WO2018229949A1 - Property-data transmission/reception system - Google Patents

Property-data transmission/reception system Download PDF

Info

Publication number
WO2018229949A1
WO2018229949A1 PCT/JP2017/022204 JP2017022204W WO2018229949A1 WO 2018229949 A1 WO2018229949 A1 WO 2018229949A1 JP 2017022204 W JP2017022204 W JP 2017022204W WO 2018229949 A1 WO2018229949 A1 WO 2018229949A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
authentication
terminal
unit
user
Prior art date
Application number
PCT/JP2017/022204
Other languages
French (fr)
Japanese (ja)
Inventor
堅二 豊田
Original Assignee
株式会社ニコン
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社ニコン filed Critical 株式会社ニコン
Priority to PCT/JP2017/022204 priority Critical patent/WO2018229949A1/en
Publication of WO2018229949A1 publication Critical patent/WO2018229949A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • This disclosure relates to a property data transmission / reception system, and a property data reception device, property data transmission device, method, and program used in the property data transmission / reception system.
  • Japanese Patent Laid-Open No. 2011-123729 discloses personal authentication between a human body communication module possessed by a user and an ATM (Automatic Teller Machine) placed in a financial institution.
  • ATM Auto Teller Machine
  • ATM acquires first data including user biometric information stored in the human body communication module in the human body communication unit via human body communication, and also reads the user's biometric in the reading unit.
  • the personal authentication is performed by directly reading the information to create the second data and collating the biometric information included in each of the first data and the second data.
  • a first aspect of the present disclosure is a property data receiving apparatus including an authentication unit that performs user authentication and a first communication unit that receives property data when the user authentication is positive.
  • a second aspect of the present disclosure is a property data transmitting apparatus that communicates with the property data receiving apparatus according to the first aspect, wherein the second communication unit transmits the property data when the personal authentication is affirmed.
  • a property data transmitting apparatus including
  • a third aspect of the present disclosure is a property data transmission / reception system including the property data receiving apparatus according to the first aspect and the property data transmitting apparatus according to the second aspect.
  • the fourth aspect of the present disclosure is a property data receiving method that executes user authentication and receives property data when the user authentication is affirmed.
  • a fifth aspect of the present disclosure is a property data transmission / reception method using a store-side device and a user-side device, and causes the store-side device to acquire (i) first identification data of a user, and (ii) a user The second identification data is received from the user side device, and (iii) the user side authentication is executed using the acquired first identification data and the received second identification data, and the user side device (Iv) A property data transmission / reception method in which property data and the second identification data are recorded in advance, and (v) the property data is transmitted to the store side device when the personal authentication is affirmed. .
  • a sixth aspect of the present disclosure is a program that causes a computer to execute a process including executing user authentication and receiving property data when the user authentication is positive.
  • FIG. 1A shows an overall configuration of a payment system according to the first embodiment of the present disclosure.
  • the settlement system includes an account server device 1 (hereinafter referred to as “account server 1”), a mobile terminal device 2 (hereinafter referred to as “mobile terminal 2”), and an in-store terminal device 3 ( Hereinafter, “shop front terminal 3”).
  • account server 1 hereinafter referred to as “account server 1”
  • mobile terminal 2 hereinafter referred to as “mobile terminal 2”
  • in-store terminal device 3 hereinafter, “shop front terminal 3”.
  • the account server 1 and the mobile terminal 2 communicate via the network 4. Therefore, in this embodiment, at least the account server 1 and the mobile terminal 2 are connected to the network 4. Furthermore, communication between the portable terminal 2 and the storefront terminal 3 is performed as human body communication via the human body 5 as an example.
  • the storefront terminal 3 shown in FIG. 1A is an example of the “property data receiving device” of the present disclosure.
  • the mobile terminal 2 is an example of the “property data transmission device” of the present disclosure.
  • FIG. 1A is a functional block diagram showing an example of main functions of the account server 1, the mobile terminal 2, and the storefront terminal 3 according to the first embodiment.
  • Each device functions as each unit shown in the functional block diagram of FIG. 1A when a CPU (Central Processing Unit) executes various programs in each hardware configuration to be described later.
  • a CPU Central Processing Unit
  • FIG. 1B is a block diagram illustrating an example of the secondary storage device 14 in the electrical configuration of the account server 1 according to the first embodiment.
  • a plurality of individual account areas 111 are provided in a predetermined recording area of the secondary storage device 14.
  • Each of the plurality of individual account areas 111 records account data of a specific individual or corporation.
  • the account server 1 is externally configured to transmit and receive data between the portable terminal 2 and the storefront terminal 3 via the CPU, the primary storage unit, and the network 4 similarly to the mobile terminal 2 and the storefront terminal 3 described later.
  • I / F is included and these are connected via a bus (not shown).
  • the CPU reads out the program (specifically, the charge module shown in FIG. 1B) from the secondary storage device, develops it in the primary storage device, and executes it, so that the CPU is a functional block diagram of FIG. 1A. It functions as the account server charge unit 101 shown in FIG.
  • the primary storage device means a volatile memory, for example, RAM (Random Access Memory).
  • the secondary storage device means a non-volatile memory, for example, a flash memory or an HDD (Hard Disk Disk Drive).
  • the account server 1 is a server of a financial institution that records account data of various individuals or corporations.
  • a CPU (not shown) functions as an account server charge unit, whereby specific individual or corporate account data is recorded in each individual account area 111.
  • the account data includes property data indicating the amount of property held by the individual in addition to data for identifying the individual who is the owner (name, address, telephone number, etc.).
  • the account data recorded in the individual account area 111 of the account server 1 particularly includes image data of a finger vein pattern of a predetermined hand of the owner of the individual account area 111.
  • the image data identifies the owner and is used for personal authentication prior to a settlement process according to the present embodiment, which will be described later.
  • the image data is referred to as vein data.
  • the predetermined finger of the owner is, for example, an index finger of an arm that is not the owner's dominant arm.
  • the present invention is not limited to this.
  • An individual who is the owner of an account can record vein data for identifying himself / herself in a specific individual account area 111 corresponding to his / her own account.
  • An individual can perform vein data registration work at a financial institution to which the account belongs.
  • the account server 1 includes an imaging device corresponding to a biometric authentication unit 307 of the storefront terminal 3 to be described later, and can acquire user vein data via this imaging device. Further, for example, vein data may be registered or updated remotely from outside the account server 1 via the network 4.
  • each individual account area 111 records single vein data as an example.
  • the individual who is the owner of the account can create new vein data and update the vein data recorded in the individual account area 111.
  • the external I / F (not shown) of the account server 1 is connected to the network 4.
  • FIG. 2 is a block diagram showing an example of the main configuration of the electrical system of the mobile terminal 2 according to the first embodiment.
  • the mobile terminal 2 includes a CPU 20, a primary storage device 22, a secondary storage device 24, a touch panel display 28 including a touch panel 28 ⁇ / b> A and a display 28 ⁇ / b> B, and a human body 5 for performing human body communication described later.
  • An external I / F 42A that transmits / receives data to / from the storefront terminal 3 and an external I / F 42B that transmits / receives data to / from the account server 1 via the network 4.
  • Each unit shown in FIG. 2 of the portable terminal 2 is connected to each other by a bus 26.
  • the CPU 20 reads out each program from the secondary storage device 24, develops it in the primary storage device 22, and executes it, whereby the CPU 20 performs the mobile terminal charging unit 201 shown in the functional block diagram of FIG. It functions as the terminal settlement unit 203.
  • the CPU 20 of the mobile terminal 2 functions as the mobile terminal charging unit 201 by executing the charge module shown in FIG.
  • the CPU 20 functions as the mobile terminal payment unit 203 by executing the payment module.
  • the portable terminal 2 is a portable terminal that is owned and carried by each individual who uses the payment system according to the first embodiment of the present disclosure.
  • the mobile terminal 2 as is generally known, a smartphone, a portable personal computer (portable PC), a tablet PC, a smart watch, a wristband, and the like can be considered. As an example, the mobile terminal 2 will be described here by taking a smart watch as an example.
  • the mobile terminal 2 is connected to the network 4 via an external I / F 42B and a wireless communication line.
  • the wireless communication line is, for example, WiFi, a cellular phone line, or the like.
  • the network 4 allows two-way communication between the mobile terminal 2 and the account server 1.
  • the touch panel display 28 of the portable terminal 2 displays various menus, dialogs, and the like on the display 28B, and constitutes an interface with the user.
  • the touch panel display 28 includes a touch panel 28A that accepts an input operation by a user.
  • the external I / F 42A of the mobile terminal 2 performs communication by human body communication described later.
  • the finger (human body 5) of the user wearing the mobile terminal 2 contacts a predetermined portion of the storefront terminal 3, data is transmitted and received between the external I / F 42A and the storefront terminal 3.
  • the secondary storage device 24 of the mobile terminal 2 includes an area for storing property data downloaded from the account server 1 and user-specific biometric information used for biometric authentication, as will be described later.
  • the mobile terminal 2 in the present embodiment is configured to be able to record property data in the secondary storage device 24. That is, the portable terminal 2 can be precharged with property data in the same manner as a prepaid card known in Japan such as SUICA, PASMO, and Felica. The user can make payment using property data charged in the mobile terminal 2.
  • the mobile terminal 2 is associated with a specific individual account area 111 of the account server 1. Specifically, in the account server 1, the identification information of the mobile terminal 2 and the address of a specific individual account area 111 in which the user of the mobile terminal 2 is the owner are stored in association with each other. The individual who is the owner of the account pulls out the property data from the specific individual account area 111 of the account server 1 of the financial institution that stores his property and charges it to the mobile terminal 2 that he owns (that is, two Stored in the next storage device 24). As will be described later, this charging process can be performed remotely via the network 4.
  • the mobile terminal 2 has a limit for charging property data.
  • the limit amount can be determined in consideration of the limit of loss due to accidents such as loss or theft of the mobile terminal 2, and the number of mobile terminals when the user uses a plurality of mobile terminals 2. Recorded in the secondary storage device 24.
  • vein data (that is, image data of a vein pattern of a predetermined finger of the owner of the individual account area 111) can be recorded in the secondary storage device 24 of the mobile terminal 2 in the present embodiment.
  • vein data is downloaded from the account server 1 to the portable terminal 2 during the charge processing of property data.
  • the secondary storage device 24 of the portable terminal 2 has a single vein data corresponding to each individual account area 111 of the account server 1 recording a single vein data. Shall be recorded.
  • the single vein data recorded in the secondary storage device 24 of the portable terminal 2 can be updated each time a charging process described later is performed.
  • FIG. 3 is a block diagram showing an example of the main configuration of the electrical system of the storefront terminal 3 according to the first embodiment.
  • the storefront terminal 3 is connected to the CPU 30, the primary storage device 32, the secondary storage device 34, the touch panel display 38 including the touch panel 38 ⁇ / b> A and the display 38 ⁇ / b> B, and the human body 5 for performing human body communication described later.
  • 3 of the storefront terminal 3 are connected to each other by a bus 36.
  • the CPU 30 reads out the program (specifically, the payment module shown in FIG. 3) from the secondary storage device 34, develops it in the primary storage device 32, and executes it. It functions as the storefront terminal payment unit 301 shown in the block diagram.
  • the touch panel display 38 of the storefront terminal 3 displays various menus, dialogs, and the like on the display 38B to constitute an interface with the user.
  • the touch panel display 38 includes a touch panel 38A that accepts an input operation by a user.
  • the storefront terminal 3 is a device that is installed at the storefront of a store that provides products or services and performs settlement.
  • the storefront terminal 3 is not necessarily a stationary device.
  • the store terminal 3 may be, for example, a portable device that a clerk can bring to a customer's seat at a restaurant or the like, or a settlement terminal installed in a basket where a customer collects products to be purchased at a supermarket or a convenience store. Good.
  • the storefront terminal 3 will be described by taking a stationary settlement storefront terminal installed in the store as an example.
  • the external I / F 44B of the storefront terminal 3 is connected to the network 4 via a communication line.
  • the storefront terminal 3 is not necessarily connected to the network 4. Therefore, the storefront terminal according to the present embodiment may not include the external I / F 44B.
  • the external I / F 44A of the storefront terminal 3 performs human body communication with the portable terminal 2 by performing a predetermined operation described later.
  • the program of each device does not need to be stored in the secondary storage unit from the beginning.
  • the program can be stored in any portable storage medium such as an HDD (Hard Disk Drive), SSD (Solid State Drive), IC card, magneto-optical disk, CD-ROM, etc. that is connected to each device. You may keep it. Then, the CPU may acquire the program from these portable storage media and execute it.
  • the program may be stored in a storage unit of an external computer such as a computer or a server device connected to each device via a communication line. In this case, the CPU acquires the program from the external computer and executes it.
  • FIG. 4 shows a mode in which human body communication according to this embodiment is performed.
  • the mobile terminal 2 as a smart watch is worn on the user's arm.
  • the transmission / reception unit 306 of the storefront terminal 3 is connected to the external I / F 44A.
  • the user's human body (that is, the user's hand and arm) 5 functions as a human body antenna. Human body communication is established between the external I / F 42A and the external I / F 44A of the store terminal 3.
  • FIG. 5 shows the configuration of the biometric authentication unit 307 of the store terminal 3.
  • the biometric authentication unit 307 is an example of the “acquisition unit” of the present disclosure.
  • biometric authentication when the user places the finger 501 at a predetermined position of the biometric authentication unit 307, the above-described human body communication and personal authentication using biometric information (hereinafter referred to as biometric authentication) are performed simultaneously. .
  • two finger guides 310 that are spaced apart by a predetermined distance are provided.
  • a part of the transmitting / receiving unit 306 is exposed from the tip of the finger guide 310 arranged in the tip direction (horizontal left direction in FIG. 5).
  • a transparent window 311 is provided between the two finger guides 310. Below the transparent window 311, two illumination LEDs 312 that emit near-infrared light for detecting a finger vein pattern are disposed.
  • the illumination LED 312 emits infrared light suitable for detecting a finger vein pattern from different directions, and illuminates a part of the finger 501 through the transparent window 311.
  • a lens 313 and an image sensor 314 are disposed directly opposite the transparent window 311.
  • a part of the finger 501 illuminated by the illumination LED 312 is imaged on the image sensor 314 by the lens 313.
  • the image sensor 314 captures a vein pattern in a part of the finger 501 and sends it as image data to the secondary storage device 34 of the storefront terminal 3 through wiring not shown.
  • the vein pattern image data imaged by the image sensor 314 is hereinafter referred to as image data.
  • the CPU 30 of the storefront terminal 3 functions as the storefront terminal settlement unit 301, whereby the vein pattern of the finger 501 in the imaging data recorded in the secondary storage device 34 is obtained in the user's unique data separately acquired. Compared with the vein pattern, identity authentication is performed to determine whether the current user is the original owner of the mobile terminal.
  • charging of property data refers to a process of transferring a part or all of personal property data recorded in the individual account area 111 of the account server 1 to the secondary storage device 24 of the portable terminal 2. .
  • a process of charging property data based on an operation input from the mobile terminal 2 will be described.
  • 6 to 9 are flowcharts showing an example of a processing program for charging property data.
  • 6 and 7 show an example of a processing program executed by the mobile terminal 2
  • FIGS. 8 and 9 show an example of a processing program executed by the account server 1.
  • the processing program executed by the mobile terminal 2 is specifically executed by the CPU 20 of the mobile terminal 2 functioning as the mobile terminal charging unit 201.
  • the processing program executed by the account server 1 is executed by the CPU of the account server 1 (not shown) that functions as the account server charging unit 101.
  • Communication between the portable terminal 2 and the account server 1 is performed via the external I / F 42B of the portable terminal 2 and the network 4 connected to the external I / F (not shown) of the account server 1.
  • the user When charging, the user operates the touch panel 28A on the screen 202 of the display 28B of the portable terminal 2 to start up the application software for charging. Thereby, execution of the processing program of the portable terminal 2 shown in FIGS. 6 and 7 is started, and a processing process for charging property data according to the present embodiment is started. Thereafter, the mobile terminal charging unit 201 executes the charging process according to the command of the application software.
  • step S 602 the mobile terminal charging unit 201 sends a request for accessing the specific individual account area 111 to the account server 1.
  • the request includes a user-specific ID number stored in the secondary storage device 24 of the mobile terminal 2.
  • the account server charge unit 101 identifies the individual account of the user based on the ID number received from the mobile terminal 2, and authenticates the individual account area 111 in which the currently accessed user is identified. Perform identity verification to confirm that you are the owner.
  • identity authentication is performed according to the following flow.
  • step S ⁇ b> 802 the account server charging unit 101 sends a password request to the mobile terminal charging unit 201.
  • step S604 the mobile terminal charging unit 201 receives the password request.
  • step S606 the mobile terminal charging unit 201 displays a password request screen for entering a password as the screen 202 on the display 28B.
  • Fig. 10 shows an example of the password request screen.
  • the password request screen includes a message display area 202a, an account number display area 202b, a password input area 202c, and a soft keyboard 202d.
  • a message prompting the user to input a password is displayed.
  • a message “Please enter your password” is displayed.
  • the account number display area 202b the account number of the account of the financial institution corresponding to the specific individual account area 111 that the user desires to access is displayed.
  • a password input by a user operation is displayed in the password input area 202c.
  • the soft keyboard 202d includes, for example, a numeric keypad, an ENTER key, an EXIT key, and a DELETE key (displayed as X in FIG. 10).
  • a numeric keypad When the user presses the numeric keypad, a number corresponding to the pressed key is input and displayed in the password input area 202c.
  • the ENTER key When the user presses the ENTER key, the input of the numeric string displayed in the password input area 202c is confirmed.
  • the DELETE key the number displayed in the password input area 202c is deleted.
  • the password request screen is displayed as the screen 202 on the display 28B of the portable terminal 2
  • the user is displayed in the account number display area 202b using the soft keyboard 202d according to the message displayed in the message display area 202a. Enter the password corresponding to the account number.
  • step S608 the mobile terminal charging unit 201 acquires the input password.
  • step S ⁇ b> 610 the mobile terminal charging unit 201 transmits the acquired password to the account server 1.
  • step S804. the account server charge unit 101 checks the received password against the password recorded in the specified individual account area 111, so that the current user is the genuine owner of the individual account area 111. It is confirmed whether or not.
  • step S806 If the password received by the account server charge unit 101 from the mobile terminal 2 is different from the password recorded in the individual account area 111, the determination in step S806 is negative. In this case, the process of FIG. 8 returns to S802, and the account server charge unit 101 sends a password request to the mobile terminal 2 again.
  • the portable terminal charging unit 201 receives the password request again, the determination as to whether or not data has been received from the account server 1 is affirmative in step S612. Subsequently, in step S614, the determination as to whether or not the received data is a password request again is affirmative. In this case, the process of FIG.
  • step S618 the portable terminal charging unit 201 displays a password re-request screen as the screen 202 on the display 28B, and prompts the user to re-enter the password.
  • step S618 the processing of FIG. 6 returns to step S608, and steps S608 to S610 are executed again.
  • Fig. 11 shows an example of the password re-request screen. Similar to the password request screen shown in FIG. 10, the password re-request screen includes a message display area 202a, an account number display area 202b, a password input area 202c, and a soft keyboard 202d.
  • a message prompting the user to re-enter the password is displayed.
  • the message “The password you entered is incorrect. Please enter your password again.” Is displayed.
  • the account number display area 202b, the password input area 202c, and the soft keyboard 202d function in the same manner as the password request screen shown in FIG.
  • the password is input again and transmitted from the portable terminal charging unit 201 to the account server 1 again.
  • step S804 When the account server charge unit 101 receives the password from the portable terminal 2 again, an affirmative determination is made in step S804, and the processing in FIG. 8 proceeds to step S806 again.
  • step S806 when the account server charge unit 101 confirms that the two verified passwords match, the personal authentication is affirmed.
  • step S808 the account server charge unit 101 reads the balance data and the biometric authentication vein data from the specified individual account area 111 and sends them to the portable terminal 2. And the process of the account server charge part 101 transfers to FIG.
  • step S612 When the portable terminal charging unit 201 receives the balance data and the vein data, an affirmative determination is made in step S612, and a negative determination is subsequently made in step S614.
  • step S616 the mobile terminal charging unit 201 records the received balance data and vein data in the secondary storage device 24. Subsequently, the processing of the mobile terminal charging unit 201 proceeds to FIG. 7, and in step S702, the mobile terminal charging unit 201 reads the charge balance and balance data recorded in the secondary storage device 24, and displays the screen on the display 28B. A charge amount input screen is displayed as 202.
  • FIG. 12 shows an example of the charge amount input screen.
  • the charge amount input screen includes an account balance display area 202e, a charge balance display area 202f, a charge amount input area 202g, and a soft keyboard 202d.
  • the account balance display area 202e displays the balance of the account of the financial institution corresponding to the specific individual account area 111 accessed by the user.
  • the charge balance display area 202 f displays the amount currently charged in the mobile terminal 2 recorded in the secondary storage device 24 of the mobile terminal 2.
  • the charge amount input area 202g displays the amount input by the user operating the soft keyboard 202d.
  • the soft keyboard 202d functions in the same manner as the password request screen shown in FIG.
  • the user can read the balance amount of the account displayed in the account balance display area 202e and the portable terminal displayed in the charge balance display area 202f.
  • the soft keyboard 202d is used to input the amount of money desired to be charged this time in the charge amount input area 202g.
  • the user ends the process by pressing the EXIT key of the soft keyboard 202d. be able to.
  • the portable terminal charging unit 201 acquires the input charge amount in step S704.
  • the mobile terminal charging unit 201 calculates a total amount obtained by adding the input charge amount and the charge balance recorded in the secondary storage device 24.
  • the mobile terminal charging unit 201 compares the calculated total amount with a limit amount set in advance in the mobile terminal 2.
  • step S708 If the total amount is equal to or less than the limit amount, the determination in step S708 is negative, and the process in FIG. 7 proceeds to step S710.
  • step S ⁇ b> 710 the mobile terminal charging unit 201 transmits the input charge amount to the account server 1.
  • step S902 in FIG. 9 the account server charge unit 101 receives the charge amount.
  • step S ⁇ b> 904 the account server charge unit 101 determines whether or not the received charge amount is larger than the balance data in the individual account area 111.
  • step S904 If the charge amount is less than or equal to the balance data in the individual account area 111, the determination in step S904 is negative. In this case, in step S ⁇ b> 906, the account server charge unit 101 transmits property data for the charge amount to the mobile terminal 2. In step S ⁇ b> 908, the account server charge unit 101 calculates a subtraction amount obtained by subtracting the charge amount from the balance data in the individual account area 111. In step S910, the account server charge unit 101 replaces the calculated subtraction amount with new balance data and records it in the individual account area 111. Thereby, the execution of the processing program of the account server charge unit 101 shown in FIGS. 8 and 9 ends (END in FIG. 9).
  • step S712 the determination as to whether or not the data has been received from the account server 1 is affirmative in step S712. Subsequently, in step S714, the determination as to whether the received data is insufficient balance information is negative. In this case, the process in FIG. 7 proceeds to step S716.
  • step S716 the mobile terminal charging unit 201 adds the amount of property data corresponding to the charge amount to the charge balance recorded in the secondary storage device 24 (that is, the total amount calculated in S706) as new property data. The charge balance is recorded in the secondary storage device 24.
  • step S708 determines whether the total amount of the charge amount and the charge balance exceeds the limit amount set in advance in the portable terminal 2.
  • step S708 the determination in step S708 is affirmative, and the processing in FIG. 7 proceeds to step S718.
  • step S718, the mobile terminal charging unit 201 calculates the excess amount exceeding the limit amount and displays a limit amount excess screen as the screen 202 on the display 28B. Thereafter, the processing of FIG. 7 returns to step S704, and steps S704 to S706 are executed again.
  • Fig. 13 shows an example of the limit excess screen.
  • the limit amount excess screen includes a message display area 202a, an excess amount display area 202h, a modified charge amount input area 202i, and a soft keyboard 202d.
  • the message display area 202a displays a message indicating that the limit has been exceeded. As an example, a message “The charge balance after charging exceeds the limit” is displayed.
  • the excess amount display area 202h displays the excess amount exceeding the limit amount.
  • the soft keyboard 202d functions in the same manner as the password request screen shown in FIG.
  • the corrected charge amount input area 202i a message prompting the user to correct the charge amount is displayed, and the corrected charge amount is input by the user operating the soft keyboard 202d.
  • the limit amount excess screen is displayed, the maximum value of the chargeable amount calculated by dividing the current charge balance from the limit amount is displayed in advance in the corrected charge amount input area 202i. .
  • the user inputs the corrected charge amount by correcting this maximum value. Therefore, after the limit amount excess screen is displayed, if the user inputs the ENTER key without correcting the amount, charging up to the limit amount is instructed.
  • step S704 By executing steps S704 to S706 again, the charge amount is input again, and the total amount obtained by adding the input charge amount and the charge balance recorded in the secondary storage device 24 is calculated again. Thereafter, the determination is performed again in step S708.
  • step S904 If the charge amount transmitted from the mobile terminal 2 to the account server charge unit 101 exceeds the balance data in the individual account area 111, the determination in step S904 is affirmative, and the process in FIG. 9 proceeds to step S912. Transition.
  • step S ⁇ b> 912 the account server charge unit 101 calculates a shortage amount exceeding the balance data, and transmits account balance shortage information to the mobile terminal 2.
  • the account balance shortage information includes a message that the balance data has been exceeded and information on the shortage amount. In this case, the balance data recorded in the individual account area 111 is not changed.
  • step S712 When the mobile terminal charging unit 201 receives the account balance shortage information from the account server 1, the determination in step S712 is a positive determination, and the determination in step S714 is a positive determination. In this case, the process in FIG. 7 proceeds to step S720.
  • step S720 the mobile terminal charging unit 201 displays an account balance shortage screen as the screen 202 on the display 28B, and prompts the user to re-enter the charge amount. Thereafter, the processing of FIG. 7 returns to step S704, and steps S704 to S710 are executed again.
  • FIG. 14 shows an example of an account balance shortage screen.
  • the account balance shortage screen includes a message display area 202a, a shortage amount display area 202j, a corrected charge amount input area 202i, and a soft keyboard 202d.
  • the message display area 202a displays a message indicating that the account balance is insufficient.
  • the message “Account balance is insufficient” is displayed.
  • the shortage amount display area 202j displays a shortage amount corresponding to an amount in which the input charge amount exceeds the account balance recorded in the individual account area 111.
  • the soft keyboard 202d functions in the same manner as the password request screen shown in FIG.
  • the corrected charge amount input area 202i a message prompting the user to correct the charge amount is displayed, and the corrected charge amount is input by the user operating the soft keyboard 202d.
  • the account balance shortage screen is displayed, the current charge of the account balance as the maximum chargeable amount is displayed in advance in the corrected charge amount input area 202i.
  • the user inputs the corrected charge amount by correcting this maximum value. Accordingly, after the account balance shortage screen is displayed, if the user inputs the ENTER key without correcting the amount, the user is instructed to charge up to the current account balance amount.
  • steps S704 to S710 the charge amount is input again, and the total amount obtained by adding the input charge amount and the charge balance recorded in the secondary storage device 24 is calculated again, and the charge amount is calculated. Is transmitted to the account server 1 again.
  • step S914 the process in FIG. 9 returns to step S904.
  • step S904 it is determined again whether the received charge amount is larger than the balance data of the individual account area 111.
  • FIG. 15 is a sequence diagram illustrating information exchange between the mobile terminal 2 and the account server 1.
  • Each step shown in FIG. 15 corresponds to each step in FIGS. Note that, for convenience of illustration, in FIG. 15, branches existing during the charging process are omitted. Specifically, for mobile terminal 2, a case where an affirmative determination is made in any of step S614, step S708, and step S714 is omitted. Similarly, for the account server 1, a case of either a negative determination in step S806 and an affirmative determination in step S904 is omitted.
  • FIGS. 16 to 20 are flowcharts showing an example of a processing program for performing settlement in the present embodiment.
  • 16 to 18 show an example of a processing program executed by the store terminal 3
  • FIGS. 19 and 20 show an example of a processing program executed by the mobile terminal 2.
  • the entire payment process is described in three parts: (1) before the authentication process, (2) the authentication process subroutine, and (3) after the authentication process.
  • the processing program executed by the storefront terminal 3 is specifically executed by the CPU 30 of the storefront terminal 3 functioning as the storefront terminal settlement unit 301.
  • the processing program executed by the mobile terminal 2 is specifically executed by the CPU 20 of the mobile terminal 2 functioning as the mobile terminal settlement unit 203.
  • communication between the storefront terminal 3 and the mobile terminal 2 is performed by human body communication via the user's human body 5 by the external I / F 44A and the transmitting / receiving unit 306 of the storefront terminal 3 and the external I / F 42A of the mobile terminal 2. As done.
  • Payment process 1 Before authentication process, it is assumed that a user who has purchased a product or service wants to pay the price through payment using property data by the mobile terminal 2. In that case, the fact is input to the storefront terminal 3 in some form, for example, by the operation of the user or the store clerk. As a result, execution of the processing program of the storefront terminal 3 shown in FIGS. 16 to 18 is started, and a processing process for performing settlement according to the present embodiment is started. Note that the storefront terminal 3 may be set to automatically start the payment processing process. In other words, unless the store terminal 3 is specifically instructed not to pay by payment using property data by the mobile terminal 2, the price of goods or services will be paid by payment using property data by the mobile terminal 2. May be set.
  • the storefront terminal payment unit 301 executes a payment process.
  • step S1602 the store terminal payment unit 301 displays a payment start screen as a screen 302 on the display 38B.
  • FIG. 21 shows an example of the settlement start screen.
  • the settlement start screen includes a payment amount display area 302a, a message display area 302b, a breakdown display area 302c, and a scroll bar 302d.
  • the payment amount display area 302a displays the consideration for the product or service purchased by the user.
  • the message display area 302b displays a message prompting the user to make a payment. As an example, a message “Please pay with your finger on the finger guide if you like” is displayed.
  • the breakdown display area 302c displays a breakdown of the price displayed in the payment amount display area 302a. Here, it is assumed that all of the breakdowns cannot be displayed at once in the breakdown display area 302c. In this case, the user may read the entire breakdown by scrolling the scroll bar 302d as necessary.
  • the user confirms the payment amount and the breakdown on the payment start screen, places the finger 501 belonging to the arm wearing the mobile terminal 2 on the finger guide 310 of the biometric authentication unit 307 of the storefront terminal 3, and is provided on the finger guide 310.
  • the finger 501 is brought into contact with the transmission / reception unit 306 (see FIG. 5).
  • human body communication is started between the external I / F 44A of the storefront terminal 3 using the human body 5 as an antenna and the external I / F 42A of the portable terminal 2.
  • step S1604 When the storefront terminal payment unit 301 detects the contact of the finger 501 with the biometric authentication unit 307, the determination as to whether or not the contact with the biometric authentication unit 307 has been detected becomes an affirmative determination in step S1604. In this case, the process in FIG. 16 proceeds to step S1606 via step S1605. In step S ⁇ b> 1605, the storefront terminal payment unit 301 transmits contact detection information to the mobile terminal 2.
  • the mobile terminal payment unit 203 executes a payment process.
  • step S1606 the storefront terminal payment unit 301 executes an authentication process. Thereafter, the processing of FIG. 16 proceeds to the authentication process subroutine of FIG. In step S1902 in FIG. 19 corresponding to step S1606 in FIG. 16, the mobile terminal settlement unit 203 executes an authentication process. Thereafter, the processing of FIG. 19 proceeds to the authentication process subroutine of FIG.
  • the authentication process subroutine is the second stage of the settlement process of this embodiment.
  • FIGS. 18 and 20 The authentication process in the settlement processing of the present embodiment is illustrated in FIGS. 18 and 20 as a subroutine.
  • FIG. 18 is a subroutine showing an example of a processing program executed by the CPU 30 as the storefront terminal payment unit 301
  • FIG. 20 is a subroutine showing an example of a processing program executed by the CPU 20 as the mobile terminal payment unit 203.
  • the shop front terminal payment part 301 resets F and G by substituting 0 to the variables F and G memorize
  • F is an integer representing the number of authentication attempts.
  • the biometric authentication failure is repeated a predetermined number of times, the authentication failure is confirmed and settlement is not performed.
  • FIG. 18 as an example, it is assumed that authentication can be performed up to five times.
  • G is a binary variable representing success or failure of authentication in the in-store terminal settlement unit 301.
  • step S1804 the shop terminal payment unit 301 transmits a request for vein data to the mobile terminal 2.
  • the mobile terminal settlement unit 203 Upon receiving this request, the mobile terminal settlement unit 203 starts an authentication process subroutine (START in FIG. 20). In step S2002, the mobile terminal settlement unit 203 substitutes 0 for a variable H stored in the secondary storage device 24.
  • H is a binary variable indicating success or failure of authentication in the mobile terminal settlement unit 203.
  • step S2004 the mobile terminal settlement unit 203 reads the requested vein data from the secondary storage device 24 and transmits it to the store terminal 3.
  • the shop front terminal payment part 301 receives vein data from the portable terminal 2, and records it on the secondary storage device 34.
  • FIG.18 S1806 the shop front terminal payment part 301 receives vein data from the portable terminal 2, and records it on the secondary storage device 34.
  • step S1808 the storefront terminal payment unit 301 executes the following processing.
  • the storefront terminal payment unit 301 images the contact object in contact with the finger guide 310 in the biometric authentication unit 307 and records the image data in the secondary storage device 34.
  • the finger 501 of the user wearing the mobile terminal 2 is in contact with the transmission / reception unit 306 provided in the finger guide 310 of the biometric authentication unit 307 of the store terminal 3 (S1604, see FIG. 5).
  • the processing executed by the shop terminal payment unit 301 in S1808 is specifically as follows.
  • the lens 313 shown in FIG. 5 forms an image of the vein pattern of the user's finger 501 illuminated by the illumination LED 312 on the image sensor 314, and the image sensor 314 images the vein pattern to obtain the image data. Record in the next storage device 34.
  • step S1810 the storefront terminal payment unit 301 reads the image data captured by the image sensor 314 and the vein data received from the mobile terminal 2 from the secondary storage device 34, and compares the vein patterns included in the two data. To do. Comparing and collating the vein patterns included in the above two data is performing authentication of whether or not the current user is the person in the present embodiment.
  • step S1812 the determination of whether or not the two patterns match (that is, whether or not the current user is the user) is affirmative in step S1812. Judgment. In this case, the process in FIG. 18 proceeds to step S1814.
  • step S1812 determines whether the vein patterns included in the two data do not match as a result of the collation in S1810. If the vein patterns included in the two data do not match as a result of the collation in S1810, the determination in step S1812 is negative. In this case, the process in FIG. 18 proceeds to step S1816.
  • step S1818 the shop terminal payment unit 301 displays a re-imaging instruction screen as a screen 302 on the display 38B. Then, the processing of FIG. 18 returns to step S1808, and steps S1808 to S1818 are executed again.
  • FIG. 22 shows an example of the re-imaging instruction screen.
  • the re-imaging instruction screen includes a message display area 302b.
  • the message display area 302b displays a message indicating that the authentication has not been successful and prompting the finger 501 to be imaged again.
  • step S1812 Unless the determination in step S1812 is affirmative, the processes in steps S1808 to S1818 are repeated. That is, vein pattern imaging and comparison / collation of imaging data and vein data are repeated. Each time a negative determination is made in step S1812 (that is, matching fails), 1 is added to the variable F in step S1816.
  • step S1822 the storefront terminal payment unit 301 transmits authentication failure information to the mobile terminal.
  • the subroutine executed by the storefront terminal settlement unit 301 shown in FIG. 18 transmits authentication success information or authentication failure information to the mobile terminal 2 in step S1814 or S1822, and records it in the secondary storage device 34.
  • the mobile terminal settlement unit 203 waits for the authentication process result to be transmitted from the storefront terminal 3.
  • the determination in S2006 is a negative determination
  • the determination in S2008 is a negative determination. Keeps waiting for.
  • step S2006 determines whether the authentication failure information is received from the storefront terminal 3 is affirmative. Judgment. In this case, the process in FIG. 20 proceeds to step S2010.
  • step S1608 of FIG. 16 the determination as to whether or not the authentication is successful is an affirmative determination. In this case, the process in FIG. 16 proceeds to step S1610.
  • step S1610 the storefront terminal payment unit 301 displays an authentication success screen as a screen 302 on the display 38B.
  • FIG. 23 shows an example of the authentication success screen.
  • the authentication success screen includes a message display area 302b.
  • the message display area 302b displays a message indicating that the authentication is successful and that the payment process is being executed.
  • step S1612 the in-store terminal settlement unit 301 transmits a request for property data corresponding to the payment amount as a price for the provision of the product or service to the mobile terminal 2. Thereafter, the processing of the storefront terminal payment unit 301 shifts to FIG. The payment amount is displayed on the settlement start screen in FIG. 21 in step S1602.
  • step S1906 the mobile terminal settlement unit 203 receives the property data request from the storefront terminal 3.
  • step S1908 the mobile terminal settlement unit 203 reads the charge balance recorded in the secondary storage device 24, and calculates a subtraction amount obtained by subtracting the requested payment amount from the charge balance.
  • step S1910 the mobile terminal settlement unit 203 determines whether or not the subtraction amount is 0 or more using the calculated subtraction amount.
  • step S1910 If the subtraction amount is 0 or more, the determination of whether or not the subtraction amount is 0 or more is affirmative in step S1910. In this case, the processing in FIG. 19 proceeds to step S1912.
  • step S1912 the mobile terminal settlement unit 203 transmits property data corresponding to the requested payment amount to the store terminal 3.
  • step S1914 the portable terminal settlement unit 203 records the subtraction amount as a new charge balance in the secondary storage device 24, and ends the settlement process (END in FIG. 19).
  • the storefront terminal payment unit 301 transmits a request for property data to the mobile terminal 2 in step S1612, and then waits for reception of data from the mobile terminal 2.
  • step S1702 of FIG. 17 When store terminal payment unit 301 receives property data from portable terminal 2, the determination as to whether or not the data has been received from portable terminal 2 is affirmative in step S1702 of FIG. 17, and the received data is charged in step S1704. The determination of whether or not the balance shortage information is a negative determination. In this case, the process in FIG. 17 proceeds to step S1706.
  • step S 1706 the storefront terminal settlement unit 301 records the property data received from the mobile terminal 2 in the secondary storage device 34. As a result, the user pays the store terminal 3 using the property data charged in advance in the portable terminal 2.
  • the shop terminal payment unit 301 displays a payment completion screen as a screen 302 on the display 38B.
  • FIG. 24 shows an example of the payment completion screen.
  • the payment completion screen includes a message display area 302b.
  • the message display area 302b displays a message indicating that payment has been completed.
  • the storefront terminal payment unit 301 deletes the imaging data and vein data recorded in the secondary storage device 34, and completes the payment process (END in FIG. 17). By erasing two types of data each time payment is completed, personal information such as a finger vein pattern can be prevented from being misused or misused.
  • step S1908 in FIG. 19 determines whether the subtraction amount calculated in step S1908 in FIG. 19 is a value smaller than 0, the determination in step S1910 is negative. In this case, the processing in FIG. 19 proceeds to step S1916.
  • step S1916 the mobile terminal settlement unit 203 transmits the charge balance shortage information to the store terminal 3 and ends the settlement process (END in FIG. 19). In this case, property data is not transmitted from the portable terminal 2 to the storefront terminal 3.
  • step S1702 in FIG. 17 is affirmative, and the determination in step S1704 is subsequently affirmative. In this case, the process in FIG. 17 proceeds to step S1712.
  • the storefront terminal payment unit 301 displays a charge balance shortage screen as a screen 302 on the display 38B.
  • FIG. 25 shows an example of a charge balance shortage screen.
  • the charge balance shortage screen includes a message display area 302b.
  • the message display area 302b displays a message indicating that payment cannot be made because the property data charged in the mobile terminal 2 is less than the current payment amount. Further, the message display area 302b on the insufficient charge balance screen may display a message prompting the user to pay by another method.
  • step S1710 the storefront terminal payment unit 301 deletes the imaging data and vein data recorded in the secondary storage device 34, and completes the payment process (END in FIG. 17).
  • the storefront terminal 3 includes means for prompting the user to complete payment.
  • step S1608 in FIG. 16 the determination as to whether or not the authentication is successful is negative. In this case, the process in FIG. 16 proceeds to step S1614.
  • step S1614 the storefront terminal settlement unit 301 displays an authentication failure screen as the screen 302 on the display 38B. Subsequently, the processing of the storefront terminal settlement unit 301 shifts to FIG.
  • FIG. 26 shows an example of an authentication failure screen.
  • the authentication failure screen includes a message display area 302b.
  • the message display area 302b displays a message indicating that the authentication has failed and that the payment processing is to be stopped.
  • the storefront terminal payment unit 301 deletes the imaging data and vein data (S1710), and ends the payment process (END in FIG. 17). In this case, as in the case where the charge balance is insufficient, the store terminal 3 has not received the property data necessary for payment, and thus payment has not been completed.
  • FIG. 27 is a sequence diagram showing exchange of information between the storefront terminal 3 and the portable terminal 2 regarding the settlement processing according to the first embodiment of the present disclosure described above.
  • Each step shown in FIG. 27 corresponds to each step in FIGS.
  • branches existing during the settlement process are omitted.
  • a case where a negative determination in step S1608, an affirmative determination in step S1704, or a negative determination in step S1812 is omitted.
  • a case of either a negative determination in step S1904 or step S1910 and an affirmative determination in step S2008 is omitted.
  • biometric authentication for user authentication is performed using human body communication between the mobile terminal 2 and the storefront terminal 3 via the human body 5 of the user wearing the mobile terminal 2.
  • the property data is transmitted from the portable terminal 2 to the storefront terminal 3.
  • vein data for biometric authentication is transmitted from the portable terminal 2 to the storefront terminal 3 each time a payment is made, and the vein data is deleted from the storefront terminal 3 after the settlement is completed.
  • the vein data recorded in the secondary storage device 24 of the mobile terminal 2 is transmitted from the account server 1 to the mobile terminal 2 when the property data is charged.
  • the vein pattern changes due to aging or disease a plurality of mobile phones corresponding to the individual account area can be corrected by correcting the vein pattern recorded in the individual account area 111 of the account server 1.
  • the vein data of the terminal 2 can be updated.
  • FIG. 28 illustrates a configuration of the biometric authentication unit 307a according to the second embodiment of the present disclosure.
  • the finger guide 310 arranged in the distal direction (horizontal left direction in FIG. 5) of the two finger guides is replaced with the transmission / reception unit 306 of the first embodiment.
  • a rod 306a is disposed.
  • the rod 306a functions as an antenna (portion in contact with the human body) of the human body communication transmitting / receiving unit. That is, the rod 306a of this embodiment substitutes for the function of the transmission / reception unit 306 of the first embodiment.
  • the rod 306a is fitted to one of the finger guides 310 so as to be vertically movable in the vertical direction, and is urged vertically upward by a spring (not shown).
  • a switch 316 is disposed below the rod 306a. When the rod 306a is pressed against the spring, the switch 316 changes from off to on, thereby detecting that the rod 306a is pressed.
  • FIG. 29 and 30 are flowcharts illustrating an example of a processing program for performing settlement in the present embodiment.
  • FIG. 29 shows an example of a processing program executed by the CPU 30 as the storefront terminal payment unit 301
  • FIG. 30 shows an example of a processing program executed by the CPU 20 as the mobile terminal payment unit.
  • the processing executed by the storefront terminal payment unit 301 shown in FIG. 29 differs from the processing of the first embodiment shown in FIGS. 16 and 17 in that the data received in step S1704 is insufficient charge balance information. If the determination is NO, the process proceeds to step S1706 to execute payment (that is, the storefront terminal payment unit 301 records the property data received from the portable terminal 2 in the secondary storage device 34). Instead, the processing in steps S2902 to S2910 is executed to inquire the user whether or not settlement is possible.
  • step S1910 is whether or not the subtraction amount is 0 or more is an affirmative determination
  • step S1912 the property data is not transmitted to the store terminal 3, but steps S3002 to S3006 are performed. Execute the process.
  • step S1904 in FIG. 30 the determination in step S1904 in FIG. 30 is affirmative. In this case, the processing in FIG. 30 proceeds to step S3002.
  • step S3002 the mobile terminal settlement unit 203 transmits the inquiry information to the storefront terminal 3.
  • the store terminal payment unit 301 inquires of the user whether the payment is possible.
  • step S1702 in FIG. 29 it is determined whether or not data has been received from portable terminal 2, and then in step S1704.
  • the determination whether the received data is insufficient charge balance information is a negative determination. In this case, the processing in FIG. 29 proceeds to step S2902.
  • step S2902 the in-store terminal settlement unit 301 displays an inquiry screen as a screen 302 on the display 38B, and substitutes 0 for a variable T1 recorded in the secondary storage device 34 to start a soft timer.
  • the variable T1 indicates the time that has elapsed since the inquiry screen was displayed. When the soft timer is activated, the elapsed time T1 is measured.
  • FIG. 31 shows an example of an inquiry screen.
  • the inquiry screen includes a message display area 302b, a payment amount display area 302e, and an approval message display area 302f.
  • the message display area 302b displays a message indicating that preparation for payment has been completed
  • the payment amount display area 302e displays the consideration (ie, payment amount)
  • the approval message display area 302f approves the current transaction. Display an inquiry message about whether or not to settle.
  • the user When the user wishes to approve the transaction and execute settlement, the user applies a force downward in the vertical direction with the finger 501 and presses the rod 306a with which the finger 501 is contacting against the repulsive force of the spring (see FIG. 28). As a result, the switch 316 of the biometric authentication unit 307a changes from off to on and detects pressing of the rod 306a.
  • the shop terminal payment unit 301 waits for the switch 316 of the biometric authentication unit 307a to detect the pressing of the rod 306a until a predetermined time elapses after the execution of step S2902.
  • the predetermined time is 10 seconds.
  • step S2904 determines whether or not the biometric authentication unit 307a has detected a press in step S2904 has detected a press in step S2904.
  • step S2908 the shop terminal payment unit 301 determines whether or not the elapsed time T1 has exceeded a predetermined time. Until either the determination in step S2904 is affirmative or the determination in step S2908 is affirmative, store terminal payment unit 301 continues to wait for detection of pressing of rod 306a.
  • step S2904 the determination as to whether or not the pressing of the biometric authentication unit 307a has been detected is an affirmative determination. In this case, the processing in FIG. 29 proceeds to step S2906.
  • step S2906 the shop terminal payment unit 301 transmits the approval information to the mobile terminal 2.
  • the mobile terminal settlement unit 203 waits for reception of information from the storefront terminal 3 when the determination in step S1910 of FIG. Specifically, whether or not the approval information is received from the storefront terminal 3 in step S3004 is affirmative, or whether or not non-approval information is received from the storefront terminal 3 is determined in the subsequent step S3006. The mobile terminal settlement unit 203 continues to wait for reception of information from the storefront terminal 3 until one of the determinations is satisfied.
  • step S2604 becomes an affirmative determination.
  • the processing in FIG. 30 proceeds to step S1912.
  • the subsequent processing is the same as the processing of the first embodiment shown in FIGS.
  • step S2908 it is determined whether T1 has exceeded 10 seconds. In this case, the process in FIG. 29 proceeds to step S2910.
  • step S2910 the shop terminal payment unit 301 transmits non-approval information to the mobile terminal 2, and displays a payment cancellation screen as a screen 302 on the display 38B.
  • FIG. 32 shows an example of the settlement cancellation screen.
  • the inquiry screen includes a message display area 302b, a payment amount display area 302e, and an unapproved message display area 302g.
  • the message display area 302b displays a message that the settlement has not been approved
  • the payment amount display area 302e displays the consideration (ie, the payment amount)
  • the non-approval message display area 302g displays the current transaction.
  • a message prompting you to cancel the payment and prompting payment by other methods is displayed.
  • step S2604 When the mobile terminal settlement unit 203 receives the non-approval information from the storefront terminal 3, the determination in step S2604 becomes a negative determination, and then the determination whether or not the non-approval information is received in step S2606 becomes a positive determination. In this case, the process in FIG. 30 ends.
  • FIG. 33 is a sequence diagram illustrating information exchange between the storefront terminal 3 and the mobile terminal 2 regarding the settlement processing according to the second embodiment of the present disclosure described above.
  • Each step shown in FIG. 33 corresponds to each step in FIGS.
  • branches existing during the settlement process are omitted.
  • the elapsed time T1 from the time when the inquiry screen is displayed is measured. If the pressing of the rod 306a by the user is not detected even after the predetermined time has elapsed (for example, when T1 exceeds 10 seconds), the user considers that the current transaction has been rejected, and the process is performed without executing the settlement. finish.
  • the secondary storage device 24 of the mobile terminal 2 records only one vein data that can identify the owner of the individual account area 111.
  • the individual account area 111 of the account server 1 records single vein data.
  • Biological information for identifying an individual such as a vein pattern changes little by little due to aging or changes over time. If the degree of this change is slight, it can be covered by a known pattern recognition technique. However, if the registered pattern is very old from the viewpoint of the time scale of the change of the biometric information, the degree of change of the biometric information is large, so that the possibility of an authentication error increases.
  • the authentication mistake means that the authentication fails in the biometric authentication during the payment process even though the user who is the original owner of the mobile terminal 2 is executing the payment.
  • a plurality of predetermined numbers of vein data are recorded in the individual account area 111 of the account server 1 and the secondary storage device 24 of the mobile terminal 2, and these plurality of vein data are in the process of settlement. Used for biometric authentication.
  • the predetermined number will be described below as 5 as an example.
  • the vein data recorded in the specific individual account area 111 of the account server 1 is updated unless the user voluntarily performs an update operation. It was never done.
  • the vein data recorded in the secondary storage device 24 of the portable terminal 2 has not been updated unless the user executes the charging process.
  • the image data captured by the image sensor 314 of the biometric authentication unit 307 of the storefront terminal 3 is transmitted to the mobile terminal 2 for secondary storage. Recorded in device 24. That is, every time biometric authentication succeeds in the payment process, the vein data recorded in the secondary storage device 24 of the mobile terminal 2 is updated with the latest imaging data.
  • the vein data stored in the individual account area 111 of the account server 1 is stored in the currently stored five vein data of the mobile terminal 2.
  • the latest 5 are rewritten. That is, every time the personal authentication by the password is affirmed in the charging process, the vein data stored in the individual account area 111 of the account server 1 is updated to the latest one.
  • the individual account area 111 of the account server 1 In the individual account area 111 of the account server 1 according to the present embodiment, five sets of vein data are registered in advance. By registering 5 sets instead of single data, for example, it is possible to absorb differences due to variations in finger positions during registration. Therefore, the user images the vein pattern five times in advance and registers each data as the first to fifth data. Each of the five sets of vein data is associated with data registration date and registration time information.
  • FIG. 34 and 35 are flowcharts showing an example of a processing program for charging property data in this embodiment.
  • FIG. 34 shows an example of a processing program executed by the mobile terminal charging unit 201
  • FIG. 35 shows an example of a processing program executed by the account server charging unit 101.
  • the processing executed by the portable terminal charging unit 201 shown in FIG. 34 differs from the processing of the first embodiment shown in FIGS. 6 and 7 in that the data received in step S614 is a password request again. If the determination is NO, the process of steps S3402 to S3404 is executed instead of step S616, and the balance data and the five vein data are received from the account server 1 and stored in the secondary storage device 24. It is a point to record.
  • the processing executed by the account server charge unit 101 shown in FIG. 35 corresponding to steps S3402 to S3404 of FIG. 34 is the same as the processing of the first embodiment shown in FIGS. Different. That is, if the determination whether the password received from the portable terminal 2 is correct in S806 is an affirmative determination, the process of steps S3502 to S3508 is executed instead of step S808, and the balance data and the updated data are updated. The latest five vein data are transmitted to the portable terminal 2.
  • step S806 in FIG. 35 (and FIG. 8) is affirmative.
  • processing in FIG. 35 proceeds to step S3502.
  • step S3502 the account server charge unit 101 transmits a request for vein data to the mobile terminal 2.
  • step S ⁇ b> 612 of FIG. 34 (and FIG. 6)
  • a determination is made as to whether or not data has been received from the account server 1. It becomes.
  • step S614 the determination whether the received data is a password request again is negative. In this case, the process in FIG. 34 proceeds to step S3402.
  • step S3402 the mobile terminal charging unit 201 transmits the five vein data recorded in the secondary storage device 24 to the account server 1.
  • step S3504 in FIG. 35 the account server charge unit 101 receives five vein data from the portable terminal 2.
  • step S3506 the account server charge unit 101 selects five sets with the newest data registration date and registration time from the current ten sets of vein data, and handles the selected five sets as new vein data. Are recorded in the individual account area 111 and the remaining five sets are deleted.
  • the current 10 sets of data include 5 sets of vein data stored in a specific individual account area 111 (specified by a password) owned by the user who is performing the charge process, and mobile data It consists of five sets of vein data received from the terminal 2.
  • step S3508 account server charge unit 101 transmits the updated five vein data of individual account area 111 to portable terminal 2. Thereafter, the processing in FIG. 35 proceeds to step S902.
  • the subsequent processing of the account server charge unit 101 is the same as the processing of the first embodiment shown in FIG.
  • the mobile terminal charging unit 201 receives the five vein data of the individual account area 111 updated from the account server 1 and records them in the secondary storage device 24.
  • the five sets of vein data recorded in the specific individual account area 111 of the account server 1 and the five sets of vein data recorded in the secondary storage device 24 of the mobile terminal 2 are synchronized.
  • step S702 The subsequent processing of the portable terminal charging unit 201 is the same as the processing of the first embodiment shown in FIG.
  • FIG. 36 is a sequence diagram illustrating information exchange between the mobile terminal 2 and the account server 1. Each step shown in FIG. 36 corresponds to each step in FIGS. For convenience of illustration, it should be noted that in FIG. 36, as in the sequence diagram of FIG. 15, branches existing during the charge process are omitted.
  • FIGS. 37 and 38 The authentication process in the settlement process of the present embodiment is illustrated in FIGS. 37 and 38 as a subroutine.
  • FIG. 37 is a subroutine showing an example of a processing program executed by the CPU 30 as the shop terminal payment unit 301
  • FIG. 38 is a subroutine showing an example of a processing program executed by the CPU 20 as the mobile terminal payment unit 203.
  • step S3702 of FIG. 37 the storefront terminal settlement unit 301 substitutes 0 for a variable G stored in the secondary storage device 34.
  • G is a binary variable representing success or failure of authentication in the storefront terminal payment unit 301.
  • the storefront terminal payment unit 301 transmits a request for vein data to the mobile terminal 2 in step S1804 as in the first embodiment.
  • the mobile terminal settlement unit 203 of this embodiment Upon receipt of the vein data request from the storefront terminal 3, the mobile terminal settlement unit 203 of this embodiment starts an authentication process subroutine (START in FIG. 38). Similarly to the first embodiment, in step S2002, the mobile terminal settlement unit 203 substitutes 0 for a variable H stored in the secondary storage device 24.
  • step S3802 the mobile terminal settlement unit 203 reads the requested five vein data from the secondary storage device 24 and transmits it to the store terminal 3. Note that, in step S3802 of FIG. 38, five sets of vein data are transmitted to the storefront terminal 3, unlike S2004 of the first embodiment shown in FIG.
  • the shop terminal payment unit 301 receives five vein data from the portable terminal 2 and records them in the secondary storage device 34. Note that, in step S3704 of FIG. 37, five sets of vein data are received from the portable terminal 2 unlike S1806 of the first embodiment shown in FIG.
  • step S1808 as in the first embodiment, the storefront terminal settlement unit 301 captures the contact object in contact with the finger guide 310 in the biometric authentication unit 307 and records the captured data in the secondary storage device 34. To do. Thereafter, the processing in FIG. 37 proceeds to step S3706.
  • step S3706 the shop terminal payment unit 301 substitutes 1 for a variable I stored in the secondary storage device.
  • the natural number I as an ordinal number is assigned to 5 sets of vein data in the order of registration. Therefore, the first set of vein data is vein data registered at the latest time, and the fifth set is vein data registered at the oldest time.
  • variable F which is an integer representing the number of authentication attempts in the processing of the first embodiment shown in FIG. F indicates the number of times step S1808 is repeated in the process of FIG. That is, F indicates the number of times the biometric authentication unit 307 has created the imaging data.
  • the execution of step S1808 is not repeated, and imaging data is created only once.
  • step S3708 the shop terminal payment unit 301 reads the image data captured by the image sensor 314 and the I-th vein data from the secondary storage device 34, and compares the vein patterns included in the two data.
  • step S1812 is negative. In this case, the process in FIG. 37 proceeds to step S3714.
  • step S3714 If I is smaller than 6, the determination in step S3714 is a negative determination. In this case, the process in FIG. 37 returns to step S3708.
  • step S1812 determines whether the imaging data and the I-th vein data is a valid vein data.
  • steps S3708 to S3714 are repeated. That is, the comparison / collation between the imaging data and the I-th vein data is repeated.
  • step S3708, 1 is added to variable I in step S3710.
  • step S3714 is an affirmative determination. In this case, authentication has already failed for all five sets of vein data, and biometric authentication failure in this embodiment is confirmed.
  • step S1822 the processing in FIG. 37 proceeds to step S1822.
  • step S ⁇ b> 1822 the storefront terminal payment unit 301 transmits authentication failure information to the mobile terminal 2.
  • the subroutine executed by the storefront terminal settlement unit 301 shown in FIG. 37 transmits authentication success information or authentication failure information to the mobile terminal 2 in step S3713 or S1822, and also uses a secondary storage device.
  • the mobile terminal settlement unit 203 waits for the result of the authentication process to be transmitted from the storefront terminal 3.
  • the subsequent process executed by the mobile terminal settlement unit 203 is substantially the same as the process of the first embodiment shown in FIG. 20, but is different only when the determination in step S2006 is an affirmative determination.
  • step S2006 is an affirmative determination. In this case, the processing in FIG. 38 proceeds to step S3804.
  • step S3804 the mobile terminal settlement unit 203 receives the imaging data transmitted from the storefront terminal 3 in step S3712 of FIG.
  • reception of authentication success information and reception of imaging data are shown as separate steps. However, the authentication success information and the imaging data transmitted from the storefront terminal 3 in step S3712 are actually received by the mobile terminal settlement unit 203 at a time.
  • the mobile terminal settlement unit 203 deletes one set with the oldest registration time from the five sets of vein data recorded in the secondary storage device 24, and uses the imaging data received from the storefront terminal 3 as the received data.
  • the replacement and authentication process subroutine ends (RETURN in FIG. 38).
  • step S3506 in FIG. 35 and step S3404 in FIG. 34 in the charge processing of the present embodiment, so that the five sets recorded in the specific individual account area 111 of the account server 1
  • the vein data and the five sets of vein data recorded in the secondary storage device 24 of the portable terminal 2 are synchronized to eliminate the vein data.
  • FIG. 39 is a sequence diagram showing exchange of information between the storefront terminal 3 and the portable terminal 2 regarding the settlement processing according to the third embodiment of the present disclosure described above.
  • Each step shown in FIG. 39 corresponds to each step in FIGS.
  • branches existing during the settlement process are omitted.
  • the user accesses a specific individual account area 111 of the account server 1 remotely via the network 4 on April 2 using a bank dedicated terminal or the like, and registers A1 to A3. It is assumed that the individual account area 111 is accessed again every day to register A4 and A5.
  • the user connects the mobile terminal 2 to the account server 1 and performs the first charging process.
  • the vein pattern data of A1 to A5 is downloaded from the account server 1 to the portable terminal 2 and recorded in the secondary storage device 24 in step S3404 shown in FIG.
  • step S3806 shown in FIG. 38, the oldest A1 is deleted from the secondary storage device 24 of the portable terminal 2 and is imaged by the biometric authentication unit 307 of the storefront terminal 3 instead.
  • the imaging data is registered in the portable terminal as A6.
  • the vein pattern data recorded in the corresponding individual account area 111 of the account server 1 does not change.
  • the vein data of the account server 1 is updated at 15:30 on April 8.
  • the user accesses the individual account area 111 of the account server 1 and registers the data B1 at some occasion, or the user executes a charge process for another portable terminal 2a and is recorded in the portable terminal 2a.
  • B1 is selected as one of the new individual account data in step S3506 shown in FIG.
  • the vein pattern data B1 is newly registered in the account server 1, and A1 is deleted.
  • the vein pattern data recorded in the secondary storage device 24 of the portable terminal 2 does not change.
  • step S3806 shown in FIG. 38 the oldest A2 is deleted from the secondary storage device 24 of the portable terminal 2, and is imaged by the biometric authentication unit 307 of the storefront terminal 3 instead.
  • the imaging data is registered in the portable terminal as A7.
  • the vein pattern data recorded in the corresponding individual account area 111 of the account server 1 does not change.
  • step S3506 shown in FIG. 35 the account server 1 records the five vein data recorded in the individual account area 111 and the secondary storage device 24 of the portable terminal 2. Each of the five vein data that has been stored is compared, and five sets of data are selected from the most recently registered data, and the other five sets of data are deleted. As a result, A7, B1, A6, A5, and A4 remain in the individual account area 111 of the account server 1 in order from the newest one.
  • step S3506 shown in FIG. 35 the account server 1 transfers this information to the mobile terminal 2, and as a result, in step S3404 of FIG. Will be synced to
  • the same processing is performed for the other mobile terminals 2a, 2b, 2c, etc. owned by the user in addition to the mobile terminal 2.
  • the latest vein data is always recorded in the account server 1 for the vein data as biometric information for specifying the user, and is synchronized with the portable terminal 2 during the charge process.
  • the account server charge unit 101 transmits a vein data request to the mobile terminal 2 in step S3502, receives five vein data recorded in the mobile terminal 2 in step S3504, and performs step S3506.
  • the new and old relationships of the total 10 vein data are judged, the new 5 vein data are left, and the others are deleted.
  • the account server charge unit 101 receives not only the vein data itself from the mobile terminal 2 but only the data indicating the anteroposterior relationship of each vein data, such as the registration date, and then determines the new / old relationship based on the data, and then necessary Only the vein data may be requested from the portable terminal 2 and received.
  • biometric authentication can always be performed using the latest vein data, so that it is possible to prevent an authentication error from occurring during biometric authentication during settlement processing.
  • the result of biometric authentication during the settlement process is either authentication success or authentication failure.
  • pattern recognition it is well known to calculate a similarity indicating the degree of similarity as a result of comparison / collation of two images. .
  • the similarity between the imaging data and the vein data is calculated, and the maximum number of trials that can be authenticated is set according to the similarity.
  • a plurality of predetermined number of vein data is recorded in the individual account area 111 of the account server 1 and the secondary storage device 24 of the portable terminal 2, and the plurality of vein data is recorded. Is used for biometric authentication during the payment process.
  • the predetermined number will be described below as 5 as an example.
  • FIG. 41 is a subroutine showing an example of a processing program executed by the storefront terminal payment unit 301.
  • the processing program executed by the mobile terminal settlement unit 203 is the same as the authentication process subroutine of the first embodiment shown in FIG. More precisely, in step S2004 of the processing program executed by the mobile terminal settlement unit 203 of the present embodiment, the mobile terminal settlement unit 203 transmits five sets of vein data to the store terminal 3 instead of one. Different from the embodiment.
  • step S4102 the storefront terminal payment unit 301 substitutes 0 for a variable G stored in the secondary storage device 34.
  • G is a binary variable representing success or failure of authentication in the storefront terminal payment unit 301.
  • the storefront terminal payment unit 301 transmits a request for vein data to the mobile terminal 2 in step S1804 as in the first embodiment.
  • step S4104 the shop terminal payment unit 301 receives five vein data from the portable terminal 2 and records them in the secondary storage device 34. Subsequently, the processing of FIG. 41 proceeds to step S1808.
  • step S ⁇ b> 1808 as in the first embodiment, the storefront terminal payment unit 301 uses the biometric authentication unit 307 to image a contact object that is in contact with the finger guide 310 and records the image data in the secondary storage device 34. . Thereafter, the processing in FIG. 41 proceeds to step S4106.
  • step S4106 the shop terminal payment unit 301 substitutes 0 for a variable I stored in the secondary storage device 34.
  • the significance of the variable I is as described in the third embodiment.
  • step S4108 the storefront terminal settlement unit 301 reads the image data captured by the image sensor 314 and the I-th vein data from the secondary storage device 34, compares the vein patterns included in the two data, and is similar. While calculating the degree, 1 is added to the variable I.
  • step S4108 of this embodiment a pattern similarity or a mismatch is not obtained as in the first to third embodiments, but a quantitative similarity is calculated. I want to be. As an example, the description will be made assuming that the similarity is expressed in%.
  • step S4114 the shop terminal payment unit 301 determines whether or not the similarity obtained as a result of the execution of step S4108 is 90% or more. If the determination in step S4114 is affirmative, the process in FIG. 41 proceeds to step S1814.
  • step S4114 determines whether the similarity obtained as the execution result of step S4108 is less than 90%. If the similarity obtained as the execution result of step S4108 is less than 90%, the determination in step S4114 is negative. In this case, the process in FIG. 41 proceeds to step S4116.
  • step S4116 the shop terminal payment unit 301 determines whether the similarity obtained as an execution result of step S4108 is 60% or more. If the determination in step S4116 is affirmative, the process in FIG. 41 proceeds to step S4120.
  • step S4120 the shop terminal payment unit 301 substitutes 3 for the variable J stored in the secondary storage device. Subsequently, the processing of FIG. 41 proceeds to step S4126.
  • the variable J is a natural number representing the maximum number of authentication attempts in the present embodiment.
  • the vein data is set to 5 sets as an example, and therefore the variable J does not take a value of 6 or more.
  • step S4116 is negative. In this case, the processing in FIG. 41 proceeds to step S4118.
  • step S4118 the shop terminal payment unit 301 determines whether the similarity obtained as an execution result of step S4108 is 30% or less. If the determination in step S4118 is a negative determination, the process in FIG. 41 proceeds to step S4122.
  • step S412 the storefront terminal payment unit 301 substitutes 5 for a variable J stored in the secondary storage device. Subsequently, the processing of FIG. 41 proceeds to step S4126.
  • biometric authentication is set so that it can be performed a maximum of five times so that all five sets of vein data can be used.
  • step S4118 is affirmative. In this case, the process in FIG. 41 proceeds to step S4128.
  • step S4108 the second and subsequent authentications are executed, and when 1 is added to I and the similarity is newly calculated, since I is 2 or more, the determination in step S4110 is negative. In this case, the process in FIG. 41 proceeds to step S4112.
  • step S4112 it is determined whether or not the most recently calculated similarity is 80% or more. If the determination in step S4112 is affirmative, the process in FIG. 41 proceeds to step S1814 described above.
  • step S4112 Unless the determination in step S4112 is affirmative, the processes in steps S4108, S4110, S4112, and S4126 are repeated. That is, the calculation of the similarity is repeated by comparing the imaging data with the I-th vein data. Each time collation is performed in step S4108, 1 is added to the variable I.
  • the subroutine executed by the storefront terminal payment unit 301 shown in FIG. 41 transmits authentication success information or authentication failure information to the mobile terminal 2 in step S1814 or S4128, and also uses a secondary storage device.
  • the exchange of information between the devices is illustrated in FIG. 27 except that five vein data are transmitted from the mobile terminal 2 to the store terminal 3. This is the same as in the first embodiment. Therefore, the sequence diagram regarding the payment processing according to the fourth embodiment of the present disclosure is omitted.
  • the biometric information used in the biometric authentication process in the settlement process is a finger vein pattern of a predetermined hand of an individual who is an owner of a financial institution account.
  • the biometric information used in the biometric authentication process in the present disclosure is not limited to the finger vein pattern of the hand.
  • any biometric information such as a fingerprint of a finger, a palm print, a voice print, and a face image can be used as long as an individual can be identified and authenticated.
  • the storefront terminal 3 of the present disclosure includes a biometric authentication device appropriately configured according to target biometric information, instead of the biometric authentication unit 307.
  • a voice authentication device that performs voice recognition on a voice print
  • an image authentication device that executes image recognition on a fingerprint of a finger, a palm print, or a face image.
  • authentication during the settlement process of the present disclosure is not necessarily limited to biometric authentication.
  • any identification information such as name, address, and password can be used as long as an individual can be identified and authenticated.
  • the storefront terminal 3 according to the present disclosure includes an authentication device appropriately configured according to target identification information, instead of the biometric authentication unit 307.
  • a character string authentication apparatus that performs character string recognition for a name, an address, a password, and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Provided is a property-data reception device including: (1) an authentication unit that executes personal authentication of a user; and (2) a first communication unit that receives property data when the personal authentication is affirmative.

Description

財産データ送受信システムProperty data transmission / reception system
 本開示は、財産データ送受信システム、及び財産データ送受信システムに用いられる財産データ受信装置、財産データ送信装置、方法、プログラムに関する。 This disclosure relates to a property data transmission / reception system, and a property data reception device, property data transmission device, method, and program used in the property data transmission / reception system.
 従来、電界型近接場通信(Electric Near Field Communication、電界型NFC、eNFC)を利用した認証システムが知られている。例えば、特開2011-123729号は、利用者が所持している人体通信モジュールと、金融機関に置かれたATM(Automatic Teller Machine)との間での本人認証を開示している。特開2011-123729号では、ATMは、人体通信部において人体通信モジュールに記憶されている利用者の生体情報を含む第1データを人体通信を介して取得するとともに、読取部において利用者の生体情報を直接読み取って第2データを作成し、第1データと第2データのそれぞれに含まれる生体情報を照合することにより、本人認証を行っている。 Conventionally, an authentication system using electric field type near field communication (electric field near field communication, electric field type NFC, eNFC) is known. For example, Japanese Patent Laid-Open No. 2011-123729 discloses personal authentication between a human body communication module possessed by a user and an ATM (Automatic Teller Machine) placed in a financial institution. In Japanese Patent Application Laid-Open No. 2011-123729, ATM acquires first data including user biometric information stored in the human body communication module in the human body communication unit via human body communication, and also reads the user's biometric in the reading unit. The personal authentication is performed by directly reading the information to create the second data and collating the biometric information included in each of the first data and the second data.
 本開示の第1の態様は、ユーザーの本人認証を実行する認証部と、前記本人認証が肯定された場合に財産データを受信する第1通信部と、を含む、財産データ受信装置である。 A first aspect of the present disclosure is a property data receiving apparatus including an authentication unit that performs user authentication and a first communication unit that receives property data when the user authentication is positive.
 本開示の第2の態様は、上記第1の態様に係る財産データ受信装置と通信する財産データ送信装置であって、前記本人認証が肯定された場合に前記財産データを送信する第2通信部を含む、財産データ送信装置である。 A second aspect of the present disclosure is a property data transmitting apparatus that communicates with the property data receiving apparatus according to the first aspect, wherein the second communication unit transmits the property data when the personal authentication is affirmed. A property data transmitting apparatus including
 本開示の第3の態様は、上記第1の態様に係る財産データ受信装置と、上記第2の態様に係る財産データ送信装置と、を含む、財産データ送受信システムである。 A third aspect of the present disclosure is a property data transmission / reception system including the property data receiving apparatus according to the first aspect and the property data transmitting apparatus according to the second aspect.
 本開示の第4の態様は、ユーザーの本人認証を実行し、前記本人認証が肯定された場合に財産データを受信する、財産データ受信方法である。 The fourth aspect of the present disclosure is a property data receiving method that executes user authentication and receives property data when the user authentication is affirmed.
 本開示の第5の態様は、店側装置とユーザー側装置とを用いた財産データ送受信方法であって、店側装置に、(i)ユーザーの第1識別データを取得させ、(ii)ユーザーの第2識別データをユーザー側装置から受信させ、(iii)取得された前記第1識別データと、受信された前記第2識別データとを用いてユーザーの本人認証を実行させ、 ユーザー側装置に、(iv)財産データと、前記第2識別データとを予め記録させ、(v)前記本人認証が肯定された場合に、前記財産データを前記店側装置へ送信させる、財産データ送受信方法である。 A fifth aspect of the present disclosure is a property data transmission / reception method using a store-side device and a user-side device, and causes the store-side device to acquire (i) first identification data of a user, and (ii) a user The second identification data is received from the user side device, and (iii) the user side authentication is executed using the acquired first identification data and the received second identification data, and the user side device (Iv) A property data transmission / reception method in which property data and the second identification data are recorded in advance, and (v) the property data is transmitted to the store side device when the personal authentication is affirmed. .
 本開示の第6の態様は、コンピュータに、ユーザーの本人認証を実行し、前記本人認証が肯定された場合に財産データを受信する、ことを含む処理を実行させる、プログラムである。 A sixth aspect of the present disclosure is a program that causes a computer to execute a process including executing user authentication and receiving property data when the user authentication is positive.
本開示の第1実施形態の決済システムの概略構成の一例を示す図である。It is a figure which shows an example of schematic structure of the payment system of 1st Embodiment of this indication. 本開示の第1実施形態に係る口座サーバの第二記憶装置の一例を示すブロック図である。It is a block diagram showing an example of the 2nd storage of the account server concerning a 1st embodiment of this indication. 本開示の第1実施形態に係る携帯端末の電気系の要部構成の一例を示すブロック図である。It is a block diagram showing an example of important section composition of an electric system of a personal digital assistant concerning a 1st embodiment of this indication. 本開示の第1実施形態に係る店頭端末の電気系の要部構成の一例を示すブロック図である。It is a block diagram which shows an example of a principal part structure of the electrical system of the shop front terminal which concerns on 1st Embodiment of this indication. 本開示の第1実施形態において実行される人体通信が行われる態様の一例を示す図である。It is a figure which shows an example of the aspect in which the human body communication performed in 1st Embodiment of this indication is performed. 本開示の第1実施形態に係る店頭端末の生体認証部の構成を示す図である。It is a figure which shows the structure of the biometric authentication part of the shop front terminal which concerns on 1st Embodiment of this indication. 本開示の第1実施形態に係るチャージ処理に関し、携帯端末のCPUが実行するプログラムの一例を示すフローチャートの前半である。It is the first half of the flowchart which shows an example of the program which CPU of a portable terminal performs regarding the charge process which concerns on 1st Embodiment of this indication. 本開示の第1実施形態に係るチャージ処理に関し、携帯端末のCPUが実行するプログラムの一例を示すフローチャートの後半である。It is the second half of the flowchart which shows an example of the program which CPU of a portable terminal performs regarding the charge process which concerns on 1st Embodiment of this indication. 本開示の第1実施形態に係るチャージ処理に関し、口座サーバのCPUが実行するプログラムの一例を示すフローチャートの前半である。It is the first half of the flowchart which shows an example of the program which CPU of an account server performs regarding the charge process which concerns on 1st Embodiment of this indication. 本開示の第1実施形態に係るチャージ処理に関し、口座サーバのCPUが実行するプログラムの一例を示すフローチャートの後半である。It is the second half of the flowchart which shows an example of the program which CPU of an account server performs regarding the charge process which concerns on 1st Embodiment of this indication. 携帯端末のディスプレイに表示されたパスワード要求画面の一例を示す図である。It is a figure which shows an example of the password request | requirement screen displayed on the display of a portable terminal. 携帯端末のディスプレイに表示されたパスワード再要求画面の一例を示す図である。It is a figure which shows an example of the password re-request screen displayed on the display of a portable terminal. 携帯端末のディスプレイに表示されたチャージ金額入力画面の一例を示す図である。It is a figure which shows an example of the charge amount input screen displayed on the display of a portable terminal. 携帯端末のディスプレイに表示された限度額超過画面の一例を示す図である。It is a figure which shows an example of the limit excess screen displayed on the display of a portable terminal. 携帯端末のディスプレイに表示された口座残高不足画面の一例を示す図である。It is a figure which shows an example of the account balance shortage screen displayed on the display of a portable terminal. 本開示の第1実施形態に係るチャージ処理に関し、携帯端末と口座サーバとの間での情報のやり取りを示すシーケンス図である。It is a sequence figure showing exchange of information between a personal digital assistant and an account server about charge processing concerning a 1st embodiment of this indication. 本開示の第1実施形態に係る決済処理に関し、店頭端末のCPUが実行するプログラムの一例を示すフローチャートの前半である。It is the first half of the flowchart which shows an example of the program which CPU of a shop front terminal performs regarding the payment process which concerns on 1st Embodiment of this indication. 本開示の第1実施形態に係る決済処理に関し、店頭端末のCPUが実行するプログラムの一例を示すフローチャートの後半である。It is the latter half of the flowchart which shows an example of the program which CPU of a shop front terminal performs regarding the payment process which concerns on 1st Embodiment of this indication. 本開示の第1実施形態に係る決済処理に関し、認証プロセスに係る店頭端末のサブルーチンの内容を示すフローチャートである。It is a flowchart which shows the content of the subroutine of the shop front terminal which concerns on an authentication process regarding the payment process which concerns on 1st Embodiment of this indication. 本開示の第1実施形態に係る決済処理に関し、携帯端末のCPUが実行するプログラムの一例を示すフローチャートである。It is a flowchart which shows an example of the program which CPU of a portable terminal performs regarding the payment process which concerns on 1st Embodiment of this indication. 本開示の第1実施形態に係る決済処理に関し、認証プロセスに係る携帯端末のサブルーチンの内容を示すフローチャートである。It is a flowchart which shows the content of the subroutine of the portable terminal which concerns on an authentication process regarding the payment process which concerns on 1st Embodiment of this indication. 店頭端末のディスプレイに表示された決済開始画面の一例を示す図である。It is a figure which shows an example of the payment start screen displayed on the display of the shop front terminal. 店頭端末のディスプレイに表示された再撮像指示画面の一例を示す図である。It is a figure which shows an example of the re-imaging instruction | indication screen displayed on the display of a shop front terminal. 店頭端末のディスプレイに表示された認証成功画面の一例を示す図である。It is a figure which shows an example of the authentication success screen displayed on the display of the shop front terminal. 店頭端末のディスプレイに表示された決済完了画面の一例を示す図である。It is a figure which shows an example of the payment completion screen displayed on the display of the shop front terminal. 店頭端末のディスプレイに表示されたチャージ残高不足画面の一例を示す図である。It is a figure which shows an example of the charge balance shortage screen displayed on the display of the shop front terminal. 店頭端末のディスプレイに表示された認証失敗画面の一例を示す図である。It is a figure which shows an example of the authentication failure screen displayed on the display of the shop front terminal. 本開示の第1実施形態に係る決済処理に関し、店頭端末と携帯端末の間での情報のやり取りを示すシーケンス図である。It is a sequence figure showing exchange of information between a storefront terminal and a portable terminal about settlement processing concerning a 1st embodiment of this indication. 本開示の第2実施形態に係る店頭端末の生体認証部の構成を示す図である。It is a figure which shows the structure of the biometrics authentication part of the shop front terminal which concerns on 2nd Embodiment of this indication. 本開示の第2実施形態に係る決済処理に関し、店頭端末のCPUが実行するプログラムの一例を示すフローチャートである。It is a flowchart which shows an example of the program which CPU of a shop front terminal performs regarding the payment process which concerns on 2nd Embodiment of this indication. 本開示の第2実施形態に係る決済処理に関し、携帯端末のCPUが実行するプログラムの一例を示すフローチャートである。It is a flowchart which shows an example of the program which CPU of a portable terminal performs regarding the payment process which concerns on 2nd Embodiment of this indication. 店頭端末のディスプレイに表示された問合せ画面の一例を示す図である。It is a figure which shows an example of the inquiry screen displayed on the display of the shop front terminal. 店頭端末のディスプレイに表示された決済中止画面の一例を示す図である。It is a figure which shows an example of the payment cancellation screen displayed on the display of the shop front terminal. 本開示の第2実施形態に係る決済処理に関し、店頭端末と携帯端末の間での情報のやり取りを示すシーケンス図である。It is a sequence figure showing exchange of information between a storefront terminal and a portable terminal about settlement processing concerning a 2nd embodiment of this indication. 本開示の第3実施形態に係るチャージ処理に関し、携帯端末のCPUが実行するプログラムの一例を示すフローチャートである。It is a flowchart which shows an example of the program which CPU of a portable terminal performs regarding the charge process which concerns on 3rd Embodiment of this indication. 本開示の第3実施形態に係るチャージ処理に関し、口座サーバのCPUが実行するプログラムの一例を示すフローチャートである。It is a flowchart which shows an example of the program which CPU of an account server performs regarding the charge process which concerns on 3rd Embodiment of this indication. 本開示の第2実施形態に係るチャージ処理に関し、携帯端末と口座サーバとの間での情報のやり取りを示すシーケンス図である。It is a sequence figure showing exchange of information between a personal digital assistant and an account server about charge processing concerning a 2nd embodiment of this indication. 本開示の第3実施形態に係る決済処理に関し、認証プロセスに係る店頭端末のサブルーチンの内容を示すフローチャートである。It is a flowchart which shows the content of the subroutine of the shop front terminal which concerns on an authentication process regarding the payment process which concerns on 3rd Embodiment of this indication. 本開示の第3実施形態に係る決済処理に関し、認証プロセスに係る携帯端末のサブルーチンの内容を示すフローチャートである。It is a flowchart which shows the content of the subroutine of the portable terminal which concerns on an authentication process regarding the payment process which concerns on 3rd Embodiment of this indication. 本開示の第3実施形態に係る決済処理に関し、店頭端末と携帯端末の間での情報のやり取りを示すシーケンス図である。It is a sequence figure showing exchange of information between a storefront terminal and a portable terminal about settlement processing concerning a 3rd embodiment of this indication. 本開示の第3実施形態における、携帯端末及び口座サーバに記録された静脈データの更新の態様を示す図である。It is a figure which shows the aspect of the update of the vein data recorded on the portable terminal and the account server in 3rd Embodiment of this indication. 本開示の第4実施形態に係る決済処理に関し、認証プロセスに係る店頭端末のサブルーチンの内容を示すフローチャートである。It is a flowchart which shows the content of the subroutine of the shop front terminal which concerns on an authentication process regarding the payment process which concerns on 4th Embodiment of this indication.
 以下、図面を参照して、本開示の各実施形態の詳細を述べる。 Hereinafter, details of each embodiment of the present disclosure will be described with reference to the drawings.
<第1実施形態>
<システムの概要>
 図1Aに、本開示の第1実施形態に係る決済システムの全体構成を示す。 <First Embodiment>
<System overview>
FIG. 1A shows an overall configuration of a payment system according to the first embodiment of the present disclosure.
 本開示の第1実施形態に係る決済システムは、口座サーバ装置1(以下、「口座サーバ1」という)と、携帯端末装置2(以下、「携帯端末2」という)と、店頭端末装置3(以下、「店頭端末3」という)と、を含む。 The settlement system according to the first embodiment of the present disclosure includes an account server device 1 (hereinafter referred to as “account server 1”), a mobile terminal device 2 (hereinafter referred to as “mobile terminal 2”), and an in-store terminal device 3 ( Hereinafter, “shop front terminal 3”).
 本実施形態において、口座サーバ1と携帯端末2とは、ネットワーク4を介して通信を行う。したがって、本実施形態において、少なくとも口座サーバ1と携帯端末2とは、ネットワーク4に接続されている。さらに、携帯端末2と店頭端末3との間での通信は、一例として人体5を介した人体通信として行われる。 In this embodiment, the account server 1 and the mobile terminal 2 communicate via the network 4. Therefore, in this embodiment, at least the account server 1 and the mobile terminal 2 are connected to the network 4. Furthermore, communication between the portable terminal 2 and the storefront terminal 3 is performed as human body communication via the human body 5 as an example.
 図1Aに示す店頭端末3は、本開示の「財産データ受信装置」の一例である。携帯端末2は、本開示の「財産データ送信装置」の一例である。 The storefront terminal 3 shown in FIG. 1A is an example of the “property data receiving device” of the present disclosure. The mobile terminal 2 is an example of the “property data transmission device” of the present disclosure.
 図1Aには、第1実施形態に係る口座サーバ1、携帯端末2、店頭端末3の要部機能の一例を示す機能ブロック図が示されている。各装置は、後述する各々のハードウェア構成において、CPU(Central Processing Unit)が各種のプログラムを実行することにより、図1Aの機能ブロック図に示された各部として機能する。 FIG. 1A is a functional block diagram showing an example of main functions of the account server 1, the mobile terminal 2, and the storefront terminal 3 according to the first embodiment. Each device functions as each unit shown in the functional block diagram of FIG. 1A when a CPU (Central Processing Unit) executes various programs in each hardware configuration to be described later.
 図1Bは、第1実施形態に係る口座サーバ1の電気系の構成のうち、二次記憶装置14の一例を示すブロック図である。二次記憶装置14の所定の記録領域には、複数の個別口座領域111が備えられている。複数の個別口座領域111の各々は、特定の個人あるいは法人の口座データを記録している。 FIG. 1B is a block diagram illustrating an example of the secondary storage device 14 in the electrical configuration of the account server 1 according to the first embodiment. A plurality of individual account areas 111 are provided in a predetermined recording area of the secondary storage device 14. Each of the plurality of individual account areas 111 records account data of a specific individual or corporation.
 図示は省略するが、後述する携帯端末2及び店頭端末3と同様に、口座サーバ1もCPU、一次記憶部、ネットワーク4を介して携帯端末2及び店頭端末3との間でデータを送受信する外部I/Fを含み、これらは図示しないバスを介して接続されている。口座サーバ1において、CPUが二次記憶装置からプログラム(具体的には図1Bに示されたチャージモジュール)を読み出して一次記憶装置に展開し、実行することにより、CPUは図1Aの機能ブロック図に示された口座サーバチャージ部101として機能する。 Although illustration is omitted, the account server 1 is externally configured to transmit and receive data between the portable terminal 2 and the storefront terminal 3 via the CPU, the primary storage unit, and the network 4 similarly to the mobile terminal 2 and the storefront terminal 3 described later. I / F is included and these are connected via a bus (not shown). In the account server 1, the CPU reads out the program (specifically, the charge module shown in FIG. 1B) from the secondary storage device, develops it in the primary storage device, and executes it, so that the CPU is a functional block diagram of FIG. 1A. It functions as the account server charge unit 101 shown in FIG.
 なお、一次記憶装置とは揮発性のメモリを意味し、例えばRAM(Random Access Memory)を指す。二次記憶装置とは、不揮発性のメモリを意味し、例えばフラッシュメモリやHDD(Hard Disk Drive)を指す。 Note that the primary storage device means a volatile memory, for example, RAM (Random Access Memory). The secondary storage device means a non-volatile memory, for example, a flash memory or an HDD (Hard Disk Disk Drive).
 口座サーバ1は、様々な個人あるいは法人の口座データを記録している、金融機関のサーバである。口座サーバ1において、図示しないCPUが口座サーバチャージ部として機能することにより、個別口座領域111の各々に特定の個人あるいは法人の口座データを記録する。 The account server 1 is a server of a financial institution that records account data of various individuals or corporations. In the account server 1, a CPU (not shown) functions as an account server charge unit, whereby specific individual or corporate account data is recorded in each individual account area 111.
 以下では、個人の口座データを前提として説明する。口座データは、所有者である個人を特定するデータ(すなわち氏名、住所、電話番号など)に加えて、当該個人が保有する財産の量を示す財産データを含む。 The following explanation is based on personal account data. The account data includes property data indicating the amount of property held by the individual in addition to data for identifying the individual who is the owner (name, address, telephone number, etc.).
 本実施形態においては、口座サーバ1の個別口座領域111に記録された口座データは、特に個別口座領域111の所有者の所定の手の指の静脈パターンの画像データを含んでいる。当該画像データは所有者個人を特定するものであり、後述する本実施形態に係る決済処理に先立つ本人認証に用いられる。以下で、当該画像データを静脈データと呼ぶ。 In the present embodiment, the account data recorded in the individual account area 111 of the account server 1 particularly includes image data of a finger vein pattern of a predetermined hand of the owner of the individual account area 111. The image data identifies the owner and is used for personal authentication prior to a settlement process according to the present embodiment, which will be described later. Hereinafter, the image data is referred to as vein data.
 なお、所有者の所定の指は、例えば、所有者の利き腕でない腕の人差し指である。ただし、これに限られるものではない。 Note that the predetermined finger of the owner is, for example, an index finger of an arm that is not the owner's dominant arm. However, the present invention is not limited to this.
 口座の所有者である個人は、自らの口座に対応する特定の個別口座領域111に、自らを特定する静脈データを記録することができる。個人は、口座が属する金融機関において、静脈データの登録の作業を行うことができる。この場合、口座サーバ1は、後述する店頭端末3の生体認証部307に相当する撮像装置を備え、この撮像装置を介してユーザーの静脈データを取得できる。また、例えばネットワーク4を介して、口座サーバ1の外部から遠隔的に静脈データを登録または更新することができるようにしてもよい。 An individual who is the owner of an account can record vein data for identifying himself / herself in a specific individual account area 111 corresponding to his / her own account. An individual can perform vein data registration work at a financial institution to which the account belongs. In this case, the account server 1 includes an imaging device corresponding to a biometric authentication unit 307 of the storefront terminal 3 to be described later, and can acquire user vein data via this imaging device. Further, for example, vein data may be registered or updated remotely from outside the account server 1 via the network 4.
 本実施形態では、個別口座領域111の各々は、一例として、単一の静脈データを記録する。口座の所有者である個人は、新たに静脈データを作成して、個別口座領域111に記録された静脈データを更新することができる。 In this embodiment, each individual account area 111 records single vein data as an example. The individual who is the owner of the account can create new vein data and update the vein data recorded in the individual account area 111.
 また、口座サーバ1の図示しない外部I/Fは、ネットワーク4に接続されている。 The external I / F (not shown) of the account server 1 is connected to the network 4.
 図2は、第1実施形態に係る携帯端末2の電気系の要部構成の一例を示すブロック図である。図2に示すように、携帯端末2は、CPU20、一次記憶装置22、二次記憶装置24、タッチパネル28Aとディスプレイ28Bとを含むタッチパネル・ディスプレイ28、後述する人体通信を行うために人体5を介して店頭端末3との間でデータを送受信する外部I/F42A、ネットワーク4を介して口座サーバ1との間でデータを送受信する外部I/F42Bを含む。携帯端末2の図2に示す各部はバス26により相互に接続されている。 FIG. 2 is a block diagram showing an example of the main configuration of the electrical system of the mobile terminal 2 according to the first embodiment. As shown in FIG. 2, the mobile terminal 2 includes a CPU 20, a primary storage device 22, a secondary storage device 24, a touch panel display 28 including a touch panel 28 </ b> A and a display 28 </ b> B, and a human body 5 for performing human body communication described later. An external I / F 42A that transmits / receives data to / from the storefront terminal 3 and an external I / F 42B that transmits / receives data to / from the account server 1 via the network 4. Each unit shown in FIG. 2 of the portable terminal 2 is connected to each other by a bus 26.
 携帯端末2において、CPU20が二次記憶装置24から各プログラムを読み出して一次記憶装置22に展開し、実行することにより、CPU20は図1Aの機能ブロック図に示された携帯端末チャージ部201、携帯端末決済部203として機能する。具体的には、携帯端末2のCPU20は、図2に示されたチャージモジュールを実行することにより携帯端末チャージ部201として機能する。また、決済モジュールを実行することにより、CPU20は携帯端末決済部203として機能する。 In the mobile terminal 2, the CPU 20 reads out each program from the secondary storage device 24, develops it in the primary storage device 22, and executes it, whereby the CPU 20 performs the mobile terminal charging unit 201 shown in the functional block diagram of FIG. It functions as the terminal settlement unit 203. Specifically, the CPU 20 of the mobile terminal 2 functions as the mobile terminal charging unit 201 by executing the charge module shown in FIG. Further, the CPU 20 functions as the mobile terminal payment unit 203 by executing the payment module.
 携帯端末2は、本開示の第1実施形態に係る決済システムを利用する個人の各々が所有し且つ携帯する、携帯端末である。 The portable terminal 2 is a portable terminal that is owned and carried by each individual who uses the payment system according to the first embodiment of the present disclosure.
 携帯端末2としては、通常知られているように、スマートフォン、ポータブルパーソナルコンピュータ(ポータブルPC)、タブレットPC、スマートウォッチ、リストバンドなどが考えられる。一例として、ここではスマートウォッチを例にとって、携帯端末2を説明する。 As the mobile terminal 2, as is generally known, a smartphone, a portable personal computer (portable PC), a tablet PC, a smart watch, a wristband, and the like can be considered. As an example, the mobile terminal 2 will be described here by taking a smart watch as an example.
 携帯端末2は、外部I/F42Bと無線通信回線とを介してネットワーク4に接続されている。無線通信回線は、例えばWiFi、携帯電話回線などである。 The mobile terminal 2 is connected to the network 4 via an external I / F 42B and a wireless communication line. The wireless communication line is, for example, WiFi, a cellular phone line, or the like.
 ネットワーク4により、携帯端末2と口座サーバ1とは双方向の通信が可能となっている。 The network 4 allows two-way communication between the mobile terminal 2 and the account server 1.
 携帯端末2のタッチパネル・ディスプレイ28は、ディスプレイ28Bに各種のメニューやダイアログ等を表示させて、ユーザーとのインターフェースを構成する。タッチパネル・ディスプレイ28は、ユーザーによる入力操作を受け付けるタッチパネル28Aを備えている。 The touch panel display 28 of the portable terminal 2 displays various menus, dialogs, and the like on the display 28B, and constitutes an interface with the user. The touch panel display 28 includes a touch panel 28A that accepts an input operation by a user.
 携帯端末2の外部I/F42Aは、後述する人体通信による通信を行う。携帯端末2を装着したユーザーの指(人体5)が店頭端末3の所定の部分に接触することにより、外部I/F42Aと店頭端末3との間でデータの送受信が行われる。 The external I / F 42A of the mobile terminal 2 performs communication by human body communication described later. When the finger (human body 5) of the user wearing the mobile terminal 2 contacts a predetermined portion of the storefront terminal 3, data is transmitted and received between the external I / F 42A and the storefront terminal 3.
 携帯端末2の二次記憶装置24は、後述するように口座サーバ1からダウンロードした財産データや、生体認証に使用するユーザー固有の生体情報などを記憶するための領域を備えている。 The secondary storage device 24 of the mobile terminal 2 includes an area for storing property data downloaded from the account server 1 and user-specific biometric information used for biometric authentication, as will be described later.
 本実施形態における携帯端末2は、二次記憶装置24に財産データを記録することができるように構成されている。つまり、SUICA、PASMO、フェリカといった日本国内において公知のプリペイドカードと同様に、携帯端末2には予め財産データをチャージしておくことが可能である。ユーザーは、携帯端末2にチャージされた財産データを用いて支払を行うことができる。 The mobile terminal 2 in the present embodiment is configured to be able to record property data in the secondary storage device 24. That is, the portable terminal 2 can be precharged with property data in the same manner as a prepaid card known in Japan such as SUICA, PASMO, and Felica. The user can make payment using property data charged in the mobile terminal 2.
 携帯端末2は、口座サーバ1の特定の個別口座領域111と対応付けられている。具体的には、口座サーバ1において、携帯端末2の識別情報と、携帯端末2のユーザーが所有者である特定の個別口座領域111のアドレスとが、対応付けられて記憶されている。口座の所有者である個人は、自らの財産を保存している金融機関の口座サーバ1の特定の個別口座領域111から財産データを引き出して、自ら所有する携帯端末2にチャージする(すなわち、二次記憶装置24に記憶する)ことができる。後述するように、このチャージ処理は、ネットワーク4を介して遠隔的に行うことができる。 The mobile terminal 2 is associated with a specific individual account area 111 of the account server 1. Specifically, in the account server 1, the identification information of the mobile terminal 2 and the address of a specific individual account area 111 in which the user of the mobile terminal 2 is the owner are stored in association with each other. The individual who is the owner of the account pulls out the property data from the specific individual account area 111 of the account server 1 of the financial institution that stores his property and charges it to the mobile terminal 2 that he owns (that is, two Stored in the next storage device 24). As will be described later, this charging process can be performed remotely via the network 4.
 なお、携帯端末2は、財産データのチャージに関して限度額が定められている。限度額は、携帯端末2の紛失、盗難などの事故による損失額の限度、ユーザーが複数の携帯端末を使用している場合はその数などを考慮して定めることができ、予め携帯端末2の二次記憶装置24に記録される。 Note that the mobile terminal 2 has a limit for charging property data. The limit amount can be determined in consideration of the limit of loss due to accidents such as loss or theft of the mobile terminal 2, and the number of mobile terminals when the user uses a plurality of mobile terminals 2. Recorded in the secondary storage device 24.
 さらに、本実施形態における携帯端末2の二次記憶装置24には、静脈データ(つまり、個別口座領域111の所有者の所定の指の静脈パターンの画像データ)を記録することができる。後述するように、本実施形態においては、静脈データは財産データのチャージ処理に際して口座サーバ1から携帯端末2にダウンロードされる。 Furthermore, vein data (that is, image data of a vein pattern of a predetermined finger of the owner of the individual account area 111) can be recorded in the secondary storage device 24 of the mobile terminal 2 in the present embodiment. As will be described later, in this embodiment, vein data is downloaded from the account server 1 to the portable terminal 2 during the charge processing of property data.
 本実施形態では、一例として、口座サーバ1の個別口座領域111の各々が単一の静脈データを記録していることに対応して、携帯端末2の二次記憶装置24は単一の静脈データを記録するものとする。 In the present embodiment, as an example, the secondary storage device 24 of the portable terminal 2 has a single vein data corresponding to each individual account area 111 of the account server 1 recording a single vein data. Shall be recorded.
 後述のチャージ処理が行われるたびに、携帯端末2の二次記憶装置24に記録された単一の静脈データはアップデートされることが可能である。 The single vein data recorded in the secondary storage device 24 of the portable terminal 2 can be updated each time a charging process described later is performed.
 図3は、第1実施形態に係る店頭端末3の電気系の要部構成の一例を示すブロック図である。図3に示すように、店頭端末3は、CPU30、一次記憶装置32、二次記憶装置34、タッチパネル38Aとディスプレイ38Bとを含むタッチパネル・ディスプレイ38、後述する人体通信を行うために人体5を介して携帯端末2との間でデータを送受信する外部I/F44A及び送受信部306、ネットワーク4を介して口座サーバ1との間でデータを送受信する外部I/F44Bを含む。店頭端末3の図3に示す各部はバス36により相互に接続されている。 FIG. 3 is a block diagram showing an example of the main configuration of the electrical system of the storefront terminal 3 according to the first embodiment. As shown in FIG. 3, the storefront terminal 3 is connected to the CPU 30, the primary storage device 32, the secondary storage device 34, the touch panel display 38 including the touch panel 38 </ b> A and the display 38 </ b> B, and the human body 5 for performing human body communication described later. An external I / F 44A for transmitting / receiving data to / from the portable terminal 2 and a transmission / reception unit 306, and an external I / F 44B for transmitting / receiving data to / from the account server 1 via the network 4. 3 of the storefront terminal 3 are connected to each other by a bus 36.
 店頭端末3において、CPU30が二次記憶装置34からプログラム(具体的には図3に示された決済モジュール)を読み出して一次記憶装置32に展開し、実行することにより、CPU30は図1Aの機能ブロック図に示された店頭端末決済部301として機能する。 In the storefront terminal 3, the CPU 30 reads out the program (specifically, the payment module shown in FIG. 3) from the secondary storage device 34, develops it in the primary storage device 32, and executes it. It functions as the storefront terminal payment unit 301 shown in the block diagram.
 店頭端末3のタッチパネル・ディスプレイ38は、ディスプレイ38Bに各種のメニューやダイアログ等を表示させて、ユーザーとのインターフェースを構成する。タッチパネル・ディスプレイ38は、ユーザーによる入力操作を受け付けるタッチパネル38Aを備えている。 The touch panel display 38 of the storefront terminal 3 displays various menus, dialogs, and the like on the display 38B to constitute an interface with the user. The touch panel display 38 includes a touch panel 38A that accepts an input operation by a user.
 店頭端末3は、商品あるいはサービスを提供する店舗の店頭に設置されて、決済を実行する機器である。 The storefront terminal 3 is a device that is installed at the storefront of a store that provides products or services and performs settlement.
 なお、店頭端末3は必ずしも据え置きタイプの機器である必要はない。店頭端末3は、例えば、飲食店などで店員が顧客の席まで持ち込むことが可能な携帯機器でもよく、またスーパーマーケットやコンビニエンスストアなどで顧客が購入対象の商品を集めるカゴに設置された決済端末でもよい。一例として、ここでは店頭に設置された据え置きの決済用店頭端末を例にとって、店頭端末3を説明する。 Note that the storefront terminal 3 is not necessarily a stationary device. The store terminal 3 may be, for example, a portable device that a clerk can bring to a customer's seat at a restaurant or the like, or a settlement terminal installed in a basket where a customer collects products to be purchased at a supermarket or a convenience store. Good. As an example, here, the storefront terminal 3 will be described by taking a stationary settlement storefront terminal installed in the store as an example.
 店頭端末3の外部I/F44Bは、通信回線を介してネットワーク4に接続されている。なお、本実施形態においては、店頭端末3は、必ずしもネットワーク4に接続されなくてもよい。したがって、本実施形態の店頭端末は外部I/F44Bを備えていなくてもよい。 The external I / F 44B of the storefront terminal 3 is connected to the network 4 via a communication line. In the present embodiment, the storefront terminal 3 is not necessarily connected to the network 4. Therefore, the storefront terminal according to the present embodiment may not include the external I / F 44B.
 また、店頭端末3の外部I/F44Aは、後述する所定の動作を行うことにより、携帯端末2との間で人体通信を行う。 Further, the external I / F 44A of the storefront terminal 3 performs human body communication with the portable terminal 2 by performing a predetermined operation described later.
 なお、各装置のプログラムは、最初から二次記憶部に記憶させておく必要はない。例えば、プログラムは、各装置に接続されて使用されるHDD(Hard Disk Drive)、SSD(Solid State Drive)、ICカード、光磁気ディスク、CD-ROMなどの任意の可搬型の記憶媒体に記憶させておいてもよい。そして、CPUがこれらの可搬型の記憶媒体からプログラムを取得して、実行するようにしてもよい。また、通信回線を介して各装置に接続されるコンピュータ又はサーバ装置等の外部コンピュータの記憶部にプログラムを記憶させておいてもよい。この場合、CPUは外部コンピュータからプログラムを取得して、実行する。 Note that the program of each device does not need to be stored in the secondary storage unit from the beginning. For example, the program can be stored in any portable storage medium such as an HDD (Hard Disk Drive), SSD (Solid State Drive), IC card, magneto-optical disk, CD-ROM, etc. that is connected to each device. You may keep it. Then, the CPU may acquire the program from these portable storage media and execute it. The program may be stored in a storage unit of an external computer such as a computer or a server device connected to each device via a communication line. In this case, the CPU acquires the program from the external computer and executes it.
 図4に、本実施形態の人体通信が行われる態様を示す。 FIG. 4 shows a mode in which human body communication according to this embodiment is performed.
 スマートウォッチとしての携帯端末2は、ユーザーの腕に装用されている。図3に示されたように、店頭端末3の送受信部306は、外部I/F44Aに接続されている。携帯端末2を装着した腕に属するユーザーの指501が店頭端末3の送受信部306に接触すると、ユーザーの人体(すなわち、ユーザーの手及び腕)5が人体アンテナとして機能することにより、携帯端末2の外部I/F42Aと店頭端末3の外部I/F44Aとの間で人体通信が成立する。 The mobile terminal 2 as a smart watch is worn on the user's arm. As shown in FIG. 3, the transmission / reception unit 306 of the storefront terminal 3 is connected to the external I / F 44A. When the user's finger 501 belonging to the arm wearing the mobile terminal 2 comes into contact with the transmission / reception unit 306 of the storefront terminal 3, the user's human body (that is, the user's hand and arm) 5 functions as a human body antenna. Human body communication is established between the external I / F 42A and the external I / F 44A of the store terminal 3.
 図5に店頭端末3の生体認証部307の構成を示す。生体認証部307は、本開示の「取得部」の一例である。 FIG. 5 shows the configuration of the biometric authentication unit 307 of the store terminal 3. The biometric authentication unit 307 is an example of the “acquisition unit” of the present disclosure.
 本実施形態においては、ユーザーが指501を生体認証部307の所定の位置に置くことにより、前述した人体通信と、生体情報を用いた本人認証(以下、生体認証と呼ぶ)とを、同時に行う。 In this embodiment, when the user places the finger 501 at a predetermined position of the biometric authentication unit 307, the above-described human body communication and personal authentication using biometric information (hereinafter referred to as biometric authentication) are performed simultaneously. .
 店頭端末3の上面には、所定距離だけ離間して配置された2個の指ガイド310が設けられている。2個の指ガイド310のうち、先端方向(図5の水平左方向)に配置された指ガイド310の先端からは、送受信部306の一部が露出している。ユーザーが2個の指ガイド310に指501を置くと、指501の先端から第1関節までの間にある部分が送受信部306に接触し、前述のように店頭端末3と携帯端末2との間で人体通信が行われる。 On the upper surface of the storefront terminal 3, two finger guides 310 that are spaced apart by a predetermined distance are provided. Of the two finger guides 310, a part of the transmitting / receiving unit 306 is exposed from the tip of the finger guide 310 arranged in the tip direction (horizontal left direction in FIG. 5). When the user places the finger 501 on the two finger guides 310, a portion between the tip of the finger 501 and the first joint contacts the transmission / reception unit 306, and the store terminal 3 and the portable terminal 2 are connected as described above. Human body communication takes place between them.
 2個の指ガイド310の間には、透明窓311が設けられている。透明窓311の下方には、指の静脈パターンを検出するための近赤外線光を発する、2個の照明用LED312が配設されている。照明用LED312は、指の静脈パターンを検出するのに適した赤外光を、互いに異なる方向から発光し、透明窓311を介して指501の一部を照明する。 A transparent window 311 is provided between the two finger guides 310. Below the transparent window 311, two illumination LEDs 312 that emit near-infrared light for detecting a finger vein pattern are disposed. The illumination LED 312 emits infrared light suitable for detecting a finger vein pattern from different directions, and illuminates a part of the finger 501 through the transparent window 311.
 透明窓311に正対して、レンズ313と撮像素子314が配設されている。照明用LED312によって照明された指501の一部は、レンズ313によって撮像素子314に結像される。撮像素子314は、指501の一部における静脈パターンを撮像し、画像データとして、図示しない配線を通じて店頭端末3の二次記憶装置34に送る。この撮像素子314によって撮像された静脈パターンの画像データを、以下で撮像データと呼ぶ。 A lens 313 and an image sensor 314 are disposed directly opposite the transparent window 311. A part of the finger 501 illuminated by the illumination LED 312 is imaged on the image sensor 314 by the lens 313. The image sensor 314 captures a vein pattern in a part of the finger 501 and sends it as image data to the secondary storage device 34 of the storefront terminal 3 through wiring not shown. The vein pattern image data imaged by the image sensor 314 is hereinafter referred to as image data.
 後述するように、店頭端末3のCPU30は、店頭端末決済部301として機能することにより、二次記憶装置34に記録された撮像データにおける指501の静脈パターンを、別途取得したユーザーの固有データにおける静脈パターンと比較し、現在のユーザーが携帯端末の本来の所有者であるか否かの本人認証を行う。 As will be described later, the CPU 30 of the storefront terminal 3 functions as the storefront terminal settlement unit 301, whereby the vein pattern of the finger 501 in the imaging data recorded in the secondary storage device 34 is obtained in the user's unique data separately acquired. Compared with the vein pattern, identity authentication is performed to determine whether the current user is the original owner of the mobile terminal.
<チャージ処理>
 次に、本実施形態における財産データのチャージのプロセスを説明する。 <Charge processing>
Next, the process of charging property data in this embodiment will be described.
 本実施形態において、財産データのチャージとは、口座サーバ1の個別口座領域111に記録されている個人の財産データの一部あるいは全部を、携帯端末2の二次記憶装置24に移す処理を指す。ここでは、一例として、携帯端末2から入力される操作に基づいて財産データのチャージを実行する処理を説明する。 In the present embodiment, charging of property data refers to a process of transferring a part or all of personal property data recorded in the individual account area 111 of the account server 1 to the secondary storage device 24 of the portable terminal 2. . Here, as an example, a process of charging property data based on an operation input from the mobile terminal 2 will be described.
 図6~9は、財産データのチャージを行う処理プログラムの一例を示すフローチャートである。図6及び7は、携帯端末2の実行する処理プログラムの一例を示し、図8及び9は口座サーバ1の実行する処理プログラムの一例を示している。 6 to 9 are flowcharts showing an example of a processing program for charging property data. 6 and 7 show an example of a processing program executed by the mobile terminal 2, and FIGS. 8 and 9 show an example of a processing program executed by the account server 1.
 ここで、携帯端末2の実行する処理プログラムは、具体的には携帯端末チャージ部201として機能する携帯端末2のCPU20によって実行される。また、口座サーバ1の実行する処理プログラムは、口座サーバチャージ部101として機能する図示しない口座サーバ1のCPUによって実行される。また、携帯端末2と口座サーバ1の間の通信は、携帯端末2の外部I/F42B及び口座サーバ1の図示しない外部I/Fに接続されたネットワーク4を介して行われる。 Here, the processing program executed by the mobile terminal 2 is specifically executed by the CPU 20 of the mobile terminal 2 functioning as the mobile terminal charging unit 201. The processing program executed by the account server 1 is executed by the CPU of the account server 1 (not shown) that functions as the account server charging unit 101. Communication between the portable terminal 2 and the account server 1 is performed via the external I / F 42B of the portable terminal 2 and the network 4 connected to the external I / F (not shown) of the account server 1.
 チャージを行おうとする際に、ユーザーは携帯端末2のディスプレイ28Bの画面202上でタッチパネル28Aを操作してチャージのアプリケーションソフトを立ち上げる。これにより、図6及び7に示された携帯端末2の処理プログラムの実行が開始され、本実施形態に係る財産データのチャージを行う処理プロセスが開始する。以下、当該アプリケーションソフトのコマンドに従って、携帯端末チャージ部201がチャージ処理を実行する。 When charging, the user operates the touch panel 28A on the screen 202 of the display 28B of the portable terminal 2 to start up the application software for charging. Thereby, execution of the processing program of the portable terminal 2 shown in FIGS. 6 and 7 is started, and a processing process for charging property data according to the present embodiment is started. Thereafter, the mobile terminal charging unit 201 executes the charging process according to the command of the application software.
 ステップS602において、携帯端末チャージ部201は、特定の個別口座領域111へアクセスするためのリクエストを口座サーバ1へ送る。当該リクエストには、携帯端末2の二次記憶装置24に記憶されているユーザー固有のID番号が含まれている。 In step S 602, the mobile terminal charging unit 201 sends a request for accessing the specific individual account area 111 to the account server 1. The request includes a user-specific ID number stored in the secondary storage device 24 of the mobile terminal 2.
 口座サーバ1が、携帯端末2から上記リクエストを受信すると、図8及び9に示された口座サーバ1の処理プログラムの実行が開始される。ステップS802~S806において、口座サーバチャージ部101は、携帯端末2から受け取ったID番号に基づき、ユーザーの個別口座を特定して、現在アクセスしているユーザーが特定された個別口座領域111の真正の所有者であることを確認する本人認証を行う。 When the account server 1 receives the request from the portable terminal 2, the execution of the processing program of the account server 1 shown in FIGS. 8 and 9 is started. In steps S802 to S806, the account server charge unit 101 identifies the individual account of the user based on the ID number received from the mobile terminal 2, and authenticates the individual account area 111 in which the currently accessed user is identified. Perform identity verification to confirm that you are the owner.
 具体的には、本人認証は以下の流れで行われる。 Specifically, identity authentication is performed according to the following flow.
 ステップS802において、口座サーバチャージ部101は、携帯端末チャージ部201にパスワード要求を送る。ステップS604において、携帯端末チャージ部201は当該パスワード要求を受信する。ステップS606において、携帯端末チャージ部201は、パスワード入力のためのパスワード要求画面をディスプレイ28B上に画面202として表示する。 In step S <b> 802, the account server charging unit 101 sends a password request to the mobile terminal charging unit 201. In step S604, the mobile terminal charging unit 201 receives the password request. In step S606, the mobile terminal charging unit 201 displays a password request screen for entering a password as the screen 202 on the display 28B.
 図10に、パスワード要求画面の一例を示す。パスワード要求画面は、メッセージ表示エリア202aと、口座番号表示エリア202bと、パスワード入力エリア202cと、ソフトキーボード202dとを含む。 Fig. 10 shows an example of the password request screen. The password request screen includes a message display area 202a, an account number display area 202b, a password input area 202c, and a soft keyboard 202d.
 メッセージ表示エリア202aには、ユーザーにパスワード入力を促すメッセージが表示される。一例として、「パスワードを入力してください。」とのメッセージが表示される。口座番号表示エリア202bには、ユーザーがアクセスを希望している特定の個別口座領域111に対応する金融機関の口座の口座番号が表示される。パスワード入力エリア202cには、ユーザーの操作によって入力されたパスワードが表示される。 In the message display area 202a, a message prompting the user to input a password is displayed. As an example, a message “Please enter your password” is displayed. In the account number display area 202b, the account number of the account of the financial institution corresponding to the specific individual account area 111 that the user desires to access is displayed. A password input by a user operation is displayed in the password input area 202c.
 ソフトキーボード202dは、一例として、テンキー、ENTERキー、EXITキー、DELETEキー(図10ではXと表示されている)を含む。ユーザーがテンキーを押すことにより、押されたキーに対応する数字が入力され、パスワード入力エリア202cに表示される。ユーザーがENTERキーを押すことにより、パスワード入力エリア202cに表示された数字列の入力が確定する。ユーザーがDELETEキーを押すことにより、パスワード入力エリア202cに表示された数字が消去される。 The soft keyboard 202d includes, for example, a numeric keypad, an ENTER key, an EXIT key, and a DELETE key (displayed as X in FIG. 10). When the user presses the numeric keypad, a number corresponding to the pressed key is input and displayed in the password input area 202c. When the user presses the ENTER key, the input of the numeric string displayed in the password input area 202c is confirmed. When the user presses the DELETE key, the number displayed in the password input area 202c is deleted.
 携帯端末2のディスプレイ28B上に画面202としてパスワード要求画面が表示されると、ユーザーは、メッセージ表示エリア202aに表示されたメッセージに従い、ソフトキーボード202dを使って、口座番号表示エリア202bに表示された口座番号に対応するパスワードを入力する。 When the password request screen is displayed as the screen 202 on the display 28B of the portable terminal 2, the user is displayed in the account number display area 202b using the soft keyboard 202d according to the message displayed in the message display area 202a. Enter the password corresponding to the account number.
 ステップS608において、携帯端末チャージ部201は入力されたパスワードを取得する。ステップS610において、携帯端末チャージ部201は取得したパスワードを口座サーバ1に送信する。 In step S608, the mobile terminal charging unit 201 acquires the input password. In step S <b> 610, the mobile terminal charging unit 201 transmits the acquired password to the account server 1.
 口座サーバチャージ部101が携帯端末2からパスワードを受信すると、ステップS804において、携帯端末2からパスワードを受信したか否かの判断が肯定判断となる。この場合、ステップS806において、口座サーバチャージ部101は、受信したパスワードを特定された個別口座領域111に記録されているパスワードと照合することにより、現在のユーザーが個別口座領域111の真正な所有者であるか否かを確認する。 When the account server charging unit 101 receives a password from the mobile terminal 2, the determination as to whether or not the password has been received from the mobile terminal 2 is affirmative in step S804. In this case, in step S806, the account server charge unit 101 checks the received password against the password recorded in the specified individual account area 111, so that the current user is the genuine owner of the individual account area 111. It is confirmed whether or not.
 口座サーバチャージ部101が携帯端末2から受信したパスワードが個別口座領域111に記録されているパスワードと異なる場合は、ステップS806における判断は否定判断となる。この場合、図8の処理はS802に戻り、口座サーバチャージ部101は、再び携帯端末2にパスワード要求を送る。携帯端末チャージ部201が再度のパスワード要求を受信すると、ステップS612において、口座サーバ1からデータを受信したか否かの判断が肯定判断となる。続いて、ステップS614において、受信したデータは再度のパスワード要求であるか否かの判断が肯定判断となる。この場合、図6の処理はステップS618へ移行し、携帯端末チャージ部201はディスプレイ28B上に画面202としてパスワード再要求画面を表示して、ユーザーにパスワードの再入力を促す。次に、図6の処理はステップS608に戻って、ステップS608~S610が再び実行される。 If the password received by the account server charge unit 101 from the mobile terminal 2 is different from the password recorded in the individual account area 111, the determination in step S806 is negative. In this case, the process of FIG. 8 returns to S802, and the account server charge unit 101 sends a password request to the mobile terminal 2 again. When the portable terminal charging unit 201 receives the password request again, the determination as to whether or not data has been received from the account server 1 is affirmative in step S612. Subsequently, in step S614, the determination as to whether or not the received data is a password request again is affirmative. In this case, the process of FIG. 6 proceeds to step S618, and the portable terminal charging unit 201 displays a password re-request screen as the screen 202 on the display 28B, and prompts the user to re-enter the password. Next, the processing of FIG. 6 returns to step S608, and steps S608 to S610 are executed again.
 図11に、パスワード再要求画面の一例を示す。パスワード再要求画面は、図10に示したパスワード要求画面と同様に、メッセージ表示エリア202aと、口座番号表示エリア202bと、パスワード入力エリア202cと、ソフトキーボード202dとを含む。 Fig. 11 shows an example of the password re-request screen. Similar to the password request screen shown in FIG. 10, the password re-request screen includes a message display area 202a, an account number display area 202b, a password input area 202c, and a soft keyboard 202d.
 メッセージ表示エリア202aには、ユーザーにパスワードの再入力を促すメッセージが表示される。一例として、「入力されたパスワードは正しくありません。もう1度パスワードを入力してください。」とのメッセージが表示される。口座番号表示エリア202b、パスワード入力エリア202c、ソフトキーボード202dは、図10に示したパスワード要求画面と同様に機能する。 In the message display area 202a, a message prompting the user to re-enter the password is displayed. As an example, the message “The password you entered is incorrect. Please enter your password again.” Is displayed. The account number display area 202b, the password input area 202c, and the soft keyboard 202d function in the same manner as the password request screen shown in FIG.
 ステップS608~S610が再び実行されることにより、パスワードが再度入力され、携帯端末チャージ部201から口座サーバ1へ再び送信される。 When the steps S608 to S610 are executed again, the password is input again and transmitted from the portable terminal charging unit 201 to the account server 1 again.
 再び口座サーバチャージ部101が携帯端末2からパスワードを受信すると、ステップS804において肯定判断となり、図8の処理は再びステップS806へ移行する。ステップS806において、口座サーバチャージ部101が照合された2つのパスワードが一致することを確認すると、本人認証が肯定される。この場合、ステップS808において、口座サーバチャージ部101は特定された個別口座領域111から残高データと生体認証用の静脈データを読み取り、携帯端末2に送る。そして、口座サーバチャージ部101の処理は図9に移行する。 When the account server charge unit 101 receives the password from the portable terminal 2 again, an affirmative determination is made in step S804, and the processing in FIG. 8 proceeds to step S806 again. In step S806, when the account server charge unit 101 confirms that the two verified passwords match, the personal authentication is affirmed. In this case, in step S808, the account server charge unit 101 reads the balance data and the biometric authentication vein data from the specified individual account area 111 and sends them to the portable terminal 2. And the process of the account server charge part 101 transfers to FIG.
 携帯端末チャージ部201が残高データと静脈データとを受信すると、ステップS612において肯定判断となり、続いてステップS614において否定判断となる。この場合、ステップS616において、携帯端末チャージ部201は、受信した残高データ及び静脈データを二次記憶装置24に記録する。続いて携帯端末チャージ部201の処理は図7へ移行し、ステップS702において、携帯端末チャージ部201は、二次記憶装置24に記録されているチャージ残高及び残高データを読み取り、ディスプレイ28B上に画面202としてチャージ金額入力画面を表示する。 When the portable terminal charging unit 201 receives the balance data and the vein data, an affirmative determination is made in step S612, and a negative determination is subsequently made in step S614. In this case, in step S616, the mobile terminal charging unit 201 records the received balance data and vein data in the secondary storage device 24. Subsequently, the processing of the mobile terminal charging unit 201 proceeds to FIG. 7, and in step S702, the mobile terminal charging unit 201 reads the charge balance and balance data recorded in the secondary storage device 24, and displays the screen on the display 28B. A charge amount input screen is displayed as 202.
 図12に、チャージ金額入力画面の一例を示す。チャージ金額入力画面は、口座残高表示エリア202eと、チャージ残高表示エリア202fと、チャージ金額入力エリア202gと、ソフトキーボード202dとを含む。 FIG. 12 shows an example of the charge amount input screen. The charge amount input screen includes an account balance display area 202e, a charge balance display area 202f, a charge amount input area 202g, and a soft keyboard 202d.
 口座残高表示エリア202eは、ユーザーがアクセスしている特定の個別口座領域111に対応する金融機関の口座の残高額を表示する。チャージ残高表示エリア202fは、携帯端末2の二次記憶装置24に記録されている、携帯端末2に現在チャージされている金額を表示する。チャージ金額入力エリア202gは、ユーザーがソフトキーボード202dを操作することによって入力された金額を表示する。ソフトキーボード202dは、図10に示したパスワード要求画面と同様に機能する。 The account balance display area 202e displays the balance of the account of the financial institution corresponding to the specific individual account area 111 accessed by the user. The charge balance display area 202 f displays the amount currently charged in the mobile terminal 2 recorded in the secondary storage device 24 of the mobile terminal 2. The charge amount input area 202g displays the amount input by the user operating the soft keyboard 202d. The soft keyboard 202d functions in the same manner as the password request screen shown in FIG.
 携帯端末2のディスプレイ28B上に画面202としてチャージ金額入力画面が表示されると、ユーザーは、口座残高表示エリア202eに表示された口座の残高額と、チャージ残高表示エリア202fに表示された携帯端末2の現在チャージ金額とを考慮して、ソフトキーボード202dを使って、チャージ金額入力エリア202gに今回チャージを希望する金額を入力する。 When the charge amount input screen is displayed as the screen 202 on the display 28B of the portable terminal 2, the user can read the balance amount of the account displayed in the account balance display area 202e and the portable terminal displayed in the charge balance display area 202f. In consideration of the current charge amount of 2, the soft keyboard 202d is used to input the amount of money desired to be charged this time in the charge amount input area 202g.
 なお、図7のフローチャートでは図示を省略したが、チャージ金額入力画面においてユーザーがチャージ動作を中止することを希望する場合には、ユーザーがソフトキーボード202dのEXITキーを押すことにより、処理を終了することができる。 Although not shown in the flowchart of FIG. 7, if the user desires to stop the charging operation on the charge amount input screen, the user ends the process by pressing the EXIT key of the soft keyboard 202d. be able to.
 チャージ金額の入力が終了すると、ステップS704において、携帯端末チャージ部201は入力されたチャージ金額を取得する。ステップS706において、携帯端末チャージ部201は、入力されたチャージ金額と二次記憶装置24に記録されているチャージ残高とを加算した合計額を算出する。ステップS708において、携帯端末チャージ部201は、算出した合計額を予め携帯端末2に設定されている限度額と比較する。 When the input of the charge amount is completed, the portable terminal charging unit 201 acquires the input charge amount in step S704. In step S <b> 706, the mobile terminal charging unit 201 calculates a total amount obtained by adding the input charge amount and the charge balance recorded in the secondary storage device 24. In step S <b> 708, the mobile terminal charging unit 201 compares the calculated total amount with a limit amount set in advance in the mobile terminal 2.
 合計額が限度額以下であった場合は、ステップS708の判断は否定判断となり、図7の処理はステップS710へ移行する。ステップS710において、携帯端末チャージ部201は入力されたチャージ金額を口座サーバ1に送信する。 If the total amount is equal to or less than the limit amount, the determination in step S708 is negative, and the process in FIG. 7 proceeds to step S710. In step S <b> 710, the mobile terminal charging unit 201 transmits the input charge amount to the account server 1.
 図9のステップS902において、口座サーバチャージ部101はチャージ金額を受信する。ステップS904において、口座サーバチャージ部101は、受信したチャージ金額が個別口座領域111の残高データより大きいか否かを判断する。 In step S902 in FIG. 9, the account server charge unit 101 receives the charge amount. In step S <b> 904, the account server charge unit 101 determines whether or not the received charge amount is larger than the balance data in the individual account area 111.
 チャージ金額が個別口座領域111の残高データ以下であった場合は、ステップS904の判断は否定判断となる。この場合、ステップS906において、口座サーバチャージ部101は、チャージ金額分の財産データを携帯端末2に送信する。ステップS908において、口座サーバチャージ部101は、個別口座領域111の残高データからチャージ金額を減算した減算額を算出する。ステップS910において、口座サーバチャージ部101は、算出した減算額を新たな残高データとして置き換えて個別口座領域111に記録する。これにより、図8及び9に示された口座サーバチャージ部101の処理プログラムの実行は終了する(図9のEND)。 If the charge amount is less than or equal to the balance data in the individual account area 111, the determination in step S904 is negative. In this case, in step S <b> 906, the account server charge unit 101 transmits property data for the charge amount to the mobile terminal 2. In step S <b> 908, the account server charge unit 101 calculates a subtraction amount obtained by subtracting the charge amount from the balance data in the individual account area 111. In step S910, the account server charge unit 101 replaces the calculated subtraction amount with new balance data and records it in the individual account area 111. Thereby, the execution of the processing program of the account server charge unit 101 shown in FIGS. 8 and 9 ends (END in FIG. 9).
 携帯端末チャージ部201が口座サーバ1からチャージ金額分の財産データを受信すると、ステップS712において、口座サーバ1からデータを受信したか否かの判断が肯定判断となる。続いて、ステップS714において、受信したデータは残高不足情報であるか否かの判断が否定判断となる。この場合、図7の処理はステップS716へ移行する。ステップS716において、携帯端末チャージ部201は、二次記憶装置24に記録されているチャージ残高にチャージ金額分の財産データを加えた金額(すなわち、S706で算出した合計額)を新たな財産データのチャージ残高として、二次記憶装置24に記録する。 When the portable terminal charging unit 201 receives property data for the amount of charge from the account server 1, the determination as to whether or not the data has been received from the account server 1 is affirmative in step S712. Subsequently, in step S714, the determination as to whether the received data is insufficient balance information is negative. In this case, the process in FIG. 7 proceeds to step S716. In step S716, the mobile terminal charging unit 201 adds the amount of property data corresponding to the charge amount to the charge balance recorded in the secondary storage device 24 (that is, the total amount calculated in S706) as new property data. The charge balance is recorded in the secondary storage device 24.
 一方、チャージ金額とチャージ残高の合計額が予め携帯端末2に設定されている限度額を超えている場合、ステップS708の判断は肯定判断となり、図7の処理はステップS718に移行する。ステップS718において、携帯端末チャージ部201は、限度額を越えた超過額を算出するとともに、ディスプレイ28B上に画面202として限度額超過画面を表示する。その後、図7の処理はステップS704へ戻り、ステップS704~S706が再び実行される。 On the other hand, when the total amount of the charge amount and the charge balance exceeds the limit amount set in advance in the portable terminal 2, the determination in step S708 is affirmative, and the processing in FIG. 7 proceeds to step S718. In step S718, the mobile terminal charging unit 201 calculates the excess amount exceeding the limit amount and displays a limit amount excess screen as the screen 202 on the display 28B. Thereafter, the processing of FIG. 7 returns to step S704, and steps S704 to S706 are executed again.
 図13に、限度額超過画面の一例を示す。限度額超過画面は、メッセージ表示エリア202aと、超過額表示エリア202hと、修正チャージ金額入力エリア202iと、ソフトキーボード202dとを含む。 Fig. 13 shows an example of the limit excess screen. The limit amount excess screen includes a message display area 202a, an excess amount display area 202h, a modified charge amount input area 202i, and a soft keyboard 202d.
 限度額超過画面において、メッセージ表示エリア202aは、限度額を超過した旨のメッセージを表示する。一例として、「チャージ後のチャージ残高が限度額を超過します。」とのメッセージが表示される。超過額表示エリア202hは、限度額を超過した超過額を表示する。ソフトキーボード202dは、図10に示したパスワード要求画面と同様に機能する。 In the limit exceeded screen, the message display area 202a displays a message indicating that the limit has been exceeded. As an example, a message “The charge balance after charging exceeds the limit” is displayed. The excess amount display area 202h displays the excess amount exceeding the limit amount. The soft keyboard 202d functions in the same manner as the password request screen shown in FIG.
 修正チャージ金額入力エリア202iには、ユーザーにチャージ金額の修正を促すメッセージが表示されるとともに、ユーザーがソフトキーボード202dを操作することにより、修正したチャージ金額が入力される。なお、限度額超過画面が表示された時点では、修正チャージ金額入力エリア202iには、予め、限度額から現在のチャージ残高を除して算出されるチャージ可能な金額の最大値が表示されている。ユーザーは、この最大値を修正することにより、修正チャージ金額の入力を行う。したがって、限度額超過画面が表示された後、ユーザーが金額を修正しないままENTERキーを入力する場合には、限度額いっぱいまでのチャージが指示されることになる。 In the corrected charge amount input area 202i, a message prompting the user to correct the charge amount is displayed, and the corrected charge amount is input by the user operating the soft keyboard 202d. When the limit amount excess screen is displayed, the maximum value of the chargeable amount calculated by dividing the current charge balance from the limit amount is displayed in advance in the corrected charge amount input area 202i. . The user inputs the corrected charge amount by correcting this maximum value. Therefore, after the limit amount excess screen is displayed, if the user inputs the ENTER key without correcting the amount, charging up to the limit amount is instructed.
 ステップS704~S706が再び実行されることにより、チャージ金額が再度入力され、入力されたチャージ金額と二次記憶装置24に記録されているチャージ残高とを加算した合計額が再び算出される。その後、ステップS708において再び判断が行われる。 By executing steps S704 to S706 again, the charge amount is input again, and the total amount obtained by adding the input charge amount and the charge balance recorded in the secondary storage device 24 is calculated again. Thereafter, the determination is performed again in step S708.
 また、携帯端末2から口座サーバチャージ部101に送信されたチャージ金額が個別口座領域111の残高データを超えている場合には、ステップS904の判断は肯定判断となり、図9の処理はステップS912へ移行する。ステップS912において、口座サーバチャージ部101は残高データを越えた不足金額を算出し、口座残高不足情報を携帯端末2に送信する。口座残高不足情報は、残高データの超過が生じた旨のメッセージと不足金額の情報を含むものである。この場合には、個別口座領域111に記録された残高データは変更されない。 If the charge amount transmitted from the mobile terminal 2 to the account server charge unit 101 exceeds the balance data in the individual account area 111, the determination in step S904 is affirmative, and the process in FIG. 9 proceeds to step S912. Transition. In step S <b> 912, the account server charge unit 101 calculates a shortage amount exceeding the balance data, and transmits account balance shortage information to the mobile terminal 2. The account balance shortage information includes a message that the balance data has been exceeded and information on the shortage amount. In this case, the balance data recorded in the individual account area 111 is not changed.
 携帯端末チャージ部201が口座残高不足情報を口座サーバ1から受信すると、ステップS712の判断は肯定判断となり、ステップS714の判断は肯定判断となる。この場合、図7の処理はステップS720へ移行する。ステップS720において、携帯端末チャージ部201は、ディスプレイ28B上に画面202として口座残高不足画面を表示し、ユーザーにチャージ金額の再入力を促す。その後、図7の処理はステップS704へ戻り、ステップS704~S710が再び実行される。 When the mobile terminal charging unit 201 receives the account balance shortage information from the account server 1, the determination in step S712 is a positive determination, and the determination in step S714 is a positive determination. In this case, the process in FIG. 7 proceeds to step S720. In step S720, the mobile terminal charging unit 201 displays an account balance shortage screen as the screen 202 on the display 28B, and prompts the user to re-enter the charge amount. Thereafter, the processing of FIG. 7 returns to step S704, and steps S704 to S710 are executed again.
 図14に、口座残高不足画面の一例を示す。口座残高不足画面は、メッセージ表示エリア202aと、不足額表示エリア202jと、修正チャージ金額入力エリア202iと、ソフトキーボード202dとを含む。 FIG. 14 shows an example of an account balance shortage screen. The account balance shortage screen includes a message display area 202a, a shortage amount display area 202j, a corrected charge amount input area 202i, and a soft keyboard 202d.
 口座残高不足画面において、メッセージ表示エリア202aは、口座残高が不足している旨のメッセージを表示する。一例として、「口座残高が不足しています。」とのメッセージが表示される。不足額表示エリア202jは、入力されたチャージ金額が個別口座領域111に記録された口座残高を超過した金額に相当する、不足額を表示する。ソフトキーボード202dは、図10に示したパスワード要求画面と同様に機能する。 On the account balance shortage screen, the message display area 202a displays a message indicating that the account balance is insufficient. As an example, the message “Account balance is insufficient” is displayed. The shortage amount display area 202j displays a shortage amount corresponding to an amount in which the input charge amount exceeds the account balance recorded in the individual account area 111. The soft keyboard 202d functions in the same manner as the password request screen shown in FIG.
 修正チャージ金額入力エリア202iには、ユーザーにチャージ金額の修正を促すメッセージが表示されるとともに、ユーザーがソフトキーボード202dを操作することにより、修正したチャージ金額が入力される。なお、口座残高不足画面が表示された時点では、修正チャージ金額入力エリア202iには、予め、チャージ可能な最大の金額としての現在の口座残高の金額が表示されている。ユーザーは、この最大値を修正することにより、修正チャージ金額の入力を行う。したがって、口座残高不足画面が表示された後、ユーザーが金額を修正しないままENTERキーを入力する場合には、現在の口座残高額いっぱいまでのチャージが指示されることになる。 In the corrected charge amount input area 202i, a message prompting the user to correct the charge amount is displayed, and the corrected charge amount is input by the user operating the soft keyboard 202d. When the account balance shortage screen is displayed, the current charge of the account balance as the maximum chargeable amount is displayed in advance in the corrected charge amount input area 202i. The user inputs the corrected charge amount by correcting this maximum value. Accordingly, after the account balance shortage screen is displayed, if the user inputs the ENTER key without correcting the amount, the user is instructed to charge up to the current account balance amount.
 ステップS704~S710が再び実行されることにより、チャージ金額が再度入力され、入力されたチャージ金額と二次記憶装置24に記録されているチャージ残高とを加算した合計額が再び算出され、チャージ金額が再び口座サーバ1へ送信される。 By executing steps S704 to S710 again, the charge amount is input again, and the total amount obtained by adding the input charge amount and the charge balance recorded in the secondary storage device 24 is calculated again, and the charge amount is calculated. Is transmitted to the account server 1 again.
 口座サーバチャージ部101が携帯端末2から再びチャージ金額を受信すると、図9のステップS914の判断は、肯定判断となる。この場合、図9の処理はステップS904に戻る。ステップS904において、受信したチャージ金額が個別口座領域111の残高データより大きいか否かの判断が再び行われる。 When the account server charge unit 101 receives the charge amount again from the mobile terminal 2, the determination in step S914 in FIG. In this case, the process in FIG. 9 returns to step S904. In step S904, it is determined again whether the received charge amount is larger than the balance data of the individual account area 111.
 以上に説明した本開示の第1実施形態に係るチャージ処理に関し、図15に携帯端末2と口座サーバ1との間での情報のやり取りを示すシーケンス図を示す。図15に示した各ステップは、図6~9中の各ステップに対応する。なお、図示の便宜上、図15ではチャージ処理中に存在する分岐を省略している点に注意されたい。具体的には、携帯端末2について、ステップS614、ステップS708、ステップS714のいずれかにおいて肯定判断となる場合を省略している。同様に、口座サーバ1について、ステップS806において否定判断、ステップS904において肯定判断、のいずれかとなるケースを省略している。 With respect to the charge processing according to the first embodiment of the present disclosure described above, FIG. 15 is a sequence diagram illustrating information exchange between the mobile terminal 2 and the account server 1. Each step shown in FIG. 15 corresponds to each step in FIGS. Note that, for convenience of illustration, in FIG. 15, branches existing during the charging process are omitted. Specifically, for mobile terminal 2, a case where an affirmative determination is made in any of step S614, step S708, and step S714 is omitted. Similarly, for the account server 1, a case of either a negative determination in step S806 and an affirmative determination in step S904 is omitted.
<決済処理>
 次に、ユーザーが商品あるいはサービスの提供を受け、店頭端末3で対価の決済を行う際のプロセスについて述べる。 <Payment processing>
Next, a process when the user receives a product or service and performs payment for the payment at the store terminal 3 will be described.
 図16~20は、本実施形態において決済を行う処理プログラムの一例を示すフローチャートである。図16~18は、店頭端末3の実行する処理プログラムの一例を示し、図19及び20は携帯端末2の実行する処理プログラムの一例を示している。なお、以下では、説明の便宜上、決済処理の全体を(1)認証プロセス前、(2)認証プロセスサブルーチン、(3)認証プロセス後、の3つに分けて述べる。 FIGS. 16 to 20 are flowcharts showing an example of a processing program for performing settlement in the present embodiment. 16 to 18 show an example of a processing program executed by the store terminal 3, and FIGS. 19 and 20 show an example of a processing program executed by the mobile terminal 2. In the following, for the convenience of explanation, the entire payment process is described in three parts: (1) before the authentication process, (2) the authentication process subroutine, and (3) after the authentication process.
 ここで、店頭端末3の実行する処理プログラムは、具体的には店頭端末決済部301として機能する店頭端末3のCPU30によって実行される。また、携帯端末2の実行する処理プログラムは、具体的には携帯端末決済部203として機能する携帯端末2のCPU20によって実行される。また、店頭端末3と携帯端末2との間の通信は、店頭端末3の外部I/F44A及び送受信部306と、携帯端末2の外部I/F42Aとによって、ユーザーの人体5を介した人体通信として行われる。 Here, the processing program executed by the storefront terminal 3 is specifically executed by the CPU 30 of the storefront terminal 3 functioning as the storefront terminal settlement unit 301. The processing program executed by the mobile terminal 2 is specifically executed by the CPU 20 of the mobile terminal 2 functioning as the mobile terminal settlement unit 203. Further, communication between the storefront terminal 3 and the mobile terminal 2 is performed by human body communication via the user's human body 5 by the external I / F 44A and the transmitting / receiving unit 306 of the storefront terminal 3 and the external I / F 42A of the mobile terminal 2. As done.
[決済処理1:認証プロセス前]
 商品あるいはサービスを購入したユーザーが、その対価を携帯端末2による財産データを用いた決済によって支払うことを希望するとする。その場合、その旨が、例えばユーザあるいは店員の操作により、何らかの形で店頭端末3に入力される。これにより、図16~18に示された店頭端末3の処理プログラムの実行が開始され、本実施形態に係る決済を行う処理プロセスが開始される。なお、店頭端末3は、自動的に決済処理プロセスを開始するように設定されてもよい。つまり、店頭端末3は、携帯端末2による財産データを用いた決済によって支払うことを希望しない旨が特に指示されない限り、携帯端末2による財産データを用いた決済によって商品あるいはサービスの対価が支払われるように設定されてもよい。以下、店頭端末決済部301が決済処理を実行する。 [Payment process 1: Before authentication process]
It is assumed that a user who has purchased a product or service wants to pay the price through payment using property data by the mobile terminal 2. In that case, the fact is input to the storefront terminal 3 in some form, for example, by the operation of the user or the store clerk. As a result, execution of the processing program of the storefront terminal 3 shown in FIGS. 16 to 18 is started, and a processing process for performing settlement according to the present embodiment is started. Note that the storefront terminal 3 may be set to automatically start the payment processing process. In other words, unless the store terminal 3 is specifically instructed not to pay by payment using property data by the mobile terminal 2, the price of goods or services will be paid by payment using property data by the mobile terminal 2. May be set. Hereinafter, the storefront terminal payment unit 301 executes a payment process.
 ステップS1602において、店頭端末決済部301は、ディスプレイ38B上に画面302として決済開始画面を表示する。 In step S1602, the store terminal payment unit 301 displays a payment start screen as a screen 302 on the display 38B.
 図21に、決済開始画面の一例を示す。決済開始画面は、支払金額表示エリア302aと、メッセージ表示エリア302bと、内訳表示エリア302cと、スクロールバー302dとを含む。 FIG. 21 shows an example of the settlement start screen. The settlement start screen includes a payment amount display area 302a, a message display area 302b, a breakdown display area 302c, and a scroll bar 302d.
 決済開始画面において、支払金額表示エリア302aは、ユーザーが購入した商品またはサービスの対価額を表示する。メッセージ表示エリア302bは、ユーザーに決済を促すメッセージを表示する。一例として、「よろしければ指ガイドに指を置いて支払をしてください。」とのメッセージが表示される。内訳表示エリア302cは、支払金額表示エリア302aに表示された対価額の内訳を表示する。ここで、内訳の全てを内訳表示エリア302cに一度に表示することはできない場合が想定される。この場合、ユーザーが必要に応じてスクロールバー302dをスクロール操作することにより、内訳の全てがユーザーに読み取られるようにしてもよい。 On the settlement start screen, the payment amount display area 302a displays the consideration for the product or service purchased by the user. The message display area 302b displays a message prompting the user to make a payment. As an example, a message “Please pay with your finger on the finger guide if you like” is displayed. The breakdown display area 302c displays a breakdown of the price displayed in the payment amount display area 302a. Here, it is assumed that all of the breakdowns cannot be displayed at once in the breakdown display area 302c. In this case, the user may read the entire breakdown by scrolling the scroll bar 302d as necessary.
 ユーザーは、決済開始画面において支払金額及び内訳を確認し、店頭端末3の生体認証部307の指ガイド310に、携帯端末2を着用した腕に属する指501を置き、指ガイド310に設けられた送受信部306に指501を接触させる(図5参照)。この動作によって、前述のように、人体5をアンテナとする店頭端末3の外部I/F44Aと携帯端末2の外部I/F42Aとの間での人体通信が開始される。 The user confirms the payment amount and the breakdown on the payment start screen, places the finger 501 belonging to the arm wearing the mobile terminal 2 on the finger guide 310 of the biometric authentication unit 307 of the storefront terminal 3, and is provided on the finger guide 310. The finger 501 is brought into contact with the transmission / reception unit 306 (see FIG. 5). By this operation, as described above, human body communication is started between the external I / F 44A of the storefront terminal 3 using the human body 5 as an antenna and the external I / F 42A of the portable terminal 2.
 店頭端末決済部301が生体認証部307への指501の接触を検知すると、ステップS1604において、生体認証部307への接触を検知したか否かの判断が肯定判断となる。この場合、図16の処理は、ステップS1605を経て、ステップS1606に移行する。ステップS1605において、店頭端末決済部301は、携帯端末2へ接触検知情報を送信する。 When the storefront terminal payment unit 301 detects the contact of the finger 501 with the biometric authentication unit 307, the determination as to whether or not the contact with the biometric authentication unit 307 has been detected becomes an affirmative determination in step S1604. In this case, the process in FIG. 16 proceeds to step S1606 via step S1605. In step S <b> 1605, the storefront terminal payment unit 301 transmits contact detection information to the mobile terminal 2.
 携帯端末2が接触検知情報を受信すると、図19及び20に示された携帯端末2の処理プログラムの実行が開始される(図19のSTART)。以下、携帯端末決済部203が決済処理を実行する。 When the mobile terminal 2 receives the contact detection information, execution of the processing program of the mobile terminal 2 shown in FIGS. 19 and 20 is started (START in FIG. 19). Hereinafter, the mobile terminal payment unit 203 executes a payment process.
 ステップS1606において、店頭端末決済部301は、認証プロセスを実行する。以降、図16の処理は、図18の認証プロセスサブルーチンに移行する。また、図16のステップS1606に対応する図19のステップS1902において、携帯端末決済部203は、認証プロセスを実行する。以降、図19の処理は、図20の認証プロセスサブルーチンに移行する。認証プロセスサブルーチンは、本実施形態の決済処理の第2段階である。 In step S1606, the storefront terminal payment unit 301 executes an authentication process. Thereafter, the processing of FIG. 16 proceeds to the authentication process subroutine of FIG. In step S1902 in FIG. 19 corresponding to step S1606 in FIG. 16, the mobile terminal settlement unit 203 executes an authentication process. Thereafter, the processing of FIG. 19 proceeds to the authentication process subroutine of FIG. The authentication process subroutine is the second stage of the settlement process of this embodiment.
[決済処理2:認証プロセスサブルーチン] [Payment process 2: Authentication process subroutine]
 本実施形態の決済処理における認証プロセスは、サブルーチンとして図18及び図20に図示されている。図18は店頭端末決済部301としてのCPU30が実行する処理プログラムの一例を示すサブルーチンであり、図20は携帯端末決済部203としてのCPU20が実行する処理プログラムの一例を示すサブルーチンである。 The authentication process in the settlement processing of the present embodiment is illustrated in FIGS. 18 and 20 as a subroutine. FIG. 18 is a subroutine showing an example of a processing program executed by the CPU 30 as the storefront terminal payment unit 301, and FIG. 20 is a subroutine showing an example of a processing program executed by the CPU 20 as the mobile terminal payment unit 203.
 図18のステップS1802において、店頭端末決済部301は、二次記憶装置34に記憶される変数F、Gにそれぞれ0を代入することにより、F、Gをリセットする。 In FIG.18 S1802, the shop front terminal payment part 301 resets F and G by substituting 0 to the variables F and G memorize | stored in the secondary memory | storage device 34, respectively.
 ここで、Fは認証の試行回数を表す整数である。本実施形態では、生体認証の失敗が所定の回数繰り返された場合は、認証の失敗が確定し、決済は行われない。図18では、一例として、5回まで認証を行うことができるものとしている。 Here, F is an integer representing the number of authentication attempts. In the present embodiment, when the biometric authentication failure is repeated a predetermined number of times, the authentication failure is confirmed and settlement is not performed. In FIG. 18, as an example, it is assumed that authentication can be performed up to five times.
 Gは、店頭端末決済部301において認証の成功または失敗を表す2値変数である。図18のRETURNにおいて、店頭端末決済部301の認証プロセスサブルーチンが終了したときに、G=0であれば認証成功、G=1であれば認証失敗を表す。 G is a binary variable representing success or failure of authentication in the in-store terminal settlement unit 301. In the RETURN of FIG. 18, when the authentication process subroutine of the in-store terminal settlement unit 301 ends, if G = 0, the authentication is successful, and if G = 1, the authentication fails.
 S1804において、店頭端末決済部301は、携帯端末2に静脈データのリクエストを送信する。 In step S1804, the shop terminal payment unit 301 transmits a request for vein data to the mobile terminal 2.
 このリクエストを受信することにより、携帯端末決済部203は認証プロセスサブルーチンを開始する(図20のSTART)。ステップS2002において、携帯端末決済部203は、二次記憶装置24に記憶される変数Hに0を代入する。 Upon receiving this request, the mobile terminal settlement unit 203 starts an authentication process subroutine (START in FIG. 20). In step S2002, the mobile terminal settlement unit 203 substitutes 0 for a variable H stored in the secondary storage device 24.
 Hは、携帯端末決済部203において認証の成功または失敗を表す2値変数である。図20のRETURNにおいて、携帯端末決済部203の認証プロセスサブルーチンが終了したときに、H=0であれば認証成功、H=1であれば認証失敗を表す。 H is a binary variable indicating success or failure of authentication in the mobile terminal settlement unit 203. In the RETURN of FIG. 20, when the authentication process subroutine of the mobile terminal settlement unit 203 is completed, if H = 0, the authentication succeeds, and if H = 1, the authentication fails.
 ステップS2004において、携帯端末決済部203は、リクエストされた静脈データを二次記憶装置24から読み出し、店頭端末3へ送信する。 In step S2004, the mobile terminal settlement unit 203 reads the requested vein data from the secondary storage device 24 and transmits it to the store terminal 3.
 図18のステップS1806において、店頭端末決済部301は、携帯端末2から静脈データを受信し、二次記憶装置34に記録する。 In FIG.18 S1806, the shop front terminal payment part 301 receives vein data from the portable terminal 2, and records it on the secondary storage device 34. FIG.
 ステップS1808において、店頭端末決済部301は以下の処理を実行する。店頭端末決済部301は、生体認証部307において、指ガイド310に接触している接触物を撮像し、撮像データを二次記憶装置34に記録する。上述の通り、店頭端末3の生体認証部307の指ガイド310に設けられた送受信部306には、携帯端末2を着用したユーザーの指501が接触している(S1604、図5参照)。 In step S1808, the storefront terminal payment unit 301 executes the following processing. The storefront terminal payment unit 301 images the contact object in contact with the finger guide 310 in the biometric authentication unit 307 and records the image data in the secondary storage device 34. As described above, the finger 501 of the user wearing the mobile terminal 2 is in contact with the transmission / reception unit 306 provided in the finger guide 310 of the biometric authentication unit 307 of the store terminal 3 (S1604, see FIG. 5).
 店頭端末決済部301がS1808において実行する処理は、具体的には以下の通りである。図5に示されたレンズ313は、照明用LED312で照明されたユーザーの指501の静脈パターンを撮像素子314上に結像し、撮像素子314は当該静脈パターンを撮像して、撮像データを二次記憶装置34に記録する。 The processing executed by the shop terminal payment unit 301 in S1808 is specifically as follows. The lens 313 shown in FIG. 5 forms an image of the vein pattern of the user's finger 501 illuminated by the illumination LED 312 on the image sensor 314, and the image sensor 314 images the vein pattern to obtain the image data. Record in the next storage device 34.
 ステップS1810において、店頭端末決済部301は、撮像素子314により撮像された撮像データと、携帯端末2から受信した静脈データとを二次記憶装置34から読み出し、2つのデータに含まれる静脈パターンを比較する。上記2つのデータに含まれる静脈パターンを比較・照合することが、本実施形態において、現在のユーザーが本人であるか否かの認証を実行することである。 In step S1810, the storefront terminal payment unit 301 reads the image data captured by the image sensor 314 and the vein data received from the mobile terminal 2 from the secondary storage device 34, and compares the vein patterns included in the two data. To do. Comparing and collating the vein patterns included in the above two data is performing authentication of whether or not the current user is the person in the present embodiment.
 照合の結果として2つのデータに含まれる静脈パターンが一致した場合には、ステップS1812において、2つのパターンが一致したか否か(すなわち、現在のユーザーが本人であるか否か)の判断が肯定判断となる。この場合、図18の処理はステップS1814へ移行する。 If the vein patterns included in the two data match as a result of the collation, the determination of whether or not the two patterns match (that is, whether or not the current user is the user) is affirmative in step S1812. Judgment. In this case, the process in FIG. 18 proceeds to step S1814.
 ステップS1814において、店頭端末決済部301は、認証成功情報を携帯端末2へ送信する。そして、店頭端末決済部301は、G=0(つまり、認証成功)を保持して認証プロセスサブルーチンを終了する(図18のRETURN)。 In step S1814, the storefront terminal payment unit 301 transmits authentication success information to the mobile terminal 2. Then, the storefront terminal payment unit 301 holds G = 0 (that is, authentication success) and ends the authentication process subroutine (RETURN in FIG. 18).
 一方、S1810における照合の結果、2つのデータに含まれる静脈パターンが一致しなかった場合には、ステップS1812の判断は否定判断となる。この場合、図18の処理はステップS1816に移行する。 On the other hand, if the vein patterns included in the two data do not match as a result of the collation in S1810, the determination in step S1812 is negative. In this case, the process in FIG. 18 proceeds to step S1816.
 ステップS1816において、店頭端末決済部301は、二次記憶装置34に記録されている変数Fに1を加算する。例えば初回の認証後であれば、ステップS1802においてF=0が二次記憶装置34に記録されているから、S1816において1が加算されることにより、変数F=1が新たに二次記憶装置34に記録される。 In step S1816, the shop terminal payment unit 301 adds 1 to the variable F recorded in the secondary storage device. For example, if it is after the first authentication, since F = 0 is recorded in the secondary storage device 34 in step S1802, the variable F = 1 is newly added to the secondary storage device 34 by adding 1 in S1816. To be recorded.
 S1818において、変数Fについて、F=5であるか否かの判断が行われる。5という値は、上述の通り、本実施形態における生体認証の最大試行回数の一例である。 In S1818, for variable F, a determination is made as to whether F = 5. As described above, the value of 5 is an example of the maximum number of biometric authentication attempts in the present embodiment.
 Fが5に等しくない場合、S1818の判断は否定判断となる。この場合、図18の処理はステップS1820へ移行する。ステップS1820において、店頭端末決済部301は、ディスプレイ38B上に画面302として再撮像指示画面を表示する。そして、図18の処理はステップS1808へ戻り、ステップS1808~S1818が再び実行される。 If F is not equal to 5, the determination in S1818 is a negative determination. In this case, the process in FIG. 18 proceeds to step S1820. In step S1820, the shop terminal payment unit 301 displays a re-imaging instruction screen as a screen 302 on the display 38B. Then, the processing of FIG. 18 returns to step S1808, and steps S1808 to S1818 are executed again.
 図22に、再撮像指示画面の一例を示す。再撮像指示画面は、メッセージ表示エリア302bを含む。再撮像指示画面において、メッセージ表示エリア302bは、認証が成功していない旨と、再度の指501の撮像を促す旨のメッセージを表示する。 FIG. 22 shows an example of the re-imaging instruction screen. The re-imaging instruction screen includes a message display area 302b. In the re-imaging instruction screen, the message display area 302b displays a message indicating that the authentication has not been successful and prompting the finger 501 to be imaged again.
 ステップS1808~S1818が再び実行されることにより、ユーザーの指501の静脈パターンに関する撮像データが再び撮像され、撮像データ及び携帯端末2から受信した静脈データに含まれる静脈パターンが再び比較・照合される。さらに、S1812の判断が再び否定判断である場合には、変数Fに1が加算され、F=5であるか否かの判断が再び行われる。 By executing steps S1808 to S1818 again, the imaging data related to the vein pattern of the user's finger 501 is captured again, and the vein pattern included in the imaging data and the vein data received from the portable terminal 2 is compared and verified again. . Furthermore, when the determination in S1812 is negative again, 1 is added to the variable F, and the determination as to whether F = 5 is performed again.
 ステップS1812の判断が肯定判断とならない限り、ステップS1808~S1818の以上の処理が繰り返される。つまり、静脈パターンの撮像と、撮像データと静脈データとの比較・照合とが繰り返される。ステップS1812で否定判断となる(すなわち、照合が失敗する)たびに、ステップS1816において変数Fに1が加算される。 Unless the determination in step S1812 is affirmative, the processes in steps S1808 to S1818 are repeated. That is, vein pattern imaging and comparison / collation of imaging data and vein data are repeated. Each time a negative determination is made in step S1812 (that is, matching fails), 1 is added to the variable F in step S1816.
 以上の様に処理を繰り返す過程で、F=5が確認された場合、S1818の判断は肯定判断となる。これにより、本実施形態における生体認証の失敗が確定する。 In the process of repeating the process as described above, if F = 5 is confirmed, the determination in S1818 is an affirmative determination. Thereby, the failure of the biometric authentication in this embodiment is decided.
 この場合、図18の処理はステップS1822へ移行する。ステップS1822において、店頭端末決済部301は、認証失敗情報を携帯端末へ送信する。続いてステップS1824において、店頭端末決済部301は、二次記憶装置34に記録されている変数Gに1を代入し、G=1(つまり、認証失敗)を保持して認証プロセスサブルーチンを終了する(図18のRETURN)。 In this case, the processing in FIG. 18 proceeds to step S1822. In step S1822, the storefront terminal payment unit 301 transmits authentication failure information to the mobile terminal. Subsequently, in step S1824, the shop terminal payment unit 301 substitutes 1 for a variable G recorded in the secondary storage device 34, holds G = 1 (that is, authentication failure), and ends the authentication process subroutine. (RETURN in FIG. 18).
 以上述べたとおり、図18に示された店頭端末決済部301が実行するサブルーチンは、ステップS1814またはS1822において携帯端末2に認証成功情報または認証失敗情報を送信するとともに、二次記憶装置34に記録されている変数Gについて、G=0(認証成功に対応)またはG=1(認証失敗に対応)を与えて、終了する(図18のRETURN)。 As described above, the subroutine executed by the storefront terminal settlement unit 301 shown in FIG. 18 transmits authentication success information or authentication failure information to the mobile terminal 2 in step S1814 or S1822, and records it in the secondary storage device 34. With respect to the variable G being set, G = 0 (corresponding to authentication success) or G = 1 (corresponding to authentication failure) is given, and the processing is terminated (RETURN in FIG. 18).
 一方、携帯端末決済部203は、図20のS2004において静脈データを店頭端末3へ送信した後、店頭端末3から認証処理の結果が送信されることを待つ。 On the other hand, after transmitting the vein data to the storefront terminal 3 in S2004 of FIG. 20, the mobile terminal settlement unit 203 waits for the authentication process result to be transmitted from the storefront terminal 3.
 携帯端末決済部203が所定時間内に店頭端末3から認証成功情報を受信すると、ステップS2006において、所定時間内に認証成功情報を受信したか否かの判断が肯定判断となる。この場合、携帯端末決済部203は、二次記憶装置24に記憶された変数Hについて、H=0(つまり、認証成功)を保持して認証プロセスサブルーチンを終了する(図20のRETURN)。 When the mobile terminal settlement unit 203 receives the authentication success information from the storefront terminal 3 within the predetermined time, in step S2006, the determination as to whether the authentication success information has been received within the predetermined time is an affirmative determination. In this case, the mobile terminal settlement unit 203 holds H = 0 (that is, authentication success) for the variable H stored in the secondary storage device 24 and ends the authentication process subroutine (RETURN in FIG. 20).
 なお、携帯端末決済部203が店頭端末3から認証成功情報または認証失敗情報のいずれかを受信しない限り、S2006の判断は否定判断、S2008の判断は否定判断となり、店頭端末3から認証処理の結果が送信されることを待ち続ける。 As long as the mobile terminal settlement unit 203 does not receive either authentication success information or authentication failure information from the store terminal 3, the determination in S2006 is a negative determination, and the determination in S2008 is a negative determination. Keeps waiting for.
 一方、携帯端末決済部203が店頭端末3から認証失敗情報を受信すると、ステップS2006の判断が否定判断となり、続いてステップS2008において店頭端末3から認証失敗情報を受信したか否かの判断が肯定判断となる。この場合、図20の処理はステップS2010へ移行する。 On the other hand, when the mobile terminal settlement unit 203 receives the authentication failure information from the storefront terminal 3, the determination in step S2006 is a negative determination, and in step S2008, the determination whether the authentication failure information is received from the storefront terminal 3 is affirmative. Judgment. In this case, the process in FIG. 20 proceeds to step S2010.
 ステップS2010において、携帯端末決済部203は、二次記憶装置24に記録されている変数Hに1を代入する。そして、携帯端末決済部203は、H=1(つまり、認証失敗)を保持して認証プロセスサブルーチンを終了する(図20のRETURN)。 In step S2010, the mobile terminal settlement unit 203 substitutes 1 for a variable H recorded in the secondary storage device 24. Then, the mobile terminal settlement unit 203 holds H = 1 (that is, authentication failure) and ends the authentication process subroutine (RETURN in FIG. 20).
 以上述べたとおり、図20に示された携帯端末決済部203が実行するサブルーチンは、二次記憶装置24に記録されている変数Hについて、H=0(認証成功に対応)またはH=1(認証失敗に対応)を与えて、終了する(図20のRETURN)。 As described above, the subroutine executed by the mobile terminal settlement unit 203 shown in FIG. 20 is H = 0 (corresponding to the authentication success) or H = 1 (for the variable H recorded in the secondary storage device 24). (Responding to authentication failure) is given and the process is terminated (RETURN in FIG. 20).
 なお、認証プロセスサブルーチンの結果として、店頭端末決済部301についてG=0が得られる場合には携帯端末決済部203についてH=0が得られ、店頭端末決済部301についてG=1が得られる場合には携帯端末決済部203についてH=1が得られることに注意されたい。 When G = 0 is obtained for the in-store terminal settlement unit 301 as a result of the authentication process subroutine, H = 0 is obtained for the mobile terminal settlement unit 203, and G = 1 is obtained for the over-the-counter settlement unit 301. Note that H = 1 is obtained for the mobile terminal settlement unit 203.
[決済処理3:認証プロセス後]
 上述の通り、認証プロセスの処理が終了したとき、店頭端末決済部301はG=0(認証成功に対応)またはG=1(認証失敗に対応)を保持しており、携帯端末決済部203はH=0(認証成功に対応)またはH=1(認証失敗に対応)を保持している。この結果を受けて、店頭端末決済部301及び携帯端末決済部203は、決済処理の第3段階を実行する。 [Payment process 3: After authentication process]
As described above, when the processing of the authentication process is completed, the storefront terminal payment unit 301 holds G = 0 (corresponding to authentication success) or G = 1 (corresponding to authentication failure), and the mobile terminal payment unit 203 H = 0 (corresponding to authentication success) or H = 1 (corresponding to authentication failure) is held. In response to this result, the storefront terminal payment unit 301 and the mobile terminal payment unit 203 execute the third stage of the payment process.
 第1に、G=0(H=0)の場合を説明する。 First, the case of G = 0 (H = 0) will be described.
 図18に示された認証プロセスサブルーチンの結果としてG=0が得られた場合、図16のステップS1608において、認証が成功したか否かの判断は肯定判断となる。この場合、図16の処理はステップS1610に移行する。 When G = 0 is obtained as a result of the authentication process subroutine shown in FIG. 18, in step S1608 of FIG. 16, the determination as to whether or not the authentication is successful is an affirmative determination. In this case, the process in FIG. 16 proceeds to step S1610.
 ステップS1610において、店頭端末決済部301は、認証成功画面をディスプレイ38B上に画面302として表示する。図23に、認証成功画面の一例を示す。認証成功画面は、メッセージ表示エリア302bを含む。認証成功画面において、メッセージ表示エリア302bは、認証が成功した旨と、決済処理を実行中である旨のメッセージを表示する。 In step S1610, the storefront terminal payment unit 301 displays an authentication success screen as a screen 302 on the display 38B. FIG. 23 shows an example of the authentication success screen. The authentication success screen includes a message display area 302b. On the authentication success screen, the message display area 302b displays a message indicating that the authentication is successful and that the payment process is being executed.
 ステップS1612において、店頭端末決済部301は、商品あるいはサービスの提供に対する対価としての支払額に相当する、財産データのリクエストを携帯端末2へ送信する。以降、店頭端末決済部301の処理は図17に移行する。なお、当該支払額は、ステップS1602において図21の決済開始画面に表示されている。 In step S1612, the in-store terminal settlement unit 301 transmits a request for property data corresponding to the payment amount as a price for the provision of the product or service to the mobile terminal 2. Thereafter, the processing of the storefront terminal payment unit 301 shifts to FIG. The payment amount is displayed on the settlement start screen in FIG. 21 in step S1602.
 今はG=0のケースを考えているのであるから、上述の通り、認証プロセスサブルーチンの結果として、携帯端末決済部203についてH=0が得られている。したがって、図19のS1904において、認証が成功したか否かの判断は肯定判断となる。この場合、図19の処理はステップS1906に移行する。 Since the case of G = 0 is considered now, as described above, H = 0 is obtained for the mobile terminal settlement unit 203 as a result of the authentication process subroutine. Accordingly, in S1904 of FIG. 19, the determination as to whether or not the authentication has succeeded is affirmative. In this case, the processing in FIG. 19 proceeds to step S1906.
 ステップS1906において、携帯端末決済部203は、店頭端末3から上記財産データのリクエストを受信する。ステップS1908において、携帯端末決済部203は、二次記憶装置24に記録されているチャージ残高を読み出して、チャージ残高からリクエストされた支払額を減算した減算額を算出する。ステップS1910において、携帯端末決済部203は、算出した減算額を用いて、減算額が0以上の金額であるか否かを判定する。 In step S1906, the mobile terminal settlement unit 203 receives the property data request from the storefront terminal 3. In step S1908, the mobile terminal settlement unit 203 reads the charge balance recorded in the secondary storage device 24, and calculates a subtraction amount obtained by subtracting the requested payment amount from the charge balance. In step S1910, the mobile terminal settlement unit 203 determines whether or not the subtraction amount is 0 or more using the calculated subtraction amount.
 減算額が0以上の金額である場合には、ステップS1910において、減算額が0以上の金額であるか否かの判断は肯定判断となる。この場合、図19の処理はステップS1912に移行する。 If the subtraction amount is 0 or more, the determination of whether or not the subtraction amount is 0 or more is affirmative in step S1910. In this case, the processing in FIG. 19 proceeds to step S1912.
 ステップS1912において、携帯端末決済部203は、リクエストされた支払額に相当する財産データを店頭端末3に送信する。 In step S1912, the mobile terminal settlement unit 203 transmits property data corresponding to the requested payment amount to the store terminal 3.
 その後のステップS1914において、携帯端末決済部203は、上記減算額を新たなチャージ残高として二次記憶装置24に記録して、決済プロセスを終了する(図19のEND)。 In subsequent step S1914, the portable terminal settlement unit 203 records the subtraction amount as a new charge balance in the secondary storage device 24, and ends the settlement process (END in FIG. 19).
 一方、店頭端末決済部301は、ステップS1612において財産データのリクエストを携帯端末2へ送信した後、携帯端末2からのデータの受信を待つ。 On the other hand, the storefront terminal payment unit 301 transmits a request for property data to the mobile terminal 2 in step S1612, and then waits for reception of data from the mobile terminal 2.
 店頭端末決済部301が携帯端末2から財産データを受信すると、図17のステップS1702において携帯端末2からデータを受信したか否かの判断は肯定判断となり、続いてステップS1704において受信したデータがチャージ残高不足情報であるか否かの判断は否定判断となる。この場合、図17の処理はステップS1706に移行する。 When store terminal payment unit 301 receives property data from portable terminal 2, the determination as to whether or not the data has been received from portable terminal 2 is affirmative in step S1702 of FIG. 17, and the received data is charged in step S1704. The determination of whether or not the balance shortage information is a negative determination. In this case, the process in FIG. 17 proceeds to step S1706.
 ステップS1706において、店頭端末決済部301は、携帯端末2から受信した財産データを二次記憶装置34に記録する。これにより、予め携帯端末2にチャージされた財産データを用いて、ユーザーが店頭端末3に支払を行ったことになる。 In step S 1706, the storefront terminal settlement unit 301 records the property data received from the mobile terminal 2 in the secondary storage device 34. As a result, the user pays the store terminal 3 using the property data charged in advance in the portable terminal 2.
 その後のステップS1708において、店頭端末決済部301は、ディスプレイ38B上に画面302として決済完了画面を表示する。図24に、決済完了画面の一例を示す。決済完了画面は、メッセージ表示エリア302bを含む。決済完了画面において、メッセージ表示エリア302bは、決済が完了した旨のメッセージを表示する。 In subsequent step S1708, the shop terminal payment unit 301 displays a payment completion screen as a screen 302 on the display 38B. FIG. 24 shows an example of the payment completion screen. The payment completion screen includes a message display area 302b. On the payment completion screen, the message display area 302b displays a message indicating that payment has been completed.
 S1710において、店頭端末決済部301は二次記憶装置34に記録された撮像データと、静脈データとを消去し、決済処理を完了する(図17のEND)。決済が終了するたびに2種のデータを消去することにより、指の静脈パターンという個人情報が誤用や悪用されることを防止することができる。 In S1710, the storefront terminal payment unit 301 deletes the imaging data and vein data recorded in the secondary storage device 34, and completes the payment process (END in FIG. 17). By erasing two types of data each time payment is completed, personal information such as a finger vein pattern can be prevented from being misused or misused.
 一方、図19のステップS1908で算出された減算額が0より小さい値である場合には、ステップS1910の判断は否定判断となる。この場合、図19の処理はステップS1916へ移行する。 On the other hand, if the subtraction amount calculated in step S1908 in FIG. 19 is a value smaller than 0, the determination in step S1910 is negative. In this case, the processing in FIG. 19 proceeds to step S1916.
 ステップS1916において、携帯端末決済部203は、チャージ残高不足情報を店頭端末3に送信し、決済プロセスを終了する(図19のEND)。この場合、携帯端末2から店頭端末3へ財産データは送信されない。 In step S1916, the mobile terminal settlement unit 203 transmits the charge balance shortage information to the store terminal 3 and ends the settlement process (END in FIG. 19). In this case, property data is not transmitted from the portable terminal 2 to the storefront terminal 3.
 店頭端末決済部301が携帯端末2からチャージ残高不足情報を受信すると、図17のステップS1702の判断は肯定判断となり、続いてステップS1704の判断は肯定判断となる。この場合、図17の処理はステップS1712に移行する。 When the shop terminal payment unit 301 receives the insufficient charge balance information from the mobile terminal 2, the determination in step S1702 in FIG. 17 is affirmative, and the determination in step S1704 is subsequently affirmative. In this case, the process in FIG. 17 proceeds to step S1712.
 ステップS1712において、店頭端末決済部301は、ディスプレイ38B上に画面302としてチャージ残高不足画面を表示する。図25に、チャージ残高不足画面の一例を示す。チャージ残高不足画面は、メッセージ表示エリア302bを含む。チャージ残高不足画面において、メッセージ表示エリア302bは、携帯端末2にチャージされた財産データでは今回の支払額に満たないため決済を行うことができない旨のメッセージを表示する。また、チャージ残高不足画面のメッセージ表示エリア302bは、ユーザーに他の方法での支払いを促すメッセージを表示してもよい。 In step S1712, the storefront terminal payment unit 301 displays a charge balance shortage screen as a screen 302 on the display 38B. FIG. 25 shows an example of a charge balance shortage screen. The charge balance shortage screen includes a message display area 302b. In the insufficient charge balance screen, the message display area 302b displays a message indicating that payment cannot be made because the property data charged in the mobile terminal 2 is less than the current payment amount. Further, the message display area 302b on the insufficient charge balance screen may display a message prompting the user to pay by another method.
 続いて図17の処理はステップS1710に移行する。ステップS1710において、店頭端末決済部301は二次記憶装置34に記録された撮像データと、静脈データとを消去し、決済処理を完了する(図17のEND)。この場合、店頭端末3は支払に必要な財産データを受け取っていないため、支払は完了していない。従って、店頭端末3は、ユーザーに対して支払を完了することを促す手段を備えていることが好ましい。 Subsequently, the processing of FIG. 17 proceeds to step S1710. In step S1710, the storefront terminal payment unit 301 deletes the imaging data and vein data recorded in the secondary storage device 34, and completes the payment process (END in FIG. 17). In this case, since the store terminal 3 has not received property data necessary for payment, the payment is not completed. Therefore, it is preferable that the storefront terminal 3 includes means for prompting the user to complete payment.
 今まで、G=0(すなわちH=0)の場合を説明してきた。第2に、G=1(すなわちH=1)の場合の処理を説明する。 So far, the case of G = 0 (that is, H = 0) has been described. Second, the process when G = 1 (that is, H = 1) will be described.
 図18に示された認証プロセスサブルーチンの結果としてG=1が得られた場合、図16のステップS1608において、認証が成功したか否かの判断は否定判断となる。この場合、図16の処理はステップS1614に移行する。 When G = 1 is obtained as a result of the authentication process subroutine shown in FIG. 18, in step S1608 in FIG. 16, the determination as to whether or not the authentication is successful is negative. In this case, the process in FIG. 16 proceeds to step S1614.
 ステップS1614において、店頭端末決済部301は、認証失敗画面をディスプレイ38B上に画面302として表示する。続いて、店頭端末決済部301の処理は図17に移行する。 In step S1614, the storefront terminal settlement unit 301 displays an authentication failure screen as the screen 302 on the display 38B. Subsequently, the processing of the storefront terminal settlement unit 301 shifts to FIG.
 図26に、認証失敗画面の一例を示す。認証失敗画面は、メッセージ表示エリア302bを含む。認証失敗画面において、メッセージ表示エリア302bは、認証が失敗した旨と、決済処理を中止する旨のメッセージを表示する。 FIG. 26 shows an example of an authentication failure screen. The authentication failure screen includes a message display area 302b. On the authentication failure screen, the message display area 302b displays a message indicating that the authentication has failed and that the payment processing is to be stopped.
 ステップS1614において認証失敗画面が表示された後、店頭端末決済部301は撮像データ及び静脈データを消去した上で(S1710)、決済処理を終了する(図17のEND)。この場合、チャージ残高不足の場合と同様に、店頭端末3は支払に必要な財産データを受け取っていないため、支払は完了していない。 After the authentication failure screen is displayed in step S1614, the storefront terminal payment unit 301 deletes the imaging data and vein data (S1710), and ends the payment process (END in FIG. 17). In this case, as in the case where the charge balance is insufficient, the store terminal 3 has not received the property data necessary for payment, and thus payment has not been completed.
 今はG=1のケースを考えているのであるから、上述の通り、認証プロセスサブルーチンの結果として、携帯端末決済部203についてH=1が得られている。したがって、図19のS1904において、認証が成功したか否かの判断は否定判断となる。この場合、携帯端末決済部203は、決済プロセスを終了する(図19のEND)。この場合、チャージ残高不足の場合と同様に、携帯端末2から店頭端末3へ財産データは送信されない。 Since the case of G = 1 is considered now, as described above, H = 1 is obtained for the mobile terminal settlement unit 203 as a result of the authentication process subroutine. Therefore, in S1904 of FIG. 19, the determination as to whether or not the authentication is successful is a negative determination. In this case, the mobile terminal payment unit 203 ends the payment process (END in FIG. 19). In this case, property data is not transmitted from the portable terminal 2 to the store terminal 3 as in the case of insufficient charge balance.
 以上に説明した本開示の第1実施形態に係る決済処理に関し、図27に店頭端末3と携帯端末2との間での情報のやり取りを示すシーケンス図を示す。図27に示した各ステップは、図16~20中の各ステップに対応する。なお、図示の便宜上、図27では決済処理中に存在する分岐を省略している点に注意されたい。具体的には、店頭端末3について、ステップS1608において否定判断、ステップS1704において肯定判断、ステップS1812において否定判断、のいずれかとなる場合を省略している。同様に、携帯端末2について、ステップS1904またはステップS1910において否定判断、ステップS2008において肯定判断、のいずれかとなるケースを省略している。 FIG. 27 is a sequence diagram showing exchange of information between the storefront terminal 3 and the portable terminal 2 regarding the settlement processing according to the first embodiment of the present disclosure described above. Each step shown in FIG. 27 corresponds to each step in FIGS. It should be noted that for convenience of illustration, in FIG. 27, branches existing during the settlement process are omitted. Specifically, for the storefront terminal 3, a case where a negative determination in step S1608, an affirmative determination in step S1704, or a negative determination in step S1812 is omitted. Similarly, for the mobile terminal 2, a case of either a negative determination in step S1904 or step S1910 and an affirmative determination in step S2008 is omitted.
 本実施形態によれば、携帯端末2を着用したユーザーの人体5を介した携帯端末2と店頭端末3との間の人体通信を利用して、ユーザーの本人認証のための生体認証が行われ、生体認証が成功した場合には、携帯端末2から店頭端末3へ財産データが送信される。この構成により、ユーザーが購入した商品またはサービスに対する対価の支払を、携帯端末2にチャージされた財産データを用いた決済として単純な操作によって実行することができる。 According to the present embodiment, biometric authentication for user authentication is performed using human body communication between the mobile terminal 2 and the storefront terminal 3 via the human body 5 of the user wearing the mobile terminal 2. When the biometric authentication is successful, the property data is transmitted from the portable terminal 2 to the storefront terminal 3. With this configuration, it is possible to execute a payment of a price for a product or service purchased by a user by a simple operation as a settlement using property data charged in the mobile terminal 2.
 また、本実施形態においては、生体認証用の静脈データは、決済の度に携帯端末2から店頭端末3へ送信され、決済が終了後には静脈データは店頭端末3から消去される。この構成により、店頭端末3が誤って他人の静脈パターンを適用するなどの誤用を防止することができる。 Further, in the present embodiment, vein data for biometric authentication is transmitted from the portable terminal 2 to the storefront terminal 3 each time a payment is made, and the vein data is deleted from the storefront terminal 3 after the settlement is completed. With this configuration, it is possible to prevent misuse such as the store terminal 3 incorrectly applying another person's vein pattern.
 さらに、本実施形態では、携帯端末2の二次記憶装置24に記録される静脈データは、財産データのチャージ時に口座サーバ1から携帯端末2に送信される。この構成により、加齢や疾病などの原因で静脈パターンが変化した場合でも、口座サーバ1の個別口座領域111に記録された静脈パターンを修正することにより、当該個別口座領域に対応する複数の携帯端末2の静脈データをアップデートすることができる。 Furthermore, in this embodiment, the vein data recorded in the secondary storage device 24 of the mobile terminal 2 is transmitted from the account server 1 to the mobile terminal 2 when the property data is charged. With this configuration, even when the vein pattern changes due to aging or disease, a plurality of mobile phones corresponding to the individual account area can be corrected by correcting the vein pattern recorded in the individual account area 111 of the account server 1. The vein data of the terminal 2 can be updated.
<第2実施形態>
 次に、本開示の第2実施形態について説明する。なお、第1実施形態と同様の構成である部分については、同一符号を付して説明を省略する。 Second Embodiment
Next, a second embodiment of the present disclosure will be described. In addition, about the part which is the structure similar to 1st Embodiment, the same code | symbol is attached | subjected and description is abbreviate | omitted.
<システムの概要>
 図28に本開示の第2の実施形態の生体認証部307aの構成を示す。本実施形態の生体認証部307aにおいては、2個の指ガイドのうち先端方向(図5の水平左方向)に配置された指ガイド310には、第1実施形態の送受信部306に代えて、ロッド306aが配置されている。本実施形態ではロッド306aが人体通信送受信部のアンテナ(人体に接触する部分)として機能する。つまり、本実施形態のロッド306aは、第1実施形態の送受信部306の機能を代替する。 <System overview>
FIG. 28 illustrates a configuration of the biometric authentication unit 307a according to the second embodiment of the present disclosure. In the biometric authentication unit 307a of this embodiment, the finger guide 310 arranged in the distal direction (horizontal left direction in FIG. 5) of the two finger guides is replaced with the transmission / reception unit 306 of the first embodiment. A rod 306a is disposed. In this embodiment, the rod 306a functions as an antenna (portion in contact with the human body) of the human body communication transmitting / receiving unit. That is, the rod 306a of this embodiment substitutes for the function of the transmission / reception unit 306 of the first embodiment.
 ロッド306aは、指ガイド310の1つに鉛直上下方向に移動可能である状態で嵌合しており、図示しないばねによって鉛直上方に付勢されている。このロッド306aの下にはスイッチ316が配設されており、ロッド306aをばねに抗して押圧すると、スイッチ316がオフからオンに変化し、それによってロッド306aが押圧されたことを検出する。 The rod 306a is fitted to one of the finger guides 310 so as to be vertically movable in the vertical direction, and is urged vertically upward by a spring (not shown). A switch 316 is disposed below the rod 306a. When the rod 306a is pressed against the spring, the switch 316 changes from off to on, thereby detecting that the rod 306a is pressed.
<決済処理>
 図29、30は、本実施形態において決済を行う処理プログラムの一例を示すフローチャートである。図29は、店頭端末決済部301としてのCPU30の実行する処理プログラムの一例を示し、図30は携帯端末決済部としてのCPU20の実行する処理プログラムの一例を示している。 <Payment processing>
29 and 30 are flowcharts illustrating an example of a processing program for performing settlement in the present embodiment. FIG. 29 shows an example of a processing program executed by the CPU 30 as the storefront terminal payment unit 301, and FIG. 30 shows an example of a processing program executed by the CPU 20 as the mobile terminal payment unit.
 図29に示された店頭端末決済部301の実行する処理において、図16及び17に示された第1実施形態の処理と異なるところは、ステップS1704において受信したデータがチャージ残高不足情報であるか否かの判断が否定判断である場合に、ステップS1706に移行して決済を実行する(つまり、店頭端末決済部301が携帯端末2から受信した財産データを二次記憶装置34に記録する)のではなく、ステップS2902~S2910の処理を実行して、ユーザーに対して決済可否の問い合わせをする点である。 The processing executed by the storefront terminal payment unit 301 shown in FIG. 29 differs from the processing of the first embodiment shown in FIGS. 16 and 17 in that the data received in step S1704 is insufficient charge balance information. If the determination is NO, the process proceeds to step S1706 to execute payment (that is, the storefront terminal payment unit 301 records the property data received from the portable terminal 2 in the secondary storage device 34). Instead, the processing in steps S2902 to S2910 is executed to inquire the user whether or not settlement is possible.
 また、図29のステップS2902~S2910に対応して、図30に示された携帯端末決済部203の実行する処理は、以下の点で図19に示された第1実施形態の処理と異なる。すなわち、ステップS1910において減算額が0以上の金額であるか否かの判断が肯定判断である場合に、ステップS1912に移行して財産データを店頭端末3に送信するのではなく、ステップS3002~S3006の処理を実行する。 In addition, corresponding to steps S2902 to S2910 in FIG. 29, the process executed by the mobile terminal settlement unit 203 shown in FIG. 30 is different from the process of the first embodiment shown in FIG. 19 in the following points. That is, if the determination in step S1910 is whether or not the subtraction amount is 0 or more is an affirmative determination, the process proceeds to step S1912, and the property data is not transmitted to the store terminal 3, but steps S3002 to S3006 are performed. Execute the process.
 以下、図30のステップS1904において判断が肯定判断である場合から説明を開始する。この場合、図30の処理はステップS3002に移行する。 Hereinafter, the description starts from a case where the determination in step S1904 in FIG. 30 is affirmative. In this case, the processing in FIG. 30 proceeds to step S3002.
 ステップS3002において、携帯端末決済部203は、問合せ情報を店頭端末3へ送信する。問合せ情報を受信すると、本実施形態に係る店頭端末決済部301は、ユーザーに対して決済可否の問い合わせを行う。 In step S3002, the mobile terminal settlement unit 203 transmits the inquiry information to the storefront terminal 3. When the inquiry information is received, the store terminal payment unit 301 according to the present embodiment inquires of the user whether the payment is possible.
 具体的には、店頭端末決済部301が携帯端末2から問合せ情報を受信すると、図29のステップS1702において携帯端末2からデータを受信したか否かの判断は肯定判断となり、続いてステップS1704において受信したデータがチャージ残高不足情報であるか否かの判断は否定判断となる。この場合、図29の処理はステップS2902に移行する。 Specifically, when in-store terminal settlement unit 301 receives inquiry information from portable terminal 2, in step S1702 in FIG. 29, it is determined whether or not data has been received from portable terminal 2, and then in step S1704. The determination whether the received data is insufficient charge balance information is a negative determination. In this case, the processing in FIG. 29 proceeds to step S2902.
 ステップS2902において、店頭端末決済部301は、ディスプレイ38B上に画面302として問合せ画面を表示するとともに、二次記憶装置34に記録された変数T1に0を代入して、ソフトタイマを起動する。 In step S2902, the in-store terminal settlement unit 301 displays an inquiry screen as a screen 302 on the display 38B, and substitutes 0 for a variable T1 recorded in the secondary storage device 34 to start a soft timer.
 変数T1は、問合せ画面が表示された時点から経過した時間を示し、ソフトタイマが起動すると、経過時間T1が計測される。 The variable T1 indicates the time that has elapsed since the inquiry screen was displayed. When the soft timer is activated, the elapsed time T1 is measured.
 図31に、問合せ画面の一例を示す。問合せ画面は、メッセージ表示エリア302bと、支払金額表示エリア302eと、承認メッセージ表示エリア302fとを含む。問合せ画面において、メッセージ表示エリア302bは決済の準備が完了した旨のメッセージを表示し、支払金額表示エリア302eは対価(すなわち、支払金額)を表示し、承認メッセージ表示エリア302fは現在の取引を承認し決済を行うかどうかの問い合わせメッセージを表示する。 FIG. 31 shows an example of an inquiry screen. The inquiry screen includes a message display area 302b, a payment amount display area 302e, and an approval message display area 302f. In the inquiry screen, the message display area 302b displays a message indicating that preparation for payment has been completed, the payment amount display area 302e displays the consideration (ie, payment amount), and the approval message display area 302f approves the current transaction. Display an inquiry message about whether or not to settle.
 取引を承認して決済を実行することを希望する場合、ユーザーは指501により鉛直下方向へ力を加え、指501が接触しているロッド306aをばねの反発力に抗して押圧する(図28参照)。この結果、生体認証部307aのスイッチ316がオフからオンに変わってロッド306aの押圧を検知する。 When the user wishes to approve the transaction and execute settlement, the user applies a force downward in the vertical direction with the finger 501 and presses the rod 306a with which the finger 501 is contacting against the repulsive force of the spring (see FIG. 28). As a result, the switch 316 of the biometric authentication unit 307a changes from off to on and detects pressing of the rod 306a.
 ステップS2902の実行後に所定時間が経過するまで、店頭端末決済部301は、生体認証部307aのスイッチ316がロッド306aの押圧を検知することを待つ。図29では、一例として、この所定時間は10秒としている。 The shop terminal payment unit 301 waits for the switch 316 of the biometric authentication unit 307a to detect the pressing of the rod 306a until a predetermined time elapses after the execution of step S2902. In FIG. 29, as an example, the predetermined time is 10 seconds.
 具体的には、生体認証部307aのスイッチ316がロッド306aの押圧を検知しない限り、ステップS2904において生体認証部307aでの押圧を検知したか否かの判断が否定判断となる。続いて、ステップS2908において、店頭端末決済部301は、経過時間T1が所定時間を越えたか否かを判断する。ステップS2904の判断が肯定判断となるか、ステップS2908の判断が肯定判断となるかのいずれかが満たされるまで、店頭端末決済部301は、ロッド306aの押圧の検知を待ち続ける。 Specifically, unless the switch 316 of the biometric authentication unit 307a detects the pressing of the rod 306a, the determination of whether or not the biometric authentication unit 307a has detected a press in step S2904 is a negative determination. Subsequently, in step S2908, the shop terminal payment unit 301 determines whether or not the elapsed time T1 has exceeded a predetermined time. Until either the determination in step S2904 is affirmative or the determination in step S2908 is affirmative, store terminal payment unit 301 continues to wait for detection of pressing of rod 306a.
 生体認証部307aのスイッチ316がロッド306aの押圧を検知すると、ステップS2904において、生体認証部307aでの押圧を検知したか否かの判断が肯定判断となる。この場合、図29の処理はステップS2906へ移行する。 When the switch 316 of the biometric authentication unit 307a detects the pressing of the rod 306a, in step S2904, the determination as to whether or not the pressing of the biometric authentication unit 307a has been detected is an affirmative determination. In this case, the processing in FIG. 29 proceeds to step S2906.
 ステップS2906において、店頭端末決済部301は、携帯端末2へ承認情報を送信する。 In step S2906, the shop terminal payment unit 301 transmits the approval information to the mobile terminal 2.
 一方、本実施形態に係る携帯端末決済部203は、図30のステップS1910の判断が肯定判断となる場合には、店頭端末3からの情報の受信を待っている。具体的には、ステップS3004において店頭端末3から承認情報を受信したか否かの判断が肯定判断となるか、続くステップS3006において店頭端末3から非承認情報を受信したか否かの判断が肯定判断となるか、のいずれかが満たされるまで、携帯端末決済部203は店頭端末3からの情報の受信を待ち続ける。 On the other hand, the mobile terminal settlement unit 203 according to the present embodiment waits for reception of information from the storefront terminal 3 when the determination in step S1910 of FIG. Specifically, whether or not the approval information is received from the storefront terminal 3 in step S3004 is affirmative, or whether or not non-approval information is received from the storefront terminal 3 is determined in the subsequent step S3006. The mobile terminal settlement unit 203 continues to wait for reception of information from the storefront terminal 3 until one of the determinations is satisfied.
 携帯端末決済部203が店頭端末3から承認情報を受信すると、ステップS2604の判断が肯定判断となる。この場合、図30の処理は、ステップS1912に移行する。この後の処理は、図19及び図17に示された第1実施形態の処理と同様である。 When the mobile terminal settlement unit 203 receives the approval information from the storefront terminal 3, the determination in step S2604 becomes an affirmative determination. In this case, the processing in FIG. 30 proceeds to step S1912. The subsequent processing is the same as the processing of the first embodiment shown in FIGS.
 また、店頭端末決済部301のソフトタイマが計測している経過時間T1が10秒を超えると、ステップS2908において、T1が10秒を越えたか否かの判断が肯定判断となる。この場合、図29の処理はステップS2910へ移行する。 Further, when the elapsed time T1 measured by the soft timer of the storefront terminal payment unit 301 exceeds 10 seconds, in step S2908, it is determined whether T1 has exceeded 10 seconds. In this case, the process in FIG. 29 proceeds to step S2910.
 ステップS2910において、店頭端末決済部301は、携帯端末2に非承認情報を送信するとともに、ディスプレイ38B上に画面302として決済中止画面を表示する。 In step S2910, the shop terminal payment unit 301 transmits non-approval information to the mobile terminal 2, and displays a payment cancellation screen as a screen 302 on the display 38B.
 図32に、決済中止画面の一例を示す。問合せ画面は、メッセージ表示エリア302bと、支払金額表示エリア302eと、非承認メッセージ表示エリア302gとを含む。決済中止画面において、メッセージ表示エリア302bは決済が承認されなかった旨のメッセージを表示し、支払金額表示エリア302eは対価(すなわち、支払金額)を表示し、非承認メッセージ表示エリア302gは現在の取引を中止する旨及び他の方法での支払いを促すメッセージを表示する。 FIG. 32 shows an example of the settlement cancellation screen. The inquiry screen includes a message display area 302b, a payment amount display area 302e, and an unapproved message display area 302g. In the settlement cancellation screen, the message display area 302b displays a message that the settlement has not been approved, the payment amount display area 302e displays the consideration (ie, the payment amount), and the non-approval message display area 302g displays the current transaction. A message prompting you to cancel the payment and prompting payment by other methods is displayed.
 携帯端末決済部203が店頭端末3から非承認情報を受信すると、ステップS2604の判断が否定判断となり、続いてステップS2606において非承認情報を受信したか否かの判断が肯定判断となる。この場合、図30の処理は終了する。 When the mobile terminal settlement unit 203 receives the non-approval information from the storefront terminal 3, the determination in step S2604 becomes a negative determination, and then the determination whether or not the non-approval information is received in step S2606 becomes a positive determination. In this case, the process in FIG. 30 ends.
 以上に説明した本開示の第2実施形態に係る決済処理に関し、図33に店頭端末3と携帯端末2との間での情報のやり取りを示すシーケンス図を示す。図33に示した各ステップは、図16~20、29、30中の各ステップに対応する。なお、図示の便宜上、図33では、図27のシーケンス図と同様に、決済処理中に存在する分岐を省略している点に注意されたい。 FIG. 33 is a sequence diagram illustrating information exchange between the storefront terminal 3 and the mobile terminal 2 regarding the settlement processing according to the second embodiment of the present disclosure described above. Each step shown in FIG. 33 corresponds to each step in FIGS. For convenience of illustration, it should be noted that in FIG. 33, as in the sequence diagram of FIG. 27, branches existing during the settlement process are omitted.
 本実施形態では、問合せ画面が表示された時点からの経過時間T1を計測する。そして所定時間を超えてもユーザーによるロッド306aの押圧が検出されない場合(一例として、T1が10秒を超えた場合)、ユーザーは現在の取引を拒否したとみなし、決済を実行せずに処理を終了する。 In this embodiment, the elapsed time T1 from the time when the inquiry screen is displayed is measured. If the pressing of the rod 306a by the user is not detected even after the predetermined time has elapsed (for example, when T1 exceeds 10 seconds), the user considers that the current transaction has been rejected, and the process is performed without executing the settlement. finish.
 本実施形態によれば、ユーザーの意思に反して誤って決済を実行してしまうことを防止できる。 According to the present embodiment, it is possible to prevent the settlement from being executed erroneously against the user's intention.
<第3実施形態>
 次に、本開示の第3実施形態について説明する。なお、第1実施形態と同様の構成である部分については、同一符号を付して説明を省略する。 <Third Embodiment>
Next, a third embodiment of the present disclosure will be described. In addition, about the part which is the structure similar to 1st Embodiment, the same code | symbol is attached | subjected and description is abbreviate | omitted.
 上述の第1実施形態及び第2実施形態においては、携帯端末2の二次記憶装置24は、個別口座領域111の所有者を特定しうる静脈データを1つだけ記録していた。これに対応して、口座サーバ1の個別口座領域111は、単一の静脈データを記録していた。 In the first embodiment and the second embodiment described above, the secondary storage device 24 of the mobile terminal 2 records only one vein data that can identify the owner of the individual account area 111. Correspondingly, the individual account area 111 of the account server 1 records single vein data.
 静脈パターンなどの個人を特定する生体情報は、加齢や経時変化などによる少しずつ変化する。この変化の程度が軽微なものであれば、公知のパターン認識の技術により、カバーできる。しかし、登録されているパターンが生体情報の変化のタイムスケールの観点からは非常に古いものである場合には、生体情報の変化の程度が大きいために、認証ミスの可能性が大きくなる。ここで認証ミスとは、具体的には、携帯端末2の本来の所有者であるユーザーが決済を実行しているにも拘らず、決済処理中の生体認証において認証が失敗することである。
<システムの概要> Biological information for identifying an individual such as a vein pattern changes little by little due to aging or changes over time. If the degree of this change is slight, it can be covered by a known pattern recognition technique. However, if the registered pattern is very old from the viewpoint of the time scale of the change of the biometric information, the degree of change of the biometric information is large, so that the possibility of an authentication error increases. Here, specifically, the authentication mistake means that the authentication fails in the biometric authentication during the payment process even though the user who is the original owner of the mobile terminal 2 is executing the payment.
<System overview>
 本実施形態では、1つではなく、複数の所定数の静脈データが口座サーバ1の個別口座領域111及び携帯端末2の二次記憶装置24に記録され、これらの複数の静脈データが決済プロセス中の生体認証に利用される。所定数は、一例として5として、以下に説明する。 In the present embodiment, instead of one, a plurality of predetermined numbers of vein data are recorded in the individual account area 111 of the account server 1 and the secondary storage device 24 of the mobile terminal 2, and these plurality of vein data are in the process of settlement. Used for biometric authentication. The predetermined number will be described below as 5 as an example.
 また、上述の第1実施形態及び第2実施形態においては、口座サーバ1の特定の個別口座領域111に記録された静脈データは、ユーザーが自発的に更新のための作業を実行しない限り、アップデートされることは無かった。一方、携帯端末2の二次記憶装置24に記録された静脈データは、ユーザーがチャージ処理を実行しない限り、アップデートされることは無かった。 In the first and second embodiments described above, the vein data recorded in the specific individual account area 111 of the account server 1 is updated unless the user voluntarily performs an update operation. It was never done. On the other hand, the vein data recorded in the secondary storage device 24 of the portable terminal 2 has not been updated unless the user executes the charging process.
 本実施形態では、決済プロセス中の生体認証プロセスにおいて生体認証が成功するたびに、店頭端末3の生体認証部307の撮像素子314によって撮像された撮像データが携帯端末2へ送信され、二次記憶装置24に記録される。つまり、決済プロセスにおいて生体認証が成功するたびに、最新の撮像データによって、携帯端末2の二次記憶装置24に記録された静脈データがアップデートされる。 In the present embodiment, every time biometric authentication succeeds in the biometric authentication process in the settlement process, the image data captured by the image sensor 314 of the biometric authentication unit 307 of the storefront terminal 3 is transmitted to the mobile terminal 2 for secondary storage. Recorded in device 24. That is, every time biometric authentication succeeds in the payment process, the vein data recorded in the secondary storage device 24 of the mobile terminal 2 is updated with the latest imaging data.
 さらに本実施形態では、チャージ処理においてパスワードによる本人認証が肯定されるたびに、口座サーバ1の個別口座領域111に記憶された静脈データは、現在記憶している5つの静脈データに携帯端末2の二次記憶装置24に記録された5つの静脈データを加えた10個のデータの中から、最新の5個によって書き換えられる。つまり、チャージ処理においてパスワードによる本人認証が肯定されるたびに、口座サーバ1の個別口座領域111に記憶された静脈データが最新のものにアップデートされる。 Further, in the present embodiment, each time the personal authentication by the password is affirmed in the charge process, the vein data stored in the individual account area 111 of the account server 1 is stored in the currently stored five vein data of the mobile terminal 2. Of the 10 data including the 5 vein data recorded in the secondary storage device 24, the latest 5 are rewritten. That is, every time the personal authentication by the password is affirmed in the charging process, the vein data stored in the individual account area 111 of the account server 1 is updated to the latest one.
 本実施形態に係る口座サーバ1の個別口座領域111には、予め5セットの静脈データが登録されている。単一のデータに代えて5セットを登録することにより、例えば登録時の指の位置のばらつきによる差異を吸収することが可能となる。したがって、ユーザーは予め5回静脈パターンを撮像し、それぞれのデータを1回目~5回目のデータとして登録する。5セットの静脈データの各々には、データの登録日及び登録時刻の情報がひも付けされている。 In the individual account area 111 of the account server 1 according to the present embodiment, five sets of vein data are registered in advance. By registering 5 sets instead of single data, for example, it is possible to absorb differences due to variations in finger positions during registration. Therefore, the user images the vein pattern five times in advance and registers each data as the first to fifth data. Each of the five sets of vein data is associated with data registration date and registration time information.
<チャージ処理>
 次に、本実施形態における財産データのチャージのプロセスを説明する。 <Charge processing>
Next, the process of charging property data in this embodiment will be described.
 図34、35は、本実施形態において財産データのチャージを行う処理プログラムの一例を示すフローチャートである。図34は携帯端末チャージ部201の実行する処理プログラムの一例を示し、図35は口座サーバチャージ部101の実行する処理プログラムの一例を示している。 34 and 35 are flowcharts showing an example of a processing program for charging property data in this embodiment. FIG. 34 shows an example of a processing program executed by the mobile terminal charging unit 201, and FIG. 35 shows an example of a processing program executed by the account server charging unit 101.
 図34に示された携帯端末チャージ部201の実行する処理において、図6及び7に示された第1実施形態の処理と異なるところは、ステップS614において受信したデータが再度のパスワード要求であるか否かの判断が否定判断である場合に、ステップS616に代えて、ステップS3402~S3404の処理を実行して、口座サーバ1から残高データ及び5つの静脈データを受信して二次記憶装置24に記録する点である。 The processing executed by the portable terminal charging unit 201 shown in FIG. 34 differs from the processing of the first embodiment shown in FIGS. 6 and 7 in that the data received in step S614 is a password request again. If the determination is NO, the process of steps S3402 to S3404 is executed instead of step S616, and the balance data and the five vein data are received from the account server 1 and stored in the secondary storage device 24. It is a point to record.
 また、図34のステップS3402~S3404に対応して、図35に示された口座サーバチャージ部101の実行する処理は、以下の点で図8及び9に示された第1実施形態の処理と異なる。すなわち、S806において携帯端末2から受信したパスワードが正しいか否かの判断が肯定判断である場合に、ステップS808に代えて、ステップS3502~S3508の処理を実行して、残高データと、アップデートされた最新の5つの静脈データとを携帯端末2へ送信する。 Further, the processing executed by the account server charge unit 101 shown in FIG. 35 corresponding to steps S3402 to S3404 of FIG. 34 is the same as the processing of the first embodiment shown in FIGS. Different. That is, if the determination whether the password received from the portable terminal 2 is correct in S806 is an affirmative determination, the process of steps S3502 to S3508 is executed instead of step S808, and the balance data and the updated data are updated. The latest five vein data are transmitted to the portable terminal 2.
 以下、図35(及び図8)のステップS806の判断が肯定判断である場合から説明を開始する。この場合、図35の処理はステップS3502に移行する。 Hereinafter, the description starts when the determination in step S806 in FIG. 35 (and FIG. 8) is affirmative. In this case, the processing in FIG. 35 proceeds to step S3502.
 ステップS3502において、口座サーバチャージ部101は、携帯端末2へ静脈データのリクエストを送信する。 In step S3502, the account server charge unit 101 transmits a request for vein data to the mobile terminal 2.
 本実施形態の携帯端末チャージ部201が口座サーバ1から静脈データのリクエストを受信すると、図34(及び図6)のステップS612において、口座サーバ1からデータを受信したか否かの判断が肯定判断となる。続いて、ステップS614において、受信したデータは再度のパスワード要求であるか否かの判断が否定判断となる。この場合、図34の処理はステップS3402へ移行する。 When the mobile terminal charging unit 201 of the present embodiment receives a request for vein data from the account server 1, in step S <b> 612 of FIG. 34 (and FIG. 6), a determination is made as to whether or not data has been received from the account server 1. It becomes. Subsequently, in step S614, the determination whether the received data is a password request again is negative. In this case, the process in FIG. 34 proceeds to step S3402.
 ステップS3402において、携帯端末チャージ部201は、二次記憶装置24に記録された5つの静脈データを口座サーバ1へ送信する。 In step S3402, the mobile terminal charging unit 201 transmits the five vein data recorded in the secondary storage device 24 to the account server 1.
 図35のステップS3504において、口座サーバチャージ部101は、携帯端末2から5つの静脈データを受信する。 In step S3504 in FIG. 35, the account server charge unit 101 receives five vein data from the portable terminal 2.
 ステップS3506において、口座サーバチャージ部101は、現在の手持ちの10セットの静脈データから、データの登録日及び登録時刻が最も新しい5セットを選択し、選択された5セットを新たな静脈データとして対応する個別口座領域111に記録し、残りの5セットを削除する。ここで、現在の手持ちの10セットのデータは、チャージ処理を行っているユーザーの所有する(パスワードによって指定されている)特定の個別口座領域111に記憶されている5セットの静脈データと、携帯端末2から受信した5セットの静脈データとから構成される。 In step S3506, the account server charge unit 101 selects five sets with the newest data registration date and registration time from the current ten sets of vein data, and handles the selected five sets as new vein data. Are recorded in the individual account area 111 and the remaining five sets are deleted. Here, the current 10 sets of data include 5 sets of vein data stored in a specific individual account area 111 (specified by a password) owned by the user who is performing the charge process, and mobile data It consists of five sets of vein data received from the terminal 2.
 続くステップS3508において、口座サーバチャージ部101は、更新された個別口座領域111の5つの静脈データを携帯端末2へ送信する。その後、図35の処理はステップS902に移行する。口座サーバチャージ部101のこれ以降の処理は、図9に示された第1実施形態の処理と同様である。 In subsequent step S3508, account server charge unit 101 transmits the updated five vein data of individual account area 111 to portable terminal 2. Thereafter, the processing in FIG. 35 proceeds to step S902. The subsequent processing of the account server charge unit 101 is the same as the processing of the first embodiment shown in FIG.
 図34のステップS3404において、携帯端末チャージ部201は、口座サーバ1から更新された個別口座領域111の5つの静脈データを受信し、これらを二次記憶装置24に記録する。これにより、口座サーバ1の特定の個別口座領域111に記録された5セットの静脈データと、携帯端末2の二次記憶装置24に記録された5セットの静脈データとが同期される。 34, the mobile terminal charging unit 201 receives the five vein data of the individual account area 111 updated from the account server 1 and records them in the secondary storage device 24. As a result, the five sets of vein data recorded in the specific individual account area 111 of the account server 1 and the five sets of vein data recorded in the secondary storage device 24 of the mobile terminal 2 are synchronized.
 その後、図34の処理はステップS702に移行する。携帯端末チャージ部201のこれ以降の処理は、図7に示された第1実施形態の処理と同様である。 Thereafter, the processing of FIG. 34 proceeds to step S702. The subsequent processing of the portable terminal charging unit 201 is the same as the processing of the first embodiment shown in FIG.
 以上に説明した本開示の第3実施形態に係るチャージ処理に関し、図36に携帯端末2と口座サーバ1との間での情報のやり取りを示すシーケンス図を示す。図36に示した各ステップは、図6~9、34、35中の各ステップに対応する。なお、図示の便宜上、図36では、図15のシーケンス図と同様に、チャージ処理中に存在する分岐を省略している点に注意されたい。 With respect to the charge processing according to the third embodiment of the present disclosure described above, FIG. 36 is a sequence diagram illustrating information exchange between the mobile terminal 2 and the account server 1. Each step shown in FIG. 36 corresponds to each step in FIGS. For convenience of illustration, it should be noted that in FIG. 36, as in the sequence diagram of FIG. 15, branches existing during the charge process are omitted.
 <決済処理>
 本実施形態の決済処理は、第1実施形態の処理に対し、決済処理全体の第2段階である認証プロセスのみが相違する。よって、以下では認証プロセスのみを説明する。 <Payment processing>
The settlement process of this embodiment is different from the process of the first embodiment only in the authentication process that is the second stage of the entire settlement process. Therefore, only the authentication process will be described below.
[認証プロセスサブルーチン] 
 本実施形態の決済処理における認証プロセスは、サブルーチンとして図37及び図38に図示されている。図37は店頭端末決済部301としてのCPU30が実行する処理プログラムの一例を示すサブルーチンであり、図38は携帯端末決済部203としてのCPU20が実行する処理プログラムの一例を示すサブルーチンである。 [Authentication process subroutine]
The authentication process in the settlement process of the present embodiment is illustrated in FIGS. 37 and 38 as a subroutine. FIG. 37 is a subroutine showing an example of a processing program executed by the CPU 30 as the shop terminal payment unit 301, and FIG. 38 is a subroutine showing an example of a processing program executed by the CPU 20 as the mobile terminal payment unit 203.
 図37のステップS3702において、店頭端末決済部301は、二次記憶装置34に記憶される変数Gに0を代入する。なお、第1実施形態について説明した通り、Gは、店頭端末決済部301において認証の成功または失敗を表す2値変数である。 37. In step S3702 of FIG. 37, the storefront terminal settlement unit 301 substitutes 0 for a variable G stored in the secondary storage device 34. As described in the first embodiment, G is a binary variable representing success or failure of authentication in the storefront terminal payment unit 301.
 続いて、店頭端末決済部301は、第1実施形態と同様にステップS1804において、携帯端末2に静脈データのリクエストを送信する。 Subsequently, the storefront terminal payment unit 301 transmits a request for vein data to the mobile terminal 2 in step S1804 as in the first embodiment.
 店頭端末3から静脈データのリクエストを受信することにより、本実施形態の携帯端末決済部203は認証プロセスサブルーチンを開始する(図38のSTART)。第1実施形態と同様に、ステップS2002において、携帯端末決済部203は、二次記憶装置24に記憶される変数Hに0を代入する。 Upon receipt of the vein data request from the storefront terminal 3, the mobile terminal settlement unit 203 of this embodiment starts an authentication process subroutine (START in FIG. 38). Similarly to the first embodiment, in step S2002, the mobile terminal settlement unit 203 substitutes 0 for a variable H stored in the secondary storage device 24.
 続くステップS3802において、携帯端末決済部203は、リクエストされた5つの静脈データを二次記憶装置24から読み出し、店頭端末3へ送信する。なお、図38のステップS3802においては、図20に示された第1実施形態のS2004と異なり、5セットの静脈データが店頭端末3に送信されることに注意されたい。 In subsequent step S3802, the mobile terminal settlement unit 203 reads the requested five vein data from the secondary storage device 24 and transmits it to the store terminal 3. Note that, in step S3802 of FIG. 38, five sets of vein data are transmitted to the storefront terminal 3, unlike S2004 of the first embodiment shown in FIG.
 図37のステップS3704において、店頭端末決済部301は、携帯端末2から5つの静脈データを受信し、二次記憶装置34に記録する。なお、図37のステップS3704においては、図18に示された第1実施形態のS1806と異なり、5セットの静脈データが携帯端末2から受信されることに注意されたい。 37, the shop terminal payment unit 301 receives five vein data from the portable terminal 2 and records them in the secondary storage device 34. Note that, in step S3704 of FIG. 37, five sets of vein data are received from the portable terminal 2 unlike S1806 of the first embodiment shown in FIG.
 続くステップS1808において、第1実施形態と同様に、店頭端末決済部301は、生体認証部307において、指ガイド310に接触している接触物を撮像し、撮像データを二次記憶装置34に記録する。その後、図37の処理はステップS3706に移行する。 In subsequent step S1808, as in the first embodiment, the storefront terminal settlement unit 301 captures the contact object in contact with the finger guide 310 in the biometric authentication unit 307 and records the captured data in the secondary storage device 34. To do. Thereafter, the processing in FIG. 37 proceeds to step S3706.
 ステップS3706において、店頭端末決済部301は、二次記憶装置34に記憶される変数Iに1を代入する。 In step S3706, the shop terminal payment unit 301 substitutes 1 for a variable I stored in the secondary storage device.
 ここで、Iは認証の試行回数を表す自然数であるとともに、S3704において携帯端末2から受信した5セットの静脈データのそれぞれを指し示す序数である。すなわち、I=1は静脈データの第1セットを示し、以下同様に、I=2、3、4、5はそれぞれ第2~第5セットを示す。本実施形態では静脈データは一例として5セットとしているから、図37に示されたフローでは変数Iが6になったところで、後述するステップS3714において認証が失敗したとの判定が行われることになる。 Here, I is a natural number representing the number of authentication attempts and an ordinal number indicating each of the five sets of vein data received from the mobile terminal 2 in S3704. That is, I = 1 indicates the first set of vein data, and similarly, I = 2, 3, 4, and 5 indicate the second to fifth sets, respectively. In this embodiment, five sets of vein data are used as an example. Therefore, in the flow shown in FIG. 37, when the variable I becomes 6, it is determined that the authentication has failed in step S3714 described later. .
 序数としての自然数Iは、5セットの静脈データに対して、登録時期が新しい順に割り当てられる。よって、静脈データの第1セットは最も新しい時期に登録された静脈データであり、第5セットは最も古い時期に登録された静脈データである。 The natural number I as an ordinal number is assigned to 5 sets of vein data in the order of registration. Therefore, the first set of vein data is vein data registered at the latest time, and the fifth set is vein data registered at the oldest time.
 整数Iは、図18に示された第1実施形態の処理において認証の試行回数を表す整数である変数Fとは意義が異なる点に注意されたい。Fは、図18の処理においてステップS1808が繰り返された回数を示す。すなわち、Fは生体認証部307において撮像データが作成された回数を示している。しかしながら、図37に示される本実施形態の処理においては、ステップS1808の実行は繰り返されることはなく、撮像データは1度に限り作成される。 Note that the integer I has a different meaning from the variable F, which is an integer representing the number of authentication attempts in the processing of the first embodiment shown in FIG. F indicates the number of times step S1808 is repeated in the process of FIG. That is, F indicates the number of times the biometric authentication unit 307 has created the imaging data. However, in the process of the present embodiment shown in FIG. 37, the execution of step S1808 is not repeated, and imaging data is created only once.
 ステップS3708において、店頭端末決済部301は、撮像素子314により撮像された撮像データと、I番目の静脈データとを二次記憶装置34から読み出し、2つのデータに含まれる静脈パターンを比較する。続くステップS3710において、店頭端末決済部301は、二次記憶装置34に記憶された変数Iに1を加算する。例えば初回の認証後であれば、ステップS3706においてI=1が二次記憶装置34に記録されているから、S3710において1が加算されることにより、変数I=2が新たに二次記憶装置34に記録される。 In step S3708, the shop terminal payment unit 301 reads the image data captured by the image sensor 314 and the I-th vein data from the secondary storage device 34, and compares the vein patterns included in the two data. In subsequent step S3710, store terminal settlement unit 301 adds 1 to variable I stored in secondary storage device 34. For example, after the first authentication, since I = 1 is recorded in the secondary storage device 34 in step S3706, the variable I = 2 is newly added to the secondary storage device 34 by adding 1 in S3710. To be recorded.
 照合の結果として2つのデータに含まれる静脈パターンが一致した場合には、ステップS1812において、2つのパターンが一致したか否か(すなわち、現在のユーザーが本人であるか否か)の判断が肯定判断となる。この場合、図37の処理はステップS3712へ移行する。 If the vein patterns included in the two data match as a result of the collation, the determination of whether or not the two patterns match (that is, whether or not the current user is the user) is affirmative in step S1812. Judgment. In this case, the process in FIG. 37 proceeds to step S3712.
 ステップS3712において、店頭端末決済部301は、認証成功情報と、S1808において撮像された撮像データとを携帯端末2へ送信する。そして、店頭端末決済部301は、G=0(つまり、認証成功)を保持して認証プロセスサブルーチンを終了する(図37のRETURN)。 In step S3712, the shop terminal payment unit 301 transmits the authentication success information and the imaged data imaged in S1808 to the mobile terminal 2. Then, the storefront terminal payment unit 301 holds G = 0 (that is, authentication success) and ends the authentication process subroutine (RETURN in FIG. 37).
 一方、S3708における照合の結果、2つのデータに含まれる静脈パターンが一致しなかった場合には、ステップS1812の判断は否定判断となる。この場合、図37の処理はステップS3714に移行する。 On the other hand, if the vein patterns included in the two data do not match as a result of the collation in S3708, the determination in step S1812 is negative. In this case, the process in FIG. 37 proceeds to step S3714.
 ステップS3714において、店頭端末3の二次記憶装置34に記録されている変数Iについて、I=6であるか否かの判断が行われる。I=6という値は、図37の処理における生体認証の最大試行回数である第5回目の認証が既に終了していることを意味する。 In step S 3714, it is determined whether or not I = 6 for the variable I recorded in the secondary storage device 34 of the storefront terminal 3. A value of I = 6 means that the fifth authentication, which is the maximum number of biometric authentication attempts in the process of FIG. 37, has already been completed.
 Iが6より小さい場合、ステップS3714の判断は否定判断となる。この場合、図37の処理はステップS3708へ戻る。 If I is smaller than 6, the determination in step S3714 is a negative determination. In this case, the process in FIG. 37 returns to step S3708.
 ステップS1812の判断が肯定判断とならない限り、ステップS3708~S3714の以上の処理が繰り返される。つまり、撮像データとI番目の静脈データとの比較・照合とが繰り返される。ステップS3708で照合が実行されるたびに、ステップS3710において変数Iに1が加算される。 Unless the determination in step S1812 is affirmative, the above processes in steps S3708 to S3714 are repeated. That is, the comparison / collation between the imaging data and the I-th vein data is repeated. Each time collation is executed in step S3708, 1 is added to variable I in step S3710.
 以上の様に処理を繰り返す過程で、I=6が確認された場合、ステップS3714の判断は肯定判断となる。この場合、既に5セットの静脈データの全てについて認証が失敗しており、本実施形態における生体認証の失敗が確定する。 In the process of repeating the process as described above, if I = 6 is confirmed, the determination in step S3714 is an affirmative determination. In this case, authentication has already failed for all five sets of vein data, and biometric authentication failure in this embodiment is confirmed.
 この場合、図37の処理はステップS1822へ移行する。ステップS1822において、店頭端末決済部301は、認証失敗情報を携帯端末2へ送信する。続いてステップS1824において、店頭端末決済部301は、二次記憶装置34に記録されている変数Gに1を代入し、G=1(つまり、認証失敗)を保持して認証プロセスサブルーチンを終了する(図37のRETURN)。 In this case, the processing in FIG. 37 proceeds to step S1822. In step S <b> 1822, the storefront terminal payment unit 301 transmits authentication failure information to the mobile terminal 2. Subsequently, in step S1824, the shop terminal payment unit 301 substitutes 1 for a variable G recorded in the secondary storage device 34, holds G = 1 (that is, authentication failure), and ends the authentication process subroutine. (RETURN in FIG. 37).
 第1実施形態と同様に、図37に示された店頭端末決済部301が実行するサブルーチンは、ステップS3713またはS1822において携帯端末2に認証成功情報または認証失敗情報を送信するとともに、二次記憶装置34に記録されている変数Gについて、G=0(認証成功に対応)またはG=1(認証失敗に対応)を与えて、終了する。 Similar to the first embodiment, the subroutine executed by the storefront terminal settlement unit 301 shown in FIG. 37 transmits authentication success information or authentication failure information to the mobile terminal 2 in step S3713 or S1822, and also uses a secondary storage device. For the variable G recorded in 34, G = 0 (corresponding to authentication success) or G = 1 (corresponding to authentication failure) is given, and the process is terminated.
 一方、携帯端末決済部203は、図38のステップS3802において5つの静脈データを店頭端末3へ送信した後、店頭端末3から認証処理の結果が送信されることを待つ。 On the other hand, after transmitting five vein data to the storefront terminal 3 in step S3802 of FIG. 38, the mobile terminal settlement unit 203 waits for the result of the authentication process to be transmitted from the storefront terminal 3.
 以後の携帯端末決済部203が実行する処理は、図20に示された第1実施形態の処理とほぼ同様であるが、ステップS2006の判断が肯定判断である場合のみ相違する。 The subsequent process executed by the mobile terminal settlement unit 203 is substantially the same as the process of the first embodiment shown in FIG. 20, but is different only when the determination in step S2006 is an affirmative determination.
 すなわち、携帯端末決済部203が所定時間内に店頭端末3から認証成功情報を受信すると、ステップS2006の判断が肯定判断となる。この場合、図38の処理は、ステップS3804に移行する。 That is, when the mobile terminal settlement unit 203 receives the authentication success information from the storefront terminal 3 within a predetermined time, the determination in step S2006 is an affirmative determination. In this case, the processing in FIG. 38 proceeds to step S3804.
 ステップS3804において、携帯端末決済部203は、図37のステップS3712において店頭端末3から送信された撮像データを受信する。なお、説明の都合上図38では認証成功情報の受信と撮像データの受信とが別個のステップとして示されている。しかし、ステップS3712において店頭端末3から送信された認証成功情報と撮像データとは、実際には一度に携帯端末決済部203に受信される。 In step S3804, the mobile terminal settlement unit 203 receives the imaging data transmitted from the storefront terminal 3 in step S3712 of FIG. For convenience of explanation, in FIG. 38, reception of authentication success information and reception of imaging data are shown as separate steps. However, the authentication success information and the imaging data transmitted from the storefront terminal 3 in step S3712 are actually received by the mobile terminal settlement unit 203 at a time.
 続くステップS3806において、携帯端末決済部203は、二次記憶装置24に記録されている5セットの静脈データのうち、登録時期が最も古い1セットを削除し、店頭端末3から受信した撮像データで置き換え、認証プロセスサブルーチンを終了する(図38のRETURN)。 In the following step S3806, the mobile terminal settlement unit 203 deletes one set with the oldest registration time from the five sets of vein data recorded in the secondary storage device 24, and uses the imaging data received from the storefront terminal 3 as the received data. The replacement and authentication process subroutine ends (RETURN in FIG. 38).
 第1実施形態と同様に、図38に示された携帯端末決済部203が実行するサブルーチンは、二次記憶装置24に記録されている変数Hについて、H=0(認証成功に対応)またはH=1(認証失敗に対応)を与えて、終了する。 As in the first embodiment, the subroutine executed by the mobile terminal settlement unit 203 shown in FIG. 38 is H = 0 (corresponding to authentication success) or H for the variable H recorded in the secondary storage device 24. = 1 (corresponding to authentication failure) is given and the process ends.
 なお、認証プロセスサブルーチンの結果として、店頭端末決済部301についてG=0が得られる場合には携帯端末決済部203についてH=0が得られ、店頭端末決済部301についてG=1が得られる場合には携帯端末決済部203についてH=1が得られることも、第1実施形態と同様である。 When G = 0 is obtained for the in-store terminal settlement unit 301 as a result of the authentication process subroutine, H = 0 is obtained for the mobile terminal settlement unit 203, and G = 1 is obtained for the over-the-counter settlement unit 301. As in the first embodiment, H = 1 is obtained for the mobile terminal settlement unit 203.
 さらに、本実施形態の携帯端末2においては、H=0(認証成功に対応)を保持して認証プロセスサブルーチンが終了する場合、二次記憶装置24に記録されている5つの静脈データのうち最も古い1セットが、店頭端末3の生体認証部307で撮像された撮像データに置換されていることに注意されたい。 Furthermore, in the portable terminal 2 of the present embodiment, when H = 0 (corresponding to authentication success) is held and the authentication process subroutine ends, the most of the five vein data recorded in the secondary storage device 24 It should be noted that the old set is replaced with image data captured by the biometric authentication unit 307 of the storefront terminal 3.
 従って、本実施形態の決済処理において生体認証が成功するたびに、携帯端末2の二次記憶装置24に記録されている5セットの静脈データと、口座サーバ1の個別口座領域111に記憶された5セットの静脈データとの間に、不一致が生じる。しかし、この不一致は、本実施形態の決済処理を実行するにあたり問題とはならない。なぜならば、本実施形態の決済処理は、携帯端末2と店頭端末3との間で行われるものであり、口座サーバ1に保持されたデータは介在しないからである。 Therefore, every time biometric authentication succeeds in the settlement processing of this embodiment, 5 sets of vein data recorded in the secondary storage device 24 of the portable terminal 2 and the individual account area 111 of the account server 1 are stored. There is a discrepancy between the 5 sets of vein data. However, this discrepancy does not pose a problem when executing the settlement process of this embodiment. This is because the settlement process of the present embodiment is performed between the mobile terminal 2 and the storefront terminal 3, and data held in the account server 1 is not interposed.
 一方、上記の不一致は、本実施形態のチャージ処理において、図35のステップS3506と図34のステップS3404が実行されることによって、口座サーバ1の特定の個別口座領域111に記録された5セットの静脈データと携帯端末2の二次記憶装置24に記録された5セットの静脈データとが同期されることにより、解消される。 On the other hand, the above-described inconsistency is caused by the execution of step S3506 in FIG. 35 and step S3404 in FIG. 34 in the charge processing of the present embodiment, so that the five sets recorded in the specific individual account area 111 of the account server 1 The vein data and the five sets of vein data recorded in the secondary storage device 24 of the portable terminal 2 are synchronized to eliminate the vein data.
 以上に説明した本開示の第3実施形態に係る決済処理に関し、図39に店頭端末3と携帯端末2との間での情報のやり取りを示すシーケンス図を示す。図39に示した各ステップは、図16~20、37、38中の各ステップに対応する。なお、図示の便宜上、図39では、図27のシーケンス図と同様に、決済処理中に存在する分岐を省略している点に注意されたい。 FIG. 39 is a sequence diagram showing exchange of information between the storefront terminal 3 and the portable terminal 2 regarding the settlement processing according to the third embodiment of the present disclosure described above. Each step shown in FIG. 39 corresponds to each step in FIGS. For convenience of illustration, it should be noted that in FIG. 39, as in the sequence diagram of FIG. 27, branches existing during the settlement process are omitted.
<静脈データの更新>
 以下に、携帯端末2および口座サーバ1における静脈データの更新について改めて説明する。図40に、携帯端末2および口座サーバ1における静脈データの更新関係の一例を示す。 <Update of vein data>
Hereinafter, the update of vein data in the mobile terminal 2 and the account server 1 will be described again. In FIG. 40, an example of the update relationship of the vein data in the portable terminal 2 and the account server 1 is shown.
 口座サーバ1の特定の個別口座領域111には、予め5種類の静脈データが登録されているとする。登録日時は以下の通りである。
  A1:4月2日15時00分登録
  A2:4月2日15時05分登録
  A3:4月2日15時10分登録
  A4:4月5日11時00分登録
  A5:4月5日11時05分登録 It is assumed that five types of vein data are registered in advance in a specific individual account area 111 of the account server 1. The registration date is as follows.
A1: Registration on April 2 at 15:00 A2: Registration on April 2 at 15:05 A3: Registration on April 2 at 15:10 A4: Registration on April 5 at 11:00 A5: Registration on April 5 11:05 registration
 例えば、ユーザーが4月2日に銀行の専用端末などを用いて、ネットワーク4を介して遠隔的に口座サーバ1の特定の個別口座領域111にアクセスしてA1~A3を登録し、4月5日に再び個別口座領域111にアクセスしてA4、A5を登録することが想定される。 For example, the user accesses a specific individual account area 111 of the account server 1 remotely via the network 4 on April 2 using a bank dedicated terminal or the like, and registers A1 to A3. It is assumed that the individual account area 111 is accessed again every day to register A4 and A5.
 4月6日の11時10分に、ユーザーが携帯端末2を口座サーバ1に接続し、第1回目のチャージ処理を行う。チャージ処理が実行される過程で、図34に示されたステップS3404において、口座サーバ1からA1~A5の静脈パターンデータが携帯端末2にダウンロードされ、二次記憶装置24に記録される。 At 11:10 on April 6, the user connects the mobile terminal 2 to the account server 1 and performs the first charging process. In the process of executing the charging process, the vein pattern data of A1 to A5 is downloaded from the account server 1 to the portable terminal 2 and recorded in the secondary storage device 24 in step S3404 shown in FIG.
 次に、4月6日の13時20分に、ユーザーが第1回目の買い物を行い、その対価を携帯端末2にチャージされた財産データを用いた決済により支払う。決済処理が実行される過程で、図38に示されたステップS3806において、携帯端末2の二次記憶装置24から最も古いA1が削除され、代わりに店頭端末3の生体認証部307で撮像された撮像データがA6として携帯端末に登録される。一方、口座サーバ1の対応する個別口座領域111に記録された静脈パターンデータは変わらない。 Next, at 13:20 on April 6, the user performs the first shopping and pays the price by settlement using property data charged in the mobile terminal 2. In the process of executing the payment process, in step S3806 shown in FIG. 38, the oldest A1 is deleted from the secondary storage device 24 of the portable terminal 2 and is imaged by the biometric authentication unit 307 of the storefront terminal 3 instead. The imaging data is registered in the portable terminal as A6. On the other hand, the vein pattern data recorded in the corresponding individual account area 111 of the account server 1 does not change.
 4月8日の15時30分に、口座サーバ1の静脈データが更新される。ユーザーが何らかの機会に口座サーバ1の個別口座領域111にアクセスしてデータB1を登録すること、あるいは、ユーザーが別の携帯端末2aに対してチャージ処理を実行し、この携帯端末2aに記録されていたB1が、図35に示されるステップS3506において新たな個別口座データの1つとして選択されることが想定される。いずれにせよ、新たに静脈パターンデータB1が口座サーバ1に登録され、A1が削除される。一方、携帯端末2の二次記憶装置24に記録された静脈パターンデータは変わらない。 The vein data of the account server 1 is updated at 15:30 on April 8. The user accesses the individual account area 111 of the account server 1 and registers the data B1 at some occasion, or the user executes a charge process for another portable terminal 2a and is recorded in the portable terminal 2a. It is assumed that B1 is selected as one of the new individual account data in step S3506 shown in FIG. In any case, the vein pattern data B1 is newly registered in the account server 1, and A1 is deleted. On the other hand, the vein pattern data recorded in the secondary storage device 24 of the portable terminal 2 does not change.
 4月15日の10時30分に、ユーザーが第2回目の買い物を行い、その対価を携帯端末2にチャージされた財産データを用いた決済により支払う。決済処理が実行される過程で、図38に示されたステップS3806において、携帯端末2の二次記憶装置24から最も古いA2が削除され、代わりに店頭端末3の生体認証部307で撮像された撮像データがA7として携帯端末に登録される。一方、口座サーバ1の対応する個別口座領域111に記録された静脈パターンデータは変わらない。 At 10:30 on April 15, the user performs the second shopping and pays the price by settlement using property data charged in the mobile terminal 2. In the process of executing the payment process, in step S3806 shown in FIG. 38, the oldest A2 is deleted from the secondary storage device 24 of the portable terminal 2, and is imaged by the biometric authentication unit 307 of the storefront terminal 3 instead. The imaging data is registered in the portable terminal as A7. On the other hand, the vein pattern data recorded in the corresponding individual account area 111 of the account server 1 does not change.
 4月15日の15時00分に、ユーザーが携帯端末2を口座サーバ1に接続し、第2回目のチャージ処理を行う。チャージ処理が実行される過程で、図35に示されたステップS3506において、口座サーバ1は、個別口座領域111に記録された5つの静脈データと、携帯端末2の二次記憶装置24に記録されていた5つの静脈データとの各々を比較し、最も登録が新しいものから5セットのデータを選択し、他の5セットのデータを削除する。その結果として、口座サーバ1の個別口座領域111には、新しいものから順にA7、B1、A6、A5、A4が残る。図35に示されたステップS3506において、口座サーバ1はこの情報を携帯端末2に転送し、その結果として図34のステップS3404において、携帯端末2にも同じ内容の5種類の静脈データが残るように同期が実行される At 15:00 on April 15, the user connects the mobile terminal 2 to the account server 1 and performs the second charging process. In the process of executing the charging process, in step S3506 shown in FIG. 35, the account server 1 records the five vein data recorded in the individual account area 111 and the secondary storage device 24 of the portable terminal 2. Each of the five vein data that has been stored is compared, and five sets of data are selected from the most recently registered data, and the other five sets of data are deleted. As a result, A7, B1, A6, A5, and A4 remain in the individual account area 111 of the account server 1 in order from the newest one. In step S3506 shown in FIG. 35, the account server 1 transfers this information to the mobile terminal 2, and as a result, in step S3404 of FIG. Will be synced to
 携帯端末2の他にユーザーが所有している、他の携帯端末2a、2b、2c…に関しても同様の処理が行われる。その結果、ユーザーを特定する生体情報としての静脈データについて、常に最新の静脈データが口座サーバ1に記録され、チャージ処理時に携帯端末2に同期されることになる。 The same processing is performed for the other mobile terminals 2a, 2b, 2c, etc. owned by the user in addition to the mobile terminal 2. As a result, the latest vein data is always recorded in the account server 1 for the vein data as biometric information for specifying the user, and is synchronized with the portable terminal 2 during the charge process.
 なお、ここで記した登録などの日時は、前後関係を示すための一例である。 Note that the date and time of registration described here is an example for showing the context.
 なお、本実施形態では、口座サーバチャージ部101がステップS3502で携帯端末2へ静脈データのリクエストを送信し、ステップS3504で携帯端末2に記録されている5つの静脈データを受信して、ステップS3506で計10個の静脈データの新旧関係を判断して新しい5個の静脈データを残して他は削除する如く構成した。しかし、口座サーバチャージ部101が携帯端末2から静脈データそのものではなく、登録の日付など各静脈データの前後関係を表すデータのみを受信して、それに基づき新旧関係を判断した上で、その後必要な静脈データのみを携帯端末2にリクエストして受信するようにしてもよい。 In this embodiment, the account server charge unit 101 transmits a vein data request to the mobile terminal 2 in step S3502, receives five vein data recorded in the mobile terminal 2 in step S3504, and performs step S3506. Thus, the new and old relationships of the total 10 vein data are judged, the new 5 vein data are left, and the others are deleted. However, the account server charge unit 101 receives not only the vein data itself from the mobile terminal 2 but only the data indicating the anteroposterior relationship of each vein data, such as the registration date, and then determines the new / old relationship based on the data, and then necessary Only the vein data may be requested from the portable terminal 2 and received.
 本実施形態によれば、常に最新の静脈データを用いて生体認証を行うことができるため、決済処理中の生体認証における認証ミスの発生を防止できる。 According to the present embodiment, biometric authentication can always be performed using the latest vein data, so that it is possible to prevent an authentication error from occurring during biometric authentication during settlement processing.
<第4実施形態>
 次に、本開示の第4実施形態について説明する。なお、第1実施形態と同様の構成である部分については、同一符号を付して説明を省略する。 <Fourth embodiment>
Next, a fourth embodiment of the present disclosure will be described. In addition, about the part which is the structure similar to 1st Embodiment, the same code | symbol is attached | subjected and description is abbreviate | omitted.
 上述の第1実施形態から第3実施形態においては、決済処理中の生体認証の結果は、認証成功または認証失敗のいずれかであった。しかし、パターン認識において、2つの画像の比較・照合の結果として類似の度合いを示す類似度を算出することは公知である。      In the first to third embodiments described above, the result of biometric authentication during the settlement process is either authentication success or authentication failure. However, in pattern recognition, it is well known to calculate a similarity indicating the degree of similarity as a result of comparison / collation of two images. .
 本実施形態では、決済プロセス中の生体認証プロセスにおいて、撮像データと静脈データとの類似度が算出され、類似度に応じて認証を行い得る最大試行回数を設定する。 In this embodiment, in the biometric authentication process in the settlement process, the similarity between the imaging data and the vein data is calculated, and the maximum number of trials that can be authenticated is set according to the similarity.
<システムの概要>
 本実施形態においては、第3実施形態と同様に、複数の所定数の静脈データが口座サーバ1の個別口座領域111及び携帯端末2の二次記憶装置24に記録され、これらの複数の静脈データが決済プロセス中の生体認証に利用される。所定数は、一例として5として、以下に説明する。 <System overview>
In the present embodiment, as in the third embodiment, a plurality of predetermined number of vein data is recorded in the individual account area 111 of the account server 1 and the secondary storage device 24 of the portable terminal 2, and the plurality of vein data is recorded. Is used for biometric authentication during the payment process. The predetermined number will be described below as 5 as an example.
 <決済処理>
 本実施形態の決済処理は、第1実施形態の処理に対し、決済処理全体の第2段階である認証プロセスのみが相違する。よって、以下では認証プロセスのみを説明する。 <Payment processing>
The settlement process of this embodiment is different from the process of the first embodiment only in the authentication process that is the second stage of the entire settlement process. Therefore, only the authentication process will be described below.
[認証プロセスサブルーチン] 
 本実施形態の決済処理における認証プロセスは、サブルーチンとして図41に図示されている。図41は店頭端末決済部301が実行する処理プログラムの一例を示すサブルーチンである。 [Authentication process subroutine]
The authentication process in the settlement process of this embodiment is shown in FIG. 41 as a subroutine. FIG. 41 is a subroutine showing an example of a processing program executed by the storefront terminal payment unit 301.
 本実施形態において、携帯端末決済部203が実行する処理プログラムは、図20に示された第1実施形態の認証プロセスサブルーチンと同様である。正確には、本実施形態の携帯端末決済部203が実行する処理プログラムのステップS2004において、携帯端末決済部203は1つではなく5セットの静脈データを店頭端末3へ送信する点が、第1実施形態と異なる。 In this embodiment, the processing program executed by the mobile terminal settlement unit 203 is the same as the authentication process subroutine of the first embodiment shown in FIG. More precisely, in step S2004 of the processing program executed by the mobile terminal settlement unit 203 of the present embodiment, the mobile terminal settlement unit 203 transmits five sets of vein data to the store terminal 3 instead of one. Different from the embodiment.
 図41のステップS4102において、店頭端末決済部301は、二次記憶装置34に記憶される変数Gに0を代入する。なお、第1実施形態について説明した通り、Gは、店頭端末決済部301において認証の成功または失敗を表す2値変数である。 41. In step S4102, the storefront terminal payment unit 301 substitutes 0 for a variable G stored in the secondary storage device 34. As described in the first embodiment, G is a binary variable representing success or failure of authentication in the storefront terminal payment unit 301.
 続いて、店頭端末決済部301は、第1実施形態と同様にステップS1804において、携帯端末2に静脈データのリクエストを送信する。 Subsequently, the storefront terminal payment unit 301 transmits a request for vein data to the mobile terminal 2 in step S1804 as in the first embodiment.
 ステップS4104において、店頭端末決済部301は、携帯端末2から5つの静脈データを受信し、二次記憶装置34に記録する。続いて、図41の処理はステップS1808へ移行する。 In step S4104, the shop terminal payment unit 301 receives five vein data from the portable terminal 2 and records them in the secondary storage device 34. Subsequently, the processing of FIG. 41 proceeds to step S1808.
 ステップS1808において、第1実施形態と同様に、店頭端末決済部301は、生体認証部307において、指ガイド310に接触している接触物を撮像し、撮像データを二次記憶装置34に記録する。その後、図41の処理はステップS4106に移行する。 In step S <b> 1808, as in the first embodiment, the storefront terminal payment unit 301 uses the biometric authentication unit 307 to image a contact object that is in contact with the finger guide 310 and records the image data in the secondary storage device 34. . Thereafter, the processing in FIG. 41 proceeds to step S4106.
 ステップS4106において、店頭端末決済部301は、二次記憶装置34に記憶される変数Iに0を代入する。変数Iの意義は、第3実施形態において説明した通りである。 In step S4106, the shop terminal payment unit 301 substitutes 0 for a variable I stored in the secondary storage device 34. The significance of the variable I is as described in the third embodiment.
 ステップS4108において、店頭端末決済部301は、撮像素子314により撮像された撮像データと、I番目の静脈データとを二次記憶装置34から読み出し、2つのデータに含まれる静脈パターンを比較して類似度を算出するとともに、変数Iに1を加算する。 In step S4108, the storefront terminal settlement unit 301 reads the image data captured by the image sensor 314 and the I-th vein data from the secondary storage device 34, compares the vein patterns included in the two data, and is similar. While calculating the degree, 1 is added to the variable I.
 ここで、本実施形態のステップS4108の実行結果として、第1実施形態から第3実施形態のようにパターンの一致または不一致が得られるのではなく、定量的な類似度が算出されることに注意されたい。一例として、類似度は%で表されるものとして説明する。 Note that, as the execution result of step S4108 of this embodiment, a pattern similarity or a mismatch is not obtained as in the first to third embodiments, but a quantitative similarity is calculated. I want to be. As an example, the description will be made assuming that the similarity is expressed in%.
 ステップS4110において、店頭端末決済部301は、Iが1であるか否かの判断を行う。初回の認証後であれば、ステップS4106においてI=0が代入され、ステップS4108においてIに1が加算されているため、I=1が成り立つ。ステップS4110の判断が肯定判断である場合、図41の処理はステップS4114に移行する。 In step S4110, the shop terminal payment unit 301 determines whether I is 1. If it is after the first authentication, since I = 0 is substituted in step S4106 and 1 is added to I in step S4108, I = 1 holds. If the determination in step S4110 is affirmative, the process in FIG. 41 proceeds to step S4114.
 ステップS4114において、店頭端末決済部301は、ステップS4108の実行結果として得られた類似度が90%以上であるか否かの判断を行う。ステップS4114の判断が肯定判断である場合、図41の処理はステップS1814に移行する。 In step S4114, the shop terminal payment unit 301 determines whether or not the similarity obtained as a result of the execution of step S4108 is 90% or more. If the determination in step S4114 is affirmative, the process in FIG. 41 proceeds to step S1814.
 ステップS1814において、店頭端末決済部301は、認証成功情報を携帯端末2へ送信する。そして、店頭端末決済部301は、G=0(つまり、認証成功)を保持して認証プロセスサブルーチンを終了する(図41のRETURN)。 In step S1814, the storefront terminal payment unit 301 transmits authentication success information to the mobile terminal 2. Then, the storefront terminal payment unit 301 holds G = 0 (that is, authentication success) and ends the authentication process subroutine (RETURN in FIG. 41).
 一方、ステップS4108の実行結果として得られた類似度が90%より小さい場合、ステップS4114の判断は否定判断となる。この場合、図41の処理はステップS4116に移行する。 On the other hand, if the similarity obtained as the execution result of step S4108 is less than 90%, the determination in step S4114 is negative. In this case, the process in FIG. 41 proceeds to step S4116.
 ステップS4116において、店頭端末決済部301は、ステップS4108の実行結果として得られた類似度が60%以上であるか否かの判断を行う。ステップS4116の判断が肯定判断である場合、図41の処理はステップS4120に移行する。 In step S4116, the shop terminal payment unit 301 determines whether the similarity obtained as an execution result of step S4108 is 60% or more. If the determination in step S4116 is affirmative, the process in FIG. 41 proceeds to step S4120.
 ステップS4120において、店頭端末決済部301は、二次記憶装置34に記憶される変数Jに3を代入する。続いて、図41の処理はステップS4126に移行する。 In step S4120, the shop terminal payment unit 301 substitutes 3 for the variable J stored in the secondary storage device. Subsequently, the processing of FIG. 41 proceeds to step S4126.
 変数Jは、本実施形態において認証の最大試行回数を表す自然数である。本実施形態では、静脈データは一例として5セットとしているから、変数Jは6以上の値を取ることは無い。 The variable J is a natural number representing the maximum number of authentication attempts in the present embodiment. In the present embodiment, the vein data is set to 5 sets as an example, and therefore the variable J does not take a value of 6 or more.
 類似度が60%以上かつ90%より小さい場合、生体情報の変化の程度は小さいことが想定される。よって、生体認証は最大で3回行えば十分であると考えられる。 When the degree of similarity is 60% or more and less than 90%, it is assumed that the degree of change in biological information is small. Therefore, it is considered sufficient to perform biometric authentication at most three times.
 一方、ステップS4108の実行結果として得られた類似度が60%より小さい場合、ステップS4116の判断は否定判断となる。この場合、図41の処理はステップS4118に移行する。 On the other hand, if the similarity obtained as a result of the execution of step S4108 is less than 60%, the determination in step S4116 is negative. In this case, the processing in FIG. 41 proceeds to step S4118.
 ステップS4118において、店頭端末決済部301は、ステップS4108の実行結果として得られた類似度が30%以下であるか否かの判断を行う。ステップS4118の判断が否定判断である場合、図41の処理はステップS4122に移行する。 In step S4118, the shop terminal payment unit 301 determines whether the similarity obtained as an execution result of step S4108 is 30% or less. If the determination in step S4118 is a negative determination, the process in FIG. 41 proceeds to step S4122.
 ステップS4122において、店頭端末決済部301は、二次記憶装置34に記憶される変数Jに5を代入する。続いて、図41の処理はステップS4126に移行する。 In step S412, the storefront terminal payment unit 301 substitutes 5 for a variable J stored in the secondary storage device. Subsequently, the processing of FIG. 41 proceeds to step S4126.
 類似度が30%以上かつ60%より小さい場合、生体情報の変化の程度は大きいことが想定される。よって、生体認証は、5セットの静脈データの全てを使用できるように最大で5回行うことができるように設定する。 When the degree of similarity is 30% or more and less than 60%, it is assumed that the degree of change in biological information is large. Therefore, biometric authentication is set so that it can be performed a maximum of five times so that all five sets of vein data can be used.
 一方、ステップS4108の実行結果として得られた類似度が30%より小さい場合、ステップS4118の判断は肯定判断となる。この場合、図41の処理はステップS4128へ移行する。 On the other hand, if the similarity obtained as the execution result of step S4108 is less than 30%, the determination in step S4118 is affirmative. In this case, the process in FIG. 41 proceeds to step S4128.
 類似度が30%より小さい場合、生体情報の変化の程度が大きすぎて有効な認証を行うことができない、または決済処理を実行しているユーザーが本来の所有者ではない、ことが想定される。よって、この場合には認証失敗が確定される。 If the degree of similarity is less than 30%, it is assumed that the degree of change in biometric information is too large to perform effective authentication, or that the user executing the payment process is not the original owner. . Therefore, in this case, authentication failure is confirmed.
 ステップS4128において、店頭端末決済部301は、認証失敗情報を携帯端末2へ送信するとともに、二次記憶装置34に記録されている変数Gに1を代入し、G=1(つまり、認証失敗)を保持して認証プロセスサブルーチンを終了する(図41のRETURN)。 In step S4128, the storefront terminal payment unit 301 transmits the authentication failure information to the mobile terminal 2, and substitutes 1 for a variable G recorded in the secondary storage device 34, so that G = 1 (that is, authentication failure). And the authentication process subroutine is terminated (RETURN in FIG. 41).
 ステップS4126において、店頭端末3の二次記憶装置34に記録されている変数Iについて、I=Jであるか否かの判断が行われる。具体的には、類似度が60%以上かつ90%より小さい場合にはステップS4120においてJは3とされているから、I=3であるか否かの判断が行われる。また、類似度が60%より小さくかつ30%より大きい場合にはステップS4122においてJは5とされているから、I=5であるか否かの判断が行われる。 In step S4126, it is determined whether or not I = J for the variable I recorded in the secondary storage device 34 of the storefront terminal 3. Specifically, when the degree of similarity is 60% or more and less than 90%, J is set to 3 in step S4120, and therefore it is determined whether I = 3. If the degree of similarity is less than 60% and greater than 30%, J is set to 5 in step S4122, and therefore it is determined whether I = 5.
 初回の認証を行った後ではI=1であるから、ステップS4126の判断は否定判断となる。この場合、図41の処理はステップS4108へ戻る。 Since I = 1 after the first authentication, the determination in step S4126 is a negative determination. In this case, the process of FIG. 41 returns to step S4108.
 ステップS4108において2回目以降の認証が実行され、Iに1が加算されるとともに新たに類似度が算出されると、Iは2以上であるから、ステップS4110の判断は否定判断となる。この場合、図41の処理はステップS4112に移行する。 In step S4108, the second and subsequent authentications are executed, and when 1 is added to I and the similarity is newly calculated, since I is 2 or more, the determination in step S4110 is negative. In this case, the process in FIG. 41 proceeds to step S4112.
 ステップS4112において、直近で算出された類似度が80%以上であるか否かの判断が行われる。ステップS4112の判断が肯定判断である場合、図41の処理は上述したステップS1814に移行する。 In step S4112, it is determined whether or not the most recently calculated similarity is 80% or more. If the determination in step S4112 is affirmative, the process in FIG. 41 proceeds to step S1814 described above.
 ステップS4112の判断が肯定判断とならない限り、ステップS4108、S4110、S4112、S4126の処理が繰り返される。つまり、撮像データとI番目の静脈データとを比較して類似度の算出することが繰り返される。ステップS4108において照合が実行されるたびに、変数Iに1が加算される。 Unless the determination in step S4112 is affirmative, the processes in steps S4108, S4110, S4112, and S4126 are repeated. That is, the calculation of the similarity is repeated by comparing the imaging data with the I-th vein data. Each time collation is performed in step S4108, 1 is added to the variable I.
 以上の様に処理を繰り返す過程で、I=Jが確認された場合、ステップS4126の判断は肯定判断となる。この場合、初回の認証において算出された類似度に基づいて設定した最大試行回数の認証が既に完了しており、本実施形態における生体認証の失敗が確定する。 In the process of repeating the process as described above, if I = J is confirmed, the determination in step S4126 is affirmative. In this case, authentication of the maximum number of trials set based on the similarity calculated in the initial authentication has already been completed, and biometric authentication failure in this embodiment is confirmed.
 この場合、図41の処理はステップS4128へ移行する。上述の通り、ステップS4128において、店頭端末決済部301は、認証失敗情報を携帯端末2へ送信するとともに、二次記憶装置34に記録されている変数Gに1を代入し、G=1(つまり、認証失敗)を保持して認証プロセスサブルーチンを終了する(図41のRETURN)。 In this case, the processing in FIG. 41 proceeds to step S4128. As described above, in step S4128, the shop terminal payment unit 301 transmits the authentication failure information to the mobile terminal 2 and substitutes 1 for the variable G recorded in the secondary storage device 34, so that G = 1 (that is, , Authentication failure) and the authentication process subroutine ends (RETURN in FIG. 41).
 第1実施形態と同様に、図41に示された店頭端末決済部301が実行するサブルーチンは、ステップS1814またはS4128において携帯端末2に認証成功情報または認証失敗情報を送信するとともに、二次記憶装置34に記録されている変数Gについて、G=0(認証成功に対応)またはG=1(認証失敗に対応)を与えて、終了する。 Similar to the first embodiment, the subroutine executed by the storefront terminal payment unit 301 shown in FIG. 41 transmits authentication success information or authentication failure information to the mobile terminal 2 in step S1814 or S4128, and also uses a secondary storage device. For the variable G recorded in 34, G = 0 (corresponding to authentication success) or G = 1 (corresponding to authentication failure) is given, and the process is terminated.
 本開示の第4実施形態に係る決済処理において、各装置間での情報のやり取りは、携帯端末2から店頭端末3へ5つの静脈データが送信されることを除けば、図27に示された第1実施形態と同様である。よって、本開示の第4実施形態に係る決済処理に関するシーケンス図は省略する。 In the payment processing according to the fourth embodiment of the present disclosure, the exchange of information between the devices is illustrated in FIG. 27 except that five vein data are transmitted from the mobile terminal 2 to the store terminal 3. This is the same as in the first embodiment. Therefore, the sequence diagram regarding the payment processing according to the fourth embodiment of the present disclosure is omitted.
 本実施形態では、決済プロセス中の生体認証プロセスにおいて、携帯端末2の二次記憶装置24に記録された5セットの静脈データのなかで最新のデータ(つまり、I=1)を用いて算出した初回の類似度に応じて認証を行い得る最大試行回数を設定することにより、効率的な認証を行うことができる。 In the present embodiment, in the biometric authentication process during the settlement process, calculation is performed using the latest data (that is, I = 1) among the five sets of vein data recorded in the secondary storage device 24 of the mobile terminal 2. By setting the maximum number of trials at which authentication can be performed according to the initial similarity, efficient authentication can be performed.
 なお、本願の第1実施形態から第4実施形態においては、決済プロセス中の生体認証プロセスに用いられる生体情報は、金融機関の口座の所有者である個人の所定の手の指の静脈パターンとして説明した。しかし、本開示における生体認証プロセスに用いられる生体情報は、手の指の静脈パターンに限られるものではない。例えば、指の指紋、掌紋、声紋、顔の画像など、個人を特定し本人認証を行うことができる限りにおいて、任意の生体情報を利用することができる。その場合、本開示の店頭端末3は、生体認証部307に代えて、対象とする生体情報に応じて適宜構成された生体認証装置を備える。具体的には、声紋に対する音声認識を実行する音声認証装置、指の指紋、掌紋や顔の画像に対する画像認識を実行する画像認証装置、等である。 In the first to fourth embodiments of the present application, the biometric information used in the biometric authentication process in the settlement process is a finger vein pattern of a predetermined hand of an individual who is an owner of a financial institution account. explained. However, the biometric information used in the biometric authentication process in the present disclosure is not limited to the finger vein pattern of the hand. For example, any biometric information such as a fingerprint of a finger, a palm print, a voice print, and a face image can be used as long as an individual can be identified and authenticated. In that case, the storefront terminal 3 of the present disclosure includes a biometric authentication device appropriately configured according to target biometric information, instead of the biometric authentication unit 307. Specifically, a voice authentication device that performs voice recognition on a voice print, an image authentication device that executes image recognition on a fingerprint of a finger, a palm print, or a face image.
 さらに、本開示の決済プロセス中の認証は、必ずしも生体認証に限られない。例えば、氏名、住所、パスワードなど、個人を特定し本人認証を行うことができる限りにおいて、任意の識別情報を利用することができる。その場合、本開示の店頭端末3は、生体認証部307に代えて、対象とする識別情報に応じて適宜構成された認証装置を備える。具体的には、氏名、住所、パスワードに対する文字列認識を実行する文字列認証装置、等である。 Furthermore, authentication during the settlement process of the present disclosure is not necessarily limited to biometric authentication. For example, any identification information such as name, address, and password can be used as long as an individual can be identified and authenticated. In that case, the storefront terminal 3 according to the present disclosure includes an authentication device appropriately configured according to target identification information, instead of the biometric authentication unit 307. Specifically, a character string authentication apparatus that performs character string recognition for a name, an address, a password, and the like.
1 口座サーバ
2 携帯端末
3 店頭端末
4 ネットワーク
5 人体
14 二次記憶装置
20 CPU
22 一次記憶装置
24 二次記憶装置
26 バス
28 タッチパネル・ディスプレイ
28A タッチパネル
28B ディスプレイ
30 CPU
32 一次記憶装置
34 二次記憶装置
36 バス
38 タッチパネル・ディスプレイ
38A タッチパネル
38B ディスプレイ
42A 外部I/F
42B 外部I/F
44A 外部I/F
44B 外部I/F
101 口座サーバチャージ部
111 個別口座領域
201 携帯端末チャージ部
203 携帯端末決済部
301 店頭端末決済部
306 送受信部
306a ロッド
307 生体認証部
307a 生体認証部
310 指ガイド
311 透明窓
313 レンズ
314 撮像素子
316 スイッチ DESCRIPTION OF SYMBOLS 1 Account server 2 Portable terminal 3 Shop front terminal 4 Network 5 Human body 14 Secondary storage device 20 CPU
22 Primary storage device 24 Secondary storage device 26 Bus 28 Touch panel display 28A Touch panel 28B Display 30 CPU
32 Primary storage device 34 Secondary storage device 36 Bus 38 Touch panel display 38A Touch panel 38B Display 42A External I / F
42B External I / F
44A External I / F
44B External I / F
101 Account Server Charge Unit 111 Individual Account Area 201 Mobile Terminal Charge Unit 203 Mobile Terminal Settlement Unit 301 Store Terminal Settlement Unit 306 Transmit / Receive Unit 306a Rod 307 Biometric Authentication Unit 307a Biometric Authentication Unit 310 Finger Guide 311 Transparent Window 313 Lens 314 Image Sensor 316 Switch

Claims (16)

  1.  ユーザーの本人認証を実行する認証部と、
     前記本人認証が肯定された場合に財産データを受信する第1通信部と、
     を含む、財産データ受信装置。     An authentication unit that performs user authentication,
    A first communication unit that receives property data when the personal authentication is affirmed;
    A property data receiving device.
  2.  前記ユーザーの第1識別データを取得する取得部をさらに含み、
     前記第1通信部は、前記ユーザーの第2識別データをさらに受信するように構成され、
     前記認証部は、取得された前記第1識別データと、受信された前記第2識別データとを用いて前記本人認証を実行する、
     請求項1に記載の財産データ受信装置。     An acquisition unit for acquiring the first identification data of the user;
    The first communication unit is configured to further receive second identification data of the user;
    The authentication unit executes the personal authentication using the acquired first identification data and the received second identification data.
    The property data receiving apparatus according to claim 1.
  3.  前記第1識別データ及び前記第2識別データは、前記ユーザーの生物学的データである、
     請求項2に記載の財産データ受信装置。     The first identification data and the second identification data are biological data of the user.
    The property data receiving apparatus according to claim 2.
  4.  前記生物学的データは、前記ユーザーの身体の特徴を示す人体データである、
     請求項3に記載の財産データ受信装置。     The biological data is human body data indicating physical characteristics of the user.
    The property data receiving apparatus according to claim 3.
  5.  前記人体データは、前記身体における静脈を示す静脈データである、
     請求項4に記載の財産データ受信装置。     The human body data is vein data indicating veins in the body,
    The property data receiving apparatus according to claim 4.
  6.  前記第1通信部は、前記ユーザーの身体の所定部を介して前記人体データとしての前記第2識別データを受信し、
     前記人体データは、前記所定部の近傍部における特徴を示す近傍人体データである、
     請求項4に記載の財産データ受信装置。     The first communication unit receives the second identification data as the human body data via a predetermined part of the user's body,
    The human body data is neighboring human body data indicating characteristics in the vicinity of the predetermined part.
    The property data receiving apparatus according to claim 4.
  7.  前記第1通信部が前記ユーザーの身体の前記所定部に接触することにより、前記取得部は前記所定部の前記近傍人体データとしての前記第1識別データを取得する、
     請求項6に記載の財産データ受信装置。     When the first communication unit comes into contact with the predetermined part of the user's body, the acquisition unit acquires the first identification data as the nearby human body data of the predetermined part.
    The property data receiving apparatus according to claim 6.
  8.  前記第1通信部は、財産データの受信が実行可能でない第1状態と、財産データの送信が実行可能である第2状態との間での切り替えを行う切り替え部を含む、
     請求項1~7のいずれか一項に記載の財産データ受信装置。     The first communication unit includes a switching unit that performs switching between a first state in which reception of property data is not executable and a second state in which transmission of property data is executable.
    The property data receiving apparatus according to any one of claims 1 to 7.
  9.  前記第1通信部は、複数の前記第2識別データを受信し、
     前記認証部は、前記第1識別データと、受信された複数の前記第2識別データとを照合することにより前記本人認証を実行し、
     前記第1通信部は、前記本人認証が成功した場合に、前記第1識別データを送信する、
     請求項2~7に記載の財産データ受信装置。     The first communication unit receives a plurality of the second identification data,
    The authentication unit performs the personal authentication by comparing the first identification data with the plurality of received second identification data,
    The first communication unit transmits the first identification data when the personal authentication is successful.
    The property data receiving apparatus according to any one of claims 2 to 7.
  10.  前記第1通信部は、順序が付けられた複数の前記第2識別データを受信し、
     前記認証部は、前記第1識別データと、受信された複数の前記第2識別データとを照合することにより前記本人認証を実行し、
     前記認証部は、前記第1識別データと第1の前記第2識別データとの照合の結果に基づいて、前記第2識別データのうち何番目までのデータを用いて前記本人認証を行うかを決定する、
     請求項2~7に記載の財産データ受信装置。     The first communication unit receives the plurality of second identification data in order,
    The authentication unit performs the identity authentication by comparing the first identification data with the plurality of received second identification data,
    Based on the result of collation between the first identification data and the first identification data, the authentication unit determines how many of the second identification data are used to perform the personal authentication. decide,
    The property data receiving apparatus according to any one of claims 2 to 7.
  11.  請求項1に記載の財産データ受信装置と通信する財産データ送信装置であって、
     前記本人認証が肯定された場合に前記財産データを送信する第2通信部を含む、
     財産データ送信装置。     A property data transmitting device that communicates with the property data receiving device according to claim 1,
    A second communication unit that transmits the property data when the personal authentication is affirmed;
    Property data transmission device.
  12.  前記財産データを受信する第3通信部をさらに含み、
     前記第3通信部において受信された前記財産データの少なくとも一部は、前記第2通信部において送信される、
     請求項11に記載の財産データ送信装置。     A third communication unit for receiving the property data;
    At least a part of the property data received in the third communication unit is transmitted in the second communication unit;
    The property data transmitting apparatus according to claim 11.
  13.  請求項1~10のいずれか一項に記載の財産データ受信装置と、
     請求項11または12に記載の財産データ送信装置と、
     を含む、財産データ送受信システム。     The property data receiving device according to any one of claims 1 to 10,
    The property data transmitting device according to claim 11 or 12,
    Including property data transmission / reception system.
  14.  ユーザーの本人認証を実行し、
     前記本人認証が肯定された場合に財産データを受信する、
     財産データ受信方法。     Perform user authentication,
    Receiving property data when the identity verification is affirmed;
    Property data reception method.
  15.  店側装置とユーザー側装置とを用いた財産データ送受信方法であって、
     店側装置に、
      ユーザーの第1識別データを取得させ、
      ユーザーの第2識別データをユーザー側装置から受信させ、
      取得された前記第1識別データと、受信された前記第2識別データとを用いてユーザーの本人認証を実行させ、
     ユーザー側装置に、
      財産データと、前記第2識別データとを予め記録させ、
      前記本人認証が肯定された場合に、前記財産データを前記店側装置へ送信させる、
     財産データ送受信方法。     A property data transmission / reception method using a store side device and a user side device,
    In store side equipment,
    Get the user's first identification data,
    Receiving the second identification data of the user from the user side device;
    Using the acquired first identification data and the received second identification data to perform user authentication,
    On the user side device,
    Property data and the second identification data are recorded in advance,
    When the identity authentication is affirmed, the property data is transmitted to the store side device.
    Property data transmission / reception method.
  16.  コンピュータに、
      ユーザーの本人認証を実行し、
      前記本人認証が肯定された場合に財産データを受信する、
     ことを含む処理を実行させる、
     プログラム。     On the computer,
    Perform user authentication,
    Receiving property data when the identity verification is affirmed;
    To execute a process that includes
    program.
PCT/JP2017/022204 2017-06-15 2017-06-15 Property-data transmission/reception system WO2018229949A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2017/022204 WO2018229949A1 (en) 2017-06-15 2017-06-15 Property-data transmission/reception system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2017/022204 WO2018229949A1 (en) 2017-06-15 2017-06-15 Property-data transmission/reception system

Publications (1)

Publication Number Publication Date
WO2018229949A1 true WO2018229949A1 (en) 2018-12-20

Family

ID=64660718

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/022204 WO2018229949A1 (en) 2017-06-15 2017-06-15 Property-data transmission/reception system

Country Status (1)

Country Link
WO (1) WO2018229949A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07271981A (en) * 1994-03-31 1995-10-20 Fujitsu Denso Ltd Update system of dictionary image in fingerprint recognizing device
JP2002074365A (en) * 2000-08-31 2002-03-15 Matsushita Electric Works Ltd Identity authentication system
JP2007188232A (en) * 2006-01-12 2007-07-26 Nippon Telegr & Teleph Corp <Ntt> Biological authentication device and communication device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07271981A (en) * 1994-03-31 1995-10-20 Fujitsu Denso Ltd Update system of dictionary image in fingerprint recognizing device
JP2002074365A (en) * 2000-08-31 2002-03-15 Matsushita Electric Works Ltd Identity authentication system
JP2007188232A (en) * 2006-01-12 2007-07-26 Nippon Telegr & Teleph Corp <Ntt> Biological authentication device and communication device

Similar Documents

Publication Publication Date Title
CN107194699B (en) Payment system, method and device based on biological characteristics and readable storage medium
CN107918913B (en) Bank business processing method, device and system
EP2038227B1 (en) System and method for activating telephone-based payment instrument
CN106355533B (en) Medical passenger display screen and medical system and method
EP1139301A2 (en) An apparatus for identity verification, a system for identity verification, a card for identity verification and a method for identity verification based on identification by biometrics
JP4343459B2 (en) Authentication system and authentication method
US20180268415A1 (en) Biometric information personal identity authenticating system and method using financial card information stored in mobile communication terminal
US11755868B2 (en) Methods and systems for a combined transaction by an assignee on behalf of one or more users
US7765163B2 (en) System and method for conducting secure transactions over a network
KR20030001334A (en) Mobile Terminal Authentication Method and Mobile Terminal
JP6856146B2 (en) Biological data registration support system, biometric data registration support method, program
US20180300730A1 (en) Secure Data Entry Device
WO2019026196A2 (en) Biometric authentication and payment system, payment system, and cash register system
KR20190090732A (en) Method for payment based on biometrics, user equipment and system for payment using the same
CN111178868A (en) Payment verification method and related device
CN109118215B (en) Payment processing method and device and server
CN111210214A (en) Virtual reality payment system and payment method thereof
US20140122267A1 (en) Digital card device and method
KR101187856B1 (en) Mobile phone payment system for using bar code generating algorithm and method thereof
CN113139811A (en) Compound authentication payment method and device and server
WO2018229949A1 (en) Property-data transmission/reception system
KR20090022682A (en) Method and system for providing banking service using behavioral pattern based on keystroke
CN109074585A (en) Method of payment and terminal
JP2021196946A (en) Authentication system and authentication method
KR100362175B1 (en) A portable wireless telecommunication complex terminal with the electronic card function

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17913444

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17913444

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP