200805203 (1) 九、發明說明 【發明所屬之技術領域】 本發明係有關於網路結帳輔助裝置。 【先前技術】 • 先前,在行動電話機中儲存了信用卡或銀行卡等之卡 片識別資訊(卡號)及私密號碼,當被輸入至行動電話機的 Φ 私密號碼,和所儲存之私密號碼爲一致時,藉由在行動電 話機之顯示器上顯示卡號,就可使行動電話機也具備卡片 之機能(例如,參照專利文獻1)。 可是,此種附帶卡片機能的行動電話機上,存在著以 下說明之課題。 〔專利文獻1〕 . - ~ 日本特開2002-64597號公報 •]發明內容】 1發明所欲解決之課.題〕 , 對專利文獻1所記載之附帶卡片機能的行動電話機的 資料儲存、抹消等,是藉由通訊而進行。換言之,該行動 ' 電話機,係以被網路連接爲前提。 如此’右向可連接網路之f了動電目舌機,儲存卡號或私 密號碼’則因不正當存取等’這些卡號或私密號碼被惡意 第三者竊聽、篡改的危險性並非少到完全沒有,會造成安 全上的問題。 -4- 200805203 (2) 於是,若將行動電話機構成爲不可連接網路的話,則 搞不好可以使上述竊聽或篡改的疑慮消失。 可是’行動電話機’係除了基本的通話機能以外,也 具有網路通訊機能這是目前一般常見的,要使行動電話機 變成不可連接網路之構成,這在現實上是有困難的。又, 爲了要維持現狀的行動電話機之構成不變,且使已被儲存 之卡號或私密號碼無法從外部讀出,是必須要具備加密程 式等,會使構成變得複雜。 又,在專利文獻1之行動電話機的情形,即使不藉由 透過網路的不正當存取,也只要顯示在行動電話機之顯示 器上的卡號,一度被第三者偷看到,則第三者便可能使甩 該卡號,在網際網路上進行信用結帳_所致之網路商業交易 ,就迨點來說,安全性亦較低。 此外’本案專利申請人,係有鑑於上記這種僅用卡號 就可進行網路商業交易之情事,而正在開始用運一種除了 卡號之.提示外,仍須經過提示持卡會員所預先訂定的固定 密碼來進行持.卡會員的本人認證,才能進行網路商業交易 的此種網路結帳系統。 可是,若該固定密碼也一旦被.第三.者得知,則第三者 還是可假冒持卡會員來進行網路商業交易,這也不能說是 必然的安全。 本發明係有鑑於以上之先前問題點而硏發,其目的在 於’使得不正當存取等造成卡號或私密號碼被竊聽、篡改 的危險性消失,且能夠更安全地進行網路商業交易的網路 -5- 200805203 (3) 結帳輔助裝置。 〔用以解決課題之手段〕 申請項1之發明,係 一種網路結帳輔助裝置,係屬於可搬型之網路結帳輔 ' 助裝置,其特徵爲,具備:顯示器;和卡片資訊儲存部’ 是以無法從外部讀出之狀態預先儲存著,至少包含信用卡 或轉帳卡等之卡片契約者之識別資訊的卡片貪訊’和認證 資訊儲存部,是以無法從外部讀出之狀態預先儲存著’用 來進行前記契約者之本人認證的認證資訊;和otp生成資 訊儲存部.,是以無法從外部讀出之狀態預先儲存著被前 記卡片資訊所關連對應且爲前記網路結帳輔助裝置所固有 之otp生成資訊;和輸入手段,將前記認證資訊加以輸入 ;和認證手段,基於從前記輸入手段所輸入之輸入資訊., 由前記網路結帳輔助裝置之操作者,進行是否爲前記契約 φ 者的本人認證,若已經確認爲本人時,則至少讀出前記卡 片資訊當中的前記識別資訊,並顯示於前記顯示器上;和 ^ 一次性密碼生成手段,在前記卡片資訊被顯示後,< 基於前 記OTP生成資訊,生成一次性密碼,並顯示於前記顯示器 上;當藉由前記一次性密碼,進行了前記契約者之本人認 證,且已確認爲本人時’使得使用前記識別資訊之結帳所 致之網路商業交易成爲可行。 申請項2之發明,係 一種網路結帳輔助裝置,係屬於,信用卡或轉帳卡等 -6- 200805203 (4) 者終端,和 此連接網路 約者之識別 用的可搬型 帳輔助裝置 法從外部讀 識別資訊的 部讀出之狀 證的認證資 讀出之狀態 前記網路結 段”將前記 輸入手段所 操作者,進 爲本人時, ,並顯示於 記卡片資訊 性密碼,並 由將前記一 契約者的本 業交易成爲 之卡片契約者的行動電話或個人電腦等的契約 進行前記契約者本人認證的認證伺服器,是彼 而成之網路結帳系統中,在進行使用了前記契 資訊的結帳所致之網路商業交易之際,所被使 * 之網路結帳輔助裝置,其特徵爲’前記網路結 • 係具備:顯示器;和卡片資訊儲存部,是以無 出之狀態預先儲存著,至少包含前記契約者之 0 卡片資訊;和認證資訊儲存部,是以無法從外 態預先儲存著,用來進行前記契約者之本人認 訊;和OTP生成資訊儲存部,是以無法從外部 預先儲存著,被前記卡片資訊所關連對應且爲 帳輔助裝置所固有之OTP生成資訊;和輸入手 認證資訊加以輸入;和認證手段,基於從前記 輸入之輸入資訊,由前記網路結帳輔助裝置之 行是否爲前記契約者的本人認證,若已經確認 φ 則至少讀出前記卡片資訊當中的前記識別資訊 前記顯示器上;和一次性密碼:生成手段,在前 被顯示後,基於前記OTP生成資訊,生成一次 顯示於前記顯示器上;前記契約者終端,是藉 * 次性密碼發送至前記認證伺服器,來進行前記 人認證,當已確認爲本人時,則使前記網路商 可行。 若依據申請項1及申請項2之發明,則若藉由網路結 帳輔助裝置進行契約者之本人認證的結果,確認爲本人的 200805203 (5) 話,則由於即使是契約者本身也無法獲知卡片資訊,而卡. 片資訊是以無法從外部讀出之狀態而被儲存’因此’異於 卡片資訊會外露之先前的信用卡,可提高卡片資訊的隱匿 性,防止網路商業交易中的卡片資訊之不正當使用。 又,由於網路結帳輔助裝置係爲可搬型,因此無論契 • 約者身處何處,都可使用行動電話、在宅的個人電腦、外 出地的個人電腦,來進行安全的網路商業交易’增加網路 φ 商業交易的便利性。 又,因爲契約者的本人認證時,是使用基於網路結帳 輔助裝置中所儲存之契約者固有之OTP生成資訊而作成之 一次性密碼,因此,即使第三者獲得一次性密碍,也不能 _使用在下次的網路商業交易中。 一次性密碼生成用之OTP生成資訊,因爲是以無法從 外部讀出之狀態而被儲存,因此即使是契約者本人,也無 從得知OTP生成資訊,只有正在操作網路結帳輔助裝置的 • 契約者本人會獲知生成結果之一次性密碼。換言之,由於 第三者所致之一次性密碼生成是不可能發生,因此,可更 β 加保證網路商業交易的安全性。 而且,該一次性密碼的生成,係只有在網路結帳輔助 ^ 裝置上顯示了卡片資訊後才會進行,因此,不具有網路結 帳輔助裝置的第三者,就算僅得知識別資訊,也是不能生 成一次性密碼。又,即使第三者竊得了網路結帳輔助裝置 ,若沒有用來輸入網路結帳輔助裝置的認證資訊,也是無 法生成一次性密碼。 200805203 (6) 換言之,契約者,係在藉由網路結帳輔助: 手段接受了本人認證後,還會藉由認證伺服器 人認證,最終而言,一直到可進行網路商業交 須要經過基於2種互異之認證資訊的本人認證 加防止第三者所致之假冒,提高網路商業交易β * 申請項3之發明,係 一種網路結帳輔助裝置,其特徵爲,前記 φ 係爲前記契約者所預先訂定的私密號碼;前記 係爲數字鍵。 若依據申請項3的發明,則由於可使輸入 ’ 手段構成較爲廉價._,因此可謀求促進網路結帳 利用。 _ 申請項4之發明,係 一種網路結帳輔助裝置,其特徵爲,前記 係爲將前記契約者的指紋、虹膜、聲帶、臉部 φ 物性特徵加以數値化而成的生物資訊。 若依據申請項_4之發明,則因爲可以高精 .約者之本人認證,因此可以成爲即使網路結帳 竊,也不必擔心遭到惡用的網路結帳輔助裝置 申請項5之'發明,係 一種網路結帳輔助裝置,其特徵爲,前記 訊,係爲共通金鑰;前記一次性密碼生成手段 定操作鍵之壓下,而將前記操作鍵被壓下之曰 期資料,以前記共通金鑰予以加密然後生成一 裝置之認證 而接受到本 易爲止是必 ,因此能更 勺安全性。 認證資訊, 輸入手段, 手段及認證 輔助裝置之 認證資訊, 照片等之生 度來進行契 輔助裝置遭 〇 ΟΤΡ生成資 ,係偵測所 期所成之曰 次性密碼。 -9 - 200805203 (7) 申請項6之發明’係 一種網路結帳輔助裝置’其中’前記0TP生成資訊’ 係由共通金鑰,和前記一次性密碼每次被生成時就被更新 的利用次數資訊所構成;前記一次性密碼生成手段’係偵 * 測所定操作鍵之壓下’而將前記利用次數資訊以共通金鑰 * 予以加密而生成一次性密碼;在前記一次性密碼被生成後 ,將前記ΟΤΡ生成資訊儲存部內的利用次數資訊加以更新 此處所生成之一次性密碼,係使用共通金鑰,將在所 定按鍵.被按下之日期所成之日期資料或者每次一次性密碼 生成時就會被更新的利用次數資訊予以加密而成者。亦即 ,由於是屬於只有正在操作網路結帳輔助裝置的契約者才 可能作成的密碼’因此不持有網路秸帳輔助裝置的第三者 ,是無法假冒契約者來進行網路商業交易,可更加提升網 .路商業交易的安全性。 φ 申請項7之發明,係 一種網路結帳輔助裝置,其特徵爲,前記網路結帳輔 助裝置’係具備ί几外力入侵性(Tamper Proofness)。 若依據申請項7之發明,則由於網路結帳輔助裝置是 具備抗外力入侵性’故可謀求更加提升對第三者所致之卡 片資訊、認證資訊、0TP生成資訊之竊聽、篡改的安全性 提升。 〔發明效果〕 -10- 200805203 (8) 若依據本發明的網路結帳輔助裝置,則若藉由網路結 帳輔助裝置進行契約者之本人認證的結果,確認爲本人的 話,則由於即使是契約者本身也無法獲知卡片資訊,而卡 片資訊是以無法從外部讀出之狀態而被寧存,因此’異於 _ 卡片資訊會外露之先前的信用卡,可提高卡片資訊的隱匿 - 性,防止網路商業交易中的卡片資訊之不正當使用。 又,由於網路結帳輔助裝置係爲可搬型,因此無論契 0 約者身處何處,都可使用行動電話、在宅的個人電腦、外 出地的個人電腦,來進行安全的網路商業交易,增加網路 商業交易的便利性。 - 又,因爲契約者的本人認證時’是使用基於網路結帳 輔助裝置中所儲存之契約者固有之OTP生成資訊而作成之 一次性密碼,因此,即使第三者獲得一次性密碼,也不能 使用在下次.的網路商業交易中。 _ 一次性密碼生成用之OTP生成資訊,因爲是以無法從 φ 外部讀出之狱態而被儲存,因此即使是契約者本人,也無 從得知OTP生成資訊,只有正在操作網路結帳輔助裝置的 契約者本人會獲知生成結果之一次性密碼。換言之,由於 第三者所致之一次性密碼生成是不可能發生,因此,可更 ‘ 加保證網路商業交易的安全性。 而且,該一次性密碼的生成’係只有在網路結帳輔助 裝置上顯示了卡片資訊後才會進行,因此,不具有網路結 帳輔助裝置的第三者,就算僅得知識別資訊,也是不能生 成一次性密碼。又,即使第三者竊得了網路結帳輔助裝置 -11 - 200805203 Ο) ,若沒有用來輸入網路結帳輔助裝置的認證資訊,也是無 法生成一次性密碼。 換言之,契約者,係在藉由網路結帳輔助裝置之認證 手段接受了本人認證後,還會藉由認證伺服器而接受到本 人認證,最終而言,一直到可進行網路商業交易爲止是必 ' 須要經過基於2種互異之認證資訊的本人認證,因此能更 加防止第三者所致之假冒,提高網路商業交易的安全性。 【實施方式】 以下,針對本發明之理想實施形態,基於添附圖面來 詳細說明。圖1(a)係網路結帳輔助裝置1的外觀圖,圖 1 (b)係網路結帳輔助裝置1的電氣硬體之構成圖。 網路結帳輔助裝置1,係在信用卡或轉帳卡等之卡片 契約者之契約者終端(行動電話或個人電腦等),和進行契 約者本人認證的認證伺服器(通常是由持卡會員所保有), φ 是彼此有網路連接而成的網路結帳系統中,當契約者是使 用該當契約者之識別資訊來進行結帳,以進行網路購物等 . 之網路商業交易之際所被使用者;如圖1(a)所示,具有可 收容於手掌程度的外形,是由薄型且可手持搬運的框體i 〇 所構成,在框體1 0的外表面上,外露出顯示器1 1、和按 鍵操作部1 2。 此外’本實施例的顯示器11,係爲8位數顯示之顯示 器;按鍵操作部1 2,係由〇〜9的數字鍵1 2 a,和開始鍵 12b所構成。 -12- 200805203 (10) 框體10的內部,係如圖1(b)所示,是除了顯示器11 、按鍵操作部12以外’還有用來作爲卡片資訊儲存部13 、認證資訊儲存部1 5、認證手段1 4、OTP生成手段1 6、 OTP生成資訊儲存部17、計時手段18而發揮各種機能的 硬體(C P U、記億體),和用來驅動這些硬體電氣零件(顯示 器1 1、按鍵操作部12、CPU、記憶體)的驅動用電源19( 電池)所構成。 ^ 此外,本實施例的框體1 1中’係除了顯示器1 1和按 鍵操作部1 2之驅動用電源1 9以外’還設有內藏s IΜ等 1C卡的插槽,在該當插槽中插入IC卡而使用。然後’上 記.C P U和記憶體,係使用該IC卡中含有者。_如後述,卡 片資訊儲存部13、認證資訊儲存部15、OTP生成資訊儲 存部1 7中,由於係記憶著每位契約者互異之資訊’因此 ,將此類資訊儲存在1C卡之記憶體中’插入插槽而使用 ,藉此,框體10本身係可爲各契約者皆爲共通’且框體 φ 10本身係不保有個人資訊,因此.,除了可提升框體10的 生產性,同時可使框體1 〇的取用、管理更爲容易.。 又,本實施例之驅動用電源1 9,雖然爲鈕扣型電池’ 〃但亦可爲太陽電池或充電池等。又,網路結帳輔助裝置1 係亦可設計成,在通常時保持電源〇FF狀態,而在例如, 當有按鍵操作部1 2之任一鍵被操作時’才啓動電源。 本實施例之卡片資訊儲存部13、認證資訊儲存部15 、OTP生成資訊儲存部17,具體而言’是由儲存著後述之 卡片資訊、認證資訊、OTP生成資訊之每一者的記憶體所 -13- 200805203 (11) 構成;記憶體係在實體上爲將這些資訊綜合儲存之1個記 憶體,亦可爲2個以上之記憶體。 本實施例之認證手段1 4及OTP生成手段1 6,具體而 言,係由被儲存在記憶體的程式所構成;網路結帳輔助裝 ' 置1內的CPU,會從記憶體中讀出該當程式並執行,以實 ' 現這些認證手段1 4及OTP生成手段1 6之機能。此外,在 不具備CPU、記憶體的網路結帳輔助裝置上,認證手段 φ 14、OTP生成手段16之機能,亦可使用電子零件以電路 方式來加以實現。 本實施例的網路結帳輔助裝置1,係從基於與信用卡 組織(credit card · brand)的授權契約而發行.信用卡的發卡銀 _行(若爲轉帳卡,則是發行轉帳卡的銀行或者卡片發行公 司.)來對每一位持卡會員也就是契約者,於發卡銀行中以 每位契約者所固有之卡片資訊、認證資訊、OTP生成資訊 是被記錄在記憶體之狀態下,所發配出來者(發配的形態 馨 可爲借給、讓渡);且被構成爲,在發配後,記憶體的儲 存內容(卡片資訊儲存部13、認證資訊儲存部1 5、OTP生 成資訊儲存部17),是無法從外部讀出〃 | 又,即使是被發配網路結帳輔助裝置1的契約者本身 ’也無法從外部讀出記憶體的記錄內容。契約者本身,係 只有契約者的本人認證被進行、且確認爲本人時,才能藉 由卡片資訊被顯示在顯示器1 1上’而僅能得知該當卡片 資訊,除此以外的狀態下,卡片資訊係被隱匿化。 之所以設計成不讓記憶體的儲存內容可從外部讀出的 -14- 200805203 (12) 理由,是因爲網路結帳輔助裝置1是不具備連接網際網路 等之網路的介面,是屬於非網路連接型的終端。 此外,爲了更加提升對記憶體儲存內容之竊聽、篡改 的安全性,網路結帳輔助裝置1、或內藏於網路結帳輔助 裝置1的SIM等1C卡,係亦可具備抗外力入侵性(若試圖 ' 分解、或從記憶體直接讀取內容,則記憶體的記錄內容會 被抹除、或是程式變成無法啓動之性質)。 φ 以下,針對網路結帳輔助裝置1之各部細節加以說明 〇 卡片資訊儲存部1 3,係爲將至少包含契約者之識別資 訊的卡片資訊,以無法從外部讀出之狀態預先記憶而成的. 記憶體;本實施例之卡片資訊,係由契約者固有之識別資 訊(卡號)、有效期限、和安全碼(以所定之方法預先加密過 的3位數之1 0進位數。通常在塑膠型的信用卡的簽名板 上有被印出。藉由該數字,就可確認該卡片的真正性 >所 Φ 構成。又,亦可包含名義人名。又,卡片資訊亦可僅單純 由識別資訊來搆成。又,有效期限、安全碼、名義人名之 . 全部並不需要一定被卡片資訊所包含,亦可適宜地組合-1 者以上來構成卡片資訊。 認證資訊儲存部1 5,係契約者所訂定之私密號碼,或 將契約者的指紋、虹膜、聲帶、臉部照片等之生物性特徵 予以數値化而成之生物資訊等,進行契約者本人認證所需 之認證資訊,以無法從外部讀出之狀態,預先儲存成的記 憶體。 -15- 200805203 (13) 此外,認證資訊儲存部1 5中所儲存之認證資訊’係 異於網路結帳系統中的認證伺服器在契約者本人認證時所 用之認證資訊,係爲網路結帳輔助裝置1爲了進行契約者 本人認證所必須之認證資訊。又,認證伺服器中的認證資 訊和網路結帳輔助裝置1中的認證資訊,係爲種類互異者 〇 OTP生成資訊儲存部1 7,係爲網路結帳輔助裝置1所 固有之OTP生成資訊,是以無法從外部讀出之狀態而先儲 存而成之記憶體;本實施例之Ο T P生成資訊,係爲網路結 帳輔助裝置.1上所固有的共通金鑰;共通金鑰,係在進行 被OTP生成手段16所生成之一次性密碼之驗證的伺-服器( 後述之實施例中的認證伺服器)中,和儲存在卡片資訊儲 存部13之識別資訊,建立有關連對應。 此外,共通金鑰,係於網路商業交易中,只會被儲存 在進行契約者本人認證之認證伺服器、和網路結帳.輔助裝 置1的金錄;在本實施例中 '後述之OTP生成手段16, 在生成一次性密碼時會使用到。 認證手段1 4,係爲用來進行確認網路結帳輔助裝置1 之操作者,是否爲可利用卡片資訊儲存部13中所儲存之 識別資訊的契約者(持卡會員)之本人認證的手段;係確認 從輸入手段(本實施例中係爲數字鍵12a)所輸入之輸入資 訊’和認證資訊儲存部1 5中所儲存之認證資訊是否一致 ’當爲一致時,則視爲網路結帳輔助裝置1之操作者爲該 當契約者本人,而至少將卡片資訊儲存部13中所儲存之 -16- 200805203 (14) 卡片資訊當中的識別資訊予以讀出,並顯示於顯示器11 上的手段。 本實施例的認證手段14,係操作者壓下了按鍵操作部 1 2的開始鍵1 2b,就接受開始鍵1 2b之壓下偵測而開始啓 動。然後,一旦操作者壓下了相當於輸入手段的數字鍵 • 1 2a而輸入了 4位數的數字,則認證手段1 4,係確認所輸 入之數字,和認證資訊儲存部1 5中所儲存之私密號碼是 φ 否一致,若爲一致,則在顯示器1 1上顯示出卡片資訊。 認證資訊若像本實施例是私密號碼,則作爲輸入手段 係只要數字鍵即可,輸入資訊和認證資訊之一 ·致判斷處理 也可容易進行,可以較廉價的構成來實現網路..結帳裝置1 ,可謀求促進網路結帳裝置1之利用。 本實施例之認證資訊雖然係爲4位數的私密號碼,但 認證方法及認證資訊並非侷限於此,亦可適宜地組合複數 種認證方法所致之認證手段,若採用複數認證手段,則其 φ 可換來認證精度之提高,可防止第三者所致之網路結帳輔 助裝置的惡用。 . /…例如,認證手段1 4,:若採用生物計量認證方法,則認 證資訊係爲生物計量資訊(指紋、虹膜、臉部照片等之生 物性特徵予以數値化而成之資料),又,輸入手段係改爲 用來輸入這些生物計量資訊的掃描器、麥克風、數位攝影 機等。 由於生物計量認證方法,係爲高精度的認證方法,因 此即使網路結帳輔助裝置1被第三者竊取,則只要不是身 -17- 200805203 (15) 爲網路結帳輔助裝置1所被發配的契約者,就無法使用網 路結帳輔助裝置1,而可防止遭到惡用。 又,本實施例之認證資訊的私密號碼中,除了數字以 外,還可含有英文字母;此時,除了數字鍵以外,網路結 帳輔助裝置還需要備有英文字母鍵。 I OTP生成手段16,係在藉由認證手段14而顯示出卡 片資訊後,基於OTP生成資訊儲存部17中所儲存之OTP φ 生成資訊(本實施例中係爲共通金鑰),來生成一次性密碼 ,並顯示於顯示器1 1上的手段。 該一次性密碼,係從契約者終端被發送至認證伺服器 ,並由認證伺服器進行契約者本人認證之際,與在認證伺 服器上基於OTP生成資訊所生成之一次性密碼進行核對時 所使用。然後,當這些一次性密碼的核對結果爲一致,而 被認證伺服器確認爲本人時,使用該當契約者之識別資訊 的結帳所致之網路商業交易,就變成可行。 φ 本實施例中,在認證手段14所致之認證被進行過, 且卡片資訊被顯示於顯示器11上後,一旦操作者按下開 . 菇鍵12b,則開始鍵12b被按下這件事,即成爲令OTP生 成手段啓動之契機.,而會生成、顯示一次性密碼。 • 此外,本實施例之OTP生成手段16,雖然係由詳細 後述的時間同步方式來生成一次性密碼,但亦可以其他的 生成方式,例如:計數器同步方式、或挑戰&回應方式, 來生成一次性密碼。 計時手段1 8,係爲本實施例之OTP生成手段1 6以時 -18- 200805203 (16) 間同步方式生成一次性密碼時所必須的手段,係爲計時的 手段。此外,計時手段1 8 ’係可由即時時鐘來構成,或可 將計時程式儲存於記憶體’由CPU將該當計時程式讀出 並執行而實現計時機能的方式。又,OTP生成手段1 6,係 當以時間同步方式以外的方式來生成一次性密碼的時候, • 係可不須計時手段1 8 ’取而代之而附加上各生成方式所必 須之手段。 φ 本實施例中,OTP生成手段1 6係如前述,認證手段 1 4係接受在顯示器1 1上顯示之卡片資訊,而成爲開始鍵 1 2b之壓下偵測等待狀態。OTP生成手段1 6,係一旦測出 開始鍵1 2b之壓下,則將測出壓下之事傳達給計時手段1 8 。計時手段1 &,係計時開始鍵1 2b被測出壓下之日期,將 日期資料(年月日時分秒。秒係以30秒爲單位)交付給 OTP生成手段16。 然後,OTP生成手段16,係從OTP生成資訊儲存部 • 1 7讀出共通金鑰.,將所被交付之日期資料.,以讀出之共通 金鑰予以加密,將其轉換成十進位數,顯示於顯示器1 1。 此外,本實施例之加密方式,雖然是採用共通金鑰加密方 式,但亦可用其他的加密方式。 ^ ^ 若依據以上說明之網路結帳輔助裝置1,則藉由網路 結帳輔助裝置1來進行契約者之本人認證,並確認爲本人 時,認證手段1 4所顯示之卡片資訊,係被輸入至從可進 行卡片結帳之加盟店的網站或認證伺服器所發送過來之顯 示於契約者終端上的卡片資訊輸入畫面後,就可被發送至 -19- 200805203 (17) 網站或認證伺服器。 如此,若藉由網路結帳輔助裝置1,進行契約者之本 人認證而確認爲本人,亦即,若所輸入之輸入資訊,是和 網路結帳輔助裝置中所儲存之認證資訊一致,則由於即使 '是契約者本身也無法獲知卡片資訊,而卡片資訊是以無法 - 從外部讀出之狀態而被儲存,因此,異於卡片資訊會外露 之先前的信用卡,可提高卡片資訊的隱匿性,防止網路商 φ 業交易中的卡片資訊之不正當使用。 又,由於網路結帳輔助裝置係爲可搬型,因此無論契 約者身處何處,都可使用行動電話、在宅的個人電腦、外 出地的個人-電腦,來進行安全的網路商業交易,增加销路 - 商業交易的便利性。 , 又,OTP生成手段16所顯示的OTP生成手段16,係 在被輸入至從進行契約者之本人認證的認證伺服器所發送 過來之顯示於契約者終端的一次性密碼輸入畫面後,除了 φ 被發送至認證伺服器,還藉由與認證伺服器所生成之一次 性密碼的核對,當爲一致時,則確認爲本人,使用契約者 識別資訊的結算所致之網路商業交易就變成可進行。 如此,因爲契約者的本人認證時,是使用基於網路結 * 帳輔助裝置中所儲存之契約者固有之otp生成資訊而作成 之一次性密碼,因此,即使第三者獲得一次性密碼,也不 能使用在下次的網路商業交易中。 一次性密碼生成用之OTP生成資訊’因爲是以無法從 外部讀出之狀態而被儲存,因此即使是契約者本人,也無 -20- 200805203 (18) 從得知OTP生成資訊,只有正在操作網路結帳輔助裝置的 契約者本人會獲知生成結果之一次性密碼。換言之,由於 第三者所致之一次性密碼生成是不可能發生,因此,可更 加保證網路商業交易的安全性。 而且,該一次性密碼的生成,係只有在網路結帳輔助 * 裝置上顯示了卡片資訊後才會進行,因此,不具有網路結 帳輔助裝置的第三者,就算僅得知識別資訊,也是不能生 Φ 成一次性密碼。又,即使第三者竊得了網路結帳輔助裝置 ,若沒有用來輸入網路結帳輔助裝置的認證資訊,也是無 法生成一次性密碼。 換言之,契約者,係在藉由網路結帳輔助裝置之認證 手段接受了本人認證後,還會藉由認證伺服器而接受到本 人認證,最終而言,一直到可進行網路商業交易爲止是必 須要經過基於2種互異之認證資訊的本人認證,.因此能更 加防止第三者所致之假冒,提高網路商業交易的安全性。 @ 此外,認證資訊儲存部1^5係亦可設計成,除了上述 認證資訊以外,還會以認證手段1 4所進行之一致判定處 _ 理,發現輸入資訊和認證資訊並不一致時,預先儲存著可 接受輸入資訊重新輸入的次數(錯誤容許次數)。_此诗,網 * 路結帳輔助裝置1或認證手段1 4,係構成爲也要具備計數 手段(計數器)。 然後,在認證手段14進行一致判定處理的流程中, 當輸入資訊和認證資訊不一致時,則每次在其發生時,計 數手段就會從1起往上計算,並比較被加算後的數字與錯 -21 200805203 (19) 誤容許次數,當加算後的數字超過了錯誤容許次數時,以 降就使認證手段14不進行自身的處理,並且也使otp生 成手段1 6不啓動,以使認證流程及OTP生成流程不被進 行。 藉此,就可防止惡意第三者盜用網路結帳輔助裝置1 * 來處理認證資訊然後輸入,結果導致卡片資訊或一次性密 碼被不幸被顯示在顯示器11上。 Φ 此外,當加算後的數字沒有超過錯誤容許次數,而輸 入資訊和認證資訊一致時,認證手段1 4雖然會在顯示器 11上進行卡片資訊之顯示,但此時被計數的數字,會被重 設(初期化)變成〇 〇 此處,將網路結帳·輔助裝置1的操作程序及顯示器1 1 之畫面遷移之一例,示於圖5。此外,本實施例之顯示器 1 1 ’係爲8位數的央數子··記號顯不用顯不器。 / 首先,·一旦開始鍵· 1 2b被操作者按下,則網路結·帳輔 φ 助裝置1的電源便啓動(s2〇o),在顯示器11上會顯示「 APPLI j (S2 10) ’因此當想在開始鍵12b被按下後(S225) 還曼顯示卡片資訊時,操作者係按下數字鍵12a的「1」 (S 23 0);當想要進行認證資訊(私密號碼)之變更時,則按 下數字鍵12a的「2」.(S3 3 0)。 由於當「1」被按下的時候(S 23 0),顯示器1 1上會顯 示「PIN」,所以操作者係將作爲認證資訊的4位數私密 號碼,從數字鍵12a中選擇出來並按下(S240)。其後,開 始鍵12b被按下(S245),已按下之私密號碼,若和認證資 -22 - 200805203 (20) 訊儲存部1 5中所儲存之認證資訊一致,則將卡片資訊儲 存部1 3中所儲存之卡片資訊當中,首先將識別資訊(以下 稱之爲卡號)的前8位數,顯示於顯示器1 l(S250)。 接著,一旦開始鍵12b被按下(S25 5),則卡號的後8 位數會被顯示在顯示器1 1上(S 2 6 0 )。 接著,一旦開始鍵12b被按下(S26 5),則有效期限和 安全碼會被顯示在顯示器11上(S270)。此外,S265和 S 2 70之流程並非必須,亦可僅顯示出卡片資訊當中的卡 號即可。 接著,一旦開姶鍵12b被按下(S275).,則顯示器11 會顯·示「OTP = 1」,而進行要生成、顯示一次性密碼,或 是否結束之選擇。此處,在開始鍵12b被按下後(S290), 再按下數字鍵12 a的「1」(S29 5),則顯示器11上會顯示 催促認證資訊之輸入的「PIN」(S3 05),因此,操作者係 再度從數字鍵1 2 a按下4位數的私密號碼,並按下開始鍵 12b(S310) 〇 已按下之私密號碼’若和認證貧訊儲存部1 5中所儲 存之認證資訊一致,則·基於OTP生成資訊儲存部17中所 儲存之OTP生成資訊,生成一次性密碼’並將其顯示在顯 示器1 1上(S3 1 5)。 然後若開始鍵12b再次被按下(S320),則網路結帳輔 助裝置1的電源就被切斷。 當數字鍵1 2 a「1」以外的鍵被按下’或任一鍵都沒被 按下、經過了預先決定之所定時間後(S 3 0 0)’則網路結帳 -23- 200805203 (21) 輔助裝置1會自動地切斷電源。 此外,S 2 4 0和S 3 0 5中所輸入之私密號碼,係亦可爲 卡片資訊顯示用和一次性密碼生成用是個別的私密號碼, 此時,認證資訊儲存部1 5中,是將各個私密號碼予以區 別而儲存。 •又,本實施例中’雖然是在一次性密碼顯示於顯示器 11的流程(S3 15)之前,以S3 05再度向操作者催促輸入認 φ 證資訊,但是,亦可設計成省略S3 05,僅須S3 10之開始 鍵1 2b按下,就可生成一次性密碼。 S225之後,若數字鍵12a的「2」被按下(S 3 3 0),貝[] 顯示器11上會顯示「CHANGE ?」(S 3 3 5 )。 一旦開始鍵12b被按下(S34〇),則在顯示器11上會 顯示「PIN」,催促私密號碼之輸入,因此,操作者係從 數字鍵1 2 a按下4位數之私密號碼後(S 3 4 5 ),再按下開始 .鍵12b(S 3 5 0),若已被按下之私密號碼,是和認證資訊儲 ⑩ 存部1 5中所儲存之認證資訊一致.,則用來催促變更後之 私密號碼輸入的「NEW1」會顯示於顯示器1 1上,因此, 操作者係從數字鍵12a按下變更後的私密號碼(S3 55) ’然 後再按下開始鍵12b(S360)。 ’ 其次,因爲於顯示器1 1上會顯示用來催促再次輸入 變更後私密號碼的「NEW2」’因此操作者要再度從數字 鍵12a按下變更後之私密號碼(s 3 6 5) ’然後按下開始鍵 12b(S370)。 若S 3 5 5中被按下之私密號碼,和S3 6 5中所按下之私 -24 - 200805203 (22) 密號碼一致,則顯示器1 1上會顯示旨在表示私密號碼變 Η已完成之「COMPLETE」(S375),因此一旦在經過確認 後,開始鍵12b被按下(S3 8 0),則私密號碼的變更程序就 完成,電源會被切斷。 此外,爲了提升安全性,S 3 5 5和S 3 6 5中,即使有從 - 數字鍵1 2 a進行輸入,所輸入的値也不會被顯示在顯示器 1 1上,較爲理想。 〔實施例1〕 以下,針對被發給了圖1所示之網路結帳輔助裝置1 的信用卡契約者也就是信用卡會員(以下稱之爲持卡會員) ,去使用網路結帳輔助裝置1,從具有通訊機能的個人電 腦或行動電話,藉由使用該當持卡會員之卡號的結帳,來 進行網路購物等之網路商業交易(以下稱之爲網路商業交 易)時的一實施例,加以說明。、 Φ 本實施例之網路結帳系統的系統構成和網路連接'關係 ’示於圖2的系統構成圖。又,本實施例之網路結帳系統 中的網路商業交易之流程,示於圖3的流程圖。 此外,本實施例中,網路結帳系統中提供網路商業交 易服務者,係爲信用卡組織(credit cardbrand)。 持卡會員,假設係除了預先對發卡銀行進行信用卡的 串辦’接受信用卡的發行,同時還從發卡銀行,接受發配 了儲存有每位持卡會員所固有之認證資訊(持卡會員在申 辦信用卡時所登錄之私密號碼或指紋資訊等之生物資訊) -25- 200805203 (23) 、卡片資訊(每位持卡會員所固有之卡號、有效期限)、 OTP生成資訊(共通金鑰)的網路結帳輔助裝置1。 又,本實施例中,雖然圖1(b)所示之網路結帳輔助裝 置1之構成當中,除了顯示器1 1和按鍵操作部1 2和驅動 用電源19之構成,係預先儲存在SIM等1C卡中,並藉由 • 在設於框體1〇之1C卡插槽(未圖示)中插入該當1(:卡,來 實現網路結帳輔助裝置1之機能,但是,網路結帳輔助裝 0 置並非一定要具備1C卡,當不具備1C卡的情況,係只要 網路結帳輔助裝置本身,有具備CPU或記憶體即可。 又,本實施例的網路結、帳輔.助裝置1,雖然係爲利用 了使用持卡會員識別資訊之結帳、亦即卡片結帳的網路商 業交易中所被使用者,但當持卡會員只希望進行網路商業 交易,不希望先前之塑膠型磁卡、1C卡等所成之信用卡所 致之真實的面對面交易的情況下,亦可不受到信用卡之發 行。 Φ 又’當信用卡組織,也有進行發卡銀行之業務的情況 下,亦可從信用卡組織來發配網路結帳輔助裝置1。 會員終端2,係爲契約者之終端,是持卡會員使用網 路結帳輔助裝置1進行網=路商業交易所需之終端,係爲至 少具有通訊機能和瀏覽顯示機能的個人電腦、行動電話等 終端 加盟店終端3,係除了向會員終端2提供虛擬店舖(網 站),接受商品或服務之訂購以外,還向發卡銀行側委託 已下訂之持卡會員的本人認證,在進行過持卡會員之本人 -26- 200805203 (24) 認證後,對收單銀行(基於與信用卡組織之授權契約,進 行加盟店之獲得·契約.管理業務等),委託進行授權(調查 所訂購之商品或服務之金額份的信用額度在持卡會員身上 是否還有剩餘,若有剩餘信用額度則將該金額份確保成結 帳用)的終端。 • 收單銀行終端4,係爲將從加盟店終端3所受取的授 權委託’再委託給發卡銀行側(授權再轉送)之終端。 φ 仲介伺服器5,係擔任加盟店終端3和後述之認證伺 服器7的仲介,亦即,是在會員終端2和加盟店終端3之 間’擔任持卡會員之認證服務之仲介角色的伺服器。 .仲介伺服器5,在本實施例中係爲信用卡組織所營運 的伺服器,是儲存著用來識別使用網路結帳輔助裝置1的 網路商業交易服務所對應之加盟店的加盟店讖別資訊,和 用來識別使用網路結帳輔助裝置1之網路商業交易服務所 .對應之發卡銀行的發卡銀.行識別資訊。 φ 此外,本實施例之網路結帳系統中,當混合有不使用 網路結帳輔助裝置1之網路商業交易服務存在時,則仲介 伺服器5,需要將不支援使用網路結帳輔助裝置1之商業 交易服務的加盟店及發卡銀行的識別資訊.,和上記加盟店 識別資訊及發卡銀行識別資訊加以區別而儲存。 發卡銀行終端6,係爲接取從收單銀行終端4收到的 授權委託,進行授權之終端。 認證伺服器7,係在進行網路商業交易之際’早於授 權’先進行持卡會員本人認證的彳司服器。本貝施例中’ δ忍 -27- 200805203 (25) 證伺服器7,係爲發卡銀行所營運的伺服器,是連接著發 卡銀行終端6,並且是將可能進行使用網路結帳輔助裝置 1之網路商業交易的持卡會員的卡片資訊(卡號、有效期限 )及OTP生成資訊(網路結帳輔助裝置1所固有之共通金鑰 ),以彼此互相建好關連的狀態,加以儲存。換言之,每1 • 持卡會員,都被建立關聯有卡片資訊和OTP生成資訊,而 被儲存在認證伺服器7中。 φ 此外,往認證伺服器7的這些資訊之儲存,係在向持 卡會員發配網路結帳輔助裝置1之同時期,或約略該時期 之前後時進行。 _ 圖.2中,會員終端2、加盟店終端3、仲介伺服器5、 認證伺服器7間,係分別藉由網際網路等網路9a而連接 . ;加盟店終端3 _、收單銀行終端4、發卡銀行終端6,係分 別藉由專線9b而連接。 .此外,發卡銀行終端6及認證伺服器7,係對每個發 φ .卡銀行個別準備,其分別皆是對會員終端2、收單銀行終 端4、仲介伺服器5,以網路9a、專線9b而連接。 / 、 .又,加盟店終端J也是對每個加盟店個別準備,其分 別皆是對會員終端2_、仲介伺服器5、收單銀行終端4,以 網路9a、專線9b而連接。 以下,基於圖3之流程圖及圖2之系統構成圖,說明 使用網路結帳輔助裝置1的網路商業交易之流程。持卡會 員,係從會員終端2,透過網路9a,向虛擬店舖(Web網 站)的加盟店終端3進行存取,並閱覽商品或服務。然後 -28- 200805203 (26) ,一旦決定了要訂購之商品或希望的服務,則會員終端2 ,係向加盟店終端3,發送關於訂購商品或希望服務是希 望用卡片結帳所致之網路商業交易之意旨。 加盟店終端3,係令會員終端2,顯示如圖4 (a)所示 之卡片資訊輸入畫面100,並向會員終端2請求輸入並發 * 送卡號及卡片之有效期限。 於是,一旦持卡會員按下了網路結帳輔助裝置1的開 Φ 始鍵1 2b,則網路結帳輔助裝置1的認證手段1 4便啓動, 網路結帳輔助裝置1成爲等待認證之狀態。接下來,持卡 會貝’係將本人認證所必須之輸入貪訊(本實施例中係爲4 位數的私密號碼),從數字鍵1 2a進行輸入。此外,此處 所輸入之4 ·位數的私密號碼,是預先在持卡會員申辦卡片 時就已經決定妥當,且已經被儲存在網路結帳輔助裝置.1 內的認證資訊儲存部1 5中。 認證手段1 4,係將認證資訊儲存部1 5中所儲存之認 _ 證資訊加以讀出,並確認是否和從數字鍵12a所輸入之輸 入資訊一致。然後,當兩者爲一致時,認證手段1 4,係從 . 卡片資訊儲存部1 3讀出作爲卡片資訊的卡號和有效期限 — ,並顯示於顯示器11上。 然後,若卡號和有效期限全部在顯示器11上顯示完 畢,則認證手段14,係將顯示完畢的意旨,傳達給OTP 生成手段16。藉此,OTP生成手段16,係成爲後述之一 次性密碼生成等待狀態。 此外,本實施例中,由於顯示器Π所能顯示的位數 -29 - 200805203 (27) 限制爲8位數,因此認證手段1 4,係先將從卡片資訊儲存 部1 3讀出之卡號進行分割處理而分成前8位和後8位, 然後在顯示器1 1上,先顯示卡號的前8位。持卡會員, 係基於該顯示,在卡片資訊輸入畫面1 〇〇的卡號輸入欄 100a中輸入卡號的前8位數。 • 一旦卡號的前8位數的輸入結束,則持卡會員係按下 開始鍵1 2 b。認證手段1 4,係接受開始鍵1 2 b的按下偵測 φ ,而將卡號的後8位數顯示於顯示器1 1上。持卡會員, 係基於該顯示,在卡片資訊輸入畫面100的卡號輸入欄 1 0 0 a中輸入卡號的後8位數。 一旦卡號的後8位數的輸入結束,則持卡會員係按下 開始鍵12b。認證手段1 4.,係接·受開始鍵1 2b的按下偵測 ,而將有效期限以4位數(MM(月)/YY(年))顯示出來。持 卡會員,係基於該顯示,在卡片資訊輸入畫面1 〇〇的有效 期限輸入欄1 〇〇b中,輸入有效期限。 φ 此外,當顯示器的顯示領域、可顯示位數還有餘裕時 ,當然亦可將卡號一次全部顯示在顯示器上,又,亦可將 、 卡號和有效期限一次全部顯示出來。又反之,當顯示器的 可顯示位數是少於8位數時,認證手段14係可配合可顯 示位數,將從卡片資訊儲存部1 3中讀出之卡片資訊予以 預先分割妥當,藉由開始鍵1 2b或其他任意鍵的按下,而 依序地顯示出已分割之卡片資訊。 如以上,網路結帳輔助裝置1,係僅當所輸入之輸入 資訊,是和認證資訊儲存部1 5中所儲存之認證資訊一致 -30- 200805203 (28) 時,才在顯示器11上顯示卡片資訊,因此,若不知道認 證資訊,則第三者即使盜取網路結帳輔助裝置1,也無從 得知內部的卡片資訊。因此,相較於有印出卡片資訊的先 前信用卡,安全性較高,不會有卡片資訊被惡用在網路商 業交易的疑慮。 持卡會員係輸入完卡號及有效期限(此外,圖4之卡 片資訊輸入畫面1 00中雖未顯示,但亦可將訂購之商品· • 服務名、金額、3了購日、加盟店名、商品的發送地等資訊 ,顯示於同一畫面上),便點選卡片資訊輸入畫面1 〇 〇內 的送訊鈕100c。藉由送訊鈕100c被點選,在加盟店終端 3側,已輸入之卡片資訊.會被發送(S 10)。 從會員終端2,接收到訂購之商品·服務名、金額、訂 購日、加盟店名、商品的舉送地等相關之訂購資訊,和訂 購商品之.結帳所用的卡片的卡.號和有效期限等之卡片資訊 的加盟店終端3,係除了已接收到的卡片資訊以外,還將 • 對每一加盟店賦予之加盟店識別資訊,發送到透'過網路9a 而連接之仲介伺服器5,要求確認持卡會員是否是接受使 . 用紐路結帳輔助裝置1之商業交易服務的會員(認證執行 可否確認)(S20) 〇 仲介伺服器5,係確認已收到之加盟店識別資訊,是 否和所保有之加盟店識別資訊一致(加盟店認證)。若這些 資訊一致,則從有參加使用網路結帳輔助裝置1之商業交 易服務的加盟店的加盟店終端3,就可向仲介伺服器5進 行存取。若不一致,則由於來自沒有參加使用網路結帳輔 -31 - 200805203 (29) 助裝置1之商業交易服務的加盟店的加盟店終端3的存取 係爲不正當存取,因此不會進入以後的流程。 仲介伺服器5,係基於從有參加使用網路結帳輔助裝 置1之商業交易服務的加盟店終端3所收到之持卡會員的 卡片資訊,特定出發行了該當持卡會員之卡號的發卡銀行 • ,向已被特定之發卡銀行的認證伺服器7,發送卡片資訊 ,並要求確認持卡會員是否是接受使用網路結帳輔助裝置 φ 1之商業交易服務的會員(認證執行可否確認)(S30)。 本實施例之仲介伺服器5中,係儲存著識別發卡銀行 的發卡銀行識別資訊,仲介伺服器5,係基於已收到之卡 片資訊來檢索發卡銀行識別資訊,特定出發卡銀行。 換言之,本實施例的仲介伺服器5,係並非直接進行 認證執行可否確認,而是進行加盟店認證,同時基於從加 盟店終端3接收到的卡片資訊,特定出發行了持卡會員之 . 卡號的發卡銀行,向已被特定之發卡銀行的認證伺服器7 φ ,傳送卡片資訊,並負責將從該當認證伺服器7所接收到 的認證執行可否結果,傳送至加盟店終端3。 此外,在本實施例中,仲介伺服器5雖然是由信用卡 /組織所營運的伺服器,但亦可由各個加盟店終端3來具備 ' 其,此時,就可直接從加盟店終端3向認證伺服器7,進 行認證執行可否確認的要求。又,亦可在認證伺服器7上 ,進行加盟店認證。 認證伺服器7,係藉由確認從仲介伺服器5所收到之 卡片資訊是否已經有被登錄在認證伺服器7中,來進行持 -32- 200805203 (30) 有該當卡片資訊之持卡會員是否爲接受了使用網路結帳輔 助裝置1之商業交易服務的持卡會員之確認(認證執行可 否確認),並將其結果,回送給仲介伺服器5(S40)。此外 ,認證執行可否確認結果,係若從仲介伺服器5接收到的 卡片資訊是有被登錄在認證伺服器7中則爲「可」,若沒 有被登錄則爲「否」。 然後,接收到認證執行可否確認結果的仲介伺服器5 ,係將該結果傳送至加盟店終端3(S 50)。 當持卡會員之認證執行可否確認結果爲「可」時,則 意味著該持卡會員係爲接受了使用網路結帳輔助裝置1之 商業交易服務,因此加盟店終端3,係進入進行該持卡會 員的本人認證要求的流程(S60)。具體而言,加盟店終端3 係對會員終端2,發送認證執行可否結果,同時還發送之 前進行過認證執行可否確認之發卡銀行的認證伺服器7的 URL·資訊。 . 從加盟店終端3收到認證要求的會員終端2,係基於 所收到之URL,向之前被仲介伺服器5所存取之同一認證 伺服器7進行存取,進行認證要求(S70)。此外,S70的流 程,係從S60起以一連串方式進行;可以用作爲會員終端 2使用之個人電腦或行動電話的瀏覽器所一般具備之重新 導向機能等來加以實現,讓持卡會員不會有所意識,就可 在會員終端2內部自動進行處理之流程。 認證伺服器7,係向會員終端2,催促一次性密碼之 送訊,並基於從會員終端2所接收到的一次性密碼,進行 -33- 200805203 (31) 持卡會員的認證(S80)。 具體而言,認證伺服器7,係從存取過來的會員終端 2,接收卡片資訊及訂購資訊,並確認擁有該卡片資訊的 持卡會員,是否爲剛才從加盟店終端3透過仲介伺服器5 、受到認證執行可否確認要求的持卡會員。此確認係預定 ^ 之所定時間前留下是否有從仲介伺服器5接收該當卡片會 員之卡片資訊的日誌,並藉由確認從會員終端2接收到之 φ 持卡會員之卡片資訊,是否和所定時間前留在日誌中之卡 片資訊一致而爲之。 此外,訂購資訊,係可不是從會員終端2發送,而是 亦可設計成i在S20、30的流程中,從加盟店終端3透過. 仲介伺服器5而發送至認證伺服器7 ;或亦可在從加盟店 終端3向會員終端2發送認證伺服器7的URL資訊之際 ,一起被發送,而在會員終端2向認證伺服器7進行存取 之際,轉送給認證伺服器7。 馨 又,興、證伺服器7所進行之,存取過來之會員終端2 的持卡會員,和從加盟店終端3接受認證執行可否確認要 、 求之持卡會員是否爲同一的確認,可並不僅藉由卡片資訊 之核對,而是亦可設計成,從會員終端2及加盟店終端3( 直接或透過仲介伺服器5)雙方接收訂購資訊,而也一倂進 行這些資訊的核對。 認證伺服器7,一旦確認了是從之前接受認證執行可 否確認要求之持卡會員的網路結帳輔助裝置1來的存取, 則認證伺服器7係基於所收到之訂購資訊,作成如圖4(b) -34- 200805203 (32) 所示之一次性密碼輸入畫面101,並發送至有存取之會員 終端2。 圖4(b)之一次性密碼輸入畫面1 01中,會顯示持卡會 員正在進行網路商業交易之對象也就是加盟店名、欲訂購 丨 之商品.服務之金額、訂購曰。 ' 一旦在會員終端2上顯示出一次性密碼輸入畫面1〇1 ,則持卡會員,係按下網路結帳輔助裝置1的開始鍵1 2b φ 。網路結帳輔助裝置1的OTP生成手段16,係一旦偵測 到開始鍵1 2b按下,則從一次性密碼生成等待狀態,進入 一次性密碼生成流程。 0TP.生成手段1 6,係將儲存在0TP生成資訊儲存部 1 7中的共通金鑰讀出,藉由計時手段1 8進行計時,將根 據開始鍵1 2b被按下的日期所成之日期資料(年月日秒、 秒係爲3 0秒單位),以該共通金鑰進行加密而生成一次性 密碼,並將其轉換成1〇進位數,顯示於顯示器11上。此 φ 外,本實施例之加密方式係採用共通金鑰加密方式。又, 由於本.實施例之顯示器11之可顯示位數係爲8位數,因 此顯示器:1 1上會顯示出所生成之一次性密碼的前6〜8位 數i ' 持卡會員,係在顯示於會員終端2之一次性密碼輸入 畫面101的密碼輸入欄l〇la中,輸入被顯示在網路結帳 輔助裝置1之顯示器1 1上的一次性密碼,並點選送訊鈕 1 〇 1 b,則已輸入之一次性密碼會被發送至認證伺服器7。 此外,一次性密碼的輸入結束後,持卡會員再度按下 -35- 200805203 (33) 網路結帳輔助裝置1的開始鍵1 2b,就可使網路結帳輔助 裝置1之顯示器11上所顯示之一次性密碼變成不顯示, 這在安全性的觀點上較爲理想。又在此同時,也將電源關 閉,在省電觀點上較爲理想。 從會員終端2接收到一次性密碼的認證伺服器7,首 先係藉由會員終端2之識別號碼等之核對、或該當會員終 端2個別生成並發送過來之對一次性密碼輸入畫面1 0 1是 否有回訊,確認該會員終端2是否爲剛才要求一次性密碼 送訊之對方。 .確認後,認證伺服器7,係基於要求一次性密碼之送 訊之前就接收到之持卡會員的卡片資訊,從OTP生成資訊 之中,取出和該卡號關連登錄的共通金鑰,並將認證伺服 器7從會員終端2接收一次性密碼之日期所成之日期資料 (年月日秒、秒係爲30秒單位),以該共通金鑰進行加密而 生成一次性密碼,並將其轉換成十進位數。此外,本實施 ~例之加密方式,係採用共通金鑰加密方式。 .如此一來,認證伺服器7,係確認認證伺服器7所生 成之一次性密碼,和之前從會員終端2所接收到之一次性 密碼,是否一致。若爲一致,則可證明該一次性密碼,係 確實爲藉由僅儲存於網路結帳輔助裝置1和認證伺服器7 的共通金鑰,在幾乎同時刻所作成之一次性密碼。 換言之,將一次性密碼發送至認證伺服器7的會員終 端2之操作者,係爲該當一次性密碼生成時所用之共通金 鑰、及該當共通金鑰所關聯到之卡片資訊所被儲存之網路 -36- 200805203 (34) 結帳輔助裝置1之操作者;且係爲可利用該當卡片資訊的 持卡會員本人,藉此,要求網路商業交易的持卡會員的本 人確認就被進行了。 此外,一次性密碼生成手段,是採用本實施例此種時 間同步方式時,網路結帳輔助裝置1在生成一次性密碼時 ^ 所用的日期,和認證伺服器7在生成一次性密碼時所用的 曰期,係不一定嚴密地相同,因此,考慮到從認證伺服器 φ 7生成一次性密碼起,至持卡會員按下網路結帳輔助裝置 1的開始鍵1 2b,網路結帳輔助裝置1生成一次性密碼爲 止的時間差,本實施例中,係將日期資料的秒解析力設爲 .3 0 秒。 可是,只有當被兩者所生成之一次性密碼是完全一致 的情況下,才能認可持卡會員之真正性,持卡會員按下網 路結帳輔助裝置1的開始鍵1 2b以生成一次性密碼,因此 .,若一直到認證伺服器7從會員終端2 .接收一次性密碼爲 φ .止的期間是經過了 3α秒以上的情形下,光是如此,一次 性密碼就會不一致,導致無法認證的事態增加,反而會有 ^ :損網路商業交易的便利性。 / 因此,認證伺服器7,係當即使從會員終端2收到之 一次性密碼是不一致時,仍會將從會員終端2收到之一次 性密碼的日期,往前後錯開Ν次回χ3 0秒份,在認證伺服 器7側上重新生成一次性密碼,若和會員終端2側上所生 成之一次性密碼一致,則視爲持卡會員的本人確認成功。 此外,Ν係考慮安全性的精度,而預先決定妥當◊亦 -37- 200805203 (35) 即,當想要提高安全性精度時,則將N設定得較小;當想 要降低安全性精度而以持卡會員側的便利性爲優先時,則 將N設定得較大。 認證伺服器7,係將一次性密碼核對所致之持卡會員 的認證結果,發送至會員終端2(S90)。此外,具體而言, * 認證伺服器7,係對會員終端2,除了發送認證結果,還 發送加盟店終端3的URL資訊,並從會員終端2向加盟 φ 店終端3轉送認證結果。 收到認證結果的會員終端2,係將該當認證結果(本人 認證OK、本人認證NG),再轉送至加盟店終端3(S10〇p 此外,S100的流程,係和S70同樣地,從S90起以一連 串方式進行;可藉由會員終端2的瀏覽器之重新導向機能 來實現,實際上,係讓持卡會員不會有所意識,而在會員 終端2內部自動進行處理之流程。 加盟店終端3 ·,係從會員終端·2接收認證結果,且認 馨 證結果爲,持卡會員被確認爲本人時(本人認證ΟΚ),則 向收單銀行進行該當持卡會員的授權要求,因此,除了向 / 收單銀行終端4,發送持卡會員之卡片資訊、和結帳希望 金額(持卡會員所欲訂購之商品·服務之機能)所成之交易資 料以外,還發送該當認證結果(S 11 0>。此外,交易資料, 係亦可在S 1 0中,從會員終端2有訂購資訊和卡片資訊送 訊時之時點上就已被生成,且被記憶在加盟店終端3中, 而是將其加以讀出。 收單銀行終端4,係基於從加盟店終端3接收到之交 -38- 200805203 (36) 易資料和認證結果,並基於本人認證OK的持卡會員之卡 號’來特定出卡片發行源的發卡銀行,並向已特定之發卡 銀行的發卡銀行終端6,轉送交易資料和認證結果(S 120) 〇 收到交易資料和認證結果之發卡銀行終端6,係基於 ' 未圖示之會員資料庫中所儲存之每位會員的會員資訊或授 信資訊,來確認交易資料中所含之結帳希望金額,是否爲 φ 受到授權委託之持卡會員的信用額度範圍內。若結帳希望 金額是在信用額度範圍內,則當成授權OK,結帳希望金 額份的信用額度會被確保下來。 然後,發卡銀行終端6,係將授權的結果(授權〇κ、 授權NG)發送至收單銀行終端4(S 130),然後收單銀行終 端4,係向加盟店終端3,轉送授權結果(S 140)。 然後,加盟店終端3,係從收單銀行終端4接收到授 權結果後,將該結果通知給會·員終端2(S 150)。具體而言 • ’當授權結果爲OK時,則加盟店和持卡會員之間,使用 該當持卡會員之卡號的結帳所致之網路商業交易係爲成立 . 之意旨的_畫面會發送至會員終端2,並顯示在會員終端2 上。又.,當授權結果爲N G時,係將網路商業交易不成立 之意旨的畫面發送至會員終端2,並顯示之。 此外,本實施例中,認證伺服器7中的使用一次性密 碼之本人認證,係在會員終端2和加盟店終端3之間每次 進行網路商業交易時,就會被進行。換言之,本實施例之 OTP生成手段1 6所生成之一次性密碼,係僅限1次的網 -39- 200805203 (37) 路商業交易中是有效的,所以即使未持有網路結帳輔助裝 置的第三者竊聽到一次性密碼,第三者仍無法僞裝成持卡 會員而進行以降的網路商業交易,因此可更加提升商業交 易的安全性。 〔實施例2〕 其次,針對被發配網路結帳輔助裝置la(未圖示)之持 卡會員,去使用該當網路結帳輔助裝置1 a,從具有通訊機 能的個人電腦或行動電話,藉由使用該當持卡會員之卡號 的結帳,進行網路商業交易時之一實施例,加以說明。 本賓施例和之前的實施例1的不同點是,網路結帳輔 助裝置所具備之OTP生成手段1 6的一次性密碼生成方法 ,和OTP生成資訊儲存部17.的儲存內容,和圖3中的會 員終端2與認證伺服器7(本實施例中係爲認證伺服器7a) 之間的認證流程(S80、S90)的內容等。 亦_即,雖然在先前之實施例1中,一次性密碼生成方 法係設計成時間同步方式,但在本實施例中,是採用利用 次數同步方式。伴隨於此,本實施例之網路結帳p助裝置 i a中,圖!中所記載之計時手段〗8,是被取代成計數手 段18 a(未圖示)。 關於網路結帳輔助裝置1、1 a和認證伺服器7、7a, 除了上述相異點以外之構成,以及S80、S90以外之流程 ,因爲是和圖1〜圖3所示之實施例相同,所以以下使用 圖1〜圖3,僅說明圖3的S 8 0、S 9 0之部份的詳細流程。 -40 - 200805203 (38) 本實施例之OTP生成資訊儲存部17中所儲存之OTP 生成資訊,係由網路結帳輔助裝置la所固有之共通金鑰 ,和利用次數資訊所構成。 其中,共通金綸,係以在OTP生成資訊儲存邰17內 * 不可改寫的狀態而被儲存,且於進行OTP生成手段16所 * 生成之一次性密碼之驗證的認證伺服器7a中,是被建立 關連對應至被儲存在卡片資訊儲存部1 3的卡號。 φ 利用次數資訊,係和共通金鑰同樣地,於認證伺服器 7a中,被建立關連對應至卡片資訊儲存部13中所儲存的 卡號。 . . .. .換言之,這些OTP生成資訊係以和卡號建立關連的 狀態,在認證伺服器7a中也被儲存;當認證伺服器7a從 會員終端2接收一次性密碼之際,與會員終端2同樣地, 認證伺服器7a上也會生成一次性密碼,藉由.確認兩者是 否一致,就可進行一次性密碼的妥當性驗證.、持卡會員之 • 認證。 又,利用次數資訊=,係爲僅當有來自 0TP生成手段 1 6的改寫指令時才可以改寫之資訊,藉由計數手段1 8 a, 0次、1次、2次這種一次加1的加算,或1 00次、9 9次 ‘ 、98次這種一次減1的減算後,加算或減算後的數値,會 被儲存在0TP生成資訊儲存部1 7中,利用次數資訊會被 更新。此外,加算或減算,係爲預先決定。 此外,計數手段18a,係亦可被含在0TP生成手段16 ,或可有別於0TP生成手段1 6而另外設置,但後者的時 -41 - 200805203 (39) 候,必須要由OTP生成手段1 6來控制計數手段1 8 a,使 得利用次數資訊的改寫會被進行。 圖3的S80中,首先,認證伺服器7a,係向會員終端 2,催促一次性密碼之送訊,並基於從會員終端2所接收 到的一次性密碼,進行持卡會員的認證。 ' 具體而言,認證伺服器7a,係從存取過來的會員終端 2,接收卡片資訊及訂購資訊,並確認擁有該卡片資訊的 φ 持卡會員,是否爲剛才從加盟店終端3透過仲介伺服器5 、受到認證執行可否確認要求的持卡會員。此確認係預定 之所定時間前留下是否有從仲介伺服器5接收該當卡片會 員之卡片資訊的日誌,並藉由確認從會員終端2接收到之 持卡會員之卡片資訊,是否和所定時間前留在日誌中之卡 片資訊一致而爲之。 此外,訂購資訊,係可不是從會員終端2發送,而是 亦可設計成,在S20·、30的流程中,從加盟店終端3透過 # 仲介伺服器5而發送至認證伺服器7a ;或亦可在從加盟店 終端3向會員終端2發送認證伺服器7a的URL資訊之際 ,——起被發送,而在會員終端2向認證伺服器7a進行存 取之際,轉送給認證伺服器7a。 又,認證伺服器7a所進行之,存取過來之會員終端2 的持卡會員,和從加盟店終端3接受認證執行可否確認要 求之持卡會員是否爲同一的確認,可並不僅藉由卡片資訊 之核對,而是亦可設計成,從會員終端2及加盟店終端3 ( 直接或透過仲介伺服器5)雙方接收訂購資訊,而也一倂進 -42- 200805203 (40) 行這些資訊的核對。 認證伺服器7 a,——旦確認了是從之前接 否確認要求之持卡會員的網路結帳輔助裝置 . 則認證伺服器7a係基於所收到之訂購資震 4(b)所示之一次性密碼輸入畫面101,並發: 會員終端2。 圖4(b)之一次性密碼輸入畫面101中, % 員正在進行網路商業交易之對象也就是加盟 之商品.月艮務之金額、訂購日。 一旦在會員終端2上顯示出一次性密碼 ,則持卡會員,係按下網路結帳輔助裝置1 。網路結帳輔助裝置1的OTP生成手段16 到開始鍵12b按下,則從一次性密碼生成等 一次性密碼生:成流程。 ' OTP生成手段16,係將OTP~生成資訊信 ^ 儲存之共通金鑰和利用次數資訊予以讀出, _ . - : 次數資訊,以共通金鑰加密而生成一次性密 ' 成1 〇進位數,_顯示於顯示器1 1上。 .此外,本實施例中,是將利用次數資訊 一次性密碼生成演算法,來生成一次性密碼 又,由於本實施例之顯示器1 1之可顯 位數,因此顯示器11上會顯示出所生成之 前6〜8位數。 此外,0ΤΡ生成資訊,係除了上記利用 受認證執行可 1來的存取, 开,作成如圖 送至有存取之 會顯示持卡會 店名、欲訂購 輸入畫面101 的開始鍵12b ,係一旦偵測 待狀態,進入 奮存部17中所 並將該當利用 碼,將其轉換 ,使用所定之 〇 不位數係爲8 一次性密碼的 次數資訊和共 -43- 200805203 (41) 通金鑰以外,亦可含有其他僅網路結帳輔助裝置1 a與認 證伺服器7a兩者可獲知的任意資訊(例如,原則(policy)等 );此時,利用次數資訊,和該當任意之資訊,亦可被共 通金鑰所加密,來生成一次性密碼。 OTP生成手段1 6,係在生成一次性密碼後,對計數手 • 段1 8 a,將剛才讀出之利用次數資訊,加算或減算1,然 後將OTP生成資訊儲存部1 7的利用次數資訊予以改寫、 φ 更新。 持卡會員,係在顯示於會員終端2之一次性密碼輸入 畫面101的密碼輸入欄101a中,輸入被顯示在網路結帳 輔助裝置1之顯示器1 1上的一次性密碼,並點選送訊鈕 10 1b,則已輸入之一次性密.碼會被發送至認證伺服器7a。 此外,一次性密碼的輸入結束後,持卡會員再度按下 網路結帳輔助裝置1的開始鍵12b,就可使網路結帳輔助 裝置1 .之顯示器1 1上所顯示之一次性密碼變成不顯示, φ 這在安全性的觀點上較爲理想。又在此同時,也將電源關 閉,在省電觀點上較爲理想。 從會員B端2接收到一次性密碼的認證伺服器7 a,首 先係藉由會貝終端2之識別號碼等之核對、或該當會員終 端2個別生成並發送過來之對一次性密碼輸入晝面1 〇丨是 否有回訊’確認該會員終端2是否爲剛才要求一次性密碼 送訊之對方。 確認後,認證伺服器7 a,係基於要求一次性密碼之送 訊之前就接收到之持卡會員的卡片資訊,從〇 T P生成資訊 -44 - 200805203 (42) 之中,取出和該卡號關連登錄的共通金鑰和利用次數資訊 ,並將利用次數資訊以共通金鑰加密而生成一次性密碼, 並將其轉換成十進位數。 此外,本實施例.中,是將利用次數資訊,使用所定之 一次性密碼生成演算法,來生成一次性密碼。又,OTP生 ‘ 成資訊中,若含有任意之資訊,則除了利用次數資訊以外 ,該當任意資訊也會一倂被共通金鑰所加密。 φ 如此一來,認證伺服器7a,係確認認證伺服器7a所 生成之一次性密碼,和之前從會員終端2所接收到之一次 性密碼,是否一致。若爲一致,則可證明該一次性密碼, 係確竇爲藉由僅儲存於網路結帳輔助裝置1和認證伺服器 7 a的利用次數資訊和共通金鑰所作成之一次性密碼。 換言之,將一次性密碼發送至認證伺服器7a的會員 終端2之操作者,係爲該當一次性密碼生成時所用之利用 次數資訊和共通金鑰、及該當利用次數資訊和共通金鑰所 φ 關聯到之卡片資訊所被儲存之網路結帳輔助裝置1之操作 者;且係爲可利用該當卡片資訊的持卡會員本人,藉此, _ 要求網路商業交易的持卡會員的本人確認就被進行了。 認證伺服器7a,係將一次性密碼核對所致之持卡會員 之認證結果(本人認證OK、本人認證NG),發送至會員終 端2,同時還將之前一次性密碼生成時所用到的利用次數 資訊,以預先決定之演算方法進行加算或減算,並將其演 算結果當成認證伺服器7a內的利用次數資訊,加以改寫 、更新。 -45- 200805203 (43) 此外,一次性密碼生成方式,在採用如本實施例的利 用次數同步方式時,即使會員終端2及網路結帳輔助裝置 la的操作者是正當的持卡會員,可是仍有可能因網路結帳 輔助裝置1 a在生成一次性密碼時所用的利用次數資訊、 和認證伺服器7a在生成一次性密碼時所用的利用次數資 * 訊爲不同,導致一次性密碼不一致的情形。 持卡會員,即使以網路結帳輔助裝置1 a生成一次性 φ 密碼,但也並不必然保證會被發送至認證伺服器7a,當持 卡會員在網路商業交易的中途不慎發生斷線時,或者,有 可能原本就不是要進行網路商業交易,而是操作網路結帳 輔助裝置1 a來亂玩―而不慎生成了一次性密碼。此種情況 下,由於網路結帳輔助裝置la的利用次數資訊係被更新 ,可是認證伺服器7a的利用次數資訊未被更新,所以, .當然所生成之一次性密碼就不會一致。 可是,若只有當被兩者所生成之一次性密碼是完全一 φ 致的情況下,才能認可持卡會員之真正性,則會導致認證 NG增加,反而有損網路商業交易之便利性。 因此,認證伺服器7a,係當即使從會員終端2收到之 一次性密碼是不一致時,仍會將認證伺服器7 a中所儲存 之利用次數資訊在·所定範圍(例如,利用次數資訊+N)內加 以變更,在認證伺服器7a側重新生成一次性密碼,若和 會員終端2側上所生成之一次性密碼一致,則視爲持卡會 員的本人確認成功。 此外,N係考慮安全性的精度,而預先決定妥當。亦 -46- 200805203 (44) 即,當想要提高安全性精度時,則將N設定得較小;當想 要降低安全性精度而以持卡會員側的便利性爲優先時,則 將N設定得較大。 如以上,若使用本發明之網路結帳輔助裝置來進行網 路商業交易,則在將卡片資訊輸入至卡片資訊輸入畫面之 • 際,被輸入至網路結帳輔助裝置的輸入資訊,只要和網路 結帳輔助裝置中所儲存之認證資訊不一致,則即使是持卡 φ 會員本身也無從得知卡片資訊,因此,和卡片資訊會外露 之先前的信用卡不同,卡片資訊的隱匿性較高,可防止網 路商業交易中的卡片資訊之不正當使用。 又,由於網路結帳輔助裝置係爲可搬型,因此無論持 卡會員身處何處,都可使用行動電話、.在宅的個人電腦、 外出地的個人電腦._,來進行安全的網路商業交易,增加網 路商業交易的便利性。 又’網路商業交易被進行之際的持卡會員之本人認證 φ ,係依據網路結帳铺助裝置所生成之一次性密碼,和認證 伺服器所生成之一次性密碼是否一致而爲之。 … 此一次性密碼,係網路結帳輔助裝置所固有,且僅被 -儲存在網路結帳輔助裝置及認證伺服器中,而且是使用即 使是持卡會員.本身都無從得知的共通金鑰,將在每次偵測 到所定鍵按下之曰期所成之日期資料或者一次性密碼之生 成時就被更新的利用次數資訊予以加密而成者。 亦即’由於是屬於只有正在操作網路結帳輔助裝置的 持卡會員才可能作成的認證資訊,因此不持有網路結帳輔 -47- 200805203 (45) 助裝置的第三者,是無法假冒持卡會員來進行網路商業交 易,可更加提升網路商業交易的安全性。 而且,該一次性密碼的生成,係只有在網路結帳輔助 裝置上顯示了卡片資訊後才會進行,因此,不具有網路結 帳輔助裝置的第三者,就算僅得知卡號,也是不能生成一 • 次性密碼。又,即使第三者竊得了網路結帳輔助裝置,若 沒有用來輸入網路結帳輔助裝置的認證資訊,也是無法生 φ 成一次性密碼。換言之,由於無論第三者是否有得到網路 結帳輔助裝置,都無法假冒持卡會員來進行網路商業交易 ,因此商業交易的安全性可受到保證。 此外”一次性密碼之生成方法,係不限於上記實施例 的時間同步方式,只要是在網路結帳輔助裝置和認證伺服 器之間,能夠進行擁有網路結帳輔助裝置之持卡會員之本 人認證即可。 又,由於網路結帳輔助裝置係採用網路非連接型的構 φ 成,所以一度被儲存於網路結帳輔助裝置中的卡片資訊、 認證資訊、OTP生成資訊,係無法被不正當存取等所讀出 . ,而且就連.被發配網路結帳輔助裝置的持卡會員,也是無 法將其讀出。 假設,若網路結帳輔助裝置是可連接個人電腦或行動 電話等之終端,則當網路結帳輔助裝置和終端的連接中, 發生了某種不良情況時,該不良的原因,究竟是在網路結 帳輔助裝置側、還是在終端側,此種責任劃分點會不明確 。因此,採用網路非連接型之構成的網路結帳輔助裝置, -48- 200805203 (46) 對於責任劃分點的明確而言,是有效的。 此處’不持有網路結帳輔助裝置的持卡會員,在本實 施例之網路結帳系統中,進行網路商業交易時的事前登錄 之系統構成及流程,示於圖6。 持卡會員’係從會員pc,向卡片公司(信用卡組織或 •發卡銀行)所營運之持卡會員專用的WEB網站進行存取, 並輸入了只有持卡會員知道的會員資訊(出生年月日、電 φ 話號碼、帳戶號碼等),然後發送至WEB網站(圖6中, ⑴)。 接收到會員資訊的卡片公司的 WEB網站,係向.有登 錄該當會員資訊之卡片公司的基幹系統進行存取,並向基 幹系統委託進行所收到之會員資訊、和基幹系統中所登錄 之會員資訊的核對(圖6中,(2))。基幹系統,係向WEB 網站回送核對結果(圖6中,(3))。 右核封結果爲〇 K ’則視爲持卡會員之本人確認成功 . .: _ ,並從WEB網站,向會員PC,要求密碼之登錄〆會員 PC,係將密碼發送給WEB網站(圖6中,(4))。 , 從會員PC接收到密碼的WEB網站,係將該當密碼, 登錄至卡片公司之認證伺服器7(圖6中,(5))。 此處所登錄之密碼,係爲固定密碼,並非在網路結帳 輔助裝置上所生成的那種一次性密碼。換言之,未持有網 路結帳輔助裝置的持卡會員’在網路結帳系統上進行網路 結帳的時候,持卡會員的認證方法,係只能藉由固定密碼 的方法;一旦卡號和固定密碼被第三者一度獲知,則以後 -49- 200805203 (47) 第三者就能夠假冒持卡會員來進行網路結帳。 又’未持有網路結帳輔助裝置之持卡會員,係爲了登 錄密碼,而向持卡會員之WEB網站進行存取,經過本人 認證後才能進行密碼登錄作業,因此對持卡會員側造成的 負擔較大。 甚至,不只是持卡會員的負擔大,即使在卡片公司側 ’也是需要架設用來讓持卡會員登錄密碼的WEB網站, 架設用來進行持卡會員之本人認證的基幹系統。 又,網路結帳輔助裝置係構成爲,通常不會外露卡號 ’而僅爲持卡會員所獲知,或只有在輸入了僅持卡會員具 有之認證資訊―,才—會顯示出卡號;甚至,由於網—路結帳之 際,持卡會員之本人認證所使用的密碼,係並非固定密碼 ,而是一次性密碼,因此,第三者要假冒持卡會員來進行 網路商業交易是極爲困難的。 以上,雖然說明了網路結帳輔助裝.置1 .的實施例,但 • . 是,本發明的網路結帳輔助裝置,係並非被限定於具備上 記實施例所說明..之全部構成要件的網路結帳輔助裝置1 ’ 而是可作各種變更及修正,實現每個目的所必須之構成要 件可任意組合,來架構本發明之網路結帳輔助裝置。又, 關於所述變更及修正也當然屬於本發明之申請專利範圍中 〇 例如,在實施例中,雖然說明了使用信用卡的卡號的 網路結帳,但只要是至少藉由卡號來進行網路結帳的卡片 ,除了信用卡以外,像是轉帳卡等之卡片所致之實施例’ -50- 200805203 (48) 也是屬於本發明之申請專利範圍中。 又,本實施例中,雖然.是使用卡片結帳之網路商業交 易中所使用,但當持卡會員只希望進行網路商業交易,不 希望先前之塑膠型磁卡、1C卡等所成之信用卡所致之真實 的面對面交易的情況下,亦可不受到信用卡之發行;本發 • 明之網路結帳輔助裝置之擁有者,是不需要一定得持有先 前之塑膠型的信用卡。 φ 又,例如,實施例中雖然說明了,1個網路結帳輔助 裝置1的卡片資訊儲存部13中,儲存著具有1種卡片資 訊之1持卡會員的卡片資訊,並在認證資訊儲存部15、中 儲存1種認證資訊的情形,但亦可在‘卡—片資訊儲存部1 3 中儲存複數之卡號。此時的認證資訊,係可爲了顯示複數 卡號.而爲共通的認證資訊’也可爲卡號和認證資訊分別對 應,隨著所輸入之認證資訊不同,顯示器1 1上顯示之卡 號也不同。 . · φ 又,母子·信用卡等、同一或複數卡號,是被複數人使 用的情況,係亦可隨著每個人而儲存不同之認證資訊在認 證資訊儲存部.1 5中,也可儲存共通·的認證資訊。 又,上記.實施例中,雖然敘述了卡片資訊和0 TP生成 資訊,是在網路結帳輔助裝置1、1 a及認證伺服器7、7 a 上,分別被建立關連之意旨’但爲了防止卡片資訊之竊聽 ,而將卡片資訊和OTP生成資訊,非以直接而是以間接方 式建立關連者’也是包含於申請專利範圍中° 具體而言,圖3之S10中被會貝終_ 2輸入之卡片貪 -51 - 200805203 (49) 訊,是於S 2 0、3 0中,經由加盟店終端3、仲介伺服器5 ,最終會被發送至認證伺服器7、7a,但是,認證伺服器 7、7a係在此時,將所收到之卡片資訊之中的卡號,轉換 成和該當卡號不同的獨特之號碼,並經由仲介伺服器5, 發送至加盟店終端3(於S40、50中)。 甚至,該獨特號碼,係從加盟店終端3被送往會員終 端2,經由會員終端2而被發送至認證伺服器7、7a(於 S60、70 中)。 接收到該當獨特號碼的認證伺服器7、7a,係藉由和 最初把卡號轉換成獨特號碼時的相反的轉換規則,將獨特 號碼轉換成卡號,將轉換成的卡號所關聯到的OTP生成資 訊,用於一次性密碼之生成。 如此,藉由將卡號和卡號以外以外之獨特號碼和OTP 生成資訊建立關連,除了 S10、S2〇、S30中卡號被發送以 外,在網路9 a上都不會有卡號流通,因此卡號被竊聽的 可能性會大幅降低,對安全性的提升有所貢獻。· 又,上記實施例中雖然說明了,會員終端2是向加盟 店終端3發送卡片資訊,認證伺服器7、7a,是基於來自 加盟店終端3的請託,而於圖2的S80中,進行持卡會員 之本人認證的情形,但是,本發明並不一定侷限於此。 例如,亦可先由會員終端2去存取認證伺服器7,然 後認證伺服器7、7a會將持卡會員專用的認證資訊輸入畫 面發送給會員終端2,基於被輸入至該當認證輸入畫面的 卡片資訊和一次性密碼,在會員終端2和認證伺服器7、 -52- 200805203 (50) 7 a之間進行持卡會員之本人認證;在其結果爲確認是本人 以後’在所定條件(例如所定時間、所定次數、所定加盟 店等)內’由會員終端2去存取加盟店終端3的網站,而 進行網路商業交易。 換言之’本發明的網路結帳輔助裝置,基本上係設計 成在會員終端2、和卡片公司側的認證伺服器7、7 a之間 ’被使用於持卡會員之本人認證,且在認證後,就可實際 在加盟店的網站等中進行網路商業交易;並非必然以來自 加盟店終端2的本人認證委託爲前提。 本發明中的各手段、資料庫,係僅爲邏輯性地區別其 機能而侧分,在竇體土或事實上係亦可爲同一領域而爲之 °又,取代資料庫改用資料槍案當然也可,資料庫之記載 中亦包含資料檔案。 上記實施例中,雖然說明了,網路結帳系統上的終端 或伺服器,是信用卡組織(商業交易服務之提供主體)、發 卡銀行(持卡會員之獲得·對持卡會員發行卡片的主體)、收 單銀行(加盟店的獲得.契約.管理主體)、加盟店之各自所 營運,但是,這些都僅是槪念上、角色上的區別,:實體上 ’會有發卡銀行和收單銀行爲同一者的情形,或也有信用 卡組織、發卡銀行、收單銀行爲同一者的情形。 因此,例如,於本說明書中,網路結帳輔助裝置1、 1 a,係並非被限定於從發卡銀行所發配。又,網路結帳系 統的提供主體也不一定必須是信用卡組織。又,發卡銀行 終端6和認證伺服器7、7a和收單銀行終端4也可爲同一 -53- 200805203 (51) 者。又,仲介伺服器5、其他終端或伺服器之任何者均可 以是同一者。 此外,實施本發明時,是將記錄著實現本實施形態之 機能的軟體之程式的記憶媒體供給給系統,由該系統的電 腦將記憶媒體中所儲存之程式加以讀出並執行,而加以實 •現。 此時,從記憶媒體中讀出之程式本身係會實現實施形 % 態之機能,記憶該程式的記憶媒體則則構成本發明。 作爲用來供給程式的記憶媒體,例如可使用磁碟、硬 碟、光碟、光磁碟、磁帶、不揮發性記憶卡等。 又,不僅是藉由:電腦執行已讀出之程式,來實現上述 實施形態之機能,而是基於該程式之指示,由電腦上運作 中的作業系統等進行實際之處理的部份或全部,藉由該處 理來實現前記實施形態之機能的情況,也被涵蓋在本發明 中。 ® 甚至,被從記憶媒體中讀出之程式,是被寫入至被插 入在電腦的機能擴充板或連接至電腦的機能擴充單元上所 ' 具備的不揮發性或揮發性之記憶手段後,基於該程式之指 示.,由機能擴充板或機能擴充單元所具備的演算處理裝置 等來進行實際之處理的部份或全部,藉由該處理來實現前 記實施形態之機能的情況,也被涵蓋在本發明中。 【圖式簡單說明】 〔圖1〕本發明之網路結帳輔助裝置之外觀及電氣硬 -54- 200805203 (52) 體構成的構成圖。 〔圖2〕使用網路結帳輔助裝置的網路結帳系統的槪 略連接構成圖。 〔圖3〕網路結帳系統中的網路商業交易之處理流程 之一例的圖。 〔圖4〕網路結帳系統中的網路商業交易之處理流程 中,顯示於會員終端之畫面之一例的圖。200805203 (1) EMBODIMENT DESCRIPTION OF THE INVENTION [Technical Field to Be Invented] The present invention relates to a network checkout assisting device. [Prior Art] • Previously, a card identification information (card number) and a private number such as a credit card or a bank card were stored in the mobile phone, and when the Φ private number input to the mobile phone is the same as the stored private number, By displaying the card number on the display of the mobile phone, the mobile phone can also be provided with the function of the card (for example, refer to Patent Document 1). However, such a mobile phone with a card function has the following problems. [Patent Document 1] - ~ JP-A-2002-64597 SUMMARY OF THE INVENTION 1. The problem to be solved by the invention is to store and erase the data of the mobile phone with the card function described in Patent Document 1. Etc., by communication. In other words, the action 'phone is premised on being connected by the Internet. In this way, the right-handed connection to the network can be connected to the network, the memory card number or the private number is not properly accessed, and the card number or private number is not easily eavesdropped and falsified by a malicious third party. Not at all, it will cause security problems. -4- 200805203 (2) Therefore, if the mobile phone organization is not connected to the Internet, then the doubts about the above-mentioned eavesdropping or tampering will disappear. However, the 'mobile phone' has a network communication function in addition to the basic telephone function. This is generally common nowadays, and it is difficult to make the mobile phone become a non-connectable network. Further, in order to maintain the current state of the mobile phone, and the stored card number or private number cannot be read from the outside, it is necessary to have an encryption method or the like, which complicates the configuration. Further, in the case of the mobile phone of Patent Document 1, even if the card number displayed on the display of the mobile phone is not sneaked by the third party without being improperly accessed through the network, the third party It is possible to make the card number, the online business transaction caused by the credit check on the Internet, and the security is also low. In addition, the applicant for the patent in this case is in consideration of the fact that the online business transaction can be carried out only by using the card number, and is beginning to use a reminder other than the card number, and must still be pre-defined by the card holder. The fixed password can be used to carry out the authentication of the card member in order to carry out such a network checkout system for online business transactions. However, if the fixed password is also known to the third party, the third party can still fake the card member to conduct online business transactions, which cannot be said to be inevitable security. The present invention has been made in view of the above problems, and its purpose is to enable a network that facilitates online business transactions by causing the risk of eavesdropping and tampering of card numbers or private numbers, such as improper access.路-5- 200805203 (3) Checkout auxiliary device. [Means for Solving the Problem] The invention of claim 1 is a network checkout auxiliary device, which is a portable network checkout auxiliary device, which is characterized in that it has: a display; and a card information storage unit 'The card craze' and the authentication information storage unit, which are stored in advance in a state that cannot be read from the outside, and which contain at least the identification information of the card contractor such as a credit card or a debit card, are stored in advance in a state in which they cannot be read from the outside. The authentication information used to perform the personal authentication of the former contractor; and the otp generation information storage unit. The pre-recorded card information is pre-stored in a state in which the information cannot be read from the outside, and the pre-recorded network checkout assistance is provided. The otp generation information inherent to the device; and the input means for inputting the pre-registration authentication information; and the authentication means based on the input information input from the pre-recording input means, and whether the operator of the pre-recorded network check-out auxiliary device performs If you have confirmed your identity, please read at least the pre-recorded information in the pre-recorded card information. Referred to and displayed on the front display; ^ and a one-time password generating means, the information is displayed on the front card credited, < Based on the pre-recorded OTP generation information, a one-time password is generated and displayed on the pre-recorded display; when the pre-recorded person's personal authentication is performed by the pre-recorded one-time password, and the self-identification is confirmed, the pre-recording identification information is used. Online business transactions resulting from checkout become feasible. The invention of claim 2 is a network checkout auxiliary device belonging to a credit card or a debit card, etc., and a portable terminal assisting device method for identifying the network subscriber. The state of the certificate read out from the external reading of the identification information is read before the network is completed. The operator who inputs the pre-recording means enters the person and displays the information password of the card. The authentication server that authenticates the contractor's own telephone transaction, such as the mobile phone or the personal computer, which is the card contractor's business transaction, is the authentication server of the former contractor's own authentication, and it is used in the online checkout system. At the time of the online business transaction caused by the checkout of the information, the network checkout aid device was characterized by the fact that the 'previous network knot system has: display; and the card information storage unit is The status is pre-stored, including at least the card information of the predecessor contractor; and the certification information storage unit is the one that cannot be pre-stored from the external state and used to carry out the pre-booking contractor. The OTP generation information storage unit is an OTP generation information that cannot be stored in advance and is associated with the pre-recorded card information and is inherent to the account assistance device; and inputting hand authentication information for input; and authentication means Based on the input information input from the previous record, whether the line of the pre-recorded network check-out auxiliary device is the self-certification of the pre-recorded contractor, and if the φ has been confirmed, at least the pre-recorded identification information in the pre-recorded card information is read on the display; Sexual password: the means of generation, after being displayed before, based on the pre-recorded OTP generated information, generated once on the pre-recorded display; the pre-compressor terminal is sent to the pre-authentication server by the *-secondary password to perform pre-recognition authentication. When it is confirmed as the person, the pre-recorded network operator is feasible. If the invention according to the application item 1 and the application item 2 is used, the result of the contractor's own certification by the network check-out aid device is confirmed as the person's own 200805203 (5) words, because even the contractor itself can not know the card information, and the card. The piece of information is stored in a state that cannot be read from the outside. Therefore, the previous credit card, which is different from the card information, can improve the concealment of the card information and prevent the improper use of the card information in the online business transaction. Moreover, since the network checkout assistance device is portable, it is possible to use a mobile phone, a personal computer in the house, and a personal computer on the outing place to conduct secure online business transactions regardless of where the contractor is located. 'Increase the convenience of network φ commercial transactions. Moreover, since the contractor's own authentication is a one-time password created using the OTP generation information inherent to the contractor stored in the network checkout assistance device, even if the third party obtains a one-time password, Can't be used in the next online business transaction. The OTP generation information for one-time password generation is stored because it cannot be read from the outside. Therefore, even if the contractor himself does not know the OTP generation information, only the network checkout assistance device is being operated. The contractor himself will be informed of the one-time password for the result. In other words, the one-time password generation due to the third party is unlikely to occur, so the security of the online business transaction can be guaranteed. Moreover, the generation of the one-time password is performed only after the card information is displayed on the network checkout assistance device, and therefore, the third party without the network checkout assistance device only knows the identification information. It is also impossible to generate a one-time password. Moreover, even if the third party steals the network checkout assistance device, if there is no authentication information for inputting the network checkout assistance device, the one-time password cannot be generated. 200805203 (6) In other words, the contractor is assisted by the network checkout: after accepting the certification, the server will be authenticated by the authentication server. In the end, it will be possible to go through the online business. Based on two different authentication information, the authentication of the person and the prevention of counterfeiting caused by the third party, and the improvement of the online business transaction β * The invention of the application item 3 is a network checkout auxiliary device, which is characterized by a pre-recorded φ system. A private number pre-defined for the pre-contractor; the pre-record is a numeric key. According to the invention of claim 3, the input means is cheaper. _, so you can seek to promote the use of network checkout. The invention of claim 4 is a network checkout assisting device characterized in that the pre-recording is biometric information obtained by counting the fingerprints, irises, vocal cords, and facial φ physical characteristics of the predecessor contractor. According to the invention of application _4, it can be high-precision. The applicant's own authentication, therefore, can be an invention of the network checkout assistance application 5 of the network checkout device even if it is stolen by the Internet, and is a network checkout auxiliary device, which is characterized in that The pre-message is a common key; the pre-recorded one-time password generation means the pressing of the operation key, and the pre-recording operation key is depressed, and the previous common key is encrypted and then a device is authenticated and accepted. It is necessary to go to this easy, so it can be more safe. The authentication information, input means, means and authentication of the auxiliary device's authentication information, photos, etc. are used to generate the auxiliary device, which is used to detect the created secondary password. -9 - 200805203 (7) The invention of claim 6 is a network checkout aid device in which 'pre-recorded 0TP generation information' is used by the common key and the pre-recorded one-time password is updated each time it is generated. The number of times information is composed; the pre-recorded one-time password generation means 'detects the measured operation key' and encrypts the pre-recorded usage number information with the common key* to generate a one-time password; after the one-time password is generated The pre-recorded information generated in the information storage department is updated with the one-time password generated here, using a common key, which will be at the designated button. The date data formed by the date of the press or the information on the number of times of use that is updated each time the one-time password is generated is encrypted. That is, since it is a password that can only be made by a contractor who is operating the network checkout assistance device, and therefore does not hold a third party of the Internet payment aid, it is impossible to impersonate the contractor for online commercial transactions. Can improve the net even more. Road business transactions security. The invention of claim 7 is a network checkout assistance device characterized in that the pre-recorded network check-out auxiliary device has a Tamper Proofness. According to the invention of the application item 7, since the network checkout auxiliary device is resistant to external forces, it is possible to further improve the security of eavesdropping and tampering of card information, authentication information, and 0TP generated information caused by third parties. Sexual improvement. [Effect of the Invention] -10- 200805203 (8) If the network checkout assistance device according to the present invention confirms the result of the contractor's own authentication by the network checkout assistance device, it is confirmed even if it is It is the contractor who is unable to know the card information, and the card information is stored in a state that cannot be read from the outside. Therefore, the previous credit card that is different from the _ card information can improve the concealment of the card information. Prevent improper use of card information in online business transactions. Moreover, since the network checkout assistance device is portable, it is possible to use a mobile phone, a personal computer at home, or a personal computer on the outing place to conduct secure online business transactions regardless of where the contractor is located. To increase the convenience of online business transactions. - Also, because the contractor's own authentication is a one-time password created using the OTP generation information inherent to the contractor stored in the network checkout assistance device, even if the third party obtains the one-time password, Can't be used next time. Online business transactions. _ OTP generation information for one-time password generation, because it is stored in a prison state that cannot be read from φ externally, even if it is the contractor himself, there is no information about OTP generation information, only the network checkout assistance is being operated. The contractor of the device will be informed of the one-time password for the result. In other words, the one-time password generation caused by the third party is unlikely to occur, so the security of the online business transaction can be more assured. Moreover, the generation of the one-time password is performed only after the card information is displayed on the network checkout auxiliary device. Therefore, even if the third party does not have the network checkout assistance device, only the identification information is known. It is also impossible to generate a one-time password. Also, even if the third party steals the network checkout assistance device -11 - 200805203 Ο), if there is no authentication information for inputting the network checkout assistance device, the one-time password cannot be generated. In other words, the contractor, after accepting the authentication by the authentication means of the network checkout aid, will also receive the authentication by the authentication server, and finally, until the online commercial transaction is possible. It is necessary to pass the authentication based on two different authentication information, so it can prevent counterfeiting caused by third parties and improve the security of online business transactions. [Embodiment] Hereinafter, a preferred embodiment of the present invention will be described in detail based on the drawings. Fig. 1(a) is an external view of the network checkout assisting device 1, and Fig. 1(b) is a view showing the configuration of the electrical hardware of the network checkout assisting device 1. The network checkout assistance device 1 is a contractor terminal (a mobile phone or a personal computer) of a card contractor such as a credit card or a debit card, and an authentication server that performs the contractor's own authentication (usually by a card member)保持), φ is a network checkout system in which each other has a network connection, when the contractor uses the identification information of the contractor to perform checkout for online shopping. As shown in Fig. 1(a), the user has a shape that can be accommodated in the palm of the hand, and is composed of a thin and hand-carryable frame i , in the frame 10 On the outer surface, the display 1 1 and the button operation portion 12 are exposed. Further, the display 11 of the present embodiment is a display having an 8-digit display; and the key operation unit 12 is composed of a numeric key 1 2 a of 〇 ~9 and a start key 12b. -12- 200805203 (10) The inside of the casing 10 is used as the card information storage unit 13 and the authentication information storage unit 15 in addition to the display 11 and the button operation unit 12 as shown in Fig. 1(b). The authentication means 14 and the OTP generating means 16 and the OTP generating information storage unit 17 and the time measuring means 18 are used to drive various hardware (CPU, Billion Body) and to drive the hardware parts (display 1 1) The drive power source 19 (battery) of the button operation unit 12, the CPU, and the memory) is configured. In addition, in the casing 1 1 of the present embodiment, 'in addition to the driving power source 1 9 of the display 1 1 and the button operating portion 12, there is a slot in which a 1C card such as s I 内 is provided, in the slot Insert the IC card and use it. Then ‘上记. C P U and memory are used in the IC card. As will be described later, in the card information storage unit 13, the authentication information storage unit 15, and the OTP generation information storage unit 17, the information of each contractor is memorized. Therefore, such information is stored in the memory of the 1C card. The body is inserted into the slot and used, whereby the frame 10 itself can be common to each contractor and the frame φ 10 itself does not retain personal information, therefore. In addition to improving the productivity of the frame 10, it is also easier to access and manage the frame 1 . . Further, the driving power source 119 of the present embodiment is a button type battery 〃, but may be a solar battery or a rechargeable battery. Further, the network check-out assisting device 1 can be designed to maintain the power 〇FF state at the normal time, and to activate the power source, for example, when any of the keys of the key operating portion 12 is operated. The card information storage unit 13, the authentication information storage unit 15, and the OTP generation information storage unit 17 of the present embodiment are specifically "memory stores each of which stores card information, authentication information, and OTP generation information, which will be described later. -13- 200805203 (11) Composition; The memory system is physically a memory that stores these information in a comprehensive manner, and can also be two or more memories. The authentication means 14 and the OTP generating means 16 of the present embodiment are specifically constituted by a program stored in a memory; the CPU in the network checkout auxiliary device 1 is read from the memory. The program is executed and executed to realize the functions of these authentication means 14 and the OTP generation means 16. Further, in the network checkout assisting device without a CPU or a memory, the functions of the authentication means φ 14 and the OTP generating means 16 can be realized by electronic means using electronic components. The network checkout assistance device 1 of this embodiment is issued from an authorization contract based on a credit card company (credit card brand). Credit card issuance _ line (if it is a debit card, it is the bank or card issuing company that issues the debit card. ) For each cardmember, that is, the contractor, in the card-issuing bank, the card information, authentication information, and OTP-generated information inherent to each contractor are recorded in the state of the memory, and the sender is issued ( The form of the distribution may be a loan or a transfer; and the storage contents of the memory (the card information storage unit 13, the authentication information storage unit 15, and the OTP generation information storage unit 17) are configured after the distribution. It is impossible to read the 〃 from the outside. Moreover, even if the contractor of the network checkout assistance device 1 is dispatched, the recorded contents of the memory cannot be read from the outside. The contractor itself is only able to display the card information on the display 1 by the fact that the card holder's own authentication is carried out and confirmed as the person's, and only the card information can be known, in other states, the card The information system was concealed. The reason why the memory contents are not allowed to be read from the outside is -14-200805203 (12) The reason is that the network checkout assistance device 1 is not equipped with an interface for connecting to the Internet, etc. It is a non-network connection type terminal. In addition, in order to further improve the security of eavesdropping and tampering on the memory storage contents, the network checkout auxiliary device 1, or the SIM card such as the SIM built in the network checkout auxiliary device 1 may also have an external force intrusion. Sex (If you try to 'decompose, or read content directly from memory, the recorded content of the memory will be erased, or the program becomes unbootable.) φ or less, the details of each part of the network checkout assistance device 1 will be described. The card information storage unit 13 is a card information that contains at least the identification information of the contractor, and is pre-recorded in a state in which it cannot be read from the outside. of. Memory; the card information in this embodiment is the identification information (card number) inherent to the contractor, the expiration date, and the security code (the 3-digit number of digits pre-encrypted by the predetermined method. Usually in plastic type) The credit card's signature board is printed. With this number, the card's authenticity can be confirmed. Φ. It can also contain the nominal name. Moreover, the card information can only be identified by the identification information. Composition. Also, the validity period, security code, and nominal name. All of them do not need to be included in the card information, and may be combined to form the card information. The certification information storage unit 15 is a private number set by the contractor, or a biological information obtained by digitizing the biological characteristics of the contractor's fingerprint, iris, vocal chord, and facial photograph, etc., and the contractor himself/herself The authentication information required for authentication is stored in advance in a state in which it cannot be read from the outside. -15- 200805203 (13) In addition, the authentication information stored in the authentication information storage unit 15 is different from the authentication information used by the authentication server in the network checkout system when the contractor authenticates himself. The checkout assistance device 1 is required to perform authentication information necessary for the contractor's own authentication. Further, the authentication information in the authentication server and the authentication information in the network checkout assistance device 1 are type-dissimilar persons 〇 OTP generation information storage unit 17 is an OTP inherent to the network check-out assistance device 1. The generated information is a memory that is first stored in a state that cannot be read from the outside; in this embodiment, the TP generates information, which is a network checkout auxiliary device. A common key inherent to the first key; the common key is stored in the server (the authentication server in the embodiment to be described later) for performing the verification of the one-time password generated by the OTP generating means 16 The identification information of the card information storage unit 13 establishes a related correspondence. In addition, the common key, which is used in online business transactions, will only be stored in the authentication server that authenticates the contractor and the network checkout. The gold record of the auxiliary device 1; in the present embodiment, the OTP generation means 16 described later is used when generating a one-time password. The authentication means 14 is a means for confirming whether or not the operator of the network checkout assistance device 1 is the person who is authorized to use the identification information stored in the card information storage unit 13 (the card member) It is confirmed that the input information 'entered by the input means (the number key 12a in this embodiment) is the same as the authentication information stored in the authentication information storage unit 15'. The operator of the account assistance device 1 is the at least the contractor himself, and at least the identification information of the -16-200805203 (14) card information stored in the card information storage unit 13 is read and displayed on the display 11. . In the authentication means 14 of the present embodiment, the operator presses the start key 1 2b of the key operation unit 12, and receives the depression detection of the start key 1 2b to start the activation. Then, when the operator presses the number key 1 2a corresponding to the input means and inputs a 4-digit number, the authentication means 1 4 confirms the entered number and is stored in the authentication information storage unit 15. The private number is φ or not, and if it is consistent, the card information is displayed on the display 11. If the authentication information is a private number as in this embodiment, as an input means, only a numeric key can be used, and one of the input information and the authentication information can be easily performed, and the network can be realized with a cheaper configuration. . The checkout device 1 can promote the use of the network checkout device 1. Although the authentication information of the embodiment is a 4-digit private number, the authentication method and the authentication information are not limited thereto, and the authentication means caused by the plurality of authentication methods may be combined as appropriate, and if the plural authentication means is used, φ can be exchanged for the improvement of the authentication accuracy, which can prevent the use of the network checkout aid caused by the third party. . /... For example, the authentication means 14: If the biometric authentication method is used, the authentication information is the biometric information (the biological characteristics of fingerprints, irises, facial photographs, etc.), and The input means is changed to a scanner, a microphone, a digital camera, etc. for inputting these biometric information. Since the biometric authentication method is a highly accurate authentication method, even if the network checkout assistance device 1 is stolen by a third party, as long as it is not the body -17-200805203 (15) is the network checkout assistance device 1 The contractor of the distribution can not use the network checkout aid 1 to prevent abuse. In addition, the private number of the authentication information of the embodiment may include English letters in addition to the number; in this case, in addition to the numeric keys, the network accounting assistant needs to be provided with an English letter key. The I OTP generating means 16 generates the information based on the OTP φ generated information (in the present embodiment, a common key) stored in the OTP generated information storage unit 17 after the card information is displayed by the authentication means 14. The password is displayed on the display 11. The one-time password is transmitted from the contractor terminal to the authentication server, and when the authentication server performs the contractor's own authentication, and checks with the one-time password generated based on the OTP generated information on the authentication server. use. Then, when the verification results of these one-time passwords are identical, and the authenticated server confirms the person, it becomes feasible to use the online business transaction caused by the checkout of the identification information of the contractor. φ In this embodiment, the authentication by the authentication means 14 is performed, and after the card information is displayed on the display 11, once the operator presses it. The mushroom key 12b, the start button 12b is pressed, is an opportunity to start the OTP production means. , a one-time password will be generated and displayed. In addition, although the OTP generating means 16 of the present embodiment generates a one-time password by a time synchronization method which will be described later in detail, other generation methods such as a counter synchronization method or a challenge & response method may be used. One-time password. The timing means 18 is a means necessary for generating the one-time password by the OTP generating means 16 of the present embodiment in the time of the -18-200805203 (16) synchronization mode, and is a means for timing. Further, the timing means 18' may be constituted by an instant clock, or the timekeeping program may be stored in the memory "the way in which the timing program is read and executed by the CPU to realize the timing function. Further, when the OTP generating means 16 is to generate a one-time password in a manner other than the time synchronization method, it is possible to add a means necessary for each generation method instead of the timing means 1 8 '. φ In the present embodiment, the OTP generating means 16 is as described above, and the authentication means 14 receives the card information displayed on the display 1 1 and becomes the depression detection waiting state of the start key 1 2b. The OTP generating means 16 6 transmits the measurement of the depression to the timekeeping means 1 once the depression of the start key 1 2b is detected. The timing means 1 & is the date on which the timing start key 1 2b is measured, and the date data (year, month, day, hour, minute, second, and second is transmitted in units of 30 seconds) to the OTP generation means 16. Then, the OTP generating means 16 reads the common key from the OTP generation information storage unit. , the date of the date of delivery. It is encrypted by reading the common key and converted into decimal digits, which is displayed on the display 11. Further, although the encryption method of this embodiment uses the common key encryption method, other encryption methods can be used. ^ ^ According to the above-mentioned network checkout assistance device 1, when the online checkout assistance device 1 performs the identity verification of the contractor and confirms the identity of the person, the card information displayed by the authentication means 14 is After being input to the card information input screen displayed on the contractor's terminal from the website of the franchise store where the card can be settled by the card or the authentication server, it can be sent to the website -19-200805203 (17) or certified. server. In this way, if the online checkout assistance device 1 performs the identity verification of the contractor and confirms it as the person, that is, if the input information input is consistent with the authentication information stored in the network checkout assistance device, Therefore, even if the card information is not known to the contractor itself, and the card information is stored in a state that cannot be read from the outside, the previous credit card that is different from the card information can improve the hiding of the card information. Sexuality prevents the improper use of card information in online transactions. Moreover, since the network checkout assistance device is portable, it is possible to conduct secure online business transactions using a mobile phone, a personal computer at the home, and a personal computer at the place of departure, regardless of where the contractor is located. Increase sales - the convenience of business transactions. Further, the OTP generating means 16 displayed by the OTP generating means 16 is input to the one-time password input screen displayed on the contractor terminal transmitted from the authentication server that authenticates the contractor's own person, except for φ. It is sent to the authentication server, and it is verified by the one-time password generated by the authentication server. When it is the same, it is confirmed as the person, and the online business transaction caused by the settlement of the contractor identification information becomes available. get on. In this way, since the contractor's own authentication is a one-time password created by using the otp generation information inherent to the contractor stored in the network account assistance device, even if the third party obtains the one-time password, Cannot be used in the next online business transaction. The OTP generation information for one-time password generation is stored because it cannot be read from the outside, so even if it is the contractor, there is no -20- 200805203 (18) From the knowledge of the OTP generation information, only the operation is being performed. The contractor of the network checkout aid will know the one-time password for the result. In other words, the one-time password generation due to the third party is unlikely to occur, so the security of the online business transaction can be more assured. Moreover, the generation of the one-time password is performed only after the card information is displayed on the network checkout assistance* device, and therefore, the third party who does not have the network checkout assistance device only knows the identification information. It is also impossible to generate a one-time password. Moreover, even if the third party steals the network checkout assistance device, if there is no authentication information for inputting the network checkout assistance device, the one-time password cannot be generated. In other words, the contractor, after accepting the authentication by the authentication means of the network checkout aid, will also receive the authentication by the authentication server, and finally, until the online commercial transaction is possible. It is necessary to pass the certification based on two different authentication information. Therefore, it can prevent counterfeiting caused by third parties and improve the security of online business transactions. @ In addition, the authentication information storage unit 1^5 can also be designed to store in advance, in addition to the above-mentioned authentication information, the consistency determination by the authentication means 14 and find that the input information and the authentication information are not consistent, and are stored in advance. The number of times the input information can be re-entered (the number of times allowed). _ This poem, net * The road checkout auxiliary device 1 or the authentication means 14 is also configured to have a counting means (counter). Then, in the flow of the consistency determination process by the authentication means 14, when the input information and the authentication information do not coincide, each time the time of occurrence thereof, the counting means calculates from the top up, and compares the added number with Wrong-21 200805203 (19) The number of misadmissions, when the number after the addition exceeds the number of error tolerances, the authentication means 14 does not perform its own processing, and the otp generation means 16 is also not activated, so that the authentication process is performed. And the OTP generation process is not performed. Thereby, it is possible to prevent the malicious third party from stealing the network check-out assistance device 1* to process the authentication information and then input, with the result that the card information or the one-time password is unfortunately displayed on the display 11. Φ In addition, when the added number does not exceed the error tolerance number, and the input information and the authentication information match, the authentication means 14 will display the card information on the display 11, but the number counted at this time will be heavy. In the case where (initialization) is changed, an example of the operation procedure of the network checkout/assist device 1 and the screen transition of the display 1 is shown in FIG. 5. Further, the display 1 1 ' of the present embodiment is an 8-digit central number sub-marker. / First, once the start button · 1 2b is pressed by the operator, the power of the network node/subsidiary device 1 is activated (s2〇o), and "APPLI j (S2 10) is displayed on the display 11. 'So when you want to display the card information after the start button 12b is pressed (S225), the operator presses the "1" of the number key 12a (S 23 0); when you want to perform authentication information (private number) When changing, press "2" of the number key 12a. (S3 3 0). Since "PIN" is displayed on the display 1 when "1" is pressed (S 23 0), the operator selects the 4-digit private number as the authentication information from the number key 12a and presses it. Next (S240). Thereafter, the start key 12b is pressed (S245), and the private number that has been pressed is the card information storage unit if it matches the authentication information stored in the authentication resource 22 - 200805203 (20). In the card information stored in 1 3, the first 8 digits of the identification information (hereinafter referred to as a card number) are first displayed on the display 1 l (S250). Next, once the start key 12b is pressed (S25 5), the last 8 digits of the card number are displayed on the display 1 1 (S 2 6 0 ). Next, once the start key 12b is pressed (S26 5), the expiration date and the security code are displayed on the display 11 (S270). In addition, the S265 and S 2 70 processes are not required, and only the card numbers in the card information can be displayed. Then, once the opening key 12b is pressed (S275). Then, the display 11 will display "OTP = 1", and a selection is made to generate, display, or end the password. Here, after the start key 12b is pressed (S290) and the "1" of the numeric key 12a is pressed again (S29 5), the "PIN" for prompting the input of the authentication information is displayed on the display 11 (S3 05). Therefore, the operator presses the 4-digit private number again from the number key 1 2 a, and presses the start key 12b (S310) 〇 the pressed private number 'if and the authentication poor memory storage unit 15 When the stored authentication information is identical, the one-time password 'is generated based on the OTP generation information stored in the OTP generation information storage unit 17 and displayed on the display 1 1 (S3 15). Then, if the start key 12b is pressed again (S320), the power of the network check-out assisting device 1 is turned off. When the keys other than the number keys 1 2 a "1" are pressed 'or none of the keys have been pressed and the predetermined time has elapsed (S 3 0 0)' then the network checkout-23-200805203 (21 The auxiliary device 1 will automatically cut off the power. In addition, the private number input in S 2 4 0 and S 3 0 5 may be an individual private number for card information display and one-time password generation. In this case, the authentication information storage unit 15 is Store each private number separately. • In the present embodiment, 'before the flow of the one-time password is displayed on the display 11 (S3 15), the operator is urged to input the identification information again at S3 05, but it may be designed to omit S3 05, A one-time password can be generated only by pressing the start button 1 2b of the S3 10 button. After S225, if "2" of the number key 12a is pressed (S 3 3 0), "CHANGE?" (S 3 3 5 ) is displayed on the display []. Once the start key 12b is pressed (S34〇), "PIN" is displayed on the display 11, prompting the input of the private number, so the operator presses the 4-digit private number from the numeric key 1 2 a ( S 3 4 5), press again to start. The key 12b (S 3 5 0), if the private number that has been pressed, is consistent with the authentication information stored in the authentication information storage unit 15. , "NEW1" for prompting the change of the private number after the change is displayed on the display 1 1. Therefore, the operator presses the changed private number from the numeric key 12a (S3 55) ' and then presses the start key. 12b (S360). 'Secondly, because "NEW2" for prompting the re-entry of the changed private number is displayed on the display 11, the operator has to press the changed private number (s 3 6 5) from the number key 12a again and then press The start key 12b is turned down (S370). If the private number that was pressed in S 3 5 5 matches the private number of the private -24 - 200805203 (22) number pressed in S3 6 5, the display 1 1 is displayed to indicate that the private number has been changed. Since "COMPLETE" (S375), once the start key 12b is pressed (S3 80), the change of the private number is completed and the power is turned off. Further, in order to improve safety, in S 3 5 5 and S 3 6 5, even if there is input from the -numeric key 1 2 a, the input cymbal is not displayed on the display 1, which is preferable. [Embodiment 1] Hereinafter, a credit card contractor (hereinafter referred to as a card member) who is sent to the network checkout assisting device 1 shown in Fig. 1 is used to use a network checkout assisting device. 1. A personal computer or mobile phone having a communication function, by using the checkout of the card number of the card member, to perform a network commercial transaction such as online shopping (hereinafter referred to as an online business transaction) The embodiment will be described. Φ The system configuration and network connection 'relationship' of the network checkout system of this embodiment are shown in the system configuration diagram of Fig. 2. Further, the flow of the network commercial transaction in the network checkout system of the present embodiment is shown in the flowchart of Fig. 3. In addition, in this embodiment, the network commercial transaction service provider in the network checkout system is a credit card brand. Cardmembers, assuming that the credit card is issued in advance to accept the issuance of the credit card, and from the issuing bank, the certification information stored in each cardholder is stored (the cardholder is applying for the credit card) Biometric information such as private numbers or fingerprint information registered at the time) -25- 200805203 (23), card information (card number, expiration date unique to each cardmember), OTP generation information (common key) network Checkout aid 1. Further, in the present embodiment, the configuration of the network checkout assisting device 1 shown in Fig. 1(b) is stored in advance in addition to the configuration of the display 1 1 and the key operating portion 12 and the driving power source 19. In the 1C card, the function of the network checkout assistance device 1 is implemented by inserting the 1 (: card) in the 1C card slot (not shown) provided in the frame 1 , but the network The checkout auxiliary device 0 does not have to have a 1C card. When the 1C card is not provided, the network checkout device itself may have a CPU or a memory. Moreover, the network node of this embodiment, Account supplement. The helper device 1, although it is a user who uses the checkout of the card member identification information, that is, the user in the online business transaction of the card checkout, but the card member only wants to conduct the online business transaction, and does not want In the case of a real face-to-face transaction caused by a credit card such as a plastic card or a 1C card, it may not be issued by a credit card. Φ In the case of a credit card organization or a business of issuing a bank, the network checkout assistance device 1 can also be distributed from a credit card organization. The member terminal 2 is a terminal of the contractor, and is a terminal required for the card member to use the network checkout assistance device 1 for the network=road business transaction, and is a personal computer or a mobile phone having at least a communication function and a browsing display function. The terminal franchise terminal 3 is not only providing the virtual terminal (website) to the member terminal 2, but also accepting the order of the product or service, and also entrusting the card-issuing member to the card-issuing bank to perform the card authentication. Member's own -26- 200805203 (24) After the certification, for the acquiring bank (based on the authorization contract with the credit card organization, the acquisition of the franchise store contract. Management business, etc., entrusted to authorize (to investigate whether there is any remaining credit line of the amount of goods or services ordered, whether there is any remaining credit card holder, and if there is a remaining credit limit, the amount is guaranteed to be settled) . • The acquiring bank terminal 4 is a terminal that delegates an authorization request from the franchise terminal 3 to the issuing bank side (authorized re-transfer). The φ mediated server 5 serves as an intermediary for the franchise terminal 3 and the authentication server 7 described later, that is, a servo serving as an intermediary role for the authentication service of the card member between the member terminal 2 and the affiliate terminal 3. Device. . The intermediary server 5, which in this embodiment is a server operated by a credit card organization, stores an affiliate store for identifying an affiliate store corresponding to the online business transaction service using the network checkout assistance device 1. Information, and online business transaction services used to identify the use of the network checkout assistance device 1. Corresponding to the issuing bank of the issuing bank. Line identification information. In addition, in the network checkout system of the present embodiment, when a network commercial transaction service that does not use the network checkout assistance device 1 is present, the intermediary server 5 needs to not support the use of the network checkout. Identification information of the franchisees and card-issuing banks of the commercial transaction service of the auxiliary device 1. , and the franchise store identification information and card-issuing bank identification information are stored separately. The card issuing bank terminal 6 is a terminal that receives an authorization request received from the acquiring bank terminal 4 to perform authorization. The authentication server 7 is a server that performs the authentication of the card member himself before the online commercial transaction. In this example, 'δ忍-27-200805203 (25) certificate server 7, which is a server operated by the issuing bank, is connected to the issuing bank terminal 6, and is likely to use the network checkout auxiliary device 1 card information (card number, expiration date) and OTP generation information (common key inherent to the network checkout assistance device 1) of the online business transaction are stored in a state of being connected to each other. . In other words, every 1⁄2 card member is associated with card information and OTP generation information, and is stored in the authentication server 7. φ In addition, the storage of such information to the authentication server 7 is performed at the same time as the card-sending assistance device 1 is issued to the card-member, or approximately before and after the period. _ Figure. In 2, the member terminal 2, the affiliate store terminal 3, the intermediary server 5, and the authentication server 7 are connected by the network 9a such as the Internet. The franchise terminal 3 _, the acquiring bank terminal 4, and the issuing bank terminal 6 are connected by the dedicated line 9b. . In addition, the issuing bank terminal 6 and the authentication server 7 are for each φ. The card banks are individually prepared, and are respectively connected to the member terminal 2, the acquiring bank terminal 4, and the intermediary server 5, and are connected by the network 9a and the dedicated line 9b. / , . Further, the affiliate store terminal J is also separately prepared for each affiliate store, and is connected to the member terminal 2_, the intermediary server 5, and the acquirer bank terminal 4 by the network 9a and the leased line 9b. Hereinafter, the flow of the network commercial transaction using the network checkout assisting device 1 will be described based on the flowchart of Fig. 3 and the system configuration diagram of Fig. 2. The card-members access the member terminal 2 from the affiliate store terminal 3 of the virtual store (web site) via the network 9a, and view the product or service. Then -28- 200805203 (26), once the product to be ordered or the desired service is determined, the member terminal 2 sends a message to the franchise terminal 3 that the order is for the goods or the service is desired to be settled by the card. The purpose of the road business transaction. The affiliate store terminal 3 causes the member terminal 2 to display the card information input screen 100 as shown in Fig. 4 (a), and requests the member terminal 2 to input the concurrent * delivery card number and the expiration date of the card. Therefore, once the card member has pressed the start button 1 2b of the network checkout assistance device 1, the authentication means 1 of the network checkout assistance device 1 is activated, and the network checkout assistance device 1 becomes awaiting authentication. State. Next, the card holder will input the greedy information (the 4-digit private number in this embodiment) necessary for the authentication of the person from the number key 1 2a. In addition, the private number of the 4 digits entered here is determined in advance when the cardholder subscribes to the card and has been stored in the network checkout aid. The authentication information storage unit 1 in 1 is included. The authentication means 14 reads the authentication information stored in the authentication information storage unit 15 and confirms whether or not it matches the input information input from the numeric key 12a. Then, when the two are consistent, the authentication means 1 4 is taken from . The card information storage unit 1 3 reads out the card number and the expiration date — which are card information, and displays them on the display 11. Then, if all of the card number and the expiration date are displayed on the display 11, the authentication means 14 transmits the indication to the OTP generating means 16. Thereby, the OTP generation means 16 is a one-time password generation waiting state to be described later. In addition, in this embodiment, since the number of bits -29 - 200805203 (27) that can be displayed on the display frame is limited to 8 digits, the authentication means 14 is first performed by the card number read from the card information storage unit 13. The division process is divided into the first 8 bits and the last 8 bits, and then on the display 1 1, the first 8 bits of the card number are displayed first. Based on the display, the card member inputs the first 8 digits of the card number in the card number input field 100a of the card information input screen 1 . • Once the first 8 digits of the card number have been entered, the card member presses the start button 1 2 b. The authentication means 14 receives the press detection φ of the start key 1 2 b and displays the last 8 digits of the card number on the display 11. Based on the display, the card member inputs the last 8 digits of the card number in the card number input field 1 0 0 a of the card information input screen 100. Once the input of the last 8 digits of the card number is completed, the card member presses the start key 12b. Certification means 1 4. , the connection is triggered by the start button 1 2b, and the expiration date is displayed in 4 digits (MM (month) / YY (year)). The card member is based on the display, and enters the expiration date in the valid period input field 1 〇〇b of the card information input screen 1 。. φ In addition, when the display area of the display and the number of displayable digits are sufficient, it is of course possible to display the card number all at once on the display, and also display the card number and the expiration date all at once. On the other hand, when the displayable number of bits of the display is less than 8 digits, the authentication means 14 can pre-segment the card information read from the card information storage unit 13 by the number of displayable digits. The start button 1 2b or any other key is pressed, and the divided card information is sequentially displayed. As described above, the network checkout assistance device 1 displays only on the display 11 when the input information input is identical to the authentication information stored in the authentication information storage unit -30-200805203 (28). Card information, therefore, if the authentication information is not known, the third party will not know the internal card information even if the network checkout assistance device 1 is stolen. Therefore, compared to the previous credit card with printed card information, the security is higher, and there is no doubt that the card information will be abused in online business transactions. The card member enters the card number and the expiration date (in addition, although the card information input screen 100 in Fig. 4 is not displayed, the ordered product may be included. • Service name, amount, purchase date, affiliate name, product The information such as the location of the transmission is displayed on the same screen, and the button 100c of the card information input screen 1 is clicked. By the send button 100c is selected, on the side of the franchise store terminal 3, the card information has been entered. Will be sent (S 10). From the member terminal 2, the order information, the service name, the amount, the order date, the name of the franchise store, the delivery location of the product, and the like, and the ordering information are received. Card for the card used for checkout. The franchise terminal 3 of the card information such as the number and the expiration date, in addition to the card information that has been received, will also be sent to the franchise store identification information given to each franchise store, and sent to the network 9a. The agent server 5 asks to confirm whether the card member is accepting. Member of the commercial transaction service of the New Road checkout assistance device 1 (can confirm the execution of the certification) (S20) 〇 介 伺服 伺服 伺服 , , , , 确认 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服(Affiliate store certification). If the information is the same, the registrar terminal 3 of the franchise store that participates in the commercial transaction service using the network checkout assistance device 1 can access the agent server 5. If it is inconsistent, the access from the franchise terminal 3 of the franchise store that does not participate in the commercial transaction service using the network checkout assistant-31 - 200805203 (29) assist device 1 is improper access, and therefore does not enter. Future process. The intermediary server 5 is based on the card information of the card member received from the franchise terminal 3 having the commercial transaction service participating in the network checkout assistance device 1, and the card issuing the card number of the card member is issued. Bank • Sends card information to the authentication server 7 of the specific issuing bank, and asks whether the card member is a member who accepts the commercial transaction service using the network checkout aid φ 1 (can confirm the execution) (S30). In the intermediary server 5 of the embodiment, the card issuing bank identification information for identifying the issuing bank is stored, and the intermediary server 5 searches for the issuing bank identification information based on the received card information, and the specific departure card bank. In other words, the intermediary server 5 of the present embodiment does not directly perform the authentication execution confirmation, but performs the affiliate store authentication, and based on the card information received from the affiliate store terminal 3, specifically issues the cardmember. The card issuing bank of the card number transmits the card information to the authentication server 7 φ of the specific issuing bank, and is responsible for transmitting the result of the authentication execution received from the authentication server 7 to the affiliate terminal 3. Further, in the present embodiment, although the intermediary server 5 is a server operated by a credit card/organization, it may be provided by each affiliate store terminal 3, and in this case, the authentication can be directly performed from the affiliate store terminal 3. The server 7 performs a request for confirmation of the execution of the authentication. Further, the franchise store authentication can be performed on the authentication server 7. The authentication server 7 holds the card information received from the intermediary server 5 by being registered in the authentication server 7. -32-200805203 (30) Card member having the card information Whether it is the confirmation of the card member who has accepted the commercial transaction service using the network checkout assistance device 1 (the authentication execution can be confirmed), and the result is returned to the agent server 5 (S40). Further, if the result of the authentication execution is confirmed, it is "OK" if the card information received from the intermediary server 5 is registered in the authentication server 7, and "No" if it is not registered. Then, the intermediary server 5 that has received the authentication execution confirmation result transmits the result to the affiliate store terminal 3 (S50). When the certificate execution of the card member is confirmed as "OK", it means that the card member accepts the commercial transaction service using the network checkout assistance device 1, so the franchise terminal 3 enters to perform the The process of the card certification member's own certification requirements (S60). Specifically, the affiliate store terminal 3 transmits the URL/information of the authentication server 7 of the issuing bank that has confirmed the execution result of the authentication to the member terminal 2 and also performed the authentication before the transmission. . The member terminal 2 that has received the authentication request from the affiliate store terminal 3 accesses the same authentication server 7 previously accessed by the intermediary server 5 based on the received URL, and performs an authentication request (S70). In addition, the flow of the S70 is performed in a series of manners from the S60; it can be realized by the re-directing function generally provided by the browser of the personal computer or the mobile phone used as the member terminal 2, so that the card member does not have In the sense, the process of processing can be automatically performed inside the member terminal 2. The authentication server 7 prompts the member terminal 2 to transmit a one-time password, and performs authentication of the card member based on the one-time password received from the member terminal 2 (S80). Specifically, the authentication server 7 receives the card information and the order information from the accessed member terminal 2, and confirms whether the card member having the card information has just passed through the intermediary server 5 from the affiliate terminal 3 Cardholders who can be confirmed by the certification implementation. This confirmation is to leave a log of the card information of the card member received from the intermediary server 5 before the scheduled time of the reservation ^, and by confirming the card information of the φ card member received from the member terminal 2, whether or not The card information left in the log before the time is consistent. In addition, the order information may not be sent from the member terminal 2, but may also be designed as i in the process of S20, 30, from the franchise terminal 3 through. The intermediary server 5 transmits to the authentication server 7; or may transmit the URL information of the authentication server 7 from the affiliate terminal 3 to the member terminal 2, and is sent to the authentication server 7 at the member terminal 2. When the access is made, it is forwarded to the authentication server 7. The card holder member of the member terminal 2 that has been accessed by the client and the certificate server 7 and the card holder member who has accessed the authentication from the franchise store terminal 3 can confirm whether the card member is the same or not. It is not only checked by the card information, but also designed to receive the order information from both the member terminal 2 and the affiliate terminal 3 (directly or through the intermediary server 5), and the verification of the information is performed as soon as possible. The authentication server 7 confirms that it is an access from the network checkout assistance device 1 of the card member who has previously accepted the authentication execution request, and the authentication server 7 creates the subscription information based on the received order information. The one-time password input screen 101 shown in Fig. 4(b) - 34 - 200805203 (32) is sent to the member terminal 2 having access. In the one-time password input screen 01 of Fig. 4(b), the object of the online business transaction of the cardmember is displayed, that is, the name of the franchise store and the item to be ordered. The amount of the service, ordering 曰. Once the one-time password input screen 1〇1 is displayed on the member terminal 2, the card member presses the start key 1 2b φ of the network check-out assisting device 1. The OTP generating means 16 of the network checkout assistance device 1 generates a wait state from the one-time password upon detecting that the start key 12b is pressed, and enters the one-time password generation flow. 0TP. The generating means 16 reads out the common key stored in the 0TP generation information storage unit 17 and counts it by the timer means 18, and sets the date data based on the date on which the start key 12b is pressed ( The year, month, day, second, and second are units of 30 seconds, and are encrypted by the common key to generate a one-time password, which is converted into a 1-digit number and displayed on the display 11. In addition to this φ, the encryption method of this embodiment adopts a common key encryption method. Again, because of this. The displayable number of digits of the display 11 of the embodiment is 8 digits, so the display: 1 1 will display the first 6 to 8 digits of the generated one-time password i 'card member, which is displayed on the member terminal 2 In the password input field 103a of the one-time password input screen 101, a one-time password displayed on the display 1 of the network checkout assistance device 1 is input, and the delivery button 1 〇 1 b is clicked. The one-time password is sent to the authentication server 7. In addition, after the input of the one-time password is completed, the card member can press the start button 1 2b of the network checkout auxiliary device 1 again to make the display 11 of the network checkout auxiliary device 1 The one-time password displayed becomes non-display, which is ideal from the viewpoint of security. At the same time, the power is also turned off, which is ideal in terms of power saving. The authentication server 7 that has received the one-time password from the member terminal 2 is first checked by the identification number of the member terminal 2 or the like, or is the one-time password input screen 1 0 1 generated and transmitted by the member terminal 2 individually. There is a reply to confirm whether the member terminal 2 is the other party who has just requested a one-time password. . After the confirmation, the authentication server 7 extracts the card information of the card member received from the OTP based on the card information required to receive the one-time password, and extracts the common key registered with the card number and authenticates. The date data (year, month, day, second, and second is 30 seconds) formed by the server 7 receiving the one-time password from the member terminal 2, and encrypted by the common key to generate a one-time password and convert it into Decimal digits. In addition, the encryption method of this embodiment is a common key encryption method. . In this way, the authentication server 7 confirms whether or not the one-time password generated by the authentication server 7 coincides with the one-time password previously received from the member terminal 2. If it is the same, it can be proved that the one-time password is a one-time password which is made almost at the same time by the common key stored only in the network checkout auxiliary device 1 and the authentication server 7. In other words, the operator who sends the one-time password to the member terminal 2 of the authentication server 7 is the common key used when the one-time password is generated, and the network in which the card information associated with the common key is stored.路-36- 200805203 (34) The operator of the checkout assistance device 1; and the card holder member who can use the card information, whereby the confirmation of the card member who requested the online business transaction is carried out . Further, the one-time password generating means is the date used by the network checkout assisting device 1 when generating the one-time password, and the authentication server 7 is used when generating the one-time password when the time synchronization method of the embodiment is employed. The period of the period is not necessarily the same. Therefore, considering that the one-time password is generated from the authentication server φ 7, the card member presses the start button 1 2b of the network checkout assistance device 1, and the network checkout The time difference until the auxiliary device 1 generates the one-time password. In the present embodiment, the second resolution of the date data is set. 30 seconds. However, the authenticity of the cardmember can only be recognized if the one-time password generated by the two is identical. The card member presses the start button 1 2b of the network checkout aid 1 to generate a one-time. Password, therefore. If it is up to the authentication server 7 from the member terminal 2 . Receive a one-time password of φ. In the case of a period of more than 3α seconds, the light is so different, the one-time passwords will be inconsistent, resulting in an increase in the number of unauthenticated events, but there will be a loss of convenience in online business transactions. / Therefore, the authentication server 7 will, if the one-time password received from the member terminal 2 is inconsistent, the date of the one-time password received from the member terminal 2 will be staggered back and forth for 30 seconds. The one-time password is regenerated on the authentication server 7 side. If it matches the one-time password generated on the member terminal 2 side, it is considered that the card member's personal confirmation is successful. In addition, the safety of the safety is considered in advance, and the pre-determination is also -37-200805203 (35) That is, when it is desired to improve the safety accuracy, N is set smaller; when it is desired to reduce the safety accuracy When the convenience of the card member side is prioritized, N is set to be large. The authentication server 7 transmits the authentication result of the card member due to the one-time password check to the member terminal 2 (S90). Further, specifically, the authentication server 7 transmits the URL information of the affiliate store terminal 3 to the member terminal 2 in addition to the authentication result, and transfers the authentication result from the member terminal 2 to the affiliate φ store terminal 3. The member terminal 2 that has received the authentication result transfers the authentication result (the person authentication OK and the person authentication NG) to the affiliate store terminal 3 (S10〇p. In addition, the flow of S100 is the same as that of S70, starting from S90. It can be implemented in a series of ways; it can be realized by the redirect function of the browser of the member terminal 2. In fact, the card member is not aware of the process, and the processing process is automatically performed inside the member terminal 2. 3 · Receive the authentication result from the member terminal · 2, and the result of the recognition certificate is that when the card member is confirmed as the person (I am certified), the authorization request of the card member is performed to the acquiring bank, therefore, In addition to the card information of the cardholder member and the transaction amount of the checkout wish amount (the function of the product/service to be ordered by the card member) to the/acquiring bank terminal 4, the authentication result is also sent (S In addition, the transaction data may also be generated in S 1 0 from the time when the member terminal 2 has the order information and card information to be sent, and is memorized at the franchise terminal 3 , but the bank terminal 4 is based on the card information received from the franchise terminal 3 -38-200805203 (36) easy information and certification results, and based on the card number of the card holder 'To issue the card issuing bank of the card issuing source, and to transfer the transaction data and the authentication result to the card issuing bank terminal 6 of the specific issuing bank (S 120), and the card issuing bank terminal 6 that receives the transaction data and the authentication result is based on 'Member information or credit information of each member stored in the member database not shown to confirm whether the amount of checkout required in the transaction data is φ within the credit limit of the card member authorized to be entrusted If the checkout hopes that the amount is within the credit limit, then the authorization credit will be confirmed, and the credit amount of the checkout wish amount will be secured. Then, the issuing bank terminal 6 will authorize the result (authorization 〇κ, authorization NG) ) is sent to the acquiring bank terminal 4 (S 130), and then the acquiring bank terminal 4 transfers the authorization result to the franchise terminal 3 (S 140). Then, the franchise terminal 3 is received After receiving the authorization result, the bank terminal 4 notifies the member terminal 2 of the result (S 150). Specifically, 'When the authorization result is OK, the card is used between the franchise store and the cardmember. The online business transaction system caused by the settlement of the member's card number is established. The _ screen of the intention is sent to the member terminal 2 and displayed on the member terminal 2. also. When the authorization result is N G , a screen indicating that the online commercial transaction is not established is sent to the member terminal 2 and displayed. Further, in the present embodiment, the personal authentication using the one-time password in the authentication server 7 is performed every time the online business transaction is performed between the member terminal 2 and the affiliate store terminal 3. In other words, the one-time password generated by the OTP generating means 16 of the present embodiment is valid only for the one-time network-39-200805203 (37) commercial transaction, so even if the network checkout assistance is not held The third party of the device sneaked a one-time password, and the third party still could not pretend to be a card-member to carry out the online business transaction, thereby improving the security of the business transaction. [Embodiment 2] Next, for a card member who is issued with a network checkout assistance device la (not shown), the network checkout assistance device 1a is used, and a personal computer or a mobile phone having a communication function is used. An embodiment of the online business transaction is carried out by using the checkout of the card number of the card member, and the description will be made. The guest embodiment is different from the previous embodiment 1 in that the OTP generating means 16 of the network checkout auxiliary device has a one-time password generating method, and the OTP generating information storing unit 17. The stored contents are the contents of the authentication flow (S80, S90) between the member terminal 2 and the authentication server 7 (in this embodiment, the authentication server 7a) in Fig. 3, and the like. That is, although in the foregoing embodiment 1, the one-time password generation method is designed in a time synchronization manner, in the present embodiment, the utilization number synchronization method is employed. Along with this, the network checkout p assist device of the embodiment i a, figure! The timing means 8 described in the above is replaced by the counting means 18a (not shown). Regarding the network checkout assistance device 1, 1 a and the authentication server 7, 7a, the configuration other than the above-described different points, and the processes other than S80 and S90 are the same as the embodiment shown in Figs. 1 to 3 Therefore, the detailed flow of the portions of S 80 and S 90 of Fig. 3 will be described below using Figs. 1 to 3 . -40 - 200805203 (38) The OTP generation information stored in the OTP generation information storage unit 17 of the present embodiment is composed of the common key inherent to the network checkout assistance device la and the usage count information. Among them, the common nylon is stored in the state in which the OTP generation information storage * 17 is not rewritable, and the authentication server 7a that performs the verification of the one-time password generated by the OTP generation means 16 is The establishment corresponds to the card number stored in the card information storage unit 13. The φ utilization number information, similarly to the common key, is associated with the card number stored in the card information storage unit 13 in the authentication server 7a. . . . . . In other words, these OTP generation information is stored in the authentication server 7a in a state in which the card number is associated with the card number. When the authentication server 7a receives the one-time password from the member terminal 2, the authentication server is authenticated in the same manner as the member terminal 2. A one-time password is also generated on the device 7a, by means of. Confirm that the two are consistent, you can verify the validity of the one-time password. , cardholder membership • certification. Further, the usage number information = is information that can be rewritten only when there is a rewriting instruction from the 0TP generating means 16 by the counting means 1 8 a, 0 times, 1 time, 2 times, and the like is added once. Addition, or 1 00, 9 9 ', 98 times, such a decrease of 1 after the reduction, the added or subtracted number will be stored in the 0TP generation information storage unit 17. The usage information will be updated. . In addition, the addition or subtraction is determined in advance. Further, the counting means 18a may be included in the 0TP generating means 16, or may be separately provided from the 0TP generating means 16, but the latter time -41 - 200805203 (39) must be generated by the OTP generating means. 1 6 is used to control the counting means 1 8 a so that the rewriting of the usage count information is performed. In S80 of Fig. 3, first, the authentication server 7a urges the member terminal 2 to transmit a one-time password, and performs authentication of the card member based on the one-time password received from the member terminal 2. Specifically, the authentication server 7a receives the card information and the order information from the accessed member terminal 2, and confirms whether the φ card member who owns the card information has just passed through the intermediary servo from the franchise terminal 3 Device 5, cardholders who are certified to perform the required confirmation. This confirmation is to leave a log of the card information of the card member received from the intermediary server 5 before the scheduled time, and confirm whether the card information of the card member received from the member terminal 2 is before the scheduled time. The card information left in the log is consistent. Further, the order information may be transmitted from the member terminal 2, or may be designed to be transmitted from the affiliate terminal 3 through the # intermediary server 5 to the authentication server 7a in the flow of S20·, 30; or When the URL information of the authentication server 7a is transmitted from the affiliate terminal 3 to the member terminal 2, it is transmitted, and when the member terminal 2 accesses the authentication server 7a, it is forwarded to the authentication server. 7a. Moreover, the card-receiving member of the member terminal 2 accessed by the authentication server 7a and the card-receiving member who has received the authentication execution from the franchise store terminal 3 can confirm whether or not the card-receiving member is the same, and can not only use the card. The information can be checked, but it can also be designed to receive order information from both the member terminal 2 and the franchise terminal 3 (directly or through the intermediary server 5), and also enters into -42-200805203 (40) Check. The authentication server 7 a, - is confirmed to be the network check-out aid of the card member who has previously received the confirmation request. Then, the authentication server 7a is based on the received one-time password input screen 101 shown in the order quiz 4(b), and concurrently: the member terminal 2. In the one-time password input screen 101 of Fig. 4(b), the object of the online commercial transaction by the % member is the affiliated product. The amount of the monthly service, the order date. Once the one-time password is displayed on the member terminal 2, the card member presses the network checkout assistance device 1. When the OTP generating means 16 of the network checkout assisting device 1 presses the start key 12b, it generates a one-time password from a one-time password generation process. The OTP generation means 16 reads out the common key and the usage count information of the OTP~generated information letter ^, _ . - : Number of times, encrypted with a common key to generate a one-time password '1' digits, _ is displayed on display 11. . In addition, in this embodiment, the one-time password generation algorithm is used to generate the one-time password. Since the display number of the display 11 of the embodiment is significant, the display 11 displays the previous generation. ~ 8 digits. In addition, 0ΤΡ generates information, except that the above-mentioned access is performed by the authentication execution, and the opening is performed, and the start button 12b for displaying the card store name and the order input screen 101 is displayed as shown in the figure. Detecting the waiting state, entering the survival unit 17 and using the code, converting it, using the number of times the number of digits is 8 one-time password and the total number of -43-200805203 (41) pass key In addition, any other information (for example, policy, etc.) that can be obtained only by the network checkout auxiliary device 1 a and the authentication server 7a may be included; in this case, the usage information, and any arbitrary information, It can also be encrypted by a common key to generate a one-time password. The OTP generating means 16 is to generate the one-time password, and to count the hand/segment 1 8 a, add or subtract 1 the usage number information just read, and then generate the usage information of the OTP generation information storage unit 17. Rewritten, φ updated. The card member is input to the password input field 101a of the one-time password input screen 101 displayed on the member terminal 2, and the one-time password displayed on the display 1 of the network checkout assisting device 1 is input, and the mailing is selected. Button 10 1b, the one-time key that has been entered. The code will be sent to the authentication server 7a. In addition, after the input of the one-time password is completed, the card member can press the start button 12b of the network checkout assistance device 1 again to enable the network checkout assistance device 1. The one-time password displayed on the display 1 1 becomes non-display, φ which is ideal from the viewpoint of security. At the same time, the power is also turned off, which is ideal in terms of power saving. The authentication server 7a that receives the one-time password from the member B terminal 2 is first checked by the identification number of the conference terminal 2 or the like, or the one-time password input generated and transmitted by the member terminal 2 individually. 1 〇丨 Is there a reply? Check if the member terminal 2 is the one who just requested a one-time password to send the message. After the confirmation, the authentication server 7 a is based on the card information received by the card holder before receiving the one-time password transmission, and is extracted from the 〇TP generation information -44 - 200805203 (42), and is associated with the card number. Log in the common key and usage information, and encrypt the usage information with a common key to generate a one-time password and convert it into decimal digits. In addition, this embodiment. In the middle, the usage time information is used, and the one-time password generation algorithm is used to generate a one-time password. In addition, OTP students ‘in the information, if there is any information, in addition to the use of the number of information, the arbitrary information will be encrypted by the common key. In this way, the authentication server 7a confirms whether or not the one-time password generated by the authentication server 7a coincides with the one-time password previously received from the member terminal 2. If it is consistent, the one-time password can be proved, and the sinus is a one-time password made by only the usage count information and the common key stored in the network checkout auxiliary device 1 and the authentication server 7a. In other words, the operator who sends the one-time password to the member terminal 2 of the authentication server 7a is associated with the usage number information and the common key used in the generation of the one-time password, and the usage frequency information and the common key φ The operator of the network checkout assistance device 1 to which the card information is stored; and the card member who can use the card information, thereby, _ requesting the card member of the online business transaction to confirm Was carried out. The authentication server 7a transmits the authentication result of the card member (the person authentication OK, the person authentication NG) caused by the one-time password check to the member terminal 2, and also uses the number of times used in the generation of the previous one-time password. The information is added or subtracted by a predetermined calculation method, and the calculation result is used as the usage information in the authentication server 7a, and is rewritten and updated. -45-200805203 (43) Further, in the one-time password generation method, even when the operator terminal 2 and the operator of the network checkout assistance device la are legitimate card members, when the usage number synchronization method as in the present embodiment is employed, However, it is still possible that the usage count information used by the network checkout assistance device 1 a when generating the one-time password is different from the usage frequency information used by the authentication server 7a when generating the one-time password, resulting in a one-time password. Inconsistent situation. Cardmembers, even if the network checkout assistant 1a generates a one-time φ password, it does not necessarily guarantee that it will be sent to the authentication server 7a, when the card member is inadvertently interrupted in the middle of the online business transaction. At the time of the line, or, perhaps, it is not intended to conduct a network commercial transaction, but to operate the network checkout assistance device 1a to play around - a carelessly generated one-time password. In this case, since the usage information of the network checkout assistance device la is updated, the information on the number of times of use of the authentication server 7a is not updated, so. Of course, the one-time password generated will not be consistent. However, if the one-time password generated by the two is completely φ, the authenticity of the card-members can be recognized, which will lead to an increase in the certification NG, which will impair the convenience of online business transactions. Therefore, the authentication server 7a, when the one-time password received from the member terminal 2 is inconsistent, will still use the number-of-use information stored in the authentication server 7a within the specified range (for example, the usage number information + If the change is made within N), the one-time password is regenerated on the authentication server 7a side, and if it is the same as the one-time password generated on the member terminal 2 side, it is considered that the card member's personal confirmation is successful. In addition, the N system considers the accuracy of safety and determines it in advance. -46- 200805203 (44) That is, when it is desired to improve the safety accuracy, N is set to be small; when it is desired to reduce the safety accuracy and the convenience of the card member side is prioritized, N is Set it larger. As described above, if the network check transaction assisting device of the present invention is used for the online business transaction, the input information input to the network checkout auxiliary device is input to the card information input screen as long as the card information is input. If the authentication information stored in the network checkout assistant is inconsistent, even if the card holder φ member has no information about the card, the card information is hidden from the previous credit card. It can prevent the improper use of card information in online business transactions. Moreover, since the network checkout assistance device is portable, the mobile phone can be used regardless of where the card member is located. Personal computer in the house, personal computer in the outing place. _, to conduct secure online business transactions and increase the convenience of online business transactions. In addition, the personal certification of the card-members at the time of the online commercial transaction is based on whether the one-time password generated by the network check-out facilitator is consistent with the one-time password generated by the authentication server. . ... This one-time password is inherent to the network checkout aid and is only stored in the network checkout aid and authentication server, and is used even if it is a card member. A common key that is not known to itself is encrypted by the updated usage information each time the date data or the one-time password generated by the predetermined key press is detected. That is, because it is a certification information that can only be made by a card-member who is operating a network check-out aid, the third party that does not hold the network check-up assistant-47-200805203 (45) is The inability to impersonate card members to conduct online business transactions can further enhance the security of online business transactions. Moreover, the generation of the one-time password is performed only after the card information is displayed on the network checkout auxiliary device. Therefore, the third party who does not have the network checkout assistance device only knows the card number. Cannot generate a secondary password. Moreover, even if the third party steals the network checkout assistance device, if there is no authentication information for inputting the network checkout assistance device, the one-time password cannot be generated. In other words, since the third party can obtain the online checkout assistance device, it is impossible to fake the card member to conduct the online business transaction, so the security of the commercial transaction can be guaranteed. In addition, the method for generating the one-time password is not limited to the time synchronization method of the above embodiment, and is capable of performing a card membership with a network checkout assisting device as long as it is between the network checkout assistance device and the authentication server. I can authenticate. In addition, since the network checkout assistance device uses the network non-connected configuration, the card information, authentication information, and OTP generation information that were once stored in the network checkout assistance device are Cannot be read by improper access. And even. It is also impossible for a cardmember who is assigned a network checkout aid to read it. Assume that if the network checkout assistance device is a terminal that can be connected to a personal computer or a mobile phone, etc., when a certain bad situation occurs in the connection between the network checkout assistance device and the terminal, the cause of the defect is On the network checkout assistance side or on the terminal side, such a division of responsibility will be unclear. Therefore, a network checkout aid composed of a network non-connected type, -48-200805203 (46), is effective for the clear division of responsibility points. Here, the system configuration and flow of the card registration member who does not hold the network checkout assistance device and the prior registration of the online business transaction in the network checkout system of the present embodiment are shown in Fig. 6. The card-members access from the member pc to the WEB website dedicated to the card-members operated by the card company (credit card organization or card-issuing bank), and input the member information known only to the card-members (date of birth) , φ phone number, account number, etc.), and then sent to the WEB website (Figure 6, (1)). The WEB website of the card company that received the member information. The card system of the card company that has registered the membership information is accessed, and the member system is entrusted to check the member information received and the member information registered in the backbone system (Fig. 6, (2)). The backbone system sends back the verification results to the WEB website (Figure 6, (3)). If the result of the right core seal is 〇 K ’, it is deemed that the card holder member has confirmed the success. . : _ , and from the WEB website, to the member PC, request password login 〆 member PC, the password is sent to the WEB website (Figure 6, (4)). The WEB website that receives the password from the member PC registers the password with the authentication server 7 of the card company (Fig. 6, (5)). The password registered here is a fixed password, not a one-time password generated on the network checkout aid. In other words, when a card member who does not hold a network checkout assistance device performs network checkout on the network checkout system, the card member's authentication method can only be done by means of a fixed password; once the card number is Once the fixed password was known to a third party, then -49-200805203 (47) The third party can fake the card member for online checkout. In addition, the card holder who does not hold the online checkout assistance device accesses the WEB website of the card holder in order to log in the password. After the user has authenticated, the password registration operation can be performed, thus causing the card member side to be created. The burden is greater. Even if it is not only the burden of the card-members, even on the card company side, it is necessary to set up a WEB website for the card-members to log in to the password, and to set up a backbone system for the identity of the card-members. Moreover, the network checkout assistance device is configured to generally display the card number only if the card number is not exposed and is only known to the card member, or only if the authentication information possessed by only the card member is input. Due to the network-to-bank checkout, the password used by the card-member's personal authentication is not a fixed password, but a one-time password. Therefore, it is extremely important for a third party to fake a card member to conduct online business transactions. difficult. Above, although the description of the network checkout auxiliary installation. Set to 1 . Example, but • . Therefore, the network checkout assisting device of the present invention is not limited to the one described in the above embodiment. . All of the network checkout assistance devices 1' constituting the components can be variously modified and modified, and the constituent elements necessary for each purpose can be arbitrarily combined to construct the network checkout assistance device of the present invention. Further, the above-mentioned changes and corrections are of course within the scope of the patent application of the present invention. For example, in the embodiment, although the network checkout using the card number of the credit card is described, as long as the network is at least by the card number The card of the checkout, in addition to the credit card, an embodiment such as a card such as a debit card, is also within the scope of the patent application of the present invention. Also, in this embodiment, though. It is used in online business transactions using card checkout, but when card members only want to conduct online business transactions, they do not want real face-to-face transactions caused by previous credit cards such as plastic magnetic cards and 1C cards. In this case, the credit card may not be issued; the owner of the online checkout assistant of the present invention does not need to hold the previous plastic type credit card. φ Further, for example, in the embodiment, the card information storage unit 13 of one network checkout assistance device 1 stores card information of one card member having one type of card information, and stores the authentication information. In the section 15, one type of authentication information is stored, but a plurality of card numbers may be stored in the card-slice information storage unit 13. The authentication information at this time can be used to display the plural card number. The common authentication information can also correspond to the card number and the authentication information. The card number displayed on the display 1 is different depending on the authentication information entered. . · φ, mother and child, credit card, etc., the same or multiple card number, is used by a plurality of people, it is also possible to store different authentication information in each person in the authentication information storage department. In 1 5, it is also possible to store common authentication information. Again, on the record. In the embodiment, although the card information and the 0 TP generation information are described, the network checkout auxiliary device 1, 1 a and the authentication server 7, 7 a are respectively established to associate with each other, but in order to prevent card information. Eavesdropping, and the card information and OTP to generate information, not directly or indirectly to establish a related party' is also included in the scope of the patent application. Specifically, the S10 in Figure 3 is the end of the card. -51 - 200805203 (49) In the S 2 0, 30, via the franchise terminal 3, the intermediary server 5, it will be sent to the authentication server 7, 7a, but the authentication server 7, 7a At this time, the card number in the received card information is converted into a unique number different from the card number, and transmitted to the affiliate store terminal 3 via the intermediary server 5 (in S40, 50). Further, the unique number is sent from the affiliate terminal 3 to the member terminal 2, and is transmitted to the authentication servers 7, 7a via the member terminal 2 (in S60, 70). The authentication server 7, 7a that receives the unique number converts the unique number into a card number by converting the unique number into a card number, and converts the converted number into the OTP generation information associated with the card number. For the generation of one-time passwords. In this way, by establishing a unique number other than the card number and the card number and the OTP generation information, except for the card number in S10, S2〇, and S30, there is no card number circulation on the network 9a, so the card number is eavesdropped. The possibility is greatly reduced and contributes to the improvement of safety. Further, in the above-described embodiment, the member terminal 2 transmits the card information to the affiliate terminal 3, and the authentication servers 7 and 7a are based on the request from the affiliate store terminal 3, and are performed in S80 of Fig. 2 The case where the card member is authenticated by himself, but the present invention is not necessarily limited thereto. For example, the authentication server 7 may be accessed by the member terminal 2, and then the authentication server 7, 7a transmits the authentication information input screen dedicated to the card member to the member terminal 2, based on the input to the authentication input screen. Card information and one-time password, the card holder member's own authentication is performed between the member terminal 2 and the authentication server 7, and -52-200805203 (50) 7 a; after the result is confirmed to be the person's condition (for example, Within a predetermined time, a predetermined number of times, a predetermined franchise store, etc., the member terminal 2 accesses the website of the affiliate store terminal 3 to conduct an online business transaction. In other words, the network checkout assistance device of the present invention is basically designed to be used for authentication by the cardmember between the member terminal 2 and the authentication server 7, 7a on the card company side, and is authenticated. After that, it is possible to actually conduct a network commercial transaction in the website of the affiliated store, etc.; it is not necessarily the premise of the personal authentication commission from the affiliate store terminal 2. The means and database in the present invention are only differentiated by logically distinguishing their functions, and may be in the same field in the sinus soil or in fact, instead of replacing the database with the data gun case. Of course, the data file is also included in the database. In the above embodiment, although the terminal or server on the network checkout system is described, the credit card organization (the main body of the commercial transaction service) and the card issuing bank (the acquisition of the card member and the issuance of the card to the card member) ), the acquiring bank (acquisition of the franchise store. contract. The management entity) and the franchise stores operate separately. However, these are only differences between mourning and roles. On the physical side, there will be cases where the issuing bank and the acquiring bank are the same, or there are credit card organizations and card issuing. The case where the bank and the acquiring bank are the same. Therefore, for example, in the present specification, the network checkout assistance device 1, 1 a is not limited to being distributed from the issuing bank. Moreover, the provider of the network checkout system does not necessarily have to be a credit card organization. Further, the issuing bank terminal 6 and the authentication server 7, 7a and the acquiring bank terminal 4 may be the same -53-200805203 (51). Also, any of the intermediary server 5, other terminals, or servers may be the same. Further, in the practice of the present invention, a memory medium on which a program for realizing the functions of the present embodiment is recorded is supplied to the system, and the program stored in the memory medium is read and executed by the computer of the system. • Now. At this time, the program read from the memory medium itself realizes the function of implementing the shape state, and the memory medium which memorizes the program constitutes the present invention. As the memory medium for supplying the program, for example, a disk, a hard disk, a compact disk, an optical disk, a magnetic tape, a non-volatile memory card, or the like can be used. Moreover, not only the function of the above-described embodiment is implemented by the computer executing the program that has been read, but part or all of the actual processing by the operating system in operation on the computer, based on the instruction of the program, The case where the function of the predecessor embodiment is realized by this processing is also encompassed by the present invention. ® Even the program that is read from the memory media is written to the non-volatile or volatile memory that is inserted into the computer's function expansion board or the function expansion unit connected to the computer. Based on the instructions of the program. Further, some or all of the actual processing by the arithmetic expansion unit or the arithmetic processing unit provided in the function expansion unit can realize the function of the predecessor embodiment by the processing, and is also encompassed by the present invention. BRIEF DESCRIPTION OF THE DRAWINGS [Fig. 1] Appearance and electrical hardness of the network checkout assisting device of the present invention - 54 - 200805203 (52) Configuration diagram of the body configuration. [Fig. 2] A schematic diagram of the connection of the network checkout system using the network checkout assistance device. [Fig. 3] A diagram showing an example of a processing flow of a network commercial transaction in a network checkout system. [Fig. 4] A diagram showing an example of a screen displayed on a member terminal in the processing flow of a network commercial transaction in the network checkout system.
〔圖5〕本發明之網路結帳輔助裝置之操作程序及顯 示器畫面遷移的圖示。 〔圖6〕未網路結帳輔助裝置之網路結帳系統,被持^ 卡會員利用之際,持卡會員之本人認證所需之密碼登錄用 所必要之系統槪略屬接構成圖。 【主要元件符號說明】 、 1 :網路結帳輔助裝置 10 框體 ":顯示器 •1 2 :按鍵操作部. 12a :數字鍵. 12b :開始鍵 1 3 :卡片資訊儲存部 1 4 :認證手段 1 5 :認證資訊儲存部 16 : OTP生成手段 -55- 200805203 (53) 17 : OTP生成資訊儲存部 1 8 :計時手段 1 9 :驅動用電源 2 :會員終端 ' 3 :加盟店終端 • 4 :收單銀行終端 5 :仲介伺服器 ^ 6 :發卡銀行終端 7 :認證伺服器 9 a :網路 9b :專線 -56Fig. 5 is a diagram showing the operation procedure of the network checkout assisting device of the present invention and the screen transition of the display. [Fig. 6] The network checkout system of the non-network checkout assistance device is used as a system for the password registration required for the card holder's personal authentication. [Description of main component symbols], 1: Network checkout assistance device 10 Frame ": Display • 1 2 : Key operation section. 12a : Number key. 12b : Start key 1 3 : Card information storage section 1 4 : Authentication Means 1 5 : Authentication information storage unit 16 : OTP generation means - 55 - 200805203 (53) 17 : OTP generation information storage unit 1 8 : Timing means 1 9 : Drive power supply 2 : Member terminal ' 3 : Affiliate store terminal • 4 : Incoming Bank Terminal 5 : Agent Server ^ 6 : Issuing Bank Terminal 7 : Authentication Server 9 a : Network 9b : Line -56