JP2002342685A - System and method for electric commerce - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a system and method for electric commerce which prevents illegality such as passing oneself off as another person and enables the electric commerce by simple operation. SOLUTION: A UIM 200 to be mounted in a movable device 300 has a random number and an authentication algorithm characteristic to each UIM 200 stored therein. When receiving an ordering number from a POS server 500 through the device 300 (step S5→step S6), the UIM 200 obtains an answer Ans 2 from the ordering number and the random number according to the authentication algorithm. Only when an answer Ans 1 received from the server 500 (step S13) coincides with the answer Ans 2 received from the UIM 200 through the device 300 (step S16→step S17), a POS terminal 700 makes it possible to provide merchandise or a service (step S8).

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic commerce system, and more particularly, to an electronic commerce system and an electronic commerce method using a mobile device such as a mobile phone.

[0002]

2. Description of the Related Art In recent years, Electronic Commerce (hereinafter abbreviated as EC) via the Internet has become widespread. For example, when purchasing a desired book at a bookstore established on the Internet, a user first accesses a homepage of the bookstore via a personal computer (hereinafter, referred to as a PC) at home via the Internet, and selects from a large number of book lists. Search for the desired book.
When a desired book is found, the user places an order on the Internet and makes a credit card payment online. Thereby, the desired book is delivered to the user's home. Conventional EC with such a system
However, there has been a problem that users have to worry about security because of the necessity of performing online credit card settlement, and that it takes enormous cost to construct an inventory management and distribution system. Under such a background, EC using a convenience store (hereinafter referred to as a convenience store) is receiving attention. The EC using a convenience store will be described below with reference to a specific example.

[0003] For example, when purchasing a desired book using book sales at a convenience store EC, the user needs to purchase a P at home.
C accesses a predetermined book sales site via the Internet, and searches for a desired book from a large number of book lists. When a desired book is found, the user places an order on the Internet. At the time of ordering, the user specifies a convenience store to receive the book. on the other hand,
The server that receives the book order via the Internet,
Pay out the order number to the PC. The order number issued from the server is supplied to a PC via the Internet and displayed on a display. The user remembers the order number shown on the display. Then, for example, a few days later, the user goes to the convenience store designated when ordering, and inputs the order number to a POS (Point Of Sales) terminal installed in the store. The POS terminal to which the order number has been input prints out an order slip corresponding to the order number.
The user goes to the cashier with the printed order slip, and receives the goods and settles the price.

[0004] As described above, the convenience store EC can receive goods and settle the price in a face-to-face manner, so that the user can use the convenience store EC with confidence. In addition, convenience store operators already have a distribution network for delivering products to each store, so there is an advantage that investment in distribution maintenance can be suppressed.

[0005]

However, in the above-mentioned convenience store EC, the user who places an order needs to remember the order number paid out from the server to the PC until he or she inputs the order number to the POS terminal. In the case where the number is known to another person, there is a problem that the person who knows the order number, instead of the user who made the order, impersonates the user and purchases a product (a ticket or the like which is difficult to obtain). Was. In addition, since the PC cannot be easily carried, there is a problem that the user cannot use the EC outside of the home where the PC is located. The present invention has been made in view of the circumstances described above, and provides an e-commerce system and an e-commerce method that prevent impropriety such as spoofing and enable ordering of goods or services with a simple operation. With the goal.

[0006]

In order to solve the above-mentioned problems, an electronic commerce system according to claim 1 comprises a user identification module, a mobile device, a POS server, and a POS server.
An electronic commerce system including a terminal, wherein the mobile device connected to the user identification module places an order for goods or services in response to an order request, and the POS server responds to an order from the mobile device. To generate order information,
The user identification module transmits to the mobile device, the user identification module stores order information received from the POS server via the mobile device, and based on the order information, a first necessary for authentication related to provision of a product or service. Generating information and transmitting the generated information to a POS server via a mobile device, wherein the user identification module transmits the stored order information to the POS terminal in response to a read request from the POS terminal; Upon receiving the order information from the identification module,
The POS server requests first information corresponding to the order information from the POS server, and the POS server transmits the first information corresponding to the request to the POS terminal. Receiving the first information from the POS terminal, the user identification module transmits information necessary for generating the first information from the order information to the user identification module. Based on the information, second information required for authentication related to the provision of a product or service is generated and transmitted to a POS terminal, and the POS terminal receives the second information from the user identification module.
Is received, the first information and the second information are used to authenticate whether or not the provision of a product or service corresponding to the order information is permitted.

An electronic commerce system according to a second aspect is an electronic commerce system including a user identification module, a mobile device, a POS server, and a POS terminal, the electronic commerce system being connected to the user identification module. The mobile device is
In response to an order request, the customer places an order for a product or service. The POS server generates order information in accordance with the order from the mobile device, transmits the order information to the mobile device, and provides the product or service based on the order information. First necessary for certification
And sending the order information and the first information to the POS terminal, wherein the user identification module comprises:
Upon receiving the order information from the POS server via the mobile device, second information necessary for authentication relating to the provision of the product or service is generated based on the order information, and a request for reading the order information and the second information is issued. And the POS terminal receives the first information from the POS server and receives the second information from the user identification module when the first information and the second information are received. The authentication of whether or not the provision of a product or a service corresponding to the order information may be permitted is performed by using.

An electronic commerce system according to a third aspect is an electronic commerce system including a user identification module, a mobile device, a POS server, and a POS terminal, the electronic commerce system being connected to the user identification module. The mobile device is
In response to an order request, a product or service is ordered, the POS server generates order information in response to an order from the mobile device, transmits the generated order information to the mobile device and a POS terminal, and the user identification module includes a POS server. Transmits the order information received from the mobile device to the POS terminal in response to the read request, and the POS terminal receives the order information from the POS server and receives the order information from the user identification module. Using the order information received from the POS server and the order information received from the user identification module, authentication of whether or not the provision of a product or service corresponding to the order information is performed is performed.

According to a fourth aspect of the present invention, there is provided an electronic commerce method, wherein a mobile station connected to a user identification module orders a product or service to a POS server in response to an order request. Transmitting an order number corresponding to the order to the user identification module, wherein the user identification module obtains a first answer using the received order number, an authentication algorithm, and a random number; Transmitting the first answer and a random number to the POS terminal, transmitting the received order number to the POS terminal in response to the read request, and transmitting the order number from the user identification module to the POS terminal. Requesting, from the POS server, a first answer and a random number corresponding to the order number;
Sending a first answer and a random number to the POS terminal in response to the request; and receiving the first answer and the random number from the user identification module after the POS terminal receives the first answer and the random number from the user identification module. And transmitting only the random number among the random numbers to the user identification module, and after the user identification module receives the random number from the POS terminal,
Obtaining a second answer using a random number, an order number and an authentication algorithm and transmitting the second answer to the POS terminal; and after the POS terminal receives the second answer from the user identification module, the first answer And a step of performing authentication of whether or not the provision of a product or service corresponding to the order information may be permitted using the second answer.

According to a fifth aspect of the present invention, there is provided the electronic commerce method, wherein the mobile station connected to the user identification module places an order for goods or services to a POS server in response to an order request, and wherein the POS server comprises: An order number is generated in accordance with the order from the mobile device, transmitted to the mobile device, and a first number is generated using the order number, the authentication algorithm, and the random number.
Of the order number and the POS with the order number and the first answer
Transmitting to the terminal, wherein the user identification module comprises:
After receiving an order number and a random number from the POS server via a mobile device, a second answer is obtained using the order number, the random number, and an authentication algorithm, and the order number and the second answer are responded to a read request. And transmitting the item to the POS terminal, and after the POS terminal receives the second answer from the user identification module, a product or a product corresponding to the order information using the first answer and the second answer. Authenticating whether the provision of the service is permitted or not.

According to a sixth aspect of the present invention, there is provided the electronic commerce method, wherein the mobile station connected to the user identification module places an order for goods or services to the POS server in response to the order request. Generating an order number in response to an order from the mobile device, obtaining a first answer using the order number, an authentication algorithm, and a random number, transmitting the order number and the random number to the mobile device; After receiving the order number and the random number from the POS server via the mobile device, the module obtains a second answer by using the order number, the random number, and the authentication algorithm, and requests to read the second answer and the order number. Transmitting the first answer corresponding to the order number to the POS terminal after receiving the second answer and the order number from the user identification module. A step of requesting to the serial POS server, the POS server, after receiving the order number from the POS terminal, the first corresponding to the said request to a POS terminal
Transmitting the answer to the POS terminal,
After receiving the first answer from the S server, the first
And a step of authenticating whether or not the provision of a product or service corresponding to the order information is permitted by using the answer of the second step and the second answer.

[0012] In the electronic commerce method according to the present invention, the mobile station connected to the user identification module may be a PO.
Ordering goods or services to the S server, the POS server generating an order number according to the order from the mobile device, and transmitting the order number to the mobile device and a POS terminal; The user identification module
A step of transmitting the order number to the POS terminal in response to the read request after receiving the order number from the OS server via the mobile device, and the POS terminal receiving the order number from the POS server and the user identification After receiving the order number from the module, use the order number received from the user identification module and the order number received from the POS server to authenticate whether the provision of goods or services corresponding to the order information is permitted. And a process.

[0013]

Embodiments of the present invention will be described below to make the present invention easier to understand. Such an embodiment shows one aspect of the present invention, and does not limit the present invention, and can be arbitrarily changed within the scope of the present invention.

A. 1. First Embodiment (1) Configuration of the Embodiment FIG. 1 is a diagram showing a configuration of an EC system 100 according to the present embodiment, and FIGS.
FIG. 3 is a diagram illustrating a configuration of a UIM 200, a mobile device 300, a POS server 500, a POS terminal 700, and the like, which configure a POS terminal 00.

A. UIM 200 The UIM 200 shown in FIGS. 1 and 2 is an IC card that is detachable from the mobile device 300, and has user-specific information such as a subscriber number and memory dial information. This UI
M200 includes a CPU 210, an external I / F 215, and an R
An OM 220, a RAM 225, and an EEPROM 230 are provided. The CPU 210 controls each unit of the device based on a control program or the like stored in the ROM 220. The external I / F 215 is an interface for connecting to the mobile device 300. The ROM 220 is a non-volatile memory, and stores programs for performing analysis, execution, response, data management, and the like of commands supplied from the mobile device 100 in addition to the control programs. RAM2
Reference numeral 25 denotes a rewritable memory in which data supplied from the mobile device 100 and the like are temporarily stored. EEPR
The OM 230 is a rewritable nonvolatile memory, and stores information necessary for communicating with the mobile device 100.

FIG. 3 is a diagram for explaining the storage area of the EEPROM 230. The EEPROM 230 has a subscriber information storage area 231, a security information storage area 232, and an order information storage area 233. The subscriber information storage area 231 stores information unique to the user who owns the UIM 200, such as a subscriber number, outgoing call history information, incoming call history information, and call time information. The security information storage area 232 stores an authentication algorithm unique to each UIM 200, a random number, and the like. The order information storage area 233 stores an order number (to be described later) issued from the POS server 500 in accordance with the order. In addition,
The order information storage area 233 has a sufficient area for storing a plurality of order numbers.

B. Mobile Device 300 The mobile device 300 shown in FIGS. 1 and 4 is, for example, a mobile phone, and can be connected to the UIM 200 and can communicate with the POS terminal 700 by short-range wireless communication. The mobile device 300 includes a control unit 310 and a storage unit 32
0, an operation unit 330, a communication unit 340, a voice input / output unit 350, a UIM interface 360, and a short-range wireless communication interface 370. Control unit 3
The unit 10 controls each unit of the mobile device 300 based on a control program and the like stored in the storage unit 320, and reads and writes information from and to the UIM 200 connected to the mobile device 300. The storage unit 320 includes a ROM, R
It is composed of an AM, an EEPROM, etc., and has a plurality of storage areas such as a program storage area for storing various programs and a data storage area for storing various data.

The operation unit 330 is composed of operation buttons (not shown), and is capable of inputting information such as telephone numbers and ordering desired products. The communication unit 340
Under the control of the control unit 310, various data such as product order information and the like are transmitted via the antenna 341, while various data transmitted via the antenna 341 are received.
The voice input / output unit 350 includes a microphone for inputting voice, a speaker for outputting voice received by the communication unit 340, and the like. UIM interface 360 transmits information output from control unit 310 to U
The information output from the UIM 200 is supplied to the control unit 310 while being supplied to the IM 200. The short-range wireless communication interface 370 is an interface for performing short-range communication (for example, Bluetooth or the like) with the POS terminal 700.

C. POS Server 500 The POS server 500 shown in FIGS. 1 and 5 is responsible for all management tasks related to the products and services to be handled, such as receiving orders for a plurality of types of products and services, paying out order numbers according to orders, and inventory management. I have. The POS server 500 has C
A PU 510, a ROM 520, a RAM 530, and a communication interface 540 are provided. In addition, an operation unit including a keyboard and the like, a display unit for displaying merchandise management data, and the like are provided. However, since they have no direct relation to the gist of the present invention, illustration and description are omitted. CPU5
10 controls each unit of the apparatus based on a control program or the like stored in the ROM 520. The ROM 520 stores a control program for controlling, maintaining, updating and the like of various kinds of data relating to products and services, in addition to a control program for controlling each unit of the apparatus.

The RAM 530 has a plurality of storage areas such as a product information storage area and an authentication information storage area. In the product information storage area, various information (eg, name, model and size, price, number of days for delivery,
Product description) is stored. After receiving an order for a product from the mobile device 300, the authentication information storage area stores the mobile device 300
And the POS server 500, and the mobile device 300 and the PO
Information necessary for performing authentication with the S terminal 700 is stored. The details of the information stored in the authentication information storage area will be clarified in the description of the embodiment. The communication interface 540 includes an interface mechanism for communicating with the mobile device 300 via the network 400 shown in FIG. 1, an interface mechanism for communicating with the POS terminal 700 via the POS network 600, and the like. The network 400
Is composed of a mobile communication network, the Internet network, a gateway for connecting the mobile communication network to the Internet network, and the like, but each element constituting the network 400 is not directly related to the gist of the present invention. Therefore, the description is omitted.

D. POS Terminal 700 The POS terminal 700 shown in FIGS. 1 and 6 is installed at, for example, each convenience store, collects data used for sales management, customer management, and the like, and transmits the collected data to the POS server 500. The POS terminal 700 includes a control unit 710, a display unit 720, a communication interface 730, and a short-range wireless communication interface 740. Control unit 7
Reference numeral 10 includes a CPU, a ROM, a RAM, and the like, and controls each unit of the POS terminal 700. The display unit 720 is composed of, for example, a liquid crystal display, and displays an explanation of a product to be handled, and also displays an authentication result performed between the POS terminal 700 and the mobile device 300. Communication interface 730
Is connected to the POS server 5 via the POS network 600.
This is an interface for communicating with 00. The short-range wireless communication interface 740 is an interface for performing short-range communication (for example, Bluetooth or the like) with the mobile device 300.

(2) Operation of the Embodiment FIG. 7 is a sequence diagram for explaining the operation of the EC system 100 according to the embodiment. In addition,
The following description assumes that the user purchases a book using the EC system 100. A user who is busy with work and does not have time to go around bookstores slowly orders a desired book using a break time or the like. When ordering, the user first attaches UIM 200 to mobile device 300. UI
When the power of the mobile device 300 is turned on after the M200 is mounted, the UIM 200 is started, and the subscriber information storage area 231 is started.
The subscriber number and the like stored in the
00 (step S1). The user operates the operation unit 330 of the mobile device 300 to operate the POS server 500.
Is accessed (step S2). When accessing, the mobile device 300 transmits the subscriber number and the like supplied from the UIM 200 to the POS server 500.

When the mobile device 300 and the POS server 500 are connected via the network 400, the mobile device 3
A list of product menus is displayed on the display unit (not shown) of 00 (step S3). The user can access the mobile device 300
Is operated from the product menu by operating the operation unit 330, and a desired book is ordered (step S
4). When placing an order, the user specifies a convenience store to receive the book. As a method of designating a convenience store as a destination, for example, detailed information (address, telephone number, etc.) of the convenience store managed by the POS server 500 may be used.
While the user may download a desired product along with a list of product menus from the POS server 500 to the mobile device 300, the user may place an order for a desired product and then designate a convenience store to receive the product. How to specify the destination convenience store can be variously set according to the type of commercial transaction.

In response to an order request from mobile device 300, POS server 500 generates an order number corresponding to the order, pays out the generated order number to mobile device 300 (step S5), and stores the order number It is stored in the authentication information storage area in association with the subscriber number of the user (see FIG. 8). Upon receiving the order number from the POS server 500, the mobile device 300 displays the order number on the display unit to notify the user that the order is completed, and displays the order number in the UIM.
The data is supplied to the UIM 200 via the interface 360 (step S6).

The security information storage area 232 of the UIM 200 stores a random number and an authentication algorithm unique to each UIM 200 (see FIG. 3). UIM200
Receives the order number from the mobile device 300, stores the order number in the order information storage area 233, and performs a predetermined operation using the order number and the random number in accordance with the authentication algorithm. Then, the UIM 200 outputs the answer Ans1 obtained by the calculation and the random number used for the calculation to the mobile device 300 as a response (step S7). Mobile device 30
0, upon receiving the answer Ans1 and the random number from the UIM 200, the POS server 50 as it is via the antenna 341.
0 (step S8).

As a result, the authentication information storage area of the POS server 500 stores the subscriber number, the order number, the random number,
The answer is stored in association with the answer (see FIG. 9). After placing an order for a product, if there is an inquiry (delivery days, etc.) regarding the ordered product from the mobile device 300 to the POS server 500 (step S9), the POS server 500 first checks the subscriber number. Only when the subscriber number received at the time of ordering the product and the subscriber number received at the time of product inquiry match (authentication is established), the POS server 500 receives the inquiry about the product and sends a response to the mobile device 300. Return (step S10).

A user who has made an order for a book, made an inquiry about a product, or the like, goes to a designated convenience store with the mobile device 300. When the user enters the store, the mobile device 300 and the POS terminal 700 are connected. The mobile device 300 connected to the POS terminal 700 requests the UIM 200 to read the order number. The UIM 200 receives the request and supplies an order number to the mobile device 300. Mobile device 300 is UI
Upon obtaining the order number from M200, mobile device 300 transmits the read order number to POS terminal 700 (step S11). Upon receiving the order number from the mobile device 300, the POS terminal 700 transmits the received order number to the POS server 500, and requests a random number corresponding to the order number and an answer Ans1 (step S12). PO
The S server 500 receives the request from the POS terminal 700,
The random number and the answer corresponding to the order number are read out from the data stored in the authentication information storage area, and the random number and the answer A are read.
ns1 is transmitted to the POS terminal 700 (step S1).
3).

The POS terminal 700 is a POS server 500
When the answer Ans1 is received from the mobile device 300, only the random number is transmitted to the connected mobile device 300 (step S1).
4). When the mobile device 300 supplies the received random number to the UIM 200 (step S15), the UIM 200 obtains an answer Ans2 from the received random number and the order number according to an authentication algorithm. Answer Ans2 found by UIM200
Is transmitted to the POS terminal 700 via the mobile device 300 (step S16 → step S17). POS terminal 7
00 receives the answer, compares the answer Ans2 received from the mobile device 300 with the answer Ans1 previously received from the POS server 500. As a result of the comparison, the answer An
If POS terminal 700 determines that answer Ans2 matches s1 (authentication is established), POS terminal 700 displays on the display unit 720 that authentication has been established, and prints an order slip describing the order number, product name, and the like. Out (Step S1
8). The user goes to the cashier with the printed out order slip, and receives the ordered book and settles the price.

On the other hand, when a UIM 200 ′ different from the UIM 200 attached to the mobile device 300 at the time of ordering the book is mounted on the mobile device 300, the mobile device 3
00 supplies a random number to the UIM 200 '(step S
19) The UIM 200 'obtains the answer Ans3 from the received random number and the order number according to the authentication algorithm.
The answer obtained by UIM 200 ′ is transmitted to POS terminal 700 via mobile device 300 (step S20 → step S21).

Upon receiving the answer Ans3, the POS terminal 700 receives the answer Ans3 received from the mobile device 300,
The answer Ans1 previously received from the POS server 500 is compared. As described above, each UIM stores a unique authentication algorithm, a random number, and the like. That is, the authentication algorithm stored in UIM 200 and U
Since the authentication algorithm is different from the authentication algorithm stored in the IM 200 ′, the POS terminal 700 determines that the answer Ans3 received from the mobile device 300 and the answer Ans1 previously received from the POS server 500 do not match (authentication). Unsuccessful), an order slip is not issued, and the display unit 720 displays that the authentication is unsuccessful (step S22).

As described above, according to the electronic commerce system of the present invention, the UIM 200 and the POS terminal 70
Only when the authentication between 0 and 0 is established, the ordered product can be purchased. Therefore, even if a user different from the user who ordered the product obtains only the order number by sniffing the order number or the like, the UIM 200 and P
Since authentication is not established with the OS terminal 700, it is possible to prevent improper commercial transactions due to impersonation or the like. In the present embodiment, the case where the user has ordered one product has been described. However, the present invention can be applied to a case where a user has ordered a plurality of products.

B. Application Example of the Present Embodiment An embodiment of the present invention has been described above. However, the above embodiment is merely an example, and various modifications can be made to the above embodiment without departing from the spirit of the present invention. It is. <First Modification> FIG. 10 is a sequence diagram for explaining the operation of the EC system according to the first modification.
The sequence according to the modified example 1 is provided with steps Sa5 to Sa12 instead of steps S5 to S18 shown in FIG. Further, only the authentication algorithm is stored in the UIM 200 according to the first modification, and the authentication algorithm and the random number corresponding to each UIM 200 are stored in the POS server 500.

When the user operates the operation unit 330 of the mobile device 300 to place an order for a book (step S4), the POS server 500 responds to an order request from the mobile device 300 and sets the order number corresponding to the order. Generate the order number and the generated random number to the mobile device 300 (step Sa).
5) The order number is stored in the authentication information storage area in association with the subscriber number, the random number, and the authentication algorithm (see FIG. 11). Then, the POS server 500 obtains the answer Ans1 from the order number and the random number according to the authentication algorithm, and transmits the obtained answer Ans1 and the order number to the POS terminal 700 specified by the user (step Sa6).
On the other hand, the mobile device 300
When the order number and the random number are received from the S server 500, the order number is displayed on the display unit to inform the user that the order is completed, and the order number and the random number are supplied to the UIM 200 via the UIM interface 360 (step Sa).
7).

When the UIM 200 receives the order number and the random number from the mobile device 300, the UIM 200 stores the order number in the order information storage area 233 while the security information storage area 2
The answer Ans2 is obtained from the order number and the random number by using the authentication algorithm stored in 32. And UIM2
00 outputs the answer Ans2 and the order number obtained from the calculation to the mobile device 300 in response to the read request (step Sa).
8). The mobile device 300 receives the answer Ans2 from the UIM 200.
Is received, the received answer Ans2 is stored in the storage unit 230.
To be stored. The authentication operation (Step Sa9 and Step Sa10) when the mobile device 300 inquires about the ordered product from the mobile device 300 to the POS server 500 after ordering the product is the same as in the above-described embodiment, and therefore will be described. Is omitted.

A user who has made an order for a book, made an inquiry about a product, or the like, goes to a designated convenience store with the mobile device 300. When the user enters the store, the mobile terminal 300 answers the POS terminal 700 using the short-range wireless communication to the POS terminal 700.
Send ns2. The POS terminal 700 is a mobile terminal 300
Receives the answer Ans2, the order number and P (step Sa11).
The answer Ans1 received from the OS server 500 and the order number are compared. As a result of the comparison, when it is determined that the order numbers match and the answer Ans1 and the answer Ans2 match (authentication is established), the POS terminal 700
, A response indicating that the authentication has been established is returned (step Sa12), and an order slip on which the order number, product name, and the like are described is printed out. The subsequent operation is the same as in the present embodiment, and a description thereof will not be repeated.

As described above, the POS server 5
The same authentication algorithm may be stored in 00 and UIM200. It should be noted that inquiries about the product made after ordering the product can be authenticated using the subscriber number as in the present embodiment,
The answer Ans1 obtained by the POS server 500 in 6
The authentication may be performed using the answer Ans2 obtained by the UIM 200 in step Sa8.

<Modification 2> FIG.
It is a sequence diagram for explaining the operation system of the C system. The sequence according to the modified example 2 includes a step S6 instead of the step Sa6 shown in FIG.
b6 is provided. Other steps are shown in FIG.
Therefore, the same reference numerals are given to the corresponding portions,
Description is omitted.

The user operates the operation unit 330 of the mobile device 300 to select a desired product from a product menu,
An order is placed (step S4). In the above-described embodiment and the first modification, when ordering, the convenience store as the destination of the product is specified, but here, the convenience store as the destination of the product is not specified. POS server 500
Generates an order number corresponding to the order, finds the answer Ans1 from the order number and the random number according to the authentication algorithm, and transmits the answer Ans1 and the order number to all the POS terminals 700 (step Sb6). The answer Ans1 obtained by the POS server 500 is all POS terminals 700
(In FIG. 12, only two POS terminals are shown.)
It is possible to receive goods at any convenience store where is installed. However, when using the EC system according to Modification 2, the purchase target is a ticket or the like (that is,
Products that do not need to be delivered to the receiving convenience store)
Is limited to

<Modification 3> FIG.
It is a sequence diagram for explaining the operation system of the C system. The sequence according to the modified example 3 includes steps Sc5 to Sc12 instead of steps Sa5 to Sa12 shown in FIG. In the third modification, the POS server 500 stores the UIM 20 in advance, as in the first modification.
An authentication algorithm and a random number corresponding to 0 are stored.

When the user operates the operation unit 330 of the mobile device 300 to place an order for a product (step S4), the POS server 500 responds to an order request from the mobile device 300 and changes the order number corresponding to the order. The order number and the generated random number are paid out to the mobile device 300 (step Sc).
5) The answer Ans1 is obtained from the order number and the random number using an authentication algorithm. And the POS server 500
The obtained answer Ans1 is stored in the authentication information storage area in association with the subscriber number, the order number, and the random number. On the other hand, mobile device 3
00 is a POS server 500 via the network 400
When receiving the order number and random number from, while displaying the order number on the display unit to inform the user that the order is completed,
The order number and the random number are supplied to the UIM 200 via the UIM interface 360 (Step Sc6).

Upon receiving the order number and the random number from the mobile device 300, the UIM 200 stores the order number in the order information storage area 233, while storing the order number in the security information storage area 2.
The answer Ans2 is obtained from the order number and the random number by using the authentication algorithm stored in 32. And UIM2
00 outputs the obtained answer Ans2 and order number to the mobile device 300 in response to the read request (step Sc7). Upon receiving the answer Ans2 from the UIM 200, the mobile device 300 stores the received answer Ans2 and the order number in the storage unit 230.
To be stored. The authentication operation (Step Sc8 and Step Sc9) when the mobile device 300 inquires about the ordered product from the mobile device 300 to the POS server 500 after ordering the product is the same as in the above-described embodiment, and therefore will be described. Is omitted.

Thereafter, the user transmits the answer Ans2 and the order number from the mobile device to the POS terminal 700 using the short-range wireless communication (step Sc10). POS terminal 70
0, upon receiving the answer Ans2 and the order number from the mobile device 300, transmits only the order number to the POS server 500 (step Sc11). The POS server 500 has a PO
Upon receiving the order number from the S terminal 700, the answer Ans1 corresponding to the order number is read from the authentication information storage area, and the read answer Ans1 is used as a response to the POS.
Return to the terminal 700 (step Sc12).

The POS terminal 700 is a POS server 500
Is compared with the answer Ans2 received from the mobile device 300. As a result of the comparison, the answer An
When it is determined that the answer Ans2 matches s1 (authentication is established), the POS terminal 700 returns a response to the effect that the authentication is established to the mobile device 300 (step Sc1).
3) Print out an order slip on which the order number, product name and the like are described. The subsequent operation is the same as in the present embodiment, and a description thereof will not be repeated.

As described above, the PO according to Modification 3
The S server 500 transmits the answer Ans1 obtained from the order number in response to a request from the POS terminal 700. Thus, when ordering a product, the user can receive the product at any convenience store where the POS terminal 700 is installed, without specifying the destination convenience store. However, when the EC system according to the third modification is used, similarly to the second modification described above, the purchase target is limited to a ticket or the like (that is, a commodity that does not need to be delivered to a receiving convenience store).

<Modification 4> In the present embodiment and Modifications 1 to 3 described above, a random number is used for authentication in the EC. In Modification 4, however, the public key cryptosystem (PK
Authentication is performed using I). FIG. 14 is a diagram for explaining a basic mechanism of the public key cryptosystem. In addition, the public key cryptosystem is a cryptographic technology of a system in which one of two keys of different types is made public, assuming that two keys of different types are used as a set of cryptographic keys. The private key is called the "public key."

First, the sender X and the receiver Y register their public keys with the certification organization (a shown in FIG. 14). next,
Sender X duplicates the message to be sent (plaintext M) and creates two identical ones (plaintext M and plaintext M ′),
While the plaintext M ′ is compressed by a hash function to create a digest version D of the message (b shown in FIG. 14). The sender X signs the digest version D with his / her private key (= encryption for the purpose of authentication) and attaches the obtained digital signature d to the remaining plaintext M (c shown in FIG. 14). ). Further, the sender X encrypts (= encryption for confidentiality) the combined plaintext M and the digital signature d attached thereto using the public key of the recipient Y distributed from the certification organization. , Transmit (FIG. 14)
D). The receiver Y obtains the plaintext M and the digital signature d of the sender X by decrypting the received data using its own secret key (e shown in FIG. 14). The data can be decrypted only by the receiver Y having the secret key. Next, the recipient Y verifies the digital signature d using the public key of the sender X distributed from the certification authority,
A digest version D of the message is obtained (f shown in FIG. 14). Here, if the verification can be performed using the public key of the sender X, it is possible to confirm that the message is from the sender X himself. Further, the receiver Y compresses the received plaintext M by using a hash function, and compares / collates the digest version D ′ of the message obtained with the received digest version D (g shown in FIG. 14). Here, digest version D 'and digest version D
If it matches, it is proved that the plaintext M has not been tampered with during the communication.

FIG. 15 is a sequence diagram for explaining an EC operation system using the public key cryptosystem described above. The sequence shown in FIG. 15 includes steps Sd6 to Sd12 instead of steps S6 to S18 shown in FIG. The security information storage area 232 of the UIM 200 stores a public key, a secret key, and the like instead of an authentication algorithm, a random number, and the like.

When the user operates the operation unit of the mobile device 300 to order a book (step S4), the POS server 5
00 generates an order number corresponding to the order in response to an order request from the mobile device 300, signs the generated order number,
The encrypted data is paid out to the mobile device 300 (step S5).
The mobile device 300 signs and encrypts the order number received from the POS server 500 and supplies the order number to the UIM 200 (step Sd6). Thus, the order number is stored in the order information storage area 233 of the UIM 200. UIM
Upon receiving the order number, the 200 transmits information indicating that the order number has been received to the POS server 50 via the mobile device 300.
Return to 0 (step Sd7). The POS server 500
Upon receiving a response from UIM 200, sign the order number
Encrypt and send to POS terminal 700 (step Sd
8).

After that, the user goes to the designated convenience store with the mobile device 300, and the mobile device 300 and the POS terminal 7
00 is connected. When the mobile device 300 and the POS terminal 700 are connected by a short-range wireless communication line, the mobile device 300
Requests the UIM 200 to read the order number (step Sd9). The UIM 200 reads the order number from the order information storage area 233 in response to the request, performs signature / encryption, and supplies it to the mobile device 300 (Step S).
d10). The mobile device 300 transmits the signed and encrypted order number to the POS terminal 700 using short-range wireless communication (step Sd11). The POS terminal 700 decrypts the order number transmitted from the mobile device 300 and compares the decrypted order number with the order number received from the POS server 500. As a result of the comparison, if it is determined that the order numbers match (authentication has been established), the POS terminal 700 returns a response indicating that the authentication has been established to the mobile device 300 (step Sd12), and the order number and the product Print out the order slip with your name etc. The subsequent operation is the same as in the present embodiment, and a description thereof will not be repeated.

As described above, the authentication may be performed using the public key cryptosystem (PKI). In the sequence shown in FIG. 15, it is possible to appropriately change which node performs signature / encryption based on the security level. In addition, the above-described public key cryptosystem can be used together with a common key cryptosystem, for example, by encrypting information using a common key, and transporting the common key used for encryption with the public key. Is also good. Further, the public key cryptosystem described in the present modification can be applied to the present embodiment and various modifications.

<Modification 5> In this embodiment, Bluetooth is used for communication between the mobile device 300 and the POS terminal 700. However, other wireless communication (for example, IEEE802.
11b, White Cap, IEEE802.11a, Wireless 1394), infrared communication (for example, IrDA), and wired communication using a cable (for example, IEEE1394) may be used. Also, in the present embodiment, a mobile phone has been exemplified as the mobile device 300, but a PHS (Personal Handyphone System) has been described.
m), PDA (Personal Digital Assistant), pager, etc., are applicable to all portable electronic devices having a wireless communication function.

The POS terminal 700 has a UIM20
A card R / W unit that can read and write data stored in 0 may be provided. In particular,
Direct POS of UIM200 extracted from mobile device 300
It is inserted into the card R / W section of the terminal 700. POS terminal 7
00 reads data stored in the UIM 200,
Used for authentication, etc. The data stored in the UIM 200 is directly transmitted to the POS terminal 50 without passing through the mobile device 300.
Since it is read to 0, more accurate authentication is possible.

<Modification 6> In addition, the PO according to the present embodiment
The S terminal 700 is configured to print out the order slip when the authentication is established.
S cash register) may be used as a POS terminal. Specifically, when the authentication is established, the display unit 720 of the POS terminal 700
Is displayed on the screen. The clerk at the convenience store displays the display section 7
After confirming 20, delivery and settlement of goods and services are performed. As described above, a commercial transaction may be performed using an existing POS terminal.

[0054]

As described above, according to the present invention,
Since commercial transactions can be performed only when authentication performed between the UIM and the POS terminal is established, unauthorized commercial transactions due to impersonation or the like can be prevented.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating a configuration of an electronic commerce system according to an embodiment.

FIG. 2 is a diagram showing a configuration of a UIM according to the embodiment.

FIG. 3 is a diagram showing a storage area of the EEPROM according to the embodiment.

FIG. 4 is a diagram showing a configuration of the mobile device according to the embodiment.

FIG. 5 is a diagram showing a configuration of a POS server according to the embodiment.

FIG. 6 is a diagram showing a configuration of a POS terminal according to the embodiment.

FIG. 7 is an exemplary view for explaining operations of the electronic commerce system according to the embodiment.

FIG. 8 is a diagram for explaining data stored in a POS server.

FIG. 9 is a diagram illustrating data stored in a POS server.

FIG. 10 is a diagram for explaining an operation of the electronic commerce system according to the first modification.

FIG. 11 is a diagram for explaining data stored in a POS server.

FIG. 12 is a diagram illustrating an operation of an electronic commerce system according to a second modification.

FIG. 13 is a diagram for explaining an operation of the electronic commerce system according to the third modification.

FIG. 14 is a diagram for explaining a basic mechanism of the public key cryptosystem.

FIG. 15 is a diagram for explaining an operation of an electronic commerce system using a public key cryptosystem according to a fourth modification.

[Explanation of symbols]

100: EC system, 200: UIM, 30
0: mobile device, 500: POS server, 700
..POS terminal.

──────────────────────────────────────────────────の Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 9/32 H04L 9/00 675C H04Q 7/38 H04B 7/26 109R (72) Inventor Akihiro Higashi Tokyo 2-11-1, Nagatacho, Chiyoda-ku, NTT DoCoMo, Inc. (72) Inventor Chie Noda 2-1-1, Nagatacho, Chiyoda-ku, Tokyo, Japan NTT Docomo ( 72) Inventor Masahiro Furuse 2-1-1, Nagatacho, Chiyoda-ku, Tokyo Inside NTT Docomo (72) Inventor Makoto Ueda 2-1-1-1, Nagatacho, Chiyoda-ku, Tokyo N・ TTI DoCoMo (72) Inventor Tatsuaki Wakabayashi 2-11-1, Nagatacho, Chiyoda-ku, Tokyo NTT T-DO Co., Ltd. Model in (72) inventor Hiramatsu TakashiAkira Nagata-cho Chiyoda-ku Tokyo chome 11th No. 1 Co., Ltd. NTT DoCoMo in the F-term (reference) 3E042 EA01 5J104 AA07 KA08 5K067 AA32 BB21 DD17 EE02 EE12 GG01 GG11 HH21

Claims (7)

[Claims] 1. A user identification module, a mobile station, and a P
An electronic commerce system comprising an OS server and a POS terminal, wherein a mobile device connected to the user identification module orders a product or service in response to an order request, and wherein the POS server includes the mobile device. Generates order information in response to an order from and transmits the order information to the mobile device. The user identification module stores the order information received from the POS server via the mobile device, and stores the order information based on the order information. Generating first information necessary for authentication relating to provision of a service, transmitting the first information to a POS server via a mobile device, the user identification module responding to a read request from the POS terminal with the stored order information, When transmitting the order information from the user identification module to the POS terminal, the POS terminal transmits the first information corresponding to the order information to the POS terminal. Server, the POS server sends first information corresponding to the request to the POS terminal, and the POS terminal receives the first information from the POS server, and receives the first information from the order information. Transmitting information necessary for generating the first information to the user identification module, wherein the user identification module authenticates provision of a product or service based on the information received from the POS terminal and the order information; To generate the second information required for
When the POS terminal receives the second information from the user identification module, the POS terminal provides a product or service corresponding to the order information using the first information and the second information. An electronic commerce system for performing authentication as to whether or not to allow the user to accept. 2. A user identification module, a mobile station, and a P
An electronic commerce system comprising an OS server and a POS terminal, wherein a mobile device connected to the user identification module orders a product or service in response to an order request, and wherein the POS server includes the mobile device. In addition to generating order information in response to an order from and transmitting the order information to the mobile device, generating first information necessary for authentication relating to the provision of goods or services based on the order information, generating the order information and the first information. Is transmitted to the POS terminal. When the user identification module receives the order information from the POS server via the mobile device, the second information required for the authentication related to the provision of the goods or the service based on the order information And transmits the order information and the second information to the POS terminal in response to the read request, and the POS terminal receives the first information from a POS server At the same time, when the second information is received from the user identification module, authentication is performed as to whether or not the provision of a product or service corresponding to the order information may be permitted using the first information and the second information. An electronic commerce system characterized by the following. 3. A user identification module, a mobile station, and a P
An electronic commerce system comprising an OS server and a POS terminal, wherein a mobile device connected to the user identification module orders a product or service in response to an order request, and wherein the POS server includes the mobile device. The user identification module generates order information in accordance with an order from the POS server and transmits the generated order information to the mobile device and the POS terminal.
Transmitting to the S terminal, the POS terminal receives the order information from the POS server, and receives the order information from the user identification module, the order information received from the POS server;
An electronic commerce system for performing authentication using the order information received from the user identification module to determine whether provision of a product or service corresponding to the order information is permitted. 4. A process in which a mobile device connected to a user identification module places an order for goods or services to a POS server in response to an order request, and wherein the POS server sends an order number corresponding to the order to the user identification module. And the user identification module obtains a first answer using the received order number, the authentication algorithm and the random number, and transmits the first answer and the random number to the POS server via a mobile device. And a step in which the user identification module transmits the received order number to a POS terminal in response to the read request; and, after the POS terminal receives the order number from the user identification module, a POS terminal corresponding to the order number. Requesting the answer of 1 and a random number from the POS server; and the POS server responding to the POS terminal with a first answer corresponding to the request. And transmitting, said POS terminal, first from the user identity module 1
After receiving the answer and the random number, transmitting only the random number out of the first answer and the random number to the user identification module. After the user identification module receives the random number from the POS terminal, Obtaining a second answer using an order number and an authentication algorithm, and transmitting the second answer to a POS terminal; after the POS terminal receives the second answer from the user identification module, the first answer and the Second
Authenticating whether or not the provision of the goods or services corresponding to the order number is permitted by using the answer of (1). 5. A process in which a mobile device connected to a user identification module places an order for goods or services to a POS server in response to an order request, and wherein the POS server issues an order number in response to an order from the mobile device. Is generated and transmitted to the mobile station, and a first answer is obtained using the order number, the authentication algorithm and the random number,
Transmitting the order number and the first answer to the POS terminal; and after the user identification module receives the order number and the random number from the POS server via the mobile device, the user identification module determines the order number, the random number, and the authentication algorithm. And a second answer is obtained using the order number and the second answer in response to the read request.
Transmitting the first answer and the second answer after the POS terminal receives the second answer from the user identification module.
Authenticating whether or not the provision of the goods or services corresponding to the order number is permitted by using the answer of (1). 6. A process in which a mobile device connected to a user identification module places an order for goods or services to a POS server in response to an order request, and wherein the POS server issues an order number in response to an order from the mobile device. Generating the first answer by using the order number, the authentication algorithm and the random number, and transmitting the order number and the random number to the mobile device. The user identification module transmits the order number and the random number to the mobile device from the POS server via the mobile device. After receiving the order number and the random number, a second answer is obtained using the order number, the random number, and the authentication algorithm, and the second answer and the order number are returned to the PO in response to the read request.
Transmitting to the S terminal; and the POS terminal transmitting the second
Requesting the first answer corresponding to the order number to the POS server after receiving the answer and the order number, and receiving the order number from the POS terminal to the POS terminal. Transmitting a first answer in response to the request; and wherein the POS terminal receives the first answer from the POS server, and uses the first answer and the second answer to place the order. Authenticating whether or not the provision of the product or service corresponding to the number is permitted. 7. A process in which a mobile device connected to a user identification module places an order for goods or services to a POS server, wherein the POS server generates an order number in accordance with the order from the mobile device. Transmitting an order number to the mobile device and the POS terminal; and transmitting the order number to the POS terminal in response to a read request after the user identification module receives the order number from the POS server via the mobile device. And receiving the order number from the POS server, receiving the order number from the user identification module, and using the order number received from the user identification module and the order number received from the POS server. Authenticating whether or not the provision of goods or services corresponding to the order information is permitted. E-commerce method.