CN101641707A - Authentication system, server used in authentication system, mobile communication terminal, and program - Google Patents

Authentication system, server used in authentication system, mobile communication terminal, and program Download PDF

Info

Publication number
CN101641707A
CN101641707A CN200880009569A CN200880009569A CN101641707A CN 101641707 A CN101641707 A CN 101641707A CN 200880009569 A CN200880009569 A CN 200880009569A CN 200880009569 A CN200880009569 A CN 200880009569A CN 101641707 A CN101641707 A CN 101641707A
Authority
CN
China
Prior art keywords
mobile communication
communication terminal
information
storage part
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200880009569A
Other languages
Chinese (zh)
Inventor
野口宏和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cybercoin Inc
Original Assignee
Cybercoin Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cybercoin Inc filed Critical Cybercoin Inc
Publication of CN101641707A publication Critical patent/CN101641707A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Abstract

It has been impossible to realize cashless settlement system where personal identification information cannot basically be wiretapped because there have been no ways to prevent wiretapping other thanthose to take double or triple countermeasures against wire-tapping when communication methods for communication between users and systems are used and schemes which cannot prevent wiretapping are used. [MEANS FOR SOLVING PROBLEMS] When a relay server judges that the user and the mobile communication terminal have been registered, time information is used as a time stamp and stored together with the user identification information associated with the time stamp in the storage unit. The time stamp is transmitted to the mobile communication terminal through a communication unit. The mobile communication terminal generates a one-time code from the time stamp and uses it as personal identification information.

Description

Verification System, the server that is used for Verification System, mobile communication terminal, program
Technical field
The present invention relates to a kind of store sales systems such as settlement system such as transfer bank and POS system, safety of being applicable to and realize Verification System, the server that is used for described Verification System, mobile communication terminal and the use therein program of the clearing of account.
Background technology
In recent years, can realize one of mode of the clearing of account system that settles accounts as needn't directly showing cash card or credit card, no card settling account system is widely known by the people.In this settlement system,, then can settle accounts the expense of buying the required payment of commodity with oneself limit or account balance as long as the user handles the formality of regulation in advance at once, very convenient.
But, in this settlement system, because the customer identification information that is used for authentication processing carries out through means of communication such as the Internet or telephone lines, so cause leakage of information easily or abused by the third party.Therefore, the loss for accident takes place for the user that prevents this settlement system or bank etc. must have the Verification System of high safety.
For example, in the Verification System of patent documentation 1 record, according to the distribution requirement from portable phone, but the host computer side distribution defines access times or the short-term ID between the operating period in advance, improves security with this.Particularly, owing to additional in this short-term ID and the commodity purchasing amount information anti-tamper information is arranged,, stop malice to be used so, can find that also this distorts the fact even distorted.In addition, even if described short-term id information leaks, owing to the spendable time is restricted, so be not easy to be used by malice.And, in the communicating by letter between portable phone and main frame, use the maltilevel security technology to use to prevent malice, as: adopt the public key encryption mode that the information of transmitting-receiving is encrypted, thus, even comprise the leakage of information of short-term ID, can not understood etc. at once yet.
Patent documentation 1: TOHKEMY 2006-243984
As the invention representative of record in the patent documentation 1, host computer side is for authenticated, pay user's identifying informations such as described short-term ID must be with authentification of user the time used identifying information identical.Therefore, at least need 2 communication: when main frame sends the identifying information paid to the user, and the user identifying information is sent to main frame when authenticating, and existing Verification System can't be eliminated because the identifying information that this type of signal post brings is leaked, disliked the possibility of usefulness, be to use encryption or restriction term of life to prevent to be disliked usefulness nothing but, have nothing for it in addition.
Summary of the invention
The objective of the invention is to, for solving above-mentioned problem, provide a kind of energy realization to have the Verification System of the clearing of account system of tight security, and be used for the server of this Verification System, mobile communication terminal and use therein program, wherein, the identifying information of distributing to the user is different with the identifying information that the user uses when settlement system authenticates, even eavesdropped when host assignment is given customer identification information, and require authentication with this identifying information, can not give authentication yet, in addition, even the identifying information when having eavesdropped authentication owing to can not use afterwards, can not used by malice even if eavesdrop yet.
In order to solve above-mentioned problem, the described invention of the present invention's the 1st technical scheme is a kind of Verification System, whether differentiation is legitimate claim from the authentication requesting of mobile communication terminal, it is made of the server that described mobile communication terminal and being used to authenticates described mobile communication terminal at least, and it is characterized in that: described server has: record the storage part of stipulating the 1st customer identification information that the user sets directly or indirectly that uses described mobile communication terminal, can with the Department of Communication Force of described mobile communication terminal two-way communication, and the control part of controlling described storage part and Department of Communication Force; Described control part has as lower member: through as described in Department of Communication Force from as described in mobile communication terminal receive as described in the 1st customer identification information, consistent according to it with information in being recorded in described storage part, judgement is when the user, the user who uses described mobile communication terminal is generated the 2nd customer identification information, be recorded in the parts in the described storage part, with, described the 2nd customer identification information is sent to the parts of described mobile communication terminal; Described mobile communication terminal proposes authentication requesting with the 1st customer identification information and the 2nd customer identification information combination back to described server.
The invention of putting down in writing in the present invention's the 2nd technical scheme is the invention of putting down in writing in the 1st technical scheme, it is characterized in that: described Verification System still can with the Relay Server of the spendable settlement system two-way communication of described user, described control part has as lower member: according to from as described in the processing requirements of settlement system obtain as described in during user's account information, described account information is recorded in parts in the described storage part as the 1st customer identification information, with, generate the identifying information be associated with described account information with as the 2nd customer identification information, and be recorded in the parts in the storage part; Described mobile communication terminal proposes authentication requesting with described account information and described identifying information combination back to described Relay Server.
The invention of putting down in writing in the present invention's the 3rd technical scheme is the invention of putting down in writing in the 2nd technical scheme, it is characterized in that: described control part also possesses as lower member: when as described in receiving during authentication requesting, if it is consistent with the information in being recorded in described storage part, then being judged as is proper user, generate the login be associated with described account information and accept information with as the 2nd customer identification information, and be recorded in parts in the described storage part, with, send the parts that information is accepted in described login to described mobile communication terminal; Described mobile communication terminal proposes authentication requesting to described Relay Server after information combination is accepted in described account information or described identifying information and described login.
The invention of putting down in writing in the present invention's the 4th technical scheme is the invention of putting down in writing in the 3rd technical scheme, it is characterized in that: described control part also possesses as lower member: the parts that following program is provided: during authentication requesting in receiving the 3rd technical scheme, if it is consistent with the information in being recorded in described storage part, then being judged as is proper user, makes and can use described settlement system via described mobile communication terminal; With, generation can the described program of unique identification information with as the 2nd customer identification information, and be recorded in parts in the described storage part; Described mobile communication terminal proposes authentication requesting to described Relay Server after the information combination of arbitrary information of information and the described program of unique identification is accepted in described account information, described identifying information, described login.
The invention of putting down in writing in the present invention's the 5th technical scheme is the invention of putting down in writing in the 4th technical scheme, it is characterized in that: described control part also possesses as lower member: when receiving the authentication requesting of the 4th technical scheme, if it is consistent with the information in being recorded in described storage part, then being judged as is proper user, rise time stabs with as the 2nd customer identification information, and be recorded in the described storage part parts and, send to the parts of described mobile communication terminal; Described mobile communication terminal proposes authentication requesting to described Relay Server after described account information, described identifying information, described login being accepted arbitrary information of information and timestamp combination of information, the described program of unique identification.
The invention of putting down in writing in the present invention's the 6th technical scheme is a kind of Verification System, whether differentiation is legitimate claim from the distribution requirement of mobile communication terminal, it is characterized in that: possess server, this server has at least: record described mobile communication terminal identifying information in advance and the storage part of the identifying information that is associated with the user who uses described mobile communication terminal, can with the Department of Communication Force of described mobile communication terminal two-way communication, and the control part of described storage part of control and Department of Communication Force; Described control part is requiring the mobile communication terminal identifying information that sends together and the related identifying information of described user to compare with the recorded information of described storage part under the situation of back for unanimity with distribution, judgement is being connected from the mobile communication terminal of login and user, moment when maybe this distribution requires during with authentication is as timestamp, make it to be associated with the mobile communication terminal identifying information, be recorded in the described storage part, send described timestamp to described mobile communication terminal through described Department of Communication Force.
The invention of putting down in writing in the present invention's the 7th technical scheme is the invention of putting down in writing in the 6th technical scheme, it is characterized in that: described mobile communication terminal identifying information is to distribute to the program that is installed in the mobile communication terminal or the identifying information of firmware.
The invention of putting down in writing in the present invention's the 8th technical scheme is the invention of putting down in writing in the 6th technical scheme or the 7th technical scheme, it is characterized in that: possess mobile communication terminal, this mobile communication terminal has at least: record in advance the mobile communication terminal identifying information of regulation storage part, possess can with the Department of Communication Force of the communication component of described Relay Server two-way communication and the control part of controlling described storage part and Department of Communication Force; The control part of described mobile communication terminal generates well-determined disposable code (one-time code) according to described timestamp of the 6th technical scheme and the mobile communication terminal identifying information that is recorded in the described storage part.
The invention of putting down in writing in the present invention's the 9th technical scheme is the invention of putting down in writing in the present invention's the 8th technical scheme, it is characterized in that: described mobile communication terminal also possesses the display part that is used for display image, and described control part makes the described disposable code of the present invention's the 8th technical scheme is shown on the display as the disposable QR code (one-time QR code) that the QR code coding generates.
The invention of the invention of putting down in writing in the present invention's the 10th technical scheme record to the technical scheme 9 that is technical scheme 6, it is characterized in that: the control part of the described server of the 6th technical scheme is receiving under the situation of the described disposable code of the 8th technical scheme via predetermined data processing transmission receiving terminal, the recorded information of the storage part of more described disposable code and described Relay Server, combination at mobile communication terminal identifying information and timestamp is consistent, and timestamp is compared with current time under the situation about not exceeding schedule time, and judgement is the proper authentication requesting from the user.
The invention of putting down in writing in the present invention's the 11st technical scheme is the invention of putting down in writing in the present invention's the 10th technical scheme, it is characterized in that: described server still can with the Relay Server of the spendable settlement system two-way communication of user, described control part is under situation about being judged as from user's proper authentication requesting, to major general's mobile communication terminal identifying information with buy predetermined dollar value information and send to described settlement system through described Department of Communication Force.
The invention of putting down in writing in the present invention's the 12nd technical scheme is the invention of putting down in writing in the 10th technical scheme or the 11st technical scheme, it is characterized in that: the described disposable code of the 8th technical scheme was once using in authentication determination is handled or under the timestamp distribution situation that meter has exceeded schedule time constantly, was deleting from described storage part.
The invention of putting down in writing in the present invention's the 13rd technical scheme is a kind of program, be used for differentiating that distribution from mobile communication terminal requires whether is the Verification System of legitimate claim, it is characterized in that: can be installed in the server, can carry out through control part, described server has at least: record described mobile communication terminal identifying information in advance and the storage part of the identifying information that is associated with the user who uses described mobile communication terminal, can and control the control part of described storage part and Department of Communication Force with the Department of Communication Force of described mobile communication terminal two-way communication; This program has following steps: the mobile communication terminal identifying information and the identifying information that will require to send with the distribution from described mobile communication terminal contrast with described storage part, if consistent, then judge it is the user of login and the step of mobile communication terminal; With, be under the proper situation, the time information when requiring, the step that issuing date stabs according to authentication and/or this distribution; With, described timestamp is associated with the mobile communication terminal identifying information, be recorded in the step in the described storage part; And, to the step of described mobile communication terminal transmitting time stamp.
The invention of putting down in writing in the present invention's the 14th technical scheme is the invention of putting down in writing in the 13rd technical scheme, it is characterized in that: described program also has following steps: relatively via predetermined data send the described disposable code of the 8th technical scheme that comprises in the information of sending with terminal, with the mobile communication terminal identifying information that is recorded in the described storage part, if consistent, then being judged as is step from the authentication requesting of proper user and mobile communication terminal; With, relatively the timestamp that comprises in this disposable code be recorded in the storage part timestamp distribution constantly, if identical timestamp, count constantly from distribution and not exceed schedule time, then being judged as is the step of effective timestamp.
The invention of putting down in writing in the present invention's the 15th technical scheme is the invention of putting down in writing in the 14th technical scheme, it is characterized in that: described program also has following steps, in described step, be judged as be from proper user and mobile communication terminal authentication requesting, be under the situation of effective timestamp, send this customer identification information or mobile communication terminal identifying information at least and buy predetermined dollar value information to the spendable settlement system of this user.
The invention of putting down in writing in the present invention's the 16th technical scheme is the invention of putting down in writing in the 14th technical scheme or the 15th technical scheme, it is characterized in that: described program also has following steps: be used in authentication determination is handled or under the timestamp distribution situation that meter exceeds schedule time constantly, deleted from described storage part at the described disposable code of the 8th technical scheme.
The invention of putting down in writing in the present invention's the 17th technical scheme is a kind of mobile communication terminal program, it is characterized in that: use with technical scheme 13 to the arbitrary described Verification System program of technical scheme 16, can be installed in the mobile communication terminal, can carry out via control part, described mobile communication terminal have at least the storage part that records the mobile communication terminal identifying information, can with arbitrary described server or the Department of Communication Force of Relay Server two-way communication and the control part of controlling described storage part and Department of Communication Force of technical scheme 13 to technical scheme 16; This mobile communication terminal has following steps with program: the identifying information and the described mobile communication terminal identifying information of user's input are issued requirement as timestamp, send to the step of described server, with, the timestamp that reception is returned according to described timestamp distribution requirement, be recorded in the step in the described storage part, with, generate disposable code according to described timestamp and described mobile communication terminal identifying information, be recorded in the step in the described storage part.
The invention of putting down in writing in the present invention's the 18th technical scheme is the invention of putting down in writing in the 17th technical scheme, it is characterized in that: described mobile communication terminal also possesses the display part that is used for display image, have following steps: with described disposable code coding be the step of QR code and make coding after disposable QR code be shown in step in the described display part.
The following describes effect of the present invention.
Described invention has following effect according to the 1st technical scheme, send to mobile communication terminal by the 2nd customer identification information that server side is generated, described mobile communication terminal is by making up the 1st customer identification information and the 2nd customer identification information, can carry out authenticate himself, even in each communication process between server and mobile communication terminal, do not send and receive identical identifying information, can authenticate yet.
Described invention has following effect according to the 2nd technical scheme, even do not send the identifying information that uses in the authentication that receives between user and settlement system between mobile communication terminal and server, also can carry out authentification of user.
Described invention has following effect according to the 3rd technical scheme, even do not use the combination of the described identifying information of the 2nd technical scheme, also can be confirmed to be the user who has fulfiled the described formality of the 2nd technical scheme between mobile communication terminal and server.
Described invention has following effect according to the 4th technical scheme, even do not use the combination of the 2nd technical scheme or the described identifying information of the 3rd technical scheme, also can be confirmed to be the user who between mobile communication terminal and server, has fulfiled the 2nd technical scheme and the described formality of the 3rd technical scheme.
Described invention has following effect according to the 5th technical scheme, even operation technique scheme 2 is not to the combination of technical scheme 4 described identifying informations, also can be confirmed to be and between mobile communication terminal and server, have fulfiled the user of technical scheme 2 to technical scheme 4 described formalities.
Described invention has following effect according to the 6th technical scheme, can provide a kind of Verification System that possesses following server: in this server, owing to the communication of mobile communication terminal, only stabbing information to the mobile communication terminal transmitting time from server, so even server does not send the personally identifiable information that can directly authenticate, also can carry out authentification of user, security improves a lot than existing Verification System.
Described invention has following effect according to the 7th technical scheme, identifying information by will distributing to the program that is installed on mobile communication terminal or firmware is as the mobile communication terminal identifying information, the program of installing or firmware and mobile communication terminal can be handled as an external member.
Described invention has following effect according to the 8th technical scheme, a kind of Verification System that possesses following mobile communication terminal can be provided: the mobile communication terminal side can generate disposable code, even mobile communication terminal does not receive the personally identifiable information itself that can directly authenticate, also can carry out authentication requesting and handle, security and convenience improve a lot than existing Verification System.
Described invention has following effect according to the 9th technical scheme, can provide a kind of Verification System that possesses following mobile communication terminal:, this code can be read in the reading device of regulation by in the display of mobile communication terminal, being the QR code with disposable code coding.
Described invention has following effect according to the 10th technical scheme, can provide a kind of Verification System that possesses following server: be used for authentication processing by the disposable code that will pay valid period, even if mobile communication terminal is stolen in disposable code distribution back, but also can limit the authenticated time of Verification System.
Described invention has following effect according to the 11st technical scheme, and a kind of Verification System that possesses following Relay Server can be provided: by sending amount information etc. to the spendable clearing of account of user system, can carry out the safe clearing of account and handle.
Described invention has following effect according to the 12nd technical scheme, a kind of Verification System that possesses following Relay Server can be provided: by to once be recorded in disposable code information in the storage part only keep can current use disposable code, get rid of malice and use.
Described invention has following effect according to the 13rd technical scheme, a kind of Relay Server program can be provided, owing to only stab information in the communication path to the mobile communication terminal transmitting time, in communication path, do not send and receive the personally identifiable information that clearing of account system can directly or indirectly use, so security improves much than existing communication means.
Described invention has following effect according to the 14th technical scheme, and a kind of Relay Server program can be provided, and by sending amount information etc. to the spendable clearing of account of user system, can carry out the safe clearing of account and handle.
Described invention has following effect according to the 15th technical scheme, and a kind of Relay Server program can be provided, and by sending amount information etc. to the spendable clearing of account of user system, can carry out the safe clearing of account and handle.
Described invention has following effect according to the 16th technical scheme, and a kind of Relay Server program can be provided, by to be recorded in disposable code information in the storage part only keep can current use disposable code, can get rid of malice and use.
Described invention has following effect according to the 17th technical scheme, a kind of mobile communication terminal program can be provided, because the mobile communication terminal side can generate disposable code, this information is in that the communication path toward the mobile communication terminal direction sends from Relay Server, so needn't worry meeting leakage information between this communication path.
Described invention has following effect according to the 18th technical scheme, and a kind of mobile communication terminal program can be provided, and by being the QR code with disposable code coding on the display of mobile communication terminal, can read in this code to the terminal of regulation.
Description of drawings
Fig. 1 is the overall diagram that has been suitable for the preferred clearing of account of the present invention system.
Fig. 2 is the schematic diagram that has been suitable for the inscape that Relay Server 20 in the preferred clearing of account of the present invention system and mobile communication terminal 30 have.
Fig. 3 be expression be suitable for Relay Server in the preferred clearing of account of the present invention system with the treatment scheme of program, be the sequence chart of initial log treatment scheme (A), activation treatment scheme (B), authentication processing flow process (C).
The prerequisite of Fig. 4 when to be expression as use be suitable for the preferred clearing of account of the present invention system, the treatment step figure of initial log operation.
To be expression be suitable for the prerequisite of the preferred clearing of account of the present invention system, the treatment step figure of activation operation as use to Fig. 5.
Fig. 6 is that expression has been suitable for that the authentication processing of preparing before the use of the preferred clearing of account of the present invention system in (A) requires treatment step and the figure of the authentication processing step in (B) when using.
Symbol description
10 clearing of account systems
20 Relay Servers
The storage part of 21 Relay Servers
The Department of Communication Force of 22 Relay Servers
The control part of 23 Relay Servers
24 Relay Server programs
24A~D constitutes the module of Relay Server with program
30 mobile communication terminals
The storage part of 31 mobile communication terminals
The Department of Communication Force of 32 mobile communication terminals
The control part of 33 mobile communication terminals
The display part of 34 mobile communication terminals
35 application programs
35A~D constitutes the module of application program
The settlement system of 40 banks
41 admit (authorize) processing server
The 50POS system
51 data processing send receiving terminal
52 reading devices
53 management servers
Embodiment
Below, the embodiment that has been suitable for the preferred clearing of account of the present invention system is described with reference to Fig. 1~Fig. 3.Clearing of account system 10 is made of the settlement system 40 and the POS system 50 of Relay Server 20, mobile communication terminal 30, bank as shown in Figure 1.Present embodiment describes with the relation with the settlement system 40 of bank, but when for example uniting in the system that waits with electronic money distributing and releasing corporation, trust company, credit sales company (letter dealer commercial firm), can suitably change the information of native system use.For example, use the account information of account number in the settlement system 40 of bank, and when uniting,, then use, can implement the present invention by the change back if login sequence number etc. are used to discern user's information with letter dealer company as the user.
Relay Server 20 is made of storage part 21, Department of Communication Force 22 and control part 23 as shown in Figure 2.Relay Server 20 mainly is the server that the initial log of carrying out the user is handled, the activation of the program of distribution is handled, the authentication processing of disposable code is used.Below, each component part of detailed description Relay Server 20.
Storage part 21 for example is recording mediums such as hard disk, and information etc. is accepted in associated record user name, account number, ciphering sequence number and login respectively in initial log described later is handled.Afterwards, when activation described later is handled, with the customer identification information of user name associated record control part 23 distribution.In addition, when the timestamp distribution requires to handle, with timestamp information and customer identification information associated record.As the concrete correlating method of these information, can be by will be corresponding to the well-determined information of user name as master key, associated record account number, ciphering sequence number, login are accepted information, customer identification information, timestamp information and are realized.In addition, as the software of these data of management, preferentially use relational database software.
And, record Relay Server program 24 in the storage part 21 in advance.Relay Server is to carry out the program of handling, transmit to the execution authentification of user, to the settlement system 40 of bank a series of processing usefulness of deal with data from the initial log of clearing of account system 10 with program 24.Relay Server is made of a plurality of modules that are used to carry out above-mentioned processing (being used to carry out the parts of processing) with program 24 as shown in Figure 2, has initial log module 24A, activation module 24B, authentication module 24C, communication control module 24D at least.Below, the processing of Relay Server with each module of program 24 is described.
Initial log module 24A mainly carries out two processing.First processing is to use the user's of clearing of account system 10 related information to be recorded in the processing of being registered in the storage part 21.Second processing is to be used to download the processing that the URL of mobile communication terminal with program (below be made as application program 35) is notified to this user.
Initial log module 24A has 6 steps that are used to carry out above-mentioned processing shown in Fig. 3 (A).Particularly, have: obtain user name, account number, ciphering sequence number at least from the visit of the mobile communication terminal 30 that uses the user, and the step of confirming (100,101); Whether affirmation will be the user of login in the settlement system 40 of bank step (102) according to the user of these information that obtain (for example account number and user name) login; If confirm that successfully related described information is recorded in the step (103) in the storage part 21; Accept information to mobile communication terminal 30 distribution logins,, be recorded in the step (104) in the storage part 21 as this user's related information; Record interim login with notice and finished and can download the step (105) of mail of using login to accept the URL of the required application program 35 of information and native system.
In addition, this login is accepted essential use of information each is connected the well-determined identifying information of user, for example can use character or numeral or its to make up and set.And described identifying information also can adopt the method for being determined at random by the Relay Server side or connect the method that user oneself makes and sets.
As requiring the user to import the concrete grammar of described information, can be in addition login special-purpose network address and realize by construct the user by web application server (not shown) etc.In this case, obtain described information, afterwards, obtain from described web application server by Relay Server 20 through this network address.But, also can adopt Relay Server 20 to construct the method for obtaining as the web application server simultaneously.Moreover, as the concrete grammar that is used for down load application program 35, also need file server (not shown) in addition, but the same with described web application server, can construct separately, also can hold a concurrent post by Relay Server 20.
Other embodiment as the initial log processing, it also can be following mode, promptly for user's personal information, obtain account number and user name from the settlement system 40 of bank, the ciphering sequence number that will be associated with this account number via the settlement system 40 of bank is notified to the user, does not preserve personal information in Relay Server 20 sides as far as possible.In addition, ciphering sequence number can be taked following arbitrary method: determine by Relay Server 20 is unique, or determine the ciphering sequence number of its hope by user oneself, or continue to use the definite ciphering sequence number of settlement system 40 of bank.
Activation module 24B mainly carries out two processing.First processing is to be confirmed to be the user that initial log crosses and is the processing of having downloaded the mobile communication terminal 30 of application program 35.Second processing is to make application program 35 spendable processing in clearing of account system 10.
Activation module 24B shown in Fig. 3 (B), has 5 steps in order to carry out above-mentioned processing.Particularly, activation module 24B has: described user operates mobile communication terminal 30, and the step (106) of information and information that can unique recognition application 35 is accepted in the login that reception notification is come; According to the described information that receives be recorded in storage part 21 in the step (107,108) of consistent, the application program 35 that is confirmed to be this user and download of this information; Under the situation that successfully is confirmed to be proper user and application program 35, generation is to this user and mobile communication terminal 30, the application program 35 well-determined customer identification informations downloaded, and in being recorded in storage part 21, make application program 35 operable steps (109); And, notify the step (110) of this customer identification information to mobile communication terminal 30.Information that can unique recognition application 35 for example can be used sequence number that each application program is generated etc.Customer identification information is to user and mobile communication terminal 30, the application program 35 well-determined information downloaded, so can be used separately as mobile communication terminal identifying information, application identification information as mentioned above.In addition, particularly, can be with the sequence number of PIN (Personal Identification Number) code or mobile communication terminal 30 etc. as customer identification information.
In step (107,108),, then mobile communication terminal 30 is carried out the authentication error notice if can't be confirmed to be proper user.In addition, as making application program 35 operable methods, for example it is worth and carries out by the change of activation sign (ア Network テ イ Block Off ラ グ) back is set in storage part 21 in advance in step (109).When user's initial log, establish application program 35 for using, this sign is set at (0), for the user who finishes the activation processing is used application program 35, sign is changed to (1), finish the activation sign in view of the above.But, also can be the method beyond the above-mentioned determination methods, those skilled in the art can suitably change in the scope of the implementing ability that can bring into play usually.
The activation sign is used for adjusting above-mentioned application program 35 and could uses, so, the for example type change of the mobile communication terminal 30 that uses because of the user in terminal self or newly buy when changing, acceptance is from the processing requirements of the program of down load application again of bank settlement system 40, with the application program change setting for using, again finish activation up to the user and handle, otherwise can't use clearing of account system 10.
Authentication module 24C is the module that is used for authenticated, but also can roughly be divided into two modules.It is the user that logins under situation about receiving from the timestamp distribution processing requirements of mobile communication terminal 30 and the authentication processing of mobile communication terminal 30 that first module is carried out.It is the authentication processing of effective disposable code under the situation that the authentication processing of receiving via POS system 50 requires that second module carried out.
Shown in Fig. 3 (C), first module has 5 steps in order to carry out above-mentioned processing.Specifically have: obtain the customer identification information of mobile communication terminal 30 promptings and the step (111) of ciphering sequence number; Consistent, the judgement of the ciphering sequence number that the customer identification information in utilizing this information and being recorded in storage part 21 is associated are the steps (112,113) of the mobile communication terminal of logining 30 and user who logined and application program 35; Being judged as under the proper situation, obtain temporal information, with described temporal information and the step (114) that is recorded in after the customer identification information of described login is associated in the storage part 22; And, this temporal information is notified to the step (115) of mobile communication terminal 30 as timestamp.
As the source that obtains of this temporal information, though not shown, NTP (Network Time Protocol) the server acquisition time that can constitute from consolidated network or external network also can be from the internal clocking acquisition time of Relay Server 20.In addition, as obtaining opportunity of this temporal information, can be this user's the authentication processing time when finishing, also can be the time of time of occurrence when stabbing the distribution processing requirements and connecting.
Second module has 4 steps in order to carry out above-mentioned processing.Be specially, have: require step when (115 ') existing as prerequisite, the step (116) of customer identification information and timestamp information is provided from the information that provides via POS system 50 at least from the authentication processing of 30 pairs of POS system 50 of mobile communication terminal; The combination of this customer identification information and timestamp, be recorded in storage part 21 in mobile communication terminal 30 customer identification information and timestamp is consistent and the situation about not exceeding schedule time of comparing with current time and timestamp under, be judged as be stab effective time, be the step (117,118) of effective disposable code and authentication on the whole; In described step (117,118), connect under the situation of user by authentication, transmit the step (119) of the settlement information (the commodity purchasing amount of money etc.) of described customer identification informations and POS system 50 notices to the settlement system 40 of bank.
In step (117,118), if when not having corresponding customer identification information in the storage part 21, though or customer identification information is consistent when having exceeded schedule time, as authentication error, be notified to POS system 50 (119 ').The described stipulated time can be set arbitrarily, but in the present embodiment, is made as from timestamp distribution 10 minutes constantly.In addition, timestamp also can adopt setting constantly to delete timestamp after 10 minutes from distribution, and the only mode that spendable combination is preserved as data, or employing is not deleted and the mode that stores as resume.
In addition, under the situation by authentication in step (118), can needn't send settlement information to Relay Server 20 from POS system 50 like this, improve security to POS system 50 return authentication result only.But when adopting described disposal route, POS system 50 is only carried out authentication processing by entrusting Relay Server to inquire, according to this authentication result, directly sends described settlement information from POS system 50 to the settlement system 40 of bank.
Communication control module 24D is the module of carrying out with processing such as the foundation of communicating by letter of mobile communication terminal 30, control, cut-outs.Omissions of detail, but with the communicating by letter of mobile communication terminal 30 in, consider from security, preferably carry out by the form that SSL is assembled into Web browser etc.
Below, with reference to Fig. 2, Department of Communication Force 22 is described.Department of Communication Force 22 is so-called network interfaces, is to carry out with mobile communication terminal 30 or data processing by communication control module 24D to send the function of communicating by letter of 51 of receiving terminals and medium, means.As medium, for example the Internet or telephone line, ADSL, optical fiber etc. are wired or wireless all harmless, and construct also harmless through conveyers such as latticed forms such as LAN, WAN, bridge circuit, router, base stations.As mentioned above, from security consideration, preferably use SSL (Secure Socked Layer) agreement to communicate with communicating by letter of 30 of mobile communication terminals.
Control part 23 for example is CPU, be responsible for relating to the function of described a series of processing of the clearing of account system 10 that Relay Server 20 provides, order successively, carry out after by the Relay Server of playback record in storage part 21, realize clearing of account system 10 with program 24.
Below, with reference to Fig. 2 mobile communication terminal 30 is described.Mobile communication terminal 30 is made of storage part 31, Department of Communication Force 32, control part 33, display part 34.Mobile communication terminal 30 in the present embodiment is portable phones, but the invention is not restricted to this, gets final product so long as can realize the mobile communication terminal 30 of above-mentioned purpose.For example, if make IC-card itself have the function of mobile communication terminal 30,, also can realize native system by the method to POS system 50 sent-received messages described later directly or indirectly even in display part 34, do not show disposable code.In this case, for mobile communication terminal 30, display part 34 is optional.
Record in the storage part 31: initial log handle the application program 35 that can use from the clearing of account system 10 of download such as special-purpose network address the back and activation handle after to mobile communication terminal 30 and the well-determined customer identification information of user logined.In addition, after the timestamp distribution requires, record the timestamp information that receives from Relay Server 20.
Particularly, described customer identification information can use the sequence number of distributing to PIN code or application program 35 respectively, the sequence number of mobile communication terminal 30 etc.In addition, the method for the customer identification information that receives from Relay Server 20 as storage, can adopt only be recorded among the RAM, by the method for application program reference, also can be set at and can not carry out and write, rewrite being recorded in firmware in ROM or the flash memory etc.
Described timestamp information is the temporal information in timestamp when distribution of Relay Server 20, thus say on the stricti jurise it be not mobile communication terminal 30 generate disposable code distribution the time time.Therefore, because there be in fact user's the up time possibility shorter than the time of setting in the delays of communication line etc.Therefore, and the communication line of Relay Server 20 between delay etc. make under the situation that the convenience of clearing of account system 10 obviously descends, can adopt mobile communication terminal 30 will issue the time of disposable code and the mistiming of described timestamp information is recorded in the storage part 31, be generated as the method for disposable code together.In this case, need Relay Server 20 sides to consider that this is poor, but judge term of life, authenticate.
Application program 35 is made of 4 modules at least.Specifically, require module 35A, disposable code generation module 35B, disposable code coding module 35C, communication control module 35D to constitute by the timestamp distribution.
The timestamp distribution requires module 35A to require the prerequisite of Relay Server 20 issuing dates stamp to handle in order to generate disposable code.In order to carry out above-mentioned processing, have be recorded in customer identification information in the storage part 31, distribution requires, sends to the step of Relay Server 20 as timestamp from the ciphering sequence number of the ciphering sequence number input picture input of application program 35 with the user.In addition, carry out the ciphering sequence number that uses when the distribution of disposable code requires except that the ciphering sequence number that settlement system 40 sides of bank are determined, also can with accept the log-on message displacement, carry out authentication processing.
Disposable code generation module 35B is the processing of the disposable code of distribution.Constitute by two steps specifically, that is: require the result of module 35A as timestamp distribution, generate timestamp that Relay Server 20 sends and be recorded in customer identification information in the storage part 31 as the step of disposable code; With with the step of described disposable code record in storage part 31.
Disposable code coding module 35C carries out the processing that the disposable code that is used for generating is shown in mobile communication terminal 30.Have specifically for described disposable code is shown in the display part 34 and the step of coding as QR (Quick Response) code.But among the present invention, be not limited to the QR code as the method for two-dimentional display image.For example, when utilizing the two-dimensional bar coding, need construct the module that is suitable for this coding, those skilled in the art can suitably change freely in the scope of the implementing ability that can bring into play usually.In addition, if do not need the mobile communication terminal 30 of display part 34, do not need this module yet.
Communication control module 35D is the module of carrying out with processing such as the foundation of communicating by letter of Relay Server 20, control, cut-outs.For example, from security consideration, preferably the form by assembling SSL in Web browser etc. communicates.
Department of Communication Force 32 is so-called network interfaces, is to utilize function that communication control module 35D and Relay Server 20 communicate and medium, means.As medium, for example the Internet or telephone line, ADSL, optical fiber etc. are wired or wireless all harmless, and construct also harmless through conveyers such as latticed forms such as LAN, WAN, bridge circuit, router, base stations.As mentioned above, from security consideration, preferably under the application program level, use SSL (SecureSocked Layer) agreement to communicate with communicating by letter of Relay Server 20.
Control part 33 is so-called CPU, can be by ordering, carry out the clearing of account system 10 that uses after the application program 35 of playback record in storage part 31 successively.
The settlement system 40 of bank is at least by admitting that processing server 41 constitutes.
Admit that processing server 41 confirms in the user's that logined in advance the credit line whether the available amount that is equivalent to buy the amount of money to be arranged,, can carry out the processing of guaranteeing that this amount that is equivalent to buy the amount of money is used to settle accounts if still available amount is arranged.Owing to admit that processing and relevance of the present invention on the settlement system beyond the processing server 41 are low, omit.
POS system 50 is handled the management server 53 that sends receiving terminal 51 by data processing transmission receiving terminal 51, reading device 52 and management data at least and is constituted.
It is to be arranged at POS cashier's machine terminal in the so-called convenience store etc. etc. that data processing sends receiving terminal 51, is that management server 53 to POS system 50 sends the terminal that receives purchase datas etc.
Reading device 52 for example is a QR code reader etc., is connected in data processing and sends receiving terminal 51, and be the device that decodable code reads the data that are encoded into the QR code.
Data processing sends receiving terminal 51 according to the disposable QR code that reading device 52 reads, and customer identification information, timestamp and settlement amounts information are sent to Relay Server 30.The management server 53 of POS system 50 is low with relevance of the present invention, so omit.
In the present embodiment, data processing sends receiving terminal 51 and shows that with reading device 52 with disposable code coding be the image of QR code in display part 34, the transmission of being carried out information by reading device 52 receives, but in addition, for disposable code, also consider to utilize wireless communication means (for example infrared ray, light, electric wave etc.), send the method that receiving terminal 51 directly sends the disposable code of reception with data processing without reading device 52.
Below, be conceived to the relation of each device, illustrate that with reference to Fig. 4 and Fig. 5 prerequisite, initial log when using as the clearing of account system 10 that is suitable for the preferred embodiments of the present invention handled and first activation is handled.In addition, in the following description, for each inscape of described Relay Server 20, mobile communication terminal 30 and Relay Server module with agreement 24, application program 35, for reduced graph, be convenient to understand, do not illustrate, as carrying out the main body that each is handled,, Relay Server 20 and mobile communication terminal 30 are described for convenient.
The initial log processing is described.In advance, the user operates mobile communication terminal 30, by special-purpose network address etc., to Relay Server 20 input name, account informations, want the regulation items such as ciphering sequence number used, carries out user's login (A1).
Afterwards, if user login finishes, then information is accepted in Relay Server 20 login that generates users, but with record the URL of down load application program 35, the mail that information and ciphering sequence number are accepted in login returns to mobile communication terminal 30 (A2).
Afterwards, the described URL of user capture (A3) downloads to mobile communication terminal 30 (A4) with application program 35.When communicating by letter between user's mobile communication terminal 30 and the Relay Server 20, preferably utilize SSL traffic to encrypt.
In addition, as mentioned above, other embodiment as initial log is handled also can adopt the personal information such as name that the user is provided by the settlement system 40 of bank, is notified to user's mode via the settlement system 40 of the bank ciphering sequence number that the user is directly or indirectly definite.
Below, with reference to Fig. 5 first activation processing is described.Because the user finishes dealing with before back to activation handles in initial log, can't use clearing of account systems 10 by application program 35, so the activation of essential executive utility 35 (can use).The purpose that first activation is handled is, is confirmed to be the mobile communication terminal 30 of having downloaded authentification of user and application program 35.Therefore, the user by visit Relay Server 20, carries out first activation and handles after initial log, just can use clearing of account system 10.
User's input of Relay Server 20 request execution visits is paid its login and is accepted information (B1).
The user that Relay Server 20 visits with information that can unique recognition application, before judging in the information of accepting by contrast login is for just when the user time, mobile communication terminal 30 is generated customer identification information, after mobile communication terminal 30 and user's account information is associated, be recorded in the storage part 21.Then, this customer identification information is sent to mobile communication terminal 30 (B2).Mobile communication terminal 30 is recorded to this customer identification information in the storage part 31.Afterwards, mobile communication terminal 30 sends ciphering sequence number and described customer identification information to Relay Server 20 when timestamp distribution processing requirements.According to the combination of described ciphering sequence number and customer identification information, Relay Server 20 can be used as the identification of mobile communication terminal 30 or/and the authentication information of login user.
And, control part 21 order will be associated with this user the activation sign that is recorded in the application program 35 in the storage part 22 change to ON (can use) (B3) in, order admits that processing server 41 sends these users' the account information and the customer identification information (B4) of record.After carrying out above formality, this user uses the required precondition of clearing of account system 10 ready.
Next, with reference to Fig. 6 (A), (B), illustrate that the user issues processing requirements to finishing the treatment step that commodity are bought from timestamp.The user is when buying commodity, and operation mobile communication terminal 30 from by application program 35 picture displayed input ciphering sequence number, sends timestamp distribution processing requirements (C1) to Relay Server 20.At least comprise the ciphering sequence number of user's input and pay the customer identification information of application program 35 in this timestamp distribution processing requirements.
The Relay Server 20 that receives described distribution processing requirements is with reference to storage part 21, confirm whether to exist the activation of the application program 35 of the combination of the ciphering sequence number that receives from the user and customer identification information and this visit to be masked as ON (can use), and judge whether it is to login in clearing of account system 10 and spendable user.Afterwards, be under proper user's the situation being judged as, rise time stamp when obtaining this authentication or after the temporal information when being connected to Relay Server 20 sends to mobile communication terminal 30 (C2).But Relay Server 20 is under the situation of a customer identification information rise time being stabbed, in order to prevent improper use, not carrying out the new distribution of stabbing At All Other Times handles, for described timestamp distribution processing requirements,, return to mobile communication terminal 30 as the distribution mistake.
The mobile communication terminal 30 that receives timestamp makes the customer identification information and the timestamp combination of paying application program 35, generates disposable code, is recorded in the storage part 31.Afterwards, this disposable code is re-used as the disposable QR code that is encoded to the QR code by application program 35, is shown in the display of mobile communication terminal 30 (C3).
The user is read in described disposable QR code in the reading device 52 that is connected in data processing transmission receiving terminal 51 (C4).
Data processing sends information that receiving terminal 51 will read in from this disposable QR code by reading device 52 and this user's settlement amounts sends to Relay Server 20 (C5).
The Relay Server 20 that receives this information confirms to have or not the combination of customer identification information and timestamp with reference to storage part 21.In the Relay Server 20, if exceed schedule time, for example surpass 10 minutes from distribution from the time meter of timestamp, the then combination of automatic deletion customer identification information and timestamp from storage part 21.Therefore, under the situation that does not have described combination,, mistake is returned to data processing send receiving terminal 51 (C6) as being the user that can not authenticate.The described stipulated time can revise arbitrarily.
On the other hand, exist under the situation of described combination, Relay Server 20 is to admitting that processing server 41 sends (C7) such as the customer identification information related with this user, account number, settlement amounts.
Afterwards, the combination of used customer identification information and timestamp deleted (C8).Relay Server 20 with the settlement process of bank in keep the clearing daily record, as from now on wrong countermeasure or be can confirm and the processing of bank aspect on unification, also can these information and timestamp be recorded in the storage part 21 after making up.
Admit processing server 41 from what Relay Server 20 received described information, will admit that result sends to data processing and sends receiving terminal 51 (C9).Afterwards, POS system 50 is according to admitting that result thinks that the clearing of account finishes, and finishes this user's commodity purchasing formality.
So, the combination of the customer identification information that mobile communication terminal 30 is determined by the ciphering sequence number that sends the user and determine and Relay Server 20 sides proposes the distribution processing requirements of timestamps to Relay Server 20.From Relay Server 20 aspects, this mode can be according to the user who is connected with the combination authentication of the identifying information of the settlement system 40 no direct relations of bank.In addition,, then can only import ciphering sequence number, use the timestamp that receives from Relay Server 20, generate the disposable code of authentication by clearing of account system 10 automatically by the user from mobile communication terminal 30 aspects.Therefore, existing in the system of Relay Server 20 sides distribution customer identification information, during twice of processing of identifying information being paid the processing of mobile communication terminal 30 and mobile communication terminal 30 authentications on network communicated by letter, need to use identifying information, but 1 visit when only authentication processing requires among the present invention gets final product, so reduced the danger of leakage of information on the network significantly.In addition, because this disposable code only sends to Relay Server 20 via POS system 50 particular networks such as grade,,, also can limit leakage path even leakage is arranged so this disposable code can not be leaked to the outside basically.And, owing in a single day exceed schedule time, promptly deleted at the disposable code of Relay Server 20 sides, so term of life is restricted.Therefore, since only effective in the time of user's payment for merchandise expense, so safe and suitable clearing of account system 10 can be provided.

Claims (18)

1. Verification System, whether differentiation is legitimate claim from the authentication requesting of mobile communication terminal, it is made of the server that described mobile communication terminal and being used to authenticates described mobile communication terminal at least, and it is characterized in that: described server has: record the storage part of stipulating the 1st customer identification information that the user sets directly or indirectly that uses described mobile communication terminal, can with the Department of Communication Force of described mobile communication terminal two-way communication and the control part of controlling described storage part and Department of Communication Force; Described control part has as lower member: through as described in Department of Communication Force from as described in mobile communication terminal receive as described in the 1st customer identification information, consistent according to it with information in being recorded in described storage part, judgement is when the user, the user who uses described mobile communication terminal is generated the 2nd customer identification information, be recorded in the parts in the described storage part, with, described the 2nd customer identification information is sent to the parts of described mobile communication terminal; Described mobile communication terminal proposes authentication requesting with the 1st customer identification information and the 2nd customer identification information combination back to described server.
2. Verification System according to claim 1, it is characterized in that: described Verification System still can with the Relay Server of the spendable settlement system two-way communication of described user, described control part has as lower member: according to from as described in the processing requirements of settlement system obtain as described in during user's account information, described account information is recorded in parts in the described storage part as the 1st customer identification information, with, generate the identifying information be associated with described account information with as the 2nd customer identification information, and be recorded in the parts in the storage part; Described mobile communication terminal proposes authentication requesting with described account information and described identifying information combination back to described Relay Server.
3. Verification System according to claim 2, it is characterized in that: described control part also possesses as lower member: when as described in receiving during authentication requesting, if it is consistent with the information in being recorded in described storage part, then being judged as is proper user, generate the login be associated with described account information and accept information with as the 2nd customer identification information, and be recorded in the described storage part parts and, send the parts that information is accepted in described login to described mobile communication terminal; Described mobile communication terminal proposes authentication requesting to described Relay Server after information combination is accepted in described account information or described identifying information and described login.
4. Verification System according to claim 3, it is characterized in that: described control part also possesses as lower member: the parts that following program is provided: during authentication requesting in receiving claim 3, if it is consistent with the information in being recorded in described storage part, then being judged as is proper user, makes and can use described settlement system via described mobile communication terminal; With, generation can the described program of unique identification information with as the 2nd customer identification information, and be recorded in parts in the described storage part; Described mobile communication terminal proposes authentication requesting to described Relay Server after the information combination of arbitrary information of information and the described program of unique identification is accepted in described account information, described identifying information, described login.
5. Verification System according to claim 4, it is characterized in that: described control part also possesses as lower member: when receiving the authentication requesting of claim 4, if it is consistent with the information in being recorded in described storage part, then being judged as is proper user, rise time stabs with as the 2nd customer identification information, and be recorded in the described storage part parts and, send to the parts of described mobile communication terminal; Described mobile communication terminal proposes authentication requesting to described Relay Server after described account information, described identifying information, described login being accepted arbitrary information of information and timestamp combination of information, the described program of unique identification.
6. Verification System, whether differentiation is legitimate claim from the distribution requirement of mobile communication terminal, it is characterized in that: possess server, this server has at least: record described mobile communication terminal identifying information in advance and the storage part of the identifying information that is associated with the user who uses described mobile communication terminal, can with the Department of Communication Force of described mobile communication terminal two-way communication, and the control part of described storage part of control and Department of Communication Force; Described control part is under the situation of unanimity requiring the mobile communication terminal identifying information that sends together and the related identifying information of the described user back of comparing with the recorded information of described storage part with distribution, judgement is being connected from the mobile communication terminal of login and user, moment when maybe this distribution requires during with authentication is as timestamp, make it to be associated with the mobile communication terminal identifying information, be recorded in the described storage part, send described timestamp to described mobile communication terminal through described Department of Communication Force.
7. Verification System according to claim 6 is characterized in that: described mobile communication terminal identifying information is to distribute to the program that is installed in the mobile communication terminal or the identifying information of firmware.
8. according to claim 6 or 7 described Verification Systems, it is characterized in that: possess mobile communication terminal, this mobile communication terminal has at least: record in advance the mobile communication terminal identifying information of regulation storage part, possess can with the Department of Communication Force of the communication component of described Relay Server two-way communication and the control part of controlling described storage part and Department of Communication Force; The control part of described mobile communication terminal timestamp according to claim 6 and the mobile communication terminal identifying information that is recorded in the described storage part generate well-determined disposable code.
9. Verification System according to claim 8, it is characterized in that: described mobile communication terminal also possesses the display part that is used for display image, and described control part makes the described disposable code of claim 8 is shown on the display as the disposable QR code that the QR code coding generates.
10. according to the described Verification System of claim 6 to 9, it is characterized in that: the control part of the described server of claim 6 is receiving under the situation of the described disposable code of claim 8 via predetermined data processing transmission receiving terminal, the recorded information of the storage part of more described disposable code and described Relay Server, combination unanimity and timestamp at mobile communication terminal identifying information and timestamp are compared with current time under the situation about not exceeding schedule time, and judgement is the proper authentication requesting from the user.
11. Verification System according to claim 10, it is characterized in that: described server still can with the Relay Server of the spendable settlement system two-way communication of user, described control part is under situation about being judged as from user's proper authentication requesting, to major general's mobile communication terminal identifying information with buy predetermined dollar value information and send to described settlement system through described Department of Communication Force.
12. according to claim 10 or 11 described Verification Systems, it is characterized in that: the described disposable code of claim 8 was once using in authentication determination is handled or under the timestamp distribution situation that meter has exceeded schedule time constantly, was deleting from described storage part.
13. Verification System program, be used for differentiating that distribution from mobile communication terminal requires whether is the Verification System of legitimate claim, it is characterized in that: can be installed in the server, can carry out through control part, described server has at least: record described mobile communication terminal identifying information in advance and the storage part of the identifying information that is associated with the user who uses described mobile communication terminal, can and control the control part of described storage part and Department of Communication Force with the Department of Communication Force of described mobile communication terminal two-way communication; This Verification System has following steps with program: the mobile communication terminal identifying information and the identifying information that will require to send with the distribution from described mobile communication terminal contrast with described storage part, if consistent, then judge it is the user of login and the step of mobile communication terminal; With, be under the proper situation, the time information when requiring, the step that issuing date stabs according to authentication and/or this distribution; With, described timestamp is associated with the mobile communication terminal identifying information, be recorded in the step in the described storage part; And, to the step of described mobile communication terminal transmitting time stamp.
14. Verification System program according to claim 13, it is characterized in that: described program also has following steps: relatively via predetermined data send the described disposable code of claim 8 that comprises in the information of sending with terminal, with the mobile communication terminal identifying information that is recorded in the described storage part, if consistent, then being judged as is step from the authentication requesting of proper user and mobile communication terminal; With, relatively the timestamp that comprises in this disposable code be recorded in the storage part timestamp distribution constantly, if identical timestamp, count constantly from distribution and not exceed schedule time, then being judged as is the step of effective timestamp.
15. Verification System program according to claim 14, it is characterized in that: described program also has following steps, in described step, be judged as be from proper user and mobile communication terminal authentication requesting, be under the situation of effective timestamp, send this customer identification information or mobile communication terminal identifying information at least and buy predetermined dollar value information to the spendable settlement system of this user.
16. according to claim 14 or 15 described Verification System programs, it is characterized in that: described program also has following steps: be used in authentication determination is handled or under the timestamp distribution situation that meter exceeds schedule time constantly, deleted from described storage part at the described disposable code of claim 8.
17. mobile communication terminal program, it is characterized in that: use with claim 13 to the arbitrary described Verification System program of claim 16, can be installed in the mobile communication terminal, can carry out via control part, described mobile communication terminal have at least the storage part that records the mobile communication terminal identifying information, can with arbitrary described server or the Department of Communication Force of Relay Server two-way communication and the control part of controlling described storage part and Department of Communication Force of claim 13 to claim 16; This mobile communication terminal has following steps with program: the identifying information and the described mobile communication terminal identifying information of user's input are issued requirement as timestamp, send to the step of described server, with, the timestamp that reception is returned according to described timestamp distribution requirement, be recorded in the step in the described storage part, with, generate disposable code according to described timestamp and described mobile communication terminal identifying information, be recorded in the step in the described storage part.
18. mobile communication terminal program according to claim 17, it is characterized in that: described mobile communication terminal also possesses the display part that is used for display image, have following steps: with described disposable code coding be the step of QR code and make coding after disposable QR code be shown in step in the described display part.
CN200880009569A 2007-03-30 2008-03-25 Authentication system, server used in authentication system, mobile communication terminal, and program Pending CN101641707A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP094298/2007 2007-03-30
JP2007094298A JP2008250884A (en) 2007-03-30 2007-03-30 Authentication system, server, mobile communication terminal and program used for authentication system

Publications (1)

Publication Number Publication Date
CN101641707A true CN101641707A (en) 2010-02-03

Family

ID=39875360

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200880009569A Pending CN101641707A (en) 2007-03-30 2008-03-25 Authentication system, server used in authentication system, mobile communication terminal, and program

Country Status (3)

Country Link
JP (1) JP2008250884A (en)
CN (1) CN101641707A (en)
WO (1) WO2008129828A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103279865A (en) * 2012-01-12 2013-09-04 乐金信世股份有限公司 Payment method and payment gateway server, time certificate issuing server and mobile terminal
CN105493056A (en) * 2013-08-29 2016-04-13 精工爱普生株式会社 Transmission system, transmission device, and data transmission method
US9785764B2 (en) 2015-02-13 2017-10-10 Yoti Ltd Digital identity
US9852285B2 (en) 2015-02-13 2017-12-26 Yoti Holding Limited Digital identity
US9858408B2 (en) 2015-02-13 2018-01-02 Yoti Holding Limited Digital identity system
US10521623B2 (en) 2015-02-13 2019-12-31 Yoti Holding Limited Digital identity system
US10594484B2 (en) 2015-02-13 2020-03-17 Yoti Holding Limited Digital identity system
US10692085B2 (en) 2015-02-13 2020-06-23 Yoti Holding Limited Secure electronic payment
CN113365275A (en) * 2021-06-15 2021-09-07 哈尔滨工业大学 Identity authentication system and method based on infrared communication

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5412364B2 (en) * 2009-07-16 2014-02-12 株式会社日立製作所 Information processing method and information processing system
JP5484823B2 (en) * 2009-08-21 2014-05-07 株式会社ジャパンネット銀行 Information processing apparatus, cardless payment system, cardless payment method, cashless payment method and program for cardless payment
WO2012168457A1 (en) * 2011-06-10 2012-12-13 Swedbank Ab Electronic transactions
KR20130100872A (en) * 2012-02-22 2013-09-12 주식회사 엘지씨엔에스 Payment method by means of one time response code, payment server and operator terminal performing the same
KR101184293B1 (en) * 2012-04-17 2012-09-21 주식회사 신세계 Electronic Receipt Management System and User Method Using User Terminal
EP2693383A1 (en) * 2012-06-27 2014-02-05 Moneris Solutions Corporation Secure payment system
RU2550527C2 (en) 2012-06-28 2015-05-10 Сейко Эпсон Корпорейшн Data processing device, pos system and method of controlling pos system
GB201213277D0 (en) * 2012-07-26 2012-09-05 Highgate Labs Ltd Two device authentication mechanism
KR101330943B1 (en) * 2012-12-10 2013-11-26 신한카드 주식회사 Transaction method using one time card information
CN104751323B (en) * 2013-12-31 2020-04-24 腾讯科技(深圳)有限公司 Electronic account data transfer method and related equipment and system
CN104899730B (en) * 2014-09-22 2020-02-18 腾讯科技(深圳)有限公司 Mobile terminal data processing method, terminal and system
JP5859092B1 (en) * 2014-10-28 2016-02-10 三菱電機株式会社 Radio apparatus, radio apparatus operation method, and radio apparatus operation program
CA2966978A1 (en) * 2014-11-25 2016-06-02 Einnovations Holdings Pte. Ltd. Transaction system and method
CN105163310B (en) * 2015-09-30 2016-10-26 西安交通大学 The radio physical layer safe transmission method of constellation rotation auxiliary in bidirectional relay system
JP6573847B2 (en) * 2016-07-01 2019-09-11 株式会社Skiyaki System, method and program for processing rights information
CN113950710A (en) * 2019-06-17 2022-01-18 连支付株式会社 Information processing method, program, and terminal
JP2020204883A (en) * 2019-06-17 2020-12-24 LINE Pay株式会社 Information processing method, program, and terminal
JP2020204884A (en) * 2019-06-17 2020-12-24 LINE Pay株式会社 Information processing method, program, terminal, and server
JP2020204882A (en) * 2019-06-17 2020-12-24 LINE Pay株式会社 Information processing method, program, and terminal
US20220351211A1 (en) * 2020-12-11 2022-11-03 Rakuten Group, Inc. Fraud detection system, fraud detection device, fraud detection method, and program

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001344545A (en) * 2000-03-29 2001-12-14 Ibm Japan Ltd Processing system, server, processing terminal, communication terminal, processing method, data managing method, processing performing method and program
JP2004272828A (en) * 2003-03-12 2004-09-30 Ufj Bank Ltd Individual identification system and method
JP2006279321A (en) * 2005-03-28 2006-10-12 Willcom Inc Security software for mobile terminal and security communication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001344545A (en) * 2000-03-29 2001-12-14 Ibm Japan Ltd Processing system, server, processing terminal, communication terminal, processing method, data managing method, processing performing method and program
JP2004272828A (en) * 2003-03-12 2004-09-30 Ufj Bank Ltd Individual identification system and method
JP2006279321A (en) * 2005-03-28 2006-10-12 Willcom Inc Security software for mobile terminal and security communication system

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103279865A (en) * 2012-01-12 2013-09-04 乐金信世股份有限公司 Payment method and payment gateway server, time certificate issuing server and mobile terminal
CN105493056B (en) * 2013-08-29 2019-03-19 精工爱普生株式会社 Data transmission method for uplink used in POS system, printing equipment and POS system
CN105493056A (en) * 2013-08-29 2016-04-13 精工爱普生株式会社 Transmission system, transmission device, and data transmission method
US10521623B2 (en) 2015-02-13 2019-12-31 Yoti Holding Limited Digital identity system
US9858408B2 (en) 2015-02-13 2018-01-02 Yoti Holding Limited Digital identity system
US10210321B2 (en) 2015-02-13 2019-02-19 Yoti Holding Limited Digital identity
US9852285B2 (en) 2015-02-13 2017-12-26 Yoti Holding Limited Digital identity
US10325090B2 (en) 2015-02-13 2019-06-18 Yoti Holding Limited Digital identity system
US9785764B2 (en) 2015-02-13 2017-10-10 Yoti Ltd Digital identity
US10594484B2 (en) 2015-02-13 2020-03-17 Yoti Holding Limited Digital identity system
US10692085B2 (en) 2015-02-13 2020-06-23 Yoti Holding Limited Secure electronic payment
US10853592B2 (en) 2015-02-13 2020-12-01 Yoti Holding Limited Digital identity system
US11042719B2 (en) 2015-02-13 2021-06-22 Yoti Holding Limited Digital identity system
US11727226B2 (en) 2015-02-13 2023-08-15 Yoti Holding Limited Digital identity system
CN113365275A (en) * 2021-06-15 2021-09-07 哈尔滨工业大学 Identity authentication system and method based on infrared communication
CN113365275B (en) * 2021-06-15 2022-05-13 哈尔滨工业大学 Identity authentication system and method based on infrared communication

Also Published As

Publication number Publication date
WO2008129828A1 (en) 2008-10-30
JP2008250884A (en) 2008-10-16

Similar Documents

Publication Publication Date Title
CN101641707A (en) Authentication system, server used in authentication system, mobile communication terminal, and program
US11880815B2 (en) Device enrollment system and method
KR100641824B1 (en) A payment information input method and mobile commerce system using symmetric cipher system
US20160125403A1 (en) Offline virtual currency transaction
EP2003625A1 (en) Internet business security system
TWI654574B (en) Block block electronic ticket trading system and electronic ticket trading method thereof
CN105027153A (en) Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data
CN105593883A (en) Method for authenticating transactions
WO2002039342A1 (en) Private electronic value bank system
CN103279865A (en) Payment method and payment gateway server, time certificate issuing server and mobile terminal
CN101681463A (en) Methods and a system for providing transaction related information
KR101812638B1 (en) Module, service server, system and method for authenticating genuine goods using secure element
CN101138242A (en) An interactive television system
CN103077460B (en) System and method for financial certificate transaction by mobile device
CN101238482A (en) Electronic settlement system, method therefor, settlement server used therein, communication terminal, and program
CN101110728A (en) Security validating system and method for RFID certificate of title
JP2010287250A (en) Authentication system for cashless payment
CN112037068A (en) Resource transfer method, system, device, computer equipment and storage medium
CN108881121A (en) A kind of P2P credit based on mobile Internet mutually sees system and method
KR20160030342A (en) Method of paying for a product or service on a commercial website via an internet connection and a corresponding terminal
US20030130961A1 (en) System and method for making secure data transmissions
CN102236855A (en) Method and system for electronic transaction by using QR (Quick Response) codes
US20130218771A1 (en) Electronic payment unit, electronic payment origin authentication system and method
KR20080079714A (en) A system and method of certifying cardholder using mobile phone
CN112561105A (en) Hotel reservation transfer transaction system and method based on block chain technology

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1140046

Country of ref document: HK

C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20100203

REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1140046

Country of ref document: HK