JP2007133515A - Card authentication method and card authentication system performing user use authentication in terminal device associated with card - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a card authentication system allowing confirmation of intention of a person oneself of card use, allowing confirmation of intention of the person oneself even about use of a card lent to a third party thereby, and allowing certain acquisition of use permission/non-permission of a parent or the like in a position of monitoring even in a specific related person-dedicated card such as a family card. <P>SOLUTION: At least a card number is received from a settlement terminal used with the card, a mail address associated with the card number is retrieved from a customer database, and an electronic mail including a Web address of a settlement permission/non-permission input screen is transmitted to a terminal device. A Web server receiving non-permission notification from the terminal device accesses a card database, and writes a flag of the use non-permission of the card to the card number. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a technique that is effective when applied to use authentication on the user side when using a bank card, credit card, prepaid card, or the like.

  When performing credit card payment at a store, when the credit card number is input to the CAT terminal, the terminal ID and the credit card number are notified to the card company server, and the credit result or the settlement result is notified to the CAT terminal or the store side. It was like that.

  At this time, the identity of the credit card owner is confirmed on the store side, but the identity of the store clerk and a simple identity confirmation such as a telephone number cannot be completely prevented from being illegally used by others.

  In addition, due to such difficulty in identity verification, a third party other than the principal cannot be allowed to use the card.

  Further, depending on the credit card company, a credit card may be issued only when there is a specific relationship with the person, such as a family card for a minor (a card for specific parties).

  In the case of such a family card, the usage limit is often limited, but the parent could not check whether or not the card can be used every time a minor such as a child uses the card.

  As described above, in conventional card payments, (1) certainty of identity verification, (2) difficulty in lending a card to a third party, (3) permission for individual payment of cards for specific parties The difficulty of disapproval was mentioned.

  The present invention has been made in view of these points, can surely perform the intention of the card use, thereby confirming the intention of the person also about the use of the card lent to a third party, Furthermore, it is a technical problem to realize a card authentication system by a user that can reliably obtain permission / non-permission of use by a parent who is in a position to monitor even a card for a specific party such as a family card.

In order to solve the above problems, the present invention employs the following means.
Claim 1 of the present invention is a card authentication method for permitting / disallowing card settlement, wherein the management server receives at least a card number from a settlement terminal using the card, Searching the customer database for the email address associated with the card number received in step, the management server notifying the email server of the email address retrieved above, and the email server responding to the email address A step of transmitting an e-mail including a web address of an input screen for inputting settlement permission / denial information to the terminal device, and the terminal device receiving the e-mail accesses the web address to access the settlement A step of notifying permission / non-permission information, and a Web server that has received the permission / non-permission information notified above. There is a card authentication method for performing user authentication using the terminal apparatus associated to the card database comprising a step of writing the flag of card use is permitted or not with respect to the card numbers to access, the card.

  In this way, the user confirms the use of the card with a terminal device (for example, a mobile phone terminal) or the like, and notifies whether it is legitimate use (permitted) or unauthorized use (not permitted). be able to. That is, even if the card is used without the user's knowledge, the user can surely grasp the card usage, so that unauthorized use of the card that is not based on the intention of the user can be prevented more reliably.

  According to a second aspect of the present invention, the management server receives a terminal ID together with a card number from a payment terminal using a card, store information corresponding to the terminal ID is registered in the card database, and the management server The card authentication according to claim 1, wherein the Web server notifies the external organization of the store information by e-mail, assuming that the card use by the settlement terminal is illegal when notified of the non-permission information from the terminal device. Is the method.

  Here, an external organization is a police or a security company, and the card information that the user has indicated to be disapproved is notified of the store information to the police etc. It can be solved.

  According to a third aspect of the present invention, a payment ID for each use of the card is attached as a parameter to a Web address included in an e-mail transmitted from the management mail server to the terminal device. The card authentication method according to claim 1, wherein the card authentication method is capable of notifying permission / non-permission information for each settlement ID.

  Since it is possible to select permission / non-permission for each payment in this way, it becomes possible to confirm the intention of each individual payment of the user. For example, even when the card is lent to a third party and used, the original card Use against the will of the owner can be prevented. In other words, since the user's intention to permit / deny each card payment can be confirmed with certainty, a card use form, which has been prohibited in the past, such as card lending becomes possible.

  In addition, for example, when family cards are issued, by setting the address of the parent's mobile phone terminal as the address of the customer database, permission is granted for each minor shopping (per payment ID). -Notification of disapproval can be made and unnecessary card use by minors can be suppressed.

  Claim 4 is an authentication method for permitting / disallowing card settlement, wherein the management server receives at least a card number from a settlement terminal using the card, and the management server receives the card received above. A step of searching the customer database for an email address associated with the number, a step of the management server notifying the application server of the email address searched above, and the application server permitting settlement for the email address A step of transmitting an application program including an input screen for inputting non-permission information to the terminal device, and the terminal device receiving the application program displays a settlement permission / non-permission input screen on the terminal device, A step of notifying settlement permission / denial information, and The management server that has received the permission / non-permission information accesses the card database and writes a card use permission / non-permission flag to the card number, and is used by the terminal device associated with the card. This is a card authentication method for performing authentication.

As described above, the notification to the terminal device can be performed by transmitting a PUSH type application program instead of mail. In this case, the basic application program may be registered in the mobile phone terminal in advance to be in a resident state, and only data such as payment ID, amount, date, etc. may be transmitted from the management server when a card payment is made.

  Claim 5 of the present invention is a card authentication system for permitting / disapproving card settlement, wherein a card terminal is input, and the card number and a mail address associated with the card terminal are transmitted. And a management server having a customer database in which is registered, and a web address of an input screen in which the management server is notified of an email address associated with a card number and inputs settlement permission / denial information to the email address. A mail server that generates an e-mail including: a terminal device that receives the e-mail, accesses the Web address, and returns the payment permission / denial information; and the permission / non-permission information received above Based on the card database that registers the card use permission / non-permission flag for the card number. It is a card authentication system.

  Thus, the present invention can be constructed as a system.

  According to a sixth aspect of the present invention, the management server or the card database further includes an advertisement database in which advertisement information associated with the store information is registered, and the management server or the Web server includes the terminal device. The card authentication system according to claim 5, wherein when the permission information is notified, the advertising information related to the store information is transmitted to the terminal device.

  As described above, when the use of the card is permitted, advertisement information based on the store information, for example, bargain sale information, chain store information, etc., is transmitted to the permitted terminal device, so that the user can enjoy purchase and service. It is possible to increase the consumption activity by providing advertisement information corresponding to the action.

  According to the present invention, as to whether or not the card can be used, the intention of the person can be surely performed, and unauthorized use can be prevented, whereby card use in a form of lending the card to a third party can be realized, It is possible to surely confirm the use permission / non-permission of a parent who is in a position to monitor even a card for a specific party such as a family card.

An embodiment of the present invention will be described with reference to FIGS. 1 and 2.
FIG. 1 is a block diagram of an authentication system according to an embodiment of the present invention, and FIG. 2 is a block diagram showing a configuration of a management server.

  As shown in the figure, this embodiment has an ATM terminal or a CAT terminal (collectively referred to as a payment terminal) into which a card is inserted in order to receive payment and services.

  When these payment terminals read the card number from the inserted card, the card number information is transmitted to the management server together with the terminal ID of the payment terminal.

Management server includes customer database (customer DB) and card database (ATM / CAT)
DB). In the customer database, a card number (card No.) is registered in association with the user's mail address. This e-mail address may be an e-mail address on the Internet belonging to a predetermined domain, or may be an e-mail address for each mobile phone terminal provided by each mobile phone company.

This customer database is preferably registered with a mail address prior to card use by the user accessing it from a mobile phone terminal or personal computer. In addition, the card company may register the user's mail address independently.

The management server is composed of a general-purpose computer system as shown in FIG.
That is, the management server has a main memory (MM), a hard disk device (HD), a display device (DISP), and a keyboard (KBD) connected by a bus (BUS) with a central processing unit (CPU) as the center. ing.

  In the authentication method described below, the central processing unit (CPU) reads a processing program (card information processing program or the like) installed on the OS of the hard disk device (HD) via the main memory (MM). This is realized by executing processing.

  In the card database (ATM / CAT DB) connected to the management server, a card number table, a terminal ID table, and a settlement ID table are registered in a database format.

  In the card number table, a card number (card No.), a settlement ID, and an unusable flag are associated and registered. Therefore, it is possible to set unusable for each card number or for each settlement ID.

  In the terminal ID table, a terminal ID, an installed store, an address / contact address are associated and registered. In this way, it is possible to search for information such as a set store from the terminal ID, and to distribute the advertising information to the police and the security company in the case of illegal use and in conjunction with the advertisement database described later in the case of legal use. ing.

  In the settlement ID table, a settlement ID, a card number (card No.), an amount, and a terminal ID are associated and registered. Therefore, the card number, amount, payment terminal, etc. used based on the payment ID can be specified.

  Although not shown in the drawing, the advertisement database stores terminal IDs or advertisement information that can be distributed for each set store. Specifically, it is bargain sale information, bargain information, etc. of the store. These pieces of information need not be registered directly in the database, and only the address (URL) where the advertisement content is stored may be registered in the advertisement database.

  The mail server has a function of generating an e-mail addressed to the e-mail address received from the management server. In this e-mail, a URL (Uniform Resource Locator) for accessing the Web server is described. ing. Note that in this URL, a settlement ID that is a target for which the user determines permission / non-permission is described as a parameter.

In the present embodiment, the terminal device is a mobile phone terminal that can be connected to the Internet, and displays the content of the received e-mail on the liquid crystal display or C-HTML (Compact Hyper).
It has a function to download and display a Web server source file described in (Text Mark-up Language).

  In this embodiment, when a mobile phone terminal receives an e-mail from a mail server and displays the URL included in the e-mail on the liquid crystal display to access the URL, the source file stored in the URL is stored in the mobile phone. It is downloaded and displayed on the terminal.

  In this source file, as shown in Fig. 1, the "Permit" and "Disallow" buttons with the text "Your credit card was used. Is displayed, and one of these buttons can be selectively input.

  When any button is selected and input, a permission / denial notification is sent to the Web server together with the settlement ID.

  The Web server that has received the permission / denial notice and the settlement ID accesses the card database. If the card is not permitted, the card is illegally used, so the unusable flag in the card number table is set to ON.

  Then, the payment ID table is accessed based on the received payment ID, and the terminal ID of the payment terminal is read. The terminal ID table is searched based on the terminal ID, the name of the installed store and the contact information are read, and the police station is notified by e-mail or the like that the card has been illegally used at these installed stores.

  In the above case, the processing procedure is when the card is illegally used. However, when the card is valid, the Web server accesses the card database and accesses the settlement ID table based on the settlement ID. The terminal ID of the payment terminal is read out. Further, the terminal ID table is searched based on the terminal ID, the installed store name and contact information are read out, the advertisement information database is accessed, the settlement is performed, and the advertisement information related to the store, such as bargain sale information, is obtained. Read and generate a mail including advertisement information through the management server and send it to the mobile phone terminal.

  Further, when the principal lends a card and the lender makes a settlement using the card at a store or the like, an e-mail is transmitted from the mail server to the cellular phone terminal of the principal for each settlement. When the person displays the URL included in the e-mail on the liquid crystal display and accesses the URL, the source file stored in the URL is downloaded and displayed on the mobile phone terminal.

  In this source file, as shown in Fig. 1, the "Permit" and "Disallow" buttons with the text "Your credit card was used. Is displayed, and one of these buttons can be selectively input.

  When any button is selected and input, a permission / denial notification is sent to the Web server together with the settlement ID.

  If a family card has been issued and the parent is an authorized person for card payment, the parent's email address is registered in the customer database, so an email is sent to the parent's mobile phone terminal. Will be sent. When the parent displays the URL contained in the e-mail on the liquid crystal display and accesses the URL, the source file stored in the URL is downloaded and displayed on the mobile phone terminal.

  In this source file, as shown in Fig. 1, the "Permit" and "Disallow" buttons with the text "Your credit card was used. Is displayed, and one of these buttons can be selectively input.

  When any button is selected and input, a permission / denial notification is sent to the Web server together with the settlement ID.

  Thus, this embodiment is also effective when a card is lent or a parent permits the use of a family card.

  INDUSTRIAL APPLICABILITY The present invention can be used for confirming the payment intention of a principal or a manager of a credit card, a bank card, a prepaid card, a point card or the like.

System configuration diagram showing an embodiment of the present invention The block diagram which shows the structure of the management server which is embodiment

Explanation of symbols

CPU Central processing unit MM Main memory BUS Bus HD Hard disk device DISP Display device KBD Keyboard

Claims (6)

A card authentication method for permitting / disapproving card payments,
A management server receiving at least a card number from a payment terminal using the card;
The management server searches the customer database for an email address associated with the card number received above;
A step in which the management server notifies the mail server of the searched email address;
A step in which the mail server transmits an e-mail including a web address of an input screen for inputting settlement permission / denial information to the terminal device, to the terminal device;
A terminal device that receives the e-mail accesses the Web address and notifies the settlement permission / denial information;
A terminal associated with a card comprising the step of the Web server receiving the permission / non-permission information notified above accessing the card database and writing a card use permission / non-permission flag for the card number A card authentication method for performing user use authentication on a device. The management server receives a terminal ID together with a card number from a payment terminal using a card,
Store information corresponding to the terminal ID is registered in the card database,
The said management server or Web server notifies the said store information to an external organization by an e-mail noting that the card | curd use by the said payment terminal is illegal when notified of non-permission information from the said terminal device. Card authentication method. A payment ID for each use of the card is attached as a parameter to the Web address included in the e-mail transmitted from the management mail server to the terminal device.
The card authentication method according to claim 1, wherein the terminal device is capable of notifying permission / non-permission information for each settlement ID by accessing a Web address. An authentication method for permitting / disapproving card payments,
A management server receiving at least a card number from a payment terminal using the card;
The management server searches the customer database for an email address associated with the card number received above;
The management server notifying the application server of the retrieved email address;
The application server transmits an application program including an input screen for inputting settlement permission / denial information to the terminal device for the email address;
The terminal device that has received the application program displays a payment permission / non-permission input screen on the terminal device, and notifies the payment permission / non-permission information.
The management server that has received the permission / non-permission information notified above accesses the card database and writes a card use permission / non-permission flag to the card number. A card authentication method for performing user use authentication on a device. A card authentication system that permits / denies card payments,
A payment terminal that inputs a card number and transmits the card number;
A management server having a customer database in which the card number and the email address associated therewith are registered;
A mail server that is notified of an e-mail address associated with the card number from the management server and generates an e-mail including a web address of an input screen for inputting settlement permission / denial information to the e-mail address;
A terminal device that receives the e-mail, accesses the Web address, and returns the payment permission / denial information;
A card authentication system comprising a card database for registering a card use permission / non-permission flag for the card number based on the permission / non-permission information received above. The management server or the card database further includes an advertisement database in which advertisement information associated with the store information is registered,
The card authentication system according to claim 5, wherein the management server or the Web server transmits advertisement information related to the store information to the terminal device when the permission information is notified from the terminal device.

Images