WO2002041207A1 - Security system for electronic commerce - Google Patents

Security system for electronic commerce Download PDF

Info

Publication number
WO2002041207A1
WO2002041207A1 PCT/JP2001/009023 JP0109023W WO0241207A1 WO 2002041207 A1 WO2002041207 A1 WO 2002041207A1 JP 0109023 W JP0109023 W JP 0109023W WO 0241207 A1 WO0241207 A1 WO 0241207A1
Authority
WO
WIPO (PCT)
Prior art keywords
medium
card
information
cash
identification number
Prior art date
Application number
PCT/JP2001/009023
Other languages
French (fr)
Japanese (ja)
Inventor
Toru Miura
Original Assignee
Toru Miura
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toru Miura filed Critical Toru Miura
Publication of WO2002041207A1 publication Critical patent/WO2002041207A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/347Passive cards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/127Card verification in which both online and offline card verification can take place

Definitions

  • the present invention relates to a security method for commerce, particularly in personal commerce using a credit card, a cache card, a computer network, or the like, and forgery of a medium such as a credit card in a computer network. It relates to a method for minimizing the damage caused by theft of ID numbers.
  • the credit card cash card displays information such as the number and name of an individual ID by embossing, and the magnetic stripe stores the same information.
  • the credit card cash card checks the signature on the back of the credit card against the signature on the product purchase slip, or in the case of a cash card, use your personal identification number. Is input to the information terminal and verified by the host computer.
  • An object of the present invention is to solve such a conventional problem, and it is impossible to perform an illegal act even if an ID number or a password is grasped.
  • An object of the present invention is to provide an e-commerce security system that cannot be used. Disclosure of the invention
  • a medium unique to the medium is attached to a medium other than cash, such as a credit card or a cash card, which can be traded, and a medium unique identification number based on the pattern is provided. And the information stored in the magnetic data of the medium is compared to determine the authenticity of the medium.
  • the invention according to claim 2 of the electronic commerce security system according to the present invention is a medium that can be used for commercial transactions other than cash, such as a credit card and a cash card, and that reads a unique pattern of the medium. Judgment of the authenticity of the card by comparing the information terminal device provided with the reading means and the recording information reading means for reading the recording information such as the magnetic data of the medium with the medium unique identification information and the recording information transferred from the information terminal device Determining means for performing the determination.
  • the invention according to claim 3 of the electronic commerce security system according to the present invention is the invention according to claim 2, wherein the information terminal device is provided with a data input unit capable of inputting a personal identification number, and the determination unit is unique to the medium. Identification information, records It is characterized in that the authenticity of the password and the identity verification are determined based on the information and the password, and an updated password valid for the next and subsequent transactions is transmitted to the information terminal device when the transaction is completed.
  • the invention according to claim 4 of the electronic commerce security system according to the present invention is the invention according to claim 3, wherein the password is transmitted from the determination means to the card user every time one commercial transaction is completed.
  • the invention described in claim 5 of the electronic commerce crime prevention system according to the present invention is characterized in that the updated personal identification number valid for the next and subsequent commercial transactions is public. It is characterized in that the card user is notified of the update by transmitting it to the portable terminal possessed by the card holder via a line.
  • the invention according to claim 6 of the electronic commerce security system according to the present invention relates to a system for performing settlement using a medium other than cash, such as a credit card or a cash card, capable of conducting a commercial transaction, which is related to the medium via a network or the like.
  • Judgment means for receiving data such as an ID number and a password valid only for a predetermined number of commercial transactions to determine whether or not the commercial transaction has been completed, and performing the desired settlement processing when the commercial transaction has been completed, and
  • a means is provided for notifying the card user of the update of the personal identification number by transmitting the updated personal identification number valid for commercial transactions to the cardholder's terminal or mobile terminal via a public line or the like.
  • the invention according to claim 7 of the electronic commerce security system according to the present invention is characterized in that, in the invention according to any one of claims 3 to 6, the information terminal device performs encrypted communication when transmitting and receiving various information.
  • the personal identification number or an encoded number is used as a key for encrypted communication.
  • the invention according to claim 8 of the electronic commerce security system according to the present invention is a non-cash-enabled medium such as a credit card or a cash card. Recording means for recording the number of uses of the medium, and the authenticity of the medium is determined based on the number of uses.
  • the invention according to claim 9 of the electronic commerce security system according to the present invention is a recording system for recording the number of times of use of the medium in a non-cash medium such as a credit card, a cash card, etc. in a cumulative and non-subtractable manner. Means is provided, and the authenticity of the medium is determined by performing a rewriting operation by subtracting the number of uses.
  • FIG. 1 is a diagram showing an example of a card used in a security system for electronic commerce according to the present invention.
  • FIG. 2 is a diagram showing a schematic configuration of an electronic commerce security system according to the present invention.
  • FIG. 3 is a diagram showing an example of a data table included in the determination means in the electronic commerce security system according to the present invention.
  • FIG. 4 is a diagram showing one embodiment of the configuration of the electronic commerce security system according to the present invention.
  • FIG. 5 is a flowchart showing the operation of the electronic commerce security system according to the present invention.
  • FIG. 6 is a diagram showing another embodiment of the configuration of the electronic commerce security system according to the present invention.
  • FIG. 7 is a diagram showing another embodiment of the configuration of the electronic commerce security system according to the present invention.
  • fraudulent acts using cards and the like include physical acts such as counterfeiting cards, and non-physical acts such as illegally acquiring (frauding) ID numbers and PINs.
  • a unique identification number is determined in advance.
  • a magnetic stripe is provided on the back surface of the card 1, and the magnetic stripe stores stored information such as the ID number of the card.
  • the card 1 is inserted from the entrance 2a to the information terminal device 2 (unique identification information reading means and recorded information reading means), and the information terminal device 2 Reads the pattern of the card and transmits it to the host computer 4 via the network 3 such as a telephone line or a dedicated line together with the magnetic data information stored in the magnetic stripe of the force.
  • the unique identification number based on the card pattern is compared with the magnetic data information to judge whether the card is a counterfeit card by a computer or other judging means to determine the success or failure of the commercial transaction.
  • FIG. 3 is a diagram showing a table of data collation data stored in the host computer 4. As shown in FIG. 3, one-to-one correspondence with recorded information (ID numbers, etc.) such as magnetic data is shown. The card unique identification number corresponding to the ID is stored, the card unique identification number is determined from the card pattern transferred from the information terminal device, and when the unique identification number and the magnetic data information such as the ID number match, Only allow commercial transactions.
  • ID numbers such as magnetic data
  • the card itself can be provided with information (pattern) corresponding to a unique number and the authenticity of the card can be determined together with the magnetic data information stored in the magnetic stripe. Fraudulent acts such as unauthorized acquisition of information and transfer of various information to counterfeit information be able to.
  • the data pattern of the force is transferred from the information terminal device 2 to the host computer 4 and the unique identification number of the card is determined by the host computer 4. 2 has a pattern reading device and a unique identification number judgment function, transfers the unique identification number and the information stored in the magnetic disk to the host computer 4, and transfers the information to the host computer 4. It may be configured to determine the authenticity of the password.
  • FIG. 4 is a diagram showing the configuration of an electronic commerce security system according to the present invention.
  • 2 is an information terminal device for reading patterns and magnetic data which are unique identification numbers of force
  • 5 is for centrally managing an identity verification function.
  • 6 is a host computer of a financial company (card issuing company)
  • 7 is a display device that is attached to an information terminal device and displays information
  • 8 is a keyboard and other devices. It is a data input device (data input means).
  • the security system for e-commerce is described below with reference to Figs.
  • the card user obtains a password that can be used only once from a card company or the like (step S1), and sends a password 1 to the information terminal device 2 when using the card. It is inserted (step S2), and the password is input from the data input device 8 (step S3). Then, from the information terminal device 2, the unique identification information (pattern) of the card 1, the recording information such as the ID number stored in the magnetic data of the card 1, and the password A are transmitted via the network. Transferred to the host computer overnight 5 and the host computer In step 5, referring to the table as shown in FIG. 3, it is determined whether or not the force unique identification number matches the magnetic data storage information (step S4).
  • step S4 If it is determined that the password is genuine (YES in step S4), it is determined whether or not the entered passwords match (step 5), and the commercial transaction is permitted only when the passwords match (step S6). ) Then, data B such as the purchase amount information and payment method for performing settlement by force are transferred from the information terminal device 2 to the host computer 6 of the financial company via the host computer 5 (step S 7), a commercial transaction is executed.
  • a new password (updated password) valid at the next business transaction is returned to the information terminal device 2 via the network from the update notification means of the host computer 5 that centrally controls the personal identification function (step S8). ), The password is displayed on the display device 7 (step S9).
  • the card user memorizes or keeps a record of the updated personal identification number and uses it for the next commercial transaction.
  • the PIN stored in the host convenience store 5 is also rewritten to prepare for the next commercial transaction.
  • the card unique identification information does not match the magnetic data, or if the PIN does not match (NO in S4 or S5), the card has been forged or the identity of the card user cannot be verified. Judgment is made, the commercial transaction is rejected, and a message to that effect is displayed on the display device 7 attached to the information terminal device 2 (step S10).
  • the host computer which centrally manages the identity verification function from the host company 6 of the financial company.
  • the night is transferred on evening 5, and the available flags (see Fig. 3) are changed by the judgment means in the host computer overnight 5.
  • the personal identification number is updated for each commercial transaction. It may be changed every time.
  • a part for storing the security code to be updated on the card is provided, and the information terminal device is provided with a function to update the security code.
  • the updated security code stored in the password and data input are entered. The identification of the force holder may be performed by comparing the password with the password input from the device.
  • the updated security code and the fixed security code are used to store the updated security code on the card.
  • the fixed security code is entered by the user to confirm the identity when using the card.
  • the security can be further improved by using a double password in such a manner.
  • the authenticity of the card itself is determined by the unique identification information based on the force pattern and the magnetic storage information, and is effective for one or a predetermined number of commercial transactions.
  • the host computer which centrally controls the personal identification function, notifies the card holder of a personal identification number, and performs personal identification by comparing the personal identification number entered during commercial transactions with the stored personal identification number. Secure electronic commerce can be realized.
  • the communication between the information terminal device 2 and the host computers 4 and 5 and the communication between the host computers 4 and 5 and the host computer 6 of the financial company are to improve security.
  • Perform encrypted communication In this case, a common key cryptosystem is used, and the personal identification number of the card is used as the common key.
  • the common key cryptosystem usually, information intended only for encrypted communication is used as a common key.
  • the password is changed every time a commercial transaction is made. Keys are changed frequently, and cryptographic communication is extremely secure, enabling more reliable e-commerce. If the password cannot be used directly as the common key, for example, when the data length of the password and the common key are different, What is encoded according to a predetermined rule may be used as a common key.
  • variable password method is used for electronic settlement
  • it is widely used for cryptographic communication for transmitting and receiving important data after inputting the variable password, such as data transmission with personal authentication. Applicable.
  • FIG. 6 is a diagram showing another configuration of the electronic commerce security system according to the present invention.
  • the updated personal identification number is displayed on the display device 7 installed in the store or the like, so that the personal identification number can be visually recognized by anyone other than the force holder.
  • the security was not perfect, as shown in Fig. 6, the updated PIN was transferred to the mobile terminal 9 owned by the force holder on a network such as a public network By transmitting the data as voice or electronic data via 0, the security can be further improved. Note that only the method of transmitting the updated personal identification number is different, and the other processes are the same as those in the above-described embodiment, and thus description thereof will be omitted.
  • FIG. 7 is a diagram showing another configuration of the electronic commerce security system according to the present invention.
  • personal commerce has often been conducted via the Internet, especially due to the spread of convenience stores and the establishment of the Internet infrastructure. This will be described with reference to FIG.
  • 5 is a host computer for centrally managing the identity verification function
  • 6 is a host computer of a financial company (card issuing company)
  • 10 is a network such as a public line or the Internet
  • 11 is a product or service. etc
  • Reference numerals 1 and 2 denote terminal devices of purchasers of goods and services.
  • the credit card is required to settle the personal information such as his / her address and the price to the service provider.
  • the personal identification number used only is transferred to the terminal device of the service provider via the network 10.
  • the service provider transfers the commercial transaction data to the host computer 5 using the terminal device 11 or the information terminal device 2 (not shown), and the host computer 5 determines whether or not the passwords match by the determination means. And decide whether or not to establish a commercial transaction.
  • the host computer 5 performs a predetermined settlement process, and further updates the password used for the next and subsequent business transactions via the public line or the like to the terminal device 12 or the like of the purchaser. Alternatively, it is transmitted to the portable terminal 9 owned by the purchaser. As a result, even when conducting business transactions without physically using the card itself, the PIN for card use is updated for each prescribed transaction, and the updated PIN is only available to the cardholder. Because it can be grasped, it is possible to conduct secure transactions.
  • the present invention is not limited to commercial transactions using cards, but also to commercial transactions using no cards, for example, electronic transactions during a computer, etc., in which an ID number, a personal identification number, etc. are illegally used by others. It also works effectively to prevent illegal activities.
  • data that is magnetically recorded on a cash card or credit card is rewritable and may be forged.
  • card-specific information is stored in a non-rewritable memory (ROM) in advance, but information that needs to be changed when using the card is rewritable. May be forged because it is stored in a functional memory (RAM).
  • RAM functional memory
  • a recording means such as a non-rewritable memory is installed in the C card in advance, and the number of times of use of the IC card is cumulatively recorded therein. The number of uses is added to the IC card according to the use.
  • the usage count read by the IC card reader is input to the host computer via the network, and if it does not match the usage count recorded on the host computer, it is determined to be a counterfeit card and matches. If so, the card is judged to be a true card. Since the number of times of use changes every moment with the use of the card, even if a fake card is created by reading the data from an authentic IC card Even if the IC card was subsequently used, the data on the number of times of use was rewritten and the information on the authentic IC card was changed, so the card was used afterwards. It can be determined that the missing IC code is counterfeit.
  • non-rewritable memory there are various types of non-rewritable memory that can be incorporated into the IC at the manufacturing stage. For example, a method of cumulative writing to the write area of a memory that can be written only once Alternatively, an optical system such as a read-up-once CDR may be used.
  • the number of uses in the IC card may be recorded not only for each use but also for every predetermined number of uses, for example, every 10 times.
  • the first aspect of the present invention it is not possible to create two or more identical cards, thereby preventing forgery of a card or the like, and preventing the storage data stored in the card from being physically forged. Since the authenticity of the password is determined by collating with the unique identification number of the card, it is possible to prevent the transaction by the counterfeit password and to perform the business transaction safely.
  • the authenticity of the card and the identity verification can be confirmed by using the personal identification number and the unique identification information of the password, which are changed for each commercial transaction, and the memory information stored in the card. It is possible to conduct business transactions even more safely.
  • variable update PIN is transmitted to the mobile terminal or the like of the card holder via the public line, only the card user can know the PIN notified of the update. Business transactions can be carried out even more securely.
  • an ID number such as a credit card and a valid PIN are transmitted only for a predetermined number of commercial transactions, the commercial transaction is permitted only when the PIN coincides with a predetermined PIN, and the next Since the updated security code valid for subsequent commercial transactions was transmitted to the cardholder's terminal or mobile terminal via a public line, etc., the security code was not leaked to a third party and secure business transactions were conducted. be able to.
  • the information terminal device when the information terminal device transmits and receives various types of information, the information terminal device performs cryptographic communication and uses the personal identification number or a code obtained by encoding the personal identification number as a key for symbol communication. It can carry out extremely high-reliability electronic commerce.
  • a recording means for recording the number of times the medium has been used is provided on a non-cash medium such as a credit card or a cash card that can be used for business transactions, and the authenticity of the medium is determined based on the number of uses. Therefore, it is possible to prevent transactions with counterfeit cards by making use of the characteristics of the ever-changing number of times of use, and to conduct business transactions safely.
  • a recording means for recording the number of times of use, cumulatively and non-subtractably, is provided on a medium other than cash that can be traded, and the rewriting operation is performed by subtracting the number of uses to judge the authenticity of the medium.

Abstract

A security system for electronic commerce. A medium such as a credit card or a cash card which enables commerce, other than cash, is marked with a pattern specific to the medium. An identification number specific to the medium by the patterns is collated with information stored in the magnetic data of the medium to judge the authenticity of the medium. Therefore, fraudulent acts cannot be committed even if the ID number, personal identification number, etc. of the credit card or cash card is grasped, and the unauthorized use of a credit card cannot be committed even if it is counterfeited.

Description

明 細 書 電子商取引の防犯システム 技術分野  E-commerce crime prevention system Technical field
本発明は、 商取引の防犯方法に閧し、 特にクレジッ トカードやキヤッ シユカ一ド或いはコンピュータネッ トワーク等を利用した個人商取引に おいて、 クレジッ トカード等の媒体の偽造ゃコンピュ一夕ネヅ トワーク 商取引における I D番号等の盗難による被害を最小限に抑える方法に関 する。 背景技術  INDUSTRIAL APPLICABILITY The present invention relates to a security method for commerce, particularly in personal commerce using a credit card, a cache card, a computer network, or the like, and forgery of a medium such as a credit card in a computer network. It relates to a method for minimizing the damage caused by theft of ID numbers. Background art
従来より商品やサービス等を購入する際にクレジッ トカードによる決 済が行われ、 また最近では商店等に配置された情報端末等を用い、 キヤ ヅシュカードを用いて即時に決済できるシステムが導入されている。 クレジッ トカ一ドゃキャッシュカー ドには個人の I Dとなる番号や氏 名等の情報がエンボスにより表され、 また、 磁気ス ト ライ プには同様の 情報が記憶されている。 これらカードを利用した商品等の購入に当たつ ては、 クレジッ トカ一 ドの裏面に記載された署名と商品購入伝票に記載 した署名とを照合したり、 キャッシュ力一ドの場合には暗証番号を情報 端末に入力し、 ホス トコンピュー夕にて照合することにより本人確認を 行っている。  Traditionally, credit card payments have been made when purchasing products and services, and more recently, a system has been introduced that allows immediate settlement using cash cards using information terminals, etc., located at stores and other places. . The credit card cash card displays information such as the number and name of an individual ID by embossing, and the magnetic stripe stores the same information. When purchasing products, etc. using these cards, check the signature on the back of the credit card against the signature on the product purchase slip, or in the case of a cash card, use your personal identification number. Is input to the information terminal and verified by the host computer.
更に、 近年ではコンピュータの普及やイ ンタ一ネッ ト基盤の確立によ り、 ネッ トワーク上で個人商取引も盛んに行われており、 ネッ トワーク 商取引の場合、 ネヅ トワークに接続されたコ ンピュータにクレジヅ トカ ード等の I D番号を伝送し、 決済を行うのが一般的である。 しかしながら、 カードゃネッ トワーク商取引による決済は、 個別の情 報が他に漏れないことを前提として成り立つており、 利用者の知り得な いうちにクレジッ トカードを偽造されたり、 I D番号や暗証番号を把握 されたりすると他人の不正行為を防ぐことができないという問題点があ つ 7こ。 In recent years, with the spread of computers and the establishment of the Internet infrastructure, personal commerce has been actively conducted on networks. In the case of network commerce, computers connected to the network In general, settlement is performed by transmitting an ID number such as a credit card. However, settlement by card / network commerce is based on the premise that individual information will not be leaked to other parties.For example, a credit card can be forged without the user's knowledge, or an ID number or PIN cannot be used. There is a problem that if it is grasped, it is impossible to prevent wrongdoing of others.
本発明の課題は、 このような従来の問題点を解決し、 I D番号や暗証 番号等を把握されても不正行為を行うことができず、 また、 クレジッ ト 力一ドを偽造されても不正使用することができない電子商取引の防犯シ ステムを提供することにある。 発明の開示  An object of the present invention is to solve such a conventional problem, and it is impossible to perform an illegal act even if an ID number or a password is grasped. An object of the present invention is to provide an e-commerce security system that cannot be used. Disclosure of the invention
前記の課題を解決するために、 請求項 1記載の発明では、 クレジッ ト カード、 キャッシュカード等の現金以外の商取引可能な媒体に、 媒体固 有の模様を付し、 当該模様による媒体固有識別番号と、 媒体の磁気デー 夕に記憶された情報とを照合して媒体の真偽を判断したことを特徴とす る。  In order to solve the above problem, in the invention according to claim 1, a medium unique to the medium is attached to a medium other than cash, such as a credit card or a cash card, which can be traded, and a medium unique identification number based on the pattern is provided. And the information stored in the magnetic data of the medium is compared to determine the authenticity of the medium.
本発明にかかる電子商取引の防犯システムの請求項 2記載の発明は、 クレジッ トカード、 キャッシュ力一ド等の現金以外の商取引可能な媒体 であって、 該媒体固有の模様を読み取る媒体固有識別倩報読み取り手段 並びに媒体の磁気データ等の記録情報を読み取る記録情報読み取り手段 とを備えた情報端末装置と、 情報端末装置から転送された媒体固有識別 情報及び記録情報とを比較し、 カードの真正を判断する判定手段とを備 えたことを特徴とする。  The invention according to claim 2 of the electronic commerce security system according to the present invention is a medium that can be used for commercial transactions other than cash, such as a credit card and a cash card, and that reads a unique pattern of the medium. Judgment of the authenticity of the card by comparing the information terminal device provided with the reading means and the recording information reading means for reading the recording information such as the magnetic data of the medium with the medium unique identification information and the recording information transferred from the information terminal device Determining means for performing the determination.
本発明にかかる電子商取引の防犯システムの請求項 3記載の発明は、 請求項 2記載の発明において、 前記情報端末装置は暗証番号を入力可能 なデータ入力手段を備え、 前記判定手段は前記媒体固有識別情報、 記録 情報及び暗証番号に基づき力一ドの真正並びに本人確認を判断すると共 に、 商取引の完了時に次回以降の商取引に有効な更新された暗証番号を 前記情報端末装置に伝送したことを特徴とする。 The invention according to claim 3 of the electronic commerce security system according to the present invention is the invention according to claim 2, wherein the information terminal device is provided with a data input unit capable of inputting a personal identification number, and the determination unit is unique to the medium. Identification information, records It is characterized in that the authenticity of the password and the identity verification are determined based on the information and the password, and an updated password valid for the next and subsequent transactions is transmitted to the information terminal device when the transaction is completed.
本発明にかかる電子商取引の防犯システムの請求項 4記載の発明は、 請求項 3記載の発明において、 前記暗証番号は一回の商取引が完了する 毎に前記判定手段からカ一ド利用者に军新通知されることを特徴とする 本発明にかかる電子商取引の防犯システムの請求項 5記載の発明は、 請求項 3記載の発明において、 次回以降の商取引に有効な更新された暗 証番号は公衆回線を介してカード保有者が有する携帯端末に伝送するこ とによりカード利用者に更新通知されることを特徴とする。  The invention according to claim 4 of the electronic commerce security system according to the present invention is the invention according to claim 3, wherein the password is transmitted from the determination means to the card user every time one commercial transaction is completed. The invention described in claim 5 of the electronic commerce crime prevention system according to the present invention is characterized in that the updated personal identification number valid for the next and subsequent commercial transactions is public. It is characterized in that the card user is notified of the update by transmitting it to the portable terminal possessed by the card holder via a line.
本発明にかかる電子商取引の防犯システムの請求項 6記載の発明は、 クレジッ トカード、 キャッシュカード等の現金以外の商取引可能な媒体 により決済を行うシステムにおいて、 ネッ トワーク等を介して媒体に関 連した I D番号等のデータ並びに所定回数の商取引にのみ有効な暗証番 号を受信し、 商取引の成立の是非を判定する判定手段と、 商取引が成立 した際に所望の決済処理を行うと共に、 次回以降の商取引に有効な更新 された暗証番号を公衆回線等を介してカード保有者の端末もしくは携帯 端末に伝送することによりカード利用者に暗証番号を更新通知する手段 を備えたことを特徴とする。  The invention according to claim 6 of the electronic commerce security system according to the present invention relates to a system for performing settlement using a medium other than cash, such as a credit card or a cash card, capable of conducting a commercial transaction, which is related to the medium via a network or the like. Judgment means for receiving data such as an ID number and a password valid only for a predetermined number of commercial transactions to determine whether or not the commercial transaction has been completed, and performing the desired settlement processing when the commercial transaction has been completed, and A means is provided for notifying the card user of the update of the personal identification number by transmitting the updated personal identification number valid for commercial transactions to the cardholder's terminal or mobile terminal via a public line or the like.
本発明にかかる電子商取引の防犯システムの請求項 7記載の発明は、 請求項 3乃至 6のいずれか 1つの請求項記載の発明において、 前記情報 端末装置が各種情報を送受信する際に暗号通信を行い、 前記暗証番号又 はこれを符号化した番号を暗号通信の鍵としたことを特徴とする。  The invention according to claim 7 of the electronic commerce security system according to the present invention is characterized in that, in the invention according to any one of claims 3 to 6, the information terminal device performs encrypted communication when transmitting and receiving various information. The personal identification number or an encoded number is used as a key for encrypted communication.
本発明にかかる電子商取引の防犯システムの請求項 8記載の発明は、 クレジッ トカード、 キャッシュカード等の現金以外の商取引可能な媒体 に、 当該媒体の利用回数を記録する記録手段を設け、 当該利用回数に基 づき媒体の真偽を判断したことを特徴とする。 The invention according to claim 8 of the electronic commerce security system according to the present invention is a non-cash-enabled medium such as a credit card or a cash card. Recording means for recording the number of uses of the medium, and the authenticity of the medium is determined based on the number of uses.
本発明にかかる電子商取引の防犯システムの請求項 9記載の発明は、 クレジッ トカード、 キャッシュカード等の現金以外の商取引可能な媒体 に、 当該媒体の利用回数を累積的かつ減算不可能に記録する記録手段を 設け、 当 利用回数の減算による書換動作を行って媒体の真偽を判断し たことを特徴とする。 図面の簡単な説明  The invention according to claim 9 of the electronic commerce security system according to the present invention is a recording system for recording the number of times of use of the medium in a non-cash medium such as a credit card, a cash card, etc. in a cumulative and non-subtractable manner. Means is provided, and the authenticity of the medium is determined by performing a rewriting operation by subtracting the number of uses. BRIEF DESCRIPTION OF THE FIGURES
図 1は本発明による電子商取引の防犯システムに用いられるカードの 一例を示す図である。  FIG. 1 is a diagram showing an example of a card used in a security system for electronic commerce according to the present invention.
図 2は本発明による電子商取引の防犯システムの概略構成を示す図で ある。  FIG. 2 is a diagram showing a schematic configuration of an electronic commerce security system according to the present invention.
図 3は本発明にかかる電子商取引防犯システムにおける、 判定手段に 含まれるデータテーブルの一例を示す図である。  FIG. 3 is a diagram showing an example of a data table included in the determination means in the electronic commerce security system according to the present invention.
図 4は本発明にかかる電子商取引防犯システムの構成の一実施例を示 す図である。  FIG. 4 is a diagram showing one embodiment of the configuration of the electronic commerce security system according to the present invention.
図 5は本発明にかかる電子商取引防犯システムの動作を示すフローチ ヤートである。  FIG. 5 is a flowchart showing the operation of the electronic commerce security system according to the present invention.
図 6は本発明にかかる電子商取引防犯システムの構成の他の実施例を 示す図である。  FIG. 6 is a diagram showing another embodiment of the configuration of the electronic commerce security system according to the present invention.
図 7は本発明にかかる電子商取引防犯システムの構成の他の実施例を 示す図である。 発明を実施するための最良の形態  FIG. 7 is a diagram showing another embodiment of the configuration of the electronic commerce security system according to the present invention. BEST MODE FOR CARRYING OUT THE INVENTION
以下、 図面により本発明の実施の形態を詳細に説明する。 まず、 カード等を用いた不正行為には、 カードの偽造という物理的な 行為によるものと、 I D番号、 暗証番号等の不正入手 (詐取) という非 物理的な行為とによるものがある。 Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. First, fraudulent acts using cards and the like include physical acts such as counterfeiting cards, and non-physical acts such as illegally acquiring (frauding) ID numbers and PINs.
そこで、 力一ド偽造という物理的行為に対しては図 1 に示すように力 ード 1の模様として、 大理石の模様のように同じものが 2以上できない ものとし、 個々の模様 (パターン) に対応して固有の識別番号を予め定 めておく。 なお、 カード 1の裏面には磁気ス トライプが設けられ、 当該 磁気ス トライプにはカードの I D番号等の記憶情報が記憶されている。  Therefore, in response to the physical act of force forgery, as shown in Fig. 1, it is assumed that no more than two identical patterns, such as a marble pattern, can be made as a pattern of force 1, and each pattern Correspondingly, a unique identification number is determined in advance. Note that a magnetic stripe is provided on the back surface of the card 1, and the magnetic stripe stores stored information such as the ID number of the card.
したがって、 商取引の際には図 2 に示すように、 情報端末装置 2 (固 有識別情報読取手段並びに記録情報読取手段) との揷入口 2 aよ りカー ド 1 を挿入し、 情報端末装置 2 にてカードのパターンを読み取り、 力一 ドの磁気ス トライプに記憶された磁気データ情報と共に電話回線や専用 回線等のネヅ トワーク 3を介してホス トコンピュータ 4に転送し、 ホス トコンピュー夕 4ではカードのパターンによる固有識別番号と磁気デー 夕情報とを比較して偽造カードか否かをコンピュー夕等の判定手段にて 判断し、 商取引の成否を決定する。  Therefore, at the time of commercial transaction, as shown in FIG. 2, the card 1 is inserted from the entrance 2a to the information terminal device 2 (unique identification information reading means and recorded information reading means), and the information terminal device 2 Reads the pattern of the card and transmits it to the host computer 4 via the network 3 such as a telephone line or a dedicated line together with the magnetic data information stored in the magnetic stripe of the force. The unique identification number based on the card pattern is compared with the magnetic data information to judge whether the card is a counterfeit card by a computer or other judging means to determine the success or failure of the commercial transaction.
図 3はホス トコンピュータ 4に記憶された力一ド照合デ一夕のテープ ルを示す図であり、 同図に示すように、 磁気デ一夕等の記録情報 ( I D 番号等) に一対一に対応するカード固有識別番号を記憶し、 情報端末装 置から転送されたカード模様からカー ド固有識別番号を判定し、 該固有 識別番号と I D番号等の磁気データ情報とがー致した場合にのみ商取引 を許可する。  FIG. 3 is a diagram showing a table of data collation data stored in the host computer 4. As shown in FIG. 3, one-to-one correspondence with recorded information (ID numbers, etc.) such as magnetic data is shown. The card unique identification number corresponding to the ID is stored, the card unique identification number is determined from the card pattern transferred from the information terminal device, and when the unique identification number and the magnetic data information such as the ID number match, Only allow commercial transactions.
このように、 カー ド自体に固有の番号に相当する情報 (模様) を持た せ、 且つ、 磁気ス トライプに記憶した磁気データ情報と併せてカードの 真正について判断することができるので、 カー ド情報を不正に取得し、 各種情報を偽造力一 ドに転記して使用する等という不正行為を防止する ことができる。 なお、 上記実施例では情報端末装置 2からホス トコンビ ュ一夕 4に力一 ドのパターンデ一夕を転送し、 ホス トコンビュ一夕 4に てカードの固有識別番号を判断したが、 情報端末装置 2内にパターン読 み取り装置及び固有識別番号判定機能を備え、 ホス トコンピュータ 4に 対して固有識別番号及び磁気デ一夕に記憶された情報とを転送し、 ホス トコンピュー夕 4にて力一ドの真偽を判断するよう構成してもよい。 上記のように固有識別番号 (パターン) を有すカードを用いることに よ り、 カー ドの真正は判断することができるが、 他人のカードを拾得し 、 該拾得者が不正利用する場合には真正力一ドを用いる限り不正行為を 防止することは困難である。 そこで、 本人確認機能を備えたシステムを 次に説明する。 In this way, the card itself can be provided with information (pattern) corresponding to a unique number and the authenticity of the card can be determined together with the magnetic data information stored in the magnetic stripe. Fraudulent acts such as unauthorized acquisition of information and transfer of various information to counterfeit information be able to. In the above embodiment, the data pattern of the force is transferred from the information terminal device 2 to the host computer 4 and the unique identification number of the card is determined by the host computer 4. 2 has a pattern reading device and a unique identification number judgment function, transfers the unique identification number and the information stored in the magnetic disk to the host computer 4, and transfers the information to the host computer 4. It may be configured to determine the authenticity of the password. By using a card having a unique identification number (pattern) as described above, the authenticity of the card can be determined, but if another person's card is found and the person who has found it misuses it, It is difficult to prevent fraudulent activities as long as the genuine force is used. Therefore, a system having an identity verification function will be described below.
図 4は本発明に係る電子商取引の防犯システムの構成を示す図であり 、 2は力一ドの固有識別番号である模様及び磁気データを読み取る情報 端末装置、 5は本人確認機能を集中管理するホス トコンピュータ (判定 手段および更新通知手段) 、 6は金融会社 (カード発行会社) のホス ト コンビユー夕、 7は情報端末装置に併設され、 情報等を表示するデイス プレイ装置、 8はキーボード等のデータ入力装置 (データ入力手段) で ある。 以下、 電子商取引の防犯システムを図 4、 図 5等にしたがって説 明する。  FIG. 4 is a diagram showing the configuration of an electronic commerce security system according to the present invention. 2 is an information terminal device for reading patterns and magnetic data which are unique identification numbers of force, and 5 is for centrally managing an identity verification function. 6 is a host computer of a financial company (card issuing company), 7 is a display device that is attached to an information terminal device and displays information, etc., and 8 is a keyboard and other devices. It is a data input device (data input means). The security system for e-commerce is described below with reference to Figs.
まず、 利用に先立って、 カード利用者は 1回だけ利用可能な暗証番号 をカード会社等よ り入手しておき (ステップ S 1 ) 、 利用の際には力一 ド 1を情報端末装置 2 に挿入し (ステップ S 2 ) 、 かつ、 デ一夕入力装 置 8 よ り前記暗証番号を入力する (ステップ S 3 ) 。 すると情報端末装 置 2からは、 カード 1の固有識別情報 (模様) 、 カードの磁気データに 記憶された I D番号等の記録情報並びに暗証番号のデ一夕 Aがネッ トヮ —クを介してホス トコンピュ一夕 5に転送され、 該ホス トコンピュー夕 5では図 3に示したようなテ一ブルを参照し、 力一ド固有識別番号と磁 気デ一夕記憶情報とがー致するか否か判断する (ステップ S 4 ) 。 力一 ドが真正であると判断した場合 (ステップ S 4で Y E S ) 、 入力された 暗証番号が一致するか否か判断し (ステップ 5 ) 、 一致した場合にのみ 商取引を許可し (ステップ S 6 ) 、 その後、 力一ドによる決済を行うた めの購入金額情報、 支払い方法等のデータ Bが情報端末装置 2からホス トコンビユー夕 5を介して金融会社のホス トコンピュ一夕 6に転送され (ステップ S 7 ) 、 商取引が実行される。 First, prior to use, the card user obtains a password that can be used only once from a card company or the like (step S1), and sends a password 1 to the information terminal device 2 when using the card. It is inserted (step S2), and the password is input from the data input device 8 (step S3). Then, from the information terminal device 2, the unique identification information (pattern) of the card 1, the recording information such as the ID number stored in the magnetic data of the card 1, and the password A are transmitted via the network. Transferred to the host computer overnight 5 and the host computer In step 5, referring to the table as shown in FIG. 3, it is determined whether or not the force unique identification number matches the magnetic data storage information (step S4). If it is determined that the password is genuine (YES in step S4), it is determined whether or not the entered passwords match (step 5), and the commercial transaction is permitted only when the passwords match (step S6). ) Then, data B such as the purchase amount information and payment method for performing settlement by force are transferred from the information terminal device 2 to the host computer 6 of the financial company via the host computer 5 (step S 7), a commercial transaction is executed.
その後、 次回商取引時に有効な新しい暗証番号 (更新暗証番号) が本 人確認機能を集中管理するホス トコンピュータ 5の更新通知手段よりネ ヅ トワークを介して情報端末装置 2に返送され (ステップ S 8 ) 、 その 暗証番号がディスプレイ装置 7に表示される (ステップ S 9 ) 。 カード 利用者は更新された暗証番号を記憶したり、 控えたり して次回商取引時 に利用する。 なお、 新しい暗証番号が返送される際に、 ホス トコンビュ 一夕 5に記憶した暗証番号データも書き換え、 次回の商取引に備える。 一方、 カード固有識別情報と磁気データとがー致しない場合や、 暗証 番号が一致しない場合 ( S 4または S 5で N O ) 、 カードが偽造された か、 またはカード利用者の本人確認取れないと判断し、 商取引を不許可 とし、 その旨を情報端末装置 2に併設したディスプレイ装置 7に表示す る (ステップ S 1 0 ) 。  Thereafter, a new password (updated password) valid at the next business transaction is returned to the information terminal device 2 via the network from the update notification means of the host computer 5 that centrally controls the personal identification function (step S8). ), The password is displayed on the display device 7 (step S9). The card user memorizes or keeps a record of the updated personal identification number and uses it for the next commercial transaction. When a new PIN is returned, the PIN stored in the host convenience store 5 is also rewritten to prepare for the next commercial transaction. On the other hand, if the card unique identification information does not match the magnetic data, or if the PIN does not match (NO in S4 or S5), the card has been forged or the identity of the card user cannot be verified. Judgment is made, the commercial transaction is rejected, and a message to that effect is displayed on the display device 7 attached to the information terminal device 2 (step S10).
なお、 カードの紛失による力一ドの利用停止要請や支払い滞納等によ る利用停止 (登録抹消も含む) の場合には金融会社のホス トコンビユー 夕 6から本人確認機能を集中管理するホス トコンピュ一夕 5にデ一夕が 転送され、 当該ホス トコンビュ一夕 5 における判定手段にて利用可能フ ラグ (図 3参照) を変更する。  In the case of a request for suspension of use of the card due to loss of the card or suspension of use due to delinquency of payment (including deregistration), the host computer which centrally manages the identity verification function from the host company 6 of the financial company. The night is transferred on evening 5, and the available flags (see Fig. 3) are changed by the judgment means in the host computer overnight 5.
また、 前記実施例では一回の商取引毎に暗証番号を更新したが、 複数 回毎に変更してもよい。 更にカードに更新される暗証番号を記憶する部 分を設け、 情報端末装置に暗証番号を更新させる機能を持たせ、 カード を利用するに先だって、 力一ドに記憶された更新暗証番号とデータ入力 装置から入力された暗証番号とを比較して、 力一ド保有者の本人確認を 行うようにしてもよい。 In the above embodiment, the personal identification number is updated for each commercial transaction. It may be changed every time. In addition, a part for storing the security code to be updated on the card is provided, and the information terminal device is provided with a function to update the security code. Before using the card, the updated security code stored in the password and data input are entered. The identification of the force holder may be performed by comparing the password with the password input from the device.
なお、 更に更新される暗証番号と、 固定の暗証番号とを用い、 更新さ れる暗証番号をカードに記憶し、 一方、 固定の暗証番号はカード利用時 に当該利用者が本人確認のために入力するように二重の暗証番号を用い ることにより、 より一層安全性を高めることができる。  The updated security code and the fixed security code are used to store the updated security code on the card.On the other hand, the fixed security code is entered by the user to confirm the identity when using the card. The security can be further improved by using a double password in such a manner.
すなわち、 本発明に係る電子商取引の防犯システムでは、 カード自体 の真正を力一ドの模様等に基づく固有識別情報及び磁気デ一夕記憶情報 によって判断すると共に、 1回もしくは所定回数の商取引に有効な暗証 番号を本人確認機能を集中管理するホス トコンピュー夕よりカード保有 者に通知し、 商取引の際に入力された暗証番号と記憶されている暗証番 号とを比較することにより本人確認を行い、 安全な電子商取引を実現す ることができる。  That is, in the electronic commerce security system according to the present invention, the authenticity of the card itself is determined by the unique identification information based on the force pattern and the magnetic storage information, and is effective for one or a predetermined number of commercial transactions. The host computer, which centrally controls the personal identification function, notifies the card holder of a personal identification number, and performs personal identification by comparing the personal identification number entered during commercial transactions with the stored personal identification number. Secure electronic commerce can be realized.
上述した防犯システムにおいて、 情報端末装置 2 とホス トコンビユー 夕 4、 5 との間の通信や、 ホス トコンピュータ 4、 5 と金融会社のホス トコンピュータ 6 との間の通信は、 安全性を高めるため暗号通信を行う 。 この場合、 共通鍵暗号方式を用い、 共通鍵としてカードの暗証番号を 利用する。 共通鍵暗号方式において、 通常は、 暗号通信のみを目的とす る情報を共通鍵として使用するが、 上述のシステムでは暗証番号が商取 引の度に変更されるので、 これを利用すれば共通鍵が頻繁に変更され、 暗号通信における安全性が極めて高く、 より信頼性の高い電子商取引を 行うことができる。 なお暗証番号と共通鍵のデータ長が異なる場合等、 暗証番号を直接的に共通鍵として使用できない場合には、 暗証番号を一 定の規則に従って符号化したものを共通鍵として用いればよい。 In the above security system, the communication between the information terminal device 2 and the host computers 4 and 5 and the communication between the host computers 4 and 5 and the host computer 6 of the financial company are to improve security. Perform encrypted communication. In this case, a common key cryptosystem is used, and the personal identification number of the card is used as the common key. In the common key cryptosystem, usually, information intended only for encrypted communication is used as a common key.However, in the above-mentioned system, the password is changed every time a commercial transaction is made. Keys are changed frequently, and cryptographic communication is extremely secure, enabling more reliable e-commerce. If the password cannot be used directly as the common key, for example, when the data length of the password and the common key are different, What is encoded according to a predetermined rule may be used as a common key.
なお、 共通鍵暗号方式に代えて公開鍵暗号方式により暗号通信を行う ことも可能であり、 その場合には公開鍵についても暗証番号を利用する が、 暗証番号を直接利用することは暗証番号を公開することにもなり安 全上問題があるので、 暗証番号を一定の規則で符号化したものを公開鍵 として用いればよい。  It is also possible to perform encrypted communication using public key cryptography instead of symmetric key cryptography, in which case the secret number is used for the public key. Since it becomes public and there is a security problem, it is only necessary to use a code obtained by encoding a personal identification number according to a certain rule as a public key.
また、 本実施例では電子決済に可変暗証番号方式を用いる場合を説明 しているが、 本人認証を伴うデータ送信等、 可変暗証番号を入力させた 上で重要なデータを送受信する暗号通信に広く適用可能である。  Also, in this embodiment, the case where the variable password method is used for electronic settlement is described, but it is widely used for cryptographic communication for transmitting and receiving important data after inputting the variable password, such as data transmission with personal authentication. Applicable.
図 6は本発明に係る電子商取引の防犯システムの他の構成を示す図で ある。 図 4に示した実施例では更新された暗証番号は店舗等に設置され たディスプレイ装置 7に表示していたので、 暗証番号を力一ド保有者以 外の者も視認することができ、 'その安全性が万全ではなかったが、 図 6 に示したように更新された暗証番号を力一ド保有者が有す携帯端末 9に 公衆回線ゃィン夕一ネッ ト等のネッ トワーク網 1 0を介して音声または 電子データとして伝送することにより、 より一層、 安全性を高めること ができる。 なお、 更新暗証番号の伝送方法のみ異なり、 他の処理等は前 記実施例と同様であるため説明は省略する。  FIG. 6 is a diagram showing another configuration of the electronic commerce security system according to the present invention. In the embodiment shown in FIG. 4, the updated personal identification number is displayed on the display device 7 installed in the store or the like, so that the personal identification number can be visually recognized by anyone other than the force holder. Although the security was not perfect, as shown in Fig. 6, the updated PIN was transferred to the mobile terminal 9 owned by the force holder on a network such as a public network By transmitting the data as voice or electronic data via 0, the security can be further improved. Note that only the method of transmitting the updated personal identification number is different, and the other processes are the same as those in the above-described embodiment, and thus description thereof will be omitted.
図 7は本発明に係る電子商取引の防犯システムの他の構成を示す図で ある。 近年は特にコンビユー夕の普及やインターネッ ト基盤の確立によ り個人商取引がィ ン夕一ネッ トを介して行われることが多くなつており 、 力一ド等の媒体を利用しない場合の防犯システムについて図 7を用い て説明する。  FIG. 7 is a diagram showing another configuration of the electronic commerce security system according to the present invention. In recent years, personal commerce has often been conducted via the Internet, especially due to the spread of convenience stores and the establishment of the Internet infrastructure. This will be described with reference to FIG.
同図において、 5は本人確認機能を集中管理するホス トコンピュータ 、 6は金融会社 (カード発行会社) のホス トコンピュータ、 1 0は公衆 回線またはインターネッ ト等のネッ トワーク、 1 1は商品やサービス等 をインターネッ ト等を介して案内、 提供するサービス提供者の端末装置In the figure, 5 is a host computer for centrally managing the identity verification function, 6 is a host computer of a financial company (card issuing company), 10 is a network such as a public line or the Internet, and 11 is a product or service. etc Terminal device of a service provider that provides and provides services via the Internet, etc.
、 1 2は商品やサービスの購入希望者の端末装置である。 Reference numerals 1 and 2 denote terminal devices of purchasers of goods and services.
購入希望者 (カード保有者) は商品等を購入希望する場合、 サービス 提供者に自己の住所等の個人情報や代金を決済するためにクレジッ ト力 —ドもしくはキヤッシュカードの I D番号及びこの商取引にのみ利用さ れる暗証番号をネッ トワーク 1 0を介してサービス提供者の端末装置に 転送する。 サービス提供者は端末装置 1 1 もしくは図示を省略した情報 端末装置 2等を用いて商取引デ一夕をホス トコンピュータ 5に転送し、 当該ホス トコンピュータ 5は判定手段により暗証番号が一致するか否か を判断し、 商取引成立の是非を決定する。  If the purchaser (card holder) wishes to purchase a product, the credit card is required to settle the personal information such as his / her address and the price to the service provider. The personal identification number used only is transferred to the terminal device of the service provider via the network 10. The service provider transfers the commercial transaction data to the host computer 5 using the terminal device 11 or the information terminal device 2 (not shown), and the host computer 5 determines whether or not the passwords match by the determination means. And decide whether or not to establish a commercial transaction.
暗証番号が正しい場合には、 ホス トコンピュータ 5は所定の決済処理 を行い、 さらに次回以降の商取引に利用できる更新された暗証番号を公 衆回線等を介して購入希望者の端末装置 1 2や或いは購入希望者が保有 する携帯端末 9に伝送する。 これにより、 カードそのものを物理的に利 用せず商取引を行う場合であっても、 カード利用のための暗証番号が所 定取引毎に更新され、 且つ更新された暗証番号はカード保有者のみが把 握することができるので安全な取引を行うことができる。  If the password is correct, the host computer 5 performs a predetermined settlement process, and further updates the password used for the next and subsequent business transactions via the public line or the like to the terminal device 12 or the like of the purchaser. Alternatively, it is transmitted to the portable terminal 9 owned by the purchaser. As a result, even when conducting business transactions without physically using the card itself, the PIN for card use is updated for each prescribed transaction, and the updated PIN is only available to the cardholder. Because it can be grasped, it is possible to conduct secure transactions.
なお、 本発明は、 カード類を用いた商取引のみならず、 カード類を用 いない商取引、 例えばコンピュー夕間の電子取引等において I D番号、 暗証番号等が他人によって不正に利用されることに起因した違法行為を 防止する場合にも有効に機能するものである。  In addition, the present invention is not limited to commercial transactions using cards, but also to commercial transactions using no cards, for example, electronic transactions during a computer, etc., in which an ID number, a personal identification number, etc. are illegally used by others. It also works effectively to prevent illegal activities.
• 次に本発明に係る電子商取引の防犯システムの他の構成を説明する。 一般に、 キャッシュカードゃクレジッ トカードに磁気的に記録されるデ —夕は書換可能になっているため、 偽造される可能性がある。 I C力一 ドについても、 カード固有の情報は予め書換不可能なメモリ (R O M ) に記憶されるが、 カードの利用に際し変更する必要がある情報は書換可 能なメモリ (R A M ) に記憶されるので偽造される可能性がある。 Next, another configuration of the electronic commerce security system according to the present invention will be described. Generally, data that is magnetically recorded on a cash card or credit card is rewritable and may be forged. For IC cards, card-specific information is stored in a non-rewritable memory (ROM) in advance, but information that needs to be changed when using the card is rewritable. May be forged because it is stored in a functional memory (RAM).
一方、 カードには種々の情報が記録され、 カードの利用回数が記録さ れることも多いが、 この 「利用回数」 というはカードの利用によって刻 々と変化し、 数値が増えることはあっても減ることはないという特徴を 有する。  On the other hand, various information is recorded on the card, and the number of times the card has been used is often recorded, but the number of times the number of uses changes every moment with the use of the card. It has the characteristic that it does not decrease.
そこで、 この利用回数を利用してカードの真性を判断するものである 。 ェ Cカード内には書換不可能なメモリ等の記録手段を予め組み込んで おき、 これに I Cカードの利用回数を累積的に記録していく。 I Cカー ドにはその利用に応じて利用回数が積算されていく。  Therefore, the authenticity of the card is determined using the number of times of use. (E) A recording means such as a non-rewritable memory is installed in the C card in advance, and the number of times of use of the IC card is cumulatively recorded therein. The number of uses is added to the IC card according to the use.
例えば、 利用回数が 3回の I Cカードがあり、 この I Cカードを再び 利用した場合を考えると、 I C力一ドはその利用時に情報端末装置とし ての I C力一ドリーダライタに取り込まれ、 「 3回」 という利用回数デ 一夕のほか各種デ一夕が読み出される。 そして I Cカードの利用回数は 積算され、 「4回」 というデ一夕が記録されるが、 その前に偽造カード かどうかの判定を行う。 ここでは現在の利用回数より少ない利用回数 ( 例えば 3— 1 = 2回) を I Cカードに記録してみる。 I C力一ドリ一ダ ライ夕を用いてそのような書き込み動作を行ったのち、 再び I Cカード リーダライ夕から I Cカードの利用回数データの読み出しを行ってみて 、 それが 「 3回」 と読み出された場合は真性のェ Cカード、 書換後の 「 2回」 と読み出された場合には偽物の I Cカードと判断する。  For example, consider the case where there is an IC card that has been used three times and this IC card is used again. When the IC card is used, the IC card reader is taken into the IC terminal reader / writer as an information terminal device, and "3 times" In addition to the number of times of use, various types of data are read. Then, the number of uses of the IC card is added up, and a record of “4 times” is recorded. Before that, it is determined whether the card is a counterfeit card. Here, the number of times of use (for example, 3-1 = 2 times) less than the current number of uses is recorded on the IC card. After performing such a write operation using the IC reader / writer, read the IC card usage count data again from the IC card reader / writer and read it as "3 times". If the card is read as "Authentic C card" when it is rewritten and "2 times" after rewriting, it is judged as a fake IC card.
またホス トコンピュータとの間で利用回数の照合も行う。 I Cカード リーダによって読み出された利用回数デ一夕はネッ トワークを介してホ ス トコンピュー夕に入力され、 ホス トコンピュー夕に記録された利用回 数と一致しない場合には偽造カードと判断し、 一致した場合には真性の カードと判断する。 利用回数はカードの利用によって刻々と変化するの で、 たとえ真性の I Cカードからデ一夕を読みとつて偽造カードを作つ たとしても、 その後に真性の I cカードが利用された場合には利用回数 データが書き換えられ、 真性の I Cカードの情報が変更されるので、 そ の後に使用された.利用回数の増加していない I C力一ドが偽造であるこ とを判定することができる。 It also checks the number of uses with the host computer. The usage count read by the IC card reader is input to the host computer via the network, and if it does not match the usage count recorded on the host computer, it is determined to be a counterfeit card and matches. If so, the card is judged to be a true card. Since the number of times of use changes every moment with the use of the card, even if a fake card is created by reading the data from an authentic IC card Even if the IC card was subsequently used, the data on the number of times of use was rewritten and the information on the authentic IC card was changed, so the card was used afterwards. It can be determined that the missing IC code is counterfeit.
真性の I Cカードと判断された場合には、 利用回数を加算する書き込 みを行い、 ここでは 3 + 1 = 「 4回」 と記録する。 このように記録され た利用回数は、 カードの利用により刻々と変化し、 しかも再度の記録に より増やすことは出来ても減らすことはできないので、 I Cカードの真 性を判断する上できわめて有効である。  If it is determined that the card is an authentic IC card, write to add the number of uses, and record 3 + 1 = “4 times”. The number of times of use recorded in this way changes every moment with the use of the card, and can be increased by re-recording but cannot be reduced, so it is extremely effective in determining the authenticity of an IC card. is there.
I C力一ドに製造段階で組み込まれる書換不可能なメモリとしては種 々のものが考えられるが、 例えば一回のみ書込可能なメモリの書込領域 に、 累積的な書き込みを行っていく方式、 その他リードアッ トワンス方 式の C D Rのような光学的方式を用いてもよい。  There are various types of non-rewritable memory that can be incorporated into the IC at the manufacturing stage. For example, a method of cumulative writing to the write area of a memory that can be written only once Alternatively, an optical system such as a read-up-once CDR may be used.
なお I C力一ドへの利用回数の記録は、 1回の利用ごとに記録して行 くのではなく、 所定回数の利用ごと、 例えば 1 0回ごとに記録するよう にしてもよい。  It should be noted that the number of uses in the IC card may be recorded not only for each use but also for every predetermined number of uses, for example, every 10 times.
請求項 1記載の発明では、 同じカードを 2枚以上作成することができ ず、 カード等の偽造を防止することができると共に、 カードを物理的に 偽造してもカードに記憶された記憶データとカードの固有識別番号とを 照合して力一ドの真正を判断するので偽造力一ドによる取引を防止でき 、 安全に商取引を行うことができる。  According to the first aspect of the present invention, it is not possible to create two or more identical cards, thereby preventing forgery of a card or the like, and preventing the storage data stored in the card from being physically forged. Since the authenticity of the password is determined by collating with the unique identification number of the card, it is possible to prevent the transaction by the counterfeit password and to perform the business transaction safely.
請求項 2記載の発明では力一ドに記憶された記憶データとカードの固 有識別番号とを照合してカードの真正を判断するので偽造カードによる 取引を防止でき、 安全に商取引を行うことができる。  In the invention described in claim 2, since the authenticity of the card is determined by comparing the stored data stored in the force card with the unique identification number of the card, it is possible to prevent transactions with counterfeit cards and to conduct business transactions safely. it can.
請求項 3記載の発明では、 所定の商取引毎に可変される暗証番号と力 一ドの固有識別情報、 カードに記憶された記憶情報を用いることにより 、 カードの真正並びに本人確認を行うことができるので、 より一層安全 に商取引を行うことができる。 According to the invention described in claim 3, by using a personal identification number and a unique identification information of a password, which are changed for each predetermined business transaction, and storage information stored in a card, Since the authenticity and identity of the card can be confirmed, business transactions can be performed more safely.
請求項 4記載の発明では、 一回の商取引毎に可変される暗証番号と力 ―ドの固有識別情報、 カードに記憶された記憶倩報を用いることによ り 、 カードの真正並びに本人確認を行うことができるので、 より一層安全 に商取引を行うことができる。  According to the invention described in claim 4, the authenticity of the card and the identity verification can be confirmed by using the personal identification number and the unique identification information of the password, which are changed for each commercial transaction, and the memory information stored in the card. It is possible to conduct business transactions even more safely.
請求項 5記載の発明では、 可変される更新暗証番号をカード保有者が 有す携帯端末等に公衆回線を介して伝送されるのでカー ド利用者のみが 更新通知された暗証番号を知ることができよ り一層安全に商取引を行う ことができる。  According to the invention described in claim 5, since the variable update PIN is transmitted to the mobile terminal or the like of the card holder via the public line, only the card user can know the PIN notified of the update. Business transactions can be carried out even more securely.
請求項 6記載の発明では、 クレジッ トカード等の I D番号と所定回数 の商取引のみ有効な暗証番号を送信し、 暗証番号が予め定められた暗証 番号と一致した場合にのみ商取引を許可し、 さらに次回以降の商取引に て有効な更新暗証番号を公衆回線等を介してカード保有者の端末もしく は携帯端末に伝送したので、 暗証番号が第三者に遺漏せず、 安全な商取 引を行うことができる。  According to the invention described in claim 6, an ID number such as a credit card and a valid PIN are transmitted only for a predetermined number of commercial transactions, the commercial transaction is permitted only when the PIN coincides with a predetermined PIN, and the next Since the updated security code valid for subsequent commercial transactions was transmitted to the cardholder's terminal or mobile terminal via a public line, etc., the security code was not leaked to a third party and secure business transactions were conducted. be able to.
請求項 7記載の発明では、 情報端末装置が各種情報を送受信する際に 暗号通信を行い、 前記暗証番号又はこれを符号化した番号を喑号通信の 鍵としたので、 暗号通信における安全性が極めて高く、 より信頼性の高 い電子商取引を行う ことができる。  According to the invention of claim 7, when the information terminal device transmits and receives various types of information, the information terminal device performs cryptographic communication and uses the personal identification number or a code obtained by encoding the personal identification number as a key for symbol communication. It can carry out extremely high-reliability electronic commerce.
請求項 8記載の発明では、 クレジッ トカード、 キャッシュカード等の 現金以外の商取引可能な媒体に、 当該媒体の利用回数を記録する記録手 段を設け、 当該利用回数に基づき媒体の真偽を判断したので、 刻々と変 化する利用回数の特徴をいかして偽造カードによる取引を防止でき、 安 全に商取引を行う ことができる。  In the invention described in claim 8, a recording means for recording the number of times the medium has been used is provided on a non-cash medium such as a credit card or a cash card that can be used for business transactions, and the authenticity of the medium is determined based on the number of uses. Therefore, it is possible to prevent transactions with counterfeit cards by making use of the characteristics of the ever-changing number of times of use, and to conduct business transactions safely.
請求項 9記載の発明では、 クレジッ トカード、 キヤヅシュカード等の 現金以外の商取引可能な媒体に、 その利用回数を累積的かつ減算不可能 に記録する記録手段を設け、 当該利用回数の減算による書換動作を行つ て媒体の真偽を判断したので、 刻々と変化しかつ数値が増えることはあ つても減ることのない利用回数の特徴をいかして偽造カードによる取引 を防止でき、 安全に商取引を行うことができる。 According to the invention described in claim 9, a credit card, a cash card, etc. A recording means for recording the number of times of use, cumulatively and non-subtractably, is provided on a medium other than cash that can be traded, and the rewriting operation is performed by subtracting the number of uses to judge the authenticity of the medium. By utilizing the characteristic of the number of times of use that does not change even if the number changes and the number increases, it is possible to prevent transactions with counterfeit cards and conduct business transactions safely.

Claims

請 求 の 範 囲 The scope of the claims
1 . クレジッ トカード、 キャッシュカード等の現金以外の商取引可能な 媒体に、 媒体固有の模様を付し、 当該模様による媒体固有識別番号と、 媒体の磁気データに記憶された情報とを照合して媒体の真偽を判断した ことを特徴とする電子商取引の防犯システム。 1. A medium unique to the medium, such as a credit card or a cash card, that can be used for commercial transactions, is provided with a pattern unique to the medium, and the medium is identified by comparing the medium-specific identification number based on the pattern with the information stored in the magnetic data of the medium. An electronic commerce security system characterized by determining the authenticity of the e-commerce.
2 . クレジッ トカード、 キャッシュカード等の現金以外の商取引可能な 媒体であって、 該媒体固有の模様を読み取る媒体固有識別情報読み取り 手段並びに媒体の磁気データ等の記録情報を読み取る記録情報読み取り 手段とを備えた情報端末装置と、  2. A medium other than cash, such as a credit card or a cash card, which can be used for commercial transactions, and a medium-specific identification information reading means for reading a pattern unique to the medium and a recording information reading means for reading recording information such as magnetic data of the medium. An information terminal device comprising:
情報'端末装置から転送された媒体固有識別情報及び記録情報とを比較 し、 カードの真正を判断する判定手段とを備えたことを特徴とする電子 商取引の防犯システム。 ·  A security system for electronic commerce, comprising: means for comparing the information unique to the medium and the recorded information transferred from the information terminal device to determine the authenticity of the card. ·
3 . 前記情報端末装置は暗証番号を入力可能なデータ入力手段を備え、 前記判定手段は前記媒体固有識別情報、 記録情報及び暗証番号に基づき カードの真正並びに本人確認を判断すると共に、 商取引の完了時に次回 以降の商取引に有効な更新された暗証番号を前記情報端末装置に伝送し たことを特徴とする請求項 2記載の電子商取引の防犯システム。  3. The information terminal device includes a data input unit capable of inputting a personal identification number, and the determining unit determines the authenticity and identity of the card based on the medium unique identification information, the record information and the personal identification number, and completes the transaction. 3. The electronic commerce crime prevention system according to claim 2, wherein an updated personal identification number valid for the next and subsequent commercial transactions is sometimes transmitted to the information terminal device.
4 . 前記暗証番号は一回の商取引が完了する毎に前記判定手段からカー ド利用者に更新通知されることを特徴とする請求項 3記載の電子商取引 の防犯システム。 4. The electronic commerce security system according to claim 3, wherein the personal identification number is notified to the card user by the determination means every time one commercial transaction is completed.
5 . 次回以降の商取引に有効な更新された暗証番号は公衆回線を介して 力一ド保有者が有する携帯端末に伝送することによりカード利用者に更 新通知したことを特徴とする請求項 3記載の電子商取引の防犯システム  5. The updated personal identification number valid for the next and subsequent commercial transactions is notified to the card user by transmitting the updated personal identification number to the portable terminal owned by the force holder via a public line. Electronic commerce security system described
6 . クレジッ トカード、 キャッシュカード等の現金以外の商取引可能な 媒体により決済を行うシステムにおいて、 ネッ トワーク等を介して媒体 に関連した I D番号等のデータ並びに所定回数の商取引にのみ有効な暗 証番号を受信し、 商取引の成立の是非を判定する判定手段と、 6. Non-cash commercial transactions such as credit cards and cash cards are possible In a system for performing settlement using a medium, a means for receiving data such as an ID number related to the medium and a password valid only for a predetermined number of commercial transactions over a network or the like, and determining whether or not the commercial transaction has been established. ,
商取引が成立した際に所望の決済処理を行う と共に、 次回以降の商取 引に有効な更新された暗証番号を公衆回線等を介して力一ド保有者の端 末もしくは携帯端末に伝送することにより力一ド利用者に暗証番号を更 新通知する手段を備えたことを特徴とする電子商取引の防犯システム。  Perform the desired settlement processing when the commercial transaction is completed, and transmit the updated password valid for the next and subsequent business transactions to the terminal of the mobile phone holder or a mobile terminal via a public line or the like. A security system for e-commerce, characterized in that the system has a means for notifying a user of a password update.
7 . 前記情報端末装置は、 各種情報を送受信する際に暗号通信を行い、 かつ前記暗証番号又はこれを符号化した番号を暗号通信の鍵としたこと を特徴とする請求項 3乃至 6のいずれか 1つの請求項記載の電子商取引 の防犯システム。 7. The information terminal device performs cryptographic communication when transmitting and receiving various information, and uses the password or a code obtained by encoding the password as a key for cryptographic communication. An electronic commerce security system according to any one of the preceding claims.
8 . クレジッ トカード、 キャッシュ力一ド等の現金以外の商取引可能な 媒体に、 当該媒体の利用回数を記録する記録手段を設け、 当詨利用回数 'に基づき媒体の真偽を判断したことを特徴とする電子商取引の防犯シス テム。  8. A means for recording the number of times the medium has been used is provided on a medium other than cash, such as a credit card, cash card, etc., which can be used for commercial transactions, and the authenticity of the medium is determined based on the number of times the medium has been used. E-commerce security system.
9 . クレジッ トカード、 キャッシュカード等の現金以外の商取引可能な 媒体に、 書換不可能な記録手段を設け、 当該記録手段に対する記録内容 の書換動作を行って媒体の真偽を判断したことを特徴とする電子商取引 の防犯システム。  9. A non-cash readable medium such as a credit card or a cash card is provided with a non-rewritable recording means, and the recorded contents of the recording means are rewritten to judge the authenticity of the medium. E-commerce crime prevention system.
PCT/JP2001/009023 2000-11-15 2001-10-15 Security system for electronic commerce WO2002041207A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2000-348340 2000-11-15
JP2000348340A JP2004005001A (en) 2000-11-15 2000-11-15 Security system of electronic commerce

Publications (1)

Publication Number Publication Date
WO2002041207A1 true WO2002041207A1 (en) 2002-05-23

Family

ID=18821943

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2001/009023 WO2002041207A1 (en) 2000-11-15 2001-10-15 Security system for electronic commerce

Country Status (2)

Country Link
JP (1) JP2004005001A (en)
WO (1) WO2002041207A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11275869B2 (en) * 2017-12-29 2022-03-15 Feitian Technologies Co., Ltd. Credit card and operating method therefor

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007012815A1 (en) * 2005-07-27 2007-02-01 Ingenia Technology Limited Authenticity verification

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS58117538U (en) * 1982-02-04 1983-08-11 オムロン株式会社 User verification device in transaction processing device
JPS60196873A (en) * 1984-03-19 1985-10-05 Omron Tateisi Electronics Co Device for preventing ic card from illegal use
JPS6129595A (en) * 1984-07-20 1986-02-10 株式会社日立製作所 Identification system by memory-card
US4804825A (en) * 1986-06-17 1989-02-14 Casio Computer Co., Ltd. I C card system
JPH10105614A (en) * 1996-10-02 1998-04-24 Dainippon Printing Co Ltd Online shopping system using credit card
JPH11120397A (en) * 1997-10-21 1999-04-30 Ntt Power And Building Facilities Inc Security system and control method thereof
JPH11195072A (en) * 1997-10-17 1999-07-21 Dainippon Printing Co Ltd Account settlement system and medium where code information for account settlement is recorded
JPH11250012A (en) * 1998-03-04 1999-09-17 Hitachi Ltd Unorthorized use preventing method in information system
JP2000057305A (en) * 1998-08-07 2000-02-25 Dainippon Printing Co Ltd Ic card and password changing method

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS58117538U (en) * 1982-02-04 1983-08-11 オムロン株式会社 User verification device in transaction processing device
JPS60196873A (en) * 1984-03-19 1985-10-05 Omron Tateisi Electronics Co Device for preventing ic card from illegal use
JPS6129595A (en) * 1984-07-20 1986-02-10 株式会社日立製作所 Identification system by memory-card
US4804825A (en) * 1986-06-17 1989-02-14 Casio Computer Co., Ltd. I C card system
JPH10105614A (en) * 1996-10-02 1998-04-24 Dainippon Printing Co Ltd Online shopping system using credit card
JPH11195072A (en) * 1997-10-17 1999-07-21 Dainippon Printing Co Ltd Account settlement system and medium where code information for account settlement is recorded
JPH11120397A (en) * 1997-10-21 1999-04-30 Ntt Power And Building Facilities Inc Security system and control method thereof
JPH11250012A (en) * 1998-03-04 1999-09-17 Hitachi Ltd Unorthorized use preventing method in information system
JP2000057305A (en) * 1998-08-07 2000-02-25 Dainippon Printing Co Ltd Ic card and password changing method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11275869B2 (en) * 2017-12-29 2022-03-15 Feitian Technologies Co., Ltd. Credit card and operating method therefor

Also Published As

Publication number Publication date
JP2004005001A (en) 2004-01-08

Similar Documents

Publication Publication Date Title
JP6360101B2 (en) Payment system and method using IC identification card
CN1307594C (en) Payment system
JP5552555B2 (en) Transaction authentication using the network
US8315948B2 (en) Method and device for generating a single-use financial account number
US7844550B2 (en) Method and device for generating a single-use financial account number
US20010034717A1 (en) Fraud resistant credit card using encryption, encrypted cards on computing devices
US20070198410A1 (en) Credit fraud prevention systems and methods
US20070241180A1 (en) Method of settling signatureless payment of bank card sales slip in mobile terminal, and system therefor
US20010032192A1 (en) Method and apparatus for improved financial instrument processing
US20040188519A1 (en) Personal biometric authentication and authorization device
US20030191945A1 (en) System and method for secure credit and debit card transactions
CN101512957A (en) Transaction authentication using network
KR20010025234A (en) A certification method of credit of a financing card based on fingerprint and a certification system thereof
US20140156535A1 (en) System and method for requesting and processing pin data using a digit subset for subsequent pin authentication
CN101048794A (en) Method and system for authorizing a transaction using a dynamic authorization code
JP2005521961A (en) System and method for secure transaction of credit and debit cards
Radu Implementing electronic card payment systems
US20020095580A1 (en) Secure transactions using cryptographic processes
JP2007513395A (en) Security method and apparatus for preventing credit card fraud
US20020073315A1 (en) Placing a cryptogram on the magnetic stripe of a personal transaction card
WO2002041207A1 (en) Security system for electronic commerce
JP3874491B2 (en) Prepaid IC card system and prepaid IC card
CN108171510A (en) Offline payment method, apparatus and system to network payment account universal retrieval
JP2007065727A (en) Ic card use system
JP2002190005A (en) Multifunctional ic card

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): IN JP KR US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: JP

122 Ep: pct application non-entry in european phase