Message management systems, message management methods, programs
The message management system verifies recipient identity through specified authentication patterns, addressing delivery issues by ensuring messages reach the correct user before displaying important or confidential content.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- TOPPAN HOLDINGS INC
- Filing Date
- 2024-12-27
- Publication Date
- 2026-07-09
AI Technical Summary
Existing message delivery systems face issues with delivering messages to the correct recipient due to changes in mobile phone numbers or incorrect registrations, especially when the identity of the recipient needs to be verified for important or confidential messages.
A message management system that allows senders to specify authentication patterns and requirements, verifies the recipient's identity through a second message on the terminal device, and displays the original message only after successful authentication.
Enables senders to arbitrarily determine the method of identity verification, ensuring messages are delivered to the intended recipient by confirming the user's identity before displaying important or confidential content.
Smart Images

Figure 2026115813000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to a message management system, a message management method, and a program.
Background Art
[0002] There is an electronic notification service for notifying information online. In Patent Document 1, a technique for transmitting information to an email address with a high probability that the recipient user can immediately view it is disclosed.
[0003] In such an electronic notification service, there is a message service that uses a mobile phone number provided by a telecommunications carrier as the destination. Examples of message services that use a mobile phone number as the destination include RCS (Rich Communication Services) and SMS (Short Message Service). By using a mobile phone number as the destination, a message can be sent even if the email address of the recipient is unknown. For example, there is a message distribution system that receives a message transmission request from a requester who requests message transmission and sends a message to a target terminal device.
Prior Art Documents
Patent Documents
[0004]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0005] However, when sending a message to a mobile phone number, if the user's mobile phone number changes due to a change in the user's mobile phone model, etc., and the user has not notified the message sender of the change in phone number, the message may be delivered to a different user than the one intended. Also, if the user's phone number is incorrectly registered to the message sender due to a typo or other reason, the message may be delivered to a different user than the one intended. Therefore, it is desirable to be able to verify the identity of the recipient before sending a message. Depending on the message being sent, some messages may be of high importance or confidentiality, while others may be of low importance or confidentiality. Therefore, it is preferable that the sender of the message be able to arbitrarily decide how to verify the recipient's identity as needed.
[0006] This invention has been made in view of these circumstances, and its purpose is to provide a message management system, a message management method, and a program that allow the sender of a message to arbitrarily determine the method of identity verification. [Means for solving the problem]
[0007] To solve the above-mentioned problems, one aspect of the present invention is a message management system comprising: a first acquisition unit that acquires an authentication pattern that specifies items of authentication requirements used when authenticating whether or not the requester requesting the transmission of a first message is the user to whom the first message is to be sent, and correct answer data for the authentication pattern; an authentication request display control unit that causes the terminal device of the user to whom the first message is to be sent to display a second message including the authentication requirements based on the authentication pattern; a second acquisition unit that acquires response data which is the answer to the authentication requirements from the terminal device; a determination unit that determines whether or not the acquired response data and the correct answer data are in a corresponding relationship; and an authentication post-screen display control unit that, if the determined result shows that the response data and the correct answer data are in a corresponding relationship, causes the terminal device to display the first message.
[0008] Furthermore, one aspect of the present invention is a message management method executed by a computer, comprising: an authentication pattern that specifies items of authentication requirements used when authenticating whether or not the requester is the user to whom the first message is to be sent, and correct answer data for the authentication pattern, a second acquisition unit that sends a second message containing authentication requirements based on the authentication pattern to the terminal device of the user to whom the first message is to be sent, and a second acquisition unit that acquires response data which is a response to the authentication requirements from the terminal device, and a determination that the acquired response data and the correct answer data are in a correspondence relationship, and if the result of the determination shows that the response data and the correct answer data are in a correspondence relationship, the first message is displayed to the terminal device.
[0009] Furthermore, one aspect of the present invention is a program to be executed by a computer, which includes: an authentication pattern that specifies items of authentication requirements used when authenticating whether or not the requester requesting the transmission of a first message is the user to whom the first message is to be sent, and correct answer data for the authentication pattern; a second acquisition unit that sends a second message containing authentication requirements based on the authentication pattern to the terminal device of the user to whom the first message is to be sent, and acquires answer data which is an answer to the authentication requirements from the terminal device; and a second acquisition unit that determines whether or not the acquired answer data and the correct answer data are in a corresponding relationship, and if the result of the determination shows that the answer data and the correct answer data are in a corresponding relationship, the program to display the first message to the terminal device. [Effects of the Invention]
[0010] As explained above, this invention allows the sender of a message to arbitrarily determine the method of identity verification. [Brief explanation of the drawing]
[0011] [Figure 1] This is a schematic block diagram showing the configuration of a message distribution system S according to one embodiment of the present invention. [Figure 2] This figure shows an example of master information stored in the Message Management System 1. [Figure 3] This figure shows an example of elements included in a notification content display pattern. [Figure 4] This diagram illustrates an example of element ID combinations included in notification content display patterns. [Figure 5] This figure shows an example of transaction data. [Figure 6] This is a schematic functional block diagram explaining the functions of Message Management System 1. [Figure 7] This is a sequence diagram illustrating the operation of the message delivery system S. [Figure 8] This is a sequence diagram illustrating the operation of the message delivery system S. [Figure 9] This is a sequence diagram illustrating the operation of the message delivery system S. [Figure 10] This figure shows an example of a display screen G1 on terminal device 4a where the second message is displayed. [Figure 11] This figure shows an example of a display screen G1 on terminal device 4a where the second message is displayed. [Figure 12] This figure shows an example of a display screen G1 on terminal device 4a where the second message is displayed. [Figure 13] This figure shows an example of a display screen G1 on terminal device 4a where the second message is displayed. [Figure 14] This figure shows an example of a display screen G1 on terminal device 4a where the second message is displayed. [Figure 15] This figure shows an example of a display screen G1 on terminal device 4a where the second message is displayed. [Modes for carrying out the invention]
[0012] Hereinafter, a message distribution system S according to an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a schematic block diagram showing the configuration of a message distribution system S according to an embodiment of this invention. The message distribution system S includes a message management system 1, a corporate server 2, a plurality of communication carrier servers 3 (for example, communication carrier server 3a, communication carrier server 3b), a plurality of terminal devices 4 (for example, terminal device 4a, terminal device 4b), a settlement server 5, a web server 6, and a form server 7.
[0013] The message management system 1 is a system managed by an operator that provides a service for transmitting messages to the terminal device 4 via the communication carrier server 3. The message management system 1 transmits messages to the terminal device 4 via the communication carrier server 3. The message management system 1 transmits RCS (Rich Communication Services) or RCS messages using SMS (Short Message Service), which is a message service with a telephone number as the destination. The message management system 1 performs wireless communication or wired communication with the corporate server 2 and the communication carrier server 3.
[0014] The message management system 1 can transmit messages to the terminal device 4. The messages to be transmitted include a first message and a second message. The first message is a message transmitted to the terminal device 4 when access to the authentication base server 12 is made based on the authentication URL and personal confirmation is possible. For example, when electronically notifying content such as a parent exhibition, the first message can be viewed when personal confirmation is possible. The first message is transmitted by an on-demand method in response to a transmission request from the company operating the corporate server 2. The second message is a message to be viewed separately from the first message to confirm whether the user is the target user to view the first message. The second message may be transmitted by a batch processing method for transmission on a specified transmission date, or may be transmitted by an on-demand method.
[0015] Furthermore, the first message may contain any content as long as it is a notification from the corporate server 2 to the user, and may also relate to a contract for services provided to the user by the client, which is the corporate server 2. More specifically, the first message may be a demand letter urging payment of fees, etc. Such a demand letter may be related to a credit service (e.g., cash advances) provided by the corporate server 2.
[0016] The message management system 1 includes a management server 10, a distribution infrastructure server 11, and an authentication infrastructure server 12. The management server 10 stores master information registered from the enterprise server 2, as well as transaction data. Figure 2 shows an example of master information stored in the message management system 1. Master information may be registered separately for each company on the corporate server 2, or separate master information may be registered for different message sets within a single company. Master information includes scenario information, notification content display patterns, and authentication patterns.
[0017] Scenario information is information that defines the first message and specifies the order in which messages should be sent based on responses from terminal device 4 to the first message that was sent. The notification content display pattern is a template data that specifies which of several different elements should be included in a message (the first message), as requested by the sender of the message. The notification content display pattern can be selected by the sender of the message.
[0018] An authentication pattern is an item of authentication requirement used for identity verification. More specifically, the identity verification process involves the authentication infrastructure server 12 sending authentication requirements to the terminal device 4, receiving the input response from the terminal device 4, determining that the user of terminal device 4 is the real person if the response matches predetermined correct answer data, and determining that the user of terminal device 4 is not the real person if the response does not match the correct answer data. There are multiple types of authentication requirement items that can be used as an authentication pattern. The authentication requirement items may be, for example, the "katakana" of the user's last name, the postal code corresponding to the user's address, or the beginning part of the user's address (for example, up to the city / ward / town / village). In this case, if the user is asked to input characters such as the last name in kanji, and there are old and new forms of characters used, even if the meaning is the same, the correct answer data and the response data may not match due to differences in character forms. By having the user input in katakana, it may be possible to avoid discrepancies based on differences in character forms. The authentication pattern is data that allows the company server 2 to specify which of the multiple types of authentication requirements that can be used for this identity verification process should be used.
[0019] Figure 3 shows an example of elements included in a notification content display pattern. Elements come in several different types. Each element has a unique identifier called an element ID. It will be assigned. Figure 3 shows the relationship between element IDs and their content, illustrating examples with element IDs from "0" to "4".
[0020] (A) Element ID "0": A display screen that appears after authentication and does not contain buttons to transition to other actions. The element with element ID "0" specifies that a display screen should be shown that does not include functions such as transitioning to other websites or sending instructions to generate PDF data. The display screen may contain text, tables, graphics, images, etc. More specifically, it may be a display screen that describes the contract date, payment amount, payee, contact information, etc.
[0021] (B) Element ID "1": An element that transitions to specific static content. For example, element ID "1" is an element that specifies that the first message should be a link button that transitions to the site indicated by the specified URL. This could be a link button with a URL that transitions to a website provided by corporate server 2 or a website provided by web server 6. Specifically, element ID "1" can be used to set the first message to a URL that transitions to an FAQ page provided by corporate server 2 or various announcement pages provided by web server 6.
[0022] (C) Element ID "2": Operation button that enables single sign-on integration for pages that require login to the user's individual user page, etc. For example, element ID "2" specifies that the first message should contain a button to log in to a page exclusively for users where they can check their payment status and notifications about their next billing date.
[0023] (D) Element ID "3": An element that transitions to a payment site where payment can be made. For example, element ID "3" is an element that specifies that an operation button should be set in the first message, which, when incorporated into the message, will allow the necessary payment to proceed quickly. Such a payment site may be, for example, a payment site published by payment server 5. The server accessed in response to the operation button set based on element ID "3" being operated may also be payment server 5.
[0024] (E) Element ID "4": Linking and downloading files such as PDF (Portable Document Format). For example, element ID "4" may be an operation button that instructs the generation of a file in a specific file format. Specifically, it is an element that specifies that a file should be generated in PDF format, which will serve as a payment reminder notice, and that an operation button for linking and downloading this file should be set as the first message. The server that generates the PDF data in response to the input of an instruction to generate PDF data via the operation button set based on element ID "4" may be the document server 7.
[0025] The five types of elements mentioned above are just examples; other types of elements may also be used. Furthermore, if each of these elements is assigned an ID, the notification content display pattern may be data that specifies which elements should be included in the notification content by including at least one element ID.
[0026] Figure 4 illustrates an example of a combination of element IDs included in a notification content display pattern. Each notification content display pattern includes at least one element ID, and the element ID determines which element is included. Examples of notification content display patterns include patterns containing only one element ID "0", patterns containing one element ID "0" and one element ID "3", patterns containing one element ID "0", one element ID "3", and one element ID "4", patterns containing one element ID "0", one element ID "1", and one element ID "1", and patterns containing only one element ID "4". These notification display patterns can be specified from the corporate server 2. Furthermore, combinations of elements included in the notification content display pattern may be newly registered in the message management system 1 at the request of the administrator of the corporate server 2, and may be made available as specified by the corporate server 2. Furthermore, there may be rules when defining the notification content display patterns. For example, there may be rules such as not being able to register a notification content display pattern as a combination containing multiple elements if element ID "0" is not included, or that element ID "4" can be combined with other elements but cannot be included multiple times.
[0027] Figure 5 shows an example of transaction data. Transaction data is data relating to the content of the message to be sent to terminal device 4. More specifically, transaction data includes the message recipient, correct answer data, and embedded data. The recipient of the message can, for example, be the telephone number assigned to the terminal device 4 to which the message is to be sent. The correct answer data is data that shows the correct answers to the authentication requirements defined in the authentication pattern. Embedded data is the data to be embedded in the elements included in the notification content display pattern.
[0028] Embedded data is the data that constitutes the content to be notified as the first message. Among the embedded data, the embedded data corresponding to element ID "0" includes, for example, text, images, etc. The embedded data corresponding to element ID "1" is, for example, a string indicating the URL of the homepage published by the company on company server 2, or a string indicating the URL of the FAQ (Frequently Asked Questions) page regarding the services or products provided by the company on company server 2. The embedded data corresponding to element ID "2" is, for example, data used to execute a function for logging into a user page via single sign-on. The embedded data corresponding to element ID "3" is a string of characters indicating a URL to access a payment site where payment processing such as fee payments can be performed. The embedded data corresponding to element ID "4" is data used to execute the function of generating, linking, and downloading PDF data. The embedded data is prepared in advance on the enterprise server 2, containing data corresponding to each element specified by the notification content display pattern of the master information, and is registered in the message management system 1.
[0029] Of this transaction data, the correct answer data may be received and registered together when an on-demand delivery request for message delivery is received, or it may be received in advance before message delivery. The correct answer data may use user information registered with the corporate server 2 when a contract or service provision application is made between the user and the company operating the corporate server 2, or it may use the latest user information at the time of requesting on-demand delivery. For example, if there are any changes to the user information since the time of user registration, the updated user information may be used. User information includes the telephone number assigned to the terminal device 4 used by the user, the user's name, postal code, address, date of birth, gender, etc. For example, the corporate server 2 can use the telephone number from the user information as the destination for sending messages. In addition, some of the user information, such as name, address, and date of birth, can be used as correct answer data. In this way, when the corporate server 2 sends the first message to multiple users, it can generate and register transaction data for each target user.
[0030] The following describes how such master information and transaction data may be stored in the management server 10. However, they may also be sent from the management server 10 to the distribution infrastructure server 11 and the authentication infrastructure server 12, respectively, so that they are stored in the distribution infrastructure server 11 and the authentication infrastructure server 12.
[0031] Returning to Figure 1, the distribution infrastructure server 11 generates a first message based on the master information and transaction data, embedding the corresponding elements from the elements specified by the notification content display pattern within the transaction data. Along with the generated first message, it sends a unique URL for each user that is accessible to the authentication infrastructure server 12 to the terminal device 4 via the telecommunications carrier server 3. The terminal device 4 displays the URL along with a string indicating that a message was sent from the distribution infrastructure server 11. This URL is the URL sent with the first message. When a user on terminal device 4 clicks on a URL, the authentication infrastructure server 12 accepts access from terminal device 4 and displays a screen corresponding to the URL on terminal device 4. The screen corresponding to the URL is a screen that displays a second message containing authentication requests, which require the user to enter information necessary for authentication processing to verify that the user is indeed the user with the assigned phone number who is the same user as the user expected by the company. The screen that displays the second message containing authentication requests is a screen that displays, allows selection from, or combines authentication methods such as memorized authentication, JPKI (Japanese Public Key Infrastructure) authentication, and biometric authentication. The authentication requests only need to convey the information that terminal device 4 should send in order to perform authentication. For example, the authentication requests may specify which items of information the user has memorized should be used, which items of information the user possesses should be used, which input fields for the user's biometric information should be entered, or which items necessary for multi-factor authentication should be used. For example, in response to access to this URL, the display screen of terminal device 4 transitions to a screen (second message display screen) that can accept input of response data, which is the answer to the authentication request. When the user inputs the response data to the authentication request, the authentication infrastructure server 12 performs identity verification by determining whether the input response data corresponds to the correct answer data. If the user's identity is confirmed, the server displays a post-authentication screen on terminal device 4 that indicates that identity verification has been successful. This post-authentication screen, which indicates that identity verification has been successful, is the first message and contains information that can be displayed on terminal device 4 when identity verification is successful. Thus, when terminal device 4 is determined to be the correct user during the identity verification process, it receives screen transition control from the authentication infrastructure server 12 and transitions from the display screen showing the second message to the post-authentication screen (first message display screen). Here, the first message and URL are sent to terminal device 4, and even if terminal device 4 receives the first message and URL, the first message is not displayed at this stage. The first message becomes viewable only when the URL is clicked and identity verification is completed.
[0032] Enterprise Server 2 is a server device managed by a requester who requests the message delivery system S to deliver RCS messages or SMS messages to recipient users. The requester is, for example, a company or organization that provides information to recipient users (e.g., a bank, an insurance company, etc.). Enterprise Server 2 communicates with the message management system 1 via wireless or wired communication. If there are multiple requesters who wish to have messages delivered to the message delivery system S, multiple corporate servers 2, each assigned to a requester, may be connected to the message delivery system S. For example, if there are two companies requesting message delivery, two corporate servers 2, such as corporate server 2a and corporate server 2b, may be provided.
[0033] The carrier server 3 (carrier server 3a, carrier server 3b) is a server device managed by a carrier. The carrier is, for example, an MNO (Mobile Network Operator) that provides telephone number-based communication services to terminal devices 4 using communication lines it owns or operates. Communication services include communication using RCS or SMS. The communication carrier server 3 sends an RCS message or an SMS message to the terminal device 4 in response to a transmission request from the message management system 1.
[0034] The telecommunications carrier server 3 stores carrier contract information in its storage unit, relating to contracts with users who have entered into agreements to use the terminal device 4. Carrier contract information includes, for example, the user's telephone number, name, postal code, address, date of birth, etc. Furthermore, carrier contract information may also include customer information about the user registered with the messaging service or other services used by the user. The telecommunications carrier server 3 communicates wirelessly or via wired connection with the message management system 1 and the terminal device 4. In this case, if there are multiple telecommunications carriers, a separate telecommunications carrier server 3 is provided for each carrier. Telecommunications carrier server 3a is managed by the first telecommunications carrier, and telecommunications carrier server 3b is managed by the second telecommunications carrier. Hereafter, unless a specific telecommunications carrier server is identified, it will be referred to as telecommunications carrier server 3.
[0035] Terminal device 4 is a communication device such as a smartphone or mobile phone. A user enters into a contract with the telecommunications carrier server 3 to use communication services provided by the contracted telecommunications carrier. Terminal device 4 can communicate using the communication services provided by the contracted telecommunications carrier. Terminal device 4 is assigned a telephone number and has the function of communicating using this telephone number as the destination, i.e., communication using RCS or SMS. Terminal device 4 has, for example, a display unit such as a liquid crystal display and an operation unit such as a touch panel that accepts user input. Terminal device 4 communicates using a communication network with the communication carrier server 3 as its communication partner. The user is, for example, a consumer.
[0036] Payment server 5 is a server that performs payment processing to electronically process payments for various fees. Web server 6 is the server that publishes web pages. The document server 7 is a server that generates PDF data in response to external generation instructions.
[0037] Figure 6 is a schematic functional block diagram illustrating the functions of the message management system 1. The message management system 1 includes a storage unit 100, an acquisition unit 101, a matching processing unit 102, a registration management unit 103, a determination unit 104, a message generation unit 105, and a display control unit 106. The memory unit 100 stores master information and transaction data. The acquisition unit 101 has a first acquisition unit 1011 and a second acquisition unit 1012, and acquires various types of data. The first acquisition unit 1011 acquires from the requesting company server 2 that requests the transmission of the first message an authentication pattern that specifies the items of the authentication requirement used to authenticate whether or not the user is the recipient of the first message, and correct data for the authentication pattern. Furthermore, the first acquisition unit 1011 acquires the embedded data and the message recipient from the requester. The second acquisition unit 1012 acquires response data from the terminal device, which is the answer to the authentication request. The correct answer data is at least some of the information contained in the user information registered on the requesting server from the terminal device based on instructions from the user. This correct answer data can be registered by being sent as transaction data from the corporate server 2 to the message management system 1.
[0038] The matching processing unit 102 determines whether the correct answer data corresponds to the description rules for the authentication requirements. The description rules may specify how the string to be written as an answer to the authentication requirements is represented (e.g., kana, hiragana, kanji), or the number of characters, etc. The registration management unit 103 accepts the registration of correct answer data if the correct answer data acquired by the first acquisition unit 1011 corresponds to the description rules for the authentication requirements acquired by the first acquisition unit 1011.
[0039] The determination unit 104 determines whether the user of terminal device 4 who received the second message is the user to whom the first message was sent, by determining whether there is a correspondence between the response data obtained from terminal device 4 and the correct answer data registered as transaction data. For example, if there is a correspondence, the determination unit 104 determines that the user is the real user, and if there is no correspondence, it determines that the user is not the real user.
[0040] The message generation unit 105 generates a first message by embedding transaction data in accordance with the elements specified in the notification content display pattern of the master information, based on the master information and transaction data stored in the storage unit 100.
[0041] The display control unit 106 transitions the display screen to be shown on the terminal device 4 in response to access from the terminal device 4. The display control unit 106 includes an authentication request display control unit 1061 and a post-authentication screen display control unit 1062. The authentication request display control unit 1061 causes the terminal device 4 of the user to whom the first message is to be sent to display a second message containing authentication requirements based on the authentication pattern. Displaying the second message to terminal device 4 may be done by displaying a screen containing authentication requirements on terminal device 4 in response to an access to the URL from terminal device 4, or by the authentication request display control unit 1061 sending the second message to terminal device 4, thereby displaying the second message on terminal device 4. After authentication, the screen display control unit 1062 performs an identity verification process to determine whether the response data and the correct answer data are in a corresponding relationship. If it is determined that they are in a corresponding relationship, it displays the first message to the terminal device 4. Displaying the first message on terminal device 4 may be done by transitioning to a display screen where the first message can be viewed and displayed in response to the determination that the user is the person in question during the identity verification process, or by the post-authentication screen display control unit 1062 sending the first message to terminal device 4, thereby causing the first message to be displayed on terminal device 4.
[0042] The display control unit 106 only needs to be capable of displaying various data such as messages on the terminal device 4. For example, it may display a message on the terminal device 4 by sending a message to the terminal device 4. When sending a message to the terminal device 4, the display control unit 106 may also send a second message containing authentication requests based on an authentication pattern to the terminal device of the user to whom the first message is sent. Furthermore, if the display control unit 106 determines that the user is the correct person, it may send a message with embedded data embedded in the notification content display pattern to the destination terminal device in a viewable format. Furthermore, the display control unit 106 may embed embedded data indicating the content based on the contract into the notification content display pattern, and after it is determined that the user is the person in question, transmit it to the terminal device identified as the person in question and make it viewable.
[0043] The storage unit 100, acquisition unit 101, matching processing unit 102, registration management unit 103, determination unit 104, message generation unit 105, and display control unit 106 described above may be provided in any one of the management server 10, distribution infrastructure server 11, and authentication infrastructure server 12, or they may be provided in a different device that belongs to the message management system 1 (for example, a server device). Furthermore, the storage unit 100, acquisition unit 101, matching processing unit 102, registration management unit 103, determination unit 104, message generation unit 105, and display control unit 106 may be provided on a single server device, or at least one of the functions may be provided on a separate server device connected via a communication network to the management server 10, distribution infrastructure server 11, or authentication infrastructure server 12. In this case, the server device may be a physical server or a cloud server provided by a cloud computing service. Furthermore, the storage unit 100 may be provided in the distribution infrastructure server 11 and the authentication infrastructure server 12, respectively. The acquisition unit 101, message generation unit 105, and display control unit 106 may be provided in at least one of the management server 10, distribution infrastructure server 11, and authentication infrastructure server 12. The matching processing unit 102 and the registration management unit 103 may be located on either the management server 10 or the authentication infrastructure server 12. The determination unit 104 may be provided in the authentication infrastructure server 12.
[0044] The storage unit 100 is composed of a storage medium, such as an HDD (Hard Disk Drive), flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), RAM (Random Access read / write Memory), ROM (Read Only Memory), or any combination of these storage media. This storage unit 100 can, for example, use non-volatile memory.
[0045] The acquisition unit 101, matching processing unit 102, registration management unit 103, determination unit 104, message generation unit 105, and display control unit 106 may be composed of a processing unit such as a CPU (Central Processing Unit) or a dedicated electronic circuit.
[0046] Figure 7 is a sequence diagram illustrating the operation of the message distribution system S. Figure 7 describes the process related to the registration of master information and transaction data. The enterprise server 2a may send master information, including scenario information, notification content display patterns, and authentication patterns corresponding to the messages it distributes, to the message management system 1. Alternatively, it may upload the information to a registration interface, or create and register it on a registration screen. It may also share the data with the system administrator in some way, allowing the system administrator to register it in advance (step S001). When the management server 10 of the message management system 1 receives master information (step S101), it sends the master information to the distribution infrastructure server 11 and the authentication infrastructure server 12, respectively. The distribution infrastructure server 11 stores the master information sent from the management server 10 (step S201), and the authentication infrastructure server 12 stores the master information sent from the management server 10 (step S301). In this example, the distribution infrastructure server 11 and the authentication infrastructure server 12 receive master information from the enterprise server 2a via the management server 10, but they may also obtain the master information from the enterprise server 2a without going through the management server 10.
[0047] Next, when the enterprise server 2a sends the first message, it sends transaction data corresponding to the content to be sent to the management server 10 of the message management system 1 (step S011). This transaction data includes embedding data to be embedded in the pre-registered master information, correct answer data corresponding to the authentication pattern, and the telephone number to be sent. When the management server 10 receives transaction data from the enterprise server 2a (step S111), it sends the received transaction data to the distribution infrastructure server 11. The distribution infrastructure server 11 receives transaction data sent from the management server 10 (step S211). For example, the distribution infrastructure server 11 obtains transaction data from the management server 10 by executing the distribution content registration API (Application Programming Interface) and stores it in the storage unit within the distribution infrastructure server 11. Here, the distribution infrastructure server 11 receives transaction data from the enterprise server 2a via the management server 10, but the distribution content registration API may obtain transaction data from the enterprise server 2a without going through the management server 10.
[0048] The distribution content registration API of the distribution infrastructure server 11 performs a matching process to determine whether the embedded data included in the stored transaction data conforms to the rules defined in the master information (step S212). For example, the distribution content registration API of the distribution infrastructure server 11, in the matching process, matches whether the embedded data corresponds to the elements defined by the notification content display pattern included in the master information. More specifically, if a combination including element ID "0" and element ID "3" is specified as the notification content display pattern in the master information, it determines whether the embedded data included in the transaction data contains data corresponding to element ID "0" (for example, the text to be written in the message) and data corresponding to element ID "3" (for example, the URL to access the payment site). If these data exist, it determines that there is a correspondence (step S212-OK). If a correspondence is determined, the distribution content registration API of the distribution infrastructure server 11 sends the transaction data to the authentication infrastructure server 12 and instructs it to perform the authentication content registration process. This description will focus on the case where the distribution infrastructure server 11 performs this matching process, but it may also be performed by the authentication infrastructure server 12 instead.
[0049] On the other hand, the distribution content registration API of the distribution infrastructure server 11 determines that there is no correspondence (step S212-NG) if the embedded data for at least one of the elements specified in the notification content display pattern is not included, or if the embedded data is of different content (for example, data that executes a function to generate and download PDF data), and sends an error response to the enterprise server 2a.
[0050] When the authentication infrastructure server 12 receives an instruction for authentication content registration processing from the distribution infrastructure server 11, it executes the authentication content registration API to obtain transaction data from the distribution infrastructure server 11 and stores it in the storage unit within the authentication infrastructure server 12 (step S302). Here, the authentication infrastructure server 12 does not directly send or receive data with the enterprise server 2a, but can obtain various data via the distribution infrastructure server 11. For example, the distribution content registration API and the authentication content registration API of the distribution infrastructure server 11 may be configured to send and receive data necessary for distribution. The authentication content registration API of the authentication infrastructure server 12 performs a matching process to determine whether the correct data contained in the stored transaction data corresponds to the authentication pattern contained in the master information (step S303).
[0051] For example, in the matching process, the authentication content registration API of the authentication infrastructure server 12 determines whether the correct answer data matches a string representing a postal code, for example, if the authentication pattern is specified as "postal code". Here, the authentication content registration API determines that there is a correspondence if the correct answer data is a 7-digit number (step S303-OK), and determines that there is no correspondence if it is not a 7-digit number (e.g., a string showing the katakana of the last name, part of an address, a number with fewer than 6 digits, a number with 8 or more digits, etc.), and sends an error response to the distribution infrastructure server 11. When the distribution infrastructure server 11 receives the error response from the authentication infrastructure server 12, it sends the error response to the corporate server 2a (step S213).
[0052] Furthermore, for example, the Authentication Content Registration API determines that a correspondence exists if the authentication pattern is "Enter last name in kana" and the correct data included in the transaction data is a string representing the last name in kana. If the data is not a string representing the last name in kana (for example, a postal code, part of an address, a string representing the last name in kanji, etc.), it determines that there is no correspondence and sends an error response.
[0053] In this way, by performing matching processes in the distribution infrastructure server 11 and the authentication infrastructure server 12, it is possible to check before sending whether the data necessary to send the first and second messages is available, and to ensure that the necessary data is available.
[0054] The authentication infrastructure server 12 generates a different authentication URL for each transaction data if there is a correspondence between the authentication pattern and the correct answer data (step S304), and stores the generated authentication URLs in association with the transaction data (step S305). Such authentication URLs are URLs that allow the terminal device 4 to access the authentication infrastructure server and perform authentication processing (identity verification) to authenticate whether or not it is the user to whom the first message is sent. In addition, since the transaction data is different for each user who sends it, the authentication URLs are also generated to be different for each transaction data (each user). In other words, a different authentication URL is prepared for each message.
[0055] The authentication infrastructure server 12 determines whether the registration of the authentication URL has been successfully completed (step S306). If it has been successfully completed, it notifies the distribution infrastructure server 11 that the authentication URL has been registered and sends the authentication URL to the distribution infrastructure server 11 (step S306-OK). If it has not been successfully completed (step S306-NG), it sends an error response to the distribution infrastructure server 11. When the distribution infrastructure server 11 receives the error response from the authentication infrastructure server 12, it sends the error response to the enterprise server 2a (step S214).
[0056] When the corporate server 2a receives an error response (steps S212-NG, S213, S214) sent from the distribution infrastructure server 11 (step S012), the corporate representative on the corporate server 2a takes various actions to resolve the error.
[0057] Next, Figures 8 and 9 are sequence diagrams illustrating the operation of the message delivery system S. Figures 8 and 9 describe the process related to message delivery. When the distribution infrastructure server 11 receives a notification from the authentication infrastructure server 12 indicating that an authentication URL has been registered, and the authentication URL itself, it associates the received authentication URL with the corresponding transaction data and stores it in the storage unit of the distribution infrastructure server 11. At the same time, the authentication infrastructure server 12 also stores that the registration of the transaction data and the registration of the authentication URL have been completed (step S215).
[0058] Next, the distribution infrastructure server 11 generates a second message by combining the content to be sent as the second message with the authentication URL (step S216). Then, the distribution infrastructure server 11 registers the generated second message in the storage unit as a message to be sent to a telephone number by executing the individual distribution API (step S217).
[0059] The distribution infrastructure server 11 determines whether the message to be sent has been successfully registered (step S218). If it has been successfully registered (step S218-OK), it sends the second message to the telecommunications carrier server 3a by executing the transmission process according to the registered second message. On the other hand, if registration is not completed successfully (step S218-NG), the distribution infrastructure server 11 sends an error response to the enterprise server 2a.
[0060] Enterprise server 2a receives an error response (step S218-NG) sent from distribution infrastructure server 11 (step S013).
[0061] The telecommunications carrier server 3a sends the second message, which was sent from the distribution infrastructure server 11, to the terminal device 4a with the telephone number as the destination (step S411). Terminal device 4a receives the second message sent from the telecommunications carrier server 3a (step S511). When the user gives an instruction to open the message, terminal device 4a displays the second message. The displayed second message includes an authentication URL. The user inputs instructions for identity verification by touching the authentication URL included in the second message. When terminal device 4a detects the user's touch input to the authentication URL (step S512), it accesses the authentication URL (step S513). In this case, the destination of the authentication URL is the authentication infrastructure server 12.
[0062] When the authentication infrastructure server 12 detects access to the authentication URL from the terminal device 4a, it refers to the storage unit based on the accessed authentication URL, and determines which authentication pattern is set for the transaction data associated with the authentication URL, also referring to the master information (step S311), and sends screen data to the terminal device 4a for inputting authentication content (response data) based on the authentication pattern. Terminal device 4a displays a screen for entering authentication details based on screen data transmitted from authentication infrastructure server 12 (step S514).
[0063] Terminal device 4a displays a screen for entering authentication information based on a request from the authentication infrastructure server 12. After the user confirms this input screen, they enter the necessary authentication information. For example, if the authentication pattern is "Enter your last name in katakana," the input screen will display the message "Please enter your last name in katakana" along with an input box for entering the answer. Based on this input screen, the user enters a string representing their last name in kana into the input field. Terminal device 4a receives the user's input (step S514), retrieves the string entered by the user, and sends it to the authentication infrastructure server 12 as response data.
[0064] When the authentication infrastructure server 12 receives the response data sent from the terminal device 4a (step S312), it determines whether the response data is correct or not based on whether it matches the correct answer data included in the transaction data (step S313). If the response data and the correct answer data do not match (step S313-NO), the authentication infrastructure server 12 sends screen data to the terminal device 4a indicating that authentication could not be performed. As a result, the terminal device 4a displays an authentication NG screen indicating that authentication could not be performed (step S515). In this case, since authentication could not be performed, the first message is not sent from the authentication infrastructure server 12, and therefore the first message is not displayed to the terminal device 4a.
[0065] On the other hand, if the input response data matches the correct answer data (step S313-OK), the authentication infrastructure server 12 generates a first message in which the embedded data included in the transaction data is embedded based on the notification content display pattern, and sends it to the terminal device 4a (step S314). When terminal device 4a receives the first message from the authentication infrastructure server 12, it displays the received first message on the display screen (step S516). Here, the first message displayed may include, for example, a notice regarding the billing amount and billing details.
[0066] Figure 10 shows an example of a display screen G1 on terminal device 4a where the second message is displayed. For example, it is a display screen on which response data can be entered, such as in step S514 described above. The display screen G1 shows the name of the company that sent the second message (G101), along with input fields (G102) for entering response data and a send button (G103) for submitting the response data. In this case, input field G102 displays fields for entering the user's last name in katakana, the user's first name in katakana, and the date of birth. On this display screen, the user can enter their response data and press the submit button G103.
[0067] Figure 11 shows an example of the display screen for the first message shown on terminal device 4a when the response data and the correct answer data match. Figure 11 shows an example of display screen G2 when the notification content display pattern of the master information registered from the corporate server 2 contains only element ID "0". Display screen G2 does not show buttons for navigating to external sites, payment sites, or generating PDF data. Instead, the display area G201, which displays contract details, shows text based on the contract. Additionally, contact information G202 for inquiring about the company on the corporate server 2a is displayed. A notification display pattern containing only element ID "0" can provide a display screen that prevents users from being redirected to another site or similar location.
[0068] Figure 12 shows an example of the display screen for the first message shown on terminal device 4a when the response data matches the correct answer data. Figure 12 shows an example of display screen G3 when the notification content display pattern of the master information registered from the corporate server 2 includes two elements, element ID "0" and element ID "3". Display screen G3 shows a display field G301 for displaying contract details, a string of characters based on the contract details, and an operation button G302 for transitioning to the payment site. Below the operation button G302, a display field G304 is shown containing explanations about payment and contact information. After the user confirms the contract details and other information described in display field G301, if they wish to make a payment, they can press the operation button G302 to proceed to the payment site screen G303 and complete the payment.
[0069] Figure 13 shows an example of the display screen for the first message shown on terminal device 4a when the response data matches the correct answer data. Figure 13 shows an example of display screen G4 when the notification content display pattern of the master information registered from the corporate server 2 includes three elements: element ID "0", element ID "3", and element ID "4". On display screen G4, a display field G401 shows the contract details, containing text based on the contract, and below that, an operation button G402 is displayed to transition to the payment site. Furthermore, below the operation button G402, an operation button G403 for generating PDF data and a display field G404 containing payment explanations and contact information are displayed. After reviewing the contract details and other information displayed in display field G401, users can proceed with payment by pressing operation button G402 to transition to the payment site screen G410. Furthermore, before (or after) making a payment, users can download the generated PDF data based on the information displayed in display field G401 by pressing operation button G403, and then view the PDF display screen G420.
[0070] Figure 14 shows an example of the display screen for the first message shown on terminal device 4a when the response data matches the correct answer data. Figure 14 shows an example of display screen G5 when the notification content display pattern of the master information registered from the corporate server 2 includes three elements: element ID "0", element ID "1", and element ID "1". On display screen G5, a string of characters based on the contract is displayed in display field G501 for displaying the contract details, and below that, a link button G502 is displayed that leads to the homepage published by the company on corporate server 2. Furthermore, below link button G502, a link button G503 is displayed that leads to the FAQ site. After reviewing the contract details and other information displayed in display area G501, users can click the link button G502 to navigate to the company's homepage, which will then be displayed on screen G510. Additionally, users can click the link button G503 to access the FAQ site, which will display the FAQ content on screen G520.
[0071] Figure 15 shows an example of the display screen for the first message shown on terminal device 4a when the response data matches the correct answer data. Figure 15 shows an example of display screen G6 when the notification content display pattern of the master information registered from enterprise server 2 includes one element with element ID "4". On the display screen G6, an operation button G602 for generating PDF data is displayed between the standard text G601 and the contact information display field G604. The user can initiate the generation of PDF data by pressing the operation button G602, and then display the generated and downloaded PDF screen G610.
[0072] In the embodiments described above, the case in which corporate server 2a sends a message to a user was explained, but corporate server 2b, for example, may also accept and send messages from other requesters. In this case, the company managing corporate server 2b may register master information and transaction data in the message distribution system 1 using user information registered within its own company. This allows each company to verify the identity of the user using authentication requirements items corresponding to the user information it manages.
[0073] According to the embodiment described above, the information pre-registered in the corporate server 2 as user information is utilized, and the corporate server 2 can arbitrarily decide which items to use. As a result, when the corporate server 2 delivers a message that requires identity verification, it can use at least some of the information it has already received from the user and stored as part of the user information as correct answer data, eliminating the need for the corporate server 2 to generate and store correct answer data separately. Furthermore, since the correct answer data is extracted from user information, information that the user already knows can be used as the correct answer data. This eliminates the need to notify the user in advance from the corporate server 2 of the correct answer data required for identity verification. In addition, since the user information can be information that is unlikely to be forgotten, such as the user's name, address, postal code, date of birth, and My Number card, it is possible to reduce the likelihood of password reissuance when a user forgets their password. Alternatively, a password may be agreed upon in advance between the corporate server 2 or the message distribution system 1 and the user, and the corporate server 2 may use the password to verify the user's identity by specifying the use of the password as an item in the authentication requirements.
[0074] Furthermore, in the embodiments described above, the correct answer data specifies the method of representation, such as the kana spelling of the surname or given name, so that the representation of characters entered by the user can also be standardized. This avoids situations where identity verification becomes impossible due to differences in character forms, such as old and new character forms. In addition, regarding addresses, by using a range of categories from the major categories that make up the address to a certain category (for example, up to the city / ward / town / village) as the correct answer data, identity verification can be performed without using categories where the representation is difficult to standardize, such as kanji, hyphens, minus signs, and long vowel marks (for example, "1-chome 1-banchi 1-go" and "1-1-1"). This avoids situations where identity verification becomes impossible due to differences in the representation of the address.
[0075] Furthermore, if the first message is a low-confidentiality message such as an advertisement, a lower-level item can be used in the authentication pattern. Conversely, if the first message is a message of high importance, confidentiality, and security, such as a message related to a contract concluded between a company and a user, a higher-level item can be used in the authentication pattern. In this way, the requesting party can arbitrarily decide which items to use according to their policy, taking into account the importance and confidentiality of the message to be sent. For example, a low-level authentication method could be a postal code. A high-level authentication method could involve a combination of multiple authentication request items, or it could involve having the My Number Card read by the terminal device 4 and using at least a portion of the data read from the My Number Card. The My Number Card can be used as a high-level authentication method because users can access the public personal authentication service by simply holding the card over the reader.
[0076] Furthermore, while the company providing the message management system 1 can decide which items to use in the authentication pattern, the company on the corporate server 2 may not possess the correct data corresponding to the chosen items. For example, if the company on the corporate server 2 provides a service to users that is conducted solely through electronic communication, the company may not know the user's address, and therefore may not have the address. In such a case, if the company attempts to apply the address to the authentication pattern, it will not be able to receive the correct address data from the corporate server 2. In contrast, according to the embodiment described above, the company on the corporate server 2 can arbitrarily select items to be used as the authentication pattern from the items it possesses and then hand them over to the company on the message management system 1.
[0077] The message management system 1 in the above-described embodiment may be implemented using a computer. In that case, the program for implementing this function may be recorded on a computer-readable recording medium, and the program recorded on this recording medium may be loaded into the computer system and executed. Here, "computer system" includes hardware such as the OS and peripheral devices. Furthermore, "computer-readable recording medium" refers to portable media such as flexible disks, magneto-optical disks, ROMs, CD-ROMs, and storage devices such as hard disks built into the computer system. Moreover, "computer-readable recording medium" may also include those that dynamically hold programs for a short period of time, such as communication lines used when transmitting programs via networks such as the Internet or communication lines such as telephone lines, and those that hold programs for a certain period of time, such as volatile memory inside the computer system that acts as a server or client in such cases. Furthermore, the above-mentioned program may be for implementing a part of the above-mentioned function, or it may be a program that can implement the above-mentioned function in combination with a program already recorded in the computer system, or it may be implemented using a programmable logic device such as an FPGA (Field Programmable Gate Array).
[0078] While embodiments of this invention have been described in detail above with reference to the drawings, the specific configuration is not limited to these embodiments and includes designs and the like that do not depart from the spirit of this invention. [Explanation of Symbols]
[0079] 1. Message Management System 2,2a,2b Enterprise Server 3,3a,3b Telecommunications carrier server 4,4a,4b Terminal devices 5 Payment Server 6 Web Server 7. Report Server 10 Management Server 11 Distribution infrastructure server 12 Authentication infrastructure server 100 Storage section 101 Acquisition Department 102 Butt joint processing unit 103 Registration Management Department 104 Judgment section 105 Message generation unit 106 Display Control Unit 1011 First Acquisition Department 1012 Second Acquisition Department 1061 Authentication Request Display Control Unit 1062 Screen display control unit after authentication S Message Distribution System
Claims
1. A first acquisition unit acquires an authentication pattern that specifies the items of authentication requirements used to authenticate whether or not the requester requesting the sending of the first message is the user to whom the first message is to be sent, and correct data for the authentication pattern. An authentication request display control unit that displays a second message containing authentication requests based on the authentication pattern to the terminal device of the user to whom the first message is to be sent, A second acquisition unit that acquires response data, which is a response to the authentication request, from the terminal device, A determination unit that determines whether the acquired response data and the correct answer data are in a corresponding relationship, A post-authentication screen display control unit that, when the determined result shows a correspondence between the answer data and the correct answer data, displays the first message to the terminal device, A message management system that has the following features.
2. The aforementioned correct answer data is at least a portion of the information contained in the user information registered from the terminal device to the requesting server based on instructions from the user. The message management system according to claim 1.
3. A matching processing unit that determines whether the correct data corresponds to the description rules for the authentication requirements, A registration management unit accepts registration of the correct answer data obtained by the first acquisition unit if the correct answer data obtained by the first acquisition unit corresponds to the description rules for the authentication requirements obtained by the first acquisition unit, A message management system according to claim 1 or claim 2.
4. A message management method performed by a computer, The system obtains an authentication pattern that specifies the items of the authentication requirements used to authenticate whether or not the requester who requests the sending of the first message is the user to whom the first message is to be sent, and the correct data for the authentication pattern. The terminal device of the user to whom the first message is to be sent is made to display a second message containing authentication requests based on the authentication pattern. A second acquisition unit that acquires response data, which is a response to the authentication request, from the terminal device, Determine whether the acquired response data and the correct answer data are in a corresponding relationship. If the determined result shows a correspondence between the answer data and the correct answer data, the first message is displayed to the terminal device. A message management method that includes this.
5. A program that is executed by a computer, The system obtains an authentication pattern that specifies the items of the authentication requirements used to authenticate whether or not the requester who requests the sending of the first message is the user to whom the first message is to be sent, and the correct data for the authentication pattern. A second message containing authentication requests based on the authentication pattern is sent to the terminal device of the user to whom the first message is to be sent. A second acquisition unit that acquires response data, which is a response to the authentication request, from the terminal device, Determine whether the acquired response data and the correct answer data are in a corresponding relationship. If the determined result shows a correspondence between the answer data and the correct answer data, the first message is displayed to the terminal device. A program that includes the following.