CN101496024B - Net settlement assisting device - Google Patents

Net settlement assisting device Download PDF

Info

Publication number
CN101496024B
CN101496024B CN2006800552299A CN200680055229A CN101496024B CN 101496024 B CN101496024 B CN 101496024B CN 2006800552299 A CN2006800552299 A CN 2006800552299A CN 200680055229 A CN200680055229 A CN 200680055229A CN 101496024 B CN101496024 B CN 101496024B
Authority
CN
China
Prior art keywords
assisting device
net settlement
disposal password
information
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2006800552299A
Other languages
Chinese (zh)
Other versions
CN101496024A (en
Inventor
田中俊
川胜实之
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JCB Co Ltd
Original Assignee
JCB Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JCB Co Ltd filed Critical JCB Co Ltd
Publication of CN101496024A publication Critical patent/CN101496024A/en
Application granted granted Critical
Publication of CN101496024B publication Critical patent/CN101496024B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/14Payment architectures specially adapted for billing systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A net settlement assisting device is provided. The net settlement assisting device comprises a display (11), a card information storage section (13) where card information on a card contractor is so stored in advance as to be prevented from being read from outside, an authentication information storage section (15) where authentication information on the contractor is so stored in advance as to prevented from being read from outside, an OTP creation information storage section (17) where OTP creation information is stored in advance as to be prevented from being read from outside, a numeric keypad (12a), authenticating means (14) for authenticating the operator on the basis of the information inputted by means of the numeric keypad (12a) and displaying the card information on the display (11), and OTP creating means (16) for creating a one-time password according to the OTP creation information after the card information is displayed and displaying the one-time password on the display (11).

Description

Net settlement assisting device
Technical field
The present invention relates to net settlement assisting device.
Background technology
In the past, card recognition information (card number) and the password of pre-stored creditable card or bank card etc. in mobile phone, when the password that is input to mobile phone is consistent with the password of storing, show card number by the display at mobile phone, just can make mobile phone also possess the function (for example, with reference to patent documentation 1) of card.
, on the mobile phone of the subsidiary card function of this kind, exist the problem of following explanation.
Patent documentation 1: the open patent 2002-64597 of Japan communique
The data storage of the mobile phone of the subsidiary card function that patent documentation 1 is put down in writing, elimination etc. are undertaken by communication.In other words, this mobile phone take by network connection as prerequisite.
So, if in the mobile phone of network-connectable pre-stored card number or password, then because of improper access etc., these card numbers or password by malice third party eavesdropping, distort dangerous large, can cause the problem on the safety.
So, if mobile phone is constituted not network-connectable, the doubt disappearance that then perhaps can make above-mentioned eavesdropping or distort.
, mobile phone generally also has network communicating function except basic call function at present, make mobile phone become the not formation of network-connectable, and this is inconvenient in reality.Again, constant for the formation of the mobile phone that will maintain the statusquo, and stored card number or password can't be read from the outside, need to possess encipheror etc., can make the formation complicated.
Again, in the situation of the mobile phone of patent documentation 1, even not by the above-mentioned improper access of passing through network, as long as the card number that is presented on the display of mobile phone is sniffed once by the third party, then the third party just can use this card number, carry out the network commercial transactions of credit checkout in the Internet, with regard to this point, security is also lower.
In addition, this case patent applicant is in view of the above-mentioned this situation that only just can carry out network commercial transactions with card number, and beginning to use a kind of except the prompting of card number, also must through prompting hold the member hold member's authenticate himself of predetermined fixed password, just can carry out this net settlement system of network commercial transactions.
, if this fixed password also in case learnt by the third party, then the third party still can palm off the member that holds and carries out network commercial transactions, also may not say safe.
Summary of the invention
The present invention researches and develops in view of above existing issue, and its purpose is to provide a kind of so that the danger that improper access etc. cause card number or password to be ravesdropping, to distort disappears, and can more safely carry out the net settlement assisting device of network commercial transactions.
The invention of claim 1 is
A kind of net settlement assisting device is the net settlement assisting device of movable-type, wherein, possesses: display; The card image storage part, this card image storage part is with the pre-stored card image that the card promisor's who comprises at least credit card or transferred account card etc. identifying information is arranged of the state that can't read from the outside; The authentication information storage part, this authentication information storage part is with the pre-stored authentication information that has to carry out described promisor's authenticate himself of the state that can't read from the outside; OTP (One Time Password: disposal password) information generated storage part, this OTP information generated storage part take the state that can't read from the outside pre-stored have be associated with described card image and by the intrinsic OTP information generated of described net settlement assisting device; Input block, this input block is inputted described authentication information; Authentication ' unit, this authentication ' unit is according to the input message of inputting from described input block, whether the operator who carries out described net settlement assisting device is described promisor's authenticate himself, when confirming as me, at least read the central described identifying information of described card image, and be shown on the described display; And the disposal password generation unit, this disposal password generation unit according to described OTP information generated, generates disposal password, and is shown on the described display after described card image is shown; When by described disposal password, carried out described promisor's authenticate himself, and when having confirmed as me, so that it is feasible to use the network commercial transactions of the checkout of described identifying information to become.
The invention of claim 2 is
A kind of net settlement assisting device, at promisor's terminals such as the card promisors' such as credit card or transferred account card mobile phone or personal computer and the certificate server that carries out described promisor's authenticate himself each other in the net settlement system of network connection, the net settlement assisting device of the movable-type that when the network commercial transactions of the checkout of the identifying information that has used described promisor, is used, wherein, described net settlement assisting device possesses: display; The card image storage part, this card image storage part is with the pre-stored card image that the identifying information that comprises at least described promisor is arranged of the state that can't read from the outside; The authentication information storage part, this authentication information storage part is with the pre-stored authentication information that has to carry out described promisor's authenticate himself of the state that can't read from the outside; OTP information generated storage part, this OTP information generated storage part take the state that can't read from the outside pre-stored have be associated with described card image and by the intrinsic OTP information generated of described net settlement assisting device; Input block, this input block is inputted described authentication information; Authentication ' unit, this authentication ' unit is according to the input message of inputting from described input block, whether the operator who carries out described net settlement assisting device is described promisor's authenticate himself, when confirming as me, at least read the central described identifying information of described card image, and be shown on the described display; And the disposal password generation unit, this disposal password generation unit according to described OTP information generated, generates disposal password, and is shown on the described display after described card image is shown; Described promisor's terminal when confirming as me, becomes described network commercial transactions feasible by described disposal password is sent to the authenticate himself that described certificate server carries out described promisor.
Reach according to claim 1 the invention of claim 2, if then utilize net settlement assisting device to carry out the result of promisor's authenticate himself, words for me unconfirmed, then because even promisor self also can't be known card image, and card image is stored, therefore, different from the existing credit card that card image can be leaked with the state that can't read from the outside, can improve the invisible of card image, prevent the improper use of the card image in the network commercial transactions.
Again, because net settlement assisting device is movable-type, therefore no matter where the promisor is in, and all can use the personal computer in mobile phone, the family, the personal computer on the ground of going out, and carries out safe network commercial transactions, increases the convenience of network commercial transactions.
Again, because during promisor's authenticate himself, be to use the disposal password that generates according to the intrinsic OTP information generated of the promisor who stores in the net settlement assisting device, therefore, even the third party obtains disposal password, can not in the network commercial transactions of next time, use.
Disposal password generates the OTP information generated of usefulness, because be stored with the state that can't read from the outside, even so promisor, also have no way of learning the OTP information generated just only have and just can know the disposal password that generates the result the promisor of operational network settlement assisting device.In other words, owing to can not generate disposal password by the third party, therefore, more guarantee the security of network commercial transactions.
And the generation of this disposal password only just can be carried out after net settlement assisting device has shown card image, therefore, does not have the third party of net settlement assisting device, even just know identifying information, also can't generate disposal password.Even the third party steals net settlement assisting device, if be not input to the authentication information of net settlement assisting device, also can't generate disposal password again.
In other words, the promisor is after the authentication ' unit of utilizing net settlement assisting device has been accepted authenticate himself, also to utilize certificate server to accept authenticate himself, by like this until must be through according to the authenticate himself of 2 kinds of different authentication informations before finally can carrying out network commercial transactions, therefore can prevent better the third party's personation, the security that improves network commercial transactions.
The invention of claim 3 is
A kind of net settlement assisting device, wherein, described authentication information is the predetermined password of described promisor, described input block is numerical key.
According to claim 3, invention because it is comparatively cheap that input block and authentication ' unit are consisted of, therefore can seek to promote the utilization of net settlement assisting device.
The invention of claim 4 is
A kind of net settlement assisting device, wherein, described authentication information is the biological information that the biological features such as described promisor's fingerprint, iris, vocal cords, facial photo are quantized and form.
Therefore according to claim 4, invention because can carry out with high precision promisor's authenticate himself, be stolen, also needn't worry the net settlement assisting device abused even can become net settlement assisting device
The invention of claim 5 is
A kind of net settlement assisting device, wherein, described OTP information generated is public key; Described disposal password generation unit detects pressing of scheduled operation key, and the date time data that will be made of the time on date that described operating key is pressed is encrypted to generate disposal password with described public key.
The invention of claim 6 is
A kind of net settlement assisting device, wherein, described OTP information generated is by public key, and the number of times information of utilizing that described disposal password just is updated when being generated at every turn consists of; Described disposal password generation unit detects pressing of scheduled operation key, and the described number of times information of utilizing is encrypted to generate disposal password with public key; After described disposal password is generated, the number of times information of utilizing in the described OTP information generated storage part is upgraded.
The disposal password that this place generates uses public key, the date time data that will be consisted of by the time on date that predetermined key is pressed or will be updated when generating disposal password at every turn utilize number of times information to be encrypted to form.Namely, owing to being the password that just only has the promisor at the operational network settlement assisting device to generate, therefore the third party who does not hold net settlement assisting device can't palm off the promisor and carry out network commercial transactions, can further promote the security of network commercial transactions.
The invention of claim 7 is
A kind of net settlement assisting device, wherein, described net settlement assisting device possesses tamper-resistance properties (Tamper Proofness).
According to claim 7, invention because net settlement assisting device possesses tamper-resistance properties, therefore can seek further to promote to being promoted by the eavesdropping of the card image due to the third party, authentication information, OTP information generated, the security of distorting.
According to net settlement assisting device of the present invention, if carrying out the result of promisor's authenticate himself by net settlement assisting device is the words for me unconfirmed, then because even promisor self also can't be known card image, and card image is to be stored with the state that can't read from the outside, therefore, different from the existing credit card that card image can be leaked, can improve the invisible of card image, prevent the improper use of the card image in the network commercial transactions.
Again, because net settlement assisting device is movable-type, therefore no matter where the promisor is in, and all can use the personal computer in mobile phone, the family, the personal computer on the ground of going out, and carries out safe network commercial transactions, increases the convenience of network commercial transactions.
Again, because during promisor's authenticate himself, be to use the disposal password that generates according to the intrinsic OTP information generated of the promisor who stores in the net settlement assisting device, therefore, even the third party obtains disposal password, can not in the network commercial transactions of next time, use.
Disposal password generates the OTP information generated of usefulness, be stored with the state that can't read from the outside because be, even so promisor, also have no way of learning the OTP information generated just only have and just can know the disposal password that generates the result the promisor of operational network settlement assisting device.In other words, owing to can not generate disposal password by the third party, therefore, can more guarantee the security of network commercial transactions
And the generation of this disposal password is only just can carry out after net settlement assisting device has shown card image, therefore, does not have the third party of net settlement assisting device, even just know identifying information, also can not generate disposal password.Even the third party steals net settlement assisting device, if be not input to the authentication information of net settlement assisting device, also can't generate disposal password again.
In other words, the promisor is after having accepted authenticate himself by the authentication ' unit of net settlement assisting device, also can accept authenticate himself by certificate server, because must be through the authenticate himself according to 2 kinds of different authentication informations till finally can carrying out network commercial transactions, therefore can more prevent the personation due to the third party, the security that improves network commercial transactions.
Description of drawings
Fig. 1 is the outward appearance of net settlement assisting device of the present invention and the pie graph that electric hardware consists of.
Fig. 2 uses the summary of the net settlement system of net settlement assisting device to connect and compose figure.
Fig. 3 is the figure of an example of the treatment scheme of the network commercial transactions in the net settlement system.
Fig. 4 is in the treatment scheme of the network commercial transactions in the net settlement system, is shown in the figure of an example of the picture of member terminal.
Fig. 5 is the running program of expression net settlement assisting device and the figure that display picture shifts.
Fig. 6 does not use the net settlement system of net settlement assisting device to be held the member when utilizing, for registration be used for holding member's the required system overview of password of authenticate himself connects and composes figure.
Label declaration
1: net settlement assisting device
10: shell
11: display
12: button operation section
12a: numerical key
12b: beginning key
13: the card image storage part
14: authentication ' unit
15: the authentication information storage part
The 16:OTP generation unit
17:OTP information generated storage part
18: timing unit
19: drive and use power supply
2: member terminal
3: the shop allied terminal
4: merchant bank's terminal
5: intermediary server
6: issuing bank's terminal
7: certificate server
9a: network
9b: special line
Embodiment
Below, for desirable embodiment of the present invention, describe in detail with reference to the accompanying drawings.Fig. 1 (a) is the outside drawing of net settlement assisting device 1, and Fig. 1 (b) is the pie graph of the electric hardware of net settlement assisting device 1.
Net settlement assisting device 1 is at promisor's terminal of the card promisor of credit card or transferred account card etc. (mobile phone or personal computer etc.), in the certificate server that carries out promisor's authenticate himself (normally being possessed by the member that holds) the net settlement system that network connection forms each other, when the promisor settles accounts with this promisor's identifying information, be used when carrying out the network commercial transactions such as shopping at network; Shown in Fig. 1 (a), have the profile that can be contained in the palm degree, consisted of by the shell 10 of slim and hand-holdable carrying, on the outside surface of shell 10, expose outside display 11 and button operation section 12.
In addition, the display 11 of the present embodiment is the display that 8 figure places show; Button operation section 12 is made of 0~9 numerical key 12a and beginning key 12b.
The inside of shell 10 is shown in Fig. 1 (b), except display 11, button operation section 12, be used as in addition card image storage part 13, authentication information storage part 15, authentication ' unit 14, OTP generation unit 16, OTP information generated storage part 17, timing unit 18 and play the separately hardware of function (CPU, internal memory), and the driving that is used for driving these hardware electric devices (display 11, button operation section 12, CPU, internal memory) consists of with power supply 19 (battery).
In addition, in the shell 11 of the present embodiment, except the driving of display 11 and button operation section 12 with the power supply 19, also be provided with the slot of the IC-card such as built-in SIM, in this slot, insert IC-card and use.Then, above-mentioned CPU and internal memory use the content that contains in this IC-card.As described later, owing to storing every information that the promisor is different in card image storage part 13, authentication information storage part 15, the OTP information generated storage part 17, therefore, this type of information is stored in the internal memory of IC-card, inserts slot and use, by this, shell 10 self and promisor are irrelevant to be public, and shell 10 self do not possessed personal information, therefore, can promote the productivity of shell 10, and can make shell 10 take, manage comparatively easy.
Although the driving of the present embodiment is button cell with power supply 19, also can be solar cell or rechargeable battery etc. again.Again, net settlement assisting device 1 also can be designed to, and keeps power-off state usually the time, and for example when arbitrary key of button operation section 12 is operated, just starts power supply.
The card image storage part 13 of the present embodiment, authentication information storage part 15, OTP information generated storage part 17 particularly, are to be made of the internal memory that stores respectively card image described later, authentication information, OTP information generated; Internal memory can be 1 internal memory with these informix storages physically, also can be the internal memory more than 2.
The authentication ' unit 14 of the present embodiment and OTP generation unit 16 particularly, are to be made of the program that is stored in the internal memory; CPU in the net settlement assisting device 1 is by reading this program and carry out from internal memory, to realize the function of these authentication ' unit 14 and OTP generation unit 16.In addition, on the net settlement assisting device that does not possess CPU, internal memory, the function of authentication ' unit 14, OTP generation unit 16 also can be realized with circuit mode with electron device.
The net settlement assisting device 1 of the present embodiment, it is issuing bank's (if transferred account card of issuing credit card from basis and the mandate contract of credit card tissue (credit card brand), then be bank or the card issuing company of distribution transferred account card) come each namely promisor of member that holds, in issuing bank, be stored under the state in the internal memory (form of granting can be debt-credit, transfers the possession of) of providing out with every intrinsic card image, authentication information, OTP information generated of promisor; And be constituted as, after granting, the memory contents of internal memory (card image storage part 13, authentication information storage part 15, OTP information generated storage part 17) can't be read from the outside.
Even be issued the promisor self of net settlement assisting device 1, also can't read from the outside memory contents of internal memory again.Promisor self only at the authenticate himself that carries out the promisor and when being confirmed to be me, could be displayed on the display 11 by card image, and only can learn this card image, and under the state in addition, card image is concealedization.
The reason that why is designed to not allow the memory contents of internal memory read from the outside is because net settlement assisting device 1 does not possess the interface of the network that connects the Internet etc., is the terminal that belongs to non-network connection type.
In addition, in order further to promote the eavesdropping of internal memory memory contents, the security of distorting, net settlement assisting device 1 or be built in the IC-cards such as SIM of net settlement assisting device 1, also can possess tamper-resistance properties (if attempt to decompose or from the direct reading of content of internal memory, then the memory contents of internal memory can be erased or program becomes the character that can't start).
Below, be illustrated for each details of net settlement assisting device 1.
Card image storage part 13 is to comprise at least the card image of promisor's identifying information, with the pre-stored internal memory that forms of the state that can't read from the outside; The card image of the present embodiment is by the intrinsic identifying information of promisor (card number), valid period and security code (10 system numbers of 3 figure places of encrypting in advance with predetermined method.Usually have at the signature plate of the credit card of shaped plastics and printed off.By this numeral, just can confirm the real property of this card) consist of.Also can comprise nominal name again.Again, card image also can only be made of identifying information merely.Again, card image need not to comprise the whole of valid period, security code, nominal name, also suitably combination with on consist of card image.
Authentication information storage part 15, with the determined password of promisor, or the biological feature of promisor's fingerprint, iris, vocal cords, facial photo etc. the biological information that forms etc. that quantized carried out the state of the required authentication information of promisor's authenticate himself reading from the outside, pre-stored internal memory.
In addition, the authentication information of storing in the authentication information storage part 15, different from certificate server in the net settlement system used authentication information when promisor's authenticate himself, be that net settlement assisting device 1 is in order to carry out the required authentication information of promisor's authenticate himself.Again, the authentication information in the certificate server is different with its kind of authentication information in the net settlement assisting device 1.
OTP information generated storage part 17, be OTP information generated that net settlement assisting device 1 is intrinsic with the state that can't read from the outside pre-stored internal memory; The OTP information generated of the present embodiment is public key intrinsic on the net settlement assisting device 1; Public key is in the server (certificate server among the embodiment described later) of the checking of the disposal password that carries out being generated by OTP generation unit 16, is associated with the identifying information that is stored in card image storage part 13.
In addition, public key is only to be stored in the certificate server that carries out promisor's authenticate himself and the key of net settlement assisting device 1 in network commercial transactions; In the present embodiment, OTP generation unit 16 described later can use when generating disposal password.
Whether authentication ' unit 14 is for being used for confirming the operator of net settlement assisting device 1, be the unit of promisor's's (member holds) that can utilize the identifying information of storing in the card image storage part 13 authenticate himself; It is the input message that affirmation is inputted from input block (being numerical key 12a the present embodiment), whether consistent with the authentication information of storing in the authentication information storage part 15, when being consistent, the operator who then is considered as net settlement assisting device 1 is this promisor, and the identifying information in the middle of the card image of storing in the major general's card image storage part 13 that arrives is read, and is shown in the unit on the display 11.
The authentication ' unit 14 of the present embodiment is by the push button beginning key 12b of operating portion 12 of operator, with regard to the Pen-down detection of accepting beginning key 12b and begin to start.Then, when inputting 4 figure places digital in case the operator supresses the numerical key 12a that is equivalent to input block, then authentication ' unit 14 confirms whether the password of storing in the numeral inputted and the authentication information storage part 15 is consistent, if consistent, then demonstrates card image at display 11.
If authentication information is password as the present embodiment, then need only as input block and be numerical key, the consistent judgement of input message and authentication information is processed and also can easily be carried out, and can cheap formation realize net settlement device 1, can seek to promote the utilization of net settlement device 1.
Although the authentication information of the present embodiment is the password of 4 figure places, but authentication method and authentication information are not limited thereto, also can suitably make up the authentication ' unit of multiple authentication method, if adopt a plurality of authentication ' unit, then it can bring the raising of authentication precision, can prevent the abuse of the net settlement assisting device due to the third party.
For example, if authentication ' unit 14 adopts the biometric authentication method, then authentication information is biometric information (data that the biological feature of fingerprint, iris, vocal cords, facial photo etc. is quantized and forms), again, input block is the scanner that changes inputting these biometric information into, microphone, digital camera etc.
Because the biometric authentication method is high-precision authentication method, therefore even net settlement assisting device 1 is stolen by the third party, so long as not the promisor who is issued as net settlement assisting device 1, just can't use net settlement assisting device 1, and can prevent from being abused.
In the password as the authentication information of the present embodiment, except numeral, also can contain English alphabet again; At this moment, except numerical key, net settlement assisting device also needs to have English alphabet keys.
OTP generation unit 16, after demonstrating card image by authentication ' unit 14, according to the OTP information generated of storing in the OTP information generated storage part 17 (being public key in the present embodiment), generating disposal password, and be shown in the unit on the display 11.
This disposal password is to be sent to certificate server from promisor's terminal, and when carrying out promisor's authenticate himself by certificate server, employed when checking with the disposal password that on certificate server, generates according to the OTP information generated.Then, when the checked result of these disposal passwords is consistent, and certified server is when confirming as me, uses the network commercial transactions of checkout of this promisor's identifying information just to become feasible.
In the present embodiment, after the authentication of carrying out authentication ' unit 14 and card image are shown on the display 11, in case the operator presses beginning key 12b, then begin key 12b and be pressed and namely become the opportunity that makes the OTP generation unit start, and can generate, show disposal password.
In addition, the OTP generation unit 16 of the present embodiment although be to generate disposal password by the time synchronizing method that is described in detail later, also can be other generating mode, for example: counter synchronisation mode or inquiry; Response mode generates disposal password.
Timing unit 18 is unit required when generating disposal password for the OTP generation unit 16 of the present embodiment with time synchronizing method, is the unit of timing.In addition, timing unit 18 can be made of real-time clock, maybe timing program can be stored in internal memory, by CPU this timing program is read and is carried out and realize the mode of clocking capability.Again, OTP generation unit 16 does not need timing unit 18 when generating disposal password in the mode beyond the time synchronizing method, replaces and adds the required unit of each generating mode.
In the present embodiment, OTP generation unit 16 as mentioned above, authentication ' unit 14 is received on the display 11 card image that shows, and becomes the Pen-down detection waiting status of beginning key 12b.OTP generation unit 16 in case detect pressing of beginning key 12b, then will detect the event of pressing and convey to timing unit 18.Timing unit 18 carries out timing to beginning the measured time on date of pressing of key 12b, with date time data (date Hour Minute Second.Second be as unit take 30 seconds) consign to OTP generation unit 16.
Then, OTP generation unit 16 is read public key from OTP information generated storage part 17, and the date time data that is delivered is encrypted with the public key of reading, and converts thereof into decimal number, is shown in display 11.In addition, the cipher mode of the present embodiment, although be to adopt the public key cipher mode, also available other cipher mode.
According to net settlement assisting device 1 described above, carry out promisor's authenticate himself by net settlement assisting device 1, and when confirming as me, authentication ' unit 14 shown card images be input to from the website of the shop allied that can carry out card checkout or certificate server send over be shown in card image input picture on promisor's terminal after, just can be sent to website or certificate server.
So, if by net settlement assisting device 1, carry out promisor's authenticate himself and confirm as me, namely, if the authentication information of storing in the input message of inputting and the net settlement assisting device is consistent, then because even promisor self also can't be known card image, and card image is to be stored heating with the state that can't read from the outside, therefore, different from the existing credit card that card image can be leaked, can improve the invisible of card image, prevent the improper use of the card image in the network commercial transactions.
Again, because net settlement assisting device is movable-type, therefore no matter where the promisor is in, and all can use the personal computer in mobile phone, the family, the personal computer on the ground of going out, and carries out safe network commercial transactions, increases the convenience of network commercial transactions.
Again, the shown disposal password of OTP generation unit 16 is after being input to the disposal password input picture that is shown in promisor's terminal that sends over from the certificate server of the authenticate himself that carries out the promisor, can be sent to certificate server, and by checking of the disposal password that generates with certificate server, when being consistent, then confirm as me, use the network commercial transactions of the clearing of promisor's identifying information just to become feasible.
So, because during promisor's authenticate himself, be to use the disposal password that generates according to the intrinsic OTP information generated of the promisor who stores in the net settlement assisting device, therefore, even the third party obtains disposal password, can not use in the network commercial transactions of next time.
Disposal password generates the OTP information generated of usefulness, be stored with the state that can't read from the outside because be, even so promisor, also have no way of learning the OTP information generated just only have and just can know the disposal password that generates the result the promisor of operational network settlement assisting device.In other words, be impossible occur because the disposal password due to the third party generates, therefore, can more guarantee the security of network commercial transactions.
And the generation of this disposal password is only just can carry out after net settlement assisting device has shown card image, therefore, does not have the third party of net settlement assisting device, even just know identifying information, also is to generate disposal password.Even the third party steals net settlement assisting device, if do not input to the authentication information of net settlement assisting device, also be to generate disposal password again.
In other words, the promisor is after having accepted authenticate himself by the authentication ' unit of net settlement assisting device, also can accept authenticate himself by certificate server, by like this until finally can to carry out till the network commercial transactions be the authenticate himself that needs through according to 2 kinds of different authentication informations, therefore can more prevent the personation due to the third party, the security that improves network commercial transactions.
In addition, authentication information storage part 15 also can be designed to, except above-mentioned authentication information, also can be in the consistent determination processing that authentication ' unit 14 is carried out, find input message and authentication information and when inconsistent, pre-stored have the number of times (error tolerance number of times) that can accept input message and re-enter.At this moment, net settlement assisting device 1 or authentication ' unit 14 its constitute and also will possess counting unit (counter).
Then, carry out in the flow process of consistent determination processing in authentication ' unit 14, when input message and authentication information are inconsistent, then at every turn when it occurs, counting unit will be from 1 counting up, and relatively by the numeral after up counting and error tolerance number of times, when the numeral after up counting has surpassed the error tolerance number of times, later just make authentication ' unit 14 not carry out the processing of self, and OTP generation unit 16 is not started, so that identifying procedure and OTP product process are not carried out.
By this, just can prevent that the malice third party from usurping net settlement assisting device 1 and processing authentication information and then input, the result causes card image or disposal password to be displayed on the display 11.
In addition, numeral behind counting up surpasses the error tolerance number of times, and input message is when consistent with authentication information, and authentication ' unit 14 can be carried out the demonstration of card image at display 11, and the numeral that be counted this moment can be reset (initialization) and become 0.
Herein, the example with the picture of the running program of net settlement assisting device 1 and display 11 shifts is shown in Fig. 5.In addition, the display 11 of the present embodiment is the English numeric character demonstration display for 8 figure places.
At first, Once you begin the key 12b person of being operated presses, then the power supply of net settlement assisting device 1 just starts (S200), can show " APPLI " (S210) at display 11, therefore when wanting that (S225) also will show card image after beginning key 12b is pressed, " 1 " that the operator presses numerical key 12a (S230); When wanting to carry out the change of authentication information (password), then press numerical key 12a " 2 " (S330).
Because when " 1 " when being pressed (S230), can demonstration " PIN " on the display 11, so the operator is with 4 figure place passwords as authentication information, from numerical key 12a, chooses and press (S240).Thereafter, beginning key 12b be pressed (S245), the password of having pressed, if consistent with the authentication information of storing in the authentication information storage part 15, then with in the middle of the card image of storing in the card image storage part 13, at first with front 8 figure places of identifying information (hereinafter referred to as card number), be shown in display 11 (S250).
Then, Once you begin key 12b is pressed (S255), and then rear 8 figure places of card number can be displayed on (S260) on the display 11.
Then, Once you begin key 12b is pressed (S265), and then valid period and security code can be displayed on (S270) on the display 11.In addition, the flow process of S265 and S270 is also nonessential, also can only demonstrate the central card number of card image.
Then, Once you begin key 12b is pressed (S275), and then display 11 can show " OTP=1 ", and carries out will generating, showing disposal password, or the selection of no end.Herein, after beginning key 12b is pressed (S290), press again numerical key 12a " 1 " (S295), then can show " PIN " of the input of urging authentication information on the display 11 (S305), therefore, the operator presses the password of 4 figure places once again from numerical key 12a, and presses beginning key 12b (S310).
If the password of having pressed consistent with the authentication information stored in the authentication information storage part 15, then according to the OTP information generated of storing in the OTP information generated storage part 17, generate disposal password, and it is presented at (S315) on the display 11.
If then beginning key 12b is pressed (S320) again, then the power supply of net settlement assisting device 1 just is cut off.
Key in addition is pressed when numerical key 12a " 1 ", or arbitrary key all has not been pressed, passed through (S300) after the schedule time that predetermines, and then net settlement assisting device 1 can automatically be cut off the electricity supply.
In addition, the password of inputting among S240 and the S305 also can be card image show with and disposal password generate different password in the usefulness, at this moment, in the authentication information storage part 15, each password is distinguished and is stored.
Again, in the present embodiment, although be shown in display 11 at disposal password flow process (S315) before, urge input authentication information to the operator once again with S305, still, also can be designed to omit S305, beginning key 12b that only must S310 presses, and just can generate disposal password.
After the S225, if numerical key 12a " 2 " are pressed (S330), then can show " CHANGE? " on the display 11 (S335).
Key 12b be pressed (S340) Once you begin, then can show " PIN " at display 11, urge the input of password, therefore, the operator presses (S345) behind the password of 4 figure places from numerical key 12a, press again beginning key 12b (S350), if the password that has been pressed, consistent with the authentication information of storing in the authentication information storage part 15, then be used for urging " NEW1 " of Password Input after changing can be shown on the display 11, therefore, the operator presses after changing password (S355) from numerical key 12a, and then presses beginning key 12b (S360).
Secondly, because can show to be used for urging at display 11 inputs after changing " NEW2 " of password again, so the operator will be once again presses after changing password (S365) from numerical key 12a, then presses beginning key 12b (S370).
If the password that is pressed among the S355, consistent with the password of pressing among the S365, then can show on the display 11 and be intended to represent password change completed " COMPLETE " (S375), therefore in case after process is confirmed, beginning key 12b be pressed (S380), then altering the procedure of password just finished, and power supply can be cut off.
In addition, in order to promote security, among S355 and the S365, input even have from numerical key 12a, the value of inputting can not be displayed on the display 11 comparatively desirable yet.
Embodiment 1
Below, for namely credit card member (hereinafter referred to as the member that holds) use of the credit card promisor who has been issued net settlement assisting device shown in Figure 11 net settlement assisting device 1, by the personal computer with communication function or mobile phone, the checkout of the card number by using this member that holds, embodiment when carrying out the network commercial transactions (hereinafter referred to as network commercial transactions) such as shopping at network is illustrated.
Net settlement system of systems formation and the network connection relation of the present embodiment is shown in system's pie graph of Fig. 2.Again, the flow process of the network commercial transactions in the net settlement system of the present embodiment is shown in the process flow diagram of Fig. 3.
In addition, in the present embodiment, that the network commercial transactions service is provided in the net settlement system is credit card tissue (credit card brand).
The member that holds carries out the bidding of credit card in advance to issuing bank, the distribution of receiving credit card, and from issuing bank, accept to store the granting of the net settlement assisting device 1 of the intrinsic authentication information (biological informations such as the password that the member that holds registers or finger print information) of every member that holds, card image (every card number, valid period that the member that holds is intrinsic), OTP information generated (public key) when bidding to host credit card.
Again, in the present embodiment, although in the middle of the formation of the net settlement assisting device 1 shown in Fig. 1 (b), except display 11 and button operation section 12 and the formation that drives with power supply 19, pre-stored in the IC-cards such as SIM, and by in being located at the IC-card slot (not shown) of shell 10, inserting this IC-card, realize the function of net settlement assisting device 1, but, net settlement assisting device is not to possess IC-card, when not possessing IC-card, as long as net settlement assisting device self possesses CPU or internal memory.
Again, the net settlement assisting device 1 of the present embodiment, although be to utilize the checkout of using the member identifying information of holding, be to be used in the network commercial transactions of card checkout, but the member only wishes to carry out network commercial transactions when holding, do not wish in the situation of the real face-to-face transaction due to the previous credit card that is consisted of by shaped plastics magnetic card, IC-card etc. the distribution that also can not receive credit card.
Again, when the credit card tissue, also have in the situation of the business of carrying out issuing bank, also can organize to provide net settlement assisting device 1 from credit card.
Member terminal 2 is terminals of promisor, is that the member that holds uses net settlement assisting device 1 to carry out the required terminal of network commercial transactions, is the terminals such as the personal computer that has at least communication function and quickview display functions, mobile phone.
Shop allied terminal 3 is to provide virtual shop (website) to member terminal 2, accept the order of commodity or service, and entrust the member's that holds who has ordered authenticate himself to issuing bank's side, behind member's the authenticate himself that carried out holding, to merchant bank (according to the mandate contract of credit card tissue, carry out the acquisition contract management business of shop allied etc.), the terminal of (whether the credit line of the commodity that inquiry agency is ordered or the amount of money amount of service also has residue with it the member that holds, and uses if there is the residue credit line then this amount of money amount to be guaranteed into checkout) is authorized in trust.
Merchant bank's terminal 4 is for entrusting from the 3 suffered mandates of getting of shop allied terminal, and recommitting the terminal to issuing bank's side (authorize and pass on).
Intermediary server 5 is served as the intermediary of shop allied terminal 3 and certificate server described later 7, that is, be between member terminal 2 and shop allied terminal 3, serves as the role's of intermediary the server of the member's that holds authentication service.
Intermediary server 5, the server that the credit card tissue is operated in the present embodiment, store to identify and use the network commercial transactions of net settlement assisting device 1 to serve the shop allied identifying information of corresponding shop allied, and be used for identifying issuing bank's identifying information that the network commercial transactions that uses net settlement assisting device 1 is served corresponding issuing bank.
In addition, in the net settlement system of the present embodiment, when being mixed with the network commercial transactions service of not using net settlement assisting device 1 and existing, then intermediary server 5, need not support to use the identifying information of the shop allied of business transaction service of net settlement assisting device 1 and issuing bank and above-mentioned shop allied identifying information and issuing bank's identifying information to be distinguished and store.
Issuing bank's terminal 6 is to entrust the terminal of authorizing for accepting from the mandate that merchant bank's terminal 4 is received.
Certificate server 7 is when carrying out network commercial transactions, early than mandate, and the server of the member's authenticate himself that holds first.In the present embodiment, certificate server 7, it is the server that issuing bank operates, be connected with issuing bank terminal 6, and be possible use the member's that holds the card image (card number, valid period) of network commercial transactions of net settlement assisting device 1 and OTP information generated (net settlement assisting device 1 intrinsic public key), with the state that is associated with each other, stored.In other words, per 1 member that holds is associated with card image and OTP information generated, and is stored in the certificate server 7.
In addition, the storage of these information of past certificate server 7 is in the same time of providing net settlement assisting device 1 to the member that holds, or carry out before and after it.
Among Fig. 2,7 of member terminals 2, shop allied terminal 3, intermediary server 5, certificate server connect by network 9a such as the Internets respectively; Shop allied terminal 3, merchant bank's terminal 4, issuing bank's terminal 6 connect by special line 9b respectively.
In addition, issuing bank's terminal 6 and certificate server 7 are prepared each issuing bank is indivedual, with member terminal 2, merchant bank's terminal 4, intermediary server 5, connect with network 9a, special line 9b respectively.
Again, shop allied terminal 3 is also prepared each shop allied is indivedual, with member terminal 2, intermediary server 5, merchant bank's terminal 4, connects with network 9a, special line 9b respectively.
Below, according to the process flow diagram of Fig. 3 and system's pie graph of Fig. 2, the flow process of the network commercial transactions that uses net settlement assisting device 1 is described.Hold the member from member terminal 2, and by network 9a, access is as the shop allied terminal 3 of virtual shop (Web website), and reading commodity or service.Then, in case determined the commodity that will order or the service of hope, then member terminal 2 to shop allied terminal 3 send about order goods or wish service, wish the purpose with the network commercial transactions of card checkout.
Shop allied terminal 3 makes the card image input picture 100 of member terminal 2 demonstrations shown in Fig. 4 (a), and inputs the concurrent valid period of sending card number and card to member terminal 2 requests.
So in case the member that holds supresses the beginning key 12b of net settlement assisting device 1, then the authentication ' unit 14 of net settlement assisting device 1 just starts, net settlement assisting device 1 such as becomes at the state to be certified.Next, the member that holds inputs the necessary input message of authenticate himself (being the password of 4 figure places in the present embodiment) from numerical key 12a.In addition, the password of 4 figure places of this place input just determines when the member that holds is bid to host card in advance, and has been stored in the authentication information storage part 15 in the net settlement assisting device 1.
Authentication ' unit 14 is read the authentication information of storing in the authentication information storage part 15, and is confirmed whether consistent with the input message of inputting from numerical key 12a.Then, when both when being consistent, authentication ' unit 14 is read card number and valid period as card image from card image storage part 13, and is shown on the display 11.
Then, complete if card number and valid period all show at display 11, then authentication ' unit 14 will show that complete situation conveys to OTP generation unit 16.By this, OTP generation unit 16 becomes disposal password generation waiting status described later.
In addition, in the present embodiment, because 11 figure places that can show of display are restricted to 8 figure places, thus authentication ' unit 14 will carry out dividing processing from the card number that card image storage part 13 is read first and be divided into front 8 with rear 8, then on display 11, show first front 8 of card number.The member that holds shows according to this, front 8 figure places of input card number in the card number input field 100a of card image input picture 100.
In case the end of input of front 8 figure places of card number, the member that then holds presses beginning key 12b.Authentication ' unit 14 is accepted the Pen-down detection of beginning key 12b, and rear 8 figure places of card number are shown on the display 11.The member that holds shows according to this, rear 8 figure places of input card number in the card number input field 100a of card image input picture 100.
In case the end of input of rear 8 figure places of card number, the member that then holds presses beginning key 12b.Authentication ' unit 14 is accepted the Pen-down detection of beginning key 12b, and valid period is shown with 4 figure places (MM (moon)/YY (year)).The member that holds shows according to this, in the valid period input field 100b of card image input picture 100, inputs valid period.
In addition, but when the demonstration field of display figure place showing also has enough and to spare, certainly also card number once all can be presented on the display, again, also card number and valid period once all can be shown.Otherwise, when but the figure place showing of display is less than 8 figure place, but authentication ' unit 14 can cooperate figure place showing, the card image that to read from card image storage part 13 is cut apart in advance, begin pressing of key 12b or other any key by detecting, and in turn demonstrate the card image of having cut apart.
As mentioned above, net settlement assisting device 1 is only worked as the authentication information of storing in the input message inputted and the authentication information storage part 15 when consistent, just show card image at display 11, therefore, if do not know authentication information, even then the third party steals net settlement assisting device 1, also have no way of learning inner card image.Therefore, compared to the existing credit card that prints off card image is arranged, security is higher, does not have the doubt that card image is misused in network commercial transactions.
The member that holds has inputted card number and valid period (in addition, though do not show in the card image of Fig. 4 input picture 100, but also can be with the commodity of ordering. Service name, the amount of money, order day, join the information such as transmission ground of trade name, commodity, be shown on the same picture), just click the transmission button 100c in the card image input picture 100.Send button 100c by clicking, shop allied terminal 3 sides are sent the card image (S10) of having inputted.
From member terminal 2 receive order commodity and service name, the amount of money, order day, join the relevant ordering informations such as transmission ground of trade name, commodity; Shop allied terminal 3 with card images such as the card number of the used card of checkout of order goods and valid periods, except the card image that has received, the shop allied identifying information that also will give each shop allied, send to the intermediary server 5 that connects by network 9a, confirmation request holds member's (authentication is carried out and could be confirmed) that whether member can accept to use the business transaction service of net settlement assisting device 1 (S20).
Intermediary server 5 is confirmed paid-in shop allied identifying information whether consistent with the shop allied identifying information of possessing (shop allied authentication).If these information are consistent, then access intermediary servers 5 from the shop allied terminal 3 that the shop allied of participating in the business transaction service of using net settlement assisting device 1 is arranged.If inconsistent, then owing to being improper access from the access of the shop allied terminal 3 of the shop allied of the business transaction service of not participating in use net settlement assisting device 1, the flow process after therefore can not entering.
Intermediary server 5 is according to the member's that holds who receives from the shop allied terminal 3 that the business transaction service of participating in use net settlement assisting device 1 is arranged card image, determine the issuing bank of the card number of having issued this member that holds, certificate server 7 to the issuing bank that has been determined, send card image, and confirmation request hold the member whether can accept to use net settlement assisting device 1 the business transaction service member's (authentication is carried out and could be confirmed) (S30).
In the intermediary server 5 of the present embodiment, store issuing bank's identifying information of identification issuing bank, intermediary server 5 is retrieved issuing bank's identifying information according to paid-in card image, determines issuing bank.
In other words, the intermediary server 5 of the present embodiment is not directly to authenticate execution could confirm, but carry out the shop allied authentication, and according to the card image that receives from shop allied terminal 3, determine the issuing bank of the card number of having issued the member that holds, to the certificate server 7 transfer card information of the issuing bank that has been determined, and be responsible for to carry out from these certificate server 7 received authentications and could confirm that the result is sent to shop allied terminal 3.
In addition, in the present embodiment, although intermediary server 5 is the servers of being operated by the credit card tissue, but also can be possessed by each shop allied terminal 3, at this moment, just can be directly from shop allied terminal 3 to certificate server 7, authenticate the requirement that execution could be confirmed.Also can on certificate server 7, carry out the shop allied authentication again.
Certificate server 7 is by confirming whether the card image of receiving from intermediary server 5 has been registered in the certificate server 7, whether the member that holds who holds this card image is the member's that holds the affirmation (authentication is carried out and could be confirmed) that can accept to use the business transaction service of net settlement assisting device 1, and with its as a result loopback to intermediary server 5 (S40).In addition, authentication is carried out and could be confirmed the result, if the card image that receives from intermediary server 5 be registered in the certificate server 7 then for " can ", then be "No" if be registered.
Then, receive the authentication execution and could confirm that result's intermediary server 5 is sent to shop allied terminal 3 (S50) with this result.
When the member's that holds authentication carry out could confirm the result be " can " time, mean that then this member that holds is the business transaction service that can accept to use net settlement assisting device 1, so shop allied terminal 3 enters the flow process (S60) that the authenticate himself that carries out this member that holds requires.Particularly, 3 pairs of member terminals of shop allied terminal 2 send that authentication carries out could the result, and carries out the URL information that the certificate server 7 of the issuing bank that could confirm is carried out in authentication before sending.
The member terminal 2 of receiving authentication requesting from shop allied terminal 3 is according to the URL that receives, conducts interviews to the same certificate server 7 of before intermediary server 5 access, carries out authentication requesting (S70).In addition, the flow process of S70 is to carry out in a succession of mode from S60; Can not realize to some extent the flow process that just can automatically process in member terminal 2 inside with the member that realized as the personal computer of member terminal 2 usefulness or the again guide function that browser generally possessed of mobile phone etc., allow holding.
Certificate server 7 is urged the transmission of disposal passwords to member terminal 2, and according to from the received disposal password of member terminal 2, the member's that holds authentication (S80).
Particularly, certificate server 7 receives card image and ordering information from the member terminal 2 that visits, and confirm to have the member that holds of this card image, whether be just now from shop allied terminal 3 by intermediary server 5, be subject to authenticating execution and could confirm the member that holds that requires.This was confirmed to be and stays the daily record that whether receives this card member's card image from intermediary server 5 before the predetermined schedule time, and the card image by the member that holds that confirms to receive from member terminal 2, whether with before the schedule time to stay consistent the carrying out of card image in the daily record.
In addition, ordering information also can be sends from member terminal 2, but in S20,30 flow process, is sent to certificate server 7 from shop allied terminal 3 by intermediary server 5; Or also can when the URL information of the 2 transmission certificate servers 7 from shop allied terminal 3 to member terminal, be sent out together, and when member terminal 2 access registrar server 7, transfer to certificate server 7.
Again, certificate server 7 carries out, the member and accepted authentication from shop allied terminal 3 and carried out and to confirm whether the member that holds who requires is the affirmation of same person of holding to the member terminal 2 that visits, can and checking by card image not only, but also can receive ordering information from member terminal 2 and shop allied terminal 3 (directly by intermediary server 5) both sides, and carry out checking of these information in the lump.
Certificate server 7, in case confirmed it is access from having accepted before authentication and carry out the net settlement assisting device 1 that to confirm the member that holds that requires, then certificate server 7 is according to the ordering information of receiving, generate the disposal password input picture 101 shown in Fig. 4 (b), and be sent to the member terminal 2 that has carried out access.
In the disposal password of Fig. 4 (b) the input picture 101, show that object that the member that holds is carrying out network commercial transactions namely joins the amount of money of the commodity and service that trade name, wish order, orders day.
In case demonstrate disposal password input picture 101 at member terminal 2, the member that then holds presses the beginning key 12b of net settlement assisting device 1.In a single day the OTP generation unit 16 of net settlement assisting device 1 detects beginning key 12b and presses, and then generates waiting status from disposal password, transfers to the disposal password product process.
The public key that OTP generation unit 16 will be stored in the OTP information generated storage part 17 is read, carry out timing by timing unit 18, the date time data (second date, second are as unit take 30 seconds) that will consist of according to the time on date that beginning key 12b is pressed, be encrypted with this public key and generate disposal password, and convert thereof into 10 system numbers, be shown on the display 11.In addition, the cipher mode of the present embodiment is to adopt the public key cipher mode.Again, but because the figure place showing of the display 11 of the present embodiment is 8 figure places, so can demonstrate front 6~8 figure places of the disposal password that generates on the display 11.
Hold the member in the Password Input hurdle 101a of the disposal password input picture 101 that is shown in member terminal 2, input the disposal password on the display 11 that is displayed on net settlement assisting device 1, and click transmission button 101b, the disposal password of then having inputted can be sent to certificate server 7.
In addition, after the end of input of disposal password, the member that holds presses the beginning key 12b of net settlement assisting device 1 once again, shown disposal password is become do not show, this viewpoint from security is comparatively desirable.Again at the same time, also with power-off, comparatively desirable from energy-conservation viewpoint.
Receive the certificate server 7 of disposal password from member terminal 2, at first be by member terminal 2 identification number etc. check or 2 of this member terminals do not generate and send whether disposal password input picture 101 is had the affirmation of loopback, confirm whether this member terminal 2 is the other side who just now required to send disposal password.
After the affirmation, the member's that holds that certificate server 7 just receives before the transmission of disposal password as requested card image, from the OTP information generated, take out and this card number is associated and the public key registered, and certificate server 7 received the date time data that time on date of disposal password consists of (second date, second be as unit take 30 seconds) from member terminal 2, be encrypted and generate disposal password with this public key, and convert thereof into decimal number.In addition, the cipher mode of the present embodiment is to adopt the public key cipher mode.
Thus, certificate server 7 confirms whether disposal password that certificate servers 7 generate is with consistent from the received disposal password of member terminal 2 before.If consistent, then provable this disposal password is the disposal password that generates in the almost identical moment by the public key that only is stored in net settlement assisting device 1 and certificate server 7 really.
In other words, disposal password being sent to the operator of the member terminal 2 of certificate server 7, is public key used when storing this disposal password and generating, and the operator of the net settlement assisting device 1 of the associated card image of this public key; And be the member that holds that can utilize this card image, by this, require the member's that holds of network commercial transactions self acknowledging just to be carried out.
In addition, the disposal password generating mode, when adopting this time synchronizing method of the present embodiment, net settlement assisting device 1 used time on date when generating disposal password, not necessarily strictly identical with certificate server 7 used time on date when generating disposal password, therefore, consider from certificate server 7 generates disposal password, press the beginning key 12b of net settlement assisting device 1 to the member that holds, net settlement assisting device 1 generates the mistiming till the disposal password, in the present embodiment, be that resolution characteristic second with the date time data is made as 30 seconds.
; only having the disposal password that ought be generated by both is in the on all four situation; could approve the member's that holds authenticity; the member that holds presses the beginning key 12b of net settlement assisting device 1 to generate disposal password; if be through under the situation more than 30 seconds during till certificate server 7 receives disposal passwords from member terminal 2; just like this so that the inconsistent situation that causes authenticating of disposal password increases, can diminish on the contrary the convenience of network commercial transactions.
Therefore, even certificate server 7 is when the disposal password of receiving from member terminal 2 is inconsistent, still can be with the time on date of the disposal password received from member terminal 2, N time * 30 seconds amount staggers toward front and back, stress newly-generated disposal password at certificate server 7, if consistent with the disposal password that member terminal 2 sides generate, the member's that then is considered as holding self acknowledging success.
In addition, N is the precision of considering security, predetermines.That is, when wanting to improve the security precision, then set N less; When preferential with the convenience of the member's side that holds when wanting to reduce the security precision, then set N larger.
The member's that holds that certificate server 7 is checked disposal password authentication result is sent to member terminal 2 (S90).In addition, particularly, 7 pairs of member terminals 2 of certificate server except sending authentication result, also send the URL information of shop allied terminal 3, and pass on authentication result from member terminal 2 to shop allied terminal 3.
Receive that the member terminal 2 of authentication result with this authentication result (authenticate himself OK, authenticate himself NG), transfers to shop allied terminal 3 (S100) again.In addition, the flow process of S100 be with S70 similarly, from S90, carry out in a succession of mode; Again the guide function of browser that can be by member terminal 2 realizes, in fact, is that the member that holds can not realized to some extent, and the flow process of automatically processing in member terminal 2 inside
Shop allied terminal 3 receives authentication result from member terminal 2, and authentication result is, when the member that holds is confirmed to be me (authenticate himself OK), then carry out this member's that holds mandate requirement to merchant bank, therefore, hold the transaction data that member's card image and checkout wish that the amount of money (amount of money of the commodity and service that the member institute wish that holds is ordered) consists of except transmission to merchant bank's terminal 4, also send this authentication result (S110).In addition, transaction data also can be in S10, and the moment that has ordering information and card image to send from member terminal 2 just is generated, and is stored in the shop allied terminal 3, and it is read.
Merchant bank's terminal 4 is according to the transaction data and the authentication result that receive from shop allied terminal 3, and according to the member's that holds of authenticate himself OK card number, determine the issuing bank in card issuing source, and to issuing bank's terminal 6 of fixed issuing bank, pass on transaction data and authentication result (S120).
Every the member's who stores in the member database of issuing bank's terminal 6 of receiving transaction data and authentication result according to icon not membership information or credit information, whether confirm that checkout contained in the transaction data wishes the amount of money, be to be subject to authorizing in the member's that holds the credit line scope of trust.If checkout wishes that the amount of money is in the credit line scope, then as authorizing OK, guarantee to settle accounts and wish the credit line of amount of money amount.
Then, the result that issuing bank's terminal 6 will be authorized (authorize OK, authorize NG) is sent to merchant bank's terminal 4 (S130), and then merchant bank's terminal 4 is passed on Authorization result (S140) to shop allied terminal 3.
Then, shop allied terminal 3 after receiving Authorization result from merchant bank's terminal 4 is notified this result to member terminal 2 (S150).Particularly, when Authorization result is OK, shop allied and holding between the member then, the picture of the meaning that the network commercial transactions of checkout that uses this member's that holds card number is set up is sent to member terminal 2, and is presented on the member terminal 2.When Authorization result is NG, the picture of the invalid meaning of network commercial transactions is sent to member terminal 2, and shows again.
In addition, in the present embodiment, the authenticate himself of the use disposal password in the certificate server 7 will carry out when carrying out network commercial transactions between member terminal 2 and shop allied terminal 3 at every turn.In other words, the disposal password that the OTP generation unit 16 of the present embodiment generates, be in 1 time the network commercial transactions effectively, even do not intercept disposal password so hold the third party of net settlement assisting device, therefore the third party still can't disguise oneself as and hold the member and network commercial transactions after carrying out, can further promote the security of business transaction.
Embodiment 2
Secondly, for the member that holds who is issued net settlement assisting device 1a (not icon), use this net settlement assisting device 1a, by the personal computer with communication function or mobile phone, the checkout of the card number by using this member that holds, embodiment when carrying out network commercial transactions is illustrated.
The difference of the present embodiment and embodiment before 1 is, the content of the identifying procedure (S80, S90) between the memory contents of the disposal password generation method of the OTP generation unit 16 that net settlement assisting device possesses, OTP information generated storage part 17 and the member terminal among Fig. 32 and the certificate server 7 (being certificate server 7a in the present embodiment).
That is, among the embodiment 1 formerly, disposal password generation method is made as time synchronizing method, but in the present embodiment, is to adopt to utilize the number of times method of synchronization.Follow in this, among the net settlement assisting device 1a of the present embodiment, the timing unit 18 of putting down in writing among Fig. 1 is replaced to counting unit 18a (not shown).
About net settlement assisting device 1,1a and certificate server 7,7a, because the formation except above-mentioned difference, and the flow process beyond S80, the S90 is identical with the embodiment of Fig. 1~shown in Figure 3, so following use Fig. 1~Fig. 3, the only detailed process of the part of the S80 of key diagram 3, S90.
The OTP information generated of storing in the OTP information generated storage part 17 of the present embodiment is by the intrinsic public key of net settlement assisting device 1a, and utilizes number of times information to consist of.
Wherein, public key is stored with the state that can not rewrite in OTP information generated storage part 17, and in the certificate server 7a of the checking of carrying out the disposal password that OTP generation unit 16 generates, be associated with the card number that is stored in card image storage part 13.
Utilize number of times information and public key similarly, in certificate server 7a, be associated with the card number of storing in the card image storage part 13.
In other words, these OTP information generateds are the state to be associated with card number, and are also stored in certificate server 7a; When certificate server 7a receives disposal password from member terminal 2, with member terminal 2 similarly, also can generate disposal password among the certificate server 7a, whether consistent by confirming both, just can carry out the appropriate property checking of disposal password, the member's that holds authentication.
Again, utilize number of times information, rewritable information just when the rewriting instruction that has from OTP generation unit 16 only, by counting unit 18a, 0 time, 1 time, 2 times are this once to add 1 addition, or 100 times, 99 times, 98 times are this once subtract 1 subtraction after, the numerical value behind addition or the subtraction, can be stored in the OTP information generated storage part 17, utilize number of times information to be updated.In addition, predetermine addition or subtraction.
In addition, counting unit 18a also can be comprised in OTP generation unit 16, also can be arranged in 16 minutes with the OTP generation unit, but in the latter's the situation, need to control counting unit 18a by OTP generation unit 16, utilizes the rewriting of number of times information.
Among the S80 of Fig. 3, at first, certificate server 7a urges the transmission of disposal passwords to member terminal 2, and according to from the received disposal password of member terminal 2, the member's that holds authentication.
Particularly, the member terminal 2 of certificate server 7a from visiting, receive card image and ordering information, and confirm to have the member that holds of this card image, whether be just now from shop allied terminal 3 by intermediary server 5, be subject to authenticating execution and could confirm the member that holds that requires.This was confirmed to be and stays the daily record that whether receives this card member's card image from intermediary server 5 before the predetermined schedule time, and the card image by the member that holds that confirms to receive from member terminal 2, whether with before the schedule time to stay consistent the carrying out of card image in the daily record.
In addition, ordering information can be sends from member terminal 2, but in S20,30 flow process, is sent to certificate server 7a from shop allied terminal 3 by intermediary server 5; Or also can when the URL information of the 2 transmission certificate server 7a from from shop allied terminal 3 to member terminal, be sent out together, and when member terminal 2 access registrar server 7a, transfer to certificate server 7a.
Again, certificate server 7a carries out, the member and accepted authentication from shop allied terminal 3 and carried out and to confirm whether the member that holds who requires is the affirmation of same person of holding of the member terminal 2 that visits, checking by card image not only, and can receive ordering information from member terminal 2 and shop allied terminal 3 (directly by intermediary server 5) both sides, and carry out checking of these information in the lump.
In a single day certificate server 7a has confirmed it is access from having accepted before authentication and carry out the net settlement assisting device 1 that could confirm the member that holds that requires, then certificate server 7a is according to the ordering information of receiving, generate the disposal password input picture 101 shown in Fig. 4 (b), and be sent to the member terminal 2 that has carried out access.
In the disposal password of Fig. 4 (b) the input picture 101, show that object that the member that holds is carrying out network commercial transactions namely joins the amount of money of the commodity and service that trade name, wish order, orders day.
In case demonstrate disposal password input picture 101 at member terminal 2, the member that then holds presses the beginning key 12b of net settlement assisting device 1.In a single day the OTP generation unit 16 of net settlement assisting device 1 detects beginning key 12b and presses, and then generates waiting status from disposal password and transfers to the disposal password product process.
OTP generation unit 16 is with the public key of storing in the OTP information generated storage part 17 and utilize number of times information to be read, and this is utilized number of times information, encrypt and the generation disposal password with public key, convert thereof into 10 system numbers, be shown on the display 11.
In addition, in the present embodiment, be to utilize number of times information to use predetermined disposal password generating algorithm, to generate disposal password.
Again, but because the figure place showing of the display 11 of the present embodiment is to be 8 figure places, so can demonstrate front 6~8 figure places of the disposal password that generates on the display 11.
In addition, the OTP information generated utilizes number of times information and the public key except above-mentioned, also can contain other the only any information (for example, principle (policy) etc.) that can know of net settlement assisting device 1a and certificate server 7a; At this moment, also can with utilize number of times information and this arbitrarily information encrypt with public key, generate disposal password.
OTP generation unit 16 to counting unit 18a, utilized number of times information with what just now read after generating disposal password, add or deduct 1, then the number of times information of utilizing of OTP information generated storage part 17 was rewritten, was upgraded.
Hold the member in the Password Input hurdle 101a of the disposal password input picture 101 that is shown in member terminal 2, input the disposal password on the display 11 that is displayed on net settlement assisting device 1, and click transmission button 101b, the disposal password of then having inputted can be sent to certificate server 7a.
In addition, after the end of input of disposal password, the member that holds presses the beginning key 12b of net settlement assisting device 1 once again, shown disposal password is become do not show, this viewpoint from security is comparatively desirable.Again at the same time, also with power-off, comparatively desirable from the power saving viewpoint.
Receive the certificate server 7a of disposal password from member terminal 2, at first be by member terminal 2 identification number etc. check or 2 of this member terminals do not generate and send whether disposal password input picture 101 is had the affirmation of loopback, confirm whether this member terminal 2 is the other side who just now required to send disposal password.
After the affirmation, the member's that holds that certificate server 7a just receives before the transmission of disposal password as requested card image, from the OTP information generated, take out and this card number be associated registration public key and utilize number of times information, and will utilize number of times information to encrypt with public key and the generation disposal password, and convert thereof into decimal number.
In addition, in the present embodiment, be to utilize number of times information to use predetermined disposal password generating algorithm, to generate disposal password.Again, in the OTP information generated, if contain arbitrarily information, then except utilizing number of times information, this any information also can be encrypted with public key in the lump.
Thus, certificate server 7a confirms whether disposal password that certificate server 7a generates is with consistent from the received disposal password of member terminal 2 before.If consistent, then provable this disposal password is by only being stored in the disposal password that utilizes number of times information and public key to generate of net settlement assisting device 1 and certificate server 7a really.
In other words, disposal password is sent to the operator of the member terminal 2 of certificate server 7a, be when storing this disposal password and generating used utilize number of times information and public key, and this utilize the operator of the net settlement assisting device 1 of the card image that number of times information and public key be associated; And be the member that holds that can utilize this card image, by this, require the member's that holds of network commercial transactions self acknowledging just to be carried out.
The authentication result of the member that holds due to certificate server 7a checks disposal password (authenticate himself OK, authenticate himself NG) is sent to member terminal 2, and will before disposal password used number of times information of utilizing when generating, carry out addition or subtraction with the operational method that predetermines, and with its operation result as utilizing number of times information in the certificate server 7a, rewritten, upgraded.
In addition, the disposal password generating mode, adopt as the present embodiment utilize the number of times method of synchronization time, even the operator of member terminal 2 and net settlement assisting device 1a is the proper member that holds, still might utilize that number of times information and certificate server 7a are used when generating disposal password to utilize number of times information different because net settlement assisting device 1a is used when generating disposal password, cause the inconsistent situation of disposal password.
The member holds, even generate disposal password with net settlement assisting device 1a, but also can not guarantee to be sent to certificate server 7a, when hold the member network commercial transactions accidentally broken string occurs midway the time, perhaps, might not to carry out network commercial transactions just originally, accidentally generate disposal password but operational network settlement assisting device 1a plays with.In such cases because the number of times information of utilizing of net settlement assisting device 1a is to be updated, but the number of times information of utilizing of certificate server 7a be not updated, so certain disposal password that generates just can not be consistent.
, if only have when being in the on all four situation by the disposal password that both generated, could approve the member's that holds real property, then can cause authenticating NG increases, on the contrary the convenience of lossy networks business transaction.
Therefore, when even certificate server 7a is inconsistent when the disposal password of receiving from member terminal 2, still can at preset range (for example utilize number of times information with what store among the certificate server 7a, utilize in the number of times information+N) and changed, stress newly-generated disposal password at certificate server 7a, if consistent with the disposal password that member terminal 2 sides generate, the member's that then is considered as holding self acknowledging success.
In addition, N is the precision of considering security, predetermines.That is, when wanting to improve the security precision, then set N less; When preferential with the convenience of the member's side that holds when wanting to reduce the security precision, then set N larger.
As mentioned above, if carry out network commercial transactions with net settlement assisting device of the present invention, then when card image being inputed to card image input picture, be input to the input message of net settlement assisting device, as long as and the authentication information of storing in the net settlement assisting device is inconsistent, member self card image of also having no way of learning even then hold, therefore, different with the existing credit card that card image can be leaked, card image invisible higher can prevent the improper use of the card image in the network commercial transactions.
Again, because net settlement assisting device is movable-type, where the member that therefore no matter holds is in, and all can use the personal computer in mobile phone, the family, the personal computer on the ground of going out, carry out safe network commercial transactions, increase the convenience of network commercial transactions.
Again, the disposal password that the authenticate himself of the member that holds when network commercial transactions is carried out, the disposal password that generates according to net settlement assisting device and certificate server generate consistent carrying out whether.
This disposal password, that net settlement assisting device is intrinsic, and only be stored in net settlement assisting device and the certificate server, even and be to use all the have no way of public key learnt of the member self that holds, will be when detecting the generation of date time data that time on date that predetermined key presses consists of or disposal password utilize number of times information to be encrypted to form with regard to what be updated at every turn.
Namely, owing to being the authentication information that just only has the member that holds at the operational network settlement assisting device to generate, therefore do not hold the third party of net settlement assisting device, can't palm off the member that holds and carry out network commercial transactions, can further promote the security of network commercial transactions.
And the generation of this disposal password only just can be carried out after net settlement assisting device has shown card image, therefore, does not have the third party of net settlement assisting device, even just know card number, can not generate disposal password.Even the third party steals net settlement assisting device, if do not input to the authentication information of net settlement assisting device, also can't generate disposal password again.In other words, because no matter whether the third party obtains net settlement assisting device, all can't palm off the member that holds and carry out network commercial transactions, so the security of business transaction can be guaranteed.
In addition, the generation method of disposal password is not limited to the time synchronizing method of above-described embodiment, so long as between net settlement assisting device and certificate server, the authenticate himself that can have the member that holds of net settlement assisting device gets final product.
Again, because the formation of the disconnected type of net settlement assisting device Adoption Network, so once be stored in card image, authentication information, OTP information generated in the net settlement assisting device, because improper access etc. can't be read, and even be issued the member that holds of net settlement assisting device, also it can't be read.
Suppose, if net settlement assisting device can connect the terminals such as personal computer or mobile phone, then when net settlement assisting device is connected connection with terminal in, when certain unfavorable condition has occured, the reason that this is bad, or actually in the net settlement assisting device side in end side, this kind divisions of responsibility can point is indefinite.Therefore, the net settlement assisting device of the formation of the disconnected type of Adoption Network for divisions of responsibility can point clear and definite, is effective.
Herein, with not holding the member that holds of net settlement assisting device, in the net settlement system of the present embodiment, the system of the registration in advance when carrying out network commercial transactions consists of and flow process, is shown in Fig. 6.
Hold the member from member PC, the WEB website of the member's special use that holds of operating to card company (credit card tissue or issuing bank) conducts interviews, and the input membership information (birthdate, telephone number, account number etc.) that the member knows that only holds, be sent to WEB website (among Fig. 6, (1)).
Receive the WEB website of the card company of membership information, there is the backbone system of the card company of this membership information to conduct interviews to registration, and to entrust check (among the Fig. 6, (2)) carry out the membership information registered in the membership information received and the backbone system based on system.The backbone system is to WEB website loopback checked result (among Fig. 6, (3)).
If checked result is OK, then is considered as member's the self acknowledging success that holds, and requires the registration of password from the WEB website to member PC.Member PC sends to WEB website (among Fig. 6, (4)) with password.
Receive the WEB website of password with the certificate server 7 (Fig. 6, (5)) of this identification number register to card company from member PC.
The password of this place registration is fixed password, is not the sort of disposal password that generates on net settlement assisting device.In other words, do not hold the member that holds of net settlement assisting device, when carrying out net settlement in the net settlement system, the member's that holds authentication method is can only be by the method for fixed password; In case card number and fixed password once known by the third party, then after the third party just can palm off the member that holds and carry out net settlement.
Again, do not hold the member that holds of net settlement assisting device for log-in password, and conduct interviews to the member's that holds WEB website, just can carry out the identification number register operation through behind the authenticate himself, the burden that therefore the member's side that holds is caused is larger.
Further, the member's that just do not hold burden is large, even in card company side, also needs to make up to allow the WEB website of member registration password of holding, and makes up the backbone system of the member's that is used for holding authenticate himself.
Again, the structure of net settlement assisting device is: usually can not leak card number, and only be known by the member that holds, or only input the authentication information that the member that only holds has, just can demonstrate card number; Further, because during net settlement, the employed password of the member's that holds authenticate himself is not fixed password, but disposal password, therefore, the third party will palm off the member that holds, and to carry out network commercial transactions be difficulty very
Above, although understand the embodiment of net settlement assisting device 1, but, net settlement assisting device of the present invention is not to be defined to the net settlement assisting device 1 that possesses the illustrated whole constitutive requirements of above-described embodiment, and can do various changes and correction, but realize the necessary constitutive requirements combination in any of each purpose, consist of net settlement assisting device of the present invention.Also certainly belong in the claim scope of the present invention about described change and correction again.
For example, in an embodiment, although understand the net settlement of the card number that uses credit card, but so long as carry out at least the card of net settlement by card number, except credit card, similarly be the embodiment of the cards such as transferred account card, also belong in the claim scope of the present invention.
Again, in the present embodiment, although be employed in the network commercial transactions that utilizes the card checkout, but the member only wishes to carry out network commercial transactions when holding, do not wish in the situation of the real face-to-face transaction due to the credit card that existing shaped plastics magnetic card, IC-card etc. consist of the distribution that also can not receive credit card; The owner of net settlement assisting device of the present invention not necessarily needs to hold the credit card of existing shaped plastics.
Again, for example, among the embodiment although understand, in the card image storage part 13 of 1 net settlement assisting device 1, store and have hold member's card image of 1 of a kind of card image, and the situation of in authentication information storage part 15, storing a kind of authentication information, but also can in card image storage part 13, store a plurality of card numbers.The authentication information of this moment, both public authentication informations in order to show a plurality of card numbers, also card number and authentication information are corresponding respectively, and be different according to the authentication information of inputting, and the card number that shows on the display 11 is also different.
Again, in the situation that mother and sons' credit card etc., same or a plurality of card number are used by many people, both can store different authentication informations in authentication information storage part 15 according to everyone, also can store public authentication information
Again, in above-described embodiment, although narrated card image and OTP information generated, be associated respectively at net settlement assisting device 1,1a and certificate server 7,7a, but in order to prevent the eavesdropping of card image, and mode is associated with non-directly, indirectly with card image and OTP information generated, also is contained in the claim scope.
Particularly, the card image of being inputted by member terminal 2 among the S10 of Fig. 3 is in S20,30, via shop allied terminal 3, intermediary server 5, finally be sent to certificate server 7,7a, but certificate server 7,7a convert the card number in the card image of receiving to the number of the uniqueness different with this card number at this moment, and via intermediary server 5, be sent to shop allied terminal 3 (among the S40,50).
Further, this unique number is sent to member terminal 2 from shop allied terminal 3, is sent to certificate server 7,7a (among the S60,70) via member terminal 2.
The certificate server 7,7a that receives this unique number is by transformation rule opposite when at first card number being converted to unique number, the number translated of uniqueness is become card number, with the associated OTP information generated that arrives of the card number that converts to, be used for the generation of disposal password.
So, be associated by number and the OTP information generated that makes card number and card number uniqueness in addition, card number is sent out in S10, S20, S30, on network 9a, do not have the card number circulation, therefore the possibility that is ravesdropping of card number can significantly reduce, and the lifting of security is contributed to some extent.
Again, although clear, member terminal 2 sends card images to shop allied terminal 3 in above-described embodiment, certificate server 7,7a be according to the trust from shop allied terminal 3, and in the S80 of Fig. 2, the situation of the member's that holds authenticate himself, but the present invention might not be confined to this.
For example, also can be first by member terminal 2 access registrar servers 7, then certificate server 7,7a can send to member terminal 2 with the authentication information input picture of the member's special use that holds, according to the card image and the disposal password that are input to this authentication input picture, the member's that between member terminal 2 and certificate server 7,7a, holds authenticate himself; For after being confirmed to be me, in predetermined condition (such as the schedule time, pre-determined number, predetermined shop allied etc.), by the website of member terminal 2 access shop allied terminals 3, and carry out network commercial transactions in its result.
In other words, net settlement assisting device of the present invention is between the certificate server 7,7a that is designed in member terminal 2 and card company side basically, the member's that holds authenticate himself, and after authentication, just can be actual in the website of shop allied etc., carry out network commercial transactions; Not necessarily to entrust as prerequisite take the authenticate himself from shop allied terminal 2.
Each unit among the present invention, database are only logically distinguished its function, on entity or in fact also can become same field.Again, also desirable generation database is used data file instead certainly, and also comprises data file in the record of database.
In above-described embodiment, although understand, terminal in the net settlement system or server, credit card tissue (provider of business transaction service), issuing bank's (main body of card is issued in the member's that holds acquisition to the member that holds), merchant bank's (acquisition contract management main body of shop allied), shop allied is operated separately, but, these all only are conceptive, difference on the role, on the entity, have issuing bank and merchant bank for the situation of one, or also creditable card tissue, issuing bank, merchant bank is the situation with one.
Therefore, for example, in this instructions, net settlement assisting device 1,1a are defined to by issuing bank to be provided.Again, the provider of net settlement system also not necessarily must be the credit card tissue.Again, issuing bank's terminal 6 and certificate server 7,7a and merchant bank's terminal 4 also can be same one.Again, any of intermediary server 5, other terminal or server all can be same one.
In addition, implementing when of the present invention, is that the storage medium of program that will store the software of the function that realizes present embodiment offers system, by the computing machine of this system the program of storing in the storage medium is read and is carried out, and realized.
At this moment, self can realize the function of embodiment the program of reading from storage medium, and the storage medium that stores this program consists of the present invention.
As the storage medium that is used to provide program, such as using disk, hard disk, CD, photomagneto disk, tape, Nonvolatile memory card etc.
Again, be not only by computing machine and carry out the function that the program of having read realizes above-mentioned embodiment, and according to the indication of this program, by the operating system etc. in the running on the computing machine carry out actual treatment partly or entirely, and by this situation of processing to realize the function of described embodiment, also covered among the present invention
Further, after the program that is read out from storage medium is written into the storage unit of the non-volatile or volatibility that possesses on the function expansion board that is inserted in the computing machine or the function expansion unit that is connected to computing machine, indication according to this program, the arithmetic processing apparatus that is possessed by function expansion board or function expansion unit etc. carry out actual processing partly or entirely, by this situation of processing to realize the function of described embodiment, also covered among the present invention.

Claims (6)

1. net settlement assisting device, be promisor's terminal of card promisor and the certificate server that carries out described promisor's authenticate himself each other in the net settlement system of network connection, the net settlement assisting device of the movable-type that is used during network commercial transactions in the checkout of the identifying information that has used described promisor, it is characterized in that
Described net settlement assisting device has:
Display;
The card image storage part, this card image storage part is with the pre-stored card image that the identifying information that comprises at least described promisor is arranged of the state that can't read from the outside;
The authentication information storage part, this authentication information storage part is with the pre-stored authentication information that has to carry out described promisor's authenticate himself of the state that can't read from the outside;
Disposal password information generated storage part, this disposal password information generated storage part take the state that can't read from the outside pre-stored have be associated with described card image and by the intrinsic disposal password information generated of described net settlement assisting device;
Input block, this input block is inputted described authentication information;
Authentication ' unit, this authentication ' unit is according to the input message of inputting from described input block, whether the operator who carries out described net settlement assisting device is described promisor's authenticate himself, when confirming as me, at least read the central described identifying information of described card image, and be shown on the described display; And
Disposal password generation unit, this disposal password generation unit generate disposal password according to described disposal password information generated, and are shown on the described display after described card image is shown,
Described promisor's terminal when being confirmed to be me, makes described network commercial transactions feasible by described disposal password is sent to the authenticate himself that described certificate server carries out described promisor.
2. net settlement assisting device as claimed in claim 1 is characterized in that,
Described authentication information is the predetermined password of described promisor;
Described input block is numerical key.
3. net settlement assisting device as claimed in claim 1 is characterized in that,
Described authentication information is the biological information that the biological feature with described promisor is quantized and forms.
4. net settlement assisting device as claimed in claim 1 is characterized in that,
Described disposal password information generated is public key;
In the described disposal password generation unit,
Detect pressing of scheduled operation key, the date time data that the time on date in the time of will being pressed by described operating key consists of is encrypted to generate disposal password with described public key.
5. net settlement assisting device as claimed in claim 1 is characterized in that,
The number of times information of utilizing that described disposal password information generated just is updated when being generated by public key and described disposal password is at every turn consisted of;
In the described disposal password generation unit,
Detect pressing of scheduled operation key, the described number of times information of utilizing is encrypted to generate disposal password with public key;
After described disposal password is generated, the number of times information of utilizing in the described disposal password information generated storage part is upgraded.
6. net settlement assisting device as claimed in claim 1 is characterized in that,
Described net settlement assisting device has tamper-resistance properties.
CN2006800552299A 2006-07-07 2006-07-10 Net settlement assisting device Active CN101496024B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2006188341A JP4388039B2 (en) 2006-07-07 2006-07-07 Internet payment system
JP188341/2006 2006-07-07
PCT/JP2006/313658 WO2008004312A1 (en) 2006-07-07 2006-07-10 Net settlement assisting device

Publications (2)

Publication Number Publication Date
CN101496024A CN101496024A (en) 2009-07-29
CN101496024B true CN101496024B (en) 2013-05-01

Family

ID=38894290

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2006800552299A Active CN101496024B (en) 2006-07-07 2006-07-10 Net settlement assisting device

Country Status (5)

Country Link
JP (1) JP4388039B2 (en)
KR (1) KR101248058B1 (en)
CN (1) CN101496024B (en)
TW (1) TW200805203A (en)
WO (1) WO2008004312A1 (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4936967B2 (en) * 2007-04-13 2012-05-23 株式会社東芝 Communication terminal device, information management system, and information management method
JP4824112B2 (en) 2007-12-19 2011-11-30 株式会社Icon Server apparatus and information providing method thereof
US20090287603A1 (en) * 2008-05-15 2009-11-19 Bank Of America Corporation Actionable Alerts in Corporate Mobile Banking
CN101789864B (en) * 2010-02-05 2012-10-10 中国工商银行股份有限公司 On-line bank background identity identification method, device and system
JP5589471B2 (en) * 2010-03-19 2014-09-17 大日本印刷株式会社 Royalty management system, royalty management method and token
FR2963191B1 (en) * 2010-07-23 2012-12-07 Viaccess Sa METHOD FOR DETECTING UNLAWFUL USE OF A SECURITY PROCESSOR
KR101242024B1 (en) * 2011-01-14 2013-03-11 시큐어플랫폼즈테크놀로지(주) Method for Controlling Display of OTP Device, and OTP Device
KR101249587B1 (en) * 2011-09-09 2013-04-01 아이리텍 잉크 Smart card with OTP including iris image information
KR20130100872A (en) * 2012-02-22 2013-09-12 주식회사 엘지씨엔에스 Payment method by means of one time response code, payment server and operator terminal performing the same
US9819676B2 (en) 2012-06-29 2017-11-14 Apple Inc. Biometric capture for unauthorized user identification
US9959539B2 (en) 2012-06-29 2018-05-01 Apple Inc. Continual authorization for secured functions
US9832189B2 (en) 2012-06-29 2017-11-28 Apple Inc. Automatic association of authentication credentials with biometrics
US10212158B2 (en) 2012-06-29 2019-02-19 Apple Inc. Automatic association of authentication credentials with biometrics
US10331866B2 (en) 2013-09-06 2019-06-25 Apple Inc. User verification for changing a setting of an electronic device
US20150073998A1 (en) 2013-09-09 2015-03-12 Apple Inc. Use of a Biometric Image in Online Commerce
CN104715361A (en) * 2013-12-17 2015-06-17 康迅数位整合股份有限公司 Mobile device paying system and method
US20150220931A1 (en) 2014-01-31 2015-08-06 Apple Inc. Use of a Biometric Image for Authorization
KR101623710B1 (en) * 2014-11-19 2016-05-24 주식회사 텔스카 System and method for wirelessly generating one-time password in line with transaction information
KR101663699B1 (en) * 2015-07-20 2016-10-17 주식회사 비즈모델라인 Method for Providing Network type OTP by using Biometrics
CN105208005B (en) * 2015-08-25 2019-10-11 宇龙计算机通信科技(深圳)有限公司 A kind of fingerprint verification method, connection equipment and terminal device
KR101636068B1 (en) * 2015-09-25 2016-07-06 주식회사 비즈모델라인 Method for Operating OTP using Biometric
CN109426913A (en) * 2017-08-31 2019-03-05 北京橙鑫数据科技有限公司 Management method, managing device and the electronic equipment of card
KR102005549B1 (en) 2018-08-09 2019-07-30 주식회사 센스톤 System, method and program for providing financial transaction by virtual code, vritual code generator and vritual code verification device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1353386A (en) * 2000-11-09 2002-06-12 金镇三 Card business confirmation method using finger print information and its system
JP2006146914A (en) * 2004-11-15 2006-06-08 Agilent Technol Inc Identification card with biosensor, and user authentication method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11316740A (en) * 1998-05-06 1999-11-16 Meidensha Corp One time password authentication system
JP2001312477A (en) * 2000-04-28 2001-11-09 Nippon Yunishisu Kk System, device, and method for authentication
JP2006072890A (en) * 2004-09-06 2006-03-16 Seiko Epson Corp Ic card
KR100548638B1 (en) * 2005-08-03 2006-02-02 주식회사 하이스마텍 Creating and authenticating one time password using smartcard and the smartcard therefor

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1353386A (en) * 2000-11-09 2002-06-12 金镇三 Card business confirmation method using finger print information and its system
JP2006146914A (en) * 2004-11-15 2006-06-08 Agilent Technol Inc Identification card with biosensor, and user authentication method

Also Published As

Publication number Publication date
JP2008015924A (en) 2008-01-24
TWI304190B (en) 2008-12-11
CN101496024A (en) 2009-07-29
WO2008004312A1 (en) 2008-01-10
KR101248058B1 (en) 2013-03-27
KR20090051147A (en) 2009-05-21
TW200805203A (en) 2008-01-16
JP4388039B2 (en) 2009-12-24

Similar Documents

Publication Publication Date Title
CN101496024B (en) Net settlement assisting device
US11392927B2 (en) Multi-function data key
JP5362558B2 (en) Identification method based on biometric features
US8423476B2 (en) Methods and apparatus for conducting electronic transactions
US6817521B1 (en) Credit card application automation system
US6282656B1 (en) Electronic transaction systems and methods therefor
CN100334830C (en) Automated transaction machine digital signature system and method
US20120032782A1 (en) System for restricted biometric access for a secure global online and electronic environment
US20060005022A1 (en) Authentication system
JP2008250884A (en) Authentication system, server, mobile communication terminal and program used for authentication system
SG186863A1 (en) Method and devices for creating and using an identification document that can be displayed on a mobile device
JP2010287250A (en) Authentication system for cashless payment
US20220351201A1 (en) Multi-Function Data Key
US6954740B2 (en) Action verification system using central verification authority
RU2568782C1 (en) Method and system for authentication and payment using mobile terminal
CA3154449C (en) A digital, personal and secure electronic access permission
JP5981507B2 (en) How to process payments
KR20120009931A (en) Voucher device, voucher managing system including the device, and managing method of the same
JP2009259297A (en) Network settlement auxiliary equipment
JP7486756B1 (en) Money Transaction System
KR102697250B1 (en) Commodity transaction system using electronic gift
TWI419536B (en) Integration of certificate and IC card management of the safety certification method
CN118975189A (en) Identity verification and related platform
JPH0446027B2 (en)
ITMI20011469A1 (en) PORTABLE AUTHENTICATION SYSTEM

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant