JP7175937B2 - Login management system, login management method, and program - Google Patents

Description

Application of Article 30, Paragraph 2 of the Patent Act November 14, 2019, https://www. rakuten-bank. co. jp/, https://www. rakuten-bank. co. jp/press/2019/191114. html, https://www. ok b. co. jp/, https://www. ok b. co. jp/all/news/2019/20191114. pdf November 14, 2019, Regional Bank Hall Auditorium November 18, 2019, https://www. rakuten-bank. co. jp/, https://itunes. apple. com/, https://itunes. apple. com/jp/app/id391048295, https://play. google. com/, https://play. google. com/store/apps/details? id=jp. co. rakuten_bank. rakuten bank

The present disclosure relates to a login management system, login management method, and program.

Conventionally, techniques are known for allowing a user having multiple accounts to use each of the multiple accounts. For example, in Patent Document 1, the account number of each of a plurality of accounts held by a user is stored in an IC card, and when the user causes an ATM to read the IC card, the account number is stored in the IC card. A device is described that allows for multiple accounts. Further, for example, in Patent Document 2, the account number of a representative account is stored in an IC card of a user who has multiple accounts, and when the user causes an ATM to read the IC card, the account number is stored in the IC card. A device is described for making use of each of the representative accounts created and other accounts associated with the representative account.

Japanese Patent Application Laid-Open No. 2003-281388 JP-A-61-253580

However, the techniques of Patent Literatures 1 and 2 require an IC card for the user to use each of the multiple accounts, and the user's terminal cannot log in to multiple accounts. In this regard, if a user attempts to log in to multiple accounts on a user terminal, the probability of unauthorized access by a third party increases correspondingly to the number of accounts, so it is necessary to improve security.

The present disclosure has been made in view of the above problems, and its object is to provide a login management system, a login management method, and a program that can improve security when a user has multiple accounts. be.

In order to solve the above problems, a login management system according to the present disclosure includes first receiving means for receiving a first request for logging into a first account among a plurality of accounts owned by a user; a second receiving means for receiving a second request for logging into a second account among the plurality of accounts; and 2. If the terminal determining means for determining whether the terminal that transmitted the request and the terminal permitted by the first permitting means are the same, and the terminal determining means determines that they are the same, a second permitting means for permitting the terminal that has transmitted the second request to log in to the second account.

It is a figure which shows an example of the account management system which concerns on embodiment. FIG. 10 is a diagram showing the flow of a login procedure when an application is started for the first time; FIG. 10 is a diagram showing a flow of adding quick login information corresponding to another account to the application; It is a figure which shows the flow in which a user logs in to an account using biometrics authentication. It is a figure which shows the flow which switches another account within an application. 3 is a functional block diagram showing functions implemented in the embodiment; FIG. It is a figure which shows the data storage example of an account database. It is a flow chart of processing performed in this embodiment. It is a flow chart of processing performed in this embodiment. It is a flow chart of processing performed in this embodiment. It is a flow chart of processing performed in this embodiment.

[1. Overall Configuration of Login Management System]
Hereinafter, examples of embodiments according to the present disclosure will be described in detail based on the drawings. FIG. 1 is a diagram illustrating an example of a login management system according to an embodiment. As shown in FIG. 1, for example, the login management system 1 includes a server 10 and a terminal 20, which are connectable to a network N such as the Internet. Although one server 10 and one terminal 20 are shown in FIG. 1, a plurality of these may be provided.

Server 10 is a server computer. For example, the server 10 includes a control section 11 , a storage section 12 and a communication section 13 . Control unit 11 includes, for example, at least one processor. The storage unit 12 includes, for example, a main storage unit such as a RAM and an auxiliary storage unit such as a hard disk. The control unit 11 executes processing according to programs and data stored in the storage unit 12 . The communication unit 13 includes a communication interface for wired communication or wireless communication. The communication unit 13 can transmit and receive data to and from an external device via the network N. FIG.

The terminal 20 is a computer operated by a user. For example, the terminal 20 is a personal computer, a mobile phone (including smart phones), or a personal digital assistant (including tablet terminals and wearable terminals). Terminal 20 includes control unit 21 , storage unit 22 , communication unit 23 , operation unit 24 and display unit 25 . Hardware configurations of the control unit 21, the storage unit 22, and the communication unit 23 may be the same as those of the control unit 11, the storage unit 12, and the communication unit 13, respectively. The operation unit 24 is an input device such as a touch panel, a pointing device such as a mouse, or a keyboard. The display unit 25 is, for example, a liquid crystal display or an organic EL display.

The programs and data described as being stored in the storage units 12 and 22 are stored in a computer-readable information storage medium (eg, USB memory or SD card) and supplied to each computer. Alternatively, it may be supplied to each computer via a network. Also, the hardware configuration of each computer described above is not limited to the above examples, and may include, for example, a reading unit (for example, an SD card slot) for reading an information storage medium, or an input for direct communication with an external device. An output unit (for example, a USB terminal) may be provided.

[2. Overview of Login Management System]
A user has a plurality of accounts, and logs into each account to use a predetermined service. In this embodiment, a financial service will be described as an example of this service, and an account will be described as an example of an account. For this reason, the description of the account or the user ID corresponding to the account in this embodiment can be read as the account. Application examples for services other than financial services are described in modified examples.

In this embodiment, a scene in which one user who has multiple accounts at one financial institution uses the login management system 1 will be taken as an example. The financial institution may be of any kind, for example a so-called depository institution. For example, financial institutions are banks, credit unions, credit cooperatives, labor banks, or the Norinchukin Bank. Banks can be of any type, for example city banks, regional banks, internet banks, or trust banks. All users of the login management system 1 do not need to have multiple accounts, and some users may have only one account.

A user may have an account at each of multiple branches, or may have multiple accounts within the same branch. Only users who have opened an account at a particular branch of a financial institution may be permitted to have multiple accounts. This specific branch may be the branch containing the name of the specific legal entity. The corporate name is not limited to the registered name, and may be an abbreviated name or a common name. For example, as a branch of a financial institution affiliated with a local bank, there may be a branch containing the name of this local bank. Note that a specific branch does not have to include the name of a specific legal entity.

In this embodiment, a case where a user who has an account of "ABC branch" and an account of "XYZ branch" in "ZZZ bank" uses the login management system 1 will be taken as an example. “ZZZ Bank” is an example of the aforementioned financial institution. Therefore, the description of "ZZZ Bank" in this embodiment can be read as "financial institution". For example, "ZZZ Bank" is an Internet bank that provides various services using the Internet.

"ABC branch" is a branch containing the name of a regional bank "ABC bank" affiliated with "ZZZ bank". "ABC branch" is an example of a branch of the aforementioned specific corporation. Therefore, the description of "ABC branch" in this embodiment can be read as a branch of a specific corporation. For example, a user applies to open an account at an "ABC branch" of "ZZZ bank" at a physical store of "ABC bank." The person in charge of this actual store performs a predetermined account opening procedure, and the user's account is opened at "ABC branch" of "ZZZ bank".

"XYZ Branch" is a regular branch in "ZZZ Bank" and does not include the name of a specific legal entity. A normal branch is a branch other than a specific branch. For example, a normal branch is not a branch for affiliation with a specific corporation, but a branch unique to "ZZZ Bank". For example, the user applies to "ZZZ Bank" to open an account online or at a physical store. The person in charge of "ZZZ Bank" performs a predetermined account opening procedure, and the user's account is opened at "XYZ Branch" of "ZZZ Bank".

In this embodiment, an application for using the services of "ZZZ Bank" is provided. This service may be any financial service that can be provided by a financial institution, such as confirmation of account balance, confirmation of deposit/withdrawal details, remittance service such as transfer, or loan application. In this embodiment, the user accesses the server that distributes the application and downloads the application to the terminal 20 . When the installation of the application on the terminal 20 is completed, the user activates the application and performs a login procedure to his/her own account.

FIG. 2 is a diagram showing the flow of a login procedure when an application is started for the first time. As shown in FIG. 2 , when the application installed in the terminal 20 is activated for the first time, an initial activation screen G1 is displayed on the terminal 20 . The initial activation screen G1 is a screen displayed when the installed application is activated for the first time. In other words, the initial activation screen G1 is a screen that is displayed when the account login procedure has not been completed.

For example, when the user selects the image I10 labeled “login procedure” on the initial activation screen G1, the login screen G2 is displayed on the terminal 20. FIG. The login screen G2 is a screen for logging into any one of a plurality of accounts. In this embodiment, a user ID and password for logging in are set for each account. Therefore, there is a one-to-one correspondence between an account and a pair of user ID and password. For example, the user ID and password for the "ABC branch" account and the user ID and password for the "XYZ branch" account are set separately.

When opening an account, an initial user ID and an initial password are set. For example, the initial user ID is a combination of a branch number and an account number. Also, for example, the initial password is a random value set on the "ZZZ Bank" side. These initial values are notified to the user using documents, e-mail, or the like. The user ID and password can be changed at any timing after the first login.

The user may log into any account the first time the app is launched. Here, an example is given in which the user logs into the account of "XYZ branch" when the application is started for the first time. For example, the user enters the user ID of the "XYZ Branch" account in the input form F20. Also, for example, the password of the account of "XYZ Branch" is entered in the input form F21. When the user selects the button B22, the input user ID and password are transmitted to the server 10. FIG. The server 10 confirms the validity of the entered user ID and password. After confirming the validity of these, the server 10 permits login to the account of "XYZ branch".

In this embodiment, the user can use quick login, which can omit the input of the user ID at the time of login. When using the application, quick login may be required, or whether or not to use quick login may be arbitrarily selected by the user. Quick Login allows users to log in to their accounts by simply entering their password. The quick login procedure is done for each account. For this reason, a user who has multiple accounts needs to perform the quick login procedures for the number of accounts. When the user uses quick login, the authentication screen G3 is displayed on the terminal 20 after the terms of use and the like are displayed.

The authentication screen G3 is a screen for one-time authentication. One-time authentication is authentication using a one-time key. A one-time key is authentication information that is valid only for one-time authentication. For example, when the user selects button B30, the server 10 issues a one-time key and transmits the one-time key to the user's email address. The one-time key may be transmitted using other means such as SMS. It is assumed that the user's e-mail address is registered in advance when opening an account or issuing a one-time key. The user confirms the one-time key delivered to his/her own e-mail address and enters it into the input form F31.

When the user selects button B32, the entered one-time key is transmitted to server 10. FIG. After confirming the validity of the one-time key, the server 10 permits quick login to the target account (here, the account of "XYZ branch"). The server 10 generates quick login information for using quick login on the terminal 20 of the user.

Quick login information is a type of authentication information used for quick login. The quick login information is information that replaces the user ID. The quick login information may contain an encrypted user ID, or may contain a random value different from the user ID. Also, for example, the quick login information may include information such as the branch name of the account for which quick login is permitted. Note that the user ID may be used as it is as the quick login information. The quick login information may be information that is effective only once, such as a one-time key, or may not be limited in number of times. A validity period may be set for the quick login information.

The server 10 transmits the generated quick login information to the terminal 20 . The terminal 20 receives the quick login information, records it in the storage unit 22, and displays the completion screen G4. The completion screen G4 is a screen indicating that the quick login procedure has been completed. When the completion screen G4 is displayed, the registration of the quick login information corresponding to the "XYZ branch" account in the application of the terminal 20 is completed.

Thereafter, the user can log into the account of "XYZ branch" using quick login. For example, a user can log into an "XYZ Branch" account by simply entering the password for this account. At that time, the terminal 20 transmits to the server 10 quick login information corresponding to the account of "XYZ Branch" registered in the application. The server 10 confirms the validity of the quick login information and password, and permits login to the account of "XYZ branch".

In this embodiment, quick login information for each of a plurality of accounts owned by a single user can be registered for a single application under certain conditions. For example, the user can select the button B40 on the completion screen G4 in FIG. 2 to display the top screen on the terminal 20, and add quick login information corresponding to another account ("ABC Branch" account) to the application.

FIG. 3 is a diagram showing the flow of adding quick login information corresponding to another account to the application. The top screen G5 is a screen that is displayed after the login procedure for at least one account is completed, and is different from the initial activation screen G1. Here, since the procedure for quick login to the account of "XYZ branch" has been completed, the input form for inputting the user ID is not displayed on the top screen G5. When the user enters the password in the input form F50 and selects the button B51, quick login to the account of "XYZ branch" is performed.

In the top screen G5, when the user selects the image I52 labeled "Add a branch account to be logged in", a guidance screen G6 is displayed on the terminal 20. FIG. In this embodiment, a user having an account of "ABC Branch" can register quick login information for each of a plurality of accounts in one application. The guidance screen G6 is a screen for guiding this point. Since the user has already opened an account with "ABC Branch", he can add the quick login information for this account to his app.

When the user selects the button B60, the login screen G2 is displayed on the terminal 20. FIG. The login screen G2 has the same contents as in FIG. The user enters the user ID of the "ABC branch" account in the input form F20, and enters the password of the "ABC branch" account in the input form F21. When the user selects the button B22, the input user ID and password are transmitted to the server 10. FIG.

In this embodiment, when a certain user adds the quick login information of his (the user's) other account to the application, the procedure must be performed from the same application on the same terminal 20 . Therefore, when the server 10 receives the user ID and password and confirms their validity, the application of the terminal 20 that permits quick login to the account of "XYZ branch" and the quick login to the account of "ABC branch" is the same as the application of the terminal 20 under procedure.

Information identifying the application of the terminal 20 that permits quick login to the account of "XYZ branch" is recorded in the server 10 when the quick login is permitted. The server 10 determines the identity of the application based on this information. After confirming the identity of the application, the server 10 permits quick login to the account of "ABC Branch" using this application. If the server 10 cannot confirm the identity of the application, it does not permit the quick login of the account of "ABC branch".

When quick login to the account of "ABC branch" is permitted, the authentication screen G3 described with reference to FIG. After that, the quick login procedure for the "ABC branch" account is performed in the same way as the quick login procedure for the "XYZ branch" account, and the quick login information corresponding to the "ABC branch" account is added to the app. . From now on, users will be able to quick login to both accounts from one app.

As for the method of logging in to the account, the normal login in which the user ID and password are entered and the quick login in which only the password is entered have been described, but any other login method can be used. For example, login using biometric authentication by the terminal 20 may be possible. In this embodiment, fingerprint authentication is taken as an example, but other biometric authentication such as face authentication or vein authentication may be used.

When a user uses biometric authentication, it is possible to log in to an account simply by performing biometric authentication without entering both a user ID and a password. Biometric authentication becomes available after a predetermined usage procedure is performed. This procedure may be performed in the same flow as the quick login procedure, and shall be performed while logged into the account. When the server 10 permits biometric authentication, information identifying that effect is recorded in the application. In using biometric authentication, it may be necessary to complete a quick login procedure, or biometric authentication may be available even if the quick login procedure has not been completed.

FIG. 4 is a diagram showing a flow of a user logging into an account using biometric authentication. As shown in FIG. 4, the top screen G5 after completing the biometric authentication procedure has a partially different layout from the top screen G5 in FIG. For example, on the top screen G5 of FIG. 4, when the user inputs the user ID and password in the input forms F53 and F54 and selects the button B55, normal login can be performed. Also, for example, the user can use quick login even after completing the biometric authentication procedure.

When the user selects button B56, window W57 is displayed on terminal 20. FIG. When the window W57 is displayed, the biometric authentication function installed in the OS of the terminal 20 is activated. Note that an application-specific biometric authentication function may exist instead of the biometric authentication function of the OS. After confirming the window W57, the user presses his/her finger against the operation unit 24 of the terminal 20 to read the fingerprint pattern. Terminal 20 performs fingerprint authentication based on the detected fingerprint pattern and the fingerprint pattern registered in advance in storage unit 22 .

A window W58 is displayed on the terminal 20 when the fingerprint authentication is successful. A window W58 is a window for selecting an account whose quick login information is registered in the application. Here, the window W58 displays an account of "ABC branch" and an account of "XYZ branch" in a selectable manner. That is, the user cannot see which account's quick login information is registered in the app until the biometric authentication is successful. The user can view this information after successful biometric authentication. Therefore, even if a third party activates the application of the terminal 20, the third party cannot see which account's quick login information is registered in the application.

For example, when the user selects the account of "XYZ Branch" from the window W58, the account information screen G7 is displayed on the terminal 20 after logging in to this account. The login to this account may be executed according to the flow of biometric authentication described above. The account information screen G7 is a screen for displaying information about the logged-in account.

As shown in FIG. 4, the account information screen G7 displays various information related to the account of "XYZ branch" logged in by the user, such as the branch name, account type, account number, and deposit balance. be done. The user can display the deposit/withdrawal details of this account and use various services such as transfer using this account. The user can switch from being logged into the "XYZ branch" account to being logged into the "ABC branch" account.

FIG. 5 is a diagram showing the flow of switching between different accounts within the application. When the user performs a predetermined operation on the account information screen G7 in FIG. 4, a menu screen G8 is displayed on the terminal 20 as shown in FIG. The menu screen G8 is a screen for making various settings related to the application. In this embodiment, an operation to switch accounts can be performed from the menu screen G8. For example, when the user selects an image I80 on which "switch account" is written, a window W81 is displayed on the terminal 20. FIG. A window W81 displays another account that is not being used by the application so that it can be selected. If three or more accounts can be registered in the application, window W81 displays two or more different accounts in a selectable manner.

In the example of FIG. 5, since the user is currently using the account of "XYZ branch" in the application, the account of "ABC branch" that is not used in the application is displayed in a selectable manner in window W81. When the user selects the "ABC branch" account from the window W81, the terminal 20 displays an account information screen G7 showing information about this account. The login to the "ABC branch" account may be executed when the "ABC branch" account is selected in the window W81, or may be executed when the first biometric authentication is successful.

As described above, in the login management system 1, the application of the terminal 20 that performs the quick login procedure for the account of "ABC branch" and the application of the terminal 20 that is permitted to quick login to the account of "XYZ branch" are the same. , security is enhanced by permitting quick login to the account of "ABC Branch". Details of the configuration of the login management system 1 will be described below.

[3. Functions realized in the present embodiment]
FIG. 6 is a functional block diagram showing functions implemented in this embodiment. Here, each function of the server 10 and the terminal 20 will be described.

[3-1. Functions implemented in the server]
As shown in FIG. 6, the server 10 includes a data storage unit 100, a first receiving unit 101, a first permission unit 102, a second receiving unit 103, a terminal determination unit 104, a nominee determination unit 105, and a second permission unit. 106 is implemented. The data storage unit 100 is realized mainly by the storage unit 12, and other functions are mainly realized by the control unit 11. FIG.

[Data storage part]
The data storage unit 100 stores data necessary for executing the processing described in this embodiment. Here, an account database DB will be described as an example of data stored in the data storage unit 100 .

FIG. 7 is a diagram showing a data storage example of the account database DB. As shown in FIG. 7, the account database DB is a database in which various types of information related to accounts opened in "ZZZ Bank" are stored. For example, the account database DB stores user IDs, passwords, branch numbers, branch names, account numbers, holders, balances, one-time keys, terminal information, and e-mail addresses. Information stored in the account database DB is not limited to these. Arbitrary information may be stored in the account database DB, such as quick login information or its decryption key, deposit/withdrawal details, or user's address.

A record is created for each account in the account database DB, and information of each account is stored. A user ID is information that uniquely identifies an account. In this embodiment, a user ID is set for each account, so if one user has multiple accounts, the user ID of one account and the user IDs of the other accounts are different. . Similarly, passwords are set for each account, but if the user accidentally sets the same password for multiple accounts, the password for one account may be the same as the password for other accounts. be.

The terminal information is information that uniquely identifies the terminal 20 . In this embodiment, the terminal information is information that uniquely identifies an application installed on the terminal 20 . For example, the terminal information is issued by the server 10 each time an application is installed. Therefore, even if the terminal 20 is the same, when the application is reinstalled, the terminal information becomes a new value. When the quick login information is registered in the application, the terminal information corresponding to the application is stored in the account database DB.

Note that the terminal information is not limited to the above examples. For example, the terminal information may be the same even if the application is reinstalled. Further, for example, the terminal information may be individual identification information (serial ID) of the terminal 20, information such as a telephone number stored in a SIM card, or the IP address of the terminal 20, or the like. In these cases, the terminal information does not change even if the application is reinstalled. In this case, after the quick login information of the first account and the second account is registered in the application of the terminal 20, even if the application is deleted and reinstalled, quick login is not performed again, and quick login is not performed. may be allowed.

[First receiver]
A first receiving unit 101 receives a first request for logging into a first account among a plurality of accounts owned by a user. In this embodiment, multiple accounts correspond to multiple accounts owned by a user, respectively. is any one of The first account may be specified by the user or may be specified by the login management system 1 side. In this embodiment, the account of "XYZ Branch" corresponds to the first account. Therefore, the description of the "XYZ branch" account in this embodiment can be read as the first account. For example, the first account is the account that is registered first when the application is launched for the first time. The first account can also be said to be an account that starts using the application before the second account.

In this embodiment, the first account can be logged in with a plurality of login methods. Note that the first account may be loginable by only one login method. A login method is an authentication method at the time of login. Different login methods use different credentials. If the login method is different, the contents of processing executed at the time of login are different. In this embodiment, three login methods are provided: normal login by entering a user ID and password, quick login by entering only a password, and biometric authentication login using biometric authentication information. A user can use any of these login methods.

The first request is a request for logging into the first account corresponding to the first account, and requests the server 10 to perform processing for logging into the first account. For example, requesting the server 10 to perform preset processing for logging into the first account may correspond to the first request, and requesting to log into the first account may correspond to the first request. good too. A request can also be referred to as an application or a request. In this embodiment, selecting the button B32 on the authentication screen G3 in FIG. 2 to request the server 10 to perform preset processing for quick login to the account of "XYZ branch" corresponds to the first request. Therefore, the description of the request sent by selecting the button B32 in this embodiment can be read as the first request.

For example, the first request is a request to log into the first account using a specific login method among multiple login methods. A particular login method is any of a plurality of login methods. For example, the specific login method is a login method that uses information recorded in the terminal 20 for which the login method is permitted, and omits the input of at least part of the authentication information. This information is the authentication information that is used for a particular login method in place of the authentication information that is used for other login methods. This information may be recorded in the application as part of the application, or may be recorded in the terminal 20 as data separate from the application.

In this embodiment, a case where quick login corresponds to a specific login method and quick login information corresponds to the above information will be described, but other login methods may correspond to a specific login method. For example, since biometric authentication also uses a fingerprint pattern recorded on terminal 20, biometric authentication may correspond to a specific login method, and the fingerprint pattern recorded on terminal 20 may correspond to the above information. In addition, for example, if a login method other than quick login and biometric authentication is adopted, that login method may correspond to a specific login method. For example, passcode authentication, password authentication, or the like may correspond to a specific login method.

The first receiving unit 101 receives a first request from any terminal 20 in the login management system 1 . In this embodiment, the user uses the application of the terminal 20 to log in to the first account, so the first receiving unit 101 receives the first request transmitted by the application of the terminal 20 . The first request may contain arbitrary information, for example, the user ID of the first account for which quick login is to be set, a one-time key, and terminal information.

[First Permit Department]
The first permitting unit 102 permits the terminal 20 that has transmitted the first request to log in to the first account. In this embodiment, since the user logs into the account using the application, the first permitting unit 102 permits login to the first account using the application of the terminal that transmitted the first request. Permitting login means executing preset processing for allowing the terminal 20 that sent the first request to log in to the first account, or allowing the terminal 20 that sent the first request to log in to the first account. is.

The first permission unit 102 determines whether or not the terminal 20 that has transmitted the first request satisfies a predetermined condition. The first permitting unit 102 does not permit the terminal 20 that has transmitted the first request to log in to the first account if it is determined that the predetermined condition is not satisfied, and if it determines that the predetermined condition is satisfied, the first permission unit 102 permits the terminal 20 to log in to the first account. 1. The terminal 20 that sent the request is permitted to log in to the first account.

The predetermined condition is a condition for permitting login to the first account. The predetermined condition may be any condition that can be determined based on the information received from the terminal 20 that transmitted the first request. For example, the predetermined condition is receiving valid authentication information or receiving predetermined terminal information. In this embodiment, receiving the authentication information associated with the first account corresponds to the predetermined condition.

For example, when receiving the authentication information associated with the first account from the terminal 20 that transmitted the first request, the first permission unit 102 permits the terminal 20 to log in to the first account. The authentication information associated with the first account is information proving the legitimacy of the user who has the first account. In this embodiment, the one-time key associated with the first account corresponds to this authentication information, but at least one of the user ID and password associated with the first account corresponds to this authentication information. You may

The first permission unit 102 determines whether or not the one-time key associated with the first account has been received from the terminal 20 that transmitted the first request. For example, the first permission unit 102 determines whether or not the one-time key received from the terminal 20 that transmitted the first request matches the one-time key associated with the first account in the account database DB. . The first permission unit 102 does not permit login to the first account if they do not match, and permits login to the first account if they match.

In this embodiment, since the first request is a request for logging in using a specific login method, the first permitting unit 102 instructs the terminal 20 that has transmitted the first request to log in to the first account using a specific login method. To give permission. For example, when a predetermined condition is satisfied, the first permitting unit 102 permits the terminal 20 that transmitted the first request to log in to the first account by quick login.

In the present embodiment, the specific login method is a login method that uses information recorded in the terminal 20, so the first permission unit 102 allows the terminal 20 that has permitted login to the first account to use the specific login method. Record the information for logging into the first account. For example, when a predetermined condition is satisfied, the first permitting unit 102 generates quick login information for the first account, transmits it to the terminal 20 that transmitted the first request, and records it in the terminal 20 . The quick login information for the first account may be generated by any method. For example, the first authorization unit 102 encrypts the user ID with a predetermined encryption key to generate quick login information. The first permission unit 102 stores the decryption key corresponding to this encryption key in the account database DB.

[Second receiver]
A second receiving unit 103 receives a second request for logging into a second account of the plurality of accounts. The second account is any one of a plurality of accounts that one user has at one financial institution. The second account may be specified by the user or may be specified by the login management system 1 side. In this embodiment, the account of "ABC branch" corresponds to the second account. Therefore, the description of the "ABC branch" account in this embodiment can be read as the second account.

The second account is an account registered in the app after the first account. The order in which multiple accounts owned by the user are registered in the application may be arbitrary. For example, after the account of "ABC branch" is registered, the account of "XYZ branch" may be registered. In this case, the account of "ABC branch" corresponds to the first account, and the account of "XYZ branch" corresponds to the second account.

In this embodiment, the second account can be logged in using multiple login methods. The login method for the first account and the login method for the second account may be the same or different. It should be noted that the second account may be loginable by only one login method.

The second request is a request for logging into the second account corresponding to the second account, and requests the server 10 to perform processing for logging into the second account. The user can make the second request only under certain conditions, for example, the user can only make the second request while logged into the first account. Note that the second request may be permitted under other conditions, for example, it may be permitted when face authentication or the like is successful regardless of whether or not the user is logged into the first account. For example, requesting the server 10 to perform preset processing for logging into the second account may correspond to the second request, and requesting to log into the second account may correspond to the second request. good too. In the present embodiment, the button B32 of the authentication screen G3 displayed after the login screen G2 in FIG. 3 is selected to request the server 10 to perform preset processing for quick login to the account of "ABC branch". , corresponds to the second request. Therefore, the description of the request sent by selecting the button B32 in this embodiment can be read as the second request.

For example, the second request is a request to log into the second account using a specific login method among multiple login methods. The semantics of specific login methods are as described above. In this embodiment, quick login corresponds to a specific login method, so the second request is a request for quick login to the second account.

A second receiving unit 103 receives a second request from any terminal 20 in the login management system 1 . In this embodiment, the user uses the application of the terminal 20 to log in to the second account, so the second receiving unit 103 receives the second request transmitted by the application of the terminal 20 . The second request may contain arbitrary information, for example, the user ID of the second account for which quick login is to be set, a one-time key, and terminal information.

[Terminal determination part]
The terminal determination unit 104 determines whether the terminal 20 that transmitted the second request and the terminal 20 permitted by the first permission unit 102 are the same. In this embodiment, the user transmits the second request using the application of the terminal 20, so the terminal determination unit 104 determines whether the application of the terminal that transmitted the second request and the terminal permitted by the first permission unit 102 is the same as the application of .

In the present embodiment, since the terminal information is included in each of the first request and the second request, the terminal determination unit 104 determines the terminal information included in the second request of the terminal 20 that transmitted the second request and the first request. It is determined whether or not the terminal information included in the first request transmitted by the terminal 20 permitted by the permitting unit 102 matches. The terminal determination unit 104 determines that the terminals 20 are not the same when they do not match, and determines that the terminals 20 are the same when they match.

For example, the terminal determination unit 104 determines whether or not the terminal information included in the second request exists in the account database DB. The terminal determination unit 104 determines that the terminals 20 are not the same when the terminal information does not exist in the account database DB, and determines that the terminals 20 are the same when the terminal information exists in the account database DB. do. Note that the terminal 20 may transmit the registered quick login information of the first account together with the second request. In this case, the terminal determination unit 104 determines whether or not the terminal information included in the second request is the same as the terminal information associated with the first account corresponding to the received quick login information. good.

[Nominee Judgment Department]
The nominee determination unit 105 determines whether or not the nominee of the first account and the nominee of the second account are the same. For example, the nominee determination unit 105 refers to the account database DB, and acquires the nominee of the first account determined to be the same by the terminal determination unit 104 and the nominee associated with the second account. to determine whether they match. The nominee determination unit 105 determines that the nominees are not the same when they do not match, and determines that the nominees are the same when they match. A match of the right holder may be required to be an exact match or a partial match. In the case of partial match, it may be required that a predetermined percentage or more (for example, 80% or more) of the character strings of the nominees match.

[Second Permit Department]
The second permitting unit 106 permits the terminal 20 that has transmitted the second request to log in to the second account when the terminal determining unit 104 determines that they are the same. In the present embodiment, since the user logs into the account using the application, the second permission unit 106, if the terminal determination unit 104 determines that the two are the same, the application of the terminal 20 that transmitted the second request. to allow login to the second account using Permitting login means executing preset processing for allowing the terminal 20 that has sent the second request to log in to the second account, or allowing the terminal 20 that has sent the second request to log in to the second account. is.

A condition other than being determined to be the same by the terminal determination unit 104 may be set for permitting login to the second account. For example, the second permission unit 106 determines whether or not the terminal 20 that has transmitted the second request satisfies a predetermined condition. The second permission unit 106 does not permit the terminal 20 that has transmitted the second request to log in to the second account if it is determined that the predetermined condition is not satisfied, and if it determines that the predetermined condition is satisfied, the second permission unit 106 does not permit the second request to log in to the second account. 2. The terminal 20 that sent the request is permitted to log in to the second account.

The predetermined condition is a condition for permitting login to the second account. The predetermined condition may be any condition that can be determined based on the information received from the terminal 20 that transmitted the second request. For example, the predetermined condition is receiving valid authentication information or receiving predetermined terminal information. In this embodiment, receiving the authentication information associated with the second account corresponds to the predetermined condition.

When the second permission unit 106 receives the authentication information associated with the second account from the terminal 20 that is determined to be the same by the terminal determination unit 104 and has transmitted the second request, the terminal 20 Allow login to the second account. The authentication information associated with the second account is information proving the legitimacy of the user who has the second account. In this embodiment, the one-time key associated with the second account corresponds to this authentication information, but at least one of the user ID and password associated with the second account corresponds to this authentication information. You may

The second permission unit 106 determines whether or not the one-time key associated with the second account has been received from the terminal 20 that transmitted the second request. For example, the second permission unit 106 determines whether or not the one-time key received from the terminal 20 that transmitted the second request matches the one-time key associated with the first account in the account database DB. . The second permission unit 106 does not permit login to the second account if they do not match, and permits login to the second account if they match.

Note that the predetermined condition may be another condition. In this embodiment, matching of the right holder also corresponds to the predetermined condition. For example, when the terminal determining unit 104 determines that the two are the same and the nominee determining unit 105 determines that the two are the same, the second permission unit 106 sends the second request to the terminal 20 that transmitted the second request. Allow login to account. The second permission unit 106 does not permit login to the second account when at least one of the terminal determination unit 104 and the nominee determination unit 105 makes a negative determination, and both of these determinations are affirmative. login to the second account is permitted.

In this embodiment, since the second request is a request for logging in using a specific login method, the second authorization unit 106 instructs the terminal 20 that has transmitted the second request to log in to the second account using a specific login method. To give permission. For example, if the terminal determination unit 104 determines that they are the same and a predetermined condition is satisfied, the second permission unit 106 instructs the terminal 20 that transmitted the second request to access the second account by quick login. login.

In the present embodiment, the specific login method is a login method that uses information recorded in the terminal 20, so the second permission unit 106 allows the terminal 20 that has permitted login to the second account to use the specific login method. Record information for logging into the second account. For example, when a predetermined condition is satisfied, the second permission unit 106 generates quick login information for the second account, transmits it to the terminal 20 that transmitted the second request, and records it in the terminal 20 . The quick login information for the second account may be generated by any method. For example, the second authorization unit 106 encrypts the user ID with a predetermined encryption key to generate quick login information. The second permission unit 106 stores the decryption key corresponding to this encryption key in the account database DB.

Note that, in this embodiment, when an application that is permitted to log in to the first account and the second account is deleted, the re-installed application must be permitted by the first permission unit 102 to log in to the first account. is required, and permission from the second permission unit 106 is required to log in to the second account. For example, when an app is deleted from the terminal 20, the quick login information registered in that app is also deleted. Therefore, when the application is reinstalled on the terminal 20, the quick login procedure must be redone from the beginning.

[3-2. Functions implemented in the terminal]
As shown in FIG. 6 , the terminal 20 implements a data storage unit 200 , a guide unit 201 , an authentication unit 202 , a display control unit 203 and a switching unit 204 . The data storage unit 200 is implemented mainly by the storage unit 22, and the other functions are implemented mainly by the control unit 21. FIG.

[Data storage part]
The data storage unit 200 stores data necessary for the processing described in this embodiment. For example, the data storage unit 200 stores installed applications, terminal information corresponding to the applications, and biometric authentication information of the user. The biometric authentication information stored in the data storage unit 200 is authentication information that is correct for biometric authentication. For example, the data storage unit 200 stores, as biometric authentication information, a fingerprint pattern registered by the user and a feature amount of the face. Further, for example, when the login to the first account is permitted by the first permission unit 102, the data storage unit stores the quick login information of the first account. Further, for example, when the login to the second account is permitted by the second permission unit 106, the data storage unit stores the quick login information of the second account.

[Information part]
In this embodiment, when at least one of the first account and the second account is an account of a specific branch, one terminal 20 is permitted to log in to the first account and the second account. The meaning of the specific branch is as described above. In this embodiment, "ABC branch" corresponds to a specific branch. Login to 2 accounts is allowed. For example, the second permission unit 106 permits login to the second account when the first account or the second account is an account of "ABC branch", and both the first account and the second account are other If it is a branch account, login to the second account is not permitted.

The guide unit 201 guides the terminal 20 permitted to log in to the first account that the second account can be added to the terminal 20 if the second account is a specific branch. Guidance is the output of information in a manner perceivable by the user. Guidance may be provided visually using images, or audibly using audio. In this embodiment, the guidance unit 201 provides guidance by causing the terminal 20 to display a guidance screen G6. For example, as shown in FIG. 3, the guidance unit 201 displays the branch number and branch name of a specific branch, or displays a message indicating that multiple accounts can be registered in the application if there is an account at this branch. let Note that the guidance may be provided using e-mail or the like instead of being provided within the application.

[Authentication part]
The authentication unit 202 performs authentication based on the information input to the terminal 20 when the terminal 20 permitted by the first permission unit 102 and the second permission unit 106 has logged out of the first account and the second account. conduct. A state of being logged out of the first account and the second account is a state of not being logged in to both of them. The user can log out from the first account and the second account at any timing after the first permission unit 102 and the second permission unit 106 have given permission. For example, the user may be automatically logged out when the application is closed, or automatically logged out when there is no operation for a certain period of time. Alternatively, for example, the user may be logged out when the user performs a predetermined logout operation.

The authentication unit 202 can perform authentication using any authentication method. The authentication performed by the authentication unit 202 may be the same as or different from the authentication for logging into each of the first account and the second account. In the present embodiment, a case where the authentication unit 202 performs biometric authentication will be described, but authentication may be performed using another authentication method. For example, the authentication unit 202 may perform authentication using passcode authentication, password authentication, password authentication, or the like. The authentication unit 202 performs authentication based on the authentication information input by the user and the correct authentication information stored in the data storage unit 200 . For example, the authentication unit 202 performs authentication based on the fingerprint pattern input from the operation unit 24 and the fingerprint pattern stored in the data storage unit. If another authentication method is used, the authentication unit 202 may perform processing according to that authentication method.

[Display control part]
The display control unit 203 does not display the information on the first account and the second account until the authentication by the authentication unit 202 succeeds, and displays the information on the first account and the second account when the authentication succeeds. . This information is information that can identify each of the first account and the second account, such as branch name, branch number, account number, or name holder. Successful authentication is a condition for displaying these pieces of information. As shown in FIG. 4, the display control unit 203 displays a window W57 on the top screen G5 and does not display the branch names of the first and second accounts until the biometric authentication is successful. When the biometric authentication is successful, the display control unit 203 displays a window W58 showing the branch names of the first account and the second account.

[Switching part]
The switching unit 204 switches between a state in which the terminal 20 is logged in to the first account and a state in which the terminal 20 is logged in to the first account based on a predetermined switching operation input to the terminal 20 permitted by the first permission unit 102 and the second permission unit 106. is logged into the second account. The switching operation may be any operation that can be input by the user, and in this embodiment, it is an operation of selecting the image I80 of the menu screen G8 or an operation of selecting a branch within the window W81. In the switching operation, either the first account or the second account can be designated.

For example, when the switching operation designates the first account, the switching unit 204 transmits the quick login information of the first account to the server 10 . After confirming the validity of the quick login information, the server 10 refers to the account database DB, acquires information such as the account balance of the first account, and transmits the information to the terminal 20 . The switching unit 204 receives this information and causes the display unit 25 to display the account information screen G7 of the first account. If the login processing for both the first account and the second account is completed when the biometric authentication is successful, the login processing for the first account does not have to be executed at the time of switching by the switching unit 204 .

Further, for example, when the switching operation designates the second account, the switching unit 204 transmits the quick login information of the second account to the server 10 . After confirming the validity of the quick login information, the server 10 refers to the account database DB, acquires information such as the account balance of the second account, and transmits the information to the terminal 20 . The switching unit 204 receives this information and causes the display unit 25 to display the account information screen G7 of the second account. If the login processing for both the first account and the second account is completed when the biometric authentication is successful, the login processing for the second account does not have to be executed at the time of switching by the switching unit 204 .

[4. Processing executed in the present embodiment]
8 to 11 are flow diagrams of the processing performed in this embodiment. The processes shown in FIGS. 8 to 11 are executed by each of control units 11 and 21 operating in accordance with programs stored in storage units 12 and 22, respectively. These processes are examples of processes executed by each functional block. Here, among the processes executed by the login management system 1, mainly the process of registering the quick login information of each of the multiple accounts in the application will be described.

As shown in FIG. 8, the terminal 20 accesses an application distribution server, downloads and installs the application (S1). The terminal 20 activates the application based on the operation received by the operation unit 24, and causes the display unit 25 to display the initial startup screen G1 (S2). When each screen such as the initial activation screen G1 is displayed, information necessary for screen display may be transmitted and received between the server 10 and the terminal 20, and the screen display processing may be completed only within the application of the terminal 20. You may

Note that the terminal 20 may transmit to the server 10 a request to issue terminal information that uniquely identifies the terminal 20 or the application when the application is activated for the first time. Upon receiving the issue request, the server 10 issues terminal information based on a predetermined issue rule so as not to overlap with other terminal information, and transmits the terminal information to the terminal 20 . The terminal 20 receives the terminal information and records it in the storage unit 22 . Note that the terminal information may be issued at other timings, such as at the time of downloading or installing an application, for example.

When the user selects the image I10, the terminal 20 causes the display unit 25 to display the login screen G2 (S3). In S3, the terminal 20 accepts the input of the user ID to the input form F20 and the input of the password to the input form F21 based on the detection signal of the operation unit 24. FIG.

When the user selects the button B22, the terminal 20 transmits to the server 10 a first request for logging into the first account indicated by the user ID entered in the input form F20 (S4). The first request shall include the user ID entered in the input form F20, the password entered in the input form F21, and the terminal information.

Upon receiving the first request, the server 10 confirms the validity of the user ID and password based on the account database DB (S5). In S5, the server 10 determines whether or not the combination of the user ID and password included in the login request exists in the account database DB. If the validity is not confirmed (S5; N), the server 10 transmits an error message to the terminal 20, and the process ends. In this case, login to the account is not performed and the quick login procedure is not performed.

On the other hand, if the validity is confirmed (S5; Y), the server 10 transmits a success notification indicating that the authentication has succeeded (S6). If the validity is confirmed, the terminal information may be stored in the account database DB. Upon receiving the notification of success, the terminal 20 displays the authentication screen G3 on the display unit 25 if the user desires the quick login procedure (S7). If the user does not desire the quick login procedure, the process from S7 onwards is not executed, and this process may end. When the user selects the button B30, the terminal 20 transmits a one-time key issue request to the server 10 (S8).

Upon receiving the issue request, the server 10 issues a one-time key and sends it to the user's email address (S9). In S9, the server 10 issues a one-time key so as not to overlap with other issued one-time keys, and stores it in the account database DB in association with the user ID of the account for which the quick login procedure is to be performed.

The user confirms the one-time key described in the e-mail using the terminal 20 or the like, and enters it into the input form F31. When the user selects the button B32, the terminal 20 transmits the one-time key entered in the input form F31 and the terminal information stored in the storage unit 22 to the server 10 (S10). In addition, in S10, terminal information does not need to be transmitted. In this case, the server 10 may refer to the terminal information included in the first request. In S10, information such as the user ID of the first account may be transmitted.

When receiving the one-time key and the terminal information, the server 10 confirms the validity of the received one-time key based on the one-time key issued in S10 (S11). If the validity is not confirmed (S11; N), the server 10 transmits an error message to the terminal 20, and ends this process. In this case, the quick login procedure is not completed.

On the other hand, when the validity is confirmed (S11; Y), the server 10 permits quick login to the first account, and stores the terminal information received from the terminal 20 in the account database DB (S12). Moving to FIG. 9, the server 10 generates quick login information and transmits it to the terminal 20 (S13). In S13, the server 10 stores the terminal information in the record of the account for which the quick login procedure is performed, in the account database DB. In S13, the server 10 encrypts the user ID with the encryption key to generate quick login information, and stores the decryption key in the record.

Upon receiving the quick login information, the terminal 20 records the quick login information in the storage unit 22 and displays the completion screen G4 on the display unit 25 (S14). When the user selects the button B40, the terminal 20 causes the display unit 25 to display the top screen G5 (S15). The top screen G5 displayed in S15 is in the state of FIG. 3 or FIG. When the user enters a password in the input form F50 and selects the button B51, quick login is executed. Here, processing when the user selects the image I52 or when the user selects the button B56 will be described.

When the user selects the image I52 (S15; add account), the terminal 20 causes the display unit 25 to display the guidance screen G6 (S16). The terminal 20 displays the login screen G2 on the terminal 20 when the user selects the button B60 (S17). The subsequent processes of S18 and S19 are the same as the processes of S4 and S5, except that the second request is transmitted in S18.

In S19, if the validity of the user ID and password of the second account is confirmed (S19; Y), the server 10 connects the application of the terminal 20 that sent the user ID and password and the terminal in which the quick login information is registered. 20 is the same as the application (S20). In S20, the server 10 determines whether the terminal information included in the second request received in S19 exists in the account database DB.

If it is determined that the terminal information is not the same (S20; N), the server 10 transmits an error message to the terminal 20, and this process ends. In this case, no quick login information is added to the app. On the other hand, if it is determined that the terminal information is the same (S20; Y), the server 10 determines that the terminal information is the same as the name of the account to be added to the application in S21 based on the account database DB. is the same as the account holder determined as (S21).

If it is not determined that the holders are the same (S21; N), the server 10 transmits an error message to the terminal 20, and ends this process. In this case, no quick login information is added to the app. On the other hand, if it is determined that the holders are the same (S21; Y), the server 10 transmits a success notification indicating that the legitimacy has been confirmed to the terminal 20 (S22). The subsequent processing of S23-S30 is the same as the processing of S7-S14, but differs in that the quick login procedure for the second account is executed.

In S15 of FIG. 9, when the user selects the button B56 (S15; biometric authentication), the process moves to FIG. 11, and the terminal 20 causes the display unit 25 to display the window W57 (S31). The terminal 20 executes fingerprint authentication based on the input to the operation unit 24 (S32). In S<b>32 , terminal 20 performs fingerprint authentication based on the fingerprint pattern detected by operation unit 24 and the fingerprint pattern stored in storage unit 22 .

If the fingerprint authentication fails (S32; N), an error message is displayed on the display unit 25, and this process ends. In this case, login to any account is not performed. On the other hand, if the fingerprint authentication is successful (S32; Y), the control unit 11 causes the display unit 25 to display a window W58 in which each of a plurality of accounts whose quick login information is registered can be selected (S33). When the user selects an account displayed in window W58, control unit 11 transmits a login request to the selected account (S34). It is assumed that this login request contains information identifying successful biometric authentication. At this point, all accounts registered in the application may be logged in, or only the accounts selected by the user may be logged in.

Upon receiving the login request, the server 10 causes the user to log in to the account selected by the user based on the account database DB, and transmits information on the account to the terminal 20 (S35). When receiving the information about the account, the terminal 20 causes the display unit 25 to display the account information screen G7 (S36). Here, a case where the user performs a menu display operation for displaying the menu screen G8 or another operation will be described.

When the user performs a menu display operation (S36; menu), the terminal 20 displays the menu screen G8 on the display unit 25 (S37). When the user selects the image I80, the terminal 20 causes the display unit 25 to display a window W81 from which another account that is not in use can be selected from a plurality of accounts whose quick login information is registered in the application ( S38).

When the user selects another account displayed on the window W81, the terminal 20 shifts to the process of S34. In this case, the user logs into another account of his choice and the information about that account is sent to the terminal 20 . In the subsequent processing of S35, the account information screen G7 of the other account is displayed. In S36, if the user performs another operation (S36; other operation), the terminal 20 executes a process corresponding to the other operation (S39), and ends this process.

According to the login management system 1 described above, when it is determined that the terminal 20 that transmitted the second request and the terminal 20 permitted to log in to the first account are the same, the second request To improve security by preventing a terminal 20 of a third person, who is not permitted to log in to the first account, from logging in to the second account by permitting the terminal 20 that sent the message to log in to the second account. can be done.

Further, when it is determined that the terminal 20 that has transmitted the second request and the terminal 20 that is permitted to log in to the first account are the same, the login management system 1 performs the second request using the specific login method. By permitting login to the account, it is possible to prevent login to the second account from a terminal 20 of a third party who is not permitted to login to the first account by a specific login method, thereby effectively enhancing security. be able to.

In addition, the login management system 1 uses the quick login information recorded in the terminal 20 to log in to each of the first account and the second account by quick login that can omit the input of at least part of the authentication information. To give permission. When the quick login information is distributed and registered in a plurality of terminals 20, the probability of the quick login information being leaked increases. , can effectively enhance security.

Further, when it is determined that the name of the first account and the name of the second account are the same, the login management system 1 allows the terminal 20 that transmitted the second request to log in to the second account. can be prevented from logging in from one terminal 20 to a plurality of accounts with different names. As a result, a third party can be prevented from illegally accessing multiple accounts with different names, and security can be effectively enhanced.

Further, when the login management system 1 receives the authentication information associated with the first account from the terminal 20 that transmitted the first request, the login management system 1 permits the terminal 20 to log in to the first account, When the authentication information associated with the second account is received from the terminal 20 that sent the request, the terminal 20 to which valid authentication information has been input by permitting the terminal 20 to log in to the second account. can be allowed to log in to effectively enhance security.

In addition, the login management system 1 permits the application of the terminal 20 that sent the second request to log in to the second account, thereby effectively improving security when the user uses the application to use the service. can be enhanced.

Further, the login management system 1 does not display the information about the first account and the second account until the authentication succeeds, and displays the information about the first account and the second account when the authentication succeeds. Therefore, a third party cannot see the information about the first account and the second account just by activating the terminal 20, and the security can be effectively enhanced.

In addition, the login management system 1 switches between the state in which the terminal 20 is logged in to the first account and the state in which the terminal is logged in to the second account based on a predetermined switching operation, thereby increasing user convenience. can increase

In addition, the login management system 1 improves the user's convenience by notifying the terminal permitted to log in to the first account that the second account can be added if the second account is a specific branch. can be enhanced.

[5. Modification]
It should be noted that the present invention is not limited to the embodiments described above. Modifications can be made as appropriate without departing from the gist of the present invention.

For example, the process of allowing the terminal 20 to log in to multiple accounts owned by the user is not limited to the example described in the embodiment. Login to the first account is permitted when authentication information associated with the first account is entered into the terminal 20, and login to the second account is permitted when authentication information associated with the second account is entered into the terminal 20. login may be allowed. In this case, the identity between the terminal 20 that made the first request and the terminal 20 that made the second request may not be determined. For example, only the identity of the holder of the first account and the holder of the second account may be determined, or the identity of the holders may not be determined either.

Even if login to a plurality of accounts is permitted as described above, the terminal 20, to which login to a plurality of accounts owned by the user is permitted, is logged out from the plurality of accounts. , an authentication unit 202 that performs authentication based on the information input to the terminal, and the information on the multiple accounts is not displayed until the authentication is successful, and when the authentication is successful, the information on the multiple accounts is displayed. and display control means 203 for displaying. In this case as well, security can be enhanced because a third party cannot see information about each of the plurality of accounts just by activating the terminal 20 .

Also, for example, in the embodiment, the case in which the identity of the holder of the first account and the holder of the second account is determined has been described, but their identity need not be determined. Further, for example, in the embodiment, the case where the user logs in using the application of the terminal 20 has been described, but the user may log in using the browser instead of the application. In this case as well, the identity of the terminal 20 from which the user logged into the first account from the browser and the terminal 20 from which the browser requested login to the second account is determined, and if they are the same, the Login to two accounts may be permitted. In this case, the identity of the browser will be determined. The identity of browsers may be determined by information such as cookies. Further, for example, even if the user is logged out of the first account and the second account, information related to the account in which the quick login information is registered may be displayed. Also, for example, the user may be able to open multiple accounts at one financial institution, rather than at a specific branch.

Also, for example, an account has been described as an example of an account, but the login management system 1 can be applied to a situation where arbitrary services other than financial services are used. Therefore, the term "account" in the embodiment can be read as "account". The place where the name holder is described can be read as the user name. The username may be the user's real name or a registered nickname. In addition, the part described as a specific branch can be read as a specific account. A specific account may be a special account that is permitted to have multiple accounts, such as an account that includes a predetermined character string. For example, the login management system 1 may manage logins of users who have multiple SNS accounts. In this case, on the condition that the terminal permitted to log in to the first account of the SNS and the terminal that sent the request to log in to the second account of the SNS are the same, Login to the second account is permitted. In addition, for example, in arbitrary services such as electronic commerce services, travel reservation services, Internet auction services, or electronic payment services, the login management system 1 can be applied to screens where users have multiple accounts.

Further, for example, the data storage unit 100 may be realized by a database server different from the server 10 . Also, for example, the functions described as being implemented in the server 10 may be implemented in the terminal 20 . Also, for example, the functions described as being implemented in the terminal 20 may be implemented in the server 10 . In addition, for example, each function may be realized by another computer, or may be shared by a plurality of computers.

1 login management system, N network, 10 server, 11, 21 control unit, 12, 22 storage unit, 13, 23 communication unit, 20 terminal, 24 operation unit, 25 display unit, DB account database, G1 initial startup screen, G2 Login screen, G3 authentication screen, G4 completion screen, G5 top screen, G6 guidance screen, G7 account information screen, G8 menu screen, B22, B30, B32, B40, B51, B55, B56, B60 buttons, F20, F21, F31 , F50, F53 input form, I10, I52, I80 image, W57, W58, W81 window, 100 data storage unit, 101 first receiving unit, 102 first permission unit, 103 second receiving unit, 104 terminal determination unit, 105 106 Second permission unit 200 Data storage unit 201 Guidance unit 202 Authentication unit 203 Display control unit 204 Switching unit.

Claims (12)

a first receiving means for receiving a first request including terminal information for identifying a terminal from a terminal that has transmitted a first request for logging in with a first user ID among a plurality of user IDs possessed by a user;
a first permitting means for permitting login by the first user ID to the terminal that has transmitted the first request;
a second receiving means for receiving the second request including terminal information identifying the terminal from the terminal that has transmitted the second request for logging in with the second user ID of the plurality of user IDs;
a terminal that has transmitted the second request based on the terminal information included in the first request and the terminal information included in the second request, and a terminal that is permitted by the first permission means; terminal determination means for determining whether or not the are the same;
a second permitting means for permitting login by the second user ID to the terminal that transmitted the second request when the terminal determining means determines that the two are the same;
Login management system including. the first request is a request for logging in with the first user ID using a specific login method among a plurality of login methods;
The first permitting means permits the terminal that has transmitted the first request to log in with the first user ID according to the specific log-in method,
the second request is a request for logging in with the second user ID using the specific login method;
The second permission means permits the terminal that has transmitted the second request to log in with the second user ID according to the specific log-in method.
The login management system according to claim 1. The specific login method is a login method that omits the input of at least a portion of authentication information by using information recorded in a terminal for which the login method is permitted,
The first permitting means records the information for logging in with the first user ID by the specific login method in the terminal permitted to log in with the first user ID,
The second permitting means records the information for logging in with the second user ID by the specific login method in the terminal permitted to log in with the second user ID.
The login management system according to claim 2. The login management system further includes user name determination means for determining whether the user name of the first user ID and the user name of the second user ID are the same,
If the terminal determination means determines that the user name is the same, and the user name determination means determines that the user name determination means is the same, the second permission means sends the second user name to the terminal that transmitted the second request. allow login by ID,
A login management system according to any one of claims 1 to 3. said first permission means, when receiving authentication information associated with said first user ID from a terminal that has transmitted said first request, permits said terminal to log in using said first user ID;
When the second permission means receives the authentication information associated with the second user ID from the terminal that is determined to be the same by the terminal determination means and has transmitted the second request, the terminal permitting login by the second user ID to
A login management system according to any one of claims 1 to 4. The login management system provides an application for using a predetermined service,
The first permission means permits login by the first user ID using the application of the terminal that transmitted the first request,
The terminal determination means determines whether the application of the terminal that transmitted the second request is the same as the application of the terminal permitted by the first permission means,
The second permission means permits login by the second user ID using the application of the terminal that transmitted the second request when the terminal determination means determines that the two are the same.
A login management system according to any one of claims 1 to 5. The login management system includes:
Authentication means for performing authentication based on information input to the terminal in a state where the terminal permitted by the first permission means and the second permission means has logged out of the first user ID and the second user ID. When,
Information about the first user ID and the second user ID is not displayed until the authentication is successful, and information about the first user ID and the second user ID is displayed when the authentication is successful. display control means;
7. The login management system according to any one of claims 1 to 6, further comprising: The login management system, based on a predetermined switching operation input to the terminal permitted by the first permitting means and the second permitting means, controls the state in which the terminal is logged in with the first user ID, and the terminal is logged in with the second user ID, and switching means for switching between
8. The login management system according to any one of claims 1 to 7, further comprising: a first receiving means for receiving a first request for logging into a first account of a plurality of accounts owned by a user;
a first permitting means for permitting the terminal that has transmitted the first request to log in to the first account;
a second receiving means for receiving a second request to log into a second account of the plurality of accounts;
terminal determination means for determining whether the terminal that has transmitted the second request and the terminal permitted by the first permission means are the same;
a second permitting means for permitting the terminal that transmitted the second request to log in to the second account when the terminal determining means determines that they are the same;
including
When at least one of the first account and the second account is a specific account, one terminal is permitted to log in to the first account and the second account,
guidance means for guiding a terminal permitted to log in to the first account that the second account can be added to the terminal if the second account is the specific account;
A login management system, further comprising: The plurality of user IDs correspond to the plurality of accounts held by the user,
the first request is a request for logging into the first account corresponding to the first user ID;
The first permission means permits the terminal that transmitted the first request to log in to the first account,
the second request is a request for logging into a second account corresponding to the second user ID;
the second permission means permits the terminal that sent the second request to log in to the second account;
A login management system according to any one of claims 1 to 8. the computer
a first receiving step of receiving the first request including terminal information for identifying the terminal from the terminal that has transmitted the first request for logging in with a first user ID among a plurality of user IDs possessed by the user;
a first permitting step of permitting login by the first user ID to the terminal that transmitted the first request;
a second receiving step of receiving the second request including terminal information identifying the terminal from the terminal that transmitted the second request for logging in with the second user ID of the plurality of user IDs;
a terminal that has transmitted the second request based on the terminal information included in the first request and the terminal information included in the second request, and a terminal that is permitted by the first permission step; a terminal determination step of determining whether the are the same;
a second permission step of permitting login by the second user ID to the terminal that transmitted the second request when the terminal determination step determines that they are the same;
The login management method to perform. a first receiving means for receiving a first request including terminal information for identifying a terminal from a terminal that has transmitted a first request for logging in with a first user ID out of a plurality of user IDs possessed by the user;
a first permitting means for permitting login by the first user ID to the terminal that transmitted the first request;
second receiving means for receiving the second request including terminal information identifying the terminal from the terminal that has transmitted the second request for logging in with the second user ID of the plurality of user IDs;
a terminal that has transmitted the second request based on the terminal information included in the first request and the terminal information included in the second request, and a terminal that is permitted by the first permission means; terminal determination means for determining whether are the same,
a second permitting means for permitting login by the second user ID to the terminal that transmitted the second request when the terminal determining means determines that they are the same;
A program that allows a computer to function as a

Images