WO2018142605A1 - Mobile terminal, server, control method, and program - Google Patents

Mobile terminal, server, control method, and program Download PDF

Info

Publication number
WO2018142605A1
WO2018142605A1 PCT/JP2017/004178 JP2017004178W WO2018142605A1 WO 2018142605 A1 WO2018142605 A1 WO 2018142605A1 JP 2017004178 W JP2017004178 W JP 2017004178W WO 2018142605 A1 WO2018142605 A1 WO 2018142605A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
operator
payer
detected
payment
Prior art date
Application number
PCT/JP2017/004178
Other languages
French (fr)
Japanese (ja)
Inventor
亘 鈴掛
Original Assignee
楽天株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 楽天株式会社 filed Critical 楽天株式会社
Priority to PCT/JP2017/004178 priority Critical patent/WO2018142605A1/en
Priority to JP2017549364A priority patent/JP6244070B1/en
Publication of WO2018142605A1 publication Critical patent/WO2018142605A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • G06Q20/3263Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities

Definitions

  • the present invention provides a portable terminal that an operator who intends to take over the electronic property from the owner of the electronic property presents the owner, a server that distributes a program executed on the portable terminal, a method for controlling the portable terminal, And related to the program.
  • an electronic money system instead of carrying cash in a wallet, it is associated with a portable device (corresponding to a wallet) and represented by electronic information or electronic value (corresponding to cash in the wallet) ))
  • a portable device corresponding to a wallet
  • electronic information or electronic value corresponding to cash in the wallet
  • An electronic property such as electronic money or electronic value that is equivalent to real-world cash or other property and that represents the value electronically is called electronic property.
  • electronic property When paying with electronic money to purchase a product or service, the provider of the product or service inherits the amount equivalent to the payment amount of the electronic property owned by the payer.
  • Electronic contents such as documents, moving images, music, and personal information of owners are also a kind of electronic property.
  • the owner of the electronic content can grant the right to use or refer to the electronic content to a person who has paid for the electronic content. This permission can be interpreted as succession of the electronic property. Furthermore, when various events and entertainment tickets, various coupon tickets, cash vouchers, etc. are electronically traded, the electronic property representing the ticket, coupon ticket, or cash voucher is succeeded.
  • the payer moves the portable device close to the reader / writer operated by the provider of the goods or services, so that he / she only touches the portable device and the reader / writer.
  • NFC Near Field Communication
  • the electronic value associated with the portable device is reduced by the amount of payment.
  • the portable device and the reader / writer do not need to be in contact with each other, but the distance typically needs to be close to several millimeters.
  • This electronic circuit generally operates by electric power generated by electromagnetic induction by NFC radio waves emitted from a reader / writer.
  • mobile terminals such as mobile phones and smartphones are also widely used in the same way as above, which incorporates an NFC electronic circuit inside, as well as an NFC card in a SIM card for telephone communication (Subscriber Identity Card).
  • SIM card for telephone communication
  • a device provided with a communication function has also been proposed.
  • radio waves emitted from the reader / writer can be used as a power source, and power can be supplied from a battery included in the main body of the mobile terminal.
  • an electronic circuit for NFC that can receive power supply from the mobile terminal main body includes (a) card emulation that works as a portable device to carry in and out electronic value in the account assigned to the electronic circuit Mode, (b) Reader / writer mode for processing information related to electronic value assigned to other portable devices and functioning as a reader / writer, (c) Various messages such as e-mail addresses between electronic circuits In many cases, it has a P2P (Peer To Peer) mode for sending and receiving.
  • P2P Peer To Peer
  • a mobile terminal such as a mobile phone or a smartphone can function as a wallet for electronic money, or can function as a reader / writer.
  • a technology for paying electronic value from an electronic money card by making the mobile terminal function as a reader / writer of an electronic money system and establishing communication by bringing the electronic money card close to the mobile terminal. It has been proposed (see Patent Document 1, paragraphs 0072 and 0073).
  • the mobile terminal used by the store owner for telephone calls can function as a reader / writer for the electronic money system, while reducing the cost of capital investment. Will be able to receive electronic value payments.
  • the store owner downloads the program for the portable terminal from the distribution server or the like of the electronic money business operator and executes the program on the portable terminal.
  • Patent Document 2 proposes a technique for suppressing unauthorized use by referring to the position and inclination of the mobile terminal.
  • the present invention is intended to solve the above-described problem, and is suitable for suppressing unauthorized use in a portable terminal presented to the owner by an operator who intends to succeed the electronic property from the owner of the electronic property.
  • An object is to provide a portable terminal, a server for distributing a program executed on the portable terminal, a control method for the portable terminal, and the program.
  • the mobile terminal is presented to the owner of the electronic property by the operator and is a mobile terminal, and the mobile terminal executes a program, Detecting the position of the mobile terminal; From the history of the detected position, it is estimated whether the mobile terminal is moving, If it is estimated that the portable terminal is moving, near field communication with a portable device used for succession of the electronic property from the owner to the operator is restricted.
  • the program can be distributed from the server to the mobile terminal via a temporary transmission medium, or recorded on a non-temporary computer-readable information recording medium, and the information recording medium is distributed, It can also be installed on a mobile terminal.
  • Electronic value in an electronic money system is an electronic property having a value similar to cash.
  • Electronic value may be managed in the same currency unit so that it can be exchanged with cash or from one side to the other, or it may be converted at the time of exchange using an original unit. It is also possible to use various points given in accordance with user actions (purchasing products, answering questionnaires, visiting stores, etc.) as electronic value.
  • This embodiment can be applied to an electronic money system called a stored-value type.
  • electronic value also called “balance”
  • portable devices such as cards, mobile phones, and smartphones that incorporate electronic circuits. Manage in association.
  • a stored value type system it is common to store a numerical value of available electronic value in an electronic circuit of a portable device. This aspect corresponds to a state where cash is in the wallet.
  • the value associated with the portable device will be referred to as “remaining value” in comparison with “cash remaining in the wallet”.
  • a product or service provider accepts payment for a user by using a reader / writer that can communicate with a portable device.
  • a reader / writer that can communicate with a portable device.
  • communication between the portable device and the reader / writer becomes possible.
  • various commands are sent from the reader / writer to the portable device, the execution result of the command is available. Sent from the portable device to the reader / writer.
  • the remaining value associated with the portable device is decreased by the electronic value specified in the command. This corresponds to taking out cash from the wallet.
  • the decrease command is used when paying a consideration, that is, “billing” in a transaction for receiving provision of goods or services.
  • the electronic value specified in the decrease command is referred to as “price value”.
  • the heel increase command increases the remaining value associated with the portable device by the electronic value specified in the command. This corresponds to putting cash in the wallet.
  • the increase command is used, for example, when a user charges a portable device with electronic value corresponding to the cash instead of paying cash to the store clerk at the store.
  • an application that operates in the portable device responds to a command sent via the computer communication network. It is also possible to acquire or increase / decrease the residual value associated with the portable device. In this case, it is possible to pay the price and charge the remaining value without using the reader / writer.
  • the fact that the electronic value is increased or decreased by a decrease command or an increase command means that a value transfer has occurred between the payer and the provider.
  • the provider transmits this value transfer information to the electronic money management server.
  • the electronic money management server is operated by an operator of the entire electronic money service. If the payment information stored in the electronic money management server is added up, the total amount of electronic value that the provider has obtained or lost within that period can be obtained.
  • the provider If the provider has acquired electronic value, it can be obtained by exchanging cash from the operator. On the other hand, if the electronic value is lost, the provider is responsible for paying the operator cash or the like for the electronic value.
  • an intermediate trader may be interposed between the provider and the operator of the entire electronic money service.
  • This company is called an electronic money service provider, and provides advice and support for the provision of infrastructure and handling of electronic value necessary for the provider to receive payment by electronic value.
  • a mobile terminal such as a mobile phone or a smartphone prepared by a provider is used as a reader / writer, but a program for causing the mobile terminal to function as a reader / writer is A distribution server or the like prepared by an operator or business operator distributes it to mobile terminals.
  • NFC is used for communication between a portable terminal functioning as a reader / writer and a portable device within the communicable range, but infrared communication or Bluetooth (registered trademark) is used. Also good.
  • the present embodiment can also be applied to an electronic money system called a server value method.
  • a server value method identification information of an account corresponding to a wallet of electronic value is acquired from a portable device, and the account and the remaining value in the account are managed in the server of the operator or operator.
  • the portable device functions as an identification tag for identifying an account, but does not store the remaining value itself.
  • the mobile terminal functions as a user interface for exchanging various information with a reader / writer and a human, and transmission / reception of commands to / from the portable device is controlled by a thin client server.
  • This thin client server may be prepared by the provider itself, or may be one in which the business operator has set a usage right for the provider.
  • the thin client server plays a role of depositing and outputting electronic value in the provider. Management information is exchanged between the thin client server and the operator regularly, typically once a day, and the total amount of electronic value owned by the provider is required.
  • this embodiment can also be applied to a so-called rich client system.
  • the portable terminal relays communication between the portable device and the server and is responsible for interaction with the user.
  • the portable terminal further serves as a server. Become. That is, the mobile terminal examines command transmission / reception with the portable device, and also bears regular communication with the operator.
  • the mobile terminal of this embodiment can use hardware such as a smartphone or a mobile phone, can be configured by a dedicated electronic circuit, or can be realized by causing a computer to execute a program. Is possible.
  • a technology such as FPGA (Field Programmable Gate Array) that compiles a program into an electronic circuit design script and dynamically configures the electronic circuit based on the design script. By applying, it is possible to configure the portable terminal of this embodiment.
  • the portable terminal of the present embodiment in order to prevent as much as possible unauthorized acts by the operator of the portable terminal (including the provider, the person hired by the provider, and the person who steals the portable terminal from the provider). Utilize various technologies. In the following, first, these techniques will be outlined.
  • the first technology uses the biometric information of electronic value payers.
  • the payer is requested to take an action such as touching a predetermined part of the mobile terminal, and the intention to agree to the payment is confirmed.
  • the same payer agrees to pay continuously.
  • the second technology uses the tilt of the mobile device.
  • the portable device is placed close to the NFC electronic circuit so that the payer can see the front or back of the card. It is common.
  • mobile terminals such as mobile phones and smartphones often have a plate shape, and electronic circuits for NFC are arranged on the front or back surface of the plate.
  • the electronic value can be paid through the mobile terminal.
  • the portable terminal is moved closer to the bottom of the bag.
  • the attitude of the fraudster at this time is unnatural and conspicuous. Therefore, it is considered that fraud can be suppressed.
  • the third technique is to notify a person around the portable terminal such as a payer by audible sound, visible light, or vibration when paying with electronic value.
  • the notification performed here is desirably performed with the maximum volume, the maximum light amount, and the maximum vibration.
  • the owner of the portable device is warned that the electronic value will be paid from the account of the portable device.
  • This notification can be sent before payment of electronic value (e.g. while prompting the payer for consent), during payment (e.g. while NFC chip searches for nearby portable devices), after payment (e.g. , After payment is successful and the portable device is ready to go.
  • FIG. 1 is an explanatory diagram showing an outline of a mobile terminal according to an embodiment of the present invention.
  • a description will be given with reference to FIG.
  • the mobile terminal 101 is realized by downloading a program distributed from a server by an electronic money system operator or operator to terminal hardware such as a smartphone or a mobile phone.
  • programs executed on terminal hardware are compact disk, flexible disk, hard disk, magneto-optical disk, digital video disk, magnetic tape, ROM (Read (Only Memory), EEPROM (Electrically Erasable Programmable ROM), flash memory, semiconductor It can be recorded on a computer-readable non-transitory information recording medium such as a memory. This information recording medium can also be distributed and sold independently of the terminal hardware.
  • a program recorded in a non-transitory information recording medium such as a flash memory is read after being read into RAM (Random Access Memory), which is a temporary storage device.
  • RAM Random Access Memory
  • CPU Central Processing Unit
  • the CPU directly reads and executes instructions included in the program stored in ROM.
  • the above-mentioned program may be connected to a terminal hardware from a distribution server or a management server managed by an operator via a transitory transmission medium such as a computer communication network independently of a computer on which the program is executed. It can be distributed and sold to etc.
  • the mobile terminal 101 includes an acquisition unit 102 and a control unit 103. Further, a prompt unit 104, a holding unit 105, an erasing unit 106, a notification unit 107, a setting unit 108, and a detection unit 109 are provided as optional elements. The operation of each part will be outlined below.
  • the bag acquisition unit 102 acquires biometric information of a payer who intends to pay electronic money.
  • biometric information a payer's fingerprint, voiceprint, face shape, retina shape, iris shape, or the like can be used.
  • the biometric information is acquired using a fingerprint sensor, a touch panel, a microphone, a camera, or the like included in the terminal hardware.
  • Prompt unit 104 outputs a message prompting the payer to take an action to agree to the payment.
  • the message is displayed on a display device such as a touch screen included in the terminal hardware under the control of the CPU included in the terminal hardware.
  • the action may be urged by voice from a speaker or the like included in the terminal hardware.
  • the action it is possible to make the payer touch the button displayed on the touch screen, or to make the payer agree to the payment by voice.
  • the biometric information is acquired from the action performed by the payer, it is considered that the psychological resistance of the payer is reduced and the transaction proceeds smoothly.
  • a payer's effort can be reduced.
  • the payer when fingerprints are adopted as biometric information, when consenting to payment, the payer is prompted to touch the fingerprint sensor of the terminal hardware, and the action can be taken when the fingerprint is acquired from the fingerprint sensor. It is considered that it was done.
  • the payer's fingerprint may be acquired from a touch screen of the terminal hardware.
  • the utterance of the payer that consents to the payment is acquired by the microphone of the terminal hardware, and it is determined whether or not an action has been taken from the result of voice recognition of the utterance. At the same time, when an action is taken, a voiceprint is acquired from the utterance.
  • a camera for self-photographing of terminal hardware can be used.
  • the display device displays an image photographed by the camera, and also displays a figure of a frame that serves as a guide. And if you agree with payment, move the terminal hardware or payer's face so that the contour of the photographed payer's face and eyes almost match the border of the guide, then for a predetermined time Encourage the payer to take action to maintain that position (several seconds).
  • the shape of the face, retina, and iris are also acquired.
  • image and sound information acquired by a sensor, a microphone, and a camera are not used as biometric information as they are, but feature values extracted from these pieces of information are used as biometric information.
  • a more suitable system is realized from the viewpoint of privacy.
  • the process of extracting feature quantities from the acquired image and audio information is performed using a CPU of the terminal hardware or a dedicated chip for biometric information processing. A known technique may be employed.
  • the bag holder 105 holds the payer's biometric information acquired in the past for a predetermined period or a predetermined number.
  • the holding unit 105 may separately hold biological information of an operator who operates terminal hardware such as a store clerk or a salesperson.
  • the holding unit 105 is realized by a nonvolatile non-transitory storage device, for example, a flash memory included in terminal hardware.
  • the bag control unit 103 controls payment by electronic value, and is realized by a CPU included in the terminal hardware.
  • the control unit 103 determines the possibility of fraudulent activity and determines whether or not to accept payment of electronic value as it is according to the possibility. If the electronic value payment is accepted as it is, the NFC chip of the terminal hardware is controlled to search for a nearby portable device. If a portable device is detected, a decrease command is transmitted to the portable device, the result is received, and if the decrease command is successful, it is assumed that payment of electronic value is completed.
  • the payment of the electronic value from the payer may be rejected, or the electronic value payment process may be started after passing another high-level check.
  • each of the payer's biometric information acquired in past transactions and payments and the payer who is going to pay the electronic value this time are acquired. Some biometric information is collated. In this aspect, if any of the former matches the latter, that is, if it is determined that the past payer is also a payer this time, there is a high possibility of fraud, and the current payer If it is determined that it is different from any of the past payers, it is determined that the possibility of fraud is low.
  • the erasure unit 106 erases the biometric information acquired the oldest of the payer from the holding unit 105. That is, the holding unit 105 is realized by the CPU of the terminal hardware cooperating with the flash memory or the like. As described above, the holding unit 105 holds the biometric information of the payer acquired in the past for a predetermined period or a predetermined number.
  • the holding unit 105 holds only one piece of payer's biometric information acquired in the past, or the deletion unit 106 deletes the oldest biometric information after payment of electronic value, and the payment completed this time
  • the payer's biometric information held in the holding unit 105 is only the biometric information of the payer who has just been paid for electronic value, and the previous payer's biometric information. Information is not retained. For this reason, further consideration can be given to the payer's privacy.
  • the biometric information acquired by the acquisition unit 102 matches the biometric information of the operator held in the holding unit 105, the payer's explicit consent has not been given, and the operator takes action instead. It is highly probable that he took In such a case, it is desirable that the electronic value is not paid unless a higher level check is passed, considering that there is a possibility of fraud.
  • the notification unit 107 emits audible sound, visible light, vibration, and the like to be paid for electronic value by a display device included in the terminal hardware, a speaker, a vibrator, an LED (Light Emitting Diode), a lamp, etc. Inform people in the vicinity of the terminal 101.
  • the operator can set the output intensity (brightness and blinking pattern, sound volume, vibration magnitude and pattern) of the display device, speaker, vibrator, LED and lamp via the setting unit 108.
  • the notification that the electronic value is paid is output with the predetermined strength even if the operator setting is weaker than the predetermined strength. If the operator setting is greater than or equal to a predetermined strength, the output may be output at the predetermined strength, or may be performed according to the operator setting. By being noticeable, it is possible to suppress fraudulent acts such as crowds.
  • the eyelid detection unit 109 is realized by various sensors that detect various states of the terminal hardware. For example, according to the tilt sensor, the orientation or attitude of the terminal hardware can be acquired. Therefore, only when the angle formed by the horizontal plane and the surface where the front and rear surfaces of the plate-shaped terminal hardware are spread is smaller than a predetermined threshold value and approximately parallel, the control unit 103 is not connected to the portable device. If NFC is performed and the angle is outside the specified range, NFC can be restricted, so that the attitude of the operator when receiving payment of electronic money can be limited, and illegal activities such as crowding Action can be suppressed.
  • a tilt sensor if a tilt sensor is used, a change in the tilt of the terminal hardware can be acquired. If a microphone is used, an audible sound around the terminal hardware can be acquired.
  • a technique for acquiring the current ambient brightness based on an image photographed by a brightness sensor or a camera in order to determine the necessity of flash photography using an LED or the like, there is a technique for acquiring the current ambient brightness based on an image photographed by a brightness sensor or a camera.
  • the CPU or dedicated chip of the terminal hardware matches the change in voice, brightness, and tilt measured by the sensor with the pattern of change in notification by the notification unit 107, so that the notification is actually sent to the surrounding people.
  • the size that is perceived by can be detected.
  • the size of the detected notification is sufficiently large compared to the strength at the time of outputting the notification, unauthorized modification of the terminal hardware (for example, covering the speaker, covering the LED, removing the vibrator, etc.) ) Or failure.
  • the size of the detected notification is smaller than the strength at the time of outputting the notification according to a predetermined criterion, there is a possibility of unauthorized modification or failure of the terminal hardware. It can be determined that there is a possibility of fraud.
  • GPS Global Positioning System
  • it can be determined whether or not the use area is within the use area based on the detection result of the GPS.
  • the terminal hardware has a wireless LAN (Local Area Network) communication function
  • SSID Service Set IDentifier
  • a command for processing electronic value is exchanged between the portable device and the thin client server via the mobile terminal 101. Therefore, if the thin client server operates only within the LAN and cannot be reached from outside the LAN, and the physical area of the LAN is limited, the mobile terminal 101 communicates with the thin client server. If possible, it can also be determined to be within a specific region.
  • the first technology (payers' biometric information), the second technology (terminal hardware inclination), the third technology (notification by audible sound, etc.), the fourth technology (location)
  • the flow of processing in a mode in which all of the above restrictions are adopted will be described.
  • the first to fourth techniques can be appropriately selected and omitted.
  • fingerprints are used as biometric information and fingerprints are obtained from a touch screen.
  • various types of biometric information can be adopted. is there.
  • a business operator assigns a shop code and a password to each provider when a contract related to an electronic money service is made with a plurality of providers (shops). Based on the shop code and password, the business operator manages the accounting of electronic value for each provider.
  • FIG. 2 is a flowchart showing a flow of processing executed by the mobile terminal according to the embodiment of the present invention.
  • this process is started by executing a program on the terminal hardware, and the portable terminal 101 is realized by this process.
  • the mobile terminal 101 first receives an input of a shop code and a password assigned in advance to the provider in order to associate the mobile terminal 101 with the provider (step S201). ).
  • step S201 in this embodiment, first, an input form is displayed on the touch screen arranged on the surface of the terminal hardware.
  • FIG. 3 is a display example of an input form for the provider to log in to the thin client server.
  • a description will be given with reference to FIG.
  • a touch screen 252 is prepared on the surface of the terminal hardware 251, a camera 261 for photographing a person who is looking at the touch screen 252, a telephone call and In addition, a microphone 262 and a speaker 263 for inputting and outputting audio are also arranged. In this figure, an input form 301 is displayed on the touch screen 252.
  • a shop code field 302 and a password field 303 are prepared.
  • the operator inputs information into these using the terminal hardware software keyboard (not shown) and taps the next button 304, the entered shop code and password, and identification of the terminal hardware are displayed.
  • Information (manufacturing number, MAC address, etc.) is transmitted to the thin client server via the wireless LAN, and the portable terminal 101 and the provider are linked (step S202).
  • step S201 if there is an input error in the shop code or password and the authentication in the thin client server fails, the process returns to step S201 to request another input (not shown in the flowchart).
  • FIG. 4 is a display example of a fingerprint registration form for an operator to register biometric information.
  • the fingerprint registration form 401 is provided with an elliptical touch area 402 for touching a finger. If the operator's finger touches the touch area 402 according to “touch the operator's (seller) 's finger on an ellipse” displayed in the message field 405 and the fingerprint feature information can be acquired from the touch state on the touch screen, the message field 405 Will display "Tap registration to register this fingerprint” (not shown).
  • FIG. 5A is an explanatory diagram for explaining an aspect of a holding unit that holds biological information.
  • FIG. 5B is an explanatory diagram for explaining another aspect of the holding unit that holds the biological information.
  • the heel holding unit 105 is provided with an operator area 451 for holding the operator's biometric information and a payer area 471 for holding the payer's biometric information as will be described later.
  • the operator area 451 of the present embodiment holds the biological information of the operator as an array, and “none” is recorded in each element in the initial state.
  • biometric information is to be registered in step S204, first, an element in which “none” is recorded is searched from the array, and the new operator's biometric information is written in the found element.
  • This figure shows a state in which only one operator's biological information is recorded.
  • the payer area 471 is an area for recording the payer's biological information, and details thereof will be described later.
  • FIG. 6 is a display example of an outline form for showing an outline of login and registration. Hereinafter, a description will be given with reference to FIG.
  • the shop code accepted in steps S 201 -S 204 and the number of registered fingerprints are displayed in the outline column 502.
  • the operator taps the next button 503. Then, the process proceeds to step S206.
  • step S205 If the shop code, password, and operator fingerprint feature information are stored in a non-volatile manner in a flash memory, etc., the explicit provider information entry and operator fingerprint registration will be omitted at the next program startup. Is possible. That is, the processing of steps S201 and S203-S204 is omitted, and the portable terminal 101 is associated with the provider in the thin client server by using the already stored shop code and password, and the process proceeds to step S205.
  • the detection unit 109 detects the current position of the mobile terminal 101 (step S206).
  • GPS can be used outdoors. Also, in situations where GPS accuracy is a problem, GPS is not available because payment is made inside the building, GPS positioning time and battery consumption are problems, nearby wireless LAN access points It is also possible to acquire the SSID and detect the current position from the information.
  • step S207 it is determined whether or not the detected current position is within an available area allocated in advance to the shop code.
  • the available area information is downloaded from the thin client server to the mobile terminal 101 when the association is performed.
  • step S206 After detecting the physical current position (step S206), it is not determined whether the position is within the usable range (step S207), but a specific node in the LAN (for example, in the LAN) Whether or not the current position is within the available area may be determined based on whether communication with a POS register, a management computer, a network printer, or the like is possible.
  • step S207 If it is found that the mobile terminal 101 is in an available area by these methods (step S207; Yes), acceptance of payment of electronic value is started. On the other hand, if the mobile terminal 101 is not in the available area (step S207; No), in this aspect, the process returns to step S201 and is initialized again. However, after issuing a warning to the operator, the process may return to step S206, or the program itself may be terminated.
  • FIG. 7 is a display example of an amount form that requests input of the amount of electronic value related to payment.
  • a description will be given with reference to FIG.
  • a value field 602 for displaying the amount of electronic value for which payment is required and a software keyboard 603 are arranged.
  • the operator taps a number key on the software keyboard 603 the number assigned to the key is added to the value field 602. If the operator taps the delete key, the value in the value field 602 is deleted from the end.
  • FIG. 8 is a display example of a payment confirmation form that asks the payer to take an action to agree to the payment.
  • the amount of electronic value to be paid by the payer entered in the amount form 601 and a message “Touch an ellipse if you agree to payment” are displayed. If there is an error in the amount, for example, if the return button 705 is tapped, it is possible to return to step S208 to re-enter the amount (not shown in the flowchart).
  • the payment confirmation form 701 is provided with an elliptical touch area 703 for the payer to touch his / her finger.
  • the acquisition unit 102 of the mobile terminal 101 uses the fingerprint feature information as the payer's biometric information based on the contact status with respect to the touch screen. Obtain (step S210).
  • control unit 103 checks whether the payer's biometric information acquired in step S210 matches any of the operator's biometric information held in the holding unit 105 (step S211).
  • the biological information of the operator is recorded in the biological information column of each element of the array of the operator area 451 of the holding unit 105, and each element whose value is not “none” and the biological information of the payer Match information.
  • step S211 If any of them matches (step S211; Yes), the payment by the payer has not been agreed, and the process returns to step S209. At this time, a warning or a message may be presented as appropriate.
  • step S211 If neither matches (step S211; No), it is checked whether the payer's biometric information acquired in step S210 matches any of the past payer's biometric information held in the holding unit 105 (step S212). ). As will be described later, the payer's biometric information acquired in step S210 is registered in the holding unit 105 after payment is completed, and used as past payer's biometric information.
  • the biometric information of the payer is recorded in the biometric information column of each element of the array of the payer area 471 of the holding unit 105, and each of those whose value is not “None” is collated with the biometric information of the payer. .
  • step S212 If no match is found (step S212; No), the biometric information check is passed, and processing for receiving payment of electronic value from the payer's portable device is started.
  • the notification unit 107 outputs a notification indicating that a portable device is being detected at a predetermined intensity by using an audible sound, visible light, vibration, etc., so as to let the surrounding people know (step S214).
  • the mobile terminal 101 displays a communication form related to NFC with the portable device on the touch screen 252 (step S215).
  • FIG. 9 is a display example of a communication form indicating that NFC with a portable device is to be started.
  • FIG. 10 is an explanatory diagram showing a state of the back side of the terminal hardware. Hereinafter, a description will be given with reference to FIG.
  • a camera 264 for photographing landscapes and other people is arranged, and a mark 253 indicating a place where the NFC chip is arranged is affixed.
  • the NFC chip detects the portable device.
  • step S208 the control returns to step S208 and starts again from the input of the amount (not shown in the flowchart). Thereby, acceptance of payment of electronic value by the present amount can be canceled.
  • the detection unit 109 detects the tilt of the terminal hardware 251 by the tilt sensor (step S217). Then, it is checked whether or not the detected inclination and the target inclination are within a predetermined error range (step S218). In the present embodiment, the direction of the outward normal on the surface is detected and used as the inclination of the terminal, and the target inclination is set as the direction of gravity.
  • step S218 If both are not within the predetermined error range (step S218; No), the process returns to step S214. At this time, the message may be displayed in the message field 802 of the communication form 801 so that the inclination is correct. Therefore, even if the NFC chip and the portable device are close enough to enable NFC, the electronic value is not paid.
  • FIG. 11 is an explanatory diagram showing a state in which the portable device is brought close to the terminal hardware.
  • the NFC chip detects the portable device and both Communication becomes possible.
  • step S219 if the portable device is not detected (step S219; No), the process returns to step S214. Therefore, while the mobile terminal 101 is trying to detect the portable device, the notification is repeatedly output.
  • the mobile terminal 101 when the payer tries to bring the portable device 254 closer to the mobile terminal 101, the mobile terminal 101 is turned over, and the display on the touch screen is not visible to either the payer or the operator. Therefore, the notification pattern is changed depending on whether or not the inclination of the mobile terminal 101 is correct, that is, whether or not the outward normal vector of the touch screen surface and the direction of gravity are within a predetermined error range. Is desirable.
  • the pitch, tone, and melody of the notification sound that is emitted are different between the correct inclination and the incorrect inclination, or if the correct inclination is obtained by continuously vibrating during the incorrect inclination If the vibration patterns are different, such as intermittent vibration, the operator can know the current state of the mobile terminal 101 without displaying on the touch screen.
  • the detection of the portable device is attempted only while the inclination in which the back surface of the portable device 254 is disposed substantially horizontally on the upper side is detected, but the inclination for attempting the detection is determined by the terminal hardware. Changes can be made as appropriate according to the shape of the wear and the operation at the store.
  • the mobile terminal 101 transmits the amount to be paid to the thin client server via the wireless LAN (step S220). ). Then, the communication relay between the portable device and the thin client server is started.
  • the thin client server receives the amount to be paid from the mobile terminal 101
  • the thin client server confirms whether or not the mobile terminal 101 is the mobile terminal 101 linked in step S202. If the mobile terminal is not linked, the payment may be rejected. In this case, the mobile terminal 101 may report an error and end the process, or return to step S201 and log in to the thin client server again (not shown in the flowchart). .
  • the mobile terminal 101 receives the decrease command transmitted from the thin client server via the wireless LAN (step S221), and transmits the received decrease command to the portable device via the NFC chip ( Step S222).
  • the mobile terminal 101 receives the execution result of the decrease command transmitted from the portable device (step S223), and transmits the received execution result to the thin client server (step S224).
  • the execution result in this case includes the amount of electronic value remaining in the portable device after payment.
  • the mobile terminal 101 receives the instruction transmitted from the thin client server (step S225). If this instruction specifies the completion of payment and the amount of remaining electronic value (step S226; Yes), the mobile terminal 101 determines the number of biometric information of past payers held in the holding unit 105. Is less than or equal to a predetermined upper limit (step S227). If the upper limit is exceeded (step S227; No), the erasure unit 106 erases one of the oldest payer's biometric information (step S228), and proceeds to step S229.
  • step S227 if it is equal to or less than the upper limit (step S227; Yes), the latest biometric information acquired in step S210, that is, the biometric information of the payer related to the current payment is held in the holding unit 105 (step S229).
  • the number of pieces of biological information held in the holding unit 105 is controlled to be a predetermined number or less.
  • this upper limit is set to 1
  • the holding unit 105 holds at least one past payer's biometric information. For this reason, it is possible to minimize the period during which the biometric information of past payers is stored in the mobile terminal 101, and it is possible to operate in consideration of privacy.
  • the payer's biometric information is recorded in the payer area 471 of the holding unit 105.
  • the payer area 471 is realized by an array, and in the example shown in FIG. 5A, a biometric information field and a time stamp field are prepared for each element, and the payer area 471 has a plurality of elements (this figure). Then 4).
  • the biometric information column of each element records the payer's biometric information
  • the time stamp column records the date and time when the biometric information was acquired or the date and time when the payment was completed.
  • the payer area 471 has only one element and a biometric information field is prepared, but there is no time stamp field.
  • biometric information field 473 and the time stamp field 474 in each element 472 of the payer area 471 “none” is recorded if nothing is registered, as in the operator area 451.
  • the element 472 with the oldest date and time recorded in the time stamp field 474 is searched, and the biometric information field 473 and the time stamp field 474 of the element 472 are searched.
  • step S2208 the oldest biometric information is deleted and then the current biometric information is held.
  • the living person information and the acquisition date / time or payment completion date / time of the current payer may be overwritten.
  • the holding unit 105 does not hold the biometric information of the past payer.
  • the last registered biometric information of the operator can be adopted as the initial value of the biometric information of the past payer in the holding unit 105.
  • verification with the operator's biometric information may be omitted as appropriate.
  • the notification unit 107 outputs a payment completion notification by audible sound, visible light, vibration, or the like (step S230).
  • the notification here preferably has a different output pattern from the notification while the portable device is being detected.
  • the operator knows that the payment of the electronic value has been completed from the output pattern of the notification, turns the mobile terminal 101 over and makes the touch screen visible.
  • FIG. 12 is a display example of a message form indicating that payment of electronic value has been completed.
  • a description will be given with reference to FIG.
  • the message field 902 of the message form 901 As shown in this figure, in the message field 902 of the message form 901, the amount of electronic value paid, the amount of electronic value remaining in the account of the portable device, and a greeting are displayed.
  • the next button 903 of the message form 901 is tapped, control returns to step S208, and acceptance of payment for the next electronic value is started.
  • the thin client server transmits an instruction indicating that the payment is not completed. Therefore, if the instruction received by the mobile terminal 101 does not specify that payment is complete (step S226; No), the notification unit 107 outputs a notification of payment failure using audible sound, visible light, vibration, or the like. (Step S232). It is desirable that the notification here also has a different output pattern from other notifications. Then, the operator can know from the notification output pattern that the payment of the electronic value has failed.
  • step S226 If the settlement has failed (step S226; No), the mobile terminal 101 changes the display in the message field 802 of the communication form 801 to indicate that the remaining amount is insufficient (step S233), and returns to step S215.
  • FIG. 13 is a display example of a communication form indicating that the remaining amount of electronic value is insufficient.
  • the message “Balance is insufficient. Please bring another portable device close” is displayed, so the operator must turn over the mobile device 101 and confirm that. Can do. If it is desired to stop paying itself, the operator or the like may tap the return button 803 of the communication form 801 as described above.
  • step S212 when the biometric information of the past payer and the biometric information of the present payer match (step S212; Yes), the electronic money is obtained by performing a high level confirmation by the operator. Allow payment. Since this confirmation requires time and effort, it is possible to suppress repeated fraud.
  • FIG. 14 is a display example of a payment confirmation form that asks the payer for a high level confirmation.
  • a description will be given with reference to FIG.
  • step S209 “Confirm by operator touching ellipse” is described in the message field 702, prompting the operator to take an action.
  • the acquisition unit 102 of the mobile terminal 101 acquires the biological information of the operator from the contact state with respect to the touch screen (step S235).
  • control unit 103 of the terminal device 101 checks whether the operator's biometric information acquired in step S235 matches any of the operator's biometric information held in the holding unit 105 (step S236). If it matches any one (step S236; Yes), it is determined that the operator has confirmed that the payer has agreed to the payment, and the process proceeds to step S214.
  • step S236 If no match is found (step S236; No), if the acquisition of the biological information of the operator in step S234 has not reached the predetermined number of retries (step S237; No), the process returns to step S235.
  • step S237 If the number of retries has been reached (step S237; Yes), the portable terminal 101 displays a message form 901 on the touch screen to notify that payment cannot be settled (step S238).
  • This situation may be caused by mistakes caused by the work procedure on the provider side or a failure of the fingerprint sensor, or when the portable terminal 101 is stolen.
  • FIG. 15 is a display example of a message form indicating that electronic value cannot be paid.
  • a description will be given with reference to FIG.
  • the message field 902 of the e-mail message form 901 describes that an electronic value payment cannot be settled, an error code, a contact phone number of a business operator, and the like, and induces an inquiry from the provider.
  • step S208 the process returns to step S208, and the input of the payment amount of the electronic value is resumed.
  • the program itself may be stopped or the provider may be re-registered by returning to step S201.
  • the touch area 402, 703 displayed in the touch screen is not touched by the operator or payer, but the action of touching the fingerprint sensor prepared in the terminal hardware is adopted, thereby allowing the operator or payer to touch. It is good also as an action of a payer's consent while acquiring a living person's biometric information.
  • fraudulent acts relating to payment of electronic value occur by appropriately adopting technology related to payer's biometric information, terminal hardware tilt, audible sound notification, and location restrictions.
  • the control flow is advanced so as not to pay, and the NFC with the portable device is restricted, so that fraud can be effectively suppressed.
  • whether or not two pieces of biological information are acquired from the same person is determined by whether or not the similarity between the two pieces of information exceeds a predetermined threshold. That is, the similarity is high if there are many matches of the biometric information, and the similarity is low if there are many mismatches.
  • the similarity threshold for determining whether or not to match is changed according to the elapsed time since biometric information of a past payer is acquired, thereby obtaining biometric information. Will be properly verified.
  • a threshold is associated with each biometric information of a past payer held in the holding unit 105. And the threshold value matched with the said biometric information is increased, so that the elapsed time after a payer's biometric information is acquired becomes long.
  • control unit 103 when the control unit 103 obtains the similarity between the biometric information of the past payer and the biometric information of the current payer, the control unit 103 sets the similarity to a threshold associated with the biometric information of the past payer. In comparison, if the degree of similarity exceeds the threshold value, both are matched and the payment of electronic value is restricted. If the similarity is less than or equal to the threshold value, it is determined that the two do not match.
  • the elapsed time after the payer's biometric information is acquired may be employed.
  • the elapsed time after the payment related to the payer's biometric information is completed may be employed.
  • the elapsed time after the payment related to the payer's biometric information is completed may be employed.
  • the elapsed time after the payment related to the payer's biometric information is completed may be employed.
  • the elapsed time after the payment related to the payer's biometric information is completed may be employed. For example, after a product has been purchased at a store cash register, it is an action that can be taken by a general consumer to purchase an item placed next to the cash register. In this case, after completing the previous payment, tell the store clerk that you want to purchase additional items, check and enter the amount of the item, and wait until the consumer agrees to pay It is thought that it takes about 10 seconds.
  • the threshold may be changed as follows according to the elapsed time since the last payment was completed. That is, if the elapsed time is about several seconds, the threshold value is kept low, and the threshold value is raised for about several tens of seconds. Thereafter, the threshold value is rapidly decreased and then gradually increased.
  • the threshold value corresponding to the elapsed time may be changed as appropriate according to the behavior pattern of the customer layer of the provider and the behavior pattern of the unauthorized user.
  • the electronic value has been paid through the check by the payer's biometric information.
  • the operator is further confirmed from the viewpoint of further suppressing unauthorized use. To do.
  • every time the payment amount is transmitted to the thin client server it is confirmed whether or not the mobile terminal 101 is associated with the provider.
  • the operator checks each time payment is made.
  • the operator in addition to registering the biological information of the operator in steps S203 to S204, the operator is further required to register a settlement password.
  • the thin client server generates a payment password with an expiration date (typically only today).
  • the thin client server when the portable terminal 101 and the provider are linked, the thin client server generates a payment password and notifies the portable terminal 101 when the login is successful.
  • the portable terminal 101 displays the settlement password notified from the thin client server in the overview form 501 in step S205 to make the operator know.
  • the operator instead of tapping the next button 604 on the amount form 601, the operator inputs the payment password again, or the operator inputs the payment password again before and after detecting the payment consent action by the payer.
  • This is a method of confirming the identity of the operator by, for example.
  • steps S203 to S204 there is a method in which the portable device owned by the operator is detected and the operator's identity is confirmed by the identification number of the portable device.
  • the operator can put his / her portable device on the portable terminal 101 to show the payer a sample of the payment method, and at the same time can authenticate the operator using the portable device. .
  • the identity of the operator may be confirmed by the thin client server, or may be determined by the portable terminal 101 based on the settlement password stored in the portable terminal 101.
  • the payer has obtained payment consent by the action of touching the touch screen or the fingerprint sensor.
  • a smartphone or the like owned by the payer Use.
  • the operator's mobile terminal 101 to which the amount of payment has been input by the operator generates a one-time password for settlement.
  • the one-time password may be randomly generated each time, or a prepared one may be used as appropriate.
  • the mobile terminal 101 of the operator sends the payment amount and the one-time password to the display terminal such as the payer's smart phone or mobile phone by short-range communication such as Bluetooth (registered trademark) or infrared communication.
  • short-range communication such as Bluetooth (registered trademark) or infrared communication.
  • the payer's display terminal displays the received payment amount and the one-time password on the screen. Thereafter, if the payer agrees to pay the displayed amount, the payer performs an action of inputting the displayed one-time password into the mobile terminal 101 of the operator.
  • the check by the payer's biometric information can be used in the same manner as in the above aspect, but the identification information (MAC address, serial number, etc.) assigned to the payer's smartphone or mobile phone is used in the above aspect. It can also be used in place of the payer's biometric information.
  • the identification information MAC address, serial number, etc.
  • an unauthorized user must use a large amount of equipment corresponding to the “payer's smart phone or the like” to obtain an unauthorized withdrawal. Cannot be repeated. Therefore, unauthorized use can be suppressed.
  • the detection unit 109 of the mobile terminal 101 is not only for starting the program (step S206) but also for identifying the electronic property to be succeeded (step S208), and for consenting to the inheritance to the owner of the electronic property.
  • the detection unit 109 of the mobile terminal 101 is not only for starting the program (step S206) but also for identifying the electronic property to be succeeded (step S208), and for consenting to the inheritance to the owner of the electronic property.
  • the current position of the mobile terminal 101 is detected.
  • the history of the detected position is stored in a recording medium inside the mobile terminal 101. It is to be noted that the history of these locations is accumulated on the thin client server, the location where the electronic property is taken over is specified and recorded, and is transmitted to the distribution server or management server of the electronic money business operator. , Can increase the safety of electronic transactions.
  • a set of positions accumulated in the mobile terminal 101 and times when the positions are detected is recorded up to a predetermined upper limit.
  • the portable terminal 101 the position p 0 which is detected in time t 0, the position p 1, which is detected in time t 1, time t 2 position p 2, which is detected, ..., are detected in time t N-1 in a state where the position p N-1 is recorded, consider the situation where the position p N to the current one o'clock t N is detected. Then, when the upper limit of sets that can be recorded in the history is N, it is necessary to delete one set of unnecessary information.
  • the date and position set that can be approximated from the date and position set before and after that is considered to be unnecessary information.
  • a pair detected when the mobile terminal 101 is moving or stopped at a constant speed can be approximated from a pair of date and time and position before and after.
  • the portable terminal 101 the speed difference a 1, a 2, ..., a N-1
  • the mobile terminal 101 deletes the time t k and the position p k, t k + 1, t k + 2, ..., t N and p k + 1, t k + 2 , ..., a t N, a new t k, t k + 1, ..., t N-1 and p k, t k + 1, ..., and t N-1.
  • the number of sets stored in the mobile terminal 101 can be suppressed to a predetermined upper limit number or less.
  • the physical unit of each element at the position p i represented by a three-dimensional vector is a length (m, km, mile, etc.), and the physical unit of the date and time t i that is the added dimension is time ( In order to obtain the distance between the 4D position vector and the 4D line, it is necessary to align the units.
  • the physical unit of each element of the four-dimensional vector is aligned with the length by multiplying the date / time element by a moving speed threshold c described later.
  • p i (x i , y i , z i )
  • the component notation can be expressed as follows.
  • a point located position vector w i, a straight line passing through the two points located at the position vector w i-1, w i + 1, the distance h can be calculated as follows.
  • a point is appropriately described by a position vector of the point.
  • the area S of the triangle having vertices at three points w i-1 , w i , w i + 1 is the angle between two vectors w i-1 -w i , w i + 1 -w i as ⁇ .
  • 2S
  • ⁇ sin ⁇ Can be written.
  • the error due to approximation is expressed by the distance in the four dimensions, and by eliminating the set with the smallest error, the usefulness of the information in the history can be increased with an error that matches the assumed threshold of the moving speed. To be able to identify.
  • the mobile terminal 101 selects one with the smallest speed difference in the first half of the date, selects one with the smallest speed difference in the second half of the date, and erases the selected two, etc. It is an aspect.
  • the mobile terminal 101 calculates the latest moving speed of the mobile terminal 101 after limiting the number of records of the position recorded on the mobile terminal 101 and the history of the date and time when the position was detected to a predetermined upper limit number. To do.
  • the latest maximum speed max ⁇ v L , v L + 1 ,..., v M-1 ⁇ Etc. may be the latest movement speed v recent .
  • the moving speed threshold value c for determination can be appropriately determined according to the application field.
  • the shop opens at a destination such as an event
  • the program is started at a time before the threshold time D or more before the actual start of accounting, and the current position is detected, It is determined that the mobile terminal 101 is not moving. Even if it is determined that the mobile terminal 101 is moving, if the retry is repeated several times while taking time, the detection position and time are registered in the history. The restriction on payment by electronic value will be lifted.
  • the area where the mobile terminal 101 can be used can be easily limited based on the moving speed even at a store opening place such as an event.
  • the mobile terminal is a mobile terminal presented by the operator to the owner of the electronic property, and the mobile terminal executes the program, A detection unit for detecting the position of the mobile terminal; From the history of the detected position, it is estimated whether or not the mobile terminal is moving, and if it is estimated that the mobile terminal is moving, the electronic property from the owner to the operator It can be configured to include a control unit that restricts near-field communication with a portable device used for succession.
  • the set of the detected position and the date and time when the position is detected is accumulated up to a predetermined upper limit number in the mobile terminal,
  • a new position is detected by the detection unit, among the accumulated sets, the set with the smallest error approximated from the sets detected before and after the set is deleted, and the new position and the new position are deleted. It can be configured to store the date and time when a correct position was detected.
  • the accumulated pairs are arranged in the order of the date and time relating to the pair (p 0 , t 0 ), (p 1 , t 1 ), (p 2 , t 2 ), ..., (p N-1 , t N- 1 )
  • the difference in the speed of movement for each of the integers i 1, 2,..., N-2
  • a i
  • the error for the i-th set can be configured to be a i .
  • the controller is Whether or not the portable terminal is moving is calculated from the history of the detected position by calculating the latest moving speed of the portable terminal and comparing the estimated latest moving speed with a predetermined threshold.
  • the detected position and the date and time when the position is detected are transmitted to the server as the succeeded position and the date and time. Can be configured.
  • the server is A server that distributes a program to a mobile terminal presented by an operator to an owner of electronic property, and the mobile terminal executes the program, Detecting the position of the mobile terminal; From the history of the detected position, it is estimated whether the mobile terminal is moving, If it is estimated that the mobile terminal is moving, it can be configured to limit near-field communication with a portable device that is used for succession of the electronic property from the owner to the operator. .
  • the portable terminal presented by the operator to the owner of the electronic property executes the program, Detecting the position of the mobile terminal; From the history of the detected position, it is estimated whether the mobile terminal is moving, If it is estimated that the mobile terminal is moving, it can be configured to limit near-field communication with a portable device that is used for succession of the electronic property from the owner to the operator. .
  • the program according to this embodiment is a portable terminal presented by an operator to an owner of electronic property.
  • a detection unit for detecting the position of the mobile terminal From the history of the detected position, it is estimated whether or not the mobile terminal is moving, and if it is estimated that the mobile terminal is moving, the electronic property from the owner to the operator It can be configured to function as a control unit that restricts near-field communication with portable devices that are used for succession.
  • the portable terminal suitable for suppressing unauthorized use is executed on the portable terminal.
  • the server for distributing the program to be executed, the method for controlling the portable terminal, and the program can be provided.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A mobile terminal (101) presented to an electronic asset owner by an operator executes a program, and a detection unit (109) detects the location of the mobile terminal (101). From a history of detected locations of the mobile terminal (101), a control unit (103) estimates whether or not the mobile terminal (101) is moving, and if it is estimated that the mobile terminal (101) is moving, the control unit (103) restricts the near-field communication between the mobile terminal (101) and a portable device that allows the operator to inherit an electronic asset from the owner. The mobile terminal (101) can store a predetermined maximum number of combinations of a detected location and a detection date and time. When the detection unit (109) has detected a new location of the mobile terminal (101), the combination of the detected new location and the detection date and time is stored in the mobile terminal (101) as a new combination after deleting, from among the combinations currently stored in the mobile terminal (101), the combination that can be most closely approximated from the new combination.

Description

携帯端末、サーバ、制御方法、ならびに、プログラムPortable terminal, server, control method, and program
  本発明は、電子財産の所有者から当該電子財産を承継しようとする操作者が当該所有者に提示する携帯端末、当該携帯端末で実行されるプログラムを配布するサーバ、当該携帯端末の制御方法、ならびに、当該プログラムに関する。 The present invention provides a portable terminal that an operator who intends to take over the electronic property from the owner of the electronic property presents the owner, a server that distributes a program executed on the portable terminal, a method for controlling the portable terminal, And related to the program.
  対価を支払うことで商品やサービスの提供を受ける取引において、電子マネーを利用するシステムが種々提案されている。電子マネーシステムでは、現金を財布に入れて持ち歩くかわりに、可搬デバイス(財布に相当する。)に対応付けられ、電子情報により表現される電子マネーあるいは電子バリュー(財布の中の現金に相当する。)により、支払を行う。電子マネーあるいは電子バリューのような、現実世界の現金その他の財産に相当するもので、その価値を電子的に表現したものを、電子財産と呼ぶ。
  商品やサービスを購入するために電子マネーによって支払を行う際には、支払者が所有する電子財産の支払額相当分を、商品やサービスの提供者に承継させることになる。
  また、文書、動画、音楽、所有者の個人情報等の電子コンテンツも電子財産の一種である。電子コンテンツの所有者は、当該電子コンテンツを利用あるいは参照する権利を、当該電子コンテンツに対する対価を支払った者に許諾することができるが、この許諾を、電子財産の承継と解することができる。
  さらに、各種のイベントや興行のチケットや各種の回数券、金券等が電子的に取引される場合には、当該チケット、回数券、金券を表現した電子財産が承継されることになる。 Various systems using electronic money have been proposed in transactions in which goods and services are provided by paying consideration. In an electronic money system, instead of carrying cash in a wallet, it is associated with a portable device (corresponding to a wallet) and represented by electronic information or electronic value (corresponding to cash in the wallet) )) To make a payment. An electronic property such as electronic money or electronic value that is equivalent to real-world cash or other property and that represents the value electronically is called electronic property.
When paying with electronic money to purchase a product or service, the provider of the product or service inherits the amount equivalent to the payment amount of the electronic property owned by the payer.
Electronic contents such as documents, moving images, music, and personal information of owners are also a kind of electronic property. The owner of the electronic content can grant the right to use or refer to the electronic content to a person who has paid for the electronic content. This permission can be interpreted as succession of the electronic property.
Furthermore, when various events and entertainment tickets, various coupon tickets, cash vouchers, etc. are electronically traded, the electronic property representing the ticket, coupon ticket, or cash voucher is succeeded.
  電子バリューの支払の際には、支払者は、可搬デバイスを、商品やサービスの提供者が操作するリーダ/ライタに近接させることにより、短時間だけ翳して、可搬デバイスとリーダ/ライタの間でNFC(Near Field Communication;近接場通信)を確立し、この通信によって、可搬デバイスに対応付けられる電子バリューを、支払分だけ減少させる。NFCでは、可搬デバイスとリーダ/ライタは接触する必要はないが、距離を典型的には数mm程度まで近付ける必要がある。 When paying electronic value, the payer moves the portable device close to the reader / writer operated by the provider of the goods or services, so that he / she only touches the portable device and the reader / writer. NFC (Near Field Communication) is established between them, and through this communication, the electronic value associated with the portable device is reduced by the amount of payment. In NFC, the portable device and the reader / writer do not need to be in contact with each other, but the distance typically needs to be close to several millimeters.
  可搬デバイスとしては、キャッシュカードやクレジットカードにNFC用の電子回路を組み込んだものが広く使われている。この電子回路は、一般的には、リーダ/ライタから発せられるNFC用の電波による電磁誘導で生じる電力によって動作する。 Portable devices that use NFC electronic circuits in cash cards and credit cards are widely used. This electronic circuit generally operates by electric power generated by electromagnetic induction by NFC radio waves emitted from a reader / writer.
  一方、携帯電話やスマートフォンなどの携帯端末では、上記と同様にNFC用の電子回路を内部に組み込むものも広く利用されているほか、電話通信用のSIM(Subscriber Identity Card)カード内にNFC用の通信機能を設けたものも提案されている。これらの場合には、リーダ/ライタが発した電波を電力源とすることができるほか、携帯端末の本体が備えるバッテリから電力の供給を受けることができる。 On the other hand, mobile terminals such as mobile phones and smartphones are also widely used in the same way as above, which incorporates an NFC electronic circuit inside, as well as an NFC card in a SIM card for telephone communication (Subscriber Identity Card). A device provided with a communication function has also been proposed. In these cases, radio waves emitted from the reader / writer can be used as a power source, and power can be supplied from a battery included in the main body of the mobile terminal.
  ここで、携帯端末本体から電力供給を受けることが可能なNFC用の電子回路には、(a)当該電子回路に割り当てられたアカウントにおける電子バリューの出し入れを行うために可搬デバイスとして働くカードエミュレーションモード、(b)他の可搬デバイスに割り当てられた電子バリューに係る情報を処理し、リーダ/ライタとして機能するためのリーダ/ライタモード、(c)電子回路同士がメールアドレス等の種々のメッセージを送受するためのP2P(Peer To Peer)モードを持つことが多い。 Here, an electronic circuit for NFC that can receive power supply from the mobile terminal main body includes (a) card emulation that works as a portable device to carry in and out electronic value in the account assigned to the electronic circuit Mode, (b) Reader / writer mode for processing information related to electronic value assigned to other portable devices and functioning as a reader / writer, (c) Various messages such as e-mail addresses between electronic circuits In many cases, it has a P2P (Peer To Peer) mode for sending and receiving.
  すなわち、携帯電話やスマートフォン等の携帯端末は、電子マネーの財布として機能することができるほか、リーダ/ライタとして機能することも可能である。この機能を利用して、携帯端末を電子マネーシステムのリーダ/ライタとして機能させ、電子マネーカードを携帯端末に近接させて通信を確立することにより、電子マネーカードから電子バリューの支払をさせる技術が提案されている(特許文献1段落0072、0073参照)。 That is, a mobile terminal such as a mobile phone or a smartphone can function as a wallet for electronic money, or can function as a reader / writer. Using this function, there is a technology for paying electronic value from an electronic money card by making the mobile terminal function as a reader / writer of an electronic money system and establishing communication by bringing the electronic money card close to the mobile terminal. It has been proposed (see Patent Document 1, paragraphs 0072 and 0073).
  この機能によれば、個人営業の商店にて、店主が電話通話用に使用している携帯端末を、電子マネーシステムのリーダ/ライタとして機能させることで、設備投資のコストを抑制しつつ、客から電子バリューによる支払を受けることができるようになる。この際には、店主は、電子マネー事業者の配布サーバ等から携帯端末用のプログラムをダウンロードして、当該プログラムを携帯端末で実行することになる。 According to this function, at a privately-operated store, the mobile terminal used by the store owner for telephone calls can function as a reader / writer for the electronic money system, while reducing the cost of capital investment. Will be able to receive electronic value payments. At this time, the store owner downloads the program for the portable terminal from the distribution server or the like of the electronic money business operator and executes the program on the portable terminal.
  このほか、劇場や野球場など各種の娯楽施設においては、観客席の間を売り子が歩きまわり、飲食物やパンフレットなどを販売する態様がとられている。そこで、販売者が旧機種の安価なスマートフォンを大量に購入して、上記プログラムをインストールして動作させ、売り子に操作させれば、観客は電子マネーによる支払が可能となる。
  また、各種の電子チケットや電子回数券、電子前売券などは、観客や利用者が所有する電子財産として把握され、実際に興行を見たり、商品やサービスの提供を受ける際に、商品等の提供者が所有者から承継した上で無効化することによって再利用ができなくなる。したがって、スマートフォンによる電子チケット等の承継が可能となると、さまざまな場面で電子チケット等が利用できるようになる。 In addition, in various amusement facilities such as a theater and a baseball stadium, a salesperson walks between spectator seats and sells food and drinks, pamphlets and the like. Therefore, if the seller purchases a large number of inexpensive smartphones of the old model, installs and operates the above program, and operates the seller, the audience can pay with electronic money.
In addition, various electronic tickets, electronic coupon tickets, electronic advance tickets, etc. are grasped as electronic property owned by the audience and users, and when actually seeing performance or receiving products or services, If the provider succeeds from the owner and disables it, it cannot be reused. Therefore, when it is possible to succeed an electronic ticket or the like by a smartphone, the electronic ticket or the like can be used in various scenes.
  しかしながら、各種の携帯端末が各種の電子財産用のリーダ/ライタとして利用できるようになると、安易な不正使用がされる可能性がある。たとえば、リーダ/ライタとして動作する携帯端末を、街中の人込みやバスや電車等の公共交通機関内で、他人の鞄に近付けて、鞄内の可搬デバイスから電子財産を盗み取る等である。これに対応するため、特許文献2では、携帯端末の位置や傾きなどを参照して、不正利用を抑制する技術が提案されている。 However, if various portable terminals can be used as various electronic property readers / writers, there is a possibility of easy unauthorized use. For example, a portable terminal that operates as a reader / writer is brought close to someone else's bag in a public transport such as a crowded city bus or train, and electronic property is stolen from a portable device in the bag. . In order to cope with this, Patent Document 2 proposes a technique for suppressing unauthorized use by referring to the position and inclination of the mobile terminal.
特開2013-140453号公報JP 2013-140453 Gazette 特許第5985103号公報Japanese Patent No. 5985103
  しかしながら、このような不正使用を抑制するための新たな技術が、強く求められている。
  本発明は、上記の課題を解決しようとするもので、電子財産の所有者から当該電子財産を承継しようとする操作者が当該所有者に提示する携帯端末において、不正使用を抑制するのに好適な携帯端末、当該携帯端末で実行されるプログラムを配布するサーバ、当該携帯端末の制御方法、ならびに、当該プログラムを提供することを目的とする。 However, there is a strong demand for new techniques for suppressing such unauthorized use.
The present invention is intended to solve the above-described problem, and is suitable for suppressing unauthorized use in a portable terminal presented to the owner by an operator who intends to succeed the electronic property from the owner of the electronic property. An object is to provide a portable terminal, a server for distributing a program executed on the portable terminal, a control method for the portable terminal, and the program.
  本発明においては、携帯端末は、電子財産の所有者へ操作者により提示され、携帯端末であって、当該携帯端末はプログラムを実行することにより、
  前記携帯端末の位置を検知し、
  前記検知された位置の履歴から、前記携帯端末が移動中であるか否かを推測し、
  前記携帯端末が移動中であると推測されれば、前記所有者から前記操作者への前記電子財産の承継に供される可搬デバイスとの近接場通信を制限する。
  当該プログラムは、サーバから携帯端末へ一時的な伝送媒体を介して配布することができるほか、非一時的なコンピュータ読取可能な情報記録媒体に記録して、当該情報記録媒体を配布することにより、携帯端末へインストールすることも可能である。 In the present invention, the mobile terminal is presented to the owner of the electronic property by the operator and is a mobile terminal, and the mobile terminal executes a program,
Detecting the position of the mobile terminal;
From the history of the detected position, it is estimated whether the mobile terminal is moving,
If it is estimated that the portable terminal is moving, near field communication with a portable device used for succession of the electronic property from the owner to the operator is restricted.
The program can be distributed from the server to the mobile terminal via a temporary transmission medium, or recorded on a non-temporary computer-readable information recording medium, and the information recording medium is distributed, It can also be installed on a mobile terminal.
本発明の実施例に係る携帯端末の概要を示す説明図である。It is explanatory drawing which shows the outline | summary of the portable terminal which concerns on the Example of this invention. 本発明の実施例に係る携帯端末にて実行される処理の流れを示すフローチャートである。It is a flowchart which shows the flow of the process performed with the portable terminal which concerns on the Example of this invention. 提供者がシンクライアント用サーバにログインするための入力フォームの表示例である。It is a display example of the input form for the provider to log in to the server for the thin client. 操作者が生体情報を登録するための指紋登録フォームの表示例である。It is a display example of a fingerprint registration form for an operator to register biometric information. 生体情報が保持される保持部の態様を説明するための説明図である。It is explanatory drawing for demonstrating the aspect of the holding | maintenance part by which biometric information is hold | maintained. 生体情報が保持される保持部の他の態様を説明するための説明図である。It is explanatory drawing for demonstrating the other aspect of the holding | maintenance part by which biometric information is hold | maintained. ログインおよび登録の概要を示すための概要フォームの表示例である。It is a display example of the outline | summary form for showing the outline | summary of login and registration. 支払に係る電子バリューの額の入力を求める金額フォームの表示例である。It is an example of a display of the amount form which requires input of the amount of electronic value concerning payment. 支払に同意するアクションをとることを支払者に求める支払確認フォームの表示例である。It is a display example of a payment confirmation form that asks the payer to take an action to agree to payment. 可搬デバイスとのNFCを開始しようとする旨を表す通信フォームの表示例である。It is a display example of the communication form showing that it is going to start NFC with a portable device. 端末ハードウェアの裏側の様子を示す説明図である。It is explanatory drawing which shows the mode of the back side of terminal hardware. 端末ハードウェアに可搬デバイスを近付けた様子を示す説明図である。It is explanatory drawing which shows a mode that the portable device was brought close to terminal hardware. 電子バリューの支払が完了した旨を表すメッセージフォームの表示例である。It is a display example of the message form showing that payment of electronic value was completed. 電子バリューの残額が不足している旨を表す通信フォームの表示例である。It is a display example of the communication form showing that the balance of electronic value is insufficient. 高いレベルの確認を支払者に求める支払確認フォームの表示例である。It is a display example of the payment confirmation form which asks a payer for a high level confirmation. 電子バリューの支払ができない旨を表すメッセージフォームの表示例である。It is a display example of the message form showing that electronic value cannot be paid.
  以下に本発明の実施形態を説明する。なお、本実施形態は説明のためのものであり、本願発明の範囲を制限するものではない。したがって、当業者であればこれらの各要素もしくは全要素をこれと均等なものに置換した実施形態を採用することが可能であるが、これらの実施形態も本発明の範囲に含まれる。
  特に以下では、理解を容易にするため、電子財産として電子バリュー(あるいは電子マネー)の支払いを行うための電子マネーシステムを例として取り上げるが、この例を各種の電子財産を所有者から他者へ承継させる実施形態に適用することは当業者には自明であり、当該実施形態も本発明の範囲に含まれる。 Embodiments of the present invention will be described below. In addition, this embodiment is for description and does not limit the scope of the present invention. Therefore, those skilled in the art can employ embodiments in which each or all of these elements are replaced with equivalent ones, and these embodiments are also included in the scope of the present invention.
In particular, in the following, for ease of understanding, an electronic money system for paying electronic value (or electronic money) as an electronic property will be taken as an example. This example shows various electronic properties from the owner to others. It is obvious to those skilled in the art to apply to the inherited embodiment, and the embodiment is also included in the scope of the present invention.
  電子マネーシステムにおける電子バリューは、現金に類する価値を有する電子財産である。電子バリューは、現金と相互もしくは一方から他方へ交換が可能なように、同じ通貨単位で管理されることもあるし、独自の単位を採用して交換の際に換算することもある。また、ユーザのアクション(商品の購入やアンケートへの回答、店舗への来店等)に応じて付与される各種のポイントを、電子バリューとして利用することも可能である。 電子 Electronic value in an electronic money system is an electronic property having a value similar to cash. Electronic value may be managed in the same currency unit so that it can be exchanged with cash or from one side to the other, or it may be converted at the time of exchange using an original unit. It is also possible to use various points given in accordance with user actions (purchasing products, answering questionnaires, visiting stores, etc.) as electronic value.
  本実施例は、ストアドバリュー(stored-value)型と呼ばれる電子マネーシステムに適用が可能である。ストアドバリュー型システムでは、ユーザが取引において対価として支払うことが可能な電子バリュー(「残高」とも称される。)を、電子回路を組み込んだカードや携帯電話、スマートフォンなどの各種の可搬デバイスに対応付けて管理する。 This embodiment can be applied to an electronic money system called a stored-value type. In a stored value system, electronic value (also called “balance”) that users can pay for in transactions is transferred to various portable devices such as cards, mobile phones, and smartphones that incorporate electronic circuits. Manage in association.
  ストアドバリュー型システムでは、可搬デバイスが有する電子回路に、利用可能な電子バリューの数値を記憶させるのが一般的である。この態様は、財布に現金が入っている状態に相当する。以下では、可搬デバイスに対応付けられるバリューを、「財布の中に残っている現金」になぞらえて、「残存バリュー(remaining value)」と呼ぶ。 In a stored value type system, it is common to store a numerical value of available electronic value in an electronic circuit of a portable device. This aspect corresponds to a state where cash is in the wallet. Hereinafter, the value associated with the portable device will be referred to as “remaining value” in comparison with “cash remaining in the wallet”.
  商品やサービスの提供者は、可搬デバイスと通信可能なリーダ/ライタを利用することにより、ユーザからの対価の支払を受け付ける。ユーザが可搬デバイスをリーダ/ライタに翳すと、可搬デバイスとリーダ/ライタの通信が可能となり、リーダ/ライタから可搬デバイスへ、各種のコマンドを送信すると、そのコマンドの実行結果が可搬デバイスからリーダ/ライタへ送信される。 A product or service provider accepts payment for a user by using a reader / writer that can communicate with a portable device. When the user places the portable device on the reader / writer, communication between the portable device and the reader / writer becomes possible. When various commands are sent from the reader / writer to the portable device, the execution result of the command is available. Sent from the portable device to the reader / writer.
  たとえば、問い合わせコマンドを利用することにより、実行結果として、現在可搬デバイスに対応付けられている残存バリューの数値を取得することができる。 For example, by using an inquiry command, it is possible to acquire the numerical value of the remaining value currently associated with the portable device as the execution result.
  減少コマンドでは、当該コマンドに指定された電子バリューだけ、可搬デバイスに対応付けられている残存バリューを減少させる。これは、財布から現金を取り出したことに対応する。すなわち、減少コマンドは、商品やサービスの提供を受ける取引において、対価を支払う際、すなわち「課金」の際に利用される。以下では、減少コマンドに指定される電子バリューを、「対価バリュー(price value)」と呼ぶ。 In the wrinkle reduction command, the remaining value associated with the portable device is decreased by the electronic value specified in the command. This corresponds to taking out cash from the wallet. In other words, the decrease command is used when paying a consideration, that is, “billing” in a transaction for receiving provision of goods or services. Hereinafter, the electronic value specified in the decrease command is referred to as “price value”.
  増加コマンドは、当該コマンドに指定された電子バリューだけ、可搬デバイスに対応付けられている残存バリューを増加させる。これは、財布に現金を入れることに対応する。増加コマンドは、たとえば店頭で、ユーザが店員に現金を支払うかわりに、当該現金に相当する電子バリューを可搬デバイスにチャージする際に利用される。 The heel increase command increases the remaining value associated with the portable device by the electronic value specified in the command. This corresponds to putting cash in the wallet. The increase command is used, for example, when a user charges a portable device with electronic value corresponding to the cash instead of paying cash to the store clerk at the store.
  なお、可搬デバイスが、インターネット等のコンピュータ通信網を介した通信を行う機能を有する場合には、可搬デバイス内で動作するアプリケーションが、コンピュータ通信網を介して送られたコマンドに呼応して、可搬デバイスに対応付けられる残存バリューの取得や増減を行うことも可能である。この場合には、リーダ/ライタを利用せずに、対価の支払や残存バリューのチャージが可能となる。 When the portable device has a function of performing communication via a computer communication network such as the Internet, an application that operates in the portable device responds to a command sent via the computer communication network. It is also possible to acquire or increase / decrease the residual value associated with the portable device. In this case, it is possible to pay the price and charge the remaining value without using the reader / writer.
  減少コマンドや増加コマンドなどで、電子バリューの増減が行われる、ということは、支払者と提供者との間でバリューの移動が起きたことを意味する。提供者は、このバリューの移動の情報を、電子マネーの管理サーバに伝達する。電子マネーの管理サーバは、電子マネーサービス全体の運営者により運営されている。電子マネーの管理サーバに蓄積された決済情報を合算すれば、提供者がその期間内に得た、あるいは、失った電子バリューの総額が得られる。 The fact that the electronic value is increased or decreased by a decrease command or an increase command means that a value transfer has occurred between the payer and the provider. The provider transmits this value transfer information to the electronic money management server. The electronic money management server is operated by an operator of the entire electronic money service. If the payment information stored in the electronic money management server is added up, the total amount of electronic value that the provider has obtained or lost within that period can be obtained.
  提供者は、電子バリューを獲得しているのであれば、運営者から現金等に交換して手に入れることができる。一方、電子バリューを失っているのであれば、提供者は、運営者に対して、当該電子バリューに対する現金等の支払いをする責務を負う。 If the provider has acquired electronic value, it can be obtained by exchanging cash from the operator. On the other hand, if the electronic value is lost, the provider is responsible for paying the operator cash or the like for the electronic value.
  なお、提供者と、電子マネーサービス全体の運営者と、の間に、中間的な業者が介在することもある。この業者は、電子マネーサービスの事業者と呼ばれ、提供者が電子バリューによる支払を受けるために必要なインフラストラクチャの準備や電子バリューの取扱いについての助言やサポートを行う。本実施例では、電子バリューの支払を受けるために、提供者が用意した携帯電話やスマートフォン等の携帯端末をリーダ/ライタとして利用するが、携帯端末をリーダ/ライタとして機能させるためのプログラムは、運営者や事業者が用意した配布サーバ等が携帯端末に配布する。 It should be noted that an intermediate trader may be interposed between the provider and the operator of the entire electronic money service. This company is called an electronic money service provider, and provides advice and support for the provision of infrastructure and handling of electronic value necessary for the provider to receive payment by electronic value. In this embodiment, in order to receive payment of electronic value, a mobile terminal such as a mobile phone or a smartphone prepared by a provider is used as a reader / writer, but a program for causing the mobile terminal to function as a reader / writer is A distribution server or the like prepared by an operator or business operator distributes it to mobile terminals.
  本実施例では、リーダ/ライタとして機能する携帯端末と、その通信可能範囲に入っている可搬デバイスと、の通信にはNFCを採用するが、赤外線通信やBluetooth(登録商標)を採用してもよい。 In this embodiment, NFC is used for communication between a portable terminal functioning as a reader / writer and a portable device within the communicable range, but infrared communication or Bluetooth (registered trademark) is used. Also good.
  なお、本実施例は、サーババリュー方式と呼ばれる電子マネーシステムに適用することも可能である。サーババリュー方式では、可搬デバイスからは、電子バリューの財布に相当するアカウントの識別情報が取得され、運営者もしくは事業者のサーバ内において、当該アカウントと、当該アカウントにおける残存バリューと、が管理される。すなわち、サーババリュー方式では、可搬デバイスは、アカウントを識別するための識別タグとして機能するが、残存バリューそのものを記憶することはない。 Note that the present embodiment can also be applied to an electronic money system called a server value method. In the server value method, identification information of an account corresponding to a wallet of electronic value is acquired from a portable device, and the account and the remaining value in the account are managed in the server of the operator or operator. The That is, in the server value method, the portable device functions as an identification tag for identifying an account, but does not store the remaining value itself.
  さて、本実施例では、いわゆるシンクライアント方式を想定する。シンクライアント方式では、携帯端末は、リーダ/ライタならびに各種の情報のやりとりを人間と行うユーザインターフェースとして機能し、可搬デバイスとのコマンドの送受は、シンクライアント用サーバにより制御される。このシンクライアント用サーバは、提供者自身が用意したものであっても良いし、事業者が提供者に利用権を設定したものであっても良い。シンクライアント用サーバは、提供者における電子バリューの出納の役割を担う。シンクライアント用サーバと運営者の間では定期的に、典型的には一日に一回、管理情報の交換がなされ、提供者が所有する電子バリューの総額が求められることになる。 In the present embodiment, a so-called thin client method is assumed. In the thin client system, the mobile terminal functions as a user interface for exchanging various information with a reader / writer and a human, and transmission / reception of commands to / from the portable device is controlled by a thin client server. This thin client server may be prepared by the provider itself, or may be one in which the business operator has set a usage right for the provider. The thin client server plays a role of depositing and outputting electronic value in the provider. Management information is exchanged between the thin client server and the operator regularly, typically once a day, and the total amount of electronic value owned by the provider is required.
  ただし、本実施例は、いわゆるリッチクライアント方式にも適用が可能である。シンクライアント方式では、携帯端末は、可搬デバイスとサーバとの通信の中継を行うとともに、ユーザとのインタラクションを担うが、リッチクライアント方式では、携帯端末が、さらに、サーバとしての役割も果たすことになる。すなわち、携帯端末が、可搬デバイスとのコマンド送受の吟味を行うとともに、運営者との定期的な通信も担うこととなる。 However, this embodiment can also be applied to a so-called rich client system. In the thin client method, the portable terminal relays communication between the portable device and the server and is responsible for interaction with the user. In the rich client method, the portable terminal further serves as a server. Become. That is, the mobile terminal examines command transmission / reception with the portable device, and also bears regular communication with the operator.
  本実施例の携帯端末は、スマートフォンや携帯電話などのハードウェアを利用することもできるし、専用の電子回路により構成することも可能であるし、プログラムをコンピュータに実行させることにより実現することも可能である。このほか、コンピュータと専用電子回路の中間形態として、プログラムを電子回路の設計スクリプトにコンパイルして、当該設計スクリプトに基づいて電子回路を動的に構成するFPGA(Field Programmable Gate Array)などの技術を適用することにより、本実施例の携帯端末を構成することも可能である。 The mobile terminal of this embodiment can use hardware such as a smartphone or a mobile phone, can be configured by a dedicated electronic circuit, or can be realized by causing a computer to execute a program. Is possible. In addition, as an intermediate form between a computer and a dedicated electronic circuit, a technology such as FPGA (Field Programmable Gate Array) that compiles a program into an electronic circuit design script and dynamically configures the electronic circuit based on the design script. By applying, it is possible to configure the portable terminal of this embodiment.
  本実施例の携帯端末においては、携帯端末の操作者(提供者や、提供者に雇用された者のほか、提供者から携帯端末を盗み出した者も含む。)による不正行為をできるだけ防止するため、種々の技術を利用する。以下では、まず、これらの技術を概説する。 In the portable terminal of the present embodiment, in order to prevent as much as possible unauthorized acts by the operator of the portable terminal (including the provider, the person hired by the provider, and the person who steals the portable terminal from the provider). Utilize various technologies. In the following, first, these techniques will be outlined.
  第1の技術は、電子バリューの支払者の生体情報を用いるものである。一般に電子バリューによる支払では、携帯端末の所定の部位にタッチする等のアクションを支払者に求めて、支払に同意する旨の意思の確認を行う。しかしながら、物品の販売の現場では、同じ支払者が連続して支払に同意する状況は極めて稀である。一方、不正行為者は、不正行為により他人の電子バリューを盗み出すため、繰り返し上記のアクションをとると考えられる。 The first technology uses the biometric information of electronic value payers. In general, in payment by electronic value, the payer is requested to take an action such as touching a predetermined part of the mobile terminal, and the intention to agree to the payment is confirmed. However, in the field of goods sales, it is extremely rare that the same payer agrees to pay continuously. On the other hand, it is considered that a fraudulent person repeatedly takes the above-mentioned action in order to steal another person's electronic value through fraud.
  本技術では、支払者の生体情報を取得して、過去の支払者と同一人と推定される者に対しては、不正行為の可能性があると判断して、電子マネーの支払が一切できないようにする、あるいは、他の高いレベルのチェックを通過しない限り電子マネーの支払はできないようにする。 With this technology, it is determined that there is a possibility of fraudulent behavior for a person who is assumed to be the same person as the past payer by acquiring the payer's biometric information and cannot pay electronic money at all Or make it impossible to pay electronic money unless it passes other high-level checks.
  第2の技術では、携帯端末の傾きを用いる。一般に、カード型の可搬デバイスを用いて電子バリューの支払を行う際には、カードの表面もしくは裏面が支払者に見えるような向きで、NFC用の電子回路に可搬デバイスを近接させるのが一般的である。一方、携帯電話やスマートフォン等の携帯端末は、板状の形状を持つことが多く、板の表面もしくは裏面にNFC用の電子回路が配置されている。 The second technology uses the tilt of the mobile device. In general, when paying electronic value using a card-type portable device, the portable device is placed close to the NFC electronic circuit so that the payer can see the front or back of the card. It is common. On the other hand, mobile terminals such as mobile phones and smartphones often have a plate shape, and electronic circuits for NFC are arranged on the front or back surface of the plate.
  そこで、携帯端末の表面ならびに裏面が水平面に略平行である場合に限って、携帯端末を介した電子バリューの支払を受けることができるようにするのである。この技術によれば、不正行為者が電子バリューを盗み出すために他人の鞄等に携帯端末を近付ける際には、鞄の底に平行になるように携帯端末を近付けることとなる。このときの不正行為者の姿勢は不自然で目立つ。したがって、不正行為を抑制することができると考えられる。 Therefore, only when the front surface and the back surface of the mobile terminal are substantially parallel to the horizontal plane, the electronic value can be paid through the mobile terminal. According to this technology, when a fraudster approaches a portable terminal to another person's bag in order to steal electronic value, the portable terminal is moved closer to the bottom of the bag. The attitude of the fraudster at this time is unnatural and conspicuous. Therefore, it is considered that fraud can be suppressed.
  第3の技術は、電子バリューによる支払がされる際に、可聴音、可視光、もしくは、振動により、その旨を、支払者等携帯端末の周囲にいる人に通知するというものである。ここで行われる通知は、最大音量、最大光量、最大振動で行われることが望ましい。この通知により、可搬デバイスの所有者に、当該可搬デバイスのアカウントから電子バリューが支払われることを警告するのである。この通知は、電子バリューの支払前(たとえば、支払者に同意のアクションを促している間)、支払中(たとえば、近傍の可搬デバイスをNFCチップが検索している間)、支払後(たとえば、支払が成功し、可搬デバイスをしまっても良い状態となった後)のいずれに行うのでも良い。 The third technique is to notify a person around the portable terminal such as a payer by audible sound, visible light, or vibration when paying with electronic value. The notification performed here is desirably performed with the maximum volume, the maximum light amount, and the maximum vibration. By this notification, the owner of the portable device is warned that the electronic value will be paid from the account of the portable device. This notification can be sent before payment of electronic value (e.g. while prompting the payer for consent), during payment (e.g. while NFC chip searches for nearby portable devices), after payment (e.g. , After payment is successful and the portable device is ready to go.
  第4の技術では、携帯端末を介した支払に場所の制限を設ける。すなわち、当該携帯端末が、特定の地域内になければ、電子バリューの支払がされないようにする。個人経営の店舗ではその店舗内に利用可能地域を限定し、劇場や球場等ではその施設内に利用可能地域を限定することにより、携帯端末が盗み出された場合であっても、利用可能地域から離れれば、不正行為はできなくなる。なお、各種イベントに出店する等のために利用可能地域から離れた場合には、利用地域の再登録を行うか、高いレベルのチェックを通過することで、電子マネーの支払ができるようにしても良い。また、後述する実施例で明らかにするように、利用可能地域をあらかじめ設定していない場合であっても、携帯端末の位置の履歴に基づいて不正行為を防止することが可能である。 In the fourth technology, place restrictions on payments via mobile devices. That is, if the mobile terminal is not in a specific area, the electronic value is not paid. Even if a mobile device is stolen by limiting the available area in the store at a privately managed store and limiting the available area in the facility at a theater or stadium, etc. If you leave, cheating is impossible. If you are away from the available area due to opening a store for various events, you can re-register the area or pass the high level check so that you can pay electronic money. good. Further, as will be clarified in an embodiment described later, even if the usable area is not set in advance, it is possible to prevent fraud based on the history of the position of the mobile terminal.
  これらの技術は、単独で利用しても良いし、適宜組み合わせても良い。以下では、これらの技術の詳細についても詳細に説明する。 技術 These techniques may be used alone or in appropriate combination. In the following, details of these techniques will also be described in detail.
  図1は、本発明の実施例に係る携帯端末の概要を示す説明図である。以下、本図を参照して説明する。 FIG. 1 is an explanatory diagram showing an outline of a mobile terminal according to an embodiment of the present invention. Hereinafter, a description will be given with reference to FIG.
  本実施例に係る携帯端末101は、電子マネーシステムの事業者や運営者がサーバから配布したプログラムをスマートフォンや携帯電話等の端末ハードウェアにダウンロードすることによって実現される。 The mobile terminal 101 according to the present embodiment is realized by downloading a program distributed from a server by an electronic money system operator or operator to terminal hardware such as a smartphone or a mobile phone.
  一般に、端末ハードウェアで実行されるプログラムは、コンパクトディスク、フレキシブルディスク、ハードディスク、光磁気ディスク、ディジタルビデオディスク、磁気テープ、ROM(Read Only Memory)、EEPROM(Electrically Erasable Programmable ROM)、フラッシュメモリ、半導体メモリ等のコンピュータ読み取り可能な非一時的(non-transitory)情報記録媒体に記録することができる。この情報記録媒体は、端末ハードウェアとは独立して配布・販売することもできる。 Generally, programs executed on terminal hardware are compact disk, flexible disk, hard disk, magneto-optical disk, digital video disk, magnetic tape, ROM (Read (Only Memory), EEPROM (Electrically Erasable Programmable ROM), flash memory, semiconductor It can be recorded on a computer-readable non-transitory information recording medium such as a memory. This information recording medium can also be distributed and sold independently of the terminal hardware.
  端末ハードウェアでは、フラッシュメモリ等の非一時的(non-transitory)情報記録媒体に記録されたプログラムを、一時的(temporary)記憶装置であるRAM(Random Access Memory)に読み出してから、読み出されたプログラムに含まれる指令をCPU(Central Processing Unit)が実行する。ただし、ROMとRAMを一つのメモリ空間にマッピングして実行することが可能なアーキテクチャでは、ROMに格納されたプログラムに含まれる指令を、直接CPUが読み出して実行する。 In terminal hardware, a program recorded in a non-transitory information recording medium such as a flash memory is read after being read into RAM (Random Access Memory), which is a temporary storage device. CPU (Central Processing Unit) executes the commands included in the program. However, in an architecture in which ROM and RAM can be mapped and executed in a single memory space, the CPU directly reads and executes instructions included in the program stored in ROM.
  さらに、上記のプログラムは、プログラムが実行されるコンピュータとは独立して、コンピュータ通信網等の一時的(transitory)伝送媒体を介して、事業者が管理する配布サーバや管理サーバ等から端末ハードウェア等へ配布・販売することができる。 Further, the above-mentioned program may be connected to a terminal hardware from a distribution server or a management server managed by an operator via a transitory transmission medium such as a computer communication network independently of a computer on which the program is executed. It can be distributed and sold to etc.
  ここで、携帯端末101は、取得部102、制御部103を備える。また、省略可能な要素として、プロンプト部104、保持部105、消去部106、通知部107、設定部108、検知部109を備える。以下、各部の動作について概説する。 携 帯 Here, the mobile terminal 101 includes an acquisition unit 102 and a control unit 103. Further, a prompt unit 104, a holding unit 105, an erasing unit 106, a notification unit 107, a setting unit 108, and a detection unit 109 are provided as optional elements. The operation of each part will be outlined below.
  取得部102は、これから電子マネーの支払をしようとする支払者の生体情報を取得する。生体情報としては、支払者の指紋、声紋、顔の形状、網膜の形状、虹彩の形状などを用いることができる。生体情報は、端末ハードウェアが備える指紋センサ、タッチパネル、マイク、カメラなどを利用して取得される。 The bag acquisition unit 102 acquires biometric information of a payer who intends to pay electronic money. As the biometric information, a payer's fingerprint, voiceprint, face shape, retina shape, iris shape, or the like can be used. The biometric information is acquired using a fingerprint sensor, a touch panel, a microphone, a camera, or the like included in the terminal hardware.
  プロンプト部104は、支払に同意するためのアクションをすることを支払者に促すメッセージを出力する。当該メッセージは、端末ハードウェアが備えるCPUの制御の下、端末ハードウェアが備えるタッチスクリーン等の表示装置に表示されるが、端末ハードウェアが備えるスピーカ等から音声によりアクションを促すこととしても良い。 Prompt unit 104 outputs a message prompting the payer to take an action to agree to the payment. The message is displayed on a display device such as a touch screen included in the terminal hardware under the control of the CPU included in the terminal hardware. However, the action may be urged by voice from a speaker or the like included in the terminal hardware.
  アクションとしては、タッチスクリーンに表示されたボタンを支払者にタッチさせたり、支払者に声で支払に同意する旨を言わせるなどが考えられる。ここで、支払者が行うアクションから生体情報を取得すれば、支払者の心理的な抵抗が少なくなり、取引がスムースに進むと考えられる。また、生体情報を取得する処理とアクションを求める処理とを別々に行う態様に比べて、支払者の手間を削減できる。 As the action, it is possible to make the payer touch the button displayed on the touch screen, or to make the payer agree to the payment by voice. Here, if the biometric information is acquired from the action performed by the payer, it is considered that the psychological resistance of the payer is reduced and the transaction proceeds smoothly. Moreover, compared with the aspect which performs separately the process which acquires biometric information, and the process which calculates | requires an action, a payer's effort can be reduced.
  たとえば、生体情報として指紋を採用する場合には、支払に同意する場合には、端末ハードウェアが有する指紋センサにタッチするよう支払者に促し、指紋センサから指紋が取得できたことをもって、アクションがされたものとみなす。このほか、端末ハードウェアが有するタッチスクリーンから支払者の指紋を取得しても良い。 For example, when fingerprints are adopted as biometric information, when consenting to payment, the payer is prompted to touch the fingerprint sensor of the terminal hardware, and the action can be taken when the fingerprint is acquired from the fingerprint sensor. It is considered that it was done. In addition, the payer's fingerprint may be acquired from a touch screen of the terminal hardware.
  生体情報として音声を採用する場合には、支払に同意する旨の支払者の発声を端末ハードウェアが有するマイクにより取得して、当該発声を音声認識した結果からアクションがされたか否かを判定するとともに、アクションがされた場合には、当該発声から声紋を取得する。 When voice is adopted as the biometric information, the utterance of the payer that consents to the payment is acquired by the microphone of the terminal hardware, and it is determined whether or not an action has been taken from the result of voice recognition of the utterance. At the same time, when an action is taken, a voiceprint is acquired from the utterance.
  生体情報として顔の形状、網膜の形状、虹彩の形状を採用する場合には、端末ハードウェアの自分撮影用のカメラを利用することができる。この態様では、表示装置には、カメラで撮影されている画像を映すほか、ガイドとなる枠線の図形を映す。そして、支払に同意するのであれば、撮影された支払者の顔や瞳の輪郭が、ガイドの枠線にほぼ一致するように、端末ハードウェアや支払者の顔を移動させた後、所定時間(数秒程度)その姿勢を維持するアクションをとるよう、支払者に促す。アクションが完了したときには、顔や網膜、虹彩の形状も取得されたことになる。 採用 When adopting a face shape, a retina shape, or an iris shape as biological information, a camera for self-photographing of terminal hardware can be used. In this aspect, the display device displays an image photographed by the camera, and also displays a figure of a frame that serves as a guide. And if you agree with payment, move the terminal hardware or payer's face so that the contour of the photographed payer's face and eyes almost match the border of the guide, then for a predetermined time Encourage the payer to take action to maintain that position (several seconds). When the action is completed, the shape of the face, retina, and iris are also acquired.
  なお、本実施例では、センサやマイク、カメラにより取得された画像や音声の情報をそのまま生体情報とするのではなく、これらの情報から抽出された特徴量を生体情報とする。これにより、プライバシーの観点でより好適なシステムが実現される。なお、取得された画像や音声の情報から特徴量を抽出する処理は、端末ハードウェアが有するCPU、もしくは、生体情報処理のための専用チップなどを利用して行われ、そのような抽出処理には、公知の技術が採用されても良い。 In this embodiment, image and sound information acquired by a sensor, a microphone, and a camera are not used as biometric information as they are, but feature values extracted from these pieces of information are used as biometric information. Thereby, a more suitable system is realized from the viewpoint of privacy. Note that the process of extracting feature quantities from the acquired image and audio information is performed using a CPU of the terminal hardware or a dedicated chip for biometric information processing. A known technique may be employed.
  保持部105には、過去に取得された支払者の生体情報が、所定期間もしくは所定個数保持される。このほか、保持部105には、店員や売子等、端末ハードウェアを操作する操作者の生体情報を、別途保持させることとしても良い。保持部105は、不揮発な非一時的な記憶装置、たとえば、端末ハードウェアが有するフラッシュメモリ等により実現される。 The bag holder 105 holds the payer's biometric information acquired in the past for a predetermined period or a predetermined number. In addition, the holding unit 105 may separately hold biological information of an operator who operates terminal hardware such as a store clerk or a salesperson. The holding unit 105 is realized by a nonvolatile non-transitory storage device, for example, a flash memory included in terminal hardware.
  制御部103は、電子バリューによる支払の制御を行うもので、端末ハードウェアが有するCPUにより実現される。制御部103は、不正行為が行われている可能性を判断し、その可能性に応じて、このまま電子バリューの支払を受け付けるか否かを決定する。このまま電子バリューの支払を受け付けるならば、端末ハードウェアが有するNFCチップを制御して、近傍の可搬デバイスを検索する。可搬デバイスが検出されたら、当該可搬デバイスに減少コマンドを送信して、その結果を受信し、減少コマンドが成功したら、電子バリューの支払が完了したものとする。 The bag control unit 103 controls payment by electronic value, and is realized by a CPU included in the terminal hardware. The control unit 103 determines the possibility of fraudulent activity and determines whether or not to accept payment of electronic value as it is according to the possibility. If the electronic value payment is accepted as it is, the NFC chip of the terminal hardware is controlled to search for a nearby portable device. If a portable device is detected, a decrease command is transmitted to the portable device, the result is received, and if the decrease command is successful, it is assumed that payment of electronic value is completed.
  それ以外の場合には、当該支払者からの電子バリューの支払を拒否しても良いし、他の高いレベルのチェックをパスした後に、電子バリューの支払の処理を開始することとしても良い。 In other cases, the payment of the electronic value from the payer may be rejected, or the electronic value payment process may be started after passing another high-level check.
  生体情報による不正行為の有無の判断のうち、単純な態様としては、過去の取引や支払において取得された支払者の生体情報のそれぞれと、今回電子バリューの支払をしようとしている支払者から取得された生体情報と、を照合するものがある。この態様では、前者のいずれかが、後者にマッチした場合、すなわち、過去の支払者が今回も支払者であると判定される場合には、不正行為の可能性が高く、今回の支払者が過去の支払者のいずれとも異なると判定される場合には、不正行為の可能性は低い、と判断する。 Among the simple aspects of determining whether or not there is fraudulent activity based on biometric information, each of the payer's biometric information acquired in past transactions and payments and the payer who is going to pay the electronic value this time are acquired. Some biometric information is collated. In this aspect, if any of the former matches the latter, that is, if it is determined that the past payer is also a payer this time, there is a high possibility of fraud, and the current payer If it is determined that it is different from any of the past payers, it is determined that the possibility of fraud is low.
  電子バリューの支払がされたら、消去部106は、支払者の最古に取得された生体情報を、保持部105から消去する。すなわち、保持部105は、端末ハードウェアが有するCPUが、フラッシュメモリ等と協働することにより実現される。上記のように、保持部105は、所定期間もしくは所定個数、過去に取得された支払者の生体情報を保持する。 When the electronic value is paid, the erasure unit 106 erases the biometric information acquired the oldest of the payer from the holding unit 105. That is, the holding unit 105 is realized by the CPU of the terminal hardware cooperating with the flash memory or the like. As described above, the holding unit 105 holds the biometric information of the payer acquired in the past for a predetermined period or a predetermined number.
  ここで、保持部105が、過去に取得された支払者の生体情報を1個だけ保持する態様や、消去部106が電子バリューの支払後に最古の生体情報を消去して、今回完了した支払に係る支払者の生体情報に入れ換える態様では、保持部105に保持される支払者の生体情報は、直前に電子バリューの支払がなされた支払者の生体情報のみとなり、それ以前の支払者の生体情報は保持されない。このため、支払者のプライバシーに対して、一層の配慮をすることができる。 Here, the holding unit 105 holds only one piece of payer's biometric information acquired in the past, or the deletion unit 106 deletes the oldest biometric information after payment of electronic value, and the payment completed this time In this aspect, the payer's biometric information held in the holding unit 105 is only the biometric information of the payer who has just been paid for electronic value, and the previous payer's biometric information. Information is not retained. For this reason, further consideration can be given to the payer's privacy.
  なお、取得部102により取得された生体情報が、保持部105に保持された操作者の生体情報にマッチする場合には、支払者の明示の同意がされておらず、操作者がかわりにアクションをとった可能性が高いと考えられる。そこでこのような場合には、不正行為の可能性があるものと考えて、より高いレベルのチェックをパスしなければ、電子バリューの支払はしないものとすることが望ましい。 If the biometric information acquired by the acquisition unit 102 matches the biometric information of the operator held in the holding unit 105, the payer's explicit consent has not been given, and the operator takes action instead. It is highly probable that he took In such a case, it is desirable that the electronic value is not paid unless a higher level check is passed, considering that there is a possibility of fraud.
  通知部107は、端末ハードウェアが有する表示装置、スピーカ、バイブレータ、LED(Light Emitting Diode)やランプなどにより、可聴音、可視光、振動を発して、電子バリューの支払がされることを、携帯端末101の近傍にいる人に知らせる。端末ハードウェアでは、設定部108を介して、表示装置、スピーカ、バイブレータ、LEDやランプの出力の強さ(明るさや明滅のパターン、音声のボリューム、振動の大きさやパターン)を操作者が設定できるのが一般的であるが、電子バリューの支払がされる旨の通知については、操作者の設定があらかじめ定めた強さより弱くとも、当該あらかじめ定めた強さで出力されることが望ましい。操作者の設定があらかじめ定めた強さ以上であれば、当該あらかじめ定めた強さで出力しても良いし、操作者の設定にしたがっても良い。目立つ通知がされることで、人込み等での不正行為を抑制することができる。 The notification unit 107 emits audible sound, visible light, vibration, and the like to be paid for electronic value by a display device included in the terminal hardware, a speaker, a vibrator, an LED (Light Emitting Diode), a lamp, etc. Inform people in the vicinity of the terminal 101. In the terminal hardware, the operator can set the output intensity (brightness and blinking pattern, sound volume, vibration magnitude and pattern) of the display device, speaker, vibrator, LED and lamp via the setting unit 108. However, it is desirable that the notification that the electronic value is paid is output with the predetermined strength even if the operator setting is weaker than the predetermined strength. If the operator setting is greater than or equal to a predetermined strength, the output may be output at the predetermined strength, or may be performed according to the operator setting. By being noticeable, it is possible to suppress fraudulent acts such as crowds.
  検知部109は、端末ハードウェアの種々の状態を検知する各種のセンサにより実現される。たとえば、傾きセンサによれば、端末ハードウェアの向きまたは姿勢を取得することができる。そこで、板状の端末ハードウェアの表面ならびに裏面が広がる面と、水平面とのなす角が、所定の閾値より小さく、略平行であるときに限って、制御部103が、可搬デバイスとの間のNFCを行い、当該角が所定範囲外であれば、NFCを制限することとすれば、電子マネーの支払を受けるときの操作者の姿勢に制限を設けることができ、人込み等での不正行為を抑制することができる。 The eyelid detection unit 109 is realized by various sensors that detect various states of the terminal hardware. For example, according to the tilt sensor, the orientation or attitude of the terminal hardware can be acquired. Therefore, only when the angle formed by the horizontal plane and the surface where the front and rear surfaces of the plate-shaped terminal hardware are spread is smaller than a predetermined threshold value and approximately parallel, the control unit 103 is not connected to the portable device. If NFC is performed and the angle is outside the specified range, NFC can be restricted, so that the attitude of the operator when receiving payment of electronic money can be limited, and illegal activities such as crowding Action can be suppressed.
  このほか、傾きセンサを利用すれば、端末ハードウェアの傾きの変化を取得することができる。マイクを利用すれば、端末ハードウェアの周囲の可聴音を取得することができる。また、LED等によるフラッシュ撮影の必要性を判断するため、明度センサやカメラにより撮影された画像に基づいて、現在の周囲の明るさを取得するものもある。 In addition, if a tilt sensor is used, a change in the tilt of the terminal hardware can be acquired. If a microphone is used, an audible sound around the terminal hardware can be acquired. In addition, in order to determine the necessity of flash photography using an LED or the like, there is a technique for acquiring the current ambient brightness based on an image photographed by a brightness sensor or a camera.
  そこで、端末ハードウェアが有するCPUや専用チップが、センサにより測定された音声や明るさ、傾きの変化を、通知部107による通知の変化のパターンと照合することにより、通知が実際に周囲の人に看取されている大きさが検知できる。 Therefore, the CPU or dedicated chip of the terminal hardware matches the change in voice, brightness, and tilt measured by the sensor with the pattern of change in notification by the notification unit 107, so that the notification is actually sent to the surrounding people. The size that is perceived by can be detected.
  検知された通知の大きさが、当該通知を出力しているときの強さと対比して、十分に大きければ、端末ハードウェアの不正改造(たとえば、スピーカをふさぐ、LEDを覆う、バイブレータを外す等)や故障はない、と考えることができる。一方で、検知された通知の大きさが、当該通知を出力しているときの強さと対比して、所定の判断基準で小さい場合には、端末ハードウェアの不正改造や故障の可能性があり、不正行為の可能性あり、と判断することができる。 If the size of the detected notification is sufficiently large compared to the strength at the time of outputting the notification, unauthorized modification of the terminal hardware (for example, covering the speaker, covering the LED, removing the vibrator, etc.) ) Or failure. On the other hand, if the size of the detected notification is smaller than the strength at the time of outputting the notification according to a predetermined criterion, there is a possibility of unauthorized modification or failure of the terminal hardware. It can be determined that there is a possibility of fraud.
  さらに、GPS(Global Positioning System)を利用すれば、端末ハードウェアの位置を検知することができる。携帯端末101の利用地域を制限することにより不正行為を抑制する態様では、GPSの検知結果に基づいて、利用地域内か否かを判定することができる。 Furthermore, GPS (Global Positioning System) can be used to detect the location of the terminal hardware. In an aspect in which fraud is suppressed by restricting the use area of the mobile terminal 101, it can be determined whether or not the use area is within the use area based on the detection result of the GPS.
  このほか、端末ハードウェアが無線LAN(Local Area Network)の通信機能を有する場合には、検知されたアクセスポイントのSSID(Service Set IDentifier)により、端末ハードウェアの位置を検知することが可能である。 In addition, when the terminal hardware has a wireless LAN (Local Area Network) communication function, it is possible to detect the position of the terminal hardware based on the SSID (Service Set IDentifier) of the detected access point. .
  さらに、アクセスポイントを経由して接続されたネットワーク内の特定のノード(たとえば、シンクライアント用サーバ、レジスタ、ネットワークプリンタ等)へ、端末ハードウェアから到達可能か否かをping等により調査して、その結果により、端末ハードウェアが特定の地域内にあるか否かを検知することもできる。 Furthermore, investigate whether a specific node in the network connected via an access point (for example, a server for a thin client, a register, a network printer, etc.) can be reached from the terminal hardware by ping or the like, As a result, it is possible to detect whether the terminal hardware is in a specific area.
  なお、シンクライアント方式では、携帯端末101を介して、可搬デバイスとシンクライアント用サーバとの間で、電子バリューを処理するコマンドのやりとりがなされる。したがって、シンクライアント用サーバがLAN内でのみ動作し、LAN外からは到達できないように設定され、LANの物理的な領域が限られている場合には、携帯端末101がシンクライアント用サーバと通信可能であれば、特定の地域内にある、と判断することも可能である。 In the thin client method, a command for processing electronic value is exchanged between the portable device and the thin client server via the mobile terminal 101. Therefore, if the thin client server operates only within the LAN and cannot be reached from outside the LAN, and the physical area of the LAN is limited, the mobile terminal 101 communicates with the thin client server. If possible, it can also be determined to be within a specific region.
  以下では、携帯端末101において、第1の技術(支払者の生体情報)、第2の技術(端末ハードウェアの傾き)、第3の技術(可聴音等による通知)、第4の技術(場所の制限)がすべて採用されている態様における処理の流れについて説明する。なお、第1乃至第4の技術は、適宜選択および省略が可能である。また、以下の例では、生体情報として指紋を利用し、指紋の取得はタッチスクリーンから行うことを想定しているが、上記のように、生体情報としては種々のものを採用することが可能である。 In the following, in the mobile terminal 101, the first technology (payers' biometric information), the second technology (terminal hardware inclination), the third technology (notification by audible sound, etc.), the fourth technology (location) The flow of processing in a mode in which all of the above restrictions are adopted will be described. The first to fourth techniques can be appropriately selected and omitted. In the following example, it is assumed that fingerprints are used as biometric information and fingerprints are obtained from a touch screen. However, as described above, various types of biometric information can be adopted. is there.
  また、以下の態様では、事業者が、複数の提供者(ショップ)と電子マネーサービスに係る契約を交わすと、各提供者にショップコードとパスワードを割り当てることを想定する。事業者は、ショップコードとパスワードに基づいて、提供者ごとに、電子バリューの出納の管理が行われる。 で は Also, in the following mode, it is assumed that a business operator assigns a shop code and a password to each provider when a contract related to an electronic money service is made with a plurality of providers (shops). Based on the shop code and password, the business operator manages the accounting of electronic value for each provider.
  図2は、本発明の実施例に係る携帯端末にて実行される処理の流れを示すフローチャートである。以下、本図を参照して説明する。上記のように、本処理は、端末ハードウェア上でプログラムを実行することにより開始され、この処理によって携帯端末101が実現される。 FIG. 2 is a flowchart showing a flow of processing executed by the mobile terminal according to the embodiment of the present invention. Hereinafter, a description will be given with reference to FIG. As described above, this process is started by executing a program on the terminal hardware, and the portable terminal 101 is realized by this process.
  さて、処理が開始されると、まず、携帯端末101は、当該携帯端末101と提供者との紐付けを行うため、提供者に事前に割り当てられたショップコードおよびパスワードの入力を受け付ける(ステップS201)。 Now, when the process is started, the mobile terminal 101 first receives an input of a shop code and a password assigned in advance to the provider in order to associate the mobile terminal 101 with the provider (step S201). ).
  本実施例におけるステップS201の処理においては、まず、端末ハードウェアの表面に配置されたタッチスクリーンに、入力フォームが表示される。図3は、提供者がシンクライアント用サーバにログインするための入力フォームの表示例である。以下、本図を参照して説明する。 In the process of step S201 in this embodiment, first, an input form is displayed on the touch screen arranged on the surface of the terminal hardware. FIG. 3 is a display example of an input form for the provider to log in to the thin client server. Hereinafter, a description will be given with reference to FIG.
  本図に示すように、端末ハードウェア251の表面には、タッチスクリーン252が用意されているほか、また、タッチスクリーン252を見ている人を撮影するためのカメラ261、電話のための通話や、音声の入出力を行うためのマイク262およびスピーカ263も配置されている。本図では、タッチスクリーン252には、入力フォーム301が表示されている。 As shown in this figure, a touch screen 252 is prepared on the surface of the terminal hardware 251, a camera 261 for photographing a person who is looking at the touch screen 252, a telephone call and In addition, a microphone 262 and a speaker 263 for inputting and outputting audio are also arranged. In this figure, an input form 301 is displayed on the touch screen 252.
  入力フォーム301には、ショップコード欄302およびパスワード欄303が用意されている。端末ハードウェアのソフトウェアキーボード(図示せず)を利用して、操作者がこれらに情報を入力した後、次へボタン304をタップすると、入力されたショップコードおよびパスワード、ならびに、端末ハードウェアの識別情報(製造番号やMACアドレス等)がシンクライアント用サーバに無線LAN経由で送信され、携帯端末101と提供者の紐付けが行われる(ステップS202)。 In the bag input form 301, a shop code field 302 and a password field 303 are prepared. When the operator inputs information into these using the terminal hardware software keyboard (not shown) and taps the next button 304, the entered shop code and password, and identification of the terminal hardware are displayed. Information (manufacturing number, MAC address, etc.) is transmitted to the thin client server via the wireless LAN, and the portable terminal 101 and the provider are linked (step S202).
  なお、ショップコードやパスワードに入力の誤りがあり、シンクライアント用サーバにおける認証が失敗した場合は、ステップS201に戻って、再度の入力を求める(フローチャートでは図示を省略)。 Note that if there is an input error in the shop code or password and the authentication in the thin client server fails, the process returns to step S201 to request another input (not shown in the flowchart).
  さて、携帯端末101と提供者の紐付けが行われた後は、携帯端末101は、その操作者の生体情報を取得する(ステップS203)。本実施例では、端末ハードウェアのタッチスクリーンに、指紋登録フォームが表示される。図4は、操作者が生体情報を登録するための指紋登録フォームの表示例である。以下、本図を参照して説明する。 Now, after the portable terminal 101 and the provider are linked, the portable terminal 101 acquires the biological information of the operator (step S203). In this embodiment, a fingerprint registration form is displayed on the touch screen of the terminal hardware. FIG. 4 is a display example of a fingerprint registration form for an operator to register biometric information. Hereinafter, a description will be given with reference to FIG.
  指紋登録フォーム401には、指をタッチするための楕円状のタッチ領域402が用意されている。メッセージ欄405に表示された「操作者(売り子)の指を楕円にタッチ」にしたがって操作者の指がタッチ領域402に触れ、タッチスクリーンに対する接触状況から指紋の特徴情報が取得できれば、メッセージ欄405には「この指紋を登録するなら登録をタップ」と表示される(図示せず)。 The fingerprint registration form 401 is provided with an elliptical touch area 402 for touching a finger. If the operator's finger touches the touch area 402 according to “touch the operator's (seller) 's finger on an ellipse” displayed in the message field 405 and the fingerprint feature information can be acquired from the touch state on the touch screen, the message field 405 Will display "Tap registration to register this fingerprint" (not shown).
  これにしたがって、操作者が登録ボタン403をタップすると、携帯端末101は、当該特徴情報をフラッシュメモリ等に書き込むことにより、操作者の生体情報を保持部105に保持する(ステップS204)。一人の操作者の複数の指紋を登録したい場合や、操作者が複数いる場合には、ステップS203-S204の処理を繰り返す。図5Aは、生体情報が保持される保持部の態様を説明するための説明図である。図5Bは、生体情報が保持される保持部の他の態様を説明するための説明図である。以下、これらの図を参照して説明する。 に し た が っ て According to this, when the operator taps the registration button 403, the mobile terminal 101 holds the biometric information of the operator in the holding unit 105 by writing the feature information in a flash memory or the like (step S204). When it is desired to register a plurality of fingerprints of one operator or when there are a plurality of operators, the processing of steps S203 to S204 is repeated. FIG. 5A is an explanatory diagram for explaining an aspect of a holding unit that holds biological information. FIG. 5B is an explanatory diagram for explaining another aspect of the holding unit that holds the biological information. Hereinafter, description will be given with reference to these drawings.
  保持部105には、操作者の生体情報を保持するための操作者領域451と、後述するように支払者の生体情報を保持するための支払者領域471と、が設けられている。 The heel holding unit 105 is provided with an operator area 451 for holding the operator's biometric information and a payer area 471 for holding the payer's biometric information as will be described later.
  本態様の操作者領域451は、操作者の生体情報を配列として保持しており、初期状態では、各要素には、すべて「なし」が記録されている。ステップS204において生体情報を登録しようとする際には、まず、「なし」が記録されている要素を配列から探し、見付かった要素に新たな操作者の生体情報を書き込む。配列の要素数には上限(本図では5)が設けられており、当該上限に達したら、それ以上操作者の生体情報は登録できないことになる。本図では、操作者の生体情報が1個だけ記録された状態を示している。 The operator area 451 of the present embodiment holds the biological information of the operator as an array, and “none” is recorded in each element in the initial state. When biometric information is to be registered in step S204, first, an element in which “none” is recorded is searched from the array, and the new operator's biometric information is written in the found element. There is an upper limit (5 in the figure) for the number of elements in the array, and when the upper limit is reached, no further biometric information of the operator can be registered. This figure shows a state in which only one operator's biological information is recorded.
  支払者領域471は、支払者の生体情報を記録するための領域であり、その詳細については後述する。 The payer area 471 is an area for recording the payer's biological information, and details thereof will be described later.
  操作者の指紋がすべて登録し終わったら、操作者が次へボタン404をタップすると、タッチスクリーンに、概要フォームが表示される(ステップS205)。図6は、ログインおよび登録の概要を示すための概要フォームの表示例である。以下、本図を参照して説明する。 When all the fingerprints of the operator have been registered, when the operator taps the next button 404, an overview form is displayed on the touch screen (step S205). FIG. 6 is a display example of an outline form for showing an outline of login and registration. Hereinafter, a description will be given with reference to FIG.
  概要フォーム501には、ステップS201-S204にて受け付けたショップコードおよび登録された指紋の数が、概要欄502に表示されている。この内容で電子バリューの支払の受付に進んで良い場合には、操作者は、次へボタン503をタップする。すると、処理は、ステップS206に進む。 In the outline form 501, the shop code accepted in steps S 201 -S 204 and the number of registered fingerprints are displayed in the outline column 502. When it is possible to proceed to accept payment of electronic value with this content, the operator taps the next button 503. Then, the process proceeds to step S206.
  一方、登録をやり直したい場合には、操作者は、最初からボタン504をタップする。すると、処理は、ステップS201に戻る(フローチャートでは図示を省略)。 On the other hand, when it is desired to redo registration, the operator taps the button 504 from the beginning. Then, the process returns to step S201 (not shown in the flowchart).
  なお、ショップコードやパスワードおよび操作者の指紋の特徴情報をフラッシュメモリ等に不揮発に記憶しておけば、次回プログラム起動時には、明示的な提供者情報の入力や操作者の指紋登録を省略することが可能である。すなわち、ステップS201、S203-S204の処理は省略して、すでに記憶されているショップコードおよびパスワードにより、シンクライアント用サーバにおいて、携帯端末101と提供者との紐付けを行い、ステップS205に進む。 If the shop code, password, and operator fingerprint feature information are stored in a non-volatile manner in a flash memory, etc., the explicit provider information entry and operator fingerprint registration will be omitted at the next program startup. Is possible. That is, the processing of steps S201 and S203-S204 is omitted, and the portable terminal 101 is associated with the provider in the thin client server by using the already stored shop code and password, and the process proceeds to step S205.
  さて、ステップS201-S205により、携帯端末101の初期化が終わると、検知部109は、携帯端末101の現在位置を検知する(ステップS206)。この検知には、屋外等ではGPSが利用できる。また、GPSの精度が問題となる状況や、建物の内部で支払を行うためGPSが利用できない状況、GPSの測位に要する時間やバッテリ消費が問題となる状況では、近傍にある無線LANのアクセスポイントのSSIDを取得して、その情報から現在位置を検知することも可能である。 Now, when the initialization of the mobile terminal 101 is completed in steps S201 to S205, the detection unit 109 detects the current position of the mobile terminal 101 (step S206). For this detection, GPS can be used outdoors. Also, in situations where GPS accuracy is a problem, GPS is not available because payment is made inside the building, GPS positioning time and battery consumption are problems, nearby wireless LAN access points It is also possible to acquire the SSID and detect the current position from the information.
  そして、検知された現在位置が、当該ショップコードにあらかじめ割り振られた利用可能地域内にあるか否かを判定する(ステップS207)。ここで、ショップコードに対する利用可能地域の割り振りをシンクライアント用サーバにおいて行う態様では、紐付けを行った際に、シンクライアント用サーバから携帯端末101へ利用可能地域の情報がダウンロードされる。 判定 す る Then, it is determined whether or not the detected current position is within an available area allocated in advance to the shop code (step S207). Here, in the aspect in which the available area is allocated to the shop code in the thin client server, the available area information is downloaded from the thin client server to the mobile terminal 101 when the association is performed.
  このほか、操作者の指紋登録時に周囲の無線LANのアクセスポイントのSSIDを収集する態様を採用することもできる。収集されたSSIDのいずれか、あるいは、収集されたSSIDのうち所定の割合のものが無線LANで検知できる間は、利用可能地域内にある、と判定するのである。 ほ か In addition, it is possible to adopt a mode of collecting SSIDs of neighboring wireless LAN access points at the time of operator's fingerprint registration. While any one of the collected SSIDs or a predetermined percentage of the collected SSIDs can be detected by the wireless LAN, it is determined that it is within the usable area.
  なお、物理的な現在位置を検知してから(ステップS206)、その位置が利用可能範囲内にあるか判定する(ステップS207)のではなく、LAN内の特定のノード(たとえば、LAN内にあるPOSレジスターや管理用コンピュータ、ネットワークプリンタ等)との通信ができるか否かにより、現在位置が利用可能地域内にあるか否かを判断しても良い。 In addition, after detecting the physical current position (step S206), it is not determined whether the position is within the usable range (step S207), but a specific node in the LAN (for example, in the LAN) Whether or not the current position is within the available area may be determined based on whether communication with a POS register, a management computer, a network printer, or the like is possible.
  これらの手法によって携帯端末101が利用可能地域内にあることがわかったら(ステップS207;Yes)、電子バリューの支払の受付が開始される。一方、携帯端末101が利用可能地域内になければ(ステップS207;No)、本態様では、ステップS201に戻り、再度初期化を行う。ただし、操作者に警告を発した後に、ステップS206に戻ることとしても良いし、プログラムそのものを終了させることとしても良い。 た ら If it is found that the mobile terminal 101 is in an available area by these methods (step S207; Yes), acceptance of payment of electronic value is started. On the other hand, if the mobile terminal 101 is not in the available area (step S207; No), in this aspect, the process returns to step S201 and is initialized again. However, after issuing a warning to the operator, the process may return to step S206, or the program itself may be terminated.
  さて、電子バリューの支払の受付が開始されると、まず、タッチスクリーンに金額フォームが表示される(ステップS208)。図7は、支払に係る電子バリューの額の入力を求める金額フォームの表示例である。以下、本図を参照して説明する。 Now, when acceptance of electronic value payment is started, an amount form is first displayed on the touch screen (step S208). FIG. 7 is a display example of an amount form that requests input of the amount of electronic value related to payment. Hereinafter, a description will be given with reference to FIG.
  金額フォーム601には、支払を求める電子バリューの額が表示されるバリュー欄602、ならびに、ソフトウェアキーボード603が配置されている。操作者が、ソフトウェアキーボード603の数字キーをタップすれば、そのキーに割り当てられた数字がバリュー欄602に追加される。操作者が、削除キーをタップすれば、バリュー欄602の数値が末尾から削除される。 In the money amount form 601, a value field 602 for displaying the amount of electronic value for which payment is required and a software keyboard 603 are arranged. When the operator taps a number key on the software keyboard 603, the number assigned to the key is added to the value field 602. If the operator taps the delete key, the value in the value field 602 is deleted from the end.
  バリュー欄602に、支払いを求める電子バリューの額が入力されると、操作者は、次へボタン604をタップする。すると、タッチスクリーンに、支払確認フォームが表示され、支払者が支払に同意するためのアクションをとるよう促す(ステップS209)。図8は、支払に同意するアクションをとることを支払者に求める支払確認フォームの表示例である。以下、本図を参照して説明する。 When the amount of electronic value for which payment is requested is input in the value column 602, the operator taps the next button 604. Then, a payment confirmation form is displayed on the touch screen, prompting the payer to take an action to agree to the payment (step S209). FIG. 8 is a display example of a payment confirmation form that asks the payer to take an action to agree to the payment. Hereinafter, a description will be given with reference to FIG.
  支払確認フォーム701のメッセージ欄702には、金額フォーム601にて入力された支払者が支払うべき電子バリューの額と、「支払に同意するなら楕円にタッチ」というメッセージが表示されている。額に間違いがあった場合等は、戻るボタン705をタップすれば、金額を再入力するため、ステップS208に戻ることができる(フローチャートでは図示を省略)。 In the message field 702 of the payment confirmation form 701, the amount of electronic value to be paid by the payer entered in the amount form 601 and a message “Touch an ellipse if you agree to payment” are displayed. If there is an error in the amount, for example, if the return button 705 is tapped, it is possible to return to step S208 to re-enter the amount (not shown in the flowchart).
  また、支払確認フォーム701には、支払者が指を触れるための楕円状のタッチ領域703が用意されている。支払者が、電子バリューの支払に同意するアクションとして、タッチ領域703にタッチをすると、携帯端末101の取得部102は、タッチスクリーンに対する接触状況から、指紋の特徴情報を、支払者の生体情報として取得する(ステップS210)。 In addition, the payment confirmation form 701 is provided with an elliptical touch area 703 for the payer to touch his / her finger. When the payer touches the touch area 703 as an action to agree to the payment of the electronic value, the acquisition unit 102 of the mobile terminal 101 uses the fingerprint feature information as the payer's biometric information based on the contact status with respect to the touch screen. Obtain (step S210).
  そして、制御部103は、ステップS210において取得された支払者の生体情報が、保持部105に保持された操作者の生体情報のいずれかとマッチするか調べる(ステップS211)。上述の通り、操作者の生体情報は、保持部105の操作者領域451の配列の各要素の生体情報欄に記録されており、その値が「なし」でない要素の各々と、支払者の生体情報とを照合する。 Then, the control unit 103 checks whether the payer's biometric information acquired in step S210 matches any of the operator's biometric information held in the holding unit 105 (step S211). As described above, the biological information of the operator is recorded in the biological information column of each element of the array of the operator area 451 of the holding unit 105, and each element whose value is not “none” and the biological information of the payer Match information.
  いずれかとマッチする場合は(ステップS211;Yes)、支払者による支払の同意が得られていないこととなるので、ステップS209に戻る。この際に、適宜警告やメッセージを提示しても良い。 If any of them matches (step S211; Yes), the payment by the payer has not been agreed, and the process returns to step S209. At this time, a warning or a message may be presented as appropriate.
  いずれともマッチしない場合は(ステップS211;No)、ステップS210において取得された支払者の生体情報が、保持部105に保持された過去の支払者の生体情報のいずれかとマッチするか調べる(ステップS212)。後述するように、ステップS210において取得された支払者の生体情報は、支払が完了した後に保持部105に登録されて、過去の支払者の生体情報として利用される。 If neither matches (step S211; No), it is checked whether the payer's biometric information acquired in step S210 matches any of the past payer's biometric information held in the holding unit 105 (step S212). ). As will be described later, the payer's biometric information acquired in step S210 is registered in the holding unit 105 after payment is completed, and used as past payer's biometric information.
  支払者の生体情報は、保持部105の支払者領域471の配列の各要素の生体情報欄に記録されており、その値が「なし」でないものの各々と、支払者の生体情報とを照合する。 The biometric information of the payer is recorded in the biometric information column of each element of the array of the payer area 471 of the holding unit 105, and each of those whose value is not “None” is collated with the biometric information of the payer. .
  いずれともマッチしない場合は(ステップS212;No)、生体情報によるチェックはパスしたこととなり、支払者の可搬デバイスから、電子バリューの支払を受ける処理が開始される。 If no match is found (step S212; No), the biometric information check is passed, and processing for receiving payment of electronic value from the payer's portable device is started.
  まず、通知部107は、可搬デバイスの検出中であることを示す通知を、可聴音、可視光、振動などにより、所定の強さで出力し、周囲の人に知得させ(ステップS214)、携帯端末101は、タッチスクリーン252に、可搬デバイスとのNFCに係る通信フォームを表示する(ステップS215)。図9は、可搬デバイスとのNFCを開始しようとする旨を表す通信フォームの表示例である。以下、本図を参照して説明する。 First, the notification unit 107 outputs a notification indicating that a portable device is being detected at a predetermined intensity by using an audible sound, visible light, vibration, etc., so as to let the surrounding people know (step S214). The mobile terminal 101 displays a communication form related to NFC with the portable device on the touch screen 252 (step S215). FIG. 9 is a display example of a communication form indicating that NFC with a portable device is to be started. Hereinafter, a description will be given with reference to FIG.
  通信フォーム801のメッセージ欄802には、「端末を裏返してマークに可搬デバイスを近付けてください」と表示されている。これにより、操作者に、端末ハードウェア251を裏返して、支払者が可搬デバイスを近付けやすくするよう促す。図10は、端末ハードウェアの裏側の様子を示す説明図である。以下、本図を参照して説明する。 In the message field 802 of the communication form 801, “Please turn the terminal over and bring the portable device closer to the mark” is displayed. This prompts the operator to turn over the terminal hardware 251 so that the payer can easily approach the portable device. FIG. 10 is an explanatory diagram showing a state of the back side of the terminal hardware. Hereinafter, a description will be given with reference to FIG.
  端末ハードウェア251の裏面には、風景や他人を撮影するためのカメラ264が配置されているほか、NFCチップが配置されている場所を示すマーク253が貼付されている。支払者がマーク253に重なるように可搬デバイスを近付けると、NFCチップが可搬デバイスを検出する。 On the back surface of the terminal hardware 251, a camera 264 for photographing landscapes and other people is arranged, and a mark 253 indicating a place where the NFC chip is arranged is affixed. When the payer brings the portable device close to the mark 253, the NFC chip detects the portable device.
  なお、通信フォーム801の戻るボタン803をタップすると、制御はステップS208に戻り、金額の入力からやり直す(フローチャートには図示せず)。これにより、現在の額による電子バリューの支払の受付をキャンセルすることができる。 Note that when the return button 803 of the communication form 801 is tapped, the control returns to step S208 and starts again from the input of the amount (not shown in the flowchart). Thereby, acceptance of payment of electronic value by the present amount can be canceled.
  さて、通信フォーム801により、携帯端末101を裏返すことを促した後、検知部109は、傾きセンサにより、端末ハードウェア251の傾きを検知する(ステップS217)。そして、検知された傾きと目標となる傾きが、所定の誤差範囲内であるか否かを調べる(ステップS218)。本実施例では、表面の外向き法線の向きを検知してこれを端末の傾きとし、目標となる傾きを重力の向きとしている。 Now, after prompting the mobile terminal 101 to be turned over by the communication form 801, the detection unit 109 detects the tilt of the terminal hardware 251 by the tilt sensor (step S217). Then, it is checked whether or not the detected inclination and the target inclination are within a predetermined error range (step S218). In the present embodiment, the direction of the outward normal on the surface is detected and used as the inclination of the terminal, and the target inclination is set as the direction of gravity.
  両者が所定の誤差範囲内でなければ(ステップS218;No)、ステップS214に戻る。この際に、傾きを正しくするよう、通信フォーム801のメッセージ欄802に表示することとしても良い。したがって、NFCチップと可搬デバイスが十分に近付いて、NFCが可能となっていても、電子バリューの支払は行なわれない。 If both are not within the predetermined error range (step S218; No), the process returns to step S214. At this time, the message may be displayed in the message field 802 of the communication form 801 so that the inclination is correct. Therefore, even if the NFC chip and the portable device are close enough to enable NFC, the electronic value is not paid.
  一方、所定の誤差範囲内であれば(ステップS218;Yes)、端末ハードウェア251の裏面が上方を向いており、支払者がマーク253を視認できるようになっていることなる。そこで、携帯端末101のNFCチップは、近傍の可搬デバイスとNFCが可能か、検出を試みる(ステップS219)。図11は、端末ハードウェアに可搬デバイスを近付けた様子を示す説明図である。以下、本図を参照して説明する。 On the other hand, if it is within the predetermined error range (step S218; Yes), the back surface of the terminal hardware 251 is facing upward, and the payer can visually recognize the mark 253. Therefore, the NFC chip of the mobile terminal 101 tries to detect whether or not NFC with a nearby portable device is possible (step S219). FIG. 11 is an explanatory diagram showing a state in which the portable device is brought close to the terminal hardware. Hereinafter, a description will be given with reference to FIG.
  本図に示すように、支払者が、端末ハードウェア251のマーク253に重なるように、可搬デバイス254を端末ハードウェア251の裏面に近付けると、NFCチップが可搬デバイスを検出して、両者の通信が可能となる。 As shown in this figure, when the payer brings the portable device 254 close to the back of the terminal hardware 251 so that it overlaps the mark 253 of the terminal hardware 251, the NFC chip detects the portable device and both Communication becomes possible.
  ここで、可搬デバイスが検出されなければ(ステップS219;No)、ステップS214に戻る。したがって、携帯端末101が可搬デバイスを検出しようとしている間は、繰り返し通知が出力されることになる。 な け れ ば Here, if the portable device is not detected (step S219; No), the process returns to step S214. Therefore, while the mobile terminal 101 is trying to detect the portable device, the notification is repeatedly output.
  なお、本態様では、支払者が可搬デバイス254を携帯端末101に近付けようとするときには、携帯端末101が裏返されており、タッチスクリーンの表示が支払者にも操作者にも見えない。そこで、携帯端末101の傾きが正しいか否か、すなわち、タッチスクリーンの表面の外向き法線ベクトルと重力の向きとが所定の誤差範囲内であるか否かにより、通知のパターンを変更することが望ましい。たとえば、正しい傾きのときと、誤った傾きのときとで、発せられる通知音の音高や音色、メロディを異なるものとしたり、誤った傾きの間は連続して振動させ、正しい傾きになったら間欠的に振動させるなど、振動パターンを異なるものとすれば、タッチスクリーンによる表示がなくとも、操作者は現在の携帯端末101の状態を知ることができる。 In this aspect, when the payer tries to bring the portable device 254 closer to the mobile terminal 101, the mobile terminal 101 is turned over, and the display on the touch screen is not visible to either the payer or the operator. Therefore, the notification pattern is changed depending on whether or not the inclination of the mobile terminal 101 is correct, that is, whether or not the outward normal vector of the touch screen surface and the direction of gravity are within a predetermined error range. Is desirable. For example, if the pitch, tone, and melody of the notification sound that is emitted are different between the correct inclination and the incorrect inclination, or if the correct inclination is obtained by continuously vibrating during the incorrect inclination If the vibration patterns are different, such as intermittent vibration, the operator can know the current state of the mobile terminal 101 without displaying on the touch screen.
  本態様では、可搬デバイス254の裏面を上側に略水平に配置した傾きが検知されている間だけ、可搬デバイスの検出を試みることとしているが、当該検出を試みるための傾きは、端末ハードウェアの形状や店舗での運用に応じて、適宜変更が可能である。 In this aspect, the detection of the portable device is attempted only while the inclination in which the back surface of the portable device 254 is disposed substantially horizontally on the upper side is detected, but the inclination for attempting the detection is determined by the terminal hardware. Changes can be made as appropriate according to the shape of the wear and the operation at the store.
  さて、可搬デバイスとのNFCが可能であることが検出されたら(ステップS219;Yes)、携帯端末101は、無線LANを経由してシンクライアント用サーバに、支払うべき額を送信する(ステップS220)。そして、可搬デバイスと、シンクライアント用サーバと、の間の通信の中継を開始する。なお、シンクライアント用サーバは、支払うべき額を携帯端末101から受信すると、当該携帯端末101が、ステップS202において紐付けがなされている携帯端末101であるか否かを確認し、提供者との紐付けがされていない携帯端末であれば決済を拒否することとしても良い。この場合には、携帯端末101は、エラーを報告して、本処理を終了するか、ステップS201に戻り、シンクライアント用サーバへのログインをやり直すこととすれば良い(フローチャートには図示せず)。 When it is detected that NFC with the portable device is possible (step S219; Yes), the mobile terminal 101 transmits the amount to be paid to the thin client server via the wireless LAN (step S220). ). Then, the communication relay between the portable device and the thin client server is started. When the thin client server receives the amount to be paid from the mobile terminal 101, the thin client server confirms whether or not the mobile terminal 101 is the mobile terminal 101 linked in step S202. If the mobile terminal is not linked, the payment may be rejected. In this case, the mobile terminal 101 may report an error and end the process, or return to step S201 and log in to the thin client server again (not shown in the flowchart). .
  具体的には、携帯端末101は、シンクライアント用サーバから送信された減少コマンドを無線LAN経由で受信し(ステップS221)、当該受信された減少コマンドをNFCチップ経由で可搬デバイスへ送信する(ステップS222)。 Specifically, the mobile terminal 101 receives the decrease command transmitted from the thin client server via the wireless LAN (step S221), and transmits the received decrease command to the portable device via the NFC chip ( Step S222).
  そして、携帯端末101は、可搬デバイスから送信された減少コマンドの実行結果を受信し(ステップS223)、当該受信された実行結果をシンクライアント用サーバへ送信する(ステップS224)。 The mobile terminal 101 receives the execution result of the decrease command transmitted from the portable device (step S223), and transmits the received execution result to the thin client server (step S224).
  可搬デバイスに割り当てられたアカウントに残存する電子バリューが支払額以上であれば、減少コマンドは成功し、支払の決済が完了することとなる。この場合の実行結果には、支払後に可搬デバイスに残存した電子バリューの額が含まれる。 電子 If the electronic value remaining in the account assigned to the portable device is greater than or equal to the payment amount, the decrease command is successful and payment settlement is completed. The execution result in this case includes the amount of electronic value remaining in the portable device after payment.
  携帯端末101は、シンクライアント用サーバから送信された指示を受信する(ステップS225)。この指示に、支払完了の旨ならびに残存した電子バリューの額が指定されていれば(ステップS226;Yes)、携帯端末101は、保持部105に保持されている過去の支払者の生体情報の個数が所定の上限以下か否かを判定する(ステップS227)。上限を超えていれば(ステップS227;No)、消去部106は、最古に取得された支払者の生体情報を1つ消去して(ステップS228)、ステップS229に進む。一方、上限以下であれば(ステップS227;Yes)、ステップS210において取得された最新の生体情報、すなわち、今回の支払に係る支払者の生体情報を保持部105に保持させる(ステップS229)。 The mobile terminal 101 receives the instruction transmitted from the thin client server (step S225). If this instruction specifies the completion of payment and the amount of remaining electronic value (step S226; Yes), the mobile terminal 101 determines the number of biometric information of past payers held in the holding unit 105. Is less than or equal to a predetermined upper limit (step S227). If the upper limit is exceeded (step S227; No), the erasure unit 106 erases one of the oldest payer's biometric information (step S228), and proceeds to step S229. On the other hand, if it is equal to or less than the upper limit (step S227; Yes), the latest biometric information acquired in step S210, that is, the biometric information of the payer related to the current payment is held in the holding unit 105 (step S229).
  このように、保持部105に保持される生体情報の個数が所定の数以下となるように制御するのである。この上限を1とした場合には、保持部105は、過去の支払者の生体情報が最大でも1つだけ保持されることになる。このため、過去の支払者の生体情報を携帯端末101内に保持する期間を必要最小限とすることができ、プライバシーに配慮した運用が可能となる。 Thus, the number of pieces of biological information held in the holding unit 105 is controlled to be a predetermined number or less. When this upper limit is set to 1, the holding unit 105 holds at least one past payer's biometric information. For this reason, it is possible to minimize the period during which the biometric information of past payers is stored in the mobile terminal 101, and it is possible to operate in consideration of privacy.
  ここで、支払者の生体情報は、保持部105の支払者領域471に記録される。支払者領域471は配列により実現されており、図5Aに示す例では、各要素には、生体情報欄とタイムスタンプ欄とが用意されており、支払者領域471の要素数は複数(本図では4)である。各要素の生体情報欄には、支払が完了した支払者の生体情報を記録し、タイムスタンプ欄には、当該生体情報が取得された日時もしくは当該支払が完了した日時が記録される。 生 体 Here, the payer's biometric information is recorded in the payer area 471 of the holding unit 105. The payer area 471 is realized by an array, and in the example shown in FIG. 5A, a biometric information field and a time stamp field are prepared for each element, and the payer area 471 has a plurality of elements (this figure). Then 4). The biometric information column of each element records the payer's biometric information, and the time stamp column records the date and time when the biometric information was acquired or the date and time when the payment was completed.
  一方、図5Bに示す例では、支払者領域471の要素は1つだけで、生体情報欄が用意されているが、タイムスタンプ欄はない。 On the other hand, in the example shown in FIG. 5B, the payer area 471 has only one element and a biometric information field is prepared, but there is no time stamp field.
  支払者領域471の各要素472における生体情報欄473およびタイムスタンプ欄474には、操作者領域451と同様に、何も登録がなければ「なし」を記録する。図5Aに示す例において、最古の生体情報を消去するには、タイムスタンプ欄474に記録されている日時が最古の要素472を探し出し、その要素472の生体情報欄473およびタイムスタンプ欄474に「なし」を書き込めば良い。図5Bに示す例において、最古の生体情報を消去するには、唯一の要素472が最古の生体情報を持つことになるから、当該要素472の生体情報欄473に「なし」を書き込むだけで良い。 In the biometric information field 473 and the time stamp field 474 in each element 472 of the payer area 471, “none” is recorded if nothing is registered, as in the operator area 451. In the example shown in FIG. 5A, in order to delete the oldest biometric information, the element 472 with the oldest date and time recorded in the time stamp field 474 is searched, and the biometric information field 473 and the time stamp field 474 of the element 472 are searched. You can write "None" in In the example shown in FIG. 5B, in order to delete the oldest biometric information, only the element 472 has the oldest biometric information, so simply write “None” in the biometric information field 473 of the element 472. Good.
  なお、上記の説明では、ステップS228において、最古の生体情報を消去してから、今回の生体情報を保持させているが、これらをまとめて、支払者領域471の配列における最古の要素472に対して、今回の支払者の生体者情報および取得日時もしくは支払完了日時を上書きすれば良い。 In the above description, in step S228, the oldest biometric information is deleted and then the current biometric information is held. On the other hand, the living person information and the acquisition date / time or payment completion date / time of the current payer may be overwritten.
  なお、携帯端末101と提供者との紐付けが終わった後に初めて電子マネーの支払がされようとする状況下では、保持部105には、過去の支払者の生体情報は保持されていないことになるが、保持部105の過去の支払者の生体情報の初期値として、最後に登録された操作者の生体情報を採用することもできる。この場合には、適宜、操作者の生体情報との照合(ステップS211)を省略しても良い。 Note that in the situation where electronic money is to be paid for the first time after the association between the portable terminal 101 and the provider is finished, the holding unit 105 does not hold the biometric information of the past payer. However, the last registered biometric information of the operator can be adopted as the initial value of the biometric information of the past payer in the holding unit 105. In this case, verification with the operator's biometric information (step S211) may be omitted as appropriate.
  そして、通知部107は、決済完了の通知を、可聴音、可視光、振動などにより出力する(ステップS230)。ここでの通知は、可搬デバイスの検出をしている間の通知とは、出力パターンが異なるものとすることが望ましい。 Then, the notification unit 107 outputs a payment completion notification by audible sound, visible light, vibration, or the like (step S230). The notification here preferably has a different output pattern from the notification while the portable device is being detected.
  操作者は、通知の出力パターンから電子バリューの支払が完了したことを知得して、携帯端末101を裏返し、タッチスクリーンが見えるようにする。 The operator knows that the payment of the electronic value has been completed from the output pattern of the notification, turns the mobile terminal 101 over and makes the touch screen visible.
  一方、携帯端末101は、メッセージフォームをタッチスクリーンに表示する(ステップS231)。図12は、電子バリューの支払が完了した旨を表すメッセージフォームの表示例である。以下、本図を参照して説明する。 On the other hand, the mobile terminal 101 displays a message form on the touch screen (step S231). FIG. 12 is a display example of a message form indicating that payment of electronic value has been completed. Hereinafter, a description will be given with reference to FIG.
  本図に示すように、メッセージフォーム901のメッセージ欄902には、支払われた電子バリューの額、可搬デバイスのアカウントに残存する電子バリューの額、ならびに、挨拶が表示される。メッセージフォーム901の次へボタン903がタップされると、制御はステップS208に戻り、次の電子バリューの支払の受付が開始される。 As shown in this figure, in the message field 902 of the message form 901, the amount of electronic value paid, the amount of electronic value remaining in the account of the portable device, and a greeting are displayed. When the next button 903 of the message form 901 is tapped, control returns to step S208, and acceptance of payment for the next electronic value is started.
  可搬デバイスのアカウントから電子バリューの支払ができなかった場合には、シンクライアント用サーバは、支払が完了していない旨の指示を送信する。そこで、携帯端末101が受信した指示に、支払完了の旨が指定されていなければ(ステップS226;No)、通知部107は、決済失敗の通知を、可聴音、可視光、振動などにより出力する(ステップS232)。ここでの通知も他の通知とは、出力パターンが異なるものとすることが望ましい。すると、操作者は、通知の出力パターンから電子バリューの支払が失敗したことを知得できる。 When the electronic value cannot be paid from the account of the portable device, the thin client server transmits an instruction indicating that the payment is not completed. Therefore, if the instruction received by the mobile terminal 101 does not specify that payment is complete (step S226; No), the notification unit 107 outputs a notification of payment failure using audible sound, visible light, vibration, or the like. (Step S232). It is desirable that the notification here also has a different output pattern from other notifications. Then, the operator can know from the notification output pattern that the payment of the electronic value has failed.
  決済が失敗していれば(ステップS226;No)、携帯端末101は、通信フォーム801のメッセージ欄802の表示を残額不足である旨に変更して(ステップS233)、ステップS215に戻る。図13は、電子バリューの残額が不足している旨を表す通信フォームの表示例である。以下、本図を参照して説明する。 If the settlement has failed (step S226; No), the mobile terminal 101 changes the display in the message field 802 of the communication form 801 to indicate that the remaining amount is insufficient (step S233), and returns to step S215. FIG. 13 is a display example of a communication form indicating that the remaining amount of electronic value is insufficient. Hereinafter, a description will be given with reference to FIG.
  通信フォーム801のメッセージ欄802には、「残額不足です。他の可搬デバイスを近付けてください」というメッセージが表示されるので、操作者は、携帯端末101を裏返して、その旨を確認することができる。なお、支払そのものをやめたい場合には、上記のように、通信フォーム801の戻るボタン803を操作者等がタップすれば良い。 In the message field 802 of the communication form 801, the message “Balance is insufficient. Please bring another portable device close” is displayed, so the operator must turn over the mobile device 101 and confirm that. Can do. If it is desired to stop paying itself, the operator or the like may tap the return button 803 of the communication form 801 as described above.
  さて、本実施形態では、過去の支払者の生体情報と今回の支払者の生体情報とがマッチした場合には(ステップS212;Yes)、操作者による高いレベルの確認を行うことで、電子マネーの支払を可能とする。この確認には時間と手間を要するので、不正行為が繰り返し行われることを抑制することができる。 In the present embodiment, when the biometric information of the past payer and the biometric information of the present payer match (step S212; Yes), the electronic money is obtained by performing a high level confirmation by the operator. Allow payment. Since this confirmation requires time and effort, it is possible to suppress repeated fraud.
  すなわち、携帯端末101は、支払確認フォーム701をタッチスクリーンに表示する(ステップS234)。図14は、高いレベルの確認を支払者に求める支払確認フォームの表示例である。以下、本図を参照して説明する。 That is, the mobile terminal 101 displays the payment confirmation form 701 on the touch screen (step S234). FIG. 14 is a display example of a payment confirmation form that asks the payer for a high level confirmation. Hereinafter, a description will be given with reference to FIG.
  支払確認フォーム701においては、ステップS209とは異なり、メッセージ欄702に「操作者が楕円にタッチして確認」と記載され、操作者がアクションをとることを促している。 In the payment confirmation form 701, unlike step S209, “Confirm by operator touching ellipse” is described in the message field 702, prompting the operator to take an action.
  操作者がタッチ領域703にタッチをすると、携帯端末101の取得部102は、タッチスクリーンに対する接触状況から、操作者の生体情報を取得する(ステップS235)。 When the operator touches the touch area 703, the acquisition unit 102 of the mobile terminal 101 acquires the biological information of the operator from the contact state with respect to the touch screen (step S235).
  そして、端末装置101の制御部103は、ステップS235において取得された操作者の生体情報が、保持部105に保持された操作者の生体情報のいずれかとマッチするか調べる(ステップS236)。いずれかとマッチする場合は(ステップS236;Yes)、支払者が支払に同意した旨を操作者が確認したものと判断して、ステップS214に進む。 Then, the control unit 103 of the terminal device 101 checks whether the operator's biometric information acquired in step S235 matches any of the operator's biometric information held in the holding unit 105 (step S236). If it matches any one (step S236; Yes), it is determined that the operator has confirmed that the payer has agreed to the payment, and the process proceeds to step S214.
  いずれともマッチしない場合(ステップS236;No)、ステップS234における操作者の生体情報の取得が所定のリトライ回数に至っていなければ(ステップS237;No)、ステップS235に戻る。 If no match is found (step S236; No), if the acquisition of the biological information of the operator in step S234 has not reached the predetermined number of retries (step S237; No), the process returns to step S235.
  リトライ回数に至っていれば(ステップS237;Yes)、支払の決済ができないことを通知するため、携帯端末101は、タッチスクリーンにメッセージフォーム901を表示する(ステップS238)。この状況に至るのは、提供者側の作業手順によるミスや指紋センサ等の故障のほか、携帯端末101が盗まれた場合等が考えられる。図15は、電子バリューの支払ができない旨を表すメッセージフォームの表示例である。以下、本図を参照して説明する。 If the number of retries has been reached (step S237; Yes), the portable terminal 101 displays a message form 901 on the touch screen to notify that payment cannot be settled (step S238). This situation may be caused by mistakes caused by the work procedure on the provider side or a failure of the fingerprint sensor, or when the portable terminal 101 is stolen. FIG. 15 is a display example of a message form indicating that electronic value cannot be paid. Hereinafter, a description will be given with reference to FIG.
  メッセージフォーム901のメッセージ欄902には、電子バリューの支払の決済ができない旨、エラーコード、事業者の連絡先電話番号等が記載されており、提供者からの問い合わせが誘導されている。 The message field 902 of the e-mail message form 901 describes that an electronic value payment cannot be settled, an error code, a contact phone number of a business operator, and the like, and induces an inquiry from the provider.
  ここで、次へボタン903がタップされると、本態様では、処理はステップS208に戻り、電子バリューの支払額の入力が再開される。ただし、ここで、プログラム自体を停止させたり、ステップS201に戻って、提供者の再登録を行うこととしても良い。 Here, when the next button 903 is tapped, in this aspect, the process returns to step S208, and the input of the payment amount of the electronic value is resumed. However, the program itself may be stopped or the provider may be re-registered by returning to step S201.
  なお、タッチスクリーン内に表示されたタッチ領域402、703を操作者や支払者にタッチさせるのではなく、端末ハードウェアに用意された指紋センサをタッチさせるアクションを採用することによって、操作者や支払者の生体情報を取得するとともに、支払者の同意のアクションとしても良い。 Note that the touch area 402, 703 displayed in the touch screen is not touched by the operator or payer, but the action of touching the fingerprint sensor prepared in the terminal hardware is adopted, thereby allowing the operator or payer to touch. It is good also as an action of a payer's consent while acquiring a living person's biometric information.
  電子マネーシステムで、店舗において電子マネーによる支払を可能とするためには、原則として、CCT(Credit Center Terminal)接続型やPOS(Point of Sale)直結型の決済端末を導入する必要があるが、特に小規模な店舗にとっては、決済端末の導入にかかるコストは無視できない。したがって、電子マネーシステムの普及のための重要なキーの一つは、決済端末の導入に要するコストを低減することである。本実施形態によれば、スマートフォンや携帯電話などの安価な端末ハードウェアを利用することで、電子マネーシステムの決済機能の導入にかかるコストを低減し、小規模店舗に電子マネー支払を導入しやすくすることができる。 In order to be able to pay with electronic money in stores with an electronic money system, in principle, it is necessary to introduce a CCT (Credit Center Terminal) connection type or POS (Point of Sale) direct connection type payment terminal, Especially for small stores, the cost of introducing a payment terminal cannot be ignored. Therefore, one of the important keys for the spread of the electronic money system is to reduce the cost required for introducing a payment terminal. According to the present embodiment, by using inexpensive terminal hardware such as a smartphone or a mobile phone, the cost for introducing the payment function of the electronic money system is reduced, and it is easy to introduce electronic money payment to a small store. can do.
  また、本実施形態によれば、支払者の生体情報、端末ハードウェアの傾き、可聴音等による通知、場所の制限に係る技術を適宜採用することにより、電子バリューの支払についての不正行為が生じるおそれが高いと考えられる場合には、支払をしないように制御フローを進めることで、可搬デバイスとのNFCを制限するので、不正行為を効果的に抑制することができる。 In addition, according to the present embodiment, fraudulent acts relating to payment of electronic value occur by appropriately adopting technology related to payer's biometric information, terminal hardware tilt, audible sound notification, and location restrictions. When it is considered that there is a high possibility, the control flow is advanced so as not to pay, and the NFC with the portable device is restricted, so that fraud can be effectively suppressed.
  2つの生体情報が同一人から取得されたものか否かは、両者の類似度があらかじめ定めた閾値を超えたか否かにより判定するのが一般的である。すなわち、生体情報の一致が多ければ、類似度は高く、不一致が多ければ、類似度は低い。 Generally, whether or not two pieces of biological information are acquired from the same person is determined by whether or not the similarity between the two pieces of information exceeds a predetermined threshold. That is, the similarity is high if there are many matches of the biometric information, and the similarity is low if there are many mismatches.
  そこで、本実施形態では、保持部105に保持される過去の支払者の生体情報のそれぞれと、今回の支払者の生体情報と、の照合を行う際に、両者の類似度を利用する。 Therefore, in the present embodiment, when comparing each of the past payer's biometric information held in the holding unit 105 with the current payer's biometric information, the similarity between the two is used.
  上記の実施形態では、一人の支払者が店頭で支払をする状況では、ある物品を購入してレジを離れた後に、またレジに戻って別の商品を購入することは稀である、と想定して、直前の支払者の生体情報と今回の支払者の生体情報がマッチする場合には、操作者による確認を要することとして、支払のためのNFCを制限していた。 In the above embodiment, in a situation where one payer pays at a store, it is rare to purchase a certain item, leave the cash register, and return to the cash register to purchase another product. Thus, when the biometric information of the previous payer matches the biometric information of the current payer, the NFC for payment is limited as requiring confirmation by the operator.
  しかしながら、ある日に物品を購入した翌日に、当該店舗でまた物品を購入することはよくある。すなわち、一人の支払者が店頭で支払をする際に、その支払者が再度支払をする可能性は、前回の支払と今回の支払との間の経過時間によって変化すると考えられる。 However, it is often the case that an article is purchased again at the store the day after the article is purchased one day. That is, when one payer makes payment at the store, the possibility that the payer will make another payment is considered to change depending on the elapsed time between the previous payment and the current payment.
  そこで、本実施形態では、生体情報を照合する際に、マッチするか否かの類似度の閾値を、過去の支払者の生体情報が取得されてからの経過時間によって変化させることにより、生体情報の照合を適切に行うこととする。 Therefore, in the present embodiment, when collating biometric information, the similarity threshold for determining whether or not to match is changed according to the elapsed time since biometric information of a past payer is acquired, thereby obtaining biometric information. Will be properly verified.
  上記のように、前回の支払から長時間が経過すれば、同じ支払者が再度支払をする可能性は高くなる。したがって、過去の生体情報と今回の生体情報との類似度が高くとも、前回の支払から長時間が経過しているのであれば、支払の制限を解除して良い、と考えられる。 As mentioned above, if a long time elapses from the previous payment, the possibility that the same payer will pay again increases. Therefore, even if the degree of similarity between past biometric information and current biometric information is high, it is considered that the restriction on payment may be released if a long time has elapsed since the previous payment.
  本実施形態では、保持部105に保持されている過去の支払者の生体情報のそれぞれに、閾値を対応付ける。そして、支払者の生体情報が取得されてからの経過時間が長くなればなるほど、当該生体情報に対応付けられる閾値を増大させる。 In the present embodiment, a threshold is associated with each biometric information of a past payer held in the holding unit 105. And the threshold value matched with the said biometric information is increased, so that the elapsed time after a payer's biometric information is acquired becomes long.
  そして、制御部103は、過去の支払者の生体情報と、今回の支払者の生体情報と、の類似度を求めたら、この類似度を、過去の支払者の生体情報に対応付けられる閾値と比較して、類似度が閾値を超えていれば、両者はマッチするものとして、電子バリューの支払を制限する。類似度が閾値以下であれば、両者はマッチしないものと判断するのである。 Then, when the control unit 103 obtains the similarity between the biometric information of the past payer and the biometric information of the current payer, the control unit 103 sets the similarity to a threshold associated with the biometric information of the past payer. In comparison, if the degree of similarity exceeds the threshold value, both are matched and the payment of electronic value is restricted. If the similarity is less than or equal to the threshold value, it is determined that the two do not match.
  なお、支払者の生体情報が取得されてからの経過時間のかわりに、支払者の生体情報に係る支払が完了してからの経過時間を採用することもできる。たとえば、店頭レジにおいて、物品の購入が済んだ後に、レジ横に置いてある物品を追加購入することは、一般消費者がとりうる行動である。この場合には、前回の支払が完了してから、物品の追加購入をする旨を店員に告げ、店員が物品の金額をチェックして入力し、消費者の支払の同意を得るまでに、数十秒程度の時間を要するものと考えられる。 It should be noted that, instead of the elapsed time after the payer's biometric information is acquired, the elapsed time after the payment related to the payer's biometric information is completed may be employed. For example, after a product has been purchased at a store cash register, it is an action that can be taken by a general consumer to purchase an item placed next to the cash register. In this case, after completing the previous payment, tell the store clerk that you want to purchase additional items, check and enter the amount of the item, and wait until the consumer agrees to pay It is thought that it takes about 10 seconds.
  一方で、不正行為により連続して電子バリューを盗み出そうとする者は、前回の不正取得が成功したら直ちに次の不正取得をしようとするものと考えられる。したがって、不正取得者が、前回の支払(略取)を完了してから、次の支払の金額を入力し、生体情報の取得に至るまでの時間は、数秒程度になるものと考えられる。 On the other hand, it is considered that a person who tries to steal electronic value continuously by fraudulent attempts to acquire the next fraud immediately after the previous fraudulent acquisition succeeds. Therefore, it is considered that the time from when the unauthorized acquirer completes the previous payment (scheme) to input the amount of the next payment and to obtain the biometric information is about several seconds.
  このような状況を考慮すれば、閾値は、前回の支払が完了してからの経過時間に応じて、以下のように変化させれば良いものと考えられる。すなわち、経過時間が数秒程度であれば、閾値を低く抑え、数十秒程度の間は閾値を高くする。その後は、閾値を急激に減少させてから、緩やかに増大させる。 考慮 In consideration of this situation, the threshold may be changed as follows according to the elapsed time since the last payment was completed. That is, if the elapsed time is about several seconds, the threshold value is kept low, and the threshold value is raised for about several tens of seconds. Thereafter, the threshold value is rapidly decreased and then gradually increased.
  経過時間に応じた閾値は、提供者の客層の行動パターンと不正利用者の行動パターンとに応じて、適宜設定を変更することとしても良い。 閾 値 The threshold value corresponding to the elapsed time may be changed as appropriate according to the behavior pattern of the customer layer of the provider and the behavior pattern of the unauthorized user.
  なお、操作者の生体情報と今回の支払者の生体情報とを照合する際の類似度の閾値は、一定値を維持することが望ましい。電子バリューによる支払を受け付けている間、操作者は変わらないからである。 It should be noted that it is desirable to maintain a constant value for the similarity threshold when collating the biometric information of the operator with the biometric information of the current payer. This is because the operator does not change while accepting payment by electronic value.
  本実施例によれば、支払者の行動に応じて、生体情報の照合判断を適切に行うことができるようになる。 According to the present embodiment, it is possible to appropriately perform the biometric information collation determination according to the payer's action.
  上記の態様では、支払者の生体情報によるチェックを経れば、電子バリューの支払をしていたが、本態様では、不正利用をより一層抑制する観点から、操作者の確認をさらに行うこととする。 In the above aspect, the electronic value has been paid through the check by the payer's biometric information. In this aspect, however, the operator is further confirmed from the viewpoint of further suppressing unauthorized use. To do.
  すなわち、上記態様では、支払の額がシンクライアント用サーバに伝達される毎に、携帯端末101が提供者に紐付けされたものであるか否かを確認する。本態様では、支払の度に、操作者のチェックを行うこととする。 That is, in the above aspect, every time the payment amount is transmitted to the thin client server, it is confirmed whether or not the mobile terminal 101 is associated with the provider. In this aspect, the operator checks each time payment is made.
  たとえば、ステップS203-S204において操作者の生体情報を登録するのに加えて、さらに、操作者に決済用パスワードを登録させる。 For example, in addition to registering the biological information of the operator in steps S203 to S204, the operator is further required to register a settlement password.
  このほか、シンクライアント用サーバに、有効期限(典型的には、今日のみ)が設定された決済用パスワードを生成させる態様もある。この態様では、携帯端末101と提供者との紐付けがなされると、シンクライアント用サーバが決済用パスワードを生成して、ログイン成功の際に携帯端末101に知らせる。携帯端末101は、シンクライアント用サーバから通知された決済用パスワードをステップS205において概要フォーム501内に表示し、操作者に知得させる。 ほ か In addition, there is also a mode in which the thin client server generates a payment password with an expiration date (typically only today). In this aspect, when the portable terminal 101 and the provider are linked, the thin client server generates a payment password and notifies the portable terminal 101 when the login is successful. The portable terminal 101 displays the settlement password notified from the thin client server in the overview form 501 in step S205 to make the operator know.
  そして、金額フォーム601における次へボタン604のタップにかえて操作者に再度決済用パスワードを入力させたり、支払者による支払同意のアクションの検知の前後に操作者に再度決済用パスワードを入力させる、等により、操作者の身元を確認する、という手法である。 Then, instead of tapping the next button 604 on the amount form 601, the operator inputs the payment password again, or the operator inputs the payment password again before and after detecting the payment consent action by the payer. This is a method of confirming the identity of the operator by, for example.
  このほか、ステップS203-S204において、操作者自身が所有する可搬デバイスを検知して、この可搬デバイスの識別番号により、操作者の身元を確認する、という手法もある。この態様では、操作者(売り子)は、自身の可搬デバイスを携帯端末101に翳して、支払のやり方の見本を支払者に見せると同時に、可搬デバイスによる操作者の認証も行うことができる。 In addition, in steps S203 to S204, there is a method in which the portable device owned by the operator is detected and the operator's identity is confirmed by the identification number of the portable device. In this aspect, the operator (seller) can put his / her portable device on the portable terminal 101 to show the payer a sample of the payment method, and at the same time can authenticate the operator using the portable device. .
  この態様では、操作者の登録の際に、操作者が用意した可搬デバイスから一定額(一日の売上額程度)を供託させ、営業が終了した後に同じ可搬デバイスを翳すことで、供託させた電子バリューを返還する、という手順をとることも可能である。 In this aspect, at the time of registration of the operator, by depositing a fixed amount (about the amount of sales per day) from the portable device prepared by the operator, by deceiving the same portable device after the end of business, It is also possible to take the procedure of returning the deposited electronic value.
  なお、操作者の身元確認は、シンクライアント用サーバにて行っても良いし、携帯端末101に保存された決済用パスワードに基づいて、携帯端末101が判定することとしても良い。 Note that the identity of the operator may be confirmed by the thin client server, or may be determined by the portable terminal 101 based on the settlement password stored in the portable terminal 101.
  上記態様では、支払者がタッチスクリーンや指紋センサにタッチするアクションにより支払の同意を得ていたが、本態様では、これにかえて、もしくは、これに加えて、支払者が所有するスマートフォン等を利用する。 In the above aspect, the payer has obtained payment consent by the action of touching the touch screen or the fingerprint sensor. However, in this aspect, in addition to or in addition to this, a smartphone or the like owned by the payer Use.
  すなわち、操作者により支払の額が入力された操作者の携帯端末101は、決済用のワンタイムパスワードを生成する。ワンタイムパスワードは、その度にランダムに生成しても良いし、あらかじめ用意したものを適宜利用しても良い。 That is, the operator's mobile terminal 101 to which the amount of payment has been input by the operator generates a one-time password for settlement. The one-time password may be randomly generated each time, or a prepared one may be used as appropriate.
  そして、操作者の携帯端末101は、たとえばBluetooth(登録商標)や赤外線通信等の近距離通信により、支払者のスマートフォンや携帯電話等の表示端末に、支払の額とワンタイムパスワードを送る。 Then, the mobile terminal 101 of the operator sends the payment amount and the one-time password to the display terminal such as the payer's smart phone or mobile phone by short-range communication such as Bluetooth (registered trademark) or infrared communication.
  支払者の表示端末は、受信した支払の額とワンタイムパスワードを画面に表示する。この後、支払者は、表示された額の支払に同意するならば、表示されたワンタイムパスワードを操作者の携帯端末101に入力するアクションを行うのである。 The payer's display terminal displays the received payment amount and the one-time password on the screen. Thereafter, if the payer agrees to pay the displayed amount, the payer performs an action of inputting the displayed one-time password into the mobile terminal 101 of the operator.
  本態様では、支払者の生体情報によるチェックを上記態様と同じように利用することもできるが、支払者のスマートフォンや携帯電話に割り当てられた識別情報(MACアドレスや製造番号等)を、上記態様における支払者の生体情報のかわりに利用することもできる。 In this aspect, the check by the payer's biometric information can be used in the same manner as in the above aspect, but the identification information (MAC address, serial number, etc.) assigned to the payer's smartphone or mobile phone is used in the above aspect. It can also be used in place of the payer's biometric information.
  なお、識別情報の対比においては、一致するか否か、すなわち、類似度が0%か100%か、が判定される。そこで、経過時間が数十秒までは同じ識別情報であっても支払を可能とするが、その後は一旦支払を不可能とし、数時間経過した後はまた支払を可能とする、等、同じ識別情報であっても経過時間に応じて支払を受け入れるか拒否するかを切り替えることとしても良い。この態様は、上述の、経過時間に応じて照合の閾値を変化させる態様に相当する。 Note that in the comparison of the identification information, it is determined whether or not they match, that is, whether the similarity is 0% or 100%. So, even if the elapsed time is up to several tens of seconds, payment is possible even with the same identification information, but after that it is impossible to pay once, and after several hours, payment is possible again, etc. Even if it is information, it is good also as switching whether payment is accepted or refused according to elapsed time. This mode corresponds to the above-described mode in which the matching threshold is changed according to the elapsed time.
  支払者のスマートフォン等の識別情報を支払者の生体情報のかわりに利用する態様によれば、不正利用者は「支払者のスマートフォン等」に相当する機器を大量に用意しなければ、不正な引出しを繰り返すことができなくなる。したがって、不正利用を抑制することができる。 According to the aspect in which the identification information of the payer's smart phone or the like is used instead of the payer's biometric information, an unauthorized user must use a large amount of equipment corresponding to the “payer's smart phone or the like” to obtain an unauthorized withdrawal. Cannot be repeated. Therefore, unauthorized use can be suppressed.
  携帯端末を介した電子財産の承継の可否を、携帯端末が現在移動しているか否かによって判断することも可能である。この態様では、携帯端末の利用可能地域をあらかじめ設定する必要がなくなる。なお、本態様は、単独で利用することも可能であるし、上記実施例と適宜組み合せることも可能である。 It is also possible to determine whether or not the electronic property can be inherited through the mobile terminal based on whether or not the mobile terminal is currently moving. In this aspect, it is not necessary to set the available area of the mobile terminal in advance. In addition, this aspect can also be utilized independently and can also be combined with the said Example suitably.
  一般に、人込みで電子財産を窃取しようとする不正行為者は、その行為が露見するのを防ぐため、同じ場所に留まるのではなく、移動しながら不正行為をすることが多い。また、混雑している電車やバスなどの中で不正行為を働く場合には、不正行為者は電車やバスとともに移動している。 不正 In general, fraudsters who try to steal electronic property with people often do cheating while moving rather than staying in the same place to prevent the acts from being revealed. In addition, when a cheating person works in a crowded train or bus, the cheating person moves with the train or bus.
  一方で、各種イベントやフリーマーケット、蚤の市などに出店するショップは、本来の拠点から移動はするものの、実際に売買を行う場合には、出店用に割り当てられた区画から移動することはない。 On the other hand, shops that open stores in various events, flea markets, flea markets, etc., move from their original bases, but do not move from the section allocated for opening stores when they actually buy or sell.
  そこで、携帯端末101が現在移動中であるか否かを推定し、現在移動中である、と推定された場合には、電子財産の承継を制限することによって、上記のような不正行為を抑制することができる。 Therefore, it is estimated whether or not the mobile terminal 101 is currently moving, and if it is estimated that it is currently moving, by suppressing the inheritance of electronic property, the above fraudulent acts are suppressed. can do.
  本態様では、携帯端末101の検知部109は、プログラムの起動時(ステップS206)のほか、承継される電子財産を特定する段階(ステップS208)、電子財産の所有者に承継に同意するためのアクションを求める段階(ステップS209)等で、携帯端末101の現在の位置を検知する。 In this aspect, the detection unit 109 of the mobile terminal 101 is not only for starting the program (step S206) but also for identifying the electronic property to be succeeded (step S208), and for consenting to the inheritance to the owner of the electronic property. At the stage of obtaining an action (step S209), the current position of the mobile terminal 101 is detected.
  そして、検知された位置の履歴を、携帯端末101の内部の記録媒体に蓄積する。なお、これらの位置の履歴を、シンクライアント用サーバに蓄積させ、電子財産の承継が行われた場所を特定して記録し、電子マネー事業者の配布サーバや管理サーバに伝達することとすれば、電子取引の安全性を増すことができる。 Then, the history of the detected position is stored in a recording medium inside the mobile terminal 101. It is to be noted that the history of these locations is accumulated on the thin client server, the location where the electronic property is taken over is specified and recorded, and is transmitted to the distribution server or management server of the electronic money business operator. , Can increase the safety of electronic transactions.
  以下では、携帯端末101に蓄積される位置ならびに当該位置が検知された時刻の組は、所定の上限個まで記録されることとする。 In the following, a set of positions accumulated in the mobile terminal 101 and times when the positions are detected is recorded up to a predetermined upper limit.
  たとえば、携帯端末101に、日時t0に検知された位置p0、日時t1に検知された位置p1、日時t2に検知された位置p2、…、日時tN-1に検知された位置pN-1が記録されている状態で、現在一時tNに位置pNが検知された状況を考える。すると、履歴に記録できる組の上限がNである場合には、不要な情報を1組消去する必要がある。 For example, the portable terminal 101, the position p 0 which is detected in time t 0, the position p 1, which is detected in time t 1, time t 2 position p 2, which is detected, ..., are detected in time t N-1 in a state where the position p N-1 is recorded, consider the situation where the position p N to the current one o'clock t N is detected. Then, when the upper limit of sets that can be recorded in the history is N, it is necessary to delete one set of unnecessary information.
  ここで、その前後の日時および位置の組から近似できる日時および位置の組は、不要な情報であると考えられる。たとえば、携帯端末101が等速で移動中もしくは停止している状態にて検知された組は、前後の日時および位置の組から近似できる。 日 時 Here, the date and position set that can be approximated from the date and position set before and after that is considered to be unnecessary information. For example, a pair detected when the mobile terminal 101 is moving or stopped at a constant speed can be approximated from a pair of date and time and position before and after.
  すると、i番目の組の直前の移動の速さ
    vi = |pi-pi-1|/(ti-ti-1)
と、直後の移動の速さ
    vi+1 = |pi+1-pi|/(ti+1-ti)
と、が、ほぼ等しい場合、すなわち、速さの差分
    ai = vi+1 - vi
がほぼ0である場合には、組ti, piは、履歴としての有用性が低いことになる。ここで、速さの差分は、直前の移動の速さによって直後の移動の速さを近似するときの誤差と考えることができる。 Then, the speed of movement just before the i-th set v i = | p i -p i-1 | / (t i -t i-1 )
And the speed of the next movement v i + 1 = | p i + 1 -p i | / (t i + 1 -t i )
And are almost equal, that is, the speed difference a i = v i + 1 -v i
If it is approximately 0, the set t i, p i would less useful as a history. Here, the difference in speed can be considered as an error when approximating the speed of the immediately following movement by the speed of the immediately preceding movement.
  そこで、上記の定義に基づいて、携帯端末101は、速さの差分
    a1, a2, …, aN-1
を計算し、速さの差分の絶対値が最も小さくなる添字
    k = argmini = 1, 2, …, N-1 |ai|
を選択する。 Therefore, based on the above definition, the portable terminal 101, the speed difference a 1, a 2, ..., a N-1
Subscript k = argmin i = 1, 2,…, N-1 | a i |
Select.
  そして、選択されたkに基づいて、携帯端末101は、日時tkおよび位置pkを消去し、tk+1, tk+2, …, tNならびにpk+1, tk+2, …, tNを、新たなtk, tk+1, …, tN-1ならびにpk, tk+1, …, tN-1とする。この置換処理によって、携帯端末101内に蓄積される組の数を、所定上限数以下に抑えることができる。 Then, based on the selected k, the mobile terminal 101 deletes the time t k and the position p k, t k + 1, t k + 2, ..., t N and p k + 1, t k + 2 , ..., a t N, a new t k, t k + 1, ..., t N-1 and p k, t k + 1, ..., and t N-1. By this replacement processing, the number of sets stored in the mobile terminal 101 can be suppressed to a predetermined upper limit number or less.
  なお、v1, v2, …, vk-1や、a1, a2, …, ak-2は、置換処理の前後で値が変化しないので、メモリ内に保存しておき、次回以降の作業の際に再利用することもできる。 Note that the values of v 1 , v 2 ,…, v k-1 and a 1 , a 2 ,…, a k-2 do not change before and after the replacement process. It can be reused in subsequent work.
  このほか、ほぼ等速もしくは停止していることの判定には、4次元ベクトルを利用する手法もある。すなわち、
    (pi-1,ti-1)に対応付けられる4次元位置ベクトルと、(pi+1,ti+1)に対応付けられる4次元位置ベクトルと、を通過する4次元直線と、
    (pi,ti)に対応付けられる4次元位置ベクトルと、
の距離を、上記の速さの差分のかわりに利用することとしても良い。この距離が小さければ小さいほど、(pi-1,ti-1)および(pi+1,ti+1)によって、(pi,ti)を近似できるからである。 In addition, there is a method using a four-dimensional vector for determining whether the speed is almost constant or stopped. That is,
and (p i-1, t i -1) 4 -dimensional position vector associated with the, and four-dimensional straight line passing through the, and four-dimensional position vector associated with the (p i + 1, t i + 1),
a four-dimensional position vector associated with (p i , t i ),
This distance may be used in place of the above speed difference. This is because the smaller this distance is, the closer (p i , t i ) can be approximated by (p i−1 , t i−1 ) and (p i + 1 , t i + 1 ).
  この場合、3次元ベクトルで表現される位置piの各要素の物理単位は、長さ(m, km, マイル等)であり、追加される次元である日時tiの物理単位は、時間(時、分、秒等)であるから、4次元位置ベクトルと4次元直線との距離を求めるためには、単位を揃える必要がある。 In this case, the physical unit of each element at the position p i represented by a three-dimensional vector is a length (m, km, mile, etc.), and the physical unit of the date and time t i that is the added dimension is time ( In order to obtain the distance between the 4D position vector and the 4D line, it is necessary to align the units.
  そこで、本実施形態では、後述する移動速度の閾値cを日時の要素に乗じることで、4次元ベクトルの各要素の物理単位を長さに揃えることとする。たとえば、
    pi = (xi,yi,zi)
のように成分表記をしたとき、(pi,ti)に対応付けられる4次元位置ベクトルwiは、
    wi = (xi,yi,zi,c・ti)
のように成分表記をすることができる。 Therefore, in the present embodiment, the physical unit of each element of the four-dimensional vector is aligned with the length by multiplying the date / time element by a moving speed threshold c described later. For example,
p i = (x i , y i , z i )
When the component notation is as follows, the four-dimensional position vector w i associated with (p i , t i ) is
w i = (x i , y i , z i , c ・ t i )
The component notation can be expressed as follows.
  位置ベクトルwiに位置する点と、位置ベクトルwi-1, wi+1に位置する2点を通過する直線と、の距離hは、以下のように計算することができる。なお、以下では、理解を容易にするため、点を、当該点の位置ベクトルで、適宜表記する。 A point located position vector w i, a straight line passing through the two points located at the position vector w i-1, w i + 1, the distance h can be calculated as follows. Hereinafter, in order to facilitate understanding, a point is appropriately described by a position vector of the point.
  まず、3点wi-1, wi, wi+1を頂点とする三角形の面積Sは、2つのベクトルwi-1-wi, wi+1-wiのなす角をθとしたとき、
    2S = |wi-1-wi|・|wi+1-wi|・sinθ
と書くことができる。 First, the area S of the triangle having vertices at three points w i-1 , w i , w i + 1 is the angle between two vectors w i-1 -w i , w i + 1 -w i as θ. When
2S = | w i-1 -w i | ・ | w i + 1 -w i | ・ sinθ
Can be written.
  一方で、点wi-1と点wi+1を結ぶ線分を底辺と見れば、当該線分から点wiまでの高さが距離hに相当する。したがって、
    2S = |wi+1-wi-1|・h On the other hand, if a line segment connecting the points w i−1 and w i + 1 is viewed as the base, the height from the line segment to the point w i corresponds to the distance h. Therefore,
2S = | w i + 1 -w i-1 | ・ h
  これらより、距離hは、
    h = |wi-1-wi|・|wi+1-wi|・sinθ / |wi+1-wi-1| From these, the distance h is
h = | w i-1 -w i | ・ | w i + 1 -w i | ・ sinθ / | w i + 1 -w i-1 |
  一方、ベクトルの内積を求める演算をinpと表記すると、
    inp(wi-1-wi, wi+1-wi) = |wi-1-wi|・|wi+1-wi|・cosθ
であるから、
    cosθ=inp(wi-1-wi, wi+1-wi)/(|wi-1-wi|・|wi+1-wi|)
である。 On the other hand, if the operation for calculating the inner product of vectors is expressed as inp,
inp (w i-1 -w i , w i + 1 -w i ) = | w i-1 -w i | ・ | w i + 1 -w i | ・ cosθ
Because
cosθ = inp (w i-1 -w i , w i + 1 -w i ) / (| w i-1 -w i | ・ | w i + 1 -w i |)
It is.
  そして、
    sinθ=(1 - cos2θ)1/2
によりsinθが得られるから、求めたい距離hは、
    h = |wi-1-wi|・|wi+1-wi|・sinθ / |wi+1-wi-1|
のように計算できる。 And
sinθ = (1-cos 2 θ) 1/2
Sinθ can be obtained by
h = | w i-1 -w i | ・ | w i + 1 -w i | ・ sinθ / | w i + 1 -w i-1 |
It can be calculated as follows.
  このように、近似による誤差を、4次元における距離によって表現し、この誤差が最小の組を消去することで、想定される移動速度の閾値に適合した誤差で、履歴内の情報の有用度を特定することができるようになる。 In this way, the error due to approximation is expressed by the distance in the four dimensions, and by eliminating the set with the smallest error, the usefulness of the information in the history can be increased with an error that matches the assumed threshold of the moving speed. To be able to identify.
  なお、携帯端末101内に蓄積される組の数が上限に到達したら、複数の組を消去することとしても良い。たとえば、携帯端末101は、前半の日時において速さ差分が最小のものを1つ選び、後半の日時において速さ差分が最小のものを1つ選び、選ばれた2つを消去する、等の態様である。 Note that when the number of pairs stored in the mobile terminal 101 reaches the upper limit, a plurality of sets may be deleted. For example, the mobile terminal 101 selects one with the smallest speed difference in the first half of the date, selects one with the smallest speed difference in the second half of the date, and erases the selected two, etc. It is an aspect.
  このように、携帯端末101に記録される位置およびその位置が検知された日時の履歴の数を、所定上限数に抑えた上で、携帯端末101は、携帯端末101の直近の移動速度を算定する。 In this way, the mobile terminal 101 calculates the latest moving speed of the mobile terminal 101 after limiting the number of records of the position recorded on the mobile terminal 101 and the history of the date and time when the position was detected to a predetermined upper limit number. To do.
  ここで、携帯端末101に、履歴として、日時および位置のM個の組が記録されている場合には、直近の移動速度として、単純に
    vM-1 = |pM-1-pM-2|/(tM-1-tM-2)
を採用することができる。 Here, when M sets of date / time and position are recorded as history in the mobile terminal 101, v M-1 = | p M-1 -p M- 2 | / (t M-1 -t M-2 )
Can be adopted.
  また、時刻tM-1から所定閾時間前(たとえば、5分前を閾時間Dとする)以前の時刻のうち、最も現在に近い時刻tL
    L = max {i | i = 1, 2, …, M-2; tM-1-ti≧D}  
に基づいて、直近の移動速度
    vrecent = |pM-1-pL|/(tM-1-tL)
を計算しても良い。 Also, among times before a predetermined threshold time (for example, 5 minutes before the threshold time D) before the time t M-1 , the time t L closest to the present time is L = max (i | i = 1, 2 ,…, M-2; t M-1 -t i ≧ D}
Based on the latest moving speed v recent = | p M-1 -p L | / (t M-1 -t L )
May be calculated.
  このほか、直近の平均速度
    (vL + vL+1 + … + vM-1)/(M-L)
や、直近の最大速度
    max {vL, vL+1, …, vM-1}
等を、直近の移動速度vrecentとしても良い。 In addition, the latest average speed (v L + v L + 1 +… + v M-1 ) / (ML)
Or the latest maximum speed max {v L , v L + 1 ,…, v M-1 }
Etc. may be the latest movement speed v recent .
  さて、人間は、時速4km程度の速度で歩いて移動する。また、東京を環状に走る山手線電車は、約1時間で一周34.5kmを移動する。 Now, humans walk and move at a speed of about 4 km / h. In addition, the Yamanote Line train that runs in a circle in Tokyo travels 34.5 km in one hour.
  これらを考慮すると、直近の移動速度が、移動速度の閾値c(たとえば時速1km)以下であれば、携帯端末101は移動していない、と推定することができる。判定のための移動速度の閾値cは、適用分野に応じて適宜定めることができる。 Considering these, if the most recent moving speed is equal to or lower than the moving speed threshold c (for example, 1 km / h), it can be estimated that the mobile terminal 101 is not moving. The moving speed threshold value c for determination can be appropriately determined according to the application field.
  そして、携帯端末101が移動している、と推定された場合には、上記の実施例と同様に、電子バリューの支払等電子財産の承継を制限すれば良い。 When it is estimated that the mobile terminal 101 is moving, it is only necessary to restrict the succession of electronic property such as payment of electronic value as in the above embodiment.
  なお、この態様では、ショップがイベントなど出先に出店する場合には、実際に会計を始める時刻より閾時間D以上前の時点でプログラムを起動して、現在位置の検知を行うこととすれば、携帯端末101は移動していない、と判定されることになる。また、携帯端末101が移動していると判定された場合であっても、時間をおきながら何回か再試行を繰り返せば、検知位置および時刻が履歴に登録されるので、閾時間D経過後には、電子バリューによる支払いの制限が解除されることになる。 In this aspect, if the shop opens at a destination such as an event, if the program is started at a time before the threshold time D or more before the actual start of accounting, and the current position is detected, It is determined that the mobile terminal 101 is not moving. Even if it is determined that the mobile terminal 101 is moving, if the retry is repeated several times while taking time, the detection position and time are registered in the history. The restriction on payment by electronic value will be lifted.
  したがって、携帯端末101の利用可能地域をあらかじめ明示的に設定しなくとも、イベントなどの出店先でも、容易に携帯端末101の利用可能地域を、移動速度に基づいて制限することができる。 Therefore, even if the area where the mobile terminal 101 can be used is not explicitly set in advance, the area where the mobile terminal 101 can be used can be easily limited based on the moving speed even at a store opening place such as an event.
  (まとめ)
  このように、本発明の実施形態に係る携帯端末は、電子財産の所有者へ操作者により提示される携帯端末であって、当該携帯端末はプログラムを実行することにより、
  前記携帯端末の位置を検知する検知部、
  前記検知された位置の履歴から、前記携帯端末が移動中であるか否かを推測し、前記携帯端末が移動中であると推測されれば、前記所有者から前記操作者への前記電子財産の承継に供される可搬デバイスとの近接場通信を制限する制御部
  を備えるように構成することができる。 (Summary)
Thus, the mobile terminal according to the embodiment of the present invention is a mobile terminal presented by the operator to the owner of the electronic property, and the mobile terminal executes the program,
A detection unit for detecting the position of the mobile terminal;
From the history of the detected position, it is estimated whether or not the mobile terminal is moving, and if it is estimated that the mobile terminal is moving, the electronic property from the owner to the operator It can be configured to include a control unit that restricts near-field communication with a portable device used for succession.
  また、本実施形態に係る携帯端末において、
  前記検知された位置ならびに当該位置が検知された日時の組は、前記携帯端末に所定上限数まで蓄積され、
  前記検知部により新たな位置が検知されると、前記蓄積された組のうち、当該組の前後に検知された組から近似された誤差が最小の組が消去され、当該新たな位置ならびに当該新たな位置が検知された日時が蓄積される
  ように構成することができる。 In the mobile terminal according to the present embodiment,
The set of the detected position and the date and time when the position is detected is accumulated up to a predetermined upper limit number in the mobile terminal,
When a new position is detected by the detection unit, among the accumulated sets, the set with the smallest error approximated from the sets detected before and after the set is deleted, and the new position and the new position are deleted. It can be configured to store the date and time when a correct position was detected.
  また、本実施形態に係る携帯端末において、
  前記蓄積された組を、当該組に係る日時の順に、(p0,t0), (p1,t1), (p2,t2), …, (pN-1,tN-1)と表記し、
  当該組に係る日時の順に、整数i = 1, 2, …, N-1のそれぞれについての移動の速さ
    vi = |pi-pi-1|/(ti-ti-1)
と、整数i = 1, 2, …, N-2のそれぞれについての移動の速さの差分
    ai = |vi+1 - v{i}|
と、を求め、
    i番目の組に対する前記誤差を、aiとする
  ように構成することができる。 In the mobile terminal according to the present embodiment,
The accumulated pairs are arranged in the order of the date and time relating to the pair (p 0 , t 0 ), (p 1 , t 1 ), (p 2 , t 2 ), ..., (p N-1 , t N- 1 )
The speed of movement for each of the integers i = 1, 2,…, N-1 in the order of the date and time related to the pair v i = | p i -p i-1 | / (t i -t i-1 )
And the difference in the speed of movement for each of the integers i = 1, 2,…, N-2 a i = | v i + 1 -v {i} |
And
The error for the i-th set can be configured to be a i .
  また、本実施形態に係る携帯端末において、
  前記制御部は、
  前記検知された位置の履歴から、前記携帯端末の直近の移動速度を算定し、前記推定された直近の移動速度と所定の閾値とを比較して、前記携帯端末が移動中であるか否かを推定し、
  前記蓄積された組に係る日時に、前記閾値をそれぞれ乗じることにより、前記蓄積された組を、当該組に係る日時の順に、4次元位置ベクトルw0, w1, w2, …, wN-1に、それぞれ対応付け、
  整数i = 1, 2, …, N-2のうち、wi-1とwi+1とを結ぶ直線と、wiと、の距離を、整数iに対応付けられる組に対する前記誤差とする
  ように構成することができる。 In the mobile terminal according to the present embodiment,
The controller is
Whether or not the portable terminal is moving is calculated from the history of the detected position by calculating the latest moving speed of the portable terminal and comparing the estimated latest moving speed with a predetermined threshold. Estimate
The date and time according to the accumulated set by multiplying the threshold value, respectively, the stored set, in order of date according to that set, four-dimensional position vector w 0, w 1, w 2 , ..., w N -1 , map each
Among the integers i = 1, 2,..., N−2, the distance between the straight line connecting w i−1 and w i + 1 and w i is the error for the set associated with the integer i. It can be constituted as follows.
  また、本実施形態に係る携帯端末において、
  前記所有者から前記操作者への前記電子財産の承継がされると、前記検知された位置ならびに当該位置が検知された日時を、当該承継がされた位置ならびに日時として、サーバに伝達する
  ように構成することができる。 In the mobile terminal according to the present embodiment,
When the electronic property is succeeded from the owner to the operator, the detected position and the date and time when the position is detected are transmitted to the server as the succeeded position and the date and time. Can be configured.
  本実施形態に係るサーバは、
  電子財産の所有者へ操作者により提示される携帯端末にプログラムを配布するサーバであって、当該携帯端末はプログラムを実行することにより、
  前記携帯端末の位置を検知し、
  前記検知された位置の履歴から、前記携帯端末が移動中であるか否かを推測し、
  前記携帯端末が移動中であると推測されれば、前記所有者から前記操作者への前記電子財産の承継に供される可搬デバイスとの近接場通信を制限する
  ように構成することができる。 The server according to this embodiment is
A server that distributes a program to a mobile terminal presented by an operator to an owner of electronic property, and the mobile terminal executes the program,
Detecting the position of the mobile terminal;
From the history of the detected position, it is estimated whether the mobile terminal is moving,
If it is estimated that the mobile terminal is moving, it can be configured to limit near-field communication with a portable device that is used for succession of the electronic property from the owner to the operator. .
  本実施形態に係る制御方法では、電子財産の所有者へ操作者により提示される携帯端末が、プログラムを実行することにより、
  前記携帯端末の位置を検知し、
  前記検知された位置の履歴から、前記携帯端末が移動中であるか否かを推測し、
  前記携帯端末が移動中であると推測されれば、前記所有者から前記操作者への前記電子財産の承継に供される可搬デバイスとの近接場通信を制限する
  ように構成することができる。 In the control method according to the present embodiment, the portable terminal presented by the operator to the owner of the electronic property executes the program,
Detecting the position of the mobile terminal;
From the history of the detected position, it is estimated whether the mobile terminal is moving,
If it is estimated that the mobile terminal is moving, it can be configured to limit near-field communication with a portable device that is used for succession of the electronic property from the owner to the operator. .
  本実施形態に係るプログラムは、電子財産の所有者へ操作者により提示される携帯端末を、
  前記携帯端末の位置を検知する検知部、
  前記検知された位置の履歴から、前記携帯端末が移動中であるか否かを推測し、前記携帯端末が移動中であると推測されれば、前記所有者から前記操作者への前記電子財産の承継に供される可搬デバイスとの近接場通信を制限する制御部
  として機能させるように構成することができる。 The program according to this embodiment is a portable terminal presented by an operator to an owner of electronic property.
A detection unit for detecting the position of the mobile terminal;
From the history of the detected position, it is estimated whether or not the mobile terminal is moving, and if it is estimated that the mobile terminal is moving, the electronic property from the owner to the operator It can be configured to function as a control unit that restricts near-field communication with portable devices that are used for succession.
  本発明によれば、電子財産の所有者から当該電子財産を承継しようとする操作者が当該所有者に提示する携帯端末において、不正使用を抑制するのに好適な携帯端末、当該携帯端末で実行されるプログラムを配布するサーバ、当該携帯端末の制御方法、ならびに、当該プログラムを提供することができる。 According to the present invention, in a portable terminal presented to the owner by an operator who intends to inherit the electronic property from the owner of the electronic property, the portable terminal suitable for suppressing unauthorized use is executed on the portable terminal. The server for distributing the program to be executed, the method for controlling the portable terminal, and the program can be provided.
  101 携帯端末
  102 取得部
  103 制御部
  104 プロンプト部
  105 保持部
  106 消去部
  107 通知部
  108 設定部
  109 検知部
  251 端末ハードウェア
  252 タッチスクリーン
  253 マーク
  254 可搬デバイス
  301 入力フォーム
  302 ショップコード欄
  303 パスワード欄
  304 次へボタン
  401 指紋登録フォーム
  402 タッチ領域
  403 登録ボタン
  404 次へボタン
  501 概要フォーム
  502 概要欄
  503 次へボタン
  504 最初からボタン
  601 金額フォーム
  602 バリュー欄
  603 ソフトウェアキーボード
  604 次へボタン
  701 支払確認フォーム
  702 メッセージ欄
  703 タッチ領域
  705 戻るボタン
  801 通信フォーム
  802 メッセージ欄
  803 戻るボタン
  901 メッセージフォーム
  902 メッセージ欄
  903 次へボタン 101 Mobile terminal 102 Acquisition unit 103 Control unit 104 Prompt unit 105 Holding unit 106 Deletion unit 107 Notification unit 108 Setting unit 109 Detection unit 251 Terminal hardware 252 Touch screen 253 Mark 254 Portable device 301 Input form 302 Shop code field 303 Password field 304 Next button 401 Fingerprint registration form 402 Touch area 403 Registration button 404 Next button 501 Overview form 502 Overview field 503 Next button 504 Start button 601 Amount form 602 Value field 603 Software keyboard 604 Next button 701 Payment confirmation form 702 Message field 703 Touch area 705 Back button 801 Communication form 802 Message field 803 Back button 901 Message form 902 Message field 903 Next button

Claims (8)

  1.   電子財産の所有者へ操作者により提示される携帯端末であって、当該携帯端末はプログラムを実行することにより、
      前記携帯端末の位置を検知する検知部、
      前記検知された位置の履歴から、前記携帯端末が移動中であるか否かを推測し、前記携帯端末が移動中であると推測されれば、前記所有者から前記操作者への前記電子財産の承継に供される可搬デバイスとの近接場通信を制限する制御部
      を備えることを特徴とする携帯端末。     A portable terminal presented by an operator to the owner of the electronic property, the portable terminal executing a program,
    A detection unit for detecting the position of the mobile terminal;
    From the history of the detected position, it is estimated whether or not the mobile terminal is moving, and if it is estimated that the mobile terminal is moving, the electronic property from the owner to the operator A portable terminal comprising: a control unit that restricts near-field communication with a portable device that is used for succession of a mobile phone.
  2.   前記検知された位置ならびに当該位置が検知された日時の組は、前記携帯端末に所定上限数まで蓄積され、
      前記検知部により新たな位置が検知されると、前記蓄積された組のうち、当該組の前後に検知された組から近似された誤差が最小の組が消去され、当該新たな位置ならびに当該新たな位置が検知された日時が蓄積される
      ことを特徴とする請求項1に記載の携帯端末。     The set of the detected position and the date and time when the position is detected is accumulated up to a predetermined upper limit number in the mobile terminal,
    When a new position is detected by the detection unit, among the accumulated sets, the set with the smallest error approximated from the sets detected before and after the set is deleted, and the new position and the new position are deleted. 2. The mobile terminal according to claim 1, wherein the date and time when the correct position is detected is accumulated.
  3.   前記蓄積された組を、当該組に係る日時の順に、(p0,t0), (p1,t1), (p2,t2), …, (pN-1,tN-1)と表記し、
      当該組に係る日時の順に、整数i = 1, 2, …, N-1のそれぞれについての移動の速さ
        vi = |pi-pi-1|/(ti-ti-1)
    と、整数i = 1, 2, …, N-2のそれぞれについての移動の速さの差分
        ai = |vi+1 - v{i}|
    と、を求め、
        i番目の組に対する前記誤差を、aiとする
      ことを特徴とする請求項2に記載の携帯端末。     The accumulated pairs are arranged in the order of the date and time relating to the pair (p 0 , t 0 ), (p 1 , t 1 ), (p 2 , t 2 ), ..., (p N-1 , t N- 1 )
    The speed of movement for each of the integers i = 1, 2,…, N-1 in the order of the date and time related to the pair v i = | p i -p i-1 | / (t i -t i-1 )
    And the difference in the speed of movement for each of the integers i = 1, 2,…, N-2 a i = | v i + 1 -v {i} |
    And
    3. The mobile terminal according to claim 2, wherein the error with respect to the i-th set is a i .
  4.   前記制御部は、
      前記検知された位置の履歴から、前記携帯端末の直近の移動速度を算定し、前記推定された直近の移動速度と所定の閾値とを比較して、前記携帯端末が移動中であるか否かを推定し、
      前記蓄積された組に係る日時に、前記閾値をそれぞれ乗じることにより、前記蓄積された組を、当該組に係る日時の順に、4次元位置ベクトルw0, w1, w2, …, wN-1に、それぞれ対応付け、
      整数i = 1, 2, …, N-2のうち、wi-1とwi+1とを結ぶ直線と、wiと、の距離を、整数iに対応付けられる組に対する前記誤差とする
      ことを特徴とする請求項2に記載の携帯端末。     The controller is
    Whether or not the portable terminal is moving is calculated from the history of the detected position by calculating the latest moving speed of the portable terminal and comparing the estimated latest moving speed with a predetermined threshold. Estimate
    By multiplying the date and time related to the stored set by the threshold value, the stored sets are converted into four-dimensional position vectors w 0 , w 1 , w 2 ,. -1, corresponding with,
    Among the integers i = 1, 2,..., N−2, the distance between the straight line connecting w i−1 and w i + 1 and w i is the error for the set associated with the integer i. 3. The mobile terminal according to claim 2, wherein
  5.   前記所有者から前記操作者への前記電子財産の承継がされると、前記検知された位置ならびに当該位置が検知された日時を、当該承継がされた位置ならびに日時として、サーバに伝達する
      ことを特徴とする請求項1に記載の携帯端末。     When the electronic property is succeeded from the owner to the operator, the detected position and the date and time when the position is detected are transmitted to the server as the succeeded position and the date and time. 2. The mobile terminal according to claim 1, wherein the mobile terminal is characterized.
  6.   電子財産の所有者へ操作者により提示される携帯端末にプログラムを配布するサーバであって、当該携帯端末はプログラムを実行することにより、
      前記携帯端末の位置を検知し、
      前記検知された位置の履歴から、前記携帯端末が移動中であるか否かを推測し、
      前記携帯端末が移動中であると推測されれば、前記所有者から前記操作者への前記電子財産の承継に供される可搬デバイスとの近接場通信を制限する
      ことを特徴とするサーバ。     A server that distributes a program to a mobile terminal presented by an operator to an owner of electronic property, and the mobile terminal executes the program,
    Detecting the position of the mobile terminal;
    From the history of the detected position, it is estimated whether the mobile terminal is moving,
    If it is estimated that the portable terminal is moving, near-field communication with a portable device used for succession of the electronic property from the owner to the operator is limited.
  7.   電子財産の所有者へ操作者により提示される携帯端末が、プログラムを実行することにより、
      前記携帯端末の位置を検知し、
      前記検知された位置の履歴から、前記携帯端末が移動中であるか否かを推測し、
      前記携帯端末が移動中であると推測されれば、前記所有者から前記操作者への前記電子財産の承継に供される可搬デバイスとの近接場通信を制限する
      ことを特徴とする制御方法。     When the mobile terminal presented by the operator to the owner of the electronic property executes the program,
    Detecting the position of the mobile terminal;
    From the history of the detected position, it is estimated whether the mobile terminal is moving,
    If it is estimated that the portable terminal is moving, the near field communication with the portable device used for the succession of the electronic property from the owner to the operator is limited. .
  8.   電子財産の所有者へ操作者により提示される携帯端末を、
      前記携帯端末の位置を検知する検知部、
      前記検知された位置の履歴から、前記携帯端末が移動中であるか否かを推測し、前記携帯端末が移動中であると推測されれば、前記所有者から前記操作者への前記電子財産の承継に供される可搬デバイスとの近接場通信を制限する制御部
      として機能させることを特徴とするプログラム。     The mobile device presented by the operator to the owner of the electronic property
    A detection unit for detecting the position of the mobile terminal;
    From the history of the detected position, it is estimated whether or not the mobile terminal is moving, and if it is estimated that the mobile terminal is moving, the electronic property from the owner to the operator A program that functions as a control unit that restricts near-field communication with a portable device that is used for succession.
PCT/JP2017/004178 2017-02-06 2017-02-06 Mobile terminal, server, control method, and program WO2018142605A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2017/004178 WO2018142605A1 (en) 2017-02-06 2017-02-06 Mobile terminal, server, control method, and program
JP2017549364A JP6244070B1 (en) 2017-02-06 2017-02-06 Portable terminal, server, control method, and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2017/004178 WO2018142605A1 (en) 2017-02-06 2017-02-06 Mobile terminal, server, control method, and program

Publications (1)

Publication Number Publication Date
WO2018142605A1 true WO2018142605A1 (en) 2018-08-09

Family

ID=60570372

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/004178 WO2018142605A1 (en) 2017-02-06 2017-02-06 Mobile terminal, server, control method, and program

Country Status (2)

Country Link
JP (1) JP6244070B1 (en)
WO (1) WO2018142605A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2021033475A (en) * 2019-08-20 2021-03-01 ヤフー株式会社 Output device, output method and output program

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004236125A (en) * 2003-01-31 2004-08-19 Japan Radio Co Ltd Mobile terminal equipment
JP2010211412A (en) * 2009-03-09 2010-09-24 Saxa Inc Terminal equipment monitoring system
JP2013140425A (en) * 2011-12-28 2013-07-18 Jvc Kenwood Corp In-vehicle device, position information transmission method and position information transmission program
JP2013218414A (en) * 2012-04-05 2013-10-24 Fujitsu Frontech Ltd Card settlement system and method for taxi
JP2016110464A (en) * 2014-12-08 2016-06-20 任天堂株式会社 Portable information processing device, settlement system, information processing program, and information processing method
WO2016132458A1 (en) * 2015-02-17 2016-08-25 楽天株式会社 Mobile terminal, control method, and program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004236125A (en) * 2003-01-31 2004-08-19 Japan Radio Co Ltd Mobile terminal equipment
JP2010211412A (en) * 2009-03-09 2010-09-24 Saxa Inc Terminal equipment monitoring system
JP2013140425A (en) * 2011-12-28 2013-07-18 Jvc Kenwood Corp In-vehicle device, position information transmission method and position information transmission program
JP2013218414A (en) * 2012-04-05 2013-10-24 Fujitsu Frontech Ltd Card settlement system and method for taxi
JP2016110464A (en) * 2014-12-08 2016-06-20 任天堂株式会社 Portable information processing device, settlement system, information processing program, and information processing method
WO2016132458A1 (en) * 2015-02-17 2016-08-25 楽天株式会社 Mobile terminal, control method, and program

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2021033475A (en) * 2019-08-20 2021-03-01 ヤフー株式会社 Output device, output method and output program
JP7388043B2 (en) 2019-08-20 2023-11-29 Lineヤフー株式会社 Output device, output method and output program

Also Published As

Publication number Publication date
JPWO2018142605A1 (en) 2019-02-07
JP6244070B1 (en) 2017-12-06

Similar Documents

Publication Publication Date Title
US11238431B2 (en) Credit payment method and apparatus based on card emulation of mobile terminal
US10360560B2 (en) System for authenticating a wearable device for transaction queuing
US10878416B2 (en) Apparatus, method, and computer program product for bus rapid transit ticketing and the like
US10311436B2 (en) User authentication method and device for credentials back-up service to mobile devices
JP5791128B2 (en) Method and application for location based services
US20130097078A1 (en) Mobile remote payment system
WO2012135372A2 (en) Using mix-media for payment authorization
CA2949366A1 (en) Apparatus, method, and computer program product for settlement to a merchant's card account using an on-line bill payment platform
JP6512272B1 (en) Terminal device, service application acceptance method, program
US20160189127A1 (en) Systems And Methods For Creating Dynamic Programmable Credential and Security Cards
CA3050736A1 (en) System and method for an automated teller machine to issue a secured bank card
JP6224289B2 (en) Mobile terminal, control method and program
CN110023935A (en) The information processing terminal, information processing equipment, information processing method, information processing system and program
JP5985103B2 (en) Portable terminal, distribution server, control method, and program
JP6244070B1 (en) Portable terminal, server, control method, and program
US11334877B2 (en) Security tool
JP7039770B1 (en) Terminal type identification in interaction processing
KR20170047693A (en) System for processing offline payment, method of processing offline payment using secondary authentication based on personal information question and method and apparatus for the same
JP7363982B2 (en) Authentication terminal, authentication terminal control method and program
WO2023187926A1 (en) Information processing device, information processing system, information processing method, and non-transitory computer-readable medium having program stored therein
WO2023281747A1 (en) Service processing device, system, method, and computer-readable medium
KR20180049443A (en) Method for Accumulating Inscribed Value Transformed from Uninscribed Receipt by using Biometrics
EP4244797A1 (en) Local transaction authorization using biometric information provided by a user device
WO2019106690A2 (en) Artificial intelligence (ai) driven dynamic smartcard
KR20180050912A (en) Method, system and non-transitory computer-readable recording medium for managing customers visiting a store

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2017549364

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17895156

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17895156

Country of ref document: EP

Kind code of ref document: A1