JP2010134884A - Proxy server for personal identification in credit settlement, personal identification system and personal identification method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a proxy server which attains personal identification of a user with high security without changing specification of a server which performs the personal identification and without applying a burden to the server when credit settlement is requested using a cellular phone, a personal identification system using the proxy server and a personal identification method. <P>SOLUTION: The personal identification same as the personal identification method to be utilized in a PC is performed also in the cellular phone by installing the proxy server which communicates with an access control server for the personal identification instead of the cellular phone, and constituting the proxy server so as to perform processing such as conversion of a file format. When the personal identification is viewed from the access control server, since what is necessary is just to perform similar communication in the PC not with the cellular phone but with the proxy server, correspondence to the cellular phone is attained without adding modification to specifications and setting of the access control server. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a proxy server used for user authentication in credit settlement using a mobile phone, a user authentication system using the proxy server, and a user authentication method.

  Purchasing merchandise and the like at electronic commerce sites using the Internet is widely performed, but credit cards are often used as a means for payment. Measures against fraudulent use become an issue when using credit cards, but when using for payment on the Internet, since the actual credit card cannot be confirmed, the card number, etc. is stolen by a third party and used illegally. Will increase the risk of impersonation.

  In order to deal with such risks, cardholders register a password for payment on the Internet in advance with the card company, and automatically access the card company's server when credit card payment is selected on the e-commerce site. In addition, a service has been provided that requires that the password entered by the user matches the registered password as a condition for approval by a credit card (for example, “Services in Non-Patent Document 1” (See Overview and How it works)

  In order to receive such services, credit card members need to register information such as passwords and personal messages used for authentication with the card company in advance (see, for example, Non-Patent Document 2). .

Online shopping authentication service, Mitsubishi UFJ Nikos Co., Ltd. DC Card website, [Search November 3, 2008], Internet <URL: http://www.dccard.co.jp/webs/3dsecure.shtml> Secure online shopping, Visa Inc.・ VISA card homepage, [Search November 3, 2008], Internet <URL: http://www.visa-asia.com/ap/jp/cardholders/security/vbv.shtml>

  By the way, in recent years, users often use a mobile phone as a terminal for electronic commerce, but the above-described user authentication using a password requires a PC (personal computer) as a terminal. The current situation is that it is limited to use and is not compatible with mobile phones.

  There are various reasons for the lack of support for mobile phones, but the technical barrier is that mobile phones have different browsers, markup languages, etc. The identification server must identify the carrier and model of the mobile phone that requires authentication, and the password entry screen must be sent in the corresponding file format, increasing the processing burden on the server. There is.

  The present invention has been made in order to cope with such problems, and even when a user requests a credit card payment using a mobile phone for a terminal, without changing the specification of the personal authentication server, The purpose of the present invention is to provide a proxy server, a user authentication system using the proxy server, and a user authentication method capable of realizing highly secure user authentication without imposing a burden on the user authentication server. Is.

  The proxy server according to the present invention that solves such a problem is a proxy server used for user authentication in credit settlement using a mobile phone, and purchases products and the like by credit settlement to a member store server. A member store server address information receiving means for receiving address information of the member store server that accepts a settlement request for purchase of the product etc. from a mobile phone operated by a user who has transmitted such purchase information, and designated in the address information A payment request transmitting means for accessing the address of the registered merchant server and transmitting a payment request for the purchase of the product, etc., and a response indicating whether or not the user authentication can be executed for the payment request. The user authentication can be executed from the member store server received from the authentication server for authentication. The user authentication server address information receiving means for receiving the address information of the user authentication server that receives the user authentication request of the user, and accessing the address of the user authentication server specified in the address information, A user authentication request transmitting unit for transmitting the user authentication request; an input screen receiving unit for receiving an output file of an input screen of an authentication key for the user authentication from the user authentication server; An input screen transmitting means for converting an output file into a file format that can be output by a mobile phone and transmitting the file to the mobile phone, and an authentication key input to the screen output from the output file from the mobile phone From the authentication key receiving means, the authentication key transmitting means for transmitting the authentication key to the personal authentication server, and the personal authentication server, the A personal authentication result receiving means for receiving the user authentication result by the authentication key; and a personal authentication result transmitting means for transmitting the user authentication result to the member store server. It is a proxy server for

  In the present invention, the specification of the personal authentication server is changed by a proxy server that communicates with the personal authentication server in place of the mobile phone, or the personal authentication server is changed to a mobile phone carrier or terminal model. Even without sending a corresponding output file, it is possible to realize highly secure user authentication. The proxy server sends a payment request to the merchant server on behalf of the mobile phone, communicates with the user authentication server required for user authentication, and outputs an authentication key input screen for user authentication. Has a function to convert to a file format that can be output by a mobile phone.

  Further, in the present invention, the member store server address information receiving means is assigned to the payment request for purchase of the product or the like as the address information of the member store server that accepts the payment request for purchase of the product or the like. 1 is received, and the member store server associates the identification information of the user, which is received as the purchase information, with the inquiry about whether or not the user authentication can be executed, in association with the first address information. Memorizing and receiving the settlement request, specifying the user identification information associated with the first address information and inquiring the user authentication server whether or not the user authentication can be executed. It can also be a feature.

  With this configuration, since the address when accessing the member store server is different for each payment request for the purchase of a product, the member store server requires a payment request for any product received from the mobile phone. Can be identified immediately.

  In this configuration, according to the present invention, the member store server address information receiving means uses the merchandise server address information as address information of the member store server that accepts the user authentication completion notification in addition to the first address. When the second address assigned to the payment request related to the purchase of the user is received and the personal authentication result received by the personal authentication result receiving means indicates that the user is authenticated, Completing notification transmitting means for transmitting information for transmitting a personal authentication completion notification to the second address in the mobile phone, wherein the member store server is authenticated to be the personal authentication. When the result and the notification of completion of the personal authentication are received, processing necessary for credit settlement related to the purchase of the product or the like may be executed.

  With this configuration, it is possible to execute processing necessary for credit settlement at the member store server based on notification from the mobile phone operated not only by the proxy server but also by the user and received from the proxy server. It is possible to easily specify the completion notification of the personal authentication received from the mobile phone corresponding to the personal authentication result.

  Further, in the present invention, the member store server address information receiving unit receives the identification information of the purchase information assigned to the purchase information, and the settlement request transmitting unit is configured to specify the purchase information identification information. By transmitting a settlement request, the member store server associates the identification information of the user necessary for inquiring whether or not to execute the user authentication received as the purchase information with the identification information of the purchase information. When the payment request is received, the identification information of the user associated with the identification information of the purchase information specified in the payment request is specified, and whether or not the user authentication can be executed is determined. The authentication server may be inquired.

  With this configuration, it is possible to easily specify which of the products received from the mobile phone the settlement request for purchase of the product is for the purchase information identification information as a key. Become.

  In this configuration, according to the present invention, the member store server address information receiving unit receives the address information of the member store server that accepts the user authentication completion notification, and the person authentication result receiving unit receives the person If the authentication result indicates that the user is authenticated, the purchase information identification information is specified in the mobile phone address of the member store server specified in the address information. Completion notification transmission means for transmitting information for transmitting the completion notification of the personal authentication is provided, and the member store server sends the result of the personal authentication that has been authenticated as the user and the completion notification of the personal authentication. When received, the processing necessary for the credit settlement related to the purchase of the product or the like may be executed.

  With this configuration, it is possible to execute processing necessary for credit settlement at the member store server based on notification from the mobile phone operated not only by the proxy server but also by the user and received from the proxy server. It is possible to easily specify the completion notification of the personal authentication received from the mobile phone corresponding to the personal authentication result.

  The present invention can also be specified as a personal authentication system and a personal authentication method using the proxy server according to the present invention.

  An identity authentication system using a proxy server according to the present invention is a principal comprising a member store server that accepts a request for credit payment from a mobile phone and a proxy server used for user authentication in credit payment using a mobile phone. In the authentication system, the member store server includes purchase information receiving means for receiving purchase information related to purchase of a product or the like by credit settlement from a mobile phone operated by a user; The member store server address information transmitting means for transmitting the address information of the member store server that accepts a payment request for purchase, and the proxy server receives access to the address specified in the address information, A payment request receiving means for receiving a payment request for purchase; The identity authentication server that inquires the identity authentication server that performs identity authentication in the credit settlement and receives the response that the identity authentication of the user can be executed, and accepts the identity authentication request of the user. Member authentication server address information transmitting means for transmitting server address information to the proxy server, wherein the proxy server receives address information of the member store server from the mobile phone. A receiving means, a payment request transmitting means for accessing the address of the member store server designated in the address information and transmitting a payment request for purchase of the product etc., and the member authentication server from the member authentication server. A personal authentication server address information receiving means for receiving the address information; and a personal authentication server specified in the address information. And an authentication key input screen output file for authenticating the user's identity is received from the identity authentication request transmitting means for transmitting the user's identity authentication request and the identity authentication server. Input screen receiving means, input screen transmitting means for converting the output file into a file format that can be output by a mobile phone, and sending the file to the mobile phone; input from the mobile phone to the screen output from the output file An authentication key receiving means for receiving the authentication key, an authentication key transmitting means for transmitting the authentication key to the personal authentication server, and a user authentication result of the user using the authentication key from the personal authentication server. A personal authentication result receiving means; and a personal authentication result transmitting means for transmitting the personal authentication result to the member store server. It is a proof system.

  In the identity authentication system according to the present invention, in the member store server, the member store server address information transmission means may use the member or the like as address information of the member store server that accepts a payment request for the purchase of the item or the like. The user authentication server address information transmitting means transmits the first address assigned to the payment request related to the purchase of the user, and the user authentication server address information transmitting means is used for inquiring whether or not the user authentication can be executed as the purchase information. The user identification information is stored in association with the first address information, and when the settlement request is received, the user identification information associated with the first address information is designated and the user is designated. The identity authentication server may be inquired as to whether or not the identity authentication can be executed.

  In the member store server, the member store server address information transmitting means purchases the product or the like as the address information of the member store server that receives the user authentication completion notification in addition to the first address. A second address assigned to the settlement request is transmitted, and the member store server authenticates the identity from the proxy server and the identity authentication result from the mobile phone. Upon receipt of the completion notification, it comprises a payment processing execution means for executing processing necessary for credit payment related to the purchase of the product, etc., and in the proxy server, the member store server address information transmission means is provided from the mobile phone. The proxy server receives the second address, and the proxy server recognizes that the identity authentication result received by the identity authentication result receiving means is the identity. In the case of indicating that the information has been received, the mobile phone is provided with a completion notification transmitting means for transmitting information for causing the second address to transmit a notification of completion of personal authentication. You can also.

  Furthermore, in the user authentication system according to the present invention, in the member store server, the member store server address information transmitting means transmits identification information of purchase information assigned to the purchase information, and transmits the person authentication server address information. The means stores the user identification information necessary for inquiring whether or not the user authentication can be executed received as the purchase information in association with the purchase information identification information, and receives the settlement request. Then, by specifying the user identification information associated with the identification information of the purchase information specified in the payment request, the user authentication server is inquired of whether or not the user authentication can be executed, and the proxy server, The member store server address information receiving means receives the purchase information identification information, and the settlement request transmission means is the purchase information identification information. It may be characterized to transmit the specified the payment request.

  In the member store server, the member store server address information transmitting means transmits the address information of the member store server that accepts the completion notification of the user authentication, and the member store server receives the principal from the proxy server. A payment processing execution means for executing processing necessary for credit payment related to the purchase of the product or the like upon receipt of the personal authentication result that has been authenticated and the notification of completion of the personal authentication from the mobile phone. In the proxy server, the member store server address information receiving means receives address information of the member store server that accepts the user authentication completion notification, and the proxy server receives the user authentication result. When the identity authentication result received by the means indicates that the identity is authenticated, the mobile phone Completion notification transmission means is provided for transmitting information for transmitting a personal authentication completion notification in which the identification information of the purchase information is specified to the address of the member store server specified in the dress information. You can also.

  A personal authentication method using a proxy server according to the present invention is executed by a member store server that accepts a request for credit payment from a mobile phone and a proxy server used for user authentication in credit payment using a mobile phone. A purchase information receiving step in which the member store server receives purchase information related to purchase of a product or the like by credit settlement from a mobile phone operated by a user; and the member store server A member store server address information transmission step of transmitting to the mobile phone address information of the member store server that accepts a settlement request for purchase of the product etc., and the proxy server sends the address of the member store server from the mobile phone. A merchant server address information receiving step for receiving information, and the proxy server includes the address information. A payment request transmitting step of accessing the address of the member store server specified in the above and transmitting a payment request for purchase of the product, etc., and the member store server is specified in the address information from the proxy server A payment request receiving step of receiving an access to an address and receiving a payment request for purchase of the product, etc., and the member store server determines whether or not the user authentication can be executed for the payment request. When an inquiry is made to the user authentication server that performs authentication and a response indicating that the user authentication can be executed is received, the address information of the user authentication server that accepts the user authentication request is sent to the proxy server. And transmitting the personal authentication server address information to be transmitted, and the proxy server receives the personal authentication from the member store server. A personal authentication server address information receiving step for receiving the server address information, and the proxy server accessing the user authentication server address specified in the address information and transmitting the user authentication request An authentication request transmission step, an input screen receiving step in which the proxy server receives an output file of an input screen of an authentication key for user authentication from the personal authentication server, and the proxy server outputs the output An input screen transmission step of converting a file into a file format that can be output by a mobile phone and transmitting the file to the mobile phone, and an authentication input from the mobile phone to the screen output from the output file by the proxy server An authentication key receiving step of receiving a key; and the proxy server transmitting the authentication key to the personal authentication server. A certificate key sending step, the proxy server receiving a user authentication result receiving the user authentication result by the authentication key from the user authentication server, and the proxy server in the member store server, A personal authentication result transmitting step of transmitting a personal authentication result.

  Further, in the identity authentication method according to the present invention, in the member store server address information transmitting step, the member store server receives the settlement request for the purchase of the product etc. as the address information of the member store server, and the product etc. The first address assigned to the payment request related to the purchase of the user is transmitted, and the member store server receives the user identification information necessary for the inquiry about whether or not the user authentication can be performed received as the purchase information. Is stored in association with the first address information, and when the settlement request is received in the identity authentication server address information transmission step, the user identification information associated with the first address information is stored. It may be characterized in that the user authentication server is inquired of the user authentication server as to whether or not the user authentication can be executed.

  In the member store server address information transmission step, in addition to the first address, the member store server purchases the product or the like as address information of the member store server that accepts the user authentication completion notification. The second address assigned to the settlement request is transmitted, and in the member store server address information transmitting step, the proxy server receives the second address from the mobile phone, and the proxy server When the personal authentication result received in the personal authentication result receiving step indicates that the personal authentication result is authenticated, the mobile phone is caused to transmit a personal authentication completion notification to the second address. Sending a notification of completion, and the member store server is authenticated to be the principal from the proxy server And a payment processing execution step for executing processing necessary for credit payment related to the purchase of the product or the like upon receipt of the personal authentication result and a notification of completion of the personal authentication from the mobile phone. You can also.

  Further, in the identity authentication method according to the present invention, in the member store server address information transmission step, the member store server transmits identification information of purchase information assigned to the purchase information, and receives the member store server address information. In the step, the proxy server receives the identification information of the purchase information, and in the payment request transmission step, the proxy server transmits the payment request in which the identification information of the purchase information is specified, and the member store The server stores, in association with the purchase information identification information, the user identification information necessary for inquiring whether or not the user authentication can be performed as the purchase information, and stores the user authentication server address. In the information transmission step, when the payment request is received, it is associated with the identification information of the purchase information specified in the payment request Wherein the executability of specifying the identity of the user the user's personal authentication may be characterized in that inquiry to the authentication servers.

  In the member store server address information transmission step, the member store server transmits address information of the member store server that accepts the user authentication completion notification, and in the member store server address information reception step, the proxy The server receives the address information of the member store server that receives the completion notification of the user authentication, and the proxy server is authenticated that the user authentication result received in the user authentication result receiving step is the user. In order to cause the mobile phone to transmit a notification of completion of identity authentication in which the identification information of the purchase information is designated to the address of the member store server designated in the address information. A completion notification transmission step of transmitting information, and authentication that the member store server is the principal from the proxy server A payment processing execution step for executing processing necessary for credit payment related to the purchase of the product or the like upon receiving the personal authentication result and a notification of completion of the personal authentication from the mobile phone. It can also be.

  According to the present invention, even when a user uses a mobile phone as a terminal to request credit settlement, a highly secure user without changing the specification of the personal authentication server and placing a burden on the personal authentication server Can be realized, and the safety of electronic commerce by credit settlement using a mobile phone can be improved.

  The best mode for carrying out the present invention will be described below in detail with reference to the drawings. In addition, the following description shows an example of embodiment of this invention, Comprising: The structure of this invention is not limited to embodiment shown below.

  FIG. 1 is a diagram showing an overall configuration of a personal authentication system in credit settlement using a PC as a premise of the present invention. FIG. 2 is a diagram showing an overall configuration of a personal authentication system in credit settlement using a mobile phone according to the present invention. FIG. 3 is a block diagram showing the configuration of the personal authentication system according to the present invention. FIGS. 4 to 12 are first to ninth diagrams showing a procedure of identity authentication by the identity authentication system according to the present invention, respectively. FIG. 13 is a diagram showing an example of a password input screen transmitted from the access control server in the present invention. FIG. 14 is a diagram showing an example of a password input screen displayed on the mobile phone after the file format is converted in the proxy server in the present invention.

  A personal authentication method using a personal authentication system in credit settlement using a PC (personal computer), which is a premise of the present invention, will be described with reference to FIG. A user who is a credit card member connects to the Internet using a PC and accesses a merchant server of a credit card operated as an electronic commerce site. When the user decides on a product to purchase on the electronic commerce site and selects to settle the purchase price with a credit card, the credit card card number, expiration date, etc. are entered from a predetermined input screen.

  The merchant server accepts the card number of the entered credit card, etc., and whether the card number entered by the user can be used for identity authentication (whether the password required for authentication is registered, etc.) ) Is transmitted to the access control server (person authentication server) for authenticating the credit card member, and a credit card inquiry request is made.

  Credit card members who wish to use credit settlement on the Internet register passwords and the like necessary for personal authentication in advance, and these pieces of information are stored as individual card information in the access control server. The access control server refers to this to confirm whether the credit card can be authenticated, and returns the confirmation result to the member store server. At this time, when an authentication request is received from the PC operated by the user, an identification key is assigned to the request received from the member store server and stored in association with the card number so that the corresponding credit card can be identified. The identification key is returned to the member store server together with the confirmation result.

  In the member store server that has received the confirmation result, if the credit card can be settled, a link for allowing the user's PC to access the access control server in order to request user authentication. Is displayed on the screen of the PC.

  The link method is not particularly limited, but when the link of the authentication request on the Web page of the member store server is pressed, the access control server may be accessed to pop up the authentication screen, or the access control server It is also possible to transition to the authentication screen. Here, the identification key issued by the access control server is embedded in the link to the access control server, and the identification key is automatically added to the authentication request transmitted from the user's PC to the access control server. It is set to be.

  In the access control server that has received the authentication request, the card number stored in association with the identification key is specified from the identification key received together with the authentication request. If a member store server receives information such as a code for identifying a member store together with a card number and information such as the usage amount and stores it in association with an identification key, it will be registered here together with the card number. The store and the usage amount are also specified, and a screen for allowing the user to input a password for personal authentication as shown in the example of FIG. 13 can be generated.

  The input screen generated by the access control server is transmitted to the user's PC, and when the input screen is displayed on the PC, the user inputs a password for personal authentication registered in advance. The password entered on the authentication screen is transmitted to the access control server, and the user is authenticated by collating it with a password registered in advance as card information in the access control server.

  The authentication result by the password verification at the access control server is transmitted from the access control server to the user's PC, and further transmitted from the PC to the member store server. As for the authentication result, generally, an electronic signature is transmitted in the access control server.

  When a merchant server accepts an authentication result indicating that the password is the same and the user is authenticated, the merchant server requests the sales authorization from the credit card company's authorization system by specifying the usage amount etc. The authorization message to be sent is sent via the authorization network. If an authentication result indicating that the user is not authenticated because the passwords do not match is accepted, the purchase process by credit settlement is canceled and the user's PC is notified that credit settlement cannot be performed. To do.

  In the personal authentication method by the personal authentication system in the credit settlement as the premise of the present invention described above, a PC is used as a terminal used by the user. On the other hand, mobile phones are increasingly used as terminals for electronic commerce recently, and the same authentication method can be used even when using mobile phones to ensure the safety of transactions. Is preferred.

  However, in mobile phones, browsers and supported markup languages may differ depending on the carrier and model, so when trying to use the above-mentioned personal authentication method, the access control server that performs personal authentication requires personal authentication. The mobile phone carrier and model must be identified, and the password input screen must be sent in the corresponding file format. For this reason, since the processing load on the server side becomes heavy, the correspondence to mobile phones has not progressed.

  Therefore, in the present invention, as shown in FIG. 2, a proxy server (proxy server) that communicates with the access control server for personal authentication is installed instead of the mobile phone, and the file format is converted in the proxy server. By configuring so as to perform the above process, the above-described identity authentication method can be applied to mobile phones. From the point of view of the access control server, it is only necessary to perform communication similar to that of a PC with a proxy server, not a mobile phone, so the mobile phone can be used without any changes to the specifications and settings of the access control server. Can be supported.

  The configuration of the personal authentication system according to the present invention will be described with reference to FIG. The identity authentication system according to the present invention includes a proxy server 20 that communicates with the access control server 40 in place of the mobile phone 10 operated by the user, and a member store server 30 that performs predetermined processing in cooperation with the proxy server 20. It consists of some functions.

  The specifications and configuration of the mobile phone 10 are not particularly limited, but at least a browser 11 for connecting to the Internet is provided, and a user operates the mobile phone 10 to operate an electronic commerce site. The server 30 purchases products and the like.

  The proxy server 20 is a computer having a browser function connected to the Internet. The settlement request control unit 21, the file conversion unit 22, and the authentication control unit 23 are all functionally specified, and an application program for realizing each function is a main computer of the proxy server 20. Each function is realized by being read out to a memory area such as a memory and performing arithmetic processing by the CPU.

  The member store server 30 is a computer connected to the Internet and capable of communicating with the mobile phone 10 and the proxy server 20, and includes a purchase information reception unit 31, a payment request control unit 32, and an authentication result reception unit 33. Each of these units is functionally specified, and an application program for realizing each function is read into a memory area such as a main memory of a computer constituting the member store server 30, and is read by the CPU. Arithmetic processing is executed to realize each function.

  The access control server 40 is a computer connected to the Internet and capable of communicating with the proxy server 20, and includes a settlement request control unit 41, an input screen transmission unit 43, a password verification unit 44, and an authentication result transmission unit 45. Yes. Each of these units is functionally specified, and an application program for realizing each function is read into a memory area such as a main memory of a computer constituting the access control server 40, and is read by the CPU. Arithmetic processing is executed to realize each function.

  The card information storage unit 42 of the access control server 40 is assigned a predetermined storage area of the HDD of the computer and stores information such as a credit card number and a password registered by the user. It may be provided in a database server or the like different from the computer to be executed.

  The card company authorization system 50 is a system on the card company side that accepts a payment request from the member store server 30 and performs processing for credit payment, and its configuration is not particularly limited.

  The payment request from the member store server 30 to the card company authorization system 50 is not required to authenticate the user with a password or the like. The conventional method is to accept the payment request to the card company with the verification that the credit card is authorized by the card company authorization system 50. The function for executing the personal authentication in the member store server 30 is added to the function of the conventional member store server 30, and the functions of the settlement request control unit 32 and the authentication result reception unit 33 are functions of the Web server. It is provided as an MPI (merchant plug-in) that is an application that operates in conjunction with the.

  Based on the above configuration, the procedure and operation of personal authentication by the personal authentication system according to the present invention will be described with reference to FIGS.

  As shown in FIG. 4, a user who wants to purchase a product or the like by electronic commerce activates the browser 11 of the mobile phone 10 to connect to the Internet and access the member store server 30. When a user selects a product or the like that he / she wants to purchase and selects credit settlement as a payment method for the purchase price, input of the credit card number, expiration date, etc. is required. The user inputs this information into the mobile phone and transmits it to the member store server 30 (1).

  In the member store server 30, when the purchase information receiving unit 31 receives these pieces of information, if the terminal operated by the user is a PC, the member store server 30 makes an inquiry to the access control server 40 as to whether or not the user authentication can be executed. When the user terminal is identified as a mobile phone by browser information (user agent information), IP address, or the like, the following processing is executed so as to accept a settlement request via the proxy server 20.

  For purchase information such as the card number and usage amount specified from the selected product, etc., a process ID (PID) for managing the process until personal authentication is completed, and a settlement request for the purchase of the product etc. Address 1 (A1), which is the URL of the member store server 30 that receives the user ID, and address 2 (A2), which is the URL of the member store server 30 that receives the user authentication completion notification, are associated and temporarily stored. (2).

  A unique ID is assigned to the process ID for each purchase of a product or the like for which credit payment is specified. However, for the address 1 and the address 2, even if a common URL for receiving them is specified by the member store server 30. It is also possible to assign a unique URL corresponding to the process ID so that the settlement request for the purchase of the product or the completion notification can be quickly identified by the accessed URL.

  Subsequently, the member store server 30 transmits to the mobile phone 10 a file with a link for automatically jumping to a predetermined URL that accepts processing for a payment request in the proxy server 20 (3). In this file, the process ID, address 1 and address 2 are embedded, and when this file is opened by the browser 11 of the mobile phone 10, as shown in FIG. The process ID, address 1 and address 2 are transmitted to the URL (4).

  In the proxy server 20, the settlement request control unit 21 is activated, and temporarily stores the identification number (SID) of the mobile phone that has received access, the received process ID, and the address 2 in association with each other (5). Here, the session with the mobile phone 10 until the personal authentication is completed in the proxy server 20 is maintained, and the mobile phone corresponding to the received address 2 may be associated. It is not limited.

  Further, the proxy server 20 accesses the address 1 of the member store server 30 received from the mobile phone 10 and transmits a payment request using a credit card in place of the mobile phone 10 (6). A process ID is attached to this settlement request, and the member store server 30 can specify purchase information including a card number from the process ID. When address 1 is a unique URL, purchase information including a card number can be specified from address 1.

  By regarding the proxy server 20 as a PC operated by the user, the member store server 30 can perform processing for personal authentication in the same manner as when receiving a payment request from the PC. In the member store server 30, the settlement request control unit 32 is activated, and as shown in FIG. 6, the purchase information including the card number corresponding to the process ID (or address 1) is transmitted to the access control server 40 to authenticate the user. (7).

  In the access control server 40, the payment request control unit 41 is activated, and the card information stored in the card information storage unit 42 corresponding to the card number included in the received purchase information is referenced, and a password and the like necessary for personal authentication are registered. Check if it is. If a password or the like is registered, it is determined that the personal authentication can be executed, and an identification key (CID) for identifying this is assigned to the purchase information including the card number, and is temporarily stored in association with the purchase information. (8) The reply that the identity authentication can be executed is transmitted to the member store server 30 together with the identification key (9).

  The member store server 30 that has received the information assigns an identification key (CID) for identifying the purchase information including the card number, and temporarily stores it in association with the purchase information. Further, the member store server 30 transmits to the proxy server 20 a file to which a link for automatically jumping to a predetermined URL that accepts an authentication request for personal authentication in the access control server 40 is attached (10).

  In this file, the identification key received from the access control server 40 is embedded, and the browser function of the proxy server 20 identifies the URL of the access control server 40 with a link as shown in FIG. An authentication request for personal authentication specifying a key is transmitted (11). Further, the proxy server 20 maintains a session with the member store server 30, and associates the process ID received from the mobile phone 10 with the identification key received from the member store server 30. Link with the session maintained between.

  In the access control server 40 that has received the authentication request, the input screen transmission unit 43 is activated and a password input screen is generated. From the identification key transmitted together with the authentication request, purchase information including the card number temporarily stored in association with the identification key in the payment request control unit 41 is specified, and the password input screen as shown in the example of FIG. Is generated (12). By receiving the member store code, the usage amount, etc. from the member store server 30 as the purchase information, it becomes possible to display information as shown in FIG. 13 on the password input screen.

  In this case, user authentication is performed using a password. However, the method of user authentication is not limited to verification of a password registered in advance by the user, and user authentication is performed based on the user's biometric information, one-time password, or the like. It may be what performs.

  The password input screen generated by the access control server 40 is transmitted to the proxy server 20 together with the authentication key (13). In the proxy server 20 that has received this, since the session with the member store server 30 and the session with the mobile phone 10 are linked, for example, the mobile phone identification number corresponding to the process ID associated with the identification key is set. By the method of specifying, the mobile phone 10 of the user who performs personal authentication can be specified from the identification key.

  The proxy server 20 identifies the user's mobile phone 10 that performs user authentication as described above, and the file conversion unit 22 is activated and can be displayed on the browser 11 of the mobile phone 10 as shown in FIG. Thus, the file format of the password input screen received from the access control server 40 is converted (14).

  The format of the file that can be displayed on the mobile phone browser differs depending on the carrier and model of the mobile phone, but the proxy server 20 has a conversion rule corresponding to the format of each file, and the carrier and model of the mobile phone 10. Conversion to a file format corresponding to is possible. As a result, the input screen file displayed on the PC shown in the example of FIG. 13 is converted into an input screen file that can be displayed on the mobile phone as shown in the example of FIG.

  In the proxy server 20, the authentication control unit 23 is activated, and the converted password entry screen file is transmitted to the mobile phone 10 (15). In the mobile phone 10, a password input screen is displayed by the browser 11, and the user inputs the password on this screen and transmits the password to the proxy server 20 (16). Upon receiving this, the proxy server 20 attaches the identification key to the access control server 40 and transmits the received password (17).

  As shown in FIG. 9, the access control server 40 receives the password, and the password verification unit 44 is activated. From the identification key received together with the password, the settlement request control unit 41 identifies the card number temporarily stored in association with the identification key, and reads the password registered in advance for the card number from the card information storage unit 42. The read password is checked against the password received from the proxy server 20, and the user authentication is executed (18). If the passwords match, the user is authenticated and the authentication result transmission unit 45 is activated to notify the proxy server 20 that the user is authenticated for the received identification key (19).

  Upon receiving this, the proxy server 20 transmits, as shown in FIG. 10, a notification indicating that the user authentication has been performed to the member store server 30 by specifying the authentication key (20 ). In the member store server 30, the authentication result receiving unit 33 is activated and temporarily stores the fact that the personal authentication has been performed on the authentication key (21), but at this time, the credit settlement request is still transmitted to the authorization system 50. Not.

  Subsequently, as shown in FIG. 11, when the result of the personal authentication at the member store server 30 is returned to the proxy server 20 by designating an authentication key (22), the proxy server 20 A file to which a link to the member store server 30 for transmitting the notification of completion of the personal authentication to the member store server 30 is pasted is transmitted from 10 (23).

  In this file, the process ID and the address 2 stored in association with the identification key whose authentication result has been accepted are embedded. When this file is opened by the browser 11 of the mobile phone 10, the address of the member store server 30 is stored. The process ID is set to automatically jump to 2.

  Next, as shown in FIG. 12, when a personal authentication completion notification with the process ID specified is transmitted from the mobile phone 10 to the address 2 of the member store server 30, the authentication result reception unit of the member store server 30. In 33, for the card number temporarily stored in association with the process ID, it is confirmed whether or not personal authentication has been performed for the corresponding authentication key.

  Note that the card ID corresponding to the completion notification of the personal authentication received by the member store server 30 can be specified by the process ID as described above. If a unique URL is assigned, the card number can be specified from address 2 at which access is accepted. When a common URL is used for address 2, the card number is specified by the process ID.

  As described above, when it is confirmed that the personal authentication completion notification is received from the mobile phone 10 and the result of the personal authentication from the proxy server 20 is received, the card is processed as necessary for the credit settlement. An authorization message for requesting sales approval specifying the number, usage amount, etc. is transmitted to the authorization system 50 (25).

It is a figure which shows the whole structure of the personal identification system in the credit payment using PC used as the premise of this invention. It is a figure which shows the whole structure of the personal authentication system in the credit payment using the mobile phone concerning this invention. It is a block diagram which shows the structure of the personal authentication system concerning this invention. It is a 1st figure which shows the procedure of the personal authentication by the personal authentication system concerning this invention. It is a 2nd figure which shows the procedure of the personal authentication by the personal authentication system concerning this invention. It is a 3rd figure which shows the procedure of the personal authentication by the personal authentication system concerning this invention. It is a 4th figure which shows the procedure of the personal authentication by the personal authentication system concerning this invention. It is a 5th figure which shows the procedure of the personal authentication by the personal authentication system concerning this invention. It is a 6th figure which shows the procedure of the personal authentication by the personal authentication system concerning this invention. It is a 7th figure which shows the procedure of the personal authentication by the personal authentication system concerning this invention. It is an 8th figure which shows the procedure of the personal authentication by the personal authentication system concerning this invention. It is a 9th figure which shows the procedure of the personal authentication by the personal authentication system concerning this invention. It is a figure which shows an example of the password input screen transmitted from an access control server in this invention. It is a figure which shows an example of the password input screen which a file format is converted in a proxy server in this invention, and is displayed on a mobile telephone.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Mobile phone 11 Browser 20 Proxy server 21 Payment request control part 22 File conversion part 23 Authentication control part 30 Merchant server 31 Purchase information reception part 32 Payment request control part 33 Authentication result reception part 40 Access control server 41 Payment request control part 42 Card information storage unit 43 Input screen transmission unit 44 Password verification unit 45 Authentication result transmission unit 50 Authorization system

Claims (15)

In a credit card payment using a mobile phone, it is a proxy server used for user authentication,
The member store that receives the address information of the member store server that accepts the payment request for the purchase of the product etc. from the mobile phone operated by the user who has transmitted the purchase information related to the purchase of the product etc. by credit settlement to the member store server Server address information receiving means;
A payment request transmitting means for accessing the address of the member store server specified in the address information and transmitting a payment request for purchasing the product etc.
When the user authentication can be executed from the member store server that has received an answer as to whether or not the user authentication can be executed with respect to the payment request from the user authentication server that performs the user authentication in the credit payment. A user authentication server address information receiving means for receiving address information of the user authentication server that accepts the user authentication request of the user;
A user authentication request transmitting means for accessing the address of the user authentication server specified in the address information and transmitting the user authentication request of the user;
Input screen receiving means for receiving an output file of an input screen of an authentication key for authenticating the user from the user authentication server;
An input screen transmitting means for converting the output file into a file format that can be output by a mobile phone and transmitting the file to the mobile phone;
An authentication key receiving means for receiving an authentication key input on the screen output from the output file from the mobile phone;
Authentication key transmitting means for transmitting the authentication key to the personal authentication server;
A user authentication result receiving means for receiving a user authentication result of the user by the authentication key from the user authentication server;
A user authentication result transmitting means for transmitting the user authentication result to the member store server;
A proxy server for personal authentication, comprising: The member store server address information receiving means receives, as address information of the member store server that accepts a payment request for purchase of the product etc., a first address assigned to the payment request for purchase of the product etc. ,
The member store server stores the identification information of the user, which is received as the purchase information, which is necessary for inquiring whether or not the user authentication can be executed, in association with the first address information, and stores the payment. 2. The identity authentication server is inquired of whether or not to execute identity authentication of the user by specifying identification information of the user associated with the first address information when receiving a request. Proxy server for user authentication. In addition to the first address, the member store server address information receiving means assigns to the settlement request for the purchase of the product or the like as the address information of the member store server that accepts the user authentication completion notification. Received second address,
If the identity authentication result received by the identity authentication result receiving means indicates that the identity is authenticated, the mobile phone is caused to transmit a notification of completion of identity authentication to the second address. A completion notification transmission means for transmitting information for
The member store server, upon receiving the identity authentication result authenticated to be the identity and the completion notification of the identity authentication, executes processing necessary for credit settlement related to the purchase of the product, etc. The proxy server for personal authentication according to claim 2. The member store server address information receiving means receives the identification information of the purchase information assigned to the purchase information;
The payment request transmitting means transmits the payment request in which identification information of the purchase information is designated,
The member store server stores the identification information of the user, which is received as the purchase information, which is necessary for inquiring whether or not the user authentication can be executed, in association with the identification information of the purchase information, and stores the payment. When the request is received, the identification information of the user associated with the identification information of the purchase information specified in the payment request is specified and the identity authentication server is inquired about whether or not the user authentication can be executed. The proxy server for personal authentication according to claim 1. The member store server address information receiving means receives the address information of the member store server that receives a completion notification of the user authentication of the user,
In the case where the identity authentication result received by the identity authentication result receiving means indicates that the identity is authenticated, the mobile phone, the address of the member store server specified in the address information, Completion notification transmission means for transmitting information for transmitting a notification of completion of personal authentication in which identification information of the purchase information is designated,
The member store server, upon receiving the identity authentication result authenticated to be the identity and the completion notification of the identity authentication, executes processing necessary for credit settlement related to the purchase of the product, etc. The proxy server for personal authentication according to claim 4. In credit settlement using a mobile phone, a user authentication system comprising a member store server that accepts a request for credit settlement from a mobile phone and a proxy server used for user authentication, the member store server includes:
Purchase information receiving means for receiving purchase information related to purchase of products by credit settlement from a mobile phone operated by a user;
Member store server address information transmitting means for transmitting to the mobile phone address information of the member store server that accepts a payment request for purchase of the product or the like;
Payment request receiving means for receiving access to the address specified in the address information from the proxy server and receiving a payment request for purchase of the product, etc .;
In response to the payment request, the user authentication server that performs the user authentication in the credit settlement is inquired about whether or not the user authentication can be executed, and when the user receives the reply that the user authentication can be executed, the user Personal authentication server address information transmitting means for transmitting address information of the personal authentication server that accepts a personal authentication request to the proxy server;
The proxy server includes:
Member store server address information receiving means for receiving address information of the member store server from the mobile phone;
A payment request transmitting means for accessing the address of the member store server specified in the address information and transmitting a payment request for purchasing the product etc.
Identity authentication server address information receiving means for receiving address information of the identity authentication server from the member store server;
A user authentication request transmitting means for accessing the address of the user authentication server specified in the address information and transmitting the user authentication request of the user;
Input screen receiving means for receiving an output file of an input screen of an authentication key for authenticating the user from the user authentication server;
An input screen transmitting means for converting the output file into a file format that can be output by a mobile phone and transmitting the file to the mobile phone;
An authentication key receiving means for receiving an authentication key input on the screen output from the output file from the mobile phone;
Authentication key transmitting means for transmitting the authentication key to the personal authentication server;
A user authentication result receiving means for receiving a user authentication result of the user by the authentication key from the user authentication server;
A user authentication result transmitting means for transmitting the user authentication result to the member store server;
A personal authentication system comprising: In the member store server,
The member store server address information transmitting means transmits, as address information of the member store server that accepts a settlement request for purchase of the product etc., a first address assigned to the settlement request for purchase of the product etc. ,
The identity authentication server address information transmitting means stores the user identification information necessary for inquiring whether or not to perform identity authentication of the user received as the purchase information in association with the first address information. When the settlement request is received, the identification information of the user associated with the first address information is specified and the identity authentication server is inquired as to whether or not the identity authentication of the user can be executed. The personal authentication system according to claim 6. In the member store server,
In addition to the first address, the member store server address information transmission means assigns a payment request for purchase of the product or the like as address information of the member store server that accepts the user authentication completion notification. Sent the second address,
The member store server is
Upon receipt of the identity authentication result authenticated from the proxy server and the identity authentication completion notification from the mobile phone, processing necessary for credit settlement related to the purchase of the product or the like is executed. Payment processing execution means,
In the proxy server,
The member store server address information transmitting means receives the second address from the mobile phone,
The proxy server is
If the identity authentication result received by the identity authentication result receiving means indicates that the identity is authenticated, the mobile phone is caused to transmit a notification of completion of identity authentication to the second address. The personal authentication system according to claim 7, further comprising a completion notification transmission unit configured to transmit information for the purpose. In the member store server,
The member store server address information transmission means transmits identification information of purchase information assigned to the purchase information,
The personal authentication server address information transmitting means stores the user identification information necessary for inquiring whether or not to execute the personal authentication of the user received as the purchase information in association with the identification information of the purchase information. When the payment request is received, the identification information of the user associated with the identification information of the purchase information specified in the payment request is specified, and whether or not the user authentication can be executed to the authentication server. inquiry,
In the proxy server,
The member store server address information receiving means receives the identification information of the purchase information,
The personal authentication system according to claim 6, wherein the payment request transmission unit transmits the payment request in which identification information of the purchase information is designated. In the member store server,
The member store server address information transmitting means transmits address information of the member store server that accepts the user authentication completion notification,
The member store server is
Upon receipt of the identity authentication result authenticated from the proxy server and the identity authentication completion notification from the mobile phone, processing necessary for credit settlement related to the purchase of the product or the like is executed. Payment processing execution means,
In the proxy server,
The member store server address information receiving means receives the address information of the member store server that receives a completion notification of the user authentication of the user,
The proxy server is
In the case where the identity authentication result received by the identity authentication result receiving means indicates that the identity is authenticated, the mobile phone, the address of the member store server specified in the address information, The personal authentication system according to claim 9, further comprising a completion notification transmitting unit configured to transmit information for transmitting a personal authentication completion notification in which identification information of the purchase information is designated. In credit settlement using a mobile phone, a user authentication method executed by a member store server that accepts a request for credit payment from a mobile phone and a proxy server used for user authentication,
A purchase information receiving step in which the member store server receives purchase information related to purchase of a product or the like by credit settlement from a mobile phone operated by a user;
A member store server address information transmission step in which the member store server transmits address information of the member store server that receives a payment request for purchase of the product or the like to the mobile phone;
A member server address information receiving step in which the proxy server receives address information of the member store server from the mobile phone;
A payment request transmitting step in which the proxy server accesses an address of a member store server specified in the address information and transmits a payment request for purchase of the product or the like;
A payment request receiving step in which the member store server receives an access to the address specified in the address information from the proxy server and receives a payment request for purchase of the product, etc .;
When the member store server inquires the identity authentication server that performs the identity authentication in the credit settlement about whether or not the user authentication can be performed with respect to the settlement request, and receives a reply that the user authentication can be performed. Includes a user authentication server address information transmission step of transmitting address information of the user authentication server that receives the user authentication request of the user to the proxy server;
The proxy server receives personal authentication server address information from the member store server to receive address information of the personal authentication server; and
The proxy server accesses a user authentication server address specified in the address information and transmits a user authentication request of the user, and a user authentication request transmission step,
An input screen receiving step in which the proxy server receives an output file of an input screen of an authentication key for the user authentication from the user authentication server;
The proxy server converts the output file into a file format that can be output by a mobile phone, and transmits the input screen to the mobile phone; and
The proxy server receives an authentication key input on the screen output from the output file from the mobile phone;
An authentication key transmitting step in which the proxy server transmits the authentication key to the personal authentication server;
The proxy server receives a user authentication result reception step of receiving the user authentication result of the user by the authentication key from the user authentication server;
The proxy server sends a personal authentication result to the member store server to send the personal authentication result; and
A personal authentication method characterized by comprising: In the member store server address information transmitting step, the member store server assigns the settlement request assigned to the purchase request for the product or the like as the address information of the member store server that receives the payment request for purchase of the product or the like. Send 1 address,
The member store server stores, in association with the first address information, the identification information of the user necessary for inquiring whether or not the user authentication can be performed received as the purchase information. In the authentication server address information transmission step, when the settlement request is received, the identification information of the user associated with the first address information is specified and whether or not the user authentication can be executed is sent to the user authentication server. The personal authentication method according to claim 11, wherein inquiry is made. In the member store server address information transmission step, in addition to the first address, the member store server purchases the product or the like as address information of the member store server that accepts the user authentication completion notification. Send the second address assigned to the payment request for
In the member store server address information transmission step, the proxy server receives the second address from the mobile phone,
When the proxy server indicates that the identity authentication result received in the identity authentication result receiving step is authenticated as the identity, the mobile phone is authenticated to the second address. A completion notification sending step for sending information for sending a completion notification;
When the member store server receives the personal authentication result authenticated from the proxy server and the personal authentication completion notification from the mobile phone, the credit card settlement for purchasing the product or the like is performed. A settlement process execution step for executing necessary processes;
The personal authentication method according to claim 12, further comprising: In the member store server address information transmission step, the member store server transmits identification information of purchase information assigned to the purchase information,
In the member store server address information receiving step, the proxy server receives the purchase information identification information,
In the settlement request transmission step, the proxy server transmits the settlement request in which identification information of the purchase information is designated,
The member store server stores the identification information of the user, which is received as the purchase information, and is necessary for inquiring whether or not the user authentication can be executed, in association with the identification information of the purchase information. In the authentication server address information transmission step, when the payment request is received, whether or not the user authentication can be executed by specifying the user identification information associated with the identification information of the purchase information specified in the payment request The personal authentication method according to claim 11, wherein the personal authentication server is queried. In the member store server address information transmission step, the member store server transmits the address information of the member store server that accepts the user authentication completion notification,
In the member store server address information receiving step, the proxy server receives the address information of the member store server that receives a notification of completion of user authentication,
When the proxy server indicates that the identity authentication result received in the identity authentication result receiving step is authenticated as the identity, the member store designated in the address information is indicated on the mobile phone. A completion notification transmission step of transmitting information for transmitting a notification of completion of personal authentication in which identification information of the purchase information is designated to a server address;
When the member store server receives the personal authentication result authenticated from the proxy server and the personal authentication completion notification from the mobile phone, the credit card settlement for purchasing the product or the like is performed. A settlement process execution step for executing necessary processes;
The personal authentication method according to claim 14, further comprising: