JP6645064B2 - Information management server and payment system - Google Patents

Description

  The present invention relates to an information management server used for settlement and a settlement system.

  In recent years, with the expansion of services using credit cards, information managed together with credit card numbers has been diversified. For example, the server described in Patent Literature 1 stores, in addition to a credit card number, information on the mail address and residence of the owner of the credit card. Information managed together with the credit card number is used for processing that accompanies payment using a credit card. For example, in the example described in Patent Literature 1, information managed together with a credit card number is used for distributing information to an owner at the time of payment using a credit card.

JP 2010-231392 A

By the way, if the server stores the credit card number, the credit card number may leak out of the server and be used illegally. Therefore, except for a server that requires storage of a credit card number, such as a server that performs payment processing, other servers, specifically, as described above, information used for processing that accompanies payment. It is preferable that the credit card number is not stored in the server storing.
SUMMARY OF THE INVENTION It is an object of the present invention to provide an information management server and a payment system that can enhance security for using a credit card.

  An information management server that solves the above-mentioned problem includes a storage unit that stores data, a receiving unit that receives unique information including alternative information associated with a credit card number, and a condition under which the unique information and payment are permitted. A registration unit that associates a certain settlement permission condition with the storage unit as condition data and stores the condition data in the storage unit, a settlement request amount that is a settlement amount requested from the terminal that requests settlement, and verification information included in the unique information. And an acquisition unit that acquires the settlement request information indicating the situation where settlement is requested, and the settlement permission condition associated with the collation information in the condition data. Using the payment request information to determine whether or not the specified payment permission condition is satisfied, and determine that the payment permission condition is satisfied. The payment request amount in the mix, and an output unit for outputting in association with the substitute information that is correlated in the condition data to the specified the payment authorization condition.

  A settlement system that solves the above-mentioned problem, a registration terminal that acquires unique information including alternative information associated with a credit card number, and an external acquisition condition included in a settlement permission condition that is a condition under which settlement is permitted, A payment terminal that acquires a payment request amount, which is an amount required for payment, and collation information included in the unique information, and an information management server that is connected to the registration terminal and the payment terminal via a network. A payment system comprising: a storage unit that stores data; a receiving unit that receives the unique information and the external acquisition condition from the registration terminal; and the unique information and the payment permission condition. And a registration unit for storing the payment request amount and the collation information from the payment terminal. An acquisition unit that acquires settlement request information indicating a situation where settlement is requested, and specifies the settlement permission condition associated with the collation information in the condition data, and uses the settlement request information. A determination unit that determines whether the specified payment permission condition is satisfied, and the payment request amount when it is determined that the payment permission condition is satisfied; And an output unit for outputting in association with the alternative information associated with the condition data.

According to the above configuration, the information management server is a server that determines whether a payment permission condition is satisfied, that is, whether payment is permitted, in response to a payment request from a terminal that requests payment. That is, it is a server that performs processing accompanying the settlement. In such an information management server, alternative information that is an alternative to a credit card number is stored together with a payment permission condition that is information used for processing accompanying the payment, and the credit card number is not stored. Therefore, the outflow of the credit card number is suppressed as compared with the case where the credit card number is stored in the information management server, so that the security for using the credit card is enhanced.
Further, since the unique information and the settlement permission condition are associated with each other in the condition data, it is possible to set the settlement permission condition for each unique information, that is, for each alternative information.

In the information management server, it is preferable that the settlement permission condition includes a period during which settlement is permitted, and the settlement request information includes a time at which settlement is requested.
According to the above configuration, when the situation when the settlement is requested satisfies the condition for the period during which the settlement is permitted, it is determined that the settlement permission condition is satisfied, that is, the settlement is permitted. You. Therefore, the period during which the settlement is permitted can be limited.

In the information management server, it is preferable that the payment permission condition includes an upper limit amount of payment permitted, and the payment request information includes the payment request amount.
According to the above configuration, when the status of the requested amount of payment satisfies the condition of the upper limit amount of payment permitted, it is determined that the payment permission condition is satisfied. Is done. Therefore, the amount of money permitted for settlement can be limited.

  In the information management server, when the determination unit determines that the payment permission condition is satisfied, the determination unit stores the payment request amount in the storage unit as history data in association with the substitute information, and When the new payment request amount and the matching information are received, the substitute information included in the unique information including the matching information and the amount associated with the history data, and the new payment request It is preferable to determine whether or not the settlement permission condition is satisfied by determining whether or not the total amount with the amount is equal to or less than the upper limit amount at which the settlement is permitted.

  According to the above configuration, as a determination as to whether or not the payment permission condition is satisfied, the total amount of the payment permitted amount up to the current payment request and the payment request amount in the current payment request is: It is determined whether or not the payment is equal to or less than the maximum allowed amount. Therefore, it is determined whether or not the upper limit of the amount permitted for settlement including the past usage status is satisfied, so that the amount of money permitted for settlement is appropriately restricted.

  In the information management server, the receiving unit receives at least a part of a condition included in the settlement permission condition, and the registration unit includes the unique information and an external acquisition condition that is a condition received by the receiving unit. It is preferable that the storage unit stores the condition data as the condition data in association with the settlement permission condition.

  According to the above configuration, at least a part of the conditions included in the settlement permission condition is a condition set by a device external to the information management server. Therefore, the degree of freedom in setting the settlement permission condition is increased.

In the information management server, the registration unit, when the receiving unit receives the unique information and the new external acquisition condition, the external acquisition condition associated with the unique information in the condition data Is preferably changed to the new external acquisition condition.
According to the above configuration, since the conditions included in the settlement permission condition can be changed, the degree of freedom in setting the settlement permission condition is increased.

  In the information management server, the external acquisition condition is an upper limit amount for which payment is permitted, and the registration unit determines that the settlement permission condition is not satisfied because the determination unit exceeds the upper limit amount. It is preferable to receive a change in the external acquisition condition.

  According to the above configuration, when it is determined that the settlement permission condition is not satisfied due to the excess of the upper limit amount, the upper limit amount stored as the condition data can be changed. Therefore, when the situation of the amount requested for settlement corresponds to exceeding the upper limit amount, the upper limit amount can be increased, thereby improving the convenience for the user.

  In the information management server, the unique information includes authentication information unique to each user, and the receiving unit receives a request for a predetermined process from a terminal including a terminal requesting the payment, Receiving the authentication information input to a terminal including a terminal requesting payment from the terminal, and confirming that the authentication information received by the receiving unit matches the authentication information included in the condition data. Preferably, the apparatus further comprises an authentication unit for permitting the execution of the predetermined process.

  According to the above configuration, the execution of the predetermined process is allowed based on confirming that the authentication information received from outside the information management server matches the authentication information stored in the information management server. The security for the execution of the process is enhanced.

  In the information management server, in the predetermined process, transmission to a terminal including a terminal that requests the payment of the payment permission condition associated with the authentication information that has been confirmed in the condition data in the condition data, At least one of changing the settlement permission condition and prohibiting processing using the settlement permission condition is included.

According to the above configuration, the security against at least one execution of transmitting the payment permission condition to the terminal, changing the payment permission condition included in the condition data, and prohibiting the process using the payment permission condition is enhanced.
In the information management server, the collation information may be the substitute information.
In the information management server, the collation information may be the authentication information.
According to the above configuration, the determination of the settlement permission condition by the determination unit is accurately realized.

  In the information management server, in the condition data, the settlement permission condition is associated with each of the plurality of unique information, and the plurality of unique information is different from each other associated with the same credit card number. Preferably, the unique information including information is included.

According to the above configuration, the settlement permission condition is associated with each of the plurality of pieces of alternative information associated with one credit card number. Therefore, by setting the alternative information for each user, it is possible for a plurality of users to use the settlement using one credit card. It is also possible to impose different settlement permission conditions on each of such settlements by a plurality of users.
In the information management server, it is preferable that the substitute information indicates a sequence including a token.

  According to the above configuration, even if the substitute information leaks from the information management server, the credit card number is changed based on the substitute information, as compared with the case where the substitute information is the information in which the credit card number is encrypted. Calculation is suppressed. Therefore, security against credit card use is particularly enhanced.

  According to the present invention, security for use of a credit card can be enhanced.

It is a figure which shows the structure of the information management server with 1st Embodiment of a payment system, and the whole structure of a payment system. FIG. 3 is a diagram illustrating an example of a data configuration of condition data according to the first embodiment. FIG. 7 is a sequence diagram illustrating a procedure for registering substitute information and a settlement permission condition in the first embodiment. FIG. 4 is a sequence diagram showing a procedure of payment of a price in the first embodiment. It is a figure showing an example of the data composition of condition data in a 2nd embodiment. FIG. 14 is a sequence diagram illustrating a part of a procedure for registering alternative information, authentication information, and a payment permission condition in the second embodiment. It is a sequence diagram showing a part of procedure of payment of the price in a 2nd embodiment. FIG. 13 is a sequence diagram illustrating a procedure for confirming a settlement permission condition in the second embodiment. FIG. 13 is a sequence diagram illustrating a procedure for prohibiting a process using a settlement permission condition in the second embodiment.

(1st Embodiment)
The first embodiment of the information management server and the payment system will be described with reference to FIGS. The settlement system according to the first embodiment is used, for example, when an event participant pays for a product or service at a store where the event opens, in an event held only during a predetermined period.

[Configuration of payment system]
With reference to FIG. 1, the configuration of the payment system and the configuration of the devices that make up the payment system will be described.

  As shown in FIG. 1, the payment system includes an information management server 10, one or more registration terminals 20, and one or more payment terminals 30. The information management server 10, the registration terminal 20, and the payment terminal 30 are connected to a network NW such as a general-purpose communication line such as the Internet or a dedicated communication line, and the information management server 10 communicates with each of the registration terminal 20 and the payment terminal 30, Data transmission and reception are performed mutually via the network NW.

  The tokenizing server 40 and the settlement server 50 are connected to the network NW. The tokenization server 40 transmits and receives data to and from each of the information management server 10, the registration terminal 20, and the settlement server 50 via the network NW. The settlement server 50 transmits and receives data to and from each of the registration terminal 20 and the tokenization server 40 via the network NW.

  Note that the network NW may include a plurality of networks. That is, the network used for communication between the above devices may be one common network or different networks.

  The tokenization server 40 has a function of generating alternative information by tokenization. The tokenization server 40 generates an alternative ID, which is an example of the alternative information, by performing tokenization on the credit card number. The alternative ID is a sequence in which part or all of the credit card number is replaced with another sequence which is a token. The alternative ID is associated with the credit card number before being replaced with a token in the tokenization server 40.

  The payment server 50 is a server that performs processing of payment by a credit card, and is a server included in a system of a credit card company. The settlement server 50 stores, for each credit card contract, card authentication information such as an expiration date, a usage limit, a usage amount, and a personal identification number, and based on the credit card information including the credit card number, It is determined whether a credit card corresponding to the card information is available. Further, the payment server 50 receives the notification of the credit card number and the amount to be paid, and performs the payment processing. The settlement processing includes processing such as adding the amount to be settled to the usage amount of the contract corresponding to the notified credit card number. The process described as the process by the settlement server 50 may be performed by a plurality of servers. The transfer of information between the settlement server 50 and each of the registration terminal 20 and the tokenization server 40 may be performed via a server managed by a settlement agency or the like and functioning as a gateway.

The registration terminal 20 is installed at, for example, an entrance of an event venue, and is used by a user who is a participant of the event.
The registration terminal 20 has a function of reading information from the credit card 60 and a function of communicating with the IC tag 70 by short-range wireless communication such as NFC (near field communication), in addition to a communication function via the network NW. are doing. That is, the registration terminal 20 has a function as a magnetic card reader and a function as a reader / writer of an IC tag. Further, the registration terminal 20 stores an operation unit that receives a user's operation, a display unit that displays information, a control unit that controls processing of each unit of the registration terminal 20, and a program that defines the processing performed by the control unit. It has a storage unit to perform. The control unit controls communication between the registration terminal 20 and another device, and processes information acquired by the registration terminal 20 from another device and information input to the registration terminal 20 through operation of the operation unit.

  The registration terminal 20 acquires the credit card information from the credit card 60. Then, the registration terminal 20 transmits the credit card information to the payment server 50, and receives from the payment server 50 a determination result as to whether or not a credit card corresponding to the credit card information is available. When the determination result is available, the registration terminal 20 transmits the credit card number to the tokenization server 40 and receives the alternative ID associated with the credit card number from the tokenization server 40. Then, the registration terminal 20 transmits the alternative ID to the IC tag 70 and stores it in the storage unit provided in the IC tag 70.

  The registration terminal 20 receives an input of a condition included in a payment permission condition, which is a condition under which payment is permitted, through the operation unit, and transmits the input condition to the information management server 10 together with an alternative ID.

  The IC tag 70 is a device that includes an IC chip and an antenna and can transmit and receive data by short-range wireless communication. The IC tag 70 has, for example, a wristband shape or a pendant shape, and is carried by a user.

  The payment terminal 30 is installed in a store in the event venue, and is used when a user pays for a product or service. The payment terminal 30 is an example of a terminal that requests payment.

  The payment terminal 30 has a function of communicating with the IC tag 70 by short-range wireless communication such as NFC, in addition to a communication function via the network NW. That is, the payment terminal 30 has a function as an IC tag reader / writer. In addition, the payment terminal 30 stores an operation unit that accepts a user's operation, a display unit that displays information, a control unit that controls processing of each unit of the payment terminal 30, and a program that defines the processing performed by the control unit. It has a storage unit to perform. The control unit controls communication between the payment terminal 30 and another device, and processes information acquired by the payment terminal 30 from another device and information input to the payment terminal 30 through operation of the operation unit. The payment terminal 30 may be connected via a network to a server that manages a POS system used by the store.

  Payment terminal 30 accepts an input of a settlement request amount, which is an amount required for settlement, through the operation unit. The settlement request amount is the price of the product or service. The method of inputting the settlement request amount to the payment terminal 30 is not limited to input through the operation unit. For example, the payment terminal 30 may have a function of reading information from a barcode, and the payment terminal 30 may read the payment request amount corresponding to the price of the product from the barcode attached to the product.

  The payment terminal 30 reads the alternative ID from the IC tag 70, transmits the alternative ID and the settlement request amount to the information management server 10, and requests settlement. The payment terminal 30 includes, in addition to the alternative ID and the settlement request amount, payment terminal information such as store information indicating information on a store that sold the product or the like and product information indicating information on a product or service purchased by the user. Information stored in the payment terminal 30 or information that can be acquired by the payment terminal 30 may be transmitted to the information management server 10.

The information management server 10 includes a communication unit 11, a storage unit 12, and a control unit 13.
The communication unit 11 executes a connection process between the information management server 10, the registration terminal 20, the payment terminal 30, and the tokenization server 40 via the network NW. In addition, the communication unit 11 transmits and receives data between the information management server 10 and each of the above devices. The communication unit 11 functions as a receiving unit and an output unit.

  The storage unit 12 is composed of a nonvolatile memory such as a hard disk drive, and stores programs and data necessary for processing executed by the control unit 13. The storage unit 12 stores condition data 12a and history data 12b as an example of data.

  The condition data 12a is data in which an alternative ID and a settlement permission condition are associated with each other. The settlement permission condition includes a settlement possible period, which is a period during which settlement is permitted, and an upper limit amount, which is an upper limit of the amount permitted for settlement. The upper limit is determined by the user, for example, as the upper limit of the amount to be used for payment at the event. The settlement possible period is, for example, a period during which an event is held.

  The history data 12b is data indicating a settlement request history that is a history of a request for settlement for each alternative ID. The settlement request history includes a settlement request amount for each settlement request from the payment terminal 30. Further, the settlement request history may include, for each settlement request from the payment terminal 30, a settlement request time, which is the date and time when the settlement was requested, and store information and merchandise information. Note that the history data 12b may include only the settlement request history when the settlement is permitted, or may include the settlement request history when the settlement is permitted and the settlement request history when the settlement is not permitted. May be included for each history together with information indicating whether settlement is possible.

The control unit 13 includes a CPU and a volatile memory such as a RAM. The control unit 13 controls the communication of the communication unit 11, reads and writes information in the storage unit 12, and performs various arithmetic processes on the information management server 10 based on programs and data stored in the storage unit 12. Controls the function unit.
The control unit 13 includes a condition data management unit 13a that functions as a registration unit, and a settlement possibility determination unit 13b that functions as an acquisition unit and a determination unit.

  The condition data management unit 13a stores the substitute ID received by the communication unit 11 from the registration terminal 20 in the storage unit 12 in association with the settlement permission condition, and constructs the condition data 12a.

  The settlement permission condition associated with the alternative ID is not limited to the condition input to the registration terminal 20, but includes a condition stored in the registration terminal 20 in advance and a condition stored in the information management server 10 in advance. You may. For example, the settlement possible period is set in advance and stored in the information management server 10, and the condition data management unit 13a sets the upper limit amount received from the registration terminal 20 and the settlement possible period stored in the storage unit 12. May be stored in the storage unit 12 in association with the alternative ID as the settlement permission condition. Among the conditions included in the settlement permission condition, the condition received by the information management server 10 from the registration terminal 20 is the external acquisition condition.

  The settlement possibility determination unit 13b receives the alternative ID and the settlement request amount from the payment terminal 30 through the communication unit 11, and acquires settlement request information indicating a situation where the settlement is requested. The settlement request information includes a settlement request amount and a settlement request time.

  The settlement possibility determination unit 13b acquires the settlement request time in the following procedure, for example. That is, the payment terminal 30 obtains the date and time when transmitting the alternative ID and the settlement request amount to the information management server 10, and sets this date and time as the settlement request to the information management server 10 together with the alternative ID and the settlement request amount. Send. Thereby, the settlement possibility determination unit 13b acquires the settlement request time via the communication unit 11. Alternatively, the information management server 10 includes a clock unit that measures the date and time, and the date and time when the communication unit 11 receives the alternative ID and the payment request amount from the payment terminal 30 is set as the payment request time and the payment availability determination unit 13b Is obtained.

  The settlement possibility determination unit 13b specifies a settlement permission condition associated with the alternative ID received from the payment terminal 30 in the condition data 12a. Then, it is determined whether or not the specified settlement permission condition is satisfied using the acquired settlement request information. That is, the settlement possibility determination unit 13b determines whether the settlement request time is included in the settlement possible period. In addition, the settlement possibility determination unit 13b sets the settlement amount, which is the total amount of the settlement request amount accepted in the current settlement request and the settlement amount permitted for the same alternative ID by the time of receiving the current settlement request amount. It is determined whether or not the total request amount is equal to or less than the upper limit amount.

  The settlement possibility determination unit 13b calculates the settlement request total amount in the following procedure. That is, the history data 12b refers to the settlement request history associated with the alternative ID received from the payment terminal 30, that is, the settlement request history in which the settlement is permitted. Then, the settlement possibility determination unit 13b calculates the total settlement request amount by adding the settlement request amount included in the settlement request history and the currently accepted settlement request amount.

  When it is determined that the settlement permission condition is satisfied, that is, when the total settlement request amount is equal to or less than the upper limit amount and the settlement request time is included in the settlement possible period, the settlement possibility determination unit 13b It is determined that the settlement is permitted. On the other hand, when the settlement permission condition is not satisfied, that is, when the total settlement request amount exceeds the upper limit amount or when the settlement request time is not included in the settlement possible period, the settlement possibility determination unit 13b sets the settlement permission It is determined not to be performed.

  When it is determined that the settlement is permitted, the settlement possibility determination unit 13b uses the history data 12b to set the current settlement request such as the currently accepted settlement request amount in the settlement request history for the alternative ID received from the payment terminal 30. Add information about That is, the settlement possibility determination unit 13b associates the alternative ID with the settlement request amount and stores it in the storage unit 12.

  When the settlement request history in the case where the settlement is not permitted is also stored as the history data 12b, the settlement possibility determination unit 13b may perform the following processing. That is, even when it is determined that the settlement is not permitted, the settlement possibility determination unit 13b stores the information about the current settlement request in the settlement request history for the alternative ID received from the payment terminal 30 in the history data 12b. Is added as a settlement request history for which settlement was not permitted.

  When it is determined that the settlement is permitted, the settlement possibility determination unit 13b compares the alternative ID and the settlement request amount received from the payment terminal 30 in the current settlement request with the tokenization server 40 via the communication unit 11. Send to The tokenization server 40 transmits the credit card number associated with the received alternative ID in the tokenization server 40 and the received payment request amount to the payment server 50, and the payment server 50 Perform payment processing based on the information. In addition, the information management server 10 may transmit store information, product information, and the like to the tokenization server 40 in addition to the alternative ID and the settlement request amount, as necessary in the settlement processing by the settlement server 50. Is sent from the tokenization server 40 to the settlement server 50.

The condition data management unit 13a and the settlement possibility determination unit 13b may be individually embodied by various kinds of hardware such as a plurality of CPUs and memories such as RAMs and software for making them function, or It may be embodied by software that provides a plurality of functions to one piece of hardware.
[Construction of condition data]
With reference to FIG. 2, the correspondence between the alternative ID in the condition data 12a and the settlement permission condition will be described.
As shown in FIG. 2, in the condition data 12a, one upper limit amount and one settlement possible period are associated with one substitution ID as a settlement permission condition.

  For example, in the alternative ID of “1234-3333-5678-7777”, a possible settlement period indicating “9:00 on July 12 to 20:00 on July 12” and an upper limit amount indicating “30,000 yen” are included. Are associated. Further, the alternative ID “6388-5689-9999-0011” includes a settable period indicating “9:00 from July 12 to 20:00 on July 12” and an upper limit amount indicating “15,000 yen”. Are associated with each other. That is, when a payment request is made for the alternative ID “1234-3333-5678-7777”, the payment request time is included in the period from “July 12, 9:00 to July 12, 20:00”. If the total settlement request amount is equal to or less than "30,000 yen", the settlement is permitted. Further, when a settlement request is made for the alternative ID “6388-5689-9999-0011”, the settlement request time is included in the period from “July 12, 9:00 to July 12, 20:00”. If the total settlement request amount is equal to or less than "15,000 yen", the settlement is permitted.

The different alternative IDs may be associated with different upper limit amounts or settlement possible periods, or may be associated with the same upper limit amount or settlement possible period.
As described above, in the condition data 12a, the settlement permission condition is associated with each of the plurality of alternative IDs.

  Further, the plurality of alternative IDs included in the condition data 12a may include a plurality of alternative IDs associated with the same credit card number. Each of the plurality of alternative IDs associated with the same credit card number may be associated with a different upper limit amount or settlement possible period, or may be associated with the same upper limit amount or settlement possible period. May be.

[Processing procedure of payment system]
A procedure for performing settlement by the settlement system according to the first embodiment will be described. The processing by the payment system includes the processing of registering the alternative ID and the payment permission condition and the processing of paying the price.

  First, a procedure for registering an alternative ID and a settlement permission condition will be described with reference to FIG. The registration of the alternative ID and the settlement permission condition is performed, for example, at the entrance of the event site or the like before the user participates in the event. The registration uses the registration terminal 20, the credit card 60, and the IC tag 70. The credit card 60 is a credit card owned by the user, and is a credit card used for payment for an event. The IC tag 70 is distributed to the user at the event site.

  As shown in FIG. 3, when the credit card 60 is passed through the credit card information reading unit of the registration terminal 20, the registration terminal 20 reads the credit card information (step S10). The registration terminal 20 requests the user to input card authentication information to the registration terminal 20. The card authentication information is, for example, a password of the credit card 60.

  The registration terminal 20 transmits the read credit card information and the card authentication information input to the registration terminal 20 to the payment server 50, and the credit card corresponding to the credit card information, that is, the credit card 60 is available. A request is made to determine whether or not this is the case (step S11).

  The payment server 50 determines whether or not the credit card 60 is available based on the credit card information and the card authentication information received from the registration terminal 20, and transmits the determination result to the registration terminal 20 (Step S12). ). That is, the payment server 50 checks the card authentication information using the information stored in the payment server 50, and determines whether the time when the determination is requested is within the expiration date or the time when the determination is requested. It is determined whether or not the credit card 60 can be used by determining whether or not the amount of use in has not reached the usage limit.

  When the registration terminal 20 receives the determination result indicating that the credit card 60 is available from the settlement server 50, the registration terminal 20 transmits the credit card number to the tokenization server 40 and requests generation of an alternative ID (Step S13). . When the registration terminal 20 receives the determination result indicating that the credit card 60 cannot be used from the settlement server 50, the registration terminal 20 displays the fact on the display unit, and the credit card 60 is used. Notify users that they cannot.

  The tokenization server 40 generates an alternative ID for the credit card number received from the registration terminal 20 (Step S14). The alternative ID is associated with the credit card number in the tokenization server 40. The tokenization server 40 transmits the generated alternative ID to the registration terminal 20 (Step S15).

  Upon receiving the alternative ID, the registration terminal 20 requests that the IC tag 70 be arranged in the unit for writing information to the IC tag in the registration terminal 20. Then, the registration terminal 20 transmits the alternative ID to the IC tag 70, and stores the alternative ID in the IC tag 70 (Step S16).

The registration terminal 20 requests the user to input a condition included in the settlement permission condition to the registration terminal 20. Specifically, the registration terminal 20 requests the input of the upper limit amount. When the user operates the operation unit of the registration terminal 20, the upper limit is input to the registration terminal 20 (step S17). Note that the registration terminal 20 restricts the input of the upper limit amount so that the upper limit amount does not exceed the usable amount of the credit card 60. Whether or not the upper limit does not exceed the available amount may be determined by the registration terminal 20 acquiring necessary information from the settlement server 50.
The registration terminal 20 transmits the alternative ID received from the tokenization server 40 and the input upper limit to the information management server 10 (Step S18).

  The condition data management unit 13a of the information management server 10 associates the alternative ID received from the registration terminal 20 with the settlement permission condition including the upper limit amount and the settlement possible period, and stores it in the storage unit 12 as the condition data 12a. (Step S19). The settlement possible period is stored in the storage unit 12, and the condition data management unit 13a may acquire the settlement possible period from the storage unit 12. Alternatively, the settlement possible period may be stored in the registration terminal 20 and transmitted to the information management server 10 together with the alternative ID and the upper limit amount. That is, the condition data management unit 13a may acquire the settlement possible period from the registration terminal 20 via the communication unit 11. Thereby, the alternative ID and the settlement permission condition are registered in the information management server 10.

Note that the settlement possible period may also be input to the registration terminal 20 through the operation of the operation unit by the user, and transmitted from the registration terminal 20 to the information management server 10. All of the settlement permission conditions may be transmitted from the registration terminal 20 to the information management server 10, all of them may be stored in the storage unit 12, or some of the settlement permission conditions may be transmitted from the registration terminal 20. The remaining part of the settlement permission condition transmitted to the information management server 10 may be stored in the storage unit 12. That is, all of the conditions included in the settlement permission condition may be external acquisition conditions, not all of them may be external acquisition conditions, or some may be external acquisition conditions.
Further, after the substitution ID and the like are transmitted from the registration terminal 20 to the information management server 10, the substitution ID may be written to the IC tag 70.

  Note that by repeating the processing of steps S10 to S19 using one credit card 60, a plurality of alternative IDs associated with the same credit card number and a plurality of alternative IDs The condition data 12a including the attached settlement permission condition is constructed. When one credit card 60 is used, the processes after step S13 may be repeated for the second and subsequent processes. In these cases, the registration terminal 20 sets the upper limit amount so that the total of the upper limit amounts associated with each of the plurality of alternative IDs associated with the same credit card number does not exceed the available amount of the credit card 60. Restrict input.

  Next, with reference to FIG. 4, a description will be given of a procedure of payment of a price performed when a user purchases a product or service at a store in an event venue. For payment, the payment terminal 30 and the IC tag 70 are used. The user participates in the event by carrying the IC tag 70 storing the alternative ID, and purchases a product or the like.

  As shown in FIG. 4, when a user who intends to pay for a product or the like holds the IC tag 70 over a reading unit of the payment terminal 30 for reading information from the IC tag, the payment terminal 30 is replaced with the IC tag 70. The ID is read (step S20).

The payment request amount is input to the payment terminal 30 through the operation of the operation unit of the payment terminal 30 (step S21). Note that the substitution ID may be read after the settlement request amount is input.
The payment terminal 30 transmits the alternative ID and the settlement request amount to the information management server 10 (Step S22).

  Based on the communication unit 11 of the information management server 10 receiving the alternative ID and the payment request amount from the payment terminal 30, the payment availability determination unit 13b receives the alternative ID and the payment request amount and acquires the payment request information. I do. The settlement possibility determination unit 13b specifies a settlement permission condition associated with the received alternative ID in the condition data 12a (Step S23).

  Then, the settlement possibility determination unit 13b determines whether the specified settlement permission condition is satisfied using the acquired settlement request information (step S24). That is, the settlement possibility determination unit 13b determines whether the settlement request time is included in the settlement possible period specified by the condition data 12a. Further, the settlement possibility determination unit 13b calculates the total settlement request amount using the accepted settlement request amount, the accepted substitution ID and the settlement request history associated with the history data 12b, and calculates the settlement request total amount. It is determined whether or not the amount is equal to or less than the upper limit amount specified in the condition data 12a.

  When determining that the settlement permission condition is satisfied, the settlement possibility determination unit 13b associates the alternative ID received in the current settlement request with at least the settlement request amount of the information on the current settlement request. Is stored in the storage unit 12 as the history data 12b (step S25).

  Further, when determining that the payment permission condition is satisfied, the payment availability determination unit 13b associates the substitute ID received in the current payment request with the payment request amount received in the current payment request, and performs communication. It is transmitted to the tokenization server 40 via the unit 11 (step S26). Note that the settlement possibility determination unit 13b may register the history data 12b after transmitting the alternative ID and the settlement request amount to the tokenization server 40.

  The tokenization server 40 specifies the substitute ID received from the information management server 10 and the credit card number associated with the tokenization server 40 (Step S27). Then, the tokenizing server 40 transmits the specified credit card number and the settlement request amount received from the information management server 10 to the settlement server 50 (Step S28).

  The settlement server 50 performs a settlement process for the credit card 60 based on the credit card number and the settlement request amount received from the tokenization server 40 (Step S29).

  When determining that the payment permission condition is not satisfied, the payment availability determination unit 13b notifies the payment terminal 30 that the payment is not permitted. In response, the payment terminal 30 displays on the display unit that the payment is not permitted, and notifies the user.

  Further, the transmission of the substitute ID and the settlement request amount from the information management server 10 to the tokenization server 40 may not be performed each time the settlement permission / non-permission determination unit 13b determines that the settlement permission condition is satisfied. For example, the information management server 10 and the tokenization server 40 collectively transmit, at regular intervals, an alternative ID and a settlement request amount in a settlement request determined to be allowed to be settled within that period. Is also good. In short, the settlement request amount when it is determined that the settlement permission condition is satisfied is associated with the alternative ID associated with the settlement permission condition used in the determination of the settlement possibility in the condition data 12a. Output.

[Action]
The operation of the first embodiment will be described. In the settlement system of the first embodiment, an alternative ID is stored in the information management server 10 in place of the credit card number, and the information management server 10 and the payment terminal 30 exchange the alternative ID when paying the price. No credit card numbers will be given or received.

  As described above, the information management server 10, which is a server that determines whether payment is permitted in response to a payment request from the payment terminal 30, that is, a server that performs processing accompanying payment, is provided with , An alternative ID is stored together with a settlement permission condition, which is information used for processing that accompanies, and a credit card number is not stored. Therefore, as compared with the case where the credit card number is stored in such a server, the outflow of the credit card number is suppressed, and the security for the use of the credit card is enhanced. Further, at the time of payment, there is no need to input the credit card number to the payment terminal 30, so that the flow of the credit card number from the terminal used at the store at the time of payment can be suppressed.

  Also, since the alternative ID is stored in the IC tag 70 carried by the user and the credit card number is not stored, even if the IC tag 70 is lost, the leakage of the credit card number is suppressed. Furthermore, since the payment can be made by carrying the IC tag 70, the risk of losing the credit card is reduced, and the labor for the user to remove cash and cards from the wallet is also reduced.

  Since the range of use of the IC tag 70 is limited to a limited situation such as in an event venue, the communication standard to which the IC tag 70 conforms is not particularly limited, and the IC tag 70, the registration terminal 20 and the payment terminal It is sufficient that the same communication standard is used for the communication protocol 30 and the communication protocol 30. Therefore, since the degree of freedom in selecting a communication standard is increased, the cost required for introducing a settlement system can be suppressed.

  In the first embodiment, the information management server 10 stores a settlement permission condition for each alternative ID, and determines whether the settlement is permitted according to the settlement permission condition for each alternative ID. Therefore, it is possible to set detailed conditions for settlement by credit card for each alternative ID, and to proceed with settlement based on such conditions. Specifically, a fine unit different from the expiration date in the credit card contract, for example, a settable period in units of days or minutes is set, and a fine unit different from the usage limit in the above contract, for example, 1,000 yen The maximum amount in units is set. As a result, the user can obtain temporary settlement means that can be used up to the maximum amount within the settlement possible period. By limiting the period and the amount of money permitted for settlement, even if an illegal settlement is performed due to the loss or theft of the IC tag 70, the disadvantage to the user is kept small. In addition, since the amount of money permitted for settlement is limited, the user is prevented from using too much money.

  The external acquisition condition among the settlement permission conditions is a condition transmitted from the registration terminal 20 to the information management server 10, and the registration terminal 20 can set the external acquisition condition. Specifically, the user can arbitrarily determine the upper limit amount. Therefore, the degree of freedom in setting the settlement permission condition is increased.

  The above-described association between the alternative ID and the settlement permission condition in the information management server 10 is performed when the information management server 10 receives the alternative ID from the registration terminal 20. Therefore, the alternative ID and the settlement permission condition are registered in a simple procedure, and the temporary settlement means can be used. For example, even if an event participant does not register in advance before the event, but registers an alternative ID and a payment permission condition using an already owned credit card at the event site, temporary registration is possible. The use of the settlement means can be started. Therefore, for example, a user who is complicated to perform procedures in advance, such as a visitor from abroad, can easily obtain a temporary settlement means.

  As described above, by using the settlement system according to the first embodiment, the user can easily and temporarily store the medium without requiring prior registration, management of a medium such as a card for a long period of time, and payment processing. Payment means can be obtained. In addition, a credit card can be used in the settlement system of the first embodiment by associating it with an alternative ID regardless of the type.

  As described above, even if a preliminary examination or the like is not performed at the time of registering the alternative ID and the settlement permission condition, at the time of registration, the credit card 60 presented by the user is authenticated using the card authentication information. It is possible to confirm the identity of the user at the time of payment by card. Further, since the settlement means provided by the settlement system is a temporary settlement means with a limited settlement period and an upper limit amount, even if the settlement means is illegally used, as described above, The disadvantages are kept small.

  In addition, an alternative ID is generated for each user for the same credit card number, and the settlement permission condition corresponds to each of the plurality of alternative IDs associated with the same credit card number in the condition data 12a. In the attached configuration, the settlement using one credit card can be used by a plurality of users such as family members. Also, different settlement permission conditions can be imposed on each of the settlements by the plurality of users. For example, different upper limit amounts can be set as the settlement permission conditions associated with the alternative IDs for each user. Therefore, even when one credit card is used for payment, it is possible to set detailed conditions for each user and proceed with payment based on these conditions. Therefore, user convenience is enhanced.

  The information associated with the settlement permission condition in the information management server 10 is unique information, and in the first embodiment, the unique information includes only alternative information. Further, the information transmitted from the payment terminal 30 to the information management server 10 together with the settlement request amount and used for specifying the settlement permission condition in the condition data 12a is the collation information. In the first embodiment, the collation information is substitute information. is there. That is, the collation information is information included in the unique information.

As described above, according to the first embodiment, the following effects can be obtained.
(1) As a process that accompanies the settlement, the information management server 10 that determines whether the settlement is permitted has a credit card number along with a settlement permission condition that is information used for a process that accompanies the settlement. Is stored, and the credit card number is not stored. Therefore, as compared with the case where the credit card number is stored in the information management server 10, the outflow of the credit card number is suppressed, and the security for using the credit card is enhanced. Further, since the unique information and the settlement permission condition are associated with each other in the condition data 12a, it is possible to set the settlement permission condition for each unique information, that is, for each alternative ID.

  (2) The settlement permission condition includes a settlement possible period, and the settlement request information includes a settlement request time. That is, when the situation when the settlement is requested satisfies the condition for the period during which the settlement is permitted, specifically, when the settlement request time is included in the settlement available period, the settlement is permitted. You. Therefore, the period during which the settlement is permitted can be limited.

  (3) The settlement permission condition includes the upper limit amount, and the settlement request information includes the settlement request amount. That is, the settlement is permitted when the status of the amount requested to be settled satisfies the condition of the upper limit amount for which the settlement is permitted. Therefore, the amount of money permitted for settlement can be limited.

  Specifically, when it is determined that the settlement permission condition is satisfied, the settlement request amount is stored as the history data 12b in association with the substitute ID. Then, when accepting the new settlement request amount and the alternative ID, the settlement possibility determination unit 13b determines the total amount of the amount associated with the alternative ID and the history data 12b and the new settlement request amount. It is determined whether or not the settlement permission condition is satisfied by determining whether or not the amount is equal to or less than the upper limit amount. That is, as a determination as to whether or not the settlement permission condition is satisfied, the total amount of the amount permitted to be settled by the current settlement request and the settlement request amount in the current settlement request is the upper limit for which settlement is permitted. It is determined whether or not the amount is equal to or less than the amount. Therefore, it is determined whether or not the upper limit of the amount permitted for settlement including the past usage status is satisfied, so that the amount of money permitted for settlement is appropriately restricted.

  (4) At least some of the conditions included in the settlement permission condition are external setting conditions received by the information management server 10 from the registration terminal 20. That is, since at least a part of the conditions included in the settlement permission condition are conditions set by a device outside the information management server 10, the degree of freedom in setting the settlement permission condition is increased.

  (5) In the condition data 12a, a settlement permission condition is associated with each of the plurality of alternative IDs, and the plurality of alternative IDs include different alternative IDs associated with the same credit card number. According to such a configuration, the settlement using one credit card can be used by a plurality of users. It is also possible to impose different settlement permission conditions on each of such settlements by a plurality of users.

  (6) Since the alternative ID indicates a sequence including the token, the alternative information may be temporarily deleted from the information management server 10 as compared with the case where the alternative information is information in which the credit card number is encrypted. In addition, the calculation of the credit card number based on the substitute information is suppressed. Therefore, security against credit card use is particularly enhanced.

(2nd Embodiment)
A second embodiment of the information management server and the payment system will be described with reference to FIGS. The settlement system of the second embodiment differs from the settlement system of the first embodiment in information associated with the condition data 12a in the information management server 10, and differs in processing using such information. In the following, description will be made focusing on differences from the first embodiment, and the same components as those in the first embodiment will be denoted by the same reference numerals and description thereof will be omitted.

[Configuration of payment system]
In the second embodiment, the registration terminal 20 has a function of reading biometric information such as a fingerprint, an iris, and a vein that can be used for biometric authentication. Biometric information is an example of authentication information unique to each user. When registering the alternative ID in the information management server 10, the registration terminal 20 transmits the alternative ID, the external acquisition condition included in the settlement permission condition, and the biometric information of the user to the information management server 10.

  Further, the registration terminal 20 transmits the alternative ID and the biometric information to the information management server 10 and requests transmission of the settlement permission condition and the settlement request history, or prohibition of the process using the settlement permission condition.

  The payment terminal 30 has a function of reading biological information, like the registration terminal 20. As a result of the payment request, the payment terminal 30 receives a notification from the information management server 10 that the payment permission condition is not satisfied because the total payment request amount exceeds the upper limit amount and the payment is not permitted. The input of the information and the new upper limit is accepted, and the input biometric information and the new upper limit are transmitted to the information management server 10.

  The condition data management unit 13a of the information management server 10 stores the alternative ID and biometric information received by the communication unit 11 from the registration terminal 20 in the storage unit 12 in association with the settlement permission condition, and constructs the condition data 12a. . That is, in the second embodiment, in the condition data 12a, the alternative ID, the biological information, and the settlement permission condition are associated with each other.

  When the communication unit 11 receives the biometric information and the new upper limit amount from the payment terminal 30, the condition data management unit 13a uses the condition data 12a to correspond to the received biometric information and the alternative ID received in the current settlement request. Check with the attached biometric information. When the condition data management unit 13a determines that these pieces of biometric information match, the condition data management unit 13a receives, from the payment terminal 30, the upper limit amount associated with the alternative ID received in the current settlement request in the condition data 12a. Change to a new maximum amount. That is, the condition data management unit 13a accepts a change in the upper limit amount when the settlement possibility determination unit 13b determines that the settlement permission condition is not satisfied because the upper limit amount is exceeded.

  Further, when the communication unit 11 receives the alternative ID and the biometric information from the registration terminal 20 and the communication terminal 11 requests the registration terminal 20 to transmit the settlement permission condition, the condition data management unit 13a The biometric information and the settlement permission condition associated with the received alternative ID in the condition data 12a are specified. Then, the condition data management unit 13a checks the biometric information received from the registration terminal 20 against the biometric information specified by the condition data 12a, and when it is determined that the biometric information matches, the specified payment permission The conditions are transmitted to the registration terminal 20 via the communication unit 11.

  Further, when the communication unit 11 receives the alternative ID and the biometric information from the registration terminal 20 and the registration terminal 20 requests transmission of the settlement request history, the condition data management unit 13a The biological information associated with the received alternative ID in the condition data 12a is specified. Then, the condition data management unit 13a checks the biometric information received from the registration terminal 20 against the biometric information specified by the condition data 12a. When the condition data management unit 13a determines that these pieces of biometric information match each other, the condition data management unit 13a specifies a payment request history associated with the alternative ID received from the registration terminal 20 in the history data 12b, and stores the specified payment request history. , To the registration terminal 20 via the communication unit 11.

  When the communication unit 11 receives the biometric information from the registration terminal 20 and the registration terminal 20 requests the prohibition of the process using the payment permission condition, the condition data management unit 13a stores the condition data 12a in the condition data 12a. From the included biometric information, the biometric information determined to match the biometric information received from the registration terminal 20 is specified. Then, the process using the settlement permission condition associated with the specified biometric information in the condition data 12a is prohibited. That is, the determination by the settlement possibility determining unit 13b using the settlement permission condition and the change of the settlement permission condition are prohibited. Specifically, the condition data management unit 13a may delete the settlement permission condition or the alternative ID in the condition data 12a as the process for prohibiting the process using the settlement permission condition, or may set the settlement permission condition in the condition data 12a. The information indicating that the settlement permission condition and the alternative ID are invalid and cannot be used for processing may be added to the or ID.

As described above, in the second embodiment, the condition data management unit 13 a functions as an authentication unit, and when receiving a request for a predetermined process from the registration terminal 20 or the payment terminal 30, the condition data management unit 13 a The execution of the predetermined process is permitted based on the confirmation of the coincidence with the biological information included in the condition data 12a. As described above, the predetermined processing includes changing the payment permission condition, transmitting the payment permission condition and the payment request history, and prohibiting the processing using the payment permission condition. A well-known biometric authentication technique may be used for biometric information collation.
[Construction of condition data]
With reference to FIG. 5, the correspondence between the alternative ID, the biometric information and the settlement permission condition in the condition data 12a will be described.

  As shown in FIG. 5, in the condition data 12a, one substitute ID is associated with one piece of biometric information. One alternative ID and one piece of biometric information are associated with one upper limit and one settlement period as a settlement permission condition.

  For example, an alternative ID of “1234-3333-5678-7777”, biometric information indicating “fingerprint A”, a settlement possible period indicating “9:00 on July 12 to 20:00 on July 12,” and “3 And the upper limit amount indicating “10,000 yen”.

  The different alternative IDs are associated with different biometric information. The condition data 12a includes a plurality of sets of one alternative ID and one biometric information, and each of these sets may be associated with a different upper limit amount or settlement possible period, or may have the same upper limit. An amount and a settlement possible period may be associated with each other.

[Processing procedure of payment system]
A procedure for performing settlement by the settlement system according to the second embodiment will be described. The processing by the settlement system used the processing of registering the alternative ID, biometric information, and settlement permission conditions, the processing of payment of the price, the processing of confirming the settlement permission conditions and the settlement request history, and the settlement permission conditions. And a process for prohibiting the process.
First, a procedure for registering an alternative ID, biometric information, and a settlement permission condition will be described with reference to FIG.

The procedure for registering the alternative ID, the biometric information, and the payment permission condition is the same as the procedure for registering the alternative ID and the payment permission condition in the first embodiment, and until the registration terminal 20 acquires the alternative ID from the tokenization server 40. Is the same. That is, also in the second embodiment, confirmation that the credit card 60 can be used and acquisition of the alternative ID are performed in the same procedure as in steps S10 to S15 shown in FIG. The process after the registration terminal 20 acquires the alternative ID from the tokenization server 40 will be described with reference to FIG.
As shown in FIG. 6, upon receiving the alternative ID, the registration terminal 20 transmits the alternative ID to the IC tag 70, and stores the alternative ID in the IC tag 70 (step S30).

  The registration terminal 20 requests the user to input biometric information to the registration terminal 20. When the user performs a predetermined operation such as putting a finger on the reading unit of the biometric information in the registration terminal 20 when the biometric information is information indicating a fingerprint, the registration terminal 20 The information is read, and biometric information is input to the registration terminal 20 (Step S31).

  The registration terminal 20 requests the user to input a condition included in the settlement permission condition to the registration terminal 20. Specifically, the registration terminal 20 requests the input of the upper limit amount. When the user operates the operation unit of the registration terminal 20, the upper limit is input to the registration terminal 20 (step S32). Note that the input of the settlement permission condition may be performed before the input of the biological information.

  The registration terminal 20 transmits the alternative ID received from the tokenization server 40, the input biometric information and the upper limit amount to the information management server 10 (Step S33).

  The condition data management unit 13a of the information management server 10 associates the alternative ID and the biometric information received from the registration terminal 20 with the settlement permission condition including the upper limit amount and the settlement possible period, and stores the data in the storage unit 12 as the condition data 12a. It is stored (step S34). As a result, the alternative ID, the biometric information, and the settlement permission condition are registered in the information management server 10. Note that the replacement ID may be written to the IC tag 70 after the registration terminal 20 transmits the replacement ID or the like to the information management server 10.

  Next, a procedure for payment of the price will be described with reference to FIG. Hereinafter, a description will be given of a process performed when it is determined that the settlement permission condition is not satisfied because the total settlement request amount exceeds the upper limit amount.

  As shown in FIG. 7, the processing of steps S40 to S44 is the same as the processing of steps S20 to S24 of FIG. 4 described in the first embodiment.

  Here, it is assumed that in the process of step S44, the settlement possibility determination unit 13b determines that the settlement permission condition is not satisfied because the settlement request total amount exceeds the upper limit amount. At this time, the settlement possibility determination unit 13b transmits to the payment terminal 30 a notification that the settlement is not permitted because the total settlement request amount exceeds the upper limit amount (Step S45).

  The payment terminal 30 that has received the notification displays on the display unit that the settlement is not permitted because the total settlement request amount exceeds the upper limit amount, notifies the user, and determines whether to change the upper limit amount. Ask the user for a choice. When the change of the upper limit is selected, the payment terminal 30 requests the user to input the biometric information to the registration terminal 20. The payment terminal 30 reads the biometric information of the user when the user performs a predetermined operation on the reading unit of the biometric information in the payment terminal 30, and the biometric information is input to the payment terminal 30 (step S46).

  Further, the payment terminal 30 requests the user to input a new upper limit amount, and the user operates the operation unit, so that the new upper limit amount is input to the payment terminal 30 (step S47). The new upper limit is higher than the upper limit stored in the information management server 10 as the condition data 12a. Note that the input of the new upper limit may be performed before the input of the biological information.

  The payment terminal 30 transmits the input biometric information and the new upper limit to the information management server 10 (Step S48). This requires the information management server 10 to change the upper limit amount.

  In the information management server 10, when the communication unit 11 receives the biometric information and the new upper limit from the payment terminal 30, the condition data management unit 13a transmits the received biometric information and the settlement permission condition specified in step S43. Authentication processing is performed by collating with the biological information associated with the condition data 12a (step S49). In other words, the condition data management unit 13a matches the biometric information received from the payment terminal 30 with the biometric information associated with the alternative ID received from the payment terminal 30 along with the settlement request amount in the condition data 12a. It is determined whether or not.

  When the authentication is established, that is, when it is determined that the biometric information matches, the condition data management unit 13a sets the upper limit amount associated with the alternative ID received from the payment terminal 30 together with the settlement request amount in the condition data 12a. That is, the upper limit amount specified in step S43 is changed to a new upper limit amount (step S50). When the authentication is not established, that is, when it is determined that the biometric information does not match, a notification that the authentication is not established is transmitted from the information management server 10 to the payment terminal 30.

  Thereafter, the same processes as those in steps S24 to S29 of FIG. 4 described in the first embodiment are performed. That is, the settlement possibility determination unit 13b determines whether the settlement permission condition including the changed upper limit amount is satisfied, and when it is determined that the settlement permission condition is satisfied, the alternative ID and the settlement request amount are determined. Is stored in the storage unit 12 as the history data 12b and transmitted to the tokenization server 40. Then, the credit card number corresponding to the alternative ID and the settlement request amount are transmitted from the tokenization server 40 to the settlement server 50, and the settlement server 50 performs the settlement processing.

  In the above procedure, the biological information and the new upper limit are transmitted to the information management server 10 at one time, but these information may be transmitted in order. That is, first, the biometric information is transmitted from the payment terminal 30 to the information management server 10, the authentication process is performed by the information management server 10, and the payment terminal 30 is notified that the authentication has been established. A new upper limit may be transmitted to the information management server 10 to change the upper limit in the condition data 12a.

  Next, a procedure for confirming the settlement permission condition and the settlement request history will be described with reference to FIG. Confirmation of the settlement permission condition and the settlement request history is performed, for example, when the user wants to confirm the upper limit amount, the amount permitted for settlement, and the like while participating in the event. FIG. 8 shows a procedure for confirming the settlement permission condition.

  As shown in FIG. 8, the registration terminal 20 reads the alternative ID from the IC tag 70 by the user holding the IC tag 70 over a reading unit of the registration terminal 20 for reading information from the IC tag (step S60).

In addition, when the user performs a predetermined operation on the biometric information reading unit of the registration terminal 20, the registration terminal 20 reads the biometric information of the user, and the biometric information is input to the registration terminal 20. (Step S61). The input of the biometric information may be performed before the reading of the alternative ID.
The registration terminal 20 transmits the acquired alternative ID and biometric information to the information management server 10, and requests transmission of the settlement permission condition (Step S62).

  Upon receiving a request for transmission of the settlement permission condition from the registration terminal 20, the condition data management unit 13a of the information management server 10 transmits the biometric information and the payment associated with the alternative ID received from the registration terminal 20 in the condition data 12a. The permission condition is specified (step S63). The condition data management unit 13a performs the authentication process by comparing the biometric information received from the registration terminal 20 with the specified biometric information (step S64).

  When the authentication is established, that is, when it is determined that the biometric information matches, the condition data management unit 13a transmits the specified settlement permission condition to the registration terminal 20 via the communication unit 11 (Step S65). When the authentication is not established, that is, when it is determined that the biometric information does not match, a notification that the authentication is not established is transmitted from the information management server 10 to the registration terminal 20.

  Upon receiving the payment permission condition from the information management server 10, the registration terminal 20 displays the payment permission condition on the display unit (Step S66). Thereby, the user can confirm the settlement possible period and the upper limit amount.

  Note that the registration terminal 20 may request the information management server 10 to transmit a part of the settlement permission condition, for example, only the upper limit amount, and the information management server 10 may transmit the condition according to the request to the registration terminal 20. Good. Which condition the registration terminal 20 requests to transmit may be selected by the user and specified through the operation unit of the registration terminal 20.

  Further, in the above-described procedure, the alternative ID and the biometric information are transmitted to the information management server 10 at once, but these information may be transmitted in order. That is, first, the substitute ID is transmitted from the payment terminal 30 to the information management server 10, and after the biometric information and the settlement permission condition are specified by the information management server 10, the input of the biometric information to the registration terminal 20 is requested, The biometric information may be transmitted from the registration terminal 20 to the information management server 10 to perform the authentication processing.

  In the process of step S62, the registration terminal 20 requests the information management server 10 to transmit the settlement request history instead of the settlement permission condition, whereby the settlement request history can be confirmed. In this case, the condition data management unit 13a compares the biometric information received from the registration terminal 20 with the biometric information associated with the alternative ID received from the registration terminal 20 in the condition data 12a, thereby performing the authentication process. I do. Then, when the authentication is established, the condition data management unit 13a transmits to the registration terminal 20 the settlement request history associated with the alternative ID received from the registration terminal 20 in the history data 12b. The registration terminal 20 displays the settlement request history on the display unit, so that the user can check the amount of money for which settlement has been permitted up to that point. Note that the registration terminal 20 may request the information management server 10 to transmit only a part of the settlement request history, and the information management server 10 may transmit the information corresponding to the request to the registration terminal 20.

  Whether the registration terminal 20 requests the information management server 10 to transmit the payment permission condition or the payment request history may be selected by the user and specified through the operation unit of the registration terminal 20. Further, the registration terminal 20 may request the information management server 10 to transmit both the settlement permission condition and the settlement request history.

  In the above-described procedure, the payment permission condition and the payment request history are confirmed through the input of the alternative ID and the biometric information to the registration terminal 20, but the payment terminal 30 is used instead of the registration terminal 20. Is also good. Further, a terminal different from the registration terminal 20 and the payment terminal 30 and having a function of reading information from an IC tag and a function of reading biometric information is used for confirming settlement permission conditions and settlement request history. You may.

  Next, a procedure for prohibiting the process using the settlement permission condition will be described with reference to FIG. The prohibition of the process using the settlement permission condition is performed when the user loses the IC tag 70 at the event site and wants to prevent a third party from using the IC tag 70 for illegal settlement. .

  As shown in FIG. 9, when the user performs a predetermined operation on the biometric information reading unit of the registration terminal 20, the registration terminal 20 reads the biometric information of the user, and Information is input (step S70).

  The registration terminal 20 transmits the input biometric information to the information management server 10 and requests prohibition of the process using the payment permission condition (Step S71). Requesting the registration terminal 20 to prohibit the process using the settlement permission condition is performed based on, for example, input to the registration terminal 20 through the operation unit that the user requests such a process.

  When a request to prohibit processing using the settlement permission condition is received from the registration terminal 20, the condition data management unit 13a of the information management server 10 determines the biometric information received from the registration terminal 20 from the biometric information included in the condition data 12a. The biological information determined to match with is specified (step S72). Then, the condition data management unit 13a performs a process of prohibiting the process using the settlement permission condition associated with the specified biometric information and the condition data 12a (step S73).

  In the above-described procedure, the processing using the payment permission condition is prohibited through the input of the biometric information to the registration terminal 20, but the payment terminal 30 may be used instead of the registration terminal 20. Further, a terminal different from the registration terminal 20 and the payment terminal 30 and having a function of reading biometric information may be used to prohibit processing using the payment permission condition.

[Action]
The operation of the second embodiment will be described. In the settlement system of the second embodiment, the settlement permission condition in the condition data 12a is changed. Therefore, the degree of freedom in setting the settlement permission condition is increased, and the condition can be changed according to the degree of use of the settlement, so that the convenience of the user is improved.

  In particular, when it is determined that the settlement permission condition is not satisfied due to exceeding the upper limit amount, the upper limit amount can be changed, so in a situation where the user often wants to change the upper limit amount, the upper limit amount is increased. Is possible. Therefore, the convenience of the user is further enhanced.

  In the settlement system according to the second embodiment, the alternative ID, the biometric information, and the settlement permission condition are associated with each other in the condition data 12a, and the biometric information is used before each processing performed by the information management server 10. Authentication processing is performed. In other words, prior to these processes, it is confirmed that the user who requests each process is the person who registered the biometric information, and thus each process is a process in which the user himself / herself has been approved. It is confirmed that. Therefore, security for the execution of the process performed by the information management server 10 is enhanced.

  The processing performed after such authentication includes transmission of the payment permission condition and the payment request history to the registration terminal 20 and the payment terminal 30. Since the user can confirm the settlement permission condition and the settlement request history, the user can purchase a product or service while referring to such information. Therefore, user convenience is enhanced.

Further, even when the alternative ID is unknown due to the loss of the IC tag 70, the alternative ID and the settlement permission condition associated with the biometric information can be specified by comparing the biometric information. Then, by prohibiting the process using the specified settlement permission condition, it is possible to prevent the lost IC tag 70 from being illegally used and performing the settlement.
In the second embodiment, the unique information includes alternative information and authentication information. Also in the second embodiment, the collation information is substitute information.

As described above, according to the second embodiment, the following effects can be obtained in addition to the effects (1) to (6) of the first embodiment.
(7) When the information management server 10 receives the alternative ID and the new settlement permission condition, that is, when it receives the new external acquisition condition, the external acquisition associated with the alternative ID in the condition data 12a. The condition is changed to a new external acquisition condition. According to such a configuration, the conditions included in the settlement permission condition can be changed, so that the degree of freedom in setting the settlement permission condition is increased.

  In particular, the external acquisition condition is an upper limit amount, and when it is determined that the settlement permission condition is not satisfied due to exceeding the upper limit amount, a change in the external acquisition condition is accepted. Therefore, when the situation of the amount requested for settlement corresponds to exceeding the upper limit amount, the upper limit amount can be increased, thereby improving the convenience for the user.

  (8) In the condition data 12a, the alternative ID, the biometric information, and the payment permission condition are associated with each other, and when the information management server 10 receives a request for a predetermined process from the registration terminal 20 or the payment terminal 30, Based on the fact that the biometric information received by the information management server 10 from the terminal matches the biometric information included in the condition data 12a, the execution of the predetermined process is permitted. According to such a configuration, the execution of the predetermined processing is allowed based on the confirmation of the match between the biological information received from outside the information management server 10 and the biological information stored in the information management server 10, The security for the execution of the process is enhanced.

  In particular, in the above-described predetermined processing, transmission of the settlement permission condition associated with the biometric information whose agreement has been confirmed and the condition data 12a to the registration terminal 20 or the payment terminal 30, change of the settlement permission condition, Since the prohibition of the process using the settlement permission condition is included, the security for the execution of these processes is enhanced.

(Modification)
Each of the above embodiments can be modified and implemented as follows.
In the second embodiment, besides the case where the total settlement request amount exceeds the upper limit amount, the upper limit amount in the condition data 12a may be changeable. For example, the registration terminal 20 transmits the alternative ID, the biological information, and the new upper limit amount input to the registration terminal 20 to the information management server 10, and requests a change in the upper limit amount. The condition data management unit 13a of the information management server 10 specifies the biometric information associated with the received alternative ID in the condition data 12a and the upper limit amount, checks the biometric information, and determines that the authentication has been established. Changes the specified upper limit to a new upper limit.
The condition that can be changed is not limited to the upper limit amount as long as the condition is included in the settlement permission condition.

  In the second embodiment, the processing performed through the authentication using the biometric information includes changing the payment permission condition, transmitting the payment permission condition and the payment request history, and prohibiting the processing using the payment permission condition. Any one of them or two of these processes may be used. Further, the processing performed through the authentication using the biometric information may include processing other than these processings, and may include, for example, determination of whether or not settlement is possible. In this case, at the time of the payment processing, the payment terminal 30 transmits the substitute ID, the biometric information, and the settlement request amount to the information management server 10, and the condition data management unit 13a of the information management server 10 transmits the received substitute ID. And the settlement permission condition is specified in the condition data 12a, and the biometric information is collated. Then, when the authentication is established, the settlement possibility determination unit 13b determines the settlement possibility using the specified settlement permission condition.

  In the second embodiment, the alternative ID may not be used for payment processing. That is, the payment terminal 30 transmits the biometric information and the payment request amount to the information management server 10, and the payment availability determination unit 13b of the information management server 10 determines that the condition data 12a matches the received biometric information. And the payment permission condition associated with the biological information. Then, the settlement possibility determination unit 13b determines the settlement possibility using the specified settlement permission condition. In this case, the verification information is biometric information, that is, authentication information.

  Similarly, when transmitting the payment permission condition to the registration terminal 20 or the payment terminal 30, the payment permission condition in the condition data 12a may be specified by the biological information without using the alternative ID.

  In such a case, since the IC tag 70 does not need to be used, the user can pay for the item without carrying the article. User convenience is enhanced. In addition, since there is no risk of losing the IC tag 70, the possibility of unauthorized payment can be reduced.

  The change of the payment permission condition and the transmission of the payment permission condition and the payment request history to the registration terminal 20 and the payment terminal 30 may be performed without performing the authentication using the biometric information. That is, in the first embodiment, the substitute ID is transmitted from the registration terminal 20 and a request for transmission of the settlement permission condition and the settlement request history is made, and the information management server 10 sets the settlement permission condition and the settlement request The history may be specified, and the information may be transmitted to the registration terminal 20. If the total payment request amount exceeds the upper limit amount, the new upper limit amount input to the payment terminal 30 is transmitted to the information management server 10, and the upper limit amount is changed without performing biometric information authentication. May be done.

  In the above-described embodiment, the date and time are indicated when the settlement is requested. However, the time when the settlement is requested may be any time when the settlement is requested. For example, the time may be indicated. Similarly, the settlement possible period may be a predetermined period, for example, not limited to a period from a specific time to a specific time in a day, but may be a period from a specific day to a specific day. There may be. In short, the information indicating the settlement request and the information indicating the settlement possible period may be defined so that it can be determined whether or not the settlement request period is included in the settlement possible period.

  -The conditions included in the settlement permission conditions are not limited to the settlement possible period and the maximum amount. For example, the settlement permission condition may include a store where settlement is possible. In this case, the information management server 10 acquires the store information as the payment request information from the payment terminal 30 at the time of the payment request, and determines whether or not the store indicated by the store information is a store that can perform the payment, thereby allowing the payment. It is determined whether the condition is satisfied. Note that the settlement permission condition may include only one of the settlement possible period and the upper limit amount, or may not include both the settlement possible period and the upper limit amount.

  In the second embodiment, the authentication information may be information unique to each user, and may be, for example, a personal identification number or a password, or may be settled when the user loses the IC tag 70. As long as the process using the condition is not prohibited, the identification information of the IC tag 70 stored in the IC tag 70 carried by the user may be used. However, in a configuration in which the authentication information is biometric information, it is possible to accurately identify the user at the time of the processing of the information management server 10, so that the security of the execution of the processing is appropriately enhanced.

  If the substitute information is information associated with a credit card number, the substitute information does not need to be information indicating a sequence including a token, and may be, for example, information in which a credit card number is encrypted.

  In each of the above embodiments, the example in which the payment system is used for payment in the event has been described, but the situation in which the payment system is used is not limited to this. The settlement system may be used, for example, to pay for a product or service at a leisure spot or the like. In particular, in a situation where there is a high risk of loss or theft of cash or a credit card, using the settlement system of each of the above embodiments is advantageous because such a risk can be reduced.

  DESCRIPTION OF SYMBOLS 10 ... Information management server, 11 ... Communication part, 12 ... Storage part, 12a ... Condition data, 12b ... History data, 13 ... Control part, 13a ... Condition data management part, 13b ... Payment possibility determination part, 20 ... Registration terminal, Reference numeral 30: payment terminal, 40: tokenization server, 50: settlement server, 60: credit card, 70: IC tag.

Claims (10)

A storage unit for storing data,
A receiving unit that receives unique information including alternative information associated with the credit card number and authentication information unique to each user ;
A registration unit that stores the unique information and a payment permission condition that is a condition under which the payment is permitted in the storage unit as condition data in association with each other;
From the terminal requesting the payment, the payment request amount, which is the amount required for the payment, and the substitute information are received as the collation information, and accordingly, the payment request information indicating the status of the required payment is obtained. An acquisition unit that performs
A determination unit that specifies the payment permission condition associated with the collation information in the condition data, and determines whether the specified payment permission condition is satisfied using the payment request information; ,
An output unit configured to output the settlement request amount when it is determined that the settlement permission condition is satisfied, in association with the alternative information associated with the specified settlement permission condition in the condition data; When,
Along with receiving from the terminal a request to prohibit processing using the settlement permission condition, when the receiving unit receives the authentication information input to the terminal, the receiving unit does not use the verification information. Based on confirming that the received authentication information and the authentication information included in the condition data match, the settlement permission condition associated with the confirmed authentication information in the condition data. An authentication unit that prohibits processing using
An information management server comprising: The information management server according to claim 1, wherein the settlement permission condition includes a period during which settlement is permitted, and the settlement request information includes a time when settlement is requested. The information management server according to claim 1, wherein the settlement permission condition includes an upper limit amount for which settlement is permitted, and the settlement request information includes the settlement request amount. The determination unit includes:
When it is determined that the settlement permission condition is satisfied, the settlement request amount is stored in the storage unit as history data in association with the substitute information,
When the acquisition unit receives the new payment request amount and the matching information, the replacement information included in the unique information including the matching information and the amount associated with the history data, 4. A determination as to whether or not the settlement permission condition is satisfied, by determining whether or not a total amount of the settlement request amount and the total amount is equal to or less than an upper limit amount at which the settlement is permitted. Information management server. The receiving unit receives at least a part of the conditions included in the settlement permission condition,
5. The storage unit according to claim 1, wherein the registration unit associates the unique information with the payment permission condition including an external acquisition condition, which is a condition received by the reception unit, and stores the condition information as the condition data in the storage unit. An information management server according to claim 1. The registration unit, when the receiving unit receives the unique information and the new external acquisition condition, sets the external acquisition condition associated with the unique information in the condition data to the new external acquisition condition. The information management server according to claim 5, wherein the information management server is changed to an acquisition condition. The external acquisition condition is an upper limit amount for which settlement is permitted,
The information management server according to claim 6, wherein the registration unit accepts a change in the external acquisition condition when the determination unit determines that the settlement permission condition is not satisfied due to the exceeding of the upper limit amount. In the condition data, the settlement permission condition is associated with each of the plurality of unique information, and the plurality of unique information includes different substitute information associated with the same credit card number. The information management server according to any one of claims 1 to 7 . The information management server according to any one of claims 1 to 8 , wherein the substitute information indicates a sequence including a token. A registration terminal that acquires substitute information associated with a credit card number, unique information including authentication information unique to each user, and an external acquisition condition included in a payment permission condition that is a condition under which payment is permitted. When,
A payment terminal that obtains a settlement request amount that is an amount required for settlement, and verification information that is the substitute information ,
An information management server connected to the registration terminal and the payment terminal via a network, comprising:
The information management server,
A storage unit for storing data,
A receiving unit that receives the unique information and the external acquisition condition from the registration terminal,
A registration unit that stores the unique information and the settlement permission condition in the storage unit as condition data in association with each other;
From the payment terminal, an acquisition unit that receives the settlement request amount and the collation information, and, along with this, acquires settlement request information indicating a situation where settlement is requested,
A determination unit that specifies the payment permission condition associated with the collation information in the condition data, and determines whether the specified payment permission condition is satisfied using the payment request information; ,
An output unit configured to output the payment request amount when it is determined that the payment permission condition is satisfied, in association with the alternative information associated with the specified payment permission condition in the condition data; When,
When the receiving unit receives the authentication information input to the terminal in response to receiving a request to prohibit processing using the payment permission condition from a terminal connected to the information management server, Without using the information, based on the authentication information received by the receiving unit, based on confirming the match with the authentication information included in the condition data, the authentication information that the match was confirmed in the condition data A payment unit comprising: an authentication unit that prohibits processing using the associated payment permission condition .