JP6113680B2 - Authority management apparatus, authority management method, and authority management program - Google Patents

Description

  The present invention relates to an authority management device, an authority management method, and an authority management program.

  The user uses the right provided by the service providing entity at the facility. For example, a user carries various cards such as a credit card provided by a credit company or a point card provided from a store that provides a point service, and the card is taken out at the store to pay by credit or use points. Exercise the right according to the card. However, there are cases where a user is impersonated by another person and exercises his rights. For example, when a user exercises his / her rights using a card, there is a risk of carrying the card and losing the card or impersonating the lost card by improper use.

  Therefore, for example, as a technology to prevent unauthorized use of a lost card, use a cash card with an ATM (automated teller machine) by inquiring the bank server by e-mail and unlocking it before use. The prior art which enables this is proposed (for example, patent document 1).

JP 2007-12009 A

  However, according to the prior art, a lock release system must be constructed for each type of card, and a store needs to correspond to each system. In addition, the user must remember and manage the unlock rules for each card individually. That is, conventionally, in order to suppress unauthorized use of rights, it has been complicated because it is necessary to construct a lock release system for each right to be managed, and for the user to learn each lock release rule.

  The present application has been made in view of the above, and an object thereof is to provide an authority management device, an authority management method, and an authority management program that can improve user convenience while suppressing unauthorized use of rights. And

  The authority management apparatus according to the present application includes a registration receiving unit that receives registration of right information regarding a right to use a service provided by a service provider at a facility, and a right to use the right that has been registered by the registration receiving unit. Is stored in use authority information as an invalid state, instruction accepting means for accepting an instruction to activate the right to exercise from a user exercising the right to the facility, and the use accepting is validated by the instruction accepting means. Providing means for providing the user with code information associated with the instructed right, and the use authority stored in the use authority information of the right instructed to enable the use authority by the instruction receiving means for a predetermined period When the code information is received from a change means that changes the data effectively and the facility device provided in the facility, the code information is associated with the code information and used. Based on the usage rights stored rights authority information, and having a notification means for notifying the presence or absence of use authority to the facility device.

  The authority management apparatus according to the present application can improve user convenience while suppressing unauthorized use of rights.

FIG. 1 is a diagram schematically illustrating a configuration of a system according to the first embodiment. FIG. 2 is a diagram illustrating an example of a functional configuration of the authority management apparatus according to the first embodiment. FIG. 3 is a diagram illustrating an example of a data configuration of the user information table according to the first embodiment. FIG. 4 is a diagram illustrating an example of a data configuration of right information according to the first embodiment. FIG. 5 is a diagram illustrating an example of a data configuration of provided code information according to the first embodiment. FIG. 6 is a diagram illustrating an example of a functional configuration of the user terminal according to the first embodiment. FIG. 7 is a diagram illustrating an example of a functional configuration of the store apparatus according to the first embodiment. FIG. 8 is a sequence diagram showing a flow of registering a card for managing use authority. FIG. 9 is a sequence diagram showing a flow of issuing a ticket for confirming the card use authority. FIG. 10 is a sequence diagram showing a flow of confirming the card use authority. FIG. 11 is a flowchart showing the procedure of the registration process. FIG. 12 is a flowchart showing the procedure of the ticket providing process. FIG. 13 is a flowchart showing the procedure of authority change processing. FIG. 14 is a flowchart illustrating the procedure of the notification process. FIG. 15 is a diagram illustrating an example of the activation instruction screen. FIG. 16 is a diagram for explaining intermediate numbers.

  Hereinafter, a mode for executing a right management apparatus, a right management method, and a right management program according to the present invention (hereinafter referred to as “embodiment”) will be described in detail with reference to the drawings. In addition, this invention is not limited by this embodiment. And each embodiment can be suitably combined in the range which does not contradict a processing content. In the following description, a store is taken as an example of a facility, and a case where a right according to a card is exercised as a right provided from a service providing entity will be described as an example.

(First embodiment)
[1-1. System configuration]
Embodiments will be described. In the embodiment, information about various cards held by each user is registered in the authority management device as the right information about the right, and when the user exercises the card right, the authority of the card is obtained from the authority management device. A system will be described in which code information for confirmation is acquired, and the store confirms the authority of the card based on the code information. FIG. 1 is a diagram schematically illustrating a configuration of a system according to the first embodiment. As illustrated in FIG. 1, the system 10 includes a user terminal 11, a store apparatus 12, and an authority management apparatus 13. The user terminal 11 and the authority management device 13, and the store apparatus 12 and the authority management device 13 are communicably connected via a network (not shown). As an aspect of such a network, there is an arbitrary communication network such as the Internet (Internet), a LAN (Local Area Network), a VPN (Virtual Private Network), a mobile communication network, regardless of wired or wireless. In the example of FIG. 1, the user terminal 11 and the authority management device 13, and the store apparatus 12 and the authority management device 13 are connected by a solid line to indicate an online state, and the user terminal 11 and the store apparatus 12 are connected by a broken line. Indicates that it is offline. In the example of FIG. 1, the system 10 is illustrated as having one user terminal 11 and one store apparatus 12, but the disclosed system is not limited to this, and the user terminal 11 and the store apparatus 12 are arbitrarily connected. Can be a number. Further, the system 10 may include a plurality of authority management devices 13.

  The user terminal 11 is a terminal device held by the user. For example, the user terminal 11 is a desktop PC (Personal Computer), a tablet PC, a notebook PC, a mobile phone, a smartphone, a PDA (Personal Digital Assistant), or the like.

  The store apparatus 12 is an apparatus that provides a service according to the rights granted to the user by the service providing entity. For example, the store apparatus 12 is an apparatus disposed in a store that provides a service using a card, and is, for example, a POS (Point Of Sales) terminal that performs transaction processing of the store. The store apparatus 12 may be an information processing apparatus such as a desktop PC, a tablet PC, or a notebook PC. Examples of services using a card include payment by credit, provision of points and use of points, provision of incentives such as price discounts, provision of benefits such as goods and special information. The user presents the card and requests the store to exercise the right according to the card. In the store, when the exercise of the right according to the card is requested, the authority management device 13 is inquired to confirm the authority of the card. When the card is usable, the service corresponding to the card is provided. For example, when the user presents a point card and requests the use of the accumulated points, the store confirms the authority of the card, and if the card can be used, the amount corresponding to the accumulated points is the amount of the product Subtract from the account.

  The authority management apparatus 13 is an information processing apparatus such as a server computer that accepts registration of rights information related to rights from a user and manages use rights of the rights for which registration of rights information is accepted. For example, the authority management device 13 accepts registration of various information related to cards from the user, and manages the authority to use the registered cards. In addition, the authority management device 13 receives an instruction to activate the right to exercise from the user. Upon receiving an instruction to activate the right to be exercised from the user, the authority management apparatus 13 is instructed to validate the use authority, changes the use authority of the right to be valid for a predetermined period, and changes the right to be instructed to activate. The associated code information is provided to the user. For example, the authority management device 13 receives an instruction from the user to activate the authority to use the card that exercises the right. When the authority management device 13 receives the instruction to validate the card usage authority, the authority management apparatus 13 is instructed to validate the usage authority, changes the card usage authority to valid for a predetermined period, and stores the code information associated with the card. Provide to users. Hereinafter, in this embodiment, the code information is also referred to as “ticket”. When receiving the code information, the authority management device 13 notifies the presence / absence of the use authority based on the use authority of the right associated with the code information. For example, when receiving a ticket from the store apparatus 12 installed in the store, the authority management apparatus 13 notifies the store apparatus 12 of the presence / absence of the card use authority.

[1-2. Configuration of authority management device, store device, and user terminal]
Next, the user terminal 11, the store apparatus 12, and the authority management apparatus 13 according to the first embodiment will be described in more detail. First, the configuration of the authority management device 13 will be described. FIG. 2 is a diagram illustrating an example of a functional configuration of the authority management apparatus according to the first embodiment.

  As illustrated in FIG. 2, the authority management device 13 includes a communication I / F (interface) unit 20, a storage unit 21, and a control unit 22.

  The communication I / F unit 20 is an interface such as a NIC (Network Interface Card). The communication I / F unit 20 transmits / receives various data to / from other devices via a network (not shown). For example, the communication I / F unit 20 transmits data of various screens such as a login screen, a card registration screen, and an activation instruction screen for instructing a card for validating the use authority to the user terminal 11. Receives various operation information for the screen. Further, the communication I / F unit 20 transmits a ticket used for confirming the authority to use the card to the user terminal 11. Further, the communication I / F unit 20 receives the ticket from the store apparatus 12 and transmits the presence / absence of the authority to use the card associated with the ticket to the store apparatus 12 that is the ticket transmission source.

  The storage unit 21 is a device that stores various types of information. For example, examples of the storage unit 21 include semiconductor memory devices such as a RAM (Random Access Memory) and a flash memory, and storage devices such as a hard disk and an optical disk.

  The storage unit 21 stores an OS (Operating System) executed by the control unit 22 and various programs. Furthermore, the storage unit 21 stores various information. For example, the storage unit 21 stores a user information table 30, right information 31, provided code information 32, and security policy information 33.

  The user information table 30 is a table that stores information about users who use the system 10. For example, the user information table 30 stores the user ID (identification), password, name, and address of the user. FIG. 3 is a diagram illustrating an example of a data configuration of the user information table according to the first embodiment. The user information table 30 shown in FIG. 3 is provided with areas for storing a user ID, password, name, and address, and information is stored in each area for each user.

  The rights information 31 is data that stores information about rights to be managed. For example, the rights information 31 stores information about registered cards as information about rights. For example, the right information 31 stores the user ID of the user who registered the card, the card identification information, and the card use authority in association with each other. The card records unique ID information such as an identification number, a user membership number, and a credit card number for each service provided. As the card identification information, for example, ID information recorded on the card is used. FIG. 4 is a diagram illustrating an example of a data configuration of right information according to the first embodiment. In the right information 31 shown in FIG. 4, information indicating a user ID, ID information, type, and usage authority is stored. For example, in the example of FIG. 4, for the user ID “0001”, the ID information “XXXXA” is registered and the usage authority is “invalid”.

  The provided code information 32 is data storing information related to the provided ticket. For example, the provided code information 32 stores the user ID of the user who provided the ticket, the ID information of the card that provided the ticket, the provided ticket, and the date and time of provision. FIG. 5 is a diagram illustrating an example of a data configuration of provided code information according to the first embodiment. The provided code information 32 shown in FIG. 5 includes areas for storing a user ID, ID information, a ticket, and a provided date and time, and information is stored in each area for each provided ticket.

  The security policy information 33 is data storing a security policy relating to the card use authority. In the present embodiment, as the security policy information 33, a valid period for validating the usage authority is stored when the user is instructed to validate the card usage authority. For example, by setting 10 minutes in the security policy information 33, the ticket is regarded as valid if it is within 10 minutes from the user instructing the activation of the card use authority.

  The control unit 22 is a device that controls the authority management apparatus 13. For example, as the control unit 22, an electronic circuit such as a CPU (Central Processing Unit) or an MPU (Micro Processing Unit), or an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array) can be employed.

  The control unit 22 has an internal memory for storing programs defining various processing procedures and control data, and executes various processes using these. The control unit 22 functions as various processing units by operating various programs. For example, the control unit 22 includes an authentication unit 40, a registration reception unit 41, an instruction reception unit 42, a generation unit 43, a provision unit 44, a registration unit 45, a change unit 46, a verification unit 47, a notification Part 48.

  The authentication unit 40 performs user authentication when access is requested from the user terminal 11. For example, when access is requested from the user terminal 11, the authentication unit 40 transmits a login screen web page provided with a user ID and password input area to the user terminal 11 and displays the login screen on the user terminal 11. Let Then, when the login unit is instructed to log in from the login screen, the authentication unit 40 has the user ID and password input in the input area of the login screen as the user ID and password of any user stored in the user information table 30. The user is authenticated depending on whether or not they match. If the input user ID and password do not match the user ID and password of any user stored in the user information table 30, the authentication unit 40 notifies the user terminal 11 that the authentication has failed. On the other hand, if the input user ID and password match the user ID and password of any user stored in the user information table 30, the authentication unit 40 registers the card for managing the usage authority. A web page of a selection screen for instructing activation of the use authority of the registered card is transmitted to the user terminal 11 and the selection screen is displayed on the user terminal 11.

  The registration accepting unit 41 accepts registration of various cards used when exercising rights in the store from the user authenticated by the authenticating unit 40. For example, when the registration of the card is selected from the selection screen, the registration receiving unit 41 transmits a web page of a registration screen for registering information regarding the card for managing the use authority to the user terminal 11 and registers it in the user terminal 11. Display the screen. For example, the registration screen is provided with an input area for inputting card ID information and card type, and the card ID information and type can be input. When registration completion is instructed on the registration screen, the registration receiving unit 41 associates the ID information and type of the card input on the registration screen with the user ID of the authenticated user, and disables the card use authority. The data is registered in the right information 31 as follows.

  The instruction receiving unit 42 receives an instruction from the user to validate the right to use the card for exercising the right. For example, when the instruction to activate the card use authority is selected from the selection screen, the instruction receiving unit 42 validates the card use authority stored in the right information 31 in association with the user ID of the authenticated user. The web page of the activation instruction screen for instructing is transmitted to the user terminal 11 and the activation instruction screen is displayed on the user terminal 11. On the activation instruction screen, for example, the ID information and type of the card stored in the right information 31 in association with the user ID of the authenticated user are displayed, and the activation is instructed by selecting each card. It is possible.

  The generation unit 43 generates a ticket associated with a card instructed to validate use authority. For example, when the activation instruction is instructed to activate any card on the activation instruction screen, the generation unit 43 creates a new code according to a predetermined code generation rule determined not to overlap with a ticket generated in the past. Generate a ticket. This ticket may be a code by numbers or letters, or may be a code in which numbers and letters are combined.

  The providing unit 44 provides the user with the ticket generated by the generating unit 43. For example, the providing unit 44 provides the ticket to the user by transmitting ticket data to the user terminal 11 of the user. Note that provision of a ticket is not limited to transmitting ticket data. For example, the providing unit 44 may encode the ticket into a two-dimensional code and transmit the image data of the encoded two-dimensional code image to the user terminal 11. The providing unit 44 may provide the user with the ticket by causing the user terminal 11 to display the ticket numbers and characters.

  The registration unit 45 is associated with the ticket generated by the generation unit 43 and provided by the provision unit 44, and the user ID of the user authenticated by the authentication unit 40, the ID information of the card instructed to be activated, and provision The registered date is registered in the provided code information 32. As a result, the provided code information 32 stores the user ID of the user who provided the ticket, the ID information of the card that provided the ticket, the provided ticket, and the date and time of provision.

  The changing unit 46 effectively changes the use authority of the card instructed to enable the use authority by the instruction receiving unit 42. For example, the changing unit 46 changes the use authority of the right information 31 for the card instructed to enable the use authority by the instruction receiving unit 42 to be valid. Further, the changing unit 46 periodically monitors the ticket provision date and time stored in the provided code information 32, and determines the use authority of the card after the validity period stored in the security policy information 33 from the provision date and time. Change to disabled.

  When the verification unit 47 receives a ticket from the store apparatus 12, the verification unit 47 verifies whether or not the received ticket is appropriate. For example, the verification unit 47 determines whether the received ticket is stored in the provided code information 32. When the received ticket is not registered in the provided code information 32, the verification unit 47 notifies the store apparatus 12 that the ticket is inappropriate.

  The notification unit 48 notifies the presence / absence of the right to use the card. For example, when the received ticket is stored in the provided code information 32, the notification unit 48 obtains the ID information of the card associated with the received ticket from the provided code information 32, and corresponds to the obtained card ID information. Based on the card use authority stored in the right information 31, the presence / absence of the card use authority is specified. Then, the notification unit 48 notifies the store device 12 of data on the authority to use the specified card.

  Next, the configuration of the user terminal 11 will be described. FIG. 6 is a diagram illustrating an example of a functional configuration of the user terminal according to the first embodiment.

  As illustrated in FIG. 6, the user terminal 11 includes an operation input unit 50, a display unit 51, a communication I / F unit 52, a storage unit 53, and a control unit 54.

  The operation input unit 50 is an input device for inputting various types of information. For example, the operation input unit 50 includes an input device such as a mouse or a keyboard. The operation input unit 50 receives input of various operations from the user, and inputs operation information indicating the received operation content to the control unit 54.

  The display unit 51 is a display device that displays various types of information. Examples of the display unit 51 include display devices such as an LCD (Liquid Crystal Display) and a CRT (Cathode Ray Tube). The display unit 51 displays various information. For example, the display unit 51 displays a login screen, a selection screen, a registration screen, an activation instruction screen, and the like.

  The communication I / F unit 52 is an interface such as a NIC. The communication I / F unit 52 transmits / receives various data to / from other devices via the network. For example, the communication I / F unit 52 receives data of various screens such as a login screen, a selection screen, a registration screen, and an activation instruction screen from the authority management device 13, and transmits various operation information on the screen to the authority management device 13. Send. In addition, the communication I / F unit 52 receives a ticket from the authority management device 13.

  The storage unit 53 is a device that stores various types of information. For example, examples of the storage unit 53 include semiconductor memory devices such as RAM and flash memory, and storage devices such as a hard disk and an optical disk.

  The storage unit 53 stores the OS and various programs executed by the control unit 54. Furthermore, the storage unit 53 stores various data. For example, the storage unit 53 stores the ticket 60.

  The control unit 54 is a device that controls the user terminal 11. For example, as the control unit 54, an electronic circuit such as a CPU or MPU, or an integrated circuit such as an ASIC or FPGA can be employed. The control unit 54 has an internal memory for storing programs defining various processing procedures and control data, and executes various processes using these. The control unit 54 functions as various processing units by operating various programs. For example, the control unit 54 includes an access control unit 70, a storage unit 71, and a presentation unit 72.

  The access control unit 70 requests access to the authority management device 13 when a predetermined operation for instructing the operation input unit 50 to access the authority management device 13 is performed. Thereby, the login screen data is sent from the authority management device 13, and the login screen to the authority management device 13 is displayed on the display unit 51. The user logs in by entering the user ID and password on the login screen, and registers the card for managing the use authority from the selection screen displayed after login, or the instruction to validate the use authority of the registered card When registering a card for managing usage authority, information on the card for managing usage authority is registered from the registration screen. Thereby, in the right information 31, the user ID of the user who registered the card, the registered card ID information, the card type, and the card use authority information are stored in association with each other. On the other hand, when instructing the card authority to be activated, the user selects the card ID information for activating the authority from the activation instruction screen. As a result, ticket data is received from the authority management device 13.

  When the storage unit 71 receives a ticket from the authority management device 13, the storage unit 71 stores the ticket in the storage unit 53. As a result, the ticket 60 is stored in the storage unit 53.

  The presentation unit 72 presents the ticket 60 stored in the storage unit 53 when a predetermined operation that requests the operation input unit 50 to present a ticket is performed. For example, the presentation unit 72 puts the ticket 60 stored in the storage unit 53 into a state in which the ticket 60 can be read by near field wireless communication such as NFC (Near Field Communication) and RFID (Radio Frequency IDentification). The presentation of the ticket 60 is not limited to being readable by radio. For example, the presentation unit 72 may display an image of the image data on the display unit 51 when the ticket 60 is image data such as a two-dimensional code. Further, the presentation unit 72 may convert the ticket 60 into image data such as a two-dimensional code, and cause the display unit 51 to display the converted ticket image. In addition, the presentation unit 72 may cause the display unit 51 to display numbers and characters that are the ticket 60.

  Next, the configuration of the store apparatus 12 will be described. FIG. 7 is a diagram illustrating an example of a functional configuration of the store apparatus according to the first embodiment.

  As illustrated in FIG. 7, the store apparatus 12 includes an operation input unit 80, a display unit 81, a reader unit 82, a communication I / F unit 83, a storage unit 84, and a control unit 85.

  The operation input unit 80 is an input device for inputting various types of information. For example, the operation input unit 80 may be an input device such as a mouse, a keyboard, or a touch panel. The operation input unit 80 receives input of various types of information from the store clerk, and inputs operation information indicating the received operation content to the control unit 85.

  The display unit 81 is a display device that displays various types of information. Examples of the display unit 81 include a display device such as an LCD or a CRT. The display unit 81 displays various information. For example, the display unit 81 displays whether to permit use of the card.

  The reader unit 82 reads the ticket and outputs the read ticket to the control unit 85. Note that the reader unit 82 may read a ticket by short-range wireless communication. The reader unit 82 may read a two-dimensional code in which a ticket is coded as an image, decode the read image, and output the coded ticket to the control unit 85.

  The communication I / F unit 83 is an interface such as a NIC. The communication I / F unit 83 transmits / receives various data to / from other devices via the network. For example, the communication I / F unit 83 transmits a ticket to the authority management device 13 and receives personal information from the authority management device 13.

  The storage unit 84 is a device that stores various types of information. For example, examples of the storage unit 84 include semiconductor memory devices such as RAM and flash memory, and storage devices such as a hard disk and an optical disk.

  The storage unit 84 stores an OS and various programs executed by the control unit 85. Further, the storage unit 84 stores various data. For example, the storage unit 84 stores user information 90.

  The user information 90 is data storing information related to users who use each store. For example, at a store that provides a point card, information relating to the user who created the point card, card ID information such as the card number of the point card, the accumulated number of points, etc. are stored as user information 90. . The user information 90 may be stored in a server computer at a center that manages the store apparatus 12 installed in each store.

  The control unit 85 is a device that controls the store apparatus 12. For example, as the control unit 85, an electronic circuit such as a CPU or MPU, or an integrated circuit such as an ASIC or FPGA can be employed. The control unit 85 has an internal memory for storing programs defining various processing procedures and control data, and executes various processes using these. The control unit 85 functions as various processing units by operating various programs. For example, the control unit 85 includes a reading control unit 100, a request unit 101, a determination unit 102, and a service providing unit 103.

  When a predetermined operation for instructing the operation input unit 80 to start reading a ticket is performed, the reading control unit 100 controls the reader unit 82 to read the ticket. When an operation for providing a service using a card is performed, the reading control unit 100 may start reading a ticket in conjunction with the operation. For example, when the store apparatus 12 is a POS terminal and an operation for designating a payment operation with credit is performed, the reading control unit 100 displays a message for requesting the presentation of a ticket in conjunction with the operation on the display unit 81. The ticket may be displayed and reading of the ticket may be started.

  The request unit 101 transmits a ticket read by the reader unit 82 under the control of the reading control unit 100 to the authority management device 13 to request confirmation of authority.

  The service providing unit 103 provides a service corresponding to the card when the card presented by the user is usable. For example, the service providing unit 103 stores the card ID information presented by the user in the user information 90 and receives a notification from the authority management device 13 that the card use authority is valid. Provide services according to For example, when the user presents a point card and requests the use of the accumulated points, the service providing unit 103 performs an accounting process by subtracting the amount corresponding to the accumulated points from the amount of the product.

[1-3. Checking usage rights]
Next, a flow of confirming the card use authority by the system 10 according to the present embodiment will be described with reference to FIGS. FIG. 8 is a sequence diagram showing a flow of registering a card for managing use authority.

(1) The user terminal 11 requests access to the authority management apparatus 13 when a predetermined operation for instructing the operation input unit 50 to access the authority management apparatus 13 is performed.
(2) The authority management device 13 receives an access request from the user terminal 11.
(3) Upon receiving the access request, the authority management device 13 transmits a login screen web page to the user terminal 11 to display the login screen on the user terminal 11. Accordingly, the user operates the operation input unit 50 to input the user ID and password on the login screen, and performs an operation for instructing login.
(4) The user terminal 11 transmits the user ID and password input on the login screen to the authority management device 13 when an operation to instruct login is performed on the login screen.
(5) The authority management device 13 authenticates the user with the user ID and password received from the authority management device 13.
(6) When the user can be authenticated by the user ID and password, the authority management device 13 notifies the completion of authentication, and further registers the card for managing the use authority or validates the use authority of the registered card. A web page of a selection screen for selecting whether to instruct the conversion is transmitted to the user terminal 11 and the selection screen is displayed on the user terminal 11.
(7) When registering a card for managing usage authority, the user operates the operation input unit 50 to select card registration from the selection screen. Thereby, the user terminal 11 transmits to the authority management device 13 that the card registration has been selected.
(8) When the registration of the card is selected from the selection screen, the authority management device 13 transmits the web page of the registration screen to the user terminal 11 and causes the user terminal 11 to display the registration screen. The user inputs information related to the card such as ID information and type of the card whose use authority is managed from the registration screen.
(9) When the information related to the card is input from the registration screen, the user terminal 11 transmits the input information related to the card to the authority management device 13.
(10) The authority management device 13 associates the card ID information input on the registration screen with the user ID of the authenticated user, and registers the data in the right information 31 with the card use authority disabled. As a result, the right information 31 stores the user ID, the card ID information, and the card use authority in association with each other.
(11) When the registration of data in the right information 31 is completed, the authority management device 13 notifies the user terminal 11 of the completion of registration.

  In the present embodiment, the card validity period is stored in advance in the security policy information 33, but the validity period may be set by the user from the user terminal 11.

  FIG. 9 is a sequence diagram showing a flow of issuing a ticket for confirming the card use authority. Note that (12) to (17) are the same as the above (1) to (6), and thus the description thereof is omitted.

(18) When instructing the activation of the registered card use authority, the user operates the operation input unit 50 and selects the card use authority from the selection screen. As a result, the user terminal 11 transmits to the authority management apparatus 13 that the card usage authority has been validated.
(19) When the activation of the card use authority is selected from the selection screen, the authority management device 13 transmits the web page of the activation instruction screen to the user terminal 11 and displays the activation instruction screen on the user terminal 11. Let The user selects ID information of a card whose usage authority is validated from the validation instruction screen.
(20) When the user terminal 11 is instructed to validate the use authority of any card on the activation instruction screen, the user terminal 11 performs authority management on information related to the card such as the ID information of the card instructed to validate the use authority. Transmit to device 13.
(21) The authority management device 13 changes the use authority of the card instructed to enable the use authority to be valid.
(22) The authority management device 13 generates a ticket associated with the card instructed to validate the use authority, and is associated with the generated ticket, and is instructed to validate the user ID of the authenticated user. The ID information of the card and the provided date / time are registered in the provided code information 32. Thereby, the ticket, the user ID, the card ID information, and the card use authority are associated with each other.
(23) The authority management device 13 transmits the generated ticket to the user terminal 11. When the user terminal 11 receives a ticket from the authority management device 13, the user terminal 11 stores the ticket in the storage unit 53.

  FIG. 10 is a sequence diagram showing a flow of confirming the card use authority.

(24) When exercising the right of the card to the store, the user performs a predetermined operation for requesting the operation input unit 50 to present a ticket. As a result, the user terminal 11 presents the ticket in a state in which the ticket 60 stored in the storage unit 53 can be read by the short-range wireless communication.
(25) The store apparatus 12 reads the ticket by the reader unit 82 when the store clerk performs a predetermined operation to instruct the operation input unit 80 to start reading the ticket.
(26) The store apparatus 12 transmits the read ticket to the authority management apparatus 13 and requests confirmation of the authority.
(27) When receiving the ticket from the store apparatus 12, the authority management apparatus 13 verifies whether or not the received ticket is appropriate.
(28) If the received ticket is appropriate, the authority management device 13 obtains the ID information of the card associated with the received ticket from the provided code information 32, and rights information corresponding to the obtained ID information of the card Based on the card use authority stored in 31, the presence or absence of the card use authority is specified.
(29) The authority management apparatus 13 notifies the use authority of the specified card to the store apparatus 12 that has transmitted the ticket.
(30) The store apparatus 12 determines whether the service can be provided. For example, the store apparatus 12
It is determined whether the ID information of the card presented by the user is stored in the user information 90, and the authority to use the card is valid from the authority management device 13.
(31) If the service can be provided, the store apparatus 12 provides a service corresponding to the card.
(32) The store apparatus 12 notifies the user terminal 11 of the service provision result when notification of the service provision result is required.

  The authority management device 13 may store feature information indicating the user's characteristics as the user information, and may transmit the feature information to the store device 12 together with the presence / absence of the use authority. This feature information may be any information that can be identified by the user, and may be physical feature information such as image data of the user's face, height, gender, fingerprint, voiceprint, mole position, and the like. For example, the authority management device 13 stores the image data of the user's face in the storage unit 21 in association with the user ID of the user. Then, the notification unit 48 specifies the user ID corresponding to the received ticket from the provided code information 32, and transmits the image data corresponding to the specified user ID to the store apparatus 12 as user information. In the store apparatus 12, an image of the transmitted image data is displayed. As a result, the store clerk can perform identity verification by comparing the face shown in the image with the face of the user seeking service. The identity verification method is not limited to a method by a person such as a store clerk. For example, a camera may be provided in the store apparatus 12 to photograph the face of the user, and the identity verification may be performed by performing matching or the like in comparison with the face of the received image data. When the feature information is a voice print, the user's voice may be acquired with a microphone or the like, and the identity verification may be performed based on whether the voice prints match. If the feature information is a fingerprint, the user's fingerprint may be acquired by a reading device that reads the fingerprint, and identity verification may be performed based on whether the fingerprints match. That is, the store apparatus 12 may acquire the user's physical characteristics and perform identity verification.

  In this manner, the authority management device 13 accepts registration of various cards of the user and manages the use authority. That is, the authority management device 13 centrally manages the authority to use various cards with different registered issuers. Thus, the user can centrally manage the use authority of various cards only by the authority management device 13 by registering various cards with different issuing entities in the authority management device 13, and the convenience is improved. When the activation of the card use authority is instructed, the authority management device 13 provides the user with a ticket associated with the card instructed to activate and changes the use authority to be valid for a predetermined period. And the authority management apparatus 13 notifies the use authority of a card | curd, when a ticket is received from the shop apparatus 12. FIG. Thereby, the authority management apparatus 13 can suppress the unauthorized use of the card even when the card is lost. In addition, the authority management device 13 accepts registration of various cards of the user and manages the use authority in an integrated manner. For this reason, the authority management device 13 does not need the user to access another system for unlocking each card type, and does not need to learn the unlock rules for each card. Convenience can be improved. Moreover, since the store apparatus 12 can also confirm the authority to use various cards by the authority management apparatus 13, the load on system construction can be reduced for the store.

[1-4. Action]
Next, the operation of the system 10 according to the present embodiment will be described. First, the flow of a registration process in which the right management device 13 according to the present embodiment registers information related to a card for which the use right is managed in the right information 31 will be described. FIG. 11 is a flowchart showing the procedure of the registration process. This registration process is performed at a predetermined timing, for example, when an operation for instructing registration completion is performed on the registration screen and information related to the card such as the card ID information input on the registration screen is received from the user terminal 11. Is executed.

  As shown in FIG. 11, the registration receiving unit 41 associates the card ID information input on the registration screen with the user ID of the authenticated user, registers the data in the right information 31 with the card use authority invalidated. (S10), and the process ends.

  Next, a flow of ticket providing processing in which the authority management device 13 according to the present embodiment provides a ticket to the user will be described. FIG. 12 is a flowchart showing the procedure of the ticket providing process. In this ticket providing process, for example, an operation for instructing the activation authority of any card is performed on the activation instruction screen, and the activation instruction is instructed on the activation instruction screen. This is executed at the timing when the information indicating the card is received from the user terminal 11.

  As illustrated in FIG. 12, the generation unit 43 generates a new ticket (S20). The registration unit 45 registers the user ID of the authenticated user, the ID information of the card instructed to be activated, and the date and time of provision in the provision code information 32 in association with the ticket generated by the generation unit 43 ( S21). The changing unit 46 effectively changes the use authority of the right information 31 for the card for which the use authority is instructed (S23). The providing unit 44 provides the generated ticket to the user (S22) and ends the process.

  Next, a flow of authority change processing in which the authority management apparatus 13 according to the present embodiment changes the card use authority will be described. FIG. 13 is a flowchart showing the procedure of authority change processing. This authority change process is executed periodically, for example, at regular intervals.

  As shown in FIG. 13, the changing unit 46 monitors the provision date and time of each card stored in the provision code information 32, and the valid period stored in the security policy information 33 has elapsed from the provision date and time. It is determined whether or not (S30). If no valid period has passed (No in S30), the process ends. On the other hand, when there is a card whose valid period has passed (Yes in S30), the changing unit 46 changes the use authority of the right information 31 for the card whose valid period has passed to invalid (S31), and ends the process.

  Next, a flow of notification processing in which the authority management apparatus 13 according to the present embodiment notifies the presence / absence of card use authority will be described. FIG. 14 is a flowchart illustrating the procedure of the notification process. This notification process is executed at a predetermined timing, for example, when a ticket is received.

  As shown in FIG. 14, the verification unit 47 determines whether or not the received ticket is stored in the provided code information 32 (S40). If the ticket is not stored in the provided code information 32 (No at S40), the verification unit 47 notifies the store apparatus 12 that the ticket is inappropriate (S41), and ends the process. On the other hand, when the ticket is stored in the provided code information 32 (Yes in S40), the notification unit 48 obtains the ID information of the card associated with the received ticket from the provided code information 32, and the obtained card ID information. The card use authority is specified based on the card use authority stored in the right information 31 (S42). Then, the notification unit 48 notifies the store device 12 of the data on the authority to use the specified card (S43), and ends the process.

[1-5. effect]
In this way, the authority management device 13 accepts registration of various cards as the right information regarding the right to use the service provided by the service providing entity in the store, and uses the use authority of the card that accepted the registration as an invalid state. The authority information is stored in the storage unit 21. The authority management device 13 receives an instruction to activate the right to use the card for exercising the right from the user who exercises the card right to the store, and code information associated with the card instructed to activate the right to use Is provided to the user. Further, the authority management device 13 is instructed to validate the use authority, and changes the use authority of the card stored in the use authority information to be valid for a predetermined period. When the authority management device 13 receives code information from the store device 12 provided in the store, the store management device 13 is associated with the code information and based on the use authority of the card stored in the use authority information. 12 is notified whether the card has authority to use. Thereby, the authority management apparatus 13 can improve user convenience while suppressing unauthorized use of rights.

  Further, the expiration date of the ticket is determined, and the authority management device 13 transmits to the store device 12 that the card use authority is valid when the ticket received from the store device 12 is within the expiration date. Thereby, the authority management apparatus 13 can suppress unauthorized use of the ticket even if the ticket leaks by appropriately determining the expiration date.

(Second Embodiment)
[2-1. System configuration]
Next, a second embodiment will be described. The configurations of the system 10, the user terminal 11, the store apparatus 12, and the authority management apparatus 13 according to the second embodiment are substantially the same as those in the first embodiment, and thus different parts will be mainly described.

  The authority management device 13 stores conditions for validating the use authority as security policy information 33 for each type of card. For example, the validity period for validating the use authority is stored for each type of card.

  The change unit 46 periodically monitors the ticket provision date and time stored in the provision code information 32, and the validity period corresponding to the type of each card stored in the security policy information 33 has elapsed from the provision date and time. Change the card usage authority to disabled.

  As a result, the authority management device 13 can set a valid period for validating the ticket for each type of card, so that the security can be changed for each type of card. For example, for a card that is heavily damaged when it is lost and used illegally, or a card that is frequently used illegally, it is possible to suppress unauthorized use by shortening the validity period. In addition, a card with less unauthorized use can be used for a long time after the user obtains a ticket by extending the validity period, thereby improving convenience. The conditions for validating the usage authority for each type of card may be set individually by each user, or may be set by the administrator of the authority management apparatus 13.

  Further, the change unit 46 is instructed to enable the user who has instructed the activation of the use authority by the instruction receiving unit 42 when a card other than the one in which the activation is instructed by the right information 31 has been activated. Disable the card. In other words, if any card has already been activated, the changing unit 46 disables the card instructed to be activated and disables a plurality of cards at the same time.

  In addition, for the user who has instructed the activation of the use authority by the instruction receiving unit 42, the providing unit 44, when a card other than the activation instructed is activated, the code for the card instructed to activate Stop providing information.

  Thereby, since the user cannot activate a plurality of cards at the same time, the authority management device 13 can suppress unauthorized use even when a ticket for each card leaks.

  In addition, the activation instruction screen according to the present embodiment can display an advertisement. FIG. 15 is a diagram illustrating an example of the activation instruction screen. In the activation instruction screen 110, the card ID information and type are displayed on a button 111 arranged on the screen, and the card to be activated can be selected by the button 111. The activation instruction screen 110 can display an advertisement 112. When a card to be activated is specified on the activation instruction screen 110, the instruction reception unit 42 displays an advertisement 112 related to the service provided by the specified card on the activation instruction screen 110 and presents it to the user. To do. For example, the instruction receiving unit 42 displays, as the advertisement 112, a nearby store that provides a specified card service on the activation instruction screen 110. Moreover, since the authority management apparatus 13 can grasp | ascertain the use condition of a card | curd by accumulating the log | history information of the card | curd activated by each user in the memory | storage part 21, for example, the advertisement regarding the card service with a high use condition is effective. Display on the conversion instruction screen 110. For example, the authority management device 13 causes the activation instruction screen 110 to display an advertisement related to a store that provides a service of a point card with a high use frequency or a product that can obtain a high point with the point card. The advertisement displayed on the activation instruction screen 110 may be acquired by making an inquiry to another server device that stores the advertisement provided for each service provided by the card. Moreover, the authority management apparatus 13 is good also as what memorize | stores the advertisement relevant to each service as advertisement information in the memory | storage part 21, and acquires the advertisement displayed from advertisement information. Note that the layout of the activation instruction screen 110 shown in FIG. 15 is an example, and the present invention is not limited to this.

[2-2. effect]
Thus, the authority management apparatus 13 further stores in the storage unit 21 conditions for validating the use authority for each type of card. Then, the authority management device 13 changes the use authority of the card instructed to validate the use authority in accordance with the condition corresponding to the type of card stored in the storage unit 21. Thereby, since the authority management apparatus 13 can set conditions for each card type, the authority for use can be changed for each card type.

  Further, the authority management device 13 further provides the user with an advertisement related to the card for which activation has been instructed. Thereby, since the authority management apparatus 13 can provide an advertisement according to the service used by the user by presenting an advertisement related to the card instructed to be activated, a high advertising effect can be obtained.

  In addition, for a user who has instructed card activation, the authority management device 13 sets the card instructed to be invalid and invalidates the code information if the card other than that instructed to be activated is activated. Stop providing. Thereby, the authority management apparatus 13 can suppress unauthorized use even when a ticket for each card leaks.

[3. Others]
As described above, some of the embodiments of the present application have been described in detail based on the drawings. It is possible to implement the present invention in other forms with improvements.

  For example, in the above-described embodiment, a case has been described in which a store is an example of a facility and a card right is exercised as a right provided by a service provider. However, the present invention is not limited to this. For example, you may apply when providing a service only to a specific individual in public institutions, such as acquisition of a family register in a government office, and reading of real estate registration information in the Legal Affairs Bureau. Moreover, you may apply when confirming rights, such as whether a user is a member and whether a user can purchase at a discount price in a store. That is, the rights managed by the authority management device 13 are not limited to the rights provided by the card.

  In the above-described embodiment, the case where the authority management device 13 provides a ticket to the user in order to confirm the authority to exercise the card right in the store has been described, but the present invention is not limited to this. For example, when managing entry / exit using a card, the authority management device 13 provides the user with code information to confirm the authority to enter / exit with the card, and the entry / exit management system grants authority based on the code information. The card that has been confirmed may be allowed to enter or leave. Thereby, unauthorized entry / exit due to impersonation can be suppressed.

Further, the rights to be managed by the authority management device 13 are not limited to the right to use one service. That is, the rights that are managed by the authority management device 13 may be rights that can use a plurality of services. In this way, even when rights are available for a plurality of services, by registering them together in the authority management device 13, it is not necessary to separately manage the rights for each service, and the authority management device 13 performs unified management. Therefore, convenience for the user is improved. In addition, the store apparatus 12 does not need to check the authority for each service service by the authority management apparatus 13 for each service, and the authority management apparatus 13 can confirm the authority of each service. It can be kept low.

  In the above-described embodiment, the case where the store apparatus 12 transmits a ticket to the authority management apparatus 13 and the authority management apparatus 13 determines whether or not the received ticket is stored in the provided code information 32 has been described. However, the present invention is not limited to this. For example, the store apparatus 12 transmits at least one of the card ID information and the user ID of the user together with the ticket to the authority management apparatus 13, and the authority management apparatus 13 provides the ID information and the user ID in association with the received ticket. It may be determined whether or not the code information 32 is stored. Thereby, the authority management apparatus 13 can verify whether the ticket is issued to the card and whether the user who presented the ticket is a valid user who owns the card.

  In the above embodiment, the case where the valid period of the ticket is stored in the security policy information 33 as the condition for validating the use authority has been described. However, the present invention is not limited to this. For example, address information such as the IP address of the store apparatus 12 may be stored as the security policy, and the ticket may be validated when received from the address of the stored address information. Further, for example, as a security policy, when a user who has requested a ticket within a predetermined period such as 5 minutes after receiving a ticket from the store apparatus 12 can be authenticated by the authority management apparatus 13, the card use authority It may be effective. Thereby, even when a ticket leaks, unauthorized use can be suppressed, and ticket security can be improved.

  In the above embodiment, the case has been described in which the user ID of the user and the ID information unique to the card are stored in association with the right information 31 and the provided code information 32, but the present invention is not limited to this. For example, an intermediate number determined in association with a number uniquely determined for the card may be stored as the card ID information. FIG. 16 is a diagram for explaining intermediate numbers. For example, as shown in FIG. 16, an intermediate number (LinkID) is determined in association with a number (SID) uniquely determined for the card. In the right information 31 and the provided code information 32, the user ID of the user and the Link ID are stored in association with each other. Thereby, user ID and SID are linked | related via LinkID. Thus, by storing the Link ID instead of the number uniquely determined for the card, for example, even when the Link ID leaks due to leakage of the rights information 31 and the provision code information 32 stored in the storage unit 21, It is possible to prevent leakage of the number unique to the card.

  Further, the authority management device 13 described above may be realized by a plurality of server computers, and depending on the function, an external platform or the like may be realized by calling an API (Application Programming Interface) or network computing. Can be changed flexibly.

  Further, the “means” described in the claims can be read as “section (module, unit)” or “circuit”. For example, the search means can be read as a search unit or a search circuit.

DESCRIPTION OF SYMBOLS 10 System 11 User terminal 12 Store apparatus 13 Authority management apparatus 21 Storage part 22 Control part 30 User information table 31 Rights information 32 Provision code information 33 Security policy information 40 Authentication part 41 Registration reception part 42 Instruction reception part 43 Generation part 44 Provision part 45 Registration unit 46 Change unit 47 Verification unit 48 Notification unit

Claims (8)

Registration acceptance means for accepting registration of ID information for identifying a card used when exercising the right as rights information regarding the right to use the service at the facility;
Storage means for storing use authority corresponding to the ID information of the card that accepted the registration;
In response to an instruction to validate the right to use the service at the facility and is invalid, code information associated with the ID information of the card instructed to validate the right Providing means to provide to users who exercise
Changing means for effectively changing the right of use of the right instructed to be activated;
When receiving the code information from the facility apparatus provided in the facility, based on the use authority corresponding to the ID information associated with the code information, a notification means for notifying the facility apparatus of the presence or absence of the use authority;
An authority management device characterized by comprising: The changing means changes the right to use the right instructed to activate the use right according to the condition according to the type of right stored in the storage means for storing the condition for validating the use right for each type of right. The authority management device according to claim 1, wherein: The authority management apparatus according to claim 1, wherein the providing unit further provides the user with an advertisement related to a right instructed to be activated. The notification means is feature information indicating a feature of a user who is provided with a right from a service providing entity that provides the service, and the feature information of the user who is provided with the right to notify the presence / absence of use authority is provided in a facility device The authority management apparatus according to any one of claims 1 to 3, wherein the authority management apparatus transmits to the authority management apparatus. The changing means sets the right instructed to be invalid when another right has been activated for the user instructed to activate the right,
The providing means, for the user who has instructed the activation of the right, stops providing code information about the right instructed to be activated when the other right has been activated. Item 5. The authority management device according to any one of Items 1 to 4. The authority management device according to any one of claims 1 to 5, wherein the ID information is an intermediate number determined in association with a number uniquely determined for the card. A right management method executed by a computer,
A registration acceptance process for accepting registration of ID information for identifying a card used when exercising the right as the right information regarding the right to use the service at the facility;
A storage step of storing the use authority in the storage means in correspondence with the ID information of the card that accepted the registration;
In response to an instruction to validate the right to use the service at the facility and is invalid, code information associated with the ID information of the card instructed to activate the right Providing process to users who exercise
A change step of effectively changing the right to use the right instructed to be activated;
When receiving the code information from the facility apparatus provided in the facility, based on the use authority corresponding to the ID information associated with the code information, a notification step of notifying the facility apparatus of the presence or absence of the use authority,
An authority management method characterized by comprising: Registration acceptance procedure for accepting registration of ID information identifying a card used when exercising the right as rights information regarding the right to use the service at the facility;
A storage procedure for storing the use authority in the storage means in correspondence with the ID information of the card that accepted the registration;
In response to an instruction to validate the right to use the service at the facility and is invalid, code information associated with the ID information of the card instructed to validate the right Provision procedures to be provided to users who exercise
A change procedure for effectively changing the right to use the right instructed to be activated;
A notification procedure for notifying the facility apparatus of the presence or absence of the use authority based on the use authority of the right corresponding to the ID information associated with the code information when the code information is received from the facility apparatus provided in the facility When,
The right management program which makes a computer execute.

Images