CN101147166A - Network settling card, network settling program, authentication server, and shopping system and settling method - Google Patents

Network settling card, network settling program, authentication server, and shopping system and settling method Download PDF

Info

Publication number
CN101147166A
CN101147166A CNA2006800090904A CN200680009090A CN101147166A CN 101147166 A CN101147166 A CN 101147166A CN A2006800090904 A CNA2006800090904 A CN A2006800090904A CN 200680009090 A CN200680009090 A CN 200680009090A CN 101147166 A CN101147166 A CN 101147166A
Authority
CN
China
Prior art keywords
card
user
out
check
network
Prior art date
Application number
CNA2006800090904A
Other languages
Chinese (zh)
Inventor
大河克好
Original Assignee
安全通信公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to JP029867/2005 priority Critical
Priority to JP2005029867 priority
Priority to JP347925/2005 priority
Application filed by 安全通信公司 filed Critical 安全通信公司
Publication of CN101147166A publication Critical patent/CN101147166A/en

Links

Abstract

Provided are a network settling card and a network settling program, which can perform a settling procedure on a commodity selected by a user, in a shopping system through a network or at an actual shop, even if the card information and the personal information of the user and so on are not notified, as well as an authentication server, and a shopping system and a settling method. The network settling card is provided with an authentication processing unit (202) for performing authentications with an authentication key created on the basis of the information of the card to be used for the settling procedure. The authentication processing unit (202) performs the settlement of the commodity selected by the user, by creating a one-time ID with the authentication key, by acquiring the one-time ID to be created by an authentication server (104) for the authentication of the one-time ID, and by authenticating the authentication server (104) with the authentication key.

Description

Network check out card, network settling program, certificate server and purchase system and method for settlement

Technical field

The present invention relates to a kind of purchase system, wherein, the user is by network selecting and the commodity that provided by server are provided.More particularly, the present invention relates to a kind of network that when using purchase system, uses by the user check out card and a kind of certificate server that is used for discerning the information of the card that will use in check-out procedure by the user.

Background technology

Up to now, the well known server end is by the purchase system of internet sale commodity.As shown in figure 44, the configuration of purchase system 440 roughly is divided into user side and the server end that connects by network, and wherein, described user side comprises user terminal 4401, and described server end comprises the sales server 4402 and the server 4403 of checking out.Further as shown in figure 45, the treatment scheme in the purchase system roughly is divided into following steps, comprising: step 10, and wherein, the user selects commodity and notifies his or her purchase intention to server end; Step 20, wherein, the user selects method of settlement and notifies personal information and card information to server end; Step 30 wherein, is carried out check-out procedure at server end.

When the user bought commodity by purchase system, the user need carry out check-out procedure to commodity.Method of settlement also comprises the credit card that uses the user to hold except that comprising cash on delivery (COD), transferring into designated account etc.What the user selected method of settlement is notified to it sales server 4402 in the lump.When the user selects credit card and notifies sales server 4402, the information of the credit card that sales server 4402 request user terminals 4401 input users hold and user's personal information.In response to this request, the user is by user terminal 4401 Enter Your Credit Card Information (such as the Business Name of credit card, card ID and password) and userspersonal information's (such as name, age, address, telephone number, e-mail address of user).The user sends to sales server 4402 with this information from user terminal 4401.The commodity that sales server 4402 management is selected by the user, and the information and the userspersonal information of the credit card of holding by the user who receives by user's input obtain user account information.Then, in response to the check-out procedure request from user terminal 4401, sales server 4402 is with reference to the credit card information that obtains, and search also sends the user account information of obtaining by the server 4403 of checking out of associated card company control.Check out server 4403 based on credit card information and personal information in the user account information that receives, by coming purchased commodity are carried out check-out procedure (seeing 1: the No. 240814/1998 JP-A of patent file) from discern described user by the associated server information of managing.

Summary of the invention

Yet, select in purchase system aforesaid user to Enter Your Credit Card Information under the situation of check-out procedure of credit card (such as " credit card company's title ", " card ID " and " password ") and userspersonal information's (such as " user's name ", " age ", " address ", " telephone number " and " e-mail address ") is pretty troublesome.In addition, when the information of input on network, leaked or stolen and by personation third-party someone when using, the user can suffer heavy losses.These problems lack the problem of practicality and security when causing using credit card on network.

The present invention is directed to these problems, and provide a kind of network check out card and network settling program, even it also can carry out check-out procedure by network or in actual store to the commodity of being selected by the user in purchase system under the situation that does not have notified user's card information, personal information etc., the present invention also provides a kind of certificate server and purchase system and method for settlement.

The network according to the present invention card of checking out comprises: the authentication processing unit is used for using based on the authenticate key of the information creating of the card that will use in check-out procedure and carries out authentication.The authentication processing unit is carried out check-out procedure by following processing to the commodity of being selected by the user: create disposable ID by authenticate key, obtain the disposable ID that creates by the certificate server that is used for authenticating one-time ID, and come certificate server is authenticated by authenticate key.

In addition, carry out according to network settling program of the present invention by computing machine, it is used for using based on the authenticate key of the information creating of the card that will use in check-out procedure carries out authentication, create disposable ID by authenticate key, obtain the disposable ID that creates by the certificate server that is used for authenticating one-time ID, and come certificate server is authenticated by authenticate key.

In addition, method of settlement according to the present invention may further comprise the steps: executive communication between user terminal and server, and make the user select to be presented at commodity in the user terminal; Demonstration is carried out the method for check-out procedure to the commodity of selecting, and the user is therefrom selected; When the network of selecting to be used for the method for check-out procedure as the user is checked out card or network settling program, check out card or network settling program of network is read; But but make the user from selection card company that server, manages and the selection card company that in network is checked out card or network settling program, manages, select can be used for the card company of check-out procedure; Show the request that is used for carrying out authentication, and make the user carry out described request with server; And show the request that is used for carrying out the check-out procedure processing, and make the user carry out described request with server.When carrying out authentication processing, check out card or network settling program of network created disposable ID by the authenticate key based on the information creating of the card that will use in check-out procedure, and the disposable ID that will create sends to server.Server authenticates the disposable ID of transmission by the authenticate key of creating based on card information, thus the information of the card that identification will be used in check-out procedure by the user.Then, server is created disposable ID by the authenticate key that is used to authenticate, and the disposable ID that will create sends to user terminal.Carry out two-way disposable ID authentication processing thus.

In addition, another method of settlement according to the present invention may further comprise the steps: executive communication between shop terminal and server, and the shop terminal is read be used for the network that the commodity of being selected by the user the are carried out check-out procedure card of checking out; But but make the user from selection card company that server, manages and the selection card company that in network is checked out card, manages, select can be used for the card company of check-out procedure; Show the request that is used for carrying out authentication, and make the user carry out described request with server; And show the request that is used for carrying out the check-out procedure processing, and make the user carry out described request with server.When carrying out authentication processing, check out card or network settling program of network created disposable ID by the authenticate key based on the information creating of the card that will use in check-out procedure, and the disposable ID that will create sends to server.Server authenticates the disposable ID of transmission by the authenticate key of creating based on card information, thus the information of the card that identification will be used in check-out procedure by the user.Then, server is created disposable ID by the authenticate key that is used to authenticate, and the disposable ID that will create sends to the shop terminal.Carry out two-way disposable ID authentication processing thus.

In addition, certificate server according to the present invention comprises: commodity amount information administrative unit is used for obtaining the amount information of the commodity by user at user terminal selected by network from the sales server that is used for vending articles at purchase system; Subscriber card authentication processing unit is used to use the authenticate key of creating based on card information, authenticates the information of the card that will be used check-out procedure by the user at the disposable ID that sends from user terminal; And the user account process controller, be used for obtaining user account information and carry out check-out procedure by authentication information from the amount information of the commodity that obtain and the card that will use in check-out procedure by the user.

In addition, purchase system according to the present invention comprises: network check out card or network settling program are used for the commodity of being selected by the user are carried out check-out procedure; Terminal is used to read network and checks out card or network settling program with by the network executive communication; Certificate server, be used for and terminal communication, reception is checked out disposable ID that card or network settling program create by network and the amount information of the commodity selected by the user, obtain the information of the card that will in check-out procedure, use based on disposable ID, and obtain the user account information that comprises commodity amount information and card information by the user; And the server of checking out, be used for the commodity of being selected by the user being carried out check-out procedure by obtain user account information from certificate server.After the information of the card that will be used check-out procedure by the user from disposable ID authentication, certificate server is created disposable ID by the authenticate key that is used to authenticate, and sends to network check out card or network settling program by the disposable ID that terminal will be created.Check out card or network settling program of network authenticates certificate server, carries out check-out procedure to commodity by the terminal request certificate server then.

In addition, another purchase system according to the present invention comprises: the network card of checking out is used for the commodity of being selected by the user are carried out the processing of checking out; The shop terminal is used to read network and checks out card to pass through the network executive communication; Certificate server, be used for and the shop terminal communication, receive by check out disposable ID that card creates and of network from the shop terminal by the amount information of the commodity of user's selection, obtain the information of the card that will in check-out procedure, use based on disposable ID, and obtain the user account information that comprises commodity amount information and card information by the user; And the server of checking out, be used for the commodity of being selected by the user being carried out check-out procedure by obtain user account information from certificate server.After the information of the card that will be used check-out procedure by the user from disposable ID authentication, certificate server is created disposable ID by the authenticate key that is used to authenticate, and sends to the network card of checking out by the disposable ID that the shop terminal will be created.After the authentication of certificate server, the network cartoon of checking out is crossed shop terminal request certificate server commodity is carried out check-out procedure.

As mentioned above, according to the present invention, user side can be created disposable ID under the situation of the card information of not importing the user, personal information etc., and simultaneously, server end can authenticate the information of the card that will be used by the user by authenticating one-time ID in closing procedure.This has saved the trouble of the card information of notifying the user, personal information etc.In addition, this information can not leaked or be stolen on network, thereby the user can be easily and confidently used described system.Even disposable ID is leaked or steals and described disposable ID is used, also can prevent personation on network.In addition,, can check validity mutually, thereby make it possible in two ends protection information at user side and server end by not only authenticating in server-side certificate subscriber card information but also at the two-way disposable ID of user side certificate server.

In addition,, under the situation of the card information of not notifying the user, personal information etc., not only can use purchase system, and can carry out check-out procedure in actual store the commodity that the user selects by network according to the present invention.

Description of drawings

Fig. 1 is the diagrammatic sketch that the purchase system that is used for the embodiment of the invention is shown;

Fig. 2 illustrates the check out diagrammatic sketch of internal configurations of card of the network that is used for the embodiment of the invention;

Fig. 3 is the diagrammatic sketch that the internal configurations of the certificate server that is used for the embodiment of the invention is shown;

Fig. 4 is the diagrammatic sketch that the flow process of handling as the purchase commodity selection of the processing of purchase system is shown;

Fig. 5 is the diagrammatic sketch that illustrates as the flow process of the subscriber card authentication processing of the processing of purchase system;

Fig. 6 is the diagrammatic sketch that the flow process of handling as the check-out procedure of the processing of purchase system is shown;

Fig. 7 illustrates the diagrammatic sketch of finishing the flow process that the affirmation of information handles as the check-out procedure of the processing of purchase system;

Fig. 8 is the diagrammatic sketch that the flow process of handling as the affirmation of the information of finishing dealing with of checking out of the processing of purchase system is shown;

Fig. 9 illustrates the diagrammatic sketch of confirming the flow process handled as other of the information of finishing dealing with of checking out of the processing of purchase system;

Figure 10 illustrates the check out diagrammatic sketch of granting configuration of card of network;

Figure 11 illustrates the check out diagrammatic sketch of granting configuration of card of network;

Figure 12 illustrates the check out diagrammatic sketch of granting configuration of card of network;

Figure 13 is the diagrammatic sketch that illustrates by the configuration of card company control certificate server;

Figure 14 illustrates by the check out diagrammatic sketch of configuration of card granting company control certificate server of card company or network;

Figure 15 illustrates by the check out diagrammatic sketch of configuration of card granting company control certificate server of network;

Figure 16 be illustrate on the screen that is presented at user terminal merchandise news and by the diagrammatic sketch of the data structure of sale service management;

Figure 17 illustrates the information of the commodity on the screen of being selected by the user that is presented at user terminal and by the diagrammatic sketch of the data structure of sale service management;

Figure 18 illustrates the method for settlement that can be used for check-out procedure on the screen that is presented at user terminal and card information and by the diagrammatic sketch of the data structure of sale service management;

Figure 19 is the diagrammatic sketch that the configuration on the screen that the card information that is used for can be used for check-out procedure is presented at user terminal is shown;

Figure 20 is the diagrammatic sketch that the configuration on the screen that the card information that is used for can be used for check-out procedure is presented at user terminal is shown;

Figure 21 is the diagrammatic sketch that the configuration on the screen that the card information that is used for can be used for check-out procedure is presented at user terminal is shown;

Figure 22 is the diagrammatic sketch that the configuration on the screen that the card information that is used for can be used for check-out procedure is presented at user terminal is shown;

Figure 23 illustrates the diagrammatic sketch that sends to the data structure of certificate server from sales server;

Figure 24 be illustrate be used for will input PIN code request be presented at the diagrammatic sketch of the configuration on the screen of user terminal;

Figure 25 be illustrate be used for will input PIN code request be presented at the diagrammatic sketch of the configuration on the screen of user terminal;

Figure 26 illustrates the diagrammatic sketch that sends to the data structure of certificate server from user terminal;

Figure 27 illustrates the diagrammatic sketch that sends to the data structure of certificate server from user terminal;

Figure 28 illustrates the diagrammatic sketch that sends to the data in server structure of checking out from certificate server;

Figure 29 illustrates the diagrammatic sketch that sends to the data structure of certificate server from the server of checking out;

Figure 30 illustrates the check out diagrammatic sketch of internal configurations of card of the network that is used for the embodiment of the invention;

Figure 31 is the diagrammatic sketch that the internal configurations of the certificate server that is used for the embodiment of the invention is shown;

Figure 32 is the diagrammatic sketch that the configuration of the purchase system that is used for the embodiment of the invention is shown;

Figure 33 is the diagrammatic sketch that the internal configurations of the network settling program that is used for the embodiment of the invention is shown;

Figure 34 is the diagrammatic sketch that the flow process of handling as the purchase commodity selection of the processing of purchase system is shown;

Figure 35 is the diagrammatic sketch that illustrates as the flow process of the subscriber card authentication processing of the processing of purchase system;

Figure 36 is the diagrammatic sketch that the flow process of handling as the check-out procedure of the processing of purchase system is shown;

Figure 37 illustrates the diagrammatic sketch of finishing the flow process that the affirmation of information handles as the check-out procedure of the processing of purchase system;

Figure 38 illustrates the diagrammatic sketch of finishing the flow process that the affirmation of information handles as the check-out procedure of the processing of purchase system;

Figure 39 illustrates the diagrammatic sketch that other that finish information as the check-out procedure of the processing of purchase system confirmed the flow process handled;

Figure 40 is the diagrammatic sketch that the configuration of the purchase system that is used for the embodiment of the invention is shown;

Figure 41 is the diagrammatic sketch that the flow process of handling as the purchase commodity selection of the processing of purchase system is shown;

Figure 42 is the diagrammatic sketch that illustrates as the flow process of the subscriber card authentication processing of the processing of purchase system;

Figure 43 is the diagrammatic sketch that the flow process of handling as the check-out procedure of the processing of purchase system is shown;

Figure 44 is the diagrammatic sketch of configuration of the purchase system that uses of illustrating over; And

Figure 45 is the diagrammatic sketch of flow process of the purchase system that uses of illustrating over.

Embodiment

Now will be described below and be used to implement the preferred embodiments of the present invention.It is to be understood that the present invention is not limited to following description to embodiment, but under the situation that does not break away from the spirit and scope of the present invention, the present invention can change suitably and implement.

(first embodiment)

Below the first embodiment of the present invention will be described.At first, will a general configuration of purchase system be described.As shown in Figure 1, the configuration of purchase system 100 roughly is divided into user side and server end.User side comprises: the network card 101 of checking out, the commodity of being selected in purchase system by the user are carried out check-out procedure; And user terminal 102, such as desktop PC, notebook, mobile computer or mobile phone, it passes through the network executive communication when connecting or reading network and check out card 101.Server end comprises: sales server 103 is used for selling commodity by be connected to user terminal 102 via network; Certificate server 104 is used for obtaining from sales server 103 amount information of the commodity of being selected by the user, obtains the information of the card that will be used by the user from the disposable ID that sends from user's terminal 102 check-out procedure, and obtains user account information; And the server 105 of checking out, be used for the commodity of being selected by the user being carried out check-out procedure by obtain user account information from certificate server 104.In addition, sales server 103, certificate server 104 and the server 105 of checking out can be integrated or separated from one another physically.

The network card 101 of checking out then will be described.As shown in Figure 2, the configuration of program of management roughly is divided into following in network is checked out card 101: active state controller 201 is used for the active state of control card; Authentication processing unit 202 is used for using based on the authenticate key of the information creating of the card that will use in check-out procedure and carries out authentication; And communication unit 203, be used for notice or obtain various types of information.When the network card 101 of checking out is connected to user terminal 102 and network and checks out the program of card 101 when being carried out by the computing machine of user terminal 102, each piece operation.In addition, the network card of checking out can be IC-card and USB storage, but also can use other configuration.Under the situation of IC-card, make the computing machine of user terminal 102 carry out the check out program of card 101 and of network by reader/write device execution read or write.In addition, under the situation of USB storage, make the computing machine of user terminal 102 carry out network check out card 101 program and carry out read or write.In addition, can under contact mode or noncontact mode, carry out read/write operation.

Active state controller 201 comprises: PIN code storage unit 204 is used for the check out PIN code of card 101 of activating network, such as user's biological characteristic (biometric) information or by user or the network password that the granting company of card 101 is provided with of checking out; PIN code acquiring unit 205 is used to obtain the PIN code such as biological information or password by user's input; PIN code determining unit 206 is used to use the PIN code by 204 management of PIN code storage unit to determine whether the PIN code that is obtained by PIN code acquiring unit 205 is correct; Activate processing unit 207, be used for when definite PIN code is correct the activating network card 101 of checking out; And invalid unit 208, be used for when the PIN code error, making the network card 101 of checking out invalid.In addition, managed to being used for the check out code of program of card of activating network by the PIN code of PIN code storage unit 204 management.By network check out card 101 the user or provide the described PIN code of company's registered in advance.Under the situation of password, write down the character string of alphanumeric character or symbol in advance.Under the situation of biological information, in advance the fingerprint of recording user, keep the seal, iris or voice print etc.In addition, the PIN code can be the combination of biological information and password.

Authentication processing unit 202 comprises: authenticate key storage unit 209 is used for managing the authenticate key of creating based on the information of the card that uses in check-out procedure etc. (the card ID that provides such as credit card company of being subscribed by the user or bank card company etc. and card number or user's personal information or out of Memory); Disposable ID creating unit 210 is used for creating disposable ID by the authenticate key of authenticate key storage unit 209; Disposable ID output unit 211, the disposable ID that is used for creating outputs to user terminal 102; Disposable ID acquiring unit 212 is used to obtain the disposable ID that is created by certificate server 104; Server authentication unit 213 is used for coming certificate server 104 is authenticated by the authenticate key of authenticate key storage unit 209; Company incorporated name storage unit 214 is used for being associated by the authenticate key with authenticate key storage unit 209 the card Business Name of predetermined credit card company of leading subscriber or bank card company etc.; Company incorporated's title output unit 215 is used to export company incorporated's title; And check-out procedure finishes information memory cell 216, is used for managing check-out procedure when check-out procedure is finished information and finishing information when obtaining from certificate server 104, manages check-out procedure simultaneously and finishes notice.

The two-way authentication of disposable ID and the disposable ID of use will be described here.Disposable ID is only can certified identification information once, and it will be used to discern effective sender and recipient.In an embodiment, use is created disposable ID based on the authenticate key of the establishments such as information of the card that uses in check-out procedure.Administrative authentication key in network is checked out card 101 and certificate server 104.Disposable ID is set to be changed when checking out between card 101 and the certificate server 104 executive communication at network.Use the authentication of disposable ID to be designed to have only effective sender and recipient to authenticate each other.For example, in an embodiment, network check out card 101 by in this card the management authenticate key create disposable ID.When receiving this disposable ID, certificate server 104 reads disposable ID by the authenticate key of managing in this server.Therefore, certificate server 104 can be discerned the card information of the ID that comprises the card that is used by the user in check-out procedure and card number or personal information etc.Then, certificate server 104 is created disposable ID by the authenticate key that is used for identification card information, and the disposable ID that will create sends to the network card 101 of checking out.Network check out card 101 by in this card the management authenticate key read disposable ID.Therefore, to check out that card 101 can discern certificate server 104 and can discern two-way disposable ID authentication be successful to network.As mentioned above, effectively sender and recipient be by administrative authentication key respectively, and use authenticate key only create can be once certified and disposable ID that be difficult to predict authenticate each other.Therefore, can prevent from leaked or stealing on the network and this disposable ID is used personation incident under the situation at disposable ID.In addition, can check validity mutually, make it possible to thus in two ends protection information at user side and server end.In addition, in " the One-Time ID Creating Method; Authentication Method; Authentication System; Server; Client, andProgram " of No. 282295/2004 JP-A open about disposable ID create, more details of two-way disposable ID authentication etc.

One general configuration of certificate server 104 then will be described.As shown in Figure 3, the configuration of the program of management roughly is divided into following in certificate server 104: commodity amount information administrative unit 301 is used for obtaining the amount information at the commodity of user terminal 102 selections by the user from sales server 103; Subscriber card authentication processing unit 302 is used to use the authenticate key of creating based on by the information of the card of described server admin etc., authenticates the information of the card that will be used check-out procedure by the user at the disposable ID that sends from user terminal 102; User account process controller 303 is used for obtaining user account information from the authentication information of the amount information of the commodity that obtain and the card that will be used in check-out procedure by the user, and by user account information to the server 105 request check-out procedure of checking out; And transmission/receiving element 304, be used for notice or obtain various types of information.

Commodity amount information administrative unit 301 comprises: sales server ID and commodity amount information acquiring unit 305 are used to obtain the amount information of the commodity of selecting from the sales server ID of sales server 103 and by the user; Sales server determining unit 306 is used to determine whether the sales server ID that obtains is registered; Sales server ID storage unit 307 is used to manage the sales server ID of registration; And commodity amount information acquiring unit 308, be used for when sales server is effective, obtaining the commodity amount information that sends from sales server 103.

Subscriber card authentication processing unit 302 comprises: activate request unit 309, be used to ask the user terminal 102 activating network card 101 of checking out; Disposable ID acquiring unit 310 is used to obtain from the network disposable ID that card 101 sends that checks out; Authenticate key storage unit 311 is used to manage and is used to discern such as by the ID of the card of user's registration and the authenticate key of Code Number and personal information; Card information identify unit 312 is used to use the authenticate key by 311 management of authenticate key storage unit, authenticates the information of the card that will be used in check-out procedure by the user at the disposable ID that is obtained by disposable ID acquiring unit 310; Disposable ID creating unit 313 is used for creating disposable ID by the authenticate key that is used to authenticate; And disposable ID output unit 314, be used to export the disposable ID of establishment.

User account process controller 303 comprises: user account information acquisition unit 315 is used for obtaining user account information from commodity amount information of being obtained by commodity amount information acquiring unit 308 and the card information of being discerned by card information identify unit 312; User account information request receiving element 316 is used for receiving the user account request from user terminal 102; User account information memory cell 317 is used for the leading subscriber checkout information; User account process request unit 318 is used for to the server 105 request check-out procedure of checking out; Check-out procedure is finished notice acquiring unit 319, be used for obtaining check-out procedure when check-out procedure is finished information and finishing information when obtaining from the server 105 of checking out, obtain the notice of finishing of check-out procedure simultaneously, and they are registered to user account procedural information storage unit 317; And user account validation of information unit 320, be used for receiving the request of check-out procedure being finished the tabulation of information, and read described tabulation from user account procedural information storage unit 317 from user terminal 102.

The as above processing operation of the purchase system of configuration now will be described.The flow process of the processing in purchase system roughly is divided into: as preliminary step begin handle, handle, handle as the subscriber card authentication processing of second step and as the check-out procedure of final step as the purchase commodity selection of first step.

With the processing of describing as preliminary step that begins.At user side, the user need obtain the network card 101 of checking out before using purchase system.The check out obtaining means of card 101 of network comprises: the card company of credit card that user's request management user has registered or bank card provides the network card (as shown in figure 10) of checking out; Perhaps the user asks to provide the check out company (hereinafter referred to as the network card granting company that checks out) of card of network and provides the network card (as Figure 11 and shown in Figure 12) of checking out.In both cases, be necessary that notice comprises the card information of the ID, Code Number of card (credit card or the bank card registered such as the user) etc. and user's personal information.Based on the card information of notice, the authenticate key of the information be used for authenticating the card that will be used in check-out procedure by the user is created by card company or the network card granting company that checks out, and with the certification key registration of establishment to the network card 101 of checking out, be issued to the user subsequently.Under the former situation, have only identical card company can be registered in network and check out in the card 101.In the latter case, different card companies can be registered in network and check out in the card 101.In addition, the user can by (for example post to card company or network check out card granting company or go to card company or the network card granting company that checks out) any way comes announcement card information.

The network card 101 of checking out is set to inactive state usually.For card 101 that network is checked out is set to active state, be necessary to import and the identical PIN code of in the PIN of associated card code storage unit 205, registering of PIN code.Should be registered in the PIN code of being registered in the PIN code storage unit 205 by the check out user or the granting company of card 101 of network.Yet when the PIN code was biological information, the user need register his or her biological information.

At server end, certificate server 104 need come the administrative authentication key by the disposable ID that the card 101 of checking out from network sends, and described authenticate key can authenticate the information of the card that will be used by the user in check-out procedure.In other words, be necessary to manage the authenticate key of the information of each card.In addition, check out server 105 by managing described card information and userspersonal information with card information (such as Business Name, ID and the Code Number of the card that the user held) and userspersonal information are associated with each other.By obtaining credit card or bank card or obtaining the check out user of card 101 of network and come announcement card information and userspersonal information.Can by carry out in preliminary step above-mentioned begin to handle use purchase system.In other words, when user account information when certificate server 104 sends, the server 105 of checking out can be based on by the card information of related service management etc. the commodity of being selected by the user being handled check-out procedure.In addition, in an embodiment, sales server 103 and certificate server 104 are registered their server info mutually and are used their server ID to authenticate mutually.

Then, handle as the purchase commodity selection of first step with reference to Fig. 4 description.In step 1, the user is connected to sales server 103 by network from user terminal 102, and the tabulation of the merchandise news in the request server.In response to this request, sales server 103 provides the commodity information list to user terminal 102, and wherein, the user selects the commodity of its expectation purchase and orders.More particularly, the commodity tabulation is presented on the display screen of user terminal 102.The user " adds shopping cart to " by each commodity selection that the mouse and the button of user terminal 102 are bought for its expectation.When the user had selected all commodity of its expectation purchase, the user selected " ordering " (seeing Figure 16).When the user selects commodity and orders in user terminal 102, in sales server 103, calculate the amount of money of merchandise news.The information of the commodity that the user orders and the amount of money thereof are displayed on the display screen of user terminal 102.The user confirms this.When the user wanted to buy, the user selected " affirmation " (seeing Figure 17) by the mouse and the button of user terminal 102.If the user does not want to buy, then the user selects " search once more " selecting once more, and perhaps the user stops and the communicating by letter of sales server 103.As user during to sales server 103 notice purchase intentions, sales server 103 is created the ID that orders about the merchandise news of ordering and the amount of money thereof.Then, sales server 103 is by storing various types of information with various types of information are associated with each other, such as " merchandise news that the user selects ", " amount of money of the commodity of selection " and " ordering ID " (seeing Figure 17).

Then, in step 2, can be used on the method for settlement of check-out procedure and the display screen that card information is displayed on user terminal 102 (seeing Figure 18).As method of settlement, " network payment ", " card payment ", " payment by the transfer of account ", " cashing on delivery " etc. are shown.In addition, as the card information that can be used for check-out procedure, the card company related with sales server 103 is shown.Using " network payment " to carry out under the situation of check-out procedure, the user is connected to user terminal 102 to read described card with the network card 101 of checking out.Meanwhile, the computer run network of user terminal 102 program of card 101 of checking out.Then, during the card company of management and network were checked out the card company that card 101 manages in the sales server 103, the card company that can be used for check-out procedure was displayed on the display screen of user terminal 102.More particularly, when the sales server control card a of company when f and network are checked out card 101 a of control card company, b, e, h, the card a of company, b, e are displayed on the display screen of user terminal 102.The available card company highlighted (as Figure 19 and shown in Figure 20) that is exemplified as of configurations shown that can be used for the card company of check-out procedure, and the selection screen of available card company is created (as Figure 21 and shown in Figure 22) again.The user confirms this, for example, selects " the card a of company " by the mouse and the button of user terminal 102.The card Business Name that the user will use in check-out procedure to sales server 103 notices.Then, except various types of information of management and as above management each other, sales server 103 is also managed " current time ", " the card Business Name of selection ", " sales server ID " etc. by mode associated with each other.(here for card company a) time, sales server 103 is communicated by letter with the certificate server 104 of managing associated card company when obtaining the card Business Name selected by the user.In addition, by card company (seeing Figure 12, Figure 13) or by check out card granting company (seeing Figure 12, Figure 15) or control certificate server 104 of network by card company or the network card granting company (seeing Figure 11, Figure 14) that checks out.Sales server 103 will " amount of money of the commodity of selection ", " ordering ID ", " current time " and " sales server ID " related with the merchandise news that the user selects and that managed therein send to certificate server 104 (seeing Figure 23).At this moment, executive communication between user terminal 102 and certificate server 104.In other words, when card Business Name that the user will use to sales server 103 notice, provide link to certificate server 104, thus executive communication between user terminal 102 and certificate server 104 in check-out procedure.In this way, finishing the purchase commodity selection handles.

Then, with reference to the subscriber card authentication processing of Fig. 5 description as second step.When obtaining wherein data associated with each other such as " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID ", in step 3, certificate server 104 determines whether " sales server ID " be effective.In certificate server 104, use the server ID of managing to carry out determining to server validity by sales server ID storage unit 307 by sales server determining unit 306.When sales server 103 effectively the time, above-mentioned information is acquired.In certificate server 104, user account information acquisition unit 315 is obtained and be imported into to described information by commodity amount information acquiring unit 308.Then, check out card 101 and send disposable ID of certificate server 104 request user terminals 102 activating network.Described request sends from activating request unit 309.The request that is used to carry out authentication is displayed on the display screen of user terminal 102, and in response to this, mouse and the button input of user by user terminal 102 is used for the check out PIN code (seeing Figure 24, Figure 25) of card 101 of activating network.According to described input, the check out PIN code determining unit 206 of active state controller 201 of card 101 of network is determined PIN codes by 204 management of PIN code storage unit.When definite PIN code is effective, carries out to activate and handle, and use with the card Business Name of being selected by the user is related and create disposable ID with the authenticate key that carries out check-out procedure.In network is checked out card 101, handling activation by the activation processing unit 207 of active state controller 201 handles, simultaneously, use related and create disposable ID by the authenticate key that the authenticate key storage unit 209 of authentication processing unit 202 is managed with the card Business Name of selecting by the user.The disposable ID that will create by user terminal 102 sends to certificate server 104.At this moment, the disposable ID of input user terminal 102 can be presented on the display screen, and is sent to certificate server 104 by the mouse and the button of user terminal 102.Perhaps, disposable ID can be automatically sent to certificate server 104 under the situation that is not presented at display screen.When definite PIN code is invalid, does not carry out to activate and handle and do not create disposable ID.

When receiving from disposable ID that user terminal 102 sends, certificate server 104 is carried out the information processing that is used for authenticating the card that will be used in check-out procedure by the user.In certificate server 104, use authenticate key by 311 management of authenticate key storage unit, carry out authentication processing at the disposable ID of the card information identify unit 312 that is input to subscriber card authentication processing unit 302.By the authenticated card information, certificate server 104 can obtain " card information ", such as card ID and Code Number.Then, be input to user account information acquisition unit 315 by " card information " that will obtain, certificate server 104 can obtain user account information together with the data of before having obtained, in described data, " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID " etc. are associated with each other.The certificate server 104 interim described information (seeing Figure 26) of preserving.

In certificate server 104, the authenticate key that is used to authenticate the disposable ID that sends from user terminal 102 is created disposable ID.In certificate server 104, use the authenticate key that is used to authenticate in the card information authentication ' unit 312 to create disposable ID.The disposable ID that will create by user terminal 102 sends to the network card 101 of checking out.At this moment, the disposable ID of input user terminal 102 can be presented on the display screen, and the mouse by user terminal 102 and button are imported into the network card 101 of checking out.Perhaps, disposable ID can be input to the network card 101 of checking out automatically under the situation that is not presented at display screen.

When the disposable ID that receives from user terminal 102 inputs, network card 101 execution of checking out are used for authentication processing that certificate server 104 is authenticated.Be similar in certificate server 104 processing of carrying out, use authenticate key, carry out authentication processing at the disposable ID of the server authentication unit 213 that is input to authentication processing unit 202 by 209 management of authenticate key storage unit.When certificate server 104 is certified, checks out at network and to finish two-way disposable ID authentication between card 101 and the certificate server 104.Therefore, can check validity mutually, thereby make it possible in two ends protection information at user side and server end.In this way, finish the subscriber card authentication.

Handle as the check-out procedure of final step with reference to Fig. 6 description.When finishing the authentication processing of certificate server 104 in the card 101 of checking out at network, in step 4, the user handles to certificate server 104 request check-out procedure by the check out program of card 101 of network.At this moment, the check-out procedure request of input user terminal 102 can be presented on the display screen, and is sent to certificate server 104 by the mouse and the button of user terminal 102.Perhaps, the check-out procedure request can be automatically sent to certificate server 104 under the situation that is not presented at display screen.

When receiving from check-out procedure request that user terminal 102 sends, certificate server 104 is carried out check-out procedure request (seeing Figure 28) to the server 105 of checking out by the user account procedural information of preserving.In certificate server 104, check-out procedure request receiving element 316 receives the check-out procedure request, and the user account information that will temporarily be kept in the user profile acquiring unit 315 is input to check-out procedure request unit 318.Check-out procedure request unit 318 is carried out the check-out procedure request by user account information being sent to the server 105 of checking out to the server 105 of checking out.User account information also is registered in the user account information memory cell 317.

When receiving user account information, the 105 pairs of commodity of being selected by the user of server of checking out are carried out check-out procedure.As mentioned above, user account information is information associated with each other such as " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID ", " card information " wherein." card information " that server 105 uses of checking out are managed in associated server authenticates " card information " in the user account information that is included in reception.In this way, the server 105 of checking out can be discerned subscriber card information, and can carry out check-out procedure to the commodity of being selected by the user.Control check out the credit card company of server 105 or such as the card company of banking company to based on the user's exec accounting process that is included in " card information " identification in the user account information, simultaneously control is carried out payment process based on the sales company of the sales server 103 that is included in " sales server ID " identification in the user account information.When finishing check-out procedure, the server 105 of checking out will have " check-out procedure is finished information " that the sign finished of the described process of indication " finishes " and send to certificate server 104 (seeing Figure 29).Be similar to user account information, " check-out procedure is finished information " is the data that comprise " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID " etc.In certificate server 104, finish notice acquiring unit 319 by check-out procedure and obtain " check-out procedure is finished information " and manage described " check-out procedure is finished information " by user account information memory cell 317.User account information has been registered in the user account information memory cell 317.Therefore, when user account information memory cell 317 obtains " check-out procedure is finished information ", certificate server 104 can determine relevant order ID check out and handle finish.Then, certificate server 104 the finishing of handling of will checking out sends to user terminal 102.In this way, check-out procedure is finished dealing with, and all of purchase system are finished dealing with.

At last, with reference to Fig. 7 and Fig. 8 the affirmation processing that check-out procedure is finished information is described.At first, the user makes user terminal 102 read check out card 101 and carry out its program of network.Meanwhile, can be used for checking out card Business Name of handling and card Business Name that expectation is identified in check-out procedure etc. are displayed on the display screen of user terminal 102.When the user selects it to be desirably in the card Business Name of confirming in the check-out procedure, user terminal 102 uses the check out card company (see Figure 10, Figure 13) of program search by selection of card 101 of networks, or by the network card granting company (seeing Figure 12, Figure 15) that checks out, or by the check out server of card granting company (seeing Figure 11, Figure 14) control of card company or network.In this way, executive communication between user terminal 102 and certificate server 104.In addition, the check out granting of card disposes to determine the search of server according to network.Check out card 101 and send disposable ID of certificate server 104 request user terminals 102 activating network.Described request sends from activating request unit 309.The request that is used to carry out authentication processing is displayed on the display screen of user terminal 102, and in response to this, mouse and the button input of user by user terminal 102 is used for the check out PIN code of card 101 of activating network.According to described input, check out card 101 of network determines whether the PIN codes are effective.In network is checked out card 101, use PIN code to carry out determining of validity by 204 management of PIN code storage unit by the PIN code determining unit 206 of active state controller 201.When definite PIN code is effective, carries out to activate and handle, and use by creating disposable ID with the related authenticate key of selecting of managing of card Business Name.In network is checked out card 101, handling activation by the activation processing unit 207 of active state controller 201 handles, simultaneously, use related and create disposable ID by the authenticate key that the authenticate key storage unit 209 of authentication processing unit 202 is managed with the card Business Name of selecting.The disposable ID that will create by user terminal 102 sends to certificate server 104.At this moment, the disposable ID of input user terminal 102 can be presented on the display screen, and is sent to certificate server 104 by the mouse and the button of user terminal 102.Perhaps, disposable ID can be automatically sent to certificate server 104 under the situation that is not presented at display screen.When definite PIN code is invalid, does not carry out to activate and handle and do not create disposable ID.

When receiving from disposable ID that user terminal 102 sends, certificate server 104 carries out that be used to authenticate will be by the authentication processing of subscriber card information.In certificate server 104, use authenticate key by 311 management of authenticate key storage unit, carry out authentication processing at the disposable ID of the card information identify unit 312 that is input to subscriber card authentication processing unit 302.By the authenticated card information, certificate server 104 can use associated card information to obtain " check-out procedure is finished information ".In other words, certificate server 104 can obtain the tabulation of data based on " card information " that obtains, about described data, finished check-out procedure, and, in described data, " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID " etc. are associated with each other.

In addition, in certificate server 104, the authenticate key that is used to authenticate the disposable ID that sends from user terminal 102 is created disposable ID.In certificate server 104, use the authenticate key that is used to authenticate in the card information specification unit 312 to create disposable ID.The disposable ID that will create by user terminal 102 sends to the network card 101 of checking out.At this moment, the disposable ID of input user terminal 102 can be presented on the display screen, and the mouse by user terminal 102 and button are imported into the network card 101 of checking out.Perhaps, disposable ID can be input to the network card 101 of checking out automatically under the situation that is not presented at display screen.

When the disposable ID that receives from user terminal 102 inputs, network card 101 execution of checking out are used for authentication processing that certificate server 104 is authenticated.In network is checked out card 101, be similar to the processing of in certificate server 104, carrying out, use is by the authenticate key of authenticate key storage unit 209 management, carries out authentication processing at the disposable ID of the server authentication unit 213 that is input to authentication processing unit 202.When certificate server 104 is certified, checks out at network and to finish two-way disposable ID authentication between card 101 and the certificate server 104.Therefore, can check validity mutually, thereby make and to protect information at two ends at user side and server end.

When two-way authentication processing is finished, the tabulation of " check-out procedure is finished information " that the user obtains to certificate server 104 request as mentioned above by user terminal 102.At this moment, can be presented on the display screen from the request to described tabulation of user terminal 102, and send to certificate server 104 by the mouse and the button of user terminal 102.Perhaps, described request can be automatically sent to certificate server 104 under situation about not being presented on the display screen.In response to described request, certificate server 104 tabulations with " check-out procedure is finished information " send to user terminal 102.The tabulation of described " check-out procedure is finished information " is displayed on the display screen of user terminal 102, wherein, and " check-out procedure is finished information " that the user selects its expectation to confirm by the mouse and the button of user terminal 102.Meanwhile, execution is communicated by letter with sales server 103, and by this communication, commodity are sold.As mentioned above, " check-out procedure is finished information " is data associated with each other such as " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID " wherein.When selecting " check-out procedure is finished information " of user expectation affirmation, provide link based on " sales server ID " to sales server 103, thus executive communication.Sales server 103 obtains based on " ordering ID " of sending and orders ID merchandise news related and registration when commodity purchasing is selected.Sales server 103 sends to user terminal 102 with the merchandise news of obtaining.Then, the user is displayed on the display screen of user terminal 102 its " merchandise news " of carrying out check-out procedure.The user can confirm to have finished the commodity details of check-out procedure.In this way, finish the affirmation processing that check-out procedure is finished information.

According to embodiment, in passing through the purchase system of network, can receive user terminal (such as laptop computer, notebook or mobile computer) and carry out described program by the computing machine that makes terminal and use and be included in the authenticate key that network checks out in the card and create disposable ID by chain jamming that network is checked out, simultaneously, server end can use the authenticate key by server admin, authenticates the information of the card that will be used in check-out procedure by the user at described disposable ID.For this reason, can economize the trouble of whereabouts user side notice subscriber card information, personal information etc.In addition, this information can not leaked or be stolen on network, thereby the user can be easily and used described system definitely.Because disposable ID is the disposable identification information that is difficult to predict, so, also can prevent personation on network even disposable ID is leaked or steals and described disposable ID is used.In addition, authenticate in server-side certificate subscriber card information but also at the two-way disposable ID of user side certificate server, can check validity mutually at user side and server end, thereby make and to protect information at two ends by carrying out not only.

In addition, in description of the invention, the purchase commodity selection that on-line operation is carried out between user terminal 102 and sales server 103 is handled.Yet described processing can be operated under the situation of off line.When operating under offline condition, sales server 103 is notified wherein data associated with each other such as " the card Business Name of selection ", " ordering ID ", " sales server ID " to user terminal 102 and certificate server 104.In this way, user terminal 102 is communicated by letter with certificate server 104.Therefore, can process user card authentication after buying the commodity selection processing.

In addition, in the description of embodiment, suppose by certificate server 104 management " check-out procedure is finished information ".Then, also " check-out procedure is finished information " notice be can be finished together with check-out procedure and network check out card 101 or user terminal 102 and be recorded in wherein sent to.In other words, when managing " check-out procedure is finished information " in the card 101 of checking out at network, the user can be based on sales server ID, order ID etc. confirms the commodity details by following processing: network is checked out to link receive user terminal 102 or make user terminal 102 read described card, the tabulation (see figure 8) of demonstration " check-out procedure is finished information " and obtain the commodity details that user expectation is browsed from described tabulation after the activation of card.When by user terminal 102 management " check-out procedure is finished information ", the user can be based on sales server ID, order ID etc. by only tabulation being presented on the display screen and obtaining the commodity details that user expectation browses from described tabulation and confirm the commodity details.

In addition, in an embodiment, when the computing machine of user terminal 102 is carried out network and checked out the program of card 101, activate described program in the following manner: utilize PIN code to authenticate the PIN code of importing by the user by 204 management of PIN code storage unit.Yet, also can provide active state controller 201 in the certificate server 104 (seeing Figure 31) of card 101 (seeing Figure 30) replacing network to check out, so that manage and be used for the check out PIN code of card 101 of activating network for check out information that card 101 maybe will be used for each card of check-out procedure of each network.In other words, check out card 101 request will be used for the information of card of check-out procedure time by user terminal 102 to network when certificate server 104, network is checked out card 101 by creating disposable ID with the corresponding authenticate key of the card that will be used for check-out procedure.The user is used for the check out PIN code of card 101 of activating network by user terminal 102 input.The check out disposable ID creating unit 210 of card 101 of network is added the PIN code to disposable ID, and sends it to certificate server 104 by user terminal 102.The disposable ID that certificate server 104 will receive is input to the card information identify unit 312 of subscriber card authentication processing unit 302, and uses the information of being discerned the card handled of will being used for checking out by the authenticate key of authenticate key storage unit 31 1 management.After the described card information of identification, certificate server 104 is input to active state controller 201 with the PIN code that adds disposable ID to.Then, PIN code determining unit 206 definite PIN codes of active state controller 201 by 204 management of PIN code storage unit.When definite PIN code is effective, carries out and to be used for the check out processing of card 101 of activating network.Because the PIN code is managed by certificate server 104 management rather than by the network card 101 of checking out, and is sent out after being added to disposable ID, so the third party is difficult to steal the PIN code.In addition, in this example, the PIN code is sent out by the mode of adding disposable ID to.Yet, can be by carrying out as the encryption of additional means the PIN code being mixed or embed among the disposable ID, and be difficult on network, steal the PIN code more so that disposable ID and PIN code are separately made by carry out decoding processing at certificate server 104.

In addition, in an embodiment, only between user terminal 102 and certificate server 104, carry out two-way disposable ID authentication processing.Yet, can in the communication between each server, carry out two-way disposable ID authentication.This makes can be by the internet between sales server 103 and certificate server 104, or realizes network between server 105 and the certificate server 104 checking out.In addition, in the description of embodiment,, the commodity amount information is sent to certificate server 104 from sales server 103 in order only to notify the purpose of the amount of money of the commodity of ordering.Yet the commodity amount information can be used for notifying title, price of commodity etc.

In an embodiment, do not have to describe about occurring overtime situation between terminal and the server.Yet owing to the wrong PIN code in the user side input, the card 101 of checking out can become invalid.As mentioned above, when preventing from system, to handle below the execution, can occur overtime.In this case, be necessary to return purchase commodity selection processing, and carry out this processing once more as first step.

(second embodiment)

Below second embodiment of the present invention will be described.First embodiment describes the user and uses the configuration of purchase system by network by means of the network card 101 of checking out.This embodiment will describe the user and not use network to check out under the situation of card 101, and the network settling program that is set to user terminal 102 by activation uses the configuration of purchase system.

At first, will a general configuration of purchase system be described.With reference to Figure 32, the configuration of purchase system 100 roughly is divided into user side and server end.User side comprises: user terminal 102 such as desktop PC, notebook, mobile computer or mobile phone, wherein is provided with network settling program.Server end comprises: sales server 103 is used for selling commodity by be connected to user terminal 102 via network; Certificate server 104 is used for obtaining from sales server 103 amount information of the commodity of being selected by the user, obtains the information of the card that will be used by the user from the disposable ID that sends from user's terminal 102 check-out procedure, and obtains user account information; And the server 105 of checking out, be used for the commodity of being selected by the user being carried out check-out procedure by obtain user account information from certificate server 104.In addition, the sales server 103 that provides at server end, certificate server 104 and the server 105 of checking out can be integrated or separated from one another physically.

Network settling program has and the check out identical configurations (seeing Figure 33) of program of management in the card 101 of network as shown in Figure 2.In addition, sales server 103, certificate server 104 and the server 105 of checking out have the configuration identical with above-mentioned configuration, therefore, will omit the description that repeats.

The processing operation of aforesaid purchase system now will be described.Basically, the entire process of purchase system is identical in essence with the flow process described in first embodiment.That is to say, the processing of purchase system be divided into as preliminary step begin handle, handle, handle as the subscriber card authentication processing of second step and as the check-out procedure of final step as the purchase commodity selection of first step.

With the processing of describing as preliminary step that begins.At user side, the user need be provided with network settling program before using purchase system.The obtaining means of network settling program comprises: the card company of credit card that user's request management user has registered or bank card provides network settling program; Perhaps the user asks to provide company's granting network settling program of network settling program.In both cases, be necessary that notice comprises the card information of the ID, Code Number of card (credit card or the bank card registered such as the user) etc. and user's personal information.Based on the card information of notice, the authenticate key of the information that is used for authenticating the card that will be used in check-out procedure by the user is created by card company or the company that provides network settling program, and with the certification key registration created to the network card program of checking out, be issued to the user subsequently.Under the former situation, have only identical card company can be registered in network settling program.In the latter case, different card companies can be registered in the network settling program.In addition, for example, the means that are issued to the user are by electronic mail transmitting program, or mailing is stored in the program in ID card or the storage medium.In both cases, user's network settling program is set to user terminal 102.

Network settling program is set to inactive state usually.For network settling program is set to active state, be necessary to import and the identical PIN code of in the PIN of program code storage unit 205, registering of PIN code.Should be registered in the PIN code of being registered in the PIN code storage unit 205 by the user or the granting company of described program.Yet when the PIN code was biological information, the user need register his or her biological information.

At server end, certificate server 104 need come the administrative authentication key by the disposable ID that sends from user terminal 102, and described authenticate key can authenticate the information of the card that will be used by the user in check-out procedure.In other words, be necessary to manage the authenticate key of the information of each card.Check out server 105 by managing described card information and userspersonal information with card information (such as Business Name, ID and the Code Number of the card that the user held) and userspersonal information are associated with each other.Come announcement card information and userspersonal information by the user who obtains credit card or bank card or obtain network settling program.Can by carry out in preliminary step above-mentioned begin to handle use purchase system.In other words, when user account information when certificate server 104 sends, the server 105 of checking out can be based on by the card information of server 105 management of checking out the commodity of being selected by the user being handled check-out procedure.In addition, in an embodiment, sales server 103 and certificate server 104 are registered their server info mutually and are used their server ID to authenticate mutually.

Then, handle as the purchase commodity selection of first step with reference to Figure 34 description.Be similar to first embodiment, in step 1, the user is connected to sales server 103 by network from user terminal 102, and the tabulation of the merchandise news in the request server.In response to this request, sales server 103 provides the commodity information list to user terminal 102, and wherein, the user selects the commodity of its expectation purchase and orders.More particularly, the commodity tabulation is presented on the display screen of user terminal 102.The user " adds shopping cart to " by each commodity selection that the mouse and the button of user terminal 102 are bought for its expectation.When the user had selected all commodity of its expectation purchase, the user selected " ordering " (seeing Figure 16) by the mouse and the button of user terminal 102.When the user selects commodity and orders in user terminal 102, in sales server 103, calculate the amount of money of merchandise news.The information of the commodity that the user orders and the amount of money thereof are displayed on the display screen of user terminal 102.The user confirms this.When the user wanted to buy, the user selected " affirmation " (seeing Figure 17) by the mouse and the button of user terminal 102.If the user does not want to buy, then the user selects " search once more " selecting once more, and perhaps the user stops and the communicating by letter of sales server 103.As user during to sales server 103 notice purchase intentions, sales server 103 is created the ID that orders about the merchandise news of ordering and the amount of money thereof, and by storing various types of information with various types of information are associated with each other, such as " merchandise news that the user selects ", " amount of money of the commodity of selection " and " ordering ID " (seeing Figure 17).

Then, in step 2, can be used on the method for settlement of check-out procedure and the display screen that card information is displayed on user terminal 102 (seeing Figure 18).As method of settlement, " network payment ", " card payment ", " payment by the transfer of account ", " cashing on delivery " etc. are shown.In addition, as the card information that can be used for check-out procedure, the card company related with sales server 103 is shown.Using " network payment " to carry out under the situation of check-out procedure, the user activates the network settling program that is set to user terminal 102.Meanwhile, the described program of the computer run of user terminal 102.Then, in the card company that manages in the card company of management and the network settling program in the sales server 103, the card company that can be used for check-out procedure is displayed on the display screen of user terminal 102.More particularly, when sales server 103 a of control card company to f and in network settling program when a of control card company, b, e, h, the card a of company, b, e are displayed on the display screen of user terminal 102.The available card company highlighted (as Figure 19 and shown in Figure 20) that is exemplified as of configurations shown that can be used for the card company of check-out procedure, and the selection screen of available card company is created (as Figure 21 and shown in Figure 22) again.The user confirms this, for example, selects " the card a of company " by the mouse and the button of user terminal 102.The card Business Name that the user will use in check-out procedure to sales server 103 notices.Then, except various types of information of management and as above management each other, sales server 103 is also managed " current time ", " the card Business Name of selection ", " sales server ID " etc. by mode associated with each other.(here for card company a) time, sales server 103 is communicated by letter with the certificate server 104 of managing associated card company when obtaining the card Business Name selected by the user.In addition, control certificate server 104 by card company (seeing Figure 12, Figure 13) or the company's (seeing Figure 12, Figure 15) by providing network settling program or the company's (seeing Figure 11, Figure 14) by card company or granting network settling program.Sales server 103 will " amount of money of the commodity of selection ", " ordering ID ", " current time " and " sales server ID " related with the merchandise news that the user selects and that managed therein send to certificate server 104 (seeing Figure 23).At this moment, executive communication between user terminal 102 and certificate server 104.In other words, when card Business Name that the user will use to sales server 103 notice, provide link to certificate server 104, thus executive communication between user terminal 102 and certificate server 104 in check-out procedure.In this way, finishing the purchase commodity selection handles.

Then, with reference to the subscriber card authentication processing of Figure 35 description as second step.When obtaining wherein data associated with each other such as " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID ", in step 3, certificate server 104 determines whether " sales server ID " be effective.In certificate server 104, use the server ID of managing to carry out determining to server validity by sales server ID storage unit 307 by sales server determining unit 306.When sales server 103 effectively the time, above-mentioned information is acquired.In certificate server 104, user account information acquisition unit 315 is obtained and be imported into to described information by commodity amount information acquiring unit 308.Then, certificate server 104 is asked user terminal 102 activating network closing procedures and is sent disposable ID.Described request sends from activating request unit 309.The request that is used to carry out authentication processing is displayed on the display screen of user terminal 102, in response to this, and the PIN code (seeing Figure 24, Figure 25) that mouse and the button input of user by user terminal 102 is used for the activating network closing procedure.According to described input, the PIN code that the PIN code determining unit 206 of active state controller 201 is determined by 204 management of PIN code storage unit.When definite PIN code is effective, carries out to activate and handle, and use with the card Business Name of being selected by the user is related and create disposable ID with the authenticate key that carries out check-out procedure.In network settling program, handling activation by the activation processing unit 207 of active state controller 201 handles, simultaneously, use related and create disposable ID by the authenticate key that the authenticate key storage unit 209 of authentication processing unit 202 is managed with the card Business Name of selecting by the user.The disposable ID that will create by user terminal 102 sends to certificate server 104.At this moment, the disposable ID of input user terminal 102 can be presented on the display screen, and is sent to certificate server 104 by the mouse and the button of user terminal 102.Perhaps, disposable ID can be automatically sent to certificate server 104 under the situation that is not presented at display screen.When definite PIN code is invalid, does not carry out to activate and handle and do not create disposable ID.

When receiving from disposable ID that user terminal 102 sends, certificate server 104 is carried out the authentication processing of the information that is used for authenticating the card that will be used in check-out procedure by the user.In certificate server 104, use authenticate key by 311 management of authenticate key storage unit, carry out authentication processing at the disposable ID of the card information identify unit 312 that is input to subscriber card authentication processing unit 302.By the authenticated card information, certificate server 104 can obtain " card information ", such as card ID and Code Number.Then, be input to user account information acquisition unit 315 by " card information " that will obtain, certificate server 104 can obtain user account information together with the data of before having obtained, in described data, associated with each other such as the information of " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID ".The certificate server 104 interim described information (seeing Figure 26) of preserving.

In certificate server 104, the authenticate key that is used to authenticate the disposable ID that sends from user terminal 102 is created disposable ID.In certificate server 104, use the authenticate key that is used to authenticate in the card information authentication ' unit 312 to create disposable ID.The disposable ID that creates is sent to user terminal 102.Then, user terminal 102 is carried out by network settling program and is used for authentication processing that certificate server 104 is authenticated.At this moment, the disposable ID of input user terminal 102 can be presented on the display screen and carry out network settling program with mouse and button by user terminal 102.Perhaps, network settling program can be automatically performed under the situation that does not show disposable ID.

Be similar in certificate server 104 processing of carrying out, use authenticate key, carry out authentication processing at the disposable ID of the server authentication unit 213 that is input to authentication processing unit 202 by 209 management of authenticate key storage unit.When is certificate server 104 certified, in the network card 101 (programs of checking out?) and certificate server 104 between finish two-way disposable ID authentication.Therefore, can check validity mutually, thereby make and to protect information at two ends at user side and server end.In this way, finish the subscriber card authentication processing.

Handle as the check-out procedure of final step with reference to Figure 36 description.When finishing the authentication processing of certificate server 104 in user terminal 102, in step 4, the network settling program that the user moves in user terminal 102 is handled to certificate server 104 request check-out procedure.At this moment, the check-out procedure request of input user terminal 102 can be presented on the display screen, and is sent to certificate server 104 by the mouse and the button of user terminal 102.Perhaps, described request can be automatically sent to certificate server 104 under the situation that is not presented at display screen.

When receiving from check-out procedure request that user terminal 102 sends, certificate server 104 is carried out check-out procedure request (seeing Figure 28) to the server 105 of checking out by the user account procedural information of preserving.In certificate server 104, check-out procedure request receiving element 316 receives the check-out procedure request, and the user account information that will temporarily be kept in the user profile acquiring unit 315 is input to check-out procedure request unit 318.Then, check-out procedure request unit 318 is carried out the check-out procedure request by user account information being sent to the server 105 of checking out to the server 105 of checking out.User account information also is registered in the user account information memory cell 317.

When receiving user account information, the 105 pairs of commodity of being selected by the user of server of checking out are carried out check-out procedure.As mentioned above, user account information is information associated with each other such as " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID ", " card information " wherein." card information " that server 105 uses of checking out are managed in associated server authenticates " card information " in the user account information that is included in reception.In this way, the server 105 of checking out can be discerned subscriber card information, and can carry out check-out procedure to the commodity of being selected by the user.Control check out the credit card company of server 105 or such as the card company of banking company to based on the user's exec accounting process that is included in " card information " identification in the user account information, simultaneously control is carried out payment process based on the sales company of the sales server 103 that is included in " sales server ID " in the user account information.When finishing check-out procedure, the server 105 of checking out will have " check-out procedure is finished information " that the sign finished of the described process of indication " finishes " and send to certificate server 104 (seeing Figure 29).Be similar to user account information, " check-out procedure is finished information " is the data that comprise " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID " etc.In certificate server 104, finish notice acquiring unit 319 by check-out procedure and obtain " check-out procedure is finished information " and manage described " check-out procedure is finished information " by user account information memory cell 317.User account information has been registered in the user account information memory cell 317.Therefore, when user account information memory cell 317 obtains " check-out procedure is finished information ", certificate server 104 can determine relevant order ID check out and handle finish.Then, certificate server 104 the finishing of handling of will checking out sends to user terminal 102.In this way, check-out procedure is finished dealing with, and all of purchase system are finished dealing with.

At last, with reference to Figure 37 and Figure 38 the affirmation processing that check-out procedure is finished information is described.At first, the user makes the network settling program in the computing machine execution user terminal 102.Meanwhile, can be used for the checking out card Business Name handled and user expect affirmation in check-out procedure card Business Name etc. is displayed on the display screen of user terminal 102.When the user selects it to be desirably in the card Business Name of confirming in the check-out procedure, the card company (see Figure 10, Figure 13) of the program search of operation in user terminal 102 by selecting, or by the network card granting company (seeing Figure 12, Figure 15) that checks out, or by the check out server of card granting company (seeing Figure 11, Figure 14) control of card company or network.In this way, executive communication between user terminal 102 and certificate server 104.In addition, dispose to determine the search of server according to the granting of network settling program.Check out card 101 and send disposable ID of certificate server 104 request user terminals 102 activating network.Described request sends from activating request unit 309.The request that is used to carry out authentication processing is displayed on the display screen of user terminal 102, in response to this, and the PIN code that mouse and the button input of user by user terminal 102 is used for the activating network closing procedure.According to described input, network settling program determines whether code is effective.In network settling program, use PIN code to carry out determining of validity by 204 management of PIN code storage unit by the PIN code determining unit 206 of active state controller 201.When definite PIN code is effective, carries out to activate and handle, and use by creating disposable ID with the related authenticate key of selecting of managing of card Business Name.In network settling program, handling activation by the activation processing unit 207 of active state controller 201 handles, simultaneously, use related and create disposable ID by the authenticate key that the authenticate key storage unit 209 of authentication processing unit 202 is managed with the card Business Name of selecting.The disposable ID that creates is sent to certificate server 104 from user terminal 102.At this moment, the disposable ID that creates in user terminal 102 can be presented on the display screen, and is sent to certificate server 104 by the mouse and the button of user terminal 102.Perhaps, disposable ID can be automatically sent to certificate server 104 under the situation that is not presented at display screen.When definite PIN code is invalid, does not carry out to activate and handle and do not create disposable ID.

When receiving from disposable ID that user terminal 102 sends, certificate server 104 is carried out the authentication processing that is used to authenticate card information.In certificate server 104, use authenticate key by 311 management of authenticate key storage unit, carry out authentication processing at the disposable ID of the card information identify unit 312 that is input to subscriber card authentication processing unit 302.By the authenticated card information, certificate server 104 can use associated card information to obtain " check-out procedure is finished information ".In other words, certificate server 104 can obtain the tabulation of data, about described data, finished check-out procedure, and in described data, " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID " etc. are associated with each other.

In certificate server 104, the authenticate key that is used to authenticate the disposable ID that sends from user terminal 102 is created disposable ID.In certificate server 104, use the authenticate key that is used to authenticate in the card information specification unit 312 to create disposable ID.The disposable ID that creates is sent to user terminal 102, and be input to the wherein network settling program of operation.At this moment, the disposable ID of fan-in network closing procedure can be presented on the display screen of user terminal 102, and is imported into network settling program by mouse and button.Perhaps, disposable ID can be input to network settling program automatically under the situation that is not presented at display screen.

When obtaining disposable ID, network settling program in the user terminal 102 is carried out and is used for authentication processing that certificate server 104 is authenticated.In network settling program, be similar to the processing of in certificate server 104, carrying out, use is by the authenticate key of authenticate key storage unit 209 management, carries out authentication processing at the disposable ID of the server authentication unit 213 that is input to authentication processing unit 202.When certificate server 104 is certified, in certificate server 104 and user terminal 102, finish two-way disposable ID authentication between the network settling program of operation.Therefore, can check validity mutually, thereby make and to protect information at two ends at user side and server end.

When two-way authentication is finished, the tabulation of " check-out procedure is finished information " that the user obtains to certificate server 104 request as mentioned above by user terminal 102.At this moment, can be presented on the display screen from the request to described tabulation of user terminal 102, and send to certificate server 104 by the mouse and the button of user terminal 102.Perhaps, described request can be automatically sent to certificate server 104 under situation about not being presented on the display screen.In response to described request, certificate server 104 tabulations with " check-out procedure is finished information " send to user terminal 102.The tabulation of described " check-out procedure is finished information " is displayed on the display screen of user terminal 102, wherein, and " check-out procedure is finished information " that the user selects its expectation to confirm by the mouse and the button of user terminal 102.Meanwhile, execution is communicated by letter with sales server 103, and by this communication, commodity are sold.As mentioned above, " check-out procedure is finished information " is data associated with each other such as " amount of money of the commodity of selection ", " ordering ID ", " current time ", " sales server ID " wherein.When selecting " check-out procedure is finished information " of user expectation affirmation, provide link based on " sales server ID " to sales server 103, and executive communication.Sales server 103 obtains based on " ordering ID " of sending and orders ID merchandise news related and registration when commodity purchasing is selected.Sales server 103 sends to user terminal 102 with the merchandise news of obtaining.Then, the user is displayed on the display screen of user terminal 102 its " merchandise news " of carrying out check-out procedure.The user can confirm to have finished the commodity details of check-out procedure.In this way, finish the affirmation processing that check-out procedure is finished information.

As mentioned above, according to embodiment, in passing through the purchase system of network, can be set to user terminal (such as laptop computer, notebook, mobile computer or mobile phone) and carry out described program by the computing machine that makes terminal and use and be included in the authenticate key that network checks out in the card and create disposable ID by network settling program, simultaneously, server end can use the authenticate key by server admin, the information of the card that authentication will be used in check-out procedure by the user.For this reason, can save the trouble of notifying subscriber card information, personal information etc. at user side.In addition, this information can not leaked or be stolen on network, thereby the user can be easily and used described system definitely.Because disposable ID is the disposable identification information that is difficult to predict, so, also can prevent personation on network even disposable ID is leaked or steals and described disposable ID is used.In addition, authenticate in server-side certificate subscriber card information but also at the two-way disposable ID of user side certificate server, can check validity mutually at user side and server end, thereby make and to protect information at two ends by carrying out not only.

In addition, in the description of embodiment, the purchase commodity selection that on-line operation is carried out between user terminal 102 and sales server 103 is handled.Yet described processing can be operated under the situation of off line.When operating under offline condition, sales server 103 is notified wherein data associated with each other such as " the card Business Name of selection ", " ordering ID ", " sales server ID " to user terminal 102 and certificate server 104.In this way, user terminal 102 is communicated by letter with certificate server 104.Therefore, commodity selection processing process user card authentication processing afterwards can bought.

In addition, in the description of embodiment, suppose by certificate server 104 management " check-out procedure is finished information ".Then, also " check-out procedure is finished information " can be finished notice together with check-out procedure sends to user terminal 102 and is recorded in wherein.In other words, when management " check-out procedure is finished information " in network settling program, the user can be based on sales server ID, order ID etc. confirms the commodity details by following processing: make the computing machine of user terminal 102 carry out network settling program, show the tabulation of " check-out procedure is finished information " and obtain the commodity details (seeing Figure 38) that user expectation is browsed from described tabulation.When by the means outside the network settling program in the user terminal 102 management " check-out procedure is finished information ", the user can be based on sales server ID, order ID etc. by only tabulation being presented on the display screen and obtaining the commodity details that user expectation browses from described tabulation and confirm the commodity details.

In addition, in an embodiment, when the computing machine of user terminal 102 is carried out network and checked out the program of card 101, activate described program in the following manner: utilize PIN code to authenticate the PIN code of importing by the user by 204 management of PIN code storage unit.Yet, be similar to first embodiment, also can in replacing the certificate server 104 of network settling program, provide the active state controller, so that the information that maybe will be used for each card of check-out procedure for each network settling program is managed the PIN code that is used for the activating network closing procedure.

In addition, in an embodiment, only between user terminal 102 and certificate server 104, carry out two-way disposable ID authentication.Yet, can in the communication between each server, carry out two-way disposable ID authentication.In this way, can be between sales server 103 and certificate server 104 by the internet, or realize network between server 105 and the certificate server 104 checking out.In addition, in the description of embodiment,, the commodity amount information is sent to certificate server 104 from sales server 103 in order only to notify the purpose of the amount of money of the commodity of ordering.Yet the commodity amount information can be used for notifying title, price of commodity etc.

In an embodiment, do not have to describe about occurring overtime situation between terminal and the server.Yet owing to the wrong PIN code in the user side input, it is invalid that network settling program can become.As mentioned above, when preventing from system, to handle below the execution, can occur overtime.In this case, be necessary to return purchase commodity selection processing, and carry out this processing once more as first step.

(the 3rd embodiment)

Below the third embodiment of the present invention will be described.First embodiment and second embodiment have described the example of user by network use virtual shop.This embodiment will describe the example that the user uses actual store.

At first, will a general configuration of purchase system be described.As shown in figure 40, the configuration of purchase system 4000 roughly is divided into user side and server end.User side comprises: the network card 4010 of checking out wherein records network settling program; Perhaps portable terminal 4020, such as mobile computer or mobile phone, wherein are provided with described program; And shop terminal 4030, be used for coming by the network executive communication by carrying out the check out network settling program of card 4010 or portable terminal 4020 of network.Server end comprises: certificate server 4040, be used for communicating by letter with shop terminal 4030, obtain the disposable ID that creates by network settling program and the amount information of the commodity selected by the user from shop terminal 4030, obtain the information of the card that will in check-out procedure, use by the user based on described disposable ID, and obtain the amount information that comprises commodity and the user account information of card information; And the server 4050 of checking out, be used for the commodity of being selected by the user being carried out check-out procedure by obtain user account information from certificate server 4040.Shop terminal 4030 is terminals of using in actual store.The employee in shop or office worker receive network check out card 4010 or portable terminal 4020 from the user, and make the computing machine of shop terminal 4030 carry out the network settling program of managing in network is checked out card or portable terminal.In addition, the certificate server 4040 and the server 4050 of checking out that provides at server end can be integrated or separated from one another physically.The network settling program of management has the identical configuration of program of checking out and managing in the card 101 with network as shown in Figure 2 in network is checked out card 4010 or portable terminal 4020.In addition, certificate server 4040 has the configuration identical with above-mentioned configuration with the server 4050 of checking out, and therefore, will omit the description that repeats.

Then, will the processing operation of the purchase system of configuration as mentioned above be described.Basically, entire process is identical in essence with the flow process described in first embodiment and second embodiment.Do in preliminary step begin handle, the user obtains the network card 4010 of checking out, perhaps the user obtains network settling program and sends it to portable terminal 4020.In handling as the purchase commodity selection of first step, the user selects the commodity that will buy in the shop, and indicates him or she to want the wish of the bill of commodity being checked out by network payment to the employee or the office worker in shop.Use shop terminal 4030, certificate server 4040 and the server 4050 of checking out are carried out as the subscriber card authentication processing of second step with as the check-out procedure of final step and are handled.

With the processing of describing as preliminary step that begins.At user side, the user obtained the network card 4010 of checking out before using purchase system, and perhaps the user obtains network settling program and sends it to portable terminal 4020.Described in first and second embodiment, network the obtaining of card or the network settling program/means of setting of checking out comprise: the card company of credit card that user's request management user has registered or bank card provides network check out card or network settling program; Perhaps the user asks to provide the check out company of card/program of network and provides network check out card or network settling program.In both cases, be necessary to notify the card information and the userspersonal information of the card ID of the credit card registered such as the user or bank card and Code Number etc.Card information based on notice, card company or provide check out company's establishment of card/program of network and be used for authenticating the authenticate key of the information of the card that will use in check-out procedure by the user, and with the certification key registration created to the network card/program of checking out, be issued to the user subsequently.Under the former situation, have only identical card company can be registered in the network card/program of checking out.In the latter case, different card companies can be registered in network and check out in card/program.In addition, for example, the means that are issued to the user are to send network settling program via network by Email or other electronically, or mailing is stored in the network settling program in ID card or the storage medium.When obtaining automatic network or be stored in network settling program in the storage medium, the user is set to portable terminal 4020 with program.When obtaining the network settling program that is stored in the IC-card, the user is used as the network card 4010 (seeing Fig. 3 and Figure 33) of checking out.

Network settling program is set to inactive state usually.For network settling program is set to active state, be necessary to import and the identical PIN code of in the PIN of program code storage unit 205, registering of PIN code.Should be registered in the PIN code of being registered in the PIN code storage unit 205 by the user or the granting company of described program.Yet when the PIN code was biological information, the user need register his or her biological information.

At server end, certificate server 104 needs to use network settling programs come the administrative authentication key by the disposable ID that sends from shop terminal 4030, and described authenticate key can authenticate the information of the card that will be used by the user in check-out procedure.In other words, be necessary to manage the authenticate key of the information of each card.Check out server 4050 by managing described card information and userspersonal information with card information (such as Business Name, ID and the Code Number of the card that the user held) and userspersonal information are associated with each other.Come announcement card information and userspersonal information by the user who obtains credit card or bank card or obtain network settling program.Can by carry out in preliminary step above-mentioned begin to handle use purchase system.These handle identical with described in first and second embodiment.

Then, handle as the purchase commodity selection of first step with reference to Figure 41 description.In step 1, the user selects the commodity that will buy in the shop, and indicates him or she to want the wish of commodity being paid by network payment to the employee or the office worker in shop.According to user's wish, shop terminal 4030 create about the user indicate purchase intention merchandise news order the ID and the commodity amount of money.Shop terminal 4030 is by with various types of information (such as " merchandise news that is used to select ", " the commodity amount of money of selection " and " ordering ID ") described information (seeing Figure 17) of managing associated with each other.

Then, the employee in shop or office worker receive network check out card 4010 or portable terminal 4020 from the user, and make the program of shop terminal 4030 carry out the network settling program of managing in network is checked out card or portable terminal.Meanwhile, in card company that manages in shop terminal 4030 and the card company that manages in network settling program, the card company that can be used for check-out procedure is displayed on the display screen of shop terminal 4030.More particularly, when by shop terminal 4030 a of control card company to f and in network settling program when a of control card company, b, e, h, the card a of company, b, e are displayed on the display screen of shop terminal 4030.The available card company highlighted (as Figure 19 and shown in Figure 20) that is exemplified as of configurations shown that can be used for the card company of check-out procedure, the selection screen of perhaps available card company is created (as Figure 21 and shown in Figure 22) again.When the user confirmed this and select " the card a of company ", the employee in shop or office worker carried out selection operation by the mouse and the button of shop terminal 4030.When having selected to be used for the card Business Name of check-out procedure, except various types of information of management and as above management each other, shop terminal 4030 is also managed " current time ", " the card Business Name of selection ", " shop Termination ID " etc. by mode associated with each other.Here, " shop Termination ID " is to be used to discern the associated store identifiers of terminals.Then, shop terminal 4030 communicates with the certificate server 4040 of the selected card of management company.In addition, provide company's (seeing Figure 12, Figure 15) or control certificate server 4040 by card company (seeing Figure 12, Figure 13) or by check out card/program of network by card company or the network card/program granting company (seeing Figure 11, Figure 14) that checks out.Then, shop terminal 4030 will " amount of money of the commodity of selection ", " ordering ID ", " current time " and " shop Termination ID " related with the merchandise news that the user selects and that managed therein send to certificate server 4040.At this moment, executive communication between shop terminal 4030 and certificate server 4040.In this way, finishing the purchase commodity selection handles.

Then, with reference to the subscriber card authentication processing of Figure 42 description as second step.When obtaining wherein data associated with each other such as " amount of money of the commodity of selection ", " ordering ID ", " current time ", " shop Termination ID ", in step 3, certificate server 4040 determines whether " shop Termination ID " be effective.In certificate server 4040, use ID to carry out determining to server validity by shop Termination ID storage unit (being equal to sales server ID storage unit 307 shown in Figure 31) management by shop terminal determining unit (be equal to sales server shown in Figure 31 and go to order unit 306).When definite shop terminal 4030 effectively the time, above-mentioned information is acquired.In certificate server 4040, user account information acquisition unit 315 is obtained and be imported into to described information by commodity amount information acquiring unit 308.Then, certificate server 4040 is asked shop terminal 4030 activating network closing procedures and is sent disposable ID.Described request sends from activating request unit 309.The request that is used to carry out authentication processing is displayed on the display screen of shop terminal 4030, in response to this, and the PIN code (seeing Figure 24, Figure 25) that mouse and the button input of user by shop terminal 4030 is used for the activating network closing procedure.According to described input, the PIN code that the PIN code determining unit 206 of the active state controller 201 of network settling program is determined by 204 management of PIN code storage unit.When definite PIN code is effective, carries out to activate and handle, and use with the card Business Name of being selected by the user is related and create disposable ID with the authenticate key that carries out check-out procedure.In network settling program, handling activation by the activation processing unit 207 of active state controller 201 handles, simultaneously, use related and create disposable ID by the authenticate key that the authenticate key storage unit 209 of authentication processing unit 202 is managed with the card Business Name of selecting by the user.The disposable ID that will create by shop terminal 4030 sends to certificate server 4040.At this moment, the disposable ID of input shop terminal 4030 can be presented on the display screen, and is sent to certificate server 4040 by the mouse and the button of shop terminal 4030.Perhaps, disposable ID can be automatically sent to certificate server 4040 under the situation that is not presented at display screen.When definite PIN code is invalid, does not carry out to activate and handle and do not create disposable ID.

When receiving from disposable ID that shop terminal 4030 sends, certificate server 4040 is carried out the authentication processing of the information that is used for authenticating the card that will be used in check-out procedure by the user.In certificate server 4040, use authenticate key by 311 management of authenticate key storage unit, carry out authentication processing at the disposable ID of the card information identify unit 312 that is input to subscriber card authentication processing unit 302.By the authenticated card information, certificate server 4040 can obtain " card information ", such as card ID and Code Number.Then, be input to user account information acquisition unit 315 by " card information " that will obtain, certificate server 4040 can obtain user account information together with the data of before having obtained, in described data, associated with each other such as the information of " amount of money of the commodity of selection ", " ordering ID ", " current time ", " shop Termination ID ".The certificate server 4040 interim described information (seeing Figure 26) of preserving.

In certificate server 4040, the authenticate key that is used to authenticate the disposable ID that sends from shop terminal 4030 is created disposable ID.In certificate server 4040, use the authenticate key that is used to authenticate in the card information authentication ' unit 312 to create disposable ID.The disposable ID that creates is sent to shop terminal 4030.Then, shop terminal 4030 is carried out by network settling program and is used for authentication processing that certificate server 4040 is authenticated.At this moment, the disposable ID of input shop terminal 4030 can be presented on the display screen and carry out network settling program with mouse and button by shop terminal 4030.Perhaps, network settling program can be automatically performed under the situation that does not show disposable ID.

Be similar in certificate server 4040 processing of carrying out, use authenticate key, carry out authentication processing at the disposable ID of the server authentication unit 213 that is input to authentication processing unit 202 by 209 management of authenticate key storage unit.When certificate server 4040 is certified, between network settling program and certificate server 4040, finish two-way disposable ID authentication.Therefore, can check validity mutually, thereby make and to protect information at two ends at user side and server end.In this way, finish the subscriber card authentication processing.

Handle as the check-out procedure of final step with reference to Figure 43 description.When shop terminal 4030 is finished the authentication processing of certificate server 4040, in step 3 (4?), the user handles to certificate server 4040 request check-out procedure by the network settling program of operation in shop terminal 4030.At this moment, the check-out procedure request of input shop terminal 4030 can be presented on the display screen, and is sent to certificate server 4040 by the mouse and the button of shop terminal 4030.Perhaps, described check-out procedure request can be automatically sent to certificate server 4040 under the situation that is not presented at display screen.

When receiving from check-out procedure request that shop terminal 4030 sends, certificate server 4040 is carried out check-out procedure request (seeing Figure 28) to the server 4050 of checking out by the user account procedural information of preserving.In certificate server 4040, check-out procedure request receiving element 316 receives the check-out procedure request, and the user account information that will temporarily be kept in the user profile acquiring unit 315 is input to check-out procedure request unit 318.Check-out procedure request unit 318 is carried out the check-out procedure request by user account information being sent to the server 4050 of checking out to the server 4050 of checking out.User account information also is registered in the user account information memory cell 317.

When receiving user account information, the 4050 pairs of commodity of being selected by the user of server of checking out are carried out check-out procedure.As mentioned above, user account information is information associated with each other such as " amount of money of the commodity of selection ", " ordering ID ", " current time ", " shop Termination ID ", " card information " wherein.The server 4050 of checking out uses " card information " authentication by the related service management to be included in " card information " in the user account information of reception.In this way, the server 4050 of checking out can be discerned subscriber card information, and can carry out check-out procedure to the commodity of being selected by the user.Control check out the credit card company of server 4050 or such as the card company of banking company to based on the user's exec accounting process that is included in " card information " identification in the user account information, simultaneously control is carried out payment process based on the shop of the shop terminal 4030 that is included in " shop Termination ID " identification in the user account information.When finishing check-out procedure, the server 4050 of checking out will have " check-out procedure is finished information " that the sign finished of the described process of indication " finishes " and send to certificate server 4040 (seeing Figure 29).Be similar to user account information, " check-out procedure is finished information " is the data that comprise " amount of money of the commodity of selection ", " ordering ID ", " current time ", " shop Termination ID " etc.In certificate server 4040, finish notice acquiring unit 319 by check-out procedure and obtain " check-out procedure is finished information " and manage described " check-out procedure is finished information " by user account information memory cell 317.User account information has been registered in the user account information memory cell 317.Therefore, when user account information memory cell 317 obtained " check-out procedure is finished information ", certificate server 4040 can be determined finishing of relevant check-out procedure of ordering ID.Then, certificate server 4040 sends to finishing of check-out procedure the network settling program of operation in shop terminal 4030.In this way, check-out procedure is finished dealing with, and all of purchase system are finished dealing with.

In addition, check-out procedure is finished the affirmation processing of information and is carried out by user terminal 102 or portable terminal 4020 usually, but also can be carried out by shop terminal 4030.This processing is identical with reference first and second embodiment description.

According to embodiment, can use the authenticate key that is included in the network settling program to create disposable ID in such a way: the network that the user will wherein record network settling program is checked out card or the portable terminal that wherein is provided with by described program is carried to actual store, select commodity, and make in the shop by described terminal execution network settling program.Server end can use the authenticate key by server admin, authenticates the information of the card that will be used in check-out procedure by the user at disposable ID.For this reason, can save the trouble of notifying subscriber card information, personal information etc. at user side.In addition, this information can not leaked or be stolen on network, thereby the user can be easily and used described system definitely.Because disposable ID is the disposable identification information that is difficult to predict, so, also can prevent personation on network even disposable ID is leaked or steals and described disposable ID is used.In addition, by carrying out not only, can check validity mutually at user side and server end, thereby make and to protect information at two ends in server-side certificate subscriber card information but also in the two-way authentication of user side certificate server.

In addition, in an embodiment, when the computing machine of shop terminal 4030 is carried out network settling program, activate described program in the following manner: utilize PIN code to authenticate the PIN code of importing by the user by 204 management of PIN code storage unit.Yet, be similar to first and second embodiment, also can in certificate server 4040 rather than program, provide the active state controller, so that manage and be used for the check out PIN code of card of activating network for check out information that card 101 maybe will be used for each card of check-out procedure of each network.

In addition, in an embodiment, only between shop terminal 4030 and certificate server 4040, carry out two-way disposable ID authentication.Yet, can in the communication between each server, carry out two-way disposable ID authentication.In this way, can realize network between server 4050 and the certificate server 104 checking out by the internet.In addition, in the description of embodiment,, the commodity amount information is sent to certificate server 4040 from shop terminal 4030 in order only to notify the purpose of the amount of money of the commodity of ordering.Yet the commodity amount information can be used for notifying title, price of commodity etc.

In an embodiment, be similar to first and second embodiment, do not have to describe about occurring overtime situation between terminal and the server.Yet because at the wrong PIN code of user side input, the network card 101 of checking out can become invalid.As mentioned above, when preventing from system, to handle below the execution, can occur overtime.In this case, be necessary to return purchase commodity selection processing, and carry out this processing once more as first step.

Can be clear by foregoing description: according to the present invention, when the user by network selecting and when the commodity that provide by the server in the shopping network are provided, can handle check-out procedure not needing the user to import under the situation of personal information, card information etc.For this reason, this information can not leaked on network, thereby fabulous practicality and security is provided.This prevent to palm off third-party someone use described information, thereby the user can not suffer a loss.Therefore, use the means of checking out of credit card, bank card etc. to be expected to further popularize.

Claims (24)

1. network card of checking out comprises: the authentication processing unit, and be used for using based on the authenticate key of the information creating of the card that will use in check-out procedure and carry out authentication processing,
Wherein, the authentication processing unit is carried out check-out procedure by following processing to the commodity of being selected by the user: create disposable ID by authenticate key, obtain the disposable ID that creates by the certificate server that is used for authenticating one-time ID, and come certificate server is authenticated by authenticate key.
2. the network as claimed in claim 1 card of checking out,
Wherein, described Business Name and authenticate key are managed by the Business Name and the authenticate key mode associated with each other of the card that makes the user and registered in the authentication processing unit.
3. the network as claimed in claim 1 card of checking out also comprises: the active state controller, be used for the check out active state of card of supervising the network,
Wherein, the active state controller uses by the PIN code of active state controller management determines the PIN code imported by the user, and activates or the activating network card of checking out not according to definite result.
4. the network as claimed in claim 3 card of checking out,
Wherein, the PIN code is by the network password that the user of card is provided with of checking out.
5. the network as claimed in claim 3 card of checking out,
Wherein, the PIN code is check out user's the biological information of card of network.
6. the network as claimed in claim 1 card of checking out,
Wherein, after the authentication of certificate server, the authentication processing unit is handled to certificate server request check-out procedure, obtains the notice that check-out procedure is handled from certificate server, and writes down the information of obtaining.
7. the network as claimed in claim 1 card of checking out,
Wherein, come the building network card of checking out with the form of IC-card or USB storage.
8. one kind is used to make computing machine to carry out the network settling program of handling, and comprising:
Use is carried out authentication based on the authenticate key of the information creating of the card that will use in check-out procedure;
Create disposable ID by authenticate key;
Obtain the disposable ID that creates by the certificate server that is used for authenticating one-time ID; And
Come certificate server is authenticated by authenticate key.
9. network settling program as claimed in claim 8 also comprises:
The active state of supervising the network closing procedure;
Use is determined PIN code by user input by the PIN code of described program management; And
Activate or activating network closing procedure not according to definite result.
10. network settling program as claimed in claim 9,
Wherein, the PIN code is by the network password that the user of card is provided with of checking out.
11. network settling program as claimed in claim 9,
Wherein, the PIN code is check out user's the biological information of card of network.
12. network settling program as claimed in claim 8 also comprises:
After the authentication of certificate server, to the certificate server request processing procedure of checking out; And
Obtain the notice that check-out procedure is handled from certificate server, and write down the information of obtaining.
13. a method of settlement that is used to carry out two-way disposable ID authentication may further comprise the steps:
Executive communication between user terminal and server, and make the user select to be presented at commodity in the user terminal;
Demonstration is carried out the method for check-out procedure to the commodity of selecting, and the user is therefrom selected;
When the network of selecting to be used for the method for check-out procedure as the user is checked out card or network settling program, check out card or network settling program of network is read;
But but make the user from selection card company that server, manages and the selection card company that check out from network card or network settling program, manages, select can be used for the card company of check-out procedure;
Show the request that is used for carrying out authentication processing, and make the user carry out described request with server; And
Show to be used for carrying out the request that check-out procedure is handled, and make the user carry out described request with server,
Wherein, when carrying out authentication processing, check out card or network settling program of network created disposable ID by the authenticate key based on the information creating of the card that will use in check-out procedure, and the disposable ID that will create sends to server, and
Server authenticates the disposable ID of transmission by the authenticate key of creating based on card information, thereby the information of the card that identification will be used in check-out procedure by the user, create disposable ID by the authenticate key that is used to authenticate, and the disposable ID that will create sends to user terminal.
14. a method of settlement that is used to carry out two-way disposable ID authentication may further comprise the steps:
Executive communication between shop terminal and server, and the shop terminal is read be used for the network that the commodity of being selected by the user the are carried out check-out procedure card of checking out;
But but make the user from selection card company that server, manages and the selection card company that in network is checked out card, manages, select can be used for the card company of check-out procedure;
Show the request that is used for carrying out authentication processing, and make the user carry out described request with server; And
Show to be used for carrying out the request that check-out procedure is handled, and make the user carry out described request with server,
Wherein, when carrying out authentication processing, check out card or network settling program of network created disposable ID by the authenticate key based on the information creating of the card that will use in check-out procedure, and the disposable ID that will create sends to server, and
Server authenticates the disposable ID of transmission by the authenticate key of creating based on card information, thereby the information of the card that identification will be used in check-out procedure by the user, create disposable ID by the authenticate key that is used to authenticate, and the disposable ID that will create sends to the shop terminal.
15. as claim 13 or 14 described authentication methods,
Wherein, undertaken to selection of goods, to the selection of the method for check-out procedure, to selection, the execution of authentication processing and the execution that check-out procedure is handled of the card company that will in check-out procedure, use by mouse action or push-botton operation.
16. as claim 13 or 14 described method of settlements,
Wherein, automatically perform the execution of authentication processing and the execution that check-out procedure is handled.
17. a certificate server comprises:
Commodity amount information administrative unit is used for obtaining the amount information of the commodity by user at user terminal selected by network from the sales server that is used for vending articles at purchase system;
Subscriber card authentication processing unit is used to use the authenticate key of creating based on card information, authenticates the information of the card that will be used check-out procedure by the user at the disposable ID that sends from user terminal; And
The user account process controller is used for by from the amount information of the commodity that obtain and obtain user account information from the authentication information of the card that will be used in check-out procedure by the user and carry out check-out procedure.
18. certificate server as claimed in claim 17,
Wherein, the authenticate key of the information of subscriber card authentication processing unit by being used for authenticating the card that will be used in check-out procedure by the user is created disposable ID, and the disposable ID that will create sends to user terminal.
19. certificate server as claimed in claim 17 also comprises: the active state controller, be used for the check out active state of card of supervising the network,
Wherein, the active state controller uses by the PIN code of active state controller management determines the PIN code imported by the user, and activates or the activating network card of checking out not according to definite result.
20. a purchase system comprises:
The network card of checking out is used for the commodity of being selected by the user are carried out check-out procedure;
User terminal is used to read network and checks out the network settling program of card with by the network executive communication;
Sales server is used for communicating with vending articles with user terminal;
Certificate server, be used for communicating by letter with sales server, with user terminal communication in obtain the amount information of the commodity of selecting by the user from sales server, obtain the information of the card that will check-out procedure, use by the user from the disposable ID that sends from user's terminal, and obtain the amount information that comprises commodity and the user account information of card information; And
The server of checking out is used for by obtain user account information from certificate server the commodity of being selected by the user being carried out check-out procedure,
Wherein, after the information of the card that will in check-out procedure, use by the user by disposable ID authentication, certificate server is created disposable ID by the authenticate key that is used to authenticate, and the disposable ID that will create sends to the network settling program that moves in user terminal, and
After the authentication of certificate server, network settling program is carried out check-out procedure by the user terminal requests certificate server to commodity.
21. a purchase system comprises:
Network settling program is used for the commodity of being selected by the user are carried out check-out procedure;
User terminal is provided with network settling program to pass through the network executive communication in this user terminal;
Sales server is used for communicating with vending articles with user terminal;
Certificate server, be used for communicating by letter with sales server, with user terminal communication in obtain the amount information of the commodity of selecting by the user from sales server, obtain the information of the card that will check-out procedure, use by the user from the disposable ID that sends from user's terminal, and obtain the amount information that comprises commodity and the user account information of card information; And
The server of checking out is used for by obtain user account information from certificate server the commodity of being selected by the user being carried out check-out procedure,
Wherein, after the information of the card that will in check-out procedure, use by the user by disposable ID authentication, certificate server is created disposable ID by the authenticate key that is used to authenticate, and the disposable ID that will create sends to the network settling program that moves in user terminal, and
After the authentication of certificate server, network settling program is carried out check-out procedure by the user terminal requests certificate server to commodity.
22. a purchase system comprises:
Network check out card or portable terminal wherein record the network settling program that is used for the commodity of being selected by the user are carried out check-out procedure;
The shop terminal, be used for by carry out network check out card or portable terminal network settling program and via the network executive communication;
Certificate server, be used for and the shop terminal communication, obtain the disposable ID that creates by network settling program and the amount information of the commodity selected by the user from the shop terminal, obtain the information of the card that will in check-out procedure, use by the user based on disposable ID, and obtain the amount information that comprises commodity and the user account information of card information; And
The server of checking out is used for by obtain user account information from certificate server the commodity of being selected by the user being carried out check-out procedure,
Wherein, after the information of the card that will in check-out procedure, use by the user by disposable ID authentication, certificate server is created disposable ID by the authenticate key that is used to authenticate, and the disposable ID that will create sends to the network settling program that moves in the terminal of shop, and
After the authentication of certificate server, network settling program is carried out check-out procedure by shop terminal request certificate server to commodity.
23. purchase system as claimed in claim 20,
Wherein, after commodity were carried out check-out procedure, the server of checking out was by the content of certificate server to network settling program notice check-out procedure, and
The content of network settling program record check-out procedure.
24. purchase system as claimed in claim 20,
Wherein, sales server is created the ID that orders about the commodity of being selected by the user, and adds to and will send to the commodity amount information of certificate server from sales server ordering ID, and
Certificate server will be ordered ID and the user account associating information that will be sent to the server of checking out.
CNA2006800090904A 2005-02-04 2006-02-03 Network settling card, network settling program, authentication server, and shopping system and settling method CN101147166A (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP029867/2005 2005-02-04
JP2005029867 2005-02-04
JP347925/2005 2005-12-01

Publications (1)

Publication Number Publication Date
CN101147166A true CN101147166A (en) 2008-03-19

Family

ID=39208732

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2006800090904A CN101147166A (en) 2005-02-04 2006-02-03 Network settling card, network settling program, authentication server, and shopping system and settling method

Country Status (1)

Country Link
CN (1) CN101147166A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105745677A (en) * 2013-12-06 2016-07-06 Bc卡有限公司 Method and system for providing payment service

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105745677A (en) * 2013-12-06 2016-07-06 Bc卡有限公司 Method and system for providing payment service

Similar Documents

Publication Publication Date Title
US10565580B2 (en) Methods and systems for secure mobile device initiated payment using generated image data
US8977234B2 (en) Using low-cost tags to facilitate mobile transactions
US10387862B2 (en) Methods and systems for wallet enrollment
RU2645593C2 (en) Verification of portable consumer devices
US20190287104A1 (en) Adaptive authentication options
US8719158B2 (en) Multi-account payment consolidation system
CN104603809B (en) Promote the system and method for transaction using virtual card on the mobile apparatus
RU2659024C2 (en) System and method of safe downloading, storage and transmission of data from magnetic strips in the device working with the mobile wallet system
US10049357B2 (en) System and method of processing PIN-based payment transactions via mobile devices
US20150347998A1 (en) Personal interface device and method
US9292870B2 (en) System and method for point of service payment acceptance via wireless communication
US10579977B1 (en) Method and system for controlling certificate based open payment transactions
US20150324799A1 (en) Systems and methods for randomized mobile payment
US8244643B2 (en) System and method for processing financial transaction data using an intermediary service
RU2520392C2 (en) Electronic payment system and payment authorisation method
RU2538330C2 (en) Mobile payment device, method of preventing unauthorised access to payment application and data memory element
US8016189B2 (en) Electronic transaction systems and methods therefor
US8195517B2 (en) System and method for facilitating a financial transaction with a dynamically generated identifier
KR101502460B1 (en) Consumer Authentication System and Method
JP2015516631A (en) Method and system for secure mobile payment
US9846866B2 (en) Processing of financial transactions using debit networks
US6612488B2 (en) Method and system to prevent fraudulent payment in credit/debit card transactions, and terminals therefor
JP4399137B2 (en) Electronic payment system, payment apparatus and terminal
JP3476189B2 (en) Transaction processing apparatus and method for performing electronic data transfer transactions
US7461028B2 (en) Method and system for authorizing use of a transaction card

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
WD01 Invention patent application deemed withdrawn after publication

Open date: 20080319

C02 Deemed withdrawal of patent application after publication (patent law 2001)