JP2021012640A - Financial transaction system, portable terminal, authentication module, and financial transaction method - Google Patents

Abstract

To provide a financial transaction system, a portable terminal, an authentication module, and a financial transaction method for allowing a financial transaction by using a personal authentication method with high security.SOLUTION: A financial transaction system 100 comprises: a portable terminal 1 including a camera 34; a personal authentication server 4; and a bank server 7 that performs financial transaction work. The portable terminal 1 includes: a face image acquisition unit 17 that acquires a face image of a user through the camera 34; a face image collation unit 18 that, when a login ID received by an input receiving unit 11 is included in a collation image storage unit 32 that stores the face image of the user acquired through the camera 34 during personal identification of the user as a collation image in association with the login ID, collates the collation image corresponding to the login ID with the face image of the user; a collation result transmission unit 19 that transmits a result of collation to the personal authentication server 4; and a transaction request unit 20 that transmits a transaction request including a result of authentication received from the personal authentication server 4 to the bank server 7.SELECTED DRAWING: Figure 1

Description

The present invention relates to financial transaction systems, mobile terminals, authentication modules and financial transaction methods.

Conventionally, financial institutions such as banks have provided services by so-called Internet banking, which provides services to customers via communication networks such as the Internet. In the Internet banking service, it is required to strictly confirm the identity of the customer by using a terminal owned by the customer such as a mobile terminal. Therefore, for example, it is considered to use biological information. As an example, a method of performing identity verification by face recognition using a face image stored in an IC card such as a driver's license and a face image of a customer who is an operator of a terminal is disclosed (for example, a patent document). 1).

In addition, there is a method of using a one-time password when conducting a transaction that requires the person to be the person more strictly, such as a fund transfer transaction. The user enters the one-time password on the input screen of the mobile terminal or the like, and if the entered one-time password is correct, the transaction becomes possible.

JP-A-2015-88080

Since the one described in Patent Document 1 uses the face image data stored in the chip of the IC card, the information terminal needs to be provided with a reader for reading the IC card.
Then, in the one described in Patent Document 1, face authentication using a face image is performed on the server side. Therefore, every time the service is used, biometric information represented by a facial image is transmitted via a communication line, which causes a problem in data security.

In addition, those using a one-time password have a complicated procedure until the user is notified. Therefore, there has been a demand for a personal authentication method instead of a one-time password.

Therefore, an object of the present invention is to provide a financial transaction system, a mobile terminal, an authentication module, and a financial transaction method that enable financial transactions using a highly secure personal authentication method.

The present invention solves the above-mentioned problems by the following solutions. In addition, in order to facilitate understanding, the description will be given with reference numerals corresponding to the embodiments of the present invention, but the present invention is not limited thereto. Further, the configurations described with reference numerals may be appropriately improved, and at least a part thereof may be replaced with other configurations.

The first invention comprises a mobile terminal (1) possessed by a user and having a photographing unit (34), and a personal authentication server (4) that is communicably connected to the mobile terminal and performs personal authentication processing. A financial transaction system (100) including a bank server (7) that is communicably connected to the mobile terminal and performs financial transaction business, wherein the bank server has account information and user identification information. The mobile terminal includes an account information storage unit (77) that stores the user in association with the above, and the mobile terminal uses the user's face image acquired through the photographing unit at the time of the user's identity verification as a collation image, and the bank. The user via the collation image storage unit (32) stored in association with the user identification information used for login processing to the server, the input receiving means (11) for receiving the input of the user identification information, and the photographing unit. When the image acquisition means (17) for acquiring the face image of the user and the user identification information received by the input receiving means are stored in the collation image storage unit, the user acquired by the image acquisition means. A face image matching means (18) for matching a face image with the matching image stored in the matching image storage unit, and a matching result transmitting means for transmitting the matching result by the face image matching means to the personal authentication server. (19), the personal authentication server includes an authentication result transmitting means (44) for transmitting an authentication result based on the collation result to the mobile terminal, and the mobile terminal receives from the personal authentication server. The bank server includes a request transmitting means (20) for transmitting a transaction request including the authentication result and the user identification information to the bank server, and the bank server is associated with the user identification information. In a financial transaction system provided with a transaction decision means (71) for identifying information with reference to the account information storage unit and determining whether or not to permit a transaction using the account information based on the authentication result. is there.
According to the second invention, in the financial transaction system (100) of the first invention, the mobile terminal (1) includes an authentication method receiving means (11) for receiving a designation of a personal authentication method, and the image of the mobile terminal. The acquisition means (17) is a financial transaction system that acquires a face image of the user via the photographing unit when the designation of the person authentication method by the authentication method receiving means is face authentication.
According to the third invention, in the financial transaction system (100) of the second invention, the mobile terminal (1) is designated by the authentication method receiving means (11) as a face recognition method. When the collated image stored in the collated image storage unit (32) is not associated with the user identification information, the user identification information received by the input receiving means (11) is associated with the collated image. It is a financial transaction system including the associating means (14).
According to the fourth invention, in the financial transaction system (100) of the third invention, the mobile terminal (1) is face-authenticated by the authentication method receiving means (11). When the collation image is not stored in the collation image storage unit (32), the image of the identity verification document and the face image are transmitted to the identity authentication server (4) to perform the identity verification process. When the personal authentication processing means (14) is provided and the associating means (14) of the mobile terminal receives the fact that the personal identification has been performed from the personal authentication server, the face image is used as the collation image and the input is performed. This is a financial transaction system that stores the user identification information received by the reception means (11) in the collation image storage unit in association with the user identification information.
According to a fifth invention, in any of the financial transaction systems (100) from the second invention to the fourth invention, the mobile terminal (1) includes a transaction item receiving means (11) for receiving a transaction item. The authentication method receiving means (11) of the mobile terminal is a financial transaction system that accepts the designation of the person authentication method according to the transaction item received by the transaction item receiving means.
A sixth aspect of the present invention is a mobile terminal (201) possessed by a user and having a photographing unit (34), and a personal authentication server (4) that is communicably connected to the mobile terminal and performs personal authentication processing. , A transaction intermediary server (208) that is communicably connected to each of the mobile terminal and a bank server (7) that performs a financial transaction business and mediates a financial transaction by the user using the bank server. The bank server is an account information storage unit that stores account information in association with user identification information that identifies the user used for login processing to the bank server. The transaction mediation server includes (77), and the transaction mediation server includes a user information storage unit (287) that stores user identification information, bank identification information, and user identification information in association with each other. The collation image storage unit that stores the user's face image acquired through the photographing unit at the time of identity verification of the user as a collation image in association with the user identification information used for logging in to the transaction intermediary server. (232), an input receiving means (211) that accepts input of the user identification information and the bank identification information, and an image acquisition means (17) that acquires a face image of the user via the photographing unit. When the user identification information received by the input receiving means is stored in the collated image storage unit, the user's face image acquired by the image acquisition means and the collated image storage unit store the user identification information. The personal authentication server includes a face image collating means (18) for collating the collated image, and a collating result transmitting means (19) for transmitting the collation result by the face image collating means to the personal authentication server. The mobile terminal includes an authentication result transmitting means (44) for transmitting an authentication result based on the collation result to the mobile terminal, and the mobile terminal provides the authentication result, the user identification information, and the bank identification information. The transaction intermediary server includes a request transmission means (220) for transmitting a transaction request including the transaction request to the transaction intermediary server, and the transaction intermediary server is based on the received user identification information and the bank identification information. An execution request that extracts the corresponding user identification information by referring to the information storage unit and transmits the authentication result and the transaction execution request including the user identification information to the bank server corresponding to the bank identification information. A means (281) is provided, and the bank server identifies the account information associated with the user identification information with reference to the account information storage unit. , A financial transaction system including a transaction decision means (71) for determining whether or not to permit a transaction using the account information based on the authentication result.
A seventh invention is a mobile terminal (1) possessed by a user and provided with a photographing unit (34), and a face image of the user acquired through the photographing unit at the time of identity verification of the user is obtained. As the collation image, the collation image storage unit (32) stored in association with the user identification information that identifies the user used for the login process to the bank server (7) that is communicably connected and performs financial transaction business, and the user. The input receiving means (11) for receiving the input of the identification information, the image acquiring means (17) for acquiring the face image of the user via the photographing unit, and the user identification information received by the input receiving means are the same. A face image collating means (18) that collates the user's face image acquired by the image acquisition means with the collated image stored in the collated image storage unit when stored in the collated image storage unit. , The collation result transmission means (19) that transmits the collation result by the face image collation means to the personal authentication server (4) that is communicably connected and performs the personal authentication process, and the authentication result received from the personal authentication server. A mobile terminal comprising a request transmitting means (20) for transmitting a transaction request including the user identification information to the bank server.
An eighth invention is an authentication module (31c) that is executed by a mobile terminal (1), which is a computer provided with a photographing unit (34) and possessed by the user, wherein the mobile terminal confirms the identity of the user. At that time, the face image of the user acquired through the photographing unit was stored as a collation image in association with the user identification information that identifies the user used for the login process to the bank server (7) performing the financial transaction business. A collation image storage unit (32) and a bank transaction program (31a) for conducting a bank transaction between the bank server are provided, and the mobile terminal is used to obtain a face image of the user via the photographing unit. When the image acquisition means to be acquired and the user identification information delivered from the bank transaction program match the user identification information stored in the collation image storage unit, the user acquired by the image acquisition means. The face image matching means for matching the face image with the matching image stored in the matching image storage unit and the matching result by the face image matching means are communicably connected to the mobile terminal and the person himself / herself. It is an authentication module for functioning as a means for transmitting a verification result to be transmitted to a personal authentication server (4) that performs an authentication process and a means for passing the authentication result received from the personal authentication server to the bank transaction program. ..
In the ninth aspect of the present invention, the mobile terminal (1) provided with the photographing unit (34) possessed by the user collates the face image of the user acquired through the photographing unit when confirming the identity of the user. A collation image storage unit (32) that is communicably connected to the mobile terminal and is stored in association with user identification information that identifies the user used for login processing to a bank server that performs financial transaction business is provided. An input receiving step in which the mobile terminal receives an input of the user identification information, an image acquisition step in which the mobile terminal acquires a face image of the user via the photographing unit, and the mobile terminal receives the input. When the user identification information received by the reception step is stored in the collation image storage unit, the face image of the user acquired by the image acquisition step and the collation image stored in the collation image storage unit. The face image collation step for collating with the above and the mobile terminal transmit the collation result of the face image collation step to the personal authentication server (4) which is communicably connected to the mobile terminal and performs personal authentication processing. The verification result transmission step, the authentication result transmission step in which the personal authentication server transmits the authentication result based on the verification result to the mobile terminal, and the mobile terminal transmits the authentication result and the user identification information. The request transmission step of transmitting the transaction request including the transaction request to the bank server, and the bank server stores the account information associated with the user identification information in association with the account information and the user identification information. It is a financial transaction method including a transaction determination step of identifying with reference to the account information storage unit (77) and determining whether or not to permit a transaction using the account information based on the authentication result.

According to the present invention, it is possible to provide a financial transaction system, a mobile terminal, an authentication module, and a financial transaction method that enable financial transactions by using a highly secure personal authentication method.

It is a figure which shows the whole structure of the financial transaction system which concerns on 1st Embodiment. It is a functional block diagram of the mobile terminal which concerns on 1st Embodiment. It is a functional block diagram of the person authentication server and the bank server which concerns on 1st Embodiment. It is a flowchart which shows the processing at the time of the transaction start in the mobile terminal which concerns on 1st Embodiment. It is a figure which shows the display example in the mobile terminal which concerns on 1st Embodiment. It is a flowchart which shows the confirmation process by biometric authentication in the mobile terminal which concerns on 1st Embodiment. It is a flowchart which shows the identity verification process in the mobile terminal which concerns on 1st Embodiment. It is a flowchart which shows the collation image processing in the mobile terminal and the person authentication server which concerns on 1st Embodiment. It is a flowchart which shows the person authentication processing in the mobile terminal and the person authentication server which concerns on 1st Embodiment. It is a continuation of FIG. It is a figure which shows the whole structure of the financial transaction system which concerns on 2nd Embodiment. It is a functional block diagram of the mobile terminal which concerns on 2nd Embodiment. It is a figure which shows the functional block diagram of the transaction intermediary server which concerns on 2nd Embodiment, and the example of the user information storage part. It is a flowchart which shows the transaction processing in the financial transaction system which concerns on 2nd Embodiment.

Hereinafter, embodiments for carrying out the present invention will be described with reference to the drawings. It should be noted that this is only an example, and the technical scope of the present invention is not limited to this.

(First Embodiment)
FIG. 1 is a diagram showing an overall configuration of the financial transaction system 100 according to the first embodiment.
FIG. 2 is a functional block diagram of the mobile terminal 1 according to the first embodiment.
FIG. 3 is a functional block diagram of the personal authentication server 4 and the bank server 7 according to the first embodiment.
The financial transaction system 100 shown in FIG. 1 is a system for performing financial transactions by Internet banking using the mobile terminal 1. The financial transaction system 100 is a system for safely conducting transactions with the mobile terminal 1 by performing biometric authentication using a face image, which is a high-security authentication, especially in the case of fund transfer transactions such as transfer. ..

Here, the identity verification in the present invention means a confirmation process for enabling an online procedure using a mobile terminal or the like. In identity verification, for example, verification is performed using a public certificate such as a driver's license. On the other hand, identity verification is a state in which identity verification has already been performed, and refers to confirmation to prevent spoofing and the like.
In addition, the following describes the processing for a person who has applied for Internet banking in advance and wishes to make a fund transfer transaction such as a transfer among financial transactions by Internet banking using the mobile terminal 1.
Then, in the following, among financial transactions by Internet banking using the mobile terminal 1, when performing a fund transfer transaction such as a transfer, an example will be described in which identity verification or identity verification using a face image is performed.

The financial transaction system 100 includes a mobile terminal 1, a personal authentication server 4, and a bank server 7. The mobile terminal 1 can be connected to the communication network N via, for example, the base station R for wireless communication. Further, the personal authentication server 4 and the bank server 7 are communicably connected to the mobile terminal 1 via the communication network N.

The mobile terminal 1 is, for example, a terminal owned by a person (hereinafter, also referred to as a user) who intends to receive the service provided by the bank server 7. The mobile terminal 1 is, for example, a portable device having a computer function represented by a smartphone or a tablet.
As shown in FIG. 2, the mobile terminal 1 includes a control unit 10, a storage unit 30, a camera 34 (shooting unit), a touch panel display 35, and a communication interface unit 39.

The control unit 10 is a CPU (central processing unit) that controls the entire mobile terminal 1. The control unit 10 appropriately reads and executes the operating system (OS) and various application programs stored in the storage unit 30 to cooperate with the above-mentioned hardware and execute various functions.
The control unit 10 includes an input reception unit 11 (input reception means, authentication method reception means, transaction item reception means), an authentication confirmation processing unit 12, and a transaction request unit 20 (request transmission means).

The input receiving unit 11 receives various inputs for conducting a transaction by the user.
For example, the input reception unit 11 accepts the input of login information for logging in to the bank server 7 for conducting a transaction by Internet banking. Here, the login information refers to a login ID (IDentification: user identification information) and a password registered in advance in the bank server 7. The login ID and password are different from the account number and the personal identification number.
Further, the input receiving unit 11 accepts the designation of the transaction item. The transaction item refers to an item related to financial transactions such as account inquiry and transfer.
Further, the input receiving unit 11 accepts the selection of the authentication method (personal authentication method). The authentication method includes, for example, biometric authentication (face authentication) using a face image, authentication using an OTP (one-time password), and the like.

The authentication confirmation processing unit 12 performs a predetermined authentication confirmation process based on the designation of the transaction item received by the input reception unit 11 and the authentication method.
The authentication confirmation processing unit 12 includes an association confirmation unit 13, an identity verification processing unit 14 (identity verification processing means, association means), and an authentication API (Application Programming Interface) processing unit 15.

The association confirmation unit 13 confirms whether or not the login ID for logging in to the bank server 7 for conducting a transaction by Internet banking and the biometric authentication information are associated with each other.
The identity verification processing unit 14 is a process performed when the login ID and the biometric authentication information are not associated with each other. The identity verification processing unit 14 is performed by the identity verification API 31b.
More specifically, the identity verification processing unit 14 acquires an identity verification image, which is an image of the identity verification document, by the user operating the camera 34 and photographing the identity verification document. Here, the identity verification document is a publicly recognized identification card on which a photograph of the user's face is posted. As an example of the identity verification document, FIG. 1 shows a driver's license 3. In addition, the identity verification document may be a My Number card or the like on which a photograph of the user's face is posted.
Then, the identity verification processing unit 14 extracts a face photo image from the acquired identity verification image, and stores the extracted face photo image in the storage unit 30.

Further, the identity verification processing unit 14 acquires a collation image used for collation, which is a user's face image by the user operating the camera 34 to photograph his / her own face, and stores the acquired collation image. Store in 30.
After that, the identity verification processing unit 14 transmits the face photograph image and the collation image stored in the storage unit 30 to the identity verification server 4 to request identity verification.
Then, the identity verification processing unit 14 receives the identity verification result from the identity verification server 4.

When the identity verification result received from the identity verification server 4 can be collated, the identity verification processing unit 14 stores the collation image stored in the storage unit 30 in the collation image storage unit 32, and the input reception unit The login ID received by 11 is associated with the collation image (biometric authentication information).
In addition, the identity verification processing unit 14 generates a key pair to be used for verification with the identity verification server 4. A key pair consists of a private key and a public key. Then, the identity verification processing unit 14 stores the generated private key in the key storage unit 33. In addition, the identity verification processing unit 14 transmits the generated public key to the identity authentication server 4.

The authentication API processing unit 15 is a process performed when the login ID and the biometric authentication information are associated with each other. The authentication API processing unit 15 is performed by the authentication API 31c.
The authentication API processing unit 15 includes an authentication request unit 16, a face image acquisition unit 17 (image acquisition means), a face image collation unit 18 (face image collation means), and a collation result transmission unit 19 (collation result transmission means). To be equipped.

The authentication request unit 16 transmits a request for performing personal authentication to the personal authentication server 4.
The face image acquisition unit 17 acquires the user's face image by the user operating the camera 34 and photographing his / her own face.
The face image collation unit 18 collates the face image acquired by the face image acquisition unit 17 with the collation image stored in the collation image storage unit 32, and confirms whether or not they are the same person.
When the face image collation unit 18 can perform collation, the collation result transmission unit 19 stores the challenge code received from the personal authentication server 4 by the authentication request unit 16 transmitting the authentication request in the key storage unit 33. Sign with the private key and send the signature data to the personal authentication server 4.

The transaction request unit 20 transmits a transaction request including an authentication result and a login ID to the bank server 7.

The storage unit 30 is a storage area such as a semiconductor memory element for storing programs, data, and the like necessary for the control unit 10 to execute various processes.
The storage unit 30 includes a program storage unit 31, a collation image storage unit 32, and a key storage unit 33.

The program storage unit 31 is a storage area for storing various application programs (hereinafter, the application program is referred to as an application, an application, a program, or the like). The program storage unit 31 stores the bank transaction application 31a (bank transaction program), the identity verification API 31b, and the authentication API 31c (authentication module). In the present embodiment, the bank transaction application 31a, the identity verification API 31b, and the authentication API 31c will be described below, but the present embodiment is not limited thereto.

The bank transaction application 31a is installed in the mobile terminal 1 in advance, or is downloaded to the mobile terminal 1 by communicating with an application distribution server (not shown) via the communication network N as needed.
The bank transaction application 31a is a program for performing Internet banking transactions using the bank server 7.
The identity verification API 31b is a module (a type of program) that performs an identity verification function. More specifically, the identity verification API31b is a module that mainly acquires an identity verification image and extracts a facial photograph image.
The authentication API 31c is a module that performs a function of personal authentication. More specifically, the authentication API 31c is a module that acquires a face image and performs a comparison collation determination with a collation image.

The collation image storage unit 32 is a storage area for storing a face image (collation image) used for personal authentication in association with a login ID. When the identity is confirmed, the collation image storage unit 32 stores the same face image as that used in the identity verification in association with the login ID.
The key storage unit 33 is a storage area for storing the private key used for personal authentication. The key storage unit 33 stores the private key among the key pairs generated when the identity can be confirmed.

The camera 34 is a photographing device. The camera 34 has an in-camera 34a and an out-camera 34b. The in-camera 34a is a camera held on the touch panel display 35 side of the mobile terminal 1. The out-camera 34b is a camera held on the back side of the mobile terminal 1.
The touch panel display 35 has a function as a display unit composed of a liquid crystal panel and the like, and a function as an input unit for performing various operation inputs by a user's finger.
The communication interface unit 39 is an interface for communicating with various servers via the communication network N, and serves as a transmission unit and a reception unit.

Returning to FIG. 1, the driver's license 3 has a card shape, and as described above, is a public identification card. On the surface of the driver's license 3, personal information of the user including the address, name, date of birth of the user (owner), and a photograph of the user's face is described. The user of the mobile terminal 1 uses the mobile terminal 1 to take a picture of a driver's license 3 or the like possessed by the user in the financial transaction system 100.

The personal authentication server 4 is a server that performs each process of personal identification and personal authentication. For example, when starting a fund transfer transaction such as a transfer by the bank transaction application 31a, if the login ID of Internet banking and the face image are not associated with each other on the mobile terminal 1, the identity is confirmed. In addition, when the personal authentication server 4 is associated with the Internet banking login ID and the face image on the mobile terminal 1, such as when performing a fund transfer transaction such as a transfer using the bank transaction application 31a from the second time onward, Authenticate yourself. The personal authentication server 4 may be possessed by, for example, a bank or the like having a bank server 7, or may be possessed by a company that provides a service related to authentication different from the bank or the like. In this example, it will be described as having a company different from the bank server 7.

As shown in FIG. 3A, the personal authentication server 4 includes a control unit 40, a storage unit 50, and a communication interface unit 59.
The control unit 40 is a CPU that controls the entire personal authentication server 4. The control unit 40 appropriately reads and executes the OS and application programs stored in the storage unit 50, thereby collaborating with the above-mentioned hardware to execute various functions.
The control unit 40 includes an identity verification processing unit 41, a key reception processing unit 42, a code generation transmission unit 43, and an authentication result transmission unit 44 (authentication result transmission means).

The identity verification processing unit 41 performs the identity verification process.
Specifically, the identity verification processing unit 41 receives the face image and the face photo image from the mobile terminal 1. Then, the identity verification processing unit 41 collates the received face image with the face photo image. Here, the identity verification processing unit 41 may indicate the collation result of the face image and the face photograph image by a score. For example, the identity verification processing unit 41 performs image collation processing and calculates the degree of matching of facial photograph images as a score. Here, the score is represented by a numerical value from 0 to 100, for example, and the higher the degree of agreement, the higher the numerical value.
After that, the identity verification processing unit 41 transmits the collation result to the mobile terminal 1.

The key reception processing unit 42 receives the public key used for personal authentication from the mobile terminal 1, and stores the received public key in the key storage unit 53.
The code generation transmission unit 43 uses random numbers to generate a challenge code in response to receiving an authentication request from the mobile terminal 1. Further, the code generation transmission unit 43 transmits the generated challenge code to the mobile terminal 1.
The authentication result transmission unit 44 verifies the signature data received from the mobile terminal 1, and if it can be verified, transmits the signature verification result to the mobile terminal 1.

The storage unit 50 is a storage area for a hard disk, a semiconductor memory element, or the like for storing programs, data, and the like necessary for the control unit 40 to execute various processes.
The storage unit 50 includes a program storage unit 51 and a key storage unit 53.
The program storage unit 51 is a storage area for storing various programs. The program storage unit 51 stores the personal authentication program 51a.
The personal authentication program 51a is a program for performing various functions executed by the control unit 40 of the personal authentication server 4.
In the first embodiment, the process of performing the processing on the personal authentication server 4 at the time of personal authentication and at the time of personal authentication will be described below using only the personal authentication program 51a. However, the processing on the personal authentication server 4 at the time of identity verification and the time of personal authentication may be performed by using different programs.
The communication interface unit 59 is an interface for performing communication with the mobile terminal 1 and the like via the communication network N.

The bank server 7 is a server that performs financial transaction business, particularly banking business, and is, for example, a front server for performing Internet banking by communicating with the mobile terminal 1. The bank server 7 is communicably connected to, for example, a core banking system having a ledger (not shown), acquires account information, executes transactions, and updates account information (balance, etc.).
As shown in FIG. 3B, the bank server 7 includes a control unit 70, a storage unit 75, and a communication interface unit 79.

The control unit 70 is a CPU that controls the entire bank server 7. The control unit 70 executes various functions in cooperation with the above-mentioned hardware by appropriately reading and executing the OS and application programs stored in the storage unit 75.
The control unit 70 includes a processing execution unit 71 (transaction decision means).
The process execution unit 71 receives the transaction request including the authentication result and the login ID from the mobile terminal 1, determines whether or not to allow the transaction request, executes the determined process, and makes a transaction. Is established.

The storage unit 75 is a storage area for a hard disk, a semiconductor memory element, or the like for storing programs, data, and the like necessary for the control unit 70 to execute various processes.
The storage unit 75 includes a program storage unit 76 and an account information storage unit 77.
The program storage unit 76 is a storage area for storing various programs. The program storage unit 76 stores the transaction program 76a.
The transaction program 76a is a program for performing various functions executed by the control unit 70 of the bank server 7.
The account information storage unit 77 is a storage area for storing a password and account information such as an account number and an account name in association with a login ID.
The communication interface unit 79 is an interface for performing communication with the mobile terminal 1 and the like via the communication network N.

Here, the computer means an information processing device provided with a control unit, a storage device, and the like, and the mobile terminal 1, the personal authentication server 4, and the bank server 7 are information processing devices provided with a control unit, a storage device, and the like, respectively. Yes, it is included in the concept of computer.

The base station R shown in FIG. 1 is a base station for wireless communication, and relays for the mobile terminal 1 to communicate with various servers. The base station R is, for example, a base station of a wireless LAN (Local Area Network) or a base station for a mobile terminal communication network of a telecommunications carrier.
The communication network N is a network between various servers or between various servers and the base station R, and is an Internet line, a mobile terminal communication network, or the like.

Next, the processing of the financial transaction system 100 will be described.
FIG. 4 is a flowchart showing a transaction start processing on the mobile terminal 1 according to the first embodiment.
FIG. 5 is a diagram showing a display example on the mobile terminal 1 according to the first embodiment.
First, a user who wants to start an Internet banking service using the mobile terminal 1 can, for example, tap to select an icon (not shown) of the banking application 31a displayed on the touch panel display 35 of his / her mobile terminal 1. Perform touch operation. By doing so, the control unit 10 of the mobile terminal 1 executes the bank transaction application 31a.

When the bank transaction application 31a is executed, in step S10 of FIG. 4 (hereinafter, simply referred to as “S”), the control unit 10 of the mobile terminal 1 displays the login screen 60 of the bank transaction application 31a on the touch panel display 35. indicate. FIG. 5A shows an example of the login screen 60. The user inputs the login ID and password used in the bank transaction application 31a from the login screen 60, and taps the "Next" button.
By doing so, the control unit 10 (input reception unit 11) of the mobile terminal 1 accepts the input of the login information and performs the login process of transmitting the login ID and password to the bank server 7.
The control unit 70 of the bank server 7 performs login authentication using the received login ID and password, and transmits the login authentication result to the mobile terminal 1.

When the control unit 10 of the mobile terminal 1 receives the login authentication result and the login authentication can be performed, the control unit 10 outputs the menu screen 61 illustrated in FIG. 5B in S2. The menu screen 61 is a list of various transactions that can be executed by the bank transaction application 31a. FIG. 5B is an example in which the account information corresponding to the login ID relates to one account. When there is account information corresponding to one login ID for a plurality of accounts, for example, a plurality of account numbers are output on the menu screen 61, and the user is made to select the account number to be traded.

In S3, the control unit 10 determines whether or not to terminate this process by accepting, for example, an operation for terminating the bank transaction application 31a. When terminating (S3: YES), the control unit 10 ends this process by terminating the execution of the bank transaction application 31a. On the other hand, if it does not end (S3: NO), the control unit 10 shifts the process to S4.

In S4, the control unit 10 (input reception unit 11) determines whether or not the fund transfer transaction is selected by selecting, for example, the transaction item of "transfer" from the menu screen 61. When the fund transfer transaction is selected (S4: YES), the control unit 10 shifts the process to S5. On the other hand, when the fund transfer transaction is not selected (S4: NO), the control unit 10 shifts the process to S6. Here, the case where the fund transfer transaction is not selected means that, for example, a transaction item related to an account inquiry such as a deposit / withdrawal statement inquiry or a balance inquiry is selected. In addition, when the fund transfer transaction is not selected, various change processes such as change of address and password may be included.

In S5, the control unit 10 outputs the authentication method selection screen 62 illustrated in FIG. 5C. The authentication method selection screen 62 is an output in which a recognized authentication method can be selected. The authentication method selection screen 62 shown in FIG. 5C shows biometric authentication and OTP (one-time password) authentication. After that, the control unit 10 shifts the processing to S7.
On the other hand, in S6, the control unit 10 performs processing on the selected transaction item. Specifically, if the selected item is a transaction item related to an account inquiry, the control unit 10 transmits the login ID and the content of the transaction item to the bank server 7 to change the content of the transaction item from the bank server 7. Receives and outputs the appropriate information (balance, etc.). After that, the control unit 10 shifts the processing to S2.

In S7, the control unit 10 (input reception unit 11) determines whether or not biometric authentication is selected. When biometric authentication is selected (S7: YES), the control unit 10 shifts the process to S8. On the other hand, when biometric authentication is not selected (S7: NO), the control unit 10 shifts the process to S9.
In S8, the control unit 10 (authentication confirmation processing unit 12) performs confirmation processing by biometric authentication (see FIG. 6 described later). The biometric authentication in this embodiment uses a user's face image obtained by the user operating the camera 34 and photographing his / her own face. After that, the control unit 10 shifts the processing to S10.

On the other hand, in S9, the control unit 10 performs confirmation processing by another selected method. The description of the confirmation process by the other selected method will be omitted.
In S10, the control unit 10 (transaction request unit 20) transmits a transaction request including the confirmation processing result (authentication result), the login ID, and the contents of the transaction item to the bank server 7.

Then, when the control unit 70 (processing execution unit 71) of the bank server 7 includes the confirmation processing result that the received transaction request has been authenticated, the control unit 70 (processing execution unit 71) specifies the account information by referring to the account information storage unit 77. , The data according to the contents of the transaction item is transmitted to the mobile terminal 1. The mobile terminal 1 outputs, for example, the transfer detailed setting screen 64 shown in FIG. 5 (e). Then, by communicating between the control unit 10 and the bank server 7, the control unit 70 (processing execution unit 71) of the bank server 7 executes processing related to the contents of the transaction item. After that, the control unit 10 outputs the transaction result screen (not shown) and then shifts the process to S2.
On the other hand, when the received transaction request includes the authentication error confirmation processing result, the control unit 10 outputs, for example, the confirmation result screen 65 shown in FIG. 5 (f). After that, the control unit 10 shifts the processing to S2.

Next, the confirmation process by biometric authentication will be described.
FIG. 6 is a flowchart showing a confirmation process by biometric authentication on the mobile terminal 1 according to the first embodiment.
In S21, the control unit 10 (association confirmation unit 13) determines whether or not the login ID used in the login process is associated with the face image (collation image) stored in the collation image storage unit 32. When the login ID is associated (S21: YES), the control unit 10 shifts the process to S22. On the other hand, when the login ID is not associated (S21: NO), the control unit 10 shifts the process to S23.

In S22, the control unit 10 (identity verification processing unit 14) performs the personal authentication process (see FIG. 9 described later). After that, the control unit 10 shifts the processing to S10 of FIG.
On the other hand, in S23, the control unit 10 (authentication API processing unit 15) performs an identity verification process (see FIG. 7 described later). After that, the control unit 10 shifts the processing to S10 of FIG.

Next, the identity verification process will be described. The identity verification process here is a process of taking a picture of the identity verification document and the user's face image and collating the face photo image of the user's face image with the user's face image, and when the verification can be performed. It refers to a combination of a process of associating a login ID for using Internet banking with a user's face image.
FIG. 7 is a flowchart showing an identity verification process on the mobile terminal 1 according to the first embodiment.
FIG. 8 is a flowchart showing collation image processing in the mobile terminal 1 and the personal authentication server 4 according to the first embodiment.

In S31 of FIG. 7, the control unit 10 (identity verification processing unit 14) performs collation image processing.
Here, the collation image processing will be described with reference to FIG.
In S41 of FIG. 8, the control unit 10 activates the out-camera 34b and displays a through image (image of the shooting range) of the out-camera 34b on the touch panel display 35 so that the identity verification document can be photographed. Then, the user taps a shooting button (not shown) so that the identity verification document is reflected in the through image, and the control unit 10 acquires the identity verification image.

At that time, the control unit 10 first displays an identification card selection screen (not shown) for selecting what to shoot as an identity verification document (driver's license or My Number card), and allows the user to verify the identity. You may choose the type of document. Then, the control unit 10 may change the guidance for taking a picture according to the type of the identity verification document. For example, in the case of a driver's license 3, it is necessary to photograph the front surface and the back surface. On the other hand, if it is My Number Card, it is enough to shoot only the surface.

In S42, the control unit 10 extracts a facial photograph image from the identity verification image. The control unit 10 analyzes, for example, the identity verification image to identify the identity verification document. Then, the control unit 10 identifies the image position of the face photograph from the identity verification document and extracts the image of the specified image position.
In S43, the control unit 10 temporarily stores the extracted facial photograph image in the storage unit 30.

In S44, the control unit 10 activates the in-camera 34a this time, and causes the touch panel display 35 to display the through image of the in-camera 34a. Then, the user taps a shooting button (not shown) so that his / her face is reflected in the through image, and the control unit 10 acquires a collation image (face image).
In S45, the control unit 10 encrypts the acquired collation image together with the face photo image temporarily stored in the storage unit 30 and transmits it to the personal authentication server 4. Here, the facial photograph image stored in the storage unit 30 is the one acquired (S41) and stored (S43) by the mobile terminal 1. Further, since the facial photograph image and the collated image are the biometric information of the user, it is desirable to encrypt and transmit the image. The encryption method is not particularly limited, and for example, a common key cryptosystem may be used, or another known cryptosystem may be used.

In S46, the control unit 40 (identity verification processing unit 41) of the personal authentication server 4 receives the collation image and the facial photograph image from the mobile terminal 1.
In S47, the control unit 40 (identity verification processing unit 41) decodes the received collation image and the face photo image, and performs face collation processing for collating each of them. The control unit 40 performs image collation processing, and calculates, for example, the degree of matching between the collation image and the facial photograph image as a score.
In S48, the control unit 40 (identity verification processing unit 41) transmits the collation result to the mobile terminal 1. After that, the control unit 40 ends this process.
In S49, the control unit 10 of the mobile terminal 1 receives the collation result. After that, the control unit 10 shifts the processing to S32 of FIG.

In S32 of FIG. 7, the control unit 10 (identity verification processing unit 14) determines whether or not authentication has been achieved based on the collation result. When the score obtained as the collation result, for example, the score is equal to or higher than the threshold value, the control unit 10 determines that the authentication has been completed. When it is determined that the authentication has been performed (S32: YES), the control unit 10 shifts the process to S33. On the other hand, when it is not determined that the authentication has been performed (S32: NO), the control unit 10 shifts the process to S39.

In S33, the control unit 10 (identity verification processing unit 14) performs an association process of associating the face image acquired in the identity verification process with the login ID used in the login process as a collation image. At that time, the control unit 10 may output, for example, the authentication information registration screen 66 shown in FIG. 5 (g) to allow the user to confirm the processing content.
In S34, the control unit 10 (identity verification processing unit 14) stores the associated collation image in the collation image storage unit 32. As a result, the collation image and the login ID are stored in association with each other in the collation image storage unit 32.

In S35, the control unit 10 (identity verification processing unit 14) generates a key pair, and transmits the public key of the generated key pair to the personal authentication server 4. After that, the control unit 10 shifts the processing to S10 of FIG. By this process, the control unit 40 (key reception processing unit 42) of the personal authentication server 4 receives the public key, and the key storage unit 53 stores the received public key.
On the other hand, in S39, the control unit 10 determines that an authentication error has occurred, and shifts the process to S10 in FIG.

Next, the personal authentication process will be described. Here, the personal authentication process refers to a process for performing a fund transfer transaction process when the collated image is associated with a login ID.
9 and 10 are flowcharts showing the personal authentication process of the mobile terminal 1 and the personal authentication server 4 according to the first embodiment.
In S61 of FIG. 9, the control unit 10 (authentication request unit 16) transmits an authentication request to the personal authentication server 4.

In S62, the control unit 40 of the personal authentication server 4 receives the authentication request.
In S63, the control unit 40 (code generation transmission unit 43) generates a random number to generate a challenge code, and transmits the generated challenge code to the mobile terminal 1. After that, the control unit 40 ends this process.
In S64, the control unit 10 of the mobile terminal 1 receives the challenge code.
In S65, the control unit 10 (face image acquisition unit 17) acquires a face image. The control unit 10 outputs the shooting screen 63 illustrated in FIG. 5D, activates the in-camera 34a, and causes the user to shoot his / her own face to acquire the user's face image.

In S66, the control unit 10 (face image collation unit 18) collates the acquired user's face image with the collation image stored in the collation image storage unit 32 and associated with the login ID. The image collation process for collating this image may have the same logic as that performed by the identity verification server 4 at the time of identity verification. The control unit 10 calculates, for example, the degree of matching between the face image and the collated image as a score by the image collation process.
In S67, the control unit 10 (face image collation unit 18) determines whether or not the collation was possible. For example, when the score is equal to or higher than the threshold value, the control unit 10 determines that the collation has been completed. When it is determined that the collation has been completed (S67: YES), the control unit 10 shifts the process to S68. On the other hand, when it is not determined that the collation was possible (S67: NO), the control unit 10 shifts the process to S69.

In S68, the control unit 10 signs the challenge code received in S64 with the private key stored in the key storage unit 33. After that, the control unit 10 shifts the processing to S71 in FIG.
On the other hand, in S69, the control unit 10 determines that an authentication error has occurred, and shifts the process to S10 in FIG.

In S71 of FIG. 10, the control unit 10 (collation result transmission unit 19) transmits the signed data to the personal authentication server 4.
In S72, the control unit 40 of the personal authentication server 4 receives the signed data.
In S73, the control unit 40 performs a signature verification process using the public key possessed by the key storage unit 53. When the signature can be verified using the public key, the control unit 40 determines that the person has been authenticated.

In S74, the control unit 40 determines whether or not the signature verification has been performed. If the signature can be verified (S74: YES), the control unit 40 shifts the process to S75. On the other hand, if the signature cannot be verified (S74: NO), the control unit 40 ends this process.
In S75, the control unit 40 (authentication result transmission unit 44) transmits the signature verification result to the mobile terminal 1. After that, the control unit 40 ends this process.

In S76, the control unit 10 of the mobile terminal 1 determines whether or not the signature verification result has been received. When the signature verification result is received (S76: YES), the control unit 10 shifts the process to S77. On the other hand, when the signature verification result has not been received (S76: NO), the control unit 10 shifts the process to S79. If the signature verification result is not received within a predetermined time after the signed data is transmitted (S71), the control unit 10 may determine that the signature verification result has not been received.
In S77, the control unit 10 determines that the authentication has been successful, and shifts the process to S10 in FIG.
On the other hand, in S79, the control unit 10 determines that an authentication error has occurred, and shifts the process to S10 in FIG.

As described above, according to the first embodiment, the financial transaction system 100 has the following effects.
(1) The face image (verification image) acquired by identity verification is stored in the mobile terminal 1 in association with the login ID used when using Internet banking. Then, the face image stored in the mobile terminal 1 in association with the login ID is used for the verification in the personal authentication performed each time the fund transfer transaction of the Internet banking is performed. In this way, since the personal authentication process using the face image is performed only by the mobile terminal 1, it is possible to improve the security without transmitting the biometric information which is the face image used in the personal authentication to the communication network N. ..
In addition, for personal authentication, the face image that is the collation source is not acquired again, but the face image acquired by the identity verification is diverted. Therefore, the collation image only needs to be acquired once, and can be made more convenient for the user.

(2) In particular, in the process of personal authentication related to online transactions of financial institutions, the conventional password authentication is shifting to biometric authentication in order to further improve convenience and security. In biometric authentication, for example, when collating using a face image, the face image that is the collation source is not output (or transmitted) to the outside as much as possible, but is an image held only inside the mobile terminal 1. It is preferable to use. In biometric authentication, when registering the biometric information of the person, the person's data such as a face image is not diverted, and security can be maintained in a stronger environment.
(3) The face image acquired by the identity verification is stored in the mobile terminal 1 as an image for collation at the time of identity verification when the identity can be confirmed. Therefore, the act of storing the face image only needs to be performed once when the confirmation process by biometric authentication is performed for the first time.

(4) Since the verification result of the personal authentication signed with the private key is transmitted from the mobile terminal 1 to the personal authentication server 4, the security can be further improved.
(5) Since the challenge code is transmitted from the personal authentication server 4 to the mobile terminal 1 and the verification result in which the challenge code is signed with the private key is transmitted from the mobile terminal 1 to the personal authentication server 4, the personal authentication server 4 transmits the challenge code. , The identity of the mobile terminal 1 that authenticates the person can be ensured, and the security is improved.

(Second Embodiment)
In the second embodiment, a bank server of a plurality of banks and a transaction intermediary server that mediates between mobile terminals will be described. In the following description, the same reference numerals or the same reference numerals will be added to the parts that perform the same functions as those of the first embodiment described above, and duplicate description will be omitted as appropriate.

FIG. 11 is a diagram showing an overall configuration of the financial transaction system according to the second embodiment.
FIG. 12 is a functional block diagram of the mobile terminal according to the second embodiment.
FIG. 13 is a functional block diagram of the transaction intermediary server according to the second embodiment and a diagram showing an example of a user information storage unit.

The financial transaction system 200 shown in FIG. 11 uses a transaction intermediary server 208 that mediates transactions between a plurality of bank servers 7 and a mobile terminal 201, and performs financial transactions by Internet banking using the mobile terminal 201. It is a system. The financial transaction system 200 is a system for safely conducting transactions with the mobile terminal 201 by performing biometric authentication using a face image, which is a high-security authentication, especially in the case of fund transfer transactions such as transfer. ..
The financial transaction system 200 includes a mobile terminal 201, a personal authentication server 4, a bank server 7, and a transaction intermediary server 208. The transaction mediation server 208 can be connected to the communication network N.

As shown in FIG. 12, the mobile terminal 1 includes a control unit 210, a storage unit 230, a camera 34, a touch panel display 35, and a communication interface unit 39.
The control unit 210 includes an input reception unit 211 (input reception means), an authentication confirmation processing unit 12, and a transaction request unit 220 (request transmission means).

The input receiving unit 211 receives various inputs for conducting a transaction by the user.
For example, the input receiving unit 211 accepts the input of login information for logging in to the transaction intermediary server 208. Here, the login information means a user ID (user identification information) and a password registered in advance in the transaction mediation server 208. This user ID and password are different from the login ID and password for logging in to the bank server 7.
Further, the input receiving unit 211 may accept the designation of transaction items, the selection of the authentication method, and the like.
The transaction request unit 220 transmits a transaction request including an authentication result, a user ID, and a bank ID (bank identification information) which is identification information for identifying the bank to the transaction intermediary server 208.

The storage unit 230 includes a program storage unit 231, a collation image storage unit 232, and a key storage unit 33.
The program storage unit 231 stores the transaction mediation application 231d, the identity verification API 31b, and the authentication API 31c.
The transaction brokerage application 231d is a program for conducting Internet banking transactions with a bank server 7 using the transaction brokerage server 208.
The collation image storage unit 232 is a storage area for storing a face image (collation image) used for personal authentication in association with a user ID.

The transaction mediation server 208 is a server that mediates between the mobile terminal 1 and the bank server 7. By using the transaction intermediary server 208, the mobile terminal 1 can grasp the fund balance from the account information of a plurality of banks owned by the mobile terminal 1.
As shown in FIG. 13A, the transaction mediation server 208 includes a control unit 280, a storage unit 285, and a communication interface unit 289.

The control unit 280 is a CPU that controls the entire transaction mediation server 208. The control unit 280 appropriately reads and executes the OS and application programs stored in the storage unit 285, and cooperates with the above-mentioned hardware to execute various functions.
The control unit 280 includes an execution request unit 281 (execution request means).
The execution request unit 281 acquires the login ID by receiving the authentication result, the user ID, and the transaction request including the bank ID from the mobile terminal 1, and logs in to the bank server 7 with the authentication result. Send a transaction execution request including an ID.

The storage unit 285 is a storage area for a hard disk, a semiconductor memory element, or the like for storing programs, data, and the like necessary for the control unit 280 to execute various processes.
The storage unit 285 includes a program storage unit 286 and a user information storage unit 287.
The program storage unit 286 is a storage area for storing various programs. The program storage unit 286 stores the transaction brokerage program 286a.
The transaction intermediary program 286a is a program for performing various functions executed by the control unit 280 of the transaction intermediary server 208.

As illustrated in FIG. 13B, the user information storage unit 287 logs in to the bank server 7 corresponding to the user's bank specified by the password and the user ID in association with the user ID. It is a storage area for storing the login information (bank ID, login ID, password) of.
The communication interface unit 289 is an interface for performing communication with the mobile terminal 1 and the like via the communication network N.
The computer is an information processing device provided with a control unit, a storage device, and the like, and the transaction mediation server 208 is an information processing device provided with a control unit, a storage unit, and the like, and is included in the concept of a computer.

Next, the processing of the financial transaction system 200 will be described focusing on the changes from the first embodiment.
FIG. 14 is a flowchart showing a transaction process in the financial transaction system 200 according to the second embodiment.
As a premise of the transaction processing described with reference to FIG. 14, the mobile terminal 201 has already performed the identity verification process with the identity authentication server 4, and the matching image storage unit 232 of the mobile terminal 201 has a face image (matching). It is assumed that the image) and the user ID for logging in to the transaction intermediary server 208 are associated with each other. Then, the transaction processing limits the available transactions based on the result of personal authentication by biometric authentication (face authentication).

First, the user performs a touch operation such as tapping to select an icon (not shown) for activating the transaction mediation application 231d. By doing so, the control unit 210 of the mobile terminal 201 executes the transaction mediation application 231d.
When the transaction intermediary application 231d is executed, the control unit 210 of the mobile terminal 201 displays the login screen (not shown) of the transaction intermediary application 231d on the touch panel display 35. The user inputs the user ID and password used in the transaction mediation application 231d.
By doing so, in S201 of FIG. 14, the control unit 210 (input reception unit 211) of the mobile terminal 201 accepts the input of login information and sends the user ID and password (PW) to the transaction mediation server 208. Perform the login process to send.

In S202, the control unit 280 of the transaction mediation server 208 performs login authentication using the received user ID and password, and if the authentication is successful, the user information storage unit 287 is referred to and the login corresponding to the user ID is performed. The ID and password are transmitted to each bank server 7. Here, when only one bank ID is associated with the user ID, the control unit 210 transmits the login ID and the password to the bank server 7 corresponding to the one bank ID. .. On the other hand, when a plurality of bank IDs are associated with the user ID, the login ID and password associated with the bank ID are transmitted to the bank server 7 corresponding to each bank ID.

In S203, the control unit 70 of the bank server 7 performs login authentication using the received login ID and password. Then, if the authentication is successful, the control unit 70 transmits the account information associated with the login ID to the transaction mediation server 208.
In S204, when the control unit 280 of the transaction intermediary server 208 receives the account information, it associates the bank ID corresponding to the account information and transmits it to the mobile terminal 201.

In S206 and S207, the control unit 210 (authentication API processing unit 15) of the mobile terminal 201 performs the personal authentication process with the personal authentication server 4. The personal authentication process of the mobile terminal 201 and the personal authentication server 4 is the same as that of the first embodiment (FIGS. 9 and 10). In the process corresponding to S66 in FIG. 9, the control unit 210 (face image collation unit 18) collates the acquired user's face image with the user ID stored in the collation image storage unit 232. Collate with the image.

In S208, the control unit 210 of the mobile terminal 201 generates and outputs a menu screen based on the received information.
Here, if the identity can be confirmed by the identity authentication process, for example, a reference system process that does not involve updating the bank ledger such as an account inquiry process and an update to the bank ledger such as a transfer process are performed. Allows update processing to be performed. Therefore, the control unit 210 generates and outputs a menu screen including items capable of processing the reference system and processing the update system.
On the other hand, if the identity cannot be confirmed by the identity authentication process, login authentication has been performed, so for example, only the reference system process that does not involve updating the bank ledger, such as the account inquiry process, is permitted.

In S209, the control unit 210 (transaction request unit 220) of the mobile terminal 201 transmits a transaction request including the user ID, the bank ID, and the contents of the transaction item to the transaction intermediary server 208.
In S210, when the control unit 280 of the transaction intermediary server 208 receives the transaction request including the user ID and the bank ID from the mobile terminal 1, the control unit 280 refers to the user information storage unit 287 and acquires the corresponding login ID. Then, the control unit 280 (execution request unit 281) transmits a transaction execution request including the login ID and the contents of the transaction item to the bank server 7.
In S211 of, the control unit 70 (processing execution unit 71) of the bank server 7 performs the transaction execution processing by receiving the transaction execution request including the login ID and the contents of the transaction item from the transaction intermediary server 208.

In addition, this transaction processing was described as an example in the case where the identity is confirmed and the user ID is already associated with the collated image. When the user ID is not associated with the collated image, the same process as the identity verification process of the first embodiment (see FIGS. 7 and 8) may be performed.

As described above, according to the second embodiment, the financial transaction system 200 has the following effects.
In the Internet banking transaction, the mobile terminal 1 in the first embodiment performs personal authentication using the biometric information of the face image performed in the transaction using the bank server 7, and the transaction intermediary server 208 performs the personal authentication using the mobile terminal 201 and the bank. The same mechanism can be applied to the case of conducting a transaction with the server 7. Therefore, in various business service transactions, it is possible to authenticate the person using the biometric information of the face image.

Although the embodiments of the present invention have been described above, the present invention is not limited to the above-described embodiments. Moreover, the effects described in the embodiments are merely a list of the most preferable effects arising from the present invention, and the effects according to the present invention are not limited to those described in the embodiments. The above-described embodiment and the modified form described later can be used in combination as appropriate, but detailed description thereof will be omitted.

(Transformed form)
(1) In each embodiment, the face image acquired by the mobile terminal at the time of identity verification is used as an image used for collation at the time of personal authentication, but the present invention is not limited to this. The face photograph image obtained from the identity verification image acquired by the mobile terminal at the time of identity verification may be used as an image used for collation at the time of identity verification. However, the face image acquired by the mobile terminal at the time of identity verification is an image taken using the same in-camera as the face image taken and acquired at the time of identity verification, and both are acquired under similar shooting conditions. It becomes an image. Therefore, the face image acquired by the mobile terminal at the time of identity verification may have better accuracy at the time of collation.

(2) In each embodiment, the fund transfer transaction has been described by taking as an example a person who authenticates the person by biometric authentication, but the present invention is not limited to this. In other inquiry transactions and the like, personal authentication may be performed by biometric authentication.
Further, in the first embodiment, an example is described in which an authentication method can be selected and an authentication method by biometric authentication can be selected from a plurality of authentication methods, but the present invention is not limited to this. All may be an authentication method by biometric authentication, and if so, the processing related to the authentication method selection screen becomes unnecessary.

(3) In each embodiment, the processing by the identity verification document is described by using only the mobile terminal 1 as an example, but the present invention is not limited to this. A part of the processing by the identity verification document may be performed by the identity verification server.
Specifically, the identity verification processing unit of the identity verification server receives the identity verification image obtained by photographing the driver's license from the mobile terminal. Then, the identity verification processing unit of the identity verification server converts the characters included in the identity verification document into text by OCR (optical character recognition). After that, the identity verification processing unit transmits the text-converted character string to the mobile terminal. The identity verification unit of the mobile terminal receives the text-converted character string and displays the character information on the touch panel display. The mobile terminal may have a function of correcting the displayed character information. Then, the character information acquired from the personal authentication server can be transmitted to the bank server, for example, when the personal identification can be confirmed.
By performing such processing, the bank server can also confirm the name and the like. Further, the received character information may be modified on the mobile terminal. By doing so, even if there is an erroneous conversion or the name or address described in the identity verification document is changed, only the changed part needs to be changed, making it highly convenient. .. In addition, if the character information before and after the changed part is transmitted to the bank server, it can be confirmed whether or not the illegal correction has been made on the bank server.

(4) In the first embodiment, an example is described in which a mobile terminal stores a bank transaction application in order to carry out Internet banking transactions, but the present invention is not limited to this. For example, the bank server may have the function of a Web server and may use the Web browser of the mobile terminal.
(5) In the first embodiment, the case where the user uses only the mobile terminal has been described as an example, but the present invention is not limited to this. For example, it can be applied even when conducting Internet banking transactions using a personal computer (PC) that does not have a camera. In that case, the mobile terminal should have an authentication API, the PC and the mobile terminal should be linked to perform personal authentication on the mobile terminal, and the PC should perform transaction application processing by the bank transaction application. do it.
(6) In the first embodiment, the bank server and the personal authentication server have been described as separate servers, but the present invention is not limited to this. The bank server may be provided with a function of identity verification and identity authentication, and may be realized by one server.
(7) In the first embodiment, when login authentication is possible, a menu screen is output and biometric authentication is performed after a transaction item is specified. Further, in the second embodiment, when login authentication is possible, biometric authentication is performed and then a menu screen is output as an example. However, it is not limited to these. The timing of biometric authentication may be either after the transaction item is specified or before the transaction item is specified. Then, the permitted transactions differ depending on whether biometric authentication is possible or not, and biometric authentication may be required in renewal-type transactions.

1,201 Mobile terminal 3 Driver's license 4 Personal authentication server 7 Bank server 10, 40, 70, 210, 280 Control unit 11,211 Input reception unit 13 Association confirmation unit 14 Identity verification processing unit 15 Authentication API processing unit 16 Authentication request Department 17 Face image acquisition unit 18 Face image verification unit 19 Verification result transmission unit 20,220 Transaction request unit 30,50,75,230,285 Storage unit 31a Bank transaction application 31b Identity verification API
31c certified API
32,232 Collation image storage unit 33,53 Key storage unit 34 Camera 35 Touch panel display 44 Authentication result transmission unit 71 Processing execution unit 77 Account information storage unit 100,200 Financial transaction system 208 Transaction intermediary server 231d Transaction intermediation application 281 Execution request unit 287 User information storage unit

Claims (9)

A mobile terminal equipped with a shooting unit owned by the user,
A personal authentication server that is communicably connected to the mobile terminal and performs personal authentication processing.
A bank server that is communicably connected to the mobile terminal and conducts financial transaction business
It is a financial transaction system equipped with
The bank server includes an account information storage unit that stores account information and user identification information in association with each other.
The mobile terminal
A collation image storage unit that stores the user's face image acquired through the photographing unit at the time of identity verification of the user as a collation image in association with the user identification information used for the login process to the bank server. ,
An input receiving means for receiving the input of the user identification information and
An image acquisition means for acquiring a face image of the user via the photographing unit, and
When the user identification information received by the input receiving means is stored in the collation image storage unit, the user's face image acquired by the image acquisition means and the user identification information stored in the collation image storage unit. Face image matching means for matching with the matching image,
A collation result transmission means for transmitting the collation result by the face image collation means to the personal authentication server, and
With
The personal authentication server includes an authentication result transmitting means for transmitting an authentication result based on the collation result to the mobile terminal.
The mobile terminal includes a request transmission means for transmitting a transaction request including the authentication result received from the personal authentication server and the user identification information to the bank server.
Whether or not the bank server identifies the account information associated with the user identification information with reference to the account information storage unit and permits transactions using the account information based on the authentication result. Equipped with transaction decision means to determine
Financial transaction system. In the financial transaction system according to claim 1,
The mobile terminal is provided with an authentication method receiving means for accepting the designation of the personal authentication method.
The image acquisition means of the mobile terminal acquires the face image of the user via the photographing unit when the designation of the person authentication method by the authentication method receiving means is face authentication.
Financial transaction system. In the financial transaction system according to claim 2,
In the mobile terminal, when the personal authentication method is designated by the authentication method receiving means as face recognition, and the collated image stored in the collated image storage unit is not associated with the user identification information. The user identification information received by the input receiving means is associated with the collated image.
Financial transaction system. In the financial transaction system according to claim 3,
In the mobile terminal, when the designation of the personal authentication method by the authentication method receiving means is face authentication and the collation image is not stored in the collation image storage unit, the person is asked to the personal authentication server. It is provided with an identity verification processing means for transmitting the image of the confirmation document and the face image and performing the identity verification process.
When the associating means of the mobile terminal receives the fact that the identity has been confirmed from the identity authentication server, the face image is used as the collation image and is associated with the user identification information received by the input receiving means. Store in the collation image storage unit,
Financial transaction system. In the financial transaction system according to any one of claims 2 to 4.
The mobile terminal is provided with a transaction item receiving means for accepting transaction items.
The authentication method receiving means of the mobile terminal accepts the designation of the personal authentication method according to the transaction item received by the transaction item receiving means.
Financial transaction system. A mobile terminal equipped with a shooting unit owned by the user,
A personal authentication server that is communicably connected to the mobile terminal and performs personal authentication processing.
A transaction intermediary server that is communicably connected to each of the mobile terminal and a bank server that performs financial transaction business and mediates financial transactions by the user using the bank server.
It is a financial transaction system equipped with
The bank server includes an account information storage unit that stores account information in association with user identification information that identifies the user used for login processing to the bank server.
The transaction intermediary server includes a user information storage unit that stores user identification information, bank identification information, and user identification information in association with each other.
The mobile terminal
A collation image storage unit that stores the user's face image acquired through the photographing unit at the time of identity verification of the user as a collation image in association with the user identification information used for logging in to the transaction intermediary server. When,
An input receiving means for accepting input of the user identification information and the bank identification information,
An image acquisition means for acquiring a face image of the user via the photographing unit, and
When the user identification information received by the input receiving means is stored in the collation image storage unit, the user's face image acquired by the image acquisition means and the user identification information acquired by the collation image storage unit are stored in the collation image storage unit. A face image collating means for collating the collated image,
A collation result transmission means for transmitting the collation result by the face image collation means to the personal authentication server, and
With
The personal authentication server includes an authentication result transmitting means for transmitting an authentication result based on the collation result to the mobile terminal.
The mobile terminal includes a request transmission means for transmitting a transaction request including the authentication result, the user identification information, and the bank identification information to the transaction intermediary server.
The transaction intermediary server refers to the user information storage unit to extract the corresponding user identification information based on the received user identification information and the bank identification information, and corresponds to the bank identification information. The bank server is provided with an execution request means for transmitting the authentication result and the transaction execution request including the user identification information.
Whether or not the bank server identifies the account information associated with the user identification information with reference to the account information storage unit and permits a transaction using the account information based on the authentication result. Equipped with a transaction decision means to determine
Financial transaction system. It is a mobile terminal that the user has and has a shooting unit.
A user who identifies the user to be used for login processing to a bank server that is communicably connected and performs financial transaction business, using the user's face image acquired through the photographing unit as a collation image when confirming the identity of the user. A collation image storage unit that is stored in association with the identification information,
An input receiving means for receiving the input of the user identification information and
An image acquisition means for acquiring a face image of the user via the photographing unit, and
When the user identification information received by the input receiving means is stored in the collation image storage unit, the user's face image acquired by the image acquisition means and the user identification information stored in the collation image storage unit. Face image matching means for matching with the matching image,
A collation result transmitting means that transmits the collation result by the face image collation means to a personal authentication server that is communicably connected and performs personal authentication processing.
A request transmission means for transmitting a transaction request including an authentication result received from the personal authentication server and the user identification information to the bank server.
To prepare
Mobile terminal. It is an authentication module that is executed by a mobile terminal, which is a computer equipped with a shooting unit and owned by the user.
The mobile terminal is a user who identifies the user to be used for a login process to a bank server performing a financial transaction business by using a face image of the user acquired through the photographing unit at the time of identity verification of the user as a collation image. A collation image storage unit that is stored in association with the identification information,
A banking program for conducting banking transactions with the banking server,
With
The mobile terminal
An image acquisition means for acquiring a face image of the user via the photographing unit, and
When the user identification information passed from the bank transaction program matches the user identification information stored in the matching image storage unit, the matching with the user's face image acquired by the image acquisition means. A face image collating means for collating the collated image stored in the image storage unit, and
A collation result transmitting means that transmits the collation result by the face image collation means to the personal authentication server that is communicably connected to the mobile terminal and performs the personal authentication process.
A means for passing the authentication result received from the personal authentication server to the bank transaction program, and
Authentication module to make it work. A mobile terminal having a photographing unit possessed by the user can communicate with the mobile terminal using the user's face image acquired through the photographing unit as a collation image when confirming the identity of the user. It is provided with a collation image storage unit that is stored in association with user identification information that identifies the user used for login processing to a bank server that performs financial transaction business.
An input reception step in which the mobile terminal accepts input of the user identification information,
An image acquisition step in which the mobile terminal acquires a face image of the user via the photographing unit.
When the user identification information received by the mobile terminal in the input reception step is stored in the collation image storage unit, the user's face image acquired in the image acquisition step and the collation image storage unit A face image matching step for matching the matching image stored in
A collation result transmission step in which the mobile terminal is communicably connected to the mobile terminal and transmits the collation result of the face image collation step to a personal authentication server that performs personal authentication processing.
An authentication result transmission step in which the personal authentication server transmits an authentication result based on the collation result to the mobile terminal, and
A request transmission step in which the mobile terminal transmits a transaction request including the authentication result and the user identification information to the bank server.
The bank server identifies the account information associated with the user identification information by referring to the account information storage unit that stores the account information in association with the user identification information, and based on the authentication result, the bank server identifies the account information. A transaction judgment step that determines whether or not to allow transactions using account information, and
including,
Financial transaction method.

Images