JP2010212805A - Method and system for distributing security information of settlement processing, center apparatus thereof, settlement device and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable a settlement terminal to be in an operable state without allowing an e-money payment settlement company to deliver information of settlement processing security of e-money payment settlement to the manufacturer of the settlement terminal. <P>SOLUTION: Preparation processing is executed between a center device 2 of the e-money payment settlement company and a server 1 of the manufacturer of the terminal in advance via a network 7 so that the center device 2 acquires "center information 35 encrypted with a terminal sharing key A(Kct)" and store the information, and the server 1 acquires "terminal information 25 with a center secret key D(Kcc)" and store the information. The server 1 side causes the settlement terminal 10 to store the encrypted terminal information 25 etc. and ships the terminal 10. After shipped and installed on an arbitrary shop etc., the settlement terminal 10 performs encrypted communication with the center device 2 via the network 7, and acquires an intermediate code 31 and security data 32 as information of settlement processing security and stores the acquired information. In this case, the settlement terminal 10 and the center device 2 use the information 35, 25 respectively, to confirm that the communication party is a legitimate one. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an electronic money system using an IC card or the like, and more particularly to a security information setting method for the payment terminal.

  Electronic money systems using IC cards are widely used. Each electronic money business operator who operates electronic money secures security by independently incorporating a security function into a payment terminal or data center in order to operate the electronic money system safely. In order to construct a secure system, it is desirable for an electronic money business operator to independently construct the entire system. Therefore, an electronic money business operator develops a function related to security processing and incorporates it into a payment terminal to maintain the security boundary with the manufacturer.

  In order to realize this, for example, an interpreter function is mounted on a secure LSI in an IC card terminal, and an application developed by an electronic money business operator in, for example, an interpreter language (an application that communicates with an IC card and performs electronic money settlement processing, etc.) Here, an intermediate code that can be interpreted by the interpreter is taken as an example))) and this application is executed in the LSI. Note that the secure LSI is protected by, for example, a tamper-resistant technology (for example, one that erases the application in the LSI by detecting opening of the housing).

  Here, for example, Patent Document 1 discloses a RAM that stores an intermediate code that can be interpreted by an interpreter, a ROM that stores an interpreter execution program that can interpret and execute the intermediate code, and a CPU that controls the execution of the interpreter execution program. It is disclosed that an LSI provided with the above is used. The intermediate code may be encrypted or encrypted. Alternatively, the RAM stores an encrypted intermediate code and an unencrypted intermediate code, and it is also disclosed that both intermediate codes can be interpreted by an interpreter execution program.

JP 2002-333984 A

  In the prior art such as Patent Document 1 described above, particularly in the method using an encrypted intermediate code, the encryption of the intermediate code is performed by the manufacturer that manufactures the payment terminal (or the LSI in the payment terminal is another manufacturer). In the case of manufacturing, the fixed encryption key assigned by the LSI manufacturer / seller must be used, and the encryption of the intermediate code must be entrusted to the manufacturer, etc. It is difficult to maintain a clear security boundary between operators and manufacturers.

  Here, conventionally, regardless of whether or not the intermediate code to be stored in the LSI in the payment terminal is encrypted, the electronic money business operator uses the application (the intermediate code in this case) developed by itself to the payment terminal. For example, the payment terminal is completed and shipped by handing it over to the manufacturer and storing the application as it is (or encrypted) in the memory in the LSI in the payment terminal. Therefore, the manufacturer can know the contents of the application (intermediate code). Also, not only the application (intermediate code) but also its security data (such as a secret key required for communication with the IC card; if the intermediate code is encrypted, a key for decryption is also provided. Information, etc.) must also be given to the manufacturer and stored in the memory in the LSI in the payment terminal, and the contents of the security data can be known by the manufacturer.

  There is a demand on the electronic money business side that they do not want to pass the intermediate code or security data to the manufacturer in order to maintain a clear security boundary between the electronic money business and the manufacturer. However, as described above, unless the intermediate code and security data are handed over to the manufacturer or the like, the payment terminal is substantially not completed (even if the hardware can be manufactured, it does not function as a payment terminal). In the past, this request was not suitable.

  An object of the present invention is that an electronic money business operator can settle an application, etc. related to the settlement processing of his / her electronic money, in particular, an application that realizes security specifications without exposing it to a third party (terminal manufacturer, etc.). Payment processing that can be set on the terminal and that can be delivered and set to the payment terminal safely and reliably by using encrypted information and various keys obtained by pre-preparation processing etc. It is to provide a security information distribution method, a payment processing security information distribution system, a center device, a server device, a payment terminal, a program, and the like.

  The payment processing security information distribution method of the present invention is a payment processing in a network system in which a center device of an electronic money business operator, a server device of a payment terminal manufacturer, and each payment terminal are connected to a network and can exchange data with each other. A security information distribution method in which the center device and the server device perform communication processing with each other via the network in advance, so that the center device has specific information related to itself only on the payment terminal manufacturer side. The server apparatus acquires and holds encrypted specific information that is encrypted with the first secret key held by the server, and the server device stores, for each payment terminal to be shipped, terminal information that is predetermined information related to the payment terminal. Preliminary processing for acquiring and holding encrypted terminal information encrypted with the second secret key held only by the center device And the server device, for each payment terminal to be shipped, the terminal information of the payment terminal, the encryption terminal information, the first secret key, and the acquired in the pre-processing step A setting processing step for setting / storing specific information; and after each payment terminal is shipped and installed at an arbitrary installation location, the center apparatus and the payment terminal communicate with each other by encrypted communication via the network. An authentication process, wherein the payment terminal transmits first transmission information including the encrypted terminal information to the center device, and the center device transmits the first transmission information and the second secret key. And authenticating the settlement terminal of the communication partner based on the terminal information acquired during the pre-preparation processing step, the center device transmits second transmission information including the encryption specific information to the settlement terminal, A settlement terminal authenticates the center apparatus based on the second transmission information, the first secret key, and the specific information, and if the mutual authentication is successful, the center apparatus In contrast, a distribution step of encrypting and distributing the payment processing security information related to the electronic money payment processing with the encryption key obtained in the mutual authentication processing step, and the payment terminal sending the encrypted distribution information to the A payment processing security information acquisition step of acquiring the payment processing security information by decrypting with the encryption key obtained in the mutual authentication processing step.

  In this method, the electronic money business operator does not pass the payment processing security information (for example, the above-described intermediate code) related to the electronic money payment processing to a third party (such as a payment terminal manufacturer). Accordingly, when each payment terminal is manufactured, set, and shipped by the payment terminal maker, the payment processing security information is not held, and thus electronic money payment processing cannot be performed (does not function). The payment processing security information is distributed later (after the payment terminal is installed) from the electronic money business center device to the payment terminal.

  However, since the payment processing security information is important information, and leakage and misdelivery are not allowed, communication between the center device and the payment terminal is performed not only by encrypted communication, but also by an electronic money business operator through pre-preparation processing in advance. By performing authentication processing using the above-mentioned encryption specific information, encryption terminal information, etc., which is encryption information exchanged between payment terminal manufacturers, it is confirmed that the communication partner is mutually valid and secure Payment processing security information can be distributed.

  According to the payment processing security information distribution method, the payment processing security information distribution system, the center device, the server device, the payment terminal, and the program of the present invention, the electronic money business operator can use the application related to the payment processing of their own electronic money. In particular, an application or the like that realizes the security specification can be set in the settlement terminal without exposing it to a third party (terminal manufacturer or the like). This setting process is performed via the network. By using encrypted information and various keys obtained by pre-preparation processes that are executed in advance, the above applications and the like can be securely and reliably distributed to the payment terminal. Can be set.

It is a figure which shows the structural example of the program delivery system of Example 1. FIG. It is a figure which shows the example of a process sequence of the program delivery system of Example 1. FIG. It is a flowchart for demonstrating in detail the process of Step12 of FIG. It is a figure which shows the structural example of the program delivery system of Example 2. FIG. It is a figure which shows the process sequence example of the program delivery system of Example 2. FIG. It is a figure which shows the structural example of the program delivery system in Example 3. FIG. It is a figure which shows the example of a process sequence of the program delivery system of Example 3. FIG. It is a figure which shows the structural example of the program delivery system in Example 4. FIG. It is a flowchart for demonstrating the process of Step12 in Example 4 in detail. It is a figure which shows the structural example of the program delivery system in Example 5. FIG. It is a figure which shows the example of a process sequence of the program delivery system of Example 6. FIG. It is an example of a data structure of a memory management table. It is a computer hardware block diagram.

Embodiments of the present invention will be described below with reference to the drawings.
(Example 1) (Single application)
FIG. 1 is a diagram illustrating a configuration example of a program distribution system in the case of a single application as the first embodiment.

  Now, there are a plurality of types of IC cards. In other words, for electronic money, electronic money brands with different specifications are prescribed by each electronic money business operator (IC card issuing / settlement company), IC cards for electronic money are issued, and software for mobile terminals is released. Yes. Each electronic money business operator also defines and creates software related to electronic money payment processing at a payment terminal. In this way, a plurality of electronic money business operators issue their own brand IC cards and the like, manufacture payment terminals, and manage electronic money payment processing. In recent years, multi-brand electronic money payment terminals that can use a plurality of brands (plural types) of electronic money have appeared in one payment terminal.

  In such a payment terminal that can handle a plurality of types of IC cards, a processing function for each brand handled by the terminal itself is required. This is because, for example, the communication with the IC card is a secret communication (encrypted communication), so key information for that purpose is necessary. However, when dealing with multiple brands, the key information for each brand is retained. There is a need to. In addition to key information, algorithms for electronic money payment processing and communication methods with IC cards are also different for each brand, and each creates an application program (such as the above intermediate code) that implements the above algorithm. is doing.

  The above-mentioned “in the case of a single application” regarding the first embodiment means a case where the payment terminal is not compatible with a plurality of brands but can support only an arbitrary single brand. Examples of cases where the payment terminal is compatible with a plurality of brands include Examples 5 and 6 described later. Examples 2 to 4 described later are also examples in the case of a single application.

  Note that the communication partner of the payment terminal (the processing target of electronic money payment) is not limited to a card-type form such as a non-contact IC card, but for example, a mobile phone with a built-in IC card function, a tag type (IC tag), or a wristwatch type These may be used as a non-contact information medium. However, in this description, a non-contact IC card will be described as an example. In some cases, the non-contact IC card is omitted and referred to as an IC card.

  Further, in the following description of each embodiment, as an example of the application program related to the electronic money settlement process, the “intermediate code interpretable by the interpreter” described in the above related art and problem will be described as an example. It is not limited to examples. In other words, the electronic money payment processing program distributed / set to the payment terminal in this example is not limited to the above intermediate code, and is not limited to a program for interpreter processing.

  Information necessary for the payment terminal to execute the payment process (that is, for the payment terminal to function) includes not only the electronic money payment processing program such as the intermediate code 31 but also the security data 32 (above The secret key required for the encryption communication with the IC card is also included, and these programs / data (keys, etc.) are important information that should not be leaked and are stored in the secure LSI 20 described later. These programs / data (keys, etc.) (in this example, the intermediate code 31 and the security data 32) are collectively referred to as “payment processing security information (related to electronic money payment processing)”. To do.

  In the following description of each embodiment, as an example of the “payment process security information”, an intermediate code 31 and security data 32 (an electronic code payment process using an intermediate code such as a secret key necessary for encryption communication with the IC card) However, the present invention is not limited to this example as described above.

The configuration of the payment processing security information distribution system according to the first embodiment shown in FIG. 1 will be described below.
The system shown in FIGS. 1 and 4 is a network system in which a center device of an electronic money business operator, a server device of a payment terminal manufacturer, and each payment terminal are connected to a network and can exchange data with each other. However, the main feature of this system is that the “payment processing security information” can be safely delivered to each payment terminal and set, so it may be called a “payment processing security information delivery system”.

  The payment processing security information distribution system shown in FIG. 1 is an outline of a center device (electronic money business center device 2) installed in an intermediate code download center possessed by an electronic money business operator, and an arbitrary one that manufactures the payment terminal 10. A server device (terminal maker server 1) provided on the payment terminal maker side and a large number of payment terminals 10 installed in various stores or the like include a network 7 (Internet, VPN (Virtual Private Network), etc. ) And can transmit and receive data to and from each other. In the figure, the payment terminal 10 is shown in the payment terminal manufacturer, but this is shown for explaining the state (initial setting) of the payment terminal 10 at the time of shipment. Note that various programs 30 (to be described later) are also set at the time of this setting (not shown in the figure).

Note that the center device 2 and the server 1 may be connected by some dedicated line.
The payment terminal 10 includes a secure LSI 20. As described above in the related art, for example, a tamper resistant technique is applied, and applications and data stored in the tamper resistant technology are safely protected so as not to leak. As described above, the intermediate code 31 and the security data 32, which are examples of “settlement processing security information”, should be stored in the LSI 20 and executed in the LSI 20.

  Here, as shown in the figure, the intermediate code 31 and its security data 32 are not stored in the LSI 20 of the payment terminal 10 in the state at the time of shipment. That is, in this method, since the electronic money business operator does not pass the intermediate code 31 or the security data 32 thereof to the payment terminal manufacturer, the payment terminal manufacturer cannot know the contents of the intermediate code 31 and the like. These intermediate codes 31 and the like cannot be installed in the payment terminal 10. Therefore, the payment terminal 10 cannot execute the electronic money payment process using the IC card in the state at the time of shipment. However, in this method, the network 7 is transferred from the center device 2 to the payment terminal 10 later (after installation in an arbitrary store at the shipping destination). The intermediate code 31 and the like are downloaded via

  However, in this method, since extremely important applications / data such as the intermediate code 31 are distributed via the network 7, it is required to be able to distribute them safely. On the other hand, in this method, for example, the intermediate code 31 or the like is performed by performing the processing described in FIGS. 2 and 3 using the various keys shown in FIG. The feature is that it can be delivered safely and reliably.

Note that the configuration of the payment terminal 10 shown in the upper and lower sides of the figure shows a state after the intermediate code 31 and the like are downloaded from the center device 2 and stored.
Here, the various keys used in the illustrated payment processing security information distribution system are seven types of keys indicated as A to G in the figure. That is, first, “terminal shared key (Kct)” shared by all payment terminals (A in the figure is also written together; hereinafter, “terminal shared key A (Kct)” may also be written; The key is the same). “Terminal shared key A (Kct)” is, for example, a key based on a common key cryptosystem (thus, the same key is used for both encryption and decryption). The “terminal shared key A (Kct)” is arbitrarily generated in the server 1, for example.

In addition, there is a “terminal public key B (Kpt)” and a “terminal secret key C (Kst)”, which are public key cryptosystem key pairs that each settlement terminal 10 generates internally. In addition, there is a “center public key E (Kpc)” and “center secret key F (Ksc)” which are public key cryptosystem key pairs generated internally in the electronic money business center device 2. In addition, there is a “center secret key D (Kcc)” that is generated internally in the electronic money business center device 2 and is a key based on a common key cryptosystem. Both “encryption and decryption” can be performed by the “center secret key D (Kcc)”.
Further, there is a “session key G (Ks)” generated based on predetermined information (random number in this example) obtained by mutual authentication processing described later between the electronic money business center device 2 and any settlement terminal 10. . “Session key G (Ks)” is a key that is temporarily generated and used.

  Hereinafter, a terminal maker server 1 (hereinafter abbreviated as server 1), an electronic money business center device 2 (hereinafter abbreviated as center device 2), and a payment terminal shown in FIG. The configuration of 10 will be described in more detail.

  First, the terminal maker server 1 and the electronic money business center device 2 may be of a general-purpose computer configuration in terms of hardware, and although not particularly shown here, as well known, a CPU, A CPU has a storage device (such as a hard disk), a memory, a communication function unit, and the like, and the CPU reads and executes a predetermined application program stored in advance in the storage device, thereby realizing predetermined processing. In the first embodiment, for example, the processing shown in FIGS. 2 and 3 described later is executed.

  For example, the terminal manufacturer server 1 generates and holds the “terminal shared key A (Kct)”, and the electronic money business center device 2 generates and holds the “center secret key D (Kcc)”. The server 1 and the center apparatus 2 use these keys to execute a preparatory process which will be described later with reference to FIG. 2 (execute encryption information exchange processing between the server 1 and the center apparatus 2). Further, after the pre-preparation process, the server 1 executes a shipment setting process for each settlement terminal 10 before shipment, which will be described with reference to FIG. Further, the center device 2 executes mutual authentication processing and security information distribution processing described with reference to FIG. 2 and FIG.

  Here, the electronic money business center device 2 has a nonvolatile memory 3 and a volatile memory 4 as the memory as shown in FIG. The nonvolatile memory 3 is an auxiliary storage device such as a hard disk, and the volatile memory 4 is a main storage device, for example.

  The non-volatile memory 3 stores an intermediate code 31 and its security data 32 in advance, and an encryption key ("center secret key D (Kcc)") and public key arbitrarily generated in the center device 2 An encryption method key pair “center public key E (Kpc)” and “center secret key F (Ksc)”) is stored. Further, specific information (center information and the like to be described later) related to the center device 2 is set and stored in advance in the nonvolatile memory 3. Further, “center information encrypted with the terminal shared key A (Kct)” 35 obtained by data exchange processing (pre-preparation processing) with the terminal manufacturer server 1 described later with reference to FIG. 2 is stored.

  Here, as already described, the intermediate code 31 and its security data 32 are “payment processing security information (related to electronic money payment processing)”. Naturally, the payment terminal 10 stores the payment processing security information. Without it, electronic money settlement processing cannot be executed. The payment processing security information is naturally important information and is not allowed to be leaked. The payment processing security information is held in the tamper-resistant LSI 20 and should be processed in the LSI 20.

  However, in this method, in order to realize the desire that the electronic money business operator does not want to pass the payment processing security information to the payment terminal manufacturer side, the payment terminal 10 does not hold the payment processing security information in the LSI 20. Will be shipped. For this reason, the payment terminal 10 does not function as an electronic money payment terminal as it is. For this reason, in this method, payment processing security information is later distributed from the center device 2 of the electronic money business operator to each payment terminal 10. However, since leakage of the payment processing security information is not allowed as described above, the center device 2 -The communication between the payment terminals 10 is not only performed by encryption, but the center device 2 and the payment terminal 10 confirm whether or not the communication partners are legitimate, and mistakenly set the payment processing security to the third party device. Ensure that no information is distributed.

  In order to confirm whether or not the communication partner is a legitimate partner, a terminal encrypted with the “center secret key D (Kcc) generated and stored in advance by pre-preparation processing and setting processing as will be described later We propose a method using “information” 25, “center information encrypted with terminal shared key A (Kct)” 35, and the like.

  The volatile memory 4 is temporarily acquired / generated every time a predetermined communication process (a mutual authentication process described later, a delivery process of the intermediate code 31, etc.) with an arbitrary settlement terminal 10 is performed. Various information to be stored is stored. That is, the “terminal public key B (Kpt)” of the payment terminal 10 acquired from an arbitrary payment terminal 10 of the communication partner and predetermined information (this example) obtained by mutual authentication processing described later with the payment terminal 10 The “session key G (Ks)” generated by the center device 2 based on the random number is temporarily stored. Further, an “encrypted intermediate code” 33 and an “encrypted security data” 34 obtained by encrypting the intermediate code 31 and its security data 32 in the nonvolatile memory 3 using the “session key G (Ks)” are temporarily stored. Stored. These various pieces of information are acquired / generated and temporarily stored every time the predetermined communication process with the arbitrary settlement terminal 10 is performed, and are deleted when the communication process is completed.

  Further, although not particularly shown, the terminal manufacturer server 1 stores the terminal shared key A (Kct) registered in advance in its non-volatile memory or hard disk or the like, and each time each settlement terminal 10 is manufactured. In addition, “terminal information” (described later in detail), which is various information related to the settlement terminal 10, is registered and stored. Furthermore, before performing the setting work before shipment for each of the manufactured payment terminals 10, the “preparation process” from the electronic money business center device 2 to the “center secret key D (Kcc) corresponding to each payment terminal 10. The encrypted terminal information “25” is acquired and stored.

The registration is performed by, for example, a worker of the terminal manufacturer 1.
On the terminal manufacturer side, for example, in the setting work before shipment of each payment terminal 10 performed by a worker or the like, for example, the server 1 and the payment terminal 10 to be set are connected, and the terminal 1 is shared from the server 1 to the payment terminal 10. The key A (Kct) and the “terminal information encrypted with the center secret key D (Kcc)” 25 corresponding to the terminal 10 are transferred, and stored in the non-volatile memory 24 of the settlement terminal 10. Furthermore, each of the payment terminals 10 generates an arbitrary public key pair (“terminal public key B (Kpt)” and “terminal secret key C (Kst)”) therein, which is also a nonvolatile memory. 24.

  Further, various programs (programs 30 such as interpreter processing and application storage processing) to be described later are transferred from the server 1 to the settlement terminal 10 and stored in the nonvolatile memory 24.

  Each settlement terminal 10 is shipped after the completion of the pre-shipment setting operation and is installed at any store. Then, the “settlement processing security information” (intermediate code 31 and security data 32) is acquired safely and reliably by performing predetermined communication processing with the center apparatus 2 described later with reference to FIGS. As a result, electronic money settlement processing becomes possible (functions as an electronic money settlement terminal using an IC card).

A detailed configuration example of the payment terminal 10 and a state after execution of a predetermined communication process with the center device 2 are shown on the upper and lower sides of FIG. 1, and will be described below with reference to this.
In the illustrated example, the settlement terminal 10 includes a terminal management CPU 11, a RAM 12, a ROM 13, a UI 14, a first communication unit 15, a second communication unit 16, a third communication unit 17, an LSI 20, and the like.

  When the payment terminal 10 is installed in an arbitrary store, the first communication unit 15 is connected to a host device (POS register 5 or the like) in the store, and the second communication unit 16 is connected to the network 7. As a result, the payment terminal 10 can communicate with the host device (POS register 5 or the like) and can communicate with other external information processing devices (in particular, the electronic money business center device 2 here) via the network 7. Become. The third communication unit 17 is already connected to the fourth communication unit 22 in the LSI 20 at the time of manufacture, and the terminal management CPU 11 and the LSI 20 exchange data with each other via these communication units 17 and 22. is there.

  The terminal management CPU 11 is a central processing unit that controls the entire payment terminal 10. The terminal management CPU 11 executes various processes by reading and executing predetermined various application programs stored in the ROM 13. For example, an electronic money business center that performs communication processing with a host device (POS register 5 or the like) via the first communication unit 15 or via the network 7 (LAN or the Internet) via the second communication unit 16. Communication processing with the apparatus 2 is performed, and data transmission / reception processing with the LSI 20 is performed via the third communication unit 17. In particular, in the processing of FIG. 2 described later, processing for relaying communication between the LSI 20 and external devices (the POS register 5, the center device 2, etc.) is performed. Further, regarding electronic money settlement processing by the IC card 6, processing other than the secure processing executed by the intermediate code 31 or the like in the LSI 20 (for example, generation / storage of usage history) is also performed. A program for executing these processes is also registered in the pre-shipment setting operation and stored in the ROM 13.

The various applications stored in the ROM correspond to “non-security part program” and “non-settlement program 63” in the following description.
As described above, the terminal management CPU 11 mainly executes processes other than the secure process (electronic money payment process) executed in the LSI 20 among various processes executed in the payment terminal 10. is there.

The ROM 13 stores the predetermined application programs to be executed by the terminal management CPU 11.
The ROM 13 is not a pure ROM (not rewritable) but is a rewritable nonvolatile memory such as a flash memory or an EEPROM. Thus, for example, the usage history is stored for each electronic money settlement process with the IC card 6. The RAM 12 is a work memory, for example.

The UI 14 is a functional unit related to the user interface, and includes an input device such as a touch panel and a display device such as a display.
The LSI 20 includes a CPU 21, a fourth communication unit 22, a fifth communication unit 26, a volatile memory 23 (SRAM and the like), and the above-described nonvolatile memory 24 (EEPROM and the like).

  The LSI 20 interprets and executes the intermediate code 31 by, for example, interpreter processing by the program 30 (using the encryption key information of the security data 32 at that time), performs electronic money settlement processing with the IC card 6, etc. The usage history is encrypted and transferred to the terminal management CPU 11 and stored in the ROM 13 or the like. Note that the program 30 is various application programs for causing the CPU 21 to execute the illustrated interpreter processing and application storage processing. The application storage processing performs processing of the LSI 20 in mutual authentication processing with the center apparatus 2 shown in FIGS. Details will be described later.

  Note that so-called “tamper resistance” is applied to the LSI 20. For example, when fraud is detected (detection of destruction of the casing, etc.), all data stored in, for example, the volatile memory 23 and the nonvolatile memory 24. By deleting, leakage of important data such as the intermediate data 31 is prevented.

  As described above, the nonvolatile memory 24 (EEPROM, etc.) is already loaded with the program 30 and various encryption keys (the terminal shared key A (Kct), “terminal public key B (Kpt)”) at the time of shipment. , “Terminal secret key C (Kst)”) and predetermined encrypted information (terminal information 25 encrypted with the center secret key D (Kcc)).

  As described above, the CPU 21 executes various processes described later with reference to FIGS. 2 and 3, for example, by appropriately reading and executing the various programs 30. In particular, the intermediate code 31 and its security data 32 can be acquired from the electronic money business center device 2 by executing the application storage processing program (as shown above, the already acquired state is shown in the figure). is there). Further, during the application storage process, the volatile memory 23 generates “center public key E (Kpc)” acquired from the center apparatus 2 and internally generated based on the mutual authentication process described later with reference to FIG. Session key G (Ks) "is temporarily stored. The key information in the volatile memory 23 is deleted when the intermediate code 31 and its security data 32 are acquired (when communication with the center device 2 is completed).

The fifth communication unit 26 is a functional unit that communicates with the IC card 6 and includes, for example, an antenna and a transmission / reception circuit.
In the payment processing security information distribution system having the configuration shown in FIG. 1, the intermediate code 31 and its security data 32 are not passed to the terminal manufacturer. Accordingly, the terminal manufacturer cannot know the contents of the intermediate code 31 and its security data 32, but naturally, the intermediate code 31 and its security data 32 are not stored in the payment terminal 10 at the time of shipment. Therefore, the LSI 20 does not function as it is, and communication / settlement processing with the IC card 6 cannot be performed (not in an operable state). The intermediate code 31 and its security data 32 are distributed from the electronic money business center device 2 after each payment terminal 10 is installed in an arbitrary store.

  However, the intermediate code 31 and its security data 32 are very important information and should not be leaked. On the other hand, in the payment processing security information distribution system of this example, the intermediate code 31 and its security data 32 can be safely distributed using the various keys and encryption information described above. In the following, with reference to FIG. 2 and FIG. 3, the process for distributing the intermediate code 31 and its security data 32 mainly safely will be described in detail.

FIG. 2 is a diagram illustrating a processing sequence example of the program distribution system according to the first embodiment. Hereinafter, this example will be described.
First, as the pre-preparation process, a process of exchanging predetermined data via the network 7 is performed between the terminal manufacturer server 1 and the electronic money business center device 2. That is, first, a predetermined encryption key is exchanged in order to perform data exchange processing between the server 1 and the center apparatus 2 by encrypted communication (S1). Here, as an example, the public key cryptosystem is used as in the example of encrypted communication between the center apparatus 2 and the settlement terminal 10 shown in FIG. Therefore, the server 1 and the center device 2 each generate a key pair (a public key and a private key pair) by the public key cryptosystem, and transmit the public key in its own key pair to the other party (here, One public key is a public key (Kp_tm) and the other is a public key (Kp_bc), which are exchanged).

  Then, using the key pair generated by the self and the public key of the other party, each performs mutual authentication processing while generating an arbitrary random number as in the case of FIG. 3, and is generated during this mutual authentication processing. Generate a communication session key (Ks_tmbc) using exchanged random number information or the like.

  In subsequent processing (processing after S2), data transmission / reception by encrypted communication is performed using this communication session key (Ks_tmbc). Of course, the encrypted communication is not limited to the public key encryption method, and may be performed by a common key encryption method. In this case, the server 1 and the center device 2 share the same encryption key in advance.

The processes after S2 will be described.
First, the server 1 transmits terminal information (for example, a terminal ID, a business ID, a store ID, a store terminal ID, etc.), which is predetermined various information related to the settlement terminal 10 to be shipped, to the center device 2 (S2). This terminal information is encrypted with the communication session key (the information transmitted and received in the following S3, S4, and S5 is the same, and is encrypted with the communication session key (Ks_tmbc)). Although not described in the following description, the encrypted terminal information and the like are decrypted with the communication session key (Ks_tmbc).

  The communication session key (Ks_tmbc) is an encryption key used for data transmission / reception between the server 1 and the center apparatus 2, and a session key G (ks) used for data transmission / reception between the settlement terminal 10 and the center apparatus 2 described later. Is another. Similarly, the public keys (Kp_tm, Kp_bc) described above are also used for communication between the server 1 and the center apparatus 2, and are different from the public keys B and E in the seven types of keys described above.

  The center device 2 encrypts the received terminal information with the “center secret key D (Kcc)”, which is a secret key that only the electronic money business operator can know (hold), thereby the “center secret key D”. The terminal information “25 encrypted with (Kcc)” is generated, and this “encrypted terminal information” 25 is returned to the server 1 (S3). Further, the center device 2 stores the received terminal information in the nonvolatile memory 3. The server 1 stores the returned “encrypted terminal information” 25 in its own non-illustrated nonvolatile memory or the like (stores it in association with the transmitted terminal information).

  Further, the center device 2 transmits center information (such as an operator code and a network address), which is predetermined information related to the own device, to the server 1 (S4). The server 1 encrypts the received center information with the “terminal shared key A (Kct)”, which is a secret key that only the settlement terminal manufacturer can know (hold), thereby the “terminal shared key A (Kct)”. ) To generate “encrypted center information” 35 and return this “encrypted center information” 35 to the center apparatus 2 (S5). The server 1 stores the received center information. The center device 2 stores the returned “encrypted center information” 35 in the nonvolatile memory 3.

  The processes of S2 and S3 in the preparation process described above are performed corresponding to each settlement terminal to be shipped. Therefore, for example, if there are 100 settlement terminals 10 to be shipped, the processes of S2 and S3 are performed 100 times. On the other hand, the processes of S4 and S5 are basically performed only once.

  When the preparatory process described above is completed, the terminal maker performs the shipping setting process on the “shipping settlement terminal 10” using the result. This process is performed in a state where the server 1 and the “shipping settlement terminal 10” are connected to communicate with each other.

  That is, for example, by an instruction operation by a worker or the like, in the “payment terminal 10 to be shipped”, the arbitrary public key pair (“terminal public key B (Kpt)” and “terminal secret key C (Kst) ) ") Is generated and stored in the nonvolatile memory 24 (S6).

  Thereafter, the “terminal shared key A (Kct)” and the terminal information (terminal ID, store ID, store terminal ID, etc.) of the “shipment settlement terminal 10” described above are sent from the server 1 to the “shipment settlement terminal 10”. ), “Terminal information encrypted with the center secret key D (Kcc)” 25 obtained by encrypting the terminal information to the “payment terminal 10 to be shipped”, and the center information acquired in the process of S4. Then, it is stored in the nonvolatile memory 24 of the LSI 20 (S7, S8, S9). Therefore, although not shown in FIG. 1, terminal information (not encrypted) and center information are also stored in the nonvolatile memory 24. As described above, the program 30 is also set and stored in the nonvolatile memory 24.

  Also, the application of the electronic money business operator of the non-security part such as UI (user interface) display, that is, arbitrary information display on the display or the like, and the usage history (details) record, etc. is transferred to the ROM 13 (flash memory or EEPROM of the payment terminal 10). Etc.).

  After the above pre-shipment processing, when the “shipping payment terminal 10” is shipped and installed in an arbitrary store, the payment terminal 10 communicates with the center device 20 to communicate the intermediate code 31 and its security data 32. By obtaining, it becomes operational. This will be described below with reference to FIG. 3 as well as FIG.

  After the installation, in the payment terminal 10 that is turned on and activated, the terminal management CPU 11 first loads the “non-security part program” of the electronic money business operator into the RAM 12 and executes it. In this program processing, first, the processing of Step 11, Step 12, and Step 13 shown in FIG. 2 (processing of the terminal management CPU 11) is executed. At that time, the CPU 21 of the LSI 20 executes the application storage process by the program 30. Below, the process of each of these Steps is demonstrated first.

  Step 11: The terminal management CPU 11 first communicates with the LSI 20 to check whether the LSI 20 holds the intermediate code 31 and the security data 32 (S10). If the intermediate code 31 or the like is already held, the process proceeds to a state where the processing from Step 14 shown in the figure can be executed. That is, processing for receiving distribution of the intermediate code 31 or the like is not performed.

  On the other hand, when the intermediate code 31 or the like is not held (undistributed), first, to receive the distribution of the intermediate code 31 or the like, first, it is connected to the center apparatus 2 via the network 7 and the public key is exchanged. Do. As shown in the first process of FIG. 3, the terminal management CPU 11 of the payment terminal 10 acquires the “terminal public key B (Kpt)” held in the nonvolatile memory 24 of the LSI 20 from the LSI 20. This is transmitted to the center device 2. The center device 2 transmits the “center public key E (Kpc)” held in its own nonvolatile memory 3 to the settlement terminal 10. The terminal management CPU 11 passes the received “center public key E (Kpc)” to the LSI 20 and stores it in the volatile memory 23.

  Step 12; Execute mutual authentication processing, and generate “session key G (Ks)” when authentication is successful. The “session key G (Ks)” is generated by the payment terminal 10 and the center device 2 using information (for example, random numbers) obtained in the mutual authentication process, and the same one is generated.

  In the mutual authentication process, the “terminal information encrypted with the center secret key D (Kcc)” 25 obtained by the pre-preparation process and stored in the center device 2 and the payment terminal 10 respectively, terminal information, Using the “center information encrypted with the terminal shared key A (Kct)” 35, center information, etc., it is mutually confirmed whether or not the communication partner is valid. As a result, the center device 2 does not mistakenly distribute the intermediate code 31 or the like to the third party terminal, and the settlement terminal 10 erroneously downloads an unauthorized program from the third party device. The intermediate code 31 and the like can be delivered to the payment terminal 10 safely and reliably without any unauthorized processing being executed internally (particularly in the LSI 20).

Details of Step 12 will be described later with reference to FIG.
Step 13; When the mutual authentication is successful, the payment terminal 10 requests the intermediate code 31 and the security data 32 from the center device 2. Upon receiving this request, the center device 2 encrypts the intermediate code 31 and its security data 32 stored in the non-volatile memory 3 using the generated “session key G (Ks)”, respectively. The encrypted intermediate code “33” and “encrypted security data” 34 are generated and transmitted to the payment terminal 10. Upon receiving this, the settlement terminal 10 side decrypts these “encrypted intermediate code” 33 and “encrypted security data” 34 with the generated “session key G (Ks)” in the LSI 20, and outputs the intermediate code. 31 and its security data 32 are obtained, and these code 31 and data 32 are stored in the nonvolatile memory 24.

  After decryption, the intermediate code 31 and its security data 32 are verified. If the verification result is OK, these codes / data are stored in the nonvolatile memory 24. This verification process is not particularly relevant to the present invention and will not be described in detail. For example, the center device 2 generates a hash value of the intermediate code 31 and transmits this hash value together, and the LSI 20 Verification is performed using a hash value.

  Thus, the intermediate code 31 and the like are delivered to the settlement terminal 10 safely and reliably, and the communication process between the center device 2 and the settlement terminal 10 is completed. When the communication process ends, the center device 2 and the settlement terminal 10 delete the “session key G (Ks)” and the public key delivered from the other party, respectively.

As described above, activation of the security function (secure electronic money payment processing function) of the payment terminal 10 is completed, and electronic money payment processing becomes possible.
Here, FIG. 3 shows a flowchart for explaining the processing of Step 12 in detail.

  Although not described one by one in the following description, the processing on the settlement terminal 10 side in FIG. 3 is basically executed by the CPU 21 in the LSI 20, and the terminal management CPU 11 is transmitted and received between the center device 2 and the LSI 20. It relays and forwards packets.

Hereinafter, the processing of Step 12 (mutual authentication processing) will be described with reference to FIG.
In FIG. 3, the processing example of Step 11 (exchange of public keys B and E) is shown first, which has already been described.

  In the mutual authentication process shown in FIG. 3, first, the payment terminal 10 generates an arbitrary random number Rt therein, and uses its own terminal information stored at the time of shipment setting, and a hash value of this terminal information Is generated.

  Then, data (transmission data 41 in the figure) composed of the random number Rt, the terminal information hash value, and the “terminal information encrypted with the center secret key D (Kcc)” 25 stored at the time of shipment setting are variously used. It is encrypted with the key and transmitted to the center device 2. This is done by first encrypting the random number Rt and the terminal information hash value with its own private key (“terminal private key C (Kst)”), and further using these encrypted information and the “center secret key D (Kcc)”. The encrypted terminal information “25” is encrypted with the “center public key E (Kpc)” acquired in the process of Step 11 to generate the encrypted data 42 shown in the figure. Then, this encrypted data 42 is transmitted to the center apparatus 2.

  The center apparatus 2 that has received the encrypted data 42 decrypts the encrypted data 42 using various keys held by itself. That is, first, the encryption using the “center public key E (Kpc)” is decrypted using the “center secret key F (Ksc)”, so that “the terminal secret key C (Kst)” is used. Encrypted random number Rt and terminal information hash value "and" terminal information encrypted with center secret key D (Kcc) "25 are obtained.

  Subsequently, the “random number Rt and terminal information hash value encrypted with the“ terminal secret key C (Kst) ”” is decrypted with the “terminal public key B (Kpt)”, and the random number Rt and the terminal information hash are decrypted. Get the value. Further, the “terminal information encrypted with the center secret key D (Kcc)” 25 is decrypted with the center secret key D (Kcc) to obtain “terminal information”. The decoded data 43 shown in the figure can be obtained by these processes.

  If the decoding process cannot be performed normally, or if the determination in steps S21 and S22 described later is both NO, the process ends, and the subsequent processes are not performed. Therefore, naturally, distribution of intermediate data or the like is not performed. However, the payment terminal 10 may be notified of authentication failure.

  On the other hand, when the decryption process is normally completed and the decryption data 43 can be obtained, subsequently, the “terminal information” in the decryption data 43 is acquired and registered in the process of S2. The terminal information is checked to see if it matches (as described above, basically a plurality of pieces of terminal information (for example, terminal information for 100 devices) are stored, so that there is a match among them. Check if there is any). That is, it is confirmed whether or not the communication partner apparatus is the registered payment terminal 10 (step S21).

  If the terminal information matches (step S21, YES), then the hash value of the terminal information is obtained (note that the hash value generation algorithm is the same as that of the payment terminal 10). It is checked whether or not it matches the terminal information hash value in the decrypted data 43 (step S22). If they match (step S22, YES), terminal authentication is performed assuming that the settlement terminal 10 of the communication partner is valid. Judges success and continues processing.

  In addition, through the processing in step S21, the payment terminal 10 of the communication partner can be specified (which payment terminal is registered among the registered payment terminals). Thus, for example, managing which payment terminal 10 among the registered payment terminals 10 (that should have been shipped) has been distributed (or undistributed) the intermediate code 31 etc. Is also possible.

  On the other hand, if it is determined that there is a mismatch (NO) at any of the steps S21 and S22, the process ends as described above, and the subsequent processes are not performed. Therefore, naturally, distribution of intermediate data or the like is not performed.

  If the determinations in steps S21 and S22 are YES and the authentication is successful, the acquired random number Rt is first stored in the volatile memory 4. Then, an arbitrary random number Rc is generated, and further a hash value of its own center information is generated. Then, the data (the response data 44 shown) composed of the random number Rc, the center information hash value, and the “center information encrypted with the terminal shared key A (Kct)” 35 is encrypted with various keys and shown in the figure. Encrypted data 45 is generated and transmitted to the settlement terminal 10 at the connection destination.

  First, the random number Rc and the center information hash value are encrypted with the “center secret key F (Ksc)”, and further, the encrypted information and the “center information encrypted with the terminal shared key A (Kct)”. 35 is encrypted with the “terminal public key B (Kpt)” acquired in the process of Step 11 to generate the encrypted data 45 shown in the figure. Then, the encrypted data 45 is transmitted to the connection destination payment terminal 10.

  The payment terminal 10 that has received the encrypted data 45 decrypts the encrypted data 45 using various keys held by itself. That is, first, the encryption using the “terminal public key B (Kpt)” is decrypted by using the “terminal secret key F (Ksc)” by decrypting with the “terminal secret key C (Kst)”. Encrypted random number Rc and center information hash value "and" center information encrypted with terminal shared key A (Kct) "35 are obtained. Subsequently, the “random number Rc and center information hash value encrypted with the“ center secret key F (Ksc) ”” is decrypted with the “center public key E (Kpc)”, and the random number Rc and the center information hash value are obtained. obtain. Further, “center information encrypted with the terminal shared key A (Kct)” 35 is decrypted with the terminal shared key A (Kct) to obtain “center information”. The decoded data 46 shown in the figure can be obtained by these processes.

  Then, it is checked whether or not the “center information” in the decrypted data 46 matches the center information stored at the time of shipment setting (step S23). If they match (YES in step S23), then the hash value of this center information is obtained, and it is checked whether or not this hash value matches the center information hash value in the decrypted data 46 (step S24). If they match (YES in step S24), it is determined that the center device 2 of the communication partner is valid and the center authentication is successful, and the processing is continued. The acquired random number Rc is stored in the volatile memory 23 or the like.

  On the other hand, if the decryption process of the encrypted data 45 using the various keys is not successful, or if any one of the steps S23 and S24 is determined to be inconsistent (NO), the process ends, No further processing is performed. Therefore, naturally, the intermediate data 31 and the like are not downloaded. However, the center device 2 may be notified of the authentication failure.

  The random number match may be a condition for successful authentication. In this case, the center device 2 transmits the random number Rt in the decrypted data 43 including the encrypted data 45, and the settlement terminal 10 generates the random number Rt generated by the random number Rt included in the received encrypted data 45. In addition to the processes in steps S23 and S24, a process for checking whether or not the same may be performed. Note that the random number Rc may be similarly checked on the center device 2 side as to whether the random number Rc matches.

  Note that the processes in steps S22 and S24 are not necessarily essential, and only the processes in steps S21 and S23 may be performed. That is, if the determination in step S21 is YES, the center apparatus 2 may determine that the communication partner's payment terminal 10 is successful, and if the determination in step S23 is YES, the payment terminal 10 The center device 2 may be determined to be successful. Of course, in this case, the terminal information hash value and the center information hash value need not be generated and need not be included in the data 41 and 44.

When both the center device 2 and the payment terminal 10 determine that the authentication is successful as described above, the center device 2 and the payment terminal 10 further execute processing described below, although not shown.
That is, both the center device 2 and the payment terminal 10 store two random numbers, that is, a random number generated by itself and a random number acquired from the other party, that is, the random number Rt and the random number Rc when the mutual authentication process is successful. . That is, the predetermined information obtained by the mutual authentication process is stored. Thus, both the center device 2 and the payment terminal 10 generate the “session key G (Ks)” based on the two random numbers Rt and Rc. This is to generate the same “session key G (Ks)” in both the center apparatus 2 and the settlement terminal 10. In other words, the generation algorithm of “session key G (Ks)” may be anything (for example, “Rt + Rc” in a simple example), but the same generation algorithm program is stored in advance in each settlement terminal 10 and center device 2. Keep it. Therefore, since the data used for session key generation is the same (here, random number Rt and random number Rc), payment terminal 10 and center apparatus 2 generate the same session key.

  Then, as described in Step 13 above, the distribution process of the intermediate code 31 and the like is performed by encrypted communication using the “session key G (Ks)”. That is, the center apparatus 2 encrypts the intermediate code 31 and the like with the “session key G (Ks)” and transmits it to the payment terminal 10, and the payment terminal 10 (the LSI 20) that receives this encrypts the encrypted information with its own “ By decrypting using the session key G (Ks) ", the intermediate code 31 and the like can be obtained safely.

  Through the processing described above, the payment terminal 10 can obtain the intermediate code 31 and its security data 32 safely and reliably, and can perform electronic money payment processing with an IC card or the like and can start operation.

  The steps 14, 15, and 16 shown in FIG. 2, which are the processes after the start of operation, are the same as the existing processes except that the intermediate code 31 and the security data 32 in the LSI 20 are deleted in the removal process of Step 16. It's okay. Therefore, only a brief description will be given below.

First, the settlement process in Step 14 will be described.
When the payment terminal 10 receives a payment instruction from a higher-level terminal such as the POS cash register 5, the terminal management CPU 11 creates a specification and stores it as a provisional specification in a nonvolatile memory (ROM 13) such as a flash or an EEPROM. Further, after prompting the customer to present an IC card by display control using the UI 14, a settlement instruction is issued to the LSI 20.

  The CPU 21 of the LSI 20 interprets and executes the intermediate code 31 by the interpreter process of the program 30 in accordance with this settlement instruction (using the security data 32 at that time), thereby making an electronic money settlement with the IC card 6 (through confidential communication). Process. Then, the details are confirmed upon completion of the settlement process, and the processing result is notified to the terminal management CPU 11.

The terminal management CPU 11 notifies the customer of the completion of payment by display control (display display or the like) using the UI 14, and notifies the payment result to the host terminal.
Next, the tightening process in Step 15 will be described.

  When the settlement terminal 10 receives a tightening instruction from the host terminal, the terminal management CPU 11 creates detailed information to be tightened and stores it in a non-volatile memory (ROM 13) such as a flash or an EEPROM. Further, the terminal management CPU 11 passes the detailed information to be tightened to the LSI 20 and instructs the encryption process.

  In accordance with this instruction, the LSI 20 interprets and executes the intermediate code 31 by interpreter processing of the program 30 (in this case, using the security data 32), thereby encrypting the above detailed information, and this encrypted detailed information. Is returned to the terminal management CPU 11.

The terminal management CPU 11 transmits this encrypted detailed information to the center device 2. After the transmission is completed, the terminal management CPU 11 notifies the upper terminal of the closing information and the communication result to the center device 2.
Next, the removal process associated with removal of the payment terminal 10 at the time of store renovation or relocation / service termination in Step 16 will be described.

  When the settlement terminal 10 receives a removal instruction from the host terminal, the terminal management CPU 11 instructs the LSI 20 to delete the intermediate code 31 and the security data 32. In accordance with this instruction, the LSI 20 deletes the intermediate code 31 and the security data 32 stored in the nonvolatile memory 24 and notifies the terminal management CPU 11 of the completion of the deletion.

The terminal management CPU 11 confirming the completion of the deletion process notifies the center device 2 of the completion of removal.
As described above, according to the system of the first embodiment, the electronic money business operator is an application related to the payment processing of his / her own electronic money, particularly an application that implements security specifications (“payment processing security information”). In this example, an application or the like (payment processing security information) for causing the payment terminal to function can be set in the payment terminal without exposing the intermediate code 31 and the security data 32) to a third party (terminal manufacturer or the like). This setting process is performed via the network. By using encrypted information and various keys obtained by pre-preparation processes that are executed in advance, the above applications and the like can be securely and reliably distributed to the payment terminal. Can be set. In addition, also in each of Examples 2 to 6 described below, the same effect as that of Example 1 can be obtained (further, an effect unique to the example can be obtained).

Next, Example 2 will be described below.
FIG. 4 is a diagram illustrating a configuration example of a program distribution system according to the second embodiment.
Note that the system of FIG. 4 may have the same hardware configuration as that of the system shown in FIG. What is different from FIG. 1 is the storage location of the key and part of the processing contents, and the following mainly describes differences from the first embodiment.

As shown in FIG. 4, the difference from the first embodiment is that the intermediate code 31 and the security data 32 are stored not in the nonvolatile memory 24 but in the volatile memory 23.
FIG. 5 is a diagram illustrating a processing sequence example of the payment processing security information distribution system according to the second embodiment.

  As shown in FIG. 5, FIG. 5 is almost the same as the sequence of the first embodiment shown in FIG. 2, and only different points will be described. That is, only the processing of Step 11 'shown in the drawing is executed instead of Step 11 of FIG.

  In the second embodiment, the payment terminal 10 does not perform the process of confirming the presence / absence of the intermediate code 31 (S10), and always determines that the intermediate code 31 or the like is not held (undelivered) in the determination of S10. Execute the process when it is done. Therefore, in the process of Step 11 ′ shown in the figure, when the payment terminal 10 is turned on, the payment terminal 10 executes the process of “connecting to the center device 2 via the network 7 and exchanging public keys” described in Step 11 above. And the intermediate code 31 grade | etc., Is acquired by performing the process of Step12,13.

  In the second embodiment, as described above, since the intermediate code 31 and the security data 32 are stored in the volatile memory 23, they are deleted when the power is turned off. Therefore, since the intermediate code 31 and the security data 32 are not always held in the LSI 20 at the time of restart, it is not necessary to perform the process of step S10. Therefore, the process of Step 11 'is executed instead of Step 11.

  In the second embodiment, since the intermediate code 31 and the security data 32 are always deleted when the power is turned off, there is a possibility that the intermediate code 31 and the security data 32 may be leaked when the power is off except during operation (such as at night). There will be no. Further, the memory capacity of the nonvolatile memory 24 can be small (at least as compared with the case of the first embodiment).

Next, Example 3 will be described below.
FIG. 6 is a diagram illustrating a configuration example of the payment processing security information distribution system according to the third embodiment.

FIG. 7 is a diagram illustrating a processing sequence example of the payment processing security information distribution system according to the third embodiment.
Note that the system of FIG. 6 may have the same hardware configuration as the system shown in FIG. Hereinafter, differences from the first embodiment will be mainly described.

  In the third embodiment, in the payment terminal 10, the downloaded intermediate code 31 and security data 32 are not stored in the volatile memory 23 or the nonvolatile memory 24 in the LSI 20, but are stored in an encrypted state outside the LSI 20. Stored in the ROM 13. At any time, the LSI 20 acquires the intermediate code or the like (encrypted as described above) stored in the ROM 13, decrypts it, and expands it on the volatile memory 23. Thereafter, the CPU 21 interprets and executes the intermediate code 31 and the like stored in the volatile memory 23 by interpreter processing, and executes IC card settlement processing and the like.

  FIG. 6 shows a state in which the intermediate code 31 and the like have been developed on the volatile memory 23. At first glance, this looks similar to the second embodiment of FIG. 4, but in the second embodiment, the storage location for the intermediate code or the like is the volatile memory 23, whereas in this embodiment the storage location for the intermediate code or the like is the ROM 13. And is temporarily stored on the volatile memory 23.

  Further, in the second embodiment, as described above, there is an effect that there is no possibility that the intermediate code 31 and the security data 32 are leaked when the power is turned off. Since there is always no intermediate code 31 or the like in the LSI 20, it is necessary to access the center device 2 again to download the intermediate code or the like, but in the third embodiment, it is stored in the ROM 13. Since it is only necessary to acquire and decrypt the intermediate code or the like (encryption), such trouble is not necessary.

  Furthermore, in the third embodiment, a greater effect can be obtained when a plurality of types of electronic money applications are handled. That is, in this case, as described later in the fifth embodiment, when the intermediate code 31 or the like is stored in the nonvolatile memory 24, it is necessary to store the intermediate code 31 or the like corresponding to each of a plurality of types of electronic money. Therefore, it is necessary to increase the memory capacity of the nonvolatile memory 24 accordingly.

  On the other hand, in the third embodiment, all the intermediate codes corresponding to each of a plurality of types of electronic money are encrypted and stored in the ROM 13 as described above, so that the memory capacity of the nonvolatile memory 24 can be reduced. It will be bigger. Further, only the encrypted intermediate code 36 of any electronic money among the encrypted intermediate codes 36 of various electronic money stored in the ROM 13 need only be decrypted and stored in the volatile memory 23. Even when dealing with electronic money, it is not necessary to increase the memory capacity of the volatile memory 23 (when dealing with multiple types of electronic money in the second embodiment, it is necessary to increase the memory capacity of the volatile memory 23. ). In this case, for example, when the case corresponding to three types of electronic money a, b, and c is taken as an example, the ROM 13 stores encrypted intermediate codes 36 and the like corresponding to these various types of electronic money a, b, and c. However, for example, when performing settlement processing with an IC card corresponding to the electronic money a, the LSI 20 obtains only the encrypted intermediate code 36 corresponding to the electronic money a from the ROM 13 and decrypts it to make it volatile. The data is temporarily expanded on the memory 23, and payment processing is performed using the data. When the payment processing is completed, the data may be deleted from the memory 23.

Hereinafter, Example 3 described above will be described in more detail.
First, as described above, the intermediate code and the like are stored in the ROM 13 in an encrypted state. In the example shown in FIG. 6, this is “an intermediate code encrypted with the terminal public key B (Kpt)” 36 ( In some cases, it is referred to as an encrypted intermediate code 36), and “security data encrypted with the terminal public key B (Kpt)” 37 (also referred to as encrypted security data 37).

  That is, in step 13 ′ of FIG. 7 of the third embodiment, the center device 2 encrypts the intermediate code 31 and the like with the session key G (ks) and distributes the same as in the first embodiment (the above encryption). The intermediate code 33 and the encrypted security data 34 are distributed), which are not stored in the ROM 13 as they are. This is because the session key G (ks) is temporarily generated and used at the time of communication with the center apparatus 2 and is deleted upon completion of communication, so that it cannot be decrypted later.

  As a result, in the payment terminal 10, as shown in step 13 ′ of FIG. 7, the terminal management CPU 11 passes the distributed encrypted intermediate code 33 and the like to the LSI 20, and the LSI 20 is the same as in the first embodiment. After decrypting the encrypted intermediate code 33 and the like using the session key G (ks) to acquire the intermediate code 31 and verifying it, the verification is OK. The above-mentioned encrypted intermediate code 36 and encrypted security data 37 are generated by encrypting with the “terminal public key B (Kpt)” and stored in the ROM 13. The decryption of the encrypted data 36 and 37 is performed using the “terminal secret key C (Kst)”.

In FIG. 7, the pre-preparation process, the pre-shipment setting process, and the processes of Steps 11 and 12 are the same as those in the first embodiment (FIG. 2), and will not be described in particular.
On the other hand, Steps 14 ′, 15 ′, and 16 ′ shown in FIG. 7 are partially different from Steps 14, 15, and 16 shown in FIG. That is, Step 14 ′ is the same as Step 14 in FIG. 2 in that payment processing and interpreter processing are performed in response to a payment instruction from the POS terminal 5, but before that, a payment instruction from the POS terminal 5 comes. At this time, the terminal management CPU 11 passes the encrypted intermediate code 36 and the encrypted security data 37 stored in the ROM to the LSI 20, and the LSI 20 decrypts them with the “terminal secret key C (Kst)”. A process of developing on the volatile memory 23 is performed. Then, the LSI 20 performs electronic money settlement processing using the intermediate code 31 or the like developed on the volatile memory 23.

Further, when the settlement processing is completed, the LSI 20 deletes the intermediate code 31 and the like developed on the volatile memory 23.
When dealing with a plurality of types of electronic money, the terminal management CPU 11 acquires from the ROM 13 the encrypted intermediate code 36 and the like corresponding to the type of electronic money specified by the payment instruction from the POS terminal 5. To the LSI 20.

  In the process of Step 15 ′, as in the case of Step 14 ′, when receiving the tightening instruction, the terminal management CPU 11 distributes the encrypted intermediate code 36 and the encrypted security data 37 stored in the ROM 13 to the LSI 20. Then, the LSI 20 performs a process of decoding them and developing them on the volatile memory 23 (a process of obtaining the intermediate code 31 and the security data 32 and storing them in the volatile memory 23).

  Then, the fastening process and the like are performed in the LSI 20 using these intermediate codes 31 and the like in the same manner as in Step 15. Then, after completing the tightening process, the LSI 20 deletes the intermediate code 31 and the like developed on the volatile memory 23.

  In the process of Step 16 ′, the terminal management CPU 11 deletes the encrypted data (encrypted intermediate code 36 and encrypted security data 37) stored in the ROM 13 in response to the removal instruction.

  In the processing example of Step 14 ′, the encrypted intermediate code 36 and the like are acquired from the ROM 13 and decrypted for each settlement process, and the intermediate code 31 and the like are expanded in the volatile memory 23 and then deleted. However, the present invention is not limited to this example. For example, after the encrypted intermediate code 36 and the like are decrypted at startup and the intermediate code 31 and the like are expanded in the volatile memory 23, the operation is performed without erasing, and the operation ends (power off). It may be erased by. However, as described above, when a plurality of electronic money applications are handled, an effect that the memory capacity of the volatile memory 23 can be reduced can be obtained by performing the processing of the processing example of Step 14 '.

Next, Example 4 will be described below.
In the first to third embodiments, the case where the public key cryptosystem is used for the encrypted communication between the settlement terminal 10 and the center device 2 has been described. However, as in the fourth embodiment, a common key cryptosystem may be adopted.

  In this case, it is necessary to share the same encryption key (terminal-center common key H (Kc_tc)) in advance on both the electronic money provider side and the terminal manufacturer side. Alternatively, the electronic money provider side and the terminal manufacturer side may independently generate an encryption key based on the common key encryption method, and each may pass the encryption key generated by itself to the other party in advance. In the former case, the settlement terminal 10 and the center device 2 each use the same encryption key, but encryption may be performed by a method having a different encryption procedure (of course, both of these two types of encryption are used. Knows the encryption procedure and stores the encryption / decryption program). On the other hand, in the latter case, an encryption key for generating and decrypting encrypted data 51 described later is different from an encryption key for generating and decrypting encrypted data 52.

  However, in the following description, the above-mentioned matters are not explained step by step, but simply “terminal-center common key H (Kc_tc)” which is the same encryption key shared by both the electronic money business operator side and the terminal manufacturer side. ”Is assumed to be encrypted / decrypted.

  First, the “terminal-center common key H (Kc_tc)” is stored together with the “terminal shared key A (Kct)”, terminal information, center information, and the like in each shipping settlement terminal 10 at the time of the shipment setting operation. Is done. Further, in the fourth embodiment, the pre-preparation process is performed in the same manner as in the first embodiment. The “terminal information encrypted with the center secret key D (Kcc)” 25 obtained thereby is also used for the shipping setting work. Stored in the payment terminal 10. These various setting information are stored in the nonvolatile memory 24 as shown in FIG.

FIG. 8 is a diagram illustrating a configuration example of the payment processing security information distribution system according to the fourth embodiment.
The system shown in FIG. 8 may have the same hardware configuration as the system shown in FIG. Hereinafter, differences from the first embodiment will be mainly described. The difference from the first embodiment is that encrypted communication between the center apparatus 2 and the settlement terminal 10 is performed using the above-mentioned “terminal-center common key H (Kc_tc)” instead of the public key pair. That is, encrypted communication is performed using a common key encryption method instead of a public key encryption method.

  Therefore, the various keys used in this system are “terminal shared key A (Kct)”, “terminal-center common key H (Kc_tc)”, “center secret key D (Kcc) as shown in the lower left of the figure in FIG. ) ”And“ Session Key G (Ks) ”. As a result, the keys stored in each memory are partially different from those shown in FIG.

  First, in the center device 2, instead of the center public key pair (“center public key E (Kpc)” and “center secret key F (Ksc)”), “terminal-center” is stored in the nonvolatile memory 3. A common key H (Kc_tc) "is stored. Other keys and encrypted data are the same as those in FIG. In the first embodiment, the public key is exchanged in Step 11 of FIG. 2. However, since it is not necessary in this example, the “terminal public key B (Kpt)” is not stored in the volatile memory 4.

  Further, in the payment terminal 10, the non-volatile memory 24 has “Public key pair (“ Terminal public key B (Kpt) ”” and “Terminal private key C (Kst)”) instead of “Terminal public key pair”. The terminal-center common key H (Kc_tc) "is stored. Other keys and encrypted data are the same as those in FIG. In the first embodiment, the public key is exchanged in Step 11 of FIG. 2. However, since this is not necessary in this example, the “center public key E (Kpc)” is not stored in the volatile memory 23.

  Also in the fourth embodiment, the overall processing sequence is substantially the same as that in FIG. 2 and is not particularly described here. However, as described above, the public key is not exchanged in Step 11, and the detailed processing contents of Step 12 are different. In other words, in this example, the detailed processing of Step 12 is not the processing in FIG. 3 but the processing in FIG.

FIG. 9 is a flowchart for explaining in detail the processing of Step 12 in the fourth embodiment.
In FIG. 9, the same data and processes as those in FIG.
That is, the transmission data 41 is generated in the payment terminal 10, and the center device 2 that has received the encrypted data of the transmission data 41 uses the decrypted data 43 obtained by decrypting the encrypted data in steps S21 and S22. The determination processing is the same as the processing in FIG. 3 of the first embodiment, and is not particularly described here. Further, the center device 2 generates the response data 44 after successful authentication, and the settlement terminal 10 that has received the encrypted data of the response data 44 uses the decrypted data 46 obtained by decrypting the response data 44 in step S23. , 24 is the same as the process of FIG. 3 of the first embodiment, and is not specifically described here.

As described above, FIG. 9 differs from FIG. 3 in the process of encrypting and decrypting the transmission data 41 and the response data 44, which will be described below.
As described above, the transmission data 41 and the response data 44 themselves are the same as those in FIG. 3. However, for the time being, the transmission data 41 is a random number Rt arbitrarily generated in the payment terminal 10. Terminal information hash value and “terminal information encrypted with the center secret key D (Kcc)” 25. The response data 44 includes a random number Rc arbitrarily generated by the center apparatus 2 inside, a center information hash value, and “center information encrypted with the terminal shared key A (Kct)” 35.

  First, after generating the transmission data 41, the payment terminal 10 encrypts the transmission data 41 with the “terminal-center common key H (Kc_tc)” stored in the nonvolatile memory 24 at the time of shipment setting. Then, the encrypted data 51 shown in the figure is generated and transmitted. The center device 2 that has received the encrypted data 51 uses this “terminal-center common key H (Kc_tc)” and “center secret key D (Kcc)” stored in the nonvolatile memory 3 to perform this encryption. The decoded data 43 is obtained by decoding the data 51. Then, as described above, the determination process of steps S21 and S22 is performed. If the terminal authentication is successful, the process is continued, and the random number Rt in the decrypted data 43 is stored and the following process is performed.

  That is, when the center device 2 generates the response data 44, the center device 2 encrypts the response data 44 with the "terminal-center common key H (Kc_tc)" stored in the nonvolatile memory 3, thereby Encrypted data 52 is generated and transmitted. The payment terminal 10 that has received the encrypted data 52 uses the “terminal-center common key H (Kc_tc)” and “terminal shared key A (Kct)” stored in the nonvolatile memory 24. The decrypted data 46 is obtained by decrypting the encrypted data 52. Then, as described above, the determination processing in steps S23 and S24 is performed, and if the center authentication is successful, the random number Rc in the decrypted data 46 is stored. Then, a “session key G (Ks)” is generated based on the random number Rc and the random number Rt, and the process of Step 13 is performed. As described above, the processes after Step 13 are substantially the same as those in FIG. 2 and are not particularly described here.

As described above, the encrypted communication at the time of mutual authentication processing between the settlement terminal 10 and the center device 2 is not limited to the public key cryptosystem, and a common key cryptosystem may be used.
(Example 5) (When dealing with a plurality of electronic money applications)
FIG. 10 is a diagram illustrating a configuration example of a payment processing security information distribution system according to the fifth embodiment. That is, a system configuration example capable of handling a plurality of types of electronic money applications is shown.

  The system shown in FIG. 10 may have the same hardware configuration as the system shown in FIG. Hereinafter, differences from the first embodiment will be mainly described. The terminal maker server 1 ′ shown in the figure has basically the same processing functions as the terminal maker server 1 shown in FIG. 1, but performs pre-preparation processing for each of a plurality of electronic money business operators as described below. Since the points to be performed are different, they are different signs (not 1 but 1 ').

  Although only the center device 2 of one electronic money business is shown in the figure, there can be a plurality of center devices 2 of a plurality of electronic money business operators. Then, the terminal maker server 1 ′ in FIG. 10 executes pre-preparation processing with each of the center devices 2 in advance in the same manner as in the first embodiment and the like, and the “center secret key D ( The terminal information “25” and the center information encrypted with Kcc) are acquired. Naturally, since the center secret key D (Kcc) is different for each center device 2, the encrypted terminal information 25 (also center information) is different for each center device 2, so that the server 1 obtains it. The encrypted terminal information 25 and the center information are stored in the server 1 in association with each electronic money business operator and used for subsequent online settings and the like.

  Further, the server 1 'generates and stores the terminal shared key A (Kct) in association with each electronic money business operator. Accordingly, since there are a plurality of terminal shared keys A (Kct) instead of one, and they are different for each electronic money business operator, they are described as “application-specific secret keys 62” as shown here. . The “center information encrypted with the terminal shared key A (Kct)” 35 transmitted to the center apparatus 2 during the pre-preparation process is also the application-specific secret key 62 corresponding to the electronic money carrier of the communication partner. It encrypts using. In this sense, the “center information encrypted with the terminal shared key A (Kct)” 35 can also be referred to as “center information encrypted with the application-specific secret key 62”. Assume that the center information encrypted with the shared key A (Kct) is “35”.

  At the time of shipment setting on the terminal manufacturer side, the same setting as in the first embodiment is performed for each settlement terminal 10 to be shipped. However, if the payment terminal 10 to be set handles multiple types of electronic money applications, the “application-specific secret key A” and the “center secret key” corresponding to each type of electronic money handled by the payment terminal 10 are used. The terminal information “25” encrypted with D (Kcc), the center information, and the like are stored in the nonvolatile memory 24 in the LSI 20.

  Of course, as in the first embodiment, in the settlement terminal 10 to be set, the arbitrary public key pair (“terminal public key B (Kpt)” and “terminal secret key C (Kst)”) is stored therein. A process of generating and storing in the nonvolatile memory 24 and a process of storing the application of the electronic money business operator of the non-security part such as UI display, program addition / change / deletion, and usage history (details) recording in the ROM 13 are also performed. . This non-security application is shown as “non-settlement program” 63 in FIG. Since the public key pair is not different for each electronic money business operator, only one public key pair is stored as shown in the figure. On the other hand, the “non-settlement program” is different for each electronic money business operator, and stores a “non-settlement program” 63 for each electronic money type as shown in the figure.

  The payment terminal 10 that has been shipped and installed in an arbitrary store has the same public key pair, terminal information, “application-specific secret key” 62, “encrypted terminal information” 25, as in the first embodiment. Etc., the intermediate code 31 and the security data 32 are acquired from the center apparatus 2. When dealing with a plurality of types of electronic money, the intermediate code 31 and the security data 32 are acquired from the center device 2 of each electronic money business. At that time, the “application-specific secret key” 62 and “encrypted terminal information” 25 corresponding to the electronic money provider of the communication partner are used. The processing itself for acquiring the intermediate code 31 and the like (mutual authentication processing, distribution of the encrypted intermediate code 33 using a session key, decryption processing, etc.) is substantially the same as in the first embodiment, and will not be described here.

The acquired intermediate code 31 and security data 32 are stored and managed in the nonvolatile memory 24 in association with each electronic money business as shown in the figure.
Thereafter, in the process of step 14, for example, every time payment processing is performed with an arbitrary IC card 6, electronic money payment processing is performed using the intermediate code 31 corresponding to the type of IC card (type of electronic money). It will be.

  As in the sixth embodiment described later, the storage addresses of the acquired and stored intermediate code 31 and security data 32 are stored and managed in association with service codes in the memory management table 70 described later. Good. In the settlement process with the arbitrary IC card 6, the service code corresponding to the type of electronic money to be settled is designated by a settlement instruction from a higher-level terminal such as the POS cash register 5, so that the memory management table By referring to 70, the storage location of the intermediate code 31 and the security data 32 corresponding to the type of electronic money to be settled can be known, and the settlement process is performed using these.

As described above, the fifth embodiment can provide a system that can handle a plurality of types of electronic money applications while having the characteristics of the system of the first embodiment.
Here, for example, for each store to which each payment terminal 10 is shipped, the type and number of electronic money handled at that store are determined based on the store's idea. Each payment terminal 10 is set according to the above. For example, assume that one store x handles only electronic money a, another store y handles only electronic money b, and another store z handles electronic money a and c. In this case, at the time of shipment setting, the terminal manufacturer side sets “application unique secret key” 62 corresponding to the electronic money “a”, “encrypted terminal information” 25 and the like for the payment terminal 10 for the store x. Setting information will be set. Similarly, for the payment terminal 10 for the store y, the setting information (“application-specific secret key” 62 etc.) corresponding to the electronic money b is set, and the payment terminal 10 for the store z is set. Sets the setting information (such as “application-specific secret key” 62) corresponding to each of the electronic money a and c.

However, there are cases where it is desired to increase (or change) the types of electronic money handled at a store after shipment, due to circumstances on the store side.
In addition, from the above, in the fifth embodiment, at the time of shipment setting, the worker, for each payment terminal 10, “application-specific secret key” 62 corresponding to the type of electronic money handled by the payment terminal 10, “Encrypted terminal information” 25 or the like is selected and set, which takes time.

The sixth embodiment described below addresses such a problem.
As in the fifth embodiment, the sixth embodiment is based on a system that can handle a plurality of types of electronic money applications. Therefore, the system configuration itself may be the same as that in FIG. 10 and will be described with reference to FIG. 10 in the following description.

FIG. 11 shows a communication sequence according to the sixth embodiment, which will be described.
As shown in FIG. 11, in the sixth embodiment, first, at the time of shipment setting, an encryption key is set for the settlement terminal 10 (public key pair (“terminal public key B (Kpt)” and “terminal secret The key C (Kst) ") is generated and stored in the nonvolatile memory 24) and only the terminal information of the settlement terminal 10 is set (only the processes of S6 and S8 in FIG. 2 are performed). This is because these pieces of information are not used for each electronic money company but are used in common.

  Therefore, at this time, settings such as “application-specific secret key” 62 and “encrypted terminal information” 25 are not performed (the processes in S7 and S9 in FIG. 2). Therefore, unlike the first embodiment or the like, the pre-preparation process does not necessarily have to be performed before the shipment setting. However, it is necessary to perform pre-preparation processing before the maintenance information upload described later. The pre-preparation process itself may be the same as that shown in FIG. 2 (the processes of S1 to S5 are performed) and will not be described here. However, as in the fifth embodiment, pre-preparation processing is performed with the center device 2 of each electronic money business operator, and “encrypted terminal information” 25 corresponding to each electronic money type is acquired. As a result, the center device 2 of each electronic money company stores “encrypted center information” 35 encrypted by the “application-specific secret key” 62 corresponding to the electronic money company. Will be.

Here, it is assumed that a predetermined service code is determined in advance for each electronic money type.
For example, in the shipment setting operation, for each payment terminal 10 to be shipped, the service code of the electronic money type handled by the payment terminal 10 is associated with the terminal identification ID of the payment terminal 10 and the server 1 is not shown. In the payment terminal management table. This registered content may be updated later in response to a request from the store, for example. For example, taking the store z as an example, for the payment terminal 10 shipped to the store z, the service codes of the electronic money a and c are registered at the beginning. It is assumed that the service code is additionally registered. In this example, the payment terminal 10 initially corresponds to two types of electronic money a and c, but later corresponds to three types of electronic money a, b, and c. However, in order to actually be able to execute these various types of electronic money settlement processing, it is necessary to perform processing for uploading maintenance information, which will be described later, and processing for acquiring intermediate data 31 and the like in step 13.

  Note that the program 30 ′ shown in FIG. 10 is also stored in the non-volatile memory 24 of the payment terminal 10 during the shipment setting operation. The program 30 of the first embodiment is a program that performs interpreter processing, application storage processing, and the like. The program 30 'further includes a program that executes service management processing as shown in FIG.

  The settlement terminal 10 shipped through the shipment setting operation and installed in an arbitrary store executes the service management processing program, for example, periodically (in this example, by maintenance information upload). In the maintenance information upload, for example, the server 1 is notified of information indicating the current state of the settlement terminal 10 (for example, the current state, which electronic money is supported, etc.).

  In this process, first, a predetermined authentication process is performed by connecting to the terminal manufacturer server 1 via the network 7 (S11), and if the authentication is successful, the process after S12 is performed. The authentication process itself may be a process using an existing authentication method, and is not particularly described here.

  At the time of the connection / authentication process in S11, the payment terminal 10 uses all the service codes registered in the memory management table 70 stored in its own memory (for example, the non-volatile memory 24) together with its own terminal identification ID. Transmit to the terminal manufacturer server 1. The server 1 refers to the payment terminal management table (not shown) and compares the service code registered in this table with the received service code to determine whether or not application addition is necessary. For example, in the case of the store z, for example, when the payment terminal 10 of the store z notifies the service codes of the electronic money a and c, only the service codes of the electronic money a and c are registered in the payment terminal management table. If the service code of the electronic money a, b, c is registered, it is determined that the application of the electronic money b needs to be added.

  Further, as for the payment terminal 10 that has been shipped and has accessed the server 1 for the first time after installation, of course, nothing is stored in the intermediate code 31 or the like, so that nothing is registered in the memory management table 70. Since there is (refer to the description to be described later), “no service code” is notified to the server 1. Accordingly, the server 1 determines that it is necessary to add an application for all service codes registered in the payment terminal management table for the payment terminal 10.

If it is determined that application addition is unnecessary, a message to that effect is returned to the payment terminal 10.
On the other hand, when it is determined that the application needs to be added, the processing after S12 described below is executed.

An example of the memory management table 70 is shown in FIG. 12 and will be described later.
Hereinafter, the processing after S12 will be described.

  First, the server 1 determines program information related to the type of electronic money (in the above example, electronic money b) determined to require application addition by the process of S11 (the size of the electronic money related to the service code, the program, the key, etc.). Information etc .; a specific example will be described later with reference to FIG. 12) and an application addition instruction is notified to the payment terminal 10 (S12).

  In addition, when there are a plurality of types of electronic money determined that the application needs to be added, the processing after S12 is performed for any one of them, and the distribution processing of S14 is executed. Similarly, the processing after S12 is performed for other types of electronic money.

  Upon receiving the notification of S12, the terminal management CPU 11 of the payment terminal 10 first checks the free space in the ROM 13, and based on the size information of the non-payment program 63 included in the program information, It is determined whether it can be stored in the ROM 13 (whether “size of non-payment program <free capacity”). If it cannot be stored, the server 1 is notified accordingly.

  On the other hand, if the program can be stored, the received program information (excluding the size information of the non-settlement program is excluded) is transferred to the LSI 20 and an instruction for inquiring whether the program can be added is issued.

  In response to this instruction, the LSI 20 determines whether or not the electronic money type program to be added, the key, and the like can be stored in the nonvolatile memory 24, the overall size of the memory 24, the current usage, and the program information of the additional application. And the determination result is returned to the terminal management CPU 11.

  This is because, for example, the total data size of various data currently stored in the nonvolatile memory 24 can be known based on the memory management table 70 and the like, so that the current free capacity of the nonvolatile memory 24 is known (free space = Capacity of nonvolatile memory 24 (total size) -total data size). On the other hand, since the total data size of the program, key, etc. relating to the newly added electronic money type is known based on the passed program information, it is determined whether or not this program can be stored in the nonvolatile memory 24. Can be judged. That is, if the total data size is less than the free capacity, it is determined that storage is possible. Thereby, the determination result is notified to the terminal management CPU 11.

  If it is determined that data can be stored, a new record is generated in the memory management table 70, and the program information (service code, each size (data length)) passed from the terminal management CPU 11 is stored in the new record. To do.

Here, an example of the memory management table 70 will be described with reference to FIG.
FIG. 12 is a data configuration example of the memory management table 70.
The illustrated memory management table 70 includes a service code 71, a terminal shared key storage address 72, a data length 73, an encrypted terminal information storage address 74, a data length 75, an intermediate code storage address 76, a data length 77, security data. Each data item has a storage address 78 and a data length 79.

  In other words, the memory management table 70 stores storage addresses and size information such as settlement processing programs / data for each type of electronic money stored in the nonvolatile memory 24. That is, for each type of electronic money, the storage location and size of the corresponding application-specific secret key 62, “terminal information encrypted with the center secret key D (Kcc)” 25, intermediate code 31, security data 32, etc. are stored in memory. It is registered in the management table 70.

  For example, the terminal shared key storage address 72 and its data length 73 are the storage address and data size of the application specific secret key 62. The encrypted terminal information storage address 74 and its data length 75 are the storage address and data size of “terminal information encrypted with the center secret key D (Kcc)” 25. The intermediate code storage address 76 and its data length 77 are the storage address and data size of the intermediate code 31. The security data storage address 78 and its data length 79 are the storage address and data size of the security data 32.

  Specific examples of the program information passed from the terminal management CPU 11 are not particularly shown, but the service code, the size of the application specific secret key 62, the size of the “terminal information encrypted with the center secret key D (Kcc)” 25, The size of the intermediate code 31 and the size of the security data 32 are stored in the service code 71, the data length 73, the data length 75, the data length 77, and the data length 79, respectively, in the storage process to the new record. Will be. Each storage address 72, 74, 76, 78 is not yet stored at this point.

  Whether the data can be stored in the memory 24 is determined by determining whether the sum of the data lengths 73, 75, 77, 79 in the received program information is less than the free capacity of the memory 24. It will be.

Upon receiving the determination result from the LSI 20, the terminal management CPU 11 transfers it to the server 1 (response in S13).
Upon receiving this response, the server 1 ends this process if the determination result cannot be stored. On the other hand, if it can be stored, the service code, non-settlement application (non-settlement program 63), electronic money business center connection information (center device 2 of the electronic money business) related to the electronic money to be added. ), Center information, application-specific secret key 62, and "terminal information encrypted with the center secret key D (Kcc)" 25 are downloaded to the payment terminal 10 (S14).

  The terminal management CPU 11 of the payment terminal 10 passes the download information to the LSI 20 and executes processing such as decryption. Among various information obtained by decryption, the service code, the non-payment program 63, and the electronic money business operator The center connection information is received and stored in the ROM 13.

  On the other hand, the LSI 20 stores the application-specific secret key 62) and the “encrypted terminal information” 25 among the various information obtained by the decryption in the nonvolatile memory 24, and stores these storage addresses in the memory. They are stored in the terminal shared key storage address 72 and the encrypted terminal information storage address 74 of the management table 70, respectively. At this time, a storage area for the intermediate code 31 and the security data 32 in the nonvolatile memory 24 is also secured, and these storage addresses are also stored in the intermediate code storage address 76 and the security data storage address 78 of the memory management table 70, respectively. To do. Thereby, the data registration in the memory management table 70 is completed. However, this processing may not be performed until the intermediate code 31 and the security data 32 are actually acquired and stored.

  Thereafter, the payment terminal 10 uses the various setting information acquired as described above, and uses the electronic money business center connection information, as described above, in the same manner as in the first embodiment or the like. The intermediate code 31 and the security data 32 are acquired, and the intermediate code 31 and the security data 32 are stored in an already secured area. As a result, the payment processing function related to the new electronic money is activated.

  Subsequent settlement processing, closing processing, and removal processing may be substantially the same as the processing of steps 14, 15, and 16 described in FIG. 2 of the first embodiment, but in this example, the terminal management CPU 11 performs these processing. Transmits a command instruction (settlement / tightening etc.) including the service code of the electronic money application to be processed to the LSI 20, and the LSI 20 refers to the memory management table 70, and the intermediate code corresponding to the instructed service code is sent to the LSI 20. 31. By reading the storage address of the security data 32 and using the intermediate code 31 or the like stored at the read address, the settlement processing related to the instructed electronic money is executed.

  As described above, according to the present system, the electronic money business operator can disclose information related to the security processing of the electronic money application (intermediate code 31, security data 32, etc.) The information can be made into a state where electronic money payment processing can be executed by securely downloading to the payment terminal 10 via the network after shipment. In addition, by managing the memory using the service code, a plurality of electronic money applications can be managed, and a plurality of electronic money applications can be executed by one unit.

Finally, FIG. 13 shows an example of the hardware configuration of the computer of the center device 2 or the server 1.
A computer 100 illustrated in FIG. 13 includes a CPU 101, a memory 102, an input unit 103, an output unit 104, a storage unit 105, a recording medium driving unit 106, and a network connection unit 107, which are connected to a bus 108. It has become.

The CPU 101 is a central processing unit that controls the entire computer 100.
The memory 102 is a memory such as a RAM that temporarily stores a program or data stored in the storage unit 105 (or the portable recording medium 109) when executing arbitrary processing. The CPU 101 executes various processes using the program / data read out to the memory 102.

The output unit 104 is, for example, a display, and the input unit 103 is, for example, a keyboard, a mouse, or the like.
The network connection unit 107 is configured to connect to the network 7 and perform communication (command / data transmission / reception, etc.) with other information processing apparatuses, for example.

  The storage unit 105 is, for example, a hard disk or the like, and stores an application program for realizing the various processes described above by the CPU 101. That is, in the case where the computer 100 is the center device 2, an application program for causing the CPU 101 to execute the above preparatory processing, the download processing of the intermediate code 31 to each settlement terminal 10, and the like is stored. . Further, when the computer 100 is the server 1, the CPU 101 executes the preparatory process, the shipment setting process (S6 to S9), the download process (S11 to S14) shown in FIG. Stores application programs.

  When the computer 100 is the center device 2, the storage unit 105 may be considered to correspond to the nonvolatile memory 3 (the memory 102 may be considered to correspond to the volatile memory 4).

The CPU 101 implements the various processes described above by reading and executing various programs stored in the storage unit 105.
Alternatively, the various programs / data stored in the storage unit 105 may be stored in the portable recording medium 109. In this case, the program / data stored in the portable recording medium 109 is read by the recording medium driving unit 106. The portable recording medium 109 is, for example, an FD (flexible disk) 109a, a CD-ROM 109b, a DVD, a magneto-optical disk, or the like.

  Alternatively, the program / data may be downloaded from another apparatus via a network connected by the network connection unit 107. Or you may download further what was memorize | stored in the other external apparatus via the internet.

  In addition, the present invention can be configured not only as a portable storage medium recording a program for realizing the various processes of the present invention on a computer, but also as the program itself.

DESCRIPTION OF SYMBOLS 1 Terminal maker server 2 Electronic money provider center apparatus 3 Non-volatile memory 4 Volatile memory 5 POS cash register 6 IC card 7 Network 10 Payment terminal 11 Terminal management CPU
12 RAM
13 ROM
14 UI
15 1st communication part 16 2nd communication part 17 3rd communication part 20 LSI
21 CPU
22 Fourth communication unit 23 Volatile memory 24 Non-volatile memory 25 Terminal information 26 encrypted with the center secret key D (Kcc) 26 Fifth communication unit 31 Intermediate code 32 Security data 33 Encrypted intermediate code 34 Encrypted security data 35 Center information encrypted with terminal shared key A (Kct) 36 Intermediate code encrypted with terminal public key B (Kpt) Security data 41 encrypted with terminal public key B (Kpt) Transmission data 42 Encrypted data 43 Decrypted data 44 Response data 45 Encrypted data 46 Decrypted data 51 Encrypted data 52 Encrypted data 62 Encrypted data 62 Non-payment program 70 Non-payment program 70 Memory management table 71 Service code 72 Terminal shared key storage address 73 Data length 74 Encryption terminal information storage address 75 Data length 76 Intermediate code storage address 77 data length 78 security data storage address 79 data length 100 computer 101 CPU
102 Memory 103 Input unit 104 Output unit 105 Storage unit 106 Recording medium drive unit 107 Network connection unit 108 Bus

Claims (17)

A payment processing security information distribution method in a network system in which a center device of an electronic money business operator, a server device of a payment terminal manufacturer, and each payment terminal are connected to a network and can mutually transmit and receive data,
Since the center device and the server device perform communication processing with each other via the network in advance, the center device has a first secret key in which specific information related to itself is held only by the payment terminal manufacturer side. The server apparatus acquires and holds the encryption specific information encrypted by the server apparatus, and for each payment terminal to be shipped, the server apparatus stores only terminal information that is predetermined information related to the payment terminal. A preparatory processing step of acquiring and holding encrypted terminal information encrypted by the secret key of 2;
For each payment terminal shipped by the server, the terminal information of the payment terminal, the encrypted terminal information, the first secret key, and the specific information acquired during the pre-processing step Setting processing steps for setting and storing
After each payment terminal is shipped and installed at any installation location,
The center device and the payment terminal perform mutual authentication processing by encrypted communication via the network, and the payment terminal transmits first transmission information including the encrypted terminal information to the center device. Then, the center apparatus authenticates a settlement terminal of the communication partner based on the first transmission information, the second secret key, and the terminal information acquired at the preparation processing step, and the center apparatus Second transmission information including encrypted specific information is transmitted to the payment terminal, and the payment terminal authenticates the center apparatus based on the second transmission information, the first secret key, and the specific information. An authentication process step;
A distribution step in which, when the mutual authentication is successful, the center device encrypts and distributes payment processing security information related to electronic money payment processing to the payment terminal using the encryption key obtained in the mutual authentication processing step; ,
A payment processing security information acquisition step in which the payment terminal acquires the payment processing security information by decrypting the encrypted distribution information with the encryption key obtained in the mutual authentication processing step;
A payment processing security information delivery method characterized by comprising: In the mutual authentication processing step,
The center device can decrypt the received encrypted terminal information with the second secret key, and the terminal information obtained by the decryption matches the terminal information registered at the pre-preparation processing step. In this case, the payment terminal of the communication partner is authenticated successfully,
The payment terminal can decrypt the received encrypted specific information with the first secret key, and if the specific information obtained by the decryption matches the specific information set in the setting processing step, the communication terminal 2. The settlement processing security information distribution method according to claim 1, wherein the other center device is authenticated successfully. In the mutual authentication processing step,
The payment terminal further generates a hash value of the terminal information, includes the terminal information hash value in the first transmission information, and transmits the hash value to the center device.
In addition to the terminal information match, the center device further generates a hash value of the terminal information obtained by the decryption, and when the hash value matches the received terminal information hash value, the settlement terminal of the communication partner Is determined to be successful,
The center device further generates a hash value of the specific information, includes the specific information hash value in the second transmission information, and transmits the hash value to the payment terminal.
The settlement terminal further generates a hash value of the specific information obtained by the decryption in addition to the specific information match, and when the hash value matches the received specific information hash value, the communication partner center device The payment processing security information distribution method according to claim 2, wherein authentication is determined to be successful. In the preparation step,
The center device transmits the specific information to the server device, and the server device stores the specific information and encrypts the specific information with the first secret key held by the own device. And the encryption specific information is returned to the center device, and the center device stores the encryption specific information,
Each time there is a settlement terminal to be shipped, the server device transmits the terminal information to the center device, and the center device stores the terminal information and holds only the terminal information. 2. The encrypted terminal information is generated by encryption with a secret key of 2 and the encrypted terminal information is returned to the server apparatus, and the server apparatus stores the encrypted terminal information. The payment processing security information delivery method described. The payment terminal has an tamper resistant LSI and a control means outside the LSI,
The terminal information set and stored in the setting processing step, the encrypted terminal information, the first secret key, and the distributed payment processing security information are stored in a storage unit in the LSI,
2. The settlement processing security information distribution method according to claim 1, wherein encryption / decryption processing related to the mutual authentication processing step and the distribution step is executed in the LSI. The storage means in the LSI consists of a volatile memory and a nonvolatile memory,
6. The payment processing security information distribution method according to claim 5, wherein the distributed payment processing security information is stored in the nonvolatile memory. The storage means in the LSI consists of a volatile memory and a nonvolatile memory,
6. The payment processing security information distribution method according to claim 5, wherein the distributed payment processing security information is stored in the volatile memory. The payment terminal includes a tamper-resistant LSI and second storage means outside the LSI,
The terminal information set in the setting processing step, the encrypted terminal information, and the first secret key are stored in a nonvolatile memory in the LSI, and encryption related to the mutual authentication processing step and the distribution step is performed. / Decoding processing is executed in the LSI,
The LSI encrypts the payment processing security information acquired by the payment processing security information acquisition step using an encryption key generated by itself, and stores the encrypted payment processing security information in the second storage unit. The encrypted payment processing security information is obtained from the second storage means at any time, and the payment processing security information obtained by decrypting the encrypted payment processing security information is stored in the volatile memory in the LSI. The payment processing security information distribution method according to claim 1, wherein the payment processing security information distribution method is stored temporarily. The pre-preparation processing step is executed between each of the center devices of the plurality of electronic money business operators and the server device of the settlement terminal manufacturer. At this time, the server device includes the plurality of electronic money business operators. And encrypting the specific information with the different first secret key for each center device and returning the encrypted specific information to the center device, the encrypted terminal information acquired from each center device, the specific information Information is stored in association with each electronic money business operator,
The server device does not set the encryption terminal information and the first secret key in the setting processing step, and after the payment terminal is shipped and installed at an arbitrary installation location, Further comprising an online setting processing step for distributing and setting the first secret key and the encryption specific information relating to each electronic money handled by the payment terminal to the payment terminal;
The payment terminal accesses the center device of the electronic money business operator for each electronic money handled by itself, and the mutual authentication processing step and the distribution based on the information set by the setting processing step and the online setting processing step. 2. The payment processing security information distribution method according to claim 1, wherein the payment processing security information relating to the payment processing of the electronic money is acquired by a step. Before performing the distribution in the online setting processing step, the server device determines electronic money to be distributed among the electronic money handled by the settlement terminal, and for each electronic money to be distributed, Notifying the payment terminal of the delivery destination of the volume of all data to be delivered in connection with electronic money,
Upon receipt of the notification, each settlement terminal determines whether or not all the data to be distributed can be newly stored based on the free capacity of the storage means and the total data capacity, and can be stored. 10. The payment processing security information distribution method according to claim 9, wherein the server apparatus is caused to execute distribution by the online setting processing step only in the case. A network system in which a center device of an electronic money business operator, a server device of a payment terminal manufacturer, and each payment terminal are connected to a network and can transmit and receive data to and from each other.
The center device and the server device each have a first pre-processing unit and a second pre-processing unit,
The first preparatory processing means of the center device can transmit and receive predetermined data between the first preparatory processing means and the second preparatory processing means via the network in advance. Specific information relating to the encrypted information is obtained by encrypting with the first secret key held only by the payment terminal manufacturer, and the second preparatory processing means of the server device For each payment terminal, the terminal information which is predetermined information related to the payment terminal is acquired and held by encrypting the second secret key held only by the center device, and held.
The server device further includes setting processing means for setting the terminal information of the payment terminal and the encrypted terminal information, the first secret key, and the specific information for each payment terminal to be shipped,
The center device further includes first mutual authentication processing means and security information distribution means,
Each payment terminal comprises second mutual authentication processing means and distribution information storage means,
After each payment terminal is shipped and installed at any installation location,
The first mutual authentication processing means and the second mutual authentication processing means perform mutual authentication processing by encrypted communication via the network, and at that time, the payment terminal includes the first information including the encrypted terminal information. Transmitting the transmission information to the center device, the center device authenticating a settlement terminal of a communication partner based on the first transmission information, the second secret key, and the terminal information registered in advance; An apparatus transmits second transmission information including the encrypted specific information to the payment terminal, and the payment terminal determines the center apparatus based on the second transmission information, the first secret key, and the specific information. Authenticate,
When the mutual authentication process is successful, the security information distribution means of the center device encrypts the payment processing security information related to the electronic money payment process to the payment terminal using the encryption key obtained by the mutual authentication process. A payment processing security information distribution system, wherein the distribution information storage means of the payment terminal decrypts and stores the distributed encrypted payment processing security information with an encryption key obtained by the mutual authentication processing . An electronic money business center device, a payment terminal manufacturer's server device, and each payment terminal are connected to a network and are server devices in a network system capable of mutually transmitting and receiving data,
Preliminarily communicate with the center device via the network, and send terminal information, which is predetermined information related to the payment terminal, to each payment terminal to be shipped. When the encrypted terminal information encrypted by the second secret key held only by the center device is returned, the encrypted terminal information is held, and when the specific information related to the center device is sent from the center device, A preparatory processing means for encrypting the specific information with a first secret key held only by the payment terminal maker and returning the encrypted specific information to the center device;
For each payment terminal to be shipped, setting processing means for setting the terminal information of the payment terminal and the encrypted terminal information, the first secret key, and the specific information;
The server apparatus characterized by having. The center device in a network system in which a center device of an electronic money business operator, a server device of a payment terminal manufacturer, and each payment terminal are connected to a network and can mutually transmit and receive data,
First, communication with the server device is performed via the network, specific information related to the device is transmitted to the server device, and the specific information is only held by the payment terminal manufacturer from the server device. When the encrypted specific information encrypted with the secret key is returned, it is stored, and when each terminal information which is predetermined information for each settlement terminal is transmitted from the server device, each terminal A preparatory processing means for encrypting information with a second secret key held only by the center device and returning the encrypted terminal information to the server device;
When there is an access through the network from the payment terminal installed at an arbitrary installation location, mutual authentication processing by encrypted communication is performed, and at this time, the second transmission information including the encrypted specific information is transmitted to the payment terminal. When the first transmission information including the encrypted terminal information is sent from the payment terminal, the terminal information registered in advance with the first transmission information, the second secret key, and the like. Mutual authentication processing means for authenticating the settlement terminal of the communication partner based on,
When the mutual authentication processing means successfully authenticates with the other party's payment terminal, the payment processing security information related to the electronic money payment processing is encrypted with the encryption key obtained by the mutual authentication processing. Security information distribution means for distributing
The center apparatus characterized by having. An electronic money business center device, a payment terminal manufacturer's server device, and each payment terminal are connected to the network and are the payment terminal in the network system capable of mutually transmitting and receiving data,
Encrypted terminal information obtained by encrypting at least its own terminal information with a second secret key held only by the center device, a first secret key held only by the settlement terminal manufacturer, and the center device Setting information storage means for causing the server device to set various setting information including the specific information concerned and storing the setting information in a storage unit in the terminal itself;
After the own terminal is installed at an arbitrary installation location, the center apparatus is accessed via the network, and mutual authentication processing is performed by encrypted communication. At that time, the encrypted terminal information including the set encrypted terminal information is included. The first transmission information is transmitted to the center device, and the second transmission information including the encrypted specific information transmitted from the center device and including the specific information encrypted with the first secret key is transmitted. When received, mutual authentication processing means for authenticating the center device based on the second transmission information, the first secret key, and the specific information;
When the mutual authentication processing means succeeds in mutual authentication processing with the center device, payment processing security information related to electronic money payment processing is sent from the center device after being encrypted with an encryption key obtained by the mutual authentication processing. The payment processing security information acquisition / storage means for decrypting and storing the encrypted payment processing security information with the encryption key obtained by the mutual authentication processing;
A payment terminal. A computer of the server device in a network system in which a center device of an electronic money business operator, a server device of a payment terminal manufacturer, and each payment terminal are connected to a network and can exchange data with each other,
Preliminarily communicate with the center device via the network, and send terminal information, which is predetermined information related to the payment terminal, to each payment terminal to be shipped. When the encrypted terminal information encrypted by the second secret key held only by the center device is returned, the encrypted terminal information is held, and when the specific information related to the center device is sent from the center device, A preparatory processing means for encrypting the specific information with a first secret key held only by the payment terminal maker and returning the encrypted specific information to the center device;
Setting processing means for setting the terminal information of the payment terminal and the encrypted terminal information, the first secret key, and the specific information for each payment terminal to be shipped;
Program to function as. A computer of the center device in a network system in which a center device of an electronic money company, a server device of a payment terminal manufacturer, and each payment terminal are connected to a network and can exchange data with each other,
First, communication with the server device is performed via the network, specific information related to the device is transmitted to the server device, and the specific information is only held by the payment terminal manufacturer from the server device. When the encrypted specific information encrypted with the secret key is returned, it is stored, and when each terminal information which is predetermined information for each settlement terminal is transmitted from the server device, each terminal A preparatory processing means for encrypting information with a second secret key held only by the center device and returning the encrypted terminal information to the server device;
When there is an access through the network from the payment terminal installed at an arbitrary installation location, mutual authentication processing by encrypted communication is performed, and at this time, the second transmission information including the encrypted specific information is transmitted to the payment terminal. When the first transmission information including the encrypted terminal information is sent from the payment terminal, the terminal information registered in advance with the first transmission information, the second secret key, and the like. Mutual authentication processing means for authenticating the settlement terminal of the communication partner based on,
When the mutual authentication processing means successfully authenticates with the other party's payment terminal, the payment processing security information related to the electronic money payment processing is encrypted with the encryption key obtained by the mutual authentication processing. Security information distribution means to distribute
Program to function as. An electronic money business center device, a payment terminal manufacturer's server device, and each payment terminal are connected to a network and can exchange data with each other.
Encrypted terminal information obtained by encrypting at least its own terminal information with a second secret key held only by the center device, a first secret key held only by the settlement terminal manufacturer, and the center device Setting information storage means for causing the server device to set various setting information including the specific information concerned and storing the setting information in a storage unit in the terminal itself;
After the own terminal is installed at an arbitrary installation location, the center apparatus is accessed via the network, and mutual authentication processing is performed by encrypted communication. At that time, the encrypted terminal information including the set encrypted terminal information is included. The first transmission information is transmitted to the center device, and the second transmission information including the encrypted specific information transmitted from the center device and including the specific information encrypted with the first secret key is transmitted. When received, mutual authentication processing means for authenticating the center device based on the second transmission information, the first secret key, and the specific information;
When the mutual authentication processing means succeeds in mutual authentication processing with the center device, payment processing security information related to electronic money payment processing is sent from the center device after being encrypted with an encryption key obtained by the mutual authentication processing. The payment processing security information acquisition / storage means for decrypting and storing the encrypted payment processing security information with the encryption key obtained by the mutual authentication processing,
Program to function as.