JP2003242114A - Service providing system, and password notifying method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a service providing system for a user to be able to instantaneously get a password by a simple operation when the user forgot the password. <P>SOLUTION: A mail server 42 receives a dummy mail from a user (portable terminal 21) indicating that the user forgot the password. The mail server 42 determines if it was sent from a user terminal of which mail address cannot be changed by the user, and searches a data base 43 based on the mail address to identify the user. It sends a mail describing the password registered previously to the user. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a service providing system for providing a service on the Internet, and more particularly, to a service providing system that requires a user to input a password when using the service, and a password forgotten. The present invention relates to a password notification method that sometimes notifies a user of a password.

[0002]

2. Description of the Related Art With the spread of the Internet, service providers (arbitrary providers such as companies, organizations and individuals) have come to provide various services on the Internet. FIG. 9 is a schematic configuration diagram showing a general service providing system. In FIG. 9, the user terminal 1 is connected to the mail server 2 by the Internet 100 or the dedicated network 3. The service provider's server (hereinafter referred to as service providing server) 4 is the Internet 1
Connected to 00.

The user terminal 1 uses the mail server 2 via the Internet 100 or the dedicated network 3 to send and receive electronic mail (hereinafter simply referred to as mail). The service providing server 4 has the functions of a web server, a mail server, and a database server, and the service providing server 4 has a website for providing services. In order for the user to receive the service provided by the service provider, in advance to the service provider,
Register personal information including user's email address and password. Then, when receiving the service, by inputting the password into the website built in the service providing server 4, the service via the website becomes available.

A service providing system made available only to users (members) registered by this kind of password management is a system for notifying a user of a password in case the user forgets the password (password notification system). ) Is provided. FIG. 10 is a first example of a conventional password notification system and conceptually shows an interaction between a user and a service provider. In FIG. 10, when the user 5 forgets the password and wants to be notified of the password, all or part of the service provider 6 except the password of the registered personal information necessary for identifying the user 5 is emailed. Alternatively, notification is made on the web (step S1).

In response to the notification from the user 5, the service provider 6 checks the content of the notification by a person, searches for a member and investigates the password, and sends it by mail or mail to the registered address of the user 5. Notify the password (step S2). The password notification from the service provider 6 in step S2 generally requires one to several days from the notification from the user 5 in step S1 that the password notification is desired.

FIG. 11 is a second example of the conventional password notification system and conceptually shows the interaction between the user and the service provider. In FIG. 10, the notification of the password is processed by a person, while in FIG. 11, the server of the service provider automatically processes it. In FIG. 11, the user 7 prepares for forgetting the password,
In advance, together with the personal information necessary for member registration, a problem (question matter) at the time of password inquiry and its answer are notified (step S11). The server of the service provider 8 registers the question at the time of password inquiry and the answer as a part of the personal information.

When the user 7 forgets the password and wishes to be notified of the password, all or part of the registered personal information required for identifying the user 5 except the password for the service provider 8 can be found on the Web. The user is notified (step S12) and the problem set by the user 7 is displayed on the web (step S13). The user 7 sends an answer to the displayed question on the web (step S1).
4). The service provider 8 collates with an answer registered in advance, and if the transmitted answer matches the registered answer, immediately notifies the password on the web (step S15).

[0008]

In the conventional password notification system described above, in the first example shown in FIG. 10, after the user 5 forgets the password and wishes to be notified of the password, the service provider 6 is actually notified. Takes a considerable time to notify the password, and there is a problem that it is inconvenient for the user 5. There is also a problem in that the work of inputting character information is complicated.

On the other hand, the second example shown in FIG. 11 has a problem in that the work of inputting more character information than in the first example shown in FIG. 10 is complicated. In particular,
When the second example shown in 1 is carried out by a mobile phone compatible with the Internet connection service (for example, i-mode of NTT DoCoMo, Inc .: a registered trademark of the same company), inputting of character information is performed. Is very time consuming. Moreover, since the problem and the answer at the time of password inquiry are based on user management, there is a possibility of forgetting the problem and the answer at password inquiry.

The present invention has been made in view of the above problems, and provides a service providing system and a password notifying method by which the user can immediately obtain the password by a simple operation when the user forgets the password. The purpose is to provide.

[0011]

In order to solve the above-mentioned problems of the prior art, the present invention provides (1) at least a mail address of a user in advance to a service provider who provides a predetermined service on the Internet. And a password necessary for using the service are registered, and the service provider inputs the password to a page of a website provided by the service provider via the Internet. In a service providing system for providing a service, a mail receiving unit that receives a mail from the user indicating that the user has forgotten the password, and the mail received by the mail receiving unit change a mail address by the user. Is it sent from a user terminal that cannot And discriminating means for discriminating which, based on at least a portion of the source mail address the mail receiving means is included in the mail received, and user identification means for identifying the user, by said determining means,
When it is determined that the mail received by the mail receiving means is sent from a user terminal whose user cannot change the mail address, and the user is specified by the user specifying means,
A service providing system is provided, which is configured to include a mail sending unit that sends a mail specifying the password to the user specified by the user specifying unit, and (2) provides a predetermined service on the Internet. To a service provider who provides the service, at least the user's email address and a password required for using the service are registered in advance, and the page is provided on the website provided by the service provider via the Internet. In a password notification method used in a service providing system in which the service provider provides the service to the user by inputting the password, an email from the user indicating that the user has forgotten the password is received. Email reception step and reception of the email A step of determining whether the email received at the step is sent from a user terminal whose user's email address cannot be changed, and a step of determining whether the email is included in the email received at the email receiving step. In the user specifying step of specifying the user based on at least a part of the sender's mail address, and in the determining step, the mail received by the mail receiving means changes the mail address by the user. When it is determined that the password is transmitted from a user terminal that cannot perform the authentication, and the user is identified in the user identification step, an email in which the password is specified to the user identified in the user identification step And a step of sending an email to send a password It is to provide a method.

[0012]

BEST MODE FOR CARRYING OUT THE INVENTION A service providing system and a password notifying method according to the present invention will be described below with reference to the accompanying drawings. FIG. 1 is a block diagram showing the overall configuration of the service providing system of the present invention, FIG. 2 is a block diagram for explaining the mechanism of mail transmission / reception, and FIG. 3 is a diagram showing an example of a service using the service providing system of the present invention. 4, FIG. 4 is a diagram for explaining a password notification method by the service providing system of the present invention, FIGS. 5 and 6 are flowcharts for explaining a password notification method by the service providing system of the present invention, and FIGS. 7 and 8 are It is a figure which shows an example of the content of an email.

First, the mechanism for sending and receiving mail will be described with reference to FIG. In FIG. 2, (A) is a schematic configuration diagram showing a mail transmission / reception system, and (B) shows data in each block of (A). In FIG. 2, when the sending client terminal 11 sends a mail to the receiving client terminal 14, the sending client terminal 11 sends S to the nearest mail server 12 designated to request mail delivery.
Send mail by MTP protocol. The transmission client terminal 11 is the same as the user terminal 1 in FIG.

The mail server 12, which has received the distribution request, searches for the mail server 13 used by the receiving client terminal 14 and transfers the mail to the mail server 13 via the Internet 100 by the SMTP protocol. This completes the mail delivery process. The receiving client terminal 14 performs a work for taking out the mail to the mail server 13 by the POP3 protocol. As described above, the mail is transmitted from the sending client terminal 11 to the receiving client terminal 14.

By the way, client terminals such as the sending client terminal 11 and the receiving client terminal 14 are
It is equipped with mail client software called MUA (Mail User Agent). The sending client terminal 11 includes the MUA 11a, and the receiving client terminal 14 includes the MUA 14a. In addition, mail servers such as the mail servers 12 and 13 are MTA (Mail T
ransfer Agent) is equipped with a mail system, and this mail system transfers and manages mail.
The mail servers 12 and 13 are MTAs 12a and 13 respectively.
a.

To further explain with reference to the example of FIG.
a requests the MTA 12a to deliver the mail, and the MTA 12a
a transfers the mail to the MTA 13a. MTA 13a
Manages the received mail for each destination user managed by the MTA 13a itself, and delivers the mail in response to a request from the MUA 14a.

As shown in FIG. 2B in association with the transmission client terminal 11, the MUA 11a has one blank line M.
A header Mh1 is added to e and the text Mb. As described above, the mail has the structure of the header Mh1, the blank line Me, and the body Mb, which is defined by RFC2822. As shown in association with the mail server 12, the MTA 12a
A header Mh2 is further added to the mail composed of the header Mh1, the blank line Me, and the body Mb and transferred. As shown in association with the mail server 13, the MTA 13a adds a header Mh3 to the mail including the headers Mh1 and Mh2, the blank line Me, and the body Mb, and saves the mail for each client.

In the header Mh1, various kinds of information regarding the mail are written in the format of header field name: value (content). Table 1 shows the header fields that make up the header and is defined by RFC2822.

[0019]

[Table 1]

As shown in Table 1, the header field is
Including Date field, Received field, Message ID (Message-ID) field, From field, To field, Subject field, Cc field, Reference field, Each has the meaning shown in the right column. The header fields are almost all mail clients (MUA1) except for the received fields.
It is added in 1a). Details depend on the type of mail client. Also in the MTAs 12a and 13a, the received fields and the like indicating the route information are included in headers Mh2 and Mh3.
Is added as. The details depend on the type of MTA.

The configuration of the service providing system of the present invention will be described with reference to FIG. In the service providing system of the present invention, the mobile terminal 21 and the service provider 40 shown in FIG. 1 send and receive HTML-format web data (web page), and send and receive e-mail as necessary. First, transmission / reception of mail between the mobile terminal 21 and the service provider 40 will be described. Note that the mechanism for transmitting / receiving the mail between the mobile terminal 21 and the service provider 40 is the same as that described in FIG. The present invention is based on the premise that the mobile terminal 21 in which the user cannot change the mail address (the mail address cannot be falsified by the operation of the mail client) is used as the user terminal.

In FIG. 1, the MUA 21 of the portable terminal 21
The mail sent from a is sent to the network center 30 of the operator of the mobile terminal 21. In the present embodiment shown in FIG. 1, the portable terminal 21 which is a user terminal is, for example, an i-mode of NTT DoCoMo, Inc.
Compatible mobile phone. The mail transmitted from the mobile terminal 21 is sent to the wireless base station 31 in the network center 30 using a protocol unique to the mobile terminal company (NTT DoCoMo, Inc.).

The output of the radio base station 31 is the packet switching network 3
2 is supplied to the protocol conversion gateway 33,
The protocol conversion gateway 33 converts the protocol into TCP / IP which is a protocol on the Internet 100. As shown in FIG. 1, from the mobile terminal 21 to before the protocol conversion in the protocol conversion gateway 33, communication is performed by the protocol unique to the mobile terminal company. TC
The mail converted to P / IP is the Internet 100
To the server 34 connected to. Server 34 is MT
It is equipped with A34a and functions not only as a mail server but also as a server for transmitting and receiving web data.

The mail sent from the mobile terminal 21 is always sent to the above-mentioned wireless base station 31 regardless of which mail server is connected to the Internet 100.
To the server 34. The server 34 sends the mail to the mail server 42 of the service provider 40 to the Internet 1
Forward mail via 00. The mail server 42
The MTA 42a is provided.

On the other hand, when the mail is sent from the service provider 40 to the mobile terminal 21, the mail is sent from the mail server 42 to the mobile terminal 21 via the Internet 100 and the network center 30 in the reverse flow. An email is sent.

Next, the portable terminal 21 and the service provider 40
The transmission and reception of web data to and from will be described. As shown in FIG. 1, the mobile terminal 21 includes a web browser 21b, and a request for a web page from the web browser 21b is issued by the network center 30 and the Internet 10.
It is transmitted to the web server 41 of the service provider 40 via 0. If it is a static web page, static HTML format data is returned from the server software 411 of the web server 41 to the mobile terminal 21 via the Internet 100 and the network center 30.

If the web page requested by the web browser 21b is a dynamic web page, the server software 41
1 activates a CGI program 413 via a CGI (Common Gateway Interface) 412. When there is a variable to be delivered from the web browser 21b to the web server 41, either the POST method or the GET method is used as the delivery method. In the case of the POST method, the CGI program 413 passes the parameters to the server software 411 using the standard input of the OS, and in the case of the GET method passes the parameters to the server software 411 using the environment variables. The dynamic HTML format data formed by the CGI program 413 is supplied to the mobile terminal 21 via the Internet 100 and the network center 30.

The database 43 in the service provider 40 in FIG. 1 registers and stores various data input from the mobile terminal 21. The web server 41, the mail server 42, and the database 43 are connected to each other via the LAN 4
Connected with 4.

An example of a service using the service providing system of FIG. 1 will be described with reference to FIG.
FIG. 3 shows a procedure for registering a new member to receive the service provided by the service provider 40, and shows an example of an operation screen on the mobile terminal 21 of a web page returned by the web server 41 of the service provider 40. ing. Figure 3 (A)
Is the top page D11, and if "new" is clicked, it moves to the next page D12 shown in FIG. 3 (B). If you have already registered as a member, click "Member".
In addition, SONGOKU (Son Goku) displayed on the top page D11 and other pages is a registered trademark of the applicant, and means the online karaoke system operated by the affiliated company of the applicant.

On the page D12, when "Read the consent item" is clicked, the page moves to the next page D13 shown in FIG. 3 (C). On page D13, "I accept"
By clicking, the next page D14 shown in FIG.
Move on to. On page D14, enter the name, e-mail address, password and other information, and click "Next" to move to the next page D15 shown in FIG. 3 (E). When the entered content is confirmed on page D15 and "Register with this content" is clicked, the page moves to the next page D16 shown in FIG. 3 (F). Page D16 is a screen for notifying that the user has been registered as a member.

This registration information is stored in the service provider 4 of FIG.
It is stored in the database 43 in 0. Table 2 is an example of registration information in the database 43.

[0032]

[Table 2]

Next, the operation screen when the user forgets the password will be described with reference to FIG. Figure 4 (A)
Is a top page D21, which is the same as the top page D11 shown in FIG. Since you have already registered as a member in Fig. 3, click "Member"
The page moves to the next page D22 shown in (B). On page D22, if a password is entered, the screen shifts to the screen for providing the service, but if the password is forgotten, click "Forgot password?". Then, the process proceeds to the next page D23 shown in FIG.

On page D23, if "Send dummy mail" is clicked, the next page D shown in FIG.
24, a dummy mail is sent to the service provider 40. Since the screen during mail transmission differs depending on the mobile terminal, FIG. 4D describes the operation of the present embodiment, not the screen during mail transmission. When the transmission of the dummy mail is completed, the process returns to page D23 of FIG. Upon receiving the dummy mail, the service provider 40 searches the user who sent the dummy mail and checks the password of the user. Then, as shown in FIG. 4 (E), an email in which the password is specified is transmitted to the user. Service provider 40 when receiving the dummy mail
The processing in step will be described later in detail.

The process flow of FIG. 4 is shown in FIG. In FIG. 5, the user
Click the link to activate the mail client (Fig. 4 (C)). Mail client (MU of mobile terminal 21
A21a) launches a new mail in which the address of the service provider 40 is entered in the destination. Therefore, in step S22, the user directly performs the send operation to send the mail to the mail server 42 of the service provider 40. Figure 4
(D)). Up to this point, the user has only operated the menu and not the operation of inputting characters. The address of the service provider 40 is automatically input to the destination of the new mail because it is already included in the link described in HTML.

In the service provider 40, the mail server 42 receives the mail from the user in step S23. In step S24, the mail server 42 checks the contents of the mail as described below, and if it is determined that the password may be notified, the mail server 42 searches the sender mail address in the database 43, and the user who is the sender. Send an e-mail with the password specified to. And the user
In step S25, the mail with the specified password is received (FIG. 4 (E)).

FIG. 7 shows the contents of the dummy mail transmitted from the server 34 of the network center 30 as a result of the user operation shown in FIGS. 4 (C) and 4 (D). FIG. 8 shows the contents of the dummy mail processed by the MTA 42a of the service provider 40 mail server 42. Lists L7 to L1 in FIG.
4 corresponds to the same list number in FIG. Figure 7
Is the MUA 21a of the mobile terminal 21 and the MT of the server 34
8 is a header field added in A34a, and the lists L1 to L6 in FIG. 8 are header fields added in the MTA 42a of the mail server 42. The dummy email is
As can be seen from the subject field of the list L9, it does not include the title, and originally does not include the body Mb after the list L14 in FIG.

The processing at the service provider 40 in step S24 of FIG. 5 will be specifically described with reference to FIG. In FIG. 6, the MTA 42 a of the mail server 42
Receives a dummy mail in step S241.
The mail server 42 confirms the contents of the received field which is the list L4 shown in FIG. 8 in the header field of the mail received and processed by the MTA 42a. In particular,
In step S242, it is determined whether the IP address described in the received field belongs to a specific mobile terminal company, that is, the server 34 of the network center 30 of NTT Docomo, Inc. in this embodiment. Check.

I of the server 34 of the network center 30
The P address band is disclosed by NTT Docomo, Inc. and is as follows. FOMA i-mode FOMA is a registered trademark of the same company. i-mode: 210.153.84.0/24 i-mode: 210.136.161.0/24 FOMA i-mode: 203.138.45.0/24 where 0/24 means 1 to 255, for example, IP address band 210.153.84.0 / 24 is 210.153.84.1 to 210.15
It means an IP address up to 3.84.255.

If the IP address described in the Received field is included in the IP address band, it can be determined that the received mail is from the mobile terminal 21. The domain name may be confirmed along with the IP address.

If the IP address does not belong to a specific mobile terminal company in step S242, step S243.
Then, the process ends without processing. In step S242, the IP
If the address belongs to a specific mobile terminal company, the process proceeds to step S244. The mail server 42, step S2
At 44, the user registered with the mail address matching the mail address described in the From field that is the list L1 or L7 of the mail received and processed by the MTA 42a exists in the registration information shown in Table 2 in the database 43. To find out. Since the domain name is omitted in the email address of the registration information shown in Table 2, the search is performed by the part excluding the domain name. Even if the domain name is included in the registration, it is sufficient to search the part excluding the domain name.

If the mail address described in the From field does not exist in the registration information in the database 43 in step S244, in step S255.
Exit without processing. In step S244, if the user registered with the mail address described in the From field exists in the registration information in the database 43, the process proceeds to step S256. In step S256, the mail server 42 sends a mail in which the password of the user is written to the registered mail address (that is, the member who has sent the dummy mail).

As described above, according to the present invention, in the service providing system using the user terminal in which the user cannot change the mail address (the mail address cannot be falsified by the operation of the mail client), the user can When the password is forgotten, the user can receive the password simply by sending a dummy email. Unlike the conventional example, the present invention eliminates the need for user management, which is extremely convenient for the user.

According to the present invention, the mail server used by the user is limited, and if the IP address band is open to the public, or if the user terminal uses the mail server that can be provided upon request,・ Ti ・ Ti ・
It can also be applied to mobile phones other than DoCoMo. For example, the present invention is also applicable to EZweb (registered trademark) services provided by au / KDDI or TU-KA.

[0045]

As described in detail above, the service providing system and the password notification method of the present invention receive a mail from the user indicating that the user has forgotten the password, and this mail is sent to the mail address by the user. It is determined whether the email was sent from a user terminal that cannot be changed, and the user is identified based on at least part of the email address of the sender included in this email. When it is determined that the email was sent from a user terminal whose email address cannot be changed, and when the user is identified, an email specifying the password registered in advance is sent to the identified user. With this configuration, when the user forgets the password, the user can immediately enter the password with a simple operation. It is possible to obtain.

[Brief description of drawings]

FIG. 1 is a block diagram showing an overall configuration of a service providing system of the present invention.

FIG. 2 is a block diagram for explaining a mechanism for sending and receiving a mail.

FIG. 3 is a diagram showing an example of a service using the service providing system of the present invention.

FIG. 4 is a diagram illustrating a password notification method according to the present invention.

FIG. 5 is a flowchart illustrating a password notification method according to the present invention.

FIG. 6 is a flowchart illustrating a password notification method according to the present invention.

FIG. 7 is a diagram showing an example of contents of a mail.

FIG. 8 is a diagram showing an example of contents of a mail.

FIG. 9 is a schematic configuration diagram showing a general service providing system.

FIG. 10 is a conceptual diagram showing a first example of a conventional password notification system.

FIG. 11 is a conceptual diagram showing a second example of a conventional password notification system.

[Explanation of symbols]

21 Mobile terminal (user terminal) 21a MUA 21b Web browser 30 network centers 34 servers 34a, 42a MTA 40 service providers 41 Web server 42 mail server 43 database 100 Internet

Claims (6)

[Claims] 1. A service provider who provides a predetermined service on the Internet, in advance, registers at least a user's mail address and a password required for using the service, and the service provider uses the Internet. In the service providing system in which the service provider provides the service to the user by inputting the password on a page of a website provided via, from the user indicating that the user has forgotten the password. Email receiving means for receiving the email, determining means for determining whether the email received by the email receiving means is sent from a user terminal whose user's email address cannot be changed, and the email Included in the email received by the receiving means The user specifying means for specifying the user based on at least a part of the sender's mail address, and the mail received by the mail receiving means by the judging means may be changed by the user. When it is determined that the password is transmitted from the user terminal that cannot be transmitted, and when the user is identified by the user identifying unit, an email in which the password is specified is transmitted to the user identified by the user identifying unit. A service providing system characterized by comprising a mail transmitting means. 2. The service providing system according to claim 1, wherein the mail is a dummy mail that does not include a text. 3. The determination means is transmitted from a user terminal whose user cannot change the mail address based on the IP address indicated by the received field included in the header part of the mail. The service providing system according to claim 1, wherein it is determined whether or not there is. 4. A service provider who provides a predetermined service on the Internet, in advance, registers at least a user's mail address and a password required for using the service, and the service provider uses the Internet. In a password notification method used in a service providing system in which the service provider provides the service to the user by inputting the password on a page of a website provided through, the user forgets the password. And an email receiving step of receiving an email from the user, and determining whether the email received in the email receiving step is sent from a user terminal whose email address cannot be changed by the user. A determination step, and In the user identification step of identifying the user based on at least a part of the sender's email address included in the email received in the reception step, and in the determination step, the email reception means receives the email. When it is determined that the email is sent from a user terminal whose email address cannot be changed by the user, and the user is identified in the user identifying step, the email is identified in the user identifying step. And a mail sending step of sending a mail in which the password is specified to the user. 5. The password notification method according to claim 4, wherein the mail is a dummy mail that does not include a text. 6. The determination step is transmitted from a user terminal whose user cannot change the mail address based on the IP address indicated by the received field included in the header of the mail. The password notification method according to claim 4, wherein it is determined whether or not there is.