JP2003058704A - Settlement authenticating method, settlement device and mobile communication terminal - Google Patents

Abstract

PROBLEM TO BE SOLVED: To intensify the security of a user when electronically settling a selling/buying transaction. SOLUTION: A temporary password is issued by a credit server 30 for every prescribed period, mail containing this issued temporary password is transmitted to a portable telephone set 10 owned by the user of a credit card, a true password stored in the portable telephone set 10 is updated, and the true password stored in the credit server 30 is updated by receiving reply mail from the portable telephone set 10. In the credit server 30, the true password, which is stored in the portable telephone set 10, inputted to a card reader 20 is compared with the true password stored in the credit server 30. When both the passwords are matched, the user is judged as a proper user and settling processing is performed.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a payment authentication method, a payment device, and a mobile communication terminal, and more particularly, to a technique for strengthening personal authentication at the time of electronic payment of sales transactions.

[0002]

2. Description of the Related Art A card payment service using a credit card is an electronic payment process in which a member store of the service exchanges predetermined information with a credit card company via a network. , Used in various sales transactions. Also, as another card settlement service, there is one that uses a debit card. When using this debit card, it is necessary to enter a password (personal identification number) for personal authentication.

[0003]

By the way, a user of a debit card often uses familiar numbers such as a date of birth or a telephone number as a password so as not to forget the password. . In such a case, for example, if you drop your wallet containing your debit card or license, the debit card could easily be used illegally based on the date of birth etc. listed on your license. There is a problem that it ends up. On the other hand, in the case of a credit card, the identity of the user is authenticated by the signature of the user instead of the password, so that the risk of unauthorized use is further increased than in the case of a debit card.

Therefore, the present invention has been made in view of the above circumstances, and provides a settlement authentication method, a settlement device, and a mobile communication terminal that enhance the security of the user at the time of electronic settlement of sales transactions. To aim.

[0005]

In order to solve the above-mentioned problems, a payment authentication method according to the present invention is a card ID for identifying a user of a payment card and a true authentication for authenticating the user. A storage step of storing a password and a terminal ID for identifying a mobile communication terminal owned by the user as a set, and issuing a temporary password to generate a certain terminal ID
A transmission step of transmitting to the mobile communication terminal corresponding to, a completion signal receiving step of receiving a completion signal indicating that the password update is completed from the mobile communication terminal by the temporary password, and, after receiving the completion signal, An updating step of updating the true password corresponding to the terminal ID of the mobile communication terminal with the temporary password by referring to the stored contents, and the payment transmitted from the card reading device that reads the information stored in the card. And a payment information receiving step of receiving payment information required for determining whether the combination of the card ID and the password included in the received payment information is a valid combination included in the stored set. And a signal to the effect that payment is accepted when the combination is determined to be a valid combination in the determination step. It is characterized by comprising a receiving signal transmitting step of transmitting to the winding device. According to this configuration,
When the temporary password is transmitted to the mobile communication terminal and a reply mail indicating that the password has been updated is received from the mobile communication terminal, it becomes possible to update the password for authentication when accepting the payment.

Further, the settlement apparatus according to the present invention identifies a card ID for identifying a user of a payment card, a true password for authenticating the user, and a terminal owned by the user. Storage means for storing the temporary ID as a set, issuing means for issuing a temporary password, transmitting means for transmitting the issued temporary password to a terminal corresponding to a certain terminal ID, and the temporary password from the terminal. A completion signal receiving means for receiving a completion signal indicating that the password update is completed, an updating means for updating the true password corresponding to the terminal ID of the terminal with the temporary password by referring to the stored contents, and a payment. The combination of the payment information receiving means for receiving the payment information necessary for the payment and the card ID and password included in the received payment information is Judgment means for judging whether or not the combination is a legal combination included in the stored set, and an acceptance signal for transmitting a signal for accepting the settlement when the judgment means determines that the combination is a legal combination. And a transmission means. With this configuration, when the temporary password is transmitted to the mobile communication terminal and the reply mail indicating that the password has been updated is received from the mobile communication terminal, the password for authentication when accepting payment is updated. Will be possible.

Further, the mobile communication terminal according to the present invention includes a receiving means for receiving an electronic mail, a judging means for judging whether the sender of the received electronic mail is a predetermined sender, and the judging means. Storage means for storing the password included in the e-mail in a predetermined storage area when it is determined by the sender that the password is stored in the e-mail, and an e-mail indicating that the storage of the password has been completed to the sender. It is characterized by comprising a mail generation means and a transmission means for transmitting the electronic mail generated by the mail generation means. With this configuration, it is possible to receive an email from a specific sender, update the existing password with the password contained in this email, and reply to the specific sender with an email indicating that the update has been completed. It will be possible.

[0008]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Next, preferred embodiments of the present invention will be described with reference to the drawings. [1. Configuration of Embodiment] [1-1. Configuration of credit card payment system] Figure 1
FIG. 1 shows a schematic configuration of the credit card payment system 1 according to the embodiment of the present invention. In this system, a user uses a credit card to pay for a purchased product or to pay a service usage charge, but at this time, a password must be input.

The mobile phones 10-1, ..., 10-n shown in FIG.
(Hereinafter, when it is not necessary to distinguish each mobile phone, the mobile phone is referred to as the mobile phone 10.) is a mobile communication terminal owned by a credit card user (hereinafter referred to as a card user). The mobile phone 10 has a mail sending / receiving function, and can display received mail and sent mail on the display unit. Then, the user knows that the password has been issued by the mail received from the credit server 30.

The card reading devices 20-1, ..., 20-n (hereinafter, referred to as the card reading device 20 when it is not necessary to distinguish each card reading device) are used for sales of goods and services. The device is owned by a store or the like that provides the information, and stores the store ID. The store ID is information that uniquely identifies the store in which each store is installed. Further, the card reading device 20 includes a card reading unit, and reads the credit card ID or the like magnetically stored in the credit card from the card reading unit. The card reading device 20 includes a key input unit, and a purchase amount and a password are input from the key input unit. Furthermore, the card reading device 20 transmits payment information necessary for payment to the credit server 30 connected via the Internet 60. The payment information includes a credit card ID, purchase amount, store ID and the like.

Here, the password in this embodiment is used to authenticate whether or not the user is the owner of the credit card. Therefore, if the password is known to a third party,
The credit card may be illegally used by this third party. Therefore, the credit server 30 according to the present embodiment issues a password every predetermined period, and sends an email containing the issued password (hereinafter referred to as “email”).
Described as PW transmission mail. ) Is the user's mobile phone 1
By sending it to 0, the password is updated regularly. By the way, even if the PW transmission mail is periodically transmitted from the credit server 30, if the PW transmission mail does not reach the mobile phone 10 or the received PW transmission mail cannot be opened, the user updates the password. I cannot recognize what was done and I cannot use the credit card.

Therefore, when the credit server 30 receives a mail (hereinafter referred to as a reply mail) containing a message that the password update is completed from the mobile phone 10, the credit server 30 stores the password stored in the credit server 30. It will be updated. In the following description, a password from issued by the credit server 30 to updated by the mobile phone 10 or the credit server 30 is referred to as a temporary password KPW, and a password stored in the mobile phone 10 or the credit server 30 is a true password. It is called SPW.

The credit server 30 shown in FIG. 1 receives the true password SPW and the payment information stored in the mobile phone 10 from the card reading device 20, and authenticates the card user based on the received true password SPW. At the same time, predetermined payment processing is performed based on the payment information received from the card reading device 20. It should be noted that the credit server 30 is actually owned by each of a plurality of credit card companies and may exist in a plurality. However, in this embodiment, in order to simplify the description, a mode in which one credit server 30 owned by one credit card company is used will be described.

The mobile communication network 40 includes a mail server 44,
A switching network 43 connecting a plurality of exchanges 42,
It is provided with a plurality of base stations 41 connected to each exchange 42. The mobile communication network 40 provides a call service and a packet communication service to each mobile phone 10 located in the communication service area of the mobile communication network 40.

A large number of base stations 41 are installed in the communication service area of the mobile communication network 40, and perform wireless communication with the mobile telephone 10 located in each wireless area. Each exchange 42 responds to a call request from each mobile telephone 10 located within the wireless area covered by each base station 41 connected to the exchange 42 or an incoming call request to each mobile telephone 10. Performs call connection processing, etc. Mail server 4
A server device 4 controls transmission / reception of mails performed via the mobile communication network 40. The gateway 50 is a device that connects the mobile communication network 40 to the Internet 60.

[1-2. Configuration of Credit Server] Next, the hardware configuration of the credit server 30 will be described with reference to FIG. CPU (Central Processing Uni
t) 31 is a ROM (Read Only Memory) 32, a RAM
(Random Access Memory) 33 or HDD (Hard D
By executing various programs stored in the isk Drive) 34, each unit of the apparatus connected via the bus 36 is controlled. In addition, the CPU 31 uses the temporary password K.
Issue PW. The communication control unit 35 is a circuit that controls data communication performed between the card reading device 20 and the mobile phone 10.

The ROM 32 stores various control programs executed by the CPU 31, control data, and the like. The RAM 33 is used as a work area for the CPU 31. For example, when the application program stored in the HDD 34 is executed, the execution part of the application program and data used are temporarily stored in the RAM 33. HDD34
Includes a customer information DB 341, a store information file 342,
And various application programs executed by the CPU 31 are stored.

FIG. 3 is a conceptual diagram showing the stored contents of the customer information DB 341. The customer information DB 341 has a plurality of fields. Credit card ID in the field
Information 341a, password information 341b, issuance period information 341c, issuance date information 341d, and telephone number information 341e.
And personal information 341f. Customer information DB341
Stores these pieces of information in association with each other. The credit card ID information 341a is information that uniquely identifies a credit card.

The password information 341b indicates the true password SPW used when authenticating the card user. By the way, as described above, the CPU 31 determines that the temporary password KP
Although W is issued, the temporary password KPW is not immediately reflected in the true password SPW. In the present embodiment, the temporary password KPW is set as the password information 34 on condition that the reply mail is received from the mobile phone 10.
It is reflected in 1b. As a result, the true password SP
W is updated.

The issuance period information 341c indicates a period from the issuance of the temporary password KPW by the credit server 30 to the issuance of the next temporary password KPW. Specifically, for example, when “6 hours” or “2 days” is stored as the issuance period information, the credit server 30 tells the mobile phone 10 every 6 hours or 2 days. The temporary password KPW will be issued.

The issue date information 341d is the temporary password KP.
The date and time when W is issued are shown. The telephone number information 341e indicates the telephone number of the mobile phone 10. The personal information 341f includes, for example, the name of a card user who has made a credit contract with a credit card company, the account number of a financial institution for making a payment, the contact phone number of the card user, and past payment records. Show.

Initial registration of the above-mentioned credit card ID information, issuance period information, etc. is carried out, for example, after a credit card use contract is made between a credit card company and a customer who wishes to use the credit card. It is performed by the input of the operator in charge of the data input work in the company. Here, in the present embodiment, as the true password SPW registered in the password information 341b at the time of initial registration in the customer information DB 341,
For example, the password specified by the card user is used, and the issuance period specified by the card user is used as the issuance period registered in the issuance period information 341c. Further, as the date and time to be registered in the issue date information 341d, for example, the computer date and time of the credit server 30 at the time of initial registration are used. Further, the store information file 342 stores the account number of the financial institution opened by the store for settlement and the store ID in association with each other.

[1-3. Configuration of Mobile Phone] Next, referring to FIG.
The hardware configuration of the mobile phone 10 will be described with reference to FIG. The operation unit 17 provided in the mobile phone 10 outputs a signal corresponding to the operation state of the user and supplies the signal to the CPU 11. The CPU 11 executes various programs stored in the ROM 12, the RAM 13, or the non-volatile memory 14 to perform control corresponding to an operation signal from the operation unit 17 to each unit of the device connected via the bus 19. To do. The ROM 12 stores various control programs executed by the CPU 11 and control data, and the RAM 13 is used as a work area of the CPU 11.

The non-volatile memory 14 has a password storage area 141 and a program storage area 142. The nonvolatile memory 14 may be, for example, EPROM.
(Erasable and Programmable Read Only Memory) and flash EEPROM (Flash Electrical EPROM). The password storage area 141 of the mobile phone 10 is
This is an area for storing a true password SPW used for authentication when using a credit card in the credit server 30. The true password SPW stored in the password storage area 141 is displayed on the display unit 18 based on the operation signal output from the operation unit 17 by the user's operation.

The program storage area 142 is an area for storing an application program executed by the mobile phone 10 when handling a password. An example of this application program is a reply mail generation program executed in cooperation with a mailer. If you install this reply mail generation program, a startup icon will be displayed in the mailer toolbox. When the user opens the PW transmission mail on the mailer and then selects and confirms this icon, the reply mail generation program is started. First, the reply mail generation program starts with the temporary password K included in the PW transmission mail.
Password storage area 1 with PW as true password SPW
41 to store. Next, the reply mail generation program generates and sends a reply mail to the credit server 30.

The initial registration of the true password SPW stored in the password storage area 141 is performed, for example, after a credit card contract is made between a credit card company and a customer who wishes to use the credit card. It is performed by the input of the operator in charge of the data input work in the company. The initial registration of the application program stored in the program storage area 142 is performed by, for example, an operator by the mobile phone 10.
Installed in and done. Here, in the present embodiment, at the time of initial registration in the password storage area 141, for example, a password specified by the card user may be input as the true password SPW registered in the password storage area 141.

The wireless communication section 15 has an antenna 151. Then, the wireless communication unit 15 performs wireless data communication with the base station 41 of the mobile communication network 40 under the control of the CPU 11. The communication processing unit 16 performs communication processing such as call connection / disconnection processing under the control of the CPU 12.

[2. Operation of Embodiment] [2-1. Automatic Password Update Process] Next, regarding the automatic update process for periodically updating the true password SPW performed in the credit card payment system 1 described above with reference to FIG. 5, the mobile phone 10-1
Will be described as an example. First, C of the credit server 30
The PU 31 determines the temporary password KP based on the issuance period stored in the issuance period information 341c and the issuance date stored in the issuance date information 341d of the customer information DB 341.
It is determined whether it is the time to issue W (step S
1). A specific description will be given with reference to 341z in FIG.
For example, the issue period is set to "2 days" and the issue date is "20
00.4.25 14:44 ”, the credit server 3
Computer date and time of 0 is “2000.4.27 14: 4
When it becomes 4 ", the CPU 11 determines the temporary password KPW.
Judging that it is time to issue.

When it is determined in the determination in step S1 that it is not the time to issue the temporary password KPW (step S1; NO), the CPU 31 of the credit server 30.
Repeats the process of step S1. On the other hand, step S
When it is determined that it is time to issue the temporary password KPW in the first determination (step S1; YES), the CPU 31 of the credit server 30 issues the temporary password KPW (step S2), and the issued temporary password K
A PW transmission mail including PW is generated (step S
3).

Next, the CPU 31 of the credit server 30
Sends the PW transmission mail to the telephone number 3 in the customer information DB 341
It is transmitted to the mail address corresponding to the telephone number stored in 41e (step S4). The format of the mail address in this embodiment is, for example, "phone number @ domain name". Here, the relationship between the temporary password KPW and the true password SPW at the time of step S4 will be described with reference to 341z of FIG. 3, for example, when "kz25ra7f" is issued as the temporary password KPW at step S3. However, at this point, it is not reflected in the password information 341b. Therefore, the password information 341b "3he6s9wb" is the true password SPW.
Will continue to be used for authentication. That is,
If a card user authentication request is sent from the card reading device 20 at this point, the true password SPW
“3he6s9wb” will be used as a password for authentication.

Next, the PW transmission mail transmitted from the credit server 30 is once received by the mail server 44 and immediately thereafter is transmitted to the mobile phone 10-1 by the mail server 44. If the mobile phone 10-1 is located in a place where radio waves do not reach,
When the power of -1 is OFF, the mail server 44 cannot send the PW transmission mail to the mobile phone 10-1. In such a case, for example, an email sent by the user who has the mobile phone 10-1 moves to a place where radio waves reach or after the mobile phone 10-1 is powered on. The PW transmission mail may be received from the mail server 44 by the receiving operation of.

Mobile phone 10 which received the PW transmission mail
When the owner of -1 selects the icon to open the received PW transmission mail on the mailer and activates the reply mail generation program and confirms it, the CPU 11 of the mobile phone 10-1
Starts the reply mail generation program. According to the reply mail generation program, the CPU 11 of the mobile phone 10-1 first stores the temporary password KPW included in the PW transmission mail as the true password SPW in the password storage area 141 to update the true password KPW (step S5). . Next, the CPU 1 of the mobile phone 10-1
1 generates and sends a reply mail to the credit server 30 (step S6). As a result, this reply mail is transmitted to the credit server 30 via the mail server 44 described above.

Credit server 3 which received the reply mail
0 updates the password stored in the password information 341b with the temporary password KPW issued this time, and the issue date stored in the issue date information 341d based on the transmission date and the transmission time of the email included in the reply email. Is updated (step S7). This allows
Since "3he6s9wb" stored in the password information 341b shown in 341z of FIG. 3 is updated by the temporary password KPW "kz25ra7f" issued in step S3, "kz25ra7f" is the true password thereafter. Will be used to authenticate card users. After that, the CPU 31 of the credit server 30 executes an automatic update process for periodically updating the true password SPW at predetermined intervals by repeating the processes of step S1 and subsequent steps described above.

[2-2. Method of Changing Issue Period Information] Next, a method of changing the issue period information set for periodically updating the true password SPW will be described.
In the present embodiment, for example, a method of changing the issuance period information according to a voice guidance by telephone and a method of changing the issuance period information from a home page on the Internet are adopted. First, a method of changing issuance period information according to voice guidance by telephone will be described. The card user makes a call to a service center that provides a service for changing the issuance period information by voice guidance, and operates the service in accordance with the voice guidance to arbitrarily change the issuance period time or days.

Next, a method of changing the issuance period information from the home page on the Internet will be described. The card user accesses a predetermined home page on the Internet from a mobile phone or the like and displays an input screen for changing the issuance period on the display screen of the mobile phone.
Then, after inputting the desired issuance time / number of days in the issuance period input field provided on the input screen, the time or number of days to be the issuance period is arbitrarily changed by performing confirmation processing. The time or the number of days input by these changing operations described above is the issue period information 34 of the customer information DB 341.
1c is stored.

[2-3. Processing at the time of payment] Next, the card payment processing performed in the credit card payment system 1 described above will be described with reference to FIG. 6 by taking the mobile phone 10-1 and the card reading device 20-1 as an example. The clerk of the merchandise store requested to pay the credit card inserts the credit card received from the card user who is the customer into the reading unit of the card reading device 20-1, and the merchandise of the product offered by the card user. The code, the amount of money, the number of payments, etc. are input by operating the input unit (step S21).

The card user operates the operation unit 17 of the mobile phone 10-1 to display the true password SPW stored in the password storage area 141 on the display unit 18 (step S22), and the displayed true password SPW. The password SPW is manually input from the key input unit of the card reading device 20-1 (step S23). After that, the store clerk makes a definite input by performing a predetermined input operation on the key input unit of the card reading device 20-1 (step S24). The fixed input referred to here is the credit card ID and the amount of money of the product taken into the card reading device 20-1, and the card reading device 20.
-1 is an input for instructing to start communication for performing a payment process based on payment information including a store ID set corresponding to -1.

When this confirmation input is made, the card reading device 20-1 transmits an authentication request signal for requesting the authentication of the card user to the credit server 30 (step S25). Upon receiving the authentication request signal, the CPU 31 of the credit server 30 performs a credit check process based on the information stored in the customer information DB 341, and determines whether the credit card received from the card user is a payable card. It is determined (step S26). More specifically, the CPU 31 of the credit server 30 determines whether or not the credit card received from the card user based on the past payment record stored in the personal information 341f of the customer information DB 341 can be settled. To judge.

When it is determined in step S26 that the card cannot be settled (step S2
6; NO), the CPU 31 of the credit server 30 transmits to the card reading device 20-1 a message indicating that this credit card is a non-payable card (step S27). On the other hand, if it is determined in step S26 that the credit card received from the card user is a payable card (step S26; Y
ES), the CPU 31 of the credit server 30 extracts the true password SPW corresponding to the credit card ID from the customer information DB 341 based on the credit card ID received from the card reading device 20-1 (step S28).

The CPU 31 of the credit server 30
Is the extracted true password SPW and card reading device 20.
It is determined whether or not the true password SPW received from -1 matches (step S29). When it is determined in step S29 that the true password SPW does not match (step S29; NO), the CPU 31 of the credit server 30 issues a message indicating that the true password SPW does not match, to the card reading device 20-1. (Step S30). On the other hand, when it is determined in step S29 that the true passwords SPW match (step S29; YES), the credit server 30
The CPU 31 of sends a message to the effect that payment is accepted to the card reading device 20-1 (step S31). Then, the CPU 31 of the credit server 30 performs a payment process for paying the price of the purchased product (step S32). To explain the details of this settlement process,
First, a transfer process is performed to transfer the price of the product from the deposit account of the credit company to the deposit account of the merchandise store, and then, on the payment date of the credit card, the payment of the product is deducted from the deposit account of the user. Withdrawal processing is performed.

[3. Effect of Embodiment] As described above,
In the credit card payment system according to the embodiment, since the true password SPW is updated by issuing the temporary password KPW to the mobile phone 10 owned by the card user every predetermined period, the latest true password is updated. You cannot use your credit card unless you know your SPW. Therefore, it is possible to prevent the use of the credit card by anyone other than the owner of the credit card, and it is possible to enhance the security of the user at the time of electronic settlement of a sales transaction.

[4. Modification of Embodiment] [4-1. First Modified Example] In the above-described embodiment, payment by credit card is targeted, but payment by debit card, IC card, or the like may be targeted instead of payment by credit card. For example, a debit card payment system for payment by debit card may be configured as shown in FIG.

Debit card payment system 2 shown in FIG.
However, the point different from the credit card payment system 1 shown in FIG. 1 is that the card reading device 20 ′ of the debit card payment system 2 is for a debit card and reads information recorded on the debit card. Further, the debit card payment system 2 is different in that the credit server 30 of the credit card payment system 1 is replaced with a financial institution server 30 ′. The financial institution server 30 'is a server device owned by a financial institution such as a bank that issues the debit card. Then, like the credit server 30, the financial institution server 30 'issues a temporary password KPW for each predetermined period in order to update the true password SPW used when the debit card user uses the debit card. The card reading device 20 ′ sends the e-mail including the issued temporary password KPW to each mobile phone 10, and the payment information necessary for debit card payment such as debit card ID, purchase amount, store ID and the true password SPW. The debit card user is authenticated based on the received password, and a predetermined payment process is performed based on the payment information received from the card reading device 20 ′.

Such a debit card payment system 2
In the case of purchasing a product or the like from a product store using a debit card, as in the case of the credit card payment system 1, the true password SPW stored in the mobile phone 10 is used as the card reading device 20 ′. To enter. Then, when the financial institution server 30 'authenticates that the user is a valid user based on the true password SPW input to the card reading device 20', the purchase price of the product is paid from the deposit account of the debit card user. Withdrawal is made, and the purchase price of the withdrawn merchandise is transferred to the deposit account of the store for settlement.

[4-2. Second Modification] Further, in the above-described embodiment, when the true password SPW is input to the card reading device 20, the user operates the key input unit of the card reading device 20 to manually input the true password SPW. However, the input method of the true password SPW is not limited to this. For example, the mobile phone 10 and the card reading device 2
0 may be provided with an infrared communication interface, and the true password SPW stored in the mobile phone 10 may be transmitted to the reading device 20 by infrared communication to input the true password SPW. Further, a Bluetooth interface may be provided instead of the infrared interface.

[4-3. Third Modification] In the above-described embodiment, the credit server 30 and the mail (P
Although the mobile phone 10 is used as a terminal for transmitting and receiving (W transmission mail and reply mail), the present invention is not limited to this. For example, a mobile phone having a function of performing wireless communication with a base station 41 of the mobile communication network 40, a mobile phone, or a mobile information terminal connected to the mobile phone is used as a communication terminal. Good.

[0047]

As described above, according to the present invention, it is possible to enhance the security of the user at the time of electronic settlement of sales transactions.

[Brief description of drawings]

FIG. 1 is a diagram showing a schematic configuration of a credit card payment system according to an embodiment.

FIG. 2 is a block diagram showing a hardware configuration of the credit server shown in FIG.

FIG. 3 is a diagram showing a file structure of a customer information DB shown in FIG.

FIG. 4 is a block diagram showing a hardware configuration of the mobile phone shown in FIG.

FIG. 5 is a sequence chart showing an operation example of the credit card payment system according to the embodiment.

FIG. 6 is a sequence chart showing an operation example of the credit card payment system according to the embodiment.

FIG. 7 is a diagram showing a schematic configuration of a debit card payment system according to a first modification.

[Explanation of symbols]

10-1 to 10-n ... Mobile phone (mobile communication terminal), 11 ... CPU (reception means, determination means, storage means, mail generation means, transmission means), 12 ... ROM, 13 ... RAM, 14 ... Non-volatile memory , 141 ... Password storage area, 142 ... Program storage area, 15 ... Wireless communication section, 16 ... Communication processing section, 17 ... Operation section, 18 ... Display section, 20-1 to 20-n ... Card reading device, 30 ... Credit Server (settlement device), 31 ... CPU (issuing means, transmitting means, completion signal receiving means, updating means, settlement information receiving means, judging means, acceptance signal transmitting means, change information receiving means, changing means), 32 ... ROM, 33 ... RAM, 34 ... HDD, 341 ... Customer information DB (storage means), 342 ... Store information file, 35 ... Wireless communication section, 40 ... Mobile communication network, 41 ... Base station, 42 ... Exchange , 43 ... switching network, 44 ... mail server, 50 ... gateway, 60 ... Internet.

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) G06K 17/00 G06K 17/00 T 19/10 H04L 9/00 673E H04L 9/32 G06K 19/00 R

Claims (8)

[Claims] 1. A card ID for identifying a user of a payment card, a true password for authenticating the user, and a terminal ID for identifying a mobile communication terminal owned by the user. And a storing step of storing the temporary password, a transmitting step of issuing a temporary password and transmitting the temporary password to a mobile communication terminal corresponding to a certain terminal ID, and a completion signal indicating that the password update is completed from the mobile communication terminal with the temporary password. A completion signal receiving step of receiving the completion signal, an updating step of updating the true password corresponding to the terminal ID of the mobile communication terminal with the temporary password by referring to the stored content after the completion signal is received, A payment information receiving step of receiving payment information required for payment transmitted from a card reading device for reading stored information; The determination step of determining whether or not the combination of the card ID and the password included in the settled payment information is a valid combination included in the stored set, and the determination is determined to be a valid combination. And a step of transmitting an acceptance signal to the card reading device, the acceptance authentication method comprising: 2. The payment authentication method according to claim 1, wherein the transmitting step issues a temporary password for each predetermined issuance period. 3. The payment authentication method according to claim 2, wherein a change information receiving step of receiving change information for changing the issuance period via a network, and changing the issuance period based on the change information. A payment authentication method comprising: a change step. 4. The payment authentication method according to claim 1, further comprising: the card reading device receiving a password from the mobile communication terminal, and generating the payment information based on the received password. Settlement authentication method. 5. A card ID for identifying a user of a payment card, a true password for authenticating the user, and a terminal I for identifying a terminal owned by the user.
Storage means for storing D in combination, issuing means for issuing a temporary password, transmission means for transmitting the issued temporary password to a terminal corresponding to a certain terminal ID, and password for the temporary password from the terminal Completion signal receiving means for receiving a completion signal indicating that the update of the terminal is completed, updating means for updating the true password corresponding to the terminal ID of the terminal with the temporary password by referring to the stored contents, and for making payment. And a payment information receiving unit that receives payment information necessary for determining whether the combination of the card ID and the password included in the received payment information is a valid combination included in the stored set. And a receipt signal for transmitting a signal to the effect that the settlement is accepted when the decision means determines that the combination is valid. No. transmitting means, and a payment device. 6. The payment device according to claim 5, wherein the transmission unit issues a temporary password for each predetermined issuance period. 7. The settlement apparatus according to claim 6, wherein the change information receiving unit receives change information for changing the issuance period via a network, and a change for changing the issuance period based on the change information. A payment device comprising: a means. 8. A receiving means for receiving an electronic mail, a judging means for judging whether or not the sender of the received electronic mail is a predetermined sender, and the judging means for judging that the sender is the predetermined sender. Storage means for storing the password included in the electronic mail in a predetermined storage area, a mail generation means for generating an electronic mail to the sender indicating that the storage of the password is completed, and the mail generation means A mobile communication terminal, comprising: a transmitting unit configured to transmit the electronic mail generated by the mobile communication terminal.