockage
WO2025115463A1 (fr) Terminal, système, procédé de commande de terminal et support de stockage
WO2025079242A1 (fr) Terminal, terminal d&#39;opérateur, procédé de commande pour terminal, et support de stockage
JP2025112740A (ja) 情報処理システムおよび情報処理方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24867863

Country of ref document: EP

Kind code of ref document: A1