WO2024232074A1 - Server device, server device control method, and storage medium - Google Patents

Abstract

Provided is a server device that makes it possible to select a supervisory method optimum for a situation or the like of a concerned party regarding a service provided on a network. The server device includes an account generation means and an access right setting means. The account generation means generates an account of a first user. The access right setting means sets, for a second user, an access right to the account of the first user when the first user desires to set, for the second user, the access right to the account under the name of the first user.

Description

Server device, server device control method and storage medium

The present invention relates to a server device, a control method for a server device, and a storage medium.

Technology exists that limits the services provided to users online (online).

For example, US Pat. No. 6,399,633 provides an electronic shopping system that allows a user to supervise and constrain the overall internet shopping purchases made by another user. The electronic shopping system of US Pat. No. 6,399,633 includes a customer profile database, a product database, and a transaction database. The electronic shopping system uses data records and ID numbers to facilitate the supervision of internet shopping. A first user establishes shopping criteria and predetermines which items or categories, and in what quantities or frequency, may be purchased by a second user. The first user reviews the second user's selections before the purchase transaction is completed. Calculations are performed on the data records to reduce the time and energy required to supervise the shopping selections. The electronic shopping system uses email and time and date information to notify the user of activities taking place in the system.

JP 2004-078924 A

As described in Patent Document 1, in services such as Internet shopping, there is a need for other users to supervise the activities of a certain user on the network. Various methods can be considered for realizing supervision of the activities of the other users. Furthermore, the various methods for realizing the supervision differ depending on the circumstances and relationships of the parties involved. For example, the optimal method differs between a case in which an adult child supervises the activities of an elderly parent and a case in which a parent supervises the activities of a young child.

The main objective of the present invention is to provide a server device, a control method for a server device, and a storage medium that contribute to making it possible to select the most appropriate supervision method for the circumstances of the parties involved in relation to services provided over a network.

According to a first aspect of the present invention, a server device is provided that includes an account generation means for generating an account for a first user, and an access right setting means for setting access rights to the first user's account for a second user when the first user requests that the second user be given access rights to an account in the name of the first user.

According to a second aspect of the present invention, a method for controlling a server device is provided, which generates an account for a first user in a server device, and when the first user requests a second user to have access rights to an account in the name of the first user, sets access rights to the first user's account for the second user.

According to a third aspect of the present invention, a computer-readable storage medium is provided that stores a program for causing a computer installed in a server device to execute the following processes: a process for generating an account for a first user; and a process for setting access rights to the first user's account for a second user when the first user requests that the second user be given access rights to an account in the name of the first user.

In accordance with each aspect of the present invention, a server device, a control method for a server device, and a storage medium are provided that contribute to making it possible to select the most suitable supervision method for the circumstances of the parties involved in relation to services provided over a network. Note that the effects of the present invention are not limited to those described above. The present invention may achieve other effects instead of or in addition to the effects described above.

FIG. 1 is a diagram for explaining an overview of an embodiment. FIG. 2 is a flowchart for explaining an outline of the operation of one embodiment. FIG. 3 is a diagram illustrating an example of a schematic configuration of an information processing system according to the first embodiment. FIG. 4 is a diagram for explaining the operation of the information processing system according to the first embodiment. FIG. 5 is a diagram illustrating an example of a processing configuration of a server device according to the first embodiment. FIG. 6 is a diagram illustrating an example of a user management database according to the first embodiment. FIG. 7 is a diagram illustrating an example of a display on the terminal according to the first embodiment. FIG. 8 is a diagram illustrating an example of a display on the terminal according to the first embodiment. FIG. 9 is a diagram illustrating an example of a user management database according to the first embodiment. FIG. 10 is a flowchart illustrating an example of the operation of the service providing unit according to the first embodiment. FIG. 11 is a diagram illustrating an example of a hardware configuration of a server device according to the present disclosure.

First, an overview of one embodiment will be described. Note that the reference numerals in the drawings attached to this overview are added to each element for convenience as an example to aid understanding, and the description of this overview is not intended to be limiting in any way. Furthermore, unless otherwise specified, the blocks illustrated in each drawing represent a functional configuration, not a hardware configuration. The connection lines between blocks in each drawing include both bidirectional and unidirectional. Unidirectional arrows are used to diagrammatically indicate the flow of the main signal (data), and do not exclude bidirectionality. Note that in this specification and drawings, elements that can be described in the same way may be labeled with the same numerals to avoid duplicated explanations.

The server device 100 according to one embodiment includes an account generation means 101 and an access right setting means 102 (see FIG. 1). The account generation means 101 generates an account for a first user (step S1 in FIG. 2). When the first user requests that a second user be granted access rights to an account in the name of the first user, the access right setting means 102 sets the second user's access rights to the first user's account (step S2).

When a user wishes to set access rights for another person, the server device 100 sets access rights to the user's account for that other person from among various methods that allow the user to supervise the actions of other users. For example, when an elderly parent entrusts the management of assets, etc. to a child, this access right setting is selected. Alternatively, the server device 100 may enable a user to create an account in the name of another person on their behalf. When a user wishes to create an account in the name of another person, the server device 100 may create the account in the name of the other person. For example, this method is selected when a parent creates an account for a young child (e.g., an account related to electronic money). In this way, the server device 100 makes it possible to select the most suitable supervision method for the situation of the parties (parent, child) regarding services provided on the network.

Specific embodiments are described in more detail below with reference to the drawings.

[First embodiment]
The first embodiment will be described in more detail with reference to the drawings.

[System Configuration]
3 is a diagram showing an example of a schematic configuration of an information processing system according to the first embodiment. The information processing system according to the first embodiment includes a plurality of server devices 10.

The server device 10 is managed and operated by a business operator (hereinafter referred to as a service provider) that provides various services to users. A service provider may be a private company or a public institution such as a local government. For example, banks, securities companies, credit card companies, EC (electronic commerce) businesses, health centers, and local governments that manage My Number cards, etc., fall under the category of service providers.

The user possesses a terminal 20. The user operates the terminal 20 to perform online shopping, etc.

Each device shown in FIG. 3 is connected to a network. Specifically, the server device 10 and the terminal 20 are connected to the network by wired or wireless communication means.

The configuration of the information processing system shown in FIG. 3 is an example and is not intended to be limiting. For example, although three server devices 10 are illustrated in FIG. 3, the system may include at least one server device 10 (service provider).

[Outline of operation]
Next, the general operation of the information processing system according to the first embodiment will be described.

<Create an account>
By creating an account with a service provider, a user can receive various services from the service provider.

To create an account, the user operates the terminal 20 that the user owns to access the server device 10. In response to the access from the terminal 20, the server device 10 displays a WEB page or the like for creating an account.

The user creates an account on the web page. At that time, the server device 10 acquires the information necessary to create the user's account. Specifically, the server device 10 acquires login information (ID, password), name, date of birth, contact information, account information, biometric information, etc.

Examples of biometric information include data (features) calculated from physical characteristics unique to an individual, such as the face, fingerprints, voiceprints, veins, retina, and iris patterns. Alternatively, biometric information may be image data such as face images and fingerprint images. Biometric information may be any information that includes an individual's physical characteristics. In the present disclosure, biometric information is defined as a person's face image or features generated from a face image.

Once the login information, biometric information, name, etc. are acquired, the server device 10 generates a user ID (identifier) to uniquely identify the user.

The server device 10 stores the generated user ID, login information, name, date of birth, contact information, biometric information, etc. in association with each other. The server device 10 stores this information in a "user management database." Details of the user management database will be described later.

By creating an account on the server device 10, for example, a user can receive services from a service provider.

For example, a user accesses a server device 10 provided by a credit card company and changes (sets) the monthly credit limit. Alternatively, the user checks the usage history (transaction history) in an account with the credit card company. Alternatively, the user can apply for various administrative procedures online in an account for carrying out administrative procedures.

<Multiple Access>
Here, it goes without saying that the account holder can use (access) his/her own account. Furthermore, the server device 10 permits others to use the account. For example, a child can access (log in to) an account in the name of a parent. Conversely, a parent can access an account in the name of a child. In other words, the server device 10 allows "multiple access" where multiple people access one account.

There are two ways to achieve multi-access.

The first method is to set access rights for a third party who accesses another person's account. For example, if the account holder is a parent, the child becomes the "access rights recipient" who receives the access rights.

The second method is to create an account on behalf of someone else. For example, a parent who creates an account in their child's name becomes the "proxy account creator." In this case, the account created on behalf of the child (hereafter referred to as the proxy account) is held by the child. The holder of the proxy account is also referred to as the "proxy account holder."

<Access rights settings>
First, a case where an account holder sets access rights for other people will be described.

To achieve multi-access, the account holder sets access rights to their account for others. For example, if an elderly parent entrusts the management of their assets to their child, access rights are set for that child.

In this case, the parent sets access rights for the child for each of their own accounts. For example, if a parent has accounts with service providers A, B, and C, the parent can set access rights for the child for each account. Of course, the parent does not have to set access rights for accounts for which it is not necessary to set access rights for the child.

The account holder (e.g., a parent) logs in to their account and registers information about the person to whom access rights will be granted (e.g., a child). For example, the login information and biometric information (e.g., a facial image of the child) for the person to whom access rights will be granted are registered in the account.

The person to whom access rights have been granted can log in to the account for which access rights have been granted using the login information provided by the account holder.

Furthermore, the account holder can restrict the actions of those granted access rights on their account.

For example, in a credit card company account, the account holder can grant the person to whom the access rights have been granted the right to check usage history. Or, the account holder can grant the person to whom the access rights have been granted the right to change the usage limit. In this way, the account holder can set the authority (scope of authority) for the actions of the person to whom the access rights have been granted on his or her own account.

Alternatively, the server device 10 may automatically determine the scope of authority of the account holder or the person to whom the access rights have been granted, depending on the attributes (e.g., age) or condition (e.g., the death of the account holder or an illness suffered by the account holder). For example, the server device 10 may automatically determine the scope of authority of the person to whom the access rights have been granted, when the account holder suffers from an illness such as dementia that causes anxiety or worry about making decisions on their own.

For example, if the age of the account holder (e.g., parent) is equal to or greater than a predetermined value, the server device 10 grants all privileges to the person to whom the access rights are to be granted (e.g., child). Alternatively, when the account holder dies, the server device 10 may grant all privileges to the person to whom the access rights are to be granted. That is, when the account holder dies, the server device 10 may disclose all information in the account holder's account to the person to whom the access rights are to be granted. Alternatively, when the account holder becomes ill (e.g., suffers from dementia), the server device 10 may grant all privileges to the person to whom the access rights are to be granted.

In this way, the server device 10 may determine the scope of authority of the person to whom access rights are granted depending on the account holder's age, death, illness, etc.

<Account creation on your behalf>
Next, a case where a user creates an account for another person on his/her behalf will be described.

To achieve multiple access, an account holder can create an account in the name of another person on his/her behalf. Specifically, the account holder creates a proxy account by following a specific procedure in his/her own account.

The creator of the proxy account (e.g., a parent) registers the login information (ID, password), name, age, biometric information (e.g., a facial image), etc., used by the account holder (e.g., a child) in the server device 10. The server device 10 uses the acquired information to create a proxy account.

For example, a parent creates an account on behalf of their young child. For example, the parent creates a proxy account for the child in their account with an electronic money company.

In this case, the proxy account creator has full authority over the proxy account holder's account. More specifically, the proxy account creator (e.g., a parent) has a greater range of authority than the proxy account holder (e.g., a child).

For example, a parent can use an electronic money company account to check the usage (history) of their child's electronic money (prepaid electronic money) and to charge the electronic money, etc.

By utilizing a proxy account, for example, the account holder (child) can make deferred payment for services received from a service provider.

For example, consider the case where a child pays for something at a retail store, hospital, etc. When the user (child) requests to pay later, the payment terminal 30 at the retail store, etc. sends a "delivery availability determination request" including the user's biometric information (e.g., a facial image) to the server device 10 (see Figure 4). For example, the payment terminal 30 sends the deferred payment availability determination request to the server device 10 of an electronic money company.

When the server device 10 receives a request to determine whether or not deferred payment is possible, the server device 10 identifies the user (child) using the acquired biometric information. The server device 10 determines whether the identified user's account is a proxy account created by the parent on their behalf. If it is a proxy account, the server device 10 determines that "deferred payment is possible." If it is not a proxy account, the server device 10 determines that "deferred payment is not possible."

The server device 10 transmits the determination result (post-payment possible, post-payment not possible) to the payment terminal 30.

When notified that deferred payment is possible, the payment terminal 30 provides a service in which the child's fee can be charged to the parent, even if the user (child) does not have enough charge money.

In this case, the payment terminal 30 notifies the server device 10 of the amount to be charged to the user (child). The server device 10 settles the notified amount at a specified time (e.g., at the end of the month) using the electronic money of the proxy account holder (e.g., the child). Alternatively, if the server device 10 cannot settle using the electronic money of the proxy account holder, it settles using the electronic money or credit card of the creator of the proxy account (parent).

When notified that deferred payment is not possible, the payment terminal 30 requests the user (child) to pay in cash or other means (deferred payment is not permitted).

In this way, when a child has a proxy account created by a parent, the account has a certain degree of trust, and the service provider can allow the service user to pay later.

The account holder, person granted access rights, proxy account creator, and proxy account holder are explained below.

The account holder is a user who creates a new account in their own name. The recipient of access rights is a user who can access other people's accounts and who has been granted access rights by the account holder. For example, if the account holder is an elderly parent, the recipient of access rights is their adult child.

The proxy account creator is a user who already has an account and creates an account in someone else's name. The proxy account holder is the holder of the account created by someone else. For example, if the proxy account creator is a parent, the proxy account holder is a young child (a minor). Note that since an account holder can create a proxy account, the proxy account creator is also the account holder.

Next, we will explain the details of each device included in the information processing system according to the first embodiment.

[Server device]
Fig. 5 is a diagram showing an example of a processing configuration (processing module) of the server device 10 according to the first embodiment. Referring to Fig. 5, the server device 10 includes a communication control unit 201, an account creation unit 202, an access right setting unit 203, an authority range control unit 204, a proxy account creation unit 205, a service providing unit 206, and a storage unit 207.

The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the terminal 20. The communication control unit 201 also transmits data to the terminal 20. The communication control unit 201 passes data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 201. The communication control unit 201 has a function as a receiving unit that receives data from other devices, and a function as a transmitting unit that transmits data to other devices.

The account generation unit 202 is a means for generating an account for a user. The account generation unit 202 acquires login information (e.g., ID, password), biometric information (e.g., face image), name, date of birth, contact information, etc. from the user's terminal 20 using a GUI (Graphical User Interface) or the like.

When the account generation unit 202 acquires a facial image of the user, it generates features from the acquired facial image.

Since existing technology can be used for the process of generating features by the account generation unit 202, a detailed description thereof will be omitted. For example, the account generation unit 202 extracts the eyes, nose, mouth, etc. as feature points from a face image. After that, the account generation unit 202 calculates the position of each feature point and the distance between each feature point as feature amounts (generating a feature vector consisting of multiple feature amounts).

Furthermore, the account generation unit 202 generates a user ID for identifying the user. For example, the account generation unit 202 assigns a unique value each time a user registers with the system, and uses the assigned value as the user ID.

The account generation unit 202 sets the account type of the generated account to "normal". The account generation unit 202 sets the user type of the account creator to "account holder". The account generation unit 202 sets the status (health condition, etc.) of the account holder to "healthy". The account generation unit 202 sets the scope of authority of the account holder to "full range".

The account generation unit 202 stores the user ID, login information, biometric information (feature amount), name, date of birth, status, scope of authority, etc. in the user management database (see FIG. 6). As shown in FIG. 6, the account generation unit 202 stores the information of the account holder in the user management database as "account holder information."

Note that the user management database shown in Figure 6 is an example and is not intended to limit the items to be stored.

The access right setting unit 203 is a means for setting access rights to a third party different from the account holder. When a first user (e.g., an elderly parent) wishes a second user (e.g., a child) to have access rights set to an account in the name of the first user, the access right setting unit 203 sets the second user's access rights to the first user's account.

When a user who has logged in to an account performs a specified operation, the access rights setting unit 203 obtains information necessary to set access rights for a third party other than the account holder. For example, the access rights setting unit 203 displays a GUI such as that shown in FIG. 7 on the terminal 20. In FIG. 7, when "Authority range: All range" is selected, it indicates that all authorities in the account are granted to the person to whom the access rights are set. When "Check credit limit" is selected, it indicates that the person to whom the access rights are set can check the credit limit of the account holder's credit card. When "Check usage history" is selected, it indicates that the person to whom the access rights are set can check the credit card usage history of the account holder.

The access right setting unit 203 acquires information about the person to whom the access right is to be set from the account holder. The access right setting unit 203 acquires the login information, name, date of birth, biometric information (e.g., face image), contact information (e.g., email address), scope of authority, etc., for the person to whom the access right is to be set.

The access right setting unit 203 generates features from the facial image of the person to whom the access right is to be set. The access right setting unit 203 generates a user ID of the person to whom the access right is to be set. The access right setting unit 203 sets the user type of the person to whom the access right is to be set to "access right set person."

The access right setting unit 203 stores information about the person to whom the access right is set in the account of the account holder as "access right set person information."

The authority scope control unit 204 is a means for controlling the scope of authority of the account holder and the person to whom access rights are granted.

The authority scope control unit 204 determines the scope of authority of the account holder or the person to whom the access rights are to be granted, depending on the attributes (e.g., age) and condition (death, suffering from dementia, etc.) of the account holder or the person to whom the access rights are to be granted.

The authority range control unit 204 accesses the user management database periodically or at a specified timing. The authority range control unit 204 references the account holder information of each entry. For example, if the age of the account holder (e.g., parent) is equal to or greater than a specified value, the authority range control unit 204 sets all authority for actions on the account to the access rights grantee (e.g., child). Alternatively, the authority range control unit 204 may expand the authority range of the access rights grantee as the account holder gets older.

Alternatively, when the account holder dies, the authority range control unit 204 may set all authorities to the access right recipient. In this case, the authority range control unit 204 obtains a death notification of the account holder from the access right recipient (e.g., a child) using a GUI or the like. The authority range control unit 204 obtains the name of the deceased from the obtained death notification, and if the name matches the account holder's name, it treats the account holder as deceased.

Alternatively, when the account holder suffers from a specified illness (e.g., dementia), the authority range control unit 204 may set all authorities to the access right grantee. In this case, the authority range control unit 204 obtains a medical certificate regarding the account holder from the access right grantee (e.g., a child) using a GUI or the like. The authority range control unit 204 obtains the account holder's name and the name of the illness from the obtained medical certificate. The authority range control unit 204 uses the obtained name of the illness to grasp the account holder's condition (suffering from a specific illness).

In this way, the authority range control unit 204 may determine the authority range of a second user (e.g., a child) in an account in the name of a first user (e.g., a parent) depending on the attributes or status of the first user. Alternatively, the authority range control unit 204 may determine the authority range of a first user in an account in the name of a first user depending on the attributes or status of the first user.

Alternatively, if the age of the person to whom the access rights are to be granted is equal to or greater than a predetermined value, the authority range control unit 204 may grant the person to whom the access rights are to be granted all authority in the account. Alternatively, the authority range control unit 204 may expand the authority range of the person to whom the access rights are to be granted as the person to whom the access rights are to be granted increases.

The proxy account generation unit 205 is a means for generating an account in the name of another person on behalf of another person.

When a first user (e.g., a parent) wishes to generate an account for a second user (e.g., a child) on their behalf, the proxy account generation unit 205 generates an account in the name of the second user. At that time, the proxy account generation unit 205 sets the first user (e.g., a parent) with authority equal to or greater than that of the second user (e.g., a child) in the proxy account.

When a user who has logged in to an account performs a specified operation, the proxy account generation unit 205 obtains the information necessary to generate an account for a third party other than the account holder. For example, the access rights setting unit 203 displays a GUI such as that shown in FIG. 8 on the terminal 20.

The proxy account generation unit 205 acquires information about the proxy account holder from the account holder. The proxy account generation unit 205 acquires login information, name, date of birth, contact information, biometric information (e.g., a facial image), etc., for the proxy account holder.

The proxy account generation unit 205 generates features from the face image of the proxy account holder. The proxy account generation unit 205 generates a user ID for the proxy account holder. The proxy account generation unit 205 sets the type of the generated account to "proxy account."

The proxy account generation unit 205 stores the proxy account holder's information (user ID, login information, name, date of birth, etc.) in the user management database as "account holder information" (see Figure 9). The proxy account generation unit 205 may set the proxy account holder's status to "healthy" or the like, or may not set a status. The proxy account generation unit 205 may also set the proxy account holder's scope of authority to "all range," or may limit the proxy account holder's scope of authority to some authority.

The proxy account generation unit 205 stores information about the user (e.g., parent) who generated the proxy account in the user management database as "proxy account generator information." For example, the proxy account generation unit 205 stores information such as the user ID, login information, name, and date of birth of the proxy account generator in the user management database as proxy account generator information.

At that time, the proxy account generation unit 205 sets the scope of authority of the proxy account generator to "all range." In other words, the proxy account generation unit 205 sets the proxy account generator with authority equal to or greater than that of the proxy account holder.

The user management database shown in FIG. 6 and the user management database shown in FIG. 9 may be the same database. That is, the account holder information, access right grantee information, and proxy account creator information may be stored in the same database. Alternatively, the databases that store the account holder information, etc. may be separate depending on the account type (normal account, proxy account).

The access right setting unit 203 and the proxy account generation unit 205 perform control so that duplication of login information between users does not occur.

The service providing unit 206 is a means for providing services to users. The service providing unit 206 provides the first and second users with services according to the scope of authority set for the first and second users.

The service providing unit 206 provides services according to the industry and business model of the service provider. For example, if the service provider is a credit card company, the service providing unit 206 provides information such as the usage history of users who log in to their accounts.

When a user logs in to an account, the service providing unit 206 searches the user management database using the login information (ID, password). The service providing unit 206 uses the search to identify the type of user (account holder, access right recipient, proxy account holder, proxy account creator).

If the login information is set in the account holder information (account holder information field) of a normal account, the service providing unit 206 determines that the logged-in user is an "account holder."

If the login information is set in the access rights recipient information of a normal account, the service providing unit 206 determines that the logged-in user is an "access rights recipient."

If the login information is set in the account holder information of the proxy account, the service providing unit 206 determines that the logged-in user is the "proxy account holder."

If the login information is set in the proxy account creator information of the proxy account, the service providing unit 206 determines that the logged-in user is the "proxy account creator."

The service providing unit 206 provides services to users based on the scope of authority of the user type identified according to the login information. For example, the person to whom the access rights are granted supervises (monitors) the actions of the account holder. Or, the proxy account creator supervises the actions of the proxy account holder.

As described above, the server device 10 realizes deferred payment by the proxy account holder. The service providing unit 206 realizes the deferred payment function.

FIG. 10 is a flowchart showing an example of the operation of the service providing unit 206 according to the first embodiment. The deferred payment function of the service providing unit 206 will be described with reference to FIG. 10.

The service providing unit 206 receives a request to determine whether or not payment can be made later from a payment terminal 30 installed at a retail store or other store (step S101).

The service providing unit 206 performs a matching process using the biometric information included in the request to determine whether or not payment is possible and the biometric information stored in the user management database (step S102).

More specifically, the service providing unit 206 generates features from the facial image included in the request for determining whether or not payment is possible after the fact. The service providing unit 206 sets the generated features as a comparison target, and performs a comparison process (1:N comparison; N is a positive integer, the same applies below) between the features and the features stored in the user management database.

The service providing unit 206 calculates the similarity between the feature to be matched and each of the multiple feature on the registration side. The similarity can be calculated using chi-square distance, Euclidean distance, or the like. Note that the greater the distance, the lower the similarity, and the closer the distance, the higher the similarity.

If there is no feature among the multiple features stored in the user management database that has a similarity with the feature to be matched that is equal to or greater than a predetermined value, the service providing unit 206 determines that the matching process has failed.

The service providing unit 206 determines that the matching process is successful if, among the multiple features stored in the user management database, there is a feature whose similarity with the feature to be matched is equal to or greater than a predetermined value. In this case, the user with the entry with the highest similarity is identified as a user who wishes to pay later.

If the matching process fails (step S103, No branch), the service providing unit 206 sets the determination result to "payment after delivery is not possible" (step S104).

If the matching process is successful (step S103, Yes branch), the service providing unit 206 determines whether the user identified by the matching process is the proxy account holder (e.g., a child) (holder determination; step S105).

Specifically, if the account type of the identified user is a "proxy account" and the user type of the identified user is an "account holder," the service providing unit 206 determines that the identified user is a proxy account holder.

If the user is not the proxy account holder (step S106, No branch), the service providing unit 206 sets the determination result to "no deferred payment" (step S104).

If the user is a proxy account holder (step S106, Yes branch), the service providing unit 206 sets the determination result to "pay later" (step S107).

The service providing unit 206 transmits the determination result (post-payment possible, post-payment not possible) to the payment terminal 30 (step S108).

In this way, the service providing unit 206 receives a deferred payment availability determination request from the payment terminal 30, which includes biometric information of a user (e.g., a child) who wishes to pay later. The service providing unit 206 identifies the user who wishes to pay later by performing a matching process using the biometric information included in the deferred payment availability determination request and the biometric information stored in the user management database. If the account of the identified user is a proxy account, the service providing unit 206 notifies the payment terminal 30 that deferred payment is possible.

Note that detailed explanations of the service providing unit 206 regarding services other than postpaid (services according to each service provider) will be omitted. This is because a detailed explanation regarding the provision of individual services is outside the scope of the present disclosure.

The storage unit 207 is a means for storing information necessary for the operation of the server device 10. Using a user management database, the storage unit 207 stores at least the account type and the biometric information of the account holder in association with each other.

[Device]
Examples of the terminal 20 include a smartphone, a mobile phone, a game machine, a mobile terminal device such as a tablet, a computer (personal computer, notebook computer), etc. The terminal 20 can be any equipment or device that can accept user operations and communicate with the server device 10, etc. In addition, since the configuration of the terminal 20 is clear to those skilled in the art, detailed explanations will be omitted.

[Payment terminal]
The payment terminal 30 is a so-called POS (Point of Sale) terminal. When a user desires deferred payment, the payment terminal 30 acquires biometric information (e.g., a facial image) of the user. The payment terminal 30 transmits a deferred payment availability determination request, including the acquired biometric information, to a predetermined server device 10. The payment terminal 30 notifies a store clerk or the like of the determination result (deferred payment available, deferred payment unavailable). Note that a detailed description of the configuration and operation of the payment terminal 30 will be omitted because the configuration, etc. of the payment terminal 30 will be clear to those skilled in the art.

Next, we will explain a modified example of the first embodiment.

<Modification 1>
In the above embodiment, when an access right is set for an account holder, the server device 10 acquires information about the access right holder using a GUI such as that shown in Fig. 7. The access right setting unit 203 of the server device 10 may link (link) an existing account of the access right holder with the account of the account holder.

Specifically, the access right setting unit 203 acquires the login ID of the person to whom the access right is to be set (e.g., a child) from the account holder (e.g., an elderly parent). The access right setting unit 203 may register information such as the name stored in association with the acquired login ID in the user management database as access right grantee information.

<Modification 2>
The server device 10 may have a function for supervising the actions of the account holder and the proxy account holder.

For example, the credit card company's server device 10 (service provision unit 206) may notify the person to whom the access rights have been granted when the account holder's single payment amount exceeds a predetermined amount. Alternatively, the bank's server device 10 may notify the person to whom the access rights have been granted when the account holder transfers more than a predetermined amount (or registers a transfer request).

These functions of the server device 10 can protect the account holder from sudden actions or fraud caused by the account holder suffering from dementia, etc.

<Modification 3>
The server device 10 may realize the transfer of electronic money or points between the account holder and the person to whom the access right is set, or between the proxy account holder and the proxy account creator. For example, the server device 10 may grant points or electronic money to the proxy account holder in response to an instruction from the proxy account creator.

As described above, the server device 10 according to the first embodiment allows a user (e.g., a parent) to set access rights for another person (e.g., a child). For example, the child can act using an account in the parent's name within the scope of the set access rights. The child can prevent the parent from being scammed by supervising the parent's actions on the network. Alternatively, the server device 10 allows the user (e.g., a parent) to create an account for another person (e.g., a child) on behalf of the user. The parent has full authority over the child's account. Furthermore, if the child requests deferred payment, the server device 10 allows deferred payment if the child is the proxy account holder. In this way, the server device 10 provides the user (parent, child) with multiple accesses suited to their situation and condition.

Next, we will explain the hardware of each device that makes up the information processing system. Figure 10 is a diagram showing an example of the hardware configuration of the server device 10.

The server device 10 can be configured as an information processing device (so-called a computer), and has the configuration shown in FIG. 10. For example, the server device 10 has a processor 311, a memory 312, an input/output interface 313, and a communication interface 314. The components such as the processor 311 are connected by an internal bus or the like, and are configured to be able to communicate with each other.

However, the configuration shown in FIG. 10 is not intended to limit the hardware configuration of the server device 10. The server device 10 may include hardware not shown, and may not include an input/output interface 313 as necessary. Furthermore, the number of processors 311 and the like included in the server device 10 is not intended to be limited to the example shown in FIG. 10, and for example, the server device 10 may include multiple processors 311.

The processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).

Memory 312 may be a RAM (Random Access Memory), a ROM (Read Only Memory), a HDD (Hard Disk Drive), a SSD (Solid State Drive), etc. Memory 312 stores the OS program, application programs, and various data.

The input/output interface 313 is an interface for a display device and an input device (not shown). The display device is, for example, a liquid crystal display. The input device is, for example, a keyboard, a mouse, a touch panel, or other device that accepts user operations.

The communication interface 314 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card), etc.

The functions of the server device 10 are realized by various processing modules. The processing modules are realized, for example, by the processor 311 executing a program stored in the memory 312. The program can be recorded on a computer-readable storage medium. The storage medium can be a non-transitory medium such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. In other words, the present invention can also be embodied as a computer program product. The program can be downloaded via a network, or updated using a storage medium that stores the program. The processing modules may also be realized by a semiconductor chip.

In addition, the terminal 20, payment terminal 30, etc. can also be configured using information processing devices, just like the server device 10, and their basic hardware configurations are no different from those of the server device 10, so a description of them will be omitted.

The server device 10 is equipped with a computer, and the functions of the server device 10 can be realized by having the computer execute a program. The server device 10 also executes the control method of the server device 10 by the program.

[Modification]
The configuration, operation, etc. of the information processing system described in the above embodiment are merely examples, and are not intended to limit the system configuration, etc.

In the above embodiment, the subjects of multi-access are described as parents and children. However, it goes without saying that the subjects of multi-access are not limited to parents and children. For example, the subjects of multi-access may be grandparents and grandchildren, or acquaintances or friends.

In the above embodiment, the server device 10 uses login information to identify a user who logs in to the server device 10. The server device 10 may also use biometric authentication to identify a user who logs in. In this case, if a user identified by biometric authentication has multiple user types (e.g., account holder or proxy account creator), the server device 10 may obtain from the user which user type they will log in as.

In the above embodiment, the server device 10 identifies a person who wishes to pay later by a matching process using biometric information. However, the server device 10 may identify a person who wishes to pay later by other methods. For example, the server device 10 may identify a user by acquiring a user ID or login ID from the person who wishes to pay later. For example, the payment terminal 30 acquires a user ID or the like from the user when sending a request to determine whether or not payment is possible later. For example, the user may present to the payment terminal 30 a two-dimensional barcode converted from the user ID or login ID issued by the server device 10, enter the user ID into the payment terminal 30, or have the payment terminal 30 read a card on which the user ID is stored.

The access right setting unit 203 of the server device 10 may obtain information about the person to whom the access rights are to be set, not from the account holder. For example, the access right setting unit 203 obtains the contact information of the person to whom the access rights are to be set from the account holder. The access right setting unit 203 transmits an URL (Uniform Resource Locator) of an information acquisition page as shown in FIG. 7 to the obtained contact information. The access right setting unit 203 obtains the name, etc. from the terminal 20 of the person to whom the access rights are to be set. The access right setting unit 203 may obtain the scope of authority of the person to whom the access rights are to be set from the account holder.

When setting the access right recipient, the server device 10 may set the access right recipient after obtaining the consent of the access right recipient. Specifically, the access right setting unit 203 obtains the contact information of the access right recipient from the account holder. The access right setting unit 203 inquires of the obtained contact information (email address) whether or not the access right will be set (agreement). If the access right recipient agrees to the setting of the access rights, the access right setting unit 203 obtains information about the access right recipient using a GUI similar to that shown in FIG. 7.

Alternatively, the server device 10 may set the access right recipient in response to an application (request) from the access right recipient. For example, when an "access right setting request" including information identifying the account holder (e.g., login ID, name, etc.) is received from the child's terminal 20, the access right setting unit 203 inquires of the account holder whether or not he or she agrees to the setting of access rights. If the account holder agrees to the setting of access rights, the access right setting unit 203 acquires information about the access right recipient.

When changing a user's authority (the account holder's authority range, the access right grantee's authority range), the authority range control unit 204 of the server device 10 may obtain the consent of the parties involved regarding the change in authority range. Alternatively, the authority range control unit 204 may obtain the above consent when the authority range is either narrowed or expanded. For example, when the authority of an account holder (e.g., an elderly parent) is reduced, the authority range control unit 204 may obtain consent regarding the reduction in authority from the account holder.

The authority range control unit 204 of the server device 10 may change (reduce) the authority range of the proxy account creator depending on the attributes (e.g., age) of the proxy account holder. Alternatively, the authority range control unit 204 may revoke the authority of the proxy account creator when the proxy account holder reaches a certain age. For example, the authority range control unit 204 may revoke the supervisory authority of the proxy account creator when the proxy account holder reaches adulthood. Alternatively, the authority range control unit 204 may obtain the consent of the parties involved when changing the authority range of the proxy account generator.

The server device 10 may verify the identity of a user when creating an account. For example, the server device 10 acquires biometric information (face image) from an identification card such as a passport held by the user. For example, the server device 10 performs identity verification using biometric information (face image) obtained by photographing the user and biometric information obtained from the identification card. The server device 10 performs identity verification by determining whether the two pieces of biometric information substantially match.

In the above embodiment, the explanation was mainly given taking as examples the account holder, the person to whom access rights were granted, the proxy account creator, and the parent and child of the proxy account holder. However, the relationship between the account holder and the person to whom access rights were granted, and the relationship between the proxy account creator and the proxy account holder, can also be established between users who are not related by blood. For example, if the account holder is a retiring staff member (a company employee), the person to whom access rights were granted can also be a staff member who takes over the work of that staff member.

In the above embodiment, a case has been described in which the user management database is configured inside the server device 10, but the database may also be constructed in an external database server or the like. That is, some of the functions of the server device 10 may be implemented in another device. More specifically, it is sufficient that the above-described "access right setting unit (access right setting means)" and the like are implemented in any of the devices included in the system.

The form of data transmission between each device (e.g., server device 10, payment terminal 30) is not particularly limited, but data transmitted between these devices may be encrypted. Biometric information of users and the like is transmitted between these devices, and in order to appropriately protect this information, it is desirable to transmit and receive encrypted data.

In the flow diagrams (flowcharts, sequence diagrams) used in the above explanation, multiple steps (processes) are listed in order, but the order in which the steps are executed in the embodiments is not limited to the order listed. In the embodiments, the order of the steps shown in the diagrams can be changed to the extent that does not interfere with the content, for example by executing each process in parallel.

The above embodiments have been described in detail to facilitate understanding of the present disclosure, and it is not intended that all of the configurations described above are necessary. Furthermore, when multiple embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace part of the configuration of an embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of an embodiment. Furthermore, it is possible to add, delete, or replace part of the configuration of an embodiment with other configurations.

The above explanation makes it clear that the present invention has industrial applicability, and the present invention can be suitably applied to information processing systems including service providers that provide services to users over a network.

A part or all of the above-described embodiments can be described as, but is not limited to, the following supplementary notes.
[Appendix 1]
an account creation means for creating an account for a first user;
an access right setting means for setting an access right to the account of the first user to the second user when the first user requests the second user to set an access right to the account of the first user;
A server device comprising:
[Appendix 2]
The server device described in Appendix 1, further comprising an agent account generation means for generating an account in the name of the second user when the first user wishes to generate an account for the second user on his/her behalf.
[Appendix 3]
The server device according to claim 2, wherein the proxy account generation means sets the first user with authority equal to or greater than that of the second user in an account in the name of the second user.
[Appendix 4]
The server device described in Appendix 3, further comprising an authority scope control means for determining the authority scope of the second user under the name of the first user depending on the attributes or status of the first user.
[Appendix 5]
The server device according to claim 4, wherein the authority scope control means determines the authority scope of the first user in an account in the name of the first user depending on the attributes or status of the first user.
[Appendix 6]
6. The server device according to claim 5, further comprising a service providing means for providing the first and second users with services according to the authority ranges set for the first and second users.
[Appendix 7]
The system further includes a storage unit that stores the account type and the biometric information of the account holder in association with each other,
The service providing means receives, from a payment terminal, a request for determining whether or not a payment can be made later, the request including biometric information of a user who wishes to make a payment later;
Identifying a user who wishes to pay later by executing a matching process using the biometric information included in the request for determining whether or not the payment is possible and the stored biometric information;
A server device as described in Appendix 6, which notifies the payment terminal that payment on delivery is possible if the identified user's account is a proxy account.
[Appendix 8]
The server device according to claim 7, wherein the biometric information is a face image or a feature generated from the face image.
[Appendix 9]
In the server device,
Creating an account for a first user;
A control method for a server device, which, when a first user requests a second user to be granted access rights to an account in the name of the first user, grants the second user access rights to the first user's account.
[Appendix 10]
A computer installed in the server device
creating an account for a first user;
A process of granting the second user access rights to the account of the first user when the first user requests the second user to grant the second user access rights to the account of the first user;
A computer-readable storage medium that stores a program for executing the above.

The disclosures of the above cited prior art documents are incorporated herein by reference. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. Those skilled in the art will understand that these embodiments are merely illustrative and that various modifications are possible without departing from the scope and spirit of the present invention. In other words, the present invention naturally includes various modifications and amendments that a person skilled in the art can make in accordance with the entire disclosure, including the scope of the claims, and the technical ideas.

10 Server device 20 Terminal 30 Payment terminal 100 Server device 101 Account generation means 102 Access right setting means 201 Communication control unit 202 Account generation unit 203 Access right setting unit 204 Authority range control unit 205 Substitute account generation unit 206 Service provision unit 207 Storage unit 311 Processor 312 Memory 313 Input/output interface 314 Communication interface

Claims (10)

an account creation means for creating an account for a first user;
an access right setting means for setting an access right to the account of the first user to the second user when the first user requests the second user to set an access right to the account of the first user;
A server device comprising: The server device according to claim 1, further comprising a proxy account generating means for generating an account in the name of the second user when the first user wishes to generate an account for the second user on his/her behalf. The server device according to claim 2, wherein the proxy account generation means sets the first user with authority equal to or greater than that of the second user in an account in the name of the second user. The server device according to claim 3, further comprising an authority range control means for determining the authority range of the second user under the name of the first user according to the attributes or status of the first user. The server device according to claim 4, wherein the authority scope control means determines the authority scope of the first user in the account in the name of the first user according to the attributes or status of the first user. The server device according to claim 5, further comprising a service providing means for providing the first and second users with services according to the scope of authority set for the first and second users. The system further includes a storage unit that stores the account type and the biometric information of the account holder in association with each other,
The service providing means receives, from a payment terminal, a request for determining whether or not a payment can be made later, the request including biometric information of a user who wishes to make a payment later;
Identifying a user who wishes to pay later by executing a matching process using the biometric information included in the request for determining whether or not the payment is possible and the stored biometric information;
The server device according to claim 6 , further notifying the payment terminal that deferred payment is possible when the identified user's account is a proxy account. The server device according to claim 7, wherein the biometric information is a face image or a feature amount generated from the face image. In the server device,
Creating an account for a first user;
A control method for a server device, which, when a first user requests a second user to be granted access rights to an account in the name of the first user, grants the second user access rights to the first user's account. A computer installed in the server device
creating an account for a first user;
A process of granting the second user access rights to the account of the first user when the first user requests the second user to grant the second user access rights to the account of the first user;
A computer-readable storage medium that stores a program for executing the above.

Images