JP7245884B1 - Device programs and computer systems - Google Patents

Abstract

A device program and a computer system are provided that can flexibly cope with a new execution environment while ensuring the information security of the execution environment in which processing related to transactions is executed. Kind Code: A1 In a transaction support system 1, a first device 100 having transaction authority for a user's transaction detects that a user who has authority to use the first device is using the first device, and based on the detection result, A user credential is generated and transmitted to the second device 200 associated with the first device based on the user's request. Based on the user authentication information received from the first device, the second device refers to a second device storage unit that stores second device authentication information for proving the authenticity of the second device, and stores the second device authentication information. to the first device. The first device authorizes the second device to trade based on the second device credentials received from the second device. [Selection drawing] Fig. 1

Description

The present invention relates to device programs and computer systems.

In recent years, there are technologies for executing processing related to transactions in various environments such as IoT devices and online systems.

Patent Literature 1 listed below discloses an authentication system that includes a server device that associates and stores owner IDs and user IDs of ETC card information, and a mobile terminal that performs login authentication using the user IDs. When receiving the user ID from the mobile terminal, this server device determines whether or not the ETC service can be used according to the usage conditions of the ETC card of the owner corresponding to this user ID. Then, when the server device determines that the ETC service can be used, it transmits to the portable terminal billing destination information indicating the billing destination for settlement for using the ETC settlement, and the portable terminal receives the billing destination information from the server. is sent to the ETC on-board device.

Japanese Patent Application Laid-Open No. 2021-140796

By the way, it is demanded to ensure information security in an environment (hereinafter, also simply referred to as "execution environment") in which transaction-related processing is executed. However, in the system disclosed in Patent Document 1, in order to ensure the information security of the execution environment, the mobile terminal reads the vehicle ID of the ETC vehicle-mounted device, and the combination of the vehicle ID and the owner ID is stored in the server. Whether or not the ETC service can be used is determined based on whether the ETC service is available. That is, in the above system, it is necessary to register in the server in advance a combination of a vehicle for which transaction-related processing is to be executed and an owner who has transaction-related authority. For this reason, even when it is desired to immediately execute processing related to transactions, it is necessary to register information in advance in the case of a completely new execution environment, making it difficult to respond flexibly.

Therefore, in order to solve the above problems, the present invention provides a device program and a device program that can flexibly cope with a new environment while ensuring information security of an execution environment for executing processing related to transactions. The purpose is to provide a computer system.

A device program according to one aspect of the present invention is a device program that controls a first device having transaction authority related to a user's transaction and a second device communicably connected to the first device, The device has a detection function for detecting that a user authorized to use the first device is using the first device, and based on the result of the detection, detecting that the user is using the first device. a first generating function for generating user certification information to be certified; an associating function for associating the first device and the second device based on a user's request; and a first transmitting the user certification information to the associated second device and a second device storage function for storing, in a second device, a second device credential proving the authenticity of the second device based on the user credential received from the first device. to implement a second transmission function of transmitting the second device certification information to the first device, and to provide the first device with transaction authority for the second device based on the second device certification information received from the second device. to implement a first authorization function for granting

A device program according to an aspect of the present invention is a device program for controlling a first device having transaction authority related to transactions of a user, wherein a user having authority to use the first device controls the first device. A detection function that detects use of the device, a first generation function that generates user credentials proving that the user is using the first device based on the results of the detection, and a user request a function for associating the first device with the user's account in the cooperation destination system, a first transmission function for transmitting the user authentication information to the associated cooperation destination system, and a function for transmitting the user authentication information from the cooperation destination system based on As a response, a first reception function for receiving account certification information indicating the authenticity of the account, and a second function for granting trading authority as account authority based on the account certification information when account certification information is received from the linked system 1 Realize the authorization function.

A computer system according to an aspect of the present invention includes a first device having transaction authority regarding a user's transaction, a second device communicatively connected to the first device, and capable of communicating with the first device and the second device. a server device connected to the computer system, wherein the first device includes a detection unit that detects that a user authorized to use the first device is using the first device; and a result of the detection. a first generating unit for generating user authentication information proving that the user is using the first device based on the first generating unit for storing first device information about the first device A first server generation unit that refers to a server storage unit to generate first device certification information proving the authenticity of a first device, and a first server transmission unit that transmits the first device certification information to the first device. a second server generation unit that refers to a second server storage unit that stores second device information about a second device and generates second device certification information that proves the authenticity of the second device; a second server transmission unit configured to transmit the certification information to the second device, the first device receiving the certification information from the server apparatus and an association unit configured to associate the first device with the second device based on a request from the user; a first transmission unit configured to transmit the first device certification information obtained from the associated device to the associated second device, the second device transmitting the second device certification information received from the server device to the first device; A transmitter is provided, and the first device includes a first authorizer that authorizes the second device to trade based on the second device credentials received from the second device.

According to the present invention, it is possible to flexibly cope with a new execution environment while ensuring the information security of the execution environment in which processing related to transactions is executed.

BRIEF DESCRIPTION OF THE DRAWINGS It is a figure for demonstrating an example of the system configuration|structure of the transaction support system which concerns on 1st Embodiment. BRIEF DESCRIPTION OF THE DRAWINGS It is a figure for demonstrating an example of the outline|summary of the transaction support system which concerns on 1st Embodiment. BRIEF DESCRIPTION OF THE DRAWINGS It is a figure for demonstrating an example of the outline|summary of the transaction support system which concerns on 1st Embodiment. BRIEF DESCRIPTION OF THE DRAWINGS It is a figure for demonstrating an example of the outline|summary of the transaction support system which concerns on 1st Embodiment. 3 is a diagram illustrating an example of a functional configuration of a first device according to the first embodiment; FIG. FIG. 5 is a diagram illustrating an example of a functional configuration of a second device according to the first embodiment; FIG. It is a figure showing an example of functional composition of a server device concerning a 1st embodiment. It is a figure which shows the operation example of the transaction support system which concerns on 1st Embodiment. It is a figure which shows an example of the hardware constitutions of the information processing apparatus which concerns on 1st Embodiment. It is a figure for demonstrating the system configuration example of the transaction support system which concerns on 2nd Embodiment. BRIEF DESCRIPTION OF THE DRAWINGS It is a figure for demonstrating an example of the system configuration|structure of the transaction support system which concerns on 1st Embodiment and 2nd Embodiment.

In the present invention, "part", "means", "apparatus" and "system" do not simply mean physical means, but the "part", "means", "apparatus" and "system" It also includes the case where the function is realized by software. In addition, even if the function of one "part", "means", "apparatus", or "system" is realized by two or more physical means or devices, two or more "part", "means", "device", or "system" The functions of "apparatus" and "system" may be realized by one physical means or device.

The program of this embodiment can be downloaded through various storage media such as optical discs such as CD-ROMs, magnetic discs, and semiconductor memories, or through communication networks (first network N1 and second network N2). can be installed or downloaded on your computer.

[First embodiment]
First, a first embodiment (hereinafter referred to as "this embodiment") of the present invention will be described. In the transaction support system 1 according to the present embodiment, the device used by the user and the environment (hereinafter also referred to as "execution environment") for executing processing related to transactions (hereinafter also referred to as "transaction processing") are linked. to support user transactions while ensuring information security. In this embodiment, an example will be described in which the device used by the user is the first device 100 and the execution environment is the second device 200 mounted on the vehicle. However, it is not intended to limit the device and execution environment used by the user to these.

<1. System configuration>
A system configuration example of a transaction support system 1 according to the present embodiment will be described with reference to FIG.

As shown in FIG. 1, the transaction support system 1 includes a first device 100, a second device 200, and a server device 300 used by a user.

[First device]
The first device 100 is an information processing device used by a user, and is, for example, a mobile device such as a smart phone, a laptop, or a tablet. The first device 100 may be any device as long as it has an information processing function including a communication function. Other examples include drones, vehicles, in-vehicle equipment, home appliances, or wearable devices. good. Also, the first device 100 may include, for example, an authenticator conforming to the FIDO (Fast Identity Online) standard. Further, the first device 100 may have a locator function, for example, a GPS (GNSS) receiver and an inertial sensor such as a gyro sensor, and store map data in the first storage unit 140. good too. In this embodiment, an example in which the first device 100 is a smart phone will be described.

By executing a predetermined program (hereinafter also referred to as a “first device program”), the first device 100 is connected to the server device 300 to transmit and receive information generated and managed by the server device 300, and to send and receive information to the user. On the other hand, it outputs such information through a screen or a speaker, and receives various instructions and requests from the user. In other words, the first device program controls the first device 100. FIG. The first device 100 is communicably connected to other devices such as the second device 200 via the second network N2. Also, the first device 100 may output a QR code (registered trademark) on the screen, and the second device 200 may read the output QR code to cooperate. A user who has the authority to use the first device 100 (hereinafter also referred to as "usage authority") is also referred to as the "first user". The first user may be, for example, a person who owns the first device (hereinafter also referred to as "owner").

The first device 100 is a device that has transaction authority regarding transactions of the first user. "Having trading authority" may mean, for example, that permission has been set by the user to execute processing related to the user's trading. As another example, it may be possible to hold (store) transaction permission information indicating permission by the user to execute transaction processing. Furthermore, in addition to the above-described permission setting, etc., it is also possible to have user certification information that proves the authenticity of the user who has entered this permission setting. Furthermore, in addition to these, it may be to possess at least part of the information necessary for execution of this transaction processing. Transaction authority may also include, for example, the authority to conclude a contract for a transaction (hereinafter also referred to as "contract authority") and/or the authority to settle a transaction (hereinafter also referred to as "settlement authority"). Having settlement authority may mean, for example, possessing at least part of the settlement information necessary for executing the processing for settlement of the transaction (hereinafter also referred to as “settlement processing”).

[Second device]
The second device 200 is an information processing device used by a user, and is an IoT device such as a drone, a vehicle, an in-vehicle device, a home appliance, or a wearable device, for example. The second device 200 may be any device that has an information processing function including a communication function, and as another example, it may be a mobile device such as a smart phone, a laptop, or a tablet. The second device 200 connects to the server device 300 to transmit and receive information generated and managed by the server device 300 and to send information to the user by executing a predetermined program (hereinafter also referred to as a “second device program”). On the other hand, it outputs such information through a screen or a speaker, and receives various instructions and requests from the user. In other words, the second device program controls the second device 200. FIG. A user who has the right to use the second device 200 is also called a "second user". The second user may be, for example, the owner of the second device 200 or a person authorized by the owner to use the second device 200 .

In this embodiment, an example in which the second device 200 is an in-vehicle device mounted in a vehicle will be described. This vehicle-mounted device may be, for example, a vehicle-mounted monitor equipped with a car navigation function, or an ETC vehicle-mounted device. The second device 200 may be built in the main body of the vehicle or may be externally attached. The second device 200 may have a locator function, for example, a GPS receiver and an inertial sensor such as a gyro sensor, and may store map data in the second storage unit 240 .

The second device 200 may support various payment methods such as credit card payment, electronic money payment, or QR code payment.

Hereinafter, the first device 100 and the second device 200 are also collectively referred to as "devices" when there is no particular need to distinguish between them. Also, the first device program and the second device program may be separate application programs (hereinafter also simply referred to as "applications"), or may be integrated into one application. Further, the first device program and the second device program may be programs dedicated to the transaction support system 1 (for example, native applications) or general-purpose programs (for example, web applications). , or combinations thereof. The first device program and the second device program are also collectively referred to as "device programs" when there is no particular need to distinguish between them. Hereinafter, an application dedicated to the transaction support system 1 will also be referred to as a "transaction support application".

[Server device]
The server device 300 is an information processing device capable of communicating with the first device 100, the second device 200, and the external system 500 via the first network N1. The server device 300 manages various types of information processed by the transaction support system 1, such as user information, device information, and transaction information, by executing a predetermined program (hereinafter also referred to as “server program”). By executing a server program, the server device 300 shares agreements such as an I/F for cooperation between devices in the transaction support system 1 to each device.

The server device 300 generates a website (hereinafter also referred to as a "transaction support site") for users to use each function provided by the transaction support system 1, and distributes the generated web page of the transaction support site to the first A function of a web server that distributes to a device such as the device 100 may be provided.

The server device 300 has a function (hereinafter also referred to as a "scheme function") of setting a scheme (hereinafter also simply referred to as "scheme") for each device to use the transaction support system 1 and sharing the set scheme with each device. ) may be provided. Information indicating the set scheme is also referred to as scheme information. The scheme may be, for example, various libraries of software frameworks, various formats, or rules for each process such as transaction processing. The server apparatus 300 may set the format of the electronic certificate generated by its own apparatus and each device. The server apparatus 300 transmits the set format information to each device as the scheme information. Each device may generate a digital certificate along with the transmitted format information.

"User information" is information about the user. User information is, for example, user identification information for identifying each user (user ID issued by the transaction support system 1), user attribute information, or an external system such as SNS (Social Networking Service) owned by each user. 500 account identification information (user ID issued by each external system), password information, and the like are included. User information may also include, for example, user authentication information for proving the user's authenticity.

User attribute information includes, for example, name, date of birth, gender, address, telephone number, e-mail address, and my number (personal number).

“User certification information” is information for certifying the authenticity of at least one of the authenticity of the user who uses the first device and the authenticity of the digital data handled by the user. User credentials may be used, for example, for user authentication.

User certification information is an example of information for certifying the authenticity of a user, such as an electronic certificate (hereinafter referred to as "user certification (also referred to as "electronic certificate"), or authentication history information when user authentication is successful. In other words, the user certification information may be information that proves that the user himself/herself is using the first device 100 .

The user certification information may be, for example, image data of an identity verification document used for identity verification, as an example of information for certifying the authenticity of the user. This identification document is, for example, the user's passport, driver's license, or health insurance card.

User authentication information is, for example, information for proving the authenticity of a user, such as a password corresponding to a user ID that proves the identity of the user, a password corresponding to the user's identity, and a user's bio It includes information (for example, user's face image data, fingerprint information, iris information, voiceprint information, etc.).

The password corresponding to the user ID may be an OTP (One Time Password), or may be displayed on the display of a security token (not shown), for example. User authentication information is, for example, another example of OTP, a challenge in a challenge-response scheme, a secret key or hash function for encrypting the challenge, that is, generating a response (electronic signature) from the challenge, or based on the challenge It may be a generated response or the like.

User certification information is, for example, an example of information for proving the authenticity of digital data handled by a user. It may be an electronic certificate (hereinafter also referred to as “signature electronic certificate”) that certifies that it is present and that the user himself/herself has sent it.

The user certification information may be, for example, an electronic certificate read by the first device 100 from an IC card such as a My Number card.

"Device information" is information about the device. The device information may include, for example, device identification information for identifying each device, MAC address, IP address, model number, installed application/OS information, serial number, device location information, and the like.

"Transaction information" is information about a user's transaction. The transaction information includes, for example, transaction identification information for identifying each transaction, user identification information for identifying the user who is the transactor of each transaction, contract information for each transaction, and/or settlement information regarding settlement for each transaction. and so on. A trader is a person who has the authority to trade. A trader may be, for example, a seller and/or a buyer if the transaction is a sale transaction.

The transaction information may be, for example, order information indicating an order for goods or services to be provided to the user and/or billing information for billing the cost of providing goods or services.

The order information includes, for example, order identification information for identifying each order, order recipient identification information for identifying the order recipient, registration date and time indicating the date and time when the order information was registered, and user information related to the user ordering the product or service. , including the price of ordered goods and services (transaction amount).

The “contract information” is information related to a transaction contract. The contract information may include, for example, the details of an individual contract defined in a basic transaction contract, the conditions for establishing an individual contract, the delivery method of the target product, the method of payment for the target product, and the like. Further, the condition for forming this individual contract may be, for example, that the purchase order data is sent to the trading partner, and the trading partner accepts (receives an order for) the contents of the order data.

“Settlement information” is information related to settlement of transactions. The payment information includes, for example, transaction identification information, payer information indicating the payer, receiver information indicating the payee, the name of the service or product to be paid, and/or the amount to be paid from the payer to the receiver in the transaction. Payment amount (transaction amount), payment method information for each payment method that can be used for transactions, and the like may be included.

If the payment method is credit card payment, the payment method information may include credit card name, issuing company, card number, name, expiration date, and/or security code as information necessary for credit card payment. If the payment method is bank transfer, the payment information may include account information of the account of the payment source or payment destination as information necessary for payment by bank transfer. The account information is information about the account of the financial institution, and may include, for example, the name of the financial institution, branch name, deposit type, account number, and/or account name.

[network]

The first network N1 is a network of wide area communication networks, and includes the Internet, mobile communication networks, and telephone lines. In addition, the first network N1 uses a wireless communication scheme using, for example, 3G (3rd Generation), 4G (4th Generation), 5G (5th Generation), or LTE (registered trademark) (Long Term Evolution) lines. good too.

The second network N2 is a communication network for interconnecting multiple devices. The second network N2 is, for example, wireless communication at a short distance of about 10 cm using electromagnetic induction such as NFC (Near Field Communication), short-range wireless communication at a distance of about 10 m such as Bluetooth (registered trademark) or infrared communication. Including the network that implements it. Also, the second network N2 may include, for example, a wireless LAN that complies with the Wi-Fi (registered trademark) standard, and is relayed by a router (not shown) to realize mutual connection between a plurality of devices.

[External system]
The external system 500 may be a third party system, such as a trading system 510, a payment system 520, and/or a SNS system.

Trading system 510 is a system for conducting trades. Trading system 510, for example, brokers and manages transactions. The transaction system 510 is, for example, a system that uses EC (Electronic Commerce), and may be, for example, a system that operates an EC site for selling products. Trading system 510 includes trading device 511 . Transaction system 510 may be, as another example, a POS system 510a for conducting face-to-face transactions. If transaction system 510 is POS system 510a, transaction device 511 may be POS terminal 511a. Moreover, when the transaction is a remittance transaction, the settlement system 520 may also serve as the transaction system 510 . When the settlement system 520 also serves as the transaction system 510 , the settlement device 521 also serves as the transaction device 511 .

The settlement system 520 is a system operated by a settlement agency such as a financial institution, and is a system that provides a settlement function to the outside. The payment system 520 may be, for example, a banking system of a bank if the payment institution is a bank, or a credit card company's bank system if the payment institution is a credit card company (including international brands, issuers, and acquirers). It may be a credit card system. A bank system, for example, manages bank account information and performs transfer processing and reference processing for this bank account. Payment system 520 includes a payment device 521 used by a payment institution.

<2. Overview>
An example of the overview of the transaction support system 1 will be described with reference to FIGS.

<2-1. Pre-registration＞
FIG. 2 is a diagram for explaining a scene of pre-registration of various information to be used in the transaction support system 1 before executing transaction processing.

(1) As shown in FIG. 2, user A, who has the authority to use the first device 100a, applies for use of the transaction support system 1 by submitting information for use by the first device 100a (hereinafter referred to as "first use information”) is input to the first device 100a. User A is one aspect of the first user. The first device 100a receives first usage information input by the user. The first usage information and the second usage information (to be described later) can be, for example, information shown in (a) to (c) below. Note that the first usage information and the second usage information are also collectively referred to as "usage information" when there is no particular need to distinguish between them.
(a) Information required for user identity verification and user authentication: user information (b) Device information required for device authentication: device information (c) Payment information required for user transaction contract conclusion and payment: transaction information

(2) The first device 100 a transmits the first usage information received from the user A to the server device 300 . (3) The server device 300 registers the first usage information received from the first device 100a in the first server storage section 341. FIG.

(4) Based on the first usage information stored in the first server storage unit 341, the server device 300 confirms whether or not the person who applied for use is the user A himself (personal identification). Further, the server device 300 may confirm whether or not the user A owns the first device 100a based on the first usage information stored in the first server storage unit 341 in addition to the identity verification.

(5) If the result of the identity verification and the result of the possession verification of the first device 100a is OK (confirmation success), the server device 300, based on the first usage information stored in the first server storage unit 341, A first electronic certificate is generated (issued) as information for certifying the authenticity of one device (hereinafter also referred to as "first device certification information"). (6) The server device 300 transmits the generated first electronic certificate to the first device 100a. (7) The first device 100a registers (stores) the first electronic certificate received from the server device 300 in the first device storage unit 141. FIG.

"Device certification information" may be information that certifies the authenticity of each device. Device certification information may be, for example, an electronic certificate. This electronic certificate may include, for example, the electronic signature, public key, and public key certificate of each device (or the owner of each device). Also, this electronic signature is encrypted with the private key of each device (or the owner of each device). Device certification information of the first device 100 is referred to as first device certification information, and device certification information of the second device 200 is referred to as second device certification information.

The device certification information may be obtained by encrypting the device information of each device with a common key generated by the server device 300 for pairing the first device 100 and the second device 200 .

(8) User B who owns (has ownership of) the second device 200 inputs second usage information for using the transaction support system 1 with the second device 200 to the first device 100b. User B is one aspect of the second user. The first device 100b receives the second usage information input by the user B.

(9) The first device 100 b transmits the second usage information received from the user B to the server device 300 . (10) The server device 300 registers the second usage information received from the first device 100b in the second server storage unit 342. FIG.

(11) The server device 300 performs identity verification of the user B based on the second usage information stored in the second server storage unit 342 . Further, the server device 300 may confirm whether or not the user B owns the second device 200 based on the second usage information stored in the second server storage unit 342 together with the identity verification.

(12) If the result of the identity verification and the result of the possession verification of the second device 200 are OK (confirmation success), the server device 300, based on the second usage information stored in the second server storage unit 342, 2 Generate (issue) a second electronic certificate as information for certifying the authenticity of the device 200 (hereinafter also referred to as “second device certification information”). (13) Server device 300 transmits the generated second electronic certificate to second device 200 . (14) The second device 200 registers (stores) the second electronic certificate received from the server device 300 in the second device storage unit 242 .

<2-2. Execution of transaction processing>
FIG. 3 is a diagram for explaining a scene in which transaction processing is executed. In this example, the transaction system 510 is a gas station POS system 510a, and the transaction device 511 is a gas station POS terminal 511a.

(1) As shown in FIG. 3, in order to log in to the transaction support system 1, the user A inputs authentication information for user authentication into the first device 100a. For example, when fingerprint authentication is performed as user authentication, the authentication information is the fingerprint information of user A that is input by user A touching the first device 100a with a registered finger. (2) The first device 100a performs user authentication based on the input authentication information. (3) The first device 100a
If the user authentication succeeds, it is detected that user A is using the first device 100a. (4) The first device 100a generates user authentication information based on the result of this detection.

(5) User A requests the first device 100a to perform transaction processing in the second device 200 after performing user authentication. In other words, User A inputs a request to the first device 100a to grant the second device 200 with trading authority. The first device 100a accepts this user A's request. (6) Based on this user A's request, the first device 100a associates the first device 100a with the second device 200 and stores them in the transaction storage unit 142 . The first device 100a establishes a communication connection with the second device 200 via the second network N2 based on this association. When the second network N2 is Bluetooth, the first device 100a transmits a beacon, and the second device 200 receives this beacon to establish a communication connection between the two devices.

(7) The first device 100a transmits the user certification information and the first electronic certificate stored in the first device storage unit 141 to the second device 200 with which the communication connection has been established by associating in (6) above. . (8) The second device 200 verifies the user certification information and the first electronic certificate received from the first device 100a. (9) The second device 200 transmits the second electronic certificate stored in the second device storage unit 242 to the first device 100a when it is determined that there is no problem with the information as a result of the verification.

(10) The first device 100a verifies the second electronic certificate received from the second device 200; (11) When the first device 100a determines that there is no problem with the second electronic certificate as a result of the verification, the first device 100a grants the second device 200 transaction authority for executing transaction processing. The second device 200 accepts grant of transaction authority. In this example, transaction information is transmitted from the first device 100a to the second device 200 as one process of granting transaction authority. (12) When the second device 200 receives the grant of the transaction authority, the second device 200 grants the authority for operating the second device (hereinafter also referred to as "operation authority") to the first device 100a.

(13) The second device 200 executes transaction processing with the granted transaction authority. For example, as transaction processing, the second device 200 transmits a request for a fuel service provision transaction (service provision transaction) to the POS terminal 511a of the gas station based on the received transaction information. This request includes, for example, (a) an offer to enter into a contract for the provision of refueling services (specifically, it may be a declaration of intent to offer refueling services for a fee), and (b) It may also include payment instructions for paying for the provision of fuel service based on an established contract. This settlement instruction may include settlement information necessary for settlement of this transaction.

(14) Based on the transaction request received from the second device 200, the POS terminal 511a approves (agreees to) the contract for the supply transaction of the refueling service and concludes the contract. The POS terminal 511a refuels the vehicle on which the second device 200 is mounted based on the established contract. Then, the POS terminal 511 a transmits a payment instruction to the payment device 521 of the payment system 520 based on the payment information received from the second device 200 . The settlement device 521 settles the transaction (for example, transfers funds between the account of the user A and the account of the gas station) based on the settlement instruction received from the POS terminal 511a. Further, the second device 200 or the POS terminal 511a may request the server device 300 to approve an action (in this example, transmission of a payment instruction, etc.) based on the contract for providing the fuel service. . In response to this request for approval, the server device 300 responds to the second device 200 or the POS terminal 511a, which is the source of the request, to approve or reject the request.

In the above example, the first device 100a and the second device 200 mutually transmit electronic certificates proving the authenticity of their own devices. Information such as (c) may also be transmitted to each other.
(a) Device information of own device (including location information)
(b) Operation information of own device (details of operation information will be described later)
(c) User authentication information of the user who uses the own device

The transaction support system 1 may utilize a mechanism of public key infrastructure (PKI) in order to ensure the authenticity of each device. For example, the first electronic certificate and the second electronic certificate are (a) the plain text of the above information (a) to (c), and (b) the above information (a) to (c) with a private key. It may include an encrypted electronic signature, (c) a public key, and (d) a public key certificate (public key certificate issued by a certificate authority).

According to the above configuration, the transaction support system 1 secures the authenticity of the user using the first device 100 and the authenticity of the first device 100 itself, and then grants the operation authority of the second device 200. can be done. Moreover, the transaction support system 1 can grant the transaction authority of the first device 100 to the second device 200 after ensuring the authenticity of the second device 200 . In addition, even if the second device 200 is an execution environment in which the second device 200 newly participates in the transaction support system 1 and there is no prior information registration in the server device 300, the first device 100 and the second device 200 can prove authenticity to each other. There is no need to inquire about the information registered in the server device 300, since the parties compete and grant authority to each other. It should be noted that the first device 100 and the second device 200 mutually prove their authenticity even in a state in which each device cannot connect to the first network N1 even if information is registered in the server device 300 in advance, that is, in an offline environment. , and can grant permissions to each other. Therefore, even if this execution environment is a new environment, it is possible to respond flexibly while ensuring the information security of the execution environment in which the transaction-related processing is executed.

<2-3. Matching and verification of information after execution>
FIG. 4 is a diagram for explaining a scene in which various types of information are collated and verified after execution of transaction processing.

(1-1) As shown in FIG. 4 , the first device 100 a transmits the second electronic certificate received from the second device 200 to the server device 300 . (1-2) The second device 200 transmits to the server device 300 the first electronic certificate received from the first device 100a. (1-3) POS system 510a transmits to server device 300 transaction history information indicating a transaction history (for example, purchase history for providing fuel service). (1-4) The payment system 520 transmits to the server device 300 payment history information indicating the transaction payment history.

(2) The server device 300 individually verifies each piece of information received from each device in (1) above. (3) The server device 300 compares the information received from each device in (1) above, and verifies whether the transaction processing has been executed after both the first device 100a and the second device cooperate. (4) Server device 300 notifies first device 100a of the verification result of (3) above to inform user A of the result. If fraud is discovered as a result of this verification, user A can request server apparatus 300 to cancel the transaction using first device 100a. Server device 300 performs processing for canceling this transaction based on this request. In this manner, the server device 300 may execute processing for bearing risks that have become apparent due to fraud or processing for recovery. For example, as a process for bearing the risk, the server device 300 executes a process for payment and settlement of the security deposit in order to pay the first user a compensation for compensating for the damage caused by the actualization of this risk. You can For example, as a recovery process, the server device 300 may enroll in cyber insurance in advance and transmit an application for payment of insurance benefits of the cyber insurance to the system of the insurance company based on the manifestation of risks. As another example, the transaction contract may be effective only after it is determined that there is no fraud as a result of this verification.

According to the above configuration, the transaction support system 1 can verify whether there is an incident such as fraud by collating various information related to the execution of transaction processing, and allow the first user to confirm the verification result.

<3. Functional configuration>
<3-1. Functional Configuration of First Device>
A functional configuration of the first device 100 according to the present embodiment will be described with reference to FIG. As shown in FIG. 5 , the first device 100 includes a first control section 110 , a first communication section 130 and a first storage section 140 .

First control unit 110 includes first reception unit 111 , detection unit 112 , first generation unit 113 , association unit 114 , and first authorization unit 115 . The first control unit 110 may also include a first transaction processing unit 116, for example.

[First Reception Department]
The first reception unit 111 receives various requests (for example, transaction requests or various authorization requests) and various information (for example, electronic certificates) from the user or the server device 300 . The mode in which the first receiving unit 111 receives various requests and the like may be any mode. The first reception unit 111 may receive, for example, a data file or a message indicating various kinds of information from the server device 300 . As another example, the first reception unit 111 may receive various types of information input by the user from the screen of the transaction support application or the transaction support site. Further, the first reception unit 111 may receive various kinds of information by using, for example, an API or an SDK library corresponding to the transaction support system 1 .

[First authentication unit]
The first reception unit 111 includes, for example, a first authentication unit 111a. The first authentication unit 111a performs user authentication for logging into the first device 100 or the transaction support system 1 based on the user authentication information. User authentication may be, for example, password-based authentication, or may be biometric authentication or two-step authentication using FIDO authentication technology.

[Detection unit]
The detection unit 112 detects that a user authorized to use the first device 100 is using the first device 100 . For example, the detection unit 112 may detect that the authenticated user is using the first device 100 when the user authentication for logging in to the first device 100 is successful and the login is successful.

[First generator]
The first generation unit 113 generates user certification information that proves that the first device is being used by a user who has usage rights, based on the detection result of the detection unit 112 .

[association part]
Association unit 114 associates first device 100 and second device 200 based on a user's request. The association unit 114 associates the device information of the first device 100 and the device information of the second device 200 and stores them in the first device storage unit 141 . The association unit 114 instructs the first communication unit 130, which will be described later, to establish a communication connection with the associated second device 200 via the second network N2. The association between the first device 100 and the second device 200 by the association unit 114 is also called "pairing". Association unit 114 generates and distributes a common key to be shared among first device 100, second device 200, and server device 300, and provides information indicating this pairing (hereinafter also referred to as "pairing information"). may be generated and transmitted to the server device 300 by the first transmission unit 131 .

The pairing by the associating unit 114 may specify the execution environment in which the first device 100 is given transaction authority to execute transaction processing. For example, when transferring the transaction authority from the second device 200 to another device (execution environment), the associating unit 114 cancels the association between the first device 100 and the second device 200, and Associate with this another device.

[First authorization unit]
The first authorization unit 115 gives transaction authorization to the second device 200 based on the second device certification information received by the first reception unit 132 from the second device 200 . The first authorization unit 115 may set a validity period (hereinafter also referred to as a “transaction authorization validity period”) in the transaction authorization to be granted. In other words, the first authorization unit 115 may be set such that the granted transaction authorization becomes invalid when the transaction authorization validity period elapses. For example, when the second device authentication information is encrypted with a common key held by the second device 200, the first authorization unit 115 applies the encrypted second device authentication information to the common key held by the own device. Transaction authority may be granted to the second device 200 when the key can be used for decryption. According to such a configuration, transaction authority can be granted to the second device 200 after ensuring the integrity of the second device certification information and the authenticity of the second device 200 .

For example, the first authorization unit 115 may set permission for execution of transaction processing to the second device 200 as the authorization of transaction. In addition, the first authorization unit 115 may transmit transaction permission information to the second device 200 as authorization of transaction, for example. In addition, the first authorization unit 115 may transmit transaction information necessary for execution of transaction processing to the second device 200, for example, as authorization of transaction.

The first authorization unit 115 may include, for example, a first verification unit 115a. The first verification unit 115a verifies whether the second device certification information has any information security problems. The first verification unit 115a uses, for example, public key cryptography to obtain the electronic signature of the second device (hereinafter referred to as the electronic signature included in the second electronic certificate and encrypted with the private key of the second device 200). , also referred to as a “second electronic signature”) can be decrypted with the public key of the second device 200 . The first verification unit 115a may determine that there is no problem with the second device certification information if it can be decrypted with the public key. According to such a configuration, it is possible to ensure that there is no problem with the authenticity of the electronic certificate of the second device 200, that is, the authenticity of the electronic certificate.

When the second electronic signature is obtained by encrypting a hash value (message digest) generated from the second device information using a hash function, the first verification unit 115a decrypts and acquires the second electronic signature. and a hash value generated using the same hash function from the second device information received from server device 300 or second device 200 may be compared. If these hash values match as a result of collation, it can be confirmed that the second device information or the second electronic signature received from server apparatus 300 or second device 200 has not been tampered with. With such a configuration, it is possible to ensure the integrity of the second device information and the second electronic signature.

According to the above configuration, the first authorization unit 115 can grant the transaction authority of the first device 100 to the second device 200 while ensuring the authenticity of the second device 200 . In addition, even if the second device 200 is an execution environment in which the second device 200 newly participates in the transaction support system 1 and there is no prior information registration in the server device 300, the second device 200 and the second device 200 mutually prove authenticity and grant authorization. Therefore, there is no need to inquire about the information registered in the server device 300 . Note that even if the first device 100 cannot connect to the first network N1 even if information is registered in advance in the server device 300, that is, even in an offline environment, the second device 200 and the second device 200 mutually prove their authenticity, can be given to each other. Therefore, the first authorization unit 115 can flexibly execute the transaction processing even if the execution environment is a new environment while ensuring the information security of the execution environment in which the transaction-related processing is executed.

The first authorization unit 115 may grant transaction authorization to the second device 200 further based on the operation information of the second device 200 received from the second device 200, for example. Specifically, the first authorization unit 115 determines whether or not the second device 200 is operating normally (for example, whether or not there is an abnormal operation history) from the operation information of the second device 200. . When determining that the second device 200 is operating normally, the first authorization unit 115 gives transaction authorization to the second device 200 . Further, when the first authorization unit 115 determines that there is an abnormality in the operation of the second device 200 , the first authorization unit 115 may cancel or suspend granting the transaction authorization to the second device 200 .

According to the above configuration, the first authorization unit 115 can grant transaction authorization based on the operational status of the second device 200 . Therefore, for example, when the second device 200 is operating abnormally due to unauthorized access by a third party, if the transaction authority is granted in such a state, the transaction authority may be abused by the third party. There is a risk of getting lost. In addition, there is a risk that transaction processing cannot be executed if a failure occurs in the second device. Such risks can be reduced, the information security (integrity/availability) of the second device 200 can be ensured, and transaction authorization can be granted more safely.

[First transaction processing unit]
The first transaction processing unit 116 executes transaction processing for the first user. The first transaction processing unit 116 may execute transaction processing using technology such as smart contracts, for example. Transaction processing may include, for example, processing for concluding a transaction contract, execution of processing based on the content of the concluded contract (including delivery of goods, provision of services, and execution of settlement, for example). Also, the transaction contract may be an electronic contract. The user's electronic signature, or the time stamp and position information at the time of information cooperation are stored in the transaction storage unit 142 as transaction information.

[First payment processing unit]
The first transaction processing unit 116 includes a first payment processing unit 116a. The first payment processing unit 116a executes payment processing for transactions of the first user.

Based on the payment information, the first payment processing unit 116a performs processing for transferring the transaction amount to the bank account of the transaction counterparty (payment counterparty) when the payment is made by bank transfer. Specifically, the first payment processing unit 116a instructs the payment system 520, which is a banking system of a bank, to transfer the transaction amount from the first user's bank account to the counterparty's bank account. You may send. As another example, in the case of credit card payment, the first payment processing unit 116a withdraws the transaction amount from the first user's designated account to the payment system 520, which is a credit card system, and transfers it to the counterparty's designated account. You may send a credit card payment instruction for
[First Communication Department]
The first communication unit 130 transmits and receives various information to and from the server device 300 via the first network N1. Also, the first communication unit 130 transmits and receives various information to and from the second device 200 via the second network N2. The first communication unit 130 establishes communication connection with the second device 200 based on the communication connection establishment instruction from the association unit 114 . The first communication unit 130 may use a 3-way or 4-way handshake, an SAE handshake, or the like to establish this communication connection. The first communication section 130 includes a first transmission section 131 and a first reception section 132 .

[First transmitter]
First transmission unit 131 transmits the user authentication information to second device 200 associated by association unit 114 .

The first transmission unit 131 may, for example, refer to the first device storage unit 141 that stores the first device certification information and transmit the first device certification information to the second device 200 . The first transmission unit 131 may transmit, for example, the first device certification information encrypted with the common key received from the server device 300 to the second device 200 .

The first transmission unit 131 may transmit the second device certification information received from the second device 200 to the server device 300, for example.

The first transmission unit 131 may transmit pairing information indicating pairing by the association unit 114 to the server device 300, for example.

[First receiver]
The first receiving unit 132 receives the second device certification information from the second device 200 via the second network N2. The first receiving unit 132 receives various types of information including the first device certification information and the common key from the server device 300 via the first network N1.

[First storage unit]
The first storage unit 140 stores various types of information including user information, operation information, and/or operation permission information. The first storage unit 140 may store each information using a database management system (DBMS), or may store each information using a file system. When using a DBMS, a table may be provided for each piece of information described above, and each piece of information may be managed by associating the tables.

The first storage unit 140 may include, for example, a first device storage unit 141 and a transaction storage unit 142 . The first device storage unit 141 stores device information of the first device and first device certification information. The transaction storage unit 142 stores transaction information and/or transaction authorization information.

<3-2. Functional Configuration of Second Device>
A functional configuration of the second device 200 according to the present embodiment will be described with reference to FIG. As shown in FIG. 6 , the second device 200 includes a second controller 210 , a second communication section 230 and a second storage section 240 .

Second control unit 210 includes second reception unit 211 and second transaction processing unit 214 . The second control unit 210 may also include a second generation unit 212 or a second authorization unit 213, for example.

[Second Reception Department]
The second reception unit 211 receives various requests and various information from the second user and the server device 300 in the same manner as the first reception unit 111 of the first device 100 . The second reception unit 211 has the same functions as the first reception unit 111 of the first device 100, so the description thereof is omitted. The second reception unit 211 also includes, for example, a second authentication unit 211a. Since the second authentication unit 211a also has the same function as the first authentication unit 111a of the first device 100, the description thereof is omitted.

[Second generator]
The second generation unit 212 refers to the second storage unit 240 that stores second device information about the second device 200, and generates second device certification information based on this second device information. The second generation unit 212 stores the generated second device certification information in the second device storage unit 242.

[Second authorization unit]
The second authority granting unit 213 grants the first device 100 an operation authority regarding the operation of the second device 200 based on the user certification information received from the first device 100 . The second authority granting unit 213 may set a validity period (hereinafter also referred to as “operation authority validity period”) for the operation authority to be granted. In other words, the second authority granting unit 213 may be set such that the granted operation authority becomes invalid when the operation authority validity period elapses. This “granting of operation authority” may be, for example, to temporarily control at least part of the operation of the second device 200 . Further, "granting operation authority" may be, as another example, providing operation permission information. This “operation permission information” is information indicating that the owner (second user) of second device 200 permits operation of second device 200 .

For example, when the first device authentication information is encrypted with a common key held by the first device 100, the second authorization unit 213 passes the encrypted first device authentication information to the common key held by the own device. Operation authority may be granted to the first device 100 when the key can be used for decryption. According to such a configuration, the operation authority can be granted to the first device 100 while ensuring the integrity of the first device certification information and the authenticity of the second device 200 .

For example, if the second device 200 is a vehicle (such as a so-called connected car), the first device 100 that has been granted operation authority may control the driving of this vehicle. For example, if the second device 200 is a home appliance (a so-called smart home appliance), the first device 100 that has been granted operation authority can remotely operate this home appliance instead of using a remote controller, or check the operation status of this home appliance. It may be acquired and output to the screen.

According to the above configuration, the second authorization unit 213 can authorize the operation of the second device 200 to a device whose authenticity has been secured by the user based on the user certification information. Further, even when the second device 200 is switched to a new device, by receiving the new device with the user authentication information from the first device 100, the authenticity of the user can be secured and the new device can be transmitted via the first device 100. A device can be operated by a user. Therefore, the second authorization unit 213 can flexibly enable operation even if the second device is a new device while ensuring information security for the user.

For example, the second authorization unit 213 may authorize the first device 100 to operate the second device 200 further based on the first device certification information.

According to the above configuration, the second authorization unit 213 can authorize the operation of the second device 200 to the first device 100 whose authenticity is ensured in addition to the authenticity of the user. In addition, even when the second device 200 is switched to a new device, by receiving the new device with the user authentication information from the first device 100, the authenticity of the first device 100 can be secured, and the Leverage the new device to the user. Therefore, the second authorization unit 213 can flexibly enable operation even if the second device 200 is a new device while ensuring the information security of the first device 100 .

The second authorization unit 213 may include, for example, a second verification unit 213a. The second verification unit 213a has the same function as the first verification unit 115a of the first device 100, so the description is omitted.

[Second transaction processing unit]
The second transaction processing unit 214 executes transaction processing in the same manner as the first transaction processing unit 116 of the first device 100 based on the transaction authority granted by the first device 100 . The second transaction processing unit 214 has the same functions as the first transaction processing unit 116, so the description is omitted. The second transaction processing unit 214 also includes, for example, a second payment processing unit 214a. The second payment processing unit 214a executes processing for payment of the first user's transaction based on the payment authorization granted by the first device 100. FIG. The second payment processing unit 214a also has the same functions as the first payment processing unit 116a of the first device 100, so the description thereof is omitted.

[Second Communication Department]
The second communication unit 230 transmits and receives various information to and from the server device 300 via the first network N1. The second communication unit 230 transmits and receives various information to and from the server device 300 via the second network N2. The second communication unit 230 establishes communication connection with the first device 100 based on, for example, a communication connection request from the first communication unit 130 of the first device 100 . The second communication section 230 includes a second transmission section 231 and a second reception section 232 .

[Second transmission unit]
Based on the user certification information received by the second receiving unit 232 from the first device 100, the second transmitting unit 231 refers to the second device storage unit 242 that stores the second device certification information, and The certification information is transmitted to the first device 100 via the second network N2. The second transmission unit 231 may transmit the second device certification information encrypted with the common key received from the server device 300 to the first device 100, for example.

The second transmission unit 231 may transmit the operation information of the second device 200 to the first device 100, for example. “Operation information” is information indicating the operation status of the device. The operating information may be, for example, a log indicating a device operation history, a user operation history, a device location history (movement history), an access history from the outside, a communication history with the outside, or the like. The operating status may also be the resource usage status of the device (for example, memory capacity usage rate, CPU usage rate, etc.).

The second transmission unit 231 may transmit the first device certification information received from the first device 100 to the server device 300, for example.

[Second receiver]
The second receiving unit 232 receives various types of information including user authentication information and first device authentication information from the first device 100 via the second network N2. The second receiving unit 232 receives various types of information including the second device certification information and the common key from the server device 300 via the first network N1.

[Second storage unit]
The second storage unit 240 stores various information including user information, operation information, and/or transaction permission information. The second storage unit 240 may store each information using a DBMS, or may store each information using a file system. When using a DBMS, a table may be provided for each piece of information described above, and each piece of information may be managed by associating the tables.

The second storage section 240 may include, for example, an operation storage section 241 and a second device storage section 242 . The operation storage unit 241 stores operation permission information. The second device storage unit 242 stores device information of the second device and second device certification information.

<3-3. Functional Configuration of Server Device>
A functional configuration of the server device 300 according to the present embodiment will be described with reference to FIG. As shown in FIG. 7 , the server device 300 includes a server control section 310 , a server communication section 330 and a server storage section 340 .

The server control unit 310 includes a server generation unit 311 , a matching unit 312 and a notification unit 313 .

[Server generator]
The server generator 311 generates various information in the transaction support system 1 . For example, when the pairing information is received from the first device 100, the server generation unit 311 may generate a common key shared by the paired first device 100 and the second device 200 and the own device.

[First server generator]
The server generator 311 includes a first server generator 311a. The first server generation unit 311a generates first device certification information by referring to the first server storage unit 341 that stores first device information about the first device.

The first server generation unit 311a may encrypt the device information of the first device 100 with the common key, for example, as the first device certification information.

The first server generation unit 311a may set, for example, a validity period to the generated first device certification information. This validity period is a period during which the first device certification information is valid. In addition, even during the valid period, the first server generation unit 311a generates the first certificate when, for example, the content of the certificate is changed, fraud related to the content of the certificate is detected, or the private key is lost. Information may be revoked. The first server generation unit 311a may register the first certification information to be revoked in a revocation list (for example, CRL (Certificate Revocation List)).

The first server generation unit 311a generates the first device certification information when the first user logs in to the first device 100, that is, each time the user is authenticated, as an example different from the above example of setting the validity period. You may The first server generation unit 311a may revoke the generated first device certificate when the first user logs out from the first device.

[Second Server Generation Unit]
The server generator 311 includes a second server generator 311b. The second server generation unit 311b refers to the second server storage unit 342 that stores second device information about the second device 200, and generates second device certification information. The second server generation unit 311b may use the device information of the second device encrypted with the generated common key as the second device certification information.

Similar to the first server generation unit 311a, the second server generation unit 311b sets the validity period of the second device certification information, generates the second device certification information when logging in, and sets the second device certification information. may have a function to revoke the

[Joint part]
The collating unit 312 collates various pieces of information related to the execution of transaction processing and verifies whether there is an incident involving fraud by a third party in the execution of transaction processing. The matching unit 312 may match, for example, the payment history information acquired from the payment system 520 with the payment information included in the transaction information stored in the own device.

[First butt part]
The butting portion 312 includes a first butting portion 312a. The first matching unit 312 a matches the first device information with the first device authentication information received from the second device 200 by referring to the first server storage unit 341 that stores the first device information. When the first device certification information includes an electronic signature obtained by encrypting the first device information with the private key of the first device 100, the first matching unit 312a decrypts the electronic signature with the public key of the first device 100, for example. Then, the decrypted information and the first device information may be compared to verify whether they match.

[Second joint]
The butting portion 312 includes a second butting portion 312b. The second matching unit 312 b matches the second device information with the second device authentication information received from the second device 200 by referring to the second server storage unit 342 that stores the second device information. When the second device certification information includes an electronic signature obtained by encrypting the second device information with the private key of the second device 200, the second matching unit 312b decrypts the electronic signature with the public key of the second device 200, for example. Then, the decrypted information and the second device information may be compared to verify whether or not they match.

[Notification part]
The notification unit 313 notifies the user of the results of various processes executed by the server device 300 . The notification unit 313 notifies the first user and/or the second user of at least one of the result of the matching by the first matching part 312a and the result of the matching by the second matching part 312b. According to such a configuration, it is possible to allow the first user to confirm the result of verifying whether or not there is an incident such as fraud by collating various types of information related to the execution of transaction processing.
[Server communication part]
The server communication unit 330 transmits and receives various information to and from each device via the first network N1. The server communication section 330 includes a server transmission section 331 and a server reception section 332 .

[Server transmission part]
The server transmission section 331 includes a first server transmission section (not shown) and a second server transmission section (not shown).

The first server transmission unit transmits the first device certification information generated by the first server generation unit 311 a to the first device 100 . Also, the first server transmission unit may transmit, to the first device 100, the first device certification information encrypted with the common key held by the own device, for example. Also, the first server transmission unit transmits the common key generated by the server generation unit 311 to the first device 100 .

The second server transmission unit transmits the second device certification information generated by the second server generation unit 311 b to the second device 200 . Also, the second server transmission unit may transmit, to the second device 200, the second device certification information encrypted with the common key held by the own device, for example. Also, the second server transmission unit transmits the common key generated by the server generation unit 311 to the second device 200 .

[Server receiver]
The server reception unit 332 receives various information from each device or the external system 500 via the first network N1.

[Server memory]
The server storage unit 340 stores various information including usage information. The server storage unit 340 may store each information using a DBMS, or may store each information using a file system. When using a DBMS, a table may be provided for each piece of information described above, and each piece of information may be managed by associating the tables.

The server storage section 340 may include a first server storage section 341 and a second server storage section 342 . The first server storage unit 341 stores first device information and first device certification information. The second server storage unit 342 stores second device information and second device certification information.

<4. Operation example>
An example of the processing flow of the first device 100 and the second device 200 in the transaction support system 1 will be described with reference to FIG. FIG. 8 is a sequence diagram showing interactions between the first device 100 and the second device 200. As shown in FIG. Note that the order of the processes shown below is an example, and may be changed as appropriate.

As shown in FIG. 8, the first device 100 receives input of authentication information for user authentication in order to log in to the transaction support system 1 from the first user (S10). The first device 100 performs user authentication based on the authentication information (S11).

Each device of the transaction support system 1 executes the processing of the area indicated by the composite fragment opt1 (Option1) when the user authentication is successful. Specifically, the first device 100 detects that the first user who has the authority to use the first device is using the first device 100 (S12). Based on the result of this detection, the first device 100 generates user certification information that proves that the first user is using the first device 100 (S13). The first device 100 receives a request from the first user to associate the first device 100 and the second device 200 (S14). The first device 100 associates the first device 100 and the second device 200 based on this request (S15). The first device 100 transmits the user authentication information and the first device authentication information to the associated second device 200 (S16).

The second device 200 verifies the user authentication information received from the first device 100 and the first device authentication information. Each device of the transaction support system 1 executes the processing of the area indicated by the composite fragment opt2 (Option2) if no abnormality is detected as a result of this verification (in the case of OK). Specifically, the second device 200 transmits the second device certification information to the first device 100 (S18).

The first device 100 verifies the second device certification information received from the second device 200 (S19). Each device of the transaction support system 1 executes the processing of the area indicated by the composite fragment opt3 (Option3) if no abnormality is detected as a result of this verification (in the case of OK). Specifically, the first device 100 grants transaction authority to the second device 200 (S20). The second device 200 grants operation authority to the first device 100 (S21).

<5. Hardware configuration>
With reference to FIG. 9, an example of a hardware configuration in which the device and server apparatus 300 described above are implemented by a computer 800 will be described. The function of each device can also be implemented by being divided into a plurality of devices.

As shown in FIG. 9, a computer 800 includes a processor 801, a memory 803, a storage device 805, an input I/F section 807, a data I/F section 809, a communication I/F section 811, and a display device. 813 included.

The processor 801 controls various processes in the computer 800 by executing programs (for example, device programs, server programs, etc.) stored in the memory 803 . For example, the control unit of each device and each function unit included in the server control unit 310 of the server device 300 can be implemented as a program that is temporarily stored in the memory 803 and that mainly runs on the processor 801 .

The memory 803 is a storage medium such as a RAM (Random Access Memory). The memory 803 temporarily stores program codes of programs executed by the processor 801 and data necessary for executing the programs.

The storage device 805 is a non-volatile storage medium such as a hard disk drive (HDD) or flash memory. A storage device 805 stores an operating system and various programs for realizing the above configurations. In addition, the storage device 805 can also store a table for registering usage information and a DB for managing the table. Such programs and data are referred to by the processor 801 by being loaded into the memory 803 as necessary.

An input I/F unit 807 is a device for receiving input from the user. Specific examples of the input I/F unit 807 include a keyboard, mouse, touch panel, various sensors, and wearable devices. The input I/F unit 807 may be connected to the computer 800 via an interface such as USB (Universal Serial Bus).

A data I/F unit 809 is a device for inputting data from outside the computer 800 . A specific example of the data I/F unit 809 is a drive device for reading data stored in various storage media. Data I/F unit 809 may be provided outside computer 800 . In that case, the data I/F unit 809 is connected to the computer 800 via an interface such as USB.

The communication I/F unit 811 is a device for performing data communication with a device external to the computer 800 via the Internet N by wire or wirelessly. Communication I/F unit 811 may be provided outside computer 800 . In that case, the communication I/F unit 811 is connected to the computer 800 via an interface such as USB.

The display device 813 is a device for displaying various information. Specific examples of the display device 813 include a liquid crystal display, an organic EL (Electro-Luminescence) display, and a wearable device display. The display device 813 may be provided outside the computer 800 . In that case, the display device 813 is connected to the computer 800 via, for example, a display cable. Further, when a touch panel is adopted as the input I/F section 807 , the display device 813 can be integrated with the input I/F section 807 .

[Second embodiment]
Next, a second embodiment (hereinafter referred to as "this embodiment") of the present invention will be described. The present embodiment is a form in which the execution environment is a system that cooperates with the transaction support system 1 (hereinafter also referred to as a "collaborating system"). The cooperation destination system is, for example, a VR/AR system in which the first user's avatar is registered, or a game system with the first user's account. In the following, the points different from the first embodiment will be mainly described.

An example of the system configuration of the transaction support system 1a according to this embodiment will be described with reference to FIG. As shown in FIG. 10, the server device 300 included in the transaction support system 1a and the first device 100 are communicably connected to the partner system 550 via the first network N1. The cooperation destination system 550 may be included in the external system 500 .

The association unit 114 of the first device 100 associates the first device 100 with the first user's account (hereinafter also referred to as "collaboration destination account") in the cooperation destination system 550, for example, based on the first user's request. . When cooperation destination system 550 is a VR/AR system, associating section 114 may associate first device 100 with the avatar of the first user's account.

The first transmission unit 131 of the first device 100 may transmit the user certification information to the cooperation destination system 550 associated by the association unit 114 .

The first receiving unit 132 of the first device 100 may receive account certification information indicating the authenticity of the collaboration destination account from the collaboration destination system 550 as a response to the user certification information. This account certification information may be an electronic certificate issued by the cooperation destination system 550 to each cooperation destination account.

When the account certification information is received from the cooperation destination system 550, the first authorization unit 115 of the first device 100 grants the transaction authority for the transaction of the first user as the authority of the cooperation destination account based on this account certification information. You may For example, if the linked system 550 is a VR/AR system, the avatar of the linked account may conduct a transaction to purchase a product at a virtual store in the virtual space based on the granted transaction authority.

According to the above configuration, even if the execution environment is an online system such as a VR/AR system or a game system, while ensuring the authenticity of the account of the online system, the transaction processing regarding the user's transaction is immediately executed by this account. can be made Therefore, even if the execution environment for executing processing related to transactions is an online system, information security can be ensured, and even if this online system is a new execution environment, it can be flexibly handled.

It should be noted that the above-described embodiment is an example for explaining the present invention, and is not intended to limit the present invention only to the embodiment. Also, the present invention can be modified in various ways without departing from the gist thereof. Furthermore, those skilled in the art can adopt embodiments in which each element described below is equivalently replaced, and such embodiments are also included in the scope of the present invention.

Further, the components of each device and server apparatus 300 described in the above embodiment can perform predetermined processing with other hardware when a program stored in storage device 805 is executed by processor 801. It shall be realized in collaboration. Also, in other words, these components are envisioned as software or firmware as well as their hardware counterparts, and in both concepts, "function", "means", "unit", "processing circuit", It is also described as a “unit” or a “module”, and can be read accordingly.

[Modification]
Although the present invention has been described based on the above embodiments, the following cases are also included in the present invention.

[Modification 1]
Each device may include part or all of the functional units included in the server control unit 310 of the server device 300 according to the above embodiment. Conversely, the server apparatus 300 may include part or all of the functional units included in the control unit of each device.

[Modification 2]
In the above embodiment, an example of a user's personal transaction has been described, but the transaction according to the present invention is not limited to this. A transaction may be a transaction delegated to the user by a third party, such as the company to which the user belongs. A delegator of a transaction is also called a delegator. In this example, an example will be described in which the delegator is company A to which the first user belongs (work). The first user may be an employee of Company A. For example, regarding a business transaction of Company A, which is the delegator, the first user, acting on behalf of Company A, uses Company A's expenses to transfer the transaction to the second device 200 via the first device 100. can be executed. In such a case, there is a risk that the first user will use company A's expenses for personal transactions of the first user such as private shopping, and a risk that the transaction will exceed the amount assumed by the company. can be considered. In the transaction support system 1, such a risk can be avoided by determining in advance the content of the transaction that the company A requests of the user and executing the transaction processing based thereon.

<1. Restrictions on Trading Authority by Scope of Entrusted Transactions>
In the transaction support systems 1 and 1a, it is possible to limit transaction authority according to the range of transactions entrusted to the first user by company A (hereinafter also referred to as "delegated transaction range").

The server control unit 310 of the server device 300 may include an acquisition unit (not shown). The acquisition unit acquires in advance scheduled transaction information indicating transactions scheduled in the first period from an information processing device used by company A (hereinafter also referred to as “company device”). The scheduled transaction information is, in other words, also information indicating the range of mandated transactions. The scheduled transaction information may be transaction information for a scheduled transaction. The scheduled transaction information may include, in addition to the transaction information, the scheduled execution date and time and/or the scheduled execution location of the transaction. The acquisition unit stores the scheduled transaction information acquired from the enterprise device in the server storage unit 340 .

The first server transmission section of the server device 300 may transmit the scheduled transaction information stored in the server storage section 340 to the first device 100, for example. The first receiving unit 132 of the first device 100 stores the scheduled transaction information received from the server device 300 in the transaction storage unit 142 .

The first authorization unit 115 of the first device 100 may include, for example, a first identification unit (not shown). The first identifying unit refers to the transaction storage unit 142 that stores the scheduled transaction information, and identifies the authority to be given to the second device 200 among the transaction authorities possessed by the own device. The first specifying unit may specify the authority to be granted, for example, so as to permit only transactions within the transaction amount included in the scheduled transaction information. For example, the first identifying unit may identify the trading authority valid period to be set in the trading authority so that the scheduled execution date and time included in the scheduled transaction information is included. The first authorization unit 115 may limit the transaction authorization to the authorization identified by the first identification unit and grant it to the second device 200 . The first authorization unit 115 may transmit the scheduled transaction information to the second device 200 through the first transmission unit 131, for example, when granting transaction authorization to the second device 200. FIG.

According to the above configuration, the first authorization unit 115 can give the transaction authorization to the second device 200 within the scope of the entrusted transaction entrusted by the delegator to the first user. Therefore, it is possible to avoid the risk that the first user will use company A's expenses for the first user's personal transaction, and the risk that the transaction will exceed the amount assumed by the company.

<2. Restriction of Operation Authority by Delegated Operation Scope>
In the transaction support systems 1 and 1a, it is possible to limit the operation authority according to the range of operation of the second device 200 delegated by the company A to the first user (hereinafter also referred to as "delegated operation range").

The acquisition unit of the server device 300 acquires permitted operation information indicating the content of the permitted operation of the second device 200 during the second period from the company device in advance. The permissible operation information is, in other words, also information indicating the delegated operation range. This second period may be the same as or different from the first period. The permissible operation information may include, for example, the content of permissible operations, the date and time when the operation is permitted, and the location where the operation by the operation is permitted. The acquisition unit stores the permitted operation information acquired from the company device in the server storage unit 340 .

The second server transmission unit of the server device 300 may transmit the permitted operation information stored in the server storage unit 340 to the second device 200, for example. The second reception unit 232 of the second device 200 stores the permitted operation information received from the server device 300 in the operation storage unit 241 .

The second authorization unit 213 of the second device 200 may include, for example, a second identification unit (not shown). The second identifying unit refers to the operation storage unit 241 that stores the permissible operation information, and identifies the authority to be given to the first device 100 among the operation authorities of the own device based on the permissible operation information. The second specifying unit may specify the operation authority to be granted, for example, so as to permit only the operation at the location where the operation by the operation included in the permitted operation information is permitted. In addition, the second specifying unit may specify the operation authority validity period to be set in the operation authority, for example, based on the date and time when the operation is permitted, which is included in the permitted operation information. The second authorization unit 213 may limit the transaction authorization to the authorization specified by the second specifying unit and grant it to the second device 200 . The second authorization unit 213 may transmit the permitted operation information to the first device 100 through the second transmission unit 231, for example, when granting the operation authority to the first device 100. FIG.

According to the above configuration, the second authorization unit 213 can give the first user the operation authorization to the first device 100 within the scope of the delegated operation delegated by the delegator. Therefore, it is possible to avoid using the second device 200 for purposes other than those assumed by Company A. Further, the second authorization unit 213 notifies the first user that the operation authorization is restricted and the details of the permitted operations by transmitting the permitted operation information to the first device 100. can be done.

The first electronic certificate and the second electronic certificate may include a plain text of the scheduled transaction information or the permitted operation information and an electronic signature obtained by encrypting the scheduled transaction information or the permitted operation information with a private key.

[Modification 3]
Although not shown in the above embodiment, the first device 100 and the second device 200 may belong to different systems. Also, both devices may use electronic certificates generated by the systems to which they belong as device certification information.

Here, with reference to FIG. 11, an example of electronic certificates when the first device 100 and the second device 200 belong to different systems will be described. In this example, the system to which the first device 100 belongs is the first system 530 . Assume that the second system 540 to which the second device 200 belongs. First system 530 and second system 540 may be included in external system 500 . Also, the first system 530 and the second system 540 may be operated by different operators.

As shown in FIG. 11 , first system 530 includes first device 100 and first server device 531 that implements the server function of first system 530 . Second system 540 includes second device 200 and second server device 541 that implements the server function of second system 540 .

(1) The server generator 311 of the server device 300 generates scheme information. In this example, the scheme information is format information indicating a common format of electronic certificates. (2) Server transmission unit 331 of server device 300 transmits the generated format information to first server device 531 and second server device 541 .

(3-1) Based on the format information transmitted from the server device 300, the first server device 531 generates a first electronic certificate according to the common format. (3-2) The second server device 541 similarly generates a second electronic certificate in accordance with the common format based on the format information. (4-1) First server device 531 transmits the generated first electronic certificate to first device 100 . (4-2) Second server device 541 similarly transmits the generated second electronic certificate to second device 200 .

(5-1) First device 100 registers the first electronic certificate received from first server device 531 in first device storage unit 141 . (5-2) Second device 200 registers the second electronic certificate received from second server device 541 in second device storage unit 242 .

According to the above configuration, it is possible to ensure the authenticity of each device by using the electronic certificate issued by the existing system to which each device belongs. In addition, if the format of the electronic certificate issued by each system is different for each system, it may be difficult to match and verify electronic certificates, such as missing items required for verification or different data types. For this reason, by having each existing system generate an electronic certificate according to the scheme information shared by the server device 300, the format can be unified, and electronic certificates issued by different systems can be matched and verified easily. can be

[Modification 4]
In the above embodiment, the second device 200 connected to the first device 100 via a network and the linked system 550 are used as execution environments for transaction processing, and the transaction authority for the first device 100 is granted. The destination to which authority is granted is not limited to this. For example, a system communicatively connected to the second device 200 may be used as an execution environment for transaction processing, and the first user's transaction authority may be granted to an account of this system. That is, the first device 100 may exchange electronic certificates with the system via the second device 200 to grant transaction authorization.

[Modification 5]
Although not shown in the above embodiments, device certification information, user certification information, or usage information is distributed and managed by a plurality of devices including the server device 300 and each device using distributed ledger technology (blockchain technology), for example. You may For example, when distributed management of device certification information is performed using distributed ledger technology, a plurality of pieces of device certification information may be associated and tampering may be prevented using hash pointer technology.

[Modification 6]
In the above embodiment, the first storage unit 140 of the first device 100 includes the first device storage unit and the transaction storage unit, and the second storage unit 240 of the second device 200 includes the operation storage unit and the second device storage unit. Although an example was shown, it is not the meaning which limits the present invention to this. For example, at least part of these storage units may be provided by an external device (not shown) of the external system 500 .

Reference Signs List 1 transaction support system 100 first device 110 first control unit 112 detection unit 113 first generation unit 114 association unit 115 first authorization unit 130 first communication unit , 131... First transmission unit 140... First storage unit 200... Second device 210... Second control unit 230... Second communication unit 231... Second transmission unit 240... Second storage unit 300 Server device 330 Server communication unit 340 Server storage unit 800 Computer 801 Processor 803 Memory 805 Storage device 807 Input I/F unit 809 Data I/F unit 811 ... communication I/F section, 813 ... display device.

Claims (13)

A device program for controlling a first device having transaction authority regarding a user's transaction and a second device communicably connected to the first device,
to the first device;
a detection function for detecting that the user authorized to use the first device is using the first device;
a first generation function for generating user proof information proving that the user is using the first device based on the result of the detection;
an association function that associates the first device and the second device based on the user's request;
a first transmission function for transmitting the user authentication information to the associated second device;
to the second device;
Based on the user authentication information received from the first device, the second device authentication information is stored by referring to a second device storage function for storing second device authentication information proving the authenticity of the second device. , realizing a second transmission function for transmitting to the first device;
to the first device;
realizing a first authorization function for granting the transaction authorization to the second device based on the second device authentication information received from the second device;
device program. Realizing a second authorization function that gives the first device an operation authorization for operating the second device based on the user authentication information;
A device program according to claim 1. the first transmission function refers to a first device storage function that stores first device certification information proving the authenticity of the first device, and transmits the first device certification information to the second device;
The second authorization function grants the operation authorization to the first device further based on the first device certification information.
A device program according to claim 2. The second transmission function transmits operation information indicating an operation status of the second device to the first device,
wherein the first authorization function grants the transaction authorization to the second device further based on the operating information;
A device program according to any one of claims 1 to 3. referring to a second storage function for storing second device information relating to the second device, generating the second device authentication information based on the second device information, and storing the second device authentication information in the second device storage function; 2 Realize the generation function,
A device program according to any one of claims 1 to 4. the transaction authority granted to the second device includes settlement authority for the transaction;
The second device includes a second payment processing unit that executes processing for payment of the transaction based on the payment authorization.
A device program according to any one of claims 1 to 5. A first identifying authority to be granted to the second device from among the transaction authorities by referring to a transaction storage function that stores scheduled transaction information indicating the transaction scheduled in the first period in the first device. achieve a specific function,
a first authorization function restricts the transaction authorization to the identified authorization and grants it to the second device;
A device program according to any one of claims 1 to 6. With reference to an operation storage function for storing, in the second device, permitted operation information indicating the content of operations permitted on the second device during a second period, the above operation authority is determined based on the permitted operation information. realizing a second specifying function that specifies the authority to be granted to the first device;
The second authorization function limits the operation authorization to the specified authorization and grants it to the first device.
4. A device program according to claim 2 or 3. A device program for controlling a first device having transaction authority for a user's transaction,
to the first device;
a detection function for detecting that the user authorized to use the first device is using the first device;
a first generation function for generating user proof information proving that the user is using the first device based on the result of the detection;
an association function that associates the first device with the user's account in a cooperation destination system based on the user's request;
a first transmission function for transmitting the user authentication information to the associated cooperation destination system;
a first reception function for receiving account certification information indicating the authenticity of the account from the cooperation destination system as a response to the user certification information;
When the account certification information is received from the cooperation destination system, realizing a first authority granting function of granting the transaction authority as authority of the account based on the account certification information,
device program. a first device having transaction authority regarding a user's transaction; a second device communicatively connected to the first device; and a server device communicatively connected to the first device and the second device. a computer system with
The first device is
a detection unit that detects that the user who is authorized to use the first device is using the first device;
a first generation unit that generates user certification information proving that the user is using the first device based on the detection result;
The server device
a first server generation unit that refers to a first server storage unit that stores first device information related to the first device and generates first device certification information that proves the authenticity of the first device;
a first server transmission unit that transmits the first device certification information to the first device;
a second server generation unit for generating second device certification information proving the authenticity of the second device by referring to a second server storage unit that stores second device information about the second device;
a second server transmission unit that transmits the second device certification information to the second device;
The first device is
an associating unit that associates the first device and the second device based on the user's request;
a first transmission unit that transmits the first device certification information received from the server device to the associated second device;
The second device includes a second transmission unit that transmits the second device certification information received from the server device to the first device,
The first device comprises a first authorization unit that grants the transaction authorization to the second device based on the second device certification information received from the second device.
computer system. The first transmission unit transmits the second device certification information received from the second device to the server device,
The second transmission unit transmits the first device certification information received from the first device to the server device,
The server device
a first matching unit that refers to the first server storage unit and matches the first device information with the first device authentication information received from the second device;
a second matching unit that refers to the second server storage unit and matches the second device information with the second device authentication information received from the first device as a result of matching by the first matching unit; and a notification unit that notifies the user of at least one of the results of matching by the second matching unit,
11. Computer system according to claim 10. The second device includes a second authorization unit that gives the first device an operation authorization for operating the second device, based on the user authentication information.
A computer system according to claim 10 or 11. The associating unit generates pairing information indicating an association between the first device and the second device in order to generate and distribute a common key to be shared by the first device and the second device,
The first transmission unit transmits the pairing information to the server device,
A server generation unit that generates the common key based on the pairing information,
The first server transmission unit transmits the common key to the first device,
The second server transmission unit transmits the common key to the second device,
The first transmission unit transmits the first device certification information encrypted with the common key to the second device,
The second transmission unit transmits the second device certification information encrypted with the common key to the second device,
The first authorization unit grants the transaction authorization to the second device when the encrypted second device certification information can be decrypted with the common key,
The second authority granting unit grants the operation authority to the first device when the encrypted first device certification information can be decrypted with the common key.
13. Computer system according to claim 12.

Images