JPH11203323A - Method for managing electronic commercial transaction information and computer readable recording medium for recording information management client program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve the safety of an electronic commercial transaction even at the time of providing electronic commercial transaction client software in a down-load system. SOLUTION: A client 1 is provided with a down-load part 2 for down-loading electronic commercial transaction client software from a server, and storing it in a memory, and a resident part 3 for storing information management software specific to a client in a memory. The electronic commercial transaction client software can not directly obtain information from an information DB 4 of the client 1. At the time of obtaining information from the information DB 4, the electronic commercial transaction client software issues an information reference request to the information management client software. The information management client software accepts the information reference request, retrieves the information DB 4 based on the information reference request, and transfers the retrieved result to the electronic commercial transaction client software.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a security technique for protecting client information in communication between a server and a client by a method of downloading and executing client software from a server in electronic commerce.

[0002]

2. Description of the Related Art Software for realizing electronic commerce is
It is necessary to refer to and operate information on individuals and companies participating in transactions. Hereinafter, such information will be collectively referred to as “information”. Information appearing in e-commerce includes encryption keys used in e-commerce, certificates of encryption keys,
Account information of the financial institution used for e-commerce settlement (credit card number, bank account number, purchase amount,
Etc.), information on the contents of e-commerce (credit amount, dealer number, approval number, product code, etc.), personal information (date of birth, gender, address, type of residence, telephone number, office, post, annual income) , Loan balance, assets, hobbies, family composition, etc.). These are generally things you want to keep secret from others.

[0003] The e-commerce client software will vary depending on the e-commerce protocol used. Therefore, if one client attempts to support a plurality of protocols, it is necessary to store software corresponding to the plurality of protocols in the client. Also, even when the same protocol is used, different client software may have to be used when the transaction partner is different. Therefore, a form has been considered in which necessary electronic commerce client software is dynamically downloaded from a server of a trading partner and executed.

[0004] The method of downloading and executing e-commerce software from a server has a security problem. In the first place, the e-commerce client software refers to and operates information, so if the user is worried about it, it is possible to refer to and operate the information without the permission of the owner. If the address information registered in the network name service is falsified, the fake server will
It is possible to send software to clients. End users have no way to prevent this.

[0005] As a countermeasure, a method has been considered in which a digital signature is given to the client software itself and signature verification is performed by a software loader of the client machine, thereby ensuring security. The assurance of the signing key itself is provided by a certificate issued by a third party.
However, even with the realization of this method, the client software that has passed the verification of the software loader of the client machine can freely refer to and operate the contents of the information of the end user. Therefore, the end user information includes
Privacy should be considered. For example,
In online shopping, it is natural that the end user does not want the credit card number to be known to the merchant (this concept also appears in the industry standard protocol SET for credit settlement). However, even with the above-mentioned method using the signed software, the software downloaded from the server can freely refer to and operate the contents of the information of the end user.

[0006]

As described above, software downloaded from a server to a client can freely refer to and operate information on the client, making such free reference and operation impossible. This cannot be done with conventional techniques such as signed software. Further, the content of the response cannot be automatically changed depending on the level of the information disclosure partner. The purpose of the present invention is
Even if the client software for electronic commerce is downloaded, the security of electronic commerce is improved.

[0007] Another object of the present invention is to make it possible to change the response for each party to which information is disclosed, thereby enabling electronic commerce with an unspecified number of parties.

[0008]

In order to achieve the above object, the present invention is a method for managing electronic commerce information in an electronic commerce capable client having a database,
The memory of the client has a download unit storing e-commerce client software downloaded from a server and a resident unit storing client-specific information management client software, and the e-commerce client software obtains information directly from the database When acquiring information from the database, an information reference request is issued to the information management client software, the information management client software accepts the information reference request, and searches the database based on the information reference request. The search result is passed to the e-commerce client software.

In the database, a correspondence table between a requester name and a requester level and a correspondence table between a request information name, a referenceable level and information are registered, and the information management client software executes the received information reference request. The database is searched according to the requester name and the request information name, and the requester level, referenceable level and information are obtained, and it is determined whether or not the obtained requester level and referenceable level satisfy a predetermined relationship. When the relationship is satisfied, the obtained information is passed to the electronic commerce client software, and when the relationship is not satisfied, a return code indicating that the user does not have the reference right is passed to the electronic commerce client software.

[0010] Further, proxy information for the information is provided in a correspondence table between the requested information name, the referenceable level and the information in the database.
When the proxy information exists, the proxy information is passed to the electronic commerce client software, and when the proxy information does not exist, a return code indicating that the user has no reference authority is passed to the electronic commerce client software.

[0011]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Electronic commerce performs payment / settlement processing in a model including four components: a consumer (card holder), a store, a gateway to a financial institution (payment gateway), and a certification institution. The communication procedure between these components is based on SET (Secure Electronic Transactio
n).

Hereinafter, an outline of the definition of the SET will be described. SET specifies a function to authenticate invisible communication partners on the network before commencing online commerce. In particular, in an open network such as the Internet, an authentication function is essential because there is a risk that a malicious person may perform a commercial transaction by impersonating the person. As a certification authority, a certification authority that issues certificates is provided, and the certificates issued from them certify that each component is genuine. The certificate is digitally signed by a certificate authority so that it cannot be tampered with by a third party. The contents of the certificate include the public key,
Information on the owner and issuer of the public key, signed by a certificate authority to guarantee the contents of the certificate. The certificate authority has a hierarchical tree structure with the root certificate authority at the top. Below the root certificate authority, there is a structure such as a credit card brand certificate authority, and below that, a store certificate authority. When conducting a business transaction, certificates are exchanged between the constituent elements, and after confirming that each is an individual (authentic), the payment settlement process is started.

The procedure for obtaining a certificate is specified by SET.
When there is a certificate acquisition request from one of the components (consumer, store, payment gateway), the certificate authority requests a financial institution such as a credit card company to approve the issuance of the certificate. When the certificate issuance is approved, the certificate authority issues the certificate to the requesting party. Issued certificates should be stored on media that the client deems secure in principle. Hereinafter, it is assumed that the consumer and the store have been authenticated in advance by a certification organization and have obtained proof of their identity.

[0014] The consumer selects a purchased product by looking at a product catalog on the Internet. After the purchase item is determined, a purchase request message is issued from the client machine of the consumer to the server at the store. In the server with the store, credit to the financial institution via the gateway to the financial institution (payment gateway) (purchase limit)
Inquire. When the credit is confirmed, the store notifies the consumer's client machine of the credit result and makes a sales accounting request to the financial institution via the payment gateway. When this accounting process is processed by the financial institution,
A series of e-commerce is completed. The consumer's client machine encrypts information such as a credit card number and communicates with the store server to make a transaction. At this stage, since the information such as the credit card number is encrypted, the store cannot refer to the credit card number or the like.
When the information of the transaction is sent to the payment gateway, the information such as the credit card number is decrypted by the payment gateway, and the information of the transaction and the decrypted credit card number are transmitted to a financial institution such as a credit card company. Will be sent to Usually, a payment gateway and a financial institution such as a credit card company are connected by a dedicated line, and information security is achieved. In addition, encryption and decryption are performed by a secure method that combines two of the common key method encryption and the public key method encryption. As a result, the store cannot refer to information such as a credit card number. In this flow, the software that communicates with the server of a certain store or manages the interface between the client machine and the consumer employs a method of downloading and executing many parts of the software from the server. .

FIG. 1 is a schematic block diagram for explaining the present invention. In the software of the client and the server for realizing the electronic commerce, the client 1 downloads the electronic commerce client software from the server 5, stores it in the memory of the client 1, and executes the electronic commerce in order to match the electronic commerce protocol. I do. This memory area is referred to as a download unit 2.
At the time of downloading, software for performing all electronic commerce communications is not downloaded from a server, but a part for managing information in electronic commerce is not downloaded. Information management client software, which manages client information in e-commerce, is distributed in a secure distribution method (such as direct delivery or registered mail) that can certify individuals in advance. Then, the distributed information management client software is stored in the memory of the client 1. The memory area storing the information management client software is assigned to the resident unit 3
Call. Therefore, the e-commerce client software described above is all parts of the e-commerce software other than the information management client software that manages information. Further, the client 1 is provided with a database (hereinafter referred to as an information DB) in which information used for electronic commerce is stored.

In this manner, the electronic commerce client software cannot directly access the information DB, and cannot obtain information from the information DB unless a request for information is issued to the information management client software. In the following description, the electronic commerce client software stored in the download unit 2 of the memory will be referred to as a download unit, and the information management client software stored in the resident unit 3 of the memory will be referred to as a resident unit.

FIG. 2 shows the configuration of the resident unit 3, the relationship between the resident unit 3 and the download unit 2,
FIG. 4 is a diagram for explaining the relationship between the information DB. The resident unit 3 receives a request for information from the download unit 2 by an information request receiving unit 6 corresponding to an interface with the download unit 2, and sends a response to the received request to the download unit 2. Resident 3
Manages the information DB 4 together with its attributes. Information DB
The search unit 11 receives an information request from the information request reception unit 6,
The information DB is searched, the information obtained as a result of the search is determined by the reference data determining unit 8, and as a result of the determination, the response information is sent to the response message creating unit 7, and the response message created by the response message creating unit 7 is The information is sent to the download unit 2 via the information request receiving unit 6. Information D for information input and storage management
Input of information to B and management of information storage are performed. Since the key generation utility has no direct relation to the present invention, the description is omitted.

FIG. 3 shows an example of a table data structure of the information DB. The table data is registered in the information DB in advance. In the information DB of FIG. 3, a correspondence table of a request source that requests information to the information DB and a request source level is registered. For example, the request source level is 2 for the request source name a. . The request information name of the requested information is passed as a parameter from the download unit. For example, “address”, “workplace”, “hobby”, etc. correspond to the request information name. The attributes of the request information name of the requested information are a referenceable level (secret strength), proxy information, and information, and a correspondence table between the request information name and the attribute is registered in the information DB. For example, for the requested information name, the referenceable level is 3, the proxy information is Kanagawa, and the information is Totsuka-ku, Yokohama-shi.
...

FIG. 4 shows a flowchart of the processing in the client 1. Hereinafter, description will be made with reference to this flowchart. When an information reference request message is received from the server (step 100), a download request for a program (download unit) is issued from the client to the server to match the electronic commerce protocol (step 10).
1) The program is downloaded from the server to the client (step 102), and the downloaded program (download unit) is activated (step 103).

The resident unit 3 receives an information reference request from the download unit 2 (step 104). The resident unit 3 searches the information DB from the request source name passed as a parameter from the download unit 2, and determines the request source level from the correspondence table (step 105). That is, the information request receiving unit 6 of the resident unit 3 receives the information reference request from the download unit 2 and
, The information search unit 11 searches the request source level registered in the information DB 4 from the request source name passed as a parameter from the download unit 2. For example, if the requesting source name is c, the requesting source level is 3. Next, the resident unit 3 searches the information DB from the request information name passed as a parameter from the download unit 2, and determines a referenceable level from the correspondence table (step 106). That is, a referenceable level is searched from the request information name also passed as a parameter. For example, if the request information name is A, the referenceable level is 3. The searched request source level and referenceable level are passed to the reference data determination unit 8, and the reference data determination unit 8 compares the request source level with the referenceable level (step 107). Requester level ≧
The request information is set in the return parameter area to pass the corresponding information to the request source only at the referenceable level (108). If the requester level is lower than the referenceable level, it is determined whether or not there is proxy information (step 10).
9) If there is proxy information, the proxy information is set in the return parameter area to pass the proxy information to the requestor (110). The return code is set in the return parameter area to be passed to the request source (111).

In the case of the above example, the requesting source level is 3 and the referable level is also 3, so the corresponding information "Totsuka-ku, Yokohama-shi ..." is passed to the requesting source. When the request source level is lower than “level 3”, the response message creating unit 7
Returns return information indicating that there is no reference level authority to the requesting source, or returns "proxy information", which is low-priority information registered in the database in advance, to the requesting source. In the case of the above example, the proxy information corresponds to “Kanagawa” instead of “5030 Totsuka-cho, Totsuka-ku, Yokohama-shi, Kanagawa”. The proxy information may be one as in the embodiment or may be divided into several stages. In the above example, proxy information such as “Yokohama City, Kanagawa Prefecture” and “Totsuka-ku, Yokohama City, Kanagawa Prefecture” may be registered in the middle.

As described above, the download unit 2
The operation of the information DB 4 (for example, including it in a message transmitted to the server) can be performed only by instructing the resident unit 3 instead of directly referring to the contents. This means that the interface for accessing the information DB 4 is kept secret from anyone except the person who creates the software of the resident unit 3, and the person who creates the software of the download unit 2 uses the public interface of the resident unit 3. The information DB 4 cannot be accessed unless it is used. The input function to the information DB 4 is handled by the information input / storage management 9 of the resident unit 3, and the operation of the information DB 4 cannot be performed by software other than the resident unit 3 at all.
Further, in the embodiment, the information management of the client in the electronic commerce has been described, but the present invention can be applied to information management of personnel information and the like.

[0023]

According to the present invention, even if the client software for the electronic commerce is downloaded, the client information can be protected and the security of the electronic commerce is improved. Also, while maintaining safety,
This has the effect of adopting a flexible download method for changing or distributing software. In addition, since the response can be changed for each party to which information is disclosed, application to electronic commerce (EC) with an unspecified number of parties is possible. Further, the present invention can be applied not only to electronic commerce (EC) but also to information management such as personnel information.

[Brief description of the drawings]

FIG. 1 is a schematic block diagram for explaining the present invention.

FIG. 2 is a diagram illustrating a configuration of a resident unit, a relationship between the resident unit and a download unit, and a relationship between the resident unit and an information DB.

FIG. 3 is a diagram illustrating an example of a table data structure of an information DB.

FIG. 4 is a diagram showing a flowchart of processing in a client.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 E-commerce client 2 Client software download part 3 Client software resident part 4 Information DB 5 E-commerce server 6 Information request reception part 7 Response message creation part 8 Reference data judgment part 9 Information input / storage management 10 Key generation utility 11 Information DB search Department

Claims (4)

[Claims] 1. An electronic commerce information management method for an electronic commerce capable client having a database, wherein the memory of the client includes a download unit storing e-commerce client software downloaded from a server, and client-specific information management client software. The e-commerce client software can not obtain information directly from the database, when obtaining information from the database, issues an information reference request to the information management client software, The information management client software receives the information reference request, searches the database based on the information reference request, and passes a search result to the electronic commerce client software. E-commerce information management method. 2. The electronic commerce information management method according to claim 1, wherein a correspondence table between a requester name and a requester level and a correspondence table between a request information name, a referenceable level and information are registered in the database. The information management client software searches the database based on the request source name and the request information name in the received information reference request, obtains a request source level, a referenceable level and information, and obtains the obtained request source level and referenceable information. It is determined whether or not the level satisfies a predetermined relationship, and when the relationship is satisfied, the obtained information is passed to the e-commerce client software. An electronic commerce information management method, which is passed to client software. 3. The electronic commerce information management method according to claim 1, wherein proxy information for the information is provided in a correspondence table between the request information name, the referenceable level, and the information in the database, and as a result of the determination, the relationship is satisfied. When the proxy information does not exist, the proxy information is passed to the electronic commerce client software when the proxy information exists, and when the proxy information does not exist, a return code indicating that there is no reference authority is passed to the electronic commerce client software. E-commerce information management method. 4. A procedure for receiving an information reference request from an electronic commerce client program, a procedure for searching a database by a request source name in the received information reference request to obtain a request source level, Searching the database by the request information name to obtain a referenceable level and information; determining whether the obtained requester level and referenceable level satisfy a predetermined relationship; A computer readable recording of an information management client program for executing a procedure of passing the obtained information to the e-commerce client program, and a procedure of passing a return code indicating that the user does not have a reference right to the e-commerce client program when the relationship is not satisfied. Recording medium.