JP2001338251A - Card-authenticating method, settlement method using the card, settlement method for electronic commercial transaction, provider for the electronic commercial transaction, communication terminal equipment and storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To simplify settling processings which uses cards. SOLUTION: Information data related to a card 99 for settlement are transmitted/received between terminal equipment 11 and a wireless tag 100 and on the basis of the information data acquired from the wireless tag 100, the validity of the card 99 for settlement is judged. Thus, validity in the use of the card 99 for settlement can be proved, without having to input a password number or signing at the store so that convenience in the use of the card 99 for settlement can be improved and unauthorized utilization can be hardly performed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a card authentication method, a settlement method using a card, a settlement method for electronic commerce, an electronic commerce provider, a communication terminal device, and a storage medium, and is particularly suitable for use in authentication of a settlement card. It is something.

[0002]

2. Description of the Related Art When performing payment of money, payment using various payment cards instead of giving and receiving cash has been widely performed. In particular, payment using a cash card has recently been put to practical use.

[0003] The cash card used for the settlement of money is called a debit card, and since the money is directly debited from the bank account related to the cash card and settled, the cash card is used as if it were cash. Can be. Therefore, you don't have to worry about overuse,
It is expected to be used more and more in the future.

On the other hand, when purchasing a product or the like using an electronic commerce service provided by the Internet, a payment card called a credit card is used. The credit card has a card-specific number called an ID number and a code string known only to the person himself / herself, called a password set corresponding to the ID number.

Since the credit card number and the password are confidential information that is difficult to be known to a third party, when transmitting the data on the Internet, the secret protection is performed by using a transmission data encryption technique or a secret communication technique. In many cases, this is done. However, at present, there is no guarantee that the security of confidential information can be sufficiently ensured by using only those technologies.

That is, since information transferred through the Internet passes through an unspecified number of servers, there is a risk that confidential information may be stolen. Therefore, conventionally, various methods have been used for handling confidential information such as credit card numbers.

[0007] For example, confidential information such as a credit card number or the like is registered in each e-commerce provider so that e-commerce can be performed only by transmitting e-commerce order data and a user name. There is a way to do that.

[0008]

In the case of making a purchase settlement using the above-mentioned David Cart, a personal identification number (password) must be input at a store through a terminal device installed at a cash register. . At the time of inputting the above security code, measures have been taken to prevent the leakage of secrets, such as by making the input status difficult for a third party to see, but in an environment where an unspecified number of people are around. Input operation, there was a problem in terms of confidentiality. Further, there is a burden that the user must always remember the password. Therefore, some users write down their passwords, but this is not preferable from the viewpoint of confidentiality.

Further, in a conventional example in which a credit card is used for settlement of a commercial transaction on the Internet, a method of registering the credit card number with an electronic commerce provider is as follows. There is a trouble that the changed number has to be notified to the e-commerce provider of the registration destination.

[0010] When there are a plurality of registration destinations, the change notification has to be performed for each registration destination. Also, registering confidential information with an e-commerce provider is not preferable in terms of security management for confidentiality.

Also, for an e-commerce provider,
It is possible to confirm whether a user who has accessed an e-commerce service is a genuine person of a commercial transaction, and to reliably determine whether or not there is any obstacle to payment of a credit card used by the user. This is very important.

[0012] Further, in the e-commerce service provided by the Internet, when troubles such as multiple billing or improper billing due to wrongdoing by another user occur due to a procedure error of the e-commerce provider, the work of confirming the e-commerce data becomes complicated. There was a problem that became.

SUMMARY OF THE INVENTION In view of the above-mentioned problems, it is a first object of the present invention to simplify payment processing using a card. It is a second object of the present invention to prevent leakage of confidential information such as a password and a password of a payment card. It is a third object of the present invention to provide a settlement system capable of guaranteeing settlement of electronic commerce performed on the Internet.

[0014]

According to a card authentication method of the present invention, information data relating to a card is transmitted and received between a terminal device and a wireless tag, and the card is authenticated based on the information data obtained from the wireless tag. It is characterized by judging the validity. Another feature of the present invention is that the information data acquired from the wireless tag is transmitted to the authentication terminal device via a line, and the authentication terminal device is requested to determine the validity of the card. It is characterized by.

The settlement method using the card according to the present invention is an information display process for displaying information related to a commercial transaction on a display screen of a communication terminal device, and information stored in a settlement card used for the settlement of the commercial transaction. Authentication data reading processing for reading data with a card reader, information data reading processing for reading information data for performing authentication of the payment card from the wireless tag, and performing the payment based on the information data read from the wireless tag. And authentication determination processing for determining whether or not to authenticate that the commercial transaction is performed using the business card. According to another feature of the present invention, there is provided an information display process for displaying information related to a commercial transaction on a display screen of a communication terminal device, and information stored in a payment card for performing the commercial transaction. Authentication data reading processing for reading data with a card reader, information data reading processing for reading information data for authenticating the payment card from the wireless tag, and information data relating to the payment card obtained from the wireless tag Is transferred to the authentication mechanism via the line, and based on the authentication information data transferred via the line, the settlement of the commercial transaction is authenticated using the settlement card. Or not, and an authentication determination process of transmitting the result of the determination to the communication terminal device, and the determination process based on the transmitted determination result of the authentication terminal device. It is characterized by performing the settlement process for commerce using the use card. Another feature of the present invention is that the payment card includes at least a David Cart or a credit card, and the information data related to the payment card is a password set in the payment card. It is characterized by: Another feature of the present invention is that the wireless tag is an RFID tag.
And a reader / writer device is connected to the communication terminal device.

According to the electronic commerce settlement method of the present invention, a display process for displaying a web page for commercial transactions on a screen of a network terminal device connected via an Internet communication line; Requests a transaction information input process for inputting the transaction information required to execute the electronic transaction, excluding the information related to the card used for the settlement of the electronic transaction, and authentication of the settlement of the transaction. Authentication terminal device connection processing to connect to the terminal device of the authentication mechanism, and commercial transaction information requesting authentication of commercial transactions performed on the web page, and information for certifying the validity of the card used for settlement of the commercial transactions, Authentication information transmission processing to be transmitted from the network terminal apparatus to the authentication terminal apparatus, based on the information transmitted by the information transmission processing, The authentication result of determining whether or not to authenticate the settlement of the commercial transaction by using the card requested by the network terminal device, and notifying the electronic commerce provider displaying the web page for the commercial transaction via the network of the determination result. A notification process is performed. According to another feature of the present invention, the authentication terminal device displays a determination result as to whether or not to authenticate the settlement of the commercial transaction on a screen of the network terminal device. According to another feature of the present invention, when the electronic commerce provider receives a commercial transaction authentication notification from the authentication terminal device, the electronic commerce provider provides information input to each input item of the commercial transaction web page. A process for executing a commercial transaction with the network terminal device based on the above. Further, another feature of the present invention is that a link of an authentication terminal device for authenticating the payment card is set on a web page for commerce displayed by the e-commerce provider,
When the user clicks the link, the connection destination of the network terminal device jumps from the electronic commerce provider to the authentication terminal device. According to another feature of the present invention, the network terminal device includes, as information data necessary for certifying the validity of the card for performing the transaction settlement,
A name, an ID, an expiration date, and a password set on the payment card are transmitted to the authentication terminal device. Another feature of the present invention is that the payment card includes at least a credit card or a cash card. Another feature of the present invention is that information data transmitted from the network terminal device to the authentication terminal device is encrypted. Another feature of the present invention is that information data transmitted from the network terminal device to the authentication terminal device is stored in a wireless tag, and data is transmitted between the network terminal device and the wireless tag. By performing transmission and reception, the network terminal device reads information data for authentication from the wireless tag and transmits the information data to the authentication terminal device. Also,
Another feature of the present invention is that the network terminal device includes at least one of a personal computer, a mobile phone, and a portable information device. Another feature of the present invention is that the authentication terminal device is a terminal device of an issuing organization of the payment card. Another feature of the present invention is that the authentication terminal device is a terminal device of an authentication center established by a plurality of payment card issuing organizations.

The communication terminal device of the present invention transmits / receives data to / from a wireless tag, reads information data for authentication relating to a card desired to be authenticated from the wireless tag,
It is characterized in that the validity of the card is determined.
Another feature of the present invention is a commercial transaction information display means for displaying information related to commercial transactions, and card information reading for reading data stored in a payment card used for the settlement of the commercial transactions by a card reader. Means, based on the data read by the card reader, performs wireless communication with a wireless tag, confidential information reading means for reading confidential information set in the payment card,
An authentication determining means for determining whether or not to perform the business transaction using the payment card based on the secret information read from the wireless tag. Other features of the present invention include:
Information display means for displaying information related to a commercial transaction on a display screen of a communication terminal device; card information reading means for reading information data stored in a payment card used for the settlement of the commercial transaction by a card reader; Based on the data read by the reader, perform wireless communication with the wireless tag, a confidential information obtaining means for obtaining the confidential information set in the payment card, the confidential information obtained from the wireless tag, An authentication requesting means for requesting authentication to transfer the commercial transaction by using the payment card by transferring to the authentication mechanism via a line. According to another feature of the present invention, the payment card includes at least a David Cart or a credit card, and transmission and reception of information data with the wireless tag is set on the payment card. Password.
According to another feature of the present invention, the wireless tag is an RFID, and the secret information obtaining means includes a reader / writer device. Further, another feature of the present invention is that display means for displaying a web page for commerce sent from an e-commerce provider connected via an Internet communication line,
Commerce information input means for inputting predetermined information necessary for executing an electronic transaction in each of the input items of the web page, excluding card information relating to the settlement of the electronic transaction, and the settlement Terminal connecting means for connecting to a terminal device of a mechanism for authenticating the validity of a business card,
The information related to the commercial transaction performed on the web page and the information for proving the validity of the card used for the settlement of the commercial transaction are transmitted to the authentication terminal device, and the settlement of the commercial transaction is performed using the settlement card. Authentication request means for requesting the authentication terminal device to authenticate the authentication. Another feature of the present invention resides in that the name, ID, expiration date, and set password of the payment card are used as information necessary for certifying the validity of the card for performing the transaction. Is transmitted. Another feature of the present invention is that the payment card includes at least a credit card or a cash card. Another feature of the present invention is characterized in that an encryption unit for encrypting information data transmitted from the network terminal device to the authentication terminal device is provided. Another feature of the present invention is that the network terminal device includes at least one of a personal computer, a mobile phone, and a portable information terminal.

The e-commerce provider of the present invention provides an e-commerce web page to the network terminal device via the Internet, and the user inputs predetermined information to each of the input items set in the web page, thereby providing an e-commerce service. In the e-commerce provider performing the commerce, when a notification for authenticating the settlement of the e-commerce is sent from the authentication terminal device requested by the user, the e-commerce is executed based on the content input on the web page. It is characterized by. Another feature of the present invention is that a web page for electronic commerce is provided to a network terminal device via the Internet, and a user inputs predetermined information to each input item set in the web page. In the e-commerce provider that conducts e-commerce according to (1), a link is set in the web page so that the user jumps to a terminal device of an authentication mechanism that wants to authenticate the business transaction. Another feature of the present invention is that the password set in the payment card is changed every time a commercial transaction is performed,
The changed password is written into the wireless tag. According to another feature of the present invention, the password set in the payment card is changed every time a commercial transaction is performed, and the changed password is written in the wireless tag. I have.

A storage medium according to the present invention is characterized in that a program for executing the above-described method is stored in a computer readable manner. Another feature of the present invention is that a program constituting each means described above is stored so as to be readable from a computer.

[0020]

FIG. 1 is an explanatory diagram showing an example of an electronic commerce service system according to the present invention. In FIG. 1, reference numeral 11 denotes a user's communication terminal device, and reference numeral 12 denotes an authentication / settlement server terminal for performing authentication of a card requested from the user terminal device 11 and settlement related to a commercial transaction. The user terminal device 11 and the authentication / settlement server terminal 12 are connected via the communication line 9.

The user terminal device 11 includes an information processing means 111 such as a personal computer, a register means 112 for performing electronic commerce processing, a card reader 113 connected to the register means 112, and a reader / writer apparatus 114.
Etc.

The reader / writer device 114 includes the tag 1
It has a function of transmitting and receiving data to and from the tag 100 to read data stored in the memory of the tag 100 or write data to the memory. Further, the authentication / settlement server terminal 12 is
1, a display device 122, a database 123, and the like. The database 123 includes the user terminal device 11
Various kinds of information data relating to the authentication of the payment card required to execute the authentication / settlement requested by the user are stored.

In the authentication / settlement system of the present embodiment configured as described above, if the settlement card 99 is a debit card, the reader / writer 1
14 reads the password of the payment card 99 stored in the tag 100.

When the password set in the payment card 99 is input from the tag 100, the user terminal device 11 sends the data read by the card reader 113 and the authentication / payment server terminal 12 via the communication line 9. To request authentication and settlement.

In response to the request, the authentication / settlement server terminal 12 accesses the bank account associated with the settlement card 99, and determines whether the remaining amount is sufficient for the current settlement. Check. As a result of this confirmation, if there is a sufficient balance to make a payment, the requested payment is approved, a process of reducing a predetermined amount from the account is performed, and the result is requested by the authentication and payment. Is transmitted to the user terminal device 11 which has performed. The user terminal device 11
Prints out the settlement result and hands it over to the owner of the settlement card 99, and ends the authentication process related to the commercial transaction.

By performing authentication and settlement as described above, the owner of the settlement card 99 can avoid the trouble of inputting the personal identification number at the store and the danger of the personal identification number leaking to a third party. it can. Authentication / settlement server terminal 1
2 has not only the payment card 99 but also the tag 100, so it can be convinced that the person using the payment card 99 is a legitimate owner. This means that if the legitimate owner is lost or stolen,
The unauthorized use of the payment card 99 can be reliably prevented.

Next, an example of authentication / payment authentication processing when the payment card 99 is a credit card will be described.
This will be described with reference to the flowchart of FIG. The card authentication process is performed when information related to payment of money is displayed on the display screen of the register unit 112, the display is valid, and a credit card is used as a settlement unit.

As shown in FIG. 2, when the card authentication process is started, the payment card 99 is passed through the card reader 113 in the first step S201 to read the ID data stored therein.

Next, the process proceeds to step S202, and a process of reading the password set in the payment card 99 is performed. This is performed under the control of the information processing means 111. By transmitting from the reader / writer device 114 a command to read the password set in the payment card 99, the payment stored in the tag 100 is performed. The password of the application card 99 is read.

When the password is read from the tag 100, it is confirmed in step S203, and then transferred to the authentication / settlement server terminal 12 together with the ID data in step S204.

The authentication / settlement server terminal 12 searches the database 123 using the input ID data and password as keywords, and determines whether the commercial transaction requested from the user terminal device 11 may be authenticated. Then, when it is determined that the authentication / payment is appropriate, a notification to the effect that the authentication / payment of the payment card 99 has been accepted is transmitted to the user terminal device 11 that has requested the authentication / payment.

As shown in step S205, the user terminal device 11 waits for an authentication notification from the authentication / settlement server terminal 12. When the authentication notification is input, the card authentication process ends.

Next, a modified example of the card authentication processing will be described with reference to the flowchart of FIG. In the first step S301, the payment card 99 is inserted into the card reader 1
13 to read the information data stored therein.

Next, the process proceeds to step S302, where the information data read by the card reader 113 is transferred to the authentication / settlement server terminal 12. Authentication / settlement server terminal 12 required for authentication / settlement of the commercial transaction related to the settlement card 99
Outputs a code for instructing the user terminal device 11 to read the password set in the payment card 99 (step S303). Upon receiving this command, the user terminal device 11
Sends a read command to the tag 100. In response to this, the tag 100 reads out the password of the payment card 99 stored in the memory and reads the password of the reader / writer device 1.
14 to be sent.

In step S304, the process waits for a password to be transmitted from the tag 100. When the password of the payment card 99 is input, the process proceeds to step S305, where the authentication / payment server terminal 12 determines whether or not the input password is authentic. Tag 100 toward terminal device 11
Issue an authentication notification for. The user terminal device 11 waits for an authentication notification from the authentication / settlement server terminal 12 (step S306), and ends the process when the authentication notification is issued.

The above is a case where the validity of the settlement card 99 and the password set therein are authenticated. Next, an example in which the commercial transaction itself using the settlement card 99 is authenticated and settled will be described with reference to FIG. This will be described with reference to FIG.

As shown in FIG. 4, when the web page 400 is displayed, input is started, and data relating to the “e-commerce terminal” is input to the input item 401. Hereinafter, data relating to “transaction date and time” is input to the input item 402,
Data relating to “product name” is input to the input item 403. Also, data related to “price” is input to the input item 404, data related to “address” is input to the input item 405, data related to “name” is input to the input item 406, and data related to “telephone number”. Data is input item 40
7 is input.

Further, data relating to the “payment method” is input to the input item 408, data relating to the “payment credit card” is input to the input item 409, and data relating to the “payment method” is input to the input item 410. You.

Of the above input items, input items 401 to 401
404 is entered by either the e-commerce provider 10 or the user terminal device 11 as needed.
The items 405 to 410 input by the user are
In response to a query from the settlement server terminal 12, data is transmitted and received between the reader / writer device 114 and the tag 100, and is automatically performed by reading data stored in the tag 100. The user can input data related to items necessary for commercial transactions without performing any troublesome operation. Therefore, information can be easily input to anyone, so that excellent versatility can be obtained.

A data package 500 is generated based on the information input as described above, and sent from the user terminal device 11 to the authentication / settlement server terminal 12 via the communication line 9. In order to generate the data package 500, the data input to each of the input items 401 to 410 can be individually assembled and generated.

In the present embodiment, the input screen shown in FIG. 4 is copied to the clipboard of the information processing means 111, so that the data package 500 is easily and accurately generated. Then, by pasting the contents of the commercial transaction copied to the clipboard on an authentication data input screen provided by the authentication and settlement server terminal 12,
The contents of the commercial transaction can be accurately and easily transferred to the authentication / settlement server terminal 12.

As described above, various kinds of information necessary for authenticating a commodity transaction are authenticated from the user terminal device 11.
The transfer to the payment server terminal 12 not only allows the validity of the payment card 99 to be authenticated,
The settlement procedure performed between the user terminal device 11 and the authentication / settlement server terminal 12 can be performed simultaneously with the authentication. In this case, for example, in addition to the data package 500 shown in FIG.
A predetermined matter such as an address, a telephone number, a bank account number, or the like may be attached. These data may be registered in the authentication / settlement server terminal 12 in advance.

By performing the above-described processing, it is possible to eliminate the need for off-line paperwork performed between the user terminal device 11 and the authentication / settlement server terminal 12 after the commercial transaction is performed with the card. At the same time, troubles such as omission of billing and multiple billing can be eliminated.

Further, according to the authentication / settlement system of the present embodiment, the business transaction cannot be executed unless both the settlement card 99 and the tag 100 are provided, so that the settlement card 99 is forged or stolen. It is possible to reliably prevent unauthorized business transactions from being performed.
Therefore, the security of commercial transactions using various cards including credit cards and cash cards can be greatly improved.

The password set on the payment card 99 is updated every time a commercial transaction is performed, and the tag 100 is updated.
, The confidentiality of the password can be further improved. In the present embodiment, since the password is stored in the tag 100, even if a complicated password is set or changed frequently, no burden is imposed on the user.

FIG. 6 shows a configuration example of the data carrier system. The data carrier system includes a reader / writer device 114 and a tag 100.
The reader / writer device 114 includes a control circuit 1141,
Transmission circuit 1142, reception circuit 1143, demodulation circuit 114
4, the antenna coil 1145 and the like. The operating power supply of the reader / writer device 114 is configured to be supplied with DC power from the register unit 112.

The tag 100 has the antenna coil 10
1, tuning capacitor 102, rectifier circuit 103, demodulation circuit 104, modulation circuit 105, control circuit 106, memory 10
7 etc.

In the data carrier system of the present embodiment configured as described above, the reader / writer 1
The information signal transmitted from 14 is an ID code representing the ID information of the tag 100, which is the communication partner, and the tag 10
It is composed of an instruction code or the like representing an instruction for 0. For example, when requesting to read and transmit predetermined data stored in the tag 100, following the ID code, the instruction code includes a command to request data reading. .

With the above configuration, the tag 100
The data stored in the reader / writer device 11
4 and the tag 10
Thus, it becomes possible to write predetermined data to the memory 107 of No. 0. Therefore, for example, the password set in the payment card 99 can be changed and stored in the tag 100 each time the payment card 99 is used, whereby the password can be known to a third party. As a result, the payment card can be reliably prevented from being used improperly. When the payment card 99 is an IC card, the present invention can be used similarly to the case of a magnetic card.

When a password for a payment card is set, it is inappropriate to set a complicated password in order for a human to remember, but if a password is stored in the tag 100, a complicated code is required. Since it is possible to set a password for the column, it is possible to prevent a third party from finding the password, and security can be greatly improved. Therefore, the tag 100 can be used as an electronic key for preventing the payment card 99 from being used illegally, and can be used as if it were a seal for a passbook.

[Second Embodiment] Next, an example in which the present invention is applied to a commercial transaction conducted via the Internet will be described with reference to FIG. In FIG. 7, FIG.
Components that are substantially the same as those shown by the same reference numerals are given the same reference numerals, and detailed description is omitted.

In FIG. 7, reference numeral 10 denotes an e-commerce provider, and the user terminal 11
And the authentication / settlement server terminal 12. The e-commerce provider 10 provides a web page for performing e-commerce on the Internet 200 (hereinafter, referred to as a web page 400 for commerce).

The user enters a business transaction web page 400.
Is displayed, an item input process is executed as shown in the flowchart of FIG. That is, when the web page 400 is displayed in step S801, necessary data is entered in each of the input items displayed there,
Data necessary for product purchase (purchase of digital content) is input (step S802).

When necessary data is entered in all input items, a data package for authentication and settlement (FIG. 11)
Reference) is created (step S803), and then a link related to the target authentication / settlement server is clicked (step S804). As a result, a process of requesting the authentication / settlement server terminal 12 via the Internet 200 for authentication / settlement of the electronic commerce performed on the web page 400 is performed.

The authentication / settlement server terminal 12 performs an authentication / settlement process for the electronic commerce requested to be authenticated by the user terminal device 11. First, based on the information stored in the data package sent from the user, a payment card for the user is searched from a database and acquired (step S805). In the present embodiment,
Since the data package does not include information regarding the payment card, the authentication / payment server terminal 12 checks the name of the user who has requested the request, the "address", the "email address", the "telephone number", etc. The information of the payment card is acquired from the database using the general information as a keyword. Then, a process of acquiring the password set in the payment card from the user from the acquired card information is performed.

The password acquisition processing is performed by transmitting a command instructing the user terminal device 11 to transmit the password set in the payment card, following the payment card ID. Do.

User terminal device 1 that has received the above command
1 performs wireless communication between the reader / writer device 114 and the tag 100, reads out the password of the payment card stored in the tag 100, and transfers the password to the authentication and payment server terminal 12.

When the password for the payment card is input from the user terminal device 11, whether or not the corresponding payment card is valid, that is, whether or not to permit the e-commerce provider 10 to perform the business transaction, is determined. Is determined (step S807).

If the result of determination in step S807 is that the payment card is valid, the flow advances to step S808 to perform authentication processing, and then to step S810 to execute post-processing. If the payment card is invalid, the process proceeds to step S809 to perform an authentication rejection process, and then proceeds to step S810.

An example of the authentication processing performed in step S808 will be described with reference to the flowchart of FIG.
When the authentication process is started, in the first step S901, a request is made to the user terminal device 11 to transmit the password set on the payment card to be authenticated. This password transmission request is executed when the above-described reader / writer device 114 issues a command to read the password stored in the tag 100.

Next, the process proceeds to step S902, where the tag 10
A process of reading out the password stored in 0 and transferring it to the authentication / settlement server terminal 12 is performed. As described in the first embodiment, in the password reading process, the tag ID and command ID set in the tag 100 are transmitted from the reader / writer device 114 in the user terminal device 11, and the tag 100 Is done by responding to this.

When the password is transferred in step S902, the process advances to step S903 to determine whether the transferred password is authentic or not.
Is determined. If the result of this determination is that the entered password is not genuine, the process proceeds to step S904, and after performing authentication rejection processing, returns to the main routine.

If the result of determination in step S 903 is that the entered password is genuine, the flow advances to step S 905 to transfer the data package and the payment approval certificate to the electronic commerce provider 10, and then to the main routine. To return.

Next, referring to FIGS. 10 and 11,
An example of a web page 1000 and an example of a data package 1100 in a commercial transaction performed via the Internet 200 according to the present embodiment will be described.

The contents of the web page 1000 are different for each e-commerce provider 10, and each e-commerce provider 1
0 provides a unique web page,
Items for entering information data that needs to be input from the user terminal device 11 are generally the input items 1001 to 1008 shown in FIG. That is, in the input item 1001, the name of the e-commerce provider 10,
In the input item 1002, a transaction date and time is input. These items need not be input by the user, but are automatically input by the e-commerce provider 10.

The input item 1003 is for inputting information on a product name. Here, the name of the item to be purchased, such as “XX device”, is input. The input item 1004 includes an amount to be settled, input items 1005 to 10
In 08, the address, name, telephone number, and mail address of the purchaser are input.

In the present embodiment, the information data is transmitted to each input item by analyzing the contents of the web page 1000, determining the information to be input based on the position of the cursor, and based on the determination. This is performed by reading necessary information from the tag 100 by the reader / writer device 114. Therefore, the user can automatically input information to each item required for the commercial transaction without performing any troublesome input operation.

As described above, the input items 1001-1
After inputting the information in 008, next, a payment credit is selected from the group of items indicated by arrow 1009. afterwards,
The link destination to the authentication / settlement server terminal 12 to be settled is selected from the link button group indicated by the arrow 1010.
Then, when all the input items of the web page 1000 in FIG. 10 are described, a data package for requesting authentication is created. The above data package is created for each input item 1
001 to 1008 and the selected item 1009 may be collected and created. In addition, for easy creation, the content of the web page 1000 may be copied and pasted on a clipboard. FIG. 11 shows a data package 1 to be transferred to the authentication / settlement server terminal 12.
100 shows an example.

When the link to the authentication / settlement server terminal 12 is clicked, the user terminal device 11 is connected to the authentication / settlement server terminal 12. After connecting to the authentication / settlement server terminal 12, the created data package 1100 is transferred to the authentication / settlement server terminal 12 to request authentication / settlement.

The authentication / settlement server terminal 12 that has received the authentication / settlement request requests transmission of the ID and password of the credit card used for settlement of the commercial transaction for which the authentication was requested. In response to this request, the user terminal device 11 transmits the ID and password of the credit card.
This transmission process is executed by the reader / writer device 114 reading out the credit card ID and password stored in the tag 100 in response to a request from the authentication / settlement server terminal 12. Therefore, the process of transferring the confidential information regarding the payment card to the authentication / payment server terminal 12 can be executed without the user performing a troublesome information input operation.

As described above, authentication of e-commerce in which confidential information such as a password set on an e-commerce payment card is transferred from the user terminal device 11 to the authentication / settlement server terminal 12 is obtained. Accordingly, the transfer of the confidential information performed via the Internet 200 can be performed only between the user terminal device 11 and the authentication / settlement server terminal 12. Therefore, it is possible to reliably avoid the risk that the confidential information of the payment card is known to a third party including the electronic commerce provider 10.

In addition, the user terminal device 11 and the
Regarding the confidential information transferred between the settlement server terminal 12, the user terminal device 11 and the authentication / settlement server terminal 12
Can be encrypted by a predetermined encryption method set between the server and the server, so that even if confidential information such as a password for a payment card is transmitted / received via the Internet 200, confidential information is not leaked to a third party. can do.

Further, in the present embodiment, the data package is transferred from the user terminal device 11 to the authentication / settlement server terminal 12, and the authentication / settlement of the commercial transaction performed between the user terminal device 11 and the electronic commerce provider 10 is performed. And the authentication / settlement server terminal 12 approves the commerce in response to the request.
Then, there is no need to perform a billing process for payment to the authentication / settlement server terminal 12, and the amount of the approved commerce is automatically transferred to the account designated by the e-commerce provider 10 on the settlement date. Will be.
Therefore, also for the e-commerce provider 10, it is possible to ensure the cash transfer and to simplify the business processing.
The benefits of using a payment method are significant.

In the above-described embodiment, the embodiment in which the transaction is settled by using the credit card has been described. However, in the case where the settlement is performed by using the user's bank account, the above-mentioned bank approves the payment. Commerce can be executed, and when the transaction is successfully completed, cash may be transferred from the account of the user to the account designated by the electronic commerce provider 10. In addition, it is also possible to omit payment approval or the like and directly transfer cash from the user's account to the account specified by the e-commerce provider 10.

Regardless of whether a credit card or a bank card (bank account) is used as a card to settle commercial transactions, the user can complete all online transaction settlements online. it can.

On the other hand, in the electronic commerce provider 10, it becomes possible to perform all the settlement processing of the commercial transaction using the credit card online in real time. Therefore, according to the commerce method of the present embodiment, not only is there no concern about whether the settlement of the commerce made online can be completed safely, but also the clerical work related to the commerce using a credit card can be significantly reduced. Can be streamlined.

In the above embodiment, the case where authentication and settlement are performed by the same institution (company) has been described. However, the institution (company) performing authentication and the institution (company) performing settlement are not necessarily the same. . That is, as shown in FIG. 12, terminal devices such as A credit card company, B credit card company, C credit card company,..., A bank company, b bank company, c bank company, Authentication by connecting directly to the terminal device 11
You may make it settle.

As shown in FIG. 13, each credit card company and each bank company cooperate with each other to authenticate the authentication center 1300.
Is established, and the user terminal device 11 and the terminal device of the authentication center 1300 are connected via the Internet 200,
According to the contents of the data package, the authentication center 1300 determines the terminal device of each settlement company (reference numeral 1301).
May be individually connected to the terminal device group). In this case, in the e-commerce provider 10, the types of authentication / settlement institutions displayed on the web page can be significantly reduced.

In the above-described embodiment, an example has been described in which confidential information relating to payment to be transferred to the authentication / payment server terminal 12 is read from the tag 100 and transferred. However, such confidential information is not necessarily transferred to the tag 100. It does not need to be stored. For example, it may be stored in a storage medium provided in the user terminal device 11 or an external storage medium such as a floppy (registered trademark) disk that is detachably attached to the user terminal device 11.

In the first and second embodiments described above, an example is shown in which the reader / writer device 114 is provided separately from the register means 112 and the information processing means 111. Of course, it can be provided integrally with these devices.

Further, in the method for conducting online commerce in the second embodiment, it is possible to conduct commerce without using the tag 100. In this case, the personal information stored in the tag 100 is a storage medium provided integrally with the user terminal device 11 or an external storage medium attached as necessary.
For example, it is stored on a floppy disk or the like.

The data package 1100 described above
Is not necessarily required to be as shown in FIG. 11, as long as it includes at least the amount of money required for authentication / settlement and the information indicating that it is a valid owner of the settlement card. Good.

When the authentication / settlement server terminal 12 authenticates the commercial transaction requested from the user terminal device 11, it notifies the electronic commerce provider 10 of the authentication. At this time, a new password may be generated and transmitted to the user terminal device 11. The user terminal device 11 inputs the transmitted password to the tag 100 and writes the password to a predetermined address. The address where the password is to be written is moved in order, for example, at about three places, so that even if it becomes difficult to read the latest password for some reason, the address based on the second and third passwords is used. It is possible to prove that the user is a valid owner of the payment card.

When the method of updating a password is adopted as described above, and when a plurality of tags 100 are possessed, it is necessary to similarly update the information data stored in each tag 100. is there. The update processing of the information data is performed by each tag 100 communicating with the user terminal device 11 via the reader / writer device 114. The process of updating the data commonly owned by a plurality of files to the latest data has been put to practical use, and a detailed description thereof will be omitted.

As described above, if the password is changed each time the payment card is used, even if the confidential information of the payment card is known to the third party for some reason, the password can be used by the third party. The danger of the payment card can be greatly reduced, and the security of the payment card can be greatly updated.

As described above, changing the password every time the payment card is used is troublesome when the user manually performs the password input process. However, in the above-described embodiment, since the password can be automatically stored in the tag 100, the security of the payment card can be improved without the need for the user to directly perform any troublesome processing.

The e-commerce provider 10 having received the authentication notification from the authentication / settlement server terminal 12 issues detailed information and receipt of the order data of the e-commerce via the Internet 200. Thereby, the user can immediately confirm the detailed contents including the authentication result of the electronic commerce on the web page.

(Third Embodiment) Next, a third embodiment of the present invention will be described with reference to FIG. In the above-described embodiment, an example has been described in which the user connects to the Internet 200 via the user terminal device 11 configured by a computer system to perform online commercial transactions, and requests the authentication / settlement server terminal 12 to perform authentication / settlement. The present invention is not necessarily limited to the user terminal device 11 (computer system).
It is not limited to the one using.

For example, as shown in FIG.
The online payment method of the present invention can be used favorably even when conducting online business transactions using the 400.
Although various keys are arranged on the mobile phone 1400, FIG. 14 shows only representative keys by simplifying the drawing as an operation switch group 1401.

In FIG. 14, reference numeral 1402 denotes a display screen;
403 is a microphone, 1404 is a speaker, 140
5 is a data read key, 1406 is a data confirmation key, 1
407 and 1408 are data selection keys.

Although the reader / writer device 114 shown in the above embodiment is not shown in FIG. 14, the mobile phone 1400 is originally provided with a transmission / reception device using radio waves. Is omitted. It goes without saying that the frequency and the transmission power used for transmitting and receiving data to and from the tag 100 are different from the means provided for performing the original telephone call.

Conventionally, in the case of the cellular phone 1400, there are few keys arranged, so that a specific key has various input functions. Therefore, it requires considerable skill to perform the input operation of the personal information generated by the business transaction on the Internet by the key operation.

In order to solve such a problem, in this embodiment, the personal information stored in the tag 100 can be read by operating the data read key 1405. This information reading is performed by the data reading key 140
When 5 is pressed, a command signal for designating the ID of the tag 100 and instructing data reading is transmitted from the mobile phone 1400.

When the command signal is input, the tag 1
For 00, data stored in the memory 107 (see FIG. 6) is read out, transmitted to the mobile phone 1400, and displayed on the display screen 1402. The user selects the display screen 140
Looking at the data displayed in 2, if the data is to be input, the user presses a data confirmation key 1406. As a result, the read data is determined and input to a predetermined input item.

If the data displayed on the display screen 1402 is not the target data, the data selection key 1407 or 1408 is operated. This allows
Data is sequentially read from the tag 100 and the display screen 1
Displayed at 402. After reading the desired data, the user presses a data confirmation key 1406,
Desired data can be read and input.

As described above, desired data can be read out from the tag 100 and written into the input items of the mobile phone 1400 only by operating the key.
0 can greatly reduce the input work when conducting online commerce.

As described above, storing predetermined data in a memory in advance and reading it out by key operation can be executed by using a memory provided in the mobile phone 1400. However, storing confidential information in the memory of the mobile phone 1400 is not preferable from the viewpoint of confidentiality because there is a risk that the confidential information may be read by a third party. In particular, when the mobile phone 1400 is lost, there is a risk that a credit card or a cash card is misused.

However, if the confidential information is stored in the tag 100 and read out as needed, as in the present embodiment, the confidential information can be known to a third party even if the mobile phone 1400 is lost. Danger can be eliminated. Also, even if the tag 100 is lost, a third party who has obtained the tag 100
Since the ID set in the tag 100 is not known, the confidential information stored inside cannot be read out, so that this case is also safe. The tag 100
Reading of data stored in the mobile phone 14
By following only the read command by the key operation of 00, the security of information can be further improved.

As described above, as an auxiliary means for reading out the information data stored in the tag 100, it is possible to use a voice recognition technique whose recognition accuracy is remarkably improved.

A specific example of such a reading method is shown in FIG.
With reference to the web page 1000, when "jojo" is input by voice, the mobile phone 14
The voice recognition means (not shown) provided in 00 analyzes “Kanagawa ◎◎ ○○ □□” as personal information corresponding to the above input items from the tag 100 and displays it on the display screen 1402. Input in the input item that has been entered.

In the same manner, by inputting the input item names such as "Saimei", "Denbango", "Meru-Ado", "Kesaku Rejitsu" in the same manner, the corresponding personal information is obtained. It can be read from the tag 100 and input. Then, when predetermined information is input to all input items, a data package (see FIG. 11) for which authentication is desired is created.

Then, the link to the authentication / settlement server is clicked. Command to create the above data package,
The jump command to the authentication / settlement server may be performed by key operation, or may be performed by voice input.

In this embodiment, the input item names are read out using the voice input system, but the information itself to be input to the input items can be input by voice. As described above, when all the personal information is input by voice, the information is stored in advance in the storage medium of the mobile phone 1400, and the stored information is read out in response to the voice input. By doing so, the accuracy of voice input can be improved.

Further, the functions of the above-described embodiments are implemented in an apparatus connected to the various devices or in a computer in a system so that various devices are operated so as to realize the functions of the above-described embodiments. The present invention also includes a case where the above-described various devices are operated according to a program stored in a computer of the system or the apparatus by supplying a program code of software for the software.

Further, after the supplied program code is stored in the memory provided on the function expansion board of the computer or the function expansion unit connected to the computer, the function expansion board or the function expansion unit is operated based on the instruction of the program code. The present invention also includes a case where a CPU or the like provided in the apparatus performs part or all of the actual processing, and the processing realizes the functions of the above-described embodiments.

[0106]

As described above, according to the present invention, the settlement processing using a credit card or a cash card can be simplified. According to another feature of the present invention, it is possible to prevent confidential information such as a password and a password of a payment card from leaking. Another feature of the present invention is that settlement of electronic commerce performed on the Internet can be performed without notifying the electronic commerce provider of confidential information on the card.

[Brief description of the drawings]

FIG. 1 is an explanatory diagram showing a first embodiment of the present invention and showing an example of an electronic commerce service system.

FIG. 2 is a flowchart illustrating a procedure of a card authentication process.

FIG. 3 is a flowchart illustrating a procedure of another example of the card authentication process.

FIG. 4 is a diagram showing an example of a web page for performing a commercial transaction.

FIG. 5 is a diagram illustrating an example of a data package for requesting an authentication / settlement server terminal to perform authentication.

FIG. 6 is a block diagram illustrating a schematic configuration of a reader / writer device and a tag.

FIG. 7 is a diagram illustrating a second embodiment of the present invention and illustrating an example of commercial transactions through the Internet.

FIG. 8 is a flowchart illustrating an example of a procedure for inputting information to input items of a web page displayed on a display screen of a user terminal device.

FIG. 9 is a flowchart illustrating an example of an authentication processing procedure in the authentication terminal device.

FIG. 10 is a diagram illustrating an example of a web page in a commercial transaction performed via the Internet.

FIG. 11 is a diagram illustrating an example of a data package transmitted when requesting authentication / settlement server terminal for authentication of a commercial transaction performed via the Internet.

FIG. 12 is a diagram illustrating a configuration example of an authentication / settlement system.

FIG. 13 is a diagram illustrating another configuration example of the authentication / settlement system.

FIG. 14 is a diagram showing an example applied to a mobile phone of the present invention.

[Explanation of symbols]

 REFERENCE SIGNS LIST 9 communication line 11 user terminal device 12 authentication / settlement server terminal 99 settlement card 100 tag 112 register means 113 card reader 114 reader / writer device 121 information processing means 122 display device 123 database

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06F 17/60 512 G06F 17/60 512 G06K 17/00 G06K 17/00 L 19/10 19/00 R

Claims (35)

[Claims] 1. Card authentication characterized by transmitting and receiving information data related to a card between a terminal device and a wireless tag, and judging the validity of the card based on information data acquired from the wireless tag. Method. 2. The information terminal device according to claim 1, wherein the information data acquired from the wireless tag is transmitted to an authentication terminal device via a line, and the authentication terminal device is requested to judge the validity of the card. The card authentication method described. 3. An information display process for displaying information related to a commercial transaction on a display screen of a communication terminal device, and an authentication data reading for reading information data stored in a settlement card used for the settlement of the commercial transaction by a card reader. Processing, information data read processing for reading information data for performing authentication of the payment card from the wireless tag, and performing the commercial transaction using the payment card based on the information data read from the wireless tag. And performing an authentication determination process of determining whether or not to authenticate the user. 4. An information display process for displaying information relating to a commercial transaction on a display screen of a communication terminal device, and authentication data for reading, by a card reader, information data stored in a payment card for performing the transaction. A read process; an information data read process for reading information data for performing authentication of the payment card from the wireless tag; and an authentication mechanism for transmitting the information data on the payment card obtained from the wireless tag via a line. Information data transfer processing to be transferred to, and, based on the authentication information data transferred via the line, determine whether to authenticate settlement of the commercial transaction using the settlement card, An authentication determination process of transmitting a result of the determination to the communication terminal device; and a commercial transaction using the payment card based on the transmitted determination result of the authentication terminal device. Payment method using a card and performs the settlement processing performed. 5. The payment card includes at least a David Cart or a credit card, and the information data relating to the payment card is a password set in the payment card. Or a settlement method using the card described in 4. 6. The settlement using a card according to claim 3, wherein the wireless tag is an RFID, and a reader / writer device is connected to the communication terminal device. Method. 7. A display process for displaying a web page for a commercial transaction on a screen of a network terminal device connected via an internet communication line, and an electronic commerce is required for each input item of the web page. Transaction information input processing for inputting commercial transaction information excluding information related to a card used for settlement of the electronic commerce, and connecting to a terminal device of an authentication mechanism for requesting authentication of settlement of the commercial transaction. Authentication terminal device connection processing; and commercial transaction information for requesting authentication of commercial transactions performed on the web page, and information for certifying the validity of a card used for settlement of the commercial transactions, from the network terminal device to the authentication terminal. The authentication information transmitting process to be transmitted to the device, and the network terminal device are required based on the information transmitted by the information transmitting process. And performing an authentication result notification process of notifying, via a network, an electronic commerce provider that has displayed a web page for the commercial transaction of the result of the determination as to whether or not to authenticate the settlement of the commercial transaction using a card to be executed. An electronic commerce settlement method characterized by the above-mentioned. 8. The settlement of electronic commerce according to claim 7, wherein the authentication terminal device displays on the screen of the network terminal device a result of determination as to whether or not to authenticate settlement of the commercial transaction. Method. 9. The electronic commerce provider, when the authentication notification of the commercial transaction is input from the authentication terminal device, based on the information input to each input item of the web page for the commercial transaction, 9. The electronic commerce settlement method according to claim 7, wherein a process of executing the commercial transaction is performed. 10. A link for an authentication terminal device for authenticating the payment card is set on a web page for commerce displayed by the e-commerce provider, and when the user clicks the link, the network terminal device is set. The connection destination of the electronic commerce provider jumps to the authentication terminal device.
10. The settlement method for electronic commerce according to any one of items 9 to 9. 11. The network terminal device sets the name, ID, expiration date, and expiration date of the payment card in the payment card as information data necessary to prove the validity of the card for performing the transaction settlement. The settlement method for electronic commerce according to any one of claims 7 to 10, wherein the set password is transmitted to the authentication terminal device. 12. The electronic commerce payment method according to claim 7, wherein the payment card includes at least a credit card or a cash card. 13. The settlement method for electronic commerce according to claim 7, wherein information data transmitted from said network terminal device to said authentication terminal device is encrypted. 14. The information data transmitted from the network terminal device to the authentication terminal device is stored in a wireless tag, and data is transmitted and received between the network terminal device and the wireless tag, whereby the network 14. The settlement method of electronic commerce according to claim 7, wherein the terminal device reads information data for authentication from the wireless tag and transmits the information data to the authentication terminal device. 15. The network terminal device according to claim 7, wherein the network terminal device includes at least one of a personal computer, a mobile phone, and a portable information device.
4. The settlement method for electronic commerce according to any one of 4. 16. The electronic commerce settlement method according to claim 7, wherein the authentication terminal device is a terminal device of an issuing organization of the settlement card. 17. The electronic commerce according to claim 7, wherein the authentication terminal device is a terminal device of an authentication center established by a plurality of payment card issuing organizations. Settlement method. 18. A method of transmitting and receiving data to and from a wireless tag, reading information data for authentication relating to a card desired to be authenticated from the wireless tag, and judging the validity of the card. Communication terminal device. 19. A transaction information display means for displaying information related to a commercial transaction, card information reading means for reading data stored in a payment card used for the settlement of the commercial transaction by a card reader, and reading by the card reader. Security information reading means for performing wireless communication with the wireless tag based on the encrypted data and reading the security information set in the payment card, and performing the payment based on the security information read from the wireless tag. A communication terminal device comprising: an authentication determination unit configured to determine whether or not to perform the business transaction using the business card. 20. An information display means for displaying information related to a commercial transaction on a display screen of a communication terminal device, and a card information reader for reading information data stored in a settlement card used for the settlement of the commercial transaction by a card reader. Means for performing wireless communication with a wireless tag based on the data read by the card reader, and obtaining confidential information set in the payment card; and obtaining the confidential information from the wireless tag. A communication terminal device for transferring the encrypted confidential information to an authentication mechanism via a line and requesting authentication of performing settlement of the commercial transaction using the settlement card. . 21. The payment card includes at least a David Cart or a credit card, and the transmission and reception of information data with the wireless tag is a password set on the payment card. The communication terminal device according to any one of claims 18 to 20, wherein 22. The communication terminal device according to claim 18, wherein said wireless tag is an RFID, and said secret information obtaining means includes a reader / writer device. 23. A display means for displaying a web page for commerce sent from an e-commerce provider connected via an internet communication line, and input items required for executing the e-commerce in each of the input items of the web page. Business transaction information input means for inputting predetermined transaction information excluding card information relating to the settlement of the electronic commerce, and an authentication terminal device connected to a terminal device of a mechanism for authenticating the validity of the settlement card Connecting means, information relating to the commercial transaction performed on the web page, and information for certifying the validity of the card used for the settlement of the commercial transaction to the authentication terminal device, and performing the settlement of the commercial transaction by the settlement A communication requesting device for requesting the authentication terminal device to authenticate the operation performed by the authentication card. 24. A method for transmitting the name, ID, expiration date, and set password of the settlement card as information necessary for certifying the validity of the card for performing settlement of the commercial transaction. Any one of claims 18 to 23
The communication terminal device according to the item. 25. The communication terminal device according to claim 18, wherein the payment card includes at least a credit card or a cash card. 26. The communication terminal device according to claim 18, further comprising an encryption unit for encrypting information data transmitted from said network terminal device to said authentication terminal device. . 27. The network terminal device according to claim 18, wherein the network terminal device includes at least one of a personal computer, a mobile phone, and a portable information terminal.
27. The communication terminal device according to any one of 26. 28. An e-commerce provider that provides a web page for e-commerce to a network terminal device via the Internet, and performs e-commerce by a user inputting predetermined information to each input item set in the web page. In the electronic commerce described above, when a notification for authenticating the settlement of the electronic commerce is sent from the authentication terminal device requested by the user, the electronic commerce is executed based on the content input on the web page. Provider. 29. An electronic commerce provider that provides a web page for electronic commerce to a network terminal device via the Internet, and performs electronic commerce by a user inputting predetermined information to each input item set in the web page. 5. The electronic commerce provider according to claim 2, wherein the web page sets a link for the user to jump to a terminal device of an authentication mechanism that wants to authenticate the commercial transaction. 30. The password according to claim 1, wherein the password set in the payment card is changed each time a commercial transaction is performed, and the changed password is written in the wireless tag. Card authentication method. 31. The password set in the payment card is changed every time a commercial transaction is performed, and the changed password is written in the wireless tag. Or a settlement method using the card according to claim 1. 32. The password according to claim 7, wherein the password set in the payment card is changed every time a commercial transaction is performed, and the changed password is written in the wireless tag. 3. The settlement method for electronic commerce according to claim 1. 33. The password according to claim 17, wherein the password set in the payment card is changed every time a commercial transaction is performed, and the changed password is written in the wireless tag. The communication terminal device according to claim 1. 33. The password according to claim 28, wherein the password set in the payment card is changed every time a commercial transaction is performed, and the changed password is written in the wireless tag. Communication terminal device. 34. A storage medium storing a program for executing the method according to any one of claims 1 to 17 so as to be readable from a computer. 35. A storage medium storing a program constituting each means according to any one of claims 18 to 29 so as to be readable from a computer.