Recently, there are an increasing number of configurations in which multiple sets of information held by multiple business operators are combined to provide a new service on the Internet. This configuration is generally called a mashup service.
Further, a single sign-on has become widespread which allows a user to perform logon processing only once to use services offered by a plurality of business operators. The single sign-on mechanism performs association (ID federation) of user IDs owned by different business operators, to thereby allow each business operator to verify the identity of the user who is the owner of the user information (personal information) provided to the business operator.
It is conceivable to implement a mashup service with high added value by utilizing the user information that the users have provided to the business operators as described above. In the case of implementing such a mashup service, a person who wishes to provide the mashup service may acquire user information from various business operators who have already provided services to the users and utilize the acquired user information. An example of such acquisition and utilization of user information is proposed in SAML (Security Assertion Markup Language) developed by a standards organization called OASIS (Organization for the Advancement of Structured Information Standards) (see Non Patent Literature (NPL) 1). In SAML, it is proposed, in the specification called NameIDMapping, to acquire encrypted user IDs from the business operators who hold user information, and use the encrypted user IDs to acquire the user information for utilization.
Further, the single sign-on systems are described in Patent Literatures (PTLs) 1 to 3, and so on. For example, PTL 1 describes an authentication information database in which user identification information, authentication information corresponding to the systems operated by different business operators, and single sign-on IDs as required, are stored in association with each other.
PTLs 2 and 3 also describe the systems utilizing single sign-on.
Further, PTL 4 describes a business model in which a reception site of user information is provided for each business operator (shop) in a particular regional shopping area, and a distributor centrally manages the collected user information (including mail addresses), adjusts the distribution information for the respective business operators to an appropriate quality and amount, and transmits the information to the user terminals during optimal time zones.