System and Program

By managing the collaborative work of the server and the terminal, the security issues of existing systems in tracking mobile device usage relationships and granting proxy permissions are resolved, enabling secure proxy permission settings and tracking when usage relationships are established.

JP7878236B2Active Publication Date: 2026-06-23TOYOTA JIDOSHA KK

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Patents
Current Assignee / Owner
TOYOTA JIDOSHA KK
Filing Date
2023-09-22
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

Existing systems struggle to track mobile device usage relationships and grant proxy permissions while ensuring security, especially in MaaS (Mobility as a Service), where it is difficult to ensure the accuracy and security of authorization when users request others to use their mobile devices.

Method used

By managing the server, the first terminal of the first target agent, and the second terminal of the second target agent, data exchange and agent permission verification are achieved, ensuring secure agent permission settings and tracking when the relationship is established.

Benefits of technology

It enables secure tracking of proxy permissions and granting of permissions to proxy entities when using relationships, ensuring the accuracy and security of using relationships.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 0007878236000001
    Figure 0007878236000001
  • Figure 0007878236000002
    Figure 0007878236000002
  • Figure 0007878236000003
    Figure 0007878236000003
Patent Text Reader

Abstract

To provide a technology for tracking use relation between a first object and a second object while securing security, and for imparting proxy authority to a proxy individual while the use relation is established.SOLUTION: In a system according to one aspect of the present disclosure, a first terminal of a proxy individual for a first object receives authority imparting information from a terminal of a proxy requesting individual for the first object. A second terminal of an object individual for a second object requests verification of proxy right according to the request from the first terminal. In response to establishment of the verification, at least one of the first terminal and the second terminal transmits a linking request to a management server. In response to establishment of authentication of the proxy requesting individual, the management server sets correspondence between the proxy requesting individual and the object individual, thereby enabling the proxy individual to exercise the authority of the proxy requesting individual by proxy via the object individual.SELECTED DRAWING: Figure 1
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present disclosure relates to systems and programs.

Background Art

[0002] In Patent Document 1, a fee collection system for collecting fees for services from vehicle users using a medium such as a card has been proposed. Specifically, the fee collection system proposed in Patent Document 1 is based on the ID of an ETC (Electronic Toll Collection System) card, the rental car company, the rental date and time of the rental car, and the correspondence relationship (billing information, registration information, settlement information, and usage information) of the rental car user, and is configured to allocate the highway usage fee charged by the target rental car to the target user.

Prior Art Documents

Patent Documents

[0003]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0004] One object of the present disclosure is to provide a technology for tracking the usage relationship between a first target and a second target while ensuring security and granting an agency authority to an agency entity while the usage relationship is established.

Means for Solving the Problems

[0005] The system according to the first aspect of this disclosure comprises a management server, a first terminal of a first target proxy individual, and a second terminal of a second target individual. The first terminal is configured to receive authorization grant information notifying the granting of proxy authority from the terminal of the first target proxy request individual, exchange data with the second terminal when a usage relationship occurs between the proxy individual and the target individual, and request verification of the proxy authority by providing authorization verification information to the second terminal during the data exchange. The second terminal is configured to verify the proxy authority using the authorization verification information in response to the request from the first terminal. At least one of the first terminal and the second terminal is configured to send a linking request, including an authentication request for the proxy request individual, to the management server in response to the successful verification by the second terminal. The management server is configured to enable the proxy individual to exercise the authority of the proxy request individual via the target individual by setting up a correspondence between the proxy request individual and the target individual in response to the successful authentication of the proxy request individual in response to the authentication request.

[0006] A program relating to a second aspect of this disclosure is a program that causes the first terminal of a first target proxy individual to receive authorization information notifying the granting of proxy authority from the terminal of the first target proxy requesting individual; to exchange data with the second terminal of the target individual when a usage relationship occurs between the proxy individual and the second target individual; to request verification of the proxy authority by providing authorization verification information to the second terminal in the data exchange; and, in response to the successful verification by the second terminal, to send a linking request to the management server, including an authentication request for the proxy requesting individual; to send the linking request jointly with the second terminal; or to have the second terminal send the linking request, thereby causing the management server to set up a correspondence between the proxy requesting individual and the target individual in response to the successful authentication of the proxy requesting individual in response to the authentication request, thereby enabling the proxy individual to exercise the authority of the proxy requesting individual through the target individual. That is the case.

[0007] The program relating to the third aspect of this disclosure is a program that causes the second terminal of the target individual of the second target to perform the following actions when a usage relationship occurs between the proxy individual of the first target and the target individual: to exchange data with the first terminal of the proxy individual; to receive a request from the first terminal for verification of proxy authority accompanied by authority verification information in the data exchange; to verify the proxy authority using the authority verification information in response to the request from the first terminal; and, upon successful completion of the verification, to send a linking request to the management server, including an authentication request for the proxy requesting individual; to send the linking request jointly with the first terminal; or to have the first terminal send the linking request, thereby causing the management server to set up a correspondence between the proxy requesting individual and the target individual in response to successful authentication of the proxy requesting individual in response to the authentication request, thereby enabling the proxy individual to exercise the authority of the proxy requesting individual through the target individual. [Effects of the Invention]

[0008] According to this disclosure, it is possible to provide a technology for tracking the usage relationship between the first and second targets while ensuring security, and for granting proxy authority to a proxy entity while that usage relationship is established. [Brief explanation of the drawing]

[0009] [Figure 1] Figure 1 schematically illustrates an example of a scenario in which this disclosure applies. [Figure 2] Figure 2 schematically illustrates an example of a scenario to which this disclosure applies. [Figure 3A] Figure 3A schematically shows an example of the linked information according to this embodiment. [Figure 3B] Figure 3B schematically shows an example of user information according to this embodiment. [Figure 3C] Figure 3C schematically shows an example of mobile information according to this embodiment. [Figure 4]FIG. 4 schematically shows an example of data exchange according to this embodiment. [Figure 5A] FIG. 5A schematically shows an example of the verification process of agency according to this embodiment. [Figure 5B] FIG. 5B schematically shows an example of the verification process of agency according to this embodiment. [Figure 6] FIG. 6 schematically shows an example of the process of unlinking according to this embodiment. [Figure 7A] FIG. 7A schematically shows an example of the process of unlinking by the individual requesting agency according to this embodiment. [Figure 7B] FIG. 7B schematically shows an example of the process of unlinking by the individual requesting agency according to this embodiment. [Figure 8] FIG. 8 schematically shows an example of the confirmation process of continued use according to this embodiment. [Figure 9] FIG. 9 schematically shows an example of the usage scenario of the linking information according to this embodiment. [Figure 10A] FIG. 10A schematically shows an example of the hardware configuration of the management server according to this embodiment. [Figure 10B] FIG. 10B schematically shows an example of the hardware configuration of the first server according to this embodiment. [Figure 10C] FIG. 10C schematically shows an example of the hardware configuration of the second server according to this embodiment. [Figure 10D] FIG. 10D schematically shows an example of the hardware configuration of the first terminal according to this embodiment. [Figure 10E] FIG. 10E schematically shows an example of the hardware configuration of the second terminal according to this embodiment. [Figure 10F] FIG. 10F schematically shows an example of the hardware configuration of the terminal according to this embodiment. [Figure 11] FIG. 11 schematically shows an example of the software configuration of each device according to this embodiment. [Figure 12A] FIG. 12A shows an example of the processing procedure of the linking setting according to this embodiment. [Figure 12B]FIG. 12B shows an example of the procedure for解除紐付け (the specific term "解除紐付け" seems incorrect or unclear. If it's "解除紐付け" which might be "解除关联", it should be adjusted appropriately in a real context. Here it remains as is for translation purposes). [Figure 13A] FIG. 13A schematically shows an example of the authentication process when adopting the first authentication method. [Figure 13B] FIG. 13B schematically shows an example of the authentication process when adopting the first authentication method. [Figure 14A] FIG. 14A schematically shows an example of the authentication process when adopting the second authentication method. [Figure 14B] FIG. 14B schematically shows an example of the authentication process when adopting the second authentication method. [Figure 15A] FIG. 15A schematically shows an example of the authentication process when adopting the 3-1 authentication method. [Figure 15B] FIG. 15B schematically shows an example of the authentication process when adopting the 3-1 authentication method. [Figure 16A] FIG. 16A schematically shows an example of the authentication process when adopting the 3-2 authentication method. [Figure 16B] FIG. 16B schematically shows an example of the authentication process when adopting the 3-2 authentication method.

DETAILED DESCRIPTION OF THE INVENTION

[0010] According to the system proposed in Patent Document 1, a user can pay highway tolls by ETC even without holding their own ETC card. However, the inventors of the present invention have found that the conventional system has the following problems.

[0011] That is, with the diversification of MaaS (Mobility as a Service), the efficiency of settlement, prescription From the perspective of convenience, such as the use of prescriptions, it is conceivable that there will be a need to track the use of a mobile device by another party at the request of a user, while ensuring security, and to grant proxy authority to that party while the mobile device is in use. For example, when a prescription is issued to a certain person (the requester / proxy requesting individual), it is conceivable that the authority to exercise the issued prescription on behalf of another party (the agent / proxy individual) using the mobile device will be granted. In this case, it is conceivable that while the mobile device is in use, the other party will use the prescription to obtain the medicine on behalf of the user. In contrast, conventional systems can maintain the correspondence between the date and time of use and the user as usage information, according to the rental car contract or reservation, but since this date and time of use depends on the contract or reservation, the usage information does not necessarily match the actual use of the rental car by the user. In addition, for vehicles used without a contract or reservation (e.g., private cars), the generation of usage information is not anticipated in the first place. Furthermore, since usage information is generated in response to the user's request, the usage information only indicates the use by that user, and it is difficult to track the use by others. Therefore, with conventional systems, it is difficult to track the use of mobile devices by others at the request of a user while ensuring security, and to grant proxy authority to others while the usage relationship is established. Furthermore, this problem is not limited to situations involving vehicles. Similar problems can arise when using other types of mobile devices (e.g., aircraft, ships, etc.) and when using multiple types of mobile devices. Moreover, similar problems can arise in any usage scenario other than those involving mobile devices.

[0012] In contrast, the system according to the first aspect of this disclosure comprises a management server, a first terminal of the first target's proxy individual, and a second terminal of the second target's target individual. The first terminal is configured to receive authorization grant information notifying the granting of proxy authority from the terminal of the first target's proxy request individual, to exchange data with the second terminal when a usage relationship occurs between the proxy individual and the target individual, and to request verification of proxy authority by providing authorization verification information to the second terminal during the data exchange. The second terminal is configured to verify the proxy authority using the authorization verification information in response to a request from the first terminal. At least one of the first terminal and the second terminal is configured to communicate with the second terminal. Upon successful verification, the system is configured to send a linking request, including an authentication request for the proxy requesting individual, to the management server. The management server is configured to enable the proxy individual to exercise the authority of the proxy requesting individual via the target individual by setting up a correspondence between the proxy requesting individual and the target individual, upon successful authentication of the proxy requesting individual in response to the authentication request.

[0013] In the first aspect of this disclosure, by setting up a correspondence (linking) between the proxy requesting entity of the first target and the target entity of the second target, the usage relationship between the proxy entity and the target entity in response to the request of the proxy requesting entity can be tracked. In addition, security can be ensured by the verification process of the proxy authority and the authentication process of the proxy requesting entity of the first target. Then, depending on the setting of the correspondence between the proxy requesting entity and the target entity, the proxy entity can exercise the authority of the proxy requesting entity through the target entity. As a result, the proxy entity can exercise at least a portion of the authority of the proxy requesting entity on its behalf. Therefore, according to the first aspect of this disclosure, it is possible to track the usage relationship between the first and second targets while ensuring security, and to grant the proxy entity the authority to exercise at least a portion of the authority of the proxy requesting entity on its behalf while that usage relationship is established.

[0014] The forms of this disclosure are not limited to the examples described above. As another form of the system relating to the above embodiments, one aspect of this disclosure may be an information processing device, an information processing method, a program, or a machine-readable storage medium that stores such a program, which implements all or part of the above components. Here, a machine-readable storage medium is a medium that stores information such as a program by electrical, magnetic, optical, mechanical, or chemical action. The information processing device may be at least one of the management server, the first terminal, and the second terminal relating to the above embodiments. Furthermore, the system relating to the above embodiments may further include at least one of the first server involved in the authentication of the first target and the second server involved in the authentication of the second target.

[0015] For example, a program relating to the second aspect of this disclosure may be a program that causes the first terminal of the proxy individual of the first target to receive authorization information notifying the granting of proxy authority from the terminal of the proxy requesting individual of the first target; to exchange data with the second terminal of the target individual when a usage relationship occurs between the proxy individual and the target individual of the second target; to request verification of proxy authority by providing authorization verification information to the second terminal during the data exchange; and, in response to the successful verification by the second terminal, to send a linking request to the management server, including an authentication request for the proxy requesting individual; to send the linking request jointly with the second terminal; or to have the second terminal send the linking request, thereby causing the management server to set up a correspondence between the proxy requesting individual and the target individual in response to the successful authentication of the proxy requesting individual in response to the authentication request, thereby enabling the proxy individual to exercise the authority of the proxy requesting individual through the target individual.

[0016] Furthermore, for example, the program relating to the third aspect of this disclosure is a program that causes the second terminal of the target individual of the second target to perform the following actions when a usage relationship occurs between the proxy individual of the first target and the target individual: to exchange data with the first terminal of the proxy individual; to receive a request from the first terminal for verification of proxy authority accompanied by authority verification information during the data exchange; to verify the proxy authority using the authority verification information in response to the request from the first terminal; and, upon successful verification, to send a linking request to the management server, including an authentication request for the proxy requesting individual; to send the linking request jointly with the first terminal; or to have the first terminal send the linking request, thereby causing the management server to set up a correspondence between the proxy requesting individual and the target individual in response to successful authentication of the proxy requesting individual in response to the authentication request, thereby enabling the proxy individual to exercise the authority of the proxy requesting individual through the target individual.

[0017] Hereinafter, embodiments relating to one aspect of this disclosure (hereinafter also referred to as "this embodiment") will be described based on the drawings. However, this embodiment described below is merely illustrative in all respects of this disclosure. Various improvements or modifications may be made without departing from the scope of this disclosure. In implementing this disclosure, specific configurations may be adopted as appropriate depending on the embodiment. Although the data appearing in this embodiment is described in natural language, more specifically, it is specified in computer-recognizable pseudo-language, commands, parameters, machine code, etc.

[0018] [1. Application Examples] Figure 1 schematically shows an example of a scenario in which this disclosure is applied. The system 100 according to this embodiment consists of a management server 1, a first terminal 4, and a second terminal 5. The management server 1 is one or more computers configured to record the correspondence (linking) between the first target and the second target. The first terminal 4 corresponds to the proxy individual PI of the first target, and the second terminal 5 corresponds to the target individual TA of the second target. A terminal may be provided for each individual of the first target. A terminal may also be provided for each individual of the second target. The first terminal 4 is an example of a terminal for the first target, and the second terminal 5 is an example of a terminal for the second target.

[0019] In this embodiment, terminal 6 of the first target proxy requesting individual PR receives settings related to the granting of proxy authority, including the designation of a proxy individual PI. The proxy individual PI may be designated as appropriate from other individuals of the first target. Once the settings related to the granting of proxy authority are made, terminal 6 directly or indirectly transmits authorization granting information AG notifying the granting of proxy authority to the first terminal 4. In response, the first terminal 4 receives the authorization granting information AG from terminal 6 (step S10). Indirect transmission may include transmission via an external computer. Terminal 6 is an example of a terminal of the first target. System 100 may include this terminal 6.

[0020] When a usage relationship is established between the proxy individual PI and the target individual TA, the first terminal 4 exchanges data with the second terminal 5 (step S20). In this data exchange, the first terminal 4 requests verification of its proxy authority by providing the second terminal 5 with the authority verification information AU. The second terminal 5 verifies the proxy authority using the authority verification information AU in response to the request from the first terminal 4 (step S30). Upon successful verification by the second terminal 5, at least one of the first terminal 4 and the second terminal 5 sends a linking request to the management server 1, which includes an authentication request for the proxy requesting individual PR (step S40). Authentication of the proxy requesting individual PR may be performed as appropriate when the linking request is made.

[0021] The management server 1 sets up a correspondence (linking) between the proxy requesting individual PR and the target individual TA in response to the receipt of the linking request and the successful authentication of the proxy requesting individual PR in the authentication process in response to the authentication request (steps S50, S60). In one example, the management server 1 may generate linking information D10 that shows the setting of the correspondence between the first target (proxy requesting individual PR) and the second target (target individual TA), and may save the generated linking information D10. This enables the management server 1 to exercise the authority of the proxy requesting individual PR by the proxy individual PI via the target individual TA.

[0022] Furthermore, during the process of setting up the above correspondence, authentication processing for at least one of the first target proxy individual PI and the second target individual TA may be performed along with the authentication processing for the proxy requesting individual PR. The series of processes from data exchange to linking may be performed in real time as the usage relationship arises. The established correspondence (linking) may be canceled at any time. For example, the correspondence may be canceled when the usage relationship ceases to exist.

[0023] Furthermore, as long as each individual with a corresponding relationship can be identified, the format of the information indicating the setting of the corresponding relationship (linking information D10) is not particularly limited and can be determined as appropriate depending on the embodiment. This may be done. For example, each individual of the first target may be given a first identifier I10, and each individual of the first target may be identified by the first identifier I10. Similarly, each individual of the second target may be given a second identifier I20, and each individual of the second target may be identified by the second identifier I20. Establishing a correspondence between a proxy requesting individual PR and a target individual TA may be done by establishing a correspondence between the first identifier I10 given to the proxy requesting individual PR and the second identifier I20 given to the target individual TA. That is, the establishment of the correspondence may be expressed using the first identifier I10 and the second identifier I20.

[0024] As described above, in this embodiment, by setting a correspondence (linking) between the first target proxy requesting individual PR and the second target target individual TA, the usage relationship between the proxy individual PI and the target individual TA in response to the request from the proxy requesting individual PR can be tracked. In addition, security can be ensured by the verification process of proxy authority using the authority verification information AU and the authentication process of the proxy requesting individual PR. Furthermore, depending on the setting of the correspondence between the proxy requesting individual PR and the target individual TA, the proxy individual PI can exercise the authority of the proxy requesting individual PR via the target individual TA. As a result, the proxy individual PI can exercise at least a portion of the authority of the proxy requesting individual PR on their behalf. Therefore, according to this embodiment, it is possible to track the usage relationship between the first target and the second target while ensuring security, and to grant the proxy individual PI the authority to exercise at least a portion of the authority of the proxy requesting individual PR on their behalf while the usage relationship is established.

[0025] (subject) The first and second objects are not particularly limited as long as a utilization relationship can be established, and may be appropriately selected depending on the embodiment. The first and second objects may be any things, such as objects, people, or other living beings. Any things may include virtual things. The establishment of a utilization relationship may be a real or virtual relationship between at least two things, such as one using the other, one possessing the other, one joining to the other, or one connecting to the other. The system 100 of this disclosure may be used in any situation in which a correspondence between two or more things is tracked.

[0026] In this embodiment, with respect to the first target, it is permissible to set up a proxy correspondence relationship by proxy individual PI in response to a request from proxy requesting individual PR. Conversely, with respect to the second target, it is permissible or not permissible to set up such a proxy correspondence relationship. If a form that does not allow proxying is adopted for the second target, one of the first and second targets that allows proxy linking may be selected as the first target, and the other target that does not allow proxy linking may be selected as the second target.

[0027] (Server 1 / Server 2) For example, to show the details of each individual of the first target (including the proxy requesting individual PR and the proxy individual PI), first target information O10 concerning the first target may be used. First target information O10 may include a first identifier I10. First target information O10 may also include information used for authenticating the first target (such as registered unique information). Similarly, to show the details of each individual of the second target (including the target individual TA), second target information O20 concerning the second target may be used. Second target information O20 may include a second identifier I20. Second target information O20 may also include information used for authenticating the second target. First target information O10 and second target information O20 may be stored in any storage area. At least a portion of first target information O10 and second target information O20 may be stored in a manner accessible from at least one of the management server 1, the external server, and each terminal (4, 5).

[0028] The first target information O10 and the second target information O20 may be managed as appropriate. In the example in Figure 1, the first server 2 may be configured to manage the first target information O10, and the second server 3 may manage the first target information O10. The system may be configured to manage the second target information O20. The first server 2 and the second server 3 may each consist of one or more server devices. The first target information O10 may be stored in memory resources located at least one of the internal and external locations of the first server 2, accessible from the first server 2. The second target information O20 may be stored in memory resources located at least one of the internal and external locations of the second server 3, accessible from the second server 3. Internal memory resources may include, for example, RAM (Random Access Memory), auxiliary storage devices, storage media, etc. External memory resources may include, for example, external storage devices, external computers (NAS: Network Attached Storage, etc.). In another example, each target information (O10, O20) may be stored in the memory resources of the management server 1.

[0029] The unit for managing each piece of target information (O10, O20) is not particularly limited and may be determined as appropriate depending on the embodiment. At least one of the first piece of target information O10 and the second piece of target information O20 may be managed centrally (as a whole) or distributed (separately) for each arbitrary group. The server devices constituting each server (2, 3) may be deployed by one or more operating organizations (entities). At least one of the first server 2 and the second server 3 may be deployed by multiple operating organizations. When deployed by multiple operating organizations, the target information may be shared (i.e., managed centrally) or distributed for each operating organization.

[0030] Furthermore, the first server 2 may be involved in the authentication of the first target (proxy requesting individual PR and proxy individual PI). Involvement in authentication may include determining the success or failure of authentication (direct involvement) and indirect involvement (for example, providing information for determining the success or failure of authentication). When determining the success or failure of authentication for the first target, the first server 2 is an example of an external server (external authentication server) that determines the success or failure of authentication for the first target. Similarly, the second server 3 may be involved in the authentication of the second target (target individual TA). When determining the success or failure of authentication for the second target, the second server 3 is an example of an external server (external authentication server) that determines the success or failure of authentication for the second target.

[0031] (identifier) In one example, identifiers (I10, I20) may be used to identify each individual of each target (including the proxy requesting individual PR of the first target, the proxy individual PI of the first target, and the target individual TA of the second target). The data format and structure of each identifier (I10, I20) are not particularly limited, as long as they can identify each individual of each target, and may be appropriately selected depending on the embodiment. In one example, each identifier (I10, I20) may consist of a sequence of symbols including numbers, letters, etc. In another example, each identifier (I10, I20) may use unique information such as identification information uniquely assigned to each individual, or information originating from each terminal (4, 5, 6). The uniquely assigned identification information may be, for example, a vehicle registration number, a vehicle identification number (VIN), or a personal number. If an IC tag is attached to each individual, the uniquely assigned identification information may include the information held by the IC tag. The information originating from each terminal (4, 5, 6) may include, for example, the MAC address (Media Access Control address), terminal identification information (IMEI: International Mobile Equipment Identifier, IMSI: International Mobile Subscriber Identity, MEID: Mobile Equipment Identifier, ICCID: Integrated Circuit Card ID, and other serial numbers, etc.).

[0032] (Management Server) The management server 1 may be configured to set up a correspondence between the corresponding individuals of the first target and the second target in response to a linking request from at least one of the first target terminal and the second target terminal. In this embodiment, the first target terminal may include the first terminal 4 of the proxy individual PI, and the second target terminal may include the second terminal 5 of the target individual TA. Correspondence between the first target and the second target Setting up a relationship may include setting up a correspondence between the proxy requesting individual PR and the target individual TA in response to a linking request from at least one of the first terminal 4 of the proxy individual PI for the first target and the second terminal 5 of the target individual TA for the second target. In addition, setting up a correspondence between the first target and the second target, other than the case of proxy by the proxy individual PI, may include setting up a correspondence between the relevant individuals of the first target and the second target in response to a linking request from at least one of the terminals of the relevant individuals of the first target and the second target. The process of setting up a link for a normal route that does not involve proxying may be the same as setting up a proxy route, except for the proxy-related processes such as setting up proxy rights and verification. In the following description of the proxy route, the first terminal 4 and the second terminal 5 may be replaced with the respective terminals of the relevant individuals of the first target and the second target, and the normal route processing may be configured accordingly.

[0033] The linking request may be transmitted via any route. For example, the management server 1 may receive the linking request directly from at least one of the first terminal 4 and the second terminal 5, or it may receive it indirectly via an external server. That is, sending a linking request to the management server 1 may consist of sending the linking request directly to the management server 1, or sending the linking request indirectly to the management server 1 via an external server. The external server may include, for example, the first server 2, the second server 3, etc. Also, in an example, indirect transmission may consist of simply having an external computer relay the linking request. In another example, indirect transmission may consist of sending a request to an external computer for processing involved in linking, such as requesting each server (2, 3) to authenticate each target and having them send the authentication results to the management server 1, and then having the external computer send some information to the management server 1 according to the result of its execution. That is, the linking request may also be sent from the external computer to the management server 1 as a result of data communication for other purposes to the external computer. The transmission of a linking request by at least one of the first terminal 4 and the second terminal 5 may include the first terminal 4 transmitting a linking request, the first terminal 4 and the second terminal 5 jointly transmitting a linking request, and the second terminal 5 transmitting a linking request.

[0034] The management server 1 may receive a linking request (a request to set up a link) in response to the occurrence of a usage relationship, and may set up a correspondence between the relevant individuals of the first target and the second target in response to the received linking request. The management server 1 may receive a release request (a request to release the link) in response to the termination of a usage relationship, and may release the correspondence as appropriate in response to the received release request. The linking request and release request may be configured to specify the relevant individuals to be processed in any way. In a typical example, the linking request and release request may be configured to specify the relevant individuals to be processed by including a first identifier I10 and a second identifier I20, respectively. In the above embodiment, the linking request transmitted from at least one of the first terminal 4 of the proxy individual PI and the second terminal 5 of the target individual TA may be configured to specify the individuals to be linked (proxy request individual PR and target individual TA) by including a first identifier I10 of the proxy request individual PR and a second identifier I20 of the target individual TA. However, the method of specifying the relevant individuals to be processed is not limited to this example and may be changed as appropriate depending on the embodiment. In another example, in at least one of the linking request and the unlinking request, at least one of the first identifier I10 and the second identifier I20 may be omitted by using alternative information. For example, an identifier may be assigned as alternative information to the combination of the relevant individuals of the first target and the second target (linking setting). The assignment of the identifier may be performed at any time, for example, when the linking is initially set up. At least one of the linking request and the unlinking request may be configured to specify the relevant individuals of each target to be processed without including at least one of the first identifier I10 and the second identifier I20, by including this identifier.

[0035] The management server 1 may consist of one or more server devices. In this embodiment, the management server 1 associates information regarding the occurrence and termination of correspondence between the first target and the second target. It may be configured to be recorded as information D10. The association information D10 may be stored in memory resources deployed both inside and outside the management server 1. Internal memory resources may include, for example, RAM, auxiliary storage devices, storage media, etc. External memory resources may include, for example, external storage devices, external computers (NAS, etc.), etc.

[0036] The resulting linking information D10 can be used in various situations. For example, linking information D10 can be used to track the relationship between a first target and a second target. Specifically, while a correspondence relationship is established between the first target and the second target, linking information D10 can be used to enable the exercise of authority associated with either the first target or the second target (first target information O10 and second target information O20) from the other. That is, linking information D10 can be used to enable the exercise of authority of either the first target or the second target from the other, depending on the linking of the first target and the second target (Figure 2, described later). In this embodiment, linking information D10 can be used to enable the exercise of at least some of the authority of the proxy requesting individual PR of the first target by the proxy individual PI via the target individual TA, depending on the linking of the proxy requesting individual PR of the first target and the target individual TA of the second target.

[0037] In one example of this embodiment, the linking information D10 may include information on the first identifier I10 and the second identifier I20 of the individual, as it indicates a combination of a first and second target with a correspondence relationship set. The management server 1 may acquire each identifier (I10, I20) of each target as appropriate. In one example, the management server 1 may not pre-store information on the first identifier I10 and the second identifier I20 for setting the correspondence relationship, but may acquire it each time from at least one of the servers (2, 3) and terminals (4, 5). In another example, the management server 1 may pre-store information on at least one of the first identifier I10 and the second identifier I20 for setting the correspondence relationship.

[0038] Furthermore, in one example of this embodiment, when a correspondence is established by proxy of a proxy individual PI, the linking information D10 may further include information about the proxy. Information about the proxy may include, for example, identification information of the proxy individual PI, information about the proxy authority (expiration date, valid authority, etc.). In one example, in order to identify the designated proxy individual PI, the information about the proxy may include the first identifier I10 of the proxy individual PI. Information about the proxy may be transmitted to the management server 1 as appropriate. Information about the proxy may be transmitted directly or indirectly from at least one of the first terminal 4 and terminal 6 to the management server 1. Information about the proxy may be transmitted from terminal 6 to the management server 1 via at least one of the first terminal 4 and second terminal 5. If terminal 6 specifies a proxy individual PI in an external server such as the first server 2, information about the proxy may be transmitted directly or indirectly from the external server to the management server 1. In another example, the linking information D10 may not include information about the proxy. Information about the proxy may be held in a place other than the linking information D10, for example, in the first target information O10. Information regarding the proxy may be managed by an external server, such as Server 12.

[0039] The relationship between the management server 1 and each server (2, 3) and their operating organizations is arbitrary. In one example, the operating organization of management server 1 may overlap with the operating organization of at least one of the first server 2 and the second server 3. In another example, the operating organization of management server 1 may differ from the operating organizations of the first server 2 and the second server 3. The system 100 of this disclosure may be produced by management server 1 being connected to each terminal (4, 5) via a network, and each being deployed in a state capable of performing the above information processing according to the intent of the operating organization of management server 1. If each server (2, 3) is involved in information processing related to linking (e.g., authentication processing), each server (2, 3) may be interpreted as being included in system 100. In this case, the system 100 of this disclosure may be produced by management server 1 being further connected to each server (2, 3) via a network, and each server (2, 3) being further deployed in a state capable of performing information processing related to linking. Furthermore, terminal 6 of the proxy request individual PR of the first target is also in system 1 It may be interpreted as being included in 00.

[0040] (terminal) Terminal 4 relates to the proxy individual PI of the first target. Terminal 5 relates to the target individual TA of the second target. Terminal 6 relates to the proxy requesting individual PR of the first target. In one example, each terminal (4, 5, 6) may accompany the corresponding individual (PI, TA, PR). Accompanying may include being temporarily or permanently deployed inside or outside the target, being possessed by the target (person), and being possessed by a person involved with the target (object). Deploying may include loading. Loading may include being permanently placed in the target, as well as being placed in the target at least temporarily when the target is being used. Loading may include being possessed by the user of the target. At least one of Terminal 4, Terminal 5, and Terminal 6 may be the corresponding individual (PI, TA, PR) itself. Each terminal (4, 5, 6) may consist of one or more computers. Furthermore, with respect to each terminal (4, 5, 6), multiple terminals may be used as if they belong to the same individual, for example, by sharing an account across multiple terminals. In this case, multiple terminals used by the same individual may be interpreted as one terminal of that individual.

[0041] In the above embodiment, the first terminal 4 of the first target proxy individual PI receives authorization grant information AG from the terminal 6 of the first target proxy requesting individual PR, which notifies the granting of proxy authority. When a usage relationship is established between the proxy individual PI and the second target individual TA, the first terminal 4 exchanges data with the second terminal 5 of the target individual TA. In the data exchange, the first terminal 4 requests verification of proxy authority by providing authorization verification information AU to the second terminal 5. Then, in response to the successful verification by the second terminal 5, the first terminal 4 sends a linking request to the management server 1, including an authentication request for the proxy requesting individual PR, sends the linking request jointly with the second terminal 5, or causes the second terminal 5 to send the linking request. As a result, the first terminal 4 causes the management server 1 to set up a correspondence between the proxy requesting individual PR and the target individual TA in response to the successful authentication of the proxy requesting individual PR in response to the authentication request, thereby enabling the proxy exercise of the authority of the proxy requesting individual PR by the proxy individual PI via the target individual TA.

[0042] In the above embodiment, the second terminal 5 of the target individual TA of the second target exchanges data with the first terminal 4 of the proxy individual PI when a usage relationship is established between the proxy individual PI and the target individual TA of the first target. During the data exchange, the second terminal 5 receives a request from the first terminal 4 for verification of proxy authority, accompanied by authorization verification information AU. The second terminal 5 verifies the proxy authority using the authorization verification information AU in response to the request from the first terminal 4. Then, upon successful verification, the second terminal 5 sends a linking request to the management server 1, including an authentication request for the proxy requesting individual PR, sends the linking request jointly with the first terminal 4, or causes the first terminal 4 to send the linking request. As a result, the second terminal 5 causes the management server 1 to set up a correspondence between the proxy requesting individual PR and the target individual TA upon successful authentication of the proxy requesting individual PR in response to the authentication request, thereby enabling the proxy exercise of the authority of the proxy requesting individual PR by the proxy individual PI via the target individual TA.

[0043] In the above embodiment, the terminal 6 of the first target proxy requesting individual PR accepts settings related to the granting of proxy rights, including the designation of the proxy individual PI. The information processing for the proxy settings may be performed on terminal 6, or on an external computer such as the first server 2 via terminal 6. The proxy individual PI may be designated as appropriate. In a typical example, terminal 6 may store an address book and accept the selection of a proxy individual PI from individuals registered in the address book (e.g., users). In another example, terminal 6 may access a list of the first target via an external computer such as the first server 2 and accept the selection of a proxy individual PI from individuals registered in the list. The designation of the proxy individual PI may be performed automatically by computer processing, or it may be performed manually, at least partially involving user operation. good.

[0044] When a proxy individual PI is designated, terminal 6 exchanges data with the designated proxy individual PI's terminal (first terminal 4) and provides the first terminal 4 with authorization grant information AG to notify it of the grant of proxy authority. In response, the first terminal 4 receives the authorization grant information AG from terminal 6. The configuration of the authorization grant information AG is not particularly limited as long as it can notify the grant of proxy authority, and may be appropriately selected depending on the embodiment. In one example, the authorization grant information AG may include authorization verification information AU. In another example, the authorization grant information AG may consist of information that simply notifies the grant of proxy authority. Furthermore, data exchange between terminal 6 and the first terminal 4 may be performed by wireless or wired data communication, or by methods other than data communication, such as reading a two-dimensional code. In one example, when data communication is used, data exchange between terminal 6 and the first terminal 4 may be performed by short message, email, notification in a communication application (e.g., a Social Networking Service application). Furthermore, terminal 6 may directly provide the authorization information AG to the first terminal 4, or it may transmit it indirectly via an external computer such as the first server 2. In this way, terminal 6 of the proxy requesting individual PR may grant the first terminal 4 of the proxy individual PI the authority to authenticate on its behalf and have it execute the process of setting up the correspondence relationship with the second target.

[0045] The settings for granting proxy authority may include various settings related to proxy authority other than the designation of the proxy individual PI mentioned above. For example, the settings for granting proxy authority may include the setting of at least one of the expiration date and the valid authority. Accordingly, the proxy authority may have at least one of the expiration date and the valid authority set. If the expiration date is set for the proxy authority, the management server 1 may be configured to cancel the correspondence between the proxy requesting individual PR and the target individual TA when the expiration date arrives. If the valid authority is set for the proxy authority, the management server 1 may be configured to cancel the correspondence between the proxy requesting individual PR and the target individual TA when the valid authority is exercised or expires by the proxy individual PI. By setting at least one of the expiration date and the valid authority, restrictions can be placed on the proxy authority granted to the proxy individual PI. The setting of at least one of the expiration date and the valid authority may be performed automatically by computer processing, or it may be performed manually, including at least partly user operation.

[0046] Information regarding the proxy individual PI, expiration date, valid authority, and other information related to the established proxy rights (proxy rights information) may be managed as appropriate. The proxy rights information may be managed by at least one of the following: management server 1, an external computer (e.g., first server 2), first terminal 4, second terminal 5, and terminal 6. In one example, the proxy setting process may be executed on first server 2, and in response to the execution of this setting process, first server 2 may generate the proxy rights information. First server 2 may manage the proxy rights information in association with first target information O10. First server 2 may notify management server 1 of the proxy rights information as appropriate. In another example, the proxy individual PI information (e.g., first identifier I10) may be transmitted from first terminal 4. In yet another example, the proxy rights information may be generated in response to the setting process on terminal 6. The proxy rights information is transmitted from terminal 6 to first server 2, where it may be managed in association with first target information O10. In another example, the proxy information may be notified to the management server 1 from the first server 2 or terminal 6 via at least one of the first terminal 4 and the second terminal 5, and managed by the management server 1 in association with the linking information D10. For example, the proxy information may be transmitted together with the linking request. In yet another example, the proxy information may be transmitted directly or indirectly from terminal 6 to the management server 1, rather than via at least one of the first terminal 4 and the second terminal 5. In this case, the management server 1 may appropriately associate the linking request received from at least one of the first terminal 4 and the second terminal 5 with the proxy information. The data association may be identified in any way. In one example, the data of the linking request and the data of the proxy information may both include shared information for identifying the association. The shared information may be, for example, matching The shared information may consist of information that has a relationship, such as establishing a correspondence. For example, the shared information may consist of the first identifier I10 of at least one of the proxy requesting individual PR and the proxy individual PI. For example, the shared information may consist of temporary information such as random numbers, timestamps, and hash values. Note that the timing of setting the valid privileges and expiration date is not limited to the timing of specifying the proxy individual PI. At least one of the valid privileges and expiration date may be set at any time until the correspondence is broken.

[0047] (Operation example) The first and second targets may be selected as appropriate. In one example, one of the first and second targets may be a user. Of the first terminal 4 and the second terminal 5, the terminal corresponding to the user may be a user terminal associated with that user. The other of the first and second targets may be a usable object used by the user. Of the first terminal 4 and the second terminal 5, the terminal corresponding to the usable object may be a loading terminal loaded onto the usable object. According to one example of this embodiment, the usage relationship between the user and the usable object can be tracked. In one example, the first target may be a user, and the second target may be a usable object. The proxy individual PI of the first target may be a proxy user, and the proxy request individual PR of the first target may be a proxy request user.

[0048] The type of object used is not particularly limited as long as it can be used by the user, and may be appropriately selected depending on the embodiment. For example, the object used may be a mobile device. According to this example embodiment, the usage relationship between the user and the mobile device can be tracked. The type of mobile device may be appropriately selected. A mobile device may be, for example, a vehicle, a railway vehicle, an aircraft (aircraft, drone, etc.), a ship, etc. A mobile device may be at least one of a manually controlled manned aircraft or an automatically controlled unmanned aircraft. If the mobile device is a vehicle, the type of vehicle may be arbitrarily selected. The type of vehicle may be, for example, a two-wheeled vehicle, a three-wheeled vehicle, a four-wheeled vehicle, etc. A vehicle may include a private car, a rental car, a shared car, a taxi, a bus, etc. A vehicle may be at least one of an autonomous vehicle or a manually driven vehicle. The loading terminal may be called a mobile device terminal.

[0049] Figure 2 schematically illustrates one embodiment of a scenario in which the System 100 of this Disclosure is applied. In the example in Figure 2, the first object is the user, and the second object is the mobile object. For convenience, in the following explanation of the example in Figure 2, "first" will be treated as relating to the user, and "second" as relating to the mobile object. However, the correspondence between "first" and "second" is not limited to the example in Figure 2. "First" and "second" may be interchangeable. That is, the second object may be the user, and the first object may be the mobile object.

[0050] When the first target is a user, an example of the first terminal 4 is a user terminal owned by a proxy user, and an example of terminal 6 is a user terminal owned by a proxy requesting user. Each user terminal may be any computer, such as a mobile terminal (smartphone, etc.), a dedicated device (electronic key device, etc.), or other computer device. A user's account may be shared across multiple computers, and accordingly, each computer sharing the account may be used as a user terminal (first terminal 4, terminal 6) for the same user.

[0051] An example of the first identifier I10 is a user identifier (user ID, My ID). The user identifier may be, for example, a user account ID, a personal number, or user terminal identification information (e.g., MAC address, terminal identification information). An example of the first target information O10 is user information O10A. User information O10A may include arbitrary information about the user. In one example, user information O10A may include information about the authority of the corresponding user (the corresponding individual user) and be associated with various information E10 for exercising that authority. Various information E10 may include, for example, public personal authentication information, payment information, and other service-related information. Public personal authentication information may include, for example, a personal number. Payment information is, for example... For example, this may include credit card information, internet banking information, electronic payment information, etc. Other service-related information may include, for example, information related to electronic prescriptions (insurer number, prescription information, etc.). Various types of information E10 may be managed by an external system or by system 100. The first server 2 may be deployed by a public institution, a neutral institution, various businesses (vehicle manufacturers, service operating companies, etc.). The first server 2 may also be called a user ID server, my ID server, etc.

[0052] On the other hand, when the second object is a moving object, an example of the second terminal 5 is a mobile terminal (loaded terminal). A mobile terminal may be, for example, a terminal attached to the inside or outside of a moving object, a terminal carried by a person involved in the operation of the moving object (e.g., driver, conductor, etc.), or equipment deployed in the facilities of the moving object (e.g., ticket gate, etc.). When the moving object is a vehicle, the mobile terminal may be called an in-vehicle terminal.

[0053] An example of the second identifier I20 is a mobile entity identifier (mobile entity ID, car ID). The mobile entity identifier may be, for example, the ID of a mobile entity account, identification information uniquely assigned to the target mobile entity (e.g., vehicle registration number, vehicle identification information, etc.), identification information of a mobile entity terminal, etc. An example of the second target information O20 is mobile entity information O20A. Mobile entity information O20A may include arbitrary information about the mobile entity. In the example in Figure 2, depending on the linking settings between the proxy requesting user and the target mobile entity, at least some of the permissions of the various information E10 associated with the proxy requesting user's user information O10A may be enabled (activated) for the proxy user to exercise through the target mobile entity. The second server 3 may be deployed by public institutions, neutral institutions, various businesses (vehicle manufacturers, service operators, etc.). The second server 3 may be referred to as a mobile entity ID server, car ID server, etc.

[0054] A mobile object is an example of a usable object. The configuration shown in Figure 2 can be applied to any case where the user (possessor) of the usable object changes dynamically. In addition to a mobile object, the usable object may be, for example, rental items, accommodation facilities, etc. Rental items may include rental offices, rental spaces, etc.

[0055] System 100 may be configured to establish a correspondence (linking) between the user (first identifier I10) and the corresponding individual of the item (second identifier I20) in response to the start of use of the item. System 100 may also be configured to release the correspondence (linking) between the individuals in response to the end of use. The start and end of use may be detected by any method at the timing of, for example, getting on and off a vehicle, lending and returning the item. In one example, at least one of the start and end of use may be detected in response to the execution of data exchange between the user and the item's terminals (in the proxy case, the first terminal 4 and the second terminal 5).

[0056] Furthermore, items for use can be divided into at least two types: those that can be used repeatedly over a long period of time, and those that can be used temporarily. For the sake of explanation, the former will be referred to as "regularly used items," and the latter as "temporarily used items." An example of regularly used items is the user's property, such as a private car. It is desirable that items that can be used repeatedly over a long period of time be selected as regularly used items. An example of temporarily used items is items owned by someone other than the user, such as rental cars, shared cars, public transportation vehicles, rental items, and accommodation facilities. Public transportation vehicles include, for example, taxis, buses, train cars, aircraft, and ships.

[0057] In system 100, the type of item used (whether it is a regularly used item or a temporary used item) may or may not be distinguished. If the type of item is distinguished, system 100 may determine the type of item by any method. For example, the target information (mobile item information, etc.) may include information indicating the type of item, and system 100 may determine the type of item based on this information. In another example, the type of item may be determined from information such as an identifier or attribute information. In another example, the information transmitted from at least one of the first terminal 4 and the second terminal 5 to the management server 1 may include information indicating the type of user, and the system 100 may determine the type of user based on this information. In yet another example, if the operating organization of the server that handles user information (second server 3 in the example of Figure 2) is determined according to the type of user, the type of user may be determined according to the affiliation of the operating organization of the server. Depending on the determined type of user, the system 100 may switch the form of, for example, the linking setting process, the conditions for unlinking, the management method of the linking information D10, the authentication process, etc.

[0058] Furthermore, the application of System 100 in this disclosure is not limited to situations where relationships between users and objects are tracked. In another example, both the first and second objects may be robotic devices configured to operate autonomously through automatic control. Robotic devices may include mobile objects such as autonomous vehicles and drones. In situations where two or more robotic devices interact autonomously, System 100 in this disclosure may be used to track the occurrence and termination of relationships between the robotic devices. In this case, System 100 may perform the above-mentioned proxy linking setting process so that one robotic device (proxy individual PI) can exercise the authority of another robotic device (proxy requesting individual PR).

[0059] (Linking information) Figure 3A schematically shows an example of the linking information D10 according to this embodiment. In the example in Figure 3A, it is assumed that a form is adopted in which the setting of the correspondence relationship is expressed using a first identifier I10 and a second identifier I20. The linking information D10 includes the first identifier I10, the second identifier I20, the setting time, and the release time. The first identifier I10 and the second identifier I20 indicate the corresponding individual of the first target and the corresponding individual of the second target for which the correspondence relationship (linking) has been set. In the case of the above proxy, when a correspondence relationship is set, the linking information D10 includes the first identifier I10 of the proxy requesting individual PR. The setting time indicates the time when the correspondence relationship was set. The setting time may consist of a timestamp. The release time indicates the time when the correspondence relationship was released. The value of the release time may be added when the process of releasing the correspondence relationship is executed. The method of expressing the release is not limited to this example. In another example, the release time may be replaced with at least one of the expiration date and a flag. The expiration date indicates the period during which the setting of the correspondence relationship is valid. In this case, whether or not the correspondence is valid (i.e., whether the correspondence is set or removed) is indicated depending on whether or not it is within the expiration period. If a correspondence is set in the above proxy case, the expiration period may be set by the proxy requesting individual PR. The flag indicates whether or not the correspondence has been removed. The flag may be set when the process to remove the correspondence is executed. In yet another example, the linking information D10 may include at least one of the expiration period and the flag, along with the field for the removal time. Also, if a correspondence is set in the above proxy case and additional valid privileges are set, the linking information D10 may further include information indicating the set valid privileges. To identify the specified proxy individual PI, the linking information D10 may further include the first identifier I10 of the specified proxy individual PI. The information of the expiration period, valid privileges, and the first identifier I10 of the proxy individual PI is an example of information regarding the set proxy rights (proxy rights information).

[0060] Furthermore, the configuration of the linking information D10 is not limited to the example in Figure 3A, and may be modified as appropriate depending on the embodiment, as long as the correspondence can be shown. In another example, the linking information D10 may further include information indicating the type of item used (whether it is an item used regularly or an item used temporarily). The type of item used does not necessarily have to be identified by separate information. For example, the type of item used may be identified by information such as an identifier. Also, the agency information may be omitted from the linking information D10.

[0061] The data format of the linking information D10 is not particularly limited and may be appropriately selected depending on the embodiment. The linking information D10 may be stored in any database infrastructure. For example, In one example, the linking information D10 may be stored in a relational database such as a table. In another example, the linking information D10 may be stored on a blockchain platform. In this case, each linking setup and unlinking transaction may be stored on the blockchain as linking information D10. For example, a linking setup transaction may include a first identifier I10, a second identifier I20, and the setup time. An unlinking transaction may include a first identifier I10, a second identifier I20, and the unlinking time (or information indicating unlinking).

[0062] (First target information) The first target information O10 may include any information relating to the first target. For example, the first target information O10 may include the first identifier I10, attribute information of the first target, information relating to authorization (authorization information), information relating to established authorization (authorization information), etc. In the example in Figure 2, user information O10A is an example of the first target information O10.

[0063] Figure 3B schematically shows an example of user information O10A according to this embodiment. In the example in Figure 3B, user information O10A includes the user ID (first identifier I10) of the corresponding user, attribute information, and authorization information. The attribute information may include arbitrary information relating to the attributes of the corresponding user. For example, the attribute information may include personal information such as name, address, age, gender, and contact information. The authorization information relates to the authorizations of the corresponding user. For example, the authorization information may include information for coordinating with a server that performs information processing related to the target authorization, and information indicating association with various types of information E10.

[0064] If the corresponding user has set up a proxy as the user requesting the proxy, user information O10A may further include proxy information regarding the set proxy. For example, the proxy information may include the proxy user's user ID (first identifier I10 of the proxy individual PI), expiration date, and active authority. The proxy information may also be associated with authority information.

[0065] The configuration of user information O10A is not limited to the example in Figure 3B and may be modified as appropriate depending on the embodiment. For example, user information O10A (first target information O10) may further include information used for user (first target) authentication (e.g., registered unique information). Also, proxy information may be omitted from user information O10A (first target information O10). Proxy information may be stored in association with at least one of the linking information D10 and the first target information O10, as illustrated in Figures 3A and 3B, or it may be stored separately from the linking information D10 and the first target information O10.

[0066] The data format of the first target information O10 (user information O10A) is not particularly limited and may be appropriately selected depending on the embodiment. The first target information O10 (user information O10A) may be stored in any database infrastructure. In one example, the first target information O10 (user information O10A) may be stored in a relational database such as a table format. In another example, the first target information O10 (user information O10A) may be stored on a blockchain infrastructure.

[0067] (Second target information) The second target information O20 may include any information relating to the second target. For example, the second target information O20 may include the second identifier I20, attribute information of the second target, information relating to authorization, etc. In the example in Figure 2, mobile information O20A is an example of the second target information O20.

[0068] Figure 3C schematically shows an example of mobile information O20A according to this embodiment. In the example in Figure 3C, mobile information O20A includes mobile ID (second identifier I20) and attribute information. The attribute information includes license plate number, type, and owner information. If the mobile object is a vehicle, the license plate number... The vehicle registration number may be used. The type may be defined arbitrarily. For example, the type may be defined to indicate a category that can distinguish between regularly used and temporarily used items, such as private cars, rental cars, shared cars, and public transport vehicles. The type may also include the type of vehicle, such as the vehicle model. Owner information may include arbitrary information about the owner of the vehicle. Owner information may include personal information of the owner, such as name, address, age, gender, and contact information. The owner may be a legal entity.

[0069] The configuration of the mobile information O20A is not limited to the example in Figure 3C and may be modified as appropriate depending on the embodiment. For example, the mobile information O20A (second target information O20) may further include information used for authentication of the mobile entity (second target) (e.g., registered unique information). The configuration of the attribute information may also be modified as appropriate. For example, the mobile information O20A (attribute information) may further include information related to the mobile terminal, such as the mobile terminal's contact information. If a form that allows proxy authentication for the second target is adopted, the second target information O20 may further include proxy authority information.

[0070] The data format of the second target information O20 (mobile entity information O20A) is not particularly limited and may be appropriately selected depending on the embodiment. The second target information O20 (mobile entity information O20A) may be stored in any database infrastructure. In one example, the second target information O20 (mobile entity information O20A) may be stored in a relational database such as a table format. In another example, the second target information O20 (mobile entity information O20A) may be stored on a blockchain infrastructure.

[0071] (Authentication process) The authentication of the first target proxy request individual PR may be performed by any method (specific examples will be described later). Performing the authentication process includes determining whether the authentication is successful or not. The authentication process may be performed on any computer. In one example, the success or failure of the authentication in response to the authentication request may be determined by management server 1 or an external server (e.g., first server 2). By performing the authentication process on the server side, security can be expected to be ensured.

[0072] This authentication process may be performed at any time before the correspondence is established. For example, the authentication process for the proxy requesting individual PR may be performed as a trigger to send the linking request before issuing the linking request. The linking request may be sent separately from the authentication request in response to the successful authentication of the proxy requesting individual PR in response to the authentication request. The fact that the linking request includes the authentication request may include executing the authentication request as a preprocessing step before issuing the linking request (the case of the authentication method described in Section 3-2 below). In another example, the authentication process for the proxy requesting individual PR may be requested together with the linking request and executed together with the processing related to linking settings (the case of the first authentication method described below). In yet another example, the authentication process for the proxy requesting individual PR may be started after the linking request has been sent, in response to a request from the management server 1 or an external server.

[0073] Accordingly, the management server 1 may obtain the authentication result together with the linking request, or it may obtain it after the linking request. When authentication is successful, obtaining the authentication result at the management server 1 may include obtaining an authentication result indicating that authentication is successful, and obtaining indirect information such as the linking request in response to the successful authentication (i.e., obtaining the authentication result indirectly). On the other hand, when authentication is unsuccessful, obtaining the authentication result at the management server 1 may include obtaining an authentication result indicating that authentication is unsuccessful, and the authentication result not reaching the management server 1 (the authentication result not being obtained).

[0074] The computer that performs the authentication process may be modified as appropriate depending on the embodiment. Furthermore, along with the authentication of the proxy requesting individual PR for the first target, authentication of at least one of the proxy individual PI for the first target and the target individual TA for the second target may be performed. The authentication process for the proxy individual PI may be performed in the same manner as for the proxy requesting individual PR. When the authentication process for the proxy individual PI is performed, a correspondence relationship may be set up in accordance with the successful authentication of the proxy individual PI together with the proxy requesting individual PR. Also, similar to the first target, the authentication process for the second target may be performed on any computer. For example, the success or failure of the authentication of the second target (target individual TA) may be determined by management server 1 or an external server (for example, second server 3, etc.). When the authentication process for the target individual TA of the second target is performed, a correspondence relationship may be set up in accordance with the successful authentication of the target individual TA together with the proxy requesting individual PR.

[0075] The order of authentication processing for the first and second targets is not particularly limited and may be determined as appropriate depending on the embodiment. The authentication processing for the first target may be executed at least partially in parallel with the authentication processing for the second target. Each authentication request for each target may include data used for authentication of each target (e.g., identifier, unique information, certificate, etc.). When the authentication processing for each target is executed on the management server 1 or an external server, obtaining the authentication result on the management server 1 may include obtaining the authentication result by executing the authentication processing on the management server 1, or obtaining the authentication result from an external server. For example, the management server 1 may execute the authentication processing in response to the received authentication request, or it may request the external server to execute the authentication processing by sending the authentication request to the external server. Also, for example, at least one of the terminals of the first and second targets may send an authentication request to the external server. The external server may execute the authentication processing in response to the received authentication request, or it may request the management server 1 to execute the authentication processing by sending the authentication request to the management server 1. When the authentication process is performed, the external server may send the authentication result directly to the management server 1, or it may send the authentication result to the management server 1 via an external computer (for example, at least one terminal).

[0076] (Data exchange) In this embodiment, a series of processes related to linking settings in the proxy route may be initiated by data exchange between the first terminal 4 and the second terminal 5. That is, when a usage relationship is established between the proxy individual PI and the target individual TA in response to a request from the proxy requesting individual PR, the first terminal 4 and the second terminal 5 may appropriately perform data exchange. The establishment of a usage relationship (start of usage) may be detected by this data exchange. According to one example of this embodiment, it can be expected that the establishment of a usage relationship can be easily detected by data exchange.

[0077] The method of data exchange is not particularly limited and may be appropriately selected depending on the embodiment. For example, data exchange between the first terminal 4 and the second terminal 5 may be performed by wireless or wired data communication. Wireless communication may be performed by, for example, NFC (Near Field Communication), Bluetooth (registered trademark), Wi-Fi (registered trademark), etc. Wired communication may be performed by, for example, wired LAN (Local Area Network), USB (Universal Serial Bus), etc. Data communication may take place directly between the first terminal 4 and the second terminal 5, or indirectly via another computer. In another example, data exchange may be performed by methods other than data communication, such as reading a two-dimensional code. For example, data exchange may take place when one of the first terminal 4 or the second terminal 5 displays data on a display, and the other uses a sensor, such as an image sensor, to read the displayed data.

[0078] Figure 4 schematically shows an example of data exchange according to this embodiment. In this example, the first terminal 4 of the proxy individual PI may be equipped with a short-range wireless communication module 431. The second terminal 5 of the target individual TA may be equipped with a short-range wireless communication module 531. Accordingly, data exchange between terminals may be performed by short-range wireless communication. Note that the types of each short-range wireless communication module (431, 531) are not particularly limited and may be appropriately selected according to the embodiment. Short-range wireless communication may be, for example, NFC, Bluetooth (registered trademark), Wi-Fi (registered trademark). This may include trademarks, RFID (Radio-Frequency Identification), ZigBee (registered trademark), infrared communication (infrared transmission), etc. In one example of this embodiment, short-range wireless communication is used. The occurrence of a usage relationship can be detected by triggering data exchange. Furthermore, since it is possible to guarantee that the first terminal 4 and the second terminal 5 are within range of short-range wireless communication, it can be expected that the occurrence of a usage relationship between the proxy individual PI and the target individual TA can be properly detected.

[0079] The linking request may include at least one of the first identifier I10 of the proxy requesting individual PR and the second identifier I20 of the target individual TA. If the linking request includes the first identifier I10 of the proxy requesting individual PR, the first identifier I10 may be transmitted from at least one of the first terminal 4 and the second terminal 5. If the first identifier I10 is transmitted from the first terminal 4, the first terminal 4 may retrieve the first identifier I10 at any time. For example, the first terminal 4 may be given the first identifier I10 of the proxy requesting individual PR by terminal 6 or an external server (such as the first server 2) when the proxy request is made, or it may be stored in advance in an address book or the like. In this way, the first terminal 4 may store the first identifier I10 of the proxy requesting individual PR in its memory resources in advance. The first terminal 4 may retrieve the first identifier I10 of the proxy requesting individual PR from its memory resources. In another example, the first terminal 4 may obtain the first identifier I10 of the proxy requesting individual PR using an input device, sensor, etc. When the first identifier I10 of the proxy requesting individual PR is transmitted from the second terminal 5, the second terminal 5 may be given the first identifier I10 of the proxy requesting individual PR from the first terminal 4 during data exchange, or may obtain it through its own actions. In one example, the second terminal 5 may obtain the first identifier I10 from the first terminal 4 via data communication. In another example, the second terminal 5 may obtain the first identifier I10 of the proxy requesting individual PR from the first terminal 4 by a method other than data communication, such as reading the first identifier I10 displayed as a two-dimensional code on the first terminal 4. In yet another example, the second terminal 5 may obtain the first identifier I10 of the proxy requesting individual PR from either the first target (proxy individual PI, proxy requesting individual PR) or the first terminal 4 using an input device, sensor, or other device. Acquisition from the first target may include acquisition by the person related to the second target operating the device on behalf of the first target, if the second target is an object and there is a person related to the second target (for example, the second target is a person, the second target is operated by a person, etc.). In another example, the second terminal 5 may acquire the first identifier I10 of the proxy requesting individual PR from terminal 6 or an external server (first server 2, etc.).

[0080] If the linking request includes a second identifier I20, the second identifier I20 may be transmitted from at least one of the first terminal 4 and the second terminal 5. If the second identifier I20 is transmitted from the second terminal 5, the second terminal 5 may acquire the second identifier I20 at any time. For example, the second identifier I20 may be stored in the memory resources of the second terminal 5 beforehand. The second terminal 5 may acquire the second identifier I20 from the memory resources. In another example, the second terminal 5 may acquire the second identifier I20 using an input device, sensor, etc. If the second identifier I20 is transmitted from the first terminal 4, the first terminal 4 may be given the second identifier I20 by the second terminal 5 during data exchange, or may acquire it through its own actions. For example, the first terminal 4 may acquire the second identifier I20 from the second terminal 5 via data communication. In another example, the first terminal 4 may obtain the second identifier I20 from the second terminal 5 by a method other than data communication, such as reading the second identifier I20 displayed as a two-dimensional code on the second terminal 5. In yet another example, the first terminal 4 may obtain the second identifier I20 from either the second object or the second terminal 5 using a device such as an input device or a sensor. Obtaining from the second object may include obtaining it by having a person related to the first object operate a device on its behalf when the second object is an object and there is a person related to the first object (for example, the first object is a person, or the first object is operated by a person, etc.).

[0081] Furthermore, the linking request may also include the first identifier I10 of the proxy individual PI. If the data includes a first identifier I10 of the proxy individual PI, the first identifier I10 of the proxy individual PI may be transmitted from at least one of the first terminal 4 and the second terminal 5. If the first identifier I10 of the proxy individual PI is transmitted from the first terminal 4, the first terminal 4 may acquire the first identifier I10 at any time. In one example, the first identifier I10 of the proxy individual PI may be stored in advance in the memory resources of the first terminal 4. The first terminal 4 may acquire the first identifier I10 of the proxy individual PI from the memory resources. In another example, the first terminal 4 may acquire the first identifier I10 of the proxy individual PI using an input device, sensor, etc. If the first identifier I10 of the proxy individual PI is transmitted from the second terminal 5, the second terminal 5 may be given the first identifier I10 of the proxy individual PI by the first terminal 4 during data exchange, or may acquire it through its own actions. In one example, the second terminal 5 may acquire the first identifier I10 of the proxy individual PI from the first terminal 4 via data communication. In another example, the second terminal 5 may obtain the first identifier I10 of the proxy individual PI by means other than data communication, such as reading the first identifier I10 displayed as a two-dimensional code on the first terminal 4. In yet another example, the second terminal 5 may obtain the first identifier I10 of the proxy individual PI from either the first target (proxy individual PI) or the first terminal 4 using a device such as an input device or a sensor.

[0082] For example, in the example shown in Figure 2 above, the first terminal 4 may obtain the second identifier I20 (mobile identifier) ​​from the second terminal 5 by data communication or reading a code. If the second identifier I20 is a vehicle registration number, the first terminal 4 may obtain the second identifier I20 by photographing the license plate with an image sensor and analyzing the obtained image. The first terminal 4 may also obtain the second identifier I20 via an input device. The second terminal 5 may obtain the second identifier I20 as appropriate. The second terminal 5 may also obtain the first identifier I10 (user identifier) ​​by data communication or reading a code. If the first identifier I10 is a personal number etc. written on a card, the second terminal 5 may obtain the first identifier I10 by photographing the card with an image sensor and analyzing the obtained image. The second terminal 5 may also obtain the first identifier I10 via an input device. The first terminal 4 may obtain the first identifier I10 as appropriate.

[0083] When an input device is used to acquire data such as each identifier (I10, I20), the acquisition of data from the other object by one terminal may include not only the acquisition of data from the other object by the other object operating the input device, but also the acquisition of data from the other object by the first object operating the input device. For example, in the example in Figure 2 above, if the second identifier I20 is a vehicle registration number and an input device is used to acquire the vehicle registration number, the first terminal 4 may acquire the second identifier I20 from the mobile object (second object) by the input of the vehicle registration number via the input device by the user (first object).

[0084] Furthermore, the acquisition of data from one terminal to the other terminal does not necessarily have to be performed during data exchange. One terminal may acquire data from the other terminal at any time other than the data exchange. Any of the above methods may be used for data acquisition. In this case, the data exchange between the first terminal 4 and the second terminal 5 may function merely as a trigger to start a series of processes related to the linking settings.

[0085] (Verification process) The method for verifying the power of attorney may be appropriately selected depending on the embodiment. The configuration of the power of attorney verification information AU may be appropriately determined depending on the verification method. In this embodiment, the verification of the power of attorney may be performed by at least one of the following two methods.

[0086] (1) Method 1 Figure 5A schematically shows an example of the process of verifying the power of attorney using the first method. In the first method, the power of attorney verification information AU may include contact AU1, which performs the approval process. Verification of the power of attorney may consist of querying contact AU1 included in the authorization verification information AU (step S301) and receiving an approval response as a result of executing the approval process (step S302).

[0087] The authorization process for the power of attorney may be performed automatically by computer processing, or it may be performed manually, at least partially by user operation. The content of the authorization process may be designed as appropriate depending on the embodiment. In a simple example, the inquiry may include an authorization button, and the authorization process may be the operation of the authorization button included in the inquiry. Furthermore, contact AU1 is not particularly limited and may be selected as appropriate depending on the embodiment, as long as it can notify the computer performing the authorization process of the inquiry.

[0088] In the example shown in Figure 5A, contact AU1 is the contact of terminal 6. In this example, the approval process may be performed on terminal 6. In this case, contact AU1 (the contact of terminal 6) may be, for example, a telephone number, an email address, account information for a communication application (e.g., a Social Networking Service application), an identification number, etc. However, the computer that performs the authorization process is not limited to terminal 6. In another example, the authorization process may be performed by an external computer such as the first server 2. In this case, contact AU1 may be, for example, the address of an external computer such as a URL (Uniform Resource Locator). The address may be a one-time address. Contact AU1 may be transmitted to the second terminal 5 as appropriate. In one example, the authorization granting information AG may include authorization verification information AU (contact AU1). In data exchange, the first terminal 4 may provide the contact AU1 included in the authorization granting information AG to the second terminal 5.

[0089] When the authorization process is automatically executed by terminal 6 or an external computer, the authenticity of the proxy authority may be verified in any way during the authorization process. For example, the authenticity of the proxy authority may be verified by authentication of the proxy individual PI. For example, in response to the designation of the proxy individual PI by terminal 6, terminal 6 or the external computer may have information about the proxy individual PI (first identifier I10, data used for authentication, etc.) in advance. The second terminal 5 may obtain the proxy individual PI information from the proxy individual PI or the first terminal 4 and notify terminal 6 or the external computer of an inquiry containing the obtained information. The information about the proxy individual PI may include authentication information for authenticating the proxy individual PI. The authentication information may be appropriately selected depending on the embodiment. For example, the authentication information may include unique information. Unique information may include, for example, information originating from the subject (individual), information originating from the terminal, temporarily generated information, or other information generated by any method. Information originating from the subject may include, for example, biometric information, uniquely assigned identification information, etc. Biometric information may include, for example, a facial image, fingerprint, voiceprint, etc. The temporarily generated information may consist of, for example, a timestamp, a random number, a hash value, etc. Terminal 6 or an external computer may verify the authenticity of the proxy authority by comparing the previously held proxy individual PI designation information with the proxy individual PI acquisition information notified by the second terminal 5. Depending on whether the information comparison is successful, terminal 6 or the external computer may send a response to the second terminal 5 indicating approval. On the other hand, if the information comparison is unsuccessful, terminal 6 or the external computer may send a response to the second terminal 5 indicating disapproval and prompt the second terminal 5 to reacquire the proxy individual PI information.

[0090] Furthermore, in the example shown in Figure 5A, if the inquiry (approval request) in step S301 is notified to terminal 6, and no response is received from terminal 6 within a certain period, the second terminal 5 may notify terminal 6 of a reminder and prompt it to respond in step S302. If no response is received within a certain period, the second terminal 5 may, instead of sending the reminder, query the external computer to have the external computer perform an alternative approval process. If no response is received after the reminder, the second terminal 5 may have the external computer perform an alternative approval.

[0091] Furthermore, when the first method is adopted, at least one of the first terminal 4 and the second terminal 5 may acquire data used for authenticating the proxy requesting individual PR (e.g., first identifier I10, unique information, certificate, etc.) at any time. In one example, in step S302, terminal 6 or an external computer may provide the second terminal 5 with the data used for authenticating the proxy requesting individual PR along with a response indicating approval. However, the transmission path for the data used for authenticating the proxy requesting individual PR is not limited to this example and may be appropriately selected depending on the embodiment. In another example, terminal 6 or an external computer may provide the data used for authenticating the proxy requesting individual PR to the first terminal 4.

[0092] Furthermore, the data exchange in steps S301 and S302 may be carried out by direct or indirect data communication via wireless or wired connections. However, the data exchange between the second terminal 5 and the contact AU1's computer (terminal 6, external computer) is not limited to these examples and may be appropriately selected depending on the embodiment. In some cases, methods other than data communication, such as reading a two-dimensional code, may be used for data exchange between the second terminal 5 and the contact AU1's computer.

[0093] Furthermore, the second terminal 5 may obtain information for verifying the proxy individual PI from the first terminal 4 or the proxy individual PI, and when requesting approval, may notify terminal 6 of the obtained information. Terminal 6 may prompt verification of the proxy individual PI by outputting the proxy individual PI information (for example, by displaying it on the screen) along with the approval request. For example, the information for verifying the proxy individual PI may be the first identifier I10 of the proxy individual PI. Also, if the first target is a user, the information for verifying the proxy individual PI may include information used for authentication, such as the face image of the proxy individual PI (proxy user). The first terminal 4 and the second terminal 5 may obtain this information to authenticate the proxy individual PI when requesting linking. In other words, the data obtained for the authentication of the proxy individual PI may also be used to verify the proxy individual PI in the approval process. This is expected to improve the efficiency of data acquisition.

[0094] (2) Second method Figure 5B schematically shows an example of the process for verifying the power of attorney according to the second method. In the second method, the second terminal 5 may be further configured to receive notification of authentication information PC1 from the terminal 6 of the requesting individual PR (step S100). The authority verification information AU may include the power of attorney authentication information AU2 corresponding to the authentication information PC1. Verifying the power of attorney may consist of comparing the power of attorney authentication information AU2 included in the authority verification information AU with the authentication information PC1 notified from the terminal 6 of the requesting individual PR (step S305).

[0095] Authentication information PC1 may be the same as the authentication information of the proxy individual PI in the first method described above. In one example, authentication information PC1 may consist of temporarily generated information. Authentication information PC1 may also include unique information of the proxy individual PI. Proxy authentication information AU2 corresponds to authentication information PC1. In one example, authentication information PC1 held on terminal 6 or an external computer (first server 2, etc.) may be transmitted to the first terminal 4 together with authorization information AG, and the authentication information PC1 transmitted to the first terminal 4 may be used as proxy authentication information AU2. That is, authorization information AG may include authentication information PC1 as authorization verification information AU (proxy authentication information AU2), and in data exchange, the first terminal 4 may provide the proxy authentication information AU2 included in authorization information AG to the second terminal 5. In another example, authentication information PC1 may be registered in advance, and proxy authentication information AU2 may be obtained in correspondence with authentication information PC1 when verifying proxy authority. Authentication information PC1 may be held within the first target information O10. For example, if the first target is a user, the authentication information PC1 may be a registered facial image, and the proxy authentication information AU2 may be a facial image obtained during the verification of proxy authority. In other words, the authority verification information AU (proxy authentication information AU2) may be obtained during the verification of proxy authority.

[0096] The second terminal 5 may receive the authentication information PC1 directly or indirectly. The second terminal 5 may obtain the authentication information PC1 at any time before executing the verification process for the power of attorney. In addition, the target individual TA of the second target may be specified by the requesting individual PR or selected by the proxy individual PI.

[0097] In one example, terminal 6 may be equipped with a short-range wireless communication module and may perform data exchange with second terminal 5 via short-range wireless communication. The individual second terminal 5 that is the recipient of this data exchange may be designated as the target individual TA. Second terminal 5 may receive authentication information PC1 during this data exchange. The data exchange may be performed by wireless or wired data communication other than short-range wireless communication, or by methods other than data communication, such as reading a two-dimensional code.

[0098] In another example, terminal 6 may access a list of second targets when configuring proxy settings and specify individuals from the list that are permitted to be linked by proxy (target individuals TA). The list may include identification information for each individual of the second target, contact information for the terminal (second terminal 5), etc. The list may be maintained on terminal 6 or an external computer (for example, second server 3). The designation of target individuals TA may be performed automatically by computer processing, or it may be performed manually, at least partially involving user operation. After the target individuals TA are designated, terminal 6 may notify the terminal of the designated target individual TA (second terminal 5) of authentication information PC1. In response, second terminal 5 may receive the authentication information PC1.

[0099] In yet another example, the target individual TA may be specified by a proxy individual PI rather than by a proxy requesting individual PR. For example, the proxy requesting individual PR may specify a second target within an arbitrary range, such as belonging to a specific operating organization, and the proxy individual PI may select the target individual TA from within that range. In this case, for example, data such as authentication information PC1 may be stored on an external computer such as the first server 2. When the second terminal 5 starts data exchange with the first terminal 4, as part of the process in step S100, it may access the external computer and download data such as authentication information PC1. The data to be downloaded may be selected as appropriate. For example, on the external computer, data such as authentication information PC1 may be stored in association with at least one of the proxy requesting individual PR and the proxy individual PI. The second terminal 5 may accept the specification of at least one of the proxy requesting individual PR and the proxy individual PI through operations by the proxy individual PI, data from the first terminal 4 (first identifier I10, etc.), etc., and may download data corresponding to the specified individual. After downloading the data, the second terminal 5 may accept the application for use by the proxy individual PI and execute the verification process in step S305. Even when the target individual TA is specified by the proxy requesting individual PR, the second terminal 5 may download authentication information PC1 and other data when the proxy individual PI uses the service. For example, if the proxy requesting individual PR specifies the effective start time of the proxy authority, the second terminal 5 may download authentication information PC1 and other data when the effective start time arrives.

[0100] The method for verifying authentication information PC1 and proxy authentication information AU2 may be determined appropriately depending on the information adopted as each piece of information (PC1, AU2). In one example, the second terminal 5 may determine the success or failure of the verification based on the degree of agreement between authentication information PC1 and proxy authentication information AU2. In another example, the second terminal 5 may determine the success or failure of the verification based on whether or not a correspondence relationship exists between authentication information PC1 and proxy authentication information AU2. As a specific example, a predetermined arithmetic process (such as hashing) may be applied to at least one of authentication information PC1 and proxy authentication information AU2 in a computer in the transmission path. For example, proxy authentication information AU2 may be generated by hashing authentication information PC1. The predetermined arithmetic process is executed in at least one of terminal 6, first terminal 4, second terminal 5, and an external computer (e.g., first server 2). This may be done. Accordingly, the second terminal 5 may determine the success or failure of the verification depending on whether a correspondence relationship defined by a predetermined calculation process is established between the authentication information PC1 and the proxy authentication information AU2. For example, the second terminal 5 may hash the authentication information PC1 and determine the success or failure of the verification depending on whether the obtained hash value matches the proxy authentication information AU2. The verification process may be performed on an external computer such as the first server 2, and the second terminal 5 may obtain the verification result from the external computer. Receiving the authentication information PC1 indirectly may include receiving the verification result performed by this external computer. If the verification is successful (i.e., the verification of the proxy authority is successful), the first terminal 4 and the second terminal 5 may proceed to processing related to the linking request. On the other hand, if the verification is unsuccessful, the second terminal 5 may not permit the proxy linking process and may prompt the first terminal 4 to resend the proxy authentication information AU2.

[0101] Furthermore, at least one of the first terminal 4 and the second terminal 5 may acquire data used for authenticating the proxy requesting individual PR (e.g., first identifier I10, unique information, certificate, etc.) at any time. In one example, in step S100, the second terminal 5 may acquire data used for authenticating the proxy requesting individual PR along with authentication information PC1 from terminal 6 or an external computer. However, the transmission path for data used for authenticating the proxy requesting individual PR is not limited to this example and may be appropriately selected depending on the embodiment. In another example, the first terminal 4 may acquire data used for authenticating the proxy requesting individual PR along with authorization information AG. The method for acquiring data used for authentication is not particularly limited and may be appropriately selected depending on the embodiment. In one example, data used for authentication may be acquired by any device such as an input device or sensor. Data used for authentication may also be received from a device already holding it.

[0102] According to at least one of the first and second methods described above, proper verification of the power of attorney can be expected. When adopting either the first or second method, the authority verification information AU may include the contact AU1 that performs the approval process or the power of attorney authentication information AU2 used for verification.

[0103] (Notification processing) In one example, when at least one of the linking setting and unlinking processes is executed, the management server 1 may send a notification indicating the execution result to at least one of the first terminal 4 and the second terminal 5. The notification transmission route is not particularly limited and may be determined as appropriate depending on the embodiment. The management server 1 may directly notify at least one of the first terminal 4 and the second terminal 5. Alternatively, the management server 1 may indirectly notify at least one of the first terminal 4 and the second terminal 5 via external computers such as each server (2, 3).

[0104] If direct notification is required, management server 1 may obtain contact information for each terminal (4, 5) as appropriate. Contact information may include telephone number, email address, account information for communication applications (e.g., Social Networking Service applications), identification number, etc. This may be the case. Management server 1 may obtain information indicating the contact details of each terminal (4, 5) at any time. For example, management server 1 may obtain information indicating the contact details when it receives requests such as linking requests or unlinking requests. Information indicating the contact details may be transmitted from at least one of each terminal (4, 5) and each server (2, 3).

[0105] In one example, when a correspondence is established between the proxy requesting individual PR and the target individual TA by the proxy individual PI, the management server 1 may send a notification to the proxy requesting individual PR's terminal 6 to inform it of the establishment of the correspondence. The management server 1 may send this notification to terminal 6 directly or indirectly. If sent directly, the management server 1 may obtain the contact information of terminal 6 at any time. In one example, when the first method described above adopts a configuration in which the contact information of terminal 6 is used as contact AU1, at least one of the first terminal 4 and the second terminal 5 is Along with the linking request, the contact AU1 may be sent to the management server 1. In another example, the management server 1 may appropriately obtain the contact information of terminal 6 from an external computer such as the first server 2. In yet another example, if the management server 1 and terminal 6 adopt a form of data communication, the management server 1 may obtain the contact information of terminal 6 in this data communication. Similarly, when the correspondence is terminated, the management server 1 may send a notification to the terminal 6 of the proxy requesting individual PR informing it of the termination of the correspondence.

[0106] (Unlink) In this embodiment, the management server 1 may terminate the correspondence relationship upon receiving a termination request from at least one of the first terminal 4 and the second terminal 5, or upon fulfillment of predetermined termination conditions. The management server 1 may also terminate the correspondence relationship based on factors related to the proxy request individual PR.

[0107] (I) Request for cancellation In one example, the release request may be configured to indicate the correspondence of the release target by including at least one of the first identifier I10 of the proxy requesting individual PR and the second identifier I20 of the target individual TA. If the linking information D10 includes the first identifier I10 of the proxy individual PI as proxy authority information, the release request may be configured to indicate the correspondence of the release target by including the first identifier I10 of the proxy individual PI. In another example, the release request may be configured to indicate the correspondence of the release target by including alternative information.

[0108] When the first terminal 4 sends a release request that includes the second identifier I20, the first terminal 4 may obtain the second identifier I20 at any time. For example, when a linking request is made, the first terminal 4 may obtain the second identifier I20 and store the obtained second identifier I20 in a memory resource. When a release request is made, the first terminal 4 may obtain the second identifier I20 from the memory resource. Also, when the first terminal 4 sends a release request that includes the first identifier I10 of the proxy requesting individual PR, the first terminal 4 may obtain the first identifier I10 of the proxy requesting individual PR at any time. For example, the first terminal 4 may obtain the first identifier I10 of the proxy requesting individual PR together with the authorization information AG and store the obtained first identifier I10 in a memory resource. When a release request is made, the first terminal 4 may obtain the first identifier I10 of the proxy requesting individual PR from the memory resource. If a relationship has been established in advance between the proxy individual PI and the proxy requesting individual PR, the first identifier I10 of the proxy requesting individual PR may be stored in memory resources beforehand. Also, when the first terminal 4 sends a release request that includes the first identifier I10 of the proxy individual PI, the first terminal 4 may obtain the first identifier I10 of the proxy individual PI at any time. For example, the first identifier I10 of the proxy individual PI may be stored in memory resources beforehand. The first terminal 4 may obtain the first identifier I10 of the proxy individual PI from memory resources.

[0109] Similarly, when the second terminal 5 sends a release request that includes the first identifier I10 of the proxy requesting individual PR, the second terminal 5 may obtain the first identifier I10 of the proxy requesting individual PR at any time. For example, when a proxy verification or linking request is made, the second terminal 5 may obtain the first identifier I10 of the proxy requesting individual PR and store the obtained first identifier I10 in a memory resource. When a release request is made, the second terminal 5 may obtain the first identifier I10 of the proxy requesting individual PR from a memory resource. When the second terminal 5 sends an authentication request that includes the first identifier I10 of the proxy individual PI, the second terminal 5 may obtain the first identifier I10 of the proxy individual PI in the same manner as the first identifier I10 of the proxy requesting individual PR described above. Also, when the second terminal 5 sends a release request that includes the second identifier I20, the second terminal 5 may obtain the second identifier I20 at any time. For example, the second identifier I20 may be stored in a memory resource in advance. The second terminal 5 may obtain the second identifier I20 from the memory resources.

[0110] Figure 6 schematically shows an example of the unlinking process according to this embodiment. In the example in Figure 6, as the first route, the first terminal 4 directly sends an unlinking request to the management server 1 (step SZ10). Also, as the second route, the first terminal 4 gives instructions to the second terminal 5 (step SZ10A), causing the second terminal 5 to directly send an unlinking request to the management server 1 (step SZ11A). However, the transmission route of the unlinking request is not limited to this example. The first terminal 4 may indirectly send an unlinking request to the management server 1 via an external computer such as the first server 2. In the second route, the second terminal 5 may indirectly send an unlinking request to the management server 1 via an external computer such as the second server 3. Note that the starting point of the unlinking request is not limited to the first terminal 4. In another example, the second terminal 5 may directly or indirectly send an unlinking request to the management server 1. Furthermore, the second terminal 5 may instruct the first terminal 4 to directly or indirectly send a release request to the management server 1. After receiving the release request, the management server 1 refers to the linking information D10 and releases the correspondence specified by the identifier included in the release request. After this release process, the management server 1 may send a notification indicating the result of the release process to at least one of the first terminal 4 and the second terminal 5, similar to the time of linking setup. The management server 1 may also send a notification to the proxy request individual PR's terminal 6 to inform them that the correspondence has been released.

[0111] In one example, the processing of a deactivation request may include authentication processing for at least one of the first and second targets. The authentication processing during deactivation may be the same as the authentication processing during the linking setting described above. However, authentication processing is not necessarily required when a deactivation request is made. In another example, the processing of a deactivation request may be simplified by omitting the authentication processing.

[0112] The trigger for the release request may be set as appropriate depending on the embodiment. In one example, if at least one of the first and second targets is a user, a release request may be sent from at least one of the first terminal 4 and second terminal 5 by an operation of at least one of the first terminal 4 and second terminal 5 by the user (including a proxy user). In other words, the trigger for the release request may be an operation by the user. In another example, upon termination of the usage relationship, arbitrary information processing may be performed on at least one of the first terminal 4 and second terminal 5. The execution of this information processing may be the trigger for a release request to be sent from at least one of the first terminal 4 and second terminal 5. For example, the arbitrary information processing may be data exchange between the first terminal 4 and second terminal 5. The method of data exchange during release may be the same as the data exchange during setup. The distinction between data exchange during setup and data exchange during release may be made as appropriate. For example, in the example in Figure 2, the second terminal 5 may be equipped with separate sensor devices at the entrance and exit, such as at a bus entrance / exit or a train ticket gate. In this case, depending on the sensor device used for data exchange, a distinction may be made between data exchange during linking setup and data exchange during linking unlinking. Also, for example, if data exchange is performed by a terminal application, the application may be configured to switch between linking setup mode and unlinking mode. In this case, the distinction between linking setup and unlinking may be made depending on the application mode.

[0113] (II) Conditions for release The release condition indicates the condition for releasing the correspondence between the objects. The release condition may be defined as appropriate depending on the embodiment.

[0114] For example, the release condition may be defined as releasing the correspondence at an arbitrarily set release time. The release time may be given, for example, by a user, by another application (such as a scheduler), etc. In this case, the management server 1 may release the correspondence in question when the release time arrives. The release time may be set as the expiration date of the above-mentioned linking information D10. If the release time is set as the expiration date, the management server 1 may treat the correspondence in question as released when the release time arrives.

[0115] In another example, the number of correspondences that can be set for the same individual of each target may be infinite or finite. If the number of possible correspondences is finite, an upper limit (threshold) may be set for the number of correspondences that can be set for the same individual. The threshold may be set as appropriate. If the number of correspondences set for at least one of the first and second targets exceeds this upper limit, the management server 1 may release at least one of the correspondences set for that individual. Which correspondence to release may be determined as appropriate according to priority, order, type of target, etc. The management server 1 may send an inquiry regarding the release to at least one of the first terminal 4 and the second terminal 5, and determine which correspondence to release based on the response received.

[0116] For example, consider a scenario where the first target is a user and the second target is an object, as shown in the example in Figure 2. In this case, the number of users that can be associated with the same object may be infinite or finite. If the number of users that can be associated is finite, the upper limit of the number of users that can be associated may be appropriately set by a threshold. The threshold may be set according to the attributes of the object (e.g., the number of possible passengers). When the management server 1 receives a new request to set a correspondence relationship for a particular object, it may refer to the association information D10 and extract the previous correspondence relationships that have been set and maintained for that particular object. If the newly received correspondence relationship setting causes the overlap of correspondence relationship settings for the particular object to exceed the threshold, the management server 1 may discard the newly received request for a correspondence relationship setting or release at least one of the extracted previous correspondence relationships. When releasing previous correspondence relationships, the management server 1 may decide which correspondence relationships to release according to the user priority, order (e.g., releasing the correspondence relationships that were set earlier), etc.

[0117] As a concrete example, in the example in Figure 2, we assume that the vehicle is a private car, and that the first user and the second user are, for example, family members, and therefore share the private car. The private car can be interpreted as an item used on a regular basis. For the sake of explanation, we assume that the number of users that can be associated with the private car is 1. In this case, while the correspondence between one of the first user and the private car is already established, the management server 1 may, upon receiving the establishment of a correspondence between the other user and the private car, cancel the previous correspondence (the correspondence between one user and the private car).

[0118] The same may apply to users. That is, the number of items that can be associated with the same user may be infinite or finite. If the number of items that can be associated is finite and the number of correspondences set for the user exceeds the upper limit, the management server 1 may discard the newly received request to set up a correspondence, or cancel at least one of the extracted correspondences. When canceling a correspondence, the management server 1 may decide which correspondence to cancel depending on the priority and type of the item (for example, whether it is an item used regularly or an item used temporarily).

[0119] (III) Deactivation by proxy requesting individual In the case of proxy, the correspondence between the proxy requesting individual PR and the target individual TA, which is set by the proxy individual PI, may be released by the proxy requesting individual PR. The method for releasing the correspondence by the proxy requesting individual PR may be designed as appropriate depending on the embodiment. In this embodiment, at least one of the following two methods may be employed.

[0120] (III-1) Release request from proxy requesting individual Figure 7A schematically shows an example of the process of unlinking by the proxy requesting individual PR (first unlinking method). In the first unlinking method, the management server 1 may receive an unlinking request from the proxy requesting individual PR's terminal 6. In response to receiving the unlinking request from terminal 6, the management server 1 is further configured to unlink the correspondence between the proxy requesting individual PR and the target individual TA. good.

[0121] Similar to the release requests from at least one of the first terminal 4 and the second terminal 5 described above, the release request from terminal 6 may be configured to indicate the correspondence of the release target by including at least one of the first identifier I10 of the proxy requesting individual PR, the first identifier I10 of the proxy individual PI, and the second identifier I20 of the target individual TA. The release request from terminal 6 may be configured to indicate the correspondence of the release target by including alternative information.

[0122] The transmission path for the release request may be appropriately selected depending on the embodiment. In the example in Figure 7A, terminal 6 directly sends the release request to the management server 1 (step SZ20). The transmission path for the release request is not limited to this example. Terminal 6 may also indirectly send the release request to the management server 1 via the first server 2, first terminal 4, second terminal 5, etc. Terminal 6 may instruct at least one of the first terminal 4 and second terminal 5 to send the release request to the management server 1 directly or indirectly. The other configurations of the release request from terminal 6 may be the same as those of the release request from at least one of the first terminal 4 and second terminal 5 described above.

[0123] (III-2) Establishment of new correspondence relationships by proxy requesting individuals Figure 7B schematically shows an example of the process of unlinking by proxy request individual PR (second unlinking method). In the second unlinking method, the management server 1 may be further configured to unlink the correspondence between proxy request individual PR and target individual TA in response to the establishment of a correspondence between proxy request individual PR and other second target individual TO by proxy request individual PR. That is, the management server 1 may unlink the correspondence with target individual TA previously established by proxy individual PI in response to the establishment of a new correspondence by proxy request individual PR.

[0124] The correspondence between the proxy requesting individual PR and the other individual TO of the second target may be established by the processing of the normal route described above. For example, in response to the occurrence of a usage relationship between the proxy requesting individual PR and the other individual TO of the second target, data exchange may take place between the terminal 6 of the proxy requesting individual PR and the terminal 5_1 of the other individual TO of the second target. At least one of the terminal 6 of the proxy requesting individual PR and the terminal 5_1 of the second target may send a linking request to the management server 1. The management server 1 may set up the correspondence between the proxy requesting individual PR and the other individual TO of the second target in response to the linking request.

[0125] By establishing a new correspondence with other individual TOs, the proxy requesting individual PR can exercise its authority through the other individual TOs. To prevent the exercise of authority through other individual TOs from coexisting with the exercise of authority through the target individual TA, the management server 1 may terminate the previously established correspondence with the target individual TA when this new correspondence is established. In another example, the management server 1 may maintain both the correspondence with other individual TOs and the correspondence with the target individual TA by the proxy individual PI, thereby allowing the exercise of authority through other individual TOs and the exercise of authority through the target individual TA to coexist.

[0126] As described above, the management server 1 may terminate the correspondence relationship upon receiving a termination request from at least one of the first terminal 4 and the second terminal 5, or upon fulfillment of predetermined termination conditions. The management server 1 may also terminate the correspondence relationship due to factors related to the proxy request individual PR. This makes it possible to track the termination of the usage relationship between the first target and the second target. The linking information D10 after the correspondence relationship has been terminated may be saved as history.

[0127] (Confirmation process for continued use) As one of the optional configurations, after setting the correspondence between the relevant individuals of the first and second targets, the management server 1 checks whether the usage relationship between those individuals is continuing. Further processing (confirmation processing) may be performed. If a correspondence relationship is established by a proxy route, the management server 1 may perform confirmation processing to confirm the continuation of the usage relationship between the proxy individual PI and the target individual TA. The method for confirming the continuation of usage may be appropriately selected depending on the embodiment. In this embodiment, at least one of the following three methods may be adopted as the method for confirming the usage relationship.

[0128] (i-1) Verification process by authentication In one example, the management server 1 may confirm the continuation of the usage relationship by authenticating at least one of the first target (proxy individual PI) and the second target (target individual TA) via at least one of the first terminal 4 and the second terminal 5. The authentication method may be any method, similar to the linking settings. In the example in Figure 2, for example, user authentication may be performed by using an image sensor installed on the mobile device to perform facial recognition of the user, a fingerprint reader attached to the handle to perform fingerprint recognition of the user, or the user to speak and voiceprint authentication using a microphone installed on the mobile device. The authentication process may be performed on at least one of the terminals (4, 5), servers (2, 3), and management server 1. When the authentication process is performed on servers (2, 3), the data used for authentication may be sent directly from the terminals (4, 5) to the servers (2, 3), or it may be sent indirectly via an external computer such as the management server 1. When the management server 1 performs the authentication process, the data used for authentication may be sent directly from the terminals (4, 5) to the management server 1, or it may be sent indirectly via external computers such as each server (2, 3). The management server 1 may obtain the authentication results as appropriate, and if the authentication is successful in the obtained authentication results, it may determine that the user relationship is continuing, and if the authentication is unsuccessful, it may determine that the user relationship is not continuing.

[0129] (i-2) Confirmation process via notification In another example, if at least one of the first and second targets is a user (for example, the case in Figure 2), the management server 1 may directly or indirectly send a confirmation notification including an operator to at least one of the first terminal 4 and the second terminal 5. The operator may consist of, for example, a confirmation button, a reply button, a link, etc. The recipient of the confirmation notification does not necessarily have to correspond to a user. In the case of Figure 2, the management server 1 may send a confirmation notification to at least one of the first terminal 4 and the second terminal 5. The recipient of the confirmation notification may overlap with or differ from the recipient of a notification indicating the result of the linking process. The confirmation notification may be configured to send a response directly or indirectly back to the management server 1 in response to the user's operation of the operator. If the management server 1 receives a response from the operator operation within a predetermined period, it may determine that the usage relationship is continuing, and if it does not receive a response, it may determine that the usage relationship is not continuing.

[0130] (i-3) Verification process using location information Figure 8 schematically shows an example of the usage continuation confirmation process according to this embodiment. When tracking usage relationships in the real world, the first terminal 4 may be equipped with a positioning module 47. The first terminal 4 may be further configured to measure its current location using its positioning module 47 and transmit the measurement result of its current location to the management server 1. The second terminal 5 may also be equipped with a positioning module 57. The second terminal 5 may be further configured to measure its current location using its positioning module 57 and transmit the measurement result of its current location to the management server 1.

[0131] In response, the management server 1 sets up the correspondence between the proxy requesting individual PR and the target individual TA, then receives the measurement results of the current location (RP10, RP20) of each terminal (4, 5) from each terminal (4, 5), and determines in real time whether the received measurement results of the current location (RP10, RP20) of each terminal (4, 5) satisfy the conditions for the usage relationship. If the measurement results of the current location (RP10, RP20) of each terminal (4, 5) satisfy the conditions for the usage relationship, the proxy individual P The system may be further configured to determine that the utilization relationship between I and the target individual TA is continuing, and if not, to determine that the utilization relationship is not continuing.

[0132] The conditions for the relationship to be met may be set appropriately depending on the embodiment, for example, by being close enough that the user is riding in the moving vehicle. In one example, the conditions for the relationship to be met may be defined by a distance range DR based on the current location RP10 of the first terminal 4 or the current location RP20 of the second terminal 5. In this case, whether or not the conditions for the relationship to be met may be determined depending on whether or not the location is within the range DR. Figure 8 assumes a scenario using the current location RP10 of the first terminal 4 as the reference. In this scenario, it may be determined that the conditions for the relationship to be met because the current location RP20 of the second terminal 5 is within the range DR. On the other hand, it may be determined that the conditions for the relationship to be met because the current location RP20 of the second terminal 5 is outside the range DR.

[0133] Furthermore, the range DR may be set appropriately to allow for the determination of the second target with which the usage relationship has occurred. The shape of the range DR may be defined arbitrarily. The range DR may be defined so that the distances in each direction are the same, or it may be defined so that the distances differ in at least some directions.

[0134] The types of each positioning module (47, 57) are not particularly limited and may be appropriately selected depending on the embodiment. Each positioning module (47, 57) may be, for example, a GPS (Global Positioning Satellite) module, a GNSS (Global Navigation Satellite System) module, etc.

[0135] The current location (RP10, RP20) of each terminal (4, 5) may be sent to the management server 1 at any time before the confirmation process is executed. For example, each terminal (4, 5) may report its current location information to the management server 1 as a voluntary information processing, such as sending it periodically. In this case, the management server 1 may use the most recently reported current location from each terminal (4, 5) as the current location (RP10, RP20) to determine whether the conditions for the usage relationship are met. In another example, the management server 1 may send a request to each terminal (4, 5) directly or indirectly at any time before the confirmation process is executed. In response to this request, each terminal (4, 5) may report its most recent current location (RP10, RP20) to the management server 1 in real time. The management server 1 may determine whether the conditions for the usage relationship are met based on the most recent current location information (RP10, RP20) reported in real time. In either configuration, if the most recent current location information for at least one of the first terminal 4 and the second terminal 5 cannot be obtained due to factors such as the power being off, the management server 1 may determine that the conditions for the usage relationship are not met.

[0136] Furthermore, the destination to which the information of each current location is reported may be appropriately selected depending on the embodiment. In one example, the destination to which the information of each current location is reported may be the management server 1. Accordingly, the information of each current location may be managed by the management server 1. In another example, the destination to which the information of each current location is reported may be an external server (first server 2, second server 3, etc.). Accordingly, the information of each current location may be managed by the external server. The management server 1 may obtain the information of each current location (RP10, RP20) from the external server. Reporting to the management server 1 may include reporting directly to the management server 1 and reporting indirectly to the management server 1 via an external server. The reported information of each current location may be discarded after it is no longer used for verification processing, or it may be stored as history for at least a predetermined period. When the form of reporting directly to the management server 1 is adopted, the information of each current location may be stored on the management server 1 or on an external server (first server 2, second server 3, NAS, etc.). Similarly, even when adopting a method of reporting indirectly to the management server 1, the information of each current location may be stored on the management server 1 or on an external server. According to one example of this embodiment, the continuation of the usage relationship can be appropriately confirmed by using the relationship between the locations of the first terminal 4 and the second terminal 5.

[0137] (ii) If the management server 1 determines that the usage relationship is continuing, it may maintain the correspondence setting between the individuals in question. On the other hand, if the management server 1 determines that the usage relationship is not continuing, it may cancel the correspondence between the individuals in question. In the case of a proxy, if the management server 1 determines that the usage relationship between the proxy individual PI and the target individual TA is continuing, it may maintain the correspondence setting between the proxy requesting individual PR and the target individual TA. On the other hand, if the management server 1 determines that the usage relationship between the proxy individual PI and the target individual TA is not continuing, it may cancel the correspondence between the proxy requesting individual PR and the target individual TA. The management server 1 may be configured to update the status of the correspondence by repeatedly executing the confirmation process periodically or irregularly after the correspondence has been set until the correspondence is canceled.

[0138] Furthermore, if the management server 1 determines that the usage relationship is not continuing, it may immediately terminate the corresponding relationship, or it may terminate it after holding it for a predetermined period. The timing of termination may be appropriately determined depending on the embodiment. If the latter method is adopted, and the continuation of the usage relationship is confirmed by at least one of the above methods while it is held, the management server 1 may reactivate the relationship setting. This allows for the relationship setting to be restored quickly without immediately terminating the relationship in cases such as temporary absence.

[0139] (Scenarios for the use of linked information) As described above, the linking information D10 can be used in a variety of situations. For example, the linking information D10 can be used simply to track the occurrence and termination of relationships between the first and second objects.

[0140] In another example, the linking information D10 may be used to enable at least a portion of the privileges associated with either the first or second target to be exercised by the other while a correspondence relationship is established between the first and second targets. For example, the management server 1 may be configured to further enable the exercise of privileges associated with the corresponding first target via the second target with which the correspondence relationship has been established, in response to the establishment of a correspondence relationship between the first and second targets. The management server 1 may also be configured to further disable the exercise of privileges in response to the termination of the correspondence relationship. In the case of a proxy, the management server 1 may enable the proxy exercise of at least a portion of the privileges of the proxy requesting individual PR via the target individual TA by the proxy individual PI in response to the establishment of a correspondence relationship between the proxy requesting individual PR and the target individual TA. On the other hand, the management server 1 may disable the proxy exercise of privileges in response to the termination of the correspondence relationship. In the example shown in Figure 2, the linking information D10 may be used to enable the mobile device to exercise at least a portion of the permissions associated with the user while a correspondence relationship is established between the user and the mobile device. According to one example of this embodiment, the second object can control the permission and prohibition of the exercise of permissions by the first object by setting and unsetting the correspondence relationship.

[0141] Figure 9 schematically shows an example of a usage scenario for the linking information D10 according to this embodiment. Figure 9 assumes a scenario in the example of Figure 2 where user-linked privileges are exercised from a mobile device. In the proxy case, the user attempting to exercise the privileges is a proxy user (proxy individual PI). Furthermore, it is assumed that the linking information D10 is configured to indicate a first target (user) and a second target (mobile device) with which a correspondence relationship has been established, by including a first identifier I10 and a second identifier I20. In addition, it is assumed that user information is managed by the first server 2 and mobile device information is managed by the second server 3. The external system SY1 is deployed at a location where various services are performed (e.g., a parking lot) and is configured to perform information processing to provide the target service to a user who has the target privileges. The configuration and services of the external system SY1 are not particularly limited and can be appropriately selected according to the embodiment. That's fine.

[0142] First, in step U10, the external system SY1 may obtain a second identifier I20 (mobile object identifier) ​​from the target mobile object. The method for obtaining the second identifier I20 may be appropriately selected depending on the embodiment. In one example, the external system SY1 may obtain the second identifier I20 from the second terminal 5 by exchanging data with the second terminal 5. The method of data exchange may be the same as the data exchange between the first terminal 4 and the second terminal 5. In another example, if the second identifier I20 is a vehicle registration number, the external system SY1 may obtain the second identifier I20 by photographing the license plate with an image sensor and analyzing the obtained image.

[0143] In step U20, the external system SY1 may use the acquired second identifier I20 as a query to ask the management server 1 whether there is a valid correspondence relationship for the target mobile object at the target date and time. Valid means that the correspondence relationship setting is maintained at the target date and time. While the target date and time is basically the present (immediate), it is not limited to this. For example, when executing a settlement process for a past date and time, the target date and time may be a past date and time. If a valid correspondence relationship exists, the first identifier I10 (user identifier) ​​of the user associated with the target mobile object is extracted. In the case of a proxy, the user identifier of the proxy requesting user (the first identifier I10 of the proxy requesting individual PR) is extracted. On the other hand, if no valid correspondence relationship exists and no user associated with the target mobile object is extracted, this process may be terminated.

[0144] In step U30, the external system SY1 may use the extracted first identifier I10 as a query to inquire with the first server 2 about the available privileges for the user associated with the target mobile object. The first server 2 may refer to the first target information O10 (user information O10A) and extract the privileges associated with the target user that can be exercised. If no available privileges are extracted, this process may be terminated. Note that the first target information O10 (user information O10A) may also have a setting for each privilege indicating whether or not the mobile object is allowed to exercise the privilege. The available privileges may be extracted according to this setting. Also, if the target privilege that the external system SY1 is trying to exercise is not included in the available privileges, this process may be terminated. The privileges to be exercised may be specified at any time as appropriate. For example, the privileges to be exercised may be specified in advance by the external system SY1, or they may be specified by the user.

[0145] In step U40, if the available privileges include the privilege in question, the external system SY1 may execute a process to exercise the privilege in question. This allows the privilege associated with the user to be exercised from the mobile device, and the user to receive services via the mobile device. For example, if the privilege information includes public personal authentication information and the privilege in question relates to public personal authentication, the user can receive public services via the mobile device. Also, for example, if the privilege information includes payment information and the privilege in question relates to payment, the user can receive payment services via the mobile device. Payment services may include payments for parking fees, highway tolls, drive-through fees, public transport fees, rental fees, etc. Also, for example, if the privilege information includes information about electronic prescriptions and the privilege in question is to receive medication prescribed by an electronic prescription, the user can exercise the electronic prescription via the mobile device and receive the medication.

[0146] In the case of proxy services, the proxy user (proxy individual PI) can exercise the authority associated with the requesting user (proxy requesting individual PR) via the target mobile device (target individual TA), and receive services corresponding to the results of that exercise. For example, consider a scenario where the authority information includes information about electronic prescriptions, and the authority in question is to receive medication prescribed via an electronic prescription. In this case, the requesting user does not need to pick up the prescribed medication themselves; they can grant the authority to another user (proxy user), such as a taxi driver, to receive the prescribed medication via the mobile device. You can request another user to pick up the item.

[0147] The processing procedure for exercising the above authority is merely an example, and each step may be modified as much as possible. Depending on the embodiment, steps in the above processing procedure may be omitted, replaced, or added as appropriate. In addition, in the above processing procedure, the user may be replaced with the first target, and the moving object may be replaced with the second target. Furthermore, in the above processing procedure, "first" and "second" may be swapped.

[0148] (Data communication between devices) Data communication between each device (management server 1, first server 2, second server 3, first terminal 4, second terminal 5, and terminal 6) is not particularly limited and may be appropriately selected depending on the embodiment. The network between each device may be appropriately selected from, for example, the Internet, wireless communication network, mobile communication network, telephone network, dedicated network, local area network, etc. Data communication between each device may use SSL (Secure Socket Layer), TLS (Transport Layer Security), etc. The data may be encrypted using the following method. For example, each terminal (4, 5, 6) may be equipped with a SIM (Subscriber Identity Module), and data communication between each terminal (4, 5, 6) and the servers (management server 1, first server 2, second server 3) may be performed using encrypted communication via the SIM.

[0149] [2 Example Configurations] [Example Hardware Configuration] (Management Server) Figure 10A schematically shows an example of the hardware configuration of the management server 1 according to this embodiment. The management server 1 according to this embodiment is a computer in which a control unit 11, a storage unit 12, a communication interface 13, an input device 14, an output device 15, and a drive 16 are electrically connected.

[0150] The control unit 11 is a hardware processor, a CPU (Central Processing Unit), It includes RAM (Random Access Memory), ROM (Read Only Memory), etc., and is configured to perform arbitrary information processing based on programs and various data. The control unit 11 (CPU) is an example of the processor resources of the management server 1.

[0151] The storage unit 12 may be composed of, for example, a hard disk drive, a solid-state drive, or semiconductor memory. The storage unit 12 (and RAM, ROM) are examples of memory resources. In this embodiment, the storage unit 12 stores various information such as the management program 81 and the association information D10. The management program 81 is a program that causes the management server 1 to execute information processing related to setting and canceling the correspondence between the first target and the second target (Figures 12A and 12B described later). The management program 81 includes a series of instructions for said information processing.

[0152] The communication interface 13 is configured to perform wired or wireless communication over a network. The communication interface 13 may consist of, for example, a wired LAN (Local Area Network) module, a wireless LAN module, etc. The management server 1 may perform data communication with other computers (first terminal 4, second terminal 5, etc.) via the communication interface 13.

[0153] The input device 14 is a device for inputting data, such as a mouse, keyboard, or operation buttons. The output device 15 is a device for outputting data, such as a display or speaker. The operator can operate the management server 1 by using the input device 14 and the output device 15. The input device 14 and the output device 15 may be integrated together, for example, by a touch panel display. The input device 14 and the output device 15 are external input devices. The connection may be made via a connector. The external interface may be configured as appropriate to connect to an external device via wired or wireless connection, for example, by a USB (Universal Serial Bus) port, a dedicated port, a wireless communication port, etc.

[0154] Drive 16 is a device for reading various information, such as programs, stored in the storage medium 91. At least one of the management program 81 and the association information D10 may be stored in the storage medium 91 instead of or together with the storage unit 12. The storage medium 91 is configured to store various information (stored programs, etc.) by electrical, magnetic, optical, mechanical, or chemical means so that a machine such as a computer can read the information. The management server 1 may obtain at least one of the management program 81 and the association information D10 from the storage medium 91. The storage medium 91 may be a disk-type storage medium such as a CD or DVD, or a non-disk-type storage medium such as semiconductor memory (e.g., flash memory). The type of drive 16 may be appropriately selected according to the type of storage medium 91. Drive 16 may be connected via an external interface.

[0155] Regarding the specific hardware configuration of the management server 1, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 11 may include multiple hardware processors. Hardware processors include microprocessors, FPGAs (field-programmable gate arrays), DSPs (digital signal processors), and GPs. It may consist of a U (Graphics Processing Unit), an ASIC (application-specific integrated circuit), etc. At least one of the input device 14, output device 15 and drive 16 Any of these may be omitted. The linking information D10 may be stored not in the storage unit 12, but on an external computer accessible by the management server 1 (e.g., a NAS). The management server 1 may consist of multiple computers. In this case, the hardware configurations of each computer may or may not be the same. The management server 1 may be an information processing device designed specifically for the services provided, a general-purpose server device, a general-purpose computer, etc.

[0156] (Server 1) Figure 10B schematically shows an example of the hardware configuration of the first server 2 according to this embodiment. The first server 2 according to this embodiment is a computer in which a control unit 21, a storage unit 22, a communication interface 23, an input device 24, an output device 25, and a drive 26 are electrically connected. The control unit 21 to the drive 26 and the storage medium 92 of the first server 2 may be configured in the same way as the control unit 11 to the drive 16 and the storage medium 91 of the management server 1.

[0157] The control unit 21 (CPU) is an example of the processor resources of the first server 2, and the storage unit 22 (and RAM, ROM) is an example of the memory resources of the first server 2. In this embodiment, the storage unit 22 stores various information such as the program 82 and the first target information O10. The program 82 is a program that causes the first server 2 to execute information processing related to the authentication of the first target. The program 82 includes a series of instructions for said information processing. At least one of the program 82 and the first target information O10 may be stored in the storage medium 92 instead of or together with the storage unit 22. The first server 2 may retrieve at least one of the program 82 and the first target information O10 from the storage medium 92. The first server 2 may communicate data with other computers via the communication interface 23. The first server 2 may be operated via the input device 24 and the output device 25.

[0158] Furthermore, regarding the specific hardware configuration of the first server 2, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 21 may include multiple hardware processors. Hardware processors include microprocessors, FPs, etc. It may consist of GA, DSP, GPU, ASIC, etc. At least one of the input device 24, output device 25, and drive 26 may be omitted. The first target information O10 may be stored not in the storage unit 22, but in an external computer accessible by the first server 2 (e.g., NAS, etc.). The first server 2 may consist of multiple computers. In this case, the hardware configuration of each computer may or may not be the same. The first server 2 may be an information processing device designed specifically for the services provided, a general-purpose server device, a general-purpose computer, etc.

[0159] (Second server) Figure 10C schematically shows an example of the hardware configuration of the second server 3 according to this embodiment. The second server 3 according to this embodiment is a computer in which a control unit 31, a storage unit 32, a communication interface 33, an input device 34, an output device 35, and a drive 36 are electrically connected. The control unit 31 to the drive 36 and the storage medium 93 of the second server 3 may be configured in the same way as the control unit 11 to the drive 16 and the storage medium 91 of the management server 1.

[0160] The control unit 31 (CPU) is an example of the processor resources of the second server 3, and the storage unit 32 (and RAM, ROM) is an example of the memory resources of the second server 3. In this embodiment, the storage unit 32 stores various information such as program 83 and second target information O20. Program 83 is a program that causes the second server 3 to execute information processing related to the authentication of the second target. Program 83 includes a series of instructions for said information processing. At least one of program 83 and second target information O20 may be stored in the storage medium 93 instead of or together with the storage unit 32. The second server 3 may retrieve at least one of program 83 and second target information O20 from the storage medium 93. The second server 3 may communicate data with other computers via the communication interface 33. The second server 3 may be operated via input device 34 and output device 35.

[0161] Regarding the specific hardware configuration of the second server 3, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 31 may include multiple hardware processors. Hardware processors may consist of microprocessors, FPGAs, DSPs, GPUs, ASICs, etc. At least one of the input device 34, output device 35, and drive 36 may be omitted. The second target information O20 may be stored not in the storage unit 32, but in an external computer accessible by the second server 3 (e.g., a NAS, etc.). The second server 3 may consist of multiple computers. In this case, the hardware configurations of each computer may or may not be the same. The second server 3 may be an information processing device designed specifically for the services provided, a general-purpose server device, a general-purpose computer, etc.

[0162] (Terminal 1) Figure 10D schematically shows an example of the hardware configuration of the first terminal 4 according to this embodiment. The first terminal 4 according to this embodiment is a computer in which a control unit 41, a storage unit 42, a communication interface 43, an input device 44, an output device 45, a drive 46, and a positioning module 47 are electrically connected. The control unit 41 to the drive 46 and the storage medium 94 of the first terminal 4 may be configured in the same way as the control unit 11 to the drive 16 and the storage medium 91 of the management server 1.

[0163] The control unit 41 (CPU) is an example of the processor resources of the first terminal 4, and the storage unit 42 (and RAM, ROM) is an example of the memory resources of the first terminal 4. In this embodiment, the storage unit 42 stores various information such as program 84 and authorization verification information AU. Program 84 is a program that causes the first terminal 4 to execute information processing related to linking (Figures 12A and 12B described later). Program 84 is a series of instructions for the information processing. The program 84 may be stored in the storage medium 94 in place of or together with the storage unit 42. The first terminal 4 may retrieve the program 84 from the storage medium 94. The first terminal 4 may be operated via the input device 44 and the output device 45.

[0164] The first terminal 4 may communicate data with other computers via the communication interface 43. In one example, the communication interface 43 may be composed of multiple types of modules. For example, the communication interface 43 may include a short-range wireless communication module 431 and other wireless communication modules (e.g., a cellular communication module). The first terminal 4 may communicate data with the second terminal 5 via the short-range wireless communication module 431 and with servers (management server 1, first server 2, second server 3, etc.) via the other wireless communication modules.

[0165] Furthermore, regarding the specific hardware configuration of the first terminal 4, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 41 may include multiple hardware processors. Hardware processors are composed of microprocessors, FPGAs, DSPs, GPUs, ASICs, ECUs (Electronic Control Units), etc. At least one of the input device 44, output device 45, drive 46, and positioning module 47 may be omitted. The storage unit 42 may store the first identifier I10 of the proxy individual PI. Alternatively, the first identifier I10 of the proxy individual PI may not be stored in the storage unit 42 but may be acquired each time. To acquire data such as identifiers and information used for authentication, the first terminal 4 may be further equipped with data acquisition devices such as sensors and readers. The first terminal 4 may consist of multiple computers. In this case, the hardware configuration of each computer may or may not be the same. The first terminal 4 may be an information processing device designed specifically for the service provided, or a general-purpose computer, terminal device (e.g., smartphone, tablet PC, etc.).

[0166] (Second terminal) Figure 10E schematically shows an example of the hardware configuration of the second terminal 5 according to this embodiment. The second terminal 5 according to this embodiment is a computer in which a control unit 51, a storage unit 52, a communication interface 53, an input device 54, an output device 55, a drive 56, and a positioning module 57 are electrically connected. The control unit 51 to the drive 56 and the storage medium 95 of the second terminal 5 may be configured in the same way as the control unit 11 to the drive 16 and the storage medium 91 of the management server 1.

[0167] The control unit 51 (CPU) is an example of the processor resources of the second terminal 5, and the storage unit 52 (and RAM, ROM) is an example of the memory resources of the second terminal 5. In this embodiment, the storage unit 52 stores various information such as the program 85 and the second identifier I20 of the target individual TA. The program 85 is a program that causes the second terminal 5 to execute information processing related to association (Figures 12A and 12B, described later). The program 85 includes a series of instructions for said information processing. At least one of the program 85 and the second identifier I20 may be stored in the storage medium 95 instead of or together with the storage unit 52. The second terminal 5 may obtain at least one of the program 85 and the second identifier I20 from the storage medium 95. The second terminal 5 may be operated via the input device 54 and the output device 55.

[0168] The second terminal 5 may communicate data with other computers via the communication interface 53. In one example, similar to the first terminal 4, the communication interface 53 may be composed of multiple types of modules. For example, the communication interface 53 may include a short-range wireless communication module 531 and other wireless communication modules. The second terminal 5 may communicate data with the first terminal 4 via the short-range wireless communication module 531 and with the server via the other wireless communication modules.

[0169] Regarding the specific hardware configuration of the second terminal 5, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 51 may include multiple hardware processors. Hardware processors may consist of microprocessors, FPGAs, DSPs, GPUs, ASICs, ECUs, etc. At least one of the input device 54, output device 55, drive 56, and positioning module 57 may be omitted. The second identifier I20 may not be stored in the storage unit 52 but may be acquired each time. To acquire data such as identifiers and information used for authentication, the second terminal 5 may further be equipped with data acquisition devices such as sensors and readers. The second terminal 5 may consist of multiple computers. In this case, the hardware configuration of each computer may or may not be the same. The second terminal 5 may be an information processing device designed specifically for the services provided, or it may be a general-purpose computer, terminal device, etc.

[0170] (terminal) Figure 10F schematically shows an example of the hardware configuration of terminal 6 according to this embodiment. Terminal 6 according to this embodiment is a computer in which a control unit 61, a storage unit 62, a communication interface 63, an input device 64, an output device 65, and a drive 66 are electrically connected. The control unit 61 to drive 66 and the storage medium 96 of terminal 6 may be configured in the same way as the control unit 11 to drive 16 and the storage medium 91 of the management server 1.

[0171] The control unit 61 (CPU) is an example of the processor resources of the terminal 6, and the storage unit 62 (and RAM, ROM) is an example of the memory resources of the terminal 6. In this embodiment, the storage unit 62 stores various information such as program 86 and the first identifier I10 of the proxy requesting individual PR. Program 86 is a program that causes the terminal 6 to execute information processing related to setting and canceling the correspondence relationship by proxy. Program 86 includes a series of instructions for said information processing. At least one of program 86 and the first identifier I10 may be stored in the storage medium 96 instead of or together with the storage unit 62. The terminal 6 may retrieve at least one of program 86 and the first identifier I10 from the storage medium 96. The terminal 6 may communicate data with other computers via the communication interface 63. The terminal 6 may be operated via the input device 64 and the output device 65.

[0172] Furthermore, regarding the specific hardware configuration of terminal 6, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 61 may include multiple hardware processors. Hardware processors may consist of microprocessors, FPGAs, DSPs, GPUs, ASICs, ECUs (Electronic Control Units), etc. i. At least one of the input device 64, output device 65, and drive 66 may be omitted. The first identifier I10 may not be stored in the storage unit 62 but may be acquired each time. Similar to the first terminal 4 and the second terminal 5, terminal 6 may be further equipped with data acquisition devices such as sensors and readers to acquire data such as identifiers and certificates. The communication interface 63 may be equipped with a short-range wireless communication module and other wireless communication modules. Terminal 6 may be configured to measure its current location by being equipped with a positioning module. Terminal 6 may be composed of multiple computers. In this case, the hardware configuration of each computer may or may not be the same. Terminal 6 may be an information processing device designed specifically for the services provided, as well as a general-purpose computer, terminal device, etc.

[0173] [Example Software Configuration] Figure 11 schematically shows an example of the software configuration of each device (management server 1, first server 2, second server 3, first terminal 4, second terminal 5, and terminal 6) according to this embodiment.

[0174] (Management Server) The control unit 11 of the management server 1 loads the management program 81 stored in the memory unit 12 into RAM, and the CPU executes the instructions contained in the management program 81. As a result, the management server 1 operates as a computer equipped with a reception unit 111, a setting unit 112, a deactivation unit 113, and a notification unit 114 as software modules.

[0175] The reception unit 111 is configured to receive linking requests directly or indirectly from at least one of the terminals of the first target and the second target in response to the occurrence of a usage relationship between the individuals of the first target and the second target. Upon receiving a linking request, the reception unit 111 is configured to accept a request to set up a correspondence relationship between the individuals of the first target and the second target. In the case of a proxy, the reception unit 111 is configured to receive a linking request from at least one of the first terminal 4 and the second terminal 5 in response to the occurrence of a usage relationship between the proxy individual PI of the first target and the target individual TA of the second target. Upon receiving this linking request, the reception unit 111 is configured to accept a request to set up a correspondence relationship between the proxy requesting individual PR of the first target and the target individual TA of the second target.

[0176] The setting unit 112 is configured to perform a process to set up a correspondence between the relevant individuals of the first target and the second target based on the linking request. In the case of a proxy, the setting unit 112 is configured to set up a correspondence between the proxy requesting individual PR and the target individual TA in response to the successful authentication of the proxy requesting individual PR. The release unit 113 is configured to perform a process to release the correspondence upon receiving a release request from at least one of the first terminal 4 and the second terminal 5 or upon the fulfillment of predetermined release conditions. The release unit 113 is configured to perform a process to release the correspondence based on factors related to the proxy requesting individual PR.

[0177] The notification unit 114 is configured to send a notification to at least one of the first terminal 4 and the second terminal 5 indicating the result of performing the correspondence setting process. The notification unit 114 is configured to send a notification to at least one of the first terminal 4 and the second terminal 5 indicating the result of performing the correspondence cancellation process. The notification unit 114 is configured to send a notification to terminal 6 indicating that a correspondence has been set. The notification unit 114 is also configured to send a notification to terminal 6 indicating that a correspondence has been cancelled.

[0178] If the management server 1 is configured to perform the authentication process for at least one of the first and second targets, the management server 1 may be configured to further include an authentication unit 115 as a software module. The authentication unit 115 may be configured to perform the authentication process for at least one of the first and second targets.

[0179] (Server 1) If the authentication process for the first target is performed on the first server 2, the control unit 21 of the first server 2 may execute the instructions included in the program 82 using the CPU. As a result, the first server 2 may operate as a computer equipped with an authentication unit 211 as a software module. The authentication unit 211 is configured to execute the authentication process for the first target in response to an authentication request for the first target.

[0180] (Second server) If the authentication process for the second target is performed on the second server 3, the control unit 31 of the second server 3 may execute the instructions included in the program 83 using the CPU. As a result, the second server 3 may operate as a computer equipped with an authentication unit 311 as a software module. The authentication unit 311 is configured to execute the authentication process for the second target in response to an authentication request for the second target.

[0181] (Terminal 1) The control unit 41 of the first terminal 4 executes instructions included in the program 84 using the CPU. As a result, the first terminal 4 operates as a computer equipped with a data exchange unit 411, a setting request unit 412, and a release request unit 413 as software modules. The data exchange unit 411 is configured to perform data exchange with the second terminal 5. The setting request unit 412 is configured to send a linking request (a request for linking settings) to the management server 1. The release request unit 413 is configured to send a release request (a request for linking release) to the management server 1.

[0182] (Second terminal) The control unit 51 of the second terminal 5 executes instructions included in program 85 using the CPU. As a result, the second terminal 5 operates as a computer equipped with a data exchange unit 511, a setting request unit 512, and a deactivation request unit 513 as software modules. The data exchange unit 511 is configured to perform data exchange with the first terminal 4. The setting request unit 512 is configured to send a linking request to the management server 1. The deactivation request unit 513 is configured to send a deactivation request to the management server 1.

[0183] (terminal) The control unit 61 of terminal 6 executes instructions included in program 86 using the CPU. As a result, terminal 6 operates as a computer equipped with a proxy request unit 611 and a release request unit 612 as software modules. The proxy request unit 611 is configured to accept settings related to the granting of proxy rights, including the designation of a proxy individual PI, and to directly or indirectly transmit the authorization granting information AG to the first terminal 4 of the designated proxy individual PI. The release request unit 612 is configured to send a release request to the management server 1.

[0184] (others) In this embodiment, an example is described in which each software module of each device is implemented by a general-purpose CPU. However, some or all of the above software modules may be implemented by one or more dedicated processors. Each of the above modules may also be implemented as a hardware module. With respect to the software configuration of each device, modules may be omitted, replaced, and added as appropriate, depending on the embodiment. For example, if a configuration is adopted in which a linking request is sent from only one of the first terminal 4 and the second terminal 5, the setting request unit may be omitted from the other terminal. Similarly, if a configuration is adopted in which a deactivation request is sent from only one of the first terminal 4 and the second terminal 5, the deactivation request unit may be omitted from the other terminal. The authentication unit may be omitted from a device that omits the execution of authentication processing.

[0185] [3 Examples of operation] (Linking settings) Figure 12A shows an example of the linking setting processing procedure by the system 100 according to this embodiment. The following processing procedure is an example of an information processing method executed by a computer. Of the following processing procedures, the processing procedure of the management server 1 is an example of a management method executed by a computer.

[0186] In step S10, the control unit 61 of terminal 6 operates as a proxy request unit 611 and accepts settings related to the granting of proxy authority, including the designation of a proxy individual PI. The control unit 61 directly or indirectly notifies the first terminal 4 of the designated proxy individual PI of the authorization grant information AG. In response, the control unit 41 of the first terminal 4 receives the authorization grant information AG.

[0187] In step S20, in response to the occurrence of a utilization relationship between the surrogate individual PI and the target individual TA, the control unit 41 of the first terminal 4 operates as a data exchange unit 411 and performs data exchange with the second terminal 5. The control unit 51 of the second terminal 5 operates as a data exchange unit 511 and performs data exchange with the first terminal 4 Data exchange is performed. This data exchange may be carried out by short-range wireless communication. In this data exchange, the control unit 41 of the first terminal 4 requests verification of proxy authority by providing the second terminal 5 with authorization verification information AU.

[0188] In step S30, the control unit 51 of the second terminal 5 verifies the proxy authority using the authorization verification information AU in response to a request from the first terminal 4. At least one of the two methods described above may be used to verify the proxy authority. If the first method is adopted, the processing in steps S301 and S302 is an example of the processing in step S30. If the second method is adopted, the processing in step S305 is an example of the processing in step S30. In step S35, the branching destination of the processing is determined according to the success or failure of the proxy authority verification. If the verification is successful, the control unit 51 of the second terminal 5 proceeds to the next step S40. On the other hand, if the verification is unsuccessful, the control unit 51 of the second terminal 5 returns to step S20 and prompts the first terminal 4 to resend the authorization verification information AU. If the verification is unsuccessful, the first terminal 4 and the second terminal 5 may appropriately terminate the processing procedure related to the linking setting in this example of operation.

[0189] In step S40, at least one of the first terminal 4 and the second terminal 5 sends a linking request to the management server 1, which includes an authentication request for the proxy request individual PR. The control unit 41 of the first terminal 4 may operate as a setting request unit 412 and send a linking request to the management server 1. The control unit 51 of the second terminal 5 may operate as a setting request unit 512 and send a linking request to the management server 1. The first terminal 4 and the second terminal 5 may send the linking request jointly, or one of the first terminal 4 and the second terminal 5 may send the linking request. One terminal of the first terminal 4 and the second terminal 5 may give instructions to the other terminal, and the other terminal may send the linking request. The linking request may also be sent directly to the management server 1 or indirectly via an external server. The control unit 11 of the management server 1 operates as a receiving unit 111 and receives the linking request.

[0190] In step S40, if the first terminal 4 and the second terminal 5 jointly send a linking request, a single linking request may be sent separately from the first terminal 4 and the second terminal 5, or the same linking request may be sent. If sent separately, some of the data of the linking request may be sent from the first terminal 4 and the remaining data from the second terminal 5. Partial overlap between the data and the remaining data may be permitted. In step S20, in order to identify the combination of the first and second targets for which the setting of the correspondence relationship is currently being requested, the management server 1 may appropriately identify the correspondence of this data (i.e., determine the combination of corresponding data).

[0191] Data mapping can be identified in any way. For example, the data transmitted from each terminal (4, 5) may include shared information for identifying data mapping. The shared information may consist of information that has relationships, such as matching or a correspondence being established. The management server 1 may identify data mapping based on whether a relationship is established between the shared information contained in the data received from one of the first terminal 4 and the second terminal 5 and the shared information contained in the data received from the other terminal.

[0192] The shared information may be configured arbitrarily. For example, the shared information may consist of a combination of the first identifier I10 of the proxy requesting individual PR and the second identifier I20 of the target individual TA. The management server 1 may identify the data correspondence based on the match between the combination of identifiers (I10, I20) contained in the data received from the first terminal 4 and the combination of identifiers (I10, I20) contained in the data received from the second terminal 5. The shared information may also include the first identifier I10 of the proxy individual PI. In another example, the shared information may consist of temporary information such as random numbers, timestamps, and hash values. In this case, the management server 1 may identify the data correspondence based on the match between the temporary information contained in the data received from the first terminal 4 and the data received from the second terminal 5. The data mapping may be identified in accordance with the relationship established between the temporary information that is encountered. The shared information may be shared between the first terminal 4 and the second terminal 5 at any time. In a typical example, the first terminal 4 and the second terminal 5 may share the shared information when exchanging data.

[0193] In step S45, the management server 1 and the external server authenticate the proxy requesting individual PR in response to the authentication request. The first server 2 is an example of an external server. In this embodiment, the authentication process for the proxy requesting individual PR may be performed by the management server 1 or the first server 2. In one example, the control unit 11 of the management server 1 may operate as an authentication unit 115 and perform authentication of the proxy requesting individual PR. In another example, the control unit 21 of the first server 2 may operate as an authentication unit 211 and perform authentication of the proxy requesting individual PR. The management server 1 or the first server 2 may obtain the data used for authentication of the proxy requesting individual PR from at least one of the first terminal 4 and the second terminal 5, or from the terminal 6 of the proxy requesting individual PR.

[0194] The processing order of steps S40 and S45 may be determined as appropriate depending on the embodiment. In one example, at least one of the first terminal 4 and the second terminal 5 may send an authentication request to the management server 1 or the first server 2. In response to this authentication request, the management server 1 or the first server 2 may authenticate the proxy request individual PR. The management server 1 or the first server 2 may return the authentication result of the proxy request individual PR to at least one of the first terminal 4 and the second terminal 5. In this authentication result, depending on whether the authentication of the proxy request individual PR is successful, at least one of the first terminal 4 and the second terminal 5 may send a linking request to the management server 1. In another example, at least one of the first terminal 4 and the second terminal 5 may send a linking request including an authentication request to the first server 2, and the first server 2 may authenticate the proxy request individual PR in response to this authentication request. If the authentication of the proxy request individual PR is successful, the first server 2 may send a linking request including the authentication result of the proxy request individual PR to the management server 1. In yet another example, at least one of the first terminal 4 and the second terminal 5 may send a linking request including an authentication request to the management server 1. The management server 1 may authenticate the proxy requesting individual PR in response to the authentication request. Alternatively, the management server 1 may forward the authentication request to the first server 2, thereby requesting the first server 2 to authenticate the proxy requesting individual PR. The first server 2 may authenticate the proxy requesting individual PR in response to the request and return the authentication result to the management server 1. Through these means, the management server 1 may obtain the authentication result of the proxy requesting individual PR.

[0195] Furthermore, the target of the authentication process is not limited to the proxy requesting individual PR. For example, authentication may be performed on at least one of the proxy requesting individual PR, the proxy individual PI, and the target individual TA. The control unit 11 of the management server 1 may operate as an authentication unit 115 and perform authentication on at least one of the proxy individual PI and the target individual TA. The control unit 21 of the first server 2 may operate as an authentication unit 211 and perform authentication on the proxy individual PI. The control unit 31 of the second server 3 may operate as an authentication unit 311 and perform authentication on the target individual TA.

[0196] In step S50, the branching destination of the process is determined depending on whether the authentication is successful or not. If the authentication of the proxy request individual PR is successful, the control unit 11 of the management server 1 proceeds to the next step S60. On the other hand, if the authentication of the proxy request individual PR is unsuccessful, the control unit 11 of the management server 1 returns to step S45 and may request at least one of the first terminal 4, second terminal 5, and terminal 6 to resend the data used for the authentication of the proxy request individual PR. If the authentication is unsuccessful, the management server 1 may appropriately terminate the processing procedure related to the linking setting in this example.

[0197] In step S60, the control unit 11 of the management server 1 operates as a setting unit 112 and updates the linking information D10 to establish the correspondence between the first target (proxy request individual PR) and the second target (target individual TA) specified by the linking request. In one example, the correspondence Updating the linking information D10 in accordance with the settings may be configured by generating new linking information D10 that indicates the specified correspondence. In this embodiment, the management server 1 enables the proxy exercise of authority of the proxy requesting individual PR via the target individual TA by the proxy requesting individual PI by setting the correspondence between the proxy requesting individual PR and the target individual TA.

[0198] In step S70, the control unit 11 operates as a notification unit 114 and directly or indirectly sends a notification to at least one of the first terminal 4 and the second terminal 5 indicating the result of the correspondence setting process. The control unit 11 may also directly or indirectly send a notification to terminal 6 indicating that the correspondence has been set. Once the notification of the result is complete, the processing procedure for linking settings related to this example of operation is terminated.

[0199] The above processing procedure is merely an example, and each step may be modified as much as possible. Furthermore, depending on the embodiment, steps in the above processing procedure may be omitted, replaced, or added as appropriate.

[0200] (Unlink) Figure 12B shows an example of the unlinking process procedure by the system 100 according to this embodiment. The following processing procedure is an example of an information processing method executed by a computer. Of the following processing procedures, the processing procedure of the management server 1 is an example of a management method executed by a computer. Note that the example in Figure 12B assumes a scenario in which a release request is sent directly from the first terminal 4 to the management server 1.

[0201] In step SZ10, the control unit 41 of the first terminal 4 operates as a release request unit 413 and sends a release request for the corresponding relationship to the management server 1. In response, the control unit 11 of the management server 1 receives the release request. The corresponding relationship for which release is requested may be specified as appropriate. The trigger for the release request may be selected as appropriate depending on the embodiment.

[0202] In step SZ102, the control unit 11 acts as a release unit 113 and updates the linking information D10 to release the correspondence setting specified by the received release request. In one example, updating the linking information D10 in conjunction with the release of the correspondence may be performed by recording information indicating that the correspondence has been released. For example, if the linking information D10 has the configuration shown in Figure 3A, the control unit 11 may release the target correspondence by adding a release time to the corresponding linking information D10 or by setting a release flag. If the linking information D10 is configured on a blockchain base, the control unit 11 may release the target correspondence by generating a transaction indicating the release of the link and adding the generated transaction to the blockchain.

[0203] In step SZ103, the control unit 11 operates as a notification unit 114 and transmits the result of the unlinking process to the first terminal 4. Once the notification of the result is complete, the processing procedure for unlinking related to this example operation is terminated.

[0204] The above processing procedure is merely an example, and each step may be modified as much as possible. Furthermore, depending on the embodiment, steps in the above processing procedure may be omitted, replaced, or added as appropriate. For example, as described above, the transmission route for the release request is not limited to the example in Figure 12B, and may be appropriately selected depending on the embodiment. The release request may be transmitted from the second terminal 5 (release request unit 513) or terminal 6 (release request unit 612). The management server 1 (notification unit 114) may send a notification to terminal 6 indicating that the correspondence has been released. The processing of the release request may include authentication processing for at least one of the first target and the second target. In addition, the control unit 11 of the management server 1 may operate as a release unit 113 instead of step SZ102 above, and release the correspondence when a predetermined release condition is met. The control unit 11 may release The control unit 113 operates as a deactivation unit 113 and may release the correspondence with the target individual TA in accordance with the setting of correspondences with other individuals TO of the second target by the proxy request individual PR. Furthermore, the control unit 11 operates as a release unit 113 and, after setting the correspondence, may perform the above-mentioned confirmation process for continued use for the set correspondence at any time.

[0205] [Features] In this embodiment, the processing in step S60 records information indicating the establishment of a correspondence between the first target proxy requesting individual PR and the second target target individual TA. This record allows tracking of the usage relationship between the proxy individual PI and the target individual TA in response to the request from the proxy requesting individual PR. In addition, security can be ensured by the verification process in step S30 and the authentication process in step S45. Furthermore, depending on the establishment of the correspondence relationship between the proxy requesting individual PR and the target individual TA, the proxy individual PI is enabled to exercise the authority of the proxy requesting individual PR via the target individual TA. As a result, the proxy individual PI can exercise at least a portion of the authority of the proxy requesting individual PR on their behalf. Therefore, according to this embodiment, it is possible to track the usage relationship between the first target and the second target while ensuring security, and to grant the proxy individual PI the authority to exercise at least a portion of the authority of the proxy requesting individual PR on their behalf while the usage relationship is established.

[0206] [4. Variant] While embodiments of this disclosure have been described in detail above, the above description is merely illustrative in all respects of this disclosure. It goes without saying that various improvements or modifications can be made without departing from the scope of this disclosure. For example, the following modifications are possible. In the following, the same reference numerals are used for components similar to those in the above embodiments, and explanations of points similar to those in the above embodiments have been omitted as appropriate. The following modifications can be combined as appropriate.

[0207] In the above embodiment, the authentication process may be performed on at least one of the management server 1 and the external servers (first server 2, second server 3, etc.). The data communication when performing the authentication process may be designed appropriately depending on the embodiment. As an example, at least one of the following three authentication methods may be adopted.

[0208] (A) First authentication method Figure 14A schematically shows an example of the linking setup process when the first authentication method is adopted. In the example in Figure 14A, the first method described above is adopted as the method for verifying the power of attorney, and a configuration is adopted in which the proxy requesting individual PR and the target individual TA are authenticated when setting up the linking. In the first authentication method, in response to a request (authentication request) from the first target terminal, the second terminal 5 executes the authentication process for the second target. In response to a request (authentication request) from the second target terminal, the first server 2 executes the authentication process for the first target. The first terminal 4 and the second terminal 5 request the authentication of the proxy requesting individual PR and the target individual TA from the first server 2 and the second server 3 as a linking request, and have the authentication results reported to the management server 1. As a result, the first terminal 4 and the second terminal 5 send the linking request to the management server 1. The requests sent from each terminal (4, 5) to each server (2, 3) are examples of linking requests that include an authentication request. The process from each terminal (4, 5) sending an authentication request to each server (2, 3), to each server (2, 3) sending the authentication result to the management server 1, is an example of a process in which the first terminal 4 and the second terminal 5 jointly send a linking request.

[0209] The first server 2 is configured to access a first storage device that stores the first registered unique information CA10 for authentication of the first target. The first storage device may consist of at least one of the memory resources of the first server 2 and an external storage device (such as a NAS). The first registered unique information CA10 may be included in the first target information O10. The second server 3 is configured to access a second storage device that stores the second registered unique information CA20 for authentication of the second target. The configuration may be as follows: The second storage device may consist of at least one of the memory resources of the second server 3 and an external storage device (such as a NAS). The second registered unique information CA20 may be included in the second target information O20.

[0210] Each registered unique information (CA10, CA20) is unique information that has been registered in advance for the authentication of each target. The data format and structure of the unique information are not particularly limited as long as they can be used for authentication, and may be appropriately selected depending on the embodiment. The unique information may consist of arbitrary information such as information originating from the target, information originating from the terminal, temporarily generated information, and information generated by any other method.

[0211] Information originating from the target may include, for example, biometric information, uniquely assigned identification information, etc. Biometric information may include, for example, facial images, fingerprints, voiceprints, etc. Uniquely assigned identification information may include, for example, vehicle registration numbers, vehicle identification numbers, personal identification numbers, etc. If an IC tag is attached to the target, the uniquely assigned identification information may include the information held by the IC tag. Information originating from the terminal may include, for example, MAC addresses, terminal identification information, etc. Temporarily generated information may include, for example, one-time passwords, private addresses (dynamically generated addresses), etc. Temporarily generated information may consist of timestamps, random numbers, hash values, etc. Information generated by any other method may include, for example, passwords, passcodes, and other information other than sequences of symbols.

[0212] First, in step S10, the control unit 61 of terminal 6 configures the settings for granting proxy authority and notifies the first terminal 4 of the designated proxy individual PI of the authorization grant information AG. In one example, the control unit 61 of terminal 6 may notify the first terminal 4 of the authorization grant information AG, which includes the first identifier I10 and contact AU1 of the proxy requesting individual PR. In response, the first terminal 4 receives the authorization grant information AG.

[0213] In step S20, the first terminal 4 and the second terminal 5 exchange data. In this data exchange, the control unit 41 of the first terminal 4 may provide the second terminal 5 with the first identifier I10 and contact information AU1 of the proxy requesting individual PR. The control unit 51 of the second terminal 5 may obtain the first identifier I10 and contact information AU1 of the proxy requesting individual PR from the proxy individual PI or the first terminal 4. In addition, in this data exchange, the control unit 41 of the first terminal 4 may obtain the second identifier I20 and second unique information CA2 of the target individual TA from either the target individual TA or the second terminal 5. The method for obtaining the second identifier I20 and second unique information CA2 may be appropriately selected depending on the embodiment. In one example, the control unit 41 of the first terminal 4 may obtain at least one of the second identifier I20 and second unique information CA2 of the target individual TA using an input device, sensor, etc. In another example, the second identifier I20 and the second unique information CA2 may be stored in the second terminal 5 beforehand, and the control unit 41 of the first terminal 4 may acquire the second identifier I20 and the second unique information CA2 through data exchange with the second terminal 5.

[0214] In step S301, the control unit 51 of the second terminal 5 sends an inquiry to contact AU1. In step S302, the control unit 51 of the second terminal 5 receives an approval response as a result of executing the approval process. In one example, contact AU1 may be a contact of terminal 6, and the control unit 51 of the second terminal 5 may send an inquiry to terminal 6. Upon receiving the inquiry, the control unit 61 of terminal 6 may execute the approval process and send an approval response back to the second terminal 5. The control unit 61 of terminal 6 may send the first unique information CA1 of the proxy request individual PR to the second terminal 5 along with the approval response. In response, the control unit 51 of the second terminal 5 may receive the approval response and the first unique information CA1 of the proxy request individual PR from terminal 6. In another example, the control unit 51 of the second terminal 5 may send an inquiry to an external computer and receive the first unique information CA1 of the proxy request individual PR from the external computer along with the approval response. The method for obtaining the first unique information CA1 may be appropriately selected depending on the embodiment. In one example, terminal The control unit 61 of terminal 6 may obtain the first unique information CA1 from the proxy requesting individual PR using an input device, sensor, etc. Terminal 6 may have the first unique information CA1 stored in advance. The control unit 51 of the second terminal 5 may receive the first unique information CA1 directly or indirectly from terminal 6. Each identifier (I10, I20) and each unique information (CA1, CA2) are examples of data used for authentication. Verification of proxy authority is achieved by obtaining a response indicating approval.

[0215] In step SA410, the control unit 51 of the second terminal 5 sends an authentication request to the first server 2 that includes the first identifier I10 and the first unique information CA1 of the proxy request individual PR. In response, the control unit 21 of the first server 2 receives the authentication request for the proxy request individual PR. The control unit 21 of the first server 2 operates as an authentication unit 211 and executes the authentication process for the proxy request individual PR. In one example, the control unit 21 may extract the first registered unique information CA10 of the proxy request individual PR from the first target information O10 by using the first identifier I10 included in the authentication request as a query to search for the first target information O10. The control unit 21 may compare the extracted first registered unique information CA10 with the first unique information CA1 included in the authentication request. The comparison may be performed as appropriate depending on the unique information used. The control unit 21 may determine whether the authentication for the proxy request individual PR is successful or not based on the result of the comparison. In step SA420, the control unit 21 reports the authentication result for the proxy request individual PR to the management server 1. In one example, the control unit 21 may send the authentication result of the proxy request individual PR to the management server 1, along with the first identifier I10 of the proxy request individual PR. The control unit 21 may send the authentication result to the management server 1 regardless of whether the authentication was successful or not, or it may send the authentication result to the management server 1 only if the authentication is successful.

[0216] Meanwhile, in step SB410, the control unit 41 of the first terminal 4 sends an authentication request to the second server 3 that includes the second identifier I20 and second unique information CA2 of the target individual TA. In response, the control unit 31 of the second server 3 receives the authentication request for the target individual TA. The control unit 31 of the second server 3 operates as an authentication unit 311 and executes the authentication process for the target individual TA. In one example, the control unit 31 may extract the second registered unique information CA20 of the target individual TA from the second target information O20 by using the second identifier I20 included in the authentication request as a query to search for the second target information O20. The control unit 31 may compare the extracted second registered unique information CA20 with the second unique information CA2 included in the authentication request. The comparison may be performed as appropriate depending on the unique information used. The control unit 31 may determine whether the authentication for the target individual TA is successful or not based on the result of the comparison. In step SB420, the control unit 31 reports the authentication result for the target individual TA to the management server 1. In one example, the control unit 31 may send the authentication result of the target individual TA to the management server 1, along with the second identifier I20 of the target individual TA. The control unit 31 may send the authentication result to the management server 1 regardless of whether the authentication was successful or not, or it may send the authentication result to the management server 1 only if the authentication is successful.

[0217] One example of a second terminal 5 sending a linking request to the management server 1 is when the second terminal 5 sends an authentication request to the first server 2 and has the first server 2 send the authentication result to the management server 1. Similarly, one example of a first terminal 4 sending a linking request to the management server 1 is when the first terminal 4 sends an authentication request to the second server 3 and has the second server 3 send the authentication result to the management server 1. In other words, when the first authentication method is adopted during linking setup, the processing in steps SA410, SA420, SB410, and SB420 is an example of the processing in steps S40 and S45 described above. This form of authentication request is one example of a form in which the authentication process is executed together with the linking request.

[0218] The control unit 11 of the management server 1 receives authentication results for each individual (PR, TA) from each server (2, 3). The control unit 11 may identify the correspondence of the authentication result data by using the shared information mentioned above or by other means in order to identify the combination of the first target and second target individuals that are currently requesting the setting of the correspondence relationship. If the authentication of both the proxy requesting individual PR and the target individual TA is successful in the received authentication results, the control unit 11 will identify the proxy requesting individual PR The correspondence between the target individual TAs is then established. The process for setting the correspondence may be the same as in the above embodiment. Note that the series of processes from data exchange between terminals (4, 5) to linking may be executed in real time as the usage relationship arises.

[0219] In the first authentication method, authentication of the first target and the second target is performed on both the first server 2 and the second server 3, respectively, in response to the establishment of a usage relationship between the first target and the second target. At this time, authentication of the first target is requested from the second terminal 5 of the second target, and authentication of the second target is requested from the first terminal 4 of the first target. In other words, cross-authentication is performed, where each party authenticates the other, rather than proceeding with their own authentication. This is expected to ensure security.

[0220] Figure 13B schematically shows an example of the linking setting process when the first authentication method is adopted as the authentication method and the second method described above is adopted as the verification method for proxy authority. When the first authentication method is adopted, the system 100 may adopt the second method instead of the first method as the verification method for proxy authority. When the second method is adopted, in step S20, the control unit 41 of the first terminal 4 may provide the proxy authentication information AU2 to the second terminal 5. The proxy authentication information AU2 may be acquired as appropriate. In one example, in step S10, the first terminal 4 may receive authorization information AG from terminal 6, which includes authentication information PC1 as the proxy authentication information AU2. In another example, the first terminal 4 may acquire the proxy authentication information AU2 from the proxy individual PI at any time.

[0221] At any time before executing the process in step S305, the control unit 51 of the second terminal 5 may obtain the authentication information PC1 through the process in step S100. In one example, in the setting of step S10, a target individual TA may be specified, and terminal 6 may send the authentication information PC1 to the second terminal 5 of the specified target individual TA. As a result, the control unit 51 of the second terminal 5 may obtain the authentication information PC1. In another example, in response to the establishment of a usage relationship with a proxy individual PI (for example, initiating data exchange with the first terminal 4), the control unit 51 of the second terminal 5 may download the authentication information PC1 from an external computer. The control unit 51 of the second terminal 5 may obtain the first unique information CA1 of the proxy requesting individual PR along with the authentication information PC1.

[0222] In step S305, the control unit 51 of the second terminal 5 verifies the proxy authority by comparing the proxy authentication information AU2 and the authentication information PC1. If the comparison is successful (verification is successful), the control unit 51 of the second terminal 5 may, together with the control unit 41 of the first terminal 4, execute the processes from step SA410 and step SB410 onward. On the other hand, if the comparison is unsuccessful, the control unit 51 of the second terminal 5 may prompt the first terminal 4 to resend the proxy authentication information AU2. If the comparison is unsuccessful, the control unit 51 of the second terminal 5 may appropriately terminate the processing procedure related to the linking setting. Other processing procedures when the second method is adopted as the verification method may be the same as when the first method in Figure 13A is adopted.

[0223] Note that the processing procedures in Figures 13A and 13B are merely examples, and each step may be modified as much as possible. Depending on the embodiment, steps in the above processing procedure may be omitted, replaced, or added as appropriate. For example, the authentication of the second target (target individual TA) may be omitted. Authentication of the proxy individual PI may be performed in the same manner as for the proxy requesting individual PR.

[0224] Furthermore, regardless of whether or not authentication of the proxy individual PI is performed, the first identifier I10 of the proxy individual PI may be sent from the first terminal 4 or the first server 2 to the management server 1. In one example, the first identifier I10 of the proxy individual PI may be sent to the management server 1 from at least one of the first target authentication routes (steps SA410, SA420) and the second target authentication routes (steps SB410, SB420). In response, the management server 1 will... As part of the process of setting up the correspondence between the requesting individual PR and the target individual TA, linking information D10 may be generated, which further includes the first identifier I10 of the proxy individual PI.

[0225] Furthermore, the transmission path for authentication results is not limited to the examples in Figures 13A and 13B. In another example, the first terminal 4 may receive the authentication result of the target individual TA from the second server 3, and the second terminal 5 may receive the authentication result of the proxy request individual PR from the first server 2. Accordingly, each terminal (4, 5) may send a linking request including the authentication results of each individual (PR, TA) received to the management server 1. Alternatively, one terminal, the first terminal 4, or the second terminal 5, may exchange authentication results with the other terminal, and the other terminal may send a linking request including the authentication results of each individual (PR, TA) to the management server 1.

[0226] Furthermore, the transmission path of the first unique information CA1 of the proxy requesting individual PR may be appropriately modified depending on the embodiment. In another example, the second terminal 5 may send an authentication request for the proxy requesting individual PR to the first server 2 without the first unique information CA1 of the proxy requesting individual PR being present. In response to this authentication request, the first server 2 may request the first unique information CA1 from the proxy requesting individual PR's terminal 6. Terminal 6 may appropriately obtain the first unique information CA1 and send it to the first server 2. As a result, the first server 2 may obtain the first unique information CA1 to be used for authentication of the proxy requesting individual PR.

[0227] (B) Second authentication method Figure 14A schematically shows an example of the linking setup process when the second authentication method is adopted. In the example in Figure 14A, the first method described above is adopted as the method for verifying the power of attorney, and a configuration is adopted in which the requesting agent PR and the target agent TA are authenticated when setting up the linking. In the second authentication method, the management server 1 requests authentication from each server (2, 3) in response to a request from at least one of the first terminal 4 and the second terminal 5. That is, the external servers (first server 2, second server 3) authenticate each individual (PR, TA) in response to the authentication request included in the linking request sent from at least one of the first terminal 4 and the second terminal 5. The data (unique information) used for authentication is the same as in the first authentication method. The request sent from the first terminal 4 and the second terminal 5 to the management server 1 is an example of a linking request that includes an authentication request.

[0228] First, the processes in steps S10, S20, S301, and S302 may be performed in the same manner as the first authentication method described above. After the second terminal 5 receives a response indicating approval, at least one of the first terminal 4 and the second terminal 5 sends an authentication request to the management server 1 as a linking request, which includes the first identifier I10 of the proxy requesting individual PR, the first unique information CA1 of the proxy requesting individual PR, the second identifier I20 of the target individual TA, and the second unique information CA2 of the target individual TA (steps SC410 and SD410). In response, the control unit 11 of the management server 1 receives the authentication request which includes the first identifier I10, the first unique information CA1, the second identifier I20, and the second unique information CA2. The processes in steps SC410 and SD410 are an example of the process in step S40 described above.

[0229] The division of data transmission responsibilities may be determined as appropriate depending on the embodiment. For example, the second terminal 5 may be responsible for transmitting the first identifier I10 and the first unique information CA1, and the first terminal 4 may be responsible for transmitting the second identifier I20 and the second unique information CA2. For example, in either step S20 or step S302, the control unit 51 of the second terminal 5 may acquire the first identifier I10 and the first unique information CA1 of the proxy requesting individual PR. In step SC410, the control unit 51 of the second terminal 5 may send a linking request to the management server 1 including the acquired first identifier I10 and the first unique information CA1 of the proxy requesting individual PR. On the other hand, in step S20, the control unit 41 of the first terminal 4 may acquire the second identifier I20 and the second unique information CA2 of the target individual TA from either the target individual TA or the second terminal 5. In step SD410, The control unit 41 of terminal 4 may send a linking request to the management server 1 that includes the second identifier I20 and second unique information CA2 of the acquired target individual TA.

[0230] The division of data transmission is not limited to this example. In another example, at least one of the first identifier I10 and the first unique information CA1 may be transmitted from the first terminal 4. At least one of the second identifier I20 and the second unique information CA2 may be transmitted from the second terminal 5. When a divided transmission configuration is adopted, the management server 1 may identify the correspondence of the authentication request data by using the shared information mentioned above or by other means to identify the combination of the corresponding individuals of the first and second targets that are currently requesting the setting of the correspondence relationship. In yet another example, the first identifier I10, the first unique information CA1, the second identifier I20, and the second unique information CA2 may be transmitted from only one of the first terminal 4 and the second terminal 5.

[0231] In step SC420, the control unit 11 of the management server 1 requests authentication of the proxy request individual PR from the first server 2 by sending the first identifier I10 and the first unique information CA1 from the received data. In response, the control unit 21 of the first server 2 operates as an authentication unit 211, compares the first unique information CA1 and the first registered unique information CA10, and may determine whether authentication of the proxy request individual PR is successful or not based on the result of the comparison. In step SC430, the control unit 21 of the first server 2 returns the authentication result for the proxy request individual PR to the management server 1.

[0232] Similarly, in step SD420, the control unit 11 of the management server 1 requests authentication of the target individual TA from the second server 3 by transmitting the second identifier I20 and the second unique information CA2. In response, the control unit 31 of the second server 3 operates as an authentication unit 311 and compares the second unique information CA2 and the second registered unique information CA20, and may determine whether authentication of the target individual TA is successful or not based on the result of the comparison. In step SD430, the control unit 31 of the second server 3 transmits the authentication result for the target individual TA to the management server 1.

[0233] The control unit 11 of the management server 1 receives authentication results for each individual (PR, TA) from each server (2, 3). If the authentication of both the proxy requesting individual PR and the target individual TA is successful in the received authentication results, the control unit 11 sets up a correspondence relationship between the proxy requesting individual PR and the target individual TA. The process for setting up the correspondence relationship may be the same as in the above embodiment. Note that the series of processes from data exchange between terminals (4, 5) to linking settings may be executed in real time as usage relationships occur. Other configurations may be the same as in the first authentication method.

[0234] In the second authentication method, authentication of the first target and the second target is performed on both the first server 2 and the second server 3, respectively, in response to the establishment of a usage relationship between the first target and the second target. These two authentication methods are expected to ensure security.

[0235] Figure 14B schematically shows an example of the linking setting process when the second authentication method is adopted as the authentication method and the second method described above is adopted as the method for verifying the agent's authority. When the second authentication method is adopted, the system 100 may adopt the second method instead of the first method described above as the method for verifying the agent's authority. Similar to the first authentication method described above, in step S20, the control unit 41 of the first terminal 4 may provide the agent authentication information AU2 to the second terminal 5. At any timing before executing the process in step S305, the control unit 51 of the second terminal 5 may obtain the authentication information PC1 by the process in step S100. The control unit 51 of the second terminal 5 may obtain the first unique information CA1 of the agent requesting individual PR along with the authentication information PC1. In step S305, the control unit 51 of the second terminal 5 verifies the agent's authority by comparing the agent authentication information AU2 and the authentication information PC1. If the comparison is successful (verification is successful) Steps SC410 and SD410 and beyond may be executed. Other procedures may be the same as in Figures 13B and 14A above.

[0236] Note that the processing procedures in Figures 14A and 14B are merely examples, and each step may be modified as much as possible. Depending on the embodiment, steps in the above processing procedure may be omitted, replaced, or added as appropriate. For example, similar to the first authentication method described above, the authentication of the second target (target individual TA) may be omitted. Authentication of the proxy individual PI may also be performed in the same manner as for the proxy request individual PR. The management server 1 may generate linking information D10 which further includes the first identifier I10 of the proxy individual PI. The transmission path of the first unique information CA1 of the proxy request individual PR may be modified as appropriate depending on the embodiment. In another example, the first unique information CA1 of the proxy request individual PR may be transmitted from terminal 6 to the first server 2.

[0237] Also, the transmission path of the authentication result does not have to be limited to the examples of FIGS. 14A and 14B. In another example, the authentication process for at least one of the first target and the second target may be executed by the management server 1 instead of the external server. For example, the management server 1 may hold at least one of the first registered unique information CA10 and the second registered unique information CA20. Alternatively, the management server 1 may obtain at least one of the first registered unique information CA10 and the second registered unique information CA20 by querying at least one of the first server 2 and the second server 3. Accordingly, the control unit 11 of the management server 1 may operate as the authentication unit 115 and execute the authentication process for at least one of the first target and the second target.

[0238] (C-1) The third - 1 authentication method FIG. 15A schematically shows an example of the processing procedure of the association setting when adopting the third - 1 authentication method. In the example of FIG. 15A, it is assumed a scenario where the first method is adopted as the verification method of the agency right, and the authentication of the agency - requesting individual PR and the target individual TA is performed during the association setting. The third - 1 authentication method uses a time - limited certificate for authentication instead of unique information. The authentication process is executed by the management server 1.

[0239] The first server 2 is configured to issue a first time - limited certificate CB10 to each individual of the first target. The second server 3 is configured to issue a second time - limited certificate CB20 to each individual of the second target.

[0240] Each time - limited certificate (CB10, CB20) is configured to become invalid when the expiration period elapses. If the invalidation due to the expiration of the expiration period can be controlled, the configuration of each time - limited certificate (CB10, CB20) does not have to be particularly limited and may be appropriately selected according to the embodiment. Each time - limited certificate (CB10, CB20) may contain arbitrary information. In one example, each time - limited certificate (CB10, CB20) may be composed of a random number, a time stamp, a hash value, etc. Each time - limited certificate (CB10, CB20) may be composed of temporary information such as a one - time password.

[0241] The validity periods of each time-limited certificate (CB10, CB20) may be managed as appropriate. The expiration due to the passage of the validity period may be specified as appropriate. For example, whether the target time-limited certificate has expired may be specified by, for example, having passed the deadline set in the time-limited certificate, being added to the expiration list of the time-limited certificate, being deleted from the valid list of the time-limited certificate, being updated to a new time-limited certificate, being given information indicating expiration (for example, a timestamp), etc. When using reference information such as an expiration list, a valid list, etc. for the management of the validity period, the reference information may be stored in any storage device accessible from the system 100. Typically, the reference information of each time-limited certificate (CB10, CB20) may be stored in each server (2, 3).

[0242] First, in step SE910, the control unit 61 of the terminal 6 of the agency-requesting individual PR transmits a request for issuing the first time-limited certificate CB10 to the first server 2 in relation to the first identifier I10 of the agency-requesting individual PR. In response to the reception of the request, the control unit 21 of the first server 2 issues the first time-limited certificate CB10 in relation to the first identifier I10. In step SE920, the control unit 21 of the first server 2 returns the issued first time-limited certificate CB10 to the terminal 6. In response to this, the terminal 6 receives the issued first time-limited certificate CB10 from the first server 2. The control unit 61 of the terminal 6 stores the received first time-limited certificate CB10 in a usable manner as the first certificate CB1. In step SE930, the control unit 21 of the first server 2 also notifies the management server 1 of the issued first time-limited certificate CB10. The control unit 21 may notify the first time-limited certificate CB10 with the first identifier I10 attached.

[0243] Similarly, in step SF910, the control unit 51 of the second terminal 5 of the target individual TA sends a request to the second server 3 for the issuance of the second time-limited certificate CB20 in relation to the second identifier I20 of the target individual TA. Upon receiving the request, the control unit 31 of the second server 3 issues the second time-limited certificate CB20 in relation to the second identifier I20. In step SF920, the control unit 31 of the second server 3 returns the issued second time-limited certificate CB20 to the second terminal 5. In response, the second terminal 5 receives the issued second time-limited certificate CB20 from the second server 3. The control unit 51 of the second terminal 5 stores the received second time-limited certificate CB20 for use as the second certificate CB2. Also, in step SF930, the control unit 31 of the second server 3 notifies the management server 1 of the issued second time-limited certificate CB20. The control unit 31 may also notify the second time-limited certificate CB20 with the second identifier I20 attached.

[0244] The processes in steps S10, S20, S301, and S302 may be performed in the same manner as the first authentication method described above. After the second terminal 5 receives a response indicating approval, at least one of the first terminal 4 and the second terminal 5 sends an authentication request to the management server 1 as a linking request, which includes the first certificate CB1 of the proxy requesting individual PR and the second certificate CB2 of the target individual TA (steps SE410, SF410). In response, the management server 1 receives the first certificate CB1 corresponding to the first time-limited certificate CB10 and the second certificate CB2 corresponding to the second time-limited certificate CB20. The processes in steps SE410 and SF410 are an example of the process in step S40 described above. The request sent from at least one of the first terminal 4 and the second terminal 5 is an example of a linking request including an authentication request.

[0245] The division of data transmission responsibilities may be determined as appropriate depending on the embodiment. For example, the second terminal 5 may be responsible for transmitting the first certificate CB1 of the proxy requesting individual PR, and the first terminal 4 may be responsible for transmitting the second certificate CB2 of the target individual TA. That is, in step SE410, the control unit 51 of the second terminal 5 may send a linking request including the first certificate CB1 of the proxy requesting individual PR to the management server 1. In step SF410, the control unit 41 of the first terminal 4 may send a linking request including the second certificate CB2 of the target individual TA to the management server 1.

[0246] However, the distribution of data transmission is not limited to this example. In another example, the first certificate CB1 may be sent from the first terminal 4. The second certificate CB2 may be sent from the second terminal 5. In addition, along with each certificate (CB1, CB2), each identifier (I10, I20) of each individual (PR, TA) may also be sent to the management server 1. In this case, each identifier (I10, I20) and each certificate (CB1, CB2) are examples of data used for authentication. Each identifier (I10, I20) may be sent from at least one of the first terminal 4 and the second terminal 5. When adopting a divided transmission method, the management server 1 may identify the correspondence of the authentication request data by using the shared information mentioned above or by other means to identify the combination of the corresponding individuals of the first and second targets that are currently requesting the setting of the correspondence relationship. In yet another example, the first certificate CB1 and the second certificate CB2 may be sent from only one of the first terminal 4 and the second terminal 5.

[0247] Each terminal (4, 5) may obtain each certificate (CB1, CB2) as appropriate. When the second terminal 5 transmits the first certificate CB1 of the proxy requesting individual PR, the second terminal 5 may obtain the first certificate CB1 along with the approval response in step S302, or it may obtain the first certificate CB1 via the first terminal 4 in steps S10 and S20. When the first terminal 4 transmits the first certificate CB1 of the proxy requesting individual PR, the first terminal 4 may obtain the first certificate CB1 along with the authorization information AG in step S10, or it may obtain the first certificate CB1 via the second terminal 5 in steps S302 and S20. When the first terminal 4 transmits the second certificate CB2 of the target individual TA, the first terminal 4 may obtain the second certificate CB2 from the second terminal 5 in step S20.

[0248] The control unit 11 of the management server 1 operates as an authentication unit 115 and compares the received first certificate CB1 with the first time-limited certificate CB10 notified by the first server 2. The control unit 11 of the management server 1 operates as an authentication unit 115 and compares the received second certificate CB2 with the second time-limited certificate CB20 notified by the second server 3. The control unit 11 may appropriately identify the mapping of the data to be compared. Identifying the mapping of the data to be compared means determining the combination of the first time-limited certificate CB10 and the first certificate CB1, and the combination of the second time-limited certificate CB20 and the second certificate CB2. Similar to the mapping of authentication request data, the control unit 11 may identify the mapping of the data to be compared by using the shared information mentioned above. The shared information may be each identifier (I10, I20).

[0249] Furthermore, the method for matching certificates and time-limited certificates may be appropriately selected depending on the relationship between them. For example, time-limited certificates (CB10, CB20) may be used as certificates (CB1, CB2) as they are. In this case, the success or failure of the matching in authentication may be determined based on whether or not the time-limited certificates (CB10, CB20) and certificates (CB1, CB2) match. In another example, time-limited certificates (CB10, CB20) may be arbitrarily converted, and the converted time-limited certificates (CB10, CB20) may be used as certificates (CB1, CB2). In this case, the success or failure of the matching in authentication may be determined based on whether or not a predetermined relationship is established between the time-limited certificates (CB10, CB20) and certificates (CB1, CB2). For example, the first time-limited certificate CB10 may be converted into a hash value, and the resulting hash value may be used as the first certificate CB1. Accordingly, whether or not a relationship is established may be determined by whether or not the hash value of the first time-limited certificate CB10 matches that of the first certificate CB1. The conversion may include data operations such as deletion and addition. At least one of the first time-limited certificate CB10 and the second time-limited certificate CB20 may be used as a certificate as is, and the other may be used as a certificate after conversion. The conversion process may be performed on each terminal (4, 5, 6) or on each server (2, 3). If the conversion process is performed on each server (2, 3), each terminal (5, 6) may receive the converted time-limited certificates (CB10, CB20) from each server (2, 3).

[0250] The control unit 11 of the management server 1 may determine whether authentication for each individual (PR, TA) is successful or not according to the result of each matching. If the matching fails, authentication fails. If the first time-limited certificate CB10 / second time-limited certificate CB20 has expired due to the expiration of its validity period, the matching of the first target / second target fails. On the other hand, if the first time-limited certificate CB10 and the second time-limited certificate CB20 are valid and each matching is successful, authentication of both the proxy requesting individual PR and the target individual TA is successful. If authentication of both the proxy requesting individual PR and the target individual TA is successful, the control unit 11 of the management server 1 sets up a correspondence relationship between the proxy requesting individual PR and the target individual TA. The process for setting up the correspondence relationship may be the same as in the above embodiment. Note that the series of processes from data exchange between terminals (4, 5) to linking settings may be executed in real time according to the occurrence of usage relationships. Other configurations may be the same as in the first authentication method, etc.

[0251] In method 3-1, depending on the occurrence of a utilization relationship between the first object and the second object, Authentication for both target 1 and target 2 is performed using time-limited certificates (CB10, CB20). Each time-limited certificate (CB10, CB20) is configured to expire after its validity period. Therefore, it is possible to prevent the permanent use of the same certificate, thereby ensuring security.

[0252] Figure 15B schematically shows an example of the linking setting process when the authentication method 3-1 is adopted as the authentication method and the second method described above is adopted as the method for verifying the power of attorney. When the authentication method 3-1 is adopted, the system 100 may adopt the second method instead of the first method described above as the method for verifying the power of attorney. Similar to the first authentication method described above, in step S20, the control unit 41 of the first terminal 4 may provide the power of attorney authentication information AU2 to the second terminal 5. At any timing before executing the process in step S305, the control unit 51 of the second terminal 5 may obtain the authentication information PC1 by the process in step S100. The control unit 51 of the second terminal 5 may obtain the first certificate CB1 of the power of attorney requesting individual PR together with the authentication information PC1. In step S305, the control unit 51 of the second terminal 5 verifies the power of attorney by comparing the power of attorney authentication information AU2 and the authentication information PC1. If the matching is successful (verification is successful), steps SE410 and SF410 and subsequent steps may be executed. Other procedures may be the same as in the case of Figure 15A above.

[0253] Note that the processing procedures in Figures 15A and 15B are merely examples, and each step may be modified as much as possible. Depending on the embodiment, steps in the above processing procedures may be omitted, replaced, or added as appropriate. For example, similar to the first authentication method described above, the authentication of the second target (target individual TA) may be omitted. Authentication of the proxy individual PI may also be performed in the same manner as for the proxy requesting individual PR. The management server 1 may generate association information D10 which further includes the first identifier I10 of the proxy individual PI.

[0254] Furthermore, the issuance of each time-limited certificate (CB10, CB20) does not necessarily have to be based on a request from each terminal (4, 5). Each server (2, 3) may generate each time-limited certificate (CB10, CB20) on its own initiative. In this case, the processing in steps SE910 and SF910 may be omitted.

[0255] Furthermore, the issuance of each time-limited certificate (CB10, CB20) (steps SE910 to SE930, steps SF910 to SF930) may be performed at any time before the request for linking settings (steps SE410, SF410). For example, the issuance of each time-limited certificate (CB10, CB20) may be performed in advance before the data exchange between the first terminal 4 and the second terminal 5 is performed (step S20). In another example, it may be performed after the data exchange between the first terminal 4 and the second terminal 5 has started, but before the linking request is sent. From the viewpoint of reducing the steps involved in linking settings, it is preferable that the issuance of each time-limited certificate (CB10, CB20) be performed at the former timing.

[0256] Furthermore, in the authentication method described in Section 3-1 above, the matching process for each certificate (CB1, CB2) and each time-limited certificate (CB10, CB20), that is, the authentication process for each target, is performed by the management server 1. However, the entity that performs the matching process is not limited to the management server 1. In another example, the management server 1 may request each server (2, 3) to perform the matching process by sending each certificate (CB1, CB2) to each server (2, 3). In this way, the matching process may be performed by each server (2, 3). That is, the authentication process for at least one of the first target and the second target may be performed by an external server. In one example, the control unit 21 of the first server 2 may operate as an authentication unit 211 and determine the success or failure of the authentication of the first target by matching the first certificate CB1 and the first time-limited certificate CB10 received from the management server 1. The control unit 21 may return the authentication result of the first target to the management server 1. Furthermore, the control unit 31 of the second server 3 operates as an authentication unit 311, and receives the second authentication from the management server 1. The success or failure of the authentication of the second target may be determined by comparing the instruction manual CB2 with the second time-limited certificate CB20. The control unit 31 may return the authentication result of the second target to the management server 1. In this case, the notification of each time-limited certificate (CB10, CB20) (steps SE930, SF930) may be omitted. In another example, the management server 1 may perform the authentication process for at least one of the first target and the second target, and the authentication process for the other may be performed by an external server.

[0257] Furthermore, the transmission path of the first certificate CB1 of the proxy requesting individual PR may be appropriately modified depending on the embodiment. In another example, at least one of the first terminal 4 and the second terminal 5 may send the authentication request of the proxy requesting individual PR to the management server 1 without the first certificate CB1 of the proxy requesting individual PR. The management server 1 may request the first certificate CB1 from terminal 6 directly or indirectly via an external server such as the first server 2. In response to this request, terminal 6 may send the first certificate CB1 directly or indirectly to the management server 1. As a result, the management server 1 may obtain the first certificate CB1 to be used for authentication of the proxy requesting individual PR.

[0258] (C-2) Authentication method of Section 3-2 In the authentication method described in Section 3-1 above, the management server 1 performs authentication processing for each individual (PR, TA) in response to a linking request from at least one of the first terminal 4 and the second terminal 5. However, the timing of the authentication processing is not limited to this example. In the authentication method described in Section 3-2, as a trigger for sending a linking request to the management server 1, at least one of the first terminal 4 and the second terminal 5 may perform authentication processing for at least one of the proxy requesting individual PR and the target individual TA between at least one of the first server 2 and the second server 3.

[0259] Figure 16A schematically shows an example of the linking setting process when adopting the authentication method described in Section 3-2. Figure 16A assumes a scenario in which the authentication process for the first target (proxy request individual PR) is performed.

[0260] First, between the terminal 6 and the first server 2, the processes of step SE910 and step SE920 may be executed in the same manner as the above-described third-first authentication method. As a result of the execution, a first time-limited certificate CB10 is issued, and the issued first time-limited certificate CB10 is notified to the terminal 6. At this time, the first server 2 may store the issued first time-limited certificate CB10 in association with the first identifier I10. The first time-limited certificate CB10 may be stored as the first target information O10. The notification to the management server 1 (step SE930) may be omitted. The processes of step S10, step S20, and step S30 may be executed in the same manner as the above-described third-first authentication method. Either the first method or the second method may be adopted as the proxy verification method. Thereby, the second terminal 5 acquires the first identifier I10 and the first certificate CB1.

[0261] In step SG410, the control unit 51 of the second terminal 5 transmits an authentication request including the first identifier I10 and the first certificate CB1 to the first server 2. In response to the reception of the authentication request, the control unit 21 of the first server 2 operates as an authentication unit 211 and collates the received first certificate CB1 with the corresponding first time-limited certificate CB10. The corresponding first time-limited certificate CB10 may be appropriately acquired. In one example, the issued first time-limited certificate CB10 may be stored as the first target information O10, and the control unit 21 of the first server 2 may extract the corresponding first time-limited certificate CB10 by searching for the first target information O10 using the first identifier I10 as a query. In step SG420, the control unit 21 of the first server 2 returns the result of the collation to the second terminal 5. In response thereto, the control unit 51 of the second terminal 5 receives the result of the collation.

[0262] If the collation of the first certificate CB1 and the first time-limited certificate CB10 fails in the received collation result, the control unit 51 of the second terminal 5 may appropriately terminate the process procedure of the association setting. In one example, the control unit 51 may request the terminal 6 to retransmit the first certificate CB1. On the other hand If the matching is successful, the control unit 51 sends a linking request including the first identifier I10 and the second identifier I20 to the management server 1 (step SG430). The processing in steps SG410, SG420, and SG430 is an example of the processing in steps S40 and S45 described above.

[0263] In response, the management server 1 receives a linking request from the second terminal 5. The control unit 11 of the management server 1 sets up a correspondence between the first target (proxy request individual PR) and the second target (target individual TA) in response to the linking request. The process for setting up the correspondence may be the same as in the above embodiment. Note that the series of processes from data exchange between terminals (4, 5) to linking setting may be executed in real time in response to the occurrence of a usage relationship. Other configurations may be the same as in the first authentication method, etc.

[0264] Furthermore, the authentication method described in Section 3-2 does not have to be limited to the first target. The second target may also be authenticated using the same method.

[0265] Figure 16B schematically shows another example of the linking setting process when adopting the authentication method described in Section 3-2. Figure 16B assumes a scenario in which the authentication process for the second target (target individual TA) is performed. The processing procedure in Figure 16B may be the same as that in Figure 16A, except that the first and second targets are swapped and the processing related to the proxy is omitted.

[0266] In other words, the processes in steps SF910 and SF920 are executed between the second terminal 5 and the second server 3, resulting in the issuance of the second time-limited certificate CB20, and the issued second time-limited certificate CB20 is notified to the second terminal 5. In step S20, the control unit 51 of the second terminal 5 provides the issued second time-limited certificate CB20 to the first terminal 4 as the second certificate CB2. The control unit 51 of the second terminal 5 also provides the first terminal 4 with the second identifier I20. In step SH410, the control unit 41 of the first terminal 4 sends an authentication request including the second identifier I20 and the second certificate CB2 to the second server 3. In response, the control unit 31 of the second server 3 operates as the authentication unit 311 and performs verification processing of the second certificate CB2 and the second time-limited certificate CB20. In step SH420, the control unit 31 of the second server 3 returns the verification result to the first terminal 4. If the matching results show that the second certificate CB2 and the second time-limited certificate CB20 have been matched, the control unit 41 of the first terminal 4 sends a linking request including the first identifier I10 and the second identifier I20 to the management server 1 (step SH430). In response, the management server 1 receives the linking request from the first terminal 4. The control unit 11 of the management server 1 sets up a correspondence between the relevant individuals of the first target (proxy request individual PR) and the second target (target individual TA) in response to the linking request.

[0267] In the authentication method described in section 3-2, the authentication process is performed before the linking request. This reduces the processing load on the management server 1. It also shortens the processing time from the linking request to the configuration process.

[0268] Note that the processing procedures in Figures 16A and 16B are merely examples, and each step may be modified as much as possible. Depending on the embodiment, steps in the above processing procedure may be omitted, replaced, or added as appropriate. The processing order of the authentication of the first target and the authentication of the second target is not particularly limited and may be determined as appropriate depending on the embodiment.

[0269] Furthermore, in the processing procedure shown in Figure 16A, the management server 1 may appropriately verify that the matching was successful at the first server 2. For example, the first server 2 may also send the matching result to the management server 1. For example, the authentication request may further include a second identifier I20. If the matching is successful, the first server 2 may send the matching result, including the first identifier I10 and the second identifier I20, to the management server 1. In this way, the first server 2 can verify that the matching was successful at the management server For 1, the association request for the combination of first identifier I10 and second identifier I20 specified in the matching result may be enabled. That is, in one example, verification of successful matching may consist of receiving this matching result. Management server 1 may be configured to hold the matching result from first server 2, accept requests for association setting for the combination of first identifier I10 and second identifier I20 specified in the matching result, and reject other requests for association setting. Similarly, in the processing procedure of Figure 16B, management server 1 may appropriately verify that matching has been successful at second server 3.

[0270] Furthermore, in the processing procedures shown in Figures 16A and 16B, each server (2, 3) may send the authentication result to the management server 1 instead of returning it to each terminal (4, 5). This transmission method is an example of a method in which the linking request is sent to the management server 1 via an external server, and a method in which the authentication process is performed together with the linking request.

[0271] [5. Supplement] The processes and means described herein can be freely combined and implemented, provided that no technical inconsistencies arise.

[0272] Furthermore, a process described as being performed by a single device may be divided and executed by multiple devices. Conversely, a process described as being performed by different devices may be executed by a single device. In a computer system, the hardware configuration used to implement each function can be flexibly changed.

[0273] The present disclosure can also be realized by supplying a computer program implementing the functions described in the embodiments above to a computer, and having one or more processors in the computer read and execute the program. Such a computer program may be provided to the computer by a non-temporary computer-readable storage medium that can be connected to the computer's system bus, or it may be provided to the computer via a network. Non-temporary computer-readable storage mediums include, for example, any type of disk such as magnetic disks (floppy disks, hard disk drives (HDDs), etc.), optical disks (CD-ROMs, DVDs, Blu-ray discs, etc.), read-only memory (ROM), random access memory (RAM), EPROM, EEPROM, magnetic cards, flash memory, optical cards, semiconductor drives (solid-state drives, etc.), and any type of medium suitable for storing electronic instructions. [Explanation of symbols]

[0274] 1...Management server, 11...Control unit, 2...First server, 21...Control unit, 3...Second server, 31...Control unit, 4...First terminal, 41...Control unit, 47...Positioning module, 5...Second terminal, 51...Control unit, 57...Positioning module, 6... Terminal, 61... Control unit, PI…(Primary target) substitute individual, PR…(Primary target) requested substitute individual, TA…(Second target) target individual, I10...First identifier, I20...Second identifier, O10...Primary target information, O10A...User information, O20...Second target information, O20A...Mobile information, D10…Linking information, E10…Various information

Claims

1. Management server, The first terminal of the first target proxy individual, and The second terminal of the target individual of the second target, Equipped with, The first terminal is, The first target individual's terminal receives authorization information notifying the granting of agency authority, When a usage relationship is established between the aforementioned proxy individual and the aforementioned target individual, data is exchanged with the second terminal, and In the aforementioned data exchange, the authorization verification information is provided to the second terminal to request verification of the proxy authority. It is configured in such a way, The second terminal is configured to verify the agency authority using the authority verification information in response to the request from the first terminal. At least one of the first terminal and the second terminal is configured to send a linking request, including an authentication request for the proxy request individual, to the management server in response to the successful verification by the second terminal. The management server is configured to enable the proxy individual to exercise the authority of the proxy individual via the target individual by setting up a correspondence between the proxy individual and the target individual in response to the successful authentication of the proxy individual in response to the authentication request. system.

2. The aforementioned power of attorney has an expiration date set. The management server is further configured to terminate the correspondence between the proxy requesting individual and the target individual upon the expiration of the expiration date. The system according to claim 1.

3. The aforementioned agency authority is granted valid authority, The management server is further configured to terminate the correspondence between the proxy requesting individual and the target individual in response to the exercise or termination of the valid authority by the proxy individual. The system according to claim 1.

4. The management server is further configured to release the correspondence between the proxy requesting individual and the target individual in response to receiving a release request from the terminal of the proxy requesting individual. The system according to claim 1.

5. The management server is further configured to release the correspondence between the proxy requesting individual and the target individual when the proxy requesting individual sets up a correspondence between the proxy requesting individual and other second target individuals. The system according to claim 1.

6. The aforementioned authorization verification information includes the contact person who will perform the approval process, To verify the aforementioned agency authority, Inquire with the contact information included in the aforementioned authorization verification information, and As a result of executing the aforementioned approval process, an approval response is received. It is composed of, The system according to claim 1.

7. The second terminal is further configured to receive authentication information notifications from the terminal of the proxy requesting individual, The authorization verification information includes proxy authentication information corresponding to the authentication information, The verification of the agency authority is performed by comparing the agency authentication information included in the authority verification information with the authentication information notified from the terminal of the agency requesting individual. The system according to claim 1.

8. Sending the linking request to the management server consists of either directly sending the linking request to the management server or indirectly sending the linking request to the management server via an external server. The system according to claim 1.

9. The success or failure of the authentication in response to the aforementioned authentication request is determined by the management server or an external server. The system according to claim 1.

10. The aforementioned data exchange is performed by short-range wireless communication. The system according to claim 1.

11. The first terminal is equipped with a positioning module, The first terminal is, The positioning module of the first terminal measures the current location of the first terminal, The measurement result of the current location of the first terminal is transmitted to the management server. It is further configured in this way, The second terminal is equipped with a positioning module, The aforementioned second terminal is, The positioning module of the second terminal measures the current location of the second terminal, The measurement result of the current location of the second terminal is transmitted to the management server. It is further configured in this way, The aforementioned management server After establishing the correspondence between the proxy requesting individual and the target individual, the measurement results of the current locations of the first terminal and the second terminal are received from the first terminal and the second terminal. The system determines in real time whether the measurement results of the current locations of the first and second terminals received satisfy the conditions of the usage relationship. If the measurement results of the current locations of the first terminal and the second terminal satisfy the conditions of the usage relationship, the correspondence between the proxy requesting individual and the target individual is maintained; otherwise, the correspondence is terminated. It is further constructed in such a way. The system according to claim 1.

12. The first subject mentioned above is the user, The proxy individual of the first target is a proxy user, The first object of the proxy request is the proxy request user, The second object is the item used by the user. The system according to any one of claims 1 to 11.

13. The aforementioned object is a mobile object. The system according to claim 12.

14. On the first terminal of the first target proxy individual, Receiving authorization information notifying the granting of agency authority from the terminal of the first target individual requesting agency, When a usage relationship is established between the aforementioned proxy individual and the second target individual, data exchange is performed with the second terminal of the aforementioned target individual. In the aforementioned data exchange, the authority verification information is provided to the second terminal to request verification of the agency authority, and, Upon confirmation that the verification by the second terminal is successful, a linking request including an authentication request for the proxy requesting individual is sent to the management server, the linking request is sent jointly with the second terminal, or the linking request is sent to the second terminal, thereby causing the management server to set up a correspondence between the proxy requesting individual and the target individual in response to the successful authentication of the proxy requesting individual in response to the authentication request, thereby enabling the proxy individual to exercise the authority of the proxy requesting individual through the target individual. To execute program.

15. The aforementioned power of attorney has at least one of an expiration date and validity period set. The program according to claim 14.

16. The authorization verification information includes the contact person who will perform the approval process or the proxy authentication information used for the verification. The program according to claim 14.

17. On the second terminal of the target individual of the second target, When a usage relationship is established between the first target proxy and the target, data exchange is performed with the first terminal of the proxy. In the aforementioned data exchange, a request for verification of proxy authority, accompanied by authorization verification information, is received from the first terminal. In response to the request from the first terminal, verify the agency authority using the authority verification information, and Upon successful completion of the verification, a linking request including an authentication request for the proxy requesting individual is sent to the management server, the linking request is sent jointly with the first terminal, or the linking request is sent to the first terminal, thereby causing the management server to set up a correspondence between the proxy requesting individual and the target individual in response to the successful authentication of the proxy requesting individual in response to the authentication request, thereby enabling the proxy individual to exercise the authority of the proxy requesting individual through the target individual. To execute program.

18. The aforementioned power of attorney has at least one of an expiration date and validity period set. The program according to claim 17.

19. The aforementioned authorization verification information includes the contact person who will perform the approval process, To verify the aforementioned agency authority, Inquire with the contact information included in the aforementioned authorization verification information, and As a result of executing the aforementioned approval process, an approval response is received. It is composed of, The program according to claim 17.

20. The second terminal further implements receiving authentication information notifications from the terminal of the proxy requesting individual. Let it be done, The authorization verification information includes proxy authentication information corresponding to the authentication information, The verification of the agency authority is performed by comparing the agency authentication information included in the authority verification information with the authentication information notified from the terminal of the agency requesting individual. The program according to claim 17.