JP2023113292A - Electronic information store medium, ic chip, transaction content approval determination method, and program - Google Patents

Abstract

To provide an electronic information storage medium, an IC chip, a transaction content approval determination method, and a program which can transfer authorization function provided in an IC chip from a PIN authorization function to a biometric authorization function while reducing modification costs of a terminal such as a settlement terminal and the like provided previously.SOLUTION: When an IC chip 2 is supplied with power, the IC chip carries out fingerprint authentication by using fingerprint feature information acquired by a fingerprint information acquiring unit 1 and fingerprint feature information initially registered in an NVM 24, and records the fingerprint authentication result. When an instruction to read performance information is received from a terminal T, the IC chip 2 transmits the performance information regarding authentication function of the IC card C to the terminal T, and when an instruction to determine transaction approval including transaction contents having been set by the terminal T is received from the terminal T, the IC chip determines, based on the finger authentication result, whether or not to approve the transaction contents, and transmits, as a response, the determined result to the terminal T.SELECTED DRAWING: Figure 2

Description

The present invention relates to a technical field such as an IC (Integrated Circuit) card having a biometric authentication function.

Traditionally, IC cards have been used to ensure that users of systems are who they say they are. Since the system and the IC card can uniquely identify each other by using the forgery prevention function and cryptographic calculation function provided in the IC card, the user must possess a valid IC card for a valid system. is guaranteed. Furthermore, if the holder of the IC card is identified by using the personal authentication function provided in the IC card, it is guaranteed that the IC card is possessed by an authorized person, so that an authorized system can be used by an authorized user. We can assure you that

A typical example of personal authentication is PIN (Personal Identification Number) authentication (also called PIN verification). PIN authentication is used in various types of businesses. For example, when PIN authentication is performed in a payment processing system that includes a payment terminal and an IC card, initialization processing is performed between the payment terminal and the IC card. After that, the IC card returns the performance information of the IC card to the settlement terminal in response to the read command from the settlement terminal. Such performance information includes information on the authentication function provided in the IC card, and indicates whether or not the IC card has the PIN authentication function. The payment terminal determines the support status of the PIN authentication function of the IC card based on the performance information received from the IC card, and if it is found that the PIN authentication function of the IC card is not supported, it does not perform PIN authentication, (e.g. requiring handwritten signatures, receiving telephone inquiries from payment providers, etc.) At the same time, it is also verified that the payment terminal supports the PIN authentication function. For example, it is confirmed that the connection between the payment terminal and the PIN pad is good, and the encryption communication between the PIN pad and the payment terminal is proper. If the criteria are not met, measures are taken to reduce the risk of spoofing at the time of payment by implementing identity verification by another means without implementing PIN authentication.

On the other hand, when it is found that the IC card supports the PIN authentication function and the payment terminal supports the PIN authentication function, the payment terminal displays, for example, a message prompting the user to enter the PIN on the display screen of the PIN pad. to output Following the message, the user inputs the PIN while pressing the PIN pad. When the PIN input is completed, the payment terminal transmits a PIN verification command to the IC card. The PIN collation command includes the input PIN, which is collated in the IC card with the PIN registered in advance in the IC card. After recording the PIN verification result, the IC card returns a response to the payment terminal. The payment terminal sets transaction content based on the PIN verification result received from the IC card. Such transaction details include not only the amount to be settled, but also information necessary for risk determination at the time of transaction approval. Then, the settlement terminal transmits a transaction approval determination command including the set transaction details to the IC card. The IC card interprets the content of the transaction in response to the transaction approval judgment command from the payment terminal, takes into account the recorded PIN verification result, and asks the online host whether the transaction can be approved or not. perform approval decisions on the transaction, such as whether the transaction should be determined or rejected. The approval judgment result by the IC card is returned to the payment terminal. Based on the approval decision result received from the IC card, the payment terminal decides whether to approve the transaction or whether to make an inquiry to the online host to determine approval or rejection.

Although the above PIN is implemented by numerical permutation, it is difficult to apply a PIN exceeding 6 digits from the viewpoint of human memory ability, and it is difficult to set different PINs for many systems. Therefore, biometric authentication, particularly fingerprint authentication, has attracted attention as a personal authentication means in place of PIN authentication. A sensor for fingerprint authentication is small and consumes low power, and is suitable for mounting on an IC card. In addition, an IC card can safely store even biometric information that is at risk of leaking. For example, Patent Document 1 discloses an RFID device including an antenna for receiving RF (Radio Frequency) signals, an RFID chip and a fingerprint authentication engine that are powered by contactless communication using the antenna. The fingerprint authentication engine is configured to compare the fingerprint read by the fingerprint reader with pre-stored fingerprint data.

Japanese Patent Publication No. 2017-538188

By the way, if biometric authentication is introduced instead of PIN authentication as a personal authentication means, the above performance information indicates whether or not the IC card has a biometric authentication function, and the payment terminal that receives the performance information supports the biometric authentication function. An implementation form is assumed in which the biometric authentication execution command is transmitted to the IC card after confirming the above. However, in a situation where there is already a system that uses PIN authentication and a large number of payment terminals are installed according to the requirements of the system, the cost of repairing all the payment terminals becomes enormous. There is a problem that it is not easy from the viewpoint of cost effectiveness to switch personal authentication means from PIN authentication to biometric authentication.

Therefore, the present invention has been made in view of such problems. It is an object of the present invention to provide an electronic information storage medium, an IC chip, a method for judging approval of transaction content, and a program that can be shifted to an authentication function.

In order to solve the above problems, the invention according to claim 1 is an electronic information storage medium having a biometric authentication function, the electronic information storage medium being capable of communicating with a terminal for setting transaction details, wherein the electronic information storage When the medium receives power, biometric authentication is performed using the biometric information acquired from the body of the user of the electronic information storage medium by the biometric information acquisition unit and the initially registered biometric information, and the biometric authentication result is obtained. authentication means for recording; and when a transaction approval determination command including transaction details set by the terminal is received from the terminal after the power supply, the transaction details are approved based on the recorded biometric authentication result. and a second response means for responding to the terminal with the result determined by the determination means.

According to a second aspect of the invention, in the electronic information storage medium according to the first aspect, when the transaction content includes transaction approval, the determination means determines whether the recorded biometric authentication result indicates successful authentication. If the biometric authentication result indicates successful authentication, determination is made to approve the content of the transaction.

According to a third aspect of the invention, in the electronic information storage medium of the first aspect, when transaction approval is included in the transaction content, the determination means determines whether the recorded biometric authentication result indicates successful authentication. If the biometric authentication result indicates authentication failure, it is determined that the content of the transaction is not approved.

The invention according to claim 4 is the electronic information storage medium according to claim 1, wherein when the transaction content includes an online inquiry, the determination means determines whether the recorded biometric authentication result indicates successful authentication. If the result of the biometric authentication indicates that the authentication is successful, it is determined to approve the content of the transaction under the condition of the online inquiry.

5. In the electronic information storage medium according to any one of claims 1 to 4, when a command to read performance information is received from the terminal after the power supply, the electronic information a first response unit that responds to the terminal with performance information relating to an authentication function of a storage medium; is received from, it is determined whether or not to approve the transaction content based on the recorded biometric authentication result.

According to a sixth aspect of the present invention, there is provided an IC chip included in an electronic information storage medium having a biometric authentication function, the IC chip being capable of communicating with a terminal for setting transaction details. authentication means for performing biometric authentication using the biometric information acquired from the body of the user of the IC chip by the biometric information acquisition unit and the biometric information initially registered, and recording the biometric authentication result; Later, when a transaction approval determination command including the transaction details set by the terminal is received from the terminal, a determination means for determining whether to approve the transaction details based on the recorded biometric authentication result. and second response means for responding to the terminal with the result determined by the determination means.

The invention according to claim 7 is an electronic information storage medium having a biometric authentication function, and is a transaction content approval determination method executed by a computer included in the electronic information storage medium capable of communicating with a terminal for setting transaction details. and when the electronic information storage medium receives power supply, biometric authentication is performed using the biometric information acquired from the body of the user of the electronic information storage medium by the biometric information acquiring unit and the initially registered biometric information. and recording the result of biometric authentication; and if a transaction approval determination command including transaction details set by the terminal is received from the terminal after the power supply, based on the recorded result of biometric authentication. determining whether or not to approve the content of the transaction; and responding to the terminal the result of the determination.

According to an eighth aspect of the invention, there is provided an electronic information storage medium having a biometric authentication function, wherein the electronic information storage medium powers a computer included in the electronic information storage medium communicable with a terminal for setting transaction details. authentication means for performing biometric authentication using the biometric information acquired from the body of the user of the electronic information storage medium by the biometric information acquiring unit and the initially registered biometric information, and recording the biometric authentication result; and whether or not to approve the transaction details based on the recorded biometric authentication result when a transaction approval determination command including the transaction details set by the terminal is received from the terminal after the power supply. and second response means for responding to the terminal with the result determined by the determination means.

ADVANTAGE OF THE INVENTION According to this invention, the authentication function with which an IC card is equipped can be changed from a PIN authentication function to a biometrics authentication function, reducing the repair cost of terminals, such as an already installed payment terminal.

It is a figure which shows an example of a schematic structure of trading system S. FIG. 4 is a sequence diagram showing an example of transaction processing performed in the transaction system S; FIG. 4 is a sequence diagram showing an example of fingerprint authentication processing performed by the fingerprint information acquisition unit 1 and the IC chip 2; FIG.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. The embodiment described below is an embodiment in which the present invention is applied to an IC card used in a transaction system.

[1. Configuration and functions of trading system S]
First, with reference to FIG. 1, the configuration and functions of a transaction system S according to this embodiment will be described. FIG. 1 is a diagram showing an example of a schematic configuration of a trading system S. As shown in FIG. The transaction system S includes an IC card C having a fingerprint authentication function (an example of a biometric authentication function), a terminal T, and an online host H, as shown in FIG. The IC card C can communicate with an RW (reader/writer) of a terminal T such as a payment terminal in a contact or non-contact manner. A terminal T is connected to an online host H via a communication line. It is assumed that the terminal T has a PIN authentication function but does not have a fingerprint authentication function.

The online host H is a server managed by the card issuer, and includes the personal information of the user of the IC card C issued by the card issuer (for example, name, address, telephone number, etc.) and the card information of the IC card C. are managed for each user, and are used for online inquiries from the terminal T. Here, the card information of the IC card C includes, for example, a card number, an expiration date, a settlement method such as credit card settlement, and a personal authentication means (personal authentication method). In the case of this embodiment, the fingerprint authentication function is shown as the personal authentication means of the IC card C. FIG.

An IC card C (an example of an electronic information storage medium of the present invention) comprises a fingerprint information acquisition section 1 (an example of a biometric information acquisition section) and an IC chip 2, as shown in FIG. The IC card C can be used for various transactions. Examples of the IC card C include credit cards, cash cards, electronic money cards, and the like. Examples of transactions include transactions related to product sales or service delivery at stores and vending machines, and transactions related to deposits and withdrawals at banks and ATMs (Automatic Teller Machines). It is assumed that the IC card C does not have a PIN authentication function.

The fingerprint information acquisition section 1 includes a fingerprint sensor 11 and a sensor control section 12 . The fingerprint sensor 11 is mounted on the surface of the IC card C, and reads the fingerprint from the pad of the user (card holder) using the IC card C in response to a fingerprint reading command from the sensor control unit 12. When the attempt is made and the reading is successful, the fingerprint information is output to the sensor control section 12 . For example, the fingerprint sensor 11 has tens of thousands of electrodes and a contact surface with which a pad of a user's finger contacts. An amount of electric charge accumulates according to the proximity to the contact surface due to the unevenness of the pad of the finger (that is, the unevenness forming the fingerprint). The fingerprint sensor 11 acquires fingerprint information by detecting the amount of charge accumulated in each electrode and converting it into a numerical value (that is, a numerical value corresponding to the amount of charge). Note that the fingerprint sensor 11 may acquire fingerprint information by a method other than the above.

The sensor control unit 12 is a controller IC that controls the fingerprint sensor 11 , activates the fingerprint sensor 11 in response to a fingerprint reading command from the IC chip 2 , and gives the fingerprint reading command to the fingerprint sensor 11 . Then, the sensor control unit 12 extracts fingerprint characteristic information (an example of biometric information obtained from the user's body) from the fingerprint information obtained by the fingerprint sensor 11, and outputs it to the IC chip 2 (CPU 25). If the acquisition of the fingerprint information fails or the extraction of the fingerprint characteristic information fails, information indicating an abnormality is output from the sensor control unit 12 to the IC chip 2 .

The IC chip 2 includes an I/O section 21 , RAM (Random Access Memory) 22 , ROM (Read Only Memory) 23 , NVM (Nonvolatile Memory) 24 , and CPU (Central Processing Unit) 25 . The I/O unit 21 is for exchanging data with the RW of the terminal T in a contact or non-contact manner. When the IC card C is a contact type IC card, the I/O section 21 includes contact terminals (eight contact terminals C1 to C8) complying with ISO/IEC 7816-3. In this case, power is supplied from RW of the terminal T to the IC chip 2 via the C1 terminal. On the other hand, if the IC card C is a contactless IC card, the I/O unit 21 includes a wireless antenna for receiving radio waves (RF signals) and a modulation/demodulation circuit for demodulating or modulating the RF signals. In this case, electric power is supplied to the IC chip 2 by the voltage induced by the wireless antenna that receives radio waves from the terminal T. FIG.

The ROM 23 or NVM 24 stores an operating system and applications such as a fingerprint authentication program (including the program of the present invention). Examples of NVM 24 include flash memory and electrically erasable programmable read-only memory. Further, in the NVM 24, the fingerprint feature information related to the fingerprint read by the fingerprint sensor 11 is associated with the identifier of the IC card C and stored in advance (initial registration). Also, the NVM 24 pre-stores performance information relating to the authentication function of the IC card C. FIG. The performance information regarding the authentication function of IC card C is managed by, for example, a transaction application, and includes an identifier indicating that IC card C supports the fingerprint authentication function. In addition, the NVM 24 stores information indicating a transaction rule predetermined by the card issuer for using the IC card C, and the terminal T also shares the transaction rule. Further, the NVM 24 stores transaction data necessary for transactions. For example, in the case of a transaction related to the sale of goods or the transfer of services at a store or the like, the transaction data includes, for example, information necessary for settlement according to a settlement method such as credit card settlement.

The CPU 25 (an example of a computer) functions as authentication means, first response means, determination means, and second response means in the present invention by executing the program of the present invention. More specifically, when the IC chip 2 receives power supply (power ON), this triggers the CPU 25 to extract the fingerprint feature information acquired by the fingerprint information acquisition unit 1 and the fingerprint feature initially registered in the NVM 24 . Fingerprint authentication (an example of biometric authentication) is performed using the information, and the fingerprint authentication result is recorded. When a performance information reading command (command) is received from the terminal T after power supply, the CPU 25 responds to the terminal T with performance information regarding the authentication function of the IC card C. FIG. Then, when the CPU 25 receives from the terminal T a transaction approval determination command including transaction details set by the terminal T based on the performance information, the CPU 25 approves the transaction details based on the recorded fingerprint authentication result. determines whether or not, and responds to the terminal T with the determined result (determination result). Here, the transaction content includes, for example, any one of transaction approval, transaction refusal, and online inquiry. Further, the transaction details may include information necessary for risk determination at the time of transaction approval and the amount of money involved in the transaction.

[2. Operation of trading system S]
Next, with reference to FIG. 2, the operation of the transaction system S when a transaction is made using the IC card C will be described. FIG. 2 is a sequence diagram showing an example of transaction processing performed in the transaction system S. As shown in FIG. FIG. 3 is a sequence diagram showing an example of fingerprint authentication processing performed by the fingerprint information acquiring section 1 and the IC chip 2. As shown in FIG. It is assumed that the terminal T acquires the identifier of the IC card C from the IC card C when communication with the IC card C is started.

When the IC chip 2 is supplied with electric power by inserting the IC card C into the terminal T or by holding the IC card C over the terminal T (step S1), the IC chip 2 as shown in FIG. , and terminal T (step S2). In the initialization process, the power-on reset circuit (not shown) of the IC chip 2 resets the RAM 22 and the CPU 25, or the RAM 22 and the CPU 25 are reset when the IC chip 2 receives a reset signal transmitted from the terminal T. After resetting, an initial response is made from the IC chip 2 to the terminal T. The initial response is transmitted from the IC chip 2 to the terminal T in response to a reset signal transmitted from the terminal T or an initial response command transmitted from the terminal T, but is automatically transmitted after the RAM 22 and CPU 25 are reset. good too. The terminal T that has received such an initial response transmits a communication method selection command or the like to the IC chip 2 as necessary, and the IC chip 2 returns a response to the command to the terminal T. FIG.

Further, when the IC chip 2 receives power supply, the IC chip 2 performs fingerprint authentication processing with the fingerprint information acquisition unit 1 in parallel with the initialization processing (step S3). In the fingerprint authentication process, as shown in FIG. 3, the CPU 25 gives a fingerprint reading command to the sensor control section 12 (step S31). The sensor control unit 12 activates the fingerprint sensor 11 in response to the fingerprint reading command from the CPU 25, and gives the fingerprint reading command to the fingerprint sensor 11 (step S32). The fingerprint sensor 11 attempts to read a fingerprint from the pad of the user's finger in response to a fingerprint reading command from the sensor control unit 12 (step S33), and outputs the fingerprint information to the sensor control unit 12 when the reading is successful. (step S34). Upon receiving the fingerprint information output from the fingerprint sensor 11, the sensor control unit 12 extracts fingerprint characteristic information from the fingerprint information (step S35), and outputs the extracted fingerprint characteristic information to the CPU 25 (step S36).

Next, when the CPU 25 receives the fingerprint characteristic information output from the sensor control unit 12, the CPU 25 executes fingerprint authentication using the received fingerprint characteristic information and the fingerprint characteristic information pre-stored in the NVM 24 (step S37), the fingerprint authentication result is recorded (for example, stored in RAM 22) (step S38). In such fingerprint authentication, the fingerprint characteristic information stored in the RAM 22 and the fingerprint characteristic information pre-stored in the NVM 24 are collated, and if the two reach a prescribed degree of similarity (in other words, if the degree of coincidence is equal to or greater than the threshold value, If there is, a fingerprint authentication result indicating successful authentication is recorded. It is desirable that the operation up to the recording of the fingerprint authentication result be completed by the time the application is successfully selected by the application selection command, which will be described later.

On the other hand, when the initialization process ends, the terminal T transmits an application selection command to the IC chip 2 (step S4). When the IC chip 2 (CPU 25) receives the application selection command from the terminal T, it selects an application (for example, transaction application) identified by the identifier (AID) included in the application selection command (step S5 ), and returns a response indicating successful selection to the terminal T (step S6). When the terminal T receives the response indicating the successful selection from the IC chip 2, the terminal T transmits a performance information read command to the IC chip 2 (step S7). When the IC chip 2 receives the read command from the terminal T, it acquires the performance information regarding the authentication function of the IC card C by the application selected in step S5 (step S8). The IC chip 2 then returns a response including the performance information acquired in step S8 to the terminal T (step S9).

Next, when the terminal T receives the response including the performance information from the IC chip 2, it determines whether the IC card C supports the PIN authentication function based on the performance information included in the response (step S10). If it is determined that the IC card C does not support the PIN authentication function (step S10: NO), the process proceeds to step S12. In this embodiment, the performance information received from the IC chip 2 includes an identifier indicating that the IC card C supports the fingerprint authentication function. Since the device was installed before, it is not possible to interpret what identity verification means this identifier indicates. It will be determined that there is As another example, the performance information regarding the authentication function of the IC card C may be configured to indicate the presence or absence of the PIN authentication function. In this case, the terminal T determines that the IC card C does not support the PIN authentication function based on the PIN authentication function “no” indicated in the performance information received from the IC chip 2 .

If it is determined that the IC card C supports the PIN authentication function (step S10: YES), the terminal T determines whether it itself supports the PIN authentication function (step S11). In this determination, it is confirmed that the connection between the terminal T and the PIN pad is good, and the encryption communication between the PIN pad and the terminal T is proper. Then, when the criteria are satisfied, it is determined that the terminal T supports the PIN authentication function, and a PIN verification command is transmitted to the IC chip 2. However, in this embodiment, this processing is not performed. do not have.

In step S12, the terminal T sets transaction details based on predetermined transaction rules when the PIN authentication function is not supported. Here, transaction details including transaction approval or online inquiry and the amount related to the transaction (for example, the amount to be settled) are set. If the terminal T interprets the contents of the response S6 sent by the IC card C in response to the application selection command (step S4) and can implicitly know the performance information of the IC card C, the performance It is also possible to configure so that the information read command is not sent to the IC chip 2 . In this case, the terminal T does not acquire the performance information from the IC chip 2, and sets transaction contents based on a predetermined transaction rule when the IC card C does not support the PIN authentication function.

Next, the terminal T transmits to the IC chip 2 a transaction approval determination command including the transaction details set in step S12 (step S13). When the IC chip 2 receives the transaction approval determination command from the terminal T, it acquires the fingerprint authentication result recorded in step S38 (step S14). Next, the IC chip 2 interprets the details of the transaction included in the transaction approval determination command received in step S13, and determines whether or not to approve the details of the transaction based on the fingerprint authentication result obtained in step S14. (determination of transaction content approval) (step S15). Such transaction content approval determination is made in accordance with a predetermined transaction rule.

For example, if the transaction content includes transaction approval, the IC chip 2 checks whether the fingerprint authentication result indicates authentication success. Note that if fingerprint authentication has not been performed at this point, the fingerprint authentication result indicates that authentication has not been performed. If the fingerprint authentication result indicates authentication success, the IC chip 2 makes a decision to approve the transaction (transaction approval). Also, if the fingerprint authentication result indicates that authentication has not been performed, the IC chip 2 confirms whether or not the transaction amount included in the transaction content is equal to or less than a predetermined amount (for example, 10,000 yen). If the transaction amount is equal to or less than a predetermined amount, it is determined to approve the transaction. On the other hand, if the transaction amount is not equal to or less than the predetermined amount, a decision is made to approve the transaction content on the condition of the online inquiry (online inquiry transaction approval). Alternatively, if the fingerprint authentication result indicates authentication failure, the IC chip 2 determines not to approve the transaction (transaction rejection). Incidentally, even if the transaction content includes an online inquiry, the IC chip 2 confirms whether or not the fingerprint authentication result indicates authentication success. If the fingerprint authentication result indicates authentication success, the IC chip 2 makes a decision to approve the transaction content on the condition of online inquiry (online inquiry transaction approval). On the other hand, if the fingerprint authentication result indicates authentication failure (or authentication has not been performed), the IC chip 2 determines not to approve the transaction (transaction refusal).

Next, the IC chip 2 returns a response including the determination result determined in step S15 to the terminal T (step S16). Such determination results indicate transaction denial, transaction approval, or online referral transaction approval. Further, the determination result indicating online inquiry transaction approval includes an identifier indicating successful fingerprint authentication. Upon receiving the response including the determination result from the IC chip 2, the terminal T executes processing according to the determination result (step S17). For example, when the determination result indicates that the transaction is rejected, the terminal T displays an error message indicating that the transaction is impossible on the display. On the other hand, when the determination result indicates that the transaction is approved, the terminal T performs processing for establishing the transaction and displays a message to that effect on the display.

On the other hand, if the determination result indicates online inquiry transaction approval, the terminal T transmits a transaction approval inquiry request to the online host H. FIG. The inquiry request includes the identifier of the IC card C and an identifier indicating successful fingerprint authentication. When the online host H confirms that the fingerprint authentication has been successful in the IC card C by the identifier indicating the fingerprint authentication success included in the inquiry request received from the terminal T, the online host H returns to the terminal T the inquiry result indicating the transaction approval. When the terminal T receives the inquiry result indicating the approval of the transaction from the online host H, the terminal T carries out processing for establishing the transaction, and displays a message to that effect on the display.

As described above, according to the above-described embodiment, the IC chip 2 uses the fingerprint characteristic information acquired by the fingerprint information acquisition unit 1 and the fingerprint characteristic information initially registered in the NVM 24 when receiving power supply. to perform fingerprint authentication, and record the fingerprint authentication result. When the IC chip 2 receives a performance information reading command from the terminal T, the IC chip 2 responds to the terminal T with the performance information regarding the authentication function of the IC card C, and approves the transaction including the transaction details set by the terminal T. When a determination command is received from the terminal T, it is configured to determine whether or not to approve the content of the transaction based on the recorded fingerprint authentication result, and to respond to the terminal T with the determined determination result. Therefore, the personal authentication function provided in the IC card C can be shifted from the PIN authentication function to the biometric authentication function while reducing the repair cost of the already installed terminal T. Furthermore, according to the above embodiment, since the IC card C can automatically perform fingerprint authentication without sending an execution command for fingerprint authentication from the terminal T, the time required for sending and receiving the execution command and the response is can be shortened, and the risk of communication errors occurring during transmission and reception can be reduced.

In the above embodiment, the fingerprint authentication function was described as an example of the biometric authentication function. Biometric authentication may be performed using biometric information obtained from the iris of the eye, and the present invention can be applied to such a case as well. Further, in the above embodiment, the case where the fingerprint information acquisition unit 1, which is an example of the biometric information acquisition unit, is mounted on the IC card C has been described as an example. However, the present invention can be applied. In this case, the fingerprint information acquisition unit 1 is installed at a predetermined place such as a store, and can communicate with the IC chip 2 .

1 fingerprint information acquisition unit 2 IC chip 11 fingerprint sensor 12 sensor control unit 21 I/O unit 22 RAM
23 ROMs
24 NVM
25 CPUs
C IC card T Terminal H Online host

Claims (8)

In an electronic information storage medium having a biometric authentication function and capable of communicating with a terminal for setting transaction details,
When the electronic information storage medium receives power supply, biometric authentication is performed using the biometric information acquired from the body of the user of the electronic information storage medium by the biometric information acquiring unit and the initially registered biometric information, and authentication means for recording biometric authentication results;
determining whether or not to approve the transaction based on the recorded biometric authentication result when a transaction approval determination command including transaction details set by the terminal is received from the terminal after the power is supplied; a determination means for
a second response means for responding to the terminal with the result determined by the determination means;
An electronic information storage medium comprising: If the transaction content includes transaction approval, the determination means checks whether the recorded biometric authentication result indicates authentication success, and if the biometric authentication result indicates authentication success, the transaction 2. The electronic information storage medium according to claim 1, wherein determination is made to approve the content. If the transaction content includes transaction approval, the determination means checks whether the recorded biometric authentication result indicates authentication success, and if the biometric authentication result indicates authentication failure, the transaction 2. The electronic information storage medium according to claim 1, wherein a determination is made that the content is not approved. If the transaction content includes an online inquiry, the determination means checks whether the recorded biometric authentication result indicates authentication success, and if the biometric authentication result indicates authentication success, the online 2. The electronic information storage medium according to claim 1, wherein a decision is made to approve the content of the transaction on the condition of the inquiry. further comprising first response means for responding to the terminal with performance information relating to an authentication function of the electronic information storage medium when a performance information read command is received from the terminal after the power supply;
The determination means approves the transaction details based on the recorded biometric authentication result when a transaction approval determination command including the transaction details set by the terminal based on the performance information is received from the terminal. 5. The electronic information storage medium according to any one of claims 1 to 4, wherein the electronic information storage medium determines whether or not to. An IC chip included in an electronic information storage medium having a biometric authentication function and capable of communicating with a terminal for setting transaction details,
When the IC chip is supplied with power, biometric authentication is performed using the biometric information acquired from the body of the user of the IC chip by the biometric information acquisition unit and the initially registered biometric information, and the biometric authentication result is obtained. a recording authentication means;
determining whether or not to approve the transaction based on the recorded biometric authentication result when a transaction approval determination command including transaction details set by the terminal is received from the terminal after the power is supplied; a determination means for
a second response means for responding to the terminal with the result determined by the determination means;
An IC chip comprising: An electronic information storage medium having a biometric authentication function, a transaction content approval determination method executed by a computer included in an electronic information storage medium capable of communicating with a terminal for setting transaction details,
When the electronic information storage medium receives power supply, biometric authentication is performed using the biometric information acquired from the body of the user of the electronic information storage medium by the biometric information acquiring unit and the initially registered biometric information, and recording the biometric results;
determining whether or not to approve the transaction based on the recorded biometric authentication result when a transaction approval determination command including transaction details set by the terminal is received from the terminal after the power is supplied; and
responding to the terminal with the determined result;
A transaction content approval determination method characterized by comprising: A computer included in an electronic information storage medium having a biometric authentication function and capable of communicating with a terminal for setting transaction details,
When the electronic information storage medium receives power supply, biometric authentication is performed using the biometric information acquired from the body of the user of the electronic information storage medium by the biometric information acquiring unit and the initially registered biometric information, and authentication means for recording biometric authentication results;
determining whether or not to approve the transaction based on the recorded biometric authentication result when a transaction approval determination command including transaction details set by the terminal is received from the terminal after the power is supplied; a determination means for
A program that functions as second response means for responding to the terminal with the result determined by the determination means.

Images