JP4053948B2 - Management method and management system for connection authority to server - Google Patents

Description

  The present invention relates to a method or system for managing a connection authority that allows a user to access a predetermined server in association with a plurality of identification information assigned to the user by a computer system.

  In recent years, many companies have attempted to improve business efficiency by using a network in which a plurality of computers inside and outside the company are connected. In such a network environment, from the viewpoint of leakage of confidential information, it is widely practiced to restrict the authority to access servers and other computers in accordance with the employee's position, system, work in charge, etc. . Such access (connection) authority is normally managed in association with identification information such as an ID given to each user (employee, etc.) by a network administrator.

  For example, between a financial institution and a user company affiliated with the financial institution, identification information for each employee of the user company is issued based on the authority to connect to a business processing server owned by the financial institution. The connection authority for each issued identification information is registered in the customer ledger or the like. When a user company employee makes an access request to the server, the financial institution performs authentication based on the identification information of the customer ledger and determines whether or not to permit the connection.

  By the way, when an employee's job structure or work in charge at a user company changes, the number of persons in charge changes, etc., the financial institution receives necessary information from the user company and issues new identification information, The identification information that changed the setting was reissued. Such a connection authority management system has a problem that it is impossible for a user company to quickly and flexibly change a person in charge. In addition, for financial institutions to manage, the burden of issuing and changing identification information by setting the connection authority for each employee and business of the user company is enormous, pressing down the computer resources equipped with the customer ledger Is supposed to do.

  On the other hand, when a financial institution accepts an application for a loan, etc. from a customer, the information related to the application is registered in the customer ledger and business ledger and processed by the accounting system, and from the customer to create a predetermined contract Obtained information separately. For this reason, both the customer and the bank have to repeat the duplicate work, which has a problem in terms of business efficiency.

  The present invention has been made in view of the above problems, and provides a connection authority management method and system that can reduce the load of managing connection authority and allow a user to flexibly set connection authority of employees and the like. Objective.

  Another object of the present invention is to provide a method and system capable of efficiently and quickly performing contract creation and conclusion work necessary for providing a service on a network.

According to a first main aspect of the present invention, there is provided a method for providing financial services to a user by a server connected to a billing system of a financial institution via a communication network, the server storing user information Department (customer ledger), a storage device having a contract document table for storing a contract format and contract processing rules for a financial service concluded by a financial institution with a user, and an input device. When the server accepts a service use application by receiving a service use application by acquiring information on the financial service that the user wants to use and identification information of the user from the input device, the method includes: Based on the extraction process of extracting the contract form of the service related to the use application from the contract table and the acquired user identification information, the contract form The user information necessary for generating the file is collected by searching the user information storage unit, and the extracted contract form and the collected user information are combined to be necessary for the service related to the application. A contract file generation step of generating a contract file and embedding information for identifying the contract processing rule in the contract file, an output step of outputting the generated contract file to the user, and a contract When a signed contract file is obtained from the user who sent the file, the contract processing rule is selected from the contract table based on the contract processing rule identification information embedded in the contract file. In accordance with the selection process to be performed and the selected processing rule, the contract data and user necessary for the accounting system message from the contract document file and the user information storage unit. An extraction step for extracting information; and a transmission step for synthesizing the extracted data to generate a billing system message for instructing execution of a service related to the application and transmitting the billing message to the billing system. A method is provided.

According to such a configuration, when an application for a service is accepted, a contract file necessary for providing the service can be automatically generated and presented to the applicant. In addition, it is possible to prevent omissions in necessary items and differences in contract formats. As a result, the conclusion of a contract through the communication network can be processed efficiently and quickly .

According to a preferred aspect of the present invention, the output step transmits the generated contract document file to a user terminal through a communication network, and the method further includes the step of transmitting the contract file. It is preferable that the method further comprises a step of receiving a contract file with an electronic signature from a terminal of a user who has been made through a communication network .

According to another preferred aspect of the present invention, the output step further includes: when receiving an application for use of a financial service from a user, a contract document file necessary for use of the service; And the user (contracting party) sequentially transmitting in a predetermined order, and the receiving step receives a contract file with an electronic signature from a plurality of contracting parties through a communication network, and receives the received records. Are sequentially registered in the contract status registration unit of the contract file storage unit, and the search step searches the contract file and the contract processing rule when the reception records are registered for all contract parties. Is .

According to another preferred aspect of the present invention, a change authority that can change a plurality of connection authorities to the server assigned to the user is stored in the connection authority storage unit in association with the identification information of the user. A connection authority storage step, a contract information storage step of storing in the connection authority storage unit information on a contract relating to an available service previously concluded between the user and the user's identification information, and a service from the user Information and user identification information are acquired and a request to change the authority of the connection authority of the user is accepted, the service and user identification information related to the change request are stored based on whether the connection authority storage unit stores the service and user identification information. A change authority authentication process for authenticating the change authority, and if the authentication is valid, the connection authority of the connection authority storage unit is updated based on the received authority change request. It is preferable to provide a connection permission update step of.

According to another preferred aspect of the present invention, a change authority that can change a plurality of connection authorities to the server assigned to the user is stored in the connection authority storage unit in association with the identification information of the user. A connection authority storing step, an internal task storing step of storing identification information assigned to an internal task performed by a user in relation to the financial service in the connection authority storing unit in association with the service, and a service use application receiving step. A connection authority authentication step for authenticating the connection authority of the user based on whether the received financial service information and user identification information are registered in the connection authority storage unit, and the contract form extraction step includes: When the connection authority authentication is valid, the contract form of the service related to the use application is extracted.

According to another preferred aspect of the present invention, the internal work storing step stores a plurality of pieces of identification information assigned to a plurality of internal works for each service in a connection authority storage unit. When the service information and the user identification information are acquired from the user and one or more connection authority change requests are received, the connection authority is granted for all internal operations stored in association with the service related to the change request. A workflow verification process to verify whether it is set is provided .

According to another preferred aspect of the present invention, a change authority that can change a plurality of connection authorities to the server assigned to a user for each of a plurality of types of financial services is further associated with the identification information of the user. The step of storing in the connection authority storage unit, and the financial service and user identification information related to the change request when the financial service type information and the user identification information are acquired from the user and the connection authority authority change request is received. And a step of authenticating the change authority of the user based on whether or not is stored in the connection authority storage unit .

According to another preferable aspect of the present invention, the connection authority is further stored in the connection authority storage unit in association with the change information that can change the plurality of connection authorities to the server assigned to the user in association with the identification information of the user. Authority storage step, and when the user identification information is acquired from the user and a request to change the authority of the user's connection authority is received, the change of the user is performed based on whether the user identification information is stored in the connection authority storage unit A change authority authentication step for performing authority authentication, and the change authority authentication step can be changed by the user from the connection authority storage unit based on user identification information acquired from the user when the authentication is valid. An interface generation process for generating an interface for extracting a connection authority and inputting a connection authority to be changed is provided.

According to a second main aspect of the present invention, there is provided a server that is connected to a billing system of a financial institution via a communication network and provides financial services to a user, including a user information storage unit (customer ledger), financial Contract form table for storing contract format and contract processing rules for financial services concluded by an institution with a user, contract file storage unit for storing contract contract electronic files (contract file), and computer The server includes a storage device including a program storage unit that stores a program, a control unit that reads and executes a computer program, and an input device, and the server reads and executes the computer program, Service by obtaining information on financial services desired by the user and identification information of the user from the input device Based on the receiving means for accepting the use application, the extracting means for extracting the contract form of the service related to the use application from the contract table when the use application for the service is accepted, and the acquired user identification information A service relating to the application by combining the collecting means for searching the user information storage unit for collecting user information necessary for generating the contract file, the extracted contract form, and the collected user information A contract file generation unit that generates a contract file necessary for the contract and embeds information for identifying the contract processing rule in the contract file, and an output unit that outputs the generated contract file to the user and, from the user contract file has been sent, if you get a signed contract file, embedded in the contract file Based on the contract processing rule identification information, said selecting means from the contract table selecting rules to the agreement, according to the selected processing rule, necessary for the accounting message from the contract file and the user information storage unit contract Extraction means for extracting data and user information, and transmission means for synthesizing the extracted data to generate a bill system message for instructing execution of a service related to the application and transmitting it to the bill system A server is provided.

According to such a configuration, a server capable of suitably realizing the method according to the first main aspect described above is provided.

ADVANTAGE OF THE INVENTION According to this invention, the method and server which can perform efficiently the production | generation of a contract required when providing a service , and the operation | work of a conclusion on a network quickly can be obtained.

Further, according to the present invention, it is possible to obtain a method and a server that can reduce a load for managing connection authority and allow a user to flexibly set connection authority of an employee or the like .

  Other features and remarkable effects of the present invention will be understood more clearly by referring to the description of the best mode section for carrying out the present invention and the attached drawings.

  Hereinafter, a case where the present invention is applied between a bank that provides various financial services to a user and a user company that requests financial services from the bank will be described as an example.

(overall structure)
FIG. 1 is an explanatory diagram showing the overall configuration of an embodiment of the present invention. The bank indicated by reference numeral 1 in this figure is a connection authority management system 2 according to the present invention to one or more servers installed in the bank, and a bank 1 connected to the connection authority management system 2 via a LAN or the like. An accounting system 3 for processing business is provided. Since the billing system 3 can adopt a conventionally known configuration that is widely used, detailed description thereof is omitted.

  As will be described in detail later, the connection authority management system 2 connects the customer ledger 4 which is a database for storing basic information such as a customer's name (name), address, account number, branch name in charge, and the user company 5. Authentication database (DB) 6 (connection authority storage unit) for registering authority and authority to change this connection authority, and various contract formats required for financial services provided by this bank 1 to customers And a contract table 7 (contract form storage unit) which is a database to be stored. This connection authority management system 2 is connected to a business processing system 8 that performs business processing such as in-house slip creation and approval within a user company 5 via a network (a dedicated line or a public line such as the Internet and a Web server). It is configured to be able to transmit data necessary for application and business processing of various financial services.

  The user company 5 includes, in addition to the business processing system 8, an employee database (DB) 9 that stores bibliographic items such as employee names and employee numbers (employee ID), and internal business operations as business codes. A business table 10 to be stored in association with each other, and a connection authority management database (DB) 11 in which identification information (connection ID) used by each employee when performing business and a predetermined connection authority associated with the connection ID are stored. Is provided. These systems 8 and the like are provided in one or more servers connected to an in-house network such as a LAN. By connecting to this server from a plurality of employee terminals, information inquiries and predetermined business processing are performed. It is configured as a workflow system that can. These servers, workflow systems, and the like can be appropriately used as well-known conventional ones, and will not be described in detail.

(Configuration of connection authority management system)
FIG. 2 is a functional block diagram showing a schematic configuration of the connection authority management system 2.
The system 2 includes a CPU 17, a RAM 14, an input / output device 15 such as a keyboard and a CRT display, and a bus 17 to which a communication device 16 such as a modem is connected. The customer ledger 4, authentication DB 6, contract table 7, and program storage And a portion 18.

  For example, as shown in FIG. 3, the authentication DB 6 includes a plurality of user IDs (business IDs 21 and 10) for a plurality of transactions 20 (01 to 10) related to use applications set by the connection authority manager of the user company 5. A plurality of records and fields are set so that the connection authority for each application service defined by the contract concluded between the bank 1 and the user company 5 can be stored for each change authority ID 22) for the administrator. Yes. The plurality of records and fields are settable areas of the user company 5 (connection authority manager). In the illustrated example, the user company 5 has applied for four business IDs 21 for the “B2C gateway service”, and a transaction type of 01 to 10 is set for this service. By checking the transaction type check box 23, the connection authority of the business ID 21 can be set for each transaction type. In addition, transactions (08, 09) in which the check box field 23 is not displayed indicate that they are not subject to contract. The authority can be set for each group (department / section, etc.) to which a plurality of users belong.

  Only one change authority ID 22 for the administrator who sets / changes the connection authority is given to the user company 5. The change authority ID 22 is generated and distinguished from the business ID 21 so that the character type and the number of digits are different. As will be described later, based on the change authority ID 22, authentication for a connection authority change request from the administrator is performed. This change authority ID 22 may be set as an authority change dedicated ID, or may be shared with the business ID 21.

  Note that “setting / changing connection authority” may be added to the “transaction type”, and authority may be set for the business ID 21. Thereby, it is also possible to set the range, level, type, etc. in which the connection authority can be changed for each of the plurality of change authority IDs 22. For example, it is possible to set so that the headquarters / business department / department / section / person in charge can change the connection authority of the members of each organization. In this case, it is preferable that a higher-level manager can set connection authority and change authority of a lower-level manager. All such change authority ranges and the like are registered in the authentication DB 6 in association with the user identification information (company code).

  The authentication DB 6 also stores an authentication classification and an access password for each user ID based on the use application of the user company 5. The access password may be automatically generated simultaneously with the generation of the user ID (21, 22) by the user ID generation unit 31 described later.

  In the contract table 7, for example, as shown in FIG. 4, a predetermined contract form is registered for each type of contract (financial service). The type of the contract is given in the form of a contract type code 24 (contract model number) having a serial number starting from 1, for example. The example shown in the figure is a form of a monetary consumption agreement with a contract template number (type code 24) <1>, and a tag for embedding necessary data in a predetermined column is set. For example, “0” indicates the title of the contract, “6” indicates the borrowing amount, “7” indicates the borrowing date, “11” indicates the borrower's address, and “12” indicates the name of the borrower. Data relating to the service application and predetermined data extracted from the customer ledger 4 are respectively embedded at the tag positions to generate a contract document file. Further, as will be described later, a data processing rule 25 for extracting predetermined data from the generated contract document file and generating a bill system message is also associated with the contract type code 24 in the contract table 7. Stored.

  Next, the program storage unit 18 shown in FIG. 2 includes a connection authority registration function 26 for registering a connection authority of a plurality of business IDs 21 and a change authority ID 22 of an administrator in the authentication DB 6 based on an application from the user company 5. A contract file generation function 27 for receiving a use application of (financial service) and generating a necessary contract file, and a bill system message generation function 28 for generating a message to be transmitted to the bill system 3 from the generated contract file. Each functional unit is provided.

(Connection authority registration function)
As shown in FIG. 5, the connection authority registration function 26 receives an application for a financial service use contract from each user of the user company 5 and associates the information related to the application with the identification information (company code, etc.) of the user. The contract application receiving unit 30 registered in the authentication DB 6, the user ID generating unit 31 for generating the number of user IDs (change authority ID 22 and business ID 21) related to the application from the user company 5, and the generated user ID The user ID output unit 32 for notifying the connection authority manager of the user company (21, 22), and when the application for the authority change of the connection authority is accepted from the administrator, the authority right based on the change authority ID 22 The change authority authenticating unit 33 for authenticating the authentication, and when the authentication is valid, the administrator extracts information including the contract contents with the user company 5 from the authentication DB 6 and the administrator A connection authority setting table generation / output unit 34 that generates a connection authority setting table (interface) displaying a plurality of IDs (21, 22) that can be determined (changed) and transmits the table to the administrator, and this connection authority setting table All the transactions in the user company 5 registered in the authentication DB 6 in association with the service related to the change request when receiving the connection authority and the change authority for each user ID (21, 22) input and set by the administrator through The business flow verification unit 35 for verifying whether the connection authority is set for the process (whether the business process is secured and the business can be performed), and the setting when it is determined that the business flow can be performed Connection authority registration in which (changed) connection authority or change authority is associated with the company code of the user company 5 (see FIG. 3) and stored in the authentication DB 6 It consists of 36 Metropolitan.

  Here, the change authority authentication unit 33 searches the contract information stored in the authentication DB 6 when an application for authority change is made, and the service type in which the authority change related to the application is determined by the contract with this user -Also determine whether it is within the range of connection authority. Therefore, when accepting a connection authority change request, the type of service related to the application is acquired together with the user identification information and the administrator change authority ID 22.

  In addition, the connection authority table generated by the connection authority setting table generation / output unit 34 includes, as shown in FIG. 6, the user concerned for a plurality of services (two in the illustrated example) related to the application from the user company 5. For each of a plurality of in-house transaction processes (displayed only for transactions 01 to 05) in the company 5, the connection authority 21 can be set for each of the four IDs related to the application. Only the services covered by the contract are displayed in the “Application Service” column. The administrator selects the service for which connection authority is to be set / changed with a radio button, and the user name, department name, validity period of the authority, connection authority (01 to 05) for which the check box for the ID to be set / changed is checked Set / change etc. “Expired” is displayed for IDs whose validity period has passed.

  FIG. 7 shows the authentication DB 6 when the administrator sets the connection authority. As shown in this figure, the connection authority set for each business ID 21 for a plurality of transactions (01 to 11) is stored in association with the information of the user company 5. Note that the user authority management screens of FIGS. 3, 6, and 7 described above can be displayed only after the administrator of the connection authority has been authenticated based on the administrator ID 22.

  In addition, the connection authority setting table generation / output unit 34 reads the authority setting table (FIGS. 3 and 6 etc.) generated in advance from the authentication DB 6 by a query or the like, and customizes according to the contents of the contract application from the user company 5 To do. Also, when a change of connection authority is received from the administrator of the user company 5, the authority setting table is customized and generated according to the received setting change content. This makes it easier to set the connection authority and verify the set connection authority.

(Contract document generation function)
Next, as shown in FIG. 8, the contract document generation function 27 obtains information such as user identification information from the user company 5 and accepts a contract for use of a contracted financial service; The contract form extraction unit 41 that extracts the contract form of the service related to the use application from the contract table 7 and data necessary for generating the contract file other than the information acquired at the time of application Necessary for providing the service by combining the extracted information and the information acquired by the service use application receiving unit 40 into the extracted contract form, which is extracted from the customer ledger 4 and collected. A contract file generator 43 that generates a simple contract file in a predetermined file format such as PDF (Portable Document Format) and the generated contract file The contract file transmitting unit 44 that transmits to the terminal of the person in charge of the user company 5 through the network, and the electronic document that receives the contract file with the electronic signature attached by the user company 5 through the communication network and that verifies the validity of the electronic signature. And a signature verification unit 45.

  Here, as information acquired by the service use application receiving unit 40, for example, in the case of an application for money borrowing, information that can identify the user company 5 such as a user company code and a transaction account number, a borrowing amount, a repayment period, and the like Application information. The acquired information is associated with a company code or the like and stored in the authentication DB 6 or the like. Examples of data extracted from the customer ledger 4 by the user information extraction unit 42 include the address of the user company 5 related to the application and the representative name.

  As will be described later, the contract file generation unit 43 sets an electronic signature field (see reference numeral 61 in FIG. 13) at a predetermined position of the contract template, and also generates a predetermined account system message from the generated contract file. It also has a function of giving a predetermined rule identification tag for identifying a processing rule when extracting data for generation to a contract file in advance. The rule identification tag is composed of a serial number, a simple symbol, etc., and may be readable electronically on the contract document file, and need not be visible. The process for signing the electronic signature field will be described later.

(Account message generation function)
Next, as shown in FIG. 9, the bill system message generation function 28 reads a rule identification tag attached to the generated contract document file, and performs data processing from the contract table 7 based on this tag. A processing rule selection unit 50 that selects a rule, a contract data extraction unit 51 (user information extraction unit) that extracts predetermined data from a contract file in accordance with the selected data processing rule, and data required for an accounting system message A customer data extraction unit 52 that extracts data (bank branch names, account subjects, etc.) that are not included in the contract file from the customer ledger 4, and generates the accounting system message by synthesizing the extracted data. An accounting system message generation / output unit 53 to be transmitted to the accounting system 3 is configured.

  Here, the processing rule may be set in advance for each contract (service) type and registered in the contract table 7, or a common rule unrelated to the contract type may be set. You can also.

  Each component described above is actually a certain area secured in a storage medium of a computer system provided in the bank 1 and a program installed in this area. The CPU 13 calls the RAM 14 on the RAM 14. By being executed, each function of the present invention is performed in cooperation with an OS (operation system).

(Specific processing steps)
Next, detailed functions of the connection authority management system 2 will be described together with actual operations with reference to FIGS. In addition, S1-S40 of these figures is a code | symbol which shows a process order, and respond | corresponds to step S1-S40 of the following description.

(Connection authority setting flow)
First, a process in which the connection authority management system 2 acquires and registers the connection authority set for each ID by the connection authority manager of the user company 5 will be described with reference to the flowchart of FIG.

  First, when the contract application receiving unit 30 acquires the type of financial service (business) that the user company 5 desires to use, information on the connection authority manager, etc., and accepts the service use contract application (step S1), The application contents are registered in the authentication DB 6 in association with the company code of the user company 5 (step S2). Further, the user ID generation unit 31 generates the number of user IDs (change authority ID 22 and business ID 21) related to the application and registers them in the authentication DB 6 (step S3). FIG. 3 described above shows this state.

  Next, the user ID output unit 32 notifies the generated user IDs 21 and 23 to the user company 5 (connection authority manager) (step S4). After receiving the notification, when the connection authority manager presents the change authority ID 22 to the connection authority management system 2 and applies for registration of the connection authority (step S5), the change authority authentication unit 33 makes the authentication DB 6 The validity of the application is authenticated based on the change authority ID 22 registered in (Step S6). When the authentication is valid, the connection authority setting table generation / output unit 34 generates an authority setting table (see FIG. 6) based on the contract contents of the user company 5 from the authentication DB 6 and transmits it to the administrator ( Step S7). Note that after registering the user ID in step S3, steps S4 to S6 may be omitted, and the process may proceed to step S7 to generate an authority setting table.

  The authority setting table generated in this way is transmitted to the administrator's terminal or displayed on the terminal screen by the browser function of this terminal when the administrator accesses the connection authority management system 2, and this management Can set (input) the connection authority. In this state, the administrator sets the connection authority for each of the plurality of business IDs 21 in accordance with the in-house business processing process, the employee's system registered in the employee DB 9, the department to which he / she is in charge, etc. Input to the setting table (step S8). The inputted connection authority for each business ID 21 is accepted by the business flow verification unit 35 via the network, and compared with the use application contents of the user company 5 registered in the authentication DB 6 (step S9). Specifically, it is verified whether connection authority is set for all of a plurality of internal business processes for each registered business. The in-house business process includes, for example, transactions 01 to 11 shown in FIG. 7 and draft / approval of forms.

  When the verification of the business flow is completed, the connection authority registration unit 36 registers the connection authority for each set business ID 21 in the authentication DB 6 in association with the user company 5 (step S10). FIG. 7 shows the state in which the connection authority is registered.

  When registration in the authentication DB 6 is completed, the connection authority manager is notified of the completion of registration, and the connection authority manager who has received the notification registers in the connection authority management DB 11 (step S12). Also, the business ID 21 is distributed to related employees to notify the connection authority (step S13). Thereby, each employee can access the server for the service use of the bank 1 by inputting (presenting) the business ID 21.

  In this embodiment, since the connection authority for each business ID is set by the above-described process, the user company can flexibly set the connection authority according to the in-house business processing process, the person in charge, or the like. In addition, for a bank that issues a user ID, it is possible to reduce the load of issuing and managing the user ID associated with the connection authority after obtaining detailed information from the user company 5, thereby speeding up business processing and saving computer resources. realizable.

(Change connection authority flow)
Next, the process of changing the connection authority will be described with reference to the flowchart of FIG. In this processing step, since the same processing as the connection authority setting flow described above is often performed, the description of the overlapping portions is simplified.

  First, in this process, when an event such as an increase / decrease in employees or a change in charge of business occurs (step S20), the manager applies to the connection authority management system 2 for increase / decrease in connection authority / number of IDs for business ID 21 ( Step S21).

  When the application for setting change is received by the contract application receiving unit 30, authentication and verification of the application content are performed based on the administrator change authority ID 22 received by the change authority authentication unit 33 (step S22). If the authentication is valid, the contract contents in the authentication DB 6 are updated if it is necessary to change the initial contract contents such as increase / decrease of the business ID (step S23). Then, based on the updated contract contents, the connection authority setting table generation / output unit 34 generates a connection authority setting table and transmits it to the administrator (step S24).

  The administrator inputs the increased connection authority of the business ID 21 and the connection authority of the business ID 21 related to the setting change to the connection authority setting table (step S25). The input setting contents are verified by the business flow verification unit 35 and registered in the authentication DB 6 by the connection authority registration unit 36, as in the connection authority setting flow (steps S26 and S27). When receiving the notification that the registration is completed, the administrator registers the connection authority related to the change in the connection authority management DB 11 (step S28), distributes the business ID 21 to related employees, and notifies the connection authority. (Step S29).

(Flow of generating contract file and account system message from service application)
Next, with reference to the flowchart of FIG. 12, the processing steps at the time of service application and contract file generation will be described.
In this process, first, when the employee in charge of the user company 5 presents the business ID 21 and applies to the bank 1 for use of the service defined in the contract (step S30), the service use application acceptance unit 40 uses the business service. Authentication of the connection authority to the bank server is performed based on ID21 (step S31). Here, an example will be described in which the user company 5 has applied for business 1 (money borrowing).

  When the validity of the connection authority is authenticated, a contract document file necessary for the business 1 is generated (step S32). This process will be described in detail later.

  Next, the person in charge of the user company 5 is notified by e-mail or the like that the contract document file has been generated (step S33), and this person in charge accesses the connection authority management system 2 to receive the generated contract document file. (Step S34). As described above, an electronic signature column is added to this contract document file, and the user company 5 processes the electronic signature after confirming the contract contents (step S35).

  Here, examples of screens on which the user company 5 performs contract conclusion (approval) and electronic signature are shown in FIGS. When the user company 5 selects the “signature tag” 62 after confirming the contract contents (service application contents) while scrolling the contract document file display section 60 on the screen of FIG. 13, the signature tag is displayed in FIG. Is displayed. As shown in FIG. 13, an electronic signature column 61 is set in the contract file.

  When “signature in signature field” is selected in the signature tag, an “electronic signature handler selection window” 63 in FIG. 15 is displayed. Note that an “electronic signature handler selection window” 63 is also displayed when the electronic signature column 61 is clicked on the screen of FIG. In this window 63, when an encrypted electronic signature issued in advance by the bank 1 is selected and the “OK” button is pressed, an encrypted electronic signature is attached to the electronic signature column 61 as shown in FIG. The contract file is completed. The encryption format of the electronic signature is well known in the art and will be described in detail.

  The contract file created in this way is uploaded by the person in charge of the user company 5 to the connection authority management system 2 through the network (step S36 in FIG. 12). Next, the digital signature verification unit 45 verifies the validity based on whether the digital signature attached to the contract document file matches the digital signature issued to the user company 5 in advance (step S37). When it is determined that the electronic signature is valid, the verification result is notified to the user company 5 (step S38), and the user company 5 stores the contract file (step S39).

  If it is determined that the electronic signature of the contract file is valid, the bank 1 also stores the contract file (step S40), and the account system message generation function 28 generates an account system message (step S40). S41). Details of this processing will be described later.

(Contract file generation flow)
FIG. 17 is a flowchart showing details of the contract file generation process (step S32 in FIG. 12) and an image of data generated or extracted in each processing process.

  In step S31 of FIG. 12, when the validity of the connection authority of the business ID 21 at the time of service use application is authenticated, the service use application accepting unit 40 stores the data related to the application with the unique information (company name and company name). It is stored in the authentication DB 6 in association with the company code (step S32-1).

  Next, the contract form extraction unit 41 extracts the contract form (see FIG. 4) of the service related to the application from the contract table 7 based on the contract type code 24 related to the application (step S32-). 2). When the contract form is extracted, the user information extraction unit 42 extracts the user basic data (such as the address of the user company 5 and the representative) necessary for generating the contract file from the customer ledger 4 (step S32). -3).

  Next, the contract file generation unit 43 writes the extracted application data and user basic data in accordance with a data input tag attached to a predetermined position of the contract form to generate a contract file (step S32-). 4). The contract file generated in this way is downloaded to the terminal by the person in charge of the user company 5 accessing the connection authority management system 2 (step S33).

(Accounting message generation process)
Next, details of the accounting telegram generation step (step S41 in FIG. 12) will be described with reference to the flowchart in FIG. 18 and the image of data extracted in each processing step.

  In step 37 of FIG. 12, when it is determined that the electronic signature attached to the contract file by the user company 5 is valid, generation of the accounting system message transmitted to the accounting system 3 by the accounting system message generation function 28 is performed. Done.

  First, the processing rule selection unit 50 extracts (selects) a data processing rule from the contract table 7 based on the rule identification tag embedded in the contract file (step S41-1). This data processing rule is prepared for each service (for each contract) and stored in the contract table 7. For example, in the case of borrowing and borrowing money in this embodiment, it is possible to extract unique data such as the amount and execution date, common data such as the customer number of the user company 5 from the contract file, and data that is not in the contract file. Supplementing with the customer ledger 4 is stipulated.

  According to the selected processing rule, the contract data extraction unit 51 first extracts contract data from the contract document file (step S41-2), and then the customer data extraction unit 52 extracts customer data from the customer ledger 4 (step S41). -3).

  When all necessary data is extracted, the billing system message generation / output unit 53 synthesizes the billing system message (step S41-4) and transmits it to the billing system 3 (step S41-5).

  With the configuration as described above, the invention according to this embodiment has the following specific effects.

  First, since the data extracted from the approved contract document file by the user company 5 is transmitted to the accounting system 3, the application of the service is accepted, the contract contents are approved, the contract document is created, and the accounting system is used. It is possible to smoothly perform processing up to the execution of a series of business processes. This improves operational efficiency within the bank and enables rapid processing. In addition, the reliability and credibility of accounting messages will be greatly improved. Furthermore, data necessary for business processing can be transmitted to the accounting system 3 without omission, and verification of necessary data is not necessary.

  In addition, this invention is not limited to said embodiment, A various deformation | transformation is possible in the range which does not change the summary of invention.

  For example, in the above embodiment, the example in which the user company 5 applies for the use of the financial service to the bank 1 has been described. However, the present invention is not limited to this. The present invention can be applied. For example, the connection authority management method according to the present invention can be suitably employed when a member of a specific group having no legal entity uses a plurality of pieces of identification information, or in online shopping or ASP.

(Create a written contract)
In the above embodiment, the contract file with the electronic signature is stored as an official contract as it is. However, in a specific contract, the electronic contract (electronic signature) is recognized as legally valid. You may need to re-create a written contract. In such a case, the connection authority management system includes a contract creation instruction generation / output unit that generates contract creation instruction data for the user company 5 when the validity of the electronic signature is confirmed. preferable. Specifically, as shown in FIG. 19, when the validity of the electronic signature attached by the user company 5 is confirmed (step S37), the contract creation instruction generation / output unit is a written contract. Is generated and transmitted to the user company 5 (step S38a). Upon receiving the verification result of the electronic signature, the user company 5 prints out and seals the contract file, and creates a contract (steps S39 and S42). The prepared written contract is sent to the bank 1 or related companies by mail or the like for storage. Even in this case, the account system message can be generated from the contract file as in the above embodiment (step S41), so the creation of the contract in writing and the generation and transmission of the account system message are performed simultaneously. And quick business processing becomes possible. In addition, there is no need to transfer application data from application forms to contracts, and to read application forms and contracts using OCR to generate electronic data (account-related telegrams). Can be reduced.

  In addition, when there are a plurality of contract parties of financial services such as so-called syndicated loans that have been used in recent years, as shown in FIG. 20, the contract parties sequentially attach electronic signatures to contract files on the network. It is preferable to do so. Here, the syndicated loan refers to a joint loan in which a plurality of banks form a loan group (syndicated) and lend to a company or the like. Note that steps 1 to 10 in the following description correspond to circled numbers 1 to 10 in FIG.

  In the example of this figure, first, the bank (secretary) as the secretary attaches an electronic signature to the contract file and presents it to the status management server (contract status registration unit) (steps 1 and 2). The status management server performs simple authentication on the contract document file, the electronic signature format, and the like, and notifies (outputs) the participation line A to prompt the signature. Next, the participant A who has received the notification accesses the status management server and downloads the contract document file with the electronic signature of the secretary (step 3). When this participating line A confirms the contents of the contract, attaches an electronic signature to the contract document file and uploads it to the status management server (steps 4 and 5), the form of the electronic signature of the participating line A is authenticated, etc. The next participating row B is notified (output). Participating line B downloads the contract file with the electronic signatures of the secretary and participating line A from the status management server (step 6), confirms the contract contents, attaches the electronic signature to the contract file, and Upload to the status management server (steps 7 and 8).

  The status management server repeats such processing to sequentially register the reception records of contract files with electronic signatures from a plurality of contract parties, and when the reception records are registered for all contract parties, the contract document file The validity confirmation is notified to a predetermined certificate authority for all the electronic signatures attached to (step 9). When the validity of the electronic signature is confirmed, the contract file is stored in the contract storage server (step 1). By such a method, even when there are a plurality of contract parties, an electronic signature can be quickly and smoothly applied to the contract document file. In addition, by performing simple authentication by the status management server every time an electronic signature is performed, it is possible to quickly respond when there is a doubt about the validity of the signature or when an illegal act is performed. Furthermore, by performing strict authentication by the certificate authority after all the electronic signatures are completed, it is possible to ensure the validity of the electronic signature and smoothly execute the contract.

Explanatory drawing which shows the whole structure of one Embodiment of this invention. The functional block diagram which shows schematic structure of a connection authority management system. Explanatory drawing of an authentication database. The figure which shows an example of the format of a contract. The block diagram which shows the structure of a connection authority registration function. The figure which shows an example of a connection authority setting table. The figure which shows the state after the connection authority setting of an authentication database. The block diagram which shows the structure of a contract document production | generation function. The block diagram which shows the structure of a bill system message generation function. The flowchart which shows the setting process of a connection authority. The flowchart which shows the change process of a connection authority. The flowchart which shows the production | generation process of a contract document file from application of a service. The figure which shows the example of a contract conclusion screen. The figure which shows the example of a contract conclusion screen. The figure which shows the example of a contract conclusion screen. The figure which shows the example of a contract conclusion screen. The flowchart which shows the production | generation process of a contract document file. The flowchart which shows the production | generation process of a bill system message. The figure which shows other embodiment of this invention. The figure which shows other embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Bank 2 ... Connection authority management system 3 ... Account system 4 ... Customer ledger 5 ... User company 6 ... Authentication database 7 ... Contract table 8 ... Business processing system 9 ... Employee database 10 ... Business table 11 ... Connection authority management Database 13 ... CPU
14 ... RAM
DESCRIPTION OF SYMBOLS 15 ... Input / output device 16 ... Communication device 17 ... Bus 18 ... Program storage part 20 ... Transaction (type)
21 ... Business ID
22 ... Administrator ID (change authority ID)
23 ... Check box column 24 ... Contract type code 25 ... Data processing rule 26 ... Connection authority registration function 27 ... Contract file generation function 28 ... Account system message generation function 30 ... Contract application reception unit 31 ... User ID generation unit 32 ... User ID output unit 33 ... Change authority authentication unit 34 ... Connection authority setting table generation / output unit 35 ... Business flow verification unit 36 ... Connection authority registration unit 40 ... Service use application reception unit 41 ... Contract form extraction unit 42 ... User information Extraction unit 43 ... Contract document file generation unit 44 ... Contract document file transmission unit 45 ... Digital signature verification unit
DESCRIPTION OF SYMBOLS 50 ... Processing rule selection part 51 ... Contract data extraction part 52 ... Customer data extraction part 53 ... Account system message production | generation / output part 60 ... Contract file display part 61 ... Electronic signature column 62 ... Signature tag 63 ... Electronic signature handler selection window

Claims (16)

A method of providing financial services to a user by a server connected to a billing system of a financial institution via a communication network,
The server includes a user information storage unit (customer ledger), a storage device including a contract document table storing a contract form and contract processing rules regarding a financial service concluded by a financial institution with a user, and an input Having a device,
In this method, the server
A receiving step of receiving information on the financial service that the user desires to use and identification information of the user from the input device and receiving a service use application;
An extraction step of extracting the contract form of the service related to the use application from the contract table when the service use application is accepted;
Based on the acquired user identification information, a collection process for searching and collecting user information necessary for generating a contract file by searching the user information storage unit;
A contract in which the extracted contract form and the collected user information are combined to generate a contract file necessary for the service related to the application, and information for identifying the contract processing rule is embedded in the contract file Document file generation process,
An output process for outputting the generated contract file to the user;
When a signed contract file is acquired from the user to whom the contract file is sent, the contract processing rule for the contract is obtained from the contract table based on the contract processing rule identification information embedded in the contract file. A selection process for selecting
In accordance with the selected processing rule, an extraction process for extracting contract data and user information necessary for the account system message from the contract document file and the user information storage unit;
A transmission step of synthesizing the extracted data, generating an accounting system message for instructing execution of a service related to the application, and transmitting the accounting system message to the accounting system. The method of claim 1, wherein
The output step is to transmit the generated contract document file to the user's terminal through a communication network,
The method further comprises a step of receiving a contract file with an electronic signature through a communication network from a user terminal to which the contract file has been transmitted. The method of claim 2, wherein
In the output step, when an application for use of a financial service is received from a user, a contract document file necessary for use of the service is transmitted to a server administrator and the user (contracting party) through a communication network in a predetermined order. Are sent in sequence,
The receiving step is to receive a contract file with an electronic signature from a plurality of contract parties through a communication network, and sequentially register the received records in the contract status registration unit of the contract file storage unit,
The method of searching for the contract file and contract processing rules when the reception record is registered for all contract parties. The method of claim 1, comprising:
further,
A connection authority storing step of storing a change authority capable of changing a plurality of connection authorities to the server assigned to the user in association with the identification information of the user and storing it in a connection authority storage unit;
A contract information storage step of storing in the connection authority storage unit information on a contract related to an available service that has been concluded in advance with the user in association with the identification information of the user;
When service information and user identification information are acquired from the user and an authority change request for user connection authority is received, based on whether the service and user identification information related to the change request is stored in the connection authority storage unit Change authority authentication process for authenticating the change authority of the user,
And a connection authority update step of updating the connection authority of the connection authority storage unit based on an accepted authority change request when authentication is valid. The method of claim 1, wherein
further,
A connection authority storing step of storing a change authority capable of changing a plurality of connection authorities to the server assigned to the user in association with the identification information of the user and storing it in a connection authority storage unit;
An internal business storage step of storing identification information assigned to an internal business performed by a user in relation to the financial service in a connection authority storage unit in association with the service;
A connection authority authentication step for authenticating the connection authority of the user based on whether the financial service information and the user identification information received in the service use application reception process are registered in the connection authority storage unit, and
The contract form extracting step is to extract a contract form of a service related to a use application when authentication of connection authority is valid. The method of claim 5, wherein
The internal work storage step stores a plurality of identification information assigned to a plurality of internal works for each service in a connection authority storage unit,
In this method, when the service information and the user identification information are acquired from the user and one or more connection authority change requests are received, all internal information stored in association with the service related to the change request is stored. A method comprising a business flow verification process for verifying whether connection authority is set for a business. The method of claim 1, wherein
further,
Storing a change authority that can change a plurality of connection authorities to the server assigned to a user for each type of a plurality of types of financial services in association with the identification information of the user in a connection authority storage unit;
When the financial service type information and the user identification information are acquired from the user and the authority change request for the user connection authority is received, the financial service and the user identification information related to the change request are stored in the connection authority storage unit. And a step of authenticating the change authority of the user based on whether or not the user is authorized. The method of claim 1, wherein
further,
A connection authority storage step of storing a change authority capable of changing a plurality of connection authorities to the server assigned to the user in a connection authority storage unit in association with the identification information of the user;
When the user identification information is acquired from the user and a request for changing the authority of the connection authority of the user is received, the change authority of the user is authenticated based on whether the user identification information is stored in the connection authority storage unit. A change authority certification process,
In the change authority authentication step, when authentication is valid, the connection authority that can be changed by the user is extracted from the connection authority storage unit based on the user identification information acquired from the user, and the connection authority to be changed is input. An interface generation step of generating an interface for the purpose is provided. A server that is connected to an accounting system of a financial institution via a communication network and provides a financial service to a user,
User information storage (customer ledger), contract form for contracts and contract processing rules for financial services signed by financial institutions with users, contract contract electronic files (contract documents file) A contract file storage unit for storing, a storage device including a program storage unit for storing a computer program, a control unit for reading and executing the computer program, and an input device;
The server reads and executes the computer program so that the server can
A receiving means for receiving information on the financial service that the user desires to use and identification information of the user from the input device and receiving a service use application;
Extracting means for extracting the contract form of the service related to the use application from the contract table when receiving the use application of the service;
Based on the acquired user identification information, collecting means for searching and collecting the user information necessary for generating the contract file by searching the user information storage unit;
A contract in which the extracted contract form and the collected user information are combined to generate a contract file necessary for the service related to the application, and information for identifying the contract processing rule is embedded in the contract file Document file generation means,
An output means for outputting the generated contract file to the user;
When a signed contract file is acquired from the user to whom the contract file is sent, the contract processing rule for the contract is obtained from the contract table based on the contract processing rule identification information embedded in the contract file. A selection means for selecting
Extraction means for extracting contract data and user information necessary for the account system message from the contract file and user information storage unit according to the selected processing rule;
A server comprising: transmission means for synthesizing the extracted data, generating an accounting system message for instructing execution of a service related to the application, and transmitting the accounting system message to the accounting system. The server of claim 9,
The output means is for transmitting the generated contract file to the user's terminal through a communication network,
The server further comprises means for receiving a contract file with an electronic signature through a communication network from a user terminal to which the contract file has been transmitted. The server of claim 10, wherein
When the output means accepts an application for use of a financial service from a user, a contract document file necessary for using the service is given to a server administrator and the user (contracting party) through a communication network in a predetermined order. Are sent in sequence,
The receiving means receives a contract file with an electronic signature from a plurality of contract parties through a communication network, and sequentially registers the received records in the contract status registration unit of the contract file storage unit,
The server, wherein the retrieval unit retrieves the contract document file and the contract processing rule when the reception record is registered for all contract parties. The server of claim 9,
further,
The change authority that can change the plurality of connection authorities to the server assigned to the user and the contract information regarding the financial services that can be used in advance that are concluded with the user are associated with the identification information of the user, respectively. A connection authority storage to store;
When service information and user identification information are acquired from the user and an authority change request for user connection authority is received, based on whether the service and user identification information related to the change request is stored in the connection authority storage unit Change authority authentication means for authenticating the change authority of the user,
A server, comprising: a connection authority update unit that updates a connection authority of the connection authority storage unit based on an accepted authority change request when authentication is valid. The server of claim 9,
further,
A change authority capable of changing a plurality of connection authorities to the server assigned to the user is stored in association with the identification information of the user, and an identification assigned to an internal operation performed by the user in relation to the financial service A connection authority storage for storing information in association with the service;
When the service use application receiving means acquires internal business identification information and user identification information and accepts an application for use of a financial service, based on whether the acquired information is registered in the connection authority storage unit, A connection authority authentication means for authenticating the connection authority,
The server comprising: the contract form extracting means for extracting a contract form of a service related to a use application when connection authority authentication is valid. The server of claim 13,
The connection authority storage unit stores a plurality of pieces of identification information assigned to a plurality of internal operations for each service,
Furthermore, when service information and user identification information are acquired from a user and one or more connection authority change requests are received, connection authority for all internal operations stored in association with the service related to the change request A server characterized by having a business flow verification means for verifying whether or not is set. The server of claim 9,
further,
A connection authority storage for storing a change authority capable of changing a plurality of connection authorities to the server assigned to a user for each type of a plurality of types of financial services in association with the identification information of the user;
When the financial service type information and the user identification information are acquired from the user and the authority change request for the user connection authority is received, the financial service and the user identification information related to the change request are stored in the connection authority storage unit. And a change authority authenticating means for authenticating the change authority of the user on the basis of whether the user is authorized. The server of claim 9,
further,
A connection authority storage for storing a change authority that can change a plurality of connection authorities to the server assigned to the user in association with the identification information of the user;
When the user identification information is acquired from the user and a request for changing the authority of the connection authority of the user is received, the change authority of the user is authenticated based on whether the user identification information is stored in the connection authority storage unit. A change authority authentication means,
When the authentication is valid, the change authority authentication unit extracts the connection authority that can be changed by the user from the connection authority storage unit based on the user identification information acquired from the user, and inputs the connection authority to be changed. A server characterized by comprising an interface generation means for generating an interface for the purpose.

Images