JP-2026075364-A - Information processing systems, information processing servers, and programs

Abstract

[Problem] To provide an information processing system, server, and program that allows users to access services provided by financial institutions, etc., without requiring them to remember and authenticate their credentials. [Solution] The information processing system 10 comprises a first user terminal (first terminal), a second user terminal (second terminal), a financial institution system (server), and a partner business system (website). The first terminal receives input of the user's face image, sends it to the server for comparison with a matching face image, and sets the user's authentication method to face image authentication. In response to a login authorization request to the website from the second terminal, it sends a two-dimensional code for login authorization, including a signature request, to the second terminal. The second terminal reads the two-dimensional code, receives input of the user's face image, authenticates using face image authentication, sends a signature generated with a private key to the server in response to a signature request from the server, and receives and sends input for login authorization to the website to the server, at which point the server authorizes the second terminal to access the website. [Selection Diagram] Figure 1

Inventors

• 関 衛介
• 岩井 佐也子
• 戸田 もも香
• 安武 浩二

Assignees

• 住信ＳＢＩネット銀行株式会社

Dates

Publication Date

20260508

Application Date

20241022

Claims (10)

1. A means for causing the user's primary terminal to accept input of the user's facial image and to transmit information about the input facial image to a financial institution server, On the aforementioned financial institution's server, A means for comparing the aforementioned face image with a matching face image that has been registered in advance as user information, and setting the user authentication method to the user's face image authentication method, A means for causing the user to send a two-dimensional code for login authorization, including a signature request, to the user's second terminal in response to a login authorization request to a website related to a financial institution's services from the user's second terminal, The means for causing the first user terminal to read the two-dimensional code displayed on the second user terminal to accept input of the user's facial image, to authenticate the input facial image based on the authentication method, to generate a signature using a private key in response to a signature request from the financial institution server, and to transmit information about the signature to the financial institution server, A means for the aforementioned financial institution server to verify the signature with a public key, After verification is complete, the first user terminal is instructed to accept input for login authorization to the website, and to transmit information about the entered login authorization to the financial institution server. After login approval, means for instructing the financial institution server to authorize access to the website from the user's second terminal, An information processing system equipped with the following features.
2. A means for causing a user terminal used by a user to accept input of the user's facial image and to transmit information about the input facial image to a financial institution server, On the aforementioned financial institution's server, A means for comparing the aforementioned face image with a matching face image that has been registered in advance as user information, and setting the user authentication method to the user's face image authentication method, A means for causing the user terminal to send a link to financial institution application software, including a signature request, to the user terminal in response to a login authorization request to a website related to financial institution services, The means for the user terminal to select the link destination and accept input of the user's facial image, to authenticate the input facial image based on the authentication method, to generate a signature using a private key in response to a signature request from the financial institution server, and to transmit information about the signature to the financial institution server, A means for the aforementioned financial institution server to verify the signature with a public key, After verification is complete, the means for causing the user terminal to accept input for login authorization to the website and to transmit information about the entered login authorization to the financial institution server, After login approval, means for instructing the financial institution server to authorize access to the website from the user terminal, An information processing system equipped with the following features.
3. The financial institution server provides a means for causing the second user terminal to send a two-dimensional code for approving the execution of a procedure, including a signature request, to the second user terminal in response to a request from the second user terminal to execute a procedure related to the use of the financial institution's services, The means for causing the first user terminal to read the two-dimensional code displayed on the second user terminal to accept input of the user's facial image, to authenticate the input facial image based on the authentication method, to generate a signature using a private key in response to a signature request from the financial institution server, and to transmit information about the signature to the financial institution server, A means for causing the aforementioned financial institution server to verify the signature for approving the execution of the procedure with the aforementioned public key, After verification is complete, the first user terminal is made to accept the input of procedure execution approval from the second user terminal, and the information regarding the input procedure execution approval is sent to the financial institution server. The information processing system according to claim 1, further comprising means for causing the financial institution server to execute a procedure related to the financial institution's services based on information regarding the approval of the procedure execution.
4. Means for causing the financial institution server to send to the user terminal a link to the financial institution application software, including a signature request, in response to a request from the user terminal to execute a procedure related to the use of the financial institution's services, The means for the user terminal to select the link destination and accept input of the user's facial image, to authenticate the input facial image based on the authentication method, to generate a signature using a private key in response to a signature request from the financial institution server, and to transmit information about the signature to the financial institution server, A means for causing the aforementioned financial institution server to verify the signature for approving the execution of the procedure with the aforementioned public key, The information processing system according to claim 2, further comprising means for causing the financial institution server to execute a procedure related to the financial institution's services based on information regarding the approval of the procedure execution.
5. The information processing system according to claim 1 or claim 3, further comprising means for causing the financial institution server to obtain a login authorization request from the user's second terminal to an external server, and for allowing login via single sign-on based on the information regarding the login authorization.
6. The information processing system according to claim 2 or 4, further comprising means for causing the financial institution server to obtain a login authorization request from the user terminal to an external server, and for allowing login via single sign-on based on the information regarding the login authorization.
7. A means for receiving information about the user's facial image from the user's primary terminal used by the user, A means for comparing the aforementioned face image with a matching face image that has been registered in advance as user information, and setting the user authentication method to the user's face image authentication method, A means for transmitting a two-dimensional code including a signature request to the user's second terminal in response to a login authorization request to a website related to a financial institution's service from the user's second terminal, A means for receiving information about the signature generated using the private key for the signature request after reading the two-dimensional code from the first user terminal, and verifying the signature with the public key, After verification is complete, the system receives information from the first user terminal regarding the login authorization of the second user terminal, and controls the second user terminal to authorize access to the website. An information processing server equipped with the following features.
8. A means for receiving information about the user's facial image from the user's terminal, A means for comparing the aforementioned face image with a matching face image that has been registered in advance as user information, and setting the user authentication method to the user's face image authentication method, In response to a login authorization request from the user terminal to a website related to services provided by a financial institution, means for sending a link to financial institution application software, including a signature request, to the user terminal, A means for receiving information from the user terminal about the signature generated using the private key for the signature request after the user terminal has selected the link destination, and verifying the signature with the public key, After verification is complete, the system receives information from the user terminal regarding login authorization to the website, and controls the user terminal to authorize access to the website. An information processing server equipped with the following features.
9. The user's primary terminal is configured to accept input of the user's facial image and to send information about the input facial image to the server. To the aforementioned server, The aforementioned facial image is compared with a matching facial image that has been pre-registered as user information, and the user's authentication method is set to the user's facial image authentication method. In response to a login authorization request to a website related to a financial institution's service from a second user terminal used by the aforementioned user, a two-dimensional code including a signature request is sent to the second user terminal. The user's first terminal is instructed to read the two-dimensional code displayed on the user's second terminal to accept input of the user's facial image, authenticates the input facial image based on the authentication method, generates a signature using the private key in response to a signature request from the financial institution's server, and transmits information about the signature to the server. The server is provided with a means to verify the signature with a public key, After verification is complete, the user's first terminal is instructed to accept input for login authorization to the website, and to send the information regarding the entered login authorization to the server. A program that, after login approval, controls the server to authorize access to the website from the user's second terminal.
10. The user terminal used by the user is configured to accept input of the user's facial image, and to send information about the input facial image to the server. To the aforementioned server, The aforementioned facial image is compared with a matching facial image that has been registered in advance as user information, and the user's authentication method is set to the user's facial image authentication method. In response to a login authorization request from the user terminal to a website related to services provided by a financial institution, the system causes the user terminal to send a link to the financial institution's application software, including a signature request. The user terminal is instructed to select the link destination and to input the user's facial image; the input facial image is authenticated based on the authentication method; a signature is generated using the private key in response to the signature request from the financial institution server; and information about the signature is transmitted to the server. The server is provided with a means to verify the signature with a public key, After verification is complete, the user terminal is instructed to accept input for login authorization to the website, and to send the information regarding the entered login authorization to the server. A program that, after login approval, controls the server to authorize access to the website from the user terminal.

Description

This invention relates to an information processing system, an information processing server, and a program. When users access services provided by financial institutions and various businesses using devices such as personal computers, smartphones, tablets, or external equipment, they are required to use memorized authentication methods such as user IDs and passwords. In place of the memory-based authentication described above, biometric authentication and multi-factor authentication combining these methods are also being used. For example, Patent Document 1 proposes a transaction system that allows financial transactions to be conducted using facial recognition without the need for a cash card. Furthermore, Patent Document 2 proposes a login management system that allows users to set separate login methods for multiple accounts when using application software (hereinafter referred to as "apps") to access financial institution services. Patent No. 7429819Japanese Patent Publication No. 2022-7438 This diagram shows an example of the overall configuration of the information processing system in this embodiment.This diagram shows an example of the configuration of (a) a user terminal and (b) a financial institution server, both of which are part of an information processing system.This diagram shows an example of the configuration of a partner company's server included in an information processing system.This figure shows an example of user face image registration processing by the information processing system of this embodiment.This diagram illustrates an example of the login process to a financial institution's website using the web browser of a second user terminal, as performed by the information processing system of this embodiment.This diagram illustrates an example of the login process to a financial institution's website using the user's first terminal's web browser, as performed by the information processing system of this embodiment.This diagram illustrates an example of login processing to an external website via a financial institution's website using the information processing system of this embodiment. An example of an embodiment of the present invention will be described below with reference to the attached drawings. The information processing system of this embodiment consists of one or more computers and is used when a user accesses various services provided by financial institutions or partner businesses affiliated with financial institutions on the Web. As one embodiment, this is an information processing system that connects a financial institution system managed by a city bank, a regional bank, a so-called internet bank that conducts banking business over the internet, and other entities engaged in banking agency business (hereinafter referred to as "financial institutions"), a partner business system managed by a partner business that partners with the financial institution, and a user terminal used by the user via a network, and provides various services from the aforementioned financial institutions and partner businesses to the user terminal through a web browser. In the configuration shown in Figure 1, the information processing system 10 is constructed so that the user's first terminal 20A and second user terminal 20B, the financial institution system 30 managed by the financial institution, and the partner business system 40 managed by a partner business that is affiliated with the financial institution are all interconnected and able to communicate with each other via a communication network 50 including the Internet communication network and a wireless communication network defined by wireless communication standards. [User terminal] A user terminal is a device used by a user. In this embodiment, a smartphone, tablet, or other device equipped with a camera device is designated as the first user terminal 20A, and a desktop or laptop personal computer without a camera device is designated as the second user terminal 20B. These are collectively referred to as "user terminal 20". As shown in Figure 2(a), the user terminal 20 comprises a control unit 21, which is a CPU that executes various computer programs and performs calculations; a storage unit 25, which is a storage device such as RAM and built-in storage that stores the computer programs and various data; an input unit 23, which is an information input device such as a keyboard, mouse, touch panel, and built-in camera; an output unit 24, which is an information output device such as a liquid crystal display; and a communication unit 22, which is a communication module that sends and receives various information with the financial institution system 30 and the partner business system 40 via the communication network 50. The memory unit 25 stores the financial institution application 25A provided by the financial institution. When the financial institution application 25A is executed, the control unit 21 communicates with the fin