JP6928151B1 - Information processing method and information processing equipment - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing method and an apparatus for suppressing illegal code payment while reducing a burden on a user. When a payment processing device 1 receives an issuance request receiving unit 132 that receives a user ID and a payment code issuance request from a first user terminal 2, and a payment code issuance request is received, the payment code is transmitted. The payment token and the user's Before receiving the payment information receiving unit 135 for receiving the payment information regarding the purchase of goods or services at the store and the payment token, the same user ID as the user ID received from the first user terminal and the payment code Upon receiving the issuance request from the second user terminal, it has an authentication unit 134 that transmits an authentication request related to user authentication to the first user terminal and the second user terminal. [Selection diagram] Fig. 2

Description

The present invention relates to an information processing method and an information processing device that perform processing related to code payment using a two-dimensional bar code.

Code payment using a two-dimensional bar code such as a QR code (registered trademark) is widespread (see, for example, Patent Document 1 and Patent Document 2). The code payment is made by reading the two-dimensional bar code displayed by the store side by the user terminal or by reading the two-dimensional bar code displayed by the user terminal by the store side.

Japanese Patent No. 6528160 Japanese Patent No. 6473539

When the store side reads the two-dimensional bar code displayed by the user terminal to make a payment, the user terminal requests the payment processing device that performs the code payment to issue the user identification information that identifies the user and the two-dimensional bar code. Send a code issuance request to do so.

When the payment processing device receives a code issuance request based on user identification information that identifies the same user from a plurality of user terminals, one of the code issuance requests skimms the user identification information and illegally uses the user. There is a possibility that the code issuance request is made by an unauthorized user who has acquired the identification information. However, the payment processing device side cannot determine which code issuance request is the code issuance request by the unauthorized user.

For this reason, it is conceivable that the payment processing device approves all the code payments once and then determines the fraudulent judgment of these code payments after the payment is completed. However, additional processing such as cancellation of the code payment is required, which is complicated. Become. Further, at the time of code payment, it is conceivable to always authenticate the user terminal that has requested the code issuance, but this is a burden on the user.

Therefore, the present invention has been made in view of these points, and provides an information processing method and an information processing device capable of suppressing an unauthorized code payment while reducing the burden on the user. With the goal.

The information processing method according to the first aspect of the present invention includes user identification information for identifying a user who uses the first terminal from the first terminal, which is executed by a computer, and payment for the user to make a payment at a store. A step of receiving a request for issuing a payment code and a step of transmitting a payment token for generating a payment code corresponding to the first terminal to the first terminal when the request for issuing the payment code is received. When the same user identification information as the user identification information received from the first terminal and the payment code issuance request are received from the second terminal, the first terminal and the second terminal receive the user's information. A step of transmitting an authentication request related to authentication, and a step of receiving authentication information corresponding to the authentication request from the first terminal after transmitting the authentication request and authenticating the first terminal based on the authentication information. And, from the store terminal that read the payment code displayed by the first terminal based on the payment token transmitted to the first terminal, the payment token and the product or service of the user in the store It has a step of receiving payment information regarding a purchase, and a step of executing a payment process based on the payment token received from the store terminal and the payment information after the authentication of the first terminal.

The information processing method according to the second aspect of the present invention includes user identification information for identifying a user who uses the first terminal from the first terminal, which is executed by a computer, and payment for the user to make a payment at a store. A step of receiving a request for issuing a payment code and a step of transmitting a payment token for generating a payment code corresponding to the first terminal to the first terminal when the request for issuing the payment code is received. When the same user identification information as the user identification information received from the first terminal and the payment code issuance request are received from the second terminal, the first terminal and the second terminal receive the user's information. A step of transmitting an authentication request related to authentication, and a step of receiving authentication information corresponding to the authentication request from the second terminal after transmitting the authentication request and authenticating the second terminal based on the authentication information. And, from the store terminal that reads the payment code displayed by the first terminal based on the payment token, the payment token and the payment information regarding the purchase of goods or services at the store by the user are received. When it is determined that the authentication based on the authentication information received from the second terminal is successful in the step of performing the operation and the step of performing the authentication, the payment token received and the payment based on the payment information are settled. It has a step of controlling not to do so.

The information processing device according to the third aspect of the present invention requests from the first terminal to issue user identification information for identifying a user who uses the first terminal and a payment code for the user to make a payment at a store. When the payment information receiving unit that receives the above and the payment code issuance request are received, the payment token for generating the payment code corresponding to the first terminal is transmitted to the first terminal. When the same user identification information as the user identification information received from the first terminal and the issuance request of the payment code are received from the second terminal, the first terminal and the second terminal receive the user. After transmitting the authentication request related to the authentication of the above, the authentication unit that receives the authentication information corresponding to the authentication request from the first terminal and authenticates the first terminal based on the authentication information. And, from the store terminal that reads the payment code displayed by the first terminal based on the payment token transmitted to the first terminal, the payment token and the product or service of the user in the store A payment information receiving unit that receives payment information related to purchase, a payment processing unit that executes payment processing based on the payment token received from the store terminal and the payment information after authentication of the first terminal. Has.

The information processing device according to the fourth aspect of the present invention requests from the first terminal to issue user identification information for identifying a user who uses the first terminal and a payment code for the user to make a payment at a store. A payment information receiving unit that receives the above, a token transmitting unit that transmits a payment token for generating the payment code to the first terminal when receiving a request for issuing the payment code, and the first When the same user identification information as the user identification information received from the terminal and the payment code issuance request are received from the second terminal, the first terminal and the second terminal are requested to authenticate the user. Is transmitted, and after the authentication request is transmitted, the authentication unit that receives the authentication information corresponding to the authentication request from the second terminal and authenticates the second terminal based on the authentication information, and the payment token. A payment information receiving unit that receives the payment token and payment information related to the purchase of goods or services at the store by the user from the store terminal that has read the payment code displayed by the first terminal. When the authentication unit determines that the authentication based on the authentication information received from the second terminal is successful, the payment token received and the payment information are not settled. It has a payment processing unit to control.

According to the present invention, it is possible to suppress the illegal code payment while reducing the burden on the user.

It is a figure which shows the outline of the payment system. It is a figure which shows the functional structure of the payment processing apparatus. It is a figure which shows an example of the token management information. It is a figure which shows the functional structure of the 1st user terminal. It is a figure which shows the functional structure of a store terminal. It is an operation sequence diagram of a payment system. It is an operation sequence diagram following FIG.

[Overview of payment system S]
FIG. 1 is a diagram showing an outline of the payment system S. When the user purchases a product or service at a store or the like, the payment system S displays a payment code on the user terminal in response to a request from the user terminal possessed by the user, and the payment code is read by the store. It is a system that makes payments according to the situation. The payment code is a text or image that can be read by the terminal on the store side used for payment at the store, and is a code used at the time of payment. In the following description, goods or services are collectively referred to as goods. Further, the place where the product is purchased is not limited to the store, and may be a place different from the store such as a taxi.

The payment system S includes a payment processing device 1, a first user terminal 2, a second user terminal 3, and a store terminal 4. The payment processing device 1 is a server that setstles the purchase price. The first user terminal 2 is an information terminal used by the user, for example, a smartphone, a tablet, or a personal computer. The second user terminal 3 is an information terminal used by an unknown user, for example, a smartphone, a tablet, or a personal computer. An unknown user is a user or another user different from the user. The store terminal 4 is, for example, a smartphone, a tablet, or a POS terminal. The store terminal 4 is a terminal that belongs to a store and is used by a clerk or the like who explains a product to a user or provides a product to the user.
Hereinafter, the flow at the time of settlement will be described with reference to FIG.

The user purchases a product at a store. The user activates the payment application software and performs an operation for displaying the payment code on the first user terminal 2 when making a payment at the store. When the first user terminal 2 receives an operation for displaying the payment code, the first user terminal 2 transmits a user ID as user identification information for identifying the user and a request for issuing the payment code to the payment processing device 1 (FIG. (1) in 1.

The payment processing device 1 receives a user ID and a request for issuing a payment code from the first user terminal 2. Upon receiving the payment code issuance request, the payment processing device 1 generates a payment token ((2) in FIG. 1). The payment token is a data string used when the first user terminal 2 generates a payment code presented by the user at the store. The payment processing device 1 associates the generated payment token with the user ID and stores it in the storage medium ((3) in FIG. 1).

The payment processing device 1 transmits the generated payment token to the first user terminal 2 ((4) in FIG. 1). The payment processing device 1 may transmit the encrypted payment token to the first user terminal 2 after encrypting the payment token.

The first user terminal 2 generates and displays a payment code based on the received payment token ((5) in FIG. 1). The user presents the payment code when the purchase price of the product is settled at the store, and causes the store clerk to read the payment code displayed on the first user terminal 2.

Before receiving the payment token corresponding to the payment code from the store terminal 4, the payment processing device 1 setstles with the same user ID as the user ID received from the first user terminal 2 from the second user terminal 3. It is assumed that a request for issuance of a code is received ((6) in FIG. 1).

When the payment processing device 1 receives the same user ID and a payment code issuance request from the second user terminal 3, the first user terminal 2 and the second user terminal 3 are requested to authenticate the user. ((7-1), (7-2) in FIG. 1).

After that, it is assumed that the user ID and the authentication information are received from the first user terminal 2 in response to the authentication request ((8) in FIG. 1).

On the other hand, the store terminal 4 reads the payment code displayed on the first user terminal 2 by the operation of the store clerk ((9) in FIG. 1). The store terminal 4 setstles payment information including a payment amount indicating the total amount of products purchased by the user, a store ID as store identification information for identifying the store, and a payment token indicated by the read payment code. It is transmitted to the processing device 1 ((10) in FIG. 1). In the example shown in FIG. 1, it was decided that the processes (9) and (10) were performed after the process (8) was performed, but the processes (9) and (10) are not limited to this. After that, the process (8) may be performed.

When the payment processing device 1 receives the payment information and the payment token from the store terminal 4, it determines whether or not the payment token matches the payment token transmitted to the first user terminal 2. When the payment processing device 1 determines that the payment tokens match, it determines whether or not payment is possible based on the authentication information received from the first user terminal 2 ((11) in FIG. 1).

When the payment processing device 1 determines that payment is possible, the payment processing device 1 identifies the user ID associated with the payment token ((12) in FIG. 1), and the payment information received from the store terminal 4 and the specified user ID The settlement process is executed based on ((13) in FIG. 1).

By operating the payment system S as described above, when the user of the first user terminal 2 is trying to make a payment, a payment code issuance request is received from the second user terminal 3 used by an unknown user. Then, it is possible to make a payment after determining that the user is a legitimate user. As a result, it is possible to suppress the illegal code payment while reducing the burden on the user.
Hereinafter, the details of the configurations of the payment processing device 1, the first user terminal 2, and the store terminal 4 will be described. Since the configuration of the second user terminal 3 is the same as that of the first user terminal 2, the description thereof will be omitted.

[Functional configuration of payment processing device 1]
FIG. 2 is a diagram showing a functional configuration of the payment processing device 1. The payment processing device 1 includes a communication unit 11, a storage unit 12, and a control unit 13.

The communication unit 11 is a communication interface for transmitting and receiving data to and from the first user terminal 2, the second user terminal 3, and the store terminal 4 via a network such as the Internet.

The storage unit 12 is a storage medium for storing various types of data, and includes a ROM (Read Only Memory), a RAM (Random Access Memory), a hard disk, and the like. The storage unit 12 stores a program executed by the control unit 13. The storage unit 12 stores a payment program that causes the control unit 13 to function as a registration unit 131, an issuance request reception unit 132, a token transmission unit 133, an authentication unit 134, a payment information reception unit 135, and a payment processing unit 136. ..

Further, the storage unit 12 stores user information in which the user ID that identifies the user and the authentication information used for user authentication are associated with each other. The authentication information is, for example, a password, gesture information indicating a user's gesture, bioidentification information for identifying a user's living body, or a combination thereof.

In addition, the storage unit 12 stores token management information for managing payment tokens. FIG. 3 is a diagram showing an example of token management information. As shown in FIG. 3, the token management information is information in which a payment token, a user ID, a terminal ID, an expiration date, a duplicate request flag, and a permission flag are associated with each other.

The user ID is information that identifies the user of the user terminal that has sent the payment token issuance request. The terminal ID is information that identifies the user terminal that has sent the payment token issuance request. For example, it is identification information that uniquely identifies the terminal managed by the payment application software stored in the MAC ID or the user terminal. be.

The expiration date is the expiration date for permitting payment based on the payment token. The duplicate request flag is information indicating whether or not a payment code issuance request has been received from another user terminal during payment by code payment. The permission flag is information indicating whether or not to permit payment based on the payment token when a payment code issuance request is received from another user terminal during payment by code payment.

The duplicate request flag takes a value of either 0 or 1. When the duplicate request flag is 0, it indicates that a payment code issuance request has not been received from another user terminal during payment. When the duplicate request flag is 1, it means that a payment code issuance request is received from another user terminal during the payment, and the code payment is duplicated in the same time zone.

The permission flag takes a value of either 0 or 1 in the unset state (Null). When the permission flag is not set, it indicates that the determination as to whether or not to perform the settlement based on the settlement token has not been performed. When the permission flag is 0, it means that the payment based on the payment token is not permitted. When the permission flag is 1, it means that the payment based on the payment token is permitted. The control method of payment processing using token management information will be described later.

The control unit 13 is, for example, a CPU (Central Processing Unit). By executing the payment program stored in the storage unit 12, the control unit 13 executes the registration unit 131, the issuance request reception unit 132, the token transmission unit 133, the authentication unit 134, the payment information reception unit 135, and the payment processing. It functions as a unit 136. Details of the operation of each unit of the control unit 13 will be described later.

[Functional configuration of first user terminal 2]
FIG. 4 is a diagram showing a functional configuration of the first user terminal 2. The first user terminal 2 has an operation unit 21, a communication unit 22, a display unit 23, a storage unit 24, and a control unit 25. The control unit 25 includes an operation reception unit 251, a request transmission unit 252, and a code generation unit 253.

The operation unit 21 is an operation device that accepts user operations, and is, for example, a touch panel provided on the surface of the display unit 23. The operation unit 21 notifies the operation reception unit 251 of a signal indicating the position touched by the user.

The communication unit 22 is, for example, a wireless communication interface for transmitting and receiving data to and from a base station of a mobile phone network. The communication unit 22 inputs the payment token or the like received from the payment processing device 1 into the code generation unit 253.

The display unit 23 is a display that displays various types of information. The display unit 23 displays the payment code based on the control of the code generation unit 253.

The storage unit 24 is a storage medium including a ROM, a RAM, and the like. The storage unit 24 stores a program executed by the control unit 25. The storage unit 24 stores a program that causes the control unit 25 to function as the operation reception unit 251 and the request transmission unit 252 and the code generation unit 253. In addition, the storage unit 24 stores the payment token received from the payment processing device 1, the payment code generated based on the payment token, and the like.

The control unit 25 is, for example, a CPU, and functions as an operation reception unit 251, a request transmission unit 252, and a code generation unit 253 by executing a program stored in the storage unit 24.

The operation reception unit 251 specifies the operation content of the user based on the signal input from the operation unit 21. When the specified operation content is an operation for displaying the payment code on the first user terminal 2, the operation reception unit 251 notifies the request transmission unit 252 of the operation content. When the operation reception unit 251 receives an operation for displaying the payment code on the first user terminal 2, the request transmission unit 252 includes a user ID, a terminal ID that identifies the first user terminal 2, and a payment code. Issuance request and is transmitted to the payment processing device 1.

When the specified operation content is an operation for registering the authentication information in the payment processing device 1, the operation reception unit 251 displays the authentication information registration reception screen on the display unit 23 and accepts the input of the authentication information. .. When the operation reception unit 251 receives the input of the authentication information, the request transmission unit 252 transmits an authentication information registration request including the user ID and the authentication information to the payment processing device 1.

When the operation reception unit 251 receives the authentication request from the payment processing device 1, the operation reception unit 251 displays the authentication information input reception screen on the display unit 23 and accepts the input of the authentication information. When the operation reception unit 251 accepts the input of the authentication information, the request transmission unit 252 transmits the user ID, the terminal ID of the first user terminal 2, and the input authentication information to the payment processing device 1.

When the payment token is transmitted from the payment processing device 1, the code generation unit 253 generates a payment code based on the payment token. The code generation unit 253 generates a payment code based on, for example, a predetermined rule. The code generation unit 253 causes the display unit 23 to display the generated payment code.

[Functional configuration of store terminal 4]
FIG. 5 is a diagram showing a functional configuration of the store terminal 4. The store terminal 4 has an operation unit 41, a reading unit 42, a communication unit 43, a display unit 44, a storage unit 45, and a control unit 46.

The operation unit 41 is an operation device that accepts the operation of a clerk, for example, a button for selecting a product or a touch panel provided on the surface of the display unit 44.

The reading unit 42 is, for example, a bar code reader and a camera, and reads a bar code attached to a product purchased by the user or a payment code displayed by a terminal such as the first user terminal 2. The reading unit 42 outputs the information indicated by the read barcode and the payment code to the control unit 46.

The communication unit 43 is, for example, a communication interface for transmitting and receiving data to and from the payment processing device 1. The communication unit 43 transmits the payment token and the payment information to the payment processing device 1 under the control of the control unit 46.

The display unit 44 is a display that displays various types of information. The display unit 44 displays, for example, the settlement amount.

The storage unit 45 is a storage medium including a ROM, a RAM, and the like. The storage unit 45 stores a program executed by the control unit 46. The storage unit 45 stores a program that causes the control unit 46 to function as a payment information generation unit 461, a token acquisition unit 462, and a payment information transmission unit 463. Further, the storage unit 45 stores a product DB in which the product ID and the price of the product are associated with each other.

The control unit 46 is, for example, a CPU, and functions as a payment information generation unit 461, a token acquisition unit 462, and a payment information transmission unit 463 by executing a payment processing program stored in the storage unit 45.

The payment information generation unit 461 identifies one or more products to be settled and generates payment information. Specifically, the payment information generation unit 461 acquires the product ID input by the clerk in the operation unit 41 or the product ID read by the reading unit 42 from the barcode attached to the product. Identifies the product as the product to be settled. The settlement information generation unit 461 refers to the product DB stored in the storage unit 45, and specifies the price of the product associated with the acquired product ID. The payment information generation unit 461 acquires one or more product IDs input by the clerk in the operation unit 41 or the product ID read from the barcode attached to the product by the reading unit 42, and the price of the product specified from the product ID. To aggregate. When the settlement information generation unit 461 receives the settlement operation in the operation unit 41, the settlement information generation unit 461 determines the total price of the product as the settlement amount. The payment information generation unit 461 generates payment information including a payment amount and a store ID as store identification information for identifying a store.

The token acquisition unit 462 acquires the information extracted from the payment code as a payment token by the reading unit 42 reading the payment code displayed on the terminal such as the first user terminal 2.
In the payment information transmission unit 463, when the payment information generation unit 461 generates payment information and the token acquisition unit 462 acquires the payment token, the payment token and the payment information are settled via the communication unit 43. It is transmitted to the processing device 1.

[Operation of each part of control unit 13]
Subsequently, the operation of each unit of the control unit 13 will be described.
The registration unit 131 registers the user authentication information. For example, the registration unit 131 receives a registration request for authentication information including a user ID and authentication information from the first user terminal 2. The registration unit 131 stores the user ID included in the received registration request and the authentication information in the storage unit 12 as user information in association with each other.

The issuance request receiving unit 132 includes a user ID that identifies a user who uses the user terminal, a terminal ID that identifies the user terminal, and a user store from the user terminal including the first user terminal 2 and the second user terminal 3. Receives a request to issue a payment code for payment with.

When the issuance request receiving unit 132 receives the issuance request of the payment code, the token transmitting unit 133 generates a payment token for generating the payment code and transmits it to the user terminal that has made the payment code issuance request. do.

For example, when the token transmission unit 133 receives the user ID, the terminal ID, and the issuance request of the payment code from the first user terminal 2, the payment is made to generate the payment code corresponding to the first user terminal 2. Generate a token for. The token transmission unit 133 determines an expiration date indicating a deadline for making a payment based on the generated payment token. The expiration date is a time when a predetermined time (for example, 5 minutes) has elapsed from the time when the request for issuing the payment code is received.

The token transmission unit 133 stores the token management information including the generated payment token, the received user ID, the terminal ID, and the determined expiration date in the storage unit 12. In the token management information, the token transmission unit 133 sets the value of the duplicate request flag associated with the generated payment token and the received user ID to "0". The token transmission unit 133 transmits the generated payment token to the first user terminal 2 that has transmitted the payment code issuance request.

The authentication unit 134 reads the payment code displayed by the first user terminal 2 based on the payment token before the expiration date of the payment token transmitted to the first user terminal 2 from the store terminal 4. When the same user ID as the user ID received from the first user terminal 2 and the request for issuing the payment code are received from the second user terminal 3 before receiving the payment token, the first user terminal 2 and An authentication request related to user authentication is transmitted to the second user terminal 3, and duplicate request notification information indicating that code payment is duplicated is transmitted.

Further, the authentication unit 134 receives the user from the first user terminal 2 before receiving the payment token from the store terminal 4 that has read the payment code displayed by the first user terminal 2 based on the payment token. When the same user ID as the ID and the payment code issuance request are not received from other user terminals including the second user terminal 3, an authentication request related to user authentication is transmitted to the first user terminal 2. Control not to.

Hereinafter, the process when the authentication unit 134 performs authentication will be described. Specifically, first, when the issuance request receiving unit 132 receives the user ID and the payment code issuance request from the second user terminal 3, the authentication unit 134 refers to the token management information and is more than the current time. Identify the user ID associated with a later expiration date. The authentication unit 134 determines whether or not the specified user ID includes a user ID that matches the user ID received from the second user terminal 3.

When the user ID corresponding to the first user terminal 2 is included in the authentication unit 134, the user ID received from the second user terminal 3 is the same as the user ID received from the first user terminal 2, and the second user ID is the same. It is determined that a payment code issuance request corresponding to the user of the first user terminal 2 has been received from the second user terminal 3 during the code payment by the first user terminal 2. When the authentication unit 134 determines that the second user terminal 3 has received the payment code issuance request corresponding to the user of the first user terminal 2, the authentication unit 134 determines that the token management information includes the duplicate associated with the received user ID. Set the value of the request flag to "1". Then, the authentication unit 134 transmits duplicate request notification information to the first user terminal 2 and the second user terminal 3 to display the duplicate request notification information on the first user terminal 2 and the second user terminal 3, and also authenticates the user. Send the request.

When the first user terminal 2 and the second user terminal 3 receive the authentication request, they display a screen for accepting the input of the authentication information and accept the input of the authentication information. When the first user terminal 2 and the second user terminal 3 receive the input of the authentication information, the first user terminal 2 and the second user terminal 3 transmit the user ID, the terminal ID, and the input authentication information to the payment processing device 1.

After transmitting the authentication request to the first user terminal 2 and the second user terminal 3, the authentication unit 134 receives the authentication information, the user ID, and the terminal ID from the first user terminal 2 or the second user terminal 3. Authenticate based on the received information.

For example, when the authentication unit 134 refers to the user information of the storage unit 12 and determines that the received authentication information and the user ID are associated and stored, it is determined that the authentication based on the received authentication information is successful. ..

When the authentication unit 134 succeeds in authentication based on the authentication information received from the first user terminal 2, the settlement permits the permission flag associated with the user ID received from the first user terminal 2 in the token management information. It is set to the value "1" indicating that it has been done. In addition, the authentication unit 134 transmits to the second user terminal 3 the non-issuance notification information indicating that the payment token will not be issued.

Further, when the authentication unit 134 succeeds in authentication based on the authentication information received from the second user terminal 3, the permission flag associated with the user ID received from the second user terminal 3 in the token management information, that is, The permission flag corresponding to the first user terminal 2 is set to a value "0" indicating that payment is not permitted.

When the authentication unit 134 determines that the authentication based on the authentication information received from the second user terminal 3 is successful, the token transmission unit 133 is used for payment for generating a payment code corresponding to the second user terminal 3. Generate tokens and determine expiration dates. Then, the token transmission unit 133 associates the generated payment token, the user ID received from the second user terminal 3, the terminal ID, and the expiration date, and stores the generated token management information in the storage unit 12 to generate the token. The payment token is transmitted to the second user terminal 3.

After transmitting the authentication request, the authentication unit 134 determines that the authentication based on the authentication information received from the first user terminal 2 is successful, and determines that the first user terminal 2 can make a payment based on the payment code. The indicated information may be transmitted, and the display unit 23 of the first user terminal 2 may be made to perform information indicating that the payment based on the payment code is possible. By doing so, the user of the first user terminal 2 can confirm that the payment can be made based on the payment code displayed on the first user terminal 2.

Further, when the authentication unit 134 determines that the authentication based on the authentication information received from the first user terminal 2 is successful after transmitting the authentication request, the second user terminal 3 cannot make a payment based on the payment code. Information indicating that there is may be transmitted.

After transmitting the authentication request, the authentication unit 134 determines that the authentication based on the authentication information received from the second user terminal 3 is successful, and the second user terminal 3 cannot make a payment based on the payment code. Information indicating that may be transmitted.

The payment information receiving unit 135 reads the payment code displayed by the first user terminal 2 based on the payment token transmitted by the token transmitting unit 133 from the store terminal 4, the payment token, and the user's store. Receive payment information regarding the purchase of goods. It is assumed that the payment information includes the store ID and the payment amount at the user's store. Further, the payment information receiving unit 135 reads the payment code displayed by the second user terminal 3 based on the payment token after the payment token is transmitted to the second user terminal 3 by the token transmitting unit 133. The payment token and payment information regarding the purchase of goods or services at the user's store of the second user terminal 3 are received from the store terminal 4.

When the payment information receiving unit 135 receives the payment information and the payment token from the store terminal 4, the payment processing unit 136 executes the payment based on the received payment information. When the authentication unit 134 determines that the authentication based on the authentication information received from the first user terminal 2 is successful, the payment processing unit 136 executes the payment based on the received payment token and the payment information.

Further, when the authentication unit 134 determines that the authentication unit 134 has succeeded in the authentication based on the authentication information received from the second user terminal 3, the payment processing unit 136 corresponds to the first user terminal 2 received from the store terminal 4. Control not to perform payment based on the payment token and payment information. Further, when the payment processing unit 136 determines that the authentication based on the authentication information received from the second user terminal 3 is successful, the payment processing unit 136 is based on the payment token corresponding to the received second user terminal 3 and the payment information. Perform payment.

Specifically, when the payment information receiving unit 135 receives the payment information and the payment token from the store terminal 4, the payment processing unit 136 refers to the token management information stored in the storage unit 12 and receives the information. It is determined whether or not a payment token that matches the payment token is stored in the storage unit 12. When the payment processing unit 136 determines that the matching payment token is stored in the storage unit 12, the payment processing unit 136 can settle by referring to the expiration date, the duplicate request flag, and the permission flag associated with the payment token. Determine if it exists.

The settlement processing unit 136 indicates a time whose expiration date is later than the current time, and when the value of the duplicate request flag is 0, settlement is performed regardless of the value of the permission flag. Is determined to be possible. Further, the settlement processing unit 136 indicates that the expiration date is a time after the current time, and when the value of the duplicate request flag is 1 and the value of the permission flag is 1, settlement is possible. judge.

If the expiration date is earlier than the current time, the settlement processing unit 136 determines that settlement is impossible. Further, the settlement processing unit 136 determines that settlement is impossible when the expiration date is a time after the current time, the value of the duplicate request flag is 1, and the value of the permission flag is 0.

When the payment processing unit 136 determines that payment is possible, the payment processing unit 136 identifies the user ID associated with the received payment token in the token management information. Then, the payment processing unit 136 executes a process of deducting the payment amount included in the received payment information from the account of the user corresponding to the specified user ID. In addition, the payment processing unit 136 executes a process of depositing the payment amount included in the received payment information into the account of the store specified by the store ID included in the received payment information.

When the payment is made based on the payment information, the payment processing unit 136 notifies the store terminal 4 of the payment completion information indicating that the payment has been completed. Further, when the payment is made based on the payment information, the payment processing unit 136 completes the payment on the user terminal indicated by the terminal ID associated with the payment token received together with the payment information in the token management information. Notify the store terminal 4 of the settlement completion information indicating that.

[Operation sequence]
FIG. 6 is an operation sequence diagram of the payment system S. FIG. 7 is an operation sequence diagram following FIG.
The sequence diagram shown in FIG. 6 starts from the point where the user performs the authentication information registration operation on the first user terminal 2 (S1). When the operation reception unit 251 accepts the input of the authentication information, the request transmission unit 252 transmits an authentication information registration request including the user ID and the authentication information to the payment processing device 1 (S2).

When the registration unit 131 of the payment processing device 1 receives the authentication information registration request from the first user terminal 2, the registration unit 131 stores the user ID included in the authentication information registration request and the authentication information in the storage unit 12 as user information in association with each other. (S3).

After that, when the user performs a payment code display operation on the first user terminal 2 in the store (S4), the request transmission unit 252 uses the user ID, the terminal ID of the first user terminal 2, and the payment code. The issuance request is transmitted to the payment processing device 1 (S5).

When the issuance request receiving unit 132 of the payment processing device 1 acquires the user ID, the terminal ID, and the issuing request of the payment code from the first user terminal 2, the token transmitting unit 133 generates the payment code. Generate a payment token for (S6). The token transmission unit 133 stores the token management information associated with the received user ID, the terminal ID, and the generated payment token in the storage unit 12 (S7). The token transmission unit 133 transmits the generated payment token to the first user terminal 2 that has transmitted the payment code issuance request (S8).

After that, when the user of the second user terminal 3 performs a payment code display operation on the second user terminal 3 (S9), the second user terminal 3 receives the user ID and the terminal ID of the second user terminal 3. A request for issuing a payment code is transmitted to the payment processing device 1 (S10).

When the issuance request receiving unit 132 of the payment processing device 1 receives the user ID, the terminal ID, and the issuing request of the payment code from the second user terminal 3, the authentication unit 134 refers to the token management information and refers to the token management information. It is determined whether or not a user ID that matches the received user ID is included. When the user ID of the first user terminal 2 is included as the user ID that matches the received user ID, the authentication unit 134 receives the user ID from the second user terminal 3 during code payment using the first user terminal 2. , It is determined that the issuance request of the payment code corresponding to the user of the first user terminal 2 has been received, and the value of the duplicate request flag associated with the received user ID is updated to "1" in the token management information. (S11). The authentication unit 134 transmits the duplicate request notification information to the first user terminal 2 and the second user terminal 3 (S12, S13).

The explanation is transferred to FIG. In the sequence diagram shown in FIG. 7, it is assumed that the user of the first user terminal 2 performs the operation of inputting the authentication information (S14). The request transmission unit 252 transmits the user ID, the terminal ID of the first user terminal 2, and the input authentication information to the payment processing device 1 (S15).

The authentication unit 134 performs authentication based on the authentication information received from the first user terminal 2. When the authentication is successful, the authentication unit 134 sets the permission flag associated with the user ID and the terminal ID received from the first user terminal 2 in the token management information to indicate that the payment is permitted. It is updated to "1" (S16), and the non-issuance notification information indicating that the payment token is not issued is transmitted to the second user terminal 3 (S17).

After that, the code generation unit 253 of the first user terminal 2 generates a payment code based on the payment token received from the payment processing device 1, and displays the generated payment code on the display unit 23 (S18). At the store, the user presents the payment code displayed on the first user terminal 2, and the reading unit 42 of the store terminal 4 reads the payment code (S19).

Further, the payment information generation unit 461 of the store terminal 4 specifies the price of the product based on the product ID input by the clerk in the operation unit 41 or the product ID read from the barcode attached to the product by the reading unit 42. , Calculate the settlement amount (S20). The payment information transmission unit 463 of the store terminal 4 transfers the payment information including the calculated payment amount and the store ID and the payment token included in the payment code read in S19 to the payment processing device 1. Transmit (S21).

Subsequently, the payment information receiving unit 135 of the payment processing device 1 receives the payment information and the payment token from the store terminal 4. When the payment token stored in the token management information of the storage unit 12 and the received payment token match, the payment processing unit 136 has an expiration date, a duplicate request flag, and an expiration date associated with the payment token. Based on the permission flag, it is determined whether or not payment based on the received payment token is possible (S22).

When the payment processing unit 136 determines that payment is possible, the payment processing unit 136 identifies the user ID associated with the received payment token in the token management information (S23), and makes a payment based on the user ID and the received payment information. Process (S24). Subsequently, the payment processing unit 136 notifies the first user terminal 2 of the payment completion information indicating that the payment has been completed (S25).

[Modification example]
In the above description, the authentication unit 134 of the payment processing device 1 is the same as the user ID received from the first user terminal 2 before receiving the payment token corresponding to the first user terminal 2 from the store terminal 4. When the user ID and the payment code issuance request are received from the second user terminal 3, it is decided to send the authentication request related to the user authentication to the first user terminal 2 and the second user terminal 3. Not limited to this.

Before receiving the payment token corresponding to the first user terminal 2, the authentication unit 134 issues the same user ID as the user ID received from the first user terminal 2 and the issuance request of the payment code to the second user. When received from the terminal 3, an authentication request related to user authentication may be transmitted to a third terminal different from the first user terminal 2 and the second user terminal 3. In this case, the registration unit 131 receives the terminal identification information for identifying the third terminal to which the authentication request is transmitted from the user of the first user terminal 2, and receives the user ID, the authentication information, and the terminal. It may be stored as user information in association with specific information.

Further, the registration unit 131 receives the registration request of the authentication information including the user ID and the authentication information from the first user terminal 2, and associates the user ID included in the received registration request with the authentication information and associates the user with the authentication information. It was decided to store it in the storage unit 12 as information, but the present invention is not limited to this. The registration unit 131 receives a registration request for authentication information including a user ID, authentication information, and destination information indicating a destination of the authentication information, and receives the user ID, the authentication information, and the user ID included in the received registration request. The destination information may be associated with the user information and stored in the storage unit 12.

The destination information is, for example, an e-mail address, a telephone number, or a user's ID in SNS. Then, before receiving the payment token corresponding to the first user terminal 2, the authentication unit 134 sets the same user ID as the user ID received from the first user terminal 2 and the issuance request of the payment code. 2 When received from the user terminal 3, the user ID in the user information
The authentication request may be sent to the destination indicated by the destination information associated with.

Further, before receiving the payment token corresponding to the first user terminal 2, the authentication unit 134 sets the same user ID as the user ID received from the first user terminal 2 and the request for issuing the payment code. 2 When received from the user terminal 3, a one-time password as authentication information may be generated. Then, the authentication unit 134 may transmit the generated one-time password to the destination indicated by the destination information associated with the user ID. Then, the authentication unit 134 permits the payment of the user terminal by determining whether or not the one-time password as the authentication information has been received from either the first user terminal 2 or the second user terminal 3. You may do it. For example, the authentication unit 134 may allow the payment of the user terminal that has transmitted the one-time password.

Further, when the authentication unit 134 determines that the authentication unit 134 has succeeded in the authentication based on the authentication information received from the second user terminal 3, the token transmission unit 133 is for generating a payment code corresponding to the second user terminal 3. Generated a payment token, but it is not limited to this. When the authentication unit 134 determines that the authentication unit 134 has succeeded in authentication based on the authentication information received from the first user terminal 2, the token transmission unit 133 is for payment for generating a payment code corresponding to the first user terminal 2. You may regenerate the token and determine the expiration date. Then, the token transmission unit 133 associates the generated payment token, the user ID received from the first user terminal 2, the terminal ID, and the expiration date, and stores the generated token management information in the storage unit 12 to generate the token. The payment token may be transmitted to the first user terminal 2.

In this case, the payment information receiving unit 135 reads the payment code displayed by the first user terminal 2 based on the regenerated payment token transmitted to the first user terminal 2 from the store terminal 4. The payment token and payment information regarding the purchase of goods or services at the user's store are received. Then, the payment processing unit 136 executes the payment processing based on the regenerated payment token and the payment information received from the first user terminal 2.

[Effect of payment system S according to this embodiment]
As described above, when the payment processing device 1 receives the user ID and the issuance request of the payment code from the first user terminal 2, the payment processing device 1 generates a payment token for generating the payment code in the first user terminal. Send to 2. The payment processing device 1 receives a user ID received from the first user terminal 2 before receiving the payment token from the store terminal 4 that has read the payment code displayed by the first user terminal 2 based on the payment token. When the same user ID and the payment code issuance request are received from the second user terminal 3, the authentication request related to the user authentication is transmitted to the first user terminal 2 and the second user terminal 3. By doing so, the payment processing device 1 can suppress the illegal code payment while reducing the burden on the user.

Although the present invention has been described above using the embodiments, the technical scope of the present invention is not limited to the scope described in the above embodiments, and various modifications and changes can be made within the scope of the gist thereof. be. For example, the specific embodiment of the distribution / integration of the device is not limited to the above embodiment, and all or a part thereof may be functionally or physically distributed / integrated in any unit. Can be done. Also included in the embodiments of the present invention are new embodiments resulting from any combination of the plurality of embodiments. The effect of the new embodiment produced by the combination has the effect of the original embodiment together.

1 Payment processing device 2 1st user terminal 3 2nd user terminal 4 Store terminal 11 Communication unit 12 Storage unit 13 Control unit 21 Operation unit 22 Communication unit 23 Display unit 24 Storage unit 25 Control unit 41 Operation unit 42 Reading unit 43 Communication unit 44 Display unit 45 Storage unit 46 Control unit 131 Registration unit 132 Issuance request reception unit 133 Token transmission unit 134 Authentication unit 135 Payment information reception unit 136 Payment processing unit 251 Operation reception unit 252 Request transmission unit 253 Code generation unit 461 Payment information Generation unit 462 Token acquisition unit 463 Payment information transmission unit

Claims (15)

Computer runs,
A step of receiving from the first terminal user identification information for identifying a user who uses the first terminal and a request for issuing a payment code for the user to make a payment at a store.
Upon receiving the payment code issuance request, a step of transmitting a payment token for generating a payment code corresponding to the first terminal to the first terminal and a step of transmitting the payment token to the first terminal.
When the same user identification information as the user identification information received from the first terminal and a payment code issuance request are received from the second terminal, the first terminal and the second terminal are used to authenticate the user. The steps to send such an authentication request and
After transmitting the authentication request, the step of receiving the authentication information corresponding to the authentication request from the first terminal and authenticating the first terminal based on the authentication information,
Regarding the purchase of the payment token and the user's goods or services at the store from the store terminal that has read the payment code displayed by the first terminal based on the payment token transmitted to the first terminal. Steps to receive payment information and
After the authentication of the first terminal, a step of executing a payment process based on the payment token and the payment information received from the store terminal, and
Have a,
In the step of transmitting the payment token, after the computer transmits the authentication request, if it is determined that the authentication based on the authentication information received from the first terminal is successful, the computer receives the authentication request from the second terminal. In response to the request for issuing the payment code, control is performed so that the payment token for generating the payment code is not transmitted to the second terminal.
Information processing method. In the step of performing the authentication, when the computer determines that the authentication based on the authentication information received from the first terminal is successful after transmitting the authentication request, the computer sends the payment code to the first terminal. Send information indicating that payment is possible based on,
The information processing method according to claim 1. In the step of performing the authentication, after the computer transmits the authentication request, if it is determined that the authentication based on the authentication information received from the first terminal is successful, the second terminal uses the payment code. Sends information indicating that is not possible,
The information processing method according to claim 1 or 2. The computer runs ,
In the step of performing the authentication, if it is determined that the authentication based on the authentication information received from the first terminal is successful, a step of regenerating a payment token corresponding to the first terminal and a step of generating the payment token.
Further organic and transmitting the payment token which is regenerated to the first terminal,
The computer
In the step of receiving the payment information, the regeneration is performed from the store terminal that has read the payment code displayed by the first terminal based on the regenerated payment token transmitted to the first terminal. Upon receiving the payment token and the payment information regarding the purchase of goods or services at the store by the user, the payment information is received.
In the step of executing the payment process, after the authentication of the first terminal, the payment process is executed based on the regenerated payment token received from the store terminal and the payment information.
The information processing method according to any one of claims 1 to 3. In the step of executing the payment process, when it is determined that the computer has succeeded in the authentication based on the authentication information received from the first terminal in the step of performing the authentication, the payment received from the store terminal. Executes payment based on the computer token and the payment information.
The information processing method according to any one of claims 1 to 4. Computer runs,
A step of receiving from the first terminal user identification information for identifying a user who uses the first terminal and a request for issuing a payment code for the user to make a payment at a store.
Upon receiving the payment code issuance request, a step of transmitting a payment token for generating a payment code corresponding to the first terminal to the first terminal and a step of transmitting the payment token to the first terminal.
When the same user identification information as the user identification information received from the first terminal and a payment code issuance request are received from the second terminal, the first terminal and the second terminal are used to authenticate the user. The steps to send such an authentication request and
A step of receiving the authentication information corresponding to the authentication request from the second terminal after transmitting the authentication request and authenticating the second terminal based on the authentication information.
A step of receiving the payment token and payment information regarding the purchase of goods or services at the store by the user from the store terminal that has read the payment code displayed by the first terminal based on the payment token. When,
In the step of performing the authentication, if it is determined that the authentication based on the authentication information received from the second terminal is successful, the payment based on the received payment token and the payment information is not performed. Steps to control and
Information processing method having. In the step of performing the authentication executed by the computer, if it is determined that the authentication based on the authentication information received from the second terminal is successful, a second payment code corresponding to the second terminal is generated. Further having a step of transmitting a second payment token to the second terminal.
The information processing method according to claim 6. The computer runs,
After the payment token is transmitted to the second terminal, the payment token and the user's said from the store terminal that reads the payment code displayed by the second terminal based on the payment token. Steps to receive payment information regarding the purchase of goods or services at the store,
A step of executing a payment based on the received payment token and the payment information,
Have more,
The information processing method according to claim 7. In the step of performing the authentication, the computer refers to a storage unit that stores the authentication information in association with the user identification information, and whether or not the received authentication information and the user identification information are stored in association with each other. Authenticate based on
The information processing method according to any one of claims 1 to 8. In the step of performing the authentication, the computer receives at least one of the password, the gesture information indicating the gesture of the user, and the bioidentifying information for identifying the living body of the user as the authentication information.
The information processing method according to any one of claims 1 to 9. In the step of performing the authentication, the computer transmits the authentication information to a predetermined destination and determines whether or not the authentication information has been received from the first terminal or the second terminal. Authenticate,
The information processing method according to any one of claims 1 to 10. In the step of performing the authentication, the computer refers to a storage unit that stores the destination and the user identification information in association with each other, and stores the authentication information in the destination associated with the received user identification information. Send,
The information processing method according to claim 11. Further having a step of associating a payment token executed by the computer with an expiration date indicating an expiration date for making a payment based on the payment token and storing it in a storage unit.
In the step of transmitting the authentication request, the computer receives the same user identification information and the payment code from the second terminal before the expiration date and before receiving the payment token. When the issuance request is received, the authentication request is sent.
The information processing method according to any one of claims 1 to 12. A payment information receiving unit that receives from the first terminal user identification information that identifies a user who uses the first terminal and a request for issuing a payment code for the user to make a payment at a store.
Upon receiving the payment code issuance request, a token transmission unit that transmits a payment token for generating a payment code corresponding to the first terminal to the first terminal, and a token transmission unit.
When the same user identification information as the user identification information received from the first terminal and the payment code issuance request are received from the second terminal, the first terminal and the second terminal are used to authenticate the user. After transmitting the authentication request and transmitting the authentication request, the authentication unit that receives the authentication information corresponding to the authentication request from the first terminal and authenticates the first terminal based on the authentication information.
Regarding the purchase of the payment token and the user's goods or services at the store from the store terminal that has read the payment code displayed by the first terminal based on the payment token transmitted to the first terminal. A payment information receiver that receives payment information, and
After the authentication of the first terminal, a payment processing unit that executes payment processing based on the payment token received from the store terminal and the payment information, and a payment processing unit.
Have a,
After transmitting the authentication request, the token transmission unit determines that the authentication based on the authentication information received from the first terminal has succeeded, and in response to the payment code issuance request received from the second terminal. Correspondingly, control is performed so that the payment token for generating the payment code is not transmitted to the second terminal.
Information processing device. A payment information receiving unit that receives from the first terminal user identification information that identifies a user who uses the first terminal and a request for issuing a payment code for the user to make a payment at a store.
Upon receiving the payment code issuance request, a token transmission unit that transmits a payment token for generating the payment code to the first terminal, and a token transmission unit.
When the same user identification information as the user identification information received from the first terminal and the payment code issuance request are received from the second terminal, the first terminal and the second terminal are used to authenticate the user. After transmitting the authentication request and transmitting the authentication request, the authentication unit that receives the authentication information corresponding to the authentication request from the second terminal and authenticates the second terminal based on the authentication information.
Payment that receives the payment token and payment information regarding the purchase of goods or services at the store by the user from the store terminal that has read the payment code displayed by the first terminal based on the payment token. Information receiver and
When the authentication unit determines that the authentication based on the authentication information received from the second terminal is successful, it controls not to perform the payment based on the received payment token and the payment information. Payment processing department and
Information processing device with.

Images