System, management server, and program
By managing the server and terminal to collaboratively set the correspondence between targets, the security and consistency of usage information issues in existing technologies are resolved. This enables a technical means to efficiently track the usage relationships of mobile objects in a MaaS environment, ensuring security and reducing the workload of the authentication process.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- TOYOTA JIDOSHA KK
- Filing Date
- 2023-09-22
- Publication Date
- 2026-07-07
AI Technical Summary
Existing technologies struggle to effectively track the usage relationships of moving objects while ensuring security, especially in MaaS environments where there are inconsistencies in usage information for rental vehicles and other situations without contracts or reservations.
By managing the collaborative work of the server, the first target terminal, and the second target terminal, a link request is sent based on the occurrence of usage relationships, and the correspondence between targets is set. When conditions permit, the authentication step of a certain target is omitted to reduce the workload.
It enables efficient tracking of usage relationships between targets while ensuring security, reducing the workload of the authentication process.
Smart Images

Figure 0007885760000001 
Figure 0007885760000002 
Figure 0007885760000003
Abstract
Description
Technical Field
[0005] , , ,
[0004] , , ,
[0001] The present disclosure relates to a system, a management server, and a program.
Background Art
[0002] In Patent Document 1, a fee collection system for collecting fees for services from vehicle users using a medium such as a card has been proposed. Specifically, the fee collection system proposed in Patent Document 1 is based on the ID of an ETC (Electronic Toll Collection System) card, the relationship between the rental car company, the rental date and time of the rental car, and the rental car user (billing information, registration information, settlement information, and usage information), and is configured to assign the toll for using the highway by the target rental car to the target user.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] One object of the present disclosure is to provide a technique for tracking the usage relationship between a first target and a second target while ensuring security and reducing the labor involved.
Means for Solving the Problems
[0005] A system according to a first aspect of this disclosure comprises a management server, a first terminal for a first target, and a second terminal for a second target. At least one of the first terminal and the second terminal is configured to send a linking request to the management server in response to the occurrence of a usage relationship between the first target and the second target. The management server is configured to set up a correspondence between the first target and the second target based on the linking request. Setting up the correspondence consists of obtaining authentication results for both the first target and the second target when a predetermined condition is not met, and setting up a correspondence between the first target and the second target in accordance with the obtained authentication results showing that authentication for both the first target and the second target is successful, and, when the predetermined condition is met, omitting authentication for one of the first target and the second target and obtaining the authentication result for the other target, and setting up a correspondence between the first target and the second target in accordance with the obtained authentication result showing that authentication for the other target is successful.
[0006] The management server according to a second aspect of this disclosure includes a control unit configured to set up a correspondence between the first target and the second target based on a linking request transmitted from at least one of the first terminal of the first target and the second terminal of the second target when a usage relationship occurs between the first target and the second target. Setting up the correspondence consists of obtaining authentication results for both the first target and the second target when a predetermined condition is not met, and setting up a correspondence between the first target and the second target in accordance with the obtained authentication results for both the first target and the second target indicating that authentication for both targets is successful, and omitting authentication for one of the first target and the second target and obtaining the authentication result for the other target when the predetermined condition is met, and setting up a correspondence between the first target and the second target in accordance with the obtained authentication result indicating that authentication for the other target is successful.
[0007] A program according to a third aspect of this disclosure is a program that causes a first terminal of a first target to send a linking request to a management server when a usage relationship occurs between the first target and the second target, to send the linking request jointly with a second terminal of the second target, or to cause the second terminal to send the linking request, thereby causing the management server to set up a correspondence between the first target and the second target. If a predetermined condition is not met, the linking request includes an authentication request for the first target and the second target, and setting up the correspondence between the first target and the second target is configured to set up the correspondence between the first target and the second target in accordance with the fact that the authentication of the first target and the second target performed based on the authentication request has been successful. If the predetermined condition is met, the authentication request for either the first target or the second target is omitted, the linking request includes an authentication request for the other target, and setting up the correspondence between the first target and the second target is configured to set up the correspondence between the first target and the second target in accordance with the fact that the authentication of the other target performed based on the authentication request has been successful.
[0008] The management server according to the fourth aspect of this disclosure includes a control unit configured to set up a correspondence between the first target and the second target based on a linking request transmitted from at least one of the first terminal of the first target and the second terminal of the second target when a usage relationship occurs between the first target and the second target. Setting up the correspondence consists of obtaining an authentication result for at least one of the first target and the second target if a predetermined condition is not met, setting up a correspondence between the first target and the second target depending on whether authentication is successful in the obtained authentication result, and omitting authentication for both the first target and the second target and setting up a correspondence between the first target and the second target depending on whether the predetermined condition is met and the linking request has been received.
[0009] A fifth aspect of this disclosure is a program that causes a first terminal of a first target to send a linking request to a management server when a usage relationship occurs between the first target and the second target, to send the linking request jointly with a second terminal of the second target, or to cause the second terminal to send the linking request, thereby causing the management server to set up a correspondence between the first target and the second target. If a predetermined condition is not met, the linking request includes an authentication request for at least one of the first target and the second target, and setting up the correspondence between the first target and the second target is configured to set up the correspondence between the first target and the second target in accordance with whether authentication of at least one of the first target and the second target, performed based on the authentication request, has been achieved. If the predetermined condition is met, both the authentication requests for the first target and the second target are omitted from the linking request, and setting up the correspondence between the first target and the second target is configured to set up the correspondence between the first target and the second target in accordance with the receipt of the linking request. [Effects of the Invention]
[0010] This disclosure provides technology that allows tracking the usage relationship between the first and second targets while ensuring security, and reduces the effort required to do so. [Brief explanation of the drawing]
[0011] [Figure 1] Figure 1 schematically illustrates an example of a scenario in which this disclosure applies. [Figure 2] Figure 2 schematically illustrates an example of a scenario to which this disclosure applies. [Figure 3A] Figure 3A schematically shows an example of the linked information according to this embodiment. [Figure 3B] Figure 3B schematically shows an example of user information according to this embodiment. [Figure 3C]FIG. 3C schematically shows an example of mobile body information according to the present embodiment. [Figure 4] FIG. 4 schematically shows an example of data exchange according to the present embodiment. [Figure 5] FIG. 5 schematically shows an example of the process of解除の過程の一例を模式的に示す. [Figure 6] FIG. 6 schematically shows an example of a predetermined condition according to the present embodiment. [Figure 7] FIG. 7 schematically shows an example of a predetermined condition according to the present embodiment. [Figure 8] FIG. 8 schematically shows an example of the confirmation process of continuous use according to the present embodiment. [Figure 9] FIG. 9 schematically shows an example of a usage scenario of association information according to the present embodiment. [Figure 10A] FIG. 10A schematically shows an example of the hardware configuration of the management server according to the present embodiment. [Figure 10B] FIG. 10B schematically shows an example of the hardware configuration of the first server according to the present embodiment. [Figure 10C] FIG. 10C schematically shows an example of the hardware configuration of the second server according to the present embodiment. [Figure 10D] FIG. 10D schematically shows an example of the hardware configuration of the first terminal according to the present embodiment. [Figure 10E] FIG. 10E schematically shows an example of the hardware configuration of the second terminal according to the present embodiment. [Figure 11] FIG. 11 schematically shows an example of the software configuration of each device according to the present embodiment. [Figure 12A] FIG. 12A shows an example of the processing procedure of association setting according to the present embodiment. [Figure 12B] FIG. 12B shows an example of the processing procedure of解除の処理手順の一例を示す. [Figure 13] FIG. 13 schematically shows another example of a scenario to which the present disclosure is applied. [Figure 14] FIG. 14 schematically shows an example of the authentication processing process when the first authentication method is adopted. It should be noted that the "解除の過程の一例を模式的に示す" and "解除の処理手順の一例を示す" in the original text seem to have some incorrect or unclear expressions. I have translated them as they are, but it may need to be further clarified in the original context. [Figure 15] FIG. 15 schematically shows an example of the authentication process when the second authentication method is adopted. [Figure 16] FIG. 16 schematically shows an example of the authentication process when the third - 1 authentication method is adopted. [Figure 17A] FIG. 17A schematically shows an example of the authentication process for the first target when the third - 2 authentication method is adopted. [Figure 17B] FIG. 17B schematically shows an example of the authentication process for the second target when the third - 2 authentication method is adopted. [Figure 18A] FIG. 18A schematically shows an example of the authentication process for the first target when the fourth authentication method is adopted. [Figure 18B] FIG. 18B schematically shows an example of the authentication process for the second target when the fourth authentication method is adopted.
MODE FOR CARRYING OUT THE INVENTION
[0012] According to the system proposed in Patent Document 1, a user can pay highway tolls by ETC even without holding their own ETC card. However, the inventors of the present invention have found that the conventional system has the following problems.
[0013] That is, with the diversification of MaaS (Mobility as a Service), benefits such as the improvement of settlement efficiency From a convenience standpoint, there is a need to track users' use of mobile vehicles while ensuring security. In contrast, conventional systems can maintain usage information, such as the correspondence between usage date and time and the user, based on rental car contracts or reservations. However, since this usage date and time depend on the contract or reservation, the usage information does not necessarily align with the user's actual use of the rental car. Furthermore, for vehicles used without a contract or reservation (e.g., private cars), the generation of usage information is not anticipated in the first place. Therefore, conventional systems cannot track users' use of mobile vehicles while ensuring security. This is difficult. Furthermore, this problem is not limited to situations involving vehicles. Similar problems can arise when using other types of moving objects (e.g., aircraft, ships, etc.) and when using multiple types of moving objects. Moreover, similar problems can arise in any usage scenario other than those involving moving objects.
[0014] In contrast, the system according to the first aspect of this disclosure comprises a management server, a first terminal for the first target, and a second terminal for the second target. At least one of the first terminal and the second terminal is configured to send a linking request to the management server in response to the occurrence of a usage relationship between the first target and the second target. The management server is configured to set up a correspondence between the first target and the second target based on the linking request. Setting up the correspondence consists of obtaining authentication results for both the first target and the second target when predetermined conditions are not met, and setting up a correspondence between the first target and the second target in accordance with the obtained authentication results showing that authentication for both the first target and the second target is successful, and, when predetermined conditions are met, omitting authentication for one of the first target and the second target and obtaining the authentication result for the other target, and setting up a correspondence between the first target and the second target in accordance with the obtained authentication result showing that authentication for the other target is successful.
[0015] In the first aspect of this disclosure, the usage relationship between the first and second targets can be tracked by setting up a correspondence (linking) between the first and second targets. In addition, if certain conditions are not met, security can be ensured by performing authentication on both the first and second targets when setting up the correspondence. On the other hand, if certain conditions are met, the effort can be reduced by omitting authentication on either the first or second target. Therefore, according to the first aspect of this disclosure, it is possible to track the usage relationship between the first and second targets while ensuring security, and to reduce the effort involved.
[0016] The forms of this disclosure are not limited to the examples described above. As another form of the system relating to the above embodiments, one aspect of this disclosure may be an information processing device, an information processing method, a program, or a machine-readable storage medium that stores such a program, which implements all or part of the above components. Here, a machine-readable storage medium is a medium that stores information such as a program by electrical, magnetic, optical, mechanical, or chemical action. The information processing device may be at least one of the management server, the first terminal, and the second terminal relating to the above embodiments. Furthermore, the system relating to the above embodiments may further include at least one of the first server involved in the authentication of the first target and the second server involved in the authentication of the second target.
[0017] For example, the management server according to a second aspect of this disclosure may include a control unit configured to set up a correspondence between the first target and the second target based on a linking request transmitted from at least one of the first terminal of the first target and the second terminal of the second target when a usage relationship occurs between the first target and the second target. Setting up the correspondence may consist of obtaining authentication results for both the first target and the second target when certain conditions are not met, and setting up a correspondence between the first target and the second target in accordance with the obtained authentication results showing that authentication for both the first target and the second target is successful, and omitting authentication for one of the first target and the other target when certain conditions are met, and setting up a correspondence between the first target and the second target in accordance with the obtained authentication results showing that authentication for the other target is successful.
[0018] Furthermore, for example, the program relating to the third aspect of this disclosure provides the first terminal of the first target to the first pair The program may cause the management server to set up a correspondence between the first and second targets by sending a linking request to the management server, sending a linking request jointly with the second terminal of the second target, or causing the second terminal to send a linking request, when a usage relationship occurs between the elephant and the second target. If the predetermined conditions are not met, the linking request may include authentication requests for the first and second targets, and setting up the correspondence between the first and second targets may be configured by setting up the correspondence between the first and second targets in accordance with the fact that the authentication of the first and second targets performed based on the authentication request has been successful. If the predetermined conditions are met, the authentication request for either the first or second target may be omitted, the linking request may include an authentication request for the other target, and setting up the correspondence between the first and second targets may be configured by setting up the correspondence between the first and second targets in accordance with the fact that the authentication of the other target performed based on the authentication request has been successful.
[0019] Furthermore, from the perspective of balancing security and reduction of effort, the forms of authentication omission are not limited to the examples of the above-described embodiments. In another example, if a predetermined condition is not met, authentication for at least one of the first and second targets is performed, whereas if the predetermined condition is met, authentication for both the first and second targets may be omitted.
[0020] For example, the management server according to the fourth aspect of this disclosure may include a control unit configured to set up a correspondence between the first target and the second target based on a linking request transmitted from at least one of the first terminal of the first target and the second terminal of the second target when a usage relationship occurs between the first target and the second target. Setting up the correspondence may consist of obtaining an authentication result for at least one of the first target and the second target if a predetermined condition is not met, setting up a correspondence between the first target and the second target depending on whether authentication is successful in the obtained authentication result, and omitting authentication for both the first target and the second target and setting up a correspondence between the first target and the second target depending on whether an linking request has been received if a predetermined condition is met.
[0021] Furthermore, for example, a program relating to the fifth aspect of this disclosure may be a program that causes a first terminal of the first target to send a linking request to a management server when a usage relationship occurs between the first target and the second target, to send a linking request jointly with a second terminal of the second target, or to cause a linking request to be sent to the second terminal, thereby causing the management server to set up a correspondence between the first target and the second target. If a predetermined condition is not met, the linking request may include an authentication request for at least one of the first target and the second target, and setting up the correspondence between the first target and the second target may be configured by setting up the correspondence between the first target and the second target in accordance with whether authentication for at least one of the first target and the second target performed based on the authentication request has been successful. If a predetermined condition is met, both the authentication requests for the first target and the second target may be omitted from the linking request, and setting up the correspondence between the first target and the second target may be configured by setting up the correspondence between the first target and the second target in accordance with the receipt of the linking request.
[0022] Hereinafter, embodiments relating to one aspect of this disclosure (hereinafter also referred to as "this embodiment") will be described based on the drawings. However, this embodiment described below is merely illustrative in all respects of this disclosure. Various improvements or modifications may be made without departing from the scope of this disclosure. In implementing this disclosure, specific configurations may be adopted as appropriate depending on the embodiment. Although the data appearing in this embodiment is described in natural language, more specifically, it is specified in computer-recognizable pseudo-language, commands, parameters, machine code, etc.
[0023] [1. Application Examples] Figure 1 schematically shows an example of a scenario in which this disclosure is applied. The system 100 according to this embodiment consists of a management server 1, a first terminal 4, and a second terminal 5. The management server 1 is one or more computers configured to record the correspondence (linking) between the first target VA and the second target WA. The first terminal 4 corresponds to the first target VA, and the second terminal 5 corresponds to the second target WA. The first terminal 4 is assigned to each first target VA, and the second terminal 5 is assigned to each second target WA.
[0024] In this embodiment, at least one of the first terminal 4 and the second terminal 5 is configured to send a linking request to the management server 1 in response to the occurrence of a usage relationship between the first target VA and the second target WA. For example, a one-to-one usage relationship occurs between the first target VA and the second target WA. That is, a usage relationship occurs between one first target VA and one second target WA. One first target VA is a single individual first target VA, and one second target WA is a single individual second target WA. The individual with whom the usage relationship has occurred may be referred to as the "corresponding individual" or "target individual". In response to the occurrence of this usage relationship, at least one of the first terminal 4 corresponding to the corresponding individual of the first target VA and the second terminal 5 corresponding to the corresponding individual of the second target WA sends a linking request to the management server 1 (step S10).
[0025] In response, the management server 1 receives a linking request from at least one of the first terminal 4 of the first target VA and the second terminal 5 of the second target WA. Upon receiving this linking request, the management server 1 accepts the setting of the correspondence relationship between the first target VA and the second target WA (step S20). Based on the received linking request, the management server 1 sets the correspondence relationship (linking) between the first target VA and the second target WA (step S30). In one example, the management server 1 may generate linking information D10 that shows the setting of the correspondence relationship between the first target VA and the second target WA, and may save the generated linking information D10.
[0026] In this embodiment, authentication processing for the first target VA and the second target WA is provided in relation to setting the correspondence relationship. The authentication processing for each target (VA, WA) may be performed at any time before setting the correspondence relationship. In addition, predetermined conditions are provided as conditions for enabling the simplification of the authentication process. Accordingly, if the predetermined conditions are not met, setting the correspondence relationship consists of obtaining the authentication results for both the first target VA and the second target WA, and setting the correspondence relationship between the first target VA and the second target WA based on the obtained authentication results showing that authentication for both the first target VA and the second target WA is successful. On the other hand, if the predetermined conditions are met, setting the correspondence relationship consists of omitting the authentication of either the first target VA or the second target WA and obtaining the authentication result for the other target, and setting the correspondence relationship between the first target VA and the second target WA based on the obtained authentication result showing that authentication for the other target is successful.
[0027] Furthermore, when a usage relationship is established between the first target VA and the second target WA, data exchange may be performed between the first terminal 4 corresponding to the relevant individual of the first target VA and the second terminal 5 corresponding to the relevant individual of the second target WA. A linking request may be executed in conjunction with this data exchange. The series of processes from the linking request to the linking setting may be executed in real time in response to the establishment of a usage relationship. After setting, the correspondence relationship (linking) may be canceled at any time. For example, the correspondence relationship may be canceled when the usage relationship ceases to exist.
[0028] Furthermore, as long as each individual for which a correspondence relationship has been established can be identified, the format of the information indicating the establishment of the correspondence relationship is not particularly limited and may be determined as appropriate depending on the embodiment. For example, each first target VA may be given a first identifier I10, and each individual of the first target VA may be identified by the first identifier I10. Similarly, each second target WA may be given a second identifier I20, and each individual of the second target WA may be identified by the second identifier I20. Accordingly, establishing a correspondence between the first target VA and the second target WA may be done by establishing a correspondence between the first identifier I10 assigned to the corresponding individual of the first target VA and the second identifier I20 assigned to the corresponding individual of the second target WA. In other words, the establishment of the correspondence may be expressed using the first identifier I10 and the second identifier I20.
[0029] As described above, in this embodiment, by setting a correspondence (linking) between the first target VA and the second target WA, the usage relationship between the relevant individuals of the first target VA and the second target WA can be tracked. In addition, in this embodiment, if the predetermined conditions are not met, security can be ensured by performing authentication on both the first target VA and the second target WA when setting the correspondence. On the other hand, if the predetermined conditions are met, the effort can be reduced by omitting authentication on either the first target VA or the second target WA. Therefore, according to this embodiment, it is possible to track the usage relationship between the first target VA and the second target WA while ensuring security, and to reduce the effort involved.
[0030] (subject) The first target VA and the second target WA are not particularly limited as long as a utilization relationship can be established, and may be appropriately selected depending on the embodiment. The first target VA and the second target WA may each be any thing, such as an object, a person, or another living being. Any thing may include a virtual thing. The establishment of a utilization relationship may be a real or virtual relationship between at least two things, such as one using the other, one possessing the other, one joining to the other, or one connecting to the other. The system 100 of this disclosure may be used in any situation in which a correspondence between two or more things is tracked.
[0031] (terminal) Each terminal (4, 5) relates to each object (VA, WA). The relationship between each terminal (4, 5) and each object (VA, WA) is not particularly limited and may be determined as appropriate depending on the embodiment. For example, the first terminal 4 may accompany the corresponding first object VA, and the second terminal 5 may accompany the corresponding second object WA. Accompanying may include being temporarily or permanently deployed inside or outside the object, being possessed by the object (person), and being possessed by a person involved with the object (object). Deploying may include loading. Loading may include being permanently placed in the object, as well as being placed in the object at least temporarily when the object is being used. Loading may include being possessed by the user of the object. In addition, either the first terminal 4 or the second terminal 5 may be the object itself. With respect to each terminal (4, 5), multiple terminals may be used as the same individual terminal, for example, such as when one user shares an account across multiple terminals. In this case, multiple terminals used on the same individual may be interpreted as a single terminal on that individual.
[0032] (Server 1 / Server 2) For example, to show the details of each individual first target VA, first target information O10 relating to the first target VA may be used. First target information O10 may include a first identifier I10. First target information O10 may also include information used for authenticating the first target VA (such as registered unique information). Similarly, to show the details of each individual second target WA, second target information O20 relating to the second target WA may be used. Second target information O20 may include a second identifier I20. Second target information O20 may also include information used for authenticating the second target WA. First target information O10 and second target information O20 may be stored in any storage area. At least a portion of first target information O10 and second target information O20 may be stored in a manner accessible from at least one of the management server 1, the external server, and each terminal (4, 5).
[0033] The first target information O10 and the second target information O20 may be managed as appropriate. In the example in Figure 1, the first server 2 may be configured to manage the first target information O10, and the second server 3 may manage the first target information O10. The system may be configured to manage the second target information O20. The first server 2 and the second server 3 may each consist of one or more server devices. The first target information O10 may be stored in memory resources located at least one of the internal and external locations of the first server 2, accessible from the first server 2. The second target information O20 may be stored in memory resources located at least one of the internal and external locations of the second server 3, accessible from the second server 3. Internal memory resources may include, for example, RAM (Random Access Memory), auxiliary storage devices, storage media, etc. External memory resources may include, for example, external storage devices, external computers (NAS: Network Attached Storage, etc.). In another example, each target information (O10, O20) may be stored in the memory resources of the management server 1.
[0034] The unit for managing each piece of target information (O10, O20) is not particularly limited and may be determined as appropriate depending on the embodiment. At least one of the first piece of target information O10 and the second piece of target information O20 may be managed centrally (as a whole) or distributed (separately) for each arbitrary group. The server devices constituting each server (2, 3) may be deployed by one or more operating organizations (entities). At least one of the first server 2 and the second server 3 may be deployed by multiple operating organizations. When deployed by multiple operating organizations, the target information may be shared (i.e., managed centrally) or distributed for each operating organization.
[0035] Furthermore, the first server 2 may be involved in the authentication of the first target VA. Involvement in authentication may include determining whether authentication is successful or unsuccessful (direct involvement) and indirect involvement (for example, providing information for determining whether authentication is successful or unsuccessful). When determining whether authentication for the first target VA is successful or unsuccessful, the first server 2 is an example of an external server (external authentication server) that determines whether authentication for the first target VA is successful or unsuccessful. The second server 3 may be involved in the authentication of the second target WA. When determining whether authentication for the second target WA is successful or unsuccessful, the second server 3 is an example of an external server (external authentication server) that determines whether authentication for the second target WA is successful or unsuccessful.
[0036] (identifier) In one example, identifiers (I10, I20) may be used to identify each individual of each target (VA, WA). The data format and structure of each identifier (I10, I20) are not particularly limited, as long as they can identify each individual of each target (VA, WA), and may be appropriately selected depending on the embodiment. In one example, each identifier (I10, I20) may consist of a sequence of symbols including numbers, letters, etc. In another example, each identifier (I10, I20) may use unique information such as identification information uniquely assigned to each target (VA, WA) and information originating from each terminal (4, 5). The uniquely assigned identification information may be, for example, a vehicle registration number, a vehicle identification number (VIN), or a personal identification number. If an IC tag is attached to the target, the uniquely assigned identification information may include information held by the IC tag. Information originating from each terminal (4, 5) includes, for example, the MAC address (Media Access Control address) and terminal identification information (IMEI: International Mobile Equipment Identifier, IMSI: This may be International Mobile Subscriber Identity (MEID: Mobile Equipment Identifier), ICCID: Integrated Circuit Card ID, or other serial numbers, etc.
[0037] (Management Server) The management server 1 is configured to set up a correspondence between the first target VA and the second target WA in response to a linking request from at least one of the first terminal 4 and the second terminal 5. In one example, the management server 1 may receive the linking request directly from at least one of the first terminal 4 and the second terminal 5, or it may receive it indirectly via an external server. That is, sending a linking request to the management server 1 can be done by sending the linking request directly to the management server 1, or by sending the linking request indirectly to the management server 1 via an external server. The configuration may be as follows. The external servers may include, for example, a first server 2, a second server 3, etc. In one example, indirect transmission may be configured by simply having an external computer relay the linking request. In another example, indirect transmission may be configured by sending a request for processing involved in linking to an external computer, such as requesting each server (2, 3) to authenticate each target (VA, WA) and having them send the authentication results to the management server 1, and then having the external computer send some information to the management server 1 according to the result of its execution. In other words, the linking request may be sent from the external computer to the management server 1 as a result of data communication for other purposes to the external computer.
[0038] Management Server 1 may receive a linking request (a request to set up a link) in response to the occurrence of a usage relationship, and may set up a correspondence between the relevant individuals of the first target VA and the second target WA in response to the received linking request. Management Server 1 may receive a release request (a request to release the link) in response to the termination of a usage relationship, and may release the correspondence as appropriate in response to the received release request. The linking request and release request may be configured to specify the relevant individuals to be processed in any way. In a typical example, the linking request and release request may be configured to specify the relevant individuals to be processed by including a first identifier I10 and a second identifier I20, respectively. However, the method of specifying the relevant individuals to be processed is not limited to this example and may be changed as appropriate depending on the embodiment. In another example, at least one of the linking request and the release request may omit at least one of the first identifier I10 and the second identifier I20 by using alternative information. For example, identifiers may be assigned as alternative information to the combination of relevant individuals of the first target VA and the second target WA (linking setting). The assignment of identifiers may be performed at any time, for example, when the initial linking is set up. At least one of the linking request and the unlinking request may be configured to include this identifier, thereby specifying the corresponding individual for each target (VA, WA) to be processed, without including at least one of the first identifier I10 and the second identifier I20.
[0039] The management server 1 may consist of one or more server devices. In this embodiment, the management server 1 may be configured to record information regarding the occurrence and termination of correspondence between the first target VA and the second target WA as linking information D10. The linking information D10 may be stored in memory resources deployed both inside and outside the management server 1. Internal memory resources may include, for example, RAM, auxiliary storage devices, storage media, etc. External memory resources may include, for example, external storage devices, external computers (NAS, etc.), etc.
[0040] The resulting linking information D10 can be used in various situations. For example, linking information D10 can be used to track the relationship between a first target VA and a second target WA. Specifically, while a correspondence relationship is established between the first target VA and the second target WA, linking information D10 can be used to enable the exercise of authority associated with either the first target VA or the second target WA (first target information O10 and second target information O20) from the other. In other words, linking information D10 can be used to enable the exercise of authority on either the first target VA or the second target WA from the other, depending on the linking of the first target VA and the second target WA (Figure 2, described later).
[0041] In one example of this embodiment, the linking information D10 may include information on the first identifier I10 and second identifier I20 of the corresponding individual, as it indicates a combination of a first target VA and a second target WA for which a correspondence relationship has been established. The management server 1 may acquire each identifier (I10, I20) of each target as appropriate. In one example, the management server 1 may not pre-store information on the first identifier I10 and second identifier I20 for which the correspondence relationship is established, but may acquire it each time from at least one of the servers (2, 3) and each terminal (4, 5). In another example, the management server 1 establishes the correspondence relationship. Information on at least one of the defined first identifier I10 and second identifier I20 may be stored in advance.
[0042] The relationship between the management server 1 and each server (2, 3) is arbitrary. In one example, the management server 1 may overlap with the management server of at least one of the first server 2 and the second server 3. In another example, the management server 1 may be different from the management servers of the first server 2 and the second server 3. The system 100 of this disclosure may be produced by the management server 1 being connected to each terminal (4, 5) via a network, and each being deployed in a state capable of performing the above information processing according to the intent of the management server 1's operating body. If each server (2, 3) is involved in information processing related to linking (e.g., authentication processing), each server (2, 3) may be interpreted as being included in the system 100. In this case, the system 100 of this disclosure may be produced by the management server 1 being further connected to each server (2, 3) via a network, and each server (2, 3) being further deployed in a state capable of performing information processing related to linking.
[0043] (Operation example) In one example, one of the first target VA and the second target WA may be a user. Of the first terminal 4 and the second terminal 5, the terminal corresponding to the user may be a user terminal associated with that user. The other of the first target VA and the second target WA may be a usable item used by the user. Of the first terminal 4 and the second terminal 5, the terminal corresponding to the usable item may be a loading terminal loaded onto the usable item. According to this example embodiment, the usage relationship between the user and the usable item can be tracked.
[0044] The type of object used is not particularly limited as long as it can be used by the user, and may be appropriately selected depending on the embodiment. For example, the object used may be a mobile device. According to this example embodiment, the usage relationship between the user and the mobile device can be tracked. The type of mobile device may be appropriately selected. A mobile device may be, for example, a vehicle, a railway vehicle, an aircraft (aircraft, drone, etc.), a ship, etc. A mobile device may be at least one of a manually controlled manned aircraft or an automatically controlled unmanned aircraft. If the mobile device is a vehicle, the type of vehicle may be arbitrarily selected. The type of vehicle may be, for example, a two-wheeled vehicle, a three-wheeled vehicle, a four-wheeled vehicle, etc. A vehicle may include a private car, a rental car, a shared car, a taxi, a bus, etc. A vehicle may be at least one of an autonomous vehicle or a manually driven vehicle. The loading terminal may be called a mobile device terminal.
[0045] Figure 2 schematically shows one embodiment of a scenario in which the System 100 of this Disclosure is applied. In the example in Figure 2, the first target VA is the user, and the second target WA is the mobile object. For convenience, in the following explanation of the example in Figure 2, "first" will be treated as relating to the user and "second" as relating to the mobile object. However, the correspondence between "first" and "second" is not limited to the example in Figure 2. "First" and "second" may be interchangeable. That is, the second target WA may be the user, and the first target VA may be the mobile object.
[0046] When the first target VA is a user, an example of the first terminal 4 is a user terminal. The user terminal may be any computer, such as a mobile terminal (smartphone, etc.), a dedicated device (electronic key device, etc.), or other computer device. Typically, the user terminal may be owned by the user who is the linked target (each individual first target VA). The user's account may be shared among multiple computers, and accordingly, each computer sharing the account may be used as a user terminal (first terminal 4) of the same user.
[0047] An example of the first identifier I10 is the user identifier (user ID, My ID). The user identifier may be, for example, the user account ID, personal number, or user terminal identification information (for example, This may include MAC address, terminal identification information, etc. An example of the first target information O10 is user information O10A. User information O10A may include arbitrary information about the user. For example, user information O10A may include information about the authority of the corresponding user (the corresponding individual user) and be associated with various information E10 for exercising said authority. Various information E10 may include, for example, public personal authentication information, payment information, and other service-related information. Public personal authentication information may include, for example, a personal number. Payment information may include, for example, credit card information, internet banking information, electronic payment information, etc. Other service-related information may include, for example, information about electronic prescriptions (insurer number, prescription information, etc.). Various information E10 may be managed by an external system or by system 100. The first server 2 may be deployed by a public institution, a neutral institution, various businesses (vehicle manufacturers, service operating companies, etc.). The first server 2 may be called a user ID server, a My ID server, etc.
[0048] On the other hand, when the second target WA is a mobile object, an example of the second terminal 5 is a mobile terminal (loaded terminal). A mobile terminal may be, for example, a terminal attached to the inside or outside of a mobile object, a terminal carried by a person involved in the operation of the mobile object (e.g., driver, conductor, etc.), or equipment deployed in the facilities of the mobile object (e.g., ticket gate, etc.). When the mobile object is a vehicle, the mobile terminal may be called an in-vehicle terminal.
[0049] An example of the second identifier I20 is a mobile identifier (mobile ID, car ID). The mobile identifier may be, for example, the ID of a mobile account, identification information uniquely assigned to the target mobile (e.g., vehicle registration number, vehicle identification information, etc.), or identification information of a mobile terminal. An example of the second target information O20 is mobile information O20A. Mobile information O20A may include arbitrary information about the mobile. In the example in Figure 2, depending on the linking settings between the user and the mobile, at least some of the permissions of the various information E10 associated with user information O10A may be enabled (activated) by the mobile. The second server 3 may be deployed by public institutions, neutral institutions, various businesses (vehicle manufacturers, service operators, etc.). The second server 3 may be referred to as a mobile ID server, car ID server, etc.
[0050] A mobile object is an example of a usable object. The configuration shown in Figure 2 can be applied to any case where the user (possessor) of the usable object changes dynamically. In addition to a mobile object, the usable object may be, for example, rental items, accommodation facilities, etc. Rental items may include rental offices, rental spaces, etc.
[0051] System 100 may be configured to establish a correspondence (linking) between the user (first identifier I10) and the corresponding individual item of use (second identifier I20) in response to the start of use of the item. System 100 may also be configured to release the correspondence (linking) between the respective individuals in response to the end of use. The start and end of use may be detected by any method at the timing of, for example, getting on and off a vehicle, lending and returning the item. In one example, at least one of the start and end of use may be detected in response to the execution of data exchange between the first terminal 4 and the second terminal 5.
[0052] Furthermore, items for use can be divided into at least two types: those that can be used repeatedly over a long period of time, and those that can be used temporarily. For the sake of explanation, the former will be referred to as "regularly used items," and the latter as "temporarily used items." An example of regularly used items is the user's property, such as a private car. It is desirable that items that can be used repeatedly over a long period of time be selected as regularly used items. An example of temporarily used items is items owned by someone other than the user, such as rental cars, shared cars, public transportation vehicles, rental items, and accommodation facilities. Public transportation vehicles include, for example, taxis, buses, train cars, aircraft, and ships.
[0053] In system 100, the type of user (whether it is a regularly used item or a temporary item) may or may not be distinguished. If the type of user is distinguished, system 100 may determine the type of user in any way. For example, the target information (such as mobile information) may include information indicating the type of user, and system 100 may determine the type of user based on this information. In another example, the type of user may be determined from information such as an identifier or attribute information. In yet another example, the information transmitted from at least one of the first terminal 4 and the second terminal 5 to the management server 1 may include information indicating the type of user, and system 100 may determine the type of user based on this information. In yet another example, if the operating organization of the server handling the user information (second server 3 in the example of Figure 2) is determined according to the type of user, the type of user may be determined according to the affiliation of the operating organization of the server.
[0054] Furthermore, the system 100 may switch the form of, for example, the linking setting process, the conditions for unlinking, the management method of the linking information D10, and the authentication process, depending on the type of user identified.
[0055] Furthermore, the application of System 100 of this disclosure is not limited to situations where relationships between users and objects are tracked. In another example, both the first target VA and the second target WA may be robotic devices configured to operate autonomously through automatic control. The robotic devices may include mobile objects such as autonomous vehicles and drones. In situations where two or more robotic devices interact autonomously, System 100 of this disclosure may be used to track the occurrence and termination of relationships between the robotic devices.
[0056] As a specific example, one of the first target VA and the second target WA may be a large autonomous vehicle, and the other may be a small autonomous vehicle. The large autonomous vehicle may be configured to accommodate multiple small autonomous vehicles. The small autonomous vehicles may not be able to ride in multiple large autonomous vehicles simultaneously (i.e., at any given time, the small autonomous vehicles are accommodated in only one large autonomous vehicle). Accordingly, the first target VA may be a small autonomous vehicle, and the second target WA may be a large autonomous vehicle. The large autonomous vehicle may retrieve, transport, and release each small autonomous vehicle as appropriate. Each small autonomous vehicle may be operated as appropriate at its release destination. In this case, the system 100 of this disclosure may be configured to track the operational status (e.g., whether or not it is being transported) by setting, switching, and releasing the correspondence between the large autonomous vehicle and the small autonomous vehicles.
[0057] (Linking information) Figure 3A schematically shows an example of the linking information D10 according to this embodiment. In the example in Figure 3A, it is assumed that a form is adopted in which the setting of the correspondence relationship is expressed using a first identifier I10 and a second identifier I20. The linking information D10 includes the first identifier I10, the second identifier I20, the setting time, and the release time. The first identifier I10 and the second identifier I20 indicate the corresponding individual of the first target VA and the corresponding individual of the second target WA for which the correspondence relationship (linking) has been set. The setting time indicates the time when the correspondence relationship was set. The setting time may consist of a timestamp. The release time indicates the time when the correspondence relationship was released. The value of the release time may be added when the process of releasing the correspondence relationship is executed. The method of expressing release is not limited to this example. In another example, the release time may be replaced with at least one of an expiration date and a flag. The expiration date indicates the period during which the setting of the correspondence relationship is valid. In this case, whether or not the setting of the correspondence relationship is valid (i.e., whether the correspondence relationship is set or released) is indicated depending on whether or not it is within the expiration date. The flag indicates whether the correspondence has been broken or not. The flag may be set when the process of breaking the correspondence is executed. In another example, the linking information D10 may have a field for the time of break, along with an expiration date and a flag. It is not necessary to include one of them. Furthermore, as long as the setting of the correspondence relationship can be shown, the configuration of the linking information D10 is not limited to the example in Figure 3A and may be appropriately changed depending on the embodiment. In another example, the linking information D10 may further include information indicating the type of item used (whether it is an item used regularly or an item used temporarily). The type of item used does not necessarily have to be identified by separate information. For example, the type of item used may be identified by information such as an identifier.
[0058] The data format of the linking information D10 is not particularly limited and may be appropriately selected depending on the embodiment. The linking information D10 may be stored in any database infrastructure. In one example, the linking information D10 may be stored in a relational database such as a table. In another example, the linking information D10 may be stored on a blockchain infrastructure. In this case, each linking setting and unlinking transaction may be accumulated on the blockchain as linking information D10. For example, a linking setting transaction may include a first identifier I10, a second identifier I20, and the setting time. An unlinking transaction may include a first identifier I10, a second identifier I20, and the unlinking time (or information indicating unlinking).
[0059] (First target information) The first target information O10 may include any information relating to the first target VA. For example, the first target information O10 may include the first identifier I10, attribute information of the first target VA, information relating to authorizations, etc. In the example in Figure 2, user information O10A is an example of the first target information O10.
[0060] Figure 3B schematically shows an example of user information O10A according to this embodiment. In the example in Figure 3B, user information O10A includes a user ID (first identifier I10), attribute information, and authorization information. The attribute information may include arbitrary information relating to the attributes of the corresponding user. For example, attribute information may include personal information such as name, address, age, gender, and contact information. The authorization information relates to the authorizations of the corresponding user. For example, authorization information may include information for coordinating with a server that performs information processing related to the target authorization, and information indicating association with various types of information E10. Note that the configuration of user information O10A is not limited to the example in Figure 3B and may be modified as appropriate depending on the embodiment. For example, user information O10A (first target information O10) may further include information used for user (first target VA) authentication (for example, registered unique information).
[0061] The data format of the first target information O10 (user information O10A) is not particularly limited and may be appropriately selected depending on the embodiment. The first target information O10 (user information O10A) may be stored in any database infrastructure. In one example, the first target information O10 (user information O10A) may be stored in a relational database such as a table format. In another example, the first target information O10 (user information O10A) may be stored on a blockchain infrastructure.
[0062] (Second target information) The second target information O20 may include any information relating to the second target WA. For example, the second target information O20 may include the second identifier I20, attribute information of the second target WA, information relating to authorization, etc. In the example in Figure 2, mobile information O20A is an example of the second target information O20.
[0063] Figure 3C schematically shows an example of mobile information O20A according to this embodiment. In the example in Figure 3C, mobile information O20A includes a mobile ID (second identifier I20) and attribute information. The attribute information includes a number, type (type of object), mobile type, and owner information. If the mobile is a vehicle, the number may be the vehicle registration number. The type may be defined arbitrarily. In one example, the type is defined to indicate a category that can distinguish between regularly used and temporarily used items, such as private cars, rental cars, shared cars, and public transport mobiles. Good. Accordingly, the second target WA (mobile object) may be identified as a permanent or temporary object by attribute information of its type. However, the method for identifying whether or not it is a permanent object is not limited to this example and may be appropriately selected depending on the embodiment. In another example, the second target WA may be identified as a permanent or temporary object by other information such as an identifier. The mobile object type indicates, for example, the type of vehicle. If the mobile object type and the type (type of target) are the same, the mobile object type field may be omitted. Owner information may include arbitrary information about the owner of the mobile object. Owner information may include, for example, the owner's personal information such as name, address, age, gender, and contact information. The owner may be a corporation. Note that the configuration of mobile object information O20A is not limited to the example in Figure 3C and may be appropriately modified depending on the embodiment. For example, mobile object information O20A (second target information O20) may further include information used for authentication of the mobile object (second target WA) (for example, registered unique information). Furthermore, the structure of the attribute information may be modified as appropriate. For example, the mobile device information O20A (attribute information) may further include information about the mobile device, such as the mobile device's contact information.
[0064] The data format of the second target information O20 (mobile entity information O20A) is not particularly limited and may be appropriately selected depending on the embodiment. The second target information O20 (mobile entity information O20A) may be stored in any database infrastructure. In one example, the second target information O20 (mobile entity information O20A) may be stored in a relational database such as a table format. In another example, the second target information O20 (mobile entity information O20A) may be stored on a blockchain infrastructure.
[0065] (Data exchange) In this embodiment, a series of processes related to the linking settings may be initiated by data exchange between the first terminal 4 and the second terminal 5. That is, the first terminal 4 and the second terminal 5 may be configured to perform data exchange when a usage relationship occurs between the first target VA and the second target WA. The occurrence of a usage relationship (start of usage) may be detected by this data exchange. According to one example of this embodiment, it can be expected that the occurrence of a usage relationship can be easily detected by data exchange.
[0066] The method of data exchange is not particularly limited and may be appropriately selected depending on the embodiment. For example, data exchange between the first terminal 4 and the second terminal 5 may be performed by wireless or wired data communication. Wireless communication may be performed by, for example, NFC (Near Field Communication), Bluetooth (registered trademark), Wi-Fi (registered trademark), etc. Wired communication may be performed by, for example, wired LAN (Local Area Network), USB (Universal Serial Bus), etc. Data communication may take place directly between the first terminal 4 and the second terminal 5, or indirectly via another computer. In another example, data exchange may be performed by methods other than data communication, such as reading a two-dimensional code. For example, data exchange may take place when one of the first terminal 4 or the second terminal 5 displays data on a display, and the other uses a sensor, such as an image sensor, to read the displayed data.
[0067] Figure 4 schematically shows an example of data exchange according to this embodiment. In this example, the first terminal 4 may be equipped with a short-range wireless communication module 431. The second terminal 5 may be equipped with a short-range wireless communication module 531. Accordingly, data exchange between terminals may be performed by short-range wireless communication. The types of each short-range wireless communication module (431, 531) are not particularly limited and may be appropriately selected according to the embodiment. Short-range wireless communication can be, for example, NFC, Bluetooth®, Wi-Fi®, RFID (Radio-Frequency Identification). This may include Identification, ZigBee®, infrared communication (infrared transmission), etc. In one example of this embodiment, the occurrence of a usage relationship can be detected by triggering data exchange via short-range wireless communication. Furthermore, the first terminal 4 and Since it is possible to guarantee the existence of the second terminal 5, it can be expected that the occurrence of a usage relationship between the first target VA and the second target WA can be properly detected.
[0068] The linking request may include at least one of the first identifier I10 and the second identifier I20. If the linking request includes the first identifier I10, the first identifier I10 may be transmitted from at least one of the first terminal 4 and the second terminal 5. If the first identifier I10 is transmitted from the first terminal 4, the first terminal 4 may acquire the first identifier I10 at any time. In one example, the first identifier I10 may be stored in the memory resources of the first terminal 4 beforehand. The first terminal 4 may acquire the first identifier I10 from the memory resources. In another example, the first terminal 4 may acquire the first identifier I10 using an input device, sensor, etc. If the first identifier I10 is transmitted from the second terminal 5, the second terminal 5 may be given the first identifier I10 from the first terminal 4 during data exchange, or may acquire it through its own actions. In one example, the second terminal 5 may acquire the first identifier I10 from the first terminal 4 via data communication. In another example, the second terminal 5 may obtain the first identifier I10 from the first terminal 4 by a method other than data communication, such as reading the first identifier I10 displayed as a two-dimensional code on the first terminal 4. In yet another example, the second terminal 5 may obtain the first identifier I10 from either the first target VA or the first terminal 4 using a device such as an input device or a sensor. Obtaining from the first target VA may include obtaining it by having the person related to the second target WA operate a device on behalf of the first target VA, when the second target WA is an object and there is a person related to the second target WA (for example, the second target WA is a person, the second target WA is operated by a person, etc.).
[0069] Similarly, if the linking request includes a second identifier I20, the second identifier I20 may be transmitted from at least one of the first terminal 4 and the second terminal 5. If the second identifier I20 is transmitted from the second terminal 5, the second terminal 5 may acquire the second identifier I20 at any time. In one example, the second identifier I20 may be stored in the memory resources of the second terminal 5 beforehand. The second terminal 5 may acquire the second identifier I20 from the memory resources. In another example, the second terminal 5 may acquire the second identifier I20 using an input device, sensor, etc. If the second identifier I20 is transmitted from the first terminal 4, the first terminal 4 may be given the second identifier I20 by the second terminal 5 during data exchange, or may acquire it through its own actions. In one example, the first terminal 4 may acquire the second identifier I20 from the second terminal 5 via data communication. In another example, the first terminal 4 may obtain the second identifier I20 from the second terminal 5 by a method other than data communication, such as reading the second identifier I20 displayed as a two-dimensional code on the second terminal 5. In yet another example, the first terminal 4 may obtain the second identifier I20 from either the second target WA or the second terminal 5 using a device such as an input device or a sensor. Obtaining from the second target WA may include obtaining it by having the person related to the first target VA operate the device on behalf of the person related to the first target VA when the second target WA is an object and the person related to the first target VA operates the device on their behalf.
[0070] For example, in the example shown in Figure 2 above, the first terminal 4 may obtain the second identifier I20 (mobile identifier) from the second terminal 5 by data communication or reading a code. If the second identifier I20 is a vehicle registration number, the first terminal 4 may obtain the second identifier I20 by photographing the license plate with an image sensor and analyzing the obtained image. The first terminal 4 may also obtain the second identifier I20 via an input device. The second terminal 5 may obtain the second identifier I20 as appropriate. In addition, the second terminal 5 may obtain the first identifier I10 (user identifier) by data communication or reading a code. If the first identifier I10 is a personal number etc. written on a card, the second terminal 5 may obtain the first identifier I10 by photographing the card with an image sensor and analyzing the obtained image. The second terminal 5 may also obtain the first identifier I10 via an input device. The first terminal 4 may obtain the first identifier I10 as appropriate You may take it.
[0071] When an input device is used to acquire data such as each identifier (I10, I20), the acquisition of data from the other target by one terminal may include not only the acquisition of data from the other target by the other target operating the input device, but also the acquisition of data from the other target by the first target operating the input device. For example, in the example in Figure 2 above, if the second identifier I20 is a vehicle registration number and an input device is used to acquire the vehicle registration number, the first terminal 4 may acquire the second identifier I20 from the mobile entity (second target WA) by the input of the vehicle registration number via the input device by the user (first target VA).
[0072] Furthermore, the acquisition of data from one terminal to the other terminal does not necessarily have to be performed during data exchange. One terminal may acquire data from the other terminal at any time other than the data exchange. Any of the above methods may be used for data acquisition. In this case, the data exchange between the first terminal 4 and the second terminal 5 may function merely as a trigger to start a series of processes related to the linking settings.
[0073] (Notification processing) When performing at least one of the linking setting or unlinking processes, the management server 1 may send a notification indicating the execution result to at least one of the first terminal 4 and the second terminal 5. The notification transmission route is not particularly limited and may be determined as appropriate depending on the embodiment. In one example, the management server 1 may directly notify at least one of the first terminal 4 and the second terminal 5. In another example, the management server 1 may indirectly notify at least one of the first terminal 4 and the second terminal 5 via external computers such as each server (2, 3).
[0074] If direct notification is required, management server 1 may obtain contact information for each terminal (4, 5) as appropriate. Contact information may include telephone number, email address, account information for communication applications (e.g., Social Networking Service applications), identification number, etc. This may be the case. Management server 1 may obtain information indicating the contact details of each terminal (4, 5) at any time. For example, management server 1 may obtain information indicating the contact details when it receives requests such as linking requests or unlinking requests. Information indicating the contact details may be transmitted from at least one of each terminal (4, 5) and each server (2, 3).
[0075] (Authentication process) Authentication of the first target VA and the second target WA may be performed in any manner (specific examples will be described later). The authentication process for the first target VA may be performed before or after the authentication process for the second target WA. The authentication process for the first target VA may be performed at least partially in parallel with the authentication process for the second target WA.
[0076] The authentication process for the first target VA and the second target WA may be performed on at least one of the following: management server 1, an external server (e.g., first server 2, second server 3), first terminal 4, and second terminal 5. Furthermore, the authentication process for the first target VA and the second target WA may be performed at any time before the correspondence is established. In one example, authentication for at least one of the first target VA and the second target WA may be performed before issuing a linking request. In another example, authentication for at least one may be requested along with the linking request and performed together with the linking setup process. Requesting it along with the linking request may include the authentication request being included in the linking request. The authentication request may also be called an authentication request. In yet another example, authentication for at least one may be initiated after the linking request has been sent, in response to a request from management server 1 or an external server. Accordingly, management server 1 may obtain the authentication result before receiving the linking request, together with the receiving of the linking request, or after receiving the receiving of the linking request. By including the authentication result in the linking request, the authentication result may be included in the linking request and They may be obtained together, or they may be obtained separately from the linking request. Furthermore, if authentication fails, obtaining the authentication result on management server 1 may include obtaining an authentication result indicating that authentication failed, and the authentication result not reaching management server 1 (no authentication result is obtained).
[0077] In one example, the success or failure of authentication for the first target VA and the second target WA may be determined by the management server 1 or an external server. Determining the success or failure of authentication is equivalent to executing the authentication process. In one example, the authentication processes for both the first target VA and the second target WA may be executed by either the management server 1 or the external server. In another example, the authentication process for one of the first target VA and the second target WA may be executed by the management server 1, and the authentication process for the other may be executed by the external server. The external server may be, for example, the first server 2, the second server 3, etc. Obtaining the authentication result at the management server 1 may consist of obtaining the authentication result by executing the authentication process at the management server 1, or obtaining the authentication result from the external server. For example, at least one terminal of the first target VA and the second target WA may send a linking request including an authentication request to the management server 1. The authentication request for each target (VA, WA) may include data used for authentication of each target (VA, WA) (e.g., identifier, unique information, certificate, etc.). The management server 1 may perform authentication processing in response to a received authentication request, or it may request the external server to perform authentication processing by sending an authentication request to the external server. Alternatively, for example, at least one terminal may send an authentication request to the external server. The external server may perform authentication processing in response to a received authentication request, or it may request the management server 1 to perform authentication processing by sending an authentication request to the management server 1. If authentication processing is performed, the external server may send the authentication result directly to the management server 1, or it may send the authentication result to the management server 1 via an external computer (for example, at least one terminal). As described above, the timing of sending the authentication request is not limited to these examples. The authentication request may be sent during data communication with the management server 1 or the external server before or after issuing a linking request. In this example of the embodiment, security can be expected to be ensured by performing the authentication processing on the server side.
[0078] In another example, the authentication process for at least one of the first target VA and the second target WA may be performed by at least one of the first terminal 4 and the second terminal 5. Obtaining the authentication result at the management server 1 may include obtaining the authentication result from at least one of the terminals. For example, at least one terminal may perform the authentication process for at least one target as a voluntary action. Alternatively, for example, at least one terminal may perform the authentication process in response to a request from the management server 1 or an external server. At least one terminal may appropriately send the authentication result to the management server 1 together with the linking request or separately from the linking request. Of the first terminal 4 and the second terminal 5, the terminal that performs the authentication process and the terminal that sends the authentication result may be the same or different. If the terminal that performs the authentication process and the terminal that sends the authentication result are different, the authentication result may be exchanged between the terminals (4, 5) as appropriate.
[0079] (Unlink) In this embodiment, the management server 1 may be configured to release the correspondence upon receiving a release request from at least one of the first terminal 4 and the second terminal 5, or upon fulfilling a predetermined release condition.
[0080] (I) Request for cancellation In one example, the release request may be configured to indicate the correspondence of the items to be released by including at least one of the first identifier I10 and the second identifier I20. In another example, the release request may be configured to indicate the correspondence of the items to be released by including alternative information.
[0081] When the first terminal 4 sends a release request that includes the second identifier I20, the first terminal 4 may obtain the second identifier I20 at any time. For example, when a linking request is made, the first terminal 4 may obtain the second identifier I20 and store the obtained second identifier I20 in a memory resource. When a release request is made, the first terminal 4 may obtain the second identifier I20 from the memory resource. Also, when the first terminal 4 sends a release request that includes the first identifier I10, the first terminal 4 may obtain the first identifier I10 at any time. For example, the first identifier I10 may be stored in a memory resource in advance. The first terminal 4 may obtain the first identifier I10 from the memory resource.
[0082] Similarly, when the second terminal 5 sends a release request that includes the first identifier I10, the second terminal 5 may obtain the first identifier I10 at any time. For example, when a linking request is made, the second terminal 5 may obtain the first identifier I10 and store the obtained first identifier I10 in a memory resource. When a release request is made, the second terminal 5 may obtain the first identifier I10 from the memory resource. Also, when the second terminal 5 sends a release request that includes the second identifier I20, the second terminal 5 may obtain the second identifier I20 at any time. For example, the second identifier I20 may be stored in a memory resource in advance. The second terminal 5 may obtain the second identifier I20 from the memory resource.
[0083] Figure 5 schematically shows an example of the unlinking process according to this embodiment. In the example in Figure 5, as the first route, the first terminal 4 directly sends an unlinking request to the management server 1 (step SZ10). Also, as the second route, the first terminal 4 gives instructions to the second terminal 5 (step SZ10A), causing the second terminal 5 to directly send an unlinking request to the management server 1 (step SZ11A). However, the transmission route of the unlinking request is not limited to this example. The first terminal 4 may indirectly send an unlinking request to the management server 1 via an external computer such as the first server 2. In the second route, the second terminal 5 may indirectly send an unlinking request to the management server 1 via an external computer such as the second server 3. Note that the starting point of the unlinking request is not limited to the first terminal 4. In another example, the second terminal 5 may directly or indirectly send an unlinking request to the management server 1. Furthermore, the second terminal 5 may instruct the first terminal 4 to directly or indirectly send a release request to the management server 1. After receiving the release request, the management server 1 refers to the linking information D10 and releases the correspondence specified by the identifier included in the release request. After this release process, the management server 1 may send a notification indicating the result of the release process to at least one of the first terminal 4 and the second terminal 5, similar to the notification sent during the linking setup process.
[0084] In one example, the processing of a deactivation request may include authentication processing for at least one of the first target VA and the second target WA. The authentication processing during deactivation may be the same as the authentication processing during the linking setting described above. However, authentication processing is not necessarily required when a deactivation request is made. In another example, the processing of a deactivation request may be simplified by omitting the authentication processing.
[0085] The trigger for the release request may be set as appropriate depending on the embodiment. In one example, if at least one of the first target VA and the second target WA is a user, the user may perform an operation on at least one of the first terminal 4 and the second terminal 5, and a release request may be sent from at least one of the first terminal 4 and the second terminal 5. In other words, the trigger for the release request may be an operation by the user. In another example, upon termination of the usage relationship, arbitrary information processing may be performed on at least one of the first terminal 4 and the second terminal 5. The execution of this information processing may trigger the sending of a release request from at least one of the first terminal 4 and the second terminal 5. For example, the arbitrary information processing may be data exchange between the first terminal 4 and the second terminal 5. The method of data exchange during release may be the same as the data exchange during release. The distinction between data exchange during release and data exchange during release may be appropriately distinguished. For example, in the example in Figure 2... In this case, the second terminal 5 may be equipped with separate sensor devices at the entrance and exit, such as at bus entrances and exits or train ticket gates. In this case, depending on the sensor device used for data exchange, a distinction may be made between data exchange during linking setup and data exchange during linking unlinking. Also, for example, if data exchange is performed by an application on the terminal, the application may be configured to switch between a linking setup mode and a linking unlinking mode. In this case, depending on the application mode, a distinction may be made between linking setup and unlinking.
[0086] (II) Conditions for release The release condition indicates the condition for releasing the correspondence between the objects. The release condition may be defined as appropriate depending on the embodiment.
[0087] For example, the release condition may be defined as releasing the correspondence at an arbitrarily set release time. The release time may be given, for example, by a user, by another application (such as a scheduler), etc. In this case, the management server 1 may release the correspondence in question when the release time arrives. The release time may be set as the expiration date of the above-mentioned linking information D10. If the release time is set as the expiration date, the management server 1 may treat the correspondence in question as released when the release time arrives.
[0088] In another example, the number of correspondences that can be set for the same individual of each target (VA, WA) may be infinite or finite. If the number of configurable correspondences is finite, an upper limit (threshold) may be set for the number of correspondences that can be set for the same individual. The threshold may be set as appropriate. If the number of correspondences set for at least one of the first target VA and second target WA exceeds this upper limit, the management server 1 may release at least one of the correspondences set for that individual. Which correspondence to release may be determined as appropriate according to priority, order, type of target, etc. The management server 1 may send an inquiry regarding the release to at least one of the first terminal 4 and second terminal 5, and determine which correspondence to release based on the response received.
[0089] For example, consider a scenario as shown in Figure 2, where the first target VA is a user and the second target WA is a usable item. In this case, the number of users that can be associated with the same usable item may be infinite or finite. If the number of users that can be associated is finite, the upper limit of the number of users that can be associated may be appropriately set by a threshold. The threshold may be set according to the attributes of the usable item (e.g., the number of possible passengers). When the management server 1 receives a new request to set a correspondence relationship for a particular usable item, it may refer to the association information D10 and extract the previous correspondence relationships that have been set and maintained for that particular usable item. If the newly received correspondence relationship setting causes the overlap of correspondence relationship settings for the relevant usable item to exceed the threshold, the management server 1 may discard the newly received request for a correspondence relationship setting or release at least one of the extracted previous correspondence relationships. When releasing previous correspondence relationships, the management server 1 may decide which correspondence relationships to release according to the user priority, order (e.g., releasing the correspondence relationships that were set earlier), etc.
[0090] As a concrete example, in the example in Figure 2, we assume that the vehicle is a private car, and that the first user and the second user are, for example, family members, and therefore share the private car. The private car can be interpreted as an item used on a regular basis. For the sake of explanation, we assume that the number of users that can be associated with the private car is 1. In this case, while the correspondence between one of the first user and the private car is already established, the management server 1 may, upon receiving the establishment of a correspondence between the other user and the private car, cancel the previous correspondence (the correspondence between one user and the private car).
[0091] The same may apply to users. That is, the same number of users that can be associated with the same user. The number may be infinite or finite. If the number of items that can be linked is finite and the number of correspondences set for the user exceeds the upper limit, the management server 1 may discard the newly received request to set up a correspondence, or remove at least one of the extracted correspondences. When removing a correspondence, the management server 1 may decide which correspondence to remove depending on the priority and type of the item (for example, whether it is an item used regularly or an item used temporarily).
[0092] As described above, the management server 1 may terminate the correspondence relationship upon receiving a termination request from at least one of the first terminal 4 and the second terminal 5, or upon fulfillment of predetermined termination conditions. According to one example of this embodiment, the termination of the usage relationship between the first target VA and the second target WA can be tracked. The linking information D10 after the correspondence relationship has been terminated may be saved as history.
[0093] (Normal processing / Simplified processing) In this embodiment, if the predetermined conditions are not met, the authentication process for both the first target VA and the second target WA is executed. On the other hand, if the predetermined conditions are met, the authentication process for either the first target VA or the second target WA is omitted. For the sake of explanation, the former route, in which the authentication process for both the first target VA and the second target WA is executed (i.e., the authentication process is not omitted), will also be referred to as the "normal linking setting process." The latter route, in which the authentication process for either the first target VA or the second target WA is omitted to set the correspondence, will also be referred to as the "simplified linking setting process."
[0094] Omitting authentication may include omitting the acquisition of authentication results. Omitting authentication on management server 1 may include management server 1 omitting the execution of the authentication process, and management server 1 omitting the acquisition of authentication results performed on other devices other than management server 1. In the latter case, the execution of the authentication process may be omitted on the other devices.
[0095] Switching between normal processing and simplified processing may be done in any manner. For example, when performing authentication processing, whether or not predetermined conditions are met may be determined by at least one of the following devices: management server 1, external servers (first server 2, second server 3, etc.), first terminal 4, and second terminal 5. As a result of this determination process, it may be switched whether or not to perform simplified processing. Any of the devices may determine whether or not the predetermined conditions are met based on at least one of the information it holds and the information provided by other devices. The information used for the determination may be appropriately selected according to the predetermined conditions. In another example, for example, a program including a mode for performing simplified processing may be installed only on terminals that are likely to meet the predetermined conditions, such as terminals of users who are permitted to perform simplified processing, and the operation of these terminals may be used to switch whether or not to perform simplified processing. The processing in the mode for performing simplified processing may include, for example, storing information of the linked party and sending a linking request using simplified processing. As described above, the switching between normal processing and simplified processing may be achieved as a result of executing any information processing such as a judgment process, or it may be achieved by satisfying predetermined conditions without any information processing.
[0096] The simplified linking request may be sent from at least one of the first terminal 4 and the second terminal 5. At least one of the first terminal 4 and the second terminal 5 may send the simplified linking request directly to the management server 1, or it may send it indirectly to the management server 1 via an external computer (for example, an external server such as the first server 2 or the second server 3). When the authentication process is performed by an external server, omitting authentication may include omitting data communication with the external server, or performing data communication with the external server but omitting the authentication process and performing the following information processing.
[0097] For example, when adopting a configuration in which authentication processing is performed on management server 1 or an external server, The first terminal 4 of the first target VA may be configured to send a linking request to the management server 1, send a linking request jointly with the second terminal 5 of the second target WA, or have the second terminal 5 send a linking request, when a usage relationship occurs between the first target VA and the second target WA, thereby causing the management server 1 to set up a correspondence between the first target VA and the second target WA. If the predetermined conditions are not met, the linking request may include an authentication request for the first target VA and the second target WA. The authentication process for each target (VA, WA) in response to the authentication request may be performed on at least one of the management server 1 and external servers (first server 2, second server 3, etc.). Setting up a correspondence between the first target VA and the second target WA may be configured by setting up the correspondence between the first target VA and the second target WA in accordance with the fact that the authentication of the first target VA and the second target WA performed based on the authentication request has been successful. On the other hand, if certain conditions are met, the authentication request for either the first target VA or the second target WA may be omitted, and the linking request may include the authentication request for the other target. Setting up the correspondence between the first target VA and the second target WA may be configured by setting up the correspondence between the first target VA and the second target WA in accordance with whether the authentication of the other target, which was performed based on the authentication request, has been successful.
[0098] Similarly, when the authentication process is performed on the management server 1 or an external server, the second terminal 5 of the second target WA may be configured to send a linking request to the management server 1, send a linking request jointly with the first terminal 4 of the first target VA, or have the first terminal 4 send a linking request, when a usage relationship occurs between the first target VA and the second target WA, thereby causing the management server 1 to set up a correspondence between the first target VA and the second target WA. If the predetermined conditions are not met, the linking request may include an authentication request for the first target VA and the second target WA. The authentication process for each target (VA, WA) in response to the authentication request may be performed on at least one of the management server 1 and an external server (first server 2, second server 3, etc.). Setting up a correspondence between the first target VA and the second target WA may be configured by setting up the correspondence between the first target VA and the second target WA in accordance with the fact that the authentication of the first target VA and the second target WA performed based on the authentication request has been successful. On the other hand, if certain conditions are met, the authentication request for either the first target VA or the second target WA may be omitted, and the linking request may include the authentication request for the other target. Setting up the correspondence between the first target VA and the second target WA may be configured by setting up the correspondence between the first target VA and the second target WA in accordance with whether the authentication of the other target, which was performed based on the authentication request, has been successful.
[0099] Whether the process to be executed is a simplified process or a normal process may be determined as appropriate. For example, when an authentication process is performed on at least one of the management server 1 and the external server, at least one of the management server 1 and the external server may determine whether to execute a simplified process or a normal process based on the information contained in the linking request from at least one of the first terminal 4 and the second terminal 5. For example, the linking request may include information indicating whether the process to be executed is a simplified process, and whether to execute a simplified process or a normal process may be determined based on this information. Alternatively, whether to execute a simplified process or a normal process may be determined based on information concerning at least one of the first target VA and the second target WA, such as the first identifier I10, the second identifier I20, or combinations thereof.
[0100] In one example, the simplified linking request may include a first identifier I10 and a second identifier I20. The first identifier I10 and the second identifier I20 included in the linking request may be obtained from at least one of the terminals (4, 5) and the external server during the process of transmission from at least one of the first terminal 4 and the second terminal 5 to the management server 1. However, as described above, the configuration of the simplified linking request is not limited to this example. In another example, In a linking request using abbreviated processing, at least one of the first identifier I10 and the second identifier I20 may be omitted by using alternative information.
[0101] Furthermore, in one example, in the simplified processing, the transmission method for the authentication process of the other of the first target VA and the second target WA may be the same as or different from the transmission method in the normal processing. For example, in the normal processing, we assume that the first terminal 4 requests authentication of the second target WA from the second server 3, and the second terminal 5 requests authentication of the first target VA from the first server 2. In this case, in one example, during the simplified processing, the first terminal 4 may request authentication of the second target WA from the second server 3. Alternatively, the second terminal 5 may request authentication of the first target VA from the first server 2. In another example, during the simplified processing, the first terminal 4 may request authentication of the first target VA from the first server 2. Alternatively, the second terminal 5 may request authentication of the second target WA from the second server 3.
[0102] As an optional configuration, at least one of the management server 1 and the external servers (first server 2, second server 3, etc.) may acquire identification information (MAC address, terminal identification information, etc.) of at least one of the first terminal 4 and second terminal 5 that are permitted to use simplified processing, as part of the registration process for devices permitted to use simplified processing, and store the acquired identification information. This registration process may be executed at any time, such as during past linking settings. At least one of the management server 1 and the external servers may be configured to accept requests for linking settings using simplified processing only from terminals identified by the identification information.
[0103] In one example, the trigger for a request for simplified linking settings may be the same as for normal processing. That is, triggered by data exchange between the first terminal 4 and the second terminal 5, at least one of the first terminal 4 and the second terminal 5 may send a request for simplified linking settings. However, the trigger for simplified processing is not limited to this example. In another example, if at least one of the first target VA and the second target WA is a user, the user may operate at least one of the first terminal 4 and the second terminal 5, causing that at least one terminal to send a request for simplified linking settings. That is, the trigger for a request for simplified linking settings may be an operation by the user. In yet another example, the trigger for a request for simplified linking settings may be an instruction from another application (such as a scheduler). In yet another example, in conjunction with the occurrence of a usage relationship, arbitrary information processing may be performed on at least one of the first terminal 4 and the second terminal 5. This arbitrary information processing may trigger a request for simplified linking settings to be sent from at least one of the first terminal 4 and the second terminal 5.
[0104] In one example, the process for canceling a correspondence set up by the simplified process (cancellation process for the simplified process) may be the same as the process for canceling a link in the normal process (cancellation process for the normal process). However, the cancellation process for the simplified process does not necessarily have to be the same as the cancellation process for the normal process. Correspondences set up by the simplified process may be canceled as appropriate. In another example, if the transmission route for the request to set up a correspondence by the simplified process and the transmission route for the request to cancel it for the normal process are different, the transmission route for the cancellation request for the simplified process may be aligned with the transmission route for the request to set up a correspondence by the simplified process.
[0105] In the simplified process, the target from which authentication processing is omitted may be either the first target VA or the second target WA, and may be appropriately selected depending on the embodiment. The target from which authentication processing is omitted may be selected, for example, depending on the type and relationship of each target (VA, WA). In one example, the first target VA may be a user, and the second target WA may be a user-used item. When predetermined conditions are met, the authentication of either the first target VA or the second target WA (the authentication to be omitted) may be the authentication of the user-used item. The authentication of the other target (the authentication not to be omitted) may be the authentication of the user. According to one example of this embodiment, security is ensured by user authentication while omitting the authentication of the user-used item, This can reduce the time spent in between.
[0106] (Under specified conditions) The predetermined conditions specify whether to perform normal processing or simplified processing. The predetermined conditions may be determined as appropriate depending on the embodiment. For example, if the same combination of first target VA and second target WA repeatedly creates and terminates a usage relationship, the system 100 may perform authentication processing for the first target VA and second target WA each time, and repeatedly set and cancel the corresponding relationship. However, if the frequency of creating and terminating usage relationships is high, the same authentication processing will have to be performed each time, which may be cumbersome. Therefore, it is desirable that the predetermined conditions specify that simplified processing is selected for combinations of first target VA and second target WA that are likely to frequently create and terminate such usage relationships. The predetermined conditions may include at least one of the following two conditions.
[0107] (1) First condition Figure 6 schematically shows an example of a predetermined condition (the first condition) according to this embodiment. For example, if at least one of the first target VA and the second target WA is of a specific type, such as a regularly used item, the frequency of occurrence and termination of usage relationships may increase. Therefore, the first condition may be that at least one of the first target VA and the second target WA is of a specific type. The predetermined conditions may include this first condition.
[0108] In other words, if the types of the first target VA and the second target WA are not of a specific type, the system 100 may set the correspondence relationship through normal processing. On the other hand, if at least one of the first target VA and the second target WA is of a specific type, the system 100 may set the correspondence relationship through simplified processing. In one example, a specific type may be set for both the first target VA and the second target WA. In another example, a specific type may be set for only one of the first target VA and the second target WA, and the other target may be omitted. According to one example of this embodiment, it is possible to control whether or not to perform simplified processing depending on the type of at least one of the first target VA and the second target WA.
[0109] The specific type may be set as appropriate depending on the embodiment. In one example, the first target VA may be a user, and the second target WA may be an item used by the user. The condition that at least one of the first target VA and the second target WA is a specific type may include the item being an item used repeatedly by the user. That is, the first condition may include the item being an item used repeatedly by the user. Items used repeatedly are likely to have a higher frequency of occurrence and termination of usage relationships compared to items used temporarily. Therefore, according to one example of this embodiment, by allowing simplified processing for items used repeatedly, it is possible to track usage relationships between users and items while ensuring security, and to reduce the effort involved. Simplified processing may or may not be allowed for items used temporarily. In one example, the system 100 may be configured not to allow simplified processing for items used temporarily, so that the system establishes the corresponding relationship setting in normal processing each time a usage relationship occurs.
[0110] Switching between authentication modes according to this type may be done in any way. For example, before starting the authentication process, at least one of the following devices may identify at least one of the types of the first target VA and the second target WA, and determine whether to perform normal processing or simplified processing based on the identification result. Starting the authentication process may, for example, mean that at least one of the first terminal 4 and the second terminal 5 obtains the data to be used for authentication. The external server may be, for example, the first server 2, the second server 3, etc. At least one of the target types may be identified as appropriate. For example, at least one of the target types may be each target information such as identifiers and attribute information ( The user may be identified by the information contained in O10, O20). In the case of the above-mentioned user, whether the user is a regularly used user or not may be identified according to the attribute information (e.g., type, mobile type) contained in the mobile information O20A. At least one of the devices may pre-store information for identifying the type and use this information to identify the type of at least one of the targets. Alternatively, at least one of the devices may identify the type of at least one of the targets by referring to information held in an external device. At least one of the first terminal 4 and the second terminal 5 may determine whether to perform normal processing or simplified processing and start the execution of authentication processing in the mode corresponding to the determination result. Alternatively, at least one of the terminals may receive the determination result from at least one of the management server 1 and the external server and start the execution of authentication processing in the mode corresponding to the received determination result. In another example, a program including a mode for performing simplified processing may be installed only on terminals of targets that meet specific conditions, such as the terminal for regularly used users (second terminal 5 in Figure 2), and the operation of this terminal may switch whether or not to perform simplified processing.
[0111] (2) Second condition Figure 7 schematically shows an example of a predetermined condition (second condition) according to this embodiment. Whether or not the occurrence and termination of the usage relationship has occurred repeatedly can be determined from the history of the linking settings. Therefore, the second condition may be that a correspondence has been set in the past for the same combination of the first target VA and the second target WA (a combination of the same individual). The predetermined condition may include this second condition.
[0112] In other words, if a correspondence has not been established in the past for the same combination of the first target VA and the second target WA, the system 100 may establish the correspondence using normal processing. On the other hand, if a correspondence has been established in the past for the same combination of individuals, the system 100 may establish the correspondence using simplified processing. According to one example of this embodiment, security can be ensured by performing authentication processing in normal processing mode at least once, and then the effort can be reduced by performing authentication processing in simplified processing mode thereafter.
[0113] Switching the authentication mode based on this second condition may be done by any method. Information on combinations of first target VAs and second target WAs for which correspondences have been established in the past may be managed by at least one of the management server 1, the external server, the first terminal 4, and the second terminal 5. Management may include updating (creating) and deleting data held in at least one of the memory within the device and the memory of the external device.
[0114] For example, the linking information D10 may be maintained as history even after the correspondence is terminated. The management server 1 may determine from the history of the linking information D10 whether the combination of the first target VA and the second target WA that received the linking request is a combination for which a correspondence has been established in the past. If it is determined that the combination has been for which a correspondence has been established in the past, the management server 1 may accept the linking setting using simplified processing. The management server 1 may also send a command to at least one of the first terminal 4 and the second terminal 5 to enable simplified processing for the combination (for example, a command to start authentication processing in simplified processing mode).
[0115] In another example, at any time, such as when setting up a link in normal processing mode, the first terminal 4 may acquire the second identifier I20 of the second target WA and store the acquired second identifier I20 as a counterparty with whom a correspondence relationship has been previously set (i.e., a counterparty that is permitted to perform simplified processing). Similarly, the second terminal 5 may acquire the first identifier I10 of the first target VA and store the acquired first identifier I10 as a counterparty for simplified processing. In this way, at least one of the first terminal 4 and the second terminal 5 may retain information on counterparties with whom a correspondence relationship has been previously set. The terminal may decide whether to perform normal processing or simplified processing using the information it holds about the other party. For example, if at least one terminal performs a linking setting using normal processing mode, the linking setting using simplified processing mode may be enabled for the same other party. Accordingly, at least one terminal may be configured to execute a linking request using simplified processing mode for that other party.
[0116] In another example, when an external server becomes involved in an authentication process, it may store the combination of the first target VA and the second target WA in an accessible memory area. For example, the first server 2 may accept authentication of the first target VA by receiving the data used for authentication of the first target VA along with the first identifier I10. In this case, the first server 2 may also receive the second identifier I20 of the second target WA, which is the counterparty to which the correspondence relationship will be set. The first server 2 may store information of counterparties to which correspondence relationships have been set in the past by associating the second identifier I20 with the first identifier I10 (first target information O10). The same applies to the second server 3. Accordingly, when an external server becomes involved in an authentication process for the first time, it may refer to the stored information to determine whether the combination of the first target VA and the second target WA that requests the setting of a correspondence relationship by the authentication process in which it is involved is a combination to which a correspondence relationship has been set in the past. If it is determined that the combination is one to which a correspondence relationship has been set in the past, the external server may accept the linking setting using a simplified process. Furthermore, the external server may send a command to at least one of the first terminal 4 and the second terminal 5 to enable simplified processing for that combination (for example, a command to start authentication processing in simplified processing mode).
[0117] In one example, after the simplified processing mode is activated by performing the authentication process in normal processing mode once, the system 100 may be configured to permanently perform the linking setting in simplified processing mode. That is, the past range may be infinite. In another example, the activation of simplified processing mode may be temporary, and after the activation of simplified processing mode is canceled, the authentication process in normal processing mode may be performed again. That is, the past range may be finite. The activation of simplified processing mode may be canceled for any reason, such as the expiration of the validity period.
[0118] Furthermore, when performing authentication processing in normal processing mode, at least one of the first terminal 4 and the second terminal 5 may store at least a portion of the data used for authentication (e.g., identifiers, unique information, certificates, etc.) in memory resources. Then, when starting to execute processing in simplified processing mode, at least one of the first terminal 4 and the second terminal 5 may read the data used for authentication from memory resources and use the read data to perform authentication processing.
[0119] The first and second conditions described above may be used in combination. That is, the predetermined conditions may include the fact that a correspondence has been established in the past for the same combination of the first target VA and the second target WA, and that at least one of the types of the first target VA and the second target WA is a specific type. According to one example of this embodiment, even for a specific type, by requiring authentication processing through normal processing at least once, it is possible to reduce the effort while ensuring security.
[0120] Furthermore, when the first and second conditions are used in combination, the first target VA may be a user, and the second target WA may be an item used by the user. And the fact that at least one of the first target VA and the second target WA is of a specific type may include the item being an item used repeatedly by the user. According to one example of this embodiment, even for items used repeatedly, by requiring authentication processing through normal processing at least once, it is possible to reduce effort while ensuring security.
[0121] The type of object used may be appropriately selected depending on the embodiment. In one example, the object used may be a mobile object (example in Figure 2). This allows for tracking usage relationships while ensuring security in situations involving mobile objects, and reduces the effort required for such tracking. In another example, the object used regularly may be a private car. This reduces the effort required to track usage relationships for private cars.
[0122] (Confirmation process for continued use) As one of the optional configurations, after setting the correspondence between the relevant individual of the first target VA and the relevant individual of the second target WA, the management server 1 may further perform a process (confirmation process) to check whether the correspondence continues or not. The method for confirming continued use may be appropriately selected depending on the embodiment.
[0123] (i-1) Verification process by authentication In one example, the management server 1 may confirm the continuation of the correspondence by authenticating at least one of the first target VA and the second target WA via at least one of the first terminal 4 and the second terminal 5. The authentication method may be any method, similar to the linking settings. In the example in Figure 2, for example, user authentication may be performed by using an image sensor installed on the mobile device to perform facial recognition of the user, a fingerprint reader attached to the handle to perform fingerprint recognition of the user, or the user to speak and voiceprint authentication using a microphone installed on the mobile device. The authentication process may be performed on at least one of the terminals (4, 5), servers (2, 3), and management server 1. When the authentication process is performed on servers (2, 3), the data used for authentication may be sent directly from terminals (4, 5) to servers (2, 3), or indirectly via an external computer such as management server 1. When the authentication process is performed on management server 1, the data used for authentication may be sent directly from terminals (4, 5) to management server 1, or indirectly via an external computer such as each server (2, 3). Management server 1 may obtain authentication results as appropriate, and if the authentication for the target is successful in the obtained authentication results, it may determine that the correspondence relationship is continuing, and if the authentication is unsuccessful, it may determine that the correspondence relationship is not continuing.
[0124] (i-2) Confirmation process via notification In another example, if at least one of the first target VA and the second target WA is a user (for example, the case in Figure 2), the management server 1 may directly or indirectly send a confirmation notification including an operator to at least one of the first terminal 4 and the second terminal 5. The operator may consist of, for example, a confirmation button, a reply button, a link, etc. The recipient of the confirmation notification does not necessarily have to correspond to a user. In the case of Figure 2, the management server 1 may send a confirmation notification to at least one of the first terminal 4 and the second terminal 5. The recipient of the confirmation notification may overlap with or differ from the recipient of a notification indicating the result of the linking process. The confirmation notification may be configured to send a response directly or indirectly back to the management server 1 in response to the user's operation of the operator. If the management server 1 receives a response from the operator operation within a predetermined period, it may determine that the correspondence is continuing, and if it does not receive a response, it may determine that the correspondence is not continuing.
[0125] (i-3) Verification process using location information Figure 8 schematically shows an example of the usage continuation confirmation process according to this embodiment. When tracking usage relationships in the real world, the first terminal 4 may be equipped with a positioning module 47. The first terminal 4 may be further configured to measure its current location using its positioning module 47 and transmit the measurement result of its current location to the management server 1. The second terminal 5 may also be equipped with a positioning module 57. The second terminal 5 may be further configured to measure its current location using its positioning module 57 and transmit the measurement result of its current location to the management server 1.
[0126] Accordingly, the management server 1 may be further configured to set up the correspondence between the first target VA and the second target WA, receive measurement results of the current location (RP10, RP20) of each terminal (4, 5) from each terminal (4, 5), determine in real time whether the received measurement results of the current location (RP10, RP20) of each terminal (4, 5) satisfy the conditions for the usage relationship, and determine that the correspondence between the first target VA and the second target WA is continuing if the measurement results of the current location (RP10, RP20) of each terminal (4, 5) satisfy the conditions for the usage relationship, and otherwise determine that the correspondence is not continuing.
[0127] The conditions for the relationship to be met may be set appropriately depending on the embodiment, for example, by being close enough that the user is riding in the moving vehicle. In one example, the conditions for the relationship to be met may be defined by a distance range DR based on the current location RP10 of the first terminal 4 or the current location RP20 of the second terminal 5. In this case, whether or not the conditions for the relationship to be met may be determined depending on whether or not the location is within the range DR. Figure 8 assumes a scenario using the current location RP10 of the first terminal 4 as the reference. In this scenario, it may be determined that the conditions for the relationship to be met because the current location RP20 of the second terminal 5 is within the range DR. On the other hand, it may be determined that the conditions for the relationship to be met because the current location RP20 of the second terminal 5 is outside the range DR.
[0128] Furthermore, the range DR may be set appropriately to allow for the determination of the second target WA with which the usage relationship has occurred. The shape of the range DR may be defined arbitrarily. The range DR may be defined so that the distances in each direction are the same, or it may be defined so that the distances differ in at least some directions.
[0129] The types of each positioning module (47, 57) are not particularly limited and may be appropriately selected depending on the embodiment. Each positioning module (47, 57) may be, for example, a GPS (Global Positioning Satellite) module, a GNSS (Global Navigation Satellite System) module, etc.
[0130] The current location (RP10, RP20) of each terminal (4, 5) may be sent to the management server 1 at any time before the confirmation process is executed. For example, each terminal (4, 5) may report its current location information to the management server 1 as a voluntary information processing, such as sending it periodically. In this case, the management server 1 may use the most recently reported current location from each terminal (4, 5) as the current location (RP10, RP20) to determine whether the conditions for the usage relationship are met. In another example, the management server 1 may send a request to each terminal (4, 5) directly or indirectly at any time before the confirmation process is executed. In response to this request, each terminal (4, 5) may report its most recent current location (RP10, RP20) to the management server 1 in real time. The management server 1 may determine whether the conditions for the usage relationship are met based on the most recent current location information (RP10, RP20) reported in real time. In either configuration, if the most recent current location information for at least one of the first terminal 4 and the second terminal 5 cannot be obtained due to factors such as the power being off, the management server 1 may determine that the conditions for the usage relationship are not met.
[0131] Furthermore, the recipient of the information for each current location may be appropriately selected depending on the embodiment. In one example, the recipient of the information for each current location may be the management server 1. Accordingly, the information for each current location may be managed by the management server 1. In another example, the recipient of the information for each current location may be an external server (first server 2, second server 3, etc.). Accordingly, the information for each current location may be managed by the external server. The management server 1 may obtain the information for each current location (RP10, RP20) from the external server. Reporting to the management server 1 may include reporting directly to the management server 1 and reporting indirectly to the management server 1 via an external server. The reported information for each current location may be discarded after it is no longer used for verification processing, or it may be stored as history for at least a predetermined period. This may also be the case. When a method of reporting directly to the management server 1 is adopted, the information of each current location may be stored on the management server 1 or on an external server (first server 2, second server 3, NAS, etc.). Similarly, when a method of reporting indirectly to the management server 1 is adopted, the information of each current location may be stored on the management server 1 or on an external server. According to one example of this embodiment, the continuation of the correspondence can be appropriately confirmed by using the relationship between the locations of the first target VA and the second target WA (first terminal 4 and second terminal 5).
[0132] (ii) If the management server 1 determines that the correspondence relationship is continuing, it may maintain the setting of the correspondence relationship. On the other hand, if the management server 1 determines that the correspondence relationship is not continuing, it may terminate the correspondence relationship. The management server 1 may be configured to update the status of the correspondence relationship by repeatedly executing the confirmation process periodically or irregularly from the time the correspondence relationship is established until the correspondence relationship is terminated.
[0133] Furthermore, if the management server 1 determines that the correspondence relationship is not continuing, it may immediately terminate the correspondence relationship, or it may terminate it after holding it for a predetermined period. The timing of termination may be appropriately determined depending on the embodiment. If the latter method is adopted, and the continuation of the correspondence relationship is confirmed by at least one of the above methods during the holding period, the management server 1 may restore the correspondence relationship setting. This allows for the early recovery of the correspondence relationship setting without immediately terminating the correspondence relationship, for example, when temporarily away from the system.
[0134] (Scenarios for the use of linked information) As described above, the linking information D10 can be used in a variety of situations. For example, the linking information D10 may be used simply to track the occurrence and termination of relationships between the first target VA and the second target WA.
[0135] In another example, the linking information D10 may be used to enable at least a portion of the privileges associated with either the first target VA or the second target WA to be exercised from the other while a correspondence relationship is established between the first target VA and the second target WA. For example, the management server 1 may be configured to further enable the exercise of privileges associated with the corresponding first target VA via the second target WA with which the correspondence relationship has been established, in response to the establishment of a correspondence relationship between the first target VA and the second target WA. The management server 1 may also be configured to further disable the exercise of privileges in response to the termination of the correspondence relationship. In the example in Figure 2, the linking information D10 may be used to enable at least a portion of the privileges associated with a user to be exercised from a mobile device while a correspondence relationship is established between the user and the mobile device. According to this example, the second target WA can control the permission and prohibition of the exercise of privileges on the first target VA by setting and terminating the correspondence relationship.
[0136] Figure 9 schematically shows an example of a usage scenario for the linking information D10 according to this embodiment. Figure 9 assumes a scenario in the example of Figure 2 where user-linked privileges are exercised from a mobile device. Furthermore, it is assumed that the linking information D10 is configured to indicate a first target VA (user) and a second target WA (mobile device) with which a correspondence relationship has been established, by including a first identifier I10 and a second identifier I20. In addition, it is assumed that user information is managed by the first server 2 and mobile device information is managed by the second server 3. The external system SY1 is deployed at a location where various services are performed (e.g., a parking lot) and is configured to perform information processing to provide the target service to a user who has the target privileges. The configuration and services of the external system SY1 are not particularly limited and may be appropriately selected depending on the embodiment.
[0137] First, in step U10, the external system SY1 may obtain a second identifier I20 (mobile object identifier) from the target mobile object. The method for obtaining the second identifier I20 may be appropriately selected depending on the embodiment. In one example, the external system SY1 may obtain the second identifier I20 from the second terminal 5 by exchanging data with the second terminal 5. The method of data exchange may be the same as the data exchange between the first terminal 4 and the second terminal 5. In another example, if the second identifier I20 is a vehicle registration number, the external system SY1 may obtain the second identifier I20 by photographing the license plate with an image sensor and analyzing the obtained image.
[0138] In step U20, the external system SY1 may use the acquired second identifier I20 as a query to ask the management server 1 whether there is a valid correspondence relationship for the target mobile object at the target date and time. Valid means that the correspondence relationship setting is maintained at the target date and time. While the target date and time is generally the present (immediate), it is not limited to this. For example, when executing a settlement process for a past date and time, the target date and time may be a past date and time. If a valid correspondence relationship exists, the first identifier I10 (user identifier) of the user associated with the target mobile object is extracted. On the other hand, if no valid correspondence relationship exists and no user associated with the target mobile object is extracted, this process may be terminated.
[0139] In step U30, the external system SY1 may use the extracted first identifier I10 as a query to inquire with the first server 2 about the available privileges for the user associated with the target mobile object. The first server 2 may refer to the first target information O10 (user information O10A) and extract the privileges associated with the target user that can be exercised. If no available privileges are extracted, this process may be terminated. Note that the first target information O10 (user information O10A) may also have a setting for each privilege indicating whether or not the mobile object is allowed to exercise the privilege. The available privileges may be extracted according to this setting. Also, if the target privilege that the external system SY1 is trying to exercise is not included in the available privileges, this process may be terminated. The privileges to be exercised may be specified at any time as appropriate. For example, the privileges to be exercised may be specified in advance by the external system SY1, or they may be specified by the user.
[0140] In step U40, if the available privileges include the privilege in question, the external system SY1 may execute a process to exercise the privilege in question. This allows the privilege associated with the user to be exercised from the mobile device, and the user to receive services via the mobile device. For example, if the privilege information includes public personal authentication information and the privilege in question relates to public personal authentication, the user can receive public services via the mobile device. Also, for example, if the privilege information includes payment information and the privilege in question relates to payment, the user can receive payment services via the mobile device. Payment services may include payments for parking fees, highway tolls, drive-through fees, public transport fees, rental fees, etc. Also, for example, if the privilege information includes information about electronic prescriptions and the privilege in question is to receive medication prescribed by an electronic prescription, the user can exercise the electronic prescription via the mobile device and receive the medication.
[0141] The processing procedure for exercising the above authority is merely an example, and each step may be modified as much as possible. Depending on the embodiment, steps in the above processing procedure may be omitted, replaced, or added as appropriate. In addition, in the above processing procedure, the user may be replaced with the first target VA, and the mobile object may be replaced with the second target WA. Furthermore, in the above processing procedure, "first" and "second" may be swapped.
[0142] (Data communication between devices) The data communication between each device (management server 1, first server 2, second server 3, first terminal 4, and second terminal 5) is not particularly limited and may be appropriately selected depending on the embodiment. The network between devices may be appropriately selected from, for example, the Internet, wireless communication networks, mobile communication networks, telephone networks, dedicated networks, local area networks, etc. Data communication between each device shall be conducted using methods such as SSL (Secure Socket Layer) and TLS (Transport Layer Security). Encryption is permitted. For example, each terminal (4, 5) may be equipped with a SIM (Subscriber Identity Module), and data communication between each terminal (4, 5) and the servers (management server 1, first server 2, second server 3) may be performed using encrypted communication via the SIM.
[0143] [2 Example Configurations] [Example Hardware Configuration] (Management Server) Figure 10A schematically shows an example of the hardware configuration of the management server 1 according to this embodiment. The management server 1 according to this embodiment is a computer in which a control unit 11, a storage unit 12, a communication interface 13, an input device 14, an output device 15, and a drive 16 are electrically connected.
[0144] The control unit 11 is a hardware processor, a CPU (Central Processing Unit), It includes RAM (Random Access Memory), ROM (Read Only Memory), etc., and is configured to perform arbitrary information processing based on programs and various data. The control unit 11 (CPU) is an example of the processor resources of the management server 1.
[0145] The storage unit 12 may be composed of, for example, a hard disk drive, a solid-state drive, or semiconductor memory. The storage unit 12 (and RAM, ROM) is an example of memory resources. In this embodiment, the storage unit 12 stores various information such as the management program 81 and the association information D10. The management program 81 is a program that causes the management server 1 to execute information processing related to setting and canceling the correspondence between the first target VA and the second target WA (Figures 12A and 12B described later). The management program 81 includes a series of instructions for said information processing.
[0146] The communication interface 13 is configured to perform wired or wireless communication over a network. The communication interface 13 may consist of, for example, a wired LAN (Local Area Network) module, a wireless LAN module, etc. The management server 1 may perform data communication with other computers (first server 2, second server 3, first terminal 4, second terminal 5) via the communication interface 13.
[0147] The input device 14 is a device for inputting data, such as a mouse, keyboard, or operation buttons. The output device 15 is a device for outputting data, such as a display or speaker. The operator can operate the management server 1 by using the input device 14 and the output device 15. The input device 14 and the output device 15 may be integrated into a single unit, such as a touch panel display. The input device 14 and the output device 15 may be connected via an external interface. The external interface may be configured as appropriate to connect to an external device via wired or wireless connection, such as a USB (Universal Serial Bus) port, a dedicated port, or a wireless communication port.
[0148] Drive 16 is a device for reading various information, such as programs, stored in the storage medium 91. At least one of the management program 81 and the linking information D10 may be stored in the storage medium 91 instead of or together with the storage unit 12. The storage medium 91 is configured to store various information (stored programs, etc.) by electrical, magnetic, optical, mechanical, or chemical means so that a machine such as a computer can read the information. The management server 1 may obtain at least one of the management program 81 and the linking information D10 from the storage medium 91. Note that the storage medium 91 is a CD, DVD, etc. The storage medium may be disk-type, or it may be a non-disk-type storage medium such as semiconductor memory (e.g., flash memory). The type of drive 16 may be appropriately selected depending on the type of storage medium 91. The drive 16 may be connected via an external interface.
[0149] Regarding the specific hardware configuration of the management server 1, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 11 may include multiple hardware processors. Hardware processors include microprocessors, FPGAs (field-programmable gate arrays), DSPs (digital signal processors), and GPs. It may consist of a U (Graphics Processing Unit), an ASIC (application-specific integrated circuit), etc. At least one of the input device 14, output device 15 and drive 16 Any of these may be omitted. The linking information D10 may be stored not in the storage unit 12, but on an external computer accessible by the management server 1 (e.g., a NAS). The management server 1 may consist of multiple computers. In this case, the hardware configurations of each computer may or may not be the same. The management server 1 may be an information processing device designed specifically for the services provided, a general-purpose server device, a general-purpose computer, etc.
[0150] (Server 1) Figure 10B schematically shows an example of the hardware configuration of the first server 2 according to this embodiment. The first server 2 according to this embodiment is a computer in which a control unit 21, a storage unit 22, a communication interface 23, an input device 24, an output device 25, and a drive 26 are electrically connected. The control unit 21 to the drive 26 and the storage medium 92 of the first server 2 may be configured in the same way as the control unit 11 to the drive 16 and the storage medium 91 of the management server 1.
[0151] The control unit 21 (CPU) is an example of the processor resources of the first server 2, and the storage unit 22 (and RAM, ROM) is an example of the memory resources of the first server 2. In this embodiment, the storage unit 22 stores various information such as the program 82 and the first target information O10. The program 82 is a program that causes the first server 2 to execute information processing related to the authentication of the first target VA. The program 82 includes a series of instructions for said information processing. At least one of the program 82 and the first target information O10 may be stored in the storage medium 92 instead of or together with the storage unit 22. The first server 2 may retrieve at least one of the program 82 and the first target information O10 from the storage medium 92. The first server 2 may communicate data with other computers (second terminal 5, management server 1, etc.) via the communication interface 23. The first server 2 may be operated via the input device 24 and the output device 25.
[0152] Regarding the specific hardware configuration of the first server 2, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 21 may include multiple hardware processors. Hardware processors may consist of microprocessors, FPGAs, DSPs, GPUs, ASICs, etc. At least one of the input device 24, output device 25, and drive 26 may be omitted. The first target information O10 may be stored not in the storage unit 22, but in an external computer accessible by the first server 2 (e.g., a NAS, etc.). The first server 2 may consist of multiple computers. In this case, the hardware configurations of each computer may or may not be the same. The first server 2 may be an information processing device designed specifically for the services provided, a general-purpose server device, a general-purpose computer, etc.
[0153] (Second server) Figure 10C schematically shows an example of the hardware configuration of the second server 3 according to this embodiment. The second server 3 according to this embodiment is a computer in which a control unit 31, a storage unit 32, a communication interface 33, an input device 34, an output device 35, and a drive 36 are electrically connected. The control unit 31 to the drive 36 and the storage medium 93 of the second server 3 may be configured in the same way as the control unit 11 to the drive 16 and the storage medium 91 of the management server 1.
[0154] The control unit 31 (CPU) is an example of the processor resources of the second server 3, and the storage unit 32 (and RAM, ROM) is an example of the memory resources of the second server 3. In this embodiment, the storage unit 32 stores various information such as program 83 and second target information O20. Program 83 is a program that causes the second server 3 to execute information processing related to the authentication of the second target WA. Program 83 includes a series of instructions for said information processing. At least one of program 83 and second target information O20 may be stored in the storage medium 93 instead of or together with the storage unit 32. The second server 3 may retrieve at least one of program 83 and second target information O20 from the storage medium 93. The second server 3 may communicate data with other computers (first terminal 4, management server 1, etc.) via the communication interface 33. The second server 3 may be operated via input device 34 and output device 35.
[0155] Regarding the specific hardware configuration of the second server 3, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 31 may include multiple hardware processors. Hardware processors may consist of microprocessors, FPGAs, DSPs, GPUs, ASICs, etc. At least one of the input device 34, output device 35, and drive 36 may be omitted. The second target information O20 may be stored not in the storage unit 32, but in an external computer accessible by the second server 3 (e.g., a NAS, etc.). The second server 3 may consist of multiple computers. In this case, the hardware configurations of each computer may or may not be the same. The second server 3 may be an information processing device designed specifically for the services provided, a general-purpose server device, a general-purpose computer, etc.
[0156] (Terminal 1) Figure 10D schematically shows an example of the hardware configuration of the first terminal 4 according to this embodiment. The first terminal 4 according to this embodiment is a computer in which a control unit 41, a storage unit 42, a communication interface 43, an input device 44, an output device 45, a drive 46, and a positioning module 47 are electrically connected. The control unit 41 to the drive 46 and the storage medium 94 of the first terminal 4 may be configured in the same way as the control unit 11 to the drive 16 and the storage medium 91 of the management server 1.
[0157] The control unit 41 (CPU) is an example of the processor resources of the first terminal 4, and the storage unit 42 (and RAM, ROM) is an example of the memory resources of the first terminal 4. In this embodiment, the storage unit 42 stores various information such as the program 84 and the first identifier I10. The program 84 is a program that causes the first terminal 4 to execute information processing related to association (Figures 12A and 12B, described later). The program 84 includes a series of instructions for said information processing. At least one of the program 84 and the first identifier I10 may be stored in the storage medium 94 instead of or together with the storage unit 42. The first terminal 4 may obtain at least one of the program 84 and the first identifier I10 from the storage medium 94. The first terminal 4 may be operated via the input device 44 and the output device 45.
[0158] The first terminal 4 may communicate data with other computers (management server 1, first server 2, second server 3, second terminal 5, etc.) via the communication interface 43. In one example, the communication interface 43 may be composed of multiple types of modules. For example, the communication interface 43 may consist of a short-range wireless communication module 431 and other wireless communication modules. It may be equipped with a module (for example, a cellular communication module). The first terminal 4 may communicate data with the second terminal 5 via the short-range wireless communication module 431, and may communicate data with servers (management server 1, first server 2, second server 3) via other wireless communication modules.
[0159] Furthermore, regarding the specific hardware configuration of the first terminal 4, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 41 may include multiple hardware processors. Hardware processors are composed of microprocessors, FPGAs, DSPs, GPUs, ASICs, ECUs (Electronic Control Units), etc. At least one of the input device 44, output device 45, drive 46, and positioning module 47 may be omitted. The first identifier I10 does not have to be stored in the storage unit 42. The first identifier I10 may be acquired each time. To acquire data such as identifiers and information used for authentication, the first terminal 4 may be further equipped with data acquisition devices such as sensors and readers. The first terminal 4 may consist of multiple computers. In this case, the hardware configuration of each computer may or may not be the same. The first terminal 4 may be an information processing device designed specifically for the services provided, as well as a general-purpose computer, terminal device (e.g., smartphone, tablet PC, etc.).
[0160] (Second terminal) Figure 10E schematically shows an example of the hardware configuration of the second terminal 5 according to this embodiment. The second terminal 5 according to this embodiment is a computer in which a control unit 51, a storage unit 52, a communication interface 53, an input device 54, an output device 55, a drive 56, and a positioning module 57 are electrically connected. The control unit 51 to the drive 56 and the storage medium 95 of the second terminal 5 may be configured in the same way as the control unit 11 to the drive 16 and the storage medium 91 of the management server 1.
[0161] The control unit 51 (CPU) is an example of the processor resources of the second terminal 5, and the storage unit 52 (and RAM, ROM) is an example of the memory resources of the second terminal 5. In this embodiment, the storage unit 52 stores various information such as program 85 and second identifier I20. Program 85 is a program that causes the second terminal 5 to execute information processing related to association (Figures 12A and 12B, described later). Program 85 includes a series of instructions for said information processing. At least one of program 85 and second identifier I20 may be stored in the storage medium 95 instead of or together with the storage unit 52. The second terminal 5 may obtain at least one of program 85 and second identifier I20 from the storage medium 95. The second terminal 5 may be operated via input device 54 and output device 55.
[0162] The second terminal 5 may communicate data with other computers (management server 1, first server 2, second server 3, first terminal 4, etc.) via the communication interface 53. In one example, similar to the first terminal 4, the communication interface 53 may be composed of multiple types of modules. For example, the communication interface 53 may include a short-range wireless communication module 531 and other wireless communication modules. The second terminal 5 may communicate data with the first terminal 4 via the short-range wireless communication module 531 and with the servers via the other wireless communication modules.
[0163] Furthermore, regarding the specific hardware configuration of the second terminal 5, components can be omitted, replaced, and added as appropriate depending on the embodiment. For example, the control unit 51 may include multiple hardware processors. The hardware processors may consist of microprocessors, FPGAs, DSPs, GPUs, ASICs, ECUs, etc. At least one of the input device 54, output device 55, drive 56, and positioning module 57 may be omitted. The second identifier I20 does not have to be stored in the storage unit 52. The second identifier I20 is, The data may be acquired on a case-by-case basis. To acquire data such as identifiers and information used for authentication, the second terminal 5 may be further equipped with data acquisition devices such as sensors and readers. The second terminal 5 may consist of multiple computers. In this case, the hardware configurations of each computer may or may not be the same. The second terminal 5 may be an information processing device designed specifically for the services provided, as well as a general-purpose computer, terminal device, etc.
[0164] [Software Configuration Example] Figure 11 schematically shows an example of the software configuration of each device (management server 1, first server 2, second server 3, first terminal 4, and second terminal 5) according to this embodiment.
[0165] (Management Server) The control unit 11 of the management server 1 loads the management program 81 stored in the memory unit 12 into RAM, and the CPU executes the instructions contained in the management program 81. As a result, the management server 1 operates as a computer equipped with a reception unit 111, a setting unit 112, a deactivation unit 113, and a notification unit 114 as software modules.
[0166] The reception unit 111 is configured to receive a linking request directly or indirectly from at least one of the first terminal 4 of the first target VA and the second terminal 5 of the second target WA, in response to the occurrence of a usage relationship between the corresponding individuals of the first target VA and the second target WA. Upon receiving the linking request, the reception unit 111 is configured to accept the setting of a correspondence relationship between the corresponding individuals of the first target VA and the second target WA.
[0167] The setting unit 112 is configured to perform a process to set the correspondence between the corresponding individuals of the first target VA and the second target WA based on the linking request. The setting unit 112 is configured to obtain the authentication results of both the first target VA and the second target WA if the predetermined conditions are not met, and to set the correspondence between the first target VA and the second target WA based on the obtained authentication results of the first target VA and the second target WA, in accordance with whether the authentication of both the first target VA and the second target WA is successful. Furthermore, the setting unit 112 is configured to omit the authentication of one of the targets of the first target VA and the second target WA, obtain the authentication result of the other target, and to set the correspondence between the first target VA and the second target WA based on the obtained authentication result, in accordance with whether the authentication of the other target is successful. The release unit 113 is configured to perform a process to release the correspondence when a release request is received from at least one of the first terminal 4 and the second terminal 5 or when predetermined release conditions are met.
[0168] The notification unit 114 is configured to send a notification to at least one of the first terminal 4 and the second terminal 5 indicating the result of performing the correspondence setting process. The notification unit 114 is configured to send a notification to at least one of the first terminal 4 and the second terminal 5 indicating the result of performing the correspondence cancellation process.
[0169] If the management server 1 is configured to perform the authentication process for at least one of the first target VA and the second target WA, the management server 1 may be configured to further include an authentication unit 115 as a software module. The authentication unit 115 may be configured to perform the authentication process for at least one of the first target VA and the second target WA.
[0170] (Server 1) When adopting a configuration in which the authentication process for the first target VA is performed on the first server 2, the control unit 21 of the first server 2 may execute instructions included in the program 82 using the CPU. As a result, the first server 2 may operate as a computer equipped with an authentication unit 211 as a software module. The authentication unit 211 is configured to perform the authentication process for the first target VA in response to an authentication request for the first target VA.
[0171] (Second server) If the authentication process for the second target WA is performed by the second server 3, the control unit 31 of the second server 3 may execute the instructions included in the program 83 using the CPU. As a result, the second server 3 may operate as a computer equipped with an authentication unit 311 as a software module. The authentication unit 311 is configured to perform the authentication process for the second target WA in response to an authentication request for the second target WA.
[0172] (Terminal 1) The control unit 41 of the first terminal 4 executes instructions included in the program 84 using the CPU. As a result, the first terminal 4 operates as a computer equipped with a data exchange unit 411, a setting request unit 412, and a release request unit 413 as software modules. The data exchange unit 411 is configured to perform data exchange with the second terminal 5. The setting request unit 412 is configured to send a linking request (a request for linking settings) to the management server 1. The release request unit 413 is configured to send a release request (a request for linking release) to the management server 1.
[0173] In the case where the authentication process for at least one of the first target VA and the second target WA is performed on the first terminal 4, the first terminal 4 may be configured to further include an authentication unit 414 as a software module. The authentication unit 414 may be configured to perform the authentication process for at least one of the first target VA and the second target WA.
[0174] (Second terminal) The control unit 51 of the second terminal 5 executes instructions included in program 85 using the CPU. As a result, the second terminal 5 operates as a computer equipped with a data exchange unit 511, a setting request unit 512, and a release request unit 513 as software modules. The data exchange unit 511 is configured to perform data exchange with the first terminal 4. The setting request unit 512 is configured to send a linking request (a request for linking settings) to the management server 1. The release request unit 513 is configured to send a release request (a request for linking release) to the management server 1.
[0175] If a configuration is adopted in which the authentication process for at least one of the first target VA and the second target WA is performed on the second terminal 5, the second terminal 5 may be configured to further include an authentication unit 514 as a software module. The authentication unit 514 may be configured to perform the authentication process for at least one of the first target VA and the second target WA.
[0176] (others) In this embodiment, an example is described in which each software module of each device is implemented by a general-purpose CPU. However, some or all of the above software modules may be implemented by one or more dedicated processors. Each of the above modules may also be implemented as a hardware module. With respect to the software configuration of each device, modules may be omitted, replaced, and added as appropriate, depending on the embodiment. For example, if a configuration is adopted in which a linking request is sent from only one of the first terminal 4 and the second terminal 5, the setting request unit may be omitted from the other terminal. Similarly, if a configuration is adopted in which a deactivation request is sent from only one of the first terminal 4 and the second terminal 5, the deactivation request unit may be omitted from the other terminal. The authentication unit may be omitted from a device that omits the execution of authentication processing.
[0177] [3 Examples of operation] (Linking settings) Figure 12A shows an example of the linking setting process procedure by the system 100 according to this embodiment. The following processing procedure is an example of an information processing method performed by a computer. Of the following processing procedures, the processing procedure for management server 1 is an example of a management method performed by a computer.
[0178] In step S10, in response to the occurrence of a usage relationship between the corresponding individuals of the first target VA and the second target WA, at least one of the control units 41 of the first terminal 4 and 51 of the second terminal 5 sends a linking request to the management server 1.
[0179] In one example, upon the occurrence of a usage relationship, the control unit 41 of the corresponding first terminal 4 may operate as a data exchange unit 411 and perform data exchange with the corresponding second terminal 5. The control unit 51 of the second terminal 5 may operate as a data exchange unit 511 and perform data exchange with the first terminal 4. The data exchange may be performed by short-range wireless communication. Triggered by this data exchange, the control unit 41 of the first terminal 4 may operate as a configuration request unit 412 and send a linking request to the management server 1. The control unit 51 of the second terminal 5 may operate as a configuration request unit 512 and send a linking request to the management server 1. The first terminal 4 and the second terminal 5 may jointly send the linking request, or one of the first terminal 4 or the second terminal 5 may send the linking request. One terminal of the first terminal 4 or the second terminal 5 may give instructions to the other terminal, and the other terminal may send the linking request. Furthermore, the linking request may be sent directly to the management server 1, or it may be sent indirectly via an external computer (such as the first server 2, the second server 3, etc.).
[0180] In step S20, the control unit 11 of the management server 1 operates as a reception unit 111 and receives a linking request directly or indirectly from at least one of the first terminal 4 of the corresponding individual of the first target VA and the second terminal 5 of the corresponding individual of the second target WA. Upon receiving this linking request, the control unit 11 accepts the setting of the correspondence relationship between the corresponding individual of the first target VA and the corresponding individual of the second target WA.
[0181] In step S10, if the first terminal 4 and the second terminal 5 jointly send a linking request, a single linking request may be sent separately from the first terminal 4 and the second terminal 5, or the same linking request may be sent. If sent separately, some of the data of the linking request may be sent from the first terminal 4 and the remaining data from the second terminal 5. Partial overlap between the data and the remaining data may be permitted. In step S20, in order to identify the combination of the first target VA and the second target WA that are currently requesting the setting of the correspondence, the management server 1 may appropriately identify the correspondence of this data (i.e., determine the combination of corresponding data).
[0182] Data mapping can be identified in any way. For example, the data transmitted from each terminal (4, 5) may include shared information for identifying data mapping. The shared information may consist of information that has relationships, such as matching or a correspondence being established. The management server 1 may identify data mapping based on whether a relationship is established between the shared information contained in the data received from one of the first terminal 4 and the second terminal 5 and the shared information contained in the data received from the other terminal.
[0183] The shared information may be configured arbitrarily. For example, the shared information may consist of a combination of a first identifier I10 and a second identifier I20. The management server 1 may determine the data correspondence based on the match between the combination of identifiers (I10, I20) contained in the data received from the first terminal 4 and the combination of identifiers (I10, I20) contained in the data received from the second terminal 5. In another example, the shared information may consist of temporary information such as random numbers, timestamps, and hash values. In this case, the management server 1 may determine the data correspondence based on the match between the temporary information contained in the data received from the first terminal 4 and the temporary information contained in the data received from the second terminal 5. The data mapping may be identified in accordance with the relationship established between the relevant information. The shared information may be shared between the first terminal 4 and the second terminal 5 at any time. In a typical example, the first terminal 4 and the second terminal 5 may share the shared information when exchanging data.
[0184] In step S25, the processing destination is determined depending on whether predetermined conditions are met. If the predetermined conditions are not met, the processing proceeds to step S301. On the other hand, if the predetermined conditions are met, the processing proceeds to step S311. In one example, whether the predetermined conditions are met may be determined by at least one of the management server 1, external servers (first server 2, second server 3, etc.), first terminal 4, and second terminal 5. The processing destination may be determined according to the result of the determination. In another example, the processing destination may be determined according to the operating mode of at least one of the first terminal 4 and second terminal 5. Also, in one example, the predetermined conditions may include at least one of the two conditions described above.
[0185] In step S301, the control unit 11 of the management server 1 operates as a setting unit 112 and obtains the authentication results for both the first target VA and the second target WA. In step S302, the control unit 11 operates as a setting unit 112 and determines from the obtained authentication results whether the authentication for both the first target VA and the second target WA is successful. If the authentication for at least one of the first target VA and the second target WA is unsuccessful, the control unit 11 rejects the linking request and proceeds to step S40. As a result, the control unit 11 omits setting the correspondence. On the other hand, if the authentication for both the first target VA and the second target WA is successful, the control unit 11 proceeds to step S320.
[0186] In step S311, the control unit 11 of the management server 1 operates as a setting unit 112 and omits authentication for either the first target VA or the second target WA, and obtains the authentication result for the other target. In one example, the first target VA may be a user and the second target WA may be a user item. Authentication for the user item may be omitted, and the control unit 11 may obtain the user's authentication result.
[0187] In step S312, the control unit 11 operates as a setting unit 112 and determines from the acquired authentication result whether or not authentication for the other target has been successful. If authentication for the other target has not been successful, the control unit 11 rejects the linking request and proceeds to step S40. As a result, the control unit 11 omits setting the correspondence. On the other hand, if authentication for the other target has been successful, the control unit 11 proceeds to step S320. Successful authentication for the other target may include the fact that the login state of the other target is continuing.
[0188] The authentication process for the first target VA and the second target WA may be performed on at least one of the following: management server 1, an external server (e.g., first server 2, second server 3), first terminal 4, and second terminal 5. The control unit 11 of management server 1 may operate as an authentication unit 115 and perform the authentication process for at least one of the first target VA and the second target WA. The control unit 21 of first server 2 may operate as an authentication unit 211 and perform the authentication process for the first target VA. The control unit 31 of second server 3 may operate as an authentication unit 311 and perform the authentication process for the second target WA. The control unit 41 of first terminal 4 may operate as an authentication unit 414 and perform the authentication process for at least one of the first target VA and the second target WA. The control unit 41 of second terminal 5 may operate as an authentication unit 514 and perform the authentication process for at least one of the first target VA and the second target WA. The authentication process may be performed at any time before the processing of steps S301 and S311.
[0189] In step S320, the control unit 11 operates as a setting unit 112 and establishes the setting of the correspondence between the first target VA and the second target WA specified by the linking request. The information D10 is updated. For example, updating the linking information D10 in accordance with the setting of a correspondence relationship may be configured by generating new linking information D10 that indicates the specified correspondence relationship. Once the linking information D10 is updated, the control unit 11 proceeds to the next step S40. Note that the processing in steps S301, S302, S311, S312 and S320 above is an example of the process of setting a correspondence relationship in response to a received linking request (step S30 above).
[0190] In step S40, the control unit 11 operates as a notification unit 114 and directly or indirectly sends a notification to at least one of the first terminal 4 and the second terminal 5 indicating the result of the correspondence setting process. Once the notification of the result is complete, the processing procedure for linking settings related to this example of operation is terminated.
[0191] The above processing procedure is merely an example, and each step may be modified as much as possible. Furthermore, depending on the embodiment, steps in the above processing procedure may be omitted, replaced, or added as appropriate. For example, the branch in step S25 may be placed before step S20 or step S10.
[0192] (Unlink) Figure 12B shows an example of the unlinking process procedure by the system 100 according to this embodiment. The following processing procedure is an example of an information processing method executed by a computer. Of the following processing procedures, the processing procedure of the management server 1 is an example of a management method executed by a computer. Note that the example in Figure 12B assumes a scenario in which a release request is sent directly from the first terminal 4 to the management server 1.
[0193] In step SZ10, the control unit 41 of the first terminal 4 operates as a release request unit 413 and sends a release request for the corresponding relationship to the management server 1. In response, the control unit 11 of the management server 1 receives the release request. The corresponding relationship for which release is requested may be specified as appropriate. The trigger for the release request may be selected as appropriate depending on the embodiment.
[0194] In step SZ20, the control unit 11 acts as a release unit 113 and updates the linking information D10 to release the correspondence setting specified by the received release request. In one example, updating the linking information D10 in conjunction with the release of the correspondence may be performed by recording information indicating that the correspondence has been released. For example, if the linking information D10 has the configuration shown in Figure 3A, the control unit 11 may release the target correspondence by adding a release time to the corresponding linking information D10 or by setting a release flag. If the linking information D10 is configured on a blockchain base, the control unit 11 may release the target correspondence by generating a transaction indicating the release of the link and adding the generated transaction to the blockchain.
[0195] In step SZ30, the control unit 11 operates as a notification unit 114 and transmits the result of the unlinking process to the first terminal 4. Once the notification of the result is complete, the processing procedure for unlinking related to this example operation is terminated.
[0196] The above processing procedure is merely an example, and each step may be modified as much as possible. Furthermore, depending on the embodiment, steps in the above processing procedure may be omitted, replaced, or added as appropriate. For example, as described above, the transmission route for the release request is not limited to the example in Figure 12B, and may be appropriately selected depending on the embodiment. The release request may also be transmitted from the second terminal 5 (release request unit 513). The processing of the release request may include authentication processing for at least one of the first target VA and the second target WA. In addition, the control unit 11 of the management server 1 operates as a release unit 113 instead of step SZ20, and upon the fulfillment of predetermined release conditions... The correspondence may be terminated. Furthermore, the control unit 11 operates as a termination unit 113 and, after setting the correspondence, may perform the above-mentioned confirmation process for continued use for the set correspondence at any time.
[0197] [Features] In this embodiment, the processing in step S320 records information indicating the setting of the correspondence between the relevant individuals of the first target VA and the second target WA. This record makes it possible to track the usage relationship between the relevant individuals of the first target VA and the second target WA. In addition, in this embodiment, if the predetermined conditions are not met, authentication of both the first target VA and the second target WA is performed when setting the correspondence (the route in step S301 is selected). This ensures security. On the other hand, if the predetermined conditions are met, authentication of either the first target VA or the second target WA is omitted (the route in step S311 is selected). This reduces the effort required. Therefore, according to this embodiment, it is possible to track the usage relationship between the first target VA and the second target WA while ensuring security, and to reduce the effort required.
[0198] [4. Variant] While embodiments of this disclosure have been described in detail above, the above description is merely illustrative in all respects of this disclosure. It goes without saying that various improvements or modifications can be made without departing from the scope of this disclosure. For example, the following modifications are possible. In the following, the same reference numerals are used for components similar to those in the above embodiments, and explanations of points similar to those in the above embodiments have been omitted as appropriate. The following modifications can be combined as appropriate.
[0199] <4.1> In the above embodiment, authentication processing for both the first target VA and the second target WA is performed in the normal processing mode, while in the simplified processing mode, one of them is omitted. However, from the viewpoint of balancing security and reduction of effort, omitting authentication processing can be applied to cases other than this distribution. The form of omitting authentication processing is not limited to the example of the above embodiment. In another example, authentication for at least one of the first target VA and the second target WA is performed in the normal processing mode, while authentication for both the first target VA and the second target WA may be omitted in the simplified processing mode.
[0200] Figure 13 schematically illustrates another example of a scenario to which this disclosure applies. The control unit 11 of the management server 1 may be configured to set up a correspondence between the first target VA and the second target WA based on a linking request transmitted from at least one of the first terminal 4 of the first target VA and the second terminal 5 of the second target WA when a usage relationship occurs between the first target VA and the second target WA. In this setting process, if predetermined conditions are not met, the control unit 11 may obtain the authentication result of at least one of the first target VA and the second target WA, and set up a correspondence between the first target VA and the second target WA depending on whether authentication is successful in the obtained authentication result. On the other hand, if predetermined conditions are met, the control unit 11 may omit authentication of both the first target VA and the second target WA and set up a correspondence between the first target VA and the second target WA depending on whether a linking request has been received.
[0201] Furthermore, in one example, when a configuration is adopted in which authentication processing is performed on the management server 1 or an external server, the control unit 41 of the first terminal 4 of the first target VA may be configured to send a linking request to the management server 1, send a linking request jointly with the second terminal 5 of the second target WA, or have the second terminal 5 send a linking request, thereby causing the management server 1 to set up a correspondence between the first target VA and the second target WA when a usage relationship occurs between the first target VA and the second target WA. If the predetermined conditions are not met, the linking request will include an authentication request from at least one of the first target VA and the second target WA. This is acceptable. The correspondence between the first target VA and the second target WA may be configured by setting the correspondence between the first target VA and the second target WA in response to the authentication of at least one of the first target VA and the second target WA performed based on the authentication request being successful. If certain conditions are met, the authentication requests for both the first target VA and the second target WA may be omitted from the linking request. The correspondence between the first target VA and the second target WA may be configured by setting the correspondence between the first target VA and the second target WA in response to the receiving of the linking request.
[0202] Similarly, the control unit 51 of the second terminal 5 of the second target WA may be configured to send a linking request to the management server 1 when a usage relationship occurs between the first target VA and the second target WA, send a linking request jointly with the first terminal 4 of the first target VA, or have the first terminal 4 send a linking request, thereby causing the management server 1 to set up a correspondence between the first target VA and the second target WA. If the predetermined conditions are not met, the linking request may include an authentication request for at least one of the first target VA and the second target WA. Setting up a correspondence between the first target VA and the second target WA may be configured by setting up the correspondence between the first target VA and the second target WA in accordance with the fact that authentication for at least one of the first target VA and the second target WA, which was performed based on the authentication request, has been successful. If the predetermined conditions are met, the authentication requests for both the first target VA and the second target WA may be omitted from the linking request. Setting up the correspondence between the first target VA and the second target WA may be configured by setting up the correspondence between the first target VA and the second target WA in response to receiving a linking request.
[0203] <4.2> In the above embodiment, the authentication process may be performed on at least one of the management server 1, external servers (first server 2, second server 3, etc.), and each terminal (4, 5). The data communication when performing the authentication process may be designed appropriately according to the embodiment. As an example, at least one of the following four authentication methods may be adopted.
[0204] (A) First authentication method Figure 14 schematically shows an example of the linking setting process when the first authentication method is adopted. In the first authentication method, the second server 3 executes the authentication process for the second target WA in response to a request (authentication request) from the first terminal 4 of the first target VA. The first server 2 executes the authentication process for the first target VA in response to a request (authentication request) from the second terminal 5 of the second target WA. Each terminal (4, 5) requests authentication from each server (2, 3) as a linking request and has the authentication result reported to the management server 1. In this way, each terminal (4, 5) sends a linking request to the management server 1. The request sent from each terminal (4, 5) to each server (2, 3) is an example of a linking request that includes an authentication request. Furthermore, the process from when each terminal (4, 5) sends a request to each server (2, 3) until the authentication result is sent to the management server 1 is an example of the process in which the first terminal 4 and the second terminal 5 jointly send a linking request.
[0205] The first server 2 is configured to access a first storage device that stores the first registered unique information CA10 for the authentication of the first target VA. The first storage device may consist of at least one of the memory resources of the first server 2 and an external storage device (such as a NAS). The first registered unique information CA10 may be included in the first target information O10. The second server 3 is configured to access a second storage device that stores the second registered unique information CA20 for the authentication of the second target WA. The second storage device may consist of at least one of the memory resources of the second server 3 and an external storage device (such as a NAS). The second registered unique information CA20 may be included in the second target information O20.
[0206] Each registered unique information (CA10, CA20) is used for authentication of each target (VA, WA). This is unique information that has been registered in advance. The data format and structure of the unique information are not particularly limited, as long as they can be used for authentication, and may be appropriately selected depending on the embodiment. The unique information may consist of any information, such as information originating from the target, information originating from the terminal, temporarily generated information, or information generated by any other method.
[0207] Information originating from the target may include, for example, biometric information, uniquely assigned identification information, etc. Biometric information may include, for example, facial images, fingerprints, voiceprints, etc. Uniquely assigned identification information may include, for example, vehicle registration numbers, vehicle identification numbers, personal identification numbers, etc. If an IC tag is attached to the target, the uniquely assigned identification information may include the information held by the IC tag. Information originating from the terminal may include, for example, MAC addresses, terminal identification information, etc. Temporarily generated information may include, for example, one-time passwords, private addresses (dynamically generated addresses), etc. Temporarily generated information may consist of timestamps, random numbers, hash values, etc. Information generated by any other method may include, for example, passwords, passcodes, and other information other than sequences of symbols.
[0208] First, when a usage relationship is established between the relevant individuals of the first target VA and the second target WA, data exchange is performed between the corresponding first terminal 4 and second terminal 5 (steps SA110, SB110). The authentication process in normal processing mode will be described below.
[0209] In step SA110, the control unit 51 of the second terminal 5 obtains the first identifier I10 and the first unique information CA1 from the corresponding individual of the first target VA. The first unique information CA1 corresponds to the first registered unique information CA10. The control unit 51 may, as appropriate, obtain the first identifier I10 and the first unique information CA1 from the first target VA during data exchange. Obtaining from the first target VA may include obtaining from the first terminal 4. For example, the control unit 51 may obtain at least one of the first identifier I10 and the first unique information CA1 from the first target VA via an input device, sensor, etc. The control unit 51 may also obtain at least one of the first identifier I10 and the first unique information CA1 from the first terminal 4 during data exchange.
[0210] Furthermore, in step SB110, the control unit 41 of the first terminal 4 obtains the second identifier I20 and the second unique information CA2 from the corresponding individual of the second target WA. The second unique information CA2 corresponds to the second registered unique information CA20. The control unit 41 may, as appropriate, obtain the second identifier I20 and the second unique information CA2 from the second target WA during data exchange. Obtaining from the second target WA may include obtaining from the second terminal 5. For example, the control unit 41 may obtain at least one of the second identifier I20 and the second unique information CA2 from the second target WA via an input device, sensor, etc. The control unit 41 may also obtain at least one of the second identifier I20 and the second unique information CA2 from the second terminal 5 during data exchange. Each identifier (I10, I20) and each unique information (CA1, CA2) are examples of data used for authentication.
[0211] In step SA120, the control unit 51 of the second terminal 5 sends a first authentication request to the first server 2, which includes a first identifier I10 and first unique information CA1. In response, the control unit 21 of the first server 2 receives the first authentication request for the corresponding individual of the first target VA. The control unit 21 of the first server 2 operates as an authentication unit 211 and, upon receiving the first authentication request, appropriately executes the authentication process for the first target VA. In one example, the control unit 21 may extract the first registered unique information CA10 for the corresponding individual of the first target VA from the first target information O10 by using the first identifier I10 included in the first authentication request as a query to search for the first target information O10. The control unit 21 may compare the extracted first registered unique information CA10 with the first unique information CA1 included in the first authentication request. The comparison may be performed as appropriate depending on the unique information used. The control unit 21 may determine whether authentication for the corresponding individual of the first target VA is successful or not based on the result of the comparison. In step SA130, the control unit 21 determines the authentication result for the corresponding individual of the first target VA. The results are reported to the management server 1. For example, the control unit 21 may send the authentication result of the first target VA to the management server 1, along with the first identifier I10 of the first target VA. The control unit 21 may send the authentication result to the management server 1 regardless of whether the authentication was successful or not, or it may send the authentication result to the management server 1 only if the authentication is successful.
[0212] Meanwhile, in step SB120, the control unit 41 of the first terminal 4 sends a second authentication request to the second server 3, which includes the second identifier I20 and the second unique information CA2. In response, the control unit 31 of the second server 3 receives the second authentication request for the corresponding individual of the second target WA. The control unit 31 of the second server 3 operates as an authentication unit 311 and, upon receiving the second authentication request, appropriately executes the authentication process for the second target WA. In one example, the control unit 31 may extract the second registered unique information CA20 for the corresponding individual of the second target WA from the second target information O20 by using the second identifier I20 included in the second authentication request as a query to search for the second target information O20. The control unit 31 may compare the extracted second registered unique information CA20 with the second unique information CA2 included in the second authentication request. The comparison may be performed as appropriate depending on the unique information used. The control unit 31 may determine whether authentication for the corresponding individual of the second target WA is successful or not based on the result of the comparison. In step SB130, the control unit 31 reports the authentication result for the corresponding individual of the second target WA to the management server 1. In one example, the control unit 31 may send the authentication result of the second target WA to the management server 1, along with the second identifier I20 of the second target WA. The control unit 31 may send the authentication result to the management server 1 regardless of whether the authentication was successful or not, or it may send the authentication result to the management server 1 only if the authentication is successful.
[0213] One example of a second terminal 5 sending a linking request to the management server 1 is when the second terminal 5 sends a first authentication request to the first server 2 and instructs the first server 2 to send the authentication result to the management server 1. Similarly, one example of a first terminal 4 sending a linking request to the management server 1 is when the first terminal 4 sends a second authentication request to the second server 3 and instructs the second server 3 to send the authentication result to the management server 1. In other words, when the first authentication method is adopted during linking setup, the processing in steps SA120, SA130, SB120, and SB130 is an example of the processing in step S10. This form of authentication request is one example of a form in which the authentication process is executed together with the linking request.
[0214] The control unit 11 of the management server 1 receives authentication results for the corresponding individuals of each target (VA, WA) from each server (2, 3). The control unit 11 may identify the data mapping of the authentication results by using the shared information mentioned above, or by other means, in order to identify the combination of the corresponding individuals of the first target VA and second target WA that are currently requesting the setting of a correspondence relationship. If the authentication results of the first target VA and second target WA received by the control unit 11 show that both authentication of the first target VA and second target WA has been successful, the control unit 11 sets a correspondence relationship between the corresponding individuals of the first target VA and second target WA. The process of setting the correspondence relationship may be the same as in the above embodiment. Note that the series of processes from data exchange between terminals (4, 5) to linking settings may be executed in real time in response to the occurrence of a usage relationship.
[0215] In the first authentication method, in normal processing mode, when a usage relationship is established between the relevant individuals of the first target VA and the second target WA, authentication of each of the relevant individuals of the first target VA and the second target WA is performed on the first server 2 and the second server 3, respectively. At this time, authentication of the first target VA is requested from the second terminal 5 of the second target WA. Authentication of the second target WA is requested from the first terminal 4 of the first target VA. In other words, cross-authentication is performed, where each individual proceeds with the authentication of the other, rather than proceeding with their own authentication. This is expected to ensure security.
[0216] Note that the processing procedure in Figure 14 is merely an example, and each step may be modified as much as possible. Furthermore, depending on the embodiment, steps may be omitted, replaced, and Additional steps can be added. For example, the processing order of the authentication of the first target VA (steps SA110 to SA130) and the authentication of the second target WA (steps SB110 to SB130) is not particularly limited and may be determined as appropriate depending on the embodiment.
[0217] When the simplified processing mode is selected, the authentication process for either the first target VA or the second target WA may be omitted. The association request in the simplified processing mode may be configured to specify the relevant individuals of the first target VA and the second target WA as appropriate. For example, when performing authentication for one of the first target VA or the second target WA, the data transmitted through the authentication route of one target may include the identifier of the other target along with the identifier of the first target. For example, when performing authentication for the first target VA, the data transmitted from the second terminal 5 to the management server 1 via the first server 2 may include the first identifier I10 and the second identifier I20.
[0218] Furthermore, similar to <4.1> above, in normal processing mode, authentication processing for at least one of the first target VA and the second target WA is performed, whereas in simplified processing mode, both the first target VA and the second target WA may be omitted. In this case, at least one of the first terminal 4 and the second terminal 5 may omit the authentication request and appropriately send a linking request to the management server 1.
[0219] Furthermore, the transmission path for authentication results is not limited to the example in Figure 14. In another example, the first terminal 4 may receive the authentication result for the second target WA from the second server 3, and the second terminal 5 may receive the authentication result for the first target VA from the first server 2. Accordingly, each terminal (4, 5) may send a linking request to the management server 1 that includes the authentication results for each target (VA, WA) it has received. Alternatively, one terminal, the first terminal 4 or the second terminal 5, may exchange authentication results with the other terminal, and the other terminal may send a linking request to the management server 1 that includes the authentication results for the first target VA and the second target WA. This configuration is an example of a configuration in which authentication processing is performed before issuing a linking request.
[0220] (B) Second authentication method Figure 15 schematically shows an example of the linking setting process when the second authentication method is adopted. In the second authentication method, the management server 1 requests authentication from each server (2, 3) in response to a request from at least one of the first terminal 4 and the second terminal 5. That is, at least one of the first terminal 4 and the second terminal 5 sends a linking request that includes an authentication request for each target (VA, WA). The data (unique information) used for authentication is the same as in the first authentication method. The request sent from the first terminal 4 and the second terminal 5 to the management server 1 is an example of a linking request that includes an authentication request. Furthermore, this form of authentication request is an example of a form in which the authentication process is executed after the linking request. The authentication process in normal processing mode will be described below.
[0221] First, when a usage relationship occurs between the corresponding individuals of the first target VA and the second target WA, data exchange is performed between the corresponding first terminal 4 and second terminal 5 (steps SC110, SD110). At least one of the first terminal 4 and the second terminal 5 sends an authentication request to the management server 1 as a linking request, which includes the first identifier I10, the first unique information CA1, the second identifier I20, and the second unique information CA2 (steps SC120, SD120). In response, the control unit 11 of the management server 1 receives the authentication request which includes the first identifier I10, the first unique information CA1, the second identifier I20, and the second unique information CA2. The processing in steps SC120 and SD120 is an example of the processing in step S10 described above.
[0222] The division of data transmission responsibilities may be determined as appropriate depending on the embodiment. For example, the second terminal 5 may be responsible for transmitting the first identifier I10 and the first unique information CA1, and the first terminal 4 may be responsible for transmitting the second identifier I20 and the second unique information CA2. That is, in step SC110, the control unit 51 of the second terminal 5 transmits the first identifier I10 and the first unique information CA1 to the first target VA It may be obtained from the first target VA. Obtaining from the first target VA may include obtaining from the first terminal 4. In step SC120, the control unit 51 of the second terminal 5 may send a linking request including the obtained first identifier I10 and first unique information CA1 to the management server 1. In step SD110, the control unit 41 of the first terminal 4 may obtain the second identifier I20 and second unique information CA2 from the second target WA. Obtaining from the second target WA may include obtaining from the second terminal 5. In step SD120, the control unit 41 of the first terminal 4 may send a linking request including the obtained second identifier I20 and second unique information CA2 to the management server 1.
[0223] The distribution of data transmission is not limited to this example. In another example, at least one of the first identifier I10 and the first unique information CA1 may be transmitted from the first terminal 4. At least one of the second identifier I20 and the second unique information CA2 may be transmitted from the second terminal 5. When a divided transmission configuration is adopted, the management server 1 may identify the correspondence of the authentication request data by using the shared information mentioned above or by other means to identify the corresponding combination of the first target VA and second target WA that are currently requesting the setting of the correspondence relationship. In yet another example, the first identifier I10, the first unique information CA1, the second identifier I20, and the second unique information CA2 may be transmitted from only one of the first terminal 4 and the second terminal 5.
[0224] In step SC130, the control unit 11 of the management server 1 sends the first identifier I10 and the first unique information CA1 from the received data to the first server 2, requesting the first server 2 to authenticate the corresponding individual of the first target VA. In response, the control unit 21 of the first server 2 operates as an authentication unit 211, compares the first unique information CA1 and the first registered unique information CA10, and may determine whether the authentication for the corresponding individual of the first target VA is successful or not based on the result of the comparison. In step SC140, the control unit 21 of the first server 2 returns the authentication result for the corresponding individual of the first target VA to the management server 1.
[0225] Similarly, in step SD130, the control unit 11 of the management server 1 requests authentication for the corresponding individual of the second target WA from the second server 3 by transmitting the second identifier I20 and the second unique information CA2. In response, the control unit 31 of the second server 3 operates as an authentication unit 311 and may compare the second unique information CA2 and the second registered unique information CA20, and determine whether authentication for the corresponding individual of the second target WA is successful or not based on the result of the comparison. In step SD140, the control unit 31 of the second server 3 transmits the authentication result for the corresponding individual of the second target WA to the management server 1.
[0226] The control unit 11 of the management server 1 receives authentication results for the corresponding individual targets (VA, WA) from each server (2, 3). If the authentication results for the first target VA and second target WA received by the control unit 11 of the management server 1 show that both authentication for the first target VA and second target WA is successful, the control unit 11 sets up a correspondence between the corresponding individual targets of the first target VA and second target WA. The process for setting up the correspondence may be the same as in the above embodiment. Note that the series of processes from data exchange between terminals (4, 5) to linking may be executed in real time in response to the occurrence of a usage relationship. Other configurations may be the same as in the first authentication method.
[0227] In the second authentication method, in normal processing mode, when a usage relationship is established between the relevant individuals of the first target VA and the second target WA, authentication is performed on the first server 2 and the second server 3, respectively, for each of the relevant individuals of the first target VA and the second target WA. These two authentication methods are expected to ensure security.
[0228] Note that the processing procedure in Figure 15 is merely an example, and each step may be modified as much as possible. Furthermore, depending on the embodiment, steps in the above processing procedure can be omitted, replaced, or added as appropriate. For example, the authentication of the first target VA (steps SC110 to SC The processing order of steps 140) and 2nd target WA authentication (steps SD110 to SD140) is not particularly limited and may be determined as appropriate depending on the embodiment.
[0229] If the simplified processing mode is selected, the authentication process for either the first target VA or the second target WA may be omitted. Similar to the first authentication method described above, the linking request in the simplified processing mode may be configured to appropriately specify the corresponding individuals of the first target VA and the second target WA. Also, similar to <4.1> above, while the authentication process for at least one of the first target VA and the second target WA is performed in the normal processing mode, both the first target VA and the second target WA may be omitted in the simplified processing mode.
[0230] Furthermore, the transmission path for the authentication results is not limited to the example in Figure 15. In another example, the authentication process for at least one of the first target VA and the second target WA may be performed by the management server 1 instead of an external server. For example, the management server 1 may hold at least one of the first registered unique information CA10 and the second registered unique information CA20. Alternatively, the management server 1 may obtain at least one of the first registered unique information CA10 and the second registered unique information CA20 by querying at least one of the first server 2 and the second server 3. Accordingly, the control unit 11 of the management server 1 may operate as an authentication unit 115 and perform the authentication process for at least one of the first target VA and the second target WA.
[0231] (C-1) Authentication method of Section 3-1 Figure 16 schematically shows an example of the linking setting process when adopting the authentication method described in Section 3-1. The authentication method described in Section 3-1 uses a time-limited certificate for authentication instead of unique information. The authentication process is performed by the management server 1.
[0232] The first server 2 is configured to issue the first time-limited certificate CB10 to each individual of the first target VA. The second server 3 is configured to issue the second time-limited certificate CB20 to each individual of the second target WA.
[0233] Each time-limited certificate (CB10, CB20) is configured to expire after its validity period. The configuration of each time-limited certificate (CB10, CB20) is not particularly limited and may be appropriately selected depending on the embodiment, as long as the expiration due to the expiration of the validity period can be controlled. Each time-limited certificate (CB10, CB20) may contain arbitrary information. For example, each time-limited certificate (CB10, CB20) may be composed of random numbers, timestamps, hash values, etc. Each time-limited certificate (CB10, CB20) may be composed of temporary information such as a one-time password.
[0234] The validity period of each time-limited certificate (CB10, CB20) may be managed as appropriate. Expiration due to the expiration of the validity period may be identified as appropriate. For example, whether or not a time-limited certificate has expired may be identified by the expiration of the deadline set for the time-limited certificate, the addition of the time-limited certificate to the revocation list, the removal of the time-limited certificate from the valid list, the renewal with a new time-limited certificate, or the addition of information indicating revocation (e.g., a timestamp). When reference information such as the revocation list and valid list is used for managing the validity period, the reference information may be stored in any storage device accessible from system 100. Typically, the reference information for each time-limited certificate (CB10, CB20) may be stored on each server (2, 3). The authentication process in normal processing mode will be described below.
[0235] First, in step SE110, the control unit 41 of the first terminal 4 of the first target VA sends a request to the first server 2 for the issuance of the first time-limited certificate CB10 in relation to the first identifier I10 of the first target VA. Upon receiving the request, the control unit 21 of the first server 2 issues the first time-limited certificate CB10 in relation to the first identifier I10. In step SE120, the first server 2 The control unit 21 of the first terminal 4 returns the issued first time-limited certificate CB10 to the first terminal 4. In response, the first terminal 4 receives the issued first time-limited certificate CB10 from the first server 2. The control unit 41 of the first terminal 4 stores the received first time-limited certificate CB10 for use as the first certificate CB1. In step SE130, the control unit 21 of the first server 2 also notifies the management server 1 of the issued first time-limited certificate CB10. The control unit 21 may also notify the first time-limited certificate CB10 with the first identifier I10 attached.
[0236] In step SF110, the control unit 51 of the second terminal 5 of the second target WA sends a request to the second server 3 for the issuance of the second time-limited certificate CB20 in relation to the second identifier I20 of the second target WA. Upon receiving the request, the control unit 31 of the second server 3 issues the second time-limited certificate CB20 in relation to the second identifier I20. In step SF120, the control unit 31 of the second server 3 returns the issued second time-limited certificate CB20 to the second terminal 5. In response, the second terminal 5 receives the issued second time-limited certificate CB20 from the second server 3. The control unit 51 of the second terminal 5 stores the received second time-limited certificate CB20 as usable second certificate CB2. Also, in step SF130, the control unit 31 of the second server 3 notifies the management server 1 of the issued second time-limited certificate CB20. The control unit 31 may also notify the second time-limited certificate CB20 with the second identifier I20 attached.
[0237] When a usage relationship is established between the corresponding individuals of the first target VA and the second target WA, data exchange is performed between the corresponding first terminal 4 and second terminal 5 (steps SE140, SF140). At least one of the first terminal 4 and the second terminal 5 sends an authentication request to the management server 1 as a linking request, which includes the first certificate CB1 and the second certificate CB2 (steps SE150, SF150). In response, the management server 1 receives the first certificate CB1 corresponding to the first time-limited certificate CB10 and the second certificate CB2 corresponding to the second time-limited certificate CB20. The processing in steps SE150 and SF150 is an example of the processing in step S10 described above. The request sent from at least one of the first terminal 4 and the second terminal 5 is an example of a linking request that includes an authentication request. This form of authentication request is an example of a form in which authentication processing is performed together with or after the linking request.
[0238] The distribution of data transmission may be determined as appropriate depending on the embodiment. For example, the second terminal 5 may be responsible for transmitting the first certificate CB1, and the first terminal 4 may be responsible for transmitting the second certificate CB2. That is, in step SE140, the control unit 51 of the second terminal 5 may obtain the first certificate CB1 from the first terminal 4. In step SE150, the control unit 51 of the second terminal 5 may send a linking request including the first certificate CB1 to the management server 1. In step SF140, the control unit 41 of the first terminal 4 may obtain the second certificate CB2 from the second terminal 5. In step SF150, the control unit 41 of the first terminal 4 may send a linking request including the second certificate CB2 to the management server 1.
[0239] The distribution of data transmission is not limited to this example. In another example, the first certificate CB1 may be sent from the first terminal 4. The second certificate CB2 may be sent from the second terminal 5. In addition, each identifier (I10, I20) may be sent to the management server 1 along with each certificate (CB1, CB2). In this case, each identifier (I10, I20) and each certificate (CB1, CB2) are examples of data used for authentication. Each identifier (I10, I20) may be sent from at least one of the first terminal 4 and the second terminal 5. When adopting a split transmission method, the management server 1 may identify the matching of authentication request data by using the shared information mentioned above, or by other means, in order to identify the corresponding combination of the first target VA and second target WA that are currently requesting the setting of the correspondence relationship. In yet another example, the first certificate CB1 and the second certificate CB2 may be sent from only one of the first terminal 4 and the second terminal 5.
[0240] The control unit 11 of the management server 1 operates as an authentication unit 115 and compares the received first certificate CB1 with the first time-limited certificate CB10 notified by the first server 2. The control unit 11 of the management server 1 operates as an authentication unit 115 and compares the received second certificate CB2 with the second time-limited certificate CB20 notified by the second server 3. The control unit 11 may appropriately identify the mapping of the data to be compared. Identifying the mapping of the data to be compared means determining the combination of the first time-limited certificate CB10 and the first certificate CB1, and the combination of the second time-limited certificate CB20 and the second certificate CB2. Similar to the mapping of authentication request data, the control unit 11 may identify the mapping of the data to be compared by using the shared information mentioned above. The shared information may be each identifier (I10, I20).
[0241] Furthermore, the method for matching certificates and time-limited certificates may be appropriately selected depending on the relationship between them. For example, time-limited certificates (CB10, CB20) may be used as certificates (CB1, CB2) as they are. In this case, the success or failure of the matching in authentication may be determined based on whether or not the time-limited certificates (CB10, CB20) and certificates (CB1, CB2) match. In another example, time-limited certificates (CB10, CB20) may be arbitrarily converted, and the converted time-limited certificates (CB10, CB20) may be used as certificates (CB1, CB2). In this case, the success or failure of the matching in authentication may be determined based on whether or not a predetermined relationship is established between the time-limited certificates (CB10, CB20) and certificates (CB1, CB2). For example, the first time-limited certificate CB10 may be converted into a hash value, and the resulting hash value may be used as the first certificate CB1. Accordingly, whether or not a relationship is established may be determined by whether or not the hash value of the first time-limited certificate CB10 matches that of the first certificate CB1. The conversion may include data operations such as deletion and addition. At least one of the first time-limited certificate CB10 and the second time-limited certificate CB20 may be used as a certificate as is, and the other may be used as a certificate after conversion. The conversion process may be performed at each terminal (4, 5) or at each server (2, 3). If the conversion process is performed at each server (2, 3), each terminal (4, 5) may receive the converted time-limited certificates (CB10, CB20) from each server (2, 3).
[0242] The control unit 11 of the management server 1 may determine whether the authentication of each corresponding individual of each target (VA, WA) is successful or not according to the result of each verification. If the verification fails, the authentication fails. If the first-time limit certificate CB10 / second-time limit certificate CB20 has expired due to the expiration of the validity period, the verification of the first target VA / second target WA fails. On the other hand, if the first-time limit certificate CB10 and the second-time limit certificate CB20 are valid and each verification is successful, the authentication of both the first target VA and the second target WA is successful. When the authentication of both the first target VA and the second target WA is successful, the control unit 11 of the management server 1 sets a correspondence relationship between the corresponding individuals of the first target VA and the second target WA. The setting process of the correspondence relationship may be the same as that in the above embodiment. Note that a series of processes from data exchange between the terminals (4, 5) to association setting may be executed in real time according to the occurrence of the usage relationship. Other configurations may be the same as those of the first authentication method and the like.
[0243] In the third - 1 method, in the normal processing mode, according to the occurrence of a usage relationship between the corresponding individuals of the first target VA and the second target WA, the authentication of each of the first target VA and the second target WA is performed using the time - limit certificates (CB10, CB20). Each time - limit certificate (CB10, CB20) is configured to expire when the validity period passes. Therefore, it is possible to prevent the permanent use of the same certificate, and thus, it is possible to expect to ensure security.
[0244] Note that the processing procedure in FIG. 16 is only an example, and each step may be changed as much as possible. Also, for the above processing procedure, according to the embodiment, steps can be omitted, replaced, and added as appropriate. For example, the processing order of the authentication of the first target VA (steps SE110 to step SE 150) and the authentication of the second target WA (steps SF110 to step SF150) is not particularly limited and may be appropriately determined according to the embodiment.
[0245] Furthermore, the issuance of each time-limited certificate (CB10, CB20) does not necessarily have to be based on a request from each terminal (4, 5). Each server (2, 3) may generate each time-limited certificate (CB10, CB20) on its own initiative. In this case, the processing in steps SE110 and SF110 may be omitted.
[0246] Furthermore, the issuance of each time-limited certificate (CB10, CB20) (steps SE110 to SE130, steps SF110 to SF130) may be performed at any time before the request for linking settings (steps SE150, SF150). For example, the issuance of each time-limited certificate (CB10, CB20) may be performed in advance before the data exchange between the first terminal 4 and the second terminal 5 is performed (steps SE140, SF140). In another example, it may be performed after the data exchange between the first terminal 4 and the second terminal 5 has started, but before the linking request is sent. From the viewpoint of reducing the steps involved in linking settings, it is preferable that the issuance of each time-limited certificate (CB10, CB20) be performed at the former timing.
[0247] If the simplified processing mode is selected, the authentication process for either the first target VA or the second target WA may be omitted. Similar to the first authentication method described above, the linking request in the simplified processing mode may be configured to appropriately specify the corresponding individuals of the first target VA and the second target WA. Also, similar to <4.1> above, while the authentication process for at least one of the first target VA and the second target WA is performed in the normal processing mode, both the first target VA and the second target WA may be omitted in the simplified processing mode.
[0248] Furthermore, in the authentication method described in Section 3-1 above, the matching process for each certificate (CB1, CB2) and each time-limited certificate (CB10, CB20), i.e., the authentication process for each target (VA, WA), is performed by the management server 1. However, the entity that performs the matching process is not limited to the management server 1. In another example, the management server 1 may request each server (2, 3) to perform the matching process by sending each certificate (CB1, CB2) to each server (2, 3). In this way, the matching process may be performed by each server (2, 3). That is, the authentication process for at least one of the first target VA and the second target WA may be performed by an external server. In one example, the control unit 21 of the first server 2 may operate as an authentication unit 211 and determine the success or failure of the authentication of the first target VA by matching the first certificate CB1 and the first time-limited certificate CB10 received from the management server 1. The control unit 21 may return the authentication result of the first target VA to the management server 1. Furthermore, the control unit 31 of the second server 3 may operate as an authentication unit 311 and determine the success or failure of the authentication of the second target WA by comparing the second certificate CB2 and the second time-limited certificate CB20 received from the management server 1. The control unit 31 may return the authentication result of the second target WA to the management server 1. In this case, the notification of each time-limited certificate (CB10, CB20) (steps SE130, SF130) may be omitted. In another example, the management server 1 may perform the authentication process for at least one of the first target VA and the second target WA, and the external server may perform the authentication process for the other.
[0249] (C-2) Authentication method of Section 3-2 In the authentication method described in Section 3-1 above, authentication processing for each target (VA, WA) is performed in response to a linking request from at least one of the first terminal 4 and the second terminal 5. However, the timing of the authentication processing is not limited to this example. In the authentication method described in Section 3-2, before sending the linking request to the management server 1, authentication processing for at least one of the first target VA and the second target WA may be performed in advance by at least one of the first terminal 4 and the second terminal 5 with at least one of the first server 2 and the second server 3. This form of authentication request This is an example of a configuration in which authentication processing is performed before the linking request.
[0250] Figure 17A schematically shows an example of the linking setting process when adopting the authentication method described in Section 3-2. Figure 17A assumes a scenario in which the authentication process for the first target VA is performed.
[0251] First, the processes in steps SE110 and SE120 may be executed between the first terminal 4 and the first server 2 in the same manner as the authentication method described in Section 3-1 above. As a result of the execution, the first time-limited certificate CB10 is issued, and the issued first time-limited certificate CB10 is notified to the first terminal 4. At this time, the first server 2 may store the issued first time-limited certificate CB10 in association with the first identifier I10. The first time-limited certificate CB10 may also be stored as the first target information O10. Notification to the management server 1 (step SE130) may be omitted. In step SE140, the control unit 41 of the first terminal 4 provides the issued first time-limited certificate CB10 to the second terminal 5 as the first certificate CB1. The first terminal 4 also provides the first identifier I10 to the second terminal 5. In response, the second terminal 5 obtains the first identifier I10 and the first certificate CB1 from the first target VA.
[0252] In step SG110, the control unit 51 of the second terminal 5 sends an authentication request to the first server 2, which includes the first identifier I10 and the first certificate CB1. Upon receiving the authentication request, the control unit 21 of the first server 2 acts as an authentication unit 211 and compares the received first certificate CB1 with the corresponding first time-limited certificate CB10. The corresponding first time-limited certificate CB10 may be obtained as appropriate. In one example, the issued first time-limited certificate CB10 may be stored as first target information O10, and the control unit 21 of the first server 2 may extract the corresponding first time-limited certificate CB10 by searching the first target information O10 using the first identifier I10 as a query. In step SG120, the control unit 21 of the first server 2 returns the result of the comparison to the second terminal 5. In response, the control unit 51 of the second terminal 5 receives the result of the comparison.
[0253] If the verification results received indicate that the first certificate CB1 and the first time-limited certificate CB10 have failed, the control unit 51 of the second terminal 5 may terminate the linking setting process as appropriate. The control unit 51 may also request the first terminal 4 to resend the first certificate CB1. On the other hand, if the verification is successful, the control unit 51 sends a linking request including the first identifier I10 and the second identifier I20 to the management server 1 (step SG130). The processing in step SG130 is an example of the processing in step S10 described above.
[0254] In response, the management server 1 receives a linking request from the second terminal 5. The control unit 11 of the management server 1 sets up a correspondence between the corresponding individuals of the first target VA and the second target WA in response to the linking request. The process for setting up the correspondence may be the same as in the above embodiment. Note that the series of processes from data exchange between terminals (4, 5) (step SE140) to linking setting may be executed in real time in response to the occurrence of a usage relationship. Other configurations may be the same as in the first authentication method, etc.
[0255] Furthermore, the authentication method described in Section 3-2 does not have to be limited to the first target VA. The second target WA may also be authenticated using the same method.
[0256] Figure 17B schematically shows another example of the linking setting process when adopting the authentication method of 3-2. Figure 17B assumes a scenario in which the authentication process of the second target WA is performed. Except for the fact that the first target VA and the second target WA are swapped, the processing procedure in Figure 17B may be the same as the processing procedure in Figure 17A. That is, the processing in steps SF110 and SF120 is performed between the second terminal 5 and the second server 3, and the second time-limited certificate CB20 is issued, and the issued second time-limited certificate CB20 is notified to the second terminal 5. In step SF140, the control unit 51 of the second terminal 5 receives the issued second time-limited certificate CB20. The second certificate CB2 is provided to the first terminal 4. The control unit 51 of the second terminal 5 also provides the second identifier I20 to the first terminal 4. In step SH110, the control unit 41 of the first terminal 4 sends an authentication request including the second identifier I20 and the second certificate CB2 to the second server 3. In response, the control unit 31 of the second server 3 operates as the authentication unit 311 and performs verification processing of the second certificate CB2 and the second time-limited certificate CB20. In step SH120, the control unit 31 of the second server 3 returns the verification result to the first terminal 4. If the verification result shows that the second certificate CB2 and the second time-limited certificate CB20 have been verified, the control unit 41 of the first terminal 4 sends a linking request including the first identifier I10 and the second identifier I20 to the management server 1 (step SH130). In response, the management server 1 receives the linking request from the first terminal 4. The control unit 11 of the management server 1 sets up a correspondence between the corresponding individuals of the first target VA and the second target WA in response to a linking request.
[0257] When adopting an authentication process abbreviation similar to the above embodiment, in normal processing mode, the authentication processes for the first target VA and the second target WA as shown in Figures 17A and 17B may be performed. On the other hand, in simplified processing mode, the authentication process for either the first target VA or the second target WA may be omitted.
[0258] In the authentication method described in Section 3-2, the authentication process is performed before the linking request in normal processing mode. This reduces the processing load on the management server 1. It also shortens the processing time from the linking request to the configuration process.
[0259] Note that the processing procedures in Figures 17A and 17B are merely examples, and each step may be modified as much as possible. Furthermore, depending on the embodiment, steps in the above processing procedure may be omitted, replaced, or added as appropriate. The processing order of authentication of the first target VA and the second target WA is not particularly limited and may be determined as appropriate depending on the embodiment.
[0260] For example, in the processing procedure shown in Figure 17A, the management server 1 may appropriately verify that the matching was successful at the first server 2. In one example, the first server 2 may also send the matching result to the management server 1. For example, the authentication request may further include a second identifier I20. If the matching is successful, the first server 2 may send the matching result, including the first identifier I10 and the second identifier I20, to the management server 1. This allows the first server 2 to activate a linking request to the management server 1 for the combination of the first identifier I10 and the second identifier I20 specified in the matching result. In other words, in one example, verification of the successful matching may consist of receiving this matching result. The management server 1 may be configured to hold the matching result from the first server 2, accept requests for linking settings for the combination of the first identifier I10 and the second identifier I20 specified in the matching result, and reject other requests for linking settings. Similarly, in the processing procedure shown in Figure 17B, the management server 1 may appropriately verify that the matching has been completed at the second server 3.
[0261] Furthermore, similar to <4.1> above, in normal processing mode, at least one of the authentication processes for the first target VA and the second target WA as shown in Figures 17A and 17B above may be performed. On the other hand, in simplified processing mode, the authentication processes for both the first target VA and the second target WA may be omitted.
[0262] Furthermore, in the processing procedures shown in Figures 17A and 17B, each server (2, 3) may send the authentication result to the management server 1 instead of returning it to each terminal (4, 5). This transmission method is an example of a method in which the linking request is sent to the management server 1 via an external server, and a method in which the authentication process is performed together with the linking request.
[0263] (D) Fourth Authentication Method FIG. 18A schematically shows an example of the processing procedure of the association setting when adopting the fourth authentication method. The fourth authentication method uses an electronic signature by a private key and an electronic certificate. The authentication process is executed by the terminal of the partner to be authenticated. The terminal of the partner to be authenticated is the second terminal 5 when authenticating the first target VA, and the first terminal 4 when authenticating the second target WA. FIG. 18A assumes a scenario where the authentication process of the first target VA is executed.
[0264] As a preparation stage (preprocessing), a combination of the first private key CC10 and the first public key used for authenticating the first target VA is generated. The method for generating the first private key CC10 and the first public key is not particularly limited and may be appropriately selected according to the embodiment. The first private key CC10 and the first public key may be generated by at least one of the first terminal 4 and an external computer (the first server 2, a certification authority, etc.).
[0265] Next, a first electronic certificate CC1 for the first public key is generated by the certification authority. In one example, the certification authority may generate the first electronic certificate CC1 in response to a request from the first terminal 4. The certification authority may be the first server 2 or an external server other than the first server 2. As long as the authenticity of the first public key can be verified, the configuration of the first electronic certificate CC1 is not particularly limited and may be appropriately selected according to the embodiment. In one example, the first electronic certificate CC1 may be composed of an electronic signature by the certification authority, ownership information, and the first public key. The certification authority holds a combination of a public key and a private key. The electronic signature by the certification authority may be generated by encrypting the ownership information and the first public key with the private key of the certification authority. In a specific example, the electronic signature by the certification authority may be generated by converting the ownership information and the first public key into a hash value by a hash function and encrypting the obtained hash value with the private key of the certification authority.
[0266] The first digital certificate CC1 is provided to the first terminal 4 by the certification authority. The first digital certificate CC1 may also be stored in any storage area. The expiration date of the first digital certificate CC1 may be managed by a revocation list. The revocation list may also be stored in any storage area. The first digital certificate CC1 and the revocation list may be stored on the first server 2, or on an external server accessible from the first server 2. When the first terminal 4 has the first private key CC10 and the first digital certificate CC1, preparation for the authentication process of the first target VA is complete.
[0267] During the usage phase, when a usage relationship is established between the relevant individuals of the first target VA and the second target WA, data exchange is performed between the corresponding first terminal 4 and second terminal 5 (steps SI110, SI120). In this data exchange, electronic information is shared between the first terminal 4 and the second terminal 5. The electronic information may consist of arbitrary information such as random numbers and timestamps. The electronic information may also include information originating from the first target VA, such as the owner information of the first terminal 4.
[0268] The electronic information may be generated by at least one of the first terminal 4 and the second terminal 5. If the second terminal 5 is involved in the generation of at least a portion of the electronic information, as a process in step SI110, data relating to the electronic information may be provided from the second terminal 5 to the first terminal 4. The control unit 41 of the first terminal 4 generates the digital signature CD1 by encrypting the first identifier I10 and the electronic information using the first secret key CC10. In a specific example, the control unit 41 of the first terminal 4 may generate the digital signature CD1 by converting the first identifier I10 and the electronic information into a hash value using a hash function, and then encrypting the obtained hash value with the first secret key CC10.
[0269] In step SI120, the control unit 41 of the first terminal 4 provides the first identifier I10, the generated digital signature CD1, and the first digital certificate CC1 to the second terminal 5. As a result, the second terminal 5 obtains the first identifier I10, the digital signature CD1, and the first digital certificate CC1 from the first terminal 4. The first terminal 4 is involved in the generation of at least a portion of the electronic information, such as information originating from the first target VA. If this is the case, as part of the processing in step SI120, data relating to electronic information may be provided from the first terminal 4 to the second terminal 5.
[0270] Next, the control unit 51 of the second terminal 5 operates as an authentication unit 514 and verifies the validity of the first digital certificate CC1 (steps SI130 and SI135). In the example in Figure 18A, it is assumed that the first server 2 maintains a revocation list. In step SI130, the control unit 51 of the second terminal 5 queries the first server 2 to determine whether the first digital certificate CC1 is valid. If the first digital certificate CC1 is not registered in the revocation list, it is determined that the first digital certificate CC1 is valid (i.e., its expiration date has not passed). If the first digital certificate CC1 is registered in the revocation list, it is determined that the first digital certificate CC1 is not valid. The first server 2 refers to the revocation list and determines whether the first digital certificate CC1 is valid. In step SI135, the first server 2 returns the determination result to the second terminal 5. The control unit 51 of the second terminal 5 may also query the first server 2 to determine whether the first identifier I10 is valid. If the revocation list is maintained on an external server, the control unit 51 of the second terminal 5 may query the external server directly or indirectly (for example, via the first server 2) to determine whether the first digital certificate CC1 is valid. In another example, the control unit 51 of the second terminal 5 may obtain the revocation list and determine whether the first digital certificate CC1 is valid by referring to the obtained revocation list. If the first digital certificate CC1 is not valid (i.e., its expiration date has passed), the control unit 51 of the second terminal 5 may determine that the verification of the validity of the first digital certificate CC1 is unsuccessful and terminate the linking setting process as appropriate. The control unit 51 of the second terminal 5 may request the first terminal 4 to resend the series of information. On the other hand, if the first digital certificate CC1 is valid, the control unit 51 of the second terminal 5 may obtain the public key of the certification authority as appropriate. The control unit 51 of the second terminal 5 uses the obtained public key to decrypt the digital signature of the certification authority contained in the first digital certificate CC1. Then, the control unit 51 of the second terminal 5 compares the obtained decrypted data with the remaining information (ownership information and the first public key) contained in the first digital certificate CC1. If the data is encrypted after being converted to a hash value, the control unit 51 of the second terminal 5 converts the ownership information and the first public key into a hash value using a hash function and compares the obtained hash value with the decrypted data.The control unit 51 of the second terminal 5 determines that the verification of the validity of the first electronic certificate CC1 is successful if the two match during the matching process, and determines that the verification of the validity of the first electronic certificate CC1 is unsuccessful if the two do not match.
[0271] Furthermore, the control unit 51 of the second terminal 5 operates as an authentication unit 514 and verifies the validity of the digital signature CD1 (step SI140). The control unit 51 of the second terminal 5 decrypts the digital signature CD1 using the first public key contained in the first digital certificate CC1. The control unit 51 of the second terminal 5 compares the obtained decrypted data with the shared information (first identifier I10 and digital information). If the data was encrypted after being converted to a hash value, the control unit 51 of the second terminal 5 converts the shared information (first identifier I10 and digital information) into a hash value using a hash function and compares the obtained hash value with the decrypted data. If the two match in the comparison, the control unit 51 of the second terminal 5 determines that the verification of the validity of the digital signature CD1 is successful, and if they do not match, it determines that the verification of the validity of the digital signature CD1 is unsuccessful.
[0272] If the validity verification of the first digital certificate CC1 and the digital signature CD1 is successful, the authentication of the first target VA is successful. In this case, the control unit 51 of the second terminal 5 sends a linking request including the first identifier I10 and the second identifier I20 to the management server 1 (step SI150). In response, the management server 1 receives the linking request from the second terminal 5. The control unit 11 of the management server 1 sets up a correspondence between the corresponding individuals of the first target VA and the second target WA in response to the linking request. The process of setting up the correspondence may be the same as in the above embodiment. Note that the series of processes from data exchange between terminals (4, 5) to linking setting may be executed in real time in response to the occurrence of a usage relationship. This is one example of the logic. On the other hand, if the verification of the validity of at least one of the first electronic certificate CC1 and the electronic signature CD1 fails, the second terminal 5 may terminate the linking setting process as appropriate. The second terminal 5 may also request the first terminal 4 to resend the series of information.
[0273] Furthermore, the authentication target for the fourth authentication method is not limited to the first target VA. The second target WA may also be authenticated using the same method.
[0274] Figure 18B schematically shows another example of the linking setting process when the fourth authentication method is adopted. Figure 18B assumes a scenario in which the authentication process for the second target WA is performed. Except for the fact that the first target VA and the second target WA are swapped, the processing procedure and data in Figure 18B may be the same as the processing procedure and data in Figure 18A. That is, in the preparation stage, a combination of the second private key CC20 and the second public key is generated. Next, the second digital certificate CC2 for the second public key is generated by the certification authority. In one example, the second digital certificate CC2 may consist of the certification authority's digital signature, ownership information and the second public key. The second digital certificate CC2 is provided from the certification authority to the second terminal 5. In the usage stage, when a usage relationship occurs between the corresponding individuals of the first target VA and the second target WA, data exchange is performed between the corresponding first terminal 4 and second terminal 5 (steps SJ110, step SJ120). In this data exchange, electronic information is shared between the first terminal 4 and the second terminal 5. The control unit 51 of the second terminal 5 generates an electronic signature CD2 by encrypting the second identifier I20 and electronic information using the second secret key CC20. The control unit 51 of the second terminal 5 provides the second identifier I20, the generated electronic signature CD2, and the second electronic certificate CC2 to the first terminal 4. As a result, the control unit 41 of the first terminal 4 obtains the second identifier I20, the electronic signature CD2, and the second electronic certificate CC2. The control unit 41 of the first terminal 4 operates as an authentication unit 414 and verifies the validity of the second electronic certificate CC2 (steps SJ130, SJ135). The control unit 41 of the first terminal 4 also operates as an authentication unit 414 and verifies the validity of the electronic signature CD2 (step SJ140). If the validity verification of both the second electronic certificate CC2 and the electronic signature CD2 is successful, the authentication of the second target WA is successful. In this case, the control unit 41 of the first terminal 4 sends a linking request including the first identifier I10 and the second identifier I20 to the management server 1 (step SJ150). In response, the management server 1 receives the linking request from the first terminal 4. The control unit 11 of the management server 1 sets up a correspondence between the corresponding individuals of the first target VA and the second target WA in response to the linking request. The process for setting up the correspondence may be the same as in the above embodiment.On the other hand, if the verification of the validity of at least one of the second digital certificate CC2 and the digital signature CD2 fails, the first terminal 4 may terminate the linking setting process as appropriate. The first terminal 4 may also request the second terminal 5 to resend the series of information. In another example, the authentication process for the first target VA and the second target WA may be performed by executing the series of processes shown in Figures 18A and 18B.
[0275] When adopting an authentication process abbreviation similar to the above embodiment, in normal processing mode, the authentication processes for the first target VA and the second target WA as shown in Figures 18A and 18B may be performed. On the other hand, in simplified processing mode, the authentication process for either the first target VA or the second target WA may be omitted.
[0276] In the fourth authentication method, at least one of the first target VA and the second target WA is authenticated using a private key and a digital certificate. This is expected to ensure security. Furthermore, by performing the authentication process on the terminal side before the linking request, it is expected that the processing load on the management server 1 will be reduced. In addition, the processing time from the linking request to the configuration process can be shortened.
[0277] Note that the processing procedures in Figures 18A and 18B are merely examples, and each step may be modified as much as possible. Furthermore, depending on the embodiment, the steps of the above processing procedure may be modified as appropriate. Omissions, substitutions, and additions are permitted. For example, in the processing procedure shown in Figure 18A, the order of the verification of the validity of the first digital certificate CC1 (steps SI130 and SI135) and the verification of the validity of the digital signature CD1 (step SI140) may be changed as appropriate. In another example, the verification of the validity of the digital signature CD1 may be performed before the verification of the validity of the first digital certificate CC1. The verification of the validity of the first digital certificate CC1 and the verification of the validity of the digital signature CD1 may be performed in parallel, at least partially. The same applies to the relationship between the verification of the validity of the second digital certificate CC2 and the verification of the validity of the digital signature CD2.
[0278] Furthermore, similar to <4.1> above, in normal processing mode, at least one of the authentication processes for the first target VA and the second target WA as shown in Figures 18A and 18B above may be executed. On the other hand, in simplified processing mode, the authentication processes for both the first target VA and the second target WA may be omitted.
[0279] [5. Supplement] The processes and means described herein can be freely combined and implemented, provided that no technical inconsistencies arise.
[0280] Furthermore, a process described as being performed by a single device may be divided and executed by multiple devices. Conversely, a process described as being performed by different devices may be executed by a single device. In a computer system, the hardware configuration used to implement each function can be flexibly changed.
[0281] The present disclosure can also be realized by supplying a computer program implementing the functions described in the embodiments above to a computer, and having one or more processors in the computer read and execute the program. Such a computer program may be provided to the computer by a non-temporary computer-readable storage medium that can be connected to the computer's system bus, or it may be provided to the computer via a network. Non-temporary computer-readable storage mediums include, for example, any type of disk such as magnetic disks (floppy disks, hard disk drives (HDDs), etc.), optical disks (CD-ROMs, DVDs, Blu-ray discs, etc.), read-only memory (ROM), random access memory (RAM), EPROM, EEPROM, magnetic cards, flash memory, optical cards, semiconductor drives (solid-state drives, etc.), and any type of medium suitable for storing electronic instructions. [Explanation of Symbols]
[0282] 1...Management server, 11...Control unit, 2...First server, 21...Control unit, 3...Second server, 31...Control unit, 4...First terminal, 41...Control unit, 47...Positioning module, 5...Second terminal, 51...Control unit, 57...Positioning module, VA...First target, WA...Second target, I10...First identifier, I20...Second identifier, O10...Primary target information, O10A...User information, O20...Second target information, O20A...Mobile information, D10…Linking information, E10…Various information
Claims
1. Management server, The first terminal of the first target, and The second terminal of the second target, Equipped with, At least one of the first terminal and the second terminal is configured to send a linking request to the management server in response to the occurrence of a usage relationship between the first target and the second target. The management server is configured to set up the correspondence between the first target and the second target based on the association request. Setting up the aforementioned correspondence relationship means If the specified conditions are not met, To obtain the certification results for both the first and second targets, and Based on the acquired authentication results for the first and second objects, a correspondence relationship is established between the first and second objects depending on whether the authentication of both the first and second objects is successful, and When the aforementioned predetermined conditions are met, Obtaining the authentication result for the other target while omitting the authentication for either the first target or the second target, and In the acquired authentication result, a correspondence relationship is established between the first target and the second target depending on whether the authentication of the other target is successful. Composed of, system.
2. The first subject mentioned above is the user, The second object is the item used by the user, The aforementioned predetermined conditions include the fact that the item is an item used repeatedly by the user on a regular basis. The system according to claim 1.
3. The aforementioned predetermined conditions include having previously established a correspondence relationship for the same combination of the first and second objects. The system according to claim 1.
4. The aforementioned predetermined conditions include that at least one of the first object and the second object is of a specific type, The system according to claim 1.
5. The aforementioned predetermined conditions include having previously established a correspondence relationship for the same combination of the first object and the second object, and at least one of the types of the first object and the second object being a specific type. The system according to claim 1.
6. The first subject mentioned above is the user, The second object is the item used by the user, The fact that at least one of the first and second objects is of a specific type includes the fact that the object is a regularly used object that is repeatedly used by the user. The system according to claim 5.
7. The aforementioned object is a mobile object. The system according to claim 6.
8. The aforementioned regularly used item is a private car. The system according to claim 7.
9. The first subject mentioned above is the user, The second object is the item used by the user, When the aforementioned predetermined conditions are met, the authentication of either the first target or the second target is the authentication of the user, and the authentication of the other target is the authentication of the user. The system according to claim 1.
10. Sending the linking request to the management server consists of either directly sending the linking request to the management server or indirectly sending the linking request to the management server via an external server. The system according to claim 1.
11. The success or failure of authentication for the first and second targets is determined by the management server or an external server. The system according to claim 1.
12. When a usage relationship occurs between the first target and the second target, the first terminal and the second terminal are configured to perform data exchange. The system according to claim 1.
13. The aforementioned data exchange is performed by short-range wireless communication. The system according to claim 12.
14. The first terminal is equipped with a positioning module, The first terminal is, The positioning module of the first terminal measures the current location of the first terminal, The measurement result of the current location of the first terminal is transmitted to the management server. It is further configured in this way, The second terminal is equipped with a positioning module, The aforementioned second terminal is, The positioning module of the second terminal measures the current location of the second terminal, The measurement result of the current location of the second terminal is transmitted to the management server. It is further configured in this way, The aforementioned management server After establishing the correspondence between the first object and the second object, the measurement results of the current locations of the first and second terminals are received from the first and second terminals. The system determines in real time whether the measurement results of the current location of the first terminal and the second terminal received satisfy the conditions of the usage relationship. If the measurement results of the current locations of the first terminal and the second terminal satisfy the conditions of the usage relationship, the correspondence between the first target and the second target is maintained; otherwise, the correspondence is terminated. It is further constructed in such a way. The system according to claim 1.
15. When a usage relationship is established between the first target and the second target, a correspondence relationship is set between the first target and the second target based on a linking request transmitted from at least one of the first terminal of the first target and the second terminal of the second target. A control unit configured to perform the following actions: Setting up the aforementioned correspondence relationship means If the specified conditions are not met, To obtain the certification results for both the first and second targets, and Based on the acquired authentication results for the first and second objects, a correspondence relationship is established between the first and second objects depending on whether the authentication of both the first and second objects is successful, and When the aforementioned predetermined conditions are met, Obtaining the authentication result for the other target while omitting the authentication for either the first target or the second target, and In the acquired authentication result, a correspondence relationship is established between the first target and the second target depending on whether the authentication of the other target is successful. Composed of, Management server.
16. The first subject mentioned above is the user, The second object is the item used by the user, The aforementioned predetermined conditions include the fact that the item is an item used repeatedly by the user on a regular basis. The management server according to claim 15.
17. The aforementioned predetermined conditions include having previously established a correspondence relationship for the same combination of the first object and the second object, and at least one of the types of the first object and the second object being a specific type. The management server according to claim 15.
18. When a usage relationship is established between the first target and the second target, a correspondence relationship is set between the first target and the second target based on a linking request transmitted from at least one of the first terminal of the first target and the second terminal of the second target. A control unit configured to perform the following actions: Setting up the aforementioned correspondence relationship means If the specified conditions are not met, To obtain the authentication result for at least one of the first and second targets, and In the acquired authentication result, a correspondence between the first object and the second object is established depending on whether authentication is successful, and When the aforementioned predetermined conditions are met, authentication of both the first and second targets is omitted, and a correspondence between the first and second targets is established in response to the receipt of the linking request. Composed of, Management server.
19. For the first target device, When a usage relationship occurs between the first target and the second target, the following actions are performed: sending a linking request to the management server, sending the linking request jointly with the second terminal of the second target, or causing the second terminal to send the linking request, thereby causing the management server to set up a correspondence relationship between the first target and the second target. A program to execute, If the specified conditions are not met, The aforementioned linking request includes authentication requests for the first and second targets, Setting up the correspondence between the first object and the second object is configured by setting up the correspondence between the first object and the second object in accordance with the fact that the authentication of both the first object and the second object performed based on the authentication request has been successful. If the aforementioned predetermined conditions are met, The authentication request for either the first or second target is omitted, and the linking request includes the authentication request for the other target. Setting up the correspondence between the first object and the second object is configured by setting up the correspondence between the first object and the second object in accordance with whether the authentication of the other object performed based on the authentication request has been successful. program.
20. For the first target device, When a usage relationship occurs between the first target and the second target, the following actions are performed: sending a linking request to the management server, sending the linking request jointly with the second terminal of the second target, or causing the second terminal to send the linking request, thereby causing the management server to set up a correspondence relationship between the first target and the second target. A program to execute, If the specified conditions are not met, The aforementioned linking request includes an authentication request for at least one of the first and second targets, Setting up the correspondence between the first object and the second object is configured by setting up the correspondence between the first object and the second object in accordance with the fact that authentication of at least one of the first object and the second object performed based on the authentication request has been established. If the aforementioned predetermined conditions are met, The authentication requests for both the first and second targets are omitted from the linking request. Setting up the correspondence between the first object and the second object is performed by setting up the correspondence between the first object and the second object in response to receiving the linking request. program.