1. Field of the Invention
The present invention relates to a service system using a network and more particularly, it relates to a method for managing a user identifier in a network service system where a plurality of services is cooperatively provided to a user.
2. Description of the Related Art
The present invention targets a field where a plurality of services are cooperatively provided to a user or a field where diverse services are provided by individually dividing among different providers or by cooperating with each other. Specific examples include a service called a ubiquitous service, etc. As such a service, there is network service business which provides a service by embedding a function existing on every daily life scene, for example, a terminal, etc. into a portion of a service via a network function. This business is fundamentally different from business such that a service is received by carrying an existing mobile function such as a notebook computer.
An existing network service typified by a cellular phone has features (restrictions) firstly that a service originating device and an accepting device are the same, secondly that a user must carry an appliance such as a cellular phone, a notebook computer, etc., which are prepared by the user by being purchased, in order to receive a service.
In the meantime, an idea called ubiquitous computing has been proposed since the latter half of the '80s and has attracted attention in recent years. Since the feature of ubiquitous computing is diversely interpreted by many persons at present there is no unique definition. As one interpretation, a system assisting diverse daily target actions by using a function (computer, etc.) existing on the scene is considered.
In the meantime, in a current mobile service, functions of portable terminals have been improving at an accelerating pace. However, their operations become complex and the prices of the terminals increase due to the sophisticated functions in addition to the physical limitations of the terminals (such as the size and weight of a main body or a display device). Therefore, functions which are not used or cannot be used by most of general users are installed in many cases. In the meantime, the ubiquitous service is characterized in that a function (device) existing on the scene is tentatively used and a user need not possess a function (such as a notebook computer) for achieving an object.
In addition, in respect of an existing network system, the function (acceptance point) of a service is a user terminal itself if it is viewed from the user terminal. Therefore, a sufficient technique for temporarily using an appliance without use right or possession right, namely, a technique for connecting appliances that are managed by the different providers while hiding the privacies of providers and users is demanded.
The achievement of the above described object requires a method for permitting the possessor (contractor) of a portable terminal to use a device (a display device, etc., available to the pubic) the property right of which is not directly owned by the possessor and which is managed by a third person, etc. At this time, when a service is configured via a plurality of providers, personal information about the contractor of the terminal starting the service is held and managed by a provider (such as a network connecting provider) that directly makes a contract with the user of the terminal. Therefore, it is difficult to pass this personal information to an external provider without the permission of the contactor (mainly due to the memorandum of contract). Besides, it is sufficient for a provider that manages a device of the terminal responsible for the above described service to receive only an instruction of operations. Accordingly, it is assumed that the personal information of a terminal user who starts the service is not always required.
In the above described network service system, how to restrict the personal information to be shared and propagated among providers in the personal information of a user who starts a service must be controlled regardless of how much a provider terminating the service requires the personal information of the user. In recent years, also a mechanism with which providers having diverse roles divide a function to configure a service has been proposed. With such a mechanism, however, there is a problem that a privacy control among providers, namely, a technique for hiding information, which is intended to make an individual unidentifiable, does not exist.
Generally, a basic method for identifying an individual on a network or a computer is to assign an identifier to each individual. However, if a common identifier is used among providers, the personal information of a contractor can possibly propagate up to a provider to whom the contractor does not want to disclose his or her personal information. Accordingly, a technique with which each provider defines and manages a specific identifier system for a user targeted by each provider, the identifier of a user who starts a service is hidden among individual providers connected with and the user who starts the service cannot be traced from execution information of the service is required.
The following documents describe conventional techniques for securing the safety of a communication or for managing personal information in a communication system or a service system.
[Patent Document 1] Japanese Unexamined Patent Application Publication No. 6-85811 “Method and System for Enabling Communications via Switch Network, Method Providing Safety Function to Safety Node and Switch Network, Method for Processing Encrypted Communications and Method for Providing Safety Communications”
[Patent Document 2] Japanese Unexamined Patent Application Publication No. 2003-345724 “Information Management Method, Information Management System, Server, Terminal and Information Management Program”
[Patent Document 3] Japanese Unexamined Patent Application Publication No. 7-170256 “Method for Authenticating Communication Partner and Encrypted Communication Device Using this Method”
[Patent Document 4] Japanese Unexamined Patent Application Publication No. 2002-268950 “Information Management System, Information Management Method, Information Processing Device, Information Processing Method and Program”
[Patent Document 5] Japanese Unexamined Patent Application Publication No. 2003-178022 “Identification Information Issuing Device and Method, Storage Medium stored Identification Information Issuing Program, Identification Information Issuing Program, Information Processing Device and Method, Storage Medium stored Information Processing Program and Information Processing Program”
[Patent Document 6] U.S. Pat. No. 5,790,667 “Personal Authentication Method”
Patent Document 1 discloses a method for providing a safety communication by arranging a safety node which converts information encrypted in one format into information encrypted in another format or non-encrypted information and performs reverse conversion, in an electric communication network.
Patent Document 2 discloses an information managing method for making an inquiry to a person who receives a service, for classifying persons who receive services into groups, for protecting the privacies of the persons who receive the services as much as possible and for properly coping with changes in the circumstances of the persons who receive the services.
Patent Document 3 discloses a method for safely authenticating a communication partner by transmitting information prepared using the encryption key distributed from a center.
Patent document 4 discloses an information management system for protecting the privacy of a client by registering the client's information as a secret identifier that changes as time passes and by disclosing this secret identifier only to a specific retrieval client.
Patent document 5 discloses an identifier information issuing method for specifying a user by a service provider without using information such as appliance ID by using the ID for SP that is prepared by a management server, thereby reducing the burden of a service provider.
Patent document 6 discloses a method for authenticating information regarding an authenticated person transmitted from an authenticated station while the first and second authenticating stations cooperate with each other.
With such conventional techniques, however, there is a problem such that it is impossible to hide personal information, especially, a user identifier and to make a user unidentifiable from execution information of a service when a plurality of services cooperatively implements operations. In addition, there is a problem that there is no way to prevent the damage from spreading, thereby protecting the security of user in the case where user information leaks.