1304190 (1) 九、發明說明 【發明所屬之技術領域】 本發明係有關於網路結帳輔助裝置。 【先前技術】 先前,在行動電話機中儲存了信用卡或銀行卡等之卡 片識別資訊(卡號)及私密號碼,當被輸入至行動電話機的 私密號碼,和所儲存之私密號碼爲一致時,藉由在行動電 話機之顯示器上顯示卡號,就可使行動電話機也具備卡片 之機能(例如,參照專利文獻1)。 可是,此種附帶卡片機能的行動電話機上,存在著以 下說明之課題。 〔專利文獻1〕 日本特開2002-64597號公報 【發明內容】 〔發明所欲解決之課題〕, 對專利文獻1所記載之附帶卡片機能的行動電話機的 資料儲存、抹消等,是藉由通訊而進行。換言之,該行動 電話機,係以被網路連接爲前提。 如此,若向可連接網路之行動電話機,儲存卡號或私 密號碼’則因不正當存取等,這些卡號或私密號碼被惡意 第三者竊聽、篡改的危險性並非少到完全沒有,會造成安 全上的問題。 -4- (2) 1304190 於是,若將行動電話機構 搞不好可以使上述竊聽或篡改 可是,行動電話機,係除 具有網路通訊機能這是目前一 變成不可連接網路之構成,這 爲了要維持現狀的彳了動電話機 之卡號或私密號碼無法從外部 式等,會使構成變得複雜。 又,在專利文獻1之行動 透過網路的不正當存取,也只 器上的卡號,一度被第三者偷 該卡號,在網際網路上進行信 ,就這點來說,安全性亦較低 此外,本案專利申請人, 就可進行網路商業交易之情事 卡號之提示外,仍須經過提示 密碼來進行持卡會員的本人認 的此種網路結帳系統。 可是,若該固定密碼也一 還是可假冒持卡會員來進行網 必然的安全。 本發明係有鑑於以上之先 於,使得不正當存取等造成卡 的危險性消失,且能夠更安全 成爲不可連接網路的話,則 的疑慮消失。 了基本的通話機能以外,也 般常見的,要使行動電話機 在現實上是有困難的。又, 之構成不變,且使已被儲存 讀出,是必須要具備加密程 電話機的情形,即使不藉由 要顯示在行動電話機之顯示 看到,則第三者便可能使用 用結帳所致之網路商業交易 0 係有鑑於上記這種僅用卡號 ,而正在開始用運一種除了 持卡會員所預先訂定的固定 證,才能進行網路商業交易 旦被第三者得知,則第三者 路商業交易,這也不能說是 前問題點而硏發,其目的在 號或私密號碼被竊聽、篡改 地進行網路商業交易的網路 -5- (3) 1304190 結帳輔助裝置。 〔用以解決課題之手段〕 申請項1之發明,係 一種網路結帳輔助裝置,係屬於可搬型之網路結帳輔 助裝置,其特徵爲,具備:顯示器;和卡片資訊儲存部, 是以無法從外部讀出之狀態預先儲存著,至少包含信用卡 | 或轉帳卡等之卡片契約者之識別資訊的卡片資訊;和認證 資訊儲存部,是以無法從外部讀出之狀態預先儲存著,用 來進行前記契約者之本人認證的認證資訊;和OTP生成資 訊儲存部,是以無法從外部讀出之狀態預先儲存著,被前 記卡片資訊所關連對應且爲前記網路結帳輔助裝置所固有 之OTP生成資訊;和輸入手段,將前記認證資訊加以輸入 ;和認證手段,基於從前記輸入手段所輸入之輸入資訊, 由前記網路結帳輔助裝置之操作者,進行是否爲前記契約 | 者的本人認證,若已經確認爲本人時,則至少讀出前記卡 片資訊當中的前記識別資訊,並顯示於前記顯示器上;和 一次性密碼生成手段,在前記卡片資訊被顯示後,基於前 記OTP生成資訊,生成一次性密碼,並顯示於前記顯示器 上;當藉由前記一次性密碼,進行了前記契約者之本人認 證,且已確認爲本人時,使得使用前記識別資訊之結帳所 致之網路商業交易成爲可行。 申請項2之發明,係 一種網路結帳輔助裝置,係屬於,信用卡或轉帳卡等 -6 - (4) 1304190 之卡片契約者的行動電話或個人電腦等的契約者終端,和 進行前記契約者本人認證的認證伺服器,是彼此連接網路 而成之網路結帳系統中,在進行使用了前記契約者之識別 資訊的結帳所致之網路商業交易之際,所被使用的可搬型 之網路結帳輔助裝置,其特徵爲,前記網路結帳輔助裝置 係具備:顯示器;和卡片資訊儲存部,是以無法從外部讀 出之狀態預先儲存著,至少包含前記契約者之識別資訊的 _ 卡片資訊;和認證資訊儲存部,是以無法從外部讀出之狀 態預先儲存著,用來進行前記契約者之本人認證的認證資 訊;和OTP生成資訊儲存部,是以無法從外部讀出之狀態 預先儲存著,被前記卡片資訊所關連對應且爲前記網路結 帳輔助裝置所固有之OTP生成資訊;和輸入手段,將前記 認證資訊加以輸入;和認證手段,基於從前記輸入手段所 輸入之輸入資訊,由前記網路結帳輔助裝置之操作者,進 行是否爲前記契約者的本人認證,若已經確認爲本人時, B 則至少讀出前記卡片資訊當中的前記識別資訊,並顯示於 前記顯示器上;和一次性密碼生成手段,在前記卡片資訊 被顯示後,基於前記OTP生成資訊,生成一次性密碼,並 顯示於前記顯示器上;前記契約者終端’是藉由將前記一 次性密碼發送至前記認證伺服器,來進行前記契約者的本 人認證,當已確認爲本人時,則使前記網路商業交易成爲 可行。 若依據申請項1及申請項2之發明’則若藉由網路結 帳輔助裝置進行契約者之本人認證的結果,確認爲本人的 -7- (5) 1304190 話’則由於即使是契約者本身也無法獲知卡片資訊,而卡 片資訊是以無法從外部讀出之狀態而被儲存,因此,異於 卡片資訊會外露之先前的信用卡,可提高卡片資訊的隱匿 性’防止網路商業交易中的卡片資訊之不正當使用。 又,由於網路結帳輔助裝置係爲可搬型,因此無論契 約者身處何處,都可使用行動電話、在宅的個人電腦、外 出地的個人電腦,來進行安全的網路商業交易,增加網路 商業交易的便利性。 又,因爲契約者的本人認證時,是使用基於網路結帳 輔助裝置中所儲存之契約者固有之OTP生成資訊而作成之 一次性密碼,因此,即使第三者獲得一次性密碼,也不能 使用在下次的網路商業交易中。 一次性密碼生成用之OTP生成資訊,因爲是以無法從 外部讀出之狀態而被儲存,因此即使是契約者本人,也無 從得知OTP生成資訊,只有正在操作網路結帳輔助裝置的 契約者本人會獲知生成結果之一次性密碼。換言之,由於 第三者所致之一次性密碼生成是不可能發生,因此,可更 加保證網路商業交易的安全性。 而且,該一次性密碼的生成,係只有在網路結帳輔助 裝置上顯示了卡片資訊後才會進行,因此,不具有網路結 帳輔助裝置的第三者,就算僅得知識別資訊,也是不能生 成一次性密碼。又,即使第三者竊得了網路結帳輔助裝置 ,若沒有用來輸入網路結帳輔助裝置的認證資訊,也是無 法生成一次性密碼。 -8 - (6) 1304190 換言之,契約者,係在藉由網路結帳輔助裝置之認證 手段接受了本人認證後’還會藉由認證伺服器而接受到本 人認證,最終而言’一直到可進行網路商業交易爲止是必 須要經過基於2種互異之認證資訊的本人認證’因此能更 加防止第三者所致之假冒,提高網路商業交易的安全性。 申請項3之發明,係 一種網路結帳輔助裝置,其特徵爲,前記認證資訊, 係爲前記契約者所預先訂定的私密號碼;前記輸入手段, 係爲數字鍵。 若依據申請項3的發明,則由於可使輸入手段及認證 手段構成較爲廉價,因此可謀求促進網路結帳輔助裝置之 利用。 申請項4之發明,係 一種網路結帳輔助裝置,其特徵爲,前記認證資訊, 係爲將前記契約者的指紋、虹膜、聲帶、臉部照片等之生 物性特徵加以數値化而成的生物資訊。 若依據申請項4之發明,則因爲可以高精度來進行契 約者之本人認證,因此可以成爲即使網路結帳輔助裝置遭 竊,也不必擔心遭到惡用的網路結帳輔助裝置。 申請項5之發明,係 一種網路結帳輔助裝置’其知徵爲’ BU 〇 T P生成貪 訊,係爲共通金鑰;前記一次性密碼生成手段,係偵測所 定操作鍵之壓下,而將前記操作鍵被壓下之日期所成之曰 期資料,以前記共通金鑰予以加密然後生成一次性密碼。 -9 - (7) (7)1304190 (1) Description of the Invention [Technical Field of the Invention] The present invention relates to a network checkout assisting device. [Prior Art] Previously, a card identification information (card number) and a private number such as a credit card or a bank card were stored in the mobile phone, and when the private number input to the mobile phone is the same as the stored private number, By displaying the card number on the display of the mobile phone, the mobile phone can also be provided with the function of the card (for example, refer to Patent Document 1). However, such a mobile phone with a card function has the following problems. [Patent Document 1] Japanese Laid-Open Patent Publication No. 2002-64597. SUMMARY OF THE INVENTION [Problems to be Solved by the Invention] The data storage and erasure of the mobile phone with a card function described in Patent Document 1 is by communication. And proceed. In other words, the mobile phone is premised on being connected by the Internet. In this way, if the card number or the private number is connected to the mobile phone that can be connected to the network, the card number or the private number is not easily and eavesdropped by the malicious third party due to improper access. Security issues. -4- (2) 1304190 Therefore, if the mobile phone organization is not able to make the above-mentioned eavesdropping or tampering, the mobile phone device has the network communication function, which is the current composition of the non-connectable network. The card number or private number of the mobile phone that maintains the status quo cannot be externally typed, and the configuration becomes complicated. Moreover, in the fraudulent access of the action of Patent Document 1 through the network, only the card number on the device is once stolen by the third party, and the letter is transmitted on the Internet. In this regard, the security is also compared. In addition, the patent applicant in this case can make a prompt of the card number of the online commercial transaction, and still has to go through the prompt password to carry out the network checkout system recognized by the card holder himself. However, if the fixed password is also a fake card holder, the network must be secure. The present invention has been made in view of the above, and the risk of the card being lost due to improper access or the like is eliminated, and the doubt that the network can be connected to the network is safe. In addition to the basic telephone functions, it is also common to make mobile phones difficult in reality. Moreover, the composition is unchanged, and the stored and read-out is necessary. It is necessary to have an encrypted telephone. Even if it is not seen by the display to be displayed on the mobile phone, the third party may use the checkout. The Internet Business Transactions 0 is based on the above-mentioned card number only, and is beginning to use a fixed certificate pre-defined by the card-members to be able to conduct online business transactions. Third party road business transaction, this can not be said to be the former problem point, the purpose of the number or private number is eavesdropped, tampering network business transactions network-5- (3) 1304190 checkout auxiliary device . [Means for Solving the Problem] The invention of claim 1 is a network checkout auxiliary device, which is a portable network checkout auxiliary device, and is characterized in that: a display; and a card information storage unit are The card information including at least the identification information of the card contractor such as the credit card|or the debit card, and the authentication information storage unit are stored in advance in a state in which they cannot be read from the outside, in a state in which they are not read from the outside. The authentication information used to perform the personal authentication of the predecessor contractor; and the OTP generation information storage unit is pre-stored in a state incapable of being read from the outside, and is associated with the pre-recorded card information and is a pre-recorded network checkout auxiliary device. The inherent OTP generation information; and the input means for inputting the pre-certification information; and the authentication means, based on the input information input from the pre-recording input means, by the operator of the pre-recorded network check-out auxiliary device, whether to be a pre-declaration contract| If you have confirmed your identity, at least read the pre-recorded information in the pre-recorded card information. And displayed on the pre-recording display; and the one-time password generating means, after the pre-recording card information is displayed, generating a one-time password based on the pre-recorded OTP, and displaying the one-time password on the pre-recording display; The online business transaction caused by the checkout of the pre-recorded identification information becomes feasible when the former contractor is certified by himself and has been confirmed as the person. The invention of claim 2 is a network checkout auxiliary device belonging to a contractor terminal of a mobile phone or a personal computer such as a credit card or a debit card, etc., and a predecessor contract. The authentication server that is authenticated by the user is used in the network checkout system that is connected to the Internet and is used in the online business transaction caused by the checkout of the identification information of the former contractor. The portable network checkout auxiliary device is characterized in that: the pre-recorded network checkout auxiliary device includes: a display; and a card information storage unit, which is pre-stored in a state incapable of being read from the outside, and includes at least a pre-recorder The identification information _ card information; and the authentication information storage unit are pre-stored in a state in which the external information cannot be read out, and the authentication information used for the self-certification of the former contractor; and the OTP generation information storage unit cannot The state read from the outside is pre-stored, and is related to the OTP generated by the pre-recorded card information and is inherent to the pre-recorded network check-out auxiliary device; Means, inputting the pre-certification information; and the authentication means, based on the input information input from the pre-recording input means, by the operator of the pre-recording network check-out auxiliary device, whether to perform the self-certification of the pre-registered contractor, if it has been confirmed as When I, B reads at least the pre-recording information in the pre-recorded card information and displays it on the pre-recorded display; and the one-time password generating means, after the pre-recorded card information is displayed, generates a one-time password based on the pre-recorded OTP. And displayed on the pre-recorder; the pre-dealer terminal 'is sent by the pre-recorded authentication server to the pre-registered authentication server, and when the self-confirmed person is confirmed, the pre-recorded network commercial transaction is made. Become feasible. According to the inventions of application 1 and application 2, if the result of the contractor's own certification is carried out by the network check-out aid, the -7-(5) 1304190 words of the person's confirmation are confirmed, even if it is the contractor. The card information is not known by itself, and the card information is stored in a state that cannot be read from the outside. Therefore, the previous credit card that is different from the card information can improve the concealment of the card information. Improper use of card information. Moreover, since the network checkout assistance device is portable, it is possible to use a mobile phone, a personal computer at a house, or a personal computer on the outing place to conduct secure online business transactions, regardless of where the contractor is located. The convenience of online business transactions. Moreover, since the contractor's personal authentication is a one-time password created using the OTP generation information inherent to the contractor stored in the network checkout assistance device, even if the third party obtains the one-time password, Used in the next online business transaction. The OTP generation information for one-time password generation is stored because it cannot be read from the outside. Therefore, even if the contractor himself does not know the OTP generation information, only the contract for operating the network checkout assistance device is being operated. I will be informed of the one-time password for the results. In other words, the one-time password generation due to the third party is unlikely to occur, so the security of the online business transaction can be more assured. Moreover, the generation of the one-time password is performed only after the card information is displayed on the network checkout auxiliary device. Therefore, even if the third party does not have the network checkout assistance device, only the identification information is known. It is also impossible to generate a one-time password. Moreover, even if the third party steals the network checkout assistance device, if there is no authentication information for inputting the network checkout assistance device, the one-time password cannot be generated. -8 - (6) 1304190 In other words, the contractor, after accepting the authentication by the authentication means of the network checkout aid, will also receive the certification by the authentication server, and finally, 'to the end If you can conduct online business transactions, you must pass the certification based on two different types of authentication information. Therefore, you can prevent counterfeiting caused by third parties and improve the security of online business transactions. The invention of claim 3 is a network checkout auxiliary device, characterized in that the pre-registration authentication information is a private number pre-defined by the pre-registered contractor; the pre-recording input means is a numeric key. According to the invention of claim 3, since the input means and the authentication means can be made inexpensive, it is possible to promote the use of the network checkout assisting means. The invention of claim 4 is a network checkout auxiliary device, characterized in that the pre-certification information is obtained by digitizing the biological characteristics of the fingerprint, iris, vocal chord, and facial photograph of the pre-recorder. Biological information. According to the invention of claim 4, since the contractor's own authentication can be performed with high precision, it is possible to make the network checkout assisting device unnecessary to be used even if the network checkout assistance device is stolen. The invention of the application item 5 is a network checkout auxiliary device, which is known as 'BU 〇TP to generate greed, which is a common key; the pre-recorded one-time password generation means detects the depression of the determined operation key. The data of the period which is formed by the date on which the operation key is pressed is previously encrypted by the common key and then generated a one-time password. -9 - (7) (7)
1304190 申請項6之發明,係 一種網路結帳輔助裝置,其中,前 係由共通金鑰,和前記一次性密碼每办 的利用次數資訊所構成;前記一次性替 測所定操作鍵之壓下,而將前記利用方 予以加密而生成一次性密碼;在前記-,將前記OTP生成資訊儲存部內的利月 此處所生成之一次性密碼,係使/ 定按鍵被按下之日期所成之日期資料$ 生成時就會被更新的利用次數資訊予丄 ,由於是屬於只有正在操作網路結帳_ 可能作成的密碼,因此不持有網路結ΐ ,是無法假冒契約者來進行網路商業' 路商業交易的安全性。 申請項7之發明,係 一種網路結帳輔助裝置,其特徵』 助裝置,係具備抗外力入侵性(T a m p e r 若依據申請項7之發明,則由於i 具備抗外力入侵性,故可謀求更加提ί 片資訊、認證資訊、OTP生成資訊之: 提升。 〔發明效果〕 記0TP生成資訊, :被生成時就被更新 :碼生成手段,係偵 :數資訊以共通金鑰 •次性密碼被生成後 1次數資訊加以更新 丨共通金鑰,將在所 :者每次一次性密碼 、加密而成者。亦即 丨助裝置的契約者才 丨輔助裝置的第三者 :易,可更加提升網 〖,前記網路結帳輔 Proofness) ° I路結帳輔助裝置是 -對第三者所致之卡 I聽、篡改的安全性 -10- (8) 1304190 若依據本發明的網路結帳輔助裝置,則若藉由網路結 帳輔助裝置進行契約者之本人認證的結果,確認爲本人的 話,則由於即使是契約者本身也無法獲知卡片資訊,而卡 片資訊是以無法從外部讀出之狀態而被寧存,因此,異於 卡片資訊會外露之先前的信用卡,可提高卡片資訊的隱匿 性,防止網路商業交易中的卡片資訊之不正當使用。 又,由於網路結帳輔助裝置係爲可搬型,因此無論契 φ 約者身處何處,都可使用行動電話、在宅的個人電腦、外 出地的個人電腦,來進行安全的網路商業交易,增加網路 商業交易的便利性。 又,因爲契約者的本人認證時,是使用基於網路結帳 輔助裝置中所儲存之契約者固有之OTP生成資訊而作成之 一次性密碼,因此,即使第三者獲得一次性密碼,也不能 使用在下次的網路商業交易中。 一次性密碼生成用之OTP生成資訊,因爲是以無法從 Φ 外部讀出之狀態而被儲存,因此即使是契約者本人,也無 從得知OTP生成資訊,只有正在操作網路結帳輔助裝置的 契約者本人會獲知生成結果之一次性密碼。換言之,由於 第三者所致之一次性密碼生成是不可能發生,因此,可更 加保證網路商業交易的安全性。 而且,該一次性密碼的生成’係只有在網路結帳輔助 裝置上顯示了卡片資訊後才會進行,因此,不具有網路結 帳輔助裝置的第三者,就算僅得知識別資訊’也是不能生 成一次性密碼。又,即使第三者竊得了網路結帳輔助裝置 -11 - (9) 1304190 ’若沒有用來輸入網路結帳輔助裝置的認證資訊,也是無 法生成一次性密碼。 換言之,契約者,係在藉由網路結帳輔助裝置之認證 手段接受了本人認證後,還會藉由認證伺服器而接受到本 人認證,最終而言,一直到可進行網路商業交易爲止是必 須要經過基於2種互異之認證資訊的本人認證,因此能更 加防止第三者所致之假冒,提高網路商業交易的安全性。 【實施方式】 以下,針對本發明之理想實施形態,基於添附圖面來 詳細說明。圖1(a)係網路結帳輔助裝置1的外觀圖,圖 1(b)係網路結帳輔助裝置1的電氣硬體之構成圖。 網路結帳輔助裝置1,係在信用卡或轉帳卡等之卡片 契約者之契約者終端(行動電話或個人電腦等),和進行契 約者本人認證的認證伺服器(通常是由持卡會員所保有), φ 是彼此有網路連接而成的網路結帳系統中,當契約者是使 用該當契約者之識別資訊來進行結帳,以進行網路購物等 之網路商業交易之際所被使用者;如圖1 (a)所示,具有可 收容於手掌程度的外形,是由薄型且可手持搬運的框體10 所構成,在框體1 0的外表面上,外露出顯示器1 1、和按 鍵操作部1 2。 此外,本實施例的顯示器1 1,係爲8位數顯示之顯示 器;按鍵操作部1 2,係由0〜9的數字鍵1 2 a,和開始鍵 12b所構成。 -12- (10) 1304190 框體10的內部,係如圖1(b)所示,是除了顯示器1 1 、按鍵操作部1 2以外,還有用來作爲卡片資訊儲存部1 3 、認證資訊儲存部1 5、認證手段1 4、OTP生成手段1 6、 OTP生成資訊儲存部17、計時手段18而發揮各種機能的 硬體(CPU、記憶體),和用來驅動這些硬體電氣零件(顯示 器1 1、按鍵操作部12、CPU、記憶體)的驅動用電源19( 電池)所構成。 此外,本實施例的框體1 1中,係除了顯示器1 1和按 鍵操作部12之驅動用電源19以外,還設有內藏SIM等 1C卡的插槽,在該當插槽中插入1C卡而使用。然後,上 記CPU和記憶體,係使用該1C卡中含有者。如後述,卡 片資訊儲存部1 3、認證資訊儲存部1 5、OTP生成資訊儲 存部1 7中,由於係記憶著每位契約者互異之資訊,因此 ,將此類資訊儲存在1C卡之記億體中,插入插槽而使用 ,藉此,框體1〇本身係可爲各契約者皆爲共通,且框體 1 〇本身係不保有個人資訊,因此,除了可提升框體10的 生產性,同時可使框體1 〇的取甩、管理更爲容易。 又,本實施例之驅動用電源1 9 ’雖然爲鈕扣型電池, 但亦可爲太陽電池或充電池等。又,網路結帳輔助裝置1 係亦可設計成,在通常時保持電源OFF狀態,而在例如, 當有按鍵操作部1 2之任一鍵被操作時,才啓動電源。 本實施例之卡片資訊儲存部1 3、認證資訊儲存部1 5 、0TP生成資訊儲存部17,具體而言,是由儲存著後述之 卡片資訊、認證資訊、OTP生成資訊之每一者的記憶體所 -13- (11) 1304190 構成;記憶體係在實體上爲將這些資訊綜合儲存之1個記 憶體,亦可爲2個以上之記憶體。 本實施例之認證手段14及OTP生成手段16,具體而 言,係由被儲存在記憶體的程式所構成;網路結帳輔助裝 置1內的C P U,會從記憶體中讀出該當程式並執行,以實 現這些認證手段1 4及OTP生成手段1 6之機能。此外,在 不具備CPU、記憶體的網路結帳輔助裝置上,認證手段 _ 14、OTP生成手段16之機能,亦可使用電子零件以電路 方式來加以實現。 本實施例的網路結帳輔助裝置1,係從基於與信用卡 組織(credit card brand)的授權契約而發行信甩卡的發卡銀 行(若爲轉帳卡,則是發行轉帳卡的銀行或者卡片發行公 司)來對每一位持卡會員也就是契約者,於發卡銀行中以 每位契約者所固有之卡片資訊、認證資訊、OTP生成資訊 是被記錄在記憶體之狀態下,所發配出來者(發配的形態 | 可爲借給、讓渡);且被構成爲,在發配後,記憶體的儲 存內容(卡片資訊儲存部13、認證資訊儲存部15、OTP生 成資訊儲存部1 7),是無法從外部讀出。 又,即使是被發配網路結帳輔助裝置1的契約者本身 ,也無法從外部讀出記憶體的記錄內容。契約者本身,係 只有契約者的本人認證被進行、且確認爲本人時,才能藉 由卡片資訊被顯示在顯示器1 1上,而僅能得知該當卡片 資訊,除此以外的狀態下’卡片資訊係被隱匿化。 之所以設計成不讓記憶體的儲存內容可從外部讀出的 -14- (12) 1304190 理由,是因爲網路結帳輔助裝置1是不具備連接網際網路 等之網路的介面,是屬於非網路連接型的終端。 此外,爲了更加提升對記憶體儲存內容之竊聽、篡改 的安全性’網路結帳輔助裝置1、或內藏於網路結帳輔助 裝置1的SIM等1C卡,係亦可具備抗外力入侵性(若試圖 分解、或從記憶體直接讀取內容,則記憶體的記錄內容會 被抹除、或是程式變成無法啓動之性質)。 Φ 以下,針對網路結帳輔助裝置1之各部細節加以說明 〇 卡片資訊儲存部13,係爲將至少包含契約者之識別資 訊的卡片資訊’以無法從外部讀出之狀態預先記憶而成的 記憶體;本實施例之卡片資訊,係由契約者固有之識別資 訊(卡號)、有效期限、和安全碼(以所定之方法預先加密過 的3位數之1 〇進位數。通常在塑膠型的信用卡的簽名板 上有被印出。藉由該數字,就可確認該卡片的真正性)所 φ 構成。又,亦可包含名義人名。又,卡片資訊亦可僅單純 由識別資訊來構成。又,有效期限、安全碼、名義人名之 全部並不需要一定被卡片資訊所包含,亦可適宜地組合1 者以上來構成卡片資訊。 認證資訊儲存部1 5,係契約者所訂定之私密號碼’或 將契約者的指紋、虹膜、聲帶、臉部照片等之生物性特徵 予以數値化而成之生物資訊等,進行契約者本人認證所需 之認證資訊,以無法從外部讀出之狀態,預先儲存成的記 憶體。 -15- (13) 1304190 此外,認證資訊儲存部1 5中所儲存之認證資訊,係 異於網路結帳系統中的認證伺服器在契約者本人認證時所 用之認證資訊,係爲網路結帳輔助裝置1爲了進行契約者 本人認證所必須之認證資訊。又,認證伺服器中的認證資 訊和網路結帳輔助裝置1中的認證資訊,係爲種類互異者 〇 OTP生成資訊儲存部1 7,係爲網路結帳輔助裝置1所 | 固有之OTP生成資訊,是以無法從外部讀出之狀態而先儲 存而成之記憶體;本實施例之OTP生成資訊,係爲網路結 帳輔助裝置1上所固有的共通金鑰;共通金鑰,係在進行 被OTP生成手段1 6所生成之一次性密碼之驗證的伺服器( 後述之實施例中的認證伺服器)中,和儲存在卡片資訊儲 存部1 3之識別資訊,建立有關連對應。 此外,共通金鑰,係於網路商業交易中,只會被儲存 在進行契約者本人認證之認證伺服器、和網路結帳輔助裝 • 置1的金鑰;在本實施例中,後述之〇 T P生成手段1 6, 在生成一次性密碼時會使用到。 認證手段1 4,係爲用來進行確認網路結帳輔助裝置1 之操作者,是否爲可利用卡片資訊儲存部1 3中所儲存之 識別資訊的契約者(持卡會員)之本人認證的手段;係確認 從輸入手段(本實施例中係爲數字鍵l2a)所輸入之輸入資 訊’和認證資訊儲存部1 5中所儲存之認證資訊是否一致 ’當爲一致時,則視爲網路結帳輔助裝置1之操作者爲該 當契約者本人,而至少將卡片資訊儲存部1 3中所儲存之 -16- (14) 1304190 卡片資訊當中的識別資訊予以讀出,並顯示於顯示器1 1 上的手段。 本實施例的認證手段1 4,係操作者壓下了按鍵操作部 1 2的開始鍵1 2b,就接受開始鍵1 2b之壓下偵測而開始啓 動。然後,一旦操作者壓下了相當於輸入手段的數字鍵 1 2a而輸入了 4位數的數字,則認證手段1 4,係確認所輸 入之數字,和認證資訊儲存部1 5中所儲存之私密號碼是 否一致,若爲一致,則在顯示器1 1上顯示出卡片資訊。 認證資訊若像本實施例是私密號碼,則作爲輸入手段 係只要數字鍵即可,輸入資訊和認證資訊之一致判斷處理 也可容易進行,可以較廉價的構成來實現網路結帳裝置1 ’可謀求促進網路結帳裝置1之利用。 本實施例之認證資訊雖然係爲4位數的私密號碼,但 認證方法及認證資訊並非侷限於此,亦可適宜地組合複數 種認證方法所致之認證手段,若採用複數認證手段,則其 可換來認證精度之提高,可防止第三者所致之網路結帳輔 助裝置的惡用。 例如,認證手段1 4,若採用生物計量認證方法,則認 證資訊係爲生物計量資訊(指紋、虹膜、臉部照片等之生 物性特徵予以數値化而成之資料),又,輸入手段係改爲 用來輸入這些生物計量資訊的掃描器、麥克風、數位攝影 機等。 由於生物計量認證方法,係爲高精度的認證方法,因 此即使網路結帳輔助裝置1被第三者竊取,則只要不是身 -17- (15) 1304190 爲網路結帳輔助裝置1所被發配的契約者,就無法使用網 路結帳輔助裝置1,而可防止遭到惡用。 又,本實施例之認證資訊的私密號碼中,除了數字以 外,還可含有英文字母;此時,除了數字鍵以外,網路結 帳輔助裝置還需要備有英文字母鍵。 OTP生成手段16,係在藉由認證手段14而顯示出卡 片資訊後,基於OTP生成資訊儲存部17中所儲存之OTP φ 生成資訊(本實施例中係爲共通金鑰),來生成一次性密碼 ,並顯示於顯示器1 1上的手段。 該一次性密碼,係從契約者終端被發送至認證伺服器 ,並由認證伺服器進行契約者本人認證之際,與在認證伺 服器上基於OTP生成資訊所生成之一次性密碼進行核對時 所使用。然後,當這些一次性密碼的核對結果爲一致,而 被認證伺服器確認爲本人時,使用該當契約者之識別資訊 的結帳所致之網路商業交易,就變成可行。 • 本實施例中,在認證手段1 4所致之認證被進行過, 且卡片資訊被顯示於顯示器1 1上後,一旦操作者按下開 始鍵12b,則開始鍵12b被按下這件事,即成爲令OTP生 成手段啓動之契機,而會生成、顯示一次性密碼。 此外,本實施例之OTP生成手段1 6,雖然係由詳細 後述的時間同步方式來生成一次性密碼,但亦可以其他的 生成方式,例如:計數器同步方式、或挑戰&回應方式, 來生成一次性密碼。 計時手段1 8,係爲本實施例之OTP生成手段1 6以時 -18- 1304190. (16) 間同步方式生成一次性密碼時所必須的手段,係爲計時的 手段。此外,計時手段1 8,係可由即時時鐘來構成,或可 將計時程式儲存於記憶體,由CPU將該當計時程式讀出 並執行而實現計時機能的方式。又,OTP生成手段1 6,係 當以時間同步方式以外的方式來生成一次性密碼的時候, 係可不須計時手段1 8,取而代之而附加上各生成方式所必 須之手段。 | 本實施例中,OTP生成手段16係如前述,認證手段 1 4係接受在顯示器1 1上顯示之卡片資訊,而成爲開始鍵 1 2b之壓下偵測等待狀態。OTP生成手段1 6,係一旦測出 開始鍵1 2b之壓下,則將測出壓下之事傳達給計時手段1 8 。計時手段1 8,係計時開始鍵1 2b被測出壓下之日期’將 曰期資料(年月日時分秒。秒係以30秒爲單位)交付給 OTP生成手段16 〇 然後,OTP生成手段16,係從OTP生成資訊儲存部 | 17讀出共通金鑰,將所被交付之日期資料,以讀出之共通 金鑰予以加密,將其轉換成十進位數’顯示於顯示器1 1 ° 此外,本實施例之加密方式,雖然是採用共通金鑰加密方 式,但亦可用其他的加密方式。 若依據以上說明之網路結帳輔助裝置1,則藉由網路 結帳輔助裝置1來進行契約者之本人認證’並確認爲本人 時,認證手段1 4所顯示之卡片資訊,係被輸入至從可進 行卡片結帳之加盟店的網站或認證伺服器所發送過來之顯 示於契約者終端上的卡片資訊輸入畫面後,就可被發送至 -19- (17) 1304190 網站或認證伺服器。 如此,若藉由網路結帳輔助裝置1,進行契約者之本 人認證而確認爲本人,亦即,若所輸入之輸入資訊,是和 網路結帳輔助裝置中所儲存之認證資訊一致,則由於即使 是契約者本身也無法獲知卡片資訊,而卡片資訊是以無法 從外部讀出之狀態而被儲存,因此,異於卡片資訊會外露 之先前的信用卡,可提高卡片資訊的隱匿性,防止網路商 | 業交易中的卡片資訊之不正當使用。 又,由於網路結帳輔助裝置係爲可搬型,因此無論契 約者身處何處,都可使用行動電話、在宅的個人電腦、外 出地的個人電腦,來進行安全的網路商業交易,增加網路 商業交易的便利性。 又,OTP生成手段16所顯示的OTP生成手段16,係 在被輸入至從進行契約者之本人認證的認證伺服器所發送 過來之顯示於契約者終端的一次性密碼輸入畫面後,除了 > 被發送至認證伺服器,還藉由與認證伺服器所生成之一次 性密碼的核對,當爲一致時,則確認爲本人,使用契約者 識別資訊的結算所致之網路商業交易就變成可進行。 如此,因爲契約者的本人認證時,是使用基於網路結 帳輔助裝置中所儲存之契約者固有之OTP生成資訊而作成 之一次性密碼,因此,即使第三者獲得一次性密碼,也不 能使用在下次的網路商業交易中。 一次性密碼生成用之OTP生成資訊,因爲是以無法從 外部讀出之狀態而被儲存,因此即使是契約者本人,也無 -20- (18) 1304190 從得知OTP生成資訊,只有正在操作網路結帳輔助裝置的 契約者本人會獲知生成結果之一次性密碼。換言之,由於 第三者所致之一次性密碼生成是不可能發生,因此,可更 加保證網路商業交易的安全性。 而且,該一次性密碼的生成,係只有在網路結帳輔助 裝置上顯示了卡片資訊後才會進行,因此,不具有網路結 帳輔助裝置的第三者,就算僅得知識別資訊,也是不能生 Φ 成一次性密碼。又,即使第三者竊得了網路結帳輔助裝置 ,若沒有用來輸入網路結帳輔助裝置的認證資訊,也是無 法生成一次性密碼。 換言之,契約者,係在藉由網路結帳輔助裝置之認證 手段接受了本人認證後,還會藉由認證伺服器而接受到本 人認證,最終而言,一直到可進行網路商業交易爲止是必 須要經過基於2種互異之認證資訊的本人認證,因此能更 加防止第三者所致之假冒,提高網路商業交易的安全性。 • 此外,認證資訊儲存部1 5係亦可設計成,除了上述 認證資訊以外,還會以認證手段1 4所進行之一致判定處 理,發現輸入資訊和認證資訊並不一致時,預先儲存著可 接受輸入資訊重新輸入的次數(錯誤容許次數)。此時,網 路結帳輔助裝置1或認證手段1 4,係構成爲也要具備計數 手段(計數器)。 然後,在認證手段1 4進行一致判定處理的流程中, 當輸入資訊和認證資訊不一致時,則每次在其發生時,計 數手段就會從1起往上計算,並比較被加算後的數字與錯 -21 - (19) 1304190 誤容許次數,當加算後的數字超過了錯誤容許次 降就使認證手段1 4不進行自身的處理,並且也信 成手段16不啓動,以使認證流程及OTP生成流 行。 藉此,就可防止惡意第三者盜用網路結帳輔 來處理認證資訊然後輸入,結果導致卡片資訊或 碼被不幸被顯示在顯示器11上。 此外,當加算後的數字沒有超過錯誤容許次 入資訊和認證資訊一致時,認證手段1 4雖然會 1 1上進行卡片資訊之顯示,但此時被計數的數字 設(初期化)變成〇。 此處,將網路結帳輔助裝置1的操作程序及; 之畫面遷移之一例,示於圖5。此外,本實施例 1 1,係爲8位數的英數字.記號顯示用顯示器。 首先,一旦開始鍵12b被操作者按下,則網 助裝置1的電源便啓動(S200),在顯示器1 1上 APPLI」(S210),因此當想在開始鏈12b被按下 還要顯示卡片資訊時,操作者係按下數字鍵1 2a (S23 0);當想要進行認證資訊(私密號碼)之變更 下數字鍵12a的「2」(S 3 3 0)。 由於當^ 1」被按下的時候(S 23 0),顯示器1 示「PIN」,所以操作者係將作爲認證資訊的4 號碼,從數字鍵Ka中選擇出來並按下(S240)。 始鍵12b被按下(S245),已按下之私密號碼,若 數時,以 g 0TP 生 程不被進 助裝置1 一次性密 數,而輸 在顯示器 ,會被重 顯示器11 之顯示器 路結帳輔 會顯示^ 後(S225) 的「1」 時,則按 1上會顯 位數私密 其後,開 和認證資 -22- (20) 1304190 訊儲存部1 5中所儲存之認證資訊一致,則將卡片資訊儲 存部1 3中所儲存之卡片資訊當中,首先將識別資訊(以下 稱之爲卡號)的前8位數,顯示於顯示器ll(S250)。 接著,一旦開始鍵1 2b被按下(S 2 5 5 ),則卡號的後8 位數會被顯示在顯示器11上(S260)。 接著,一旦開始鍵12b被按下(S 265),則有效期限和 安全碼會被顯示在顯示器11上(S270)。此外,S265和 p S2 70之流程並非必須,亦可僅顯示出卡片資訊當中的卡 號即可。 接著,一旦開始鍵12b被按下(S275),則顯示器1 1 會顯示「OTP = 1」,而進行要生成、顯示一次性密碼,或 是否結束之選擇。此處,在開始鍵12b被按下後(S290)., 再按下數字鍵12a的「1」(S 295),則顯示器1 1上會顯示 催促認證資訊之輸入的「PIN」(S 3 05),因此,操作者係 再度從數字鍵1 2a按下4位數的私密號碼,並按下開始鍵 _ 12b(S310)。 已按下之私密號碼,若和認證資訊儲存部1 5中所儲 存之認證資訊一致,則基於OTP生成資訊儲存部1 7中所 儲存之OTP生成資訊,生成一次性密碼,並將其顯示在顯 示器11上(S315)。 然後若開始鍵12b再次被按下(S 3 2 0),則網路結帳輔 助裝置1的電源就被切斷。 當數字鍵1 2a「1」以外的鍵被按下,或任一鍵都沒被 按下、經過了預先決定之所定時間後(S 3 0 0 ),則網路結帳 -23- (21) 1304190 輔助裝置1會自動地切斷電源。 此外,S 2 4 0和s 3 0 5中所輸入之私密號碼,係亦可爲 卡片資訊顯示用和一次性密碼生成用是個別的私密號碼, 此時,認證資訊儲存部1 5中,是將各個私密號碼予以區 別而儲存。 又,本實施例中,雖然是在一次性密碼顯示於顯示器 11的流程(S315)之前,以S3 05再度向操作者催促輸入認 > 證資訊,但是,亦可設計成省略S3 05,僅須S3 10之開始 鍵1 2b按下,就可生成一次性密碼。 S225之後,若數字鍵12a的「2」被按下(S 3 3 0),則 顯示器11上會顯示「CHANGE ?」(S3 3 5 )。 一旦開始鍵12b被按下(S340),則在顯示器11上會 顯示「PIN」,催促私密號碼之輸入,因此,操作者係從 數字鍵12a按下4位數之私密號碼後(S345),再按下開始 鍵12b(S 3 50),若已被按下之私密號碼,是和認證資訊儲 | 存部15中所儲存之認證資訊一致,則用來催促變更後之 私密號碼輸入的「NEW 1」會顯示於顯示器11上,因此, 操作者係從數字鍵12a按下變更後的私密號碼(S 3 5 5 ),然 後再按下開始鍵12b(S3 60)。 其次,因爲於顯示器1 1上會顯示用來催促再次輸入 變更後私密號碼的「NEW2」,因此操作者要再度從數字 鍵1 2 a按下變更後之私密號碼(S 3 6 5 ),然後按下開始鍵 12b(S370)° 若S355中被按下之私密號碼,和S365中所按下之私 -24- (22) 1304190 密號碼一致,則顯示器1 1上會顯示旨在表示私密號碼變 更已完成之「COMPLETE」(S 3 75 ),因此一旦在經過確認 後’開始鍵12b被按下(S 3 8 0),則私密號碼的變更程序就 兀;成’電源會被切斷。 此外,爲了提升安全性,S 3 5 5和S 3 6 5中,即使有從 數字鍵12a進行輸入,所輸入的値也不會被顯示在顯示器 1 1上,較爲理想。 〔實施例1〕 以下,針對被發給了圖1所示之網路結帳輔助裝置1 的信用卡契約者也就是信用卡會員(以下稱之爲持卡會員) ’去使用網路結帳輔助裝置1,從具有通訊機能的個人電 腦或行動電話,藉由使用該當持卡會員之卡號的結帳,來 進行網路購物等之網路商業交易(以下稱之爲網路商業交 易)時的一實施例,加以說明。 Φ 本實施例之網路結帳系統的系統構成和網路連接關係 ,示於圖2的系統構成圖。又,本實施例之網路結帳系統 中的網路商業交易之流程,示於圖3的流程圖。 此外,本實施例中,網路結帳系統中提供網路商業交 易服務者,係爲信用卡組織(credit card brand)。 持卡會員,假設係除了預先對發卡銀行進行信用卡的 申辦,接受信用卡的發行,同時還從發卡銀行,接受發配 了儲存有每位持卡會員所固有之認證資訊(持卡會員在申 辦信用卡時所登錄之私密號碼或指紋資訊等之生物資訊) -25- (23) 1304190 、卡片資訊(每位持卡會員所固有之卡號、有效期限)、 OTP生成資訊(共通金鑰)的網路結帳輔助裝置1。 又,本實施例中,雖然圖1(b)所示之網路結帳輔助裝 置1之構成當中,除了顯示器1 1和按鍵操作部1 2和驅動 用電源19之構成,係預先儲存在SIM等1C卡中,並藉由 在設於框體10之1C卡插槽(未圖示)中插入該當1C卡,來 實現網路結帳輔助裝置1之機能,但是,網路結帳輔助裝 φ 置並非一定要具備1C卡,當不具備1C卡的情況,係只要 網路結帳輔助裝置本身,有具備CPU或記憶體即可。 又,本實施例的網路結帳輔助裝置1,雖然係爲利用 了使用持卡會員識別資訊之結帳、亦即卡片結帳的網路商 業交易中所被使用者,但當持卡會員只希望進行網路商業 交易,不希望先前之塑膠型磁卡、1C卡等所成之信用卡所 致之真實的面對面交易的情況下,亦可不受到信用卡之發 行。 鲁又’當信用卡組織,也有進行發卡銀行之業務的情況 下’亦可從信用卡組織來發配網路結帳輔助裝置1。 會員終端2,係爲契約者之終端,是持卡會員使用網 路結帳輔助裝置1進行網路商業交易所需之終端,係爲至 少具有通訊機能和瀏覽顯示機能的個人電腦、行動電話等 終端 加盟店終端3,係除了向會員終端2提供虛擬店舖(網 站)’接受商品或服務之訂購以外,還向發卡銀行側委託 已下訂之持卡會員的本人認證,在進行過持卡會員之本人 -26- (24) 1304190 認證後’對收單銀行(基於與信用卡組織之授權契約,進 行加盟店之獲得·契約.管理業務等),委託進行授權(調查 所訂購之商品或服務之金額份的信用額度在持卡會員身上 是否還有剩餘’若有剩餘信用額度則將該金額份確保成結 帳用)的終端。 收單銀行終端4,係爲將從加盟店終端3所受取的授 權委託,再委託給發卡銀行側(授權再轉送)之終端。 仲介伺服器5,係擔任加盟店終端3和後述之認證伺 服器7的仲介,亦即,是在會員終端2和加盟店終端3之 間’擔任持卡會員之認證服務之仲介角色的伺服器。 仲介伺服器5,在本實施例中係爲信用卡組織所營運 的伺服器,是儲存著用來識別使用網路結帳輔助裝置1的 網路商業交易服務所對應之加盟店的加盟店識別資訊,和 用來識別使用網路結帳輔助裝置1之網路商業交易服務所 對應之發卡銀行的發卡銀行識別資訊。 此外,本實施例之網路結帳系統中,當混合有不使用 網路結帳輔助裝置1之網路商業交易服務存在時,則仲介 伺服器5,需要將不支援使用網路結帳輔助裝置1之商業 交易服務的加盟店及發卡銀行的識別資訊,和上記加盟店 識別資訊及發卡銀行識別資訊加以區別而儲存。 發卡銀行終端6,係爲接取從收單銀行終端4收到的 授權委託,進行授權之終端。 認證伺服器7,係在進行網路商業交易之際,早於授 權,先進行持卡會員本人認證的伺服器。本實施例中,認 -27- (25) 1304190 證伺服器7,係爲發卡銀行所營運的伺服器’是連接著發 卡銀行終端6,並且是將可能進行使用網路結帳輔助裝置 1之網路商業交易的持卡會員的卡片資訊(卡號、有效期限 )及OTP生成資訊(網路結帳輔助裝置1所固有之共通金鑰 ),以彼此互相建好關連的狀態,加以儲存。換言之,每1 持卡會員,都被建立關聯有卡片資訊和OTP生成資訊,而 被儲存在認證伺服器7中。 此外,往認證伺服器7的這些資訊之儲存,係在向持 卡會員發配網路結帳輔助裝置1之同時期,或約略該時期 之前後時進行。 圖2中,會員終端2、加盟店終端3、仲介伺服器5、 認證伺服器7間,係分別藉由網際網路等網路9a而連接 ;加盟店終端3、收單銀行終端4、發卡銀行終端6,係分 別藉由專線9b而連接。 此外,發卡銀行終端6及認證伺服器7,係對每個發 卡銀行個別準備,其分別皆是對會員終端2、收單銀行終 端4、仲介伺服器5,以網路9a、專線9b而連接。 又,加盟店終端3也是對每個加盟店個別準備,其分 別皆是對會員終端2、仲介伺服器5、收單銀行終端4,以 網路9a、專線9b而連接。 以下,基於圖3之流程圖及圖2之系統構成圖,說明 使用網路結帳輔助裝置1的網路商業交易之流程。持卡會 員,係從會員終端2,透過網路9a,向虛擬店舖(Web網 站)的加盟店終端3進行存取,並閱覽商品或服務。然後 -28 - (26) 1304190 ,一旦決定了要訂購之商品或希望的服務,則會員終端2 ,係向加盟店終端3,發送關於訂購商品或希望服務是希 望用卡片結帳所致之網路商業交易之意旨。 加盟店終端3,係令會員終端2,顯示如圖4(a)所示 之卡片資訊輸入畫面1 00,並向會員終端2請求輸入並發 送卡號及卡片之有效期限。 於是,一旦持卡會員按下了網路結帳輔助裝置1的開 φ 始鍵1 2b,則網路結帳輔助裝置1的認證手段1 4便啓動, 網路結帳輔助裝置1成爲等待認證之狀態。接下來,持卡 會員,係將本人認證所必須之輸入資訊(本實施例中係爲4 位數的私密號碼),從數字鍵1 2a進行輸入。此外,此處 所輸入之4位數的私密號碼,是預先在持卡會員申辦卡片 時就已經決定妥當,且已經被儲存在網路結帳輔助裝置1 內的認證資訊儲存部15中。 認證手段14,係將認證資訊儲存部is中所儲存之認 馨 證資訊加以讀出’並確認是否和從數字鍵1 2 a所輸入之輸 入資訊一致。然後,當兩者爲一致時,認證手段1 4,係從 卡片資訊儲存部1 3讀出作爲卡片資訊的卡號和有效期限 ,並顯示於顯示器1 1上。 然後,若卡號和有效期限全部在顯示器11上顯示完 畢,則認證手段14,係將顯示完畢的意旨,傳達給0TP 生成手段16。藉此’OTP生成手段16,係成爲後述之一 次性密碼生成等待狀態。 此外,本實施例中,由於顯示器11所能顯示的位數 -29- (27) 1304190 限制爲8位數,因此認證手段1 4,係先將從卡片資訊儲存 部1 3讀出之卡號進行分割處理而分成前8位和後8位, 然後在顯示器1 1上’先顯示卡號的前8位。持卡會員, 係基於該顯示’在卡片資訊輸入畫面1 〇〇的卡號輸入欄 100a中輸入卡號的前8位數。 一旦卡號的前8位數的輸入結束,則持卡會員係按下 開始鍵1 2b。認證手段1 4,係接受開始鍵1 2b的按下偵測 | ,而將卡號的後8位數顯示於顯示器11上。持卡會員, 係基於該顯示,在卡片資訊輸入畫面1〇〇的卡號輸入欄 1 0 0 a中輸入卡號的後8位數。 一旦卡號的後8位數的輸入結束,則持卡會員係按下 開始鍵1 2b。認證手段1 4,係接受開始鍵1 2b的按下偵測 ,而將有效期限以4位數(MM(月)/YY(年))顯示出來。持 卡會員,係基於該顯示,在卡片資訊輸入畫面1 00的有效 斯限輸入欄l〇〇b中,輸入有效期限。 | 此外,當顯示器的顯示領域、可顯示位數還有餘裕時 ,當然亦可將卡號一次全部顯示在顯示器上,又,亦可將 卡號和有效期限一次全部顯示出來。又反之,當顯示器的 可顯示位數是少於8位數時,認證手段14係可配合可顯 示位數,將從卡片資訊儲存部1 3中讀出之卡片資訊予以 預先分割妥當,藉由開始鍵1 2b或其他任意鍵的按下,而 依序地顯示出已分割之卡片資訊。 如以上,網路結帳輔助裝置1,係僅當所輸入之輸入 資訊,是和認證資訊儲存部1 5中所儲存之認證資訊一致 -30- (28) 1304190 日寸’才在顯不器1 1上顯不卡片資訊,因此,若不知道認 證資訊’則第三者即使盜取網路結帳輔助裝置丨,也無從 得知內部的卡片資訊。因此,相較於有印出卡片資訊的先 前信用卡’安全性較高,不會有卡片資訊被惡用在網路商 業交易的疑慮。 持卡會員係輸入完卡號及有效期限(此外,圖4之卡 片資訊輸入畫面1 00中雖未顯示,但亦可將訂購之商品. | 服務名、金額、訂購日、加盟店名、商品的發送地等資訊 ’顯示於同一畫面上),便點選卡片資訊輸入畫面1〇〇內 的送訊鈕100c。藉由送訊鈕looc被點選,在加盟店終端 3側,已輸入之卡片資訊會被發送(S 10)。 從會員終端2,接收到訂購之商品.服務名、金額、訂 購日、加盟店名、商品的發送地等相關之訂購資訊,和訂 購商品之結帳所用的卡片的卡號和有效期限等之卡片資訊 的加盟店終端3,係除了已接收到的卡片資訊以外,還將 | 對每一加盟店賦予之加盟店識別資訊,發送到透過網路9a 而連接之仲介伺服器5,要求確認持卡會員是否是接受使 用網路結帳輔助裝置1之商業交易服務的會員(認證執行 可否確認)(S 2 0 ) 〇 仲介伺服器5,係確認已收到之加盟店識別資訊,是 否和所保有之加盟店識別資訊一致(加盟店認證)。若這些 資訊一致,則從有參加使用網路結帳輔助裝置1之商業交 易服務的加盟店的加盟店終端3,就可向仲介伺服器5進 行存取。若不一致,則由於來自沒有參加使用網路結帳輔 -31 · (29) 1304190 助裝置1之商業交易服務的加盟店的加盟店終端3的存取 係爲不正當存取,因此不會進入以後的流程。 仲介伺服器5,係基於從有參加使用網路結帳輔助裝 置1之商秦父易服務的加盟店終端3所收到之持卡會員的 卡片資訊,特定出發行了該當持卡會員之卡號的發卡銀行 ’向已被特定之發卡銀行的認證伺服器7,發送卡片資訊 ’並要求確認持卡會員是否是接受使用網路結帳輔助裝置 1之商業交易服務的會員(認證執行可否確認)(S 30)。 本實施例之仲介伺服器5中,係儲存著識別發卡銀行 的發卡銀行識別資訊,仲介伺服器5,係基於已收到之卡 片資訊來檢索發卡銀行識別資訊,特定出發卡銀行。 換言之,本實施例的仲介伺服器5,係並非直接進行 認證執行可否確認,而是進行加盟店認證,同時基於從加 盟店終端3接收到的卡片資訊,特定出發行了持卡會員之 卡號的發卡銀行,向已被特定之發卡銀行的認證伺服器7 ,傳送卡片資訊,並負責將從該當認證伺服器7所接收到 的認證執行可否結果,傳送至加盟店終端3。 此外,在本實施例中,仲介伺服器5雖然是由信用卡 組織所營運的伺服器,但亦可由各個加盟店終端3來具備 其,此時,就可直接從加盟店終端3向認證伺服器7,進 行認證執行可否確認的要求。又,亦可在認證伺服器7上 ,進行加盟店認證。 認證伺服器7,係藉由確認從仲介伺服器5所收到之 卡片資訊是否已經有被登錄在認證伺服器7中,來進行持 -32- (30) 1304190 有該當卡片資訊之持卡會員是否爲接受了使用網路結帳輔 助裝置1之商業交易服務的持卡會員之確認(認證執行可 否確認),並將其結果,回送給仲介伺服器5(S40)。此外 ,認證執行可否確認結果,係若從仲介伺服器5接收到的 卡片資訊是有被登錄在認證伺服器7中則爲「可」,若沒 有被登錄則爲「否」。 然後,接收到認證執行可否確認結果的仲介伺服器5 | ,係將該結果傳送至加盟店終端3(S5 0)。 當持卡會員之認證執行可否確認結果爲「可」時,則 意味著該持卡會員係爲接受了使用網路結帳輔助裝置1之 商業交易服務,因此加盟店終端3,係進入進行該持卡會 員的本人認證要求的流程(S60)。具體而言,加盟店終端3 係對會員終端2,發送認證執行可否結果,同時還發送之 前進行過認證執行可否確認之發卡銀行的認證伺服器7的 URL·資訊。 • 從加盟店終端3收到認證要求的會員終端2,係基於 所收到之URL,向之前被仲介伺服器5所存取之同一認證 伺服器7進行存取,進行認證要求(S 70)。此外,S70的流 程’係從S60起以一連串方式進行;可以用作爲會員終端 2使用之個人電腦或行動電話的瀏覽器所一般具備之重新 導向機能等來加以實現,讓持卡會員不會有所意識,就可 在會員終端2內部自動進行處理之流程。 認證伺服器7,係向會員終端2,催促一次性密碼之 送訊’並基於從會員終端2所接收到的一次性密碼,進行 -33- (31) 1304190 持卡會員的認證(S80)。 具體而言,認證伺服器7,係從存取過來的會員終端 2,接收卡片資訊及訂購資訊,並確認擁有該卡片資訊的 持卡會員,是否爲剛才從加盟店終端3透過仲介伺服器5 、受到認證執行可否確認要求的持卡會員。此確認係預定 之所定時間前留下是否有從仲介伺服器5接收該當卡片會 員之卡片資訊的日誌,並藉由確認從會員終端2接收到之 持卡會員之卡片資訊,是否和所定時間前留在日誌中之卡 片資訊一致而爲之。 此外,訂購資訊,係可不是從會員終端2發送,而是 亦可設計成,在S20、3 0的流程中,從加盟店終端3透過 仲介伺服器5而發送至認證伺服器7 ;或亦可在從加盟店 終端3向會員終端2發送認證伺服器7的URL資訊之際 ,一起被發送,而在會員終端2向認證伺服器7進行存取 之際,轉送給認證伺服器7。 又,認證伺服器7所進行之,存取過來之會員終端2 的持卡會員,和從加盟店終端3接受認證執行可否確認要 求之持卡會員是否爲同一的確認,可並不僅藉由卡片資訊 之核對,而是亦可設計成,從會員終端2及加盟店終端3 ( 直接或透過仲介伺服器5)雙方接收訂購資訊,而也一倂進 行這些資訊的核對。 認證伺服器7,一旦確認了是從之前接受認證執行可 否確認要求之持卡會員的網路結帳輔助裝置1來的存取, 則認證伺服器7係基於所收到之訂購資訊,作成如圖4(b) -34- 1304190^ (32) 所示之一次性密碼輸入畫面1 Ο 1,並發送至有存取之會員 終端2。 圖4 (b)之一次性密碼輸入畫面101中,會顯示持卡會 員正在進行網路商業交易之對象也就是加盟店名、欲訂購 之商品.服務之金額、訂購曰。 一旦在會員終端2上顯示出一次性密碼輸入晝面1 0 1 ’則持卡會員,係按下網路結帳輔助裝置1的開始鍵1 2b | 。網路結帳輔助裝置1的OTP生成手段1 6,係一旦偵測 到開始鍵1 2b按下,則從一次性密碼生成等待狀態,進入 一次性密碼生成流程。 OTP生成手段16,係將儲存在OTP生成資訊儲存部 17中的共通金鑰讀出,藉由計時手段18進行計時,將根 據開始鍵12b被按下的日期所成之日期資料(年月日秒、 秒係爲3 0秒單位),以該共通金鑰進行加密而生成一次性 密碼,並將其轉換成1 〇進位數,顯示於顯示器1 1上。此 B 外,本實施例之加密方式係採用共通金鑰加密方式。又, 由於本實施例之顯示器1 1之可顯示位數係爲8位數,因 此顯示器1 1上會顯示出所生成之一次性密碼的前6〜8位 數。 持卡會員,係在顯示於會員終端2之一次性密碼輸入 畫面1 0 1的密碼輸入欄1 〇 1 a中,輸入被顯示在網路結帳 輔助裝置1之顯示器1 1上的一次性密碼,並點選送訊鈕 1 〇 1 b,則已輸入之一次性密碼會被發送至認證伺服器7。 此外,一次性密碼的輸入結束後,持卡會員再度按下 -35- (33) 1304190 網路結帳輔助裝置1的開始鍵1 2b,就可使網路結帳輔助 裝置1之顯示器11上所顯示之一次性密碼變成不顯示, 這在安全性的觀點上較爲理想。又在此同時,也將電源關 閉,在省電觀點上較爲理想。 從會員終端2接收到一次性密碼的認證伺服器7,首 先係藉由會員終端2之識別號碼等之核對、或該當會員終 端2個別生成並發送過來之對一次性密碼輸入畫面丨〇丨是 否有回訊,確認該會員終端2是否爲剛才要求一次性密碼 送訊之對方。 確認後,認證伺服器7,係基於要求一次性密碼之送 訊之前就接收到之持卡會員的卡片資訊,從OTP生成資訊 之中,取出和該卡號關連登錄的共通金鑰,並將認證伺服 器7從會員終端2接收一次性密碼之日期所成之日期資料 (年月日秒、秒係爲3 0秒單位),以該共通金鑰進行加密而 生成一次性密碼,並將其轉換成十進位數。此外,本實施 例之加密方式,係採用共通金鑰加密方式。 如此一來,認證伺服器7,係確認認證伺服器7所生 成之一次性密碼,和之前從會員終端2所接收到之一次性 密碼,是否一致。若爲一致,則可證明該一次性密碼,係 確實爲藉由僅儲存於網路結帳輔助裝置1和認證伺服器7 的共通金鑰,在幾乎同時刻所作成之一次性密碼。 換言之,將一次性密碼發送至認證伺服器7的會員終 端2之操作者,係爲該當一次性密碼生成時所用之共通金 鑰、及該當共通金鑰所關聯到之卡片資訊所被儲存之網路 -36- (34) 1304190 結帳輔助裝置1之操作者;且係爲可利用該當卡片資訊的 持卡會員本人,藉此,要求網路商業交易的持卡會員的本 人確認就被進行了。 此外,一次性密碼生成手段,是採用本實施例此種時 間同步方式時,網路結帳輔助裝置1在生成一次性密碼時 所用的日期,和認證伺服器7在生成一次性密碼時所用的 曰期,係不一定嚴密地相同,因此,考慮到從認證伺服器 7生成一次性密碼起,至持卡會員按下網路結帳輔助裝置 1的開始鍵1 2b,網路結帳輔助裝置1生成一次性密碼爲 止的時間差,本實施例中,係將日期資料的秒解析力設爲 3 0秒。 可是,只有當被兩者所生成之一次性密碼是完全一致 的情況下,才能認可持卡會員之真正性,持卡會員按下網 路結帳輔助裝置1的開始鍵1 2b以生成一次性密碼,因此 ,若一直到認證伺服器7從會員終端2接收一次性密碼爲 止的期間是經過了 3 0秒以上的情形下,光是如此,一次 性密碼就會不一致,導致無法認證的事態增加,反而會有 損網路商業交易的便利性。 因此,認證伺服器7,係當即使從會員終端2收到之 一次性密碼是不一致時,仍會將從會員終端2收到之一次 性密碼的日期,往前後錯開N次回χ3 0秒份,在認證伺服 器7側上重新生成一次性密碼,若和會員終端2側上所生 成之一次性密碼一致,則視爲持卡會員的本人確認成功。 此外’ Ν係考慮安全性的精度,而預先決定妥當。亦 -37- (35) 1304190 即,當想要提高安全性精度時,則將N設定得較小;當想 要降低安全性精度而以持卡會員側的便利性爲優先時,則 將N設定得較大。 認證伺服器7,係將一次性密碼核對所致之持卡會員 的認證結果,發送至會員終端2(S90)。此外’具體而言, 認證伺服器7,係對會員終端2,除了發送認證結果,還 發送加盟店終端3的URL資訊,並從會員終端2向加盟 φ 店終端3轉送認證結果。 收到認證結果的會員終端2,係將該當認證結果(本人 認證OK、本人認證NG),再轉送至加盟店終端3(S100)。 此外,S 1 0 0的流程,係和S 7 0同樣地,從S 9 0起以一連 串方式進行;可藉由會員終端2的瀏覽器之重新導向機能 來實現,實際上,係讓持卡會員不會有所意識’而在會員 終端2內部自動進行處理之流程。 加盟店終端3,係從會員終端2接收認證結果’且認 φ 證結果爲,持卡會員被確認爲本人時(本人認證0K) ’則 向收單銀行進行該當持卡會員的授權要求,因此’除了向 收單銀行終端4,發送持卡會員之卡片資訊、和結帳希望 金額(持卡會員所欲訂購之商品·服務之機能)所成之交易資 料以外,還發送該當認證結果(S 1 1 〇)。此外’交易資料’ 係亦可在S 1 0中,從會員終端2有訂購資訊和卡片資訊送 訊時之時點上就已被生成,且被記憶在加盟店終端3中’ 而是將其加以讀出。 收單銀行終端4,係基於從加盟店終端3接收到之交 -38- (36) 1304190 易資料和認證結果,並基於本人認證〇K的持卡會員之卡 號,來特定出卡片發行源的發卡銀行,並向已特定之發卡 銀行的發卡銀行終端6,轉送交易資料和認證結果(s 1 2〇) 〇 收到交易資料和認證結果之發卡銀行終端6,係基於 未圖示之會員資料庫中所儲存之每位會員的會員資訊或授 信資訊,來確認交易資料中所含之結帳希望金額,是否爲 受到授權委託之持卡會員的信用額度範圍內。若結帳希望 金額是在信用額度範圍內,則當成授權OK,結帳希望金 額份的信用額度會被確保下來。 然後,發卡銀行終端6,係將授權的結果(授權OK、 授權NG)發送至收單銀行終端4(S 130),然後收單銀行終 端4,係向加盟店終端3,轉送授權結果(S 140)。 然後,加盟店終端3,係從收單銀行終端4接收到授 權結果後,將該結果通知給會員終端2 ( S 1 5 0 )。具體而目 ,當授權結果爲OK時,則加盟店和持卡會員之間,使用 該當持卡會員之卡號的結帳所致之網路商業交易係爲成立 之意旨的畫面會發送至會員終端2,並顯示在會員終端2 上。又,當授權結果爲NG時,係將網路商業交易不成立 之意旨的畫面發送至會員終端2,並顯示之。 此外,本實施例中,認證伺服器7中的使用一次性密 碼之本人認證,係在會員終端2和加盟店終端3之間每次 進行網路商業交易時,就會被進行。換言之,本實施例之 OTP生成手段1 6所生成之一次性密碼,係僅限1次的網 -39- (37) 1304190 路商業交易中是有效的’所以即使未持有網路結帳輔助裝 置的第三者竊聽到一次性密碼,第三者仍無法僞裝成持卡 會員而進行以降的網路商業交易’因此可更加提升商業交 易的安全性。 〔實施例2〕 其次,針對被發配網路結帳輔助裝置1 a (未圖示)之持 卡會員,去使用該當網路結帳輔助裝置1 a,從具有通訊機 能的個人電腦或行動電話’藉由使用該當持卡會員之卡號 的結帳,進行網路商業交易時之一實施例,加以說明。 本實施例和之前的實施例1的不同點是’網路結帳輔 助裝置所具備之OTP生成手段1 6的一次性密碼生成方法 ,和OTP生成資訊儲存部17的儲存內容,和圖3中的會 員終端2與認證伺服器7(本實施例中係爲認證伺服器7a) 之間的認證流程(S80、S90)的內容等。 亦即,雖然在先前之實施例1中,一次性密碼生成方 法係設計成時間同步方式,但在本實施例中,是採用利用 次數同步方式。伴隨於此,本實施例之網路結帳輔助裝置 la中,圖1中所記載之計時手段1 8,是被取代成計數手 段18a(未圖不)。 關於網路結帳輔助裝置1、1 a和認證伺服器7、7a, 除了上述相異點以外之構成,以及S80、S90以外之流程 ,因爲是和圖1〜圖3所示之實施例相同’所以以下使用 圖1〜圖3,僅說明圖3的S 8 0、S 9 0之部份的詳細流程。 -40- 1304190 · (38) 本實施例之OTP生成資訊儲存部17中所儲存之OTP &成資訊,係由網路結帳輔助裝置1 a所固有之共通金鑰 ’和利用次數資訊所構成。 其中,共通金鑰,係以在OTP生成資訊儲存部17內 不可改寫的狀態而被儲存,且於進行OTP生成手段1 6所 生成之一次性密碼之驗證的認證伺服器7a中,是被建立 關連對應至被儲存在卡片資訊儲存部1 3的卡號。 | 利用次數資訊,係和共通金鑰同樣地,於認證伺服器 7a中,被建立關連對應至卡片資訊儲存部13中所儲存的 卡號。 換言之,這些OTP生成資訊,係以和卡號建立關連的 狀態,在認證伺服器7a中也被儲存;當認證伺服器7a從 會員終端2接收一次性密碼之際,與會員終端2同樣地, 認證伺服器7a上也會生成一次性密碼,藉由確認兩者是 否一致,就可進行一次性密碼的妥當性驗證、持卡會員之 | 認證。 又,利用次數資訊,係爲僅當有來自 0TP生成手段 1 6的改寫指令時才可以改寫之資訊,藉由計數手段1 8 a, 0次、1次、2次這種一次加1的加算,或1〇〇次、99次 、9 8次這種一次減1的減算後,加算或減算後的數値,會 被儲存在OTP生成資訊儲存部1 7中,利用次數資訊會被 更新。此外,加算或減算,係爲預先決定。 此外,計數手段18a,係亦可被含在0TP生成手段16 ,或可有別於OTP生成手段1 6而另外設置’但後者的時 -41 - 1304190 · (39) 候,必須要由OTP生成手段1 6來控制計數 得利用次數資訊的改寫會被進行。 圖3的S80中,首先,認證伺服器7a, 2,催促一次性密碼之送訊,並基於從會員条 到的一次性密碼,進行持卡會員的認證。 具體而言,認證伺服器7a,係從存取過 2,接收卡片資訊及訂購資訊,並確認擁有 持卡會員,是否爲剛才從加盟店終端3透過 、受到認證執行可否確認要求的持卡會員。 之所定時間前留下是否有從仲介伺服器5接 員之卡片資訊的曰誌,並藉由確認從會員終i 持卡會員之卡片資訊,是否和所定時間前留 片資訊一致而爲之。 此外,訂購資訊,係可不是從會員終端 亦可設計成,在S 2 0、3 0的流程中,從加盟 仲介伺服器5而發送至認證伺服器7&;或亦 終端3向會員終端2發送認證伺服器7a的 ,一起被發送,而在會員終端2向認證伺月g 取之際,轉送給認證伺服器7a。 又,認證伺服器7a所進行之,存取過來 的持卡會員,和從加盟店終端3接受認證執 求之持卡會員是否爲同一的確認,可並不僅 之核對,而是亦可設計成,從會員終端2及 直接或透過仲介伺服器5)雙方接收訂購資訊 手段1 8 a,使 係向會員終端 多端2所接收 來的會員終端 該卡片資訊的 仲介伺服器5 此確認係預定 收該當卡片會 瑞2接收到之 在曰誌中之卡 2發送,而是 店終端3透過 可在從加盟店 URL資訊之際 .器7a進行存 〔之會員終端2 行可否確認要 藉由卡片資訊 加盟店終端3( ,而也一倂進 -42- 1304190 · (40) 行這些資訊的核對。 認證伺服器7a,一旦確認了是從之前接受認證執行可 否確認要求之持卡會員的網路結帳輔助裝置1來的存取, 則認證伺服器7a係基於所收到之訂購資訊,作成如圖 4(b)所示之一次性密碼輸入畫面101,並發送至有存取之 會員終端2。 圖4(b)之一次性密碼輸入畫面101中,會顯示持卡會 | 員正在進行網路商業交易之對象也就是加盟店名、欲訂購 之商品.服務之金額、訂購曰。 一旦在會員終端2上顯示出一次性密碼輸入畫面1 0 1 ,則持卡會員,係按下網路結帳輔助裝置1的開始鍵1 2b 。網路結帳輔助裝置1的OTP生成手段1 6,係一旦偵測 到開始鍵1 2b按下,則從一次性密碼生成等待狀態,進入 一次性密碼生成流程。 0TP生成手段1 6,係將0TP生成資訊儲存部1 7中所 B 儲存之共通金鑰和利用次數資訊予以讀出,並將該當利用 次數資訊,以共通金鑰加密而生成一次性密碼’將其轉換 成1 〇進位數,顯示於顯示器1 1上。 此外,本實施例中,是將利用次數資訊,使用所定之 一次性密碼生成演算法,來生成一次性密碼。 又,由於本實施例之顯示器1 1之可顯示位數係爲8 位數,因此顯示器1 1上會顯示出所生成之一次性密碼的 前6〜8位數。 此外,OTP生成資訊,係除了上記利用次數資訊和共 -43- (41) 1304190 通金鑰以外,亦可含有其他僅網路結帳輔助裝置1 a與認 證伺服器7a兩者可獲知的任意資訊(例如,原則(p〇licy)等 );此時,利用次數資訊,和該當任意之資訊,亦可被共 通金鑰所加密,來生成一次性密碼。 OTP生成手段1 6,係在生成一次性密碼後,對計數手 段1 8 a,將剛才讀出之利用次數資訊,加算或減算丨,然 後將0TP生成資訊儲存部1 7的利用次數資訊予以改寫、 0 更新。 持卡會員,係在顯示於會員終端2之一次性密碼輸入 畫面1 0 1的密碼輸入欄1 0 1 a中,輸入被顯示在網路結帳 輔助裝置1之顯示器1 1上的一次性密碼,並點選送訊鈕 l〇lb,則已輸入之一次性密碼會被發送至認證伺服器7a。 此外,一次性密碼的輸入結束後,持卡會員再度按下 網路結帳輔助裝置1的開始鍵1 2b,就可使網路結帳輔助 裝置1之顯示器1 1上所顯示之一次性密碼變成不顯示, Φ 這在安全性的觀點上較爲理想。又在此同時,也將電源關 閉,在省電觀點上較爲理想。 從會員終端2接收到一次性密碼的認證伺服器7a,首 先係藉由會員終端2之識別號碼等之核對、或該當會員終 端2個別生成並發送過來之對一次性密碼輸入畫面1 〇 1是 否有回訊,確認該會員終端2是否爲剛才要求一次性密碼 送訊之對方。 確認後,認證伺服器7 a ’係基於要求一次性密碼之送 訊之前就接收到之持卡會員的卡片資訊,從0TP生成資訊 -44- (42) 1304190 之中,取出和該卡號關連登錄的共通金鑰和利用次數資訊 ,並將利用次數資訊以共通金鑰加密而生成一次性密碼, 並將其轉換成十進位數。 此外,本實施例中,是將利用次數資訊,使用所定之 一次性密碼生成演算法,來生成一次性密碼。又,O T P生 成資訊中,若含有任意之資訊,則除了利用次數資訊以外 ,該當任意資訊也會一倂被共通金鑰所加密。 如此一來,認證伺服器7a,係確認認證伺服器7a所 生成之一次性密碼,和之前從會員終端2所接收到之一次 性密碼,是否一致。若爲一致,則可證明該一次性密碼, 係確實爲藉由僅儲存於網路結帳輔助裝置1和認證伺服器 7a的利用次數資訊和共通金鑰所作成之一次性密碼。 換言之,將一次性密碼發送至認證伺服器7a的會員 終端2之操作者,係爲該當一次性密碼生成時所用之利用 次數資訊和共通金鑰、及該當利用次數資訊和共通金鑰所 關聯到之卡片資訊所被儲存之網路結帳輔助裝置1之操作 者;且係爲可利用該當卡片資訊的持卡會員本人,藉此, 要求網路商業交易的持卡會員的本人確認就被進行了。 認證伺服器7a,係將一次性密碼核對所致之持卡會員 之認證結果(本人認證OK、本人認證NG),發送至會員終 端2,同時還將之前一次性密碼生成時所用到的利用次數 資訊,以預先決定之演算方法進行加算或減算,並將其演 算結果當成認證伺服器7a內的利用次數資訊,加以改寫 、更新。 -45- (43) 1304190 此外,一次性密碼生成方式,在採用如本實施例的利 用次數同步方式時,即使會員終端2及網路結帳輔助裝置 1 a的操作者是正當的持卡會員,可是仍有可能因網路結帳 輔助裝置1 a在生成一次性密碼時所用的利用次數資訊、 和認證伺服器7 a在生成一次性密碼時所用的利用次數資 訊爲不同,導致一次性密碼不一致的情形。 持卡會員,即使以網路結帳輔助裝置1 a生成一次性 p 密碼,但也並不必然保證會被發送至認證伺服器7 a,當持 卡會員在網路商業交易的中途不慎發生斷線時,或者,有 可能原本就不是要進行網路商業交易,而是操作網路結帳 輔助裝置1 a來亂玩而不慎生成了一次性密碼。此種情況 下’由於網路結帳輔助裝置1 a的利用次數資訊係被更新 ’可是認證伺服器7a的利用次數資訊未被更新,所以, 當然所生成之一次性密碼就不會一致。 可是,若只有當被兩者所生成之一次性密碼是完全一 瞻致的情況下,才能認可持卡會員之真正性,則會導致認證 N G增加,反而有損網路商業交易之便利性。 因此,認證伺服器7a,係當即使從會員終端2收到之 一次性密碼是不一致時,仍會將認證伺服器7a中所儲存 之利用次數資訊在所定範圍(例如,利用次數資訊+N)內加 以變更,在認證伺服器7a側重新生成一次性密碼,若和 會員終端2側上所生成之一次性密碼一致,則視爲持卡會 員的本人確認成功。 此外,N係考慮安全性的精度,而預先決定妥當。亦 -46- 1304190 * (44) 即,當想要提高安全性精度時,則將N設定得較小;當想 要降低安全性精度而以持卡會員側的便利性爲優先時,則 將N設定得較大。 如以上,若使用本發明之網路結帳輔助裝置來進行網 路商業交易,則在將卡片資訊輸入至卡片資訊輸入畫面之 際,被輸入至網路結帳輔助裝置的輸入資訊,只要和網路 結帳輔助裝置中所儲存之認證資訊不一致,則即使是持卡 | 會員本身也無從得知卡片資訊,因此,和卡片資訊會外露 之先前的信用卡不同,卡片資訊的隱匿性較高,可防止網 路商業交易中的卡片資訊之不正當使用。 又,由於網路結帳輔助裝置係爲可搬型,因此無論持 卡會員身處何處,都可使用行動電話、在宅的個人電腦、 外出地的個人電腦,來進行安全的網路商業交易,增加網 路商業交易的便利性。 又,網路商業交易被進行之際的持卡會員之本人認證 | ,係依據網路結帳輔助裝置所生成之一次性密碼,和認證 伺服器所生成之一次性密碼是否一致而爲之。 此一次性密碼,係網路結帳輔助裝置所固有,且僅被 儲存在網路結帳輔助裝置及認證伺服器中,而且是使用即 使是持卡會員本身都無從得知的共通金鑰,將在每次偵測 到所定鍵按下之曰期所成之曰期資料或者一次性密碼之生 成時就被更新的利用次數資訊予以加密而成者。 亦即,由於是屬於只有正在操作網路結帳輔助裝置的 持卡會員才可能作成的認證資訊,因此不持有網路結帳輔 -47- 1304190 . (45) 助裝置的第三者,是無法假冒持卡會員來進行網路商業交 易,可更加提升網路商業交易的安全性。 而且,該一次性密碼的生成,係只有在網路結帳輔助 裝置上顯示了卡片資訊後才會進行,因此,不具有網路結 帳輔助裝置的第三者,就算僅得知卡號,也是不能生成一 次性密碼。又,即使第三者竊得了網路結帳輔助裝置,若 沒有用來輸入網路結帳輔助裝置的認證資訊,也是無法生 成一次性密碼。換言之,由於無論第三者是否有得到網路 結帳輔助裝置,都無法假冒持卡會員來進行網路商業交易 ,因此商業交易的安全性可受到保證。 此外,一次性密碼之生成方法,係不限於上記實施例 的時間同步方式,只要是在網路結帳輔助裝置和認證伺服 器之間,能夠進行擁有網路結帳輔助裝置之持卡會員之本 人認證即可。 又,由於網路結帳輔助裝置係採用網路非連接型的構 成,所以一度被儲存於網路結帳輔助裝置中的卡片資訊、 認證資訊、OTP生成資訊,係無法被不正當存取等所讀出 ,而且就連被發配網路結帳輔助裝置的持卡會員,也是無 法將其讀出。 假設,若網路結帳輔助裝置是可連接個人電腦或行動 電話等之終端,則當網路結帳輔助裝置和終端的連接中, 發生了某種不良情況時,該不良的原因,究竟是在網路結 帳輔助裝置側、還是在終端側,此種責任劃分點會不明確 。因此,採用網路非連接型之構成的網路結帳輔助裝置, -48 - 1304190 · (46) 對於責任劃分點的明確而言,是有效的。 此處,不持有網路結帳輔助裝置的持卡會員,在本實 施例之網路結帳系統中,進行網路商業交易時的事前登錄 之系統構成及流程,示於圖6。 持卡會員,係從會員PC,向卡片公司(信用卡組織或 發卡銀行)所營運之持卡會員專用的WEB網站進行存取, 並輸入了只有持卡會員知道的會員資訊(出生年月日、電 話號碼、帳戶號碼等),然後發送至WEB網站(圖6中, ⑴)。 接收到會員資訊的卡片公司的WEB網站,係向有登 錄該當會員資訊之卡片公司的基幹系統進行存取,並向基 幹系統委託進行所收到之會員資訊、和基幹系統中所登錄 之會員資訊的核對(圖6中,(2))。基幹系統,係向 WEB 網站回送核對結果(圖6中,(3))。 若核對結果爲〇Κ,則視爲持卡會員之本人確認成功 ,並從 WEB網站,向會員 PC,要求密碼之登錄。會員 PC,係將密碼發送給WEB網站(圖6中,(4))。 從會員PC接收到密碼的WEB網站,係將該當密碼, 登錄至卡片公司之認證伺服器7(圖6中,(5))。 此處所登錄之密碼,係爲固定密碼,並非在網路結帳 輔助裝置上所生成的那種一次性密碼。換言之,未持有網 路結帳輔助裝置的持卡會員,在網路結帳系統上進行網路 結帳的時候,持卡會員的認證方法,係只能藉由固定密碼 的方法;一旦卡號和固定密碼被第三者一度獲知,則以後 -49- 1304190 · (47) 第Ξ考就能夠假冒持卡會員來進行網路結帳。 又,未持有網路結帳輔助裝置之持卡會員,係爲了登 錄密碼,而向持卡會員之WEB網站進行存取,經過本人 g忍S登後才能進行密碼登錄作業,因此對持卡會員側造成的 負擔較大。 甚至,不只是持卡會員的負擔大,即使在卡片公司側 ’也是需要架設用來讓持卡會員登錄密碼的WEB網站, | 架設用來進行持卡會員之本人認證的基幹系統。 又’網路結帳輔助裝置係構成爲,通常不會外露卡號 ’而僅爲持卡會員所獲知,或只有在輸入了僅持卡會員具 有之認證資訊,才會顯示出卡號;甚至,由於網路結帳之 際’持卡會員之本人認證所使用的密碼,係並非固定密碼 ’而是一次性密碼,因此,第三者要假冒持卡會員來進行 網路商業交易是極爲困難的。 以上,雖然說明了網路結帳輔助裝置1的實施例,但 | 是’本發明的網路結帳輔助裝置,係並非被限定於具備上 記實施例所說明之全部構成要件的網路結帳輔助裝置1, 而是可作各種變更及修正,實現每個目的所必須之構成要 件可任意組合,來架構本發明之網路結帳輔助裝置。又, 關於所述變更及修正也當然屬於本發明之申請專利範圍中 〇 例如’在實施例中,雖然說明了使用信用卡的卡號的 網路結帳’但只要是至少藉由卡號來進行網路結帳的卡片 ,除了信用卡以外,像是轉帳卡等之卡片所致之實施例, -50- (48) 1304190 也是屬於本發明之申請專利範圍中。 又,本實施例中,雖然是使用卡片結帳之網路商業交 易中所使用,但當持卡會員只希望進行網路商業交易,不 希望先前之塑膠型磁卡、1C卡等所成之信用卡所致之真實 的面對面交易的情況下,亦可不受到信用卡之發行;本發 明之網路結帳輔助裝置之擁有者,是不需要一定得持有先 前之塑膠型的信用卡。 φ 又,例如,實施例中雖然說明了,1個網路結帳輔助 裝置1的卡片資訊儲存部1 3中,儲存著具有1種卡片資 訊之1持卡會員的卡片資訊,並在認證資訊儲存部1 5中 儲存1種認證資訊的情形,但亦可在卡片資訊儲存部1 3 中儲存複數之卡號。此時的認證資訊,係可爲了顯示複數 卡號而爲共通的認證資訊,也可爲卡號和認證資訊分別對 應,隨著所輸入之認證資訊不同,顯示器1 1上顯示之卡 號也不同。 • 又,母子信用卡等、同一或複數卡號,是被複數人使 用的情況,係亦可隨著每個人而儲存不同之認證資訊在認 證資訊儲存部1 5中,也可儲存共通的認證資訊。 又,上記實施例中,雖然敘述了卡片資訊和OTP生成 資訊,是在網路結帳輔助裝置1、1 a及認證伺服器7、7a 上,分別被建立關連之意旨,但爲了防止卡片資訊之竊聽 ,而將卡片資訊和OTP生成資訊,非以直接而是以間接方 式建立關連者,也是包含於申請專利範圍中。 具體而言,圖3之S10中被會員終端2輸入之卡片資 -51 - (49) 1304190 訊,是於S20、30中,經由加盟店終端3、仲介伺服器5 ,最終會被發送至認證伺服器7、7a,但是,認證伺服器 7、7a係在此時,將所收到之卡片資訊之中的卡號,轉換 成和該當卡號不同的獨特之號碼,並經由仲介伺服器5, 發送至加盟店終端3(於S4〇、50中)。 甚至,該獨特號碼,係從加盟店終端3被送往會員終 端2,經由會員終端2而被發送至認證伺服器7、7a(於 • S60、70 中)。 接收到該當獨特號碼的認證伺服器7、7 a,係藉由和 最初把卡號轉換成獨特號碼時的相反的轉換規則,將獨特 號碼轉換成卡號,將轉換成的卡號所關聯到的〇 TP .生成資 訊,用於一次性密碼之生成。 如此,藉由將卡號和卡號以外以外之獨特號碼和OTP 生成資訊建立關連,除了 S10、S20、S30中卡號被發送以 外’在網路9 a上都不會有卡號流通,因此卡號被竊聽的 φ 可能性會大幅降低,對安全性的提升有所貢獻。 又’上記實施例中雖然說明了,會員終端2是向加盟 店終端3發送卡片資訊,認證伺服器7、7 a,是基於來自 加盟店終端3的請託,而於圖2的S 8 0中,進行持卡會員 之本人認證的情形’但是,本發明並不一定侷限於此。 例如’亦可先由會員終端2去存取認證伺服器7,然 後認證伺服器7、7a會將持卡會員專用的認證資訊輸入畫 面發送給會員終端2,基於被輸入至該當認證輸入畫面的 卡片資訊和一次性密碼,在會員終端2和認證伺服器7、 -52- (50) 1304190 7 a之間進行持卡會員之本人認證;在其結果爲確認是本人 以後,在所定條件(例如所定時間、所定次數、所定加盟 店等)內,由會員終端2去存取加盟店終端3的網站,而 進行網路商業交易。 換言之,本發明的網路結帳輔助裝置,基本上係設計 成在會員終端2、和卡片公司側的認證伺服器7、7 a之間 ’被使用於持卡會員之本人認證,且在認證後,就可實際 在加盟店的網站等中進行網路商業交易;並非必然以來自 加盟店終端2的本人認證委託爲前提。 本發明中的各手段、資料庫,係僅爲邏輯性地區別其 機能而劃分,在實體上或事實上係亦可爲同一領域而爲之 。又’取代資料庫改用資料檔案當然也可,資料庫之記載 中亦包含資料檔案。 上記實施例中,雖然說明了,網路結帳系統上的終端 或伺服器,是信用卡組織(商業交易服務之提供主體)、發 卡銀行(持卡會員之獲得·對持卡會員發行卡片的主體)、收 單銀行(加盟店的獲得·契約.管理主體)、加盟店之各自所 營運,但是,這些都僅是槪念上、角色上的區別,實體上 ,會有發卡銀行和收單銀行爲同一者的情形,或也有信用 卡組織、發卡銀行、收單銀行爲同一者的情形。 因此’例如,於本說明書中,網路結帳輔助裝置1、 1 a,係並非被限定於從發卡銀行所發配。又,網路結帳系 統的提供主體也不一定必須是信用卡組織。又,發卡銀行 終端6和認證伺服器7、7 a和收單銀行終端4也可爲同一 -53- 1304190 * (51) 者。又,仲介伺服器5、其他終端或伺服器之任何者均可 以是同一者。 此外’實施本發明時,是將記錄著實現本實施形態之 機能的軟體之程式的記憶媒體供給給系統,由該系統的電 腦將記憶媒體中所儲存之程式加以讀出並執行,而加以實 現。 此時,從記憶媒體中讀出之程式本身係會實現實施形 φ 態之機能,記憶該程式的記憶媒體則則構成本發明。 作爲用來供給程式的記憶媒體,例如可使用磁碟、硬 碟、光碟、光磁碟、磁帶、不揮發性記憶卡等。 又,不僅是藉由電腦執行已讀出之程式,來實現上述 實施形態之機能,而是基於該程式之指示,由電腦上運作 中的作業系統等進行實際之處理的部份或全部,藉由該處 理來貫·現則sH貫施形態之機能的情況,也被涵蓋在本發明 中。 • 甚至,被從記憶媒體中讀出之程式,是被寫入至被插 入在電腦的機能擴充板或連接至電腦的機能擴充單元上所 具備的不揮發性或揮發性之記憶手段後,基於該程式之指 示’由機能擴充板或機能擴充單元所具備的演算處理裝置 等來進行實際之處理的部份或全部,藉由該處理來實現前 記實施形態之機能的情況,也被涵蓋在本發明中。 【圖式簡單說明】 〔圖1〕本發明之網路結帳輔助裝置之外觀及電氣硬 -54- (52) 1304190 體構成的構成圖。 〔圖2〕使用網路結帳輔助裝置的網路結帳系統的槪 略連接構成圖。 〔圖3〕網路結帳系統中的網路商業交易之處理流程 之一例的圖。 〔圖4〕網路結帳系統中的網路商業交易之處理流程 中,顯示於會員終端之畫面之一例的圖。 〔圖5〕本發明之網路結帳輔助裝置之操作程序及顯 示器晝面遷移的圖示。 〔圖6〕未網路結帳輔助裝置之網路結帳系統,被持 卡會員利用之際,持卡會員之本人認證所需之密碼登錄用 所必要之系統槪略連接構成圖。 【主要元件符號說明】 I :網路結帳輔助裝置 1〇 :框體 II :顯示器 12 :按鍵操作部 12a :數字鍵 12b :開始鍵 1 3 :卡片資訊儲存部 1 4 :認證手段 1 5 :認證資訊儲存部 16: OTP生成手段 -55- (53) 1304190 17 : OTP生成資訊儲存部 1 8 : |十時手段 1 9 :驅動用電源 2 :會員終端 3 :加盟店終端 4 :收單銀行終端 5 :仲介伺服器 6 :發卡銀行終端 7 :認證伺服器 9a :網路 9 b ·專線 -561304190 The invention of claim 6 is a network checkout auxiliary device, wherein the front part is composed of a common key and a usage count information of each of the pre-recorded one-time passwords; And the pre-recorded user encrypts to generate a one-time password; in the pre-record, the one-time password generated here in the pre-recorded OTP generated information storage unit is the date formed by the date on which the button is pressed. When the data is generated, the number of times of use information will be updated. Since it is a password that is only operated by the network checkout _ possible, it does not hold the network balance, and it is impossible to impersonate the contractor for online business. 'The safety of road business transactions. The invention of claim 7 is a network checkout auxiliary device, which is characterized in that it is resistant to external force intrusion (T amper, according to the invention of application 7, is capable of invading the external force, so it can be sought More information, authentication information, OTP generated information: Enhance. [Invention effect] Record 0TP generation information, : It is updated when it is generated: Code generation means, system detection: Number information for common key • Secondary password After the generation, the information is updated and the common key is added, and the one-time password is encrypted and encrypted. That is, the contractor of the assisting device is the third party of the auxiliary device: Lifting network 〖, pre-recorded network checkout assistant Proofness) ° I road checkout auxiliary device is - the security of the card caused by the third party I listen, tampering-10- (8) 1304190 If the network according to the present invention If the checkout assistance device confirms the result of the contractor's own authentication by the network checkout assistance device, it is confirmed that the card information cannot be obtained even if the contractor itself cannot know the card information. Readout of the state is rather deposit, therefore, different from the previous card information will be exposed credit card, the card can be increased occult information, to prevent unauthorized use of card information network commercial transactions. In addition, since the network checkout assistance device is portable, it is possible to use a mobile phone, a personal computer at home, or a personal computer on the outing place to conduct secure online business transactions regardless of where the contractor is located. To increase the convenience of online business transactions. Moreover, since the contractor's personal authentication is a one-time password created using the OTP generation information inherent to the contractor stored in the network checkout assistance device, even if the third party obtains the one-time password, Used in the next online business transaction. The OTP generation information for one-time password generation is stored because it cannot be read from the external state of Φ. Therefore, even if the contractor himself does not know the OTP generation information, only the network checkout assistance device is operating. The contractor himself will be informed of the one-time password for the result. In other words, the one-time password generation due to the third party is unlikely to occur, so the security of the online business transaction can be more assured. Moreover, the generation of the one-time password is only performed after the card information is displayed on the network checkout assistance device. Therefore, the third party who does not have the network checkout assistance device knows only the identification information. It is also impossible to generate a one-time password. Also, even if the third party has stolen the network check-out aid -11 - (9) 1304190 ', if there is no authentication information for inputting the network check-out aid, it is impossible to generate a one-time password. In other words, the contractor, after accepting the authentication by the authentication means of the network checkout aid, will also receive the authentication by the authentication server, and finally, until the online commercial transaction is possible. It is necessary to pass the authentication based on two different authentication information, so it can prevent the counterfeiting caused by the third party and improve the security of online business transactions. [Embodiment] Hereinafter, a preferred embodiment of the present invention will be described in detail based on the drawings. Fig. 1(a) is an external view of the network checkout assisting device 1, and Fig. 1(b) is a view showing the configuration of the electrical hardware of the network checkout assisting device 1. The network checkout assistance device 1 is a contractor terminal (a mobile phone or a personal computer) of a card contractor such as a credit card or a debit card, and an authentication server that performs the contractor's own authentication (usually by a card member)保持), φ is a network checkout system in which each other has a network connection, when the contractor uses the identification information of the contractor to perform checkout for online business transactions such as online shopping. As shown in FIG. 1(a), the user has an outer shape that can be accommodated in the palm of the hand, and is formed by a thin and hand-carrying frame 10. On the outer surface of the frame 10, the display 1 is exposed. 1. and the button operation unit 12. Further, the display unit 1 of the present embodiment is a display having an 8-digit display; the key operation unit 12 is composed of a numeric key 1 2 a of 0 to 9, and a start key 12b. -12- (10) 1304190 The inside of the housing 10 is shown in Fig. 1(b). In addition to the display 1 1 and the button operation unit 12, it is used as a card information storage unit 13 and authentication information storage. The unit 1 5, the authentication means 1 4, the OTP generation means 16 , the OTP generation information storage unit 17 and the timer means 18, which function as hardware (CPU, memory) for various functions, and for driving these hardware parts (display) 1 1. A drive power source 19 (battery) for the button operation unit 12, the CPU, and the memory). Further, in the casing 1 of the present embodiment, in addition to the driving power source 19 of the display unit 1 and the button operation unit 12, a slot for a 1C card such as a SIM is provided, and a 1C card is inserted in the slot. And use. Then, the CPU and the memory are used, and the one included in the 1C card is used. As will be described later, in the card information storage unit 13 , the authentication information storage unit 15 , and the OTP generation information storage unit 17 , since the information of each contractor is stored, the information is stored in the 1C card. In the case of the billion body, the slot is used for insertion, whereby the frame body 1 itself can be common to the contractors, and the frame body 1 itself does not retain personal information, and therefore, in addition to the frame 10 can be raised. Productive, at the same time, it is easier to pick and manage the frame. Further, although the driving power source 1 9 ' of the present embodiment is a button type battery, it may be a solar battery or a rechargeable battery. Further, the network checkout assisting device 1 may be designed to maintain the power OFF state at a normal time, and to activate the power source, for example, when any of the keys of the key operating portion 12 is operated. The card information storage unit 13 and the authentication information storage unit 15 and the 0TP generation information storage unit 17 of the present embodiment are specifically stored by each of the card information, the authentication information, and the OTP generation information, which will be described later. The body is composed of 13- (11) 1304190; the memory system is physically a memory for storing these information in a comprehensive manner, and may also be two or more memories. The authentication means 14 and the OTP generating means 16 of the present embodiment are specifically configured by a program stored in a memory; the CPU in the network checkout assisting device 1 reads the program from the memory and Execution to implement the functions of these authentication means 14 and the OTP generation means 16. Further, in the network check-out assisting device without a CPU or a memory, the functions of the authentication means _ 14 and the OTP generating means 16 can be realized by electronic means using electronic components. The network checkout assistance device 1 of the present embodiment is a bank issuing bank that issues a letter card based on an authorization contract with a credit card brand (if it is a debit card, it is a bank or card issue issuing a debit card) The company) is responsible for each cardmember, that is, the contractor. In the card-issuing bank, the card information, certification information, and OTP-generated information inherent to each contractor are recorded in the state of the memory. (The form of the distribution | may be a loan or a transfer); and the storage contents of the memory after the distribution (the card information storage unit 13, the authentication information storage unit 15, and the OTP generation information storage unit 17), It cannot be read from the outside. Further, even if the contractor of the network checkout assistance device 1 is dispatched, the recorded content of the memory cannot be read from the outside. The contractor itself can only display the card information on the display 1 1 when the identity verification of the contractor is carried out and confirmed as the person, and only the card information can be known, and the card is in other states. The information system was concealed. The reason why it is designed to prevent the storage contents of the memory from being read from the outside is 14-(12) 1304190. The reason is that the network checkout assistance device 1 does not have a network for connecting to the Internet, etc. It is a non-network connection type terminal. In addition, in order to further improve the security of the eavesdropping and tampering of the memory storage contents, the network checkout assistance device 1, or the SIM card such as the SIM built in the network checkout assistance device 1 may also have an external force invasion. Sex (If you try to decompose, or read content directly from the memory, the recorded content of the memory will be erased, or the program becomes unbootable). Φ Hereinafter, the details of each part of the network checkout assistance device 1 will be described. The card information storage unit 13 is a card information that is included in the state in which the identification information of at least the contractor is not read from the outside. Memory; the card information in this embodiment is the identification information (card number) inherent to the contractor, the expiration date, and the security code (the number of digits that are pre-encrypted by the predetermined method). Usually in plastic type The credit card's signature board is printed. With this number, the card's authenticity can be confirmed. Also, it can include a nominal name. Also, the card information may be composed solely of identification information. Further, all of the expiration date, security code, and nominal name do not need to be included in the card information, and one or more of them may be combined as appropriate to form card information. The certification information storage unit 1 5 is a private number set by the contractor or a biological information obtained by digitizing the biological characteristics of the contractor's fingerprint, iris, vocal chord, and facial photograph, etc., and the contractor himself/herself The authentication information required for authentication is stored in advance in a state in which it cannot be read from the outside. -15- (13) 1304190 In addition, the authentication information stored in the authentication information storage unit 15 is different from the authentication information used by the authentication server in the network checkout system when the contractor authenticates himself. The checkout assistance device 1 is required to perform authentication information necessary for the contractor's own authentication. Further, the authentication information in the authentication server and the authentication information in the network checkout assistance device 1 are type-individuals, and the OTP generation information storage unit 17 is inherent to the network checkout assistance device 1 The OTP generation information is a memory that is stored in a state that cannot be read from the outside; the OTP generation information in this embodiment is a common key inherent to the network checkout assistance device 1; the common key The server (the authentication server in the embodiment to be described later) that performs the verification of the one-time password generated by the OTP generating means 16 is associated with the identification information stored in the card information storage unit 13. correspond. In addition, the common key, which is stored in the online business transaction, will only be stored in the authentication server that authenticates the contractor and the key of the network checkout assistance device; in this embodiment, it will be described later. The TP generation means 1 6 is used when generating a one-time password. The authentication means 14 is used to confirm whether the operator of the network checkout assistance device 1 is authenticated by the contractor (cardholder member) who can use the identification information stored in the card information storage unit 13. Means: confirming whether the input information input from the input means (the digital key l2a in this embodiment) and the authentication information stored in the authentication information storage unit 15 are the same. The operator of the checkout assistance device 1 is the contractor himself, and at least the identification information among the -16-(14) 1304190 card information stored in the card information storage unit 13 is read and displayed on the display 1 1 Means. In the authentication means 14 of the present embodiment, the operator presses the start key 1 2b of the key operation unit 12, and receives the depression detection of the start key 1 2b to start the activation. Then, when the operator presses the number key 12a corresponding to the input means and inputs a 4-digit number, the authentication means 14 confirms the entered number and the stored in the authentication information storage unit 15. Whether the private numbers are the same, if they are consistent, the card information is displayed on the display 11. If the authentication information is a private number as in this embodiment, the digital key can be used as the input means, and the consistency judgment processing of the input information and the authentication information can be easily performed, and the network checkout apparatus 1 can be realized with a relatively inexpensive configuration. It is possible to promote the use of the network checkout device 1. Although the authentication information of the embodiment is a 4-digit private number, the authentication method and the authentication information are not limited thereto, and the authentication means caused by the plurality of authentication methods may be combined as appropriate, and if the plural authentication means is used, The improvement of the authentication accuracy can be exchanged to prevent the use of the network check-out aid caused by the third party. For example, if the biometric authentication method is adopted, the authentication information is a biometric information (a data obtained by subtracting biological characteristics such as fingerprints, irises, and facial photographs), and the input means is Change to scanners, microphones, digital cameras, etc. used to enter these biometric information. Since the biometric authentication method is a highly accurate authentication method, even if the network checkout assistance device 1 is stolen by a third party, as long as it is not the body -17-(15) 1304190 is the network checkout assistance device 1 The contractor of the distribution can not use the network checkout aid 1 to prevent abuse. In addition, the private number of the authentication information of the embodiment may include English letters in addition to the number; in this case, in addition to the numeric keys, the network accounting assistant needs to be provided with an English letter key. The OTP generating means 16 generates the one-time information based on the OTP φ generated information (the common key in the present embodiment) stored in the OTP generated information storage unit 17 after the card information is displayed by the authentication means 14. The password and the means displayed on the display 11. The one-time password is transmitted from the contractor terminal to the authentication server, and when the authentication server performs the contractor's own authentication, and checks with the one-time password generated based on the OTP generated information on the authentication server. use. Then, when the verification results of these one-time passwords are identical, and the authenticated server confirms the person, it becomes feasible to use the online business transaction caused by the checkout of the identification information of the contractor. • In the present embodiment, after the authentication by the authentication means 14 has been performed, and the card information is displayed on the display 11, once the operator presses the start key 12b, the start key 12b is pressed. That is, it becomes an opportunity to start the OTP generation means, and a one-time password is generated and displayed. Further, although the OTP generating means 1 6 of the present embodiment generates a one-time password by a time synchronization method which will be described later in detail, other generation methods such as a counter synchronization method or a challenge & response method may be used. One-time password. The timing means 18 is the OTP generating means of the embodiment 1 6 to -18 - 1304190. (16) The means necessary to generate a one-time password in the inter-synchronous mode is a means of timing. Further, the timing means 18 may be constituted by an instant clock, or a timekeeping program may be stored in the memory, and the CPU may read and execute the timekeeping program to realize the timing function. Further, when the OTP generating means 16 is to generate a one-time password in a manner other than the time synchronization method, it is possible to add a means necessary for each generation method instead of the time measuring means 18. In the present embodiment, the OTP generating means 16 is as described above, and the authentication means 14 receives the card information displayed on the display 1 1 and becomes the depression detection waiting state of the start key 12b. The OTP generating means 16 6 transmits the measurement of the depression to the timekeeping means 1 once the depression of the start key 1 2b is detected. Timing means 18, the timing start key 1 2b is measured and the date of depression is 'delivered the date data (year, month, day, hour, minute, second, second, 30 seconds) to the OTP generation means 16 〇 Then, OTP generation means 16, from the OTP generated information storage unit | 17 read the common key, the date data to be delivered, encrypted with the read common key, converted into decimal digits 'displayed on the display 1 1 ° In the encryption method of this embodiment, although the common key encryption method is adopted, other encryption methods may be used. According to the network checkout assistance device 1 described above, when the online checkout assistance device 1 performs the identity verification of the contractor and confirms the identity of the person, the card information displayed by the authentication means 14 is input. It can be sent to the -19- (17) 1304190 website or authentication server after the card information input screen displayed on the contractor's terminal sent from the website of the franchise store where the card can be settled by the card or the authentication server. . In this way, if the online checkout assistance device 1 performs the identity verification of the contractor and confirms it as the person, that is, if the input information input is consistent with the authentication information stored in the network checkout assistance device, Therefore, even if the contractor itself cannot know the card information, and the card information is stored in a state in which it cannot be read from the outside, the previous credit card which is different from the card information can improve the concealment of the card information. Prevent improper use of card information in online transactions | Moreover, since the network checkout assistance device is portable, it is possible to use a mobile phone, a personal computer at a house, or a personal computer on the outing place to conduct secure online business transactions, regardless of where the contractor is located. The convenience of online business transactions. Further, the OTP generating means 16 displayed by the OTP generating means 16 is input to the one-time password input screen displayed on the contractor terminal transmitted from the authentication server that performs the personal authentication of the contractor, except for > It is sent to the authentication server, and it is verified by the one-time password generated by the authentication server. When it is the same, it is confirmed as the person, and the online business transaction caused by the settlement of the contractor identification information becomes available. get on. In this way, since the contractor's own authentication is a one-time password created based on the OTP generation information inherent to the contractor stored in the network checkout assistance device, even if the third party obtains the one-time password, it cannot Used in the next online business transaction. The OTP generation information for one-time password generation is stored because it cannot be read from the outside. Therefore, even the contractor himself does not have -20- (18) 1304190. The contractor of the network checkout aid will know the one-time password for the result. In other words, the one-time password generation due to the third party is unlikely to occur, so the security of the online business transaction can be more assured. Moreover, the generation of the one-time password is performed only after the card information is displayed on the network checkout auxiliary device. Therefore, even if the third party does not have the network checkout assistance device, only the identification information is known. It is also impossible to create a one-time password. Moreover, even if the third party steals the network checkout assistance device, if there is no authentication information for inputting the network checkout assistance device, the one-time password cannot be generated. In other words, the contractor, after accepting the authentication by the authentication means of the network checkout aid, will also receive the authentication by the authentication server, and finally, until the online commercial transaction is possible. It is necessary to pass the authentication based on two different authentication information, so it can prevent the counterfeiting caused by the third party and improve the security of online business transactions. • In addition, the certification information storage unit 5 can also be designed to perform an unanimous determination process by the authentication means 14 in addition to the above-mentioned authentication information, and find that the input information and the authentication information are not consistent, and are pre-stored in an acceptable manner. Enter the number of times the information is re-entered (the number of times allowed). At this time, the network checkout assistance device 1 or the authentication means 14 is also configured to include a counting means (counter). Then, in the flow of the consistency determination process by the authentication means 14, when the input information and the authentication information do not coincide, each time the time of occurrence thereof, the counting means is calculated from 1 to the top, and the added number is compared. And wrong - 21 - (19) 1304190 The number of misadmissions, when the added number exceeds the error tolerance, the authentication means 14 does not perform its own processing, and the signaling means 16 does not start, so that the authentication process and the OTP Generate popularity. Thereby, it is possible to prevent the malicious third party from stealing the network checkout assistant to process the authentication information and then input, and as a result, the card information or code is unfortunately displayed on the display 11. Further, when the added number does not exceed the error tolerance entry information and the authentication information, the authentication means 14 displays the card information on the 1st, but the counted number (initialization) becomes 〇. Here, an example of the operation of the network checkout assistance device 1 and the screen transition is shown in FIG. 5. In addition, this embodiment 1 1 is an 8-digit alphanumeric number. The display shows the display. First, once the start key 12b is pressed by the operator, the power of the network assist device 1 is activated (S200), and APPLI" is displayed on the display 1 (S210), so that it is necessary to display the card when the start chain 12b is pressed. In the case of information, the operator presses the number key 1 2a (S23 0); when it is desired to change the authentication information (private number), the "2" of the number key 12a (S 3 3 0). Since the display 1 indicates "PIN" when ^1" is pressed (S 23 0), the operator selects the number 4 as the authentication information from the numeric key Ka and presses it (S240). The start key 12b is pressed (S245), the private number that has been pressed, and if it is, the g 0TP lifetime is not used by the feeding device 1 to be a one-time secret number, but is input to the display, and the display screen of the display 11 is reset. When the checkout assistant displays ^1 (S225), then press 1 to display the number of digits in the privacy, then open the certificate and verify the information stored in the storage unit 1 5 - (20) 1304190 In the same manner, among the card information stored in the card information storage unit 13, the first eight digits of the identification information (hereinafter referred to as a card number) are first displayed on the display 11 (S250). Next, once the start key 1 2b is pressed (S 2 5 5 ), the last 8 digits of the card number are displayed on the display 11 (S260). Next, once the start key 12b is pressed (S265), the expiration date and security code are displayed on the display 11 (S270). In addition, the flow of S265 and p S2 70 is not required, and only the card number in the card information can be displayed. Next, when the start key 12b is pressed (S275), the display 1 1 displays "OTP = 1", and a selection is made to generate, display, or end the one-time password. Here, after the start key 12b is pressed (S290). , and then press the "1" (S 295) of the number key 12a, the "PIN" (S 3 05) for prompting the input of the authentication information is displayed on the display 1 1. Therefore, the operator presses the number key 1 2a again. The next 4 digit private number and press the start key _ 12b (S310). The private number that has been pressed, if it matches the authentication information stored in the authentication information storage unit 15, generates a one-time password based on the OTP generation information stored in the OTP generation information storage unit 17, and displays it in On the display 11 (S315). Then, if the start key 12b is pressed again (S 3 2 0), the power of the network check-out assisting device 1 is cut off. When the key other than the number key 1 2a "1" is pressed, or any key is not pressed and the predetermined time has elapsed (S 3 0 0 ), the network checkout -23- (21) 1304190 The auxiliary device 1 automatically cuts off the power. In addition, the private number input in S 2 4 0 and s 3 0 5 may be an individual private number for card information display and one-time password generation. In this case, the authentication information storage unit 15 is Store each private number separately. Further, in the present embodiment, before the flow of the one-time password is displayed on the display 11 (S315), the operator is urged to input the authentication information again at S3 05. However, it is also possible to design S11 05 to be omitted. A one-time password can be generated by pressing the start button 1 2b of S3 10. After S225, if "2" of the number key 12a is pressed (S 3 3 0), "CHANGE?" (S3 3 5) is displayed on the display 11. Once the start key 12b is pressed (S340), "PIN" is displayed on the display 11, prompting the input of the private number, and therefore, the operator presses the 4-digit private number from the numeric key 12a (S345), Pressing the start key 12b (S 3 50) again, if the private number that has been pressed is the same as the authentication information stored in the authentication information storage unit 15, it is used to urge the change of the private number after the change. The NEW 1" is displayed on the display 11, so that the operator presses the changed private number (S 3 5 5 ) from the numeric key 12a, and then presses the start key 12b (S3 60). Secondly, since "NEW2" for prompting the re-entry of the changed private number is displayed on the display 11, the operator has to press the changed private number (S 3 6 5 ) from the numeric key 1 2 a again, and then Press the start key 12b (S370) ° If the private number that was pressed in S355 matches the private number of the private 24--(22) 1304190 pressed in S365, the display 1 1 will display the private number. Since the completed "COMPLETE" (S 3 75 ) is changed, once the start key 12b is pressed (S 3 80) after the confirmation, the change procedure of the private number is 兀; the power supply is cut off. Further, in order to improve safety, in S 3 5 5 and S 3 6 5, even if input is performed from the numeric key 12a, the input cymbal is not displayed on the display 1, which is preferable. [Embodiment 1] Hereinafter, a credit card contractor (hereinafter referred to as a cardmember) who is sent to the network checkout assistance device 1 shown in Fig. 1 is used to use the network checkout assistance device. 1. A personal computer or mobile phone having a communication function, by using the checkout of the card number of the card member, to perform a network commercial transaction such as online shopping (hereinafter referred to as an online business transaction) The embodiment will be described. Φ The system configuration and network connection relationship of the network checkout system of this embodiment are shown in the system configuration diagram of Fig. 2. Further, the flow of the network commercial transaction in the network checkout system of the present embodiment is shown in the flowchart of Fig. 3. In addition, in this embodiment, the network commercial transaction service provider in the network checkout system is a credit card brand. Cardholders, assuming that the card is issued in advance, the credit card is issued, and the credit card is issued. At the same time, from the issuing bank, the certification information stored in each cardmember is accepted. (The cardmember is applying for a credit card. Biometric information such as private number or fingerprint information registered) -25- (23) 1304190, card information (card number, expiration date unique to each cardmember), network connection of OTP generation information (common key) Account assistance device 1. Further, in the present embodiment, the configuration of the network checkout assisting device 1 shown in Fig. 1(b) is stored in advance in addition to the configuration of the display 1 1 and the key operating portion 12 and the driving power source 19. In the 1C card, the function of the network checkout assisting device 1 is realized by inserting the 1C card in the 1C card slot (not shown) provided in the casing 10, but the network checkout auxiliary device is installed. φ is not necessarily required to have a 1C card. When the 1C card is not available, it is only necessary to have a CPU or a memory as long as the network checkout aid itself. Moreover, the network checkout assistance device 1 of the present embodiment is a user who uses the card merchant identification information, that is, the user who is in the online business transaction of the card checkout, but is a card member. I only want to conduct online business transactions. I don't want real face-to-face transactions caused by credit cards such as plastic cards and 1C cards. I don't want to issue credit cards. Lu also acts as a credit card organization and also has a card issuing bank business. The member terminal 2 is a terminal of the contractor, and is a terminal required for the card member to use the network checkout assistance device 1 for online business transactions, and is a personal computer, a mobile phone, etc. having at least a communication function and a browsing display function. The terminal franchise terminal 3 is not only providing the virtual terminal (website) to the member terminal 2 to accept the order of the goods or services, but also entrusting the card-issuing party to the card-issuing bank to authenticate the card-issuing member. I am -26- (24) 1304190 After the certification, 'for the acquiring bank (based on the authorization contract with the credit card organization, the acquisition of the franchise store · contract. Management business, etc., entrusted to authorize (review the terminal of the amount of credit for the goods or services ordered, whether there is any remaining credit card holders, if there is a remaining credit limit, the terminal is guaranteed to be settled) . The acquiring bank terminal 4 is a terminal that is authorized by the franchise terminal 3 to be entrusted to the issuing bank side (authorized re-transfer). The intermediary server 5 serves as the intermediary of the franchise terminal 3 and the authentication server 7 described later, that is, the server that acts as the intermediary role of the authentication service of the cardmember between the member terminal 2 and the affiliate terminal 3. . The intermediary server 5, in this embodiment, is a server operated by a credit card organization, and stores the franchise identification information for identifying the franchise stores corresponding to the online business transaction service using the network checkout assistance device 1. And the card issuing bank identification information used to identify the issuing bank corresponding to the online commercial transaction service using the network checkout assistance device 1. In addition, in the network checkout system of this embodiment, when there is a network commercial transaction service that does not use the network checkout assistance device 1, the intermediary server 5 needs to support the use of the network checkout assistance. The identification information of the franchise store and the issuing bank of the commercial transaction service of the device 1 is stored separately from the identification information of the franchise store and the identification information of the issuing bank. The card issuing bank terminal 6 is a terminal that receives an authorization request received from the acquiring bank terminal 4 to perform authorization. The authentication server 7 is a server that authenticates the card holder himself before the online business transaction. In this embodiment, the -27-(25) 1304190 certificate server 7, which is a server operated by the issuing bank, is connected to the issuing bank terminal 6, and is likely to use the network check-out assistant 1 The card information (card number, expiration date) and OTP generation information (common key inherent to the network checkout assistance device 1) of the card holder of the online business transaction are stored in a state of being connected to each other. In other words, every 1 card member is associated with card information and OTP generation information, and is stored in the authentication server 7. Further, the storage of such information to the authentication server 7 is performed at the same time as the card-sending assistance device 1 is issued to the card-member, or approximately before and after the period. In FIG. 2, the member terminal 2, the franchise terminal 3, the intermediary server 5, and the authentication server 7 are connected by the network 9a such as the Internet; the franchise terminal 3, the acquiring bank terminal 4, and the card issuance The bank terminals 6 are connected by a dedicated line 9b, respectively. In addition, the issuing bank terminal 6 and the authentication server 7 are separately prepared for each card issuing bank, and are respectively connected to the member terminal 2, the acquiring bank terminal 4, and the intermediary server 5, and are connected by the network 9a and the dedicated line 9b. . Further, the affiliate store terminal 3 is also separately prepared for each affiliate store, and is connected to the member terminal 2, the intermediary server 5, and the acquirer bank terminal 4, respectively, by the network 9a and the leased line 9b. Hereinafter, the flow of the network commercial transaction using the network checkout assisting device 1 will be described based on the flowchart of Fig. 3 and the system configuration diagram of Fig. 2. The card-members access the member terminal 2 from the affiliate store terminal 3 of the virtual store (web site) via the network 9a, and view the product or service. Then -28 - (26) 1304190, once the item to be ordered or the desired service is determined, the member terminal 2 sends a message to the franchise terminal 3 that the order is for the goods or the service is desired to be settled by the card. The purpose of the road business transaction. The affiliate store terminal 3 causes the member terminal 2 to display the card information input screen 100 shown in Fig. 4(a), and requests the member terminal 2 to input and transmit the card number and the expiration date of the card. Then, once the card member presses the open φ start key 1 2b of the network checkout assistance device 1, the authentication means 14 of the network checkout assistance device 1 is activated, and the network checkout assistance device 1 becomes awaiting authentication. State. Next, the card member is input from the number key 1 2a by inputting information (in this embodiment, a 4-digit private number) necessary for the authentication. Further, the private number of the 4-digit number entered here is determined in advance when the card-member has applied for the card, and has been stored in the authentication information storage unit 15 in the network check-out assisting device 1. The authentication means 14 reads the authentication information stored in the authentication information storage unit is' and confirms whether or not it matches the input information input from the numeric keys 1 2 a. Then, when the two are identical, the authentication means 14 reads the card number and the expiration date as the card information from the card information storage unit 13 and displays them on the display 11. Then, if all of the card number and the expiration date are displayed on the display 11, the authentication means 14 transmits the indication to the 0TP generating means 16. The "OTP generation means 16" is a one-time password generation wait state which will be described later. In addition, in this embodiment, since the number of bits -29-(27) 1304190 that can be displayed on the display 11 is limited to 8 digits, the authentication means 14 first performs the card number read from the card information storage unit 13 The division process is divided into the first 8 bits and the last 8 bits, and then the first 8 bits of the card number are displayed first on the display 11. The card member inputs the first eight digits of the card number based on the display 'in the card number input field 100a of the card information input screen 1'. Once the input of the first 8 digits of the card number is completed, the card member presses the start button 1 2b. The authentication means 14 receives the press detection of the start key 1 2b and displays the last 8 digits of the card number on the display 11. The card member is based on the display, and enters the last 8 digits of the card number in the card number input field 1 0 0 a of the card information input screen. Once the input of the last 8 digits of the card number is completed, the card member presses the start button 1 2b. The authentication means 14 accepts the press detection of the start key 1 2b and displays the expiration date in 4 digits (MM (month) / YY (year)). The card member is based on the display, and the expiration date is entered in the valid limit input field lb of the card information input screen 100. In addition, when the display area of the display and the number of displayable digits are sufficient, it is of course possible to display the card number all at once on the display, and also display the card number and the expiration date all at once. On the other hand, when the displayable number of bits of the display is less than 8 digits, the authentication means 14 can pre-segment the card information read from the card information storage unit 13 by the number of displayable digits. The start button 1 2b or any other key is pressed, and the divided card information is sequentially displayed. As described above, the network checkout assistance device 1 is only when the input information input is consistent with the authentication information stored in the authentication information storage unit 1-5- (28) 1304190 days in the display device. 1 1 does not display card information, therefore, if you do not know the authentication information, the third party will not know the internal card information even if it steals the network checkout assistance device. Therefore, compared to the previous credit card with printed card information, the security is higher, and there is no doubt that card information will be abused in online business transactions. The card member enters the card number and expiration date (in addition, although the card information input screen 1 in Figure 4 is not displayed, the order may also be ordered. | The service name, the amount, the order date, the name of the franchise store, the place where the product is sent, etc. ‘displayed on the same screen.) Click the send button 100c in the card information input screen 1〇〇. By the delivery button looc being clicked, on the side of the affiliate store terminal 3, the entered card information is transmitted (S 10). Received the ordered item from the member terminal 2. The order information of the service name, the amount, the order date, the name of the franchise store, the place where the goods are sent, and the card information of the card number and expiration date of the card used for the checkout of the order, and the franchise terminal 3 of the card are received. In addition to the card information, the franchise identification information given to each franchise store is sent to the escrow server 5 connected via the network 9a, and it is required to confirm whether the card member is accepting the use of the network checkout assistance device 1 Member of the commercial transaction service (can confirm the execution of the certification) (S 2 0 ) 〇 介 伺服 伺服 伺服 , , , 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 伺服 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 If the information is the same, the registrar terminal 3 of the franchise store that participates in the commercial transaction service using the network checkout assistance device 1 can access the agent server 5. If it is inconsistent, the access from the franchise terminal 3 of the franchise store that does not participate in the commercial transaction service using the network checkout assistant-31 (29) 1304190 assist device 1 is improper access, so it does not enter. Future process. The agent server 5 is based on the card information of the card member received from the franchise terminal 3 who has participated in the business of using the network checkout assistance device 1, and the card number of the card member is issued. The issuing bank 'sends the card information to the authentication server 7 of the specific issuing bank, and asks whether the card member is a member who accepts the commercial transaction service using the network checkout assistance device 1 (the authentication can be confirmed) (S 30). In the intermediary server 5 of the embodiment, the card issuing bank identification information for identifying the issuing bank is stored, and the intermediary server 5 searches for the issuing bank identification information based on the received card information, and the specific departure card bank. In other words, the intermediary server 5 of the present embodiment does not directly perform the authentication execution confirmation, but performs the affiliate store authentication, and based on the card information received from the affiliate store terminal 3, specifies the card number of the cardmember to be issued. The card issuing bank transmits the card information to the authentication server 7 of the specific issuing bank, and is responsible for transmitting the result of the authentication execution received from the authentication server 7 to the affiliate terminal 3. In addition, in the present embodiment, although the intermediary server 5 is a server operated by a credit card organization, it may be provided by each affiliate store terminal 3. In this case, the authentication server may be directly connected from the affiliate store terminal 3 to the authentication server. 7. A request for confirmation of the execution of the certification. Further, the franchise store authentication can be performed on the authentication server 7. The authentication server 7 performs the holding of the card information received by the intermediary server 5 by checking whether the card information received from the intermediary server 5 has been registered in the authentication server 7. -32- (30) 1304190 Whether it is the confirmation of the card member who has accepted the commercial transaction service using the network checkout assistance device 1 (the authentication execution can be confirmed), and the result is returned to the agent server 5 (S40). Further, if the result of the authentication execution is confirmed, it is "OK" if the card information received from the intermediary server 5 is registered in the authentication server 7, and "No" if it is not registered. Then, the intermediary server 5 | that has received the authentication execution confirmation result transmits the result to the affiliate store terminal 3 (S50). When the certificate execution of the card member is confirmed as "OK", it means that the card member accepts the commercial transaction service using the network checkout assistance device 1, so the franchise terminal 3 enters to perform the The process of the card certification member's own certification requirements (S60). Specifically, the affiliate store terminal 3 transmits the URL/information of the authentication server 7 of the issuing bank that has confirmed the execution result of the authentication to the member terminal 2 and also performed the authentication before the transmission. • The member terminal 2 that has received the authentication request from the affiliate store terminal 3 accesses the same authentication server 7 previously accessed by the intermediary server 5 based on the received URL, and performs authentication request (S 70) . In addition, the flow of the S70 is performed in a series of manners from the S60; it can be implemented by using a re-directing function commonly used as a browser for a personal computer or a mobile phone used by the member terminal 2, so that the card member does not have In the sense, the process of processing can be automatically performed inside the member terminal 2. The authentication server 7 prompts the member terminal 2 to prompt the transmission of the one-time password and performs authentication of the card member by -33-(31) 1304190 based on the one-time password received from the member terminal 2 (S80). Specifically, the authentication server 7 receives the card information and the order information from the accessed member terminal 2, and confirms whether the card member having the card information has just passed through the intermediary server 5 from the affiliate terminal 3 Cardholders who can be confirmed by the certification implementation. This confirmation is to leave a log of the card information of the card member received from the intermediary server 5 before the scheduled time, and confirm whether the card information of the card member received from the member terminal 2 is before the scheduled time. The card information left in the log is consistent. In addition, the order information may be sent from the member terminal 2, but may be designed to be sent from the franchise terminal 3 through the intermediary server 5 to the authentication server 7 in the process of S20, 30; or When the URL information of the authentication server 7 is transmitted from the affiliate terminal 3 to the member terminal 2, it is transmitted together, and when the member terminal 2 accesses the authentication server 7, it is transferred to the authentication server 7. Further, the authentication server 7 performs the confirmation that the card member of the member terminal 2 that has been accessed and the card member who has received the authentication execution from the affiliate store terminal 3 are the same, and may not only use the card. The information can be checked, and the order information can be received from both the member terminal 2 and the franchise terminal 3 (directly or through the intermediary server 5), and the information is checked as soon as possible. The authentication server 7 confirms that it is an access from the network checkout assistance device 1 of the card member who has previously accepted the authentication execution request, and the authentication server 7 creates the subscription information based on the received order information. The one-time password input screen 1 Ο 1 shown in Fig. 4(b) - 34 - 1304190^ (32) is sent to the member terminal 2 having access. In the one-time password input screen 101 of Fig. 4(b), the object of the online business transaction by the card-member is displayed, that is, the name of the franchise store and the item to be ordered. The amount of the service, ordering 曰. Once the one-time password input face 1 0 1 ' is displayed on the member terminal 2, the card member is pressed, and the start button 1 2b | of the network checkout assisting device 1 is pressed. The OTP generating means 16 of the network checkout assistance device 1 generates a wait state from the one-time password upon detecting that the start key 12b is pressed, and enters the one-time password generation flow. The OTP generating means 16 reads out the common key stored in the OTP generation information storage unit 17, and counts it by the timer means 18, and sets the date data (date, month, and day) based on the date on which the start key 12b is pressed. The seconds and seconds are units of 30 seconds, encrypted with the common key to generate a one-time password, which is converted into a number of digits and displayed on the display 11. In addition to this B, the encryption method of this embodiment adopts a common key encryption method. Moreover, since the displayable number of digits of the display 1 of the present embodiment is 8 digits, the first 6 to 8 digits of the generated one-time password are displayed on the display 11. The card member inputs a one-time password displayed on the display 1 of the network check-out assisting device 1 in the password input field 1 〇 1 a displayed on the one-time password input screen 1 0 1 of the member terminal 2. And click the send button 1 〇 1 b, then the entered one-time password will be sent to the authentication server 7. In addition, after the input of the one-time password is completed, the card member can press the start button 1 2b of the -35- (33) 1304190 network checkout auxiliary device 1 to make the display 11 of the network checkout auxiliary device 1 The one-time password displayed becomes non-display, which is ideal from the viewpoint of security. At the same time, the power is also turned off, which is ideal in terms of power saving. The authentication server 7 that receives the one-time password from the member terminal 2 is first checked by the identification number of the member terminal 2 or the like, or is the one-time password input screen that is generated and transmitted by the member terminal 2 individually. There is a reply to confirm whether the member terminal 2 is the other party who has just requested a one-time password. After the confirmation, the authentication server 7 extracts the card information of the card member received from the OTP based on the card information required to receive the one-time password, and extracts the common key registered with the card number and authenticates. The date data (year, month, day, second, and second is 30 seconds) formed by the server 7 receiving the one-time password from the member terminal 2, and encrypted by the common key to generate a one-time password and convert it Into a decimal number. In addition, the encryption method of this embodiment adopts a common key encryption method. In this way, the authentication server 7 confirms whether or not the one-time password generated by the authentication server 7 coincides with the one-time password previously received from the member terminal 2. If it is the same, it can be proved that the one-time password is a one-time password which is made almost at the same time by the common key stored only in the network checkout auxiliary device 1 and the authentication server 7. In other words, the operator who sends the one-time password to the member terminal 2 of the authentication server 7 is the common key used when the one-time password is generated, and the network in which the card information associated with the common key is stored.路-36- (34) 1304190 The operator of the checkout assistance device 1; and is the card member who can use the card information, whereby the confirmation of the card member who requested the online business transaction is carried out . In addition, the one-time password generating means is the date used by the network checkout assisting device 1 when generating the one-time password, and the authentication server 7 is used to generate the one-time password when using the time synchronization method of the embodiment. In the later period, the system is not necessarily strictly the same. Therefore, considering that the one-time password is generated from the authentication server 7, the card member presses the start button 12b of the network checkout assistance device 1, and the network checkout assistant 1 The time difference until the one-time password is generated. In the present embodiment, the second resolution of the date data is set to 30 seconds. However, the authenticity of the cardmember can only be recognized if the one-time password generated by the two is identical. The card member presses the start button 1 2b of the network checkout aid 1 to generate a one-time. The password is such that if the period until the authentication server 7 receives the one-time password from the member terminal 2 is more than 30 seconds, the one-time password will be inconsistent, resulting in an increase in the number of unauthenticated events. On the contrary, it will damage the convenience of online business transactions. Therefore, the authentication server 7 will delay the date of the one-time password received from the member terminal 2 by N times and back to 30 seconds, even if the one-time password received from the member terminal 2 is inconsistent. The one-time password is regenerated on the authentication server 7 side, and if it coincides with the one-time password generated on the member terminal 2 side, it is considered that the card member's personal confirmation is successful. In addition, the safety of the safety is considered in advance. -37- (35) 1304190 That is, when it is desired to improve the safety accuracy, N is set to be small; when it is desired to reduce the safety accuracy and the convenience of the card member side is prioritized, N is Set it larger. The authentication server 7 transmits the authentication result of the card member due to the one-time password check to the member terminal 2 (S90). Further, specifically, the authentication server 7 transmits the URL information of the affiliate store terminal 3 to the member terminal 2 in addition to the authentication result, and transfers the authentication result from the member terminal 2 to the affiliate φ store terminal 3. The member terminal 2 that has received the authentication result transfers the authentication result (the person authentication OK and the person authentication NG) to the affiliate store terminal 3 (S100). In addition, the flow of S 1 0 0 is performed in a series of manners from S 90 as in the case of S 70; it can be realized by the redirect function of the browser of the member terminal 2, in fact, the card is allowed. The member will not be aware of the process of automatic processing within the member terminal 2. The franchise store terminal 3 receives the authentication result from the member terminal 2 and the result of the φ certificate is that when the card member is confirmed as the person (the person authenticates 0K), the authorization request of the card member is performed to the acquiring bank, so 'In addition to the transaction information generated by the card information of the card-issuing member to the acquiring bank terminal 4, and the amount of the check-out desired amount (the function of the goods and services to be ordered by the card-member), the authentication result is also sent (S 1 1 〇). In addition, the 'transaction data' can also be generated in S 1 0 from the time when the member terminal 2 has the order information and card information to be sent, and is memorized in the franchise terminal 3' read out. The acquiring bank terminal 4 specifies the card issuing source based on the credit information received from the franchise store terminal 3 and the authentication result based on the card number of the card holder member who authenticates 〇K. The issuing bank, and the transaction card information and the authentication result (s 1 2〇) to the issuing bank terminal 6 of the specific issuing bank, the card issuing bank terminal 6 receiving the transaction data and the authentication result, based on the member information not shown The member information or credit information of each member stored in the library is used to confirm whether the amount of the checkout included in the transaction data is within the credit limit of the authorized card member. If the checkout hopes that the amount is within the credit limit, then as the authorization is OK, the credit limit for the checkout wish amount will be secured. Then, the issuing bank terminal 6 sends the authorization result (authorization OK, authorization NG) to the acquiring bank terminal 4 (S 130), and then the acquiring bank terminal 4, to the franchise terminal 3, transfers the authorization result (S 140). Then, the affiliate store terminal 3, after receiving the authorization result from the acquirer bank terminal 4, notifies the member terminal 2 of the result (S 1 5 0 ). Specifically, when the authorization result is OK, the screen for the establishment of the online business transaction using the card number of the card member will be sent to the member terminal between the franchise store and the cardmember. 2, and displayed on the member terminal 2. Further, when the authorization result is NG, a screen indicating that the online commercial transaction is not established is transmitted to the member terminal 2 and displayed. Further, in the present embodiment, the personal authentication using the one-time password in the authentication server 7 is performed every time the online business transaction is performed between the member terminal 2 and the affiliate store terminal 3. In other words, the one-time password generated by the OTP generating means 16 of the present embodiment is valid only for the one-time network-39-(37) 1304190 road commercial transaction, so even if the network checkout assistance is not held The third party of the device sneaked a one-time password, and the third party still could not pretend to be a card-member to carry out the online business transaction, so the security of the business transaction could be further enhanced. [Embodiment 2] Next, for the card member who is dispatched with the network checkout assistance device 1a (not shown), the use of the network checkout assistance device 1a, from a personal computer or mobile phone having a communication function 'An example of performing an online business transaction by using the checkout of the card number of the card holder member will be described. The difference between this embodiment and the previous embodiment 1 is the one-time password generation method of the OTP generation means 16 provided in the network checkout assistance device, and the storage contents of the OTP generation information storage unit 17, and FIG. The content of the authentication process (S80, S90) between the member terminal 2 and the authentication server 7 (in this embodiment, the authentication server 7a). That is, although in the foregoing Embodiment 1, the one-time password generation method is designed in the time synchronization manner, in the present embodiment, the usage number synchronization method is employed. Along with this, in the network checkout assisting apparatus la of the present embodiment, the timing means 18 shown in Fig. 1 is replaced with the counting means 18a (not shown). Regarding the network checkout assistance device 1, 1 a and the authentication server 7, 7a, the configuration other than the above-described different points, and the processes other than S80 and S90 are the same as the embodiment shown in Figs. 1 to 3 Therefore, the detailed flow of the portions of S 80 and S 90 of Fig. 3 will be described below using Figs. 1 to 3 . -40- 1304190 (38) The OTP & information generated in the OTP generation information storage unit 17 of the present embodiment is a common key and usage information information inherent to the network checkout assistance device 1a. Composition. The common key is stored in a state in which the OTP generation information storage unit 17 is not rewritable, and is authenticated in the authentication server 7a that performs verification of the one-time password generated by the OTP generation means 16. The association corresponds to the card number stored in the card information storage unit 13. The usage count information is associated with the common key in the authentication server 7a, and is associated with the card number stored in the card information storage unit 13. In other words, these OTP generation information is stored in the authentication server 7a in association with the card number, and is authenticated in the same manner as the member terminal 2 when the authentication server 7a receives the one-time password from the member terminal 2. A one-time password is also generated on the server 7a, and by confirming whether the two are the same, the validity verification of the one-time password and the authentication of the card member can be performed. Further, the use frequency information is information that can be rewritten only when there is a rewrite command from the 0TP generation means 16 by the counting means 1 8 a, 0 times, 1 time, 2 times, such addition plus 1 After the reduction of 1 time, 99 times, and 98 times, the number of additions or subtractions will be stored in the OTP generation information storage unit 17 and the usage information will be updated. In addition, the addition or subtraction is determined in advance. Further, the counting means 18a may be included in the 0TP generating means 16, or may be different from the OTP generating means 16 and may be additionally provided with 'the latter's time - 41 - 1304190 · (39), which must be generated by the OTP. The rewriting of the information of the number of times of use of the means 16 is controlled. In S80 of Fig. 3, first, the authentication server 7a, 2 urges the one-time password transmission, and performs authentication of the card member based on the one-time password from the member. Specifically, the authentication server 7a receives the card information and the order information from the access 2, and confirms whether the card-holding member is the card member who has just passed the authentication from the franchise terminal 3 and is authenticated. . Whether or not there is a card information received from the intermediary server 5 before the scheduled time, and confirming whether the card information from the member of the member is the same as the information before the scheduled time. In addition, the order information may not be designed from the member terminal, and may be sent from the joining intermediary server 5 to the authentication server 7& or the terminal 3 to the member terminal 2 in the process of S20 and 30. The authentication server 7a is transmitted together, and is transmitted to the authentication server 7a when the member terminal 2 takes the authentication server. Further, the authentication server 7a performs the confirmation that the accessed card member and the card member who has received the authentication request from the affiliate store terminal 3 are not identical, but may be designed Receiving the order information means 1 8 a from the member terminal 2 and directly or through the intermediary server 5), so that the member terminal received by the member terminal multi-end 2 is the media server 5 of the card information, and the confirmation is scheduled to be received. The card will be sent to the card 2 in the Zhizhi 2, but the store terminal 3 can be accessed through the URL information from the affiliate store. The device 7a can perform confirmation of whether or not the member terminal 2 is to be authenticated by the card information franchise terminal 3 (and also into -42 - 1304190 (40). The authentication server 7a, once confirmed It is an access from the network checkout assistance device 1 of the card member who has previously received the authentication execution confirmation request, and the authentication server 7a creates the order information as shown in FIG. 4(b) based on the received order information. The one-time password is input to the screen 101 and sent to the member terminal 2 with access. In the one-time password input screen 101 of Fig. 4(b), the card holder will be displayed. The object of the online commercial transaction is to join. The name of the store, the item to be ordered. The amount of the service, ordering 曰. When the one-time password input screen 1 0 1 is displayed on the member terminal 2, the card member presses the start key 1 2b of the network check-out assisting device 1. The OTP generating means 16 of the network checkout assistance device 1 generates a wait state from the one-time password upon detecting that the start key 12b is pressed, and enters the one-time password generation flow. The 0TP generation means 16 6 reads the common key and the usage count information stored in the B in the 0TP generation information storage unit 7 and encrypts the usage frequency information with a common key to generate a one-time password. It is converted into a 1 digit and displayed on the display 11. Further, in the present embodiment, the one-time password information is generated using the predetermined one-time password generation algorithm to generate a one-time password. Further, since the displayable number of digits of the display 1 of the present embodiment is 8 digits, the first 6 to 8 digits of the generated one-time password are displayed on the display 11. In addition, the OTP generation information may include any other information that only the network checkout assistance device 1a and the authentication server 7a can know, in addition to the above-mentioned usage count information and the total -43-(41) 1304190 pass key. Information (for example, principle (p〇licy), etc.); at this time, the usage information, and any arbitrary information, may also be encrypted by the common key to generate a one-time password. After generating the one-time password, the OTP generating means 16 6 adds or subtracts the information of the number of times of use that has just been read, and then rewrites the information of the number of times of use of the 0TP generation information storage unit 17. , 0 update. The card member inputs a one-time password displayed on the display 1 of the network checkout assisting device 1 in the password input field 1 0 1 a displayed on the one-time password input screen 1 0 1 of the member terminal 2. And click the send button l〇lb, then the entered one-time password will be sent to the authentication server 7a. In addition, after the input of the one-time password is completed, the card member can press the start button 1 2b of the network checkout auxiliary device 1 to make the one-time password displayed on the display 1 of the network checkout auxiliary device 1. It becomes not displayed, Φ This is ideal from the viewpoint of safety. At the same time, the power is also turned off, which is ideal in terms of power saving. The authentication server 7a that receives the one-time password from the member terminal 2 is first checked by the identification number of the member terminal 2 or the like, or is the one-time password input screen 1 〇1 generated and transmitted by the member terminal 2 individually. There is a reply to confirm whether the member terminal 2 is the other party who has just requested a one-time password. After the confirmation, the authentication server 7 a ' is based on the card information received by the card member before the one-time password request is sent, and from the 0TP generation information - 44- (42) 1304190, the login is associated with the card number. The common key and usage information, and the usage information is encrypted with a common key to generate a one-time password and convert it into decimal digits. Further, in the present embodiment, the one-time password information is generated using the predetermined one-time password generation algorithm to generate a one-time password. In addition, in the O T P generation information, if any information is included, in addition to the usage information, any information will be encrypted by the common key. In this way, the authentication server 7a confirms whether or not the one-time password generated by the authentication server 7a coincides with the one-time password previously received from the member terminal 2. If it is the same, it can be proved that the one-time password is a one-time password made by the usage number information and the common key stored only in the network checkout auxiliary device 1 and the authentication server 7a. In other words, the operator who sends the one-time password to the member terminal 2 of the authentication server 7a is associated with the usage number information and the common key used in the generation of the one-time password, and the usage frequency information and the common key are associated with The card information is stored by the operator of the network checkout assistance device 1; and is the card member who can use the card information, whereby the confirmation of the card member who requests the online business transaction is carried out It is. The authentication server 7a transmits the authentication result of the card member (the person authentication OK, the person authentication NG) caused by the one-time password check to the member terminal 2, and also uses the number of times used in the generation of the previous one-time password. The information is added or subtracted by a predetermined calculation method, and the calculation result is used as the usage information in the authentication server 7a, and is rewritten and updated. -45- (43) 1304190 Further, in the one-time password generation method, even when the member terminal 2 and the operator of the network checkout assistance device 1a are legitimate card members, when the usage number synchronization method as in the embodiment is employed However, it is still possible that the usage count information used by the network checkout assistance device 1 a when generating the one-time password is different from the usage count information used by the authentication server 7 a when generating the one-time password, resulting in a one-time password. Inconsistent situation. Cardmembers, even if the network checkout assistant 1a generates a one-time p-password, it does not necessarily guarantee that it will be sent to the authentication server 7a, when the card-member is inadvertently occurring in the middle of the online business transaction. When the line is disconnected, or it may be that the network business transaction is not originally performed, the network checkout assistance device 1a is operated to accidentally generate a one-time password. In this case, the information on the number of times of use of the network checkout assistance device 1a is updated. However, the information on the number of times of use of the authentication server 7a is not updated. Therefore, the generated one-time passwords will not be identical. However, if the one-time password generated by the two is completely visible, the authenticity of the cardmember can be recognized, which will lead to an increase in the authentication NG, which will impair the convenience of online business transactions. Therefore, the authentication server 7a, when the one-time password received from the member terminal 2 is inconsistent, will still use the number-of-use information stored in the authentication server 7a within a predetermined range (for example, the usage number information +N). If the change is made internally, the one-time password is regenerated on the authentication server 7a side, and if it matches the one-time password generated on the member terminal 2 side, it is considered that the card member's personal confirmation is successful. In addition, the N system considers the accuracy of safety and determines it in advance. -46- 1304190 * (44) That is, when it is desired to improve the safety accuracy, N is set to be small; when it is desired to reduce the safety accuracy and the convenience of the card member side is prioritized, N is set larger. As described above, if the network checkout assistance device of the present invention is used for the online business transaction, when the card information is input to the card information input screen, the input information input to the network checkout auxiliary device is as long as If the authentication information stored in the network checkout assistance device is inconsistent, even if the card is held, the member itself cannot know the card information. Therefore, unlike the previous credit card whose card information is exposed, the card information is highly concealed. It can prevent the improper use of card information in online business transactions. Moreover, since the network checkout assistance device is portable, it is possible to use a mobile phone, a personal computer in a house, or a personal computer in a place to carry out a secure online business transaction regardless of where the card member is located. Increase the convenience of online business transactions. Moreover, the identity authentication of the card-members at the time of the online commercial transaction is based on whether the one-time password generated by the network check-out assistance device is consistent with the one-time password generated by the authentication server. This one-time password is inherent to the network checkout assistance device and is stored only in the network checkout assistance device and the authentication server, and is a common key that is not known to the cardmember itself. The updated usage information will be encrypted each time the periodic data or the one-time password generated by the predetermined key press is detected. That is, since it is a certification information that can only be made by a card member who is operating the network checkout assistance device, it does not hold the network checkout assistant -47-1304190. (45) The third party of the aid device is unable to fake card members to conduct online business transactions, which can further improve the security of online business transactions. Moreover, the generation of the one-time password is performed only after the card information is displayed on the network checkout auxiliary device. Therefore, the third party who does not have the network checkout assistance device only knows the card number. Cannot generate a one-time password. Moreover, even if the third party steals the network checkout assistance device, the one-time password cannot be generated without the authentication information for inputting the network checkout assistance device. In other words, since the third party can obtain the online checkout assistance device, it is impossible to fake the card member to conduct the online business transaction, so the security of the commercial transaction can be guaranteed. In addition, the method for generating the one-time password is not limited to the time synchronization method of the above embodiment, and can be performed between the network checkout assistance device and the authentication server, and can be performed by the card member having the network checkout assistance device. I can just authenticate. Moreover, since the network checkout assistance device is configured by a network disconnection type, card information, authentication information, and OTP generation information once stored in the network checkout assistance device cannot be improperly accessed. It is read out, and even the card member who is sent the network checkout assistance device cannot read it. Assume that if the network checkout assistance device is a terminal that can be connected to a personal computer or a mobile phone, etc., when a certain bad situation occurs in the connection between the network checkout assistance device and the terminal, the cause of the defect is On the network checkout assistance side or on the terminal side, such a division of responsibility will be unclear. Therefore, a network checkout aid composed of a network non-connected type, -48 - 1304190 (46), is effective for the clear division of responsibility points. Here, the system configuration and flow of the prior registration of the online business transaction in the network checkout system of the present embodiment, which is not held by the card-sending assistant of the present embodiment, is shown in Fig. 6. The card-members are accessed from the member PC to the WEB website dedicated to the card-members operated by the card company (credit card organization or card-issuing bank), and the member information (only the date of birth, Phone number, account number, etc.), and then sent to the WEB website (Figure 6, (1)). The WEB website of the card company that receives the member information accesses the basic system of the card company that has registered the member information, and entrusts the basic system to the member information received and the member information registered in the backbone system. Check (Figure 6, (2)). The backbone system sends back the verification results to the WEB website (Figure 6, (3)). If the result of the check is 〇Κ, the card holder is deemed to have successfully confirmed, and the password is registered from the WEB website to the member PC. The member PC sends the password to the WEB website (Figure 6, (4)). The WEB website that receives the password from the member PC registers the password with the authentication server 7 of the card company (Fig. 6, (5)). The password registered here is a fixed password, not a one-time password generated on the network checkout aid. In other words, when a card member who does not hold a network checkout assistance device performs network checkout on the network checkout system, the card member's authentication method can only be done by means of a fixed password; once the card number is Once the fixed password was known to a third party, then -49- 1304190 (47) The third test can fake the card member for online checkout. In addition, the card-holding member who does not hold the network check-out assistance device accesses the WEB website of the card-holding member in order to log in the password, and the password registration operation can be performed after the user has been forced to log in, so the card is held. The burden on the member side is large. Even if it is not only the burden of the card-members, even on the card company side, it is necessary to set up a WEB website for the card-members to log in to the password, and to set up a backbone system for the identity of the card-members. In addition, the 'network checkout assistant is configured to not expose the card number' and is only known to the cardmember, or the card number will be displayed only if the authentication information possessed by only the card member is entered; even because At the time of online checkout, the password used by the card holder is not a fixed password, but a one-time password. Therefore, it is extremely difficult for a third party to fake a card member to conduct online business transactions. Although the embodiment of the network checkout assistance device 1 has been described above, the phrase "is the network checkout assistance device of the present invention is not limited to the network checkout having all the constituent elements described in the above embodiment. The auxiliary device 1, but various changes and modifications can be made, and the constituent elements necessary for each purpose can be arbitrarily combined to construct the network checkout assisting device of the present invention. Further, the above-mentioned changes and modifications are of course in the scope of the patent application of the present invention, for example, 'in the embodiment, although the network checkout using the card number of the credit card is explained', as long as the network is at least used by the card number The card of the checkout, in addition to the credit card, is an embodiment of a card such as a debit card, and -50-(48) 1304190 is also within the scope of the patent application of the present invention. Moreover, in this embodiment, although it is used in a network commercial transaction using card checkout, when the card member only wants to conduct a network commercial transaction, the credit card of the previous plastic type magnetic card, 1C card, etc. is not desired. In the case of a true face-to-face transaction, the credit card may not be issued; the owner of the network checkout assistance device of the present invention does not necessarily have to hold the previous plastic type credit card. φ Further, for example, in the embodiment, the card information storage unit 1 of one network checkout assistance device 1 stores card information of one card member having one type of card information, and is authenticated information. The storage unit 15 stores one type of authentication information, but may store a plurality of card numbers in the card information storage unit 13. The authentication information at this time is a common authentication information for displaying the plural card number, and may also correspond to the card number and the authentication information respectively. The card number displayed on the display 1 is different depending on the authentication information entered. • In addition, the same or multiple card numbers, such as the mother and child credit cards, are used by a plurality of people. It is also possible to store different authentication information for each person in the authentication information storage unit 15 or to store common authentication information. Further, in the above embodiment, although the card information and the OTP generation information are described, the connection is established on the network checkout assistance device 1, 1a and the authentication server 7, 7a, respectively, but in order to prevent the card information. The eavesdropping, and the card information and the OTP to generate information, not directly or indirectly to establish a related party, is also included in the scope of the patent application. Specifically, the card-51-(49) 1304190 input by the member terminal 2 in S10 of FIG. 3 is sent to the authentication in S20 and 30 via the affiliate store terminal 3 and the intermediary server 5. The server 7, 7a, however, the authentication server 7, 7a converts the card number in the received card information into a unique number different from the card number, and transmits it via the intermediary server 5 To the franchise terminal 3 (in S4〇, 50). Even this unique number is sent from the affiliate terminal 3 to the member terminal 2, and is transmitted to the authentication servers 7, 7a (in S60, 70) via the member terminal 2. The authentication server 7, 7a receiving the unique number converts the unique number into a card number by converting the unique number into a card number, and the 〇TP to which the converted card number is associated is converted by the opposite conversion rule when the card number is initially converted into a unique number. . Generate information for the generation of one-time passwords. In this way, by establishing a unique number other than the card number and the card number and the OTP generation information, except for the card numbers in S10, S20, and S30, there is no card number circulation on the network 9a, so the card number is eavesdropped. The possibility of φ is greatly reduced, contributing to the improvement of safety. Further, in the above description, the member terminal 2 transmits card information to the affiliate store terminal 3, and the authentication servers 7, 7a are based on the request from the affiliate store terminal 3, and are in S80 of Fig. 2 The case where the card holder is authenticated by himself is 'but the present invention is not necessarily limited thereto. For example, the authentication server 7 may be accessed by the member terminal 2, and then the authentication server 7, 7a transmits the authentication information input screen dedicated to the card member to the member terminal 2, based on the input to the authentication input screen. The card information and the one-time password are authenticated by the card member between the member terminal 2 and the authentication server 7, -52- (50) 1304190 7 a; after the result is confirmed to be the person, the specified condition (for example Within the predetermined time, the predetermined number of times, the designated franchise store, etc., the member terminal 2 accesses the website of the franchise terminal 3 to conduct an online business transaction. In other words, the network checkout assistance device of the present invention is basically designed to be used by the card holder member for authentication between the member terminal 2 and the authentication server 7, 7a on the card company side, and is authenticated. After that, it is possible to actually conduct a network commercial transaction in the website of the affiliated store, etc.; it is not necessarily the premise of the personal authentication commission from the affiliate store terminal 2. The means and database in the present invention are divided only by logically distinguishing their functions, and may be physically or in fact in the same field. It is also possible to replace the database with a data file, and the data file is also included in the database. In the above embodiment, although the terminal or server on the network checkout system is described, the credit card organization (the main body of the commercial transaction service) and the card issuing bank (the acquisition of the card member and the issuance of the card to the card member) ), the acquiring bank (acquisition of the franchise store · contract. The management entity) and the franchise stores operate separately. However, these are only differences in mourning and roles. In reality, there will be cases where the issuing bank and the acquiring bank are the same, or there are credit card organizations and card issuing banks. The case where the acquiring bank is the same. Therefore, for example, in the present specification, the network checkout assistance device 1, 1 a is not limited to being distributed from the issuing bank. Moreover, the provider of the network checkout system does not necessarily have to be a credit card organization. Further, the issuing bank terminal 6 and the authentication server 7, 7a and the acquiring bank terminal 4 may be the same -53 - 1304190 * (51). Also, any of the intermediary server 5, other terminals, or servers may be the same. Further, when the present invention is implemented, a memory medium on which a program for realizing the function of the present embodiment is recorded is supplied to the system, and the program stored in the memory medium is read and executed by the computer of the system. . At this time, the program read from the memory medium itself realizes the function of the morphological state, and the memory medium that memorizes the program constitutes the present invention. As the memory medium for supplying the program, for example, a disk, a hard disk, a compact disk, an optical disk, a magnetic tape, a non-volatile memory card, or the like can be used. Moreover, not only the function of the above-described embodiment is implemented by executing a program that has been read by a computer, but part or all of the actual processing by the operating system in operation on the computer is based on the instruction of the program. The case where the processing is performed by this processing is also encompassed by the present invention. • Even the program read from the memory media is written based on the non-volatile or volatile memory that is inserted into the function expansion board of the computer or the function expansion unit connected to the computer. The instruction of the program 'partial or all of the actual processing by the arithmetic processing unit provided by the function expansion board or the function expansion unit, and the function of the pre-recording embodiment is also covered by the processing. In the invention. BRIEF DESCRIPTION OF THE DRAWINGS [Fig. 1] A configuration diagram of the appearance of an internet checkout assisting device of the present invention and an electrical configuration of an electric hard-54-(52) 1304190. [Fig. 2] A schematic diagram of the connection of the network checkout system using the network checkout assistance device. [Fig. 3] A diagram showing an example of a processing flow of a network commercial transaction in a network checkout system. [Fig. 4] A diagram showing an example of a screen displayed on a member terminal in the processing flow of a network commercial transaction in the network checkout system. Fig. 5 is a diagram showing the operation procedure of the network checkout assisting device of the present invention and the screen migration of the display. [Fig. 6] A network connection check system for a network checkout assistance device that is not used by a card member, and a system connection diagram necessary for the password registration required for the card member's own authentication. [Description of main component symbols] I: Network checkout assistance device 1: Frame II: Display 12: Key operation unit 12a: Number key 12b: Start key 1 3: Card information storage unit 1 4: Authentication means 1 5 : Authentication information storage unit 16: OTP generation means-55- (53) 1304190 17 : OTP generation information storage unit 1 8 : |10 o'clock means 1 9 : drive power supply 2 : member terminal 3 : franchise store terminal 4 : acquiring bank Terminal 5: Intermediary Server 6: Issuer Bank Terminal 7: Authentication Server 9a: Network 9 b • Private Line - 56