WO2023276071A1 - サービス提供システム、サービス提供方法、及びプログラム - Google Patents

サービス提供システム、サービス提供方法、及びプログラム Download PDF

Info

Publication number
WO2023276071A1
WO2023276071A1 PCT/JP2021/024839 JP2021024839W WO2023276071A1 WO 2023276071 A1 WO2023276071 A1 WO 2023276071A1 JP 2021024839 W JP2021024839 W JP 2021024839W WO 2023276071 A1 WO2023276071 A1 WO 2023276071A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
card
user terminal
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2021/024839
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
恭輔 友田
周平 伊藤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rakuten Group Inc
Original Assignee
Rakuten Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rakuten Group Inc filed Critical Rakuten Group Inc
Priority to JP2022529393A priority Critical patent/JP7177303B1/ja
Priority to US17/910,338 priority patent/US12524536B2/en
Priority to PCT/JP2021/024839 priority patent/WO2023276071A1/ja
Priority to TW111120981A priority patent/TWI822087B/zh
Priority to JP2022180513A priority patent/JP7271778B2/ja
Publication of WO2023276071A1 publication Critical patent/WO2023276071A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Definitions

  • the present disclosure relates to a service providing system, a service providing method, and a program.
  • Patent Literature 1 describes a technique for suppressing unauthorized use by a third party by executing login to a service based on a user ID and password input from a user terminal.
  • Patent Document 1 if a third party illegally obtains a user ID and password, the third party may illegally log in from his or her own user terminal using the illegally obtained user ID and password. There is for example, a third party may arbitrarily change settings related to services in order to facilitate unauthorized use from his/her own user terminal. For this reason, as in the technique of Patent Document 1, only authentication at the time of login cannot sufficiently prevent unauthorized use by a third party, and security cannot be improved.
  • One of the purposes of this disclosure is to enhance security.
  • a service providing system is a service providing system that provides a service that can be logged in from each of a plurality of user terminals.
  • authentication means capable of executing a predetermined authentication; setting means for performing settings related to the service based on whether or not the authentication has been executed from the user terminal for each user terminal; providing means for providing the service based on the settings of the user terminal.
  • FIG. 4 is a diagram showing an example of how an IC chip of a card is read by an NFC unit; 2 is a functional block diagram showing an example of functions realized by the service providing system of the first embodiment; FIG. It is a figure which shows the data storage example of a user database. 4 is a flow chart showing an example of processing executed in the first embodiment; FIG. It is a figure which shows an example of the whole structure of the service provision system of 2nd Embodiment. It is a figure which shows an example of the screen displayed on the user terminal of 2nd Embodiment.
  • FIG. 4 is a diagram showing an example of how an IC chip of a card is read by an NFC unit;
  • FIG. 11 is a functional block diagram showing an example of functions realized by the service providing system of the second embodiment;
  • FIG. It is a figure which shows the data storage example of a user database.
  • FIG. 10 is a flow chart showing an example of processing executed in the second embodiment;
  • FIG. 10 is a flow chart showing an example of processing executed in the second embodiment;
  • FIG. 11 is a diagram showing a data storage example of a user database of modification 1-1;
  • FIG. 13 is a diagram showing a data storage example of a user database of modification 1-2;
  • FIG. 11 is a functional block diagram in a modified example according to the second embodiment;
  • FIG. 1 is a diagram showing an example of the overall configuration of a service providing system.
  • the service providing system S includes a server 10 and user terminals 20 .
  • Each of the server 10 and the user terminal 20 can be connected to a network N such as the Internet.
  • the service providing system S only needs to include at least one computer, and is not limited to the example in FIG.
  • a plurality of servers 10 may exist.
  • the server 10 is a server computer.
  • the server 10 includes a control section 11 , a storage section 12 and a communication section 13 .
  • Control unit 11 includes at least one processor.
  • the storage unit 12 includes a volatile memory such as RAM and a nonvolatile memory such as a hard disk.
  • the communication unit 13 includes at least one of a communication interface for wired communication and a communication interface for wireless communication.
  • the user terminal 20 is a computer operated by a user.
  • the user terminal 20 is a smartphone, tablet terminal, wearable terminal, or personal computer.
  • the user terminal 20 includes a control section 21 , a storage section 22 , a communication section 23 , an operation section 24 , a display section 25 , an imaging section 26 and an IC chip 27 .
  • the physical configurations of the control unit 21 and the storage unit 22 are the same as those of the control unit 11 and the storage unit 12, respectively.
  • the physical configuration of the communication unit 23 may be the same as that of the communication unit 13, but the communication unit 23 of the first embodiment further includes an NFC (Near field communication) unit 23A.
  • the NFC unit 23A includes a communication interface for NFC.
  • NFC itself can use various standards, for example, international standards such as ISO/IEC18092 or ISO/IEC21481.
  • the NFC unit 23A includes hardware such as an antenna complying with standards, and realizes, for example, a reader/writer function, a peer-to-peer function, a card emulation function, a wireless charging function, or a combination thereof.
  • the operation unit 24 is an input device such as a touch panel.
  • the display unit 25 is a liquid crystal display or an organic EL display.
  • the imaging unit 26 includes at least one camera.
  • the IC chip 27 is a chip compatible with NFC.
  • the IC chip 27 may be a chip of any standard, for example, a FeliCa (registered trademark) chip, or a so-called Type A or Type B chip in the contactless standard.
  • the IC chip 27 includes hardware such as an antenna conforming to the standard, and stores, for example, information necessary for services used by users.
  • At least one of the programs and data stored in the storage units 12 and 22 may be supplied via the network N.
  • at least one of the server 10 and the user terminal 20 has a reading unit (for example, an optical disk drive or a memory card slot) that reads a computer-readable information storage medium, and an input/output unit for inputting/outputting data with an external device. (eg, a USB port) and/or may be included.
  • a reading unit for example, an optical disk drive or a memory card slot
  • an input/output unit for inputting/outputting data with an external device. (eg, a USB port) and/or may be included.
  • at least one of the program and data stored in the information storage medium may be supplied via at least one of the reading section and the input/output section.
  • the service providing system S of the first embodiment provides services that can be logged in from each of a plurality of user terminals 20 .
  • an administrative service provided by a public institution such as a government office is given as an example of the service. Examples of other services will be described in the second embodiment and modifications.
  • an administrative service is only described as a service.
  • the user terminal 20 is installed with an application of a public institution (hereinafter simply called an application).
  • an application When a user uses the service for the first time, the user registers for use of the service from the application in order to issue a user ID necessary for logging in to the service.
  • FIG. 2 is a diagram showing an example of the flow of usage registration.
  • the display unit 25 displays a registration screen G1 for inputting information required for use registration.
  • the user inputs information such as a desired user ID, password, name, address, telephone number, and personal number of the user in the input form F10.
  • a user ID is information that can uniquely identify a user in a service.
  • a personal number is information that can identify an individual recorded on a personal number card issued by a public institution. In 1st Embodiment, a personal number card is only described as a card.
  • the button B11 When the user selects the button B11, the information entered in the input form F10 is sent to the server 10, and the completion screen G2 indicating that the usage registration is completed is displayed on the display unit 25. After the user registration is completed, the user can use the service from the application. For example, when the user selects the button B ⁇ b>20 , the top screen G ⁇ b>3 of the application is displayed on the display unit 25 . For example, the top screen G3 displays a list of services available from the application. For example, when the user selects the button B30, the display unit 25 displays a use screen G4 for using services such as requesting a certificate and making a reservation at a counter.
  • Possession authentication is authentication using a property possessed only by an authorized person.
  • Possessed items are not limited to cards, and may be arbitrary items.
  • the possession may be an information storage medium or paper.
  • Possessions are not limited to tangible items, and may be intangible items such as electronic data.
  • the user can also use the service without carrying out possession authentication.
  • the services that the user can use are restricted in the state where possession authentication is not executed.
  • the types of services available from this user terminal 20 increase.
  • the service that can be used from the other user terminal 20 is restricted.
  • FIG. 3 is a diagram showing an example of the flow of possession authentication.
  • a start screen G5 for starting possession authentication is displayed on the display unit 25 as shown in FIG.
  • NFC authentication is possession authentication executed by reading information recorded in the IC chip of the card with the NFC unit 23A.
  • Image authentication is possession authentication executed by photographing the card with the photographing unit 26 .
  • NFC authentication and image authentication are not distinguished, they are simply referred to as possession authentication.
  • Fig. 3 shows the flow of NFC authentication.
  • the NFC section 23A is activated, and the reading screen G6 is displayed on the display section 25 for the NFC section 23A to read the information recorded in the IC chip of the card.
  • Possession authentication may be performed at the time of use registration, and in this case, the reading screen G6 may be displayed at the time of use registration.
  • the reading screen G6 is displayed, the user brings the user terminal 20 close to the card that the user owns.
  • FIG. 4 is a diagram showing an example of how the IC chip of the card is read by the NFC unit 23A.
  • the card C1 in FIG. 4 is a fictitious one prepared for explanation of the first embodiment.
  • the NFC section 23A reads information recorded on the IC chip cp.
  • the NFC unit 23A can read arbitrary information in the IC chip cp. In the first embodiment, the case where the NFC unit 23A reads the personal number recorded in the IC chip cp will be described.
  • the user terminal 20 transmits to the server 10 the personal number read from the IC chip cp. Since this personal number is input from the user terminal 20 to the server 10, this personal number is hereinafter referred to as an input personal number.
  • Input in the first embodiment means sending some data to the server 10 .
  • a correct personal number is registered in advance at the time of use registration.
  • this personal number will be referred to as a registered personal number.
  • the personal number When there is no particular distinction between the input personal number and the registered personal number, they may simply be referred to as the personal number.
  • the server 10 receives the input personal number from the user terminal 20. If the user is the valid owner of the card C1, the input personal number and the registered personal number of the logged-in user match. When the input personal number matches the registered personal number of the logged-in user, a success screen G7 indicating that possession authentication has succeeded is displayed on the display unit 25, as shown in FIG. As shown in the success screen G7, the number of services that can be used from the user terminal 20 for which possession authentication has succeeded increases.
  • the display unit 25 displays a failure screen G8 indicating that possession authentication has failed. In this case, the services available from the user terminal 20 remain restricted. The user returns to the reading screen G6 and reads the card C1 again or inquires of the call center. If a third party logs in illegally, the card C1 is not at hand and possession authentication cannot be successful, so services available from the third party's user terminal 20 are restricted.
  • Image authentication is also performed in the same flow.
  • NFC authentication the input personal number is obtained using the NFC unit 23A
  • image authentication the input personal number is obtained using a captured image of the card C1.
  • imaging unit 26 is activated.
  • the photographing unit 26 photographs the card C1.
  • the user terminal 20 transmits the captured image to the server 10 .
  • the server 10 Upon receiving the captured image, the server 10 performs optical character recognition on the captured image to acquire the input personal number.
  • the flow after the input personal number is acquired is the same as NFC authentication.
  • the optical character recognition may be performed at the user terminal 20.
  • the method of acquiring the input personal number from the captured image is not limited to optical character recognition. As this method itself, various known methods can be used. For example, if a code (for example, a bar code or a two-dimensional code) containing the input personal number is formed on the card C1, the input personal number may be acquired using the code photographed in the photographed image. The process of acquiring the input personal number from the code may be executed by the server 10 or by the user terminal 20 .
  • the number of services available from user terminals 20 whose possession authentication has succeeded is greater than the services available from user terminals 20 whose possession authentication has not succeeded. Even if a third party illegally obtains the user ID and password and logs in illegally, the third party does not possess the card C1 and cannot succeed in possession authentication, so available services are limited. Therefore, unauthorized use of the service by a third party is suppressed, and the security of the service is enhanced.
  • details of the first embodiment will be described.
  • FIG. 5 is a functional block diagram showing an example of functions realized by the service providing system S of the first embodiment. Here, functions realized by each of the server 10 and the user terminal 20 will be described.
  • the server 10 implements a data storage unit 100 , an authentication unit 101 , a setting unit 102 and a providing unit 103 .
  • the data storage unit 100 is realized mainly by the storage unit 12 .
  • Each of the authentication unit 101 , the setting unit 102 , and the providing unit 103 is realized mainly by the control unit 11 .
  • the data storage unit 100 stores data necessary for providing services.
  • the data storage unit 100 stores a user database DB1.
  • FIG. 6 is a diagram showing an example of data storage in the user database DB1.
  • the user database DB1 is a database that stores information about users who have completed usage registration.
  • the user database DB1 stores user IDs, passwords, names, addresses, telephone numbers, registered personal numbers, terminal IDs, possession authentication flags, and settings related to services.
  • this setting will be referred to as usage setting.
  • a new record is created in the user database DB1.
  • This record stores the user ID, password, name, address, telephone number, and registered personal number specified at the time of use registration.
  • the registered personal number cannot be changed after use registration. Therefore, even if a third party logs in illegally, the registered personal number cannot be changed without permission.
  • the terminal ID is information that allows the user terminal 20 to be identified. 1st Embodiment demonstrates the case where the server 10 issues terminal ID. A terminal ID is issued based on a predetermined rule. The server 10 issues terminal IDs so as not to overlap with other terminal IDs. An expiration date may be set for the terminal ID. A terminal ID can be issued at any timing. For example, the terminal ID is issued at the timing when the application is started, the timing when the expiration date set in the terminal ID expires, or the timing when the operation for updating the terminal ID is performed.
  • the user terminal 20 can be identified by any information other than the terminal ID.
  • the user terminal 20 is identified by an IP address, information stored in a cookie, an ID stored in a SIM card, an ID stored in the IC chip 27, or individual identification information of the user terminal 20. may Information that can identify the user terminal 20 in some way may be stored in the user database DB1.
  • the terminal ID associated with the user ID is the terminal ID of the user terminal 20 that has logged in with this user ID. Therefore, when a user who is the legitimate owner of a certain user ID logs in from a new user terminal 20, the terminal ID of this user terminal 20 is associated with this user ID. Even if a third party illegally logs in using this user ID, the terminal ID of the third party's user terminal 20 is associated with this user ID.
  • a terminal ID is associated with a possession authentication flag and usage settings.
  • the user ID "taro.yamada123” has been logged in from two user terminals 20, and there are two pairs of possession authentication flag and usage setting.
  • the user ID "hanako.suzuki999” has been logged in from three user terminals 20, and there are three pairs of possession authentication flag and usage setting.
  • the user ID “kimura9876” has been logged in from only one user terminal 20, and there is only one pair of possession authentication flag and usage setting.
  • the possession authentication flag is information indicating whether possession authentication has been executed. For example, a possession authentication flag of "1" indicates that NFC authentication has been performed. The fact that the possession authentication flag is “2" indicates that image authentication has been performed. A possession authentication flag of "0" indicates that possession authentication has not been executed.
  • the initial value of the possession authentication flag is "0" because possession authentication is not executed at the time of use registration.
  • the possession authentication flag changes to "1" or "2". In the case where possession authentication can be executed at the time of use registration, if the user executes possession authentication at the time of use registration, the initial value of the possession authentication flag becomes "1" or "2".
  • the usage settings are settings made by the setting unit 102 described later.
  • the type of service that can be used from the application is indicated as the usage setting.
  • the usage setting with the possession authentication flag “1” or “2” allows more services to be used than the usage setting with the possession authentication flag “0”. It is assumed that the relationship between the presence/absence of possession authentication execution and the usage setting (that is, the relationship between the possession authentication flag and the usage setting) is defined in advance in the data storage unit 100 .
  • the use setting of possession authentication flag "1" or “2” is a setting that allows all services to be used.
  • the use setting of possession authentication flag "0" is a setting that allows only some services to be used.
  • the authentication unit 101 can perform predetermined authentication for each user terminal 20 while logging in to the service from the user terminal 20 .
  • this authentication is possession authentication for confirming whether or not the user possesses a predetermined card C1 using the user terminal 20 will be taken as an example. Therefore, where the possession authentication is explained, it can be read as the predetermined authentication. That is, where NFC authentication or image authentication is described, it can be read as predetermined authentication.
  • the predetermined authentication is authentication that can be executed from the logged-in user terminal 20.
  • the predetermined authentication is not limited to possession authentication using the card C1 as long as it is different from authentication at the time of login.
  • Various authentication methods can be used for predetermined authentication.
  • the predetermined authentication may be possession authentication for confirming belongings other than the card C1.
  • the personal belongings may be arbitrary items that can be identified.
  • the possession may be an identification card other than a card such as a passport, an information storage medium on which some kind of authentication information is recorded, or a piece of paper on which some kind of authentication information is formed.
  • the possession may be an electronic object such as a code containing authentication information.
  • the prescribed authentication is not limited to possession authentication.
  • the predetermined authentication may be knowledge authentication such as password authentication, passcode authentication, PIN authentication, or password authentication. If the predetermined authentication is password authentication, it is assumed that a password different from that used at login is used.
  • the predetermined authentication may be biometric authentication such as face authentication, fingerprint authentication, or iris authentication. In the first embodiment, a case will be described where the predetermined authentication is more secure than the login authentication, but the login authentication may be more secure than the predetermined authentication. Authentication at the time of login is not limited to password authentication, and any authentication method may be used.
  • the card C1 used for possession authentication in the first embodiment includes an input personal number used for possession authentication.
  • the input personal number is electronically recorded in the IC chip cp of the card C1.
  • the input personal number is also formed on the surface of the card C1.
  • a registered personal number that is correct in possession authentication is registered in the user database DB1.
  • Each of the input personal number and the registered personal number is an example of authentication information used at the time of authentication.
  • authentication information corresponding to the authentication method may be used.
  • the authentication information may be a password, passcode, PIN, or password.
  • biometric authentication each piece of authentication information may be a facial photograph, facial features, fingerprint pattern, or iris pattern.
  • the authentication unit 101 acquires from the user terminal 20 the input personal number of the card C1 acquired using the NFC unit 23A.
  • the authentication unit 101 refers to the user database DB1 and determines whether or not the input personal number obtained from the user terminal 20 matches the registered personal number associated with the logged-in user ID. If they match, possession authentication succeeds. If they do not match, possession authentication fails.
  • the authentication unit 101 acquires a photographed image of the card C1 from the user terminal 20.
  • the authentication unit 101 uses optical character recognition to obtain an input personal number from the captured image.
  • the flow of possession authentication after the input personal number is acquired is the same as NFC authentication.
  • the input personal number is printed on the surface of the card C1, but the input personal number may be embossed on the surface of the card C1.
  • the input personal number may be formed on at least one of the front and back sides of the card C1.
  • the service of the first embodiment can be logged in from each of a plurality of user terminals 20 with the same user ID.
  • the authentication unit 101 can perform possession authentication for each user terminal 20 while logging in to the service from the user terminal 20 with the user ID. For example, assume that the user with the user ID “taro.yamada123” in FIG. 6 uses two user terminals 20 . These two user terminals 20 are described as a first user terminal 20A and a second user terminal 20B.
  • the authentication unit 101 can execute possession authentication while logged in to the service with the user ID "taro.yamada123" from the first user terminal 20A.
  • the authentication unit 101 can perform possession authentication while logging in to the service with the same user ID "taro.yamada123" from the second user terminal 20B.
  • the authentication unit 101 can perform possession authentication for each individual user terminal 20 . As described above, it is up to the user to decide whether or not possession authentication is to be executed. That is, the authentication unit 101 does not have to perform possession authentication for all user terminals 20 .
  • the setting unit 102 performs usage setting for each user terminal 20 based on whether possession authentication has been executed from the user terminal 20 .
  • the usage setting is the setting of the usage range of the service.
  • the usage setting can also be said to be a setting of how to use the service.
  • the setting of the type of service that the user can use corresponds to the usage setting.
  • the setting of the time during which the user can use the service corresponds to the usage setting.
  • the usage settings may be set according to the service. Usage settings in application examples of other services will be described later.
  • Whether or not the possession authentication has been executed means whether or not the possession authentication has succeeded.
  • Performing usage settings for each user terminal 20 means performing usage settings so that the user terminal 20 and the usage setting correspond one-to-one (that is, the terminal ID and the usage setting correspond one-to-one). That is.
  • the setting unit 102 differentiates the usage setting of the user terminal 20 for which possession authentication has been performed from the usage setting of the user terminal 20 for which possession authentication has not been performed. It is assumed that each of the usage setting when possession authentication is performed and the usage setting when possession authentication is not performed is defined in advance in data storage unit 100 .
  • the setting unit 102 sets the usage of a certain user terminal 20 so that the use of services from this user terminal 20 is restricted when possession authentication has not been executed from this user terminal 20 .
  • the setting unit 102 performs usage settings for a certain user terminal 20 so that, when possession authentication is executed from a certain user terminal 20, restrictions on the use of services from this user terminal 20 are lifted.
  • a third party may attempt to make usage settings without permission. 20 to restrict the usage settings from being changed.
  • the setting unit 102 permits the user terminal 20 to change the usage setting when possession authentication is executed from the user terminal 20 .
  • the types of available services are restricted before possession authentication is executed. Users can only use some types of services and not others.
  • the setting unit 102 performs usage settings so that when a certain user terminal 20 executes possession authentication, the user terminal 20 can use another type of service.
  • the setting unit 102 performs usage settings for a certain user terminal 20 by storing the usage settings in the user database DB1 in association with the terminal ID of the user terminal 20 .
  • the setting unit 102 determines whether possession authentication has been performed while logged in to the service from the user terminal 20 with the user ID.
  • a combination here means a set or pair of information.
  • a combination of a user terminal 20 and a user ID corresponds to a usage setting on a one-to-one basis.
  • the user terminals 20 and usage settings correspond one-to-many.
  • the user terminals 20 and usage settings are in many-to-one correspondence.
  • the providing unit 103 provides services for each user terminal 20 based on the usage settings of the user terminal 20 .
  • a service means to transmit data related to the service to the user terminal 20, to execute processing related to the service on the server 10 side, or to execute both of them.
  • the service can be said to be provided to the user terminal 20 or to the user of the user terminal 20 .
  • the providing unit 103 provides services for each combination of the user terminal 20 and the user ID based on the usage setting of the combination.
  • the providing unit 103 refers to the user database DB1 and acquires usage settings associated with the combination of the logged-in user terminal 20 and the user ID (that is, the combination of the terminal ID and the user ID).
  • the providing unit 103 generates display data for the top screen G3 that allows selection of the service type indicated in the usage setting.
  • the display data is data for causing the user terminal 20 to display some screen. For example, HTML data, image data in a screen, or the like corresponds to display data.
  • the providing unit 103 provides a service by transmitting the generated display data to the user terminal 20 . Also, the providing unit 103 provides the type of service selected from the top screen G3.
  • the user terminal 20 implements a data storage unit 200 , a display control unit 201 and a reception unit 202 .
  • the data storage unit 200 is implemented mainly by the storage unit 22 .
  • Each of the display control unit 201 and the reception unit 202 is realized mainly by the control unit 21 .
  • the data storage unit 200 stores data required for the processing described in the first embodiment.
  • the data storage unit 200 stores applications.
  • the display control unit 201 causes the display unit 25 to display each screen described with reference to FIGS. 2 and 3 based on the application.
  • the accepting unit 202 accepts a user's operation on each screen.
  • the user terminal 20 transmits the content of the user's operation to the server 10 .
  • FIG. 7 is a flow chart showing an example of processing executed in the first embodiment.
  • the processing shown in FIG. 7 is executed by the control units 11 and 21 operating according to programs stored in the storage units 12 and 22, respectively.
  • This processing is an example of processing executed by the functional blocks shown in FIG. It is assumed that user registration has been completed before this process is executed. It is also assumed that the user terminal 20 stores in advance the terminal ID issued by the server 10 .
  • the user terminal 20 activates the application based on the user's operation and displays the top screen G3 on the display unit 25 (S100).
  • a login may be performed between the server 10 and the user terminal 20 when the application is started. The login may require the user to enter a user ID and password, or the user terminal 20 may store information indicating that the user has logged in in the past, and this information may be used for the login.
  • the server 10 displays the top screen such that the button B30 of the unavailable service cannot be selected based on the usage setting associated with the terminal ID of the user terminal 20 before the login is successful and the top screen G3 is displayed.
  • G3 display data may be generated and transmitted to the user terminal 20 .
  • the user terminal 20 identifies the user's operation based on the detection signal from the operation unit 24 (S101).
  • S101 either the button B30 for using administrative services or the button B31 for carrying out possession authentication is selected. If the user terminal 20 has already executed possession authentication, the button B31 may not be selectable. Note that when the user performs an operation for terminating the application or an operation for shifting the application to the background (S101; end), this processing ends.
  • S101 when the button B30 is selected (S101; B30), a service providing process for providing a service between the server 10 and the user terminal 20 is executed (S102), and this process ends.
  • the server 10 refers to the user database DB ⁇ b>1 and acquires usage settings associated with the user ID of the logged-in user and the terminal ID of the user terminal 20 .
  • the server 10 provides services based on this usage setting.
  • the server 10 receives user operation details from the user terminal 20 and executes processing according to the operation details.
  • the user terminal 20 When the button B31 is selected in S101 (S101; B31), the user terminal 20 causes the display unit 25 to display the start screen G5 (S103). The user terminal 20 identifies the user's operation based on the detection signal from the operation unit 24 (S104). At S104, one of the buttons B50 to B52 is selected. If the button B52 is selected (S104; B52), the process returns to S100.
  • the user terminal 20 activates the NFC unit 23A to display the reading screen G6 on the display unit 25 (S105).
  • the user terminal 20 uses the NFC unit 23A to obtain the input personal number from the IC chip cp of the card C1 (S106), and transmits the input personal number obtained from the card C1 to the server 10 (S107).
  • the server 10 executes possession authentication (S109).
  • the server 10 determines whether or not the input personal number received from the user terminal 20 matches the registered personal number associated with the user ID of the logged-in user and registered in the user database DB1. . Possession authentication succeeds if they match. Possession authentication will fail if these do not match.
  • the server 10 makes usage settings so that the types of available services increase (S110), and this process ends.
  • the server 10 updates usage settings associated with the user ID of the logged-in user and the terminal ID of the logged-in user terminal 20 in the user database DB1. If the possession authentication fails (S109; failure), a predetermined error message is displayed and the process ends. In this case, usage settings are not updated.
  • the user terminal 20 activates the photographing unit 26 to display the photographed image being photographed on the display unit 25 (S111).
  • the user terminal 20 transmits the captured image to the server 10 (S112).
  • the server 10 receives the captured image from the user terminal 20 (S113)
  • the server 10 acquires the input personal number from the captured image using optical character recognition (S114), and proceeds to the process of S109. Also in this case, if possession authentication succeeds, the processing of S110 performs usage settings so that the types of usable services increase.
  • service usage setting is performed based on whether possession authentication has been executed while logged in to the service from the user terminal 20, and the user A service is provided for each terminal 20 based on the usage settings of the user terminal 20 .
  • a third party illegally obtains the user ID and password and illegally logs in from his own user terminal 20, he does not possess the card C1, so possession authentication cannot be executed from this user terminal 20. .
  • by setting the use of the service based on whether or not possession authentication has been executed while logged in to the service from the user terminal unauthorized use by a third party is suppressed and security of the service is enhanced. If the user who possesses the card C1 executes the possession authentication from his/her own user terminal 20, the restrictions on the services available from the user terminal 20 can be lifted, thus increasing the convenience.
  • the service providing system S performs usage settings for each combination of the user terminal 20 and user ID, and provides services based on the usage settings for each combination of the user terminal 20 and user ID. For example, in a service that allows login with the same user ID from each of a plurality of user terminals 20, a third party who illegally obtains the user ID and password can illegally log in from his/her own user terminal 20. FIG. However, since the user terminal 20 of a third party cannot execute possession authentication, unauthorized use by a third party is suppressed, and security in the service is enhanced.
  • the service providing system S uses the user terminal 20 to carry out possession authentication for confirming whether or not the user possesses the card C1, thereby accurately determining whether or not the user is an authorized user. and effectively increase security.
  • An electronic payment service is a service that executes electronic payment using a predetermined payment method.
  • payment means may be credit cards, debit cards, electronic money, electronic cash, points, bank accounts, wallets, or virtual currency.
  • Electronic payment using a code such as a bar code or two-dimensional code is sometimes called code payment, so the code may correspond to payment means.
  • the electronic payment service will be simply referred to as service.
  • the service providing system S provides services using the user's card.
  • a credit card will be described as an example of a card.
  • the card is not limited to a credit card as long as it can be used for electronic payment.
  • the card may be a debit card, a loyalty card, an electronic money card, a cash card, a transportation card, or any other card.
  • the card is not limited to an IC card, and may be a card that does not include an IC chip.
  • the card may be a magnetic card.
  • description of the same points as in the first embodiment is omitted.
  • FIG. 8 is a diagram showing an example of the overall configuration of the service providing system S of the second embodiment.
  • the service providing system S of the second embodiment includes a user terminal 20, an operator server 30, and an issuer server 40.
  • FIG. The service providing system S only needs to include at least one computer, and is not limited to the example of FIG.
  • Each of the user terminal 20, the provider server 30, and the issuer server 40 is connected to the network N.
  • a user terminal 20 is the same as in the first embodiment.
  • the business server 30 is a server computer of a business that provides services.
  • the provider server 30 includes a control section 31 , a storage section 32 and a communication section 33 .
  • Physical configurations of the control unit 31, the storage unit 32, and the communication unit 33 are the same as those of the control unit 11, the storage unit 12, and the communication unit 13, respectively.
  • the issuer server 40 is the server computer of the issuer that issued the credit card.
  • the issuer may be the same as the operator, but in the second embodiment, the issuer is different from the operator.
  • the issuer and business operator may be group companies that can cooperate with each other.
  • Issuer server 40 includes control unit 41 , storage unit 42 , and communication unit 43 . Physical configurations of the control unit 41, the storage unit 42, and the communication unit 43 are the same as those of the control unit 11, the storage unit 12, and the communication unit 13, respectively.
  • At least one of the programs and data stored in the storage units 32 and 42 may be supplied via the network N.
  • at least one of the provider server 30 and the issuer server 40 has a reading unit (for example, an optical disk drive or a memory card slot) that reads a computer-readable information storage medium, and a device for inputting/outputting data with an external device. and/or an input/output unit (eg, a USB port).
  • a reading unit for example, an optical disk drive or a memory card slot
  • an input/output unit eg, a USB port
  • at least one of the program and data stored in the information storage medium may be supplied via at least one of the reading section and the input/output section.
  • the user terminal 20 is installed with an application for electronic payment (hereinafter simply called an application). It is assumed that the user has already registered for use and can log in to the service with a user ID and password. Users can use any payment method from the app.
  • an application for electronic payment
  • a case where a user uses a credit card and electronic cash from an application is taken as an example. Henceforth, a credit card is simply described as a card.
  • FIG. 9 is a diagram showing an example of a screen displayed on the user terminal 20 of the second embodiment.
  • the top screen G9 of the application is displayed on the display unit 25 .
  • a code C90 for electronic payment is displayed on the top screen G9.
  • code C90 is read by a POS terminal or code reader in a store, payment processing is executed based on a preset payment source payment method.
  • a known method can be used for the settlement process itself using the code C90.
  • the card registered under the name "Card 1" is set as the payment source.
  • settlement processing using this card is executed.
  • Users can also charge the app's electronic cash using the card they have set as the payment source.
  • Electronic cash is online electronic money.
  • settlement processing using electronic cash is executed.
  • a new card can be registered from the top screen G9.
  • the display unit 25 displays a registration screen G10 for registering a new card.
  • the user inputs card information such as card number, expiration date, and name holder from the input form F100.
  • a plurality of authentication methods such as NFC authentication, image authentication, and security code authentication are prepared as authentication at the time of card registration.
  • the user can select any authentication method by selecting buttons B101 to B103. It should be noted that authentication at the time of credit card registration may be performed by other authentication methods, for example, an authentication method called 3D secure may be used.
  • the NFC authentication is the same as in the first embodiment, and is executed by reading the card with the NFC section 23A.
  • Image authentication is also the same as in the first embodiment, and is performed by photographing the card with the photographing unit 26 .
  • Security code authentication is executed by entering the security code formed on the back of the card through the operation unit 24 .
  • the security code is information that cannot be known unless the card is in possession. Therefore, in the second embodiment, not only NFC authentication and image authentication, but also security code authentication will be described as an example of possession authentication.
  • Fig. 9 shows the flow of security code authentication.
  • the display unit 25 displays an authentication screen G11 for executing security code authentication.
  • the user terminal 20 sends the card information entered in the input form F100 and the security code entered in the input form F110 to the provider server 30. and send.
  • These card information and security code are hereinafter referred to as input card information and input security code, respectively.
  • the business operator server 30 When the business operator server 30 receives the input card information and the input security code from the user terminal 20, it transfers them to the issuer server 40, and the issuer server 40 executes security code authentication.
  • the card information and security code pre-registered in the issuer server 40 are hereinafter referred to as registered card information and registered security code, respectively.
  • Security code authentication succeeds when the same combination of registered card information and registered security code as the combination of input card information and input security code exists in the issuer server 40 .
  • a completion screen G ⁇ b>12 indicating that card registration is completed is displayed on the display unit 25 of the user terminal 20 . Thereafter, the user can set the registered card as the payment source.
  • the maximum amount that can be used from the application is set for each card.
  • This maximum amount may mean the maximum amount of the card itself (so-called usage limit or limit), but in the second embodiment, it is not the maximum amount of the card itself, but the maximum amount of the application.
  • the maximum amount is the total amount that can be used from the application for a predetermined period (for example, one week or one month).
  • the upper limit amount may be the upper limit amount for one payment process.
  • the card's upper limit varies depending on the possession authentication method performed when the card was registered. The higher the security of the possession verification performed when the card was registered, the higher the maximum amount of this card. For example, the security code may be leaked by phishing or the like, so security code authentication is the lowest security. On the other hand, NFC authentication or image authentication, in principle, cannot be successful unless the physical card C is in possession, so security is assumed to be higher than that of security code authentication.
  • the upper limit is the lowest, 30,000 yen.
  • the upper limit will be 100,000 yen, which is higher than 30,000 yen. After registering the card, the user can also increase the upper limit by performing possession authentication using a high-security authentication method.
  • FIG. 10 is a diagram showing an example of the flow of increasing the maximum amount after card registration.
  • a selection screen G13 for selecting a card for carrying out possession authentication is displayed on the display unit 25 as shown in FIG.
  • a list L130 of registered cards is displayed on the selection screen G13. The user selects a card for possession authentication from the list L130.
  • the user can select any authentication method. For example, when the user selects a card on which security code authentication has been performed, the user can select NFC authentication or image authentication, which have higher security than security code authentication.
  • the user selects the button B131, a reading screen G14 similar to the reading screen G6 is displayed on the display unit 25. FIG. When the reading screen G14 is displayed, the user brings the user terminal 20 close to the card that the user owns.
  • FIG. 11 is a diagram showing an example of how the IC chip of the card is read by the NFC section 23A.
  • a card C2 with an electronic money function is taken as an example.
  • the electronic money on the card C2 may be usable from the application, but in the second embodiment, the electronic money on the card C2 cannot be used from the application. That is, the electronic money on card C2 is different from the electronic cash that can be used from the application.
  • the electronic money on the card C2 is used for possession authentication. That is, in the second embodiment, possession authentication is performed using electronic money in other services that are not directly related to the services provided by the application.
  • An electronic money ID that can identify electronic money is recorded in the IC chip cp.
  • the NFC section 23A reads information recorded on the IC chip cp.
  • the NFC unit 23A can read arbitrary information in the IC chip cp. In the second embodiment, the case where the NFC unit 23A reads the electronic money ID recorded in the IC chip cp will be described.
  • the user terminal 20 transmits the electronic money ID read from the IC chip cp to the business server 30 . Since this electronic money ID is input from the user terminal 20 to the provider server 30, this electronic money ID is hereinafter referred to as an input electronic money ID.
  • the correct electronic money ID is registered in the issuer server 40 . Hereinafter, this electronic money ID will be referred to as a registered electronic money ID.
  • this electronic money ID When the input electronic money ID and the registered electronic money ID are not distinguished from each other, they may simply be referred to as electronic money ID.
  • the operator server 30 transfers the input electronic money ID received from the user terminal 20 to the issuer server 40 .
  • the input card information of the card C2 selected by the user from the list L130 is also transmitted. If the user is the valid owner of the card C2, the same combination of registered card information and registered electronic money ID as the combination of input card information and input electronic money ID is registered in the issuer server 40 .
  • the display unit 25 displays a success screen G15 indicating that possession authentication has succeeded.
  • the success screen G15 when the NFC authentication is executed, the upper limit amount of the card C2 is increased from 30,000 yen to 100,000 yen. If the same combination of registered card information and registered electronic money ID as the combination of input card information and input electronic money ID is not registered in the issuer server 40, possession authentication fails. In this case, a failure screen G16 similar to the failure screen G8 in FIG.
  • Image authentication is also performed in the same flow.
  • NFC authentication the input electronic money ID is acquired using the NFC unit 23A
  • image authentication the input electronic money ID is acquired using a captured image of the card C2.
  • the imaging unit 26 is activated.
  • the photographing unit 26 photographs the card C2.
  • the input electronic money ID is formed on the back surface, but the input electronic money ID may be formed on the front surface.
  • the user terminal 20 transmits the taken image to the operator server 30.
  • the business server 30 receives the captured image, the business server 30 performs optical character recognition on the captured image to acquire the input card information.
  • the flow after the input card information is acquired is similar to NFC authentication.
  • Optical character recognition may be performed at user terminal 20 .
  • the input electronic money ID may be included in a code such as a bar code or two-dimensional code.
  • the information used for possession authentication is not limited to the input electronic money ID.
  • a point ID that can identify points may be used for possession authentication. It is assumed that the point ID is included in card C2.
  • the card number and expiration date of card C2 may be used for possession authentication.
  • some information contained in the card C2 or information associated with this information may be used for possession authentication. good.
  • the maximum amount of the card C2 for which possession authentication has been executed is increased.
  • the maximum amount of the card C2 may be set for each user terminal 20, but in the second embodiment, it is assumed that the maximum amount is not set for each user terminal 20. do.
  • the upper limit amount is set for each user terminal 20 will be described in a modified example described later.
  • the user can register multiple cards C2.
  • the maximum amount of each card C2 is to be increased, it is necessary to perform possession authentication for the number of cards C2.
  • possession authentication such as NFC authentication may not be supported.
  • the user executes possession authentication for one of the plurality of cards C2 and increases the maximum amount, the user's convenience is improved by increasing the maximum amount for the other cards C2 as well. I'm trying to improve my sexuality.
  • details of the second embodiment will be described.
  • FIG. 12 is a functional block diagram showing an example of functions realized by the service providing system S of the second embodiment. Here, functions realized by each of the provider server 30 and the issuer server 40 will be described.
  • the provider server 30 implements a data storage unit 300 , an authentication unit 301 , a setting unit 302 , a comparison unit 303 and a provision unit 304 .
  • Data storage unit 300 is realized mainly by storage unit 32 .
  • Each of the authentication unit 301 , the setting unit 302 , the comparison unit 303 , and the provision unit 304 is realized mainly by the control unit 31 .
  • the data storage unit 300, the authentication unit 301, the setting unit 302, and the provision unit 304 have the functions of the data storage unit 100, the authentication unit 101, the setting unit 102, and the provision unit 103 described in the first embodiment, respectively. Since it is common, points different from the first embodiment will be described.
  • the data storage unit 300 stores data necessary for providing services.
  • the data storage unit stores a user database DB2.
  • FIG. 13 is a diagram showing an example of data storage in the user database DB2.
  • the user database DB2 is a database that stores information about users who have completed usage registration.
  • the user database DB2 stores user IDs, passwords, names, settlement methods of payment sources, registered card information, and electronic cash information.
  • a user registers for use a user ID is issued and a new record is created in the user database DB2. This record stores registered card information and electronic cash information along with the password and name specified at the time of use registration.
  • the registered card information is information related to the card C2 registered by the user.
  • registered card information includes serial numbers for identifying cards among individual users, card numbers, expiration dates, holders, possession authentication flags, and usage settings.
  • the usage setting of the second embodiment is the setting of the upper limit of the card C2 that can be used from the application.
  • Electronic cash information is information about electronic cash that can be used from the app.
  • the electronic cash information includes an electronic cash ID that can identify the electronic cash and the balance of the electronic cash.
  • the electronic cash may be chargeable with the card C2 registered by the user.
  • the setting of the upper limit amount of charge in this case may correspond to the usage setting.
  • Information stored in the user database DB2 is not limited to the example in FIG.
  • the user database DB2 may store a usage history such as the user's usage amount and date and time of usage.
  • the usage history may include information that can identify the payment method used by the user.
  • the authentication unit 301 performs authentication regarding the user's card C2.
  • possession authentication will be described as an example of this authentication. That is, the authentication of the second embodiment is possession authentication for confirming whether or not the user possesses the card C2 by using the user terminal 20 of the user.
  • the card C2 on which possession authentication is executed is an example of a first card. Therefore, the card C2 on which possession authentication is executed is hereinafter referred to as the first card C2.
  • the authentication method for the first card C2 is not limited to possession authentication.
  • the authentication method for the first card C2 may be any authentication method, such as knowledge authentication or biometric authentication. 3D Secure is an example of knowledge authentication. Examples of other authentication methods are as described in the first embodiment.
  • the first card C2 on which possession authentication is executed includes input card information used when using the service and an input electronic money ID that may not be used when using the service.
  • 301 executes possession authentication based on the input electronic money ID.
  • Input card information is an example of first card information. Therefore, the description of the input card information can be read as the first card information.
  • the input electronic money ID is an example of the second card information. Therefore, the description of the input electronic money ID can be read as the second card information.
  • the first card information may be any information related to the first card C2, and is not limited to the combination of card number, expiration date, and holder included in the input card information.
  • the first card information may be either the card number, the expiration date, or the name of the holder.
  • the first card information may be other information contained in the first card C2, such as a security code.
  • the first card information may be a combination of two or more of card number, expiration date, name holder, and security code.
  • the first card information may be information such as the name holder's address, telephone number, date of birth, or e-mail address.
  • the second card information may also be information that may not be used when using the service, and is not limited to the input electronic money ID.
  • the second card information may be an image (face design) such as an illustration, photograph, code, or icon formed on the first card C2, or may be a hologram pattern.
  • the second card information may be a point ID that allows points to be uniquely identified.
  • the second card information may be an ID capable of identifying the IC chip cp.
  • the authentication unit 301 executes NFC authentication, image authentication, or security code authentication, which are one of possession authentications.
  • NFC authentication or image authentication when the authentication unit 301 receives the input card information of the first card C2 and the input electronic money ID from the user terminal 20, the authentication unit 301 sends the input card information of the first card C2 and the input electronic money ID to the issuer server 40. Send the input electronic money ID.
  • security code authentication upon receiving the input card information and the input security code of the first card C2 from the user terminal 20, the authentication unit 301 sends the input card information and the input security code of the first card C2 to the issuer server 40. to send.
  • the authentication unit 301 acquires the comparison result of the comparison unit 401 of the issuer server 40, which will be described later.
  • the authentication unit 301 determines that possession authentication has succeeded when the comparison result is a predetermined result.
  • the authentication unit 301 determines that possession authentication has failed when the comparison result is not a predetermined result.
  • This predetermined result is a result that serves as a criterion for the success or failure of possession authentication.
  • NFC authentication or image authentication the existence of the same combination of registered card information and registered electronic money ID as the combination of input card information and input electronic money ID in the card database DB3 corresponds to the predetermined result.
  • security code authentication the existence of the same combination of registered card information and registered security code as the combination of input card information and input security code in the card database DB3 corresponds to the predetermined result.
  • the predetermined result may not be a complete match between the input card information and the input electronic money ID, but may be a partial match.
  • the predetermined result may not be a complete match between the input card information and the input electronic money ID, but may be a partial match.
  • only partial matching may be required instead of complete matching of the holder.
  • the expiration date and the holder may not be used in the possession authentication, and only the card number may correspond to the input card information.
  • the setting unit 302 performs a second setting, which is a setting regarding the second card of the user associated with the first card C2, when possession authentication is performed.
  • Another card associated with the same user ID as the first card C2 is an example of a second card.
  • the second card C3 is denoted by C3 in order to distinguish it from the first card C2, but the second card C3 is not shown in the drawings.
  • the second card C3 associated with the first card C2 is the second card C3 associated with the same user ID as the first card C2.
  • the first card C2 and the second card C3 may be directly associated instead of using the user ID.
  • the second card C3 is a card for which possession authentication has not been performed.
  • the second card C3 may be a card for which possession authentication can be performed, but possession authentication has not been performed. If the second card C3 is a card capable of carrying out possession authentication, the second card C3 may correspond to the first card C2.
  • the second card C3 is a card that does not support NFC authentication or image authentication.
  • the second card C3 does not include an input electronic money ID used for NFC authentication or image authentication.
  • this IC chip does not contain the input electronic money ID. Even if this IC chip contains some electronic money ID, it is an electronic money ID of other electronic money that is not used in NFC authentication or image authentication. Similarly, even if some electronic money ID is formed on the second card C3, it is an electronic money ID of other electronic money that is not used in NFC authentication or image authentication.
  • NFC authentication or image authentication is an example of a predetermined authentication method executed by the authentication unit 301. Therefore, where NFC authentication or image authentication is described, it can be read as a predetermined authentication method.
  • the predetermined authentication method is not limited to NFC authentication or image authentication.
  • the predetermined authentication method may be any authentication method that the second card C3 does not support. For example, another authentication method such as 3D secure may correspond to the predetermined authentication method.
  • the second card C3 may be a card compatible with a predetermined authentication method. Even in this case, even if the second card C3 is not authenticated by the predetermined authentication method, if the first card C2 is authenticated by the predetermined authentication method, the second card C3 can be authenticated. User convenience is enhanced by increasing the upper limit amount.
  • the second setting is the usage setting when using the service with the second card C3.
  • the meaning of the usage setting is as described in the first embodiment, and is the setting of the usage range or the usage method.
  • the second embodiment a case will be described in which the upper limit amount for the second card C3 corresponds to the second setting, but the second setting may be any other setting.
  • the number of times, frequency, or time period during which the second card C3 can be used may correspond to the second setting.
  • the setting unit 302 performs the second setting so that the upper limit of the second card C3 is increased when possession authentication of the first card C2 is executed.
  • there are a plurality of authentication methods for possession authentication and an upper limit is set for each authentication method. It is assumed that the relationship between the authentication method and the maximum amount is predetermined in the data storage unit 300 .
  • the setting unit 302 performs the second setting of the second card C3 so that the upper limit is set according to the authentication method of the possession authentication executed for the first card C2.
  • the setting unit 302 sets 100,000 yen as the upper limit amount for the second card C3 when NFC authentication or image authentication is performed for the first card C2, and When the security code authentication is executed, 30,000 yen is set as the upper limit of the second card C3.
  • the setting unit 302 performs the first setting regarding the first card C2 when possession authentication is executed.
  • the first setting is a usage setting when using the service with the first card C2.
  • the first setting differs from the second setting in that it is a setting for use of the first card C2, but the content of the setting for use is the same as the second setting. Therefore, in the second embodiment, the case where the upper limit of the first card C2 corresponds to the first setting will be described.
  • the setting unit 302 performs the first setting so that the upper limit of the first card C2 is increased when possession authentication of the first card C2 is executed. Similarly to the second setting, if the setting unit 302 performs the first setting of the first card C2 so that the upper limit is set according to the authentication method of the possession authentication executed for the first card C2. good.
  • the maximum amount of each of the first setting and the second setting is the same.
  • the first setting and the second setting may be performed such that the Conversely, the setting unit 302 may perform the first setting and the second setting such that the upper limit amount of the second card C3 is higher than the upper limit amount of the first card C2.
  • the setting unit 302 does not have to perform the first setting. In this case as well, even if the second card C3 does not support NFC authentication or image authentication, it is possible to increase the upper limit of the second card C3 using the first card C2. increase.
  • the setting unit 302 may perform the second setting for all of the plurality of second cards C3, The second setting may be performed only for some of the second cards C3.
  • the setting unit 302 may perform the second setting based on the comparison result between the first name information and the second name information when possession authentication is performed.
  • the first name information is information about the name of the first card C2.
  • the second name information is information about the name of the second card C3.
  • the first name information indicates the first name holder of the first card C2
  • the second name information indicates the second name holder of the second card C3. do.
  • the setting unit 302 performs the second setting based on the comparison result between the first holder and the second holder when possession authentication is executed.
  • the first holder is a character string indicating the name of the holder of the first card C2.
  • the second holder is a character string indicating the name of the holder of the second card C3.
  • a nominee can be expressed as a string in any language.
  • each of the first name information and the second name information may be information other than the name holder.
  • each of the first name information and the second name information may be the address, telephone number, date of birth, gender, email address, or a combination thereof of the holder, or other personal information. good too.
  • the comparison unit 303 compares the first name information and the second name information. good.
  • the publisher server 40 compares the first name information and the second name information.
  • the setting unit 302 performs the second setting when the comparison result of the first name information and the second name information is a predetermined result.
  • the setting unit 302 does not perform the second setting when the comparison result of the first name information and the second name information is not a predetermined result. In this case, only the first setting may be performed, or the first setting may not be performed.
  • the predetermined result is a result that serves as a reference for whether or not to perform the second setting.
  • a case where matching of the first and second name holders corresponds to the predetermined result will be described. good.
  • matching of a predetermined number or more of information may correspond to the predetermined result.
  • each of the first name information and the second name information includes four pieces of information such as name holder, address, telephone number, and date of birth, it is a predetermined result that two or more pieces of information match. may be equivalent to Note that the match here may be a partial match instead of a complete match.
  • the first holder of the first card C2 (card No. 2) with the user ID "taro.yamada123" and the second holder of the second card C3 (card No. 1) and are both "TARO YAMADA". Therefore, when possession authentication of the first card C2 is executed, the upper limit amount of the first card C2 and the upper limit amount of the second card C3 each become 100,000 yen.
  • the same is true for "HANAKO SUZUKI”. Therefore, when possession authentication of the first card C2 is executed, the upper limit amount of the first card C2 and the upper limit amount of the second card C3 each become 100,000 yen.
  • the second holder of the second card C3 (No. 3 card) is "MIKI OKAMOTO", which is different from the first holder. Therefore, the upper limit of the other second card C3 remains 30,000 yen.
  • the comparison unit 303 compares the first name information regarding the name of the first card C2 and the second name information regarding the name of the second card C3. The comparison here is to determine whether or not they match. For example, the comparison unit 303 compares the first holder and the second holder. The comparison unit 303 refers to the user database DB2, acquires the first name holder and the second name holder, and sends these comparison results to the setting unit 302. FIG. As described above, the first name information and the second name information may be other information.
  • the providing unit 304 provides a service using the second card C3 based on the second setting. For example, the providing unit 304 executes payment processing based on the second card C3 within the range of the upper limit indicated by the second setting. The providing unit 304 restricts the execution of the settlement process based on the second card C3 when the upper limit indicated by the second setting is exceeded.
  • a known process can be used for the settlement process itself. In the case of credit card settlement, it is a process of crediting. In the case of electronic money settlement, the processing is to reduce the balance of electronic money.
  • the provision of services is not limited to payment processing, and may be other processing such as electronic money charging.
  • the providing unit 304 provides services using the first card C2 based on the first settings. For example, the providing unit 304 executes payment processing based on the first card C2 within the upper limit indicated by the first setting. The providing unit 304 restricts the execution of the settlement process based on the first card C2 when the upper limit indicated by the first setting is exceeded.
  • the provision of services is not limited to payment processing, which is the same as the provision of services based on the second setting. It is assumed that the current usage amount of each of the first card C2 and the second card C3 is stored in the user database DB2. These usage amounts are updated when settlement processing is executed.
  • the issuer server 40 implements a data storage unit 400 and a comparison unit 401 .
  • Data storage unit 400 is realized mainly by storage unit 42 .
  • the comparison unit 401 is realized mainly by the control unit 41 .
  • the data storage unit 400 stores data necessary for providing services.
  • the data storage unit 400 stores a card database DB3.
  • FIG. 14 is a diagram showing a data storage example of the card database DB3.
  • the card database DB3 is a database that stores information about the first card C2.
  • the card database DB3 stores user IDs, registered card information, registered security codes, and registered electronic money IDs.
  • the business operator and the issuer are companies of the same group, and the user ID is used in various services provided by this group. The user specifies a user ID when issuing the first card C2.
  • a new record is issued to the card database DB3.
  • This record stores the user ID specified at the time of card issuance, the registered card information of the newly issued first card C2, the registered security code, and the registered electronic money ID.
  • Information about the second card C3 may be stored in the card database DB3.
  • the card database DB3 may also exist for each issuer.
  • User IDs are not stored in the card database DB3 of issuers who are not in the same group as the business.
  • matching between the user ID stored in the user database DB2 and the user ID stored in the card database DB3 may be requested at the time of registration of the first card C2. Alternatively, for example, these matches may be confirmed when possession of the first card C2 is authenticated. Also, the user ID does not have to be designated when the first card C2 is issued. A user ID may not be stored in the card database DB3.
  • the comparison unit 401 compares the input card information and the input electronic money ID with the registered card information and the registered electronic money ID stored in the card database DB3 when NFC authentication or image authentication is executed.
  • the comparison unit 401 transmits these comparison results to the provider server 30 .
  • This comparison result is information indicating whether or not there is a combination of registered card information and registered electronic money ID that is the same as the combination of input card information and input electronic money ID. These comparisons may require an exact match or a partial match.
  • the comparison unit 401 compares the input card information and input security code with the registered card information and registered security code stored in the card database DB3 when security code authentication is executed.
  • This comparison result is information indicating whether or not there is a combination of registered card information and registered security code that is the same as the combination of input card information and input security code. These comparisons may require an exact match or a partial match.
  • the function of the comparison unit 401 may be provided to the provider server 30.
  • the card database DB3 is stored in the data storage unit 300 of the provider server 30.
  • FIG. The business operator server 30 may use the card database DB3 stored in the data storage unit 300 to perform the same processing as the comparison unit 401 .
  • FIGS. 15 and 16 are flow charts showing an example of processing executed in the second embodiment.
  • the processes shown in FIGS. 15 and 16 are executed by the control units 21, 31 and 41 operating according to programs stored in the storage units 22, 32 and 42, respectively.
  • This processing is an example of processing executed by the functional blocks shown in FIG. It is assumed that user registration has been completed before this process is executed.
  • the user terminal 20 activates the app and displays the top screen G9 on the display unit 25 (S200).
  • login may be performed between the provider server 30 and the user terminal 20, as in S100 of the first embodiment.
  • the business server 30 executes settlement processing based on the user database DB2 (S201). If the POS terminal or the like cannot read the code C90, the process of S201 is not executed.
  • the operator server 30 receives the information included in the code C90 from the POS terminal or the like, and based on this information, identifies the user ID of the user who is about to execute the payment process.
  • This information may be the user ID itself, but here, the case where it is information different from the user ID will be described.
  • This information is a temporarily valid ID, and is generated by the provider server 30 at arbitrary timing such as when an application is activated. This information is assumed to be stored in the user database DB2 in association with the user ID.
  • the operator server 30 executes payment processing based on the payment means of the payment source set by the user.
  • the user terminal 20 identifies the user's operation based on the detection signal from the operation unit 24 (S202). In S202, button B91 or button B92 is selected. Note that when the user performs an operation for terminating the application or an operation for shifting the application to the background (S202; end), this processing ends.
  • the user terminal 20 causes the display unit 25 to display the registration screen G10 for registering the first card C2, and accepts input to the input form F100 (S203). ).
  • the user terminal 20 identifies the user's operation based on the detection signal from the operation unit 24 (S204). In S204, selection of the button B101, selection of the button B102, selection of the button B103, or selection of the button B104 is performed. If the button B104 is selected (S204; B104), the process returns to S200.
  • the user terminal 20 activates the NFC unit 23A and displays the reading screen G14 on the display unit 25 (S205).
  • the user terminal 20 uses the NFC unit 23A to acquire the input electronic money ID from the IC chip cp of the first card C2 (S206), and sends the card number, expiration date, and and the input card information including the name holder and the input electronic money ID obtained from the first card C2 are transmitted (S207).
  • the operator server 30 Upon receiving the input card information and the input electronic money ID from the user terminal 20, the operator server 30 transmits the input card information and the input electronic money ID to the issuer server 40 (S208).
  • the issuer server 40 receives the input card information and the input electronic money ID (S209)
  • the issuer server 40 receives the input card information and the input electronic money ID, and the registered card information registered in the card database DB3. and the registered electronic money ID are compared (S210).
  • the issuer server 40 transmits the comparison result in S210 to the business operator server 30 (S211).
  • This comparison result indicates whether or not there is a combination of registered card information and registered electronic money ID that is the same as the combination of input card information and input electronic money ID.
  • the business server 30 executes possession authentication based on the comparison result (S212). In S212, if the comparison result indicates that the above-described combination exists, possession authentication succeeds. If the comparison result indicates that this combination does not exist, possession authentication fails.
  • the business server 30 registers a new first card C2 in the user database DB2, performs first settings for the first card C2 (S213), and restores the registered first card C2.
  • the second setting of the second card C3 is performed (S214).
  • the upper limit amount is set according to the executed possession authentication.
  • 100,000 yen is set as the upper limit of the first card C2.
  • 100,000 yen is set as the upper limit of the second card C3 associated with the user ID of the logged-in user.
  • the operator server 30 refers to the user database DB2 and compares the first holder of the first card C2 with the second holder of the second card C3. If they do not match, the second setting is not performed. If possession authentication fails (S212; failure), a predetermined error message is displayed and the process ends.
  • the user terminal 20 activates the imaging unit 26 and causes the display unit 25 to display the captured image being captured (S215).
  • the user terminal 20 transmits the input card information entered in the input form F100 and the photographed image to the server 10 (S216).
  • the server 10 acquires the input electronic money ID from the captured image using optical character recognition (S217), and proceeds to the process of S208.
  • the user terminal 20 displays the authentication screen G11 on the display unit 25 and accepts the input of the security code (S218).
  • the user terminal 20 transmits the input card information input in the input form F100 and the input security code input in the input form F110 to the provider server 30 (S219).
  • the operator server 30 Upon receiving the input card information and the input security code from the user terminal 20, the operator server 30 transmits the input card information and the input security code to the issuer server 40 (S220). Subsequent processing from S221 to S223 differs from processing from S209 to S211 only in that the security code is used instead of the input electronic money ID for possession authentication, and other points are the same. In this case, the maximum amount set in S213 is the lowest amount. If the upper limit of the second card C3 is higher, the process of S214 is not executed.
  • buttons B131 and B132 may be disabled when the first card C2 for which NFC authentication or image authentication has already been performed is selected.
  • the second setting is performed for the user's second card C3 associated with the first card C2, and based on the second setting, A service using the second card C3 is provided.
  • the second setting of the second card C3 can be performed without carrying out the possession authentication of the second card C3, so the user's convenience when using the second card C3 is enhanced.
  • the possession authentication of the first card C2 can confirm that the logged-in user is highly reliable to some extent.
  • the second setting so as to increase the second card C3, it becomes easier to use the second card C3, thereby enhancing user convenience. Since possession authentication of the first card C2 has been performed and reliability has been confirmed to some extent, the upper limit of the second card C3 is increased, so unauthorized use by a third party is suppressed and security is enhanced.
  • the service providing system S performs a first setting of the first card C2 and provides a service using the first card C2 based on the first setting. Therefore, the convenience for the user when using the first card C2 is enhanced. For example, after confirming that the owner of the first card C2 is the rightful owner by possession authentication of the first card C2, by performing the first setting so as to increase the upper limit of the first card C2, third party Suppresses unauthorized use by users and enhances security.
  • the service providing system S compares the first name information regarding the name of the first card C2 and the second name information regarding the name of the second card C3. Based on the result, the second setting of the second card C3 is performed.
  • the upper limit of the second card C3 may be increased unconditionally, but in this case, there is a possibility of unauthorized use by a third party. be. Specifically, it is assumed that a third party illegally logs in using an illegally obtained user ID and password, registers his/her own first card C2 without permission, and performs possession authentication.
  • the upper limit of the originally registered second card C3 of another person is increased, and there is a possibility that the second card C3 may be used many times illegally while the third party is logged in illegally.
  • the third party can set the upper limit of the originally registered third party's second card C3. cannot be increased, suppressing unauthorized use by a third party and enhancing security.
  • the service providing system S based on the result of comparison between the first holder who is the holder of the first card C2 and the second holder who is the holder of the second card C3, Make the second setting.
  • a third party illegally logs in with an illegally obtained user ID and password, registers his/her own first card C2 without permission, and authenticates possession, even if the third party registers the originally registered second card C2 of another person. Since C3 has a different name, it is possible to prevent an increase in the upper limit of the second card C3 of another person. Therefore, unauthorized use by a third party is suppressed, and security is enhanced.
  • the service providing system S uses the user terminal 20 of the user to perform the possession authentication for confirming whether or not the user possesses the first card C2. Make settings. As a result, whether or not the owner of the first card C2 is the legitimate owner can be easily and reliably confirmed using the user terminal 20, thereby increasing convenience for the user and suppressing unauthorized use by a third party. Increased security.
  • the service providing system S performs possession authentication based on the input electronic money ID that may not be used when using the service. Even if a third party logs in illegally with an illegally obtained user ID and password, they may be able to confirm some information such as a part of the card number, but in principle the input electronic money ID that is not used in the service is I can't confirm. For this reason, the security is effectively enhanced by executing the possession authentication using the input electronic money ID which is in principle unknown to a third party.
  • the service providing system S makes the second setting for the second card C3 that does not support possession authentication, thereby increasing the user's convenience when using the second card C3. Even if the second card C3 does not support possession authentication, the possession authentication can be executed with the first card C2 associated with the same user ID. can also be increased.
  • the service providing system S performs the second setting of the second card C3 so that the upper limit of the second card C3 is increased when the possession authentication of the first card C2 is executed, whereby the electronic settlement service is performed.
  • the service providing system S described in the first embodiment can be applied to any service.
  • an electronic payment service will be described as an example of the service. Details of the electronic payment service are as described in the second embodiment.
  • the electronic payment service will simply be referred to as a service, as in the second embodiment.
  • the processing described in the second embodiment may not be performed. That is, in the modification according to the first embodiment, when the possession authentication of the first card C2 is executed, the process of increasing the upper limit of the second card C3 may not be executed.
  • the first card C2 and the second card C3 described in the second embodiment are referred to as card C when they are not distinguished from each other. The user may register only one card C.
  • FIG. 17 is a functional block diagram of a modification according to the first embodiment.
  • the data storage unit 300, the authentication unit 301, the setting unit 302, and the provision unit 304 are respectively replaced by the data storage unit 100, the authentication unit 101, the setting unit 102, and the provision unit described in the first embodiment. 103 and has the same function.
  • an acquisition unit 305, a first comparison unit 306, a change unit 307, a second comparison unit 308, and a takeover unit 309 are implemented in addition to the functions described in the first embodiment. Each of these functions is realized mainly by the control unit 11 .
  • Modification 1-1 For example, in modification 1-1, the user operates the user terminal 20 to register the card C in the same way as the flow of FIG. 9 described in the second embodiment. Card C, on which NFC authentication or image authentication has been performed, is set to use so that the upper limit is increased. However, Modification 1-1 is different from the second embodiment in that the usage setting for the maximum amount of card C is set for each user terminal 20 .
  • the maximum amount of Card C is increased only in the first user terminal 20A.
  • the cap will remain low. By doing so, even if a third party logs in illegally, the upper limit of the third party's user terminal 20 is low, so illegal use can be suppressed.
  • modification 1-1 functional blocks that are substantially the same as the functional blocks in FIG. 12 described in the second embodiment are implemented, but the details of data and processing are different from those in the second embodiment.
  • the user database DB2 of modification 1-1 is different from that of the second embodiment.
  • the card database DB3 may be the same as in the second embodiment.
  • FIG. 18 is a diagram showing a data storage example of the user database DB2 of modification 1-1.
  • the usage setting of modification 1-1 is the usage setting of the upper limit of the service.
  • each card C associated with the user ID has an upper limit usage setting. Usage settings and exist.
  • the upper limit amount is 100,000 yen when NFC authentication is performed, and the upper limit amount is 70,000 yen when image authentication is performed. They may be the same.
  • the user ID "taro.yamada123" has logged in from two user terminals 20. Therefore, two terminal IDs are associated with this user ID. Since two cards C are associated with this user ID, there are four combinations of card C and terminal ID. Therefore, there are four combinations of the possession authentication flag and the usage setting of the upper limit amount. The same applies to other user IDs, and possession authentication is performed for the number of combinations of the number of user terminals 20 that have logged in with the other user ID and the number of cards C associated with the other user ID. There is a combination of a flag and an upper limit usage setting.
  • the setting unit 302 makes settings for each user terminal 20 so that the maximum amount increases when possession authentication is executed.
  • the setting unit 302 sets the usage so that the maximum amount that can be used from the user terminal 20 for which possession authentication has been executed is increased. Even if the user terminal 20 for which the possession authentication has not been performed logs in with the same user ID as the user terminal 20 for which the possession authentication has been performed, the maximum amount that the user can use does not increase.
  • the maximum amount that can be used from card C is increased when possession authentication of card C is executed has been described, but the maximum amount that can be used from card C may be increased.
  • the upper limit of electronic cash may be increased when possession authentication of card C is executed. If other payment methods such as electronic money or bank accounts are made available from the application, the upper limit of the other payment methods may be increased.
  • Modification 1-1 security is enhanced by setting each user terminal 20 so that the upper limit is increased when possession authentication is executed. For example, even if a third party illegally logs in from his/her own user terminal 20, he/she does not possess the card C and cannot carry out possession authentication. The maximum amount available can be reduced. As a result, unauthorized use by a third party can be suppressed, and the security of the service is enhanced.
  • the possession authentication flag is used to manage whether or not the possession authentication has been executed.
  • the service providing system S of Modification 1-2 includes an acquisition unit 305 that acquires the reliability of each user terminal 20 based on whether possession authentication has been performed.
  • the reliability is information indicating the reliability of the user terminal 20 .
  • Modification 1-2 describes the case where the reliability is expressed by a numerical value, but the reliability may be expressed in other forms such as characters or symbols. It means that the higher the reliability of the user terminal 20 is, the higher the reliability of the user terminal 20 is.
  • FIG. 19 is a diagram showing a data storage example of the user database DB2 of modification 1-2.
  • the reliability of each user terminal 20 is stored in the user database DB2. That is, a reliability is associated with each terminal ID.
  • the acquisition unit 305 sets the reliability so that the reliability of a certain user terminal 20 becomes high when possession authentication is executed from the user terminal 20 .
  • the acquisition unit 305 sets the reliability so that the reliability of a certain user terminal 20 is maximized when NFC authentication is performed from the user terminal 20 .
  • the acquisition unit 305 sets the reliability so that when image authentication is performed from a certain user terminal 20, the reliability of this user terminal 20 is medium.
  • the acquisition unit 305 sets the reliability so that when a certain user terminal 20 executes security code authentication, the reliability of this user terminal 20 is the lowest.
  • the reliability of the user terminal 20 may be changed according to the usage status of the service from the user terminal 20, as in modification 1-6 described later.
  • the acquisition unit 305 increases the reliability of the user terminal 20 as the usage amount or the number of times of usage from the user terminal 20 increases.
  • the content of use from the user terminal 20 is checked by the administrator, and the acquisition unit 305 increases the reliability of the user terminal 20 that has been confirmed to have no problem by the administrator's check.
  • the acquisition unit 305 may increase the reliability of the user terminal 20 as the period during which no problems have been confirmed is longer.
  • the setting unit 302 makes usage settings for each user terminal 20 based on the reliability of the user terminal 20 .
  • the setting unit 302 performs usage settings such that the higher the reliability of the user terminal 20 is, the more restrictions are lifted when using the service from this user terminal 20 .
  • the setting unit 302 sets the upper limit amount so that the higher the reliability of the user terminal 20 is, the higher the upper limit amount from the user terminal 20 is.
  • the setting unit 302 sets the number of times of use from this user terminal 20 to increase as the reliability of the user terminal 20 increases, or The number of times of use or the time of use may be set so that the time of use from 20 is long. It is assumed that the relationship between reliability and usage settings is defined in advance in the data storage unit 300 .
  • more flexible usage settings can be made by making usage settings for each user terminal 20 based on the reliability of the user terminal 20 .
  • unauthorized use by a third party is effectively suppressed, and security is further enhanced.
  • convenience is enhanced by flexible usage settings.
  • Modification 1-3 For example, by combining the first embodiment and the second embodiment, when possession authentication of the first card C2 is executed from a certain user terminal 20, the upper limit amount when using the second card C3 from this user terminal 20 may be increased. In the possession authentication of modification 1-3, it is confirmed whether or not the user possesses the first card C2 associated with the user ID used for logging in to the service. The possession authentication of the first card C2 itself is as described in the second embodiment.
  • the usage setting of Modification 1-3 is a usage setting when using the service with the second card C3 associated with the user ID.
  • the usage setting for the second card C3 is performed based on whether or not possession authentication of the card C2 has been executed.
  • the only difference from the second embodiment is that each user terminal 20 has a usage setting for the second card C3. be.
  • Modified Example 1-3 As described in Modified Example 1-1, there is a usage setting for the upper limit of the second card C3 for each user terminal 20. Therefore, the setting unit 302 performs usage settings so that the upper limit of the second card C3 associated with the terminal ID of the user terminal 20 for which possession authentication has been performed is increased. Even if the user ID is the same, the usage setting of the second card C3 associated with other terminal IDs does not change.
  • the providing unit 304 provides services for each user terminal 20 based on the usage settings of the second card C3 of the user terminal 20 .
  • the service providing method itself is as described in the second embodiment and modification 1-1.
  • the usage setting of the second card C3 is performed, and the user terminal 20 Each time, the service is provided based on the usage setting of the second card C3 of the user terminal 20 concerned.
  • the comparison result of the first name information and the second name information may be the condition as described in the second embodiment.
  • the service providing system S of Modification 1-4 further includes a first comparing section 306 that compares the first name information regarding the name of the first card C2 and the second name information regarding the name of the second card C3.
  • the first comparison section 306 is the same as the comparison section 303 described in the second embodiment. The meaning of each of the first name information and the second name information is also as explained in the second embodiment.
  • each user terminal 20 For each user terminal 20, the setting unit 302 sets a second Set the card C3.
  • each user terminal 20 has a usage setting for the second card C3. be.
  • each of the first name information and the second name information may be information other than the name holder.
  • the second card C3 does not support possession authentication as in the second embodiment. It can be a card.
  • the setting unit 302 sets the second card C3 for which possession authentication has not been performed, based on whether or not possession authentication has been performed from the user terminal 20 of the first card C2.
  • the only difference from the second embodiment is that each user terminal 20 has a usage setting for the second card C3. be.
  • the second card C3 for which possession authentication has not been performed is set based on whether or not the possession authentication of the first card C2 has been performed from the user terminal 20. I do. As a result, for the same reason as in the second embodiment, user convenience and security are improved.
  • the service providing system S of Modification 1-6 includes a changing unit 307 that changes usage settings for each user terminal 20 based on the service usage status from the user terminal 20 .
  • the usage status is information indicating how the service was used. For example, the amount of use, the number of times of use, the frequency of use, the time of use, the location of use, or a combination of these correspond to the usage status.
  • Service usage history is also an example of the usage status. The information on the service usage status is assumed to be stored in the user database DB2, but may be stored in another database.
  • the changing unit 307 changes the usage settings so that the higher the usage amount or the number of times of usage from the user terminal 20, the higher the upper limit of the usage amount for this user terminal 20.
  • the usage content from the user terminal 20 is checked by the administrator, and the changing unit 307 sets the usage setting so that the upper limit of the user terminal 20 that is confirmed to have no problem by the administrator's check is increased.
  • the changing unit 307 may change the usage setting such that the longer the period in which no problems have been confirmed, the higher the maximum charge for the user terminal 20 .
  • the changing unit 307 may change the reliability described in Modification 1-2 based on the usage status of the service.
  • the providing unit 304 provides services for each user terminal 20 based on the usage settings of the user terminal 20 changed by the changing unit 307 .
  • the only difference from the other modifications is that the usage settings changed by the changing unit 307 are used, and the process itself of providing a service based on the usage settings is the same as the other modifications.
  • Modification 1-6 services are provided for each user terminal 20 based on the usage settings of the user terminal 20 changed based on the usage status of the service from the user terminal 20 .
  • usage settings are made based on the user's actual usage status, thereby enhancing user convenience. If the service is set so that it becomes difficult or impossible for a third party who actually uses the service to use the service illegally, illegal use of the service is suppressed and security is improved.
  • a user may issue a plurality of user IDs and use the user IDs differently from one user terminal 20 .
  • it may be possible to log in to services provided by the service providing system S from the same user terminal 20 using each of a plurality of user IDs.
  • the authentication unit 301 can perform possession authentication for each user terminal 20 while logging in to the service from the user terminal 20 with the user ID.
  • the only difference from the first embodiment and other modifications is that it is possible to log in with each of a plurality of user IDs from one user terminal 20, and the processing of the authentication unit 301 is the same.
  • the setting unit 302 makes usage settings for each combination of the user terminal 20 and the user ID based on whether or not authentication has been performed while logging in to the service from the user terminal 20 with the user ID. As described in the first embodiment, there is a usage setting for each combination of user terminal 20 and user ID.
  • the providing unit 304 provides a service for each combination of the user terminal 20 and the user ID based on the usage setting of the combination.
  • the processing of the setting unit 302 and the providing unit 304 is also different from the first embodiment and other modifications in that each of a plurality of user IDs can be logged in from one user terminal 20. Details of the processing itself are Similar
  • usage settings are made based on whether or not authentication has been performed while logging in to the service from the user terminal 20 with the user ID. provide services based on As a result, even if a plurality of user IDs are used from one user terminal 20, the user's convenience is enhanced, and unauthorized use of services is suppressed to enhance security.
  • Modification 1-8 For example, assuming that the plurality of user IDs described in Modified Example 1-7 includes a first user ID and a second user ID, the authentication unit 301 identifies the user terminal 20 logged in to the service with the first user ID. possession authentication can be executed. This possession authentication itself is as described in the first embodiment and other modifications.
  • the setting unit 302 sets the usage setting corresponding to the second user ID that has been used for login from the user terminal 20 when possession authentication of the user terminal 20 logged into the service with the first user ID is executed. may be performed. If possession authentication is executed while logged in with the first user ID, the setting unit 302 has logged in with the second user ID on the same user terminal 20 and has logged in with the second user ID.
  • the usage setting may be made so that the upper limit of the card C associated with the second user ID is increased even if possession authentication is not performed. In this case, the maximum amount of the same card C as the card C for which possession authentication has been executed may be increased, or the maximum amount of another card C may be increased.
  • the providing unit 304 provides the service to the user terminal 20 that has logged in to the service with the second user ID, based on the usage settings corresponding to the second user ID.
  • the only difference from the other modifications is that the usage setting corresponding to the second user ID changed by the possession authentication of the first user ID is used. is the same as the modification of
  • the authentication of the user terminal 20 that has logged in to the service with the first user ID when executed, it corresponds to the second user ID that has been used for login from the user terminal 20. set the usage settings.
  • the service is provided to the user terminal 20 logged in to the service with the second user ID based on the usage setting corresponding to the second user ID.
  • the user can increase the maximum amount of the card C associated with the second user ID without executing the possession authentication while logged in with the second user ID, thereby enhancing user convenience. .
  • the usage setting corresponding to the second user ID may be a condition for performing
  • the service providing system S of Modification 1-9 further includes a second comparison unit 308 that compares the first user information associated with the first user ID and the second user information associated with the second user ID.
  • Each of the first user information and the second user information is information about the user.
  • each of the first user information and the second user information is the user's name, address, phone number, date of birth, gender, email address, or a combination thereof.
  • each of the first user information and the second user information may be other personal information, or may be information that is not called personal information, such as occupation and annual income. It is assumed that each of the first user information and the second user information is stored in the user database DB2.
  • the setting unit 302 determines the usage corresponding to the second user ID based on the comparison result of the first user information and the second user information. Make settings.
  • the setting unit 302 performs usage setting corresponding to the second user ID when the comparison result of the first user information and the second user information is a predetermined result.
  • the setting unit 302 does not perform usage setting corresponding to the second user ID when the comparison result of the first user information and the second user information is not a predetermined result. In this case, only usage setting corresponding to the first user ID may be performed.
  • This predetermined result is a result that serves as a reference for whether or not to perform usage settings corresponding to the second user ID.
  • a case where matching the name indicated by the first user information and the name indicated by the second user information corresponds to a predetermined result will be described. may be equivalent to When a plurality of pieces of information are included in each of the first user information and the second user information, matching of a predetermined number or more of pieces of information may correspond to the predetermined result. Note that the match here may be a partial match instead of a complete match.
  • the second user ID make usage settings corresponding to As a result, the user can increase the maximum amount of the card C associated with the second user ID without executing the possession authentication while logged in with the second user ID, thereby enhancing user convenience.
  • a third party can log in with his/her own user ID while logging in with an illegally obtained user ID, and use his/her own user ID for possession authentication. is executed, the upper limit of the illegally obtained user ID does not increase, so illegal use of the service is suppressed and security is enhanced.
  • a user may change the user terminal 20 that he/she uses due to a model change of a smart phone or the like.
  • the usage setting of the user terminal 20 before change may be handed over in response to possession authentication being executed on the user terminal 20 after change.
  • the second user terminal 20B further includes a takeover unit 309 that takes over the usage settings of the first user terminal 20 . That is, the terminal ID of the second user terminal 20B is different from the terminal ID of the first user terminal 20A, but is associated with the terminal ID of the first user terminal 20A by executing possession authentication on the second user terminal 20.
  • the obtained usage setting is associated with the terminal ID of the second user terminal 20B.
  • the providing unit 304 provides services based on the usage settings handed over to the second user terminal 20B.
  • the only difference from the other modifications is that the usage settings handed over to the second user terminal 20B are used, and the processing itself for providing services based on the usage settings is the same as the other modifications.
  • the usage setting of the first user terminal 20 is handed over to the second user terminal 20 .
  • the usage settings of the first user terminal 20 can be easily handed over, and the user's convenience is enhanced.
  • possession authentication cannot be executed, so that the usage settings are prevented from being illegally taken over, and security is enhanced.
  • FIG. 20 is a functional block diagram in a modification according to the second embodiment. As shown in FIG. 20, in the modified example described below, an acquisition unit 310 is implemented in addition to the functions described in the second embodiment. Acquisition unit 310 is realized mainly by control unit 11 .
  • the upper limit of the second card C3 is The case where the second setting is performed so as to increase the amount has been described.
  • the amount of increase in the maximum amount may be changed according to the degree of matching between the first name information and the second name information.
  • the comparison unit 401 of Modification 2-1 compares the first name information and the second name information and acquires the degree of matching between the first name information and the second name information.
  • the degree of matching is the degree of matching between the first name information and the second name information. For example, when each of the first name information and the second name information is expressed by letters, numbers, or a combination thereof, the number of characters or digits that match between the first name information and the second name information is the degree of matching corresponds to The degree of matching is the number of characters or digits that match between the first name information and the second name information with respect to the total number of characters or total number of digits of the first name information and the second name information, whichever has the greater number of characters or digits. may be a ratio of
  • the setting unit 302 performs the second setting based on the matching degree when possession authentication is executed. For example, the setting unit 302 performs the second setting such that the higher the degree of matching, the more restrictions are lifted when using the service with the second card C3. The setting unit 302 performs the second setting so that the upper limit of the second card C3 increases as the matching degree increases.
  • the setting unit 302 sets the number of times the second card C3 can be used as the degree of matching is higher, or the number of times the second card C3 can be used.
  • the available number of times or the available time may be set so that the available time of the user is longer.
  • modification 2-1 when possession authentication is executed, the second setting is performed based on the degree of matching between the first name information and the second name information, thereby making the second setting more flexible. It can be carried out. As a result, unauthorized use by a third party is effectively suppressed, and security is further enhanced. From the user's point of view, convenience is enhanced by flexible usage settings.
  • the second card C3 is a card that does not support NFC authentication or image authentication has been described.
  • the second card C3 may be capable of other authentication methods such as security code authentication or 3D secure.
  • the authentication unit 301 of modification 2-2 executes possession authentication of the first card C2 based on the first authentication method.
  • NFC authentication or image authentication is an example of the first authentication method.
  • the second card C3 is a card that does not support the first authentication method but supports the second authentication method.
  • Security code authentication or 3D Secure is an example of a second authentication method.
  • the second authentication method is authentication different from the first authentication method.
  • the second authentication method is an authentication method with lower security than the first authentication method, but the second authentication method is an authentication method with higher security than the first authentication method. There may be. Any combination of the first authentication method and the second authentication method may be used.
  • Each of the first authentication method and the second authentication method may be any of the authentication methods previously described.
  • the authentication unit 301 performs authentication regarding the second card C3 based on the second authentication method.
  • the authentication of the second authentication method may or may not be possession authentication. For this reason, in modification 2-2, the authentication of the second authentication method is simply referred to as "authentication” instead of "possession authentication”.
  • the setting unit 302 performs the second setting so that when the authentication of the second card C3 is performed, the use of the service is restricted more than when the possession authentication of the first card C2 is performed.
  • the setting unit 302 performs the second setting such that when the second card C3 is authenticated, the increase in the upper limit is smaller than when the possession authentication of the first card C2 is performed.
  • the setting unit 302 sets the number of times of use to be higher than that of the possession authentication of the first card C2 when the authentication of the second card C3 is performed.
  • the second setting is performed so that the increase in the number of available times or available time is also small.
  • the service quality is higher than when the authentication for the first card C2 is performed.
  • a second setting is made so that the use of is restricted.
  • Modification 2-3 For example, in the service providing system S of the second embodiment, usage setting of the upper limit amount may be performed for each user terminal 20 as in the first embodiment.
  • Modification 2-3 is similar to Modification 1-1, but differs in that the upper limit of the second card C3 is increased when possession authentication of the first card C2 is executed. Since this point corresponds to the configuration of Modification 1-3, Modification 2-3 is the same as Modification 1-3.
  • the authentication unit 301 executes possession authentication based on the authentication information received from the user terminal 20 of the user.
  • the setting unit 302 performs the second setting for each user terminal 20 when possession authentication from the user terminal 20 is executed.
  • the providing unit 304 provides services for each user terminal 20 based on the second setting of the user terminal 20 . These processes may be the same as in modification 1-3.
  • the second setting is performed for each user terminal 20 when possession authentication from the user terminal 20 is executed, and the second setting of the user terminal 20 is performed for each user terminal 20.
  • the authentication unit 301 can perform possession authentication based on an authentication method selected by the user from among multiple types of authentication methods.
  • the setting unit 302 may perform the second setting based on the authentication method selected by the user when possession authentication is performed. For example, when NFC authentication is performed, the amount of increase in the upper limit amount may be larger than when image authentication is performed. It is assumed that the data storage unit 300 defines the relationship between the authentication method and the amount of increase in the upper limit amount (that is, the setting content of the second setting).
  • the setting unit 302 performs the second setting based on the increment associated with the authentication method selected by the user. The more secure the authentication method, the higher the increment.
  • possession authentication is executed based on an authentication method selected by the user from among multiple types of authentication methods, and when authentication of the authentication method selected by the user is executed, A second setting is performed based on the authentication method.
  • the upper limit is relatively low, and when the possession authentication of the authentication method with relatively high security is executed , the upper limit can be set relatively high, and unauthorized use of the service can be suppressed.
  • the service providing system S further includes an acquisition unit 310 that acquires the degree of fraud regarding the user in the service.
  • the degree of fraud is information indicating the degree of fraud or information indicating the degree of suspicion of fraud.
  • Modification 2-5 describes a case where the degree of fraud is represented by a score, but the degree of fraud may be represented by another index.
  • the degree of fraud may be represented by characters such as S rank, A rank, and B rank.
  • the acquisition unit 310 uses a learning model to calculate the degree of fraud.
  • the learning model is a model using machine learning (artificial intelligence).
  • machine learning artificial intelligence
  • various known techniques can be used, for example, techniques such as neural networks or deep learning can be used.
  • the learning model learns the relationship between the action that the user can take and the determined result of whether or not it is fraudulent. Note that an unsupervised machine learning model may be used as the learning model.
  • Behavior is information that indicates how the user used the service.
  • the action can also be said to be the contents of use of the service or the behavior when using the service.
  • the IP address of the user terminal 20, the URL accessed by the user terminal 20, the location of the user terminal 20, and the date and time of access correspond to user behavior.
  • information such as the user's service usage frequency or usage amount also corresponds to the user's behavior.
  • the acquisition unit 310 digitizes the behavior of the user, inputs it to the learning model, and acquires the degree of fraud output from the learning model.
  • the learning model calculates the feature quantity of the input behavior and outputs the degree of fraud according to the feature quantity.
  • the acquisition unit 310 acquires the degree of fraud output from the learning model.
  • the acquisition unit 310 calculates the degree of fraud so that the degree of fraud increases as the IP addresses vary. Further, for example, the acquisition unit 310 calculates the degree of fraud so that the degree of fraud increases as the URLs accessed by users vary. Further, for example, the obtaining unit 310 calculates the degree of fraud so that the degree of fraud increases as the location of access is farther from the center of use or as the location of access varies.
  • the acquisition unit 310 calculates the degree of fraud so that the farther the access date and time are from the average access date and time, or the more the access dates and times vary, the higher the degree of fraud. Further, for example, the acquisition unit 310 calculates the degree of fraud so that the degree of fraud increases as the access frequency is farther from the average access frequency or as the access frequency varies.
  • the degree of fraud may be calculated based on a predetermined method, and is not limited to examples using learning models.
  • the acquisition unit 310 may calculate the user's degree of fraud using a rule that defines the relationship between user behavior and the degree of fraud instead of using a learning model. In this case, the acquisition unit 310 determines whether or not the user's behavior matches the rule. If a rule is matched, it becomes the degree of fraud associated with that rule.
  • the acquisition unit 310 may calculate the degree of fraud by digitizing the user's behavior and substituting it into a predetermined calculation formula.
  • the setting unit 302 makes a second setting based on the degree of fraud when possession authentication is executed. For example, the setting unit 302 performs the second setting such that the lower the degree of fraud, the more restrictions are lifted when using the service with the second card C3. The setting unit 302 performs the second setting such that the lower the degree of fraud, the higher the upper limit of the second card C3.
  • the setting unit 302 sets the number of times the second card C3 can be used increases as the degree of fraud is lower.
  • the available number of times or the available time may be set so that the available time of the user is longer.
  • the second setting is made based on the degree of fraud regarding the user in the service.
  • the maximum amount can be set relatively low, and if the user's degree of fraud is relatively low, the maximum amount can be set relatively high. It becomes possible, and the illegal use of the service can be suppressed.
  • the storage area read by NFC authentication may differ among the storage areas of the IC chip cp of the first card C2 based on the user's degree of fraud. For example, if the IC chip cp includes a first storage area that requires a key for reading by the reading unit and a second storage area that does not require a key for reading by the reading unit, the degree of fraud of the user is If it is equal to or greater than the threshold, the input electronic money ID may be obtained from the first storage area. If the user's degree of fraud is less than the threshold, the input electronic money ID may be acquired from the second storage area. In this case, information indicating whether the input electronic money ID was acquired from the first storage area or the second storage area may be transmitted to the operator server 30, and this information may be confirmed in possession authentication.
  • the NFC unit 23A and the photographing unit 26 may be determined depending on the degree of fraudulent use of the user. For example, it may be determined to use the NFC unit 23A when the degree of fraud is equal to or greater than a threshold, and to use the imaging unit 26 when the degree of fraud is less than the threshold. Conversely, it may be determined to use the imaging unit 26 when the degree of fraud is equal to or greater than the threshold, and to use the NFC unit 23A when the degree of fraud is less than the threshold.
  • the degree of fraud is equal to or greater than the threshold, it is determined to use both the NFC unit 23A and the imaging unit 26, and if the degree of fraud is less than the threshold, either the NFC unit 23A or the imaging unit 26 is used. may be determined to utilize. Information identifying which of the NFC unit 23A and the photographing unit 26 has been determined to be used for authentication may be transmitted to the provider server 30, and this information may be confirmed in possession authentication.
  • the authentication information used for authentication may be determined based on the degree of fraud of the user. For example, the authentication information used in authentication is determined so that the higher the degree of fraud, the more authentication information used in authentication. Further, for example, the authentication information used for authentication is determined so that the lower the degree of fraud, the less the authentication information used for authentication. Further, for example, if the degree of fraud is equal to or greater than the threshold, it is determined to use the first authentication information with a relatively large amount of information, and if the degree of fraud is less than the threshold, it is determined to use the second authentication information with a relatively small amount of information. It is determined.
  • the service may allow multiple second cards C3 to be associated with the first card C2.
  • the number of second cards C3 associated with the first card C2 may be arbitrary for the user. An upper limit may be set for this number.
  • the setting unit 302 performs a second setting based on the number of second cards C3 associated with the first card C2 when possession authentication of the first card C2 is performed. For example, the setting unit 302 performs the second setting such that the smaller the number, the more restrictions are lifted when using the service with the second card C3. The setting unit 302 performs the second setting such that the smaller the number, the larger the upper limit of the second card C3.
  • the setting unit 302 sets the number of times of use of the second card C3 so that the smaller the number, the more times the second card C3 can be used.
  • the available number of times or the available time may be set so that the available time of the user is longer.
  • the service allows the first card C2 to be associated with a plurality of second cards C3, and when authentication is performed, the second cards associated with the first card C2 A second setting is made based on the number of cards C3.
  • the setting unit 302 may perform the second setting based on at least one of the type of the first card C2 and the type of the second card C3 when authentication is performed. For example, if at least one of the first card C2 and the second card C3 is frequently fraudulent, the setting unit 302 performs the second setting such that the maximum amount is low. If at least one of the first card C2 and the second card C3 is a card that has not been used illegally, the setting unit 302 performs the second setting so that the upper limit amount is increased. Further, for example, if at least one of the first card C2 and the second card C3 is a card that has not been used much, the setting unit 302 performs the second setting so that the upper limit amount is low.
  • the setting unit 302 performs the second setting such that the upper limit is increased. Further, for example, if at least one of the first card C2 and the second card C3 is a debit card, the setting unit 302 performs the second setting so that the maximum amount is low. If at least one of the first card C2 and the second card C3 is a credit card, the setting unit 302 makes a second setting such that the upper limit is higher. It is assumed that the relationship between the type of at least one of the first card C2 and the second card C3 and the amount of increase in the upper limit amount (that is, the content of the second setting) is defined in advance in the data storage unit 300. . The setting unit 302 performs the second setting based on the amount of increase associated with at least one of the type of the first card C2 and the type of the second card C3.
  • the second setting is performed based on at least one of the type of the first card C2 and the type of the second card C3. As a result, for example, it is possible to lower the maximum amount when fraudulent transactions of a specific type occur frequently, thereby enhancing security.
  • the service may allow each of the plurality of first cards C2 to be used.
  • the authentication unit 301 may be capable of performing possession authentication for each of the plurality of first cards C2.
  • the execution method of possession authentication for each first card C2 is as described in the second embodiment.
  • the setting unit 302 sets a first setting and a second setting, which are settings related to the first card C2 for which possession authentication is performed, when possession authentication is performed for any one of the plurality of first cards C2. However, it is not necessary to perform the first setting for the first card C2 for which possession authentication has not been performed. That is, assume that a certain user has registered the first card C2A and the first card C2B.
  • the setting unit 302 does not increase the upper limit of the first card C2B when possession authentication of the first card C2A is executed. Since the first card C2B is a card for which possession authentication can be performed, possession authentication of the first card C2B must be performed in order to increase the upper limit of the first card C2B. The flow of increasing the upper limit amount when possession authentication of the first card C2B is executed is as described in the second embodiment.
  • the first setting is not performed for the first cards C2 for which the possession authentication has not been executed.
  • the execution of possession authentication of the first card C2 will prevent the increase of all upper limits. prevent and increase security.
  • Modification 2-9 For example, as in modification 2-8, when the authentication unit 301 can execute possession authentication for each of the plurality of first cards C2, the setting unit 302 determines whether possession authentication for each of the plurality of first cards C2 is performed. A second setting may be made such that, upon each success, the restrictions on the use of the service are lifted. For example, assume that three cards, a first card C2A, a first card C2B, and a second card C3, are registered for a given user ID. The setting unit 302 sets the upper limit amount of the second card C3 from 30,000 yen to 70,000 yen when possession authentication of the first card C2A is executed.
  • the setting unit 302 changes the upper limit amount of the second card C3 from 70,000 yen to 100,000 yen when possession authentication of the second card C3B is further executed. In this way, the setting unit 302 may perform the second setting such that the upper limit of the second card C3 is gradually increased each time the possession authentication of each of the plurality of first cards C2 is successful.
  • the second setting is performed so that the restriction on the use of the service is lifted each time the possession authentication of each of the plurality of first cards C2 is executed.
  • the upper limit of the second card C3 it is possible to prevent the upper limit of the second card C3 from being excessively increased at once, and to increase the upper limit when the possession authentication of each of the plurality of first cards C2 is executed and they are reliable. , increases security.
  • the service providing system S can be applied to any service other than administrative services and electronic payment services.
  • the service providing system S can be applied to other services such as electronic commerce services, travel reservation services, communication services, financial services, insurance services, auction services, or SNS.
  • predetermined authentication such as possession authentication
  • This user The usage setting of the terminal 20 may be performed. This usage setting corresponds to each service, such as the amount that can be purchased in one order, the frequency of purchase, the time of purchase, the number of facilities that can be reserved, the number of base stations that can be used, or the amount that can be remitted. Anything is fine.
  • the service providing system S of the second embodiment is applied to other services, it is sufficient to set the use of a card for which predetermined authentication such as possession authentication has not been performed.
  • the card used for possession authentication may be an insurance card, driver's license, membership card, or student ID card.
  • the card used for possession authentication may be an electronic card (virtual card) instead of a physical card.
  • the card used for possession authentication fails, manual determination by an administrator may be performed.
  • the possession authentication corresponding to a certain card number fails a predetermined number of times, the card number may be restricted so that no further possession authentication is performed. In this case, the card may be restricted from being registered in the application unless permitted by the administrator.
  • the possession authentication may be executed by reading the information storage medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Transfer Between Computers (AREA)
  • Circuits Of Receivers In General (AREA)
  • Telephonic Communication Services (AREA)
  • Stored Programmes (AREA)
PCT/JP2021/024839 2021-06-30 2021-06-30 サービス提供システム、サービス提供方法、及びプログラム Ceased WO2023276071A1 (ja)

Priority Applications (5)

Application Number Priority Date Filing Date Title
JP2022529393A JP7177303B1 (ja) 2021-06-30 2021-06-30 サービス提供システム、サービス提供方法、及びプログラム
US17/910,338 US12524536B2 (en) 2021-06-30 2021-06-30 Service providing system, service providing method and program
PCT/JP2021/024839 WO2023276071A1 (ja) 2021-06-30 2021-06-30 サービス提供システム、サービス提供方法、及びプログラム
TW111120981A TWI822087B (zh) 2021-06-30 2022-06-07 服務提供系統、服務提供方法及程式產品
JP2022180513A JP7271778B2 (ja) 2021-06-30 2022-11-10 サービス提供システム、サービス提供方法、及びプログラム

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/024839 WO2023276071A1 (ja) 2021-06-30 2021-06-30 サービス提供システム、サービス提供方法、及びプログラム

Publications (1)

Publication Number Publication Date
WO2023276071A1 true WO2023276071A1 (ja) 2023-01-05

Family

ID=84144807

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/024839 Ceased WO2023276071A1 (ja) 2021-06-30 2021-06-30 サービス提供システム、サービス提供方法、及びプログラム

Country Status (4)

Country Link
US (1) US12524536B2 (https=)
JP (1) JP7177303B1 (https=)
TW (1) TWI822087B (https=)
WO (1) WO2023276071A1 (https=)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3145428A1 (fr) * 2023-01-27 2024-08-02 Smart Packaging Solutions Système pour l’identification d’un individu porteur d’un document nominatif et porteur d’une carte à puce.

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7454903B1 (ja) * 2024-01-19 2024-03-25 しるし株式会社 電子商取引サイトの管理装置
JP7683058B1 (ja) * 2024-01-29 2025-05-26 楽天グループ株式会社 決済システム、表示制御方法、及びプログラム
JP2026040438A (ja) * 2024-08-21 2026-03-09 データシステム株式会社 システム、方法、及びサーバ装置
JP7780683B1 (ja) * 2025-04-10 2025-12-04 株式会社Nttドコモ 電子決済プログラム

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006252110A (ja) * 2005-03-10 2006-09-21 Oki Electric Ind Co Ltd 金融取引システム
JP2017041001A (ja) * 2015-08-18 2017-02-23 株式会社日本総合研究所 インターネットバンキングの資金移動用端末のプログラム、資金移動方法、及びキャッシュカード
WO2020203744A1 (ja) * 2019-03-29 2020-10-08 グローリー株式会社 認証システム及び認証方法

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003016397A (ja) 2001-04-23 2003-01-17 Sony Corp データ処理システム、メモリデバイス、データ処理装置、およびデータ処理方法、並びにプログラム
TWI389534B (zh) * 2007-09-26 2013-03-11 Via Tech Inc 單一登錄系統與方法及其電腦可讀取媒體
JP2010277498A (ja) 2009-06-01 2010-12-09 Sumitomo Mitsui Card Co Ltd カード作成装置、携帯型通信端末装置、カード作成方法およびカード作成プログラム
JP5269221B1 (ja) 2012-02-29 2013-08-21 楽天株式会社 情報処理装置、情報処理方法、情報処理プログラム及び記録媒体
CN102694704B (zh) * 2012-05-08 2015-07-15 北京邮电大学 一种家庭网关及其区分用户身份的方法
JP6050625B2 (ja) * 2012-06-28 2016-12-21 サターン ライセンシング エルエルシーSaturn Licensing LLC 情報処理装置及び情報処理方法、コンピューター・プログラム、並びに情報通信システム
US8984582B2 (en) * 2012-08-14 2015-03-17 Confidela Ltd. System and method for secure synchronization of data across multiple computing devices
TWI527419B (zh) * 2013-03-18 2016-03-21 Chunghwa Telecom Co Ltd Method and System of Integrating Backend Service Authentication with Proxy Servo
US9350717B1 (en) * 2013-09-23 2016-05-24 Amazon Technologies, Inc. Location service for user authentication
US9998448B2 (en) * 2013-11-05 2018-06-12 Cable Television Laboratories, Inc. Delegating authorizations
US9332008B2 (en) * 2014-03-28 2016-05-03 Netiq Corporation Time-based one time password (TOTP) for network authentication
US10943237B2 (en) * 2014-12-31 2021-03-09 Paypal, Inc. Authentication device that enables transactions with a payment instrument
US11526885B2 (en) * 2015-03-04 2022-12-13 Trusona, Inc. Systems and methods for user identification using graphical barcode and payment card authentication read data
CN106664313B (zh) * 2015-11-03 2020-03-31 任少华 认证中心的系统或方法
US20170142589A1 (en) * 2015-11-18 2017-05-18 Samsung Electronics Co., Ltd Method for adjusting usage policy and electronic device for supporting the same
US10708268B2 (en) * 2017-07-31 2020-07-07 Airwatch, Llc Managing voice applications within a digital workspace
US20190197539A1 (en) * 2017-12-27 2019-06-27 Hyundai Card Co., Ltd. Method of providing service for setting condition of card use, card company server and user terminal
JP7001466B2 (ja) 2017-12-27 2022-01-19 ヤフー株式会社 プログラム、端末装置、および情報処理方法
US11089013B2 (en) * 2018-09-14 2021-08-10 International Business Machines Corporation Enhanced password authentication across multiple systems and user identifications
US11494768B2 (en) * 2018-10-29 2022-11-08 Mastercard International Incorporated Systems and methods for intelligent step-up for access control systems
KR102370671B1 (ko) * 2019-11-13 2022-03-07 신한카드 주식회사 음파 결제를 위한 모바일 단말, 자기장 변환 장치, 및 음파 결제 시스템
CN110942308A (zh) 2019-11-15 2020-03-31 北京三快在线科技有限公司 资源转移方法、装置、计算机设备及存储介质
US11457017B2 (en) * 2020-03-04 2022-09-27 The Whisper Company System and method of determing persistent presence of an authorized user while performing an allowed operation on an allowed resource of the system under a certain context-sensitive restriction
US20220116404A1 (en) * 2020-10-14 2022-04-14 i2Chain, Inc. Methods and systems for adaptive multi-factored geo-location based document access rights management and enforcement
US11892954B2 (en) * 2020-10-29 2024-02-06 Xerox Corporation Self-adding smartcard reader system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006252110A (ja) * 2005-03-10 2006-09-21 Oki Electric Ind Co Ltd 金融取引システム
JP2017041001A (ja) * 2015-08-18 2017-02-23 株式会社日本総合研究所 インターネットバンキングの資金移動用端末のプログラム、資金移動方法、及びキャッシュカード
WO2020203744A1 (ja) * 2019-03-29 2020-10-08 グローリー株式会社 認証システム及び認証方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3145428A1 (fr) * 2023-01-27 2024-08-02 Smart Packaging Solutions Système pour l’identification d’un individu porteur d’un document nominatif et porteur d’une carte à puce.

Also Published As

Publication number Publication date
TW202314544A (zh) 2023-04-01
JPWO2023276071A1 (https=) 2023-01-05
US12524536B2 (en) 2026-01-13
JP7177303B1 (ja) 2022-11-22
TWI822087B (zh) 2023-11-11
US20240427886A1 (en) 2024-12-26

Similar Documents

Publication Publication Date Title
JP7177303B1 (ja) サービス提供システム、サービス提供方法、及びプログラム
JP7230120B2 (ja) サービス提供システム、サービス提供方法、及びプログラム
US20210224795A1 (en) Escrow non-face-to-face cryptocurrency transaction device and method using phone number
TWI793885B (zh) 認證系統、認證方法、及程式產品
US11907352B2 (en) Biometric override for incorrect failed authorization
RU2568782C1 (ru) Способ и система для аутентификации и расчета с использованием мобильного терминала
JP7271778B2 (ja) サービス提供システム、サービス提供方法、及びプログラム
JP2025163177A (ja) 認証システム、認証方法、及びプログラム
JP6898536B1 (ja) 本人確認システム、本人確認方法、情報処理端末、およびプログラム
JP7176158B1 (ja) 学習モデル評価システム、学習モデル評価方法、及びプログラム
JP7190081B1 (ja) 認証システム、認証方法、及びプログラム
JP7176157B1 (ja) 学習モデル作成システム、学習モデル作成方法、及びプログラム
JP7104133B2 (ja) カード登録システム、カード登録方法、及びプログラム
JP2025116623A (ja) 決済システム、表示制御方法、及びプログラム

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2022529393

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 17910338

Country of ref document: US

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21948376

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21948376

Country of ref document: EP

Kind code of ref document: A1

WWG Wipo information: grant in national office

Ref document number: 17910338

Country of ref document: US