Server, server control method, program and system

The system improves the reliability of digital student IDs by validating IDs through a two-server architecture, ensuring authenticity and reducing forgery risks.

JP2026095586APending Publication Date: 2026-06-11NEC CORP

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
NEC CORP
Filing Date
2026-04-01
Publication Date
2026-06-11

Smart Images

  • Figure 2026095586000001_ABST
    Figure 2026095586000001_ABST
Patent Text Reader

Abstract

This system contributes to improving the reliability of digital student IDs. [Solution] The system includes a first server and a second server. The first server controls the digital student ID. The second server stores a first ID associated with an electronic certificate stored in an identification card and a second ID used by educational institutions to manage students, in association with each other. The first server notifies the second server of the second ID of a student who wishes to use a digital student ID. If the first ID corresponding to the notified second ID is valid, the second server generates a digital student ID for the student who wishes to use a digital student ID and sends the generated digital student ID to the first server.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present invention relates to a system and a method.

Background Art

[0002] There is technology related to digitized student ID cards.

[0003] For example, Patent Document 1 describes providing a digital student ID conversion system for digitizing student ID cards. The digital student ID conversion system of Patent Document 1 is a system that displays a digital student ID on an electronic medium to be carried. The system includes a school database, a student ID app, and an operation management server. The school database is a database into which information for converting into a digital student ID from student or pupil information possessed by the school is input. The student ID app is an app for converting a student ID into a digital student ID. The operation management server manages and operates the student ID app and the school database. The school database is assigned a school-specific school account for the digital student ID from the operation management server and has an ID and password for each student or pupil. In the system of Patent Document 1, the student ID is converted into a digital student ID based on the ID and password and the face photo stored in the electronic medium to be carried by the student ID app downloaded by the electronic medium to be carried.

Prior Art Documents

Patent Documents

[0004]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0005] As disclosed in Patent Document 1, student ID cards may be digitized. Student ID cards are sometimes used as proof of a student's identity. Therefore, reliability is required for student ID cards. However, digitized information is easily susceptible to forgery, and it is necessary to ensure the reliability of digitized student ID cards.

[0006] The primary objective of this invention is to provide a system and method that contribute to improving the reliability of digital student ID cards. [Means for solving the problem]

[0007] According to a first aspect of the present invention, a system is provided that includes a first server for controlling a digital student ID, and a second server for storing, in association with a first ID linked to an electronic certificate stored in an identification card and a second ID for educational institutions to manage students, wherein the first server notifies the second server of the second ID of a student who wishes to use the digital student ID, and the second server, if the first ID corresponding to the notified second ID is valid, generates a digital student ID for the student who wishes to use the digital student ID and transmits the generated digital student ID to the first server.

[0008] A second aspect of the present invention provides a system including a first server that controls a digital student ID, and a second server that stores in association a first ID linked to an electronic certificate stored in an identification card and a second ID for an educational institution to manage students, wherein the first server notifies the second server of the second ID of a student who wishes to use the digital student ID, and the second server, if the first ID corresponding to the notified second ID is valid, generates a digital student ID for the student who wishes to use the digital student ID and transmits the generated digital student ID to the first server. [Effects of the Invention]

[0009] From each perspective of the present invention, a system and method are provided that contribute to improving the reliability of digital student IDs. However, the effects of the present invention are not limited to those described above. The present invention may produce other effects in lieu of or in conjunction with the effects described above. [Brief explanation of the drawing]

[0010] [Figure 1] Figure 1 is a diagram illustrating the outline of one embodiment. [Figure 2] Figure 2 is a flowchart illustrating the operation of one embodiment. [Figure 3] Figure 3 shows an example of a schematic configuration of the information processing system according to the first embodiment. [Figure 4] Figure 4 is a diagram illustrating the operation of the information processing system according to the first embodiment. [Figure 5] Figure 5 is a diagram illustrating the operation of the information processing system according to the first embodiment. [Figure 6] Figure 6 shows an example of the display of a terminal according to the first embodiment. [Figure 7] Figure 7 shows an example of the processing configuration of a digital student ID server according to the first embodiment. [Figure 8] Figure 8 shows an example of the processing configuration of the ID management server according to the first embodiment. [Figure 9] Figure 9 shows an example of an ID management database according to the first embodiment. [Figure 10] Figure 10 is a flowchart showing an example of the operation of the digital student ID generation unit according to the first embodiment. [Figure 11] Figure 11 is a flowchart showing an example of the operation of the digital student ID generation unit according to the first embodiment. [Figure 12] Figure 12 is a sequence diagram showing an example of the operation of the information processing system according to the first embodiment. [Figure 13] Figure 13 shows an example of the hardware configuration of the ID management server disclosed in this application. [Modes for carrying out the invention]

[0011] First, an overview of one embodiment will be described. The reference numerals in the drawings attached to this overview are provided for convenience as examples to aid understanding, and this overview is not intended to be limiting in any way. Furthermore, unless otherwise specified, the blocks shown in each drawing represent functional units, not hardware units. The connecting lines between blocks in each drawing include both bidirectional and unidirectional lines. Unidirectional arrows schematically indicate the flow of the main signal (data) and do not exclude bidirectional flow. In this specification and in the drawings, elements that can be similarly described are given the same reference numerals to avoid redundant explanation.

[0012] A system according to one embodiment includes a first server 101 and a second server 102 (see Figure 1). The first server 101 controls the digital student ID. The second server 102 stores a first ID associated with an electronic certificate stored in an identification card and a second ID used by educational institutions to manage students, in association with each other. The first server 101 notifies the second server 102 of the second ID of a student who wishes to use a digital student ID (step S1 in Figure 2). If the first ID corresponding to the notified second ID is valid, the second server 102 generates a digital student ID for the student who wishes to use a digital student ID and transmits the generated digital student ID to the first server 101 (step S2).

[0013] In the above system, when the first ID of a student who wishes to obtain a digital student ID is valid, the second server 102 generates the digital student ID of that student. The second server 102 issues a digital student ID when the electronic certificate (the electronic certificate associated with the first ID) stored in the identity certificate (for example, the My Number card) is valid, and does not issue a digital student ID when the electronic certificate is invalid. That is, since the digital student ID generated by the second server 102 is issued to a student who has been identified by the identity certificate, it has high reliability.

[0014] Specific embodiments will be described in more detail below with reference to the drawings.

[0015] [First Embodiment] The first embodiment will be described in more detail with reference to the drawings.

[0016] [System Configuration] FIG. 3 is a diagram showing an example of the schematic configuration of an information processing system (student ID management system, ID management system) according to the first embodiment. As shown in FIG. 3, the information processing system includes a digital student ID server 10, an ID management server 20, an authentication server 30, and a plurality of university servers 40.

[0017] The digital student ID server 10 is a server device (first server) that manages and controls student IDs (digital student IDs) issued to students of each university participating in the system.

[0018] The ID management server 20 is a server device (second server) that manages the IDs issued to students. The ID management server 20 stores the first ID associated with the electronic certificate stored in the identity certificate and the second ID for the educational institution to manage students in association with each other. Details regarding these IDs will be described later.

[0019] The authentication server 30 is a server device (third server) that performs the authentication of electronic certificates requested by users. The authentication server 30 controls the validity determination of electronic certificates. The authentication server 30 is managed by the business operator that performs the authentication of electronic certificates.

[0020] The university server 40 is a server device (the fourth server) that controls the operations of each university participating in the system. The university server 40 stores student information about enrolled students.

[0021] Students use terminal 50 to access the digital student ID server 10, etc.

[0022] The servers shown in Figure 3 (digital student ID server 10, ID management server 20, authentication server 30, university server 40, etc.) are configured to communicate with each other via a network. For example, the digital student ID server 10 and the ID management server 20 are connected by wired or wireless communication means and are configured to communicate with each other.

[0023] The configuration of the information processing system shown in Figure 3 is illustrative and not intended to limit its configuration. For example, the information processing system may include multiple digital student ID servers 10, etc.

[0024] [General operation] Next, we will describe the general operation of the information processing system according to the first embodiment.

[0025] <Issuance of Educational Digital IDs> New students receive a digital student ID from the university they are enrolling in. To receive a digital student ID, new students must obtain an educational digital ID. The educational digital ID is a second ID used to identify students within the educational institution.

[0026] To obtain an educational digital ID, new students launch the "Digital Student ID Application" installed on terminal 50 and request the system to issue an educational digital ID through that application.

[0027] At that time, incoming students are required to register information for identity verification in the system. This identity verification is carried out using an identification document issued by a public institution. Specifically, an IC (Integrated Circuit) card containing an electronic certificate is used for identity verification. In this disclosure, the My Number Card is used as an example to explain the process as an IC card (identification document) containing an electronic certificate.

[0028] Terminal 50 reads the electronic certificate (for example, the user authentication electronic certificate) stored on the My Number Card in response to the user's (new student's) operation. Terminal 50 sends an "ID issuance request" to the authentication server 30, which includes the read electronic certificate and contact information (for example, an email address that Terminal 50 can receive emails from) (Step S01 in Figure 4).

[0029] By sending an ID verification request, the incoming student (terminal 50) requests the authentication server 30 to verify their identity using their My Number Card.

[0030] Upon receiving an ID issuance request, the authentication server 30 requests the certification authority server (not shown) to verify the digital certificate included in the ID issuance request. Specifically, the authentication server 30 sends the obtained digital certificate to the certification authority server.

[0031] The Certificate Authority (CA) server is a server device managed by a corporation jointly operated by the national and local governments, known as J-LIS (Japan Agency for Local Authority Information Systems). The CA server verifies the validity of electronic certificates (My Number Cards).

[0032] The Certificate Authority server sends the verification result of the digital certificate obtained from the Authentication Server 30 (whether the digital certificate is valid or invalid) back to the Authentication Server 30.

[0033] If the certification authority server fails to verify the digital certificate (i.e., the digital certificate is invalid), the authentication server 30 notifies the terminal 50 that it has failed to issue the educational digital ID.

[0034] In this case, the digital student ID application on terminal 50 notifies the user (new student) that the issuance of the educational digital ID has failed. At that time, terminal 50 may also notify the user that the issuance of the educational digital ID failed because the electronic certificate read from the My Number Card was invalid.

[0035] If the certification authority server successfully verifies the digital certificate (i.e., the digital certificate is valid), the authentication server 30 issues an "end-user ID" to the student. The end-user ID is a unique ID (first ID) that uniquely corresponds to the serial number of the digital certificate. This end-user ID is linked to the validity status of the My Number Card. In other words, if the My Number Card expires, the end-user ID also becomes invalid.

[0036] When an end-user ID is issued, the authentication server 30 associates the issued end-user ID with the serial number of the digital certificate and stores it in the database.

[0037] Furthermore, when an end-user ID is issued, the authentication server 30 notifies the ID management server 20 of the issued end-user ID. Specifically, the authentication server 30 sends an "end-user ID notification" containing the end-user ID and contact information to the ID management server 20 (step S02 in Figure 4).

[0038] Upon receiving an end-user ID notification, the ID management server 20 generates an educational digital ID. The ID management server 20 associates the end-user ID obtained from the authentication server 30 with the generated educational digital ID and stores it in the ID management database. Details of the ID management database will be described later.

[0039] The ID management server 20 notifies the digital student ID server 10 of the generated educational digital ID. Specifically, the ID management server 20 sends an "educational digital ID notification" containing the educational digital ID and contact information to the digital student ID server 10 (step S03 in Figure 4).

[0040] Upon receiving an educational digital ID notification, the digital student ID server 10 generates an account for managing the student's (new student's) digital student ID. After generating the account, the digital student ID server 10 stores the acquired educational digital ID as the student's login information.

[0041] Furthermore, the digital student ID server 10 notifies the terminal 50 (the terminal 50 corresponding to the contact information obtained from the ID management server 20) of the educational digital ID. Specifically, the digital student ID server 10 sends an "ID issuance notification" containing the educational digital ID to the terminal 50 (step S04 in Figure 4). The terminal 50 stores the received educational digital ID (login information).

[0042] In this manner, the authentication server 30 (third server) receives an ID issuance request, including an electronic certificate, from the terminal 50 held by the student. The authentication server 30 controls the validity determination of the received electronic certificate (requests the certification authority server to determine the validity of the electronic certificate), and if the electronic certificate is found to be valid, it generates an end-user ID (first ID) for the student who wishes to have an ID issued. The authentication server 30 stores the generated end-user ID in association with the serial number of the valid electronic certificate. Furthermore, the authentication server 30 transmits the generated end-user ID to the ID management server 20 (second server).

[0043] The ID management server 20 generates an educational digital ID (second ID) in response to the receipt of an end-user ID. The ID management server 20 stores the received end-user ID in association with the generated educational digital ID and transmits the generated educational digital ID to the digital student ID server 10 (first server).

[0044] The digital student ID server 10 notifies students who wish to obtain the aforementioned educational digital ID of the notified educational digital ID. At that time, the digital student ID server 10 notifies students who wish to obtain the aforementioned ID of the notified educational digital ID as login information.

[0045] <Issuance of Digital Student ID Cards> Once the issuance of the educational digital ID is complete, students (new students) can receive a digital student ID card. Specifically, new students operate terminal 50 to launch the digital student ID application and log in to their account on the digital student ID server 10.

[0046] When a new student requests the issuance of a digital student ID card, the digital student ID server 10 obtains information to identify the new student (student identification information). Examples of student identification information include the student's name or a combination of name and date of birth. Alternatively, if the new student has received notification of their student ID number from the university in advance, the student ID number may be used as student identification information.

[0047] Furthermore, the digital student ID server 10 obtains information to identify the university to which the incoming student will enroll (university identification information; for example, university name or university code).

[0048] Upon obtaining student identification information and university identification information, the digital student ID server 10 sends a "digital student ID generation request" to the ID management server 20, which includes the educational digital ID, student identification information, and university identification information (step S11 in Figure 5).

[0049] The digital student ID server 10 requests the ID management server 20 to verify the validity of the educational digital ID by sending the educational digital ID to the ID management server 20.

[0050] Upon receiving a request to generate a digital student ID, the ID management server 20 requests the authentication server 30 to verify the validity of the end-user ID corresponding to the educational digital ID. Specifically, the ID management server 20 accesses the ID management database and reads the end-user ID corresponding to the acquired educational digital ID. The ID management server 20 then sends an "end-user ID verification request" containing the read end-user ID to the authentication server 30 (step S12 in Figure 5).

[0051] Upon receiving an end-user ID verification request, the authentication server 30 determines the validity of the electronic certificate (My Number Card) associated with that end-user ID. Specifically, the authentication server 30 accesses a database that stores the end-user ID and the serial number of the electronic certificate, and reads the serial number of the electronic certificate corresponding to the acquired end-user ID.

[0052] The authentication server 30 sends the read serial number to the certification authority server (a server operated by J-LIS) and requests the certification authority server to determine the validity of the digital certificate corresponding to the serial number of the digital certificate.

[0053] The authentication server 30 sends a response to the ID management server 20 in accordance with the response from the certification authority server (whether the digital certificate corresponding to the serial number is valid or invalid) (step S13 in Figure 5).

[0054] Specifically, when the authentication server 30 receives a response from the certification authority server indicating that the digital certificate is valid, it sends an affirmative response to the ID management server 20 indicating that the end-user ID is valid. When the authentication server 30 receives a response from the certification authority server indicating that the digital certificate is invalid, it sends a negative response to the ID management server 20 indicating that the end-user ID is invalid.

[0055] If the end-user ID is valid, the ID management server 20 determines that the educational digital ID obtained from the digital student ID server 10 is valid. If the educational digital ID is valid, the ID management server 20 requests the university to which the incoming student will enroll (the university identified from the university identification information) to verify the student who wishes to be issued a digital student ID. Specifically, the ID management server 20 sends a "current student verification request" to the university server 40, which includes the educational digital ID and student identification information (step S14 in Figure 5).

[0056] The ID management server 20 sends a student verification request to the university server 40, thereby requesting the university to determine (verify) whether or not a student who wishes to be issued a digital student ID is enrolled at the university specified by that student.

[0057] Upon receiving a student verification request, the university server 40 refers to a student information database that stores the name, date of birth, biometric information (e.g., facial image), and faculty of the incoming student, and determines whether the student (incoming student) corresponding to the student identification information is registered in the database. The university server 40 sends the determination result to the ID management server 20 (step S15 in Figure 5).

[0058] If the student corresponding to the student identification information is not registered in the student information database, the university server 40 sends a negative response to the ID management server 20 indicating that no student corresponding to the student identification information exists.

[0059] If a student corresponding to the student identification information is registered in the student information database, the university server 40 sends an affirmative response to the ID management server 20 that includes information about the student corresponding to the student identification information (student information). For example, the university server 40 sends the student's name, date of birth, university name, faculty, department, student ID number, biometric information, address of the university, and contact information of the university to the ID management server 20 as "student information".

[0060] Furthermore, if a student corresponding to the student identification information is registered in the student information database, the university server 40 stores the educational digital ID obtained from the ID management server 20 in the student information database.

[0061] The university (university server 40) manages students using the educational digital ID as new student identification information. Specifically, the university server 40 stores the educational digital ID, student personal information (name, date of birth, etc.), biometric information (e.g., facial image), student ID number, faculty affiliation, course registration information (information related to grades; e.g., credits earned, attendance information), etc., in association with each other.

[0062] The ID management server 20 sends a response to the digital student ID generation request to the digital student ID server 10 (step S16 in Figure 5).

[0063] If the authentication server 30 notifies that "the end user ID is invalid," the ID management server 20 sends a negative response to the digital student ID server 10 indicating that it is not possible to generate a digital student ID.

[0064] Alternatively, if the ID management server 20 receives a negative response from the university server 40 in response to a student verification request, it also sends the negative response to the digital student ID server 10.

[0065] If the ID management server 20 receives an acknowledgment from the university server 40, it generates (issues) a digital student ID card. The ID management server 20 uses the student information obtained from the university server 40 to generate "card information" to be written on the digital student ID card, and then generates a digital student ID card that includes this card information.

[0066] The digital student ID will include the student's name, date of birth, student ID number, biometric information (such as a facial image), and information about the university they belong to.

[0067] When a digital student ID is generated, the ID management server 20 sends an acknowledgment containing the generated digital student ID to the digital student ID server 10.

[0068] Furthermore, once the issuance of the digital student ID is complete, the ID management server 20 registers student identification information (e.g., student ID number) that identifies the student who received the digital student ID and university identification information (e.g., university name) that identifies the university in the ID management database. In other words, when a digital student ID is issued to a student, the ID management server 20 stores the student's end-user ID, educational digital ID, student ID number, and university name in association with each other.

[0069] Upon receiving an acknowledgment of the request to generate a digital student ID card, the digital student ID server 10 notifies the student (new student) that the issuance of the digital student ID card has been completed. Alternatively, the digital student ID server 10 may display the issued digital student ID card on the terminal 50. For example, the terminal 50 displays a digital student ID card as shown in Figure 6.

[0070] <Using a digital student ID> Next, we will explain how students can use digital student IDs. Students can use digital student IDs as identification.

[0071] In this case, the student operates terminal 50 to log in to the digital student ID server 10. Specifically, the student launches the digital student ID application and sends login information (educational digital ID) to the digital student ID server 10 via the application.

[0072] The digital student ID server 10 authenticates students using login information (educational digital ID). Once a student logs into their account on the digital student ID server 10, they operate terminal 50 to perform a predetermined action and request the display of their digital student ID.

[0073] Upon receiving a request to display a digital student ID, the digital student ID server 10 sends a "digital student ID generation request" to the ID management server 20, just as it did when generating the digital student ID.

[0074] Upon receiving a request to generate a digital student ID card, the ID management server 20 searches the ID management database using the educational digital ID included in the request as a key and identifies the corresponding entry. If the student ID number is registered in the corresponding entry (i.e., a digital student ID card has already been issued), the ID management server 20 processes the request to generate a digital student ID card based on a predetermined policy (digital student ID card control policy).

[0075] For example, the digital student ID control policy includes a policy regarding the validity verification of end-user IDs (validity verification of My Number cards).

[0076] Policies regarding the validity verification of end-user IDs include, for example, rules (criteria) regarding the frequency and timing of verifying the validity of end-user IDs. For example, policies regarding the validity of end-user IDs may include "verifying the validity of the end-user ID each time the digital student ID is used" or "verifying the validity of the end-user ID if a specified period has elapsed since the previous validity verification." Alternatively, the policy regarding the validity verification of end-user IDs may be "verifying the validity of the end-user ID after a specified period has elapsed." For example, if the specified period is "first half" and "second half," then verification of the end-user ID only needs to be performed once every six months. Alternatively, the policy regarding the validity verification of end-user IDs may be "if the end-user ID is not verified more than a specified number of times within a specified period, then verifying the validity of the end-user ID from the specified number onward will be performed." For example, if the specified period is six months and the specified number of times is five, then the validity of the end-user ID will not be verified up to five times within the six-month period, and will be verified from the sixth time onward.

[0077] If, in accordance with the digital student ID control policy, it is determined that verification of the validity of the end-user ID is necessary, the ID management server 20 performs the same processing as the digital student ID generation process shown in Figure 5.

[0078] Specifically, the ID management server 20 sends an end-user ID verification request to the authentication server 30. The ID management server 20 also sends a student verification request to the university server 40, which is identified from the university identification information. The ID management server 20 sends the student verification request which includes the educational digital ID or student ID number as student identification information.

[0079] The ID management server 20 generates a digital student ID card if the end-user ID is valid and student information can be retrieved from the university server 40. The ID management server 20 then sends the generated digital student ID card to the digital student ID server 10.

[0080] If, in accordance with the digital student ID control policy, it is determined that verification of the validity of the end-user ID is not required, the ID management server 20 sends a student verification request to the university server 40. In this case as well, the ID management server 20 sends a student verification request to the university server 40 that includes the educational digital ID or student ID number as student identification information.

[0081] The ID management server 20 generates a digital student ID card using student information obtained from the university server 40. The ID management server 20 then transmits the generated digital student ID card to the digital student ID server 10.

[0082] The digital student ID server 10 displays the digital student ID received from the ID management server 20 on the terminal 50. For example, a student presents their digital student ID to a third party to prove their identity. For example, when purchasing a commuter pass with a student discount, a student presents their digital student ID to the railway company. The railway company trusts the digital student ID, whose identity has been verified by a My Number Card, and sells the commuter pass.

[0083] In this manner, the digital student ID server 10 (first server) notifies the ID management server 20 (second server) of the educational digital ID (second ID) of students who wish to use a digital student ID. If the end-user ID (first ID) corresponding to the notified educational digital ID is valid, the ID management server 20 generates a digital student ID for the student who wishes to use a digital student ID and sends the generated digital student ID to the digital student ID server 10.

[0084] At that time, the ID management server 20 notifies the authentication server 30 (the third server) of the end-user ID corresponding to the notified educational digital ID, thereby requesting the authentication server 30 to make a determination regarding the validity of the end-user ID. The authentication server 30 controls the determination of the validity of the electronic certificate corresponding to the notified end-user ID and notifies the ID management server 20 of the determination result.

[0085] The ID management server 20 generates a digital student ID if the end-user ID corresponding to the notified educational digital ID is valid and if it has obtained student information from the university server 40 (the fourth server) for students who wish to use a digital student ID. For students for whom a digital student ID has already been issued, the ID management server 20 determines whether or not to request the authentication server 30 to verify the validity of the end-user ID, in accordance with a predetermined policy.

[0086] Next, we will describe the details of each device included in the information processing system according to the first embodiment.

[0087] [Digital Student ID Server] Figure 7 shows an example of the processing configuration (processing module) of the digital student ID server 10 according to the first embodiment. Referring to Figure 7, the digital student ID server 10 comprises a communication control unit 201, an ID issuance control unit 202, a digital student ID control unit 203, and a storage unit 204.

[0088] The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the ID management server 20. The communication control unit 201 also transmits data to the ID management server 20. The communication control unit 201 passes the data received from other devices to other processing modules. The communication control unit 201 transmits the data obtained from other processing modules to other devices. In this way, other processing modules send and receive data with other devices via the communication control unit 201. The communication control unit 201 has the function of a receiving unit that receives data from other devices and the function of a transmitting unit that transmits data to other devices.

[0089] The ID issuance control unit 202 is a means for controlling the issuance of educational digital IDs. The ID issuance control unit 202 processes educational digital ID notifications received from the ID management server 20.

[0090] Upon receiving an educational digital ID notification, the ID issuance control unit 202 generates an account for managing the digital student ID. Once the account is generated, the ID issuance control unit 202 manages the student's educational digital ID as login information for that account. The ID issuance control unit 202 may also generate an ID other than the educational digital ID as login information.

[0091] Furthermore, once a student account is generated, the ID issuance control unit 202 sends an "ID issuance notification" to the terminal 50 held by the incoming student who wishes to receive a digital student ID. The ID issuance notification includes login information (educational digital ID).

[0092] Furthermore, the ID issuance control unit 202 may treat the educational digital ID as a login ID and request the new student to set a password to log in to their account. Specifically, when the ID issuance control unit 202 sends the educational digital ID to the terminal 50, it may prompt the new student to decide on a password to log in to their account via the terminal 50.

[0093] The digital student ID control unit 203 is a means for controlling the digital student ID.

[0094] When a student who has logged into their account using their login information (educational digital ID) performs a predetermined action (for example, pressing the digital student ID issuance button displayed on terminal 50), the digital student ID control unit 203 acquires student identification information and university identification information.

[0095] For example, the digital student ID control unit 203 displays a GUI (Graphical User Interface) on the terminal 50 to obtain student identification information (e.g., a combination of name and date of birth) and university identification information (e.g., university name or university code).

[0096] Upon obtaining student identification information and university identification information, the digital student ID control unit 203 sends a "digital student ID generation request" containing the educational digital ID, student identification information, and university identification information to the ID management server 20.

[0097] The digital student ID control unit 203 receives a response (affirmative response, negative response) to the digital student ID generation request.

[0098] If an affirmative response (a response indicating that the digital student ID has been successfully generated) is received, the digital student ID control unit 203 notifies the new student that the digital student ID has been successfully issued. If a negative response (a response indicating that the digital student ID has not been successfully generated) is received, the digital student ID control unit 203 notifies the new student that the digital student ID has not been issued.

[0099] Furthermore, when a logged-in student performs a predetermined action (for example, pressing the button to display the digital student ID displayed on terminal 50), a "digital student ID generation request" containing the logged-in student's educational digital ID and university-specific information is sent to the ID management server 20.

[0100] The digital student ID control unit 203 processes the response from the ID management server 20 in the same way as when issuing a digital student ID.

[0101] The memory unit 204 is a means for storing information necessary for the operation of the digital student ID server 10.

[0102] [ID Management Server] Figure 8 shows an example of the processing configuration (processing module) of the ID management server 20 according to the first embodiment. Referring to Figure 8, the ID management server 20 comprises a communication control unit 301, an ID management unit 302, a digital student ID generation unit 303, and a storage unit 304.

[0103] The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the digital student ID server 10. The communication control unit 301 also transmits data to the digital student ID server 10. The communication control unit 301 passes the data received from other devices to other processing modules. The communication control unit 301 transmits the data acquired from other processing modules to other devices. In this way, other processing modules send and receive data with other devices via the communication control unit 301. The communication control unit 301 has the function of a receiving unit that receives data from other devices and the function of a transmitting unit that sends data to other devices.

[0104] The ID management unit 302 is a means for controlling and managing end-user IDs and educational digital IDs.

[0105] The ID management unit 302 receives an "end-user ID notification" from the authentication server 30. In response to receiving the end-user ID, the ID management unit 302 generates an educational digital ID. The educational digital ID can be any information that uniquely corresponds to the end-user ID. For example, the ID management unit 302 may assign a unique value each time it processes an end-user ID notification and use that as the educational digital ID.

[0106] When an educational digital ID is generated, the ID management unit 302 associates the end-user ID with the educational digital ID and stores it in the ID management database (see Figure 9). As shown in Figure 9, the ID management database stores the end-user ID, educational digital ID, student ID number, and university name in association. Although not shown in Figure 9, the ID management database also stores the history of end-user ID verification (date and time of sending the end-user ID verification request and the verification result).

[0107] Furthermore, the ID management database shown in Figure 9 is an example and is not intended to limit the items to be stored. For example, the creation date and time of the educational digital ID may be registered in the database.

[0108] The ID management unit 302 sends an educational digital ID notification to the digital student ID server 10, which includes the generated educational digital ID and contact information (for example, the contact information of the device 50 held by the student who wishes to be issued a digital student ID).

[0109] The digital student ID generation unit 303 is a means for generating digital student IDs. Figures 10 and 11 are flowcharts illustrating an example of the operation of the digital student ID generation unit 303 according to the first embodiment. The operation of the digital student ID generation unit 303 will be explained with reference to Figures 10 and 11.

[0110] Upon receiving a request to generate a digital student ID, the digital student ID generation unit 303 searches the ID management database using the educational digital ID included in the request as a key and identifies the corresponding entry (database search; step S101).

[0111] The digital student ID generation unit 303 determines whether or not a student ID is set in the "student ID" field of the corresponding entry (determine the presence or absence of a student ID; step S102).

[0112] If a student ID number is set (Step S103, Yes branch), the digital student ID generation unit 303 executes the processes from Step S201 onwards in Figure 11. The processes from Step S102 onwards will be described later.

[0113] If no student ID number is set (Step S103, No branch), the digital student ID generation unit 303 reads the end user ID of the identified entry. The digital student ID generation unit 303 sends an "end user ID verification request" containing the read end user ID to the authentication server 30 (Step S104).

[0114] The digital student ID generation unit 303 receives a response from the authentication server 30 to the end-user ID verification request.

[0115] If the authentication server 30 receives a negative response (end-user ID is invalid) (step S105, No branch), the digital student ID generation unit 303 sets the response to be sent to the digital student ID server 10 to a negative response (step S106).

[0116] If the authentication server 30 receives an affirmative response (end-user ID is valid) (step S105, Yes branch), the digital student ID generation unit 303 sends a "student verification request" to the university server 40 of the university identified from the university identification information (step S107). The student verification request includes the educational digital ID and student identification information.

[0117] The digital student ID generation unit 303 receives a response from the university server 40 to the student verification request.

[0118] If the university server 40 receives a negative response (a response indicating that the corresponding student is not enrolled) (step S108, No branch), the digital student ID generation unit 303 sets the response to be sent to the digital student ID server 10 to a negative response (step S106).

[0119] If the university server 40 receives an affirmative response (a response indicating that the corresponding student is enrolled) (step S108, Yes branch), the digital student ID generation unit 303 sets the response to be sent to the digital student ID server 10 to an affirmative response (step S109).

[0120] The digital student ID generation unit 303 generates a digital student ID using the student information (card information to be printed on the digital student ID) contained in the acknowledgment received from the university server 40 (step S110).

[0121] When a digital student ID card is generated (newly issued), the digital student ID card generation unit 303 stores the student ID number and university name obtained from the university server 40 in the ID management database.

[0122] The digital student ID generation unit 303 sends a response to the digital student ID generation request to the digital student ID server 10 (step S111). If an affirmative response is sent, the digital student ID generation unit 303 sends the generated digital student ID to the digital student ID server 10.

[0123] If the student ID number is set in the entry identified by searching the ID management database (step S103, Yes branch), the digital student ID generation unit 303 executes the process shown in Figure 11.

[0124] Specifically, the digital student ID generation unit 303 refers to a pre-configured digital student ID control policy (policy reference; step S201).

[0125] The digital student ID generation unit 303 refers to the digital student ID control policy and determines whether or not to verify the validity of the end user ID (determine whether or not to verify ID validity; step S202).

[0126] If verification of the validity of the educational digital ID is required (step S203, Yes branch), the digital student ID generation unit 303 executes the processes from step S104 onwards as shown in Figure 10.

[0127] If validity verification of the educational digital ID is not required (step S203, No branch), the digital student ID generation unit 303 executes the processes from step S107 onwards as shown in Figure 10.

[0128] If a student ID number is already set in the ID management database (i.e., a digital student ID has already been issued to the student), the digital student ID generation unit 303 may send a student verification request to the university server 40 that includes the student ID number in place of or in addition to the educational digital ID. That is, the educational digital ID or student ID number may be sent to the university server 40 as information to identify the student. The digital student ID generation unit 303 is not required to send student verification based on the digital student ID control policy.

[0129] The memory unit 304 is a means for storing information necessary for the operation of the ID management server 20.

[0130] [Authentication Server] The explanation of the processing configuration of the authentication server 30 is omitted. The authentication server 30 receives an ID issuance request and generates an end-user ID if the electronic certificate (My Number Card) is valid. For example, the authentication server 30 calculates the hash value of the serial number of the electronic certificate and uses the calculated hash value as the end-user ID. The authentication server 30 also processes the end-user ID verification request received from the ID management server 20.

[0131] [University Server] The explanation of the processing configuration and other details for the university server 40 will be omitted. The university server 40 stores student information about enrolled students, including incoming students. The university server 40 uses a student information database to manage students' names, dates of birth, facial images, and affiliated faculties.

[0132] [Terminal] Examples of terminal 50 include mobile devices such as smartphones, mobile phones, game consoles, and tablets, as well as computers (personal computers, laptops). Terminal 50 can be any device that can receive student input and communicate with the digital student ID server 10, etc. Further explanation of the processing configuration of terminal 50 is omitted. Students use the digital student ID application installed on terminal 50 to request the system to issue or display a digital student ID. Terminal 50 also reads the electronic certificate from the My Number Card by obtaining a four-digit PIN from the student or by performing authentication using facial information stored on the My Number Card.

[0133] [System operation] Next, the operation of the information processing system according to the first embodiment will be described. Figure 12 is a sequence diagram showing an example of the operation of the information processing system according to the first embodiment. Referring to Figure 12, the operation of the information processing system for issuing digital student ID cards will be described.

[0134] When a student requests the issuance of a digital student ID, the digital student ID server 10 sends a digital student ID generation request, including the student's educational digital ID, to the ID management server 20 (step S21).

[0135] The ID management server 20 requests the authentication server 30 to verify the validity of the end-user ID corresponding to the educational digital ID. The ID management server 20 sends an end-user ID verification request, including the end-user ID, to the authentication server 30 (step S22).

[0136] Upon receiving an affirmative response from the authentication server 30 stating that the end-user ID is valid, the ID management server 20 requests the university specified by the student to verify the existence of the student who wishes to be issued a digital student ID. Specifically, the ID management server 20 sends a student verification request to the university server 40, which includes the educational digital ID and student identification information (step S23).

[0137] When the ID management server 20 receives an affirmative response from the university server 40 confirming that the student is enrolled, the ID management server 20 generates a digital student ID card using the student information notified by the university server 40 (step S24).

[0138] The ID management server 20 sends the generated digital student ID to the digital student ID server 10 (step S25).

[0139] The digital student ID server 10 presents the acquired digital student ID to the student (new student) (step S26).

[0140] Next, a modified example of the information processing system according to the first embodiment will be described.

[0141] <Modification example 1 of the first embodiment> In the above embodiment, it was explained that if the authentication server 30 fails to verify the electronic certificate (i.e., an end-user ID is not generated), a digital student ID will not be issued. However, even if an end-user ID is not generated, the ID management server 20 may issue a provisional digital student ID.

[0142] For example, if a student requests the issuance of an educational digital ID while their My Number Card has expired, a provisional digital student ID may be issued. In this case, the ID management server 20 may issue a true digital student ID to the student for whom an end-user ID has been issued retrospectively.

[0143] If the verification result of the digital certificate performed by the certification authority server in response to the ID issuance request sent from terminal 50 is "digital certificate is invalid," the authentication server 30 issues a temporary end-user ID to the incoming student. This temporary end-user ID is stored in association with the contact information of terminal 50.

[0144] The authentication server 30 sends an end-user ID notification containing a temporary end-user ID to the ID management server 20. The ID management server 20 registers the temporary end-user ID in the ID management database. Upon receiving the temporary end-user ID, the ID management server 20 generates an educational digital ID and notifies the terminal 50 of the educational digital ID via the digital student ID server 10.

[0145] When a student requests the issuance of a digital student ID, the digital student ID server 10 sends a digital student ID generation request to the ID management server 20. If the end-user ID corresponding to the educational digital ID included in the digital student ID issuance request is a temporary end-user ID, the ID management server 20 sends a student verification request to the university server 40 without requesting verification from the authentication server 30.

[0146] Upon receiving a request to verify enrolled students, the ID management server 20 obtains student information and uses that information to issue a temporary digital student ID card. The ID management server 20 then provides the temporary digital student ID card to the enrolled student via the digital student ID server 10.

[0147] A student's terminal 50 that has received a temporary digital student ID will display the temporary digital student ID, clearly indicating that it is temporary.

[0148] When a My Number Card becomes valid, such as after an update, the student operates terminal 50 to request the issuance of an educational digital ID. If the authentication server 30 determines that the electronic certificate obtained from terminal 50 is valid, it determines whether or not a temporary end-user ID linked to the contact information of terminal 50 exists.

[0149] If a temporary end-user ID exists associated with the contact information of terminal 50, the authentication server 30 replaces the temporary end-user ID with the true end-user ID and stores it in the database (stored in association with the serial number of the digital certificate). Furthermore, the authentication server 30 sends the pair of the temporary end-user ID and the true end-user ID to the ID management server 20.

[0150] Upon receiving the pair of IDs, the ID management server 20 generates a true digital student ID for the student with the temporary end-user ID and notifies the terminal 50 that the true digital student ID has been issued. The ID management server 20 also updates the ID management database by overwriting the temporary end-user ID with the true end-user ID.

[0151] After the ID management database is updated, the ID management server 20 performs the normal operations related to the control and management of digital student IDs as described above.

[0152] Thus, if the end-user ID corresponding to the educational digital ID notified by the authentication server 30 is invalid (i.e., the My Number Card is invalid), the ID management server 20 may generate a temporary digital student ID for students who wish to use a digital student ID. The ID management server 20 may also set an expiration period for the temporary end-user ID obtained from the authentication server 30. If the true end-user ID is not received during the expiration period (i.e., the My Number Card is not renewed during the expiration period), the ID management server 20 may invalidate the temporary end-user ID. Similarly, the ID management server 20 may also set an expiration date for the temporary digital student ID. In this case, if the My Number Card is not renewed during the validity period of the temporary digital student ID, the temporary digital student ID becomes invalid.

[0153] <Modification example 2 of the first embodiment> Terminal 50 can provide the digital student ID to other devices. Specifically, terminal 50 can provide the information on the digital student ID to other devices using a two-dimensional barcode and contactless communication means such as NFC (Near Field Communication).

[0154] Other devices can provide various services to students using ticket information obtained through 2D barcodes or contactless communication methods. For example, a gate device installed at a university can obtain ticket information and then grant permission for its students to pass through.

[0155] Alternatively, other devices may acquire the student's biometric information using a 2D barcode or contactless communication method. The acquired biometric information may be used in services that utilize biometric authentication. For example, consider a case where a student purchases a beverage or other item from a vending machine installed on campus. In this case, the vending machine acquires the student's biometric information using a 2D barcode or the like. The vending machine also acquires the student's biometric information by taking a photograph of the student. The vending machine then transmits these two acquired biometric pieces of information to the university server 40.

[0156] The university server 40 performs a one-to-one matching using the two biometric pieces of information it has acquired. If the one-to-one matching is successful (confirming that the true owner of terminal 50 is using the vending machine), the university server 40 identifies the authenticated person through a matching process using the acquired biometric information and pre-registered biometric information. Subsequently, the university server 40 processes the payment using the account information (e.g., credit card information) of the identified authenticated person. If the payment process is successful, the student can purchase beverages, etc.

[0157] Thus, digital student IDs can provide biometric information to other devices through the display of a 2D barcode and contactless communication via NFC. The biometric information provided to other devices can be used in services that utilize biometric authentication. The biometric information provided to other devices (for example, a facial image) may be a facial image stored on a My Number Card.

[0158] <Modification example 3 of the first embodiment> Graduates can access the university server 40 directly or indirectly and obtain corresponding student information by verifying their identity using their end-user ID. The obtained student information can be submitted to a third party (such as a company) at the graduate's discretion.

[0159] For example, a graduate operates terminal 50 to request authentication server 30 to verify their digital certificate. If authentication server 30's verification result is "digital certificate is valid," terminal 50 requests university server 40 to provide student information (e.g., course completion certificate) along with the verification result from authentication server 30.

[0160] The university server 40 checks the verification results from the authentication server 30, and if the My Number Card (end-user ID) is valid, it sends the student information specified by the graduate to the terminal 50.

[0161] <Modification 4 of the first embodiment> University graduates can provide their student information (such as course completion certificates) to third parties.

[0162] The graduate operates terminal 50 to input a request for student information to the digital student ID server 10 via the digital student ID application. The digital student ID server 10 transmits the graduate's educational digital ID to the ID management server 20.

[0163] The ID management server 20 requests the authentication server 30 to verify the validity of the end-user ID corresponding to the educational digital ID.

[0164] If the end-user ID is valid (i.e., the My Number Card is valid), the ID management server 20 sends the educational digital ID to the university server 40, thereby obtaining the student information of the graduate (e.g., course completion certificate, etc.) from the university server 40.

[0165] The ID management server 20 transmits the acquired student information to the terminal 50 held by the graduate via the digital student ID server 10. The graduate can then submit the acquired student information to a third party (for example, a company) from the terminal 50.

[0166] In this way, graduates can undergo identity verification using their end-user ID and retrieve corresponding student information from the university server 40. The retrieved student information can be submitted to a third party (such as a company) at the graduate's discretion.

[0167] <Modification 5 of the First Embodiment> Students can temporarily suspend the use of their digital student ID if they lose their device (device 50) or their My Number Card. In other words, students can prevent the misuse of their digital student ID.

[0168] If a student loses their My Number Card, they must contact the call center or other relevant organization to have the card invalidated. When the My Number Card is invalidated, the authentication server 30 fails to verify the validity of the end-user ID, and the ID management server 20 is unable to generate a digital student ID.

[0169] If a student loses terminal 50, they should contact the university and have their status set to "Student Information Disclosure Prohibited." The university server 40 will not provide student information to the ID management server 20 for students who have been set to the "Student Information Disclosure Prohibited" status. As a result, the ID management server 20 will not be able to generate a digital student ID card.

[0170] As described above, when the ID management server 20 according to the first embodiment generates or displays a digital student ID, it requests the authentication server 30 to verify the validity of the end-user ID associated with the student's educational digital ID. The authentication server 30, upon receiving the request, determines that the end-user ID is valid if the electronic certificate (an electronic certificate read from the student's My Number Card) uniquely corresponding to the end-user ID is valid. In other words, the ID management server 20 indirectly requests the authentication server 30 to verify the validity of the My Number Card through the validity determination of the educational digital ID. If the educational digital ID is valid (if the My Number Card is valid), the ID management server 20 generates a digital student ID for the student who wishes to issue (or use) a digital student ID. As a result, the digital student ID generated by the ID management server 20 is issued to students whose identity has been verified by their My Number Card, and therefore has high reliability.

[0171] Next, we will describe the hardware of each device that makes up the information processing system. Figure 13 shows an example of the hardware configuration of the ID management server 20.

[0172] The ID management server 20 can be configured using an information processing device (a so-called computer), and has the configuration illustrated in Figure 13. For example, the ID management server 20 includes a processor 311, memory 312, input / output interface 313, and communication interface 314, etc. The components of the processor 311, etc., are connected by an internal bus or the like and are configured to communicate with each other.

[0173] However, the configuration shown in Figure 13 is not intended to limit the hardware configuration of the ID management server 20. The ID management server 20 may include hardware not shown, and it may not have to have an input / output interface 313 if necessary. Also, the number of processors 311 etc. included in the ID management server 20 is not intended to be limited to the example in Figure 13; for example, multiple processors 311 may be included in the ID management server 20.

[0174] The processor 311 is a programmable device such as a CPU (Central Processing Unit), MPU (Micro Processing Unit), or DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs, including an operating system (OS).

[0175] Memory 312 includes RAM (Random Access Memory), ROM (Read Only Memory), HDD (Hard Disk Drive), SSD (Solid State Drive), etc. Memory 312 stores the OS program, application programs, and various data.

[0176] The input / output interface 313 is an interface for a display device or input device (not shown). The display device is, for example, a liquid crystal display. The input device is, for example, a device that accepts user input such as a keyboard or mouse.

[0177] The communication interface 314 is a circuit, module, etc., that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card), etc.

[0178] The functions of the ID management server 20 are realized by various processing modules. These processing modules are realized, for example, by the processor 311 executing a program stored in memory 312. The program can also be recorded on a computer-readable storage medium. The storage medium can be a non-transitory material such as semiconductor memory, hard disk, magnetic recording medium, or optical recording medium. In other words, the present invention can also be embodied as a computer program product. Furthermore, the program can be downloaded via a network or updated using the storage medium on which the program is stored. Moreover, the processing module may be realized by a semiconductor chip.

[0179] Furthermore, the digital student ID server 10, etc., can also be configured using an information processing device, similar to the ID management server 20. Since its basic hardware configuration is no different from that of the ID management server 20, the explanation will be omitted.

[0180] The ID management server 20, which is an information processing device, is equipped with a computer, and its functions can be realized by having the computer execute a program. Furthermore, the ID management server 20 executes a control method for the ID management server 20 through this program.

[0181] [Differentiation] The configuration and operation of the information processing system described in the above embodiment are illustrative examples and are not intended to limit the system configuration.

[0182] In the above embodiment, a university was used as an example of an educational institution, but the educational institution may be a high school, a vocational school, or the like. Furthermore, the educational institution is not limited to one in Japan, but may also be an educational institution in a foreign country.

[0183] In the above embodiment, the My Number Card was used as an example of an identification document equipped with an electronic certificate for identity verification, but other identification documents may be used.

[0184] In the above embodiment, a user authentication certificate was used as an example of the electronic certificate verified by the authentication server 30 (certification authority server). However, the authentication server 30 (certification authority server) may also verify a signature electronic certificate. That is, the authentication server 30 may manage the serial number of the signature electronic certificate in association with the end user ID.

[0185] In the above embodiment, the case was described in which the ID management server 20 obtains student information of a student who will receive a digital student ID by sending a student verification request to the university server 40 (steps S14 and S15 in Figure 5). However, if the ID management server 20 stores student information for each university, these steps are unnecessary.

[0186] Furthermore, although the procedures for issuing end-user IDs and digital student IDs were described as separate steps in the above embodiment, the issuance of end-user IDs and digital student IDs may be performed in a series of procedures. Specifically, upon receiving an "end-user ID notification" from the authentication server 30, the ID management server 20 obtains student information by sending a "student verification request" to the university server 40. The ID management server 20 generates a digital student ID using the acquired student information and sends the generated digital student ID to the digital student ID server 10. The digital student ID server 10 provides the student with an educational digital ID and a digital student ID. In this way, when the issuance of end-user IDs and digital student IDs are performed in a series of procedures, the verification of end-user IDs (steps S12 and S13 in Figure 5) may be omitted.

[0187] In the above embodiment, it was explained that each student's student ID number is registered in the ID management database in order to identify (manage) students who have been issued a digital student ID (see Figure 9). Here, the information used to identify students who have been issued a digital student ID is not limited to the student ID number; any information can be used. For example, the ID management database may store an email address, name, telephone number, and a combination of student ID number and department (faculty) as information to manage students who have been issued a digital student ID. Alternatively, the ID management database may store a combination of student ID number and university name (information that identifies the university to which the student belongs) as information to manage (identify) students who have been issued a digital student ID. In this case, the digital student ID generation unit 303 of the ID management server 20 only needs to determine whether the information stored in the ID management database is set or not in step S103 of Figure 10. For example, if the ID management database stores a combination of student ID number and university name as information to identify students, the digital student ID generation unit 303 only needs to determine whether the combination of student ID number and university name is set or not in the ID management database.

[0188] The above embodiment describes a case where the ID management server 20 generates the digital student ID. However, other devices (for example, the digital student ID server 10 or the university server 40) may also generate the digital student ID. Furthermore, if the university server 40 generates the digital student ID, it may generate a digital student ID bearing the university's digital signature. Additionally, other devices that have acquired the digital student ID via a 2D barcode or the like may utilize the digital student ID if they successfully verify the digital signature attached to it.

[0189] In the above embodiment, the ID management server 20 determined whether or not verification of the end-user ID was necessary based on the digital student ID control policy. Here, the digital student ID control policy may differ for each university. For example, a policy may be set such that for students of university A1, the end-user ID is verified each time the digital student ID is used, and for students of university A2, the end-user ID is verified after a predetermined period has elapsed since the previous verification.

[0190] Alternatively, the digital student ID control policy may include policies related to student verification. For example, policies such as "Student verification will be performed each time the digital student ID is used" or "Student verification will be performed the first time the digital student ID is used at the start of a new academic year" may be set.

[0191] In the above embodiment, a case was described in which various databases are configured within each server, but these databases may be built on an external database server or the like. In other words, some functions of each server may be implemented on another server. For example, all or some functions of the digital student ID server 10 may be implemented on the ID management server 20. In other words, it is sufficient that the "digital student ID control unit (digital student ID control means)", "digital student ID generation unit (digital student ID generation means)", etc. described above are implemented on any device included in the system.

[0192] The form of data transmission and reception between each device (digital student ID server 10, ID management server 20, etc.) is not particularly limited, but the data transmitted and received between these devices may be encrypted. Student identification information is transmitted and received between these devices, and it is desirable that encrypted data be transmitted and received in order to properly protect such information.

[0193] In the flowcharts (sequence diagrams) used in the above description, multiple processes (processes) are shown in order, but the execution order of the processes performed in the embodiment is not limited to the order in which they are shown. In the embodiment, the order of the illustrated processes can be changed to the extent that it does not impair the content, for example, by executing each process in parallel.

[0194] The embodiments described above are explained in detail to facilitate understanding of the disclosure, and it is not intended that all the configurations described above are necessary. Furthermore, when multiple embodiments are described, each embodiment may be used individually or in combination. For example, it is possible to replace parts of the configuration of one embodiment with those of another embodiment, or to add configurations from other embodiments to the configuration of one embodiment. In addition, it is possible to add, delete, or replace parts of the configuration of one embodiment with those of another.

[0195] As described above, the industrial applicability of the present invention is clear, and it is particularly suitable for use in information processing systems for managing digital student ID cards and the like.

[0196] Some or all of the above embodiments may also be described as follows, but are not limited to the following: [Note 1] A first server that controls the digital student ID, A second server stores and associates a first ID linked to the electronic certificate stored in the identification document with a second ID used by the educational institution to manage students. Includes, The first server notifies the second server of the second ID of the student who wishes to use the digital student ID, A system in which the second server generates a digital student ID for a student who wishes to use the digital student ID if the first ID corresponding to the notified second ID is valid, and transmits the generated digital student ID to the first server. [Note 2] The system further includes a third server that performs control over the validity determination of the aforementioned electronic certificate, The second server notifies the third server of the first ID corresponding to the notified second ID, thereby requesting the third server to make a determination regarding the validity of the first ID. The system as described in Appendix 1, wherein the third server controls the validity determination of the electronic certificate corresponding to the notified first ID and notifies the second server of the determination result. [Note 3] It further includes a fourth server that stores student information about enrolled students, The system as described in Appendix 2, wherein the second server generates the digital student ID using the student information obtained from the fourth server when the first ID corresponding to the notified second ID is valid and the second server has obtained the student information of a student who wishes to use the digital student ID from the fourth server. [Note 4] The system described in Appendix 3, wherein the second server determines, in accordance with a predetermined policy, whether or not to request the third server to make a determination regarding the validity of the first ID. [Note 5] The system described in Appendix 4, wherein the third server, upon receiving an ID issuance request including an electronic certificate from a terminal owned by a student, performs control regarding the validity determination of the received electronic certificate, and if the electronic certificate whose validity has been determined is valid, generates the first ID of the student who wishes to be issued the ID, and stores the generated first ID in association with the serial number of the valid electronic certificate. [Note 6] The third server transmits the generated first ID to the second server. The second server generates the second ID in response to the reception of the first ID, stores the received first ID and the generated second ID in association, and transmits the generated second ID to the first server. The system described in Appendix 5, wherein the first server notifies the student who wishes to obtain the second ID of the notified ID. [Note 7] The system described in Appendix 6, wherein the first server notifies students who wish to obtain the second ID of the notification, using the second ID as login information. [Note 8] The system described in Appendix 7, wherein the second server generates a temporary digital student ID for a student who wishes to use the digital student ID if the first ID corresponding to the notified second ID is invalid. [Note 9] The system described in Appendix 8 provides the information contained in the aforementioned digital student ID card to other devices from the terminal of the student who wishes to use the digital student ID card, via a two-dimensional barcode or contactless communication means. [Note 10] The system described in any one of the appendices 1 to 9, wherein the digital student ID card includes at least the biometric information of a student who wishes to use the digital student ID card. [Note 11] The aforementioned identification document is a My Number Card, as described in Appendix 10. [Note 12] A first server that controls the digital student ID, A second server stores and associates a first ID linked to the electronic certificate stored in the identification document with a second ID used by the educational institution to manage students. In a system including, The first server notifies the second server of the second ID of a student who wishes to use the digital student ID, A method comprising: the second server generating a digital student ID for a student who wishes to use the digital student ID if the first ID corresponding to the notified second ID is valid, and transmitting the generated digital student ID to the first server.

[0197] Furthermore, each disclosure of the above-mentioned prior art documents cited herein is incorporated herein by reference. Although embodiments of the present invention have been described above, the present invention is not limited to these embodiments. It will be understood by those skilled in the art that these embodiments are merely illustrative and that various modifications are possible without departing from the scope and spirit of the present invention. That is, the present invention naturally includes the entire disclosure, including the claims, and various modifications and alterations that can be made by those skilled in the art in accordance with the technical idea. [Explanation of symbols]

[0198] 10 Digital Student ID Server 20 ID Management Server 30 Authentication Server 40 University Servers 50 devices 101 First Server 102 Second Server 201 Communication Control Unit 202 ID Issuance Control Unit 203 Digital Student ID Control Unit 204 Storage section 301 Communication Control Unit 302 ID Management Department 303 Digital Student ID Generation Department 304 Storage section 311 Processors 312 memory 313 Input / Output Interfaces 314 Communication Interface

Claims

1. A storage unit that stores, in association with an ID linked to an electronic certificate stored in an identification document, a first ID linked to the validity or invalidity of the identification document, and a second ID for managing persons belonging to a predetermined organization, An acquisition unit that acquires the second ID from a terminal held by a person who wishes to use a digital certificate relating to the aforementioned designated institution, If the first ID corresponding to the acquired second ID is valid, a generation unit generates a digital certificate for the person who wishes to use the digital certificate, A server equipped with the following features.

2. The server according to claim 1, wherein the generation unit notifies the server device that performs control regarding the validity determination of the electronic certificate of the first ID corresponding to the acquired second ID, thereby obtaining the determination result regarding the validity of the first ID from the server device.

3. The server according to claim 2, wherein the generation unit treats the first ID as valid for a predetermined period of time after it is determined that the first ID is valid based on the electronic certificate.

4. The server according to any one of claims 1 to 3, further comprising a determination unit that determines whether or not it is necessary to verify the validity of the first ID corresponding to the acquired second ID, and if it is necessary to verify the validity of the first ID, determines the validity of the first ID.

5. The server according to claim 4, wherein the determination unit determines whether or not confirmation regarding the validity of the first ID is necessary based on the number of times the validity of the first ID has been confirmed during a predetermined period.

6. The server according to claim 4, wherein the determination unit determines whether or not it is necessary to verify the validity of the first ID based on the service used by the person who wishes to use the digital certificate.

7. On the server, An ID linked to an electronic certificate stored in an identification document, comprising a first ID linked to the validity or invalidity of the identification document, and a second ID for managing persons belonging to a designated institution, stored in association with each other. The second ID is obtained from a terminal held by a person who wishes to use a digital certificate relating to the aforementioned designated institution. A server control method that generates a digital certificate for a person who wishes to use the digital certificate, if the first ID corresponding to the second ID obtained is valid.

8. On the computer installed in the server, A process for storing, in association with, an ID linked to an electronic certificate stored in an identification document, a first ID linked to the validity or invalidity of the identification document, and a second ID for managing persons belonging to a designated institution. A process of obtaining the second ID from a terminal held by a person who wishes to use a digital certificate relating to the aforementioned designated institution, If the first ID corresponding to the second ID obtained is valid, the process of generating a digital certificate for the person who wishes to use the digital certificate, A program to execute.

9. A first server that controls the digital student ID, A second server stores, in association with an ID linked to an electronic certificate stored in an identification document, a first ID linked to the validity or invalidity of the identification document, and a second ID for managing persons belonging to a predetermined organization. A terminal possessed by a person who wishes to use a digital certificate relating to the aforementioned designated institution, Includes, When the first server obtains from the terminal that a person who wishes to use the digital certificate wishes to use the digital student ID, it notifies the second server of the second ID of the person who wishes to use the digital certificate. The second server is a system that generates a digital certificate for a person who wishes to use the digital certificate if the first ID corresponding to the notified second ID is valid.