Message management systems, message management methods, programs

The message management system addresses duplicate message delivery by disabling authentication URLs for undelivered messages, ensuring compliant and efficient delivery of messages.

JP2026115844APending Publication Date: 2026-07-09TOPPAN HOLDINGS INC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
TOPPAN HOLDINGS INC
Filing Date
2024-12-27
Publication Date
2026-07-09

AI Technical Summary

Technical Problem

Existing message delivery systems fail to prevent duplicate delivery of messages when the initial message is not received, leading to unnecessary duplication in both electronic and written formats, which can violate regulations like the Money Lending Business Act.

Method used

A message management system that includes an acquisition unit to log a second message, a determination unit to check delivery status, and an authentication management unit to disable the authentication URL if the second message is not delivered, preventing the first message from being viewed electronically.

Benefits of technology

Prevents duplicate delivery of messages by ensuring the first message is only viewed after successful authentication, complying with regulatory requirements and reducing unnecessary notifications.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026115844000001_ABST
    Figure 2026115844000001_ABST
Patent Text Reader

Abstract

This prevents messages from being delivered twice, both electronically and in print. [Solution] The system includes: an acquisition unit that acquires a log of a second message being sent to a terminal device corresponding to the destination, which contains an authentication URL that allows access to an authentication infrastructure server that authenticates whether or not the user is the one who is to be allowed to view the first message; a determination unit that determines whether or not the second message was not delivered to the terminal device by referring to the log; and an authentication management unit that, based on the determination result, disables the authentication URL so that the first message cannot be viewed if the second message was not delivered to the terminal device.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present invention relates to a message management system, a message management method, and a program.

Background Art

[0002] There is an electronic notification service for notifying information online. In Patent Document 1, a technique for transmitting information to an email address with a high probability that the recipient user can immediately view it is disclosed.

[0003] In such an electronic notification service, there is a message service that uses a mobile phone number provided by a telecommunications carrier as the destination. Examples of the message service that uses a mobile phone number as the destination include RCS (Rich Communication Services). By using a mobile phone number as the destination, a message can be transmitted even if the email address of the recipient is unknown.

[0004] In such a message service, when the power of the terminal device corresponding to the specified destination is off, or when it is out of the communication range, the message will not reach the terminal device. When the message does not reach, the message sender may notify by sending a written document with the message content to the contract holder of the mobile phone number designated as the destination instead of an electronic notification.

Prior Art Documents

Patent Documents

[0005]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0006] However, if a message fails to be delivered, the carrier's server may resend the message. This may allow the previously undelivered message to be received after the terminal device is powered on or moves into a location within coverage. In this case, the user of the terminal device may receive both the original message sent in writing and the resent message, resulting in duplication. It is desirable to avoid situations where the same message is sent multiple times.

[0007] This invention has been made in view of these circumstances, and its purpose is to provide a message management system, a message management method, and a program that can prevent messages from being delivered twice, both electronically and in writing. [Means for solving the problem]

[0008] To solve the above-mentioned problems, one aspect of the present invention is a message management system comprising: an acquisition unit that acquires a log of a second message being sent to a terminal device corresponding to the destination, which contains an authentication URL that allows access to an authentication infrastructure server that authenticates whether or not the user is the one who is to be allowed to view the first message; a determination unit that determines whether or not the second message has not been delivered to the terminal device by referring to the log; and an authentication management unit that, based on the determined result, disables the authentication URL so that the first message cannot be viewed by the terminal device if the second message has not been delivered to the terminal device.

[0009] Furthermore, one aspect of the present invention is a message management method executed by a computer, which includes obtaining a log of a second message being sent to a terminal device corresponding to the destination, which contains an authentication URL that allows access to an authentication infrastructure server that authenticates whether or not the user is the one who is to be allowed to view the first message, determining whether or not the second message was not delivered to the terminal device by referring to the log, and, based on the determined result, disabling the authentication URL so that the first message cannot be viewed if the second message was not delivered to the terminal device.

[0010] Furthermore, one aspect of the present invention is a program executed by a computer that obtains a log of a second message being sent to a terminal device corresponding to the destination, which includes an authentication URL that allows access to an authentication infrastructure server that authenticates whether or not the user is the one who is to be allowed to view the first message, and by referring to the log, determines whether or not the second message was not delivered to the terminal device, and based on the result of the determination, if the second message was not delivered to the terminal device, the program disables the authentication URL so that the first message cannot be viewed. [Effects of the Invention]

[0011] As explained above, this invention makes it possible to avoid the duplicate delivery of messages in both electronic and written formats. [Brief explanation of the drawing]

[0012] [Figure 1] This is a schematic block diagram showing the configuration of a message distribution system S according to one embodiment of the present invention. [Figure 2] This figure shows an example of master data. [Figure 3] This figure shows an example of transaction data. [Figure 4] This is a schematic functional block diagram explaining the functions of Message Management System 1. [Figure 5] This is a sequence diagram illustrating the operation of the message delivery system S. [Figure 6] This is a sequence diagram illustrating the operation of the message delivery system S. [Modes for carrying out the invention]

[0013] A message distribution system S according to one embodiment of the present invention will be described below with reference to the drawings. Figure 1 is a schematic block diagram showing the configuration of the message distribution system S according to one embodiment of the present invention. The message distribution system S includes a message management system 1, a corporate server 2, multiple telecommunications carrier servers 3 (e.g., telecommunications carrier server 3a, telecommunications carrier server 3b), and multiple terminal devices 4 (e.g., terminal device 4a, terminal device 4b).

[0014] Message Management System 1 is a system managed by a service provider that sends messages to terminal devices 4. Message Management System 1 sends (distributes) messages to terminal devices 4 via the telecommunications carrier server 3. Message Management System 1 sends RCS messages using RCS (Rich Communication Services), a messaging service that uses telephone numbers as recipients, or SMS messages using SMS (Short Message Service). Message Management System 1 communicates wirelessly or via wired connection with the corporate server 2 and the telecommunications carrier server 3.

[0015] The message management system 1 can send messages to the terminal device 4, but it has a function to verify whether the user on the terminal device 4 is the intended recipient of the message, and if that verification is successful, it makes the message itself viewable on the terminal device 4. Hereinafter, the message itself containing the information to be notified to the user will be referred to as the first message, and the message sent before the first message becomes viewable in order to verify whether the user is the intended recipient of the first message will be referred to as the second message.

[0016] Furthermore, the first message may contain any content as long as it is a notification from the corporate server 2 to the user. For example, in this embodiment, the first message can be notified by either electronically transmitting and displaying the first message electronically, or by sending the first message in writing. It is preferable that the first message is one that avoids duplicate delivery by both electronic transmission and display, and by sending a written notice. More specifically, the first message may be any of the following: a demand letter urging payment of fees, a contract, a quotation, a receipt, a delivery note, or the results of a health checkup. In this embodiment, the case where the first message is a demand letter will be described as an example, but it is not limited to a demand letter and may be any other document. The demand letter may be a demand letter related to a credit service (e.g., cash advance) provided by the corporate server 2.

[0017] The message management system 1 includes a management server 10, a distribution infrastructure server 11, and an authentication infrastructure server 12. The management server 10 stores master information registered from the enterprise server 2, as well as transaction data. Figure 2 shows an example of master information. Master information may be registered individually for each company in the enterprise server 2, or individual master information may be registered for different message groups in one company. Master information includes scenario information, distribution pattern, and authentication pattern.

[0018] Scenario information is information that defines the start date of a project and which message type (RCS, SMS, etc.) to send the message in. The distribution pattern is a template that specifies the elements of the message included in the first message. For example, the distribution pattern may be a template that determines which message to include among, for example, a text sentence, a link button with a URL set to transition to a homepage defined by the enterprise server 2, a user page assigned exclusively to the user that can view messages and payment status, etc., a payment button with a URL set to transition to a payment process, an operation button for downloading PDF (Portable Document Format) data representing a document to be notified to the user.

[0019] The authentication pattern is an item used for authentication when verifying the identity of a person. More specifically, the identity verification process sends a question item from the authentication infrastructure server 12 to the terminal device 4, receives the answer input from the terminal device 4, and determines that the user of the terminal device 4 is the person himself / herself when the answer matches the predetermined correct data, and determines that the user of the terminal device 4 is not the person himself / herself when the answer does not match the correct data. The items used as the authentication pattern may be, for example, the "kana" of the user's surname, the postal code corresponding to the user's address, a part of the beginning of the user's address (e.g., up to the city, ward, town, or village), or any combination thereof. The data that specifies which item to use as the question item for such identity verification processing is the authentication pattern.

[0020] Figure 3 is a diagram showing an example of transaction data. Transaction data is data relating to the content of a message to be displayed on terminal device 4. More specifically, transaction data includes the telephone number assigned to terminal device 4 to be displayed, the correct answer data to the questions defined in the authentication pattern, the text included in the first message, various URLs included in the first message (payment site URL, company homepage URL, FAQ page URL), and various PDF data included in the first message. The PDF data may be the PDF data itself stored, or it may be information necessary for a generation request to a generation site that generates PDF data based on instructions from terminal device 4. If there are multiple users who are to view the first message, the enterprise server 2 can generate and register transaction data for each of those users.

[0021] These transaction data can utilize user information registered when a contract or service provision application is made between the user and the company operating the corporate server 2. User information may include the telephone number assigned to the terminal device 4 used by the user, the user's name, postal code, address, date of birth, gender, etc. In other words, the corporate server 2 can determine the telephone number and correct data from a portion of the user information data that has been registered in advance by the user.

[0022] Such master information and transaction data may not only be stored in the management server 10, but may also be transmitted from the management server 10 to the distribution infrastructure server 11 and the authentication infrastructure server 12, respectively, so that they are stored in the distribution infrastructure server 11 and the authentication infrastructure server 12.

[0023] The distribution infrastructure server 11 sends messages to the terminal device 4 via the telecommunications carrier server 3, based on master information and transaction data. The authentication infrastructure server 12 performs authentication to verify that the user assigned a phone number is indeed the same user as the one expected by the company. For example, the distribution infrastructure server 11 sends a message (second message) to the terminal device 4 to verify whether the user is the person expected to receive the message. If the authentication infrastructure server 12 verifies the user's identity, it displays the message (first message) requested by the company server 2 on the terminal device for viewing.

[0024] Enterprise Server 2 is a server device managed by a requester who requests the message delivery system S to deliver RCS messages or SMS messages to recipient users. The requester is, for example, a company or organization that provides information to recipient users (e.g., a bank, an insurance company, etc.). Enterprise Server 2 communicates with the message management system 1 via wireless or wired communication.

[0025] The carrier server 3 (carrier server 3a, carrier server 3b) is a server device managed by a carrier. The carrier is, for example, an MNO (Mobile Network Operator) that provides telephone number-based communication services to terminal devices 4 using communication lines it owns or operates. Communication services include communication using RCS and SMS. The communication carrier server 3 sends an RCS message or an SMS message to the terminal device 4 in response to a transmission request from the message management system 1.

[0026] The telecommunications carrier server 3 stores carrier contract information in its storage unit, relating to contracts with users who have entered into agreements to use the terminal device 4. Carrier contract information includes, for example, the user's telephone number, name, postal code, address, date of birth, etc. Furthermore, carrier contract information may also include customer information about the user registered with the messaging service or other services used by the user. The telecommunications carrier server 3 communicates wirelessly or via wired connection with the message management system 1 and the terminal device 4. In this case, if there are multiple telecommunications carriers, a separate telecommunications carrier server 3 is provided for each carrier. Telecommunications carrier server 3a is managed by the first telecommunications carrier, and telecommunications carrier server 3b is managed by the second telecommunications carrier. Hereafter, unless a specific telecommunications carrier server is identified, it will be referred to as telecommunications carrier server 3.

[0027] Terminal device 4 is a communication device such as a smartphone or mobile phone. A user enters into a contract with the telecommunications carrier server 3 to use communication services provided by the terminal device 4. Terminal device 4 can communicate using the communication services provided by the contracted telecommunications carrier. Terminal device 4 is assigned a telephone number and has the function of communicating using this telephone number as the destination, i.e., communication using RCS or SMS. Terminal device 4 has, for example, a display unit such as a liquid crystal display and an operation unit such as a touch panel that accepts user input. Terminal device 4 communicates using a communication network with the communication carrier server 3 as its communication partner. The user is, for example, a consumer.

[0028] Figure 4 is a schematic functional block diagram illustrating the functions of the message management system 1. The memory unit 100 stores master information and transaction data. The acquisition unit 101 acquires a log of a second message being sent to a terminal device corresponding to the destination, which contains an authentication URL that allows access to an authentication infrastructure server that authenticates whether or not the user is the one who is allowed to view the first message. The first message is displayed on the terminal device when the user has accessed the authentication infrastructure server based on the authentication URL and their identity has been verified. The timing for acquiring the log may be a certain amount of time after sending an instruction to the telecommunications carrier server 3 to make the first message viewable, or it may be a certain amount of time before sending the message in writing.

[0029] The determination unit 102 determines whether or not the second message to the terminal device 4 was not delivered by referring to the log. Failure to deliver means that a message was sent to terminal device 4, but the message did not reach the terminal device, resulting in a state where it is temporarily unavailable or the incoming message is put on hold. If a message fails to deliver, the carrier's server may be able to deliver the message to terminal device 4 by resending the message when terminal device 4 becomes available to receive messages.

[0030] Based on the determination result, the authentication management unit 103 disables the authentication URL if the second message fails to reach the terminal device, thereby preventing the first message from being viewed. By disabling the authentication URL, the identity verification process is prevented from being executed, and this prevents the first message from being viewed by the user of the terminal device. The authentication management unit 103 disables the authentication URL by ensuring that even if an instruction to access the authentication URL is entered into the terminal device, the authentication infrastructure server does not perform identity verification. Disabling the authentication URL may be done by the authentication management unit 103 displaying a message indicating that the authentication URL is invalid on the display screen of the accessing terminal device when an instruction to access the authentication URL is input to the terminal device. This makes it possible for the user of the terminal device to recognize that the authentication URL is invalid, and the first message will not be viewed. Alternatively, the authentication URL may be disabled by the authentication management unit 103 displaying a message on the accessing terminal device indicating that the first message has been switched from electronic delivery to written delivery. This allows the user of the terminal device to recognize that the first message can be viewed in written form rather than on the terminal device, and thus the first message will not be viewed on the terminal device. In this case, by disabling the authentication process based on the second message, the second message, which is required to access the authentication infrastructure server 12 for identity verification, is delivered to the user's terminal device 4, but the first message is not viewed. As a result, the user does not receive the first message, such as an initial reminder sent electronically.

[0031] After the invalidation process is complete, the paper mailing instruction unit 104 sends data to the printing device to print the content of the first message, the recipient, etc., based on the mailing data for the undelivered items, and mail them.

[0032] The storage unit 100, acquisition unit 101, determination unit 102, and paper dispatch instruction unit 104 described above may be provided in any one of the management server 10, distribution infrastructure server 11, and authentication infrastructure server 12, or they may be provided in a different device that belongs to the message management system 1 (for example, a server device). The authentication management unit 103 may be provided in the authentication infrastructure server 12. Furthermore, the storage unit 100, acquisition unit 101, determination unit 102, authentication management unit 103, and paper dispatch instruction unit 104 may be provided on a single server device, or at least one of the functions may be provided on a separate server device connected to the management server 10, distribution infrastructure server 11, or authentication infrastructure server 12 via a communication network. In this case, the server device may be a physical server or a cloud server provided by a cloud computing service.

[0033] The storage unit 100 is composed of a storage medium, such as an HDD (Hard Disk Drive), flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), RAM (Random Access read / write Memory), ROM (Read Only Memory), or any combination thereof. This storage unit 100 can, for example, use non-volatile memory.

[0034] The acquisition unit 101, the determination unit 102, the authentication management unit 103, and the paper dispatch instruction unit 104 may be composed of a processing unit such as a CPU (Central Processing Unit) or a dedicated electronic circuit.

[0035] Figures 5 and 6 are sequence diagrams illustrating the operation of the message delivery system S. Enterprise server 2 cooperates by sending the target data to the management server 10 of the message management system 1 (step S001). The target data includes master information and transaction data.

[0036] When the management server 10 receives the target data from the enterprise server 2, it performs data processing related to message notification (step S101). In this data processing, the management server 10 extracts message distribution transaction data from the transaction data received from the enterprise server 2, which includes users to be notified by message distribution, and sends it to the distribution infrastructure server 11. It also extracts paper mailing transaction data which includes users to be notified by written document, and performs the paper mailing process. The paper mailing transaction data is data registered for users who wish to receive messages in written form.

[0037] In the document dispatch process, the management server 10 has a printing device print the message onto paper media, and also has the printing device print the postal code, address, name, etc., based on user information, on the address field of the envelope, etc. (step S102). These printed message media are placed in envelopes and delivered by a delivery company. As a result, the message is delivered to the target user and they are notified in writing (step S103). The user can confirm that the message is a reminder notice by checking the delivered document.

[0038] When the distribution infrastructure server 11 obtains message distribution transaction data from the management server 10, it generates a first message and a second message that is different from the first message, based on the message distribution transaction data. The first message is the message to be notified in response to a request from the corporate server 2. This message concerns the terms of the contract between the corporate server 2 and the user who owns the terminal device 4, and may, for example, be a message indicating the contents of a payment reminder notice. When reminding a user to pay a fee, the corporate server 2 can notify the user of the reminder content by electronically displaying the message via the telecommunications carrier server 3 to the user's telephone number, and for users who request delivery, the corporate server 2 can notify the user of the reminder content by delivering a written reminder notice.

[0039] The second message contains an authentication URL that allows access to an authentication infrastructure server, which authenticates whether the user of terminal device 4, who may be the target of viewing the first message, is the actual user. The user of terminal device 4 accesses the authentication URL described in this second message, enters the information instructed at the access destination, and if their identity is verified at the authentication infrastructure server, they can view the first message on the display screen of terminal device 4. If their identity cannot be verified, they cannot view the first message. The distribution infrastructure server 11 instructs the telecommunications carrier server 3 to send a second message addressed to a telephone number, based on the message distribution transaction data (step S201).

[0040] The telecommunications carrier server 3 delivers messages addressed to telephone numbers based on instructions from the distribution infrastructure server 11 (step S401). For example, the telecommunications carrier server 3 sends messages to terminal device 4a and terminal device 4b, respectively.

[0041] When a message is sent from the telecommunications carrier server 3, terminal device 4a may not receive the message if it is powered off or out of range (step S501). In this case, the telecommunications carrier server 3 stores the telephone number of terminal device 4a whose message was not received and a log indicating that the message was not received (step S402). Furthermore, when a message is sent from the telecommunications carrier server 3, terminal device 4b receives the message if it is powered on and within range (step S551). In this case, the telecommunications carrier server 3 stores a log indicating that it was able to successfully receive the telephone number of terminal device 4b and the message (step S402). The telecommunications carrier server 3 sends messages to terminal devices 4a and 4b, as well as any other destination terminal devices 4, and stores logs of the transmission results.

[0042] After a predetermined amount of time (for example, several hours) has elapsed since the message transmission instruction in step S201, the acquisition unit 101 of the distribution infrastructure server 11 acquires a log generated in response to the transmission of the second message from the telecommunications carrier server 3 (step S202).

[0043] When the distribution infrastructure server 11 obtains a log, the determination unit 102 determines whether or not the second message to the terminal device 4 was undelivered by referring to the obtained log (step S203). For example, the distribution infrastructure server 11 extracts a log that associates a telephone number with data indicating that the second message was undelivered, and identifies the telephone number included in the extracted log. If the distribution infrastructure server 11 sent transaction data to multiple terminal devices in step S201, this log includes logs corresponding to the sending of the second message to each terminal device. In other words, it includes a log for each telephone number. Next, based on the determination result of the determination unit 102, the distribution infrastructure server 11 sends a control signal to the authentication infrastructure server 12 that disables the authentication URL for telephone numbers for which the second message to the terminal device 4 was not delivered, so that the first message cannot be viewed (step S204).

[0044] The authentication management unit 103 of the authentication infrastructure server 12, based on the control signal sent from the distribution infrastructure server 11, disables the authentication URL for telephone numbers for which the second message to the terminal device 4 was not delivered, so that the first message cannot be viewed (step S301). Here, the authentication management unit 103 may disable the authentication URL by not executing the process of verifying the identity of the user even if the terminal device 4 accesses the authentication URL described in the second message.

[0045] Furthermore, the authentication management unit 103 may disable the authentication URL by generating notification method switching screen data that includes a message to be displayed when the terminal device 4 accesses the authentication URL described in the second message, and which includes a message indicating that the first message has been switched from electronic to written delivery. When the authentication infrastructure server 12 performs a deactivation process, it sends the telephone number of the service to be deactivated and a notification of the completion of the deactivation process to the distribution infrastructure server 11 (step S302). Here, if the authentication infrastructure server 12 performs a deactivation process that generates notification method switching screen data, it may also send a notification instruction to the distribution infrastructure server 11 so that the first message is notified in writing.

[0046] When the distribution infrastructure server 11 receives a phone number and a notification of the completion of the invalidation process from the authentication infrastructure server 12, it stores that the invalidation process has been performed for the received phone number. Furthermore, if the distribution infrastructure server 11 has received a notification instruction from the authentication infrastructure server 12, it sends a dispatch instruction to the management server 10 to send the received telephone number and the first message in writing (step S206).

[0047] When the management server 10 receives a telephone number and a shipping instruction from the distribution infrastructure server 11, it causes the printing device to print the postal code, address, and name corresponding to the user information associated with the received telephone number onto an envelope or similar, and also prints the first message onto a printing medium. As a result, the printed message is placed in an envelope or otherwise processed to prevent the contents of the first message from being viewed from the outside, and then delivered by a delivery company (step S104).

[0048] Meanwhile, after receiving the second message from the distribution infrastructure server 11, terminal device 4b displays the second message when the user inputs an instruction to open the message (step S552). The user inputs an instruction to verify their identity by touching the authentication URL included in the second message. When terminal device 4b receives an instruction to verify the user's identity from the user (step S553), it accesses the authentication URL and sends a request for identity verification (step S554).

[0049] Based on the identity verification instructions sent from the terminal device 4b, the authentication infrastructure server 12 performs an authentication process to verify the user's identity (step S303) if the accessed authentication URL is valid (not invalid). For example, the authentication infrastructure server 12 requests the terminal device 4b to input answer data to questions registered in the master information (for example, a string representing the user's last name in "katakana"), and determines whether the input answer data is correct based on whether it matches the correct answer data specified in the transaction. Then, if the input response data matches the correct response data, the authentication infrastructure server 12 determines that the response data is correct and makes the first message viewable on the terminal device 4b (step S304). Making the message viewable can be done by the authentication infrastructure server 12 displaying the first message on a display screen such as the web screen of the terminal device 4b. Alternatively, making the message viewable can be done by the authentication infrastructure server 12 sending a control signal to the distribution infrastructure server 11 to send the first message, and the distribution infrastructure server 11 sending the first message to the terminal device 4b based on this control signal. As a result, the terminal device 4b can display the received first message on its display screen, making it viewable to the user. On the other hand, if the response data and the correct answer data do not match, the authentication infrastructure server 12 determines that the response data is incorrect and displays a message to the terminal device 4b indicating that identity verification could not be performed.

[0050] The terminal device 4b displays the first message on its display screen in accordance with the control of the authentication infrastructure server 12 (step S555). This allows the user to confirm the content of the first message (e.g., a demand letter).

[0051] Meanwhile, when terminal device 4a transitions to a communication-enabled state by being powered on or by moving within range (step S502), it receives the second message transmitted from distribution infrastructure server 11 by retransmission or the like (step S503), lights up a lamp indicating that a message has been received, and displays text indicating that a message has been received on the display screen. Once the user confirms that a message has arrived and gives the instruction to open the second message, the second message is displayed on the screen (step S504). The screen displaying the second message shows a message such as, "You have received a message regarding your contract; please check it using the authentication URL." Here, the second message is displayed, but the content of the first message is not displayed, so the user is not notified of the contents of the first message, such as the debt collection notice. When terminal device 4a detects that the user has touch-inputted the authentication URL included in the second message (step S505), it accesses the authentication URL (step S506).

[0052] If the accessed authentication URL is invalid, the authentication infrastructure server 12 notifies the terminal device 4a that the authentication URL is invalid by sending an authentication URL invalid message (step S305). If the authentication URL is disabled so that identity verification cannot be performed by the authentication infrastructure server, this invalid authentication URL message may be a message such as "The authentication URL has been disabled." Also, if the authentication URL is disabled by switching the first message from electronic to written delivery, this invalid authentication URL message may be data from the notification method switching screen.

[0053] When terminal device 4a receives an invalid authentication URL message from the authentication infrastructure server 12, it displays the invalid authentication URL message on the display screen (step S507). This allows the user to understand that the authentication URL is unavailable if a message such as "The authentication URL has become invalid" is displayed. In this case, the user can understand that a message had been received from the corporate server 2, but could not access the message because the authentication URL had become invalid.

[0054] Furthermore, when the notification method switching screen data is displayed, the terminal device 4's display screen will show text such as, "We sent you a message regarding your contract, but due to reasons such as the message not being received properly, we have switched to sending it in writing. Please wait for the written document to arrive." By checking this screen, the user can understand that a message had arrived from the corporate server 2, but that the method of sending it in writing had been switched, and that they just need to wait for the message to be delivered in writing. Therefore, it is possible to convey that the reason the message was not received was not due to a system error, but rather due to the expiration of the authentication URL caused by the user's terminal device, which can reduce the number of error-related inquiries from the user to the corporate server 2 or the message management system 1.

[0055] Subsequently, after step S104, the user is notified in writing of the contents of the first message, such as a demand letter, by a document with the first message printed on it (step S105). The user can confirm that the message is a demand letter by receiving and checking the delivered document (step S508).

[0056] According to the embodiment described above, after sending a message to a user using RCS or SMS, a log is obtained several hours later, and based on the log showing a non-delivery status, the authentication URL for the second message, which is used to authenticate whether or not the user is the one who should be allowed to view the first message, is disabled for users whose messages were not delivered, before the process of printing the contents of the first message and sending it as a written document is completed. This allows for preventing access to messages, such as reminders, before they are even displayed. Therefore, electronic notifications can be prevented from reaching the user because viewing of the message is not permitted during the user authentication process.

[0057] Furthermore, according to the above-described embodiment, even if the message management system 1 is unable to control the process of resending a message from the telecommunications carrier server to the terminal device, it is possible to avoid the first message related to reminders, etc., being delivered to the user twice, both as an electronic message and as a written notification. In other words, if a message sent to a terminal device by the telecommunications carrier server fails to reach the terminal device, it may resend the message to the terminal device 4 after a certain period of time. Since such message resending is determined by the specifications of the telecommunications carrier server 3, it is difficult for the message management system 1 to control the telecommunications carrier server 3 to stop the resending. Therefore, if the message management system 1 sends the first message without sending the second message, and the telecommunications carrier server resends the message to the terminal device for reasons such as failure to reach the terminal device, it is difficult for the message management system 1 to stop the resending process performed by the telecommunications carrier server or to know in real time that the resending process has been completed.

[0058] Therefore, according to the embodiment described above, the message delivery system S sends the second message to the terminal device before allowing the first message to be viewed, and allows the first message to be viewed only after the terminal device has received the second message and verified the user's identity. As a result, even if it is not possible to grasp the retransmission timing of the telecommunications carrier server in real time, and even if it is not possible to stop the message retransmission process, even if the second message that failed to be delivered is retransmitted, the authentication URL is invalidated, so the first message is not displayed electronically on the user's terminal device. This avoids the situation where the user can view both an electronic and a written notification regarding the first message.

[0059] Furthermore, according to the above-described embodiment, even if the first message is a demand letter, it is possible to avoid the user viewing both the electronic notification and the written notification. This prevents the demand letter from being sent multiple times within a specified period, thus avoiding any violation of the Money Lending Business Act. Under the Money Lending Business Act, for example, in the credit industry (related to cash advances), a certain period of time must be observed between the issuance of a notice and the subsequent notice. According to the embodiment described above, even when such a notice is displayed as the first message, it is possible to avoid situations where both electronic and written notices are received within a certain period due to the message not being delivered to the terminal device, and it is also possible to implement operations that comply with the rules regarding the sending of notices stipulated in the Money Lending Business Act.

[0060] Furthermore, the functions included in the message management system 1 in the above-described embodiment may be implemented using a computer. In that case, the functions may be implemented by recording a program for implementing these functions on a computer-readable recording medium, loading the program recorded on this recording medium into the computer system, and executing it. Here, "computer system" includes hardware such as the OS and peripheral devices. "Computer-readable recording medium" refers to portable media such as flexible disks, magneto-optical disks, ROMs, CD-ROMs, and storage devices such as hard disks built into the computer system. Moreover, "computer-readable recording medium" may also include those that dynamically hold programs for a short period of time, such as communication lines used when transmitting programs via networks such as the Internet or communication lines such as telephone lines, and those that hold programs for a certain period of time, such as volatile memory inside the computer system that acts as a server or client in such cases. Furthermore, the above-mentioned program may be for implementing a part of the functions described above, or it may be a program that can implement the above-mentioned functions in combination with a program already recorded in the computer system, or it may be implemented using a programmable logic device such as an FPGA (Field Programmable Gate Array).

[0061] While embodiments of this invention have been described in detail above with reference to the drawings, the specific configuration is not limited to these embodiments and includes designs and the like that do not depart from the spirit of this invention. [Explanation of Symbols]

[0062] 1. Message Management System 2. Enterprise Server 3,3a,3b Telecommunications carrier server 4,4a,4b Terminal devices 10 Management Server 11 Distribution infrastructure server 12 Authentication infrastructure server 100 Storage section 101 Acquisition Department 102 Judgment section 103 Authentication Management Department 104 Paper Dispatch Instruction Section NW (Network Communication Network) S Message Distribution System

Claims

1. An acquisition unit acquires a log of a second message being sent to a terminal device corresponding to the destination, which contains an authentication URL that allows access to an authentication infrastructure server that authenticates whether or not the user is the one who is allowed to view the first message. A determination unit that determines whether or not the second message to the terminal device has not been delivered by referring to the log, Based on the results determined above, if the second message is not delivered to the terminal device, the authentication management unit disables the authentication URL so that the first message cannot be viewed. A message management system that has the following features.

2. The first message is, This information becomes viewable on the terminal device when the user accesses the authentication infrastructure server based on the aforementioned authentication URL and their identity is verified. The aforementioned authentication management unit, Even if an instruction to access the aforementioned authentication URL is entered into the terminal device, the authentication infrastructure server will not perform identity verification, thereby disabling the authentication URL. The message management system according to claim 1.

3. The first message is, This information becomes viewable on the terminal device when the user accesses the authentication infrastructure server based on the aforementioned authentication URL and their identity is verified. The aforementioned authentication management unit, When an instruction to access the authentication URL is input to the terminal device, the authentication URL is disabled by displaying a message on the terminal device indicating that the first message has been switched from electronic to written delivery. The message management system according to claim 1.

4. A message management method performed by a computer, The system obtains a log of when a second message containing an authentication URL that allows access to an authentication infrastructure server that authenticates whether or not the user is the one who is allowed to view the first message is sent to a terminal device corresponding to the destination. By referring to the log, it is determined whether or not the second message to the terminal device has not been delivered. Based on the determined result, if the second message is not delivered to the terminal device, the authentication URL is disabled so that the first message cannot be viewed. A message management method that includes this.

5. A program executed by a computer, The system obtains a log of when a second message containing an authentication URL that allows access to an authentication infrastructure server that authenticates whether or not the user is the one who is allowed to view the first message is sent to a terminal device corresponding to the destination. By referring to the log, it is determined whether or not the second message to the terminal device has not been delivered. Based on the determined result, if the second message is not delivered to the terminal device, the authentication URL is disabled so that the first message cannot be viewed. A program that includes the following.