JP2004310784A - Personal electronic settlement system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a settlement means excellent in security and convenience. <P>SOLUTION: A personal electronic settlement system is provided with a payment means 100 equipped with communication means of two or more systems, a charging means 101 equipped with communication means of two or more systems, and a settlement means 102 equipped with the communication means of two or more systems, and communication between the payment means and each of the charging means and the settlement means is conducted using a communication means of individually different system. The settlement information is exchanged by communications between the payment means and the settlement means, so that fraudulent charging by the charging means is prevented. In addition, a signature (digital signature) and an accounting statement are exchanged by communications between the payment means and the charging means, so that efficient sale can be achieved. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an electronic payment system that provides a payment function in retail sales transactions represented by a credit card (bank card), and more particularly, to secure payment security and enable smooth payment processing.

In recent years, with the spread of bank cards represented by credit cards, credit card settlement in retail sales has become common. However, on the other hand, troubles such as counterfeiting of credit cards, unauthorized use by others, and unauthorized billing by dealers are increasing, and improvement in security as a settlement system is required. Recently, IC card type credit cards have also appeared as one of the countermeasures against counterfeiting of credit cards.
Hereinafter, a conventional credit card settlement system including an IC card type credit card will be described.
2. Description of the Related Art Conventionally, in settlement by a bank card represented by a credit card, as disclosed in Patent Document 1 below, data communication is performed between a terminal of a store and a control center to perform a credit inquiry and a credit settlement. Many settlement systems have been proposed and used (see Patent Document 2 below).

FIG. 42 shows a configuration of a conventional general payment system.
In FIG. 42, a credit settlement terminal 4201 is a terminal that is installed at a store and performs a credit settlement operation at the store. The credit settlement terminal 4201 is connected to a remote settlement system 4202 via a telephone line 4204, a public network 4203, and a communication line 4205. The credit settlement terminal 4201 includes a card reader for reading information stored in the credit card 4200, a modem for connecting to the public network 4203, and a printer for printing a calculation report.
The settlement system 4202 is an information processing system for performing a credit settlement process. The settlement system 4202 manages consumer credit information and account information under a credit service contract with the consumer.
The credit card 4200 has the owner's name and credit card number stamped on the surface of the card, and the owner's signature, and ID information is stored inside. The credit card 4200 is classified into a magnetic card type and an IC card type. The difference between the two is the difference in the external interface. Requires a reader. Some cards can store various types of personal information in addition to credit card ID information.

In the payment system configured as described above, credit payment is performed in the following procedure.
First, a consumer gives a credit card 4200 to a sales clerk and requests credit settlement. The clerk causes the card reader of the credit settlement terminal 4201 to read the credit card 4200 and performs a credit settlement operation.
Then, the credit settlement terminal 4201 reads the ID information from the credit card 4200, and transmits a message for requesting a credit inquiry and credit settlement to the settlement system 4202 by data communication using a modem. The settlement system 4202 performs a credit inquiry process and a credit settlement process based on the ID information and the amount information included in the message, and transmits a message of the settlement completion to the credit settlement terminal 4201. Then, the credit settlement terminal 4201 prints out the calculation from the printer.
The clerk asks the consumer to sign the statement, then checks and verifies the signature on the statement against the signature on the credit card 4200, and consumes the credit card 4200 along with a copy of the usage. Return to the person and complete the credit settlement.
Japanese Patent Publication No. 3-32100 JP-A-8-96043

However, in the conventional payment system, since the credit card is handed to the clerk of the store, the credit card number is known to the store, and the credit card number may be misused.
In addition, in the conventional payment system, since the retailer takes the initiative in the payment process, the retailer may trick the consumer and perform the payment process at a higher price than the actual product price. Was.
In addition, in the conventional payment system, a credit card is directly set in the credit payment terminal installed in the store, so the store modifies the credit payment terminal and falsifies the information in the card, or In some cases, personal information other than credit card ID information is illegally read.
In addition, in the conventional payment system, the consumer needs to carry one credit card for one credit service, and in order to receive a plurality of credit services by contracting with a plurality of credit card companies, Consumers had to carry many cards, which was inconvenient.

Further, in the conventional payment system, a physical card called a credit card is used as an authentication means, so that in order to cancel a transaction once a credit payment has been made later, the consumer has to make a transaction again. Had the inconvenience of having to go there.
Further, in the conventional settlement system, it is necessary to print the calculation sheet on paper, and the printing time has been a bottleneck in increasing the efficiency of sales. On the other hand, the credit settlement terminal needs to be equipped with a printer, and this has been a bottleneck in downsizing the credit settlement terminal and reducing the cost.
In addition, in the conventional payment system, it is necessary to have the consumer sign the statement, and the time it takes for the clerk to request the consumer to sign and to have the customer sign the actual time required for credit settlement It occupied most of the time and was a bottleneck in sales efficiency.

  The present invention has been made to solve the problems of the conventional payment system, and has as its object to provide a payment means excellent in security and convenience.

Therefore, in the present invention, a payment unit including a plurality of communication units, a billing unit including a plurality of communication units, and a settlement unit including a plurality of communication units (or a plurality of communication units). A service providing means having a communication means and a payment processing means having a communication line with the service providing means) constitute a personal electronic payment system. Communication is performed between each of the payment unit, the billing unit, and the settlement unit (or the service providing unit and the settlement processing unit) using communication systems of different systems.
By exchanging the settlement information through communication between the payment means and the settlement means (or the service providing means), it is possible to prevent improper billing by the billing means, and to secure individual information of the payment means and possession of the payment means. Personal information of the person can be prevented from being known to the person in charge of the billing means. Further, by exchanging necessary information between the payment means and the billing means by means of the communication means, it is possible to improve sales efficiency.

In the personal electronic settlement system of the present invention, each of the payment means, the billing means and the settlement means (or service providing means) has a plurality of communication means, and the payment means, the billing means and the settlement means (or service providing means) are provided. Since communication between each is performed by using different types of communication means, it is possible to prevent unauthorized billing by the billing means and leakage of personal information. Since the exchange is performed, the efficiency of sales can be improved.
Also, by using wireless communication means using light such as infrared light between the payment means and the billing means, and using radio wireless communication means between the payment means and the settlement means (or service providing means), A system form suitable for the use environment can be taken.

  Further, the billing means sends a payment request message to the payment means, the payment means sends a payment offer message to the billing means, and the billing means and the payment means transmit the settlement request and the information including the information obtained from these received messages. A payment request message is generated and transmitted to the settlement means (or service providing means), and the settlement means (or service providing means) collates these request messages, whereby an improper billing of the billing means or payment of the payment means is made. Cheating can be prevented. Further, payment can be received without the billing means knowing the identification number of the payment means or the telephone number of the owner of the payment means.

In addition, since one payment method can select a plurality of payment methods, there is no need to carry many credit cards.
Further, by appropriately transferring the data held by the payment means and the billing means to the storage means of the settlement means (or service providing means), the data can be backed up, and the size of the payment means and the billing means can be reduced. Can be planned.
Also, by updating the data held by the payment means and the billing means, it is possible to maintain consistency between the data stored in the payment means and the data stored in the settlement means (or service providing means). And system reliability is improved. Further, by accumulating the latest data in the payment means and the billing means and updating it, the access time of the payment means and the billing means can be shortened.

Further, in the update process, it is possible to detect falsification of the data stored in the payment means or the billing means, thereby preventing fraud.
Further, in this system, the cancellation of the settlement can be easily executed. Also, the person in charge of the billing means can contact the owner of the payment means who made the payment without knowing the telephone number. Similarly, the owner of the payment means can contact the person in charge of the billing means without giving the telephone number. Therefore, it is possible to carry out a smooth commercial transaction while protecting the privacy of the owner of the payment means.

  According to the first aspect of the present invention, there is provided a payment unit including a plurality of communication units, a billing unit including a plurality of communication units, and a settlement unit including a plurality of communication units. The communication between each of the payment means, the billing means and the settlement means is performed using communication systems of different systems, and the settlement information is communicated by the communication between the payment means and the settlement means. By exchanging, the fraudulent billing by the billing means is prevented, and the identification information of the payment information, the payment amount, the identification information of the transaction, and the respective signatures (digital signatures) are exchanged between the payment means and the billing means. By doing so, the efficiency of sales can be improved.

  According to the second aspect of the present invention, different types of wireless communication means are provided in the payment means as communication means for communicating with the billing means and the settlement means, so that convenience in a mobile environment can be improved. .

  According to the third aspect of the present invention, the wireless communication means between the payment means and the billing means has a shorter communicable distance and higher directivity than the wireless communication means between the payment means and the settlement means. Since the wireless communication means is selected and the distance between the payment means and the billing means is at most one or two meters, by selecting the wireless communication means in this way, a system suitable for the use environment can be obtained. Can take the form.

  According to a fourth aspect of the present invention, the payment unit includes an optical communication unit as a wireless communication unit with the billing unit, and a radio wireless communication unit as a wireless communication unit with the settlement unit. Between the short-term payment means and the billing means, using optical communication radio means such as infrared rays, while using the radio-wireless communication means between the long-distance payment means and the settlement means. , A system form suitable for the use environment can be taken.

  According to a fifth aspect of the present invention, an optical communication unit and a radio wireless communication unit, an input unit for inputting a value of an amount to be paid, and a process of generating data transmitted by the optical communication unit and the radio wireless communication unit are provided. A central processing unit for processing the data received by the optical communication unit and the radio communication unit; a first storage unit for storing a control program for controlling the operation of the central processing unit; And a second storage means for storing data processed by the central processing unit. The owner of the payment means operates the payment means, and the payment means stores the data. Data can be presented to the owner, and the convenience of the payment means is improved.

  According to a sixth aspect of the present invention, in the billing means, an optical communication means for communicating with the payment means, a communication means for communicating with the settlement means, and an input means for inputting a value of the amount to be billed A central processing unit for performing processing for generating data transmitted by the optical communication unit and the communication unit and processing for data received by the optical communication unit and the communication unit; and a control program for controlling operation of the central processing unit. A first storage unit, a display unit for displaying a result of data processing by the central processing unit, and a second storage unit for storing data processed by the central processing unit. It is possible to operate the billing means and to present the data stored in the billing means to the person in charge, and the convenience of the billing means is improved.

  According to a seventh aspect of the present invention, there is provided a computer system for storing, in a settlement unit, information relating to a payment unit, a second storage unit for storing information relating to a billing unit, and performing data processing in a settlement process. The payment processing is executed based on the data received from the payment means and the billing means.

  In the invention according to claim 8, the central processing unit of the payment means generates message data requesting payment processing of an amount corresponding to the value input by the input means of the payment means, and transmits the message data to the settlement means. Further, it is configured to process the message data indicating the completion of the payment received from the settlement means, output the message data to the display means, and store the processed data in the second storage means of the payment means. The payment means owner can directly request the payment means for payment by designating the amount to be paid, preventing fraudulent billing by the billing means. (Transaction data) can be managed.

  According to a ninth aspect of the present invention, the central processing unit of the payment means generates message data for offering payment of an amount corresponding to the value input by the input means of the payment means, and transmits the message data to the billing means. In this case, the owner of the payment means can directly settle the amount to be paid to the billing means and the settlement means, and perform the settlement, thereby preventing the billing means from being improperly charged.

  According to a tenth aspect of the present invention, the central processing unit of the billing means generates message data for billing the amount corresponding to the value input by the input means of the billing means, transmits the message data to the payment means, and From the message data for requesting payment and the message data for requesting payment, generate message data for requesting payment processing, transmit it to the payment means, and indicate the completion of payment received from the payment means. The message data is processed and output to the display means of the billing means, and the processed data is stored in the second storage means of the billing means. Can not be sent to the settlement means, fraudulent billing by the billing means can be prevented, and the owner of the billing means can record the settlement history (transaction data) It is possible to sense.

  The invention according to claim 11 is characterized in that the central processing unit of the billing means generates message data for requesting payment and transmits the message data to the payment means, and the central processing unit of the payment means proposes the generated message data for offering payment, Message data requesting payment processing is generated from the message data requesting payment received from the billing means and transmitted to the settlement means, and the settlement means receives the message data requesting settlement processing received from the billing means and from the payment means. The settlement processing is performed by comparing the received message data requesting the payment processing with the payment processing, and the message data representing the completion of the payment is generated and transmitted to the billing means. It is configured to transmit, and it is possible to prevent fraudulent billing by billing means and deception of payment by payment means .

  According to a twelfth aspect of the present invention, the central processing unit of the payment means puts identification information for identifying the message data in the message data for offering payment to the billing means, and requests the payment processing to be sent to the settlement means. In the message data, the identification information of the message data for which payment is to be made, the identification information of the payment means, and the identification information of the message data for which payment is to be requested, while the central processing unit of the billing means sends the payment means to the payment means. The identification information for identifying the message data is inserted into the message data requesting the payment, and the identification information of the message data requesting the payment, Enter the identification information and the identification information of the message data for which payment is to be made, and settle the message data requesting payment processing. And the identification information of the message data requesting the payment in the message data requesting the settlement processing and the identification information of the message data requesting the payment. The settlement can be performed without any notification of the identification information of the owner of the payment means or the public identification information of the owner of the payment means, and leakage of the identification information corresponding to the credit card number can be prevented.

  According to a thirteenth aspect of the present invention, the second storage means of the payment means stores identification information of a plurality of payment methods, and the central processing unit of the payment means selects the payment method selected by the input means of the payment means. Is configured to be included in the message data for requesting payment and the message data for requesting payment, and one payment method can be used to appropriately select a payment method from a plurality of payment methods. Can be. Therefore, it is not necessary to carry many credit cards, and the convenience of the owner of the payment means is improved.

  According to a fourteenth aspect of the present invention, the settlement means generates identification information of the owner of the payment means valid for the owner of the billing means and puts the identification information in the message data indicating the completion of the settlement. It is configured to transmit to the billing means, the identification information of the payment means and the public identification information of its owner are not known at all to the billing means, taking into account the convenience of the subsequent processing by the billing means Only the identification information of the owner of the payment means generated by the settlement means is notified.

  The invention according to claim 15 is characterized in that the payment means includes a battery capacity detection means for detecting a battery capacity of the payment means, and the central processing unit of the payment means when the battery capacity becomes equal to or less than Q (Q> 0). Transmits the data of the second storage unit of the payment unit storing the data processed by the central processing unit to the payment unit, and the payment unit transmits the received data to the payment unit of the payment unit that stores information on the payment unit. It is configured to accumulate in the first accumulating means, and it is possible to prevent the data accumulated in the payment means from being lost due to a battery exhaustion.

  According to a sixteenth aspect of the present invention, the data processed by the central processing unit of the payment means is stored in the second storage means of the payment means or the first storage means for storing information on the payment means of the payment means. These data are managed in the second storage means of the payment means by describing the identification information of the data and the address on the storage means where the data exists, and are stored in the first storage means of the settlement means. When processing the data indicating the address, the central processing unit of the payment means generates message data requesting the data, transmits the message data to the payment means, and the payment means receiving this message data converts the requested data into data. The message data including the message data is generated and transmitted to the payment means, and the central processing unit of the payment means extracts the requested data from the message data received from the payment means. And than, even with a small capacity of the second storage means of the payment means, it is possible to manage many transaction data, it is possible to achieve a reduction in size and cost of the means of payment.

  According to a seventeenth aspect of the present invention, the data processed by the central processing unit of the billing means is stored in the second storage means of the billing means or the second storage means for storing information relating to the billing means of the settlement means. These data are managed in the second storage means of the billing means by describing the identification information of the data and the address on the storage means where the data exists, and are stored in the second storage means of the settlement means. When processing the data indicating the address, the central processing unit of the billing means generates message data requesting the data and transmits the message data to the settlement means. Message data including the message data and transmitting the message data to the billing means, and the central processing unit of the billing means extracts the requested data from the message data received from the settlement means. And than, even with a small capacity of the second storage means according to means, it is possible to manage many transaction data, it is possible to achieve a reduction in size and cost of the claims means.

  The invention according to claim 18 is characterized in that the central processing unit of the payment means generates message data including data stored in the second storage means of the payment means at a time designated by the payment means, and The payment means that has received the message data generates message data including the update data of the second storage means of the payment means and transmits the message data to the payment means, and the central processing unit of the payment means transmits The update data is extracted from the received message data, and the data stored in the second storage means of the payment means is configured to be updated. Since the data held in the payment means is automatically updated, The owner of the payment means does not need to maintain the data stored in the payment means, and the convenience of the payment means is improved. Further, consistency between the data stored in the payment means and the data stored in the payment means can be maintained, and the reliability of the system is improved.

  The invention according to claim 19 is characterized in that the central processing unit of the billing means generates message data including data stored in the second storage means of the billing means at a time designated by the settlement means, And the settlement means having received the message data generates message data including the update data of the second storage means of the billing means and transmits the message data to the billing means. The central processing unit of the billing means The update data is extracted from the received message data, and the data stored in the second storage means of the billing means is configured to be updated. Since the data held in the billing means is automatically updated, The person in charge of the billing means does not need to maintain the data stored in the billing means, and the convenience of the billing means is improved. Further, consistency between the data stored in the billing means and the data stored in the settlement means can be maintained, and the reliability of the system is improved.

  According to a twentieth aspect of the present invention, the settlement means receives the message data including the data stored in the second storage means of the payment means from the payment means, and updates the data of the second storage means of the payment means. At the time of generation, the generation time of the data is compared, an address on the second storage unit of the payment unit is assigned to the data with a late generation time, and the payment unit of the settlement unit is assigned to the data with the early generation time. Address is allocated on the first storage means for storing information relating to the first storage means, and new data which is relatively likely to be accessed is stored in the payment means. Access can be made without waiting, and convenience is improved.

  The invention according to claim 21, wherein the settlement means receives message data including data stored in the second storage means of the payment means from the payment means, and updates the data of the second storage means of the payment means. Is generated, the access time of the data by the owner of the payment means is compared, an address on the second storage means of the payment means is assigned to the data having the slow access time, and And assigning an address on the first storage means for storing information relating to the payment means of the settlement means, wherein recently accessed data is stored in the payment means, and the owner of the payment means stores Can be accessed without waiting.

  According to a twenty-second aspect of the present invention, the settlement means receives the message data including the data stored in the second storage means of the claim means from the claim means, and updates the data of the second storage means of the claim means Is generated, the generation time of the data is compared, an address on the second storage means of the billing means is assigned to the data having a late generation time, and the settlement means is charged for the data having the early generation time. An address on the second storage means for storing information relating to the means is allocated, and new data which is relatively likely to be accessed is stored in the billing means. The user can access without waiting, and the convenience is improved.

  According to a twenty-third aspect of the present invention, when the settlement means receives the message data including the data stored in the second storage means of the payment means from the payment means, the second means of the payment means extracted from the message data. The data stored in the storage means is compared with the data stored in the first storage means for storing information relating to the payment means of the settlement means. Since the message data for stopping the function is transmitted to the payment means, it is possible to prevent the information stored in the payment means from being tampered with illegally.

  According to a twenty-fourth aspect of the present invention, when the settlement means receives the message data including the data stored in the second storage means of the billing means from the billing means, the second means of the billing means extracted from the message data The data stored in the storage means is compared with the data stored in the second storage means for storing information on the billing means of the settlement means. Since the message data for stopping the function is transmitted to the billing means, the information stored in the billing means can be prevented from being tampered with.

  According to a twenty-fifth aspect of the present invention, the central processing unit of the payment means generates message data requesting the cancellation processing of the payment processing using the message data indicating the completion of the payment, and transmits the message data to the settlement means. The central processing unit generates message data for requesting cancellation processing of the payment process using the message data indicating the completion of the payment, transmits the message data to the payment means, and the payment means receives from the payment means and the billing means, respectively. The received message data is collated, the payment processing is canceled, the message data indicating the completion of the payment processing cancellation processing is transmitted to the payment means, and the message data indicating the completion of the payment processing cancellation processing is transmitted to the billing means. Even if the payment means and the billing means are far apart, the cancellation processing of the settlement processing can be performed, and the convenience is improved. To above.

  According to a twenty-sixth aspect of the present invention, the central processing unit of the billing unit communicates with the payment unit using the identification information of the owner of the payment unit included in the message data indicating the completion of the payment received from the payment unit. Generating message data for requesting communication and transmitting the message data to the settlement means, the settlement means generating and transmitting message data notifying connection of the communication line with the billing means to the payment means; The central processing unit of the payment means receives the message data, and displays the identification information of the owner of the claim means on the display means of the payment means. The connection state of the communication line with the means is displayed, and the person in charge of the billing means can communicate with the owner of the payment means without knowing the public identification information (for example, telephone number) of the payment means. Communicating Can take, also, the owner of the means of payment as well, there is no worry that privacy will be violated. Therefore, the commercial transaction can be smoothly performed between the owner of the payment unit and the person in charge of the billing unit.

  According to a twenty-seventh aspect of the present invention, when the settlement unit connects the communication line between the payment unit and the billing unit, the access control set by the owner of the payment unit stored in the first storage unit of the settlement unit. By referring to the information, when the access from the billing means is prohibited, the communication line is not connected, so that the privacy of the owner of the payment means can be more securely protected.

  According to a twenty-eighth aspect of the present invention, the central processing unit of the payment means generates message data for requesting communication with the billing means by using the message data received from the settlement means and indicating completion of payment, and sends the message data to the payment means. Transmitting the payment means to the billing means, generating message data including the identification information of the owner of the payment means included in the message data indicating the completion of the payment, and informing the connection of the communication line with the payment means; Transmitting, further connecting a communication line between the payment means and the billing means, the central processing unit of the billing means receiving the message data, and displaying the identification information of the owner of the payment means on the display means of the billing means. And the connection status of the communication line with the payment means, and the owner of the payment means can check the public identification information (for example, telephone number) without knowing his or her own public identification information. It is possible to contact the person in charge of the means, on the other hand, the person in charge of billing means, it is possible to know whether the partner is a who. Therefore, the commercial transaction can be smoothly performed between the owner of the payment unit and the person in charge of the billing unit.

  The invention according to claim 29 is characterized in that the payment means applies a digital signature of the owner of the payment means to the message data to be transmitted to the billing means or the settlement means, and has become the owner of the payment means. Unauthorized payment can be prevented.

  The invention according to claim 30 is characterized in that the billing means applies a digital signature of the owner of the billing means to the message data to be transmitted to the payment means or the settlement means, and has become the owner of the billing means. Unauthorized charges can be prevented.

  The invention according to claim 31 is characterized in that the settlement means applies a digital signature of the owner of the settlement means to the message data to be transmitted to the payment means or the billing means, and the impersonator becomes the owner of the settlement means. Unauthorized payment processing can be prevented.

  According to a thirty-second aspect of the present invention, in the payment means, voice input means, voice output means, voice data input from the voice input means are converted into data transmitted by the communication means, and received by the communication means. Audio data processing means for converting the received data into audio data output by the audio output means, which enables voice data communication, and enables the owner of the payment means to talk with the partner who intends to make a transaction. And smooth business transactions.

  According to a thirty-third aspect of the present invention, in the claim means, voice input means, voice output means, voice data input from the voice input means is converted into data transmitted by the communication means, and the communication means Audio data processing means for converting the received data into audio data output by the audio output means, so that audio data communication becomes possible, and the owner of the billing means can talk with the customer Business transactions can be carried out smoothly.

  The invention according to claim 34 is characterized in that the payment means performs encryption processing of message data to be transmitted and decryption processing of encryption of received message data, and encryption processing of voice data to be transmitted. Voice encryption processing means for performing encryption processing of received voice data and encrypting and transmitting message data and voice data, thereby improving transaction security, Moreover, privacy can be protected from eavesdropping.

  According to a thirty-fifth aspect of the present invention, in the claim means, a cryptographic processing means for performing a process of encrypting message data to be transmitted and a process of decrypting a received message data, and a process of encrypting and receiving voice data to be transmitted And voice encryption processing means for performing a decryption process of the encrypted voice data, so that message data and voice data can be encrypted and transmitted / received, thereby improving transaction security, and , Can protect business secrets from eavesdropping.

  According to a thirty-sixth aspect of the present invention, the payment means sends a digital signature of the owner of the payment means, and further transmits the sealed message data to the owner of the settlement means to the settlement means. It is possible to prevent fraudulent payment impersonating the owner of the payment means, and to protect privacy.

  According to a thirty-seventh aspect of the present invention, the billing means applies a digital signature of the owner of the billing means to the message data to be transmitted to the settlement means and performs a letter-sealing process to the owner of the settlement means. Therefore, it is possible to prevent improper billing impersonating the owner of the billing means, and to protect trade secrets.

  According to a thirty-eighth aspect of the present invention, the settlement means applies a digital signature of the owner of the settlement means to the message data to be transmitted to the payment means, and performs a letter-sealing process to the owner of the payment means. The message data to be sent to the means is digitally signed by the owner of the settlement means, and the envelope is also addressed to the owner of the billing means.The improper settlement impersonating the owner of the settlement means Processing can be prevented, and the confidentiality of commercial transactions can be kept.

  According to a thirty-ninth aspect of the present invention, the settlement means stores the message data indicating the completion of the settlement transmitted to the billing means in the second storage means of the settlement means for accumulating information on the billing means, and transmits the message data to the payment means. Message data representing the completion of the payment made in the first storage means of the settlement means for storing information on the payment means, whereby, for example, the payment means or the billing means breaks down, Even if the internal data is lost, the lost data can be recovered based on the message data stored in the first storage means or the second storage means of the settlement means.

  The invention according to claim 40 is a service providing means for providing an electronic settlement service to the owner of the payment means and the owner of the claim means via the communication means with the payment means and the communication means with the billing means. And a payment processing means connected to the service providing means via the communication means and performing a payment process between the owner of the payment means and the owner of the billing means. Thus, the system can be configured without any major changes.

  The invention according to claim 41 is a service providing means, wherein first storing means for storing information on the payment means and the owner of the payment means, and second storing information on the claim means and the owner of the charging means. A storage system and a computer system for performing data processing for providing an electronic settlement service are provided. With this configuration, the service providing unit can provide an intermediary between the payment unit and the billing unit and the settlement processing unit. Execute the process smoothly.

  The invention according to claim 42, wherein the first storage means for storing information on the settlement processing contract of the owner of the payment means, and the second storage means for storing information about the settlement processing contract of the owner of the charging means, in the settlement processing means. 2 and a computer system for performing data processing in the settlement processing. The conventional settlement processing means can be configured without any major modification.

  In the invention according to claim 43, the service providing unit checks the message data requesting the payment processing transmitted from the billing means with the message data requesting the payment processing transmitted from the payment means, and requests the payment processing. Message data to be transmitted to the payment processing means, and the payment processing means that has performed the payment processing generates message data indicating the completion of the payment processing and transmits the message data to the service providing means. Message data representing the completion of the payment and message data representing the completion of the payment are generated from the message data representing the completion of the payment, and transmitted to the billing means and the payment means, respectively. It is possible to prevent fraudulent billing by the billing means and deception of payment by the payment means without making major changes to the means. .

  In the invention according to claim 44, the service providing means stores the message data indicating the completion of the settlement transmitted to the billing means in the second storage means of the service providing means and indicates the completion of the payment transmitted to the payment means. The message data is stored in the first storage unit of the service providing unit, so that, for example, even if the payment unit or the billing unit breaks down and the internal data is lost, the message data is stored in the first storage unit. The lost data can be recovered based on the message data stored in the first storage means or the second storage means.

  According to a 45th aspect of the present invention, the payment processing means is constituted by a plurality of payment processing means which handle different types of payment processing, and the service providing means stores information relating to the payment processing means. The owner of the payment means can use a plurality of payment methods, and the convenience of the payment means is improved.

  The invention according to claim 46 is characterized in that the service providing means transmits the message data requesting the payment processing based on the result of the comparison between the message data requesting the payment processing and the message data requesting the payment processing. A plurality of payment processing means are selected from among a plurality of payment processing means, and an optimal payment processing means is selected according to the content of the message data requesting the payment processing and the content of the message data requesting the payment processing. be able to.

  In the invention according to claim 47, the service providing means accumulates, in the third accumulating means of the service providing means, message data indicating completion of the settlement processing received from the settlement processing means. The message data indicating the completion of the process, the message data indicating the completion of the settlement, and the message data indicating the completion of the payment can be accumulated and managed while maintaining consistency with each other, thereby improving the reliability of the system.

  In the invention according to claim 48, the information on the owner of the payment means stored in the first storage means of the service providing means includes information on a settlement processing contract of the owner of the payment means, and information on the possession of the payment means. And information relating to the settlement processing contract of the owner of the billing means, among the information on the owner of the billing means stored in the second storage means of the service providing means. Information belonging to the owner is included, and the service providing means authenticates the owner of the payment means and makes a request based on the information stored in the first storage means of the service providing means. It becomes possible to prove the owner of the payment means to the owner of the means, and based on the information stored in the second storage means of the service providing means, to authenticate the owner of the billing means, Ownership of It is possible to proof of ownership of the claimed means for, with the owner of the owner and billing means of the payment means, it is possible to perform smooth transaction.

  In the invention according to claim 49, the information of the first storage means of the service providing means is managed and stored for each owner of the payment means, and the information of the second storage means of the service providing means is stored in the charging means. It is designed to be managed and stored for each owner of the system, and it is possible to safely and efficiently manage information related to the privacy of individuals involved in settlement, and improve the reliability of the system I do.

  The invention according to claim 50 is characterized in that the central processing unit of the payment means puts the validity period information of the message data into the message data requesting the payment and the message data requesting the payment processing, Puts the validity period information of the message data into the message data requesting the payment and the message data requesting the payment processing, and the payment means or the service providing means requests the message data requesting the payment processing and the payment processing. When validating the message data, the validity period information is verified, and an illegal request using old message data can be prevented.

  The invention according to claim 51 is characterized in that the central processing unit of the billing means generates the message data requesting the inquiry processing of the owner of the payment means before generating the message data requesting the settlement processing, and provides the service providing means. The service providing means compares the message data requesting the payment processing with the message data requesting the inquiry processing, and stores the information on the owner of the payment means stored in the first storage means of the service providing means. , Message data indicating the result of the inquiry of the owner is generated and transmitted to the billing means, and the central processing unit of the billing means processes the message data and outputs it to the display means of the billing means. Yes, the owner of the billing means can perform the settlement process after confirming the credit status of the owner of the payment means and the identity of the user, thereby improving the security of commercial transactions. .

  In the invention according to claim 52, the information on the owner of the payment means stored in the first storage means of the service providing means includes the photograph information and the age information of the owner of the payment means. The providing means includes the photograph information and the age information of the owner of the payment means in the message data indicating the inquiry result of the owner. The identity of the owner of the payment means can be confirmed based on the face photograph and age output to the user, and the security of commercial transactions is improved.

  53. The invention according to claim 53, wherein when the free space of the second storage means of the payment means becomes less than AU (AU> 0), the central processing unit of the payment means sets the second storage means of the payment means. The data stored in the second storage means is transmitted to the settlement means or the service provision means, the update data is received from the settlement means or the service provision means, and the data stored in the second storage means is updated. In addition, it is possible to prevent the data of the second storage unit of the payment unit from overflowing.

  In the invention according to claim 54, when the free space of the second storage means of the claim means becomes less than AM (AM> 0), the central processing unit of the claim means makes the second storage means of the claim means The data stored in the second storage means is transmitted to the settlement means or the service provision means, the update data is received from the settlement means or the service provision means, and the data stored in the second storage means is updated. Yes, it is possible to prevent the data of the second storage means of the claim means from overflowing.

  The invention according to claim 55, wherein the settlement means or the service providing means, which has received the message data including the data stored in the second storage means of the payment means from the payment means, is the second storage means of the payment means. Message data including the updated data of the new payment means and a control program for the central processing unit of the new payment means is transmitted to the payment means, and the message processing unit receives the message data. The control program of the apparatus is stored in the first storage means or the second storage means of the payment means, and the control program is executed. The payment program can be executed without trouble of the owner. The control program of the means can always be updated to the latest version. There is no need to correspond to the difference of ® down.

  In the invention according to claim 56, the settlement means or the service providing means, which has received the message data including the data stored in the second storage means of the claim means from the claim means, is provided by the second storage means of the claim means Message data including the updated data of the new request means and the control program of the central processing unit of the new request means is generated and transmitted to the request means. The control program of the apparatus is stored in the first storage means or the second storage means of the claim means, and the control program is executed. The control program of the means can always be updated to the latest version. There is no need to correspond to the difference of ® down.

  According to a fifty-seventh aspect of the present invention, the settlement means or the service providing means puts the identification information of the settlement processing into the message data indicating the completion of the settlement and the message data indicating the completion of the payment, and The central processing unit puts the identification information of the settlement processing in each message data requesting the cancellation processing of the payment processing or the settlement processing, and the settlement means or the service providing means received from each of the payment means and the billing means When matching each message data requesting the cancellation process of the payment process and the settlement process, the identification information of the settlement process is collated. By collating the identification information of the settlement process, the illegal cancellation process is performed. Request can be prevented.

  The invention according to claim 58 is characterized in that, when the service providing means checks each message data requesting the payment processing and the settlement processing cancellation processing received from each of the payment means and the billing means, the service processing means further cancels the payment processing. The message data requesting the processing is compared with the message data indicating the completion of the payment stored in the first storage means of the service providing means, and the message data requesting the cancellation processing of the settlement processing and the second data of the service providing means are checked. The message data indicating the completion of the payment stored in the second storage means is compared with the message data requesting the cancellation processing of the payment processing and stored in the first storage means of the service providing means. Check with the message data indicating the completion of the payment, and request the message data and service By matching the message data representing the completion of the settlement it is stored in the second storage means providing means, thereby preventing the demand of illegal cancellation processing.

  The invention according to claim 59 is characterized in that the service providing means accumulates, in the second accumulating means of the service providing means, message data indicating completion of the canceling process of the settlement processing transmitted to the billing means, and transmits the payment data to the paying means. Message data indicating the completion of the processing cancellation processing is stored in the first storage means of the service providing means, whereby, for example, the payment means or the billing means fails and the internal data is lost. In this case, the lost data can be recovered based on the message data stored in the first storage means or the second storage means of the settlement means.

  According to a 60th aspect of the present invention, the payment means and the billing means connected to the communication line by the settlement means or the service providing means perform voice data communication, and the owner of the payment means and the billing means Can have a conversation and can conduct business transactions smoothly.

  The invention according to claim 61 is such that the payment means and the billing means, which are connected to the communication line by the settlement means or the service providing means, exchange encryption keys and encrypt voice data with each other to perform voice data communication. The owner of the payment means and the owner of the billing means can smoothly conduct business transactions without eavesdropping on conversation between each other.

  The invention according to claim 62 is a user information processing means for performing, in a computer system of a service providing means, communication with a payment means and processing of information stored in a first storage means of the service providing means, Merchant information processing means for performing communication with the third party and processing of information stored in the second storage means of the service providing means, and communication with the settlement processing means and information stored in the third storage means of the service providing means And a service director information processing means for performing data processing in a service providing process by cooperative processing with the user information processing means, the merchant information processing means, and the payment processing institution information processing means. User information processing means, merchant information processing means, payment processing institution information processing means, and service director In a broadcast processing unit, by performing the parallel processing can be performed efficiently service provision process.

  The invention according to claim 63 is a computer system of service providing means, wherein service manager information for controlling generation and deletion of user information processing means, merchant information processing means, payment processing institution information processing means and service director information processing means. Processing means, wherein the user information processing means, the merchant information processing means, the payment processing institution information processing means, and the service director information processing means are each generated or deleted by the service manager information processing means as necessary. That is, the calculation function of the computer system can be efficiently allocated to each information processing means.

  In the invention according to claim 64, the service manager information processing means generates user information processing means corresponding to each payment means on a one-to-one basis for communication with the payment means, and communicates with the claim means. A merchant information processing means corresponding to each of the billing means on a one-to-one basis, and a payment processing institution corresponding to each of the settlement processing means on a one-to-one basis for communication with the payment processing means. Information processing means, and further, one service director information corresponding to each combination of the information processing means for the user information processing means, the merchant information processing means or the payment processing institution information processing means to perform the cooperative processing. A processing means is generated, a plurality of service providing processes can be performed at the same time, and the processing of each information processing means is simplified. Since bets can, maintenance becomes easy, thereby improving the reliability of the system.

  The invention according to claim 65, wherein the service manager information processing means, when generating the service director information processing means, defines a group of information processing means for performing cooperative processing, including the service director information processing means, The generated service director information processing means communicates only with the information processing means belonging to the group, and performs data processing in the service providing processing by coordination processing with the information processing means belonging to the group. Processing of one group of information processing means does not affect other information processing means, and the reliability of the system is improved.

  The invention according to claim 66 is characterized in that the service director information processing means needs to cooperate with information processing means not belonging to the group of information processing means to which the service director belongs when performing data processing in the service providing processing. Transmitting a message requesting addition of the required information processing means to the group to the service manager information processing means, so that the service manager information processing means generates the requested information processing means and adds it to the group. Since a new information processing means can be added in the middle of the cooperative processing of the group of information processing means, the service providing processing with a high degree of freedom can be performed.

  The invention according to claim 67 is characterized in that the user information processing means communicates only with the corresponding payment means, the service director information processing means of the group to which the user information processing means belongs, and the service manager information processing means. The merchant information processing means processes the corresponding billing means, the service director information processing means of the group to which the merchant belongs, and the service manager information processing. Communication means only, means for processing the billing means stored in the second storage means of the service providing means and information about the owner of the billing means, wherein the payment processing institution information processing means comprises: Only communicates with the service director information processing means of the group to which it belongs and the service manager information processing means. And processing of information relating to the payment processing means stored in the third storage means of the service providing means, wherein processing of one group of information processing means affects other information processing means. And the processing of one information processing means (user information processing means, merchant information processing means, payment processing institution information processing means) corresponds one-to-one to the information processing means (payment means , Billing means, payment processing institution), and the reliability of the system is improved.

  In the invention according to claim 68, when connecting a communication line between the payment means and the service providing means, the payment means and the corresponding user information processing means perform mutual authentication processing, When connecting the communication line to the service providing means, the billing means and the corresponding merchant information processing means perform mutual authentication processing, and the connecting means is connected to the other party by unauthorized impersonation. In addition, it is possible to prevent the information on the other party from being read or rewritten illegally.

  The invention according to claim 69 is characterized in that the payment means, the billing means, and the payment processing means respectively include message data transmitted to the corresponding user information processing means, merchant information processing means, or payment processing institution information processing means of the service providing means. Digital signature of the owner of the payment means, the owner of the billing means or the owner of the payment processing means, and the user information processing means, the merchant information processing means and the payment processing institution information processing means comprise payment means, billing means Alternatively, the digital signature of the service providing means is applied to the message data transmitted to the payment processing means, and the payment means, the billing means, the payment processing means, and the user information processing means of the service providing means which have received the message data with the digital signature applied thereto , Each of the merchant information processing means and the payment processing institution information processing means The digital signature verification processing is performed so that an improper operation due to impersonation can be prevented. The processing can be efficiently performed by the user information processing means, the merchant information processing means, and the payment processing institution information processing means processing in parallel.

  The invention according to claim 70 is characterized in that the payment means, the billing means, and the payment processing means respond to message data transmitted to the corresponding user information processing means, merchant information processing means, or payment processing institution information processing means of the service providing means. Performs a letter-sealing process to the owner of the service providing means, and furthermore, the user information processing means, the merchant information processing means and the payment processing institution information processing means transmit the message data to the payment means, the billing means or the payment processing means. On the other hand, a sealing means is given to the owner of the payment means, the billing means or the settlement processing means, and the payment means, the billing means, the settlement processing means and the service providing means which have received the message data subjected to these sealed processings Each of the user information processing means, the merchant information processing means and the payment processing institution information processing means The decryption processing of the encrypted message data is performed so that the secret of the commercial transaction can be protected from eavesdropping and the like, and the service providing means can perform the message data sealing processing and the sealed message processing. The data encryption processing can be efficiently performed by the user information processing means, the merchant information processing means, and the payment processing institution information processing means performing the processing in parallel, respectively.

  The invention according to claim 71 is characterized in that the payment means, the billing means, the payment processing means, the user information processing means of the service providing means, the merchant information processing means, and the payment processing institution information processing means transmit a digital signature and a sealed letter to the message data to be transmitted. Payment means, billing means, payment processing means and user information processing means of service providing means, merchant information processing means and payment processing institution information processing means which have received the message data are sealed. It decrypts the encrypted message data and verifies the digital signature. The service providing means includes digital signature and seal processing of the message data to be transmitted, and , It is possible to perform a verification process of decoding the digital signature of the received message data encryption efficiently.

  In the invention according to claim 72, the merchant information processing means receiving the message data requesting the payment processing from the billing means generates a message requesting the payment processing, transmits the message to the service manager information processing means, and The user information processing means that has received the message data requesting the payment processing generates a message requesting the payment processing, transmits the message to the service manager information processing means, and collates these messages based on the identification information included in the message. Service manager information processing means generates service director information processing means, defines a group of information processing means consisting of merchant information processing means, user information processing means and service director information processing means, and service director information processing means, Message and support requesting payment processing The service manager information processing means selects the payment processing means for executing the payment processing by comparing the contents with the message requesting the processing, and adds the payment processing institution information processing means corresponding to the selected payment processing means to the group. The service manager information processing means generates the requested payment processing institution information processing means and adds it to the group, and the service director information processing means generates a message requesting the payment processing and sets the payment processing institution information The message is transmitted to the processing means, and the payment processing institution information processing means generates message data requesting the payment processing from the message, transmits the message data to the payment processing means, and the message data indicating the completion of the payment processing is transmitted from the payment processing means. When transmitted, the payment processing institution information processing means generates a message indicating the completion of the payment process, and The service director information processing means transmits the message data indicating the completion of the payment processing to the third storage means of the service providing means while receiving the message indicating the completion of the payment processing. A message indicating completion and a message indicating completion of payment are generated and transmitted to the merchant information processing means and the user information processing means, respectively, and the merchant information processing means indicates completion of payment from the received message. Message data is generated and transmitted to the billing means, and message data representing the completion of the payment is stored in the second storage means of the service providing means, and the user information processing means determines from the received message that the payment has been completed. Message data that represents the completion of payment, In this case, the payment data is stored in the first storage unit of the service providing unit, and the payment process can be executed efficiently while preventing unauthorized operation due to secret leakage or impersonation in commercial transactions.

  In the invention according to claim 73, the merchant information processing means that receives the message data requesting the cancellation processing of the payment processing from the billing means generates a message requesting the cancellation processing of the payment processing and sends the message to the service manager information processing means. The user information processing means that has transmitted and received the message data requesting the cancellation processing of the payment processing from the payment means generates a message requesting the cancellation processing of the payment processing, transmits the message to the service manager information processing means, and includes the message. Service manager information processing means that matches these messages based on the identification information to be generated, generates service director information processing means, and includes information processing means comprising the merchant information processing means, user information processing means, and service director information processing means Define a group of service director information The processing means checks the contents of the message requesting the cancellation processing of the payment processing and the message requesting the cancellation processing of the payment processing, specifies the payment processing means that has executed the payment processing, and corresponds to the specified payment processing means. Requesting the service manager information processing means to add the payment processing institution information processing means to the group, the service manager information processing means generating and adding the requested payment processing institution information processing means to the group, and providing the service director information The processing means generates a message requesting the cancellation processing of the payment processing and sends it to the payment processing institution information processing means, and the payment processing institution information processing means generates message data requesting the cancellation processing of the payment processing from this message. Generated and transmitted to the payment processing means, from which the message data indicating the completion of the cancellation processing of the payment processing is When the payment is received, the payment processing institution information processing means generates a message indicating completion of the payment processing cancellation processing, transmits the message to the service director information processing means, and transmits the message data indicating the completion of the payment processing cancellation processing to the service. The service director information processing means, which has accumulated in the third accumulation means of the providing means and received the message indicating the completion of the payment cancellation processing, indicates the completion of the payment cancellation processing and the completion of the payment cancellation processing. Message, and transmits the message to the merchant information processing means and the user information processing means, respectively, and the merchant information processing means generates message data indicating completion of the payment canceling process from the received message, and makes a request. The service providing means transmits the message data indicating the completion of the settlement cancellation processing to the service providing means. Stored in the second storage means, and the user information processing means generates, from the received message, message data indicating the completion of the payment cancellation processing, transmits the message data to the payment means, and indicates the completion of the payment cancellation processing. The message data is stored in the first storage unit of the service providing unit, and the canceling process is efficiently performed while preventing unauthorized operation due to secret leakage or impersonation in commercial transactions.

  In the invention according to claim 74, the billing means generates message data requesting communication with the payment means, using the identification information of the owner of the payment means included in the message data indicating the completion of the settlement. When the merchant information processing means receives the message data from the billing means, it generates a message requesting communication with the payment means and transmits the message to the service manager information processing means. The processing means generates a service director information processing means, defines a group of information processing means composed of a merchant information processing means and a service director information processing means, and the service director information processing means determines a payment means included in the message. Identify the payment instrument corresponding to the owner's identification information and its owner, Requesting the service manager information processing means to add the user information processing means corresponding to the specified payment means to the group, the service manager information processing means generating and adding the requested user information processing means to the group, and When the director information processing means refers to the access control information set by the owner of the payment means stored in the first storage means of the service providing means and the access from the billing means is not prohibited, A message notifying the connection of the communication line with the billing means is generated and transmitted to the user information processing means. The user information processing means generates message data notifying the connection of the communication line with the billing means from the message and pays the message data. Means to prevent unauthorized operation due to secret leakage or spoofing in commercial transactions. Et al., Can be efficiently perform processing of customer service calls.

  In the invention according to claim 75, when the payment means generates and transmits message data requesting communication with the billing means using the message data indicating the completion of settlement, the message data is received from the payment means. The user information processing means generates a message requesting communication with the billing means and transmits the message to the service manager information processing means.The service manager information processing means receiving this message generates the service director information processing means, A group of information processing means including a user information processing means and a service director information processing means is defined, and the service director information processing means adds to the group of merchant information processing means corresponding to the billing means to the service manager information processing means. Request, and the service manager information processing means Generates a chant information processing means and adds it to the group, the service director information processing means generates a message notifying the connection of the communication line with the payment means and transmits the message to the merchant information processing means, and the merchant information processing means Message data that informs the connection of the communication line with the payment means is generated from the message and transmitted to the billing means, which efficiently prevents confidential leakage in commercial transactions and unauthorized operations due to impersonation, etc. Inquiry call processing can be performed.

  The invention according to claim 76 is characterized in that the settlement means or the service providing means generates message data requesting updating of data stored in the payment means or the second storage means of the billing means, and executes the payment means or the billing means. When the central processing unit of the payment unit or the billing unit generates the message data including the data stored in the second storage unit and transmits the message data to the settlement unit or the service providing unit, The settlement means or the service providing means generates message data including the update data of the second storage means of the payment means or the billing means and transmits the message data to the payment means or the billing means. The update data is extracted from the data to update the data stored in the second storage means. The payment means can forcibly update the information stored in the second storage means of the payment means or the second storage means of the billing means, and the payment means can be used when the contract contents are changed. This is effective when it is necessary to update the information stored in the second storage unit of the first embodiment or the second storage unit of the claim unit.

  The invention according to claim 77 is characterized in that the settlement means is constituted by a plurality of settlement means arranged in a distributed manner, and these settlement means are interconnected by a communication line, and the processing of the settlement means is distributed. By doing so, the processing efficiency is improved.

  In the invention set forth in claim 78, a plurality of settlement means are arranged for each region or for each organization, and the processing of the settlement means is dispersed for each region or organization, whereby Efficiency is improved.

  In the invention according to claim 79, the information relating to the payment means and the owner of the payment means is stored in the first storage means of the payment means or the settlement means having the same attribute as the owner of the payment means. Information about the owner of the means is stored in the second storage means of the billing means or the payment means having the same attribute as the owner of the billing means, and the first storage means of all the payment means further includes The identification information of all payment means permitted to communicate with the means and the position information indicating the location where information on the payment means and the owner of the payment means are stored are stored, and the second storage of all settlement means is stored. The means further stores identification information of all billing means permitted to communicate with the settlement means and position information indicating a place where information on the billing means and the owner of the billing means is stored. In each of the settlement means, the information related to the payment means and the information related to the owner of the payment means, the information related to the billing means and the information related to the owner of the billing means can be efficiently combined. The payment means or the billing means can access the information by communicating with any settlement means.

  The invention according to claim 80 is characterized in that the service providing means is constituted by a plurality of service providing means arranged in a distributed manner, and the service providing means are mutually connected by a communication line. By performing the processing in a distributed manner, the efficiency of the processing is improved.

  The invention according to claim 81 is one in which a plurality of service providing means are arranged for each region or for each organization, and the processing of the service providing means is dispersed for each region or each organization. And the processing efficiency is improved.

  In the invention according to claim 82, the information relating to the payment means and the owner of the payment means is stored in the first storage means of the payment means or the service providing means having the same attribute as the owner of the payment means, Information on the owner of the billing means is stored in the second storage means of the billing means or the service providing means having the same attribute as the owner of the billing means, and the first storage means of all the service providing means further includes: And identification information of all payment means permitted to communicate with the service providing means, and positional information indicating a place where information on the payment means and the owner of the payment means are stored, and all service providing means are stored. The second storage means further stores identification information of all the claim means permitted to communicate with the service providing means, and information on the claim means and the owner of the claim means. Location information indicating the place where the payment is made, and information relating to the payment means, information relating to the owner of the payment means, and information relating to the billing means in each service providing means. And the information related to the owner of the billing means can be efficiently stored and managed, and the payment means or the billing means can access the information by communicating with any service providing means. .

  The invention according to claim 83 is such that the attribute is “organization”, and the information relating to the billing means and its owner, or the information relating to the payment means and its owner is an organization to which the owner belongs. Is stored and managed in settlement means and service providing means.

  In the invention according to claim 84, the attribute is "region", and the information about the billing means and its owner, or the information about the payment means and its owner, indicates that the owner resides. It is stored and managed in local settlement means and service providing means.

  In the invention according to claim 85, the payment means connects the second service providing means to the communication line, and the second service providing means stores the first payment means and the information on the owner of the payment means. The service manager information processing means of the second service providing means is provided with identification information of the payment means stored in the first storage means of the second service providing means; The first service providing means is specified from the location information indicating the location where the information on the owner of the payment means is stored, and the service manager information processing means of the first service providing means is provided with a home corresponding to the payment means. Requesting generation of the user information processing means, and when the home user information processing means is generated on the first service providing means, the mobile user information corresponding to the payment means; The processing means is generated on the second service providing means, and the generated mobile user information processing means and home user information processing means cooperate with each other to communicate with the payment means, and to execute the payment means and the owner of the payment means. The payment means can access the information on the payment means and the owner of the payment means regardless of which service providing means is connected to the communication line, so that the payment means can be efficiently operated. Payment processing can be performed.

  In the invention according to claim 86, the payment means connects the user information processing means of the second service providing means to the communication line to request a cancellation processing of the payment processing, and the second service providing means: In the case where the service manager information processing means of the second service providing means is different from the first service providing means for storing the information relating to the billing means related to the payment processing and the owner thereof, the service manager information processing means of the second service providing means is different from the first service providing means. The first service providing means is identified from the identification information of the billing means stored in the second storage means and the position information indicating the location where the information on the billing means and the owner of the billing means is stored, A message requesting cancellation of the payment process received from the user information processing means is transmitted to the service manager information processing means of the first service providing means, A service manager information processing means, a message requesting cancellation processing of the settlement processing received from the merchant information processing means of the first service providing means, and a payment processing received from the service manager information processing means of the second service providing means. A service request information processing means is generated on the first service providing means by comparing the message with the message requesting the cancellation processing of the first service providing means, and the user information of the service director information processing means, the merchant information processing means and the second service providing means is provided. The payment means defines a group of information processing means including a processing means and a service providing means in which information on a billing means and its owner is stored, regardless of which service providing means is communicated. Cancel payment processing in the same way as when connected to a communication line It can be. Therefore, for example, it is possible to cancel an electronic payment made on a travel destination after returning to home.

  In the invention according to claim 87, the billing means transmits "message data requesting communication with the payment means" to the merchant information processing means of the second service providing means, and the second service providing means The service of the second service providing means, which has received the "message requesting communication with the payment means" from the merchant information processing means when different from the first service providing means for storing information on the payment means and its owner The manager information processing means generates a service director information processing means on the second service providing means, defines a group of information processing means including a merchant information processing means and a service director information processing means, and generates the generated service. The director's information processing means identifies the requested payment instrument and its owner, and responds to the identified payment instrument Requesting the service manager information processing means to add the user information processing means to the group, and in response to the request, the service manager information processing means transmits the payment stored in the first storage means of the second service providing means. A first service providing means is specified from the identification information of the means and position information indicating a place where information on the payment means and the owner of the payment means are stored, and a service manager information processing of the first service providing means is performed. Requesting the means for generating the user information processing means corresponding to the payment means, and when the user information processing means corresponding to the payment means is generated on the first service providing means, the user information processing means is grouped. The billing means can communicate with a payment means which is controlled by another service providing means.

  In the invention according to claim 88, the payment means transmits "message data requesting communication with the billing means" to the user information processing means of the second service providing means, and the second service providing means The service of the second service providing means that has received a "message requesting communication with the billing means" from the user information processing means when different from the first service providing means for storing information on the billing means and its owner. The manager information processing means includes identification information of the billing means stored in the second storage means of the second service providing means, and position information indicating a place where information on the billing means and the owner of the billing means is stored. From the above, the first service providing means is specified, and the service manager information processing means of the first service providing means receives the "claims" received from the user information processing means. A message requesting communication with the stage is transmitted, and the service manager information processing means of the first service providing means receiving the message generates a service director information processing means on the first service providing means, A group of information processing means including the service director information processing means and the user information processing means on the second service providing means is defined, and the generated service director information processing means is adapted to the merchant corresponding to the requesting requesting means. A request is made to the service manager information processing means of the first service providing means to add the information processing means to the group, and the service manager information processing means receives the request and adds the information processing means to the group. A corresponding merchant information processing means is generated and added to a group. The payment means may be connected to any service providing means and the communication line regardless of which service providing means is connected to the service providing means in which information relating to the payment means and information relating to the owner of the payment means are stored. Similarly, communication with the billing means can be performed.

  The invention as set forth in claim 89 is characterized in that the payment means is provided with a ferroelectric memory as the storage means, and has the effect of extending the life of the battery of the payment means.

  According to a ninety aspect of the present invention, the control program for the central processing unit of the payment means according to any one of the fifth to 89th aspects is recorded on a recording medium in a format readable by a computer, and the program is portable. Can be distributed in various forms.

  According to a ninety-first aspect of the present invention, a control program for a central processing unit according to the sixth aspect is recorded on a recording medium in a format readable by a computer, and the program is portable. Can be distributed in various forms.

  According to a ninth aspect of the present invention, a processing program of the computer system of the settlement means according to the seventh to 89th aspects is recorded on a recording medium in a format readable by an electronic computer, and the program is portable. Can be distributed in various forms.

  According to a ninety-third aspect of the present invention, a processing program for a computer system of the service providing means according to the forty-ninth aspect is recorded on a recording medium in a format readable by an electronic computer, and the program is portable. Can be distributed in various forms.

The invention according to claim 94 is the one in which the processing program of the computer system of the settlement processing means according to claims 40 to 89 is recorded on a recording medium in a format readable by an electronic computer, and the program is portable. Can be distributed in various forms.
Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(Embodiment 1)
A first embodiment of the present invention will be described with reference to FIGS.
According to the credit settlement system of the first embodiment, when a consumer purchases a product at a general retail store, the consumer directly receives a credit card, a statement of use, and the like between the consumer and the retail store. This is a system that performs credit settlement by wireless communication without passing it, called a personal remote credit settlement system, and the credit settlement service provided by this system is called a personal remote credit settlement service. I do.

As shown in the system configuration diagram of FIG. 1, the personal remote credit settlement system includes a personal credit terminal 100 having two two-way wireless communication functions and an electronic credit card function, and a personal credit terminal 100 at a retail store. At the center of a communication network connecting the credit settlement apparatus 101 for performing the credit settlement processing, the settlement system 103 for performing the credit settlement processing in the credit service company or the settlement processing company, and the personal credit terminal 100, the credit settlement apparatus 101, and the settlement system 103. A service providing system 102 for providing a personal remote credit settlement service, a digital public network 108 for providing a data transmission path in a network, and a radio telephone base for connecting the personal credit terminal 100 to the digital public network 108 With station 104 It is provided.
The personal credit terminal 100 is a portable wireless telephone terminal having a two-way wireless communication function of infrared rays and a digital wireless telephone, and an electronic credit card function. Further, the credit settlement apparatus 101 that performs a credit settlement process at a retail store also has two-way two-way communication functions of infrared communication and digital telephone communication.

  In FIG. 1, reference numeral 105 denotes a transmission line for infrared communication performed between the personal credit terminal 100 and the credit settlement apparatus 101, and reference numeral 106 denotes digital wireless communication performed between the personal credit terminal 100 and the base station 104. 107, a digital communication line connecting the base station 104 and the digital public network 108; 109, a digital communication line connecting the digital public network 108 and the service providing system 102; 110, a credit settlement device 101 And a digital telephone communication line 111 connecting the digital public network 108 and a digital communication line 111 connecting the service providing system 102 and the settlement system 103.

The following form is assumed as a normal operation form of the personal remote credit settlement service.
The settlement system 103 is installed in a credit card company or a settlement processing company, and the credit settlement apparatus 101 is installed in a retail store, and the consumer carries the personal credit terminal 100. The service providing system 102 is installed in a company that provides a personal remote credit settlement service, and when the credit card company provides a personal remote credit settlement service, the service providing system 102 is installed in the credit card company. Is done.
It is also assumed that a consumer has a credit service membership contract with a credit card company and a personal remote credit payment service member contract with a company that provides a personal remote credit payment service. In addition, we have contracts for wireless telephone services with telephone companies. Similarly, retail outlets may also sign credit card merchant agreements with credit card companies and personal remote credit card payment service merchants with companies that provide personal remote credit settlement services. We have contracts with digital telephone communication services with telephone companies.
If the personal remote credit card payment service is provided by a different company from the credit card company, the company that provides the personal remote credit card payment service may enter into the credit service with the credit card company. Instead of a credit card company, electronic credit cards are issued to contracting members, and contracts are made to operate personal remote credit settlement services.
Further, when the settlement processing company performs the credit settlement processing using the settlement system 103, the credit card company has concluded a contract with the settlement processing company to perform the credit settlement processing on behalf of the settlement processing company. .

In the following, in order to simplify the description of the present system, the consumer who owns the personal credit terminal 100 is a user, the retail store where the credit settlement device 101 is installed is a merchant, and the credit settlement device 101 A sales clerk who operates the service (Operator), a personal remote credit payment service provider is a service provider (Service Provider), and a credit card company or payment processing company that performs credit payment processing using the payment system 103 Is referred to as a payment processor (Transaction Processor).
In this system, when the user pays the merchant for the merchandise by credit, the personal credit terminal 100, the credit settlement device 101 and the service providing system 102 electronically exchange settlement information, and further, Credit exchange processing is performed by electronically exchanging settlement information between the service providing system 102 and the settlement system 103.
Basically, the service providing system 102 receives a payment request and a payment request from the personal credit terminal 100 and the credit payment device 101, respectively, compares the payment request with the payment request, and communicates with the user and the merchant. Instead, it requests the settlement system 103 for settlement processing. Then, the payment system performs the actual payment processing.

At this time, the personal credit terminal 100 and the credit settlement apparatus 101 perform infrared communication using the transmission path 105, and the personal credit terminal 100 and the service providing system 102 communicate with the transmission path 106 and the base station 104, and The digital payment system 101 and the service providing system 102 perform digital telephone communication by a digital wireless telephone via a digital communication line 107, a digital public network 108, and a digital communication line 109. Digital telephone communication is performed via the digital communication line 108 and the digital communication line 109. Then, the service providing system 102 and the settlement system 103 perform digital data communication via the digital communication line 111.
In the communication between the personal credit terminal 100 and the service providing system 102, the communication between the credit settlement apparatus 101 and the service providing system 102, and the communication between the service providing system 102 and the settlement system 103, all exchanged settlement information is used. And encrypt and communicate. In the encryption, information is electronically sealed and communicated by combining encryption processing of a secret key method and encryption processing of a public key method.

Next, each component of the present system will be described.
First, the personal credit terminal 100 will be described.
FIGS. 2A and 2B are external views of the front side and the back side of the personal credit terminal 100, respectively.
In FIG. 2A, reference numeral 200 denotes an infrared communication port (infrared receiving / emitting unit) for performing infrared communication with the credit settlement apparatus 101; 201, an antenna for receiving and transmitting radio waves of a digital wireless telephone; 202, a receiver / speaker; 203 is a color liquid crystal display (LCD) of a 120 × 160 pixel display, 204 is a mode switch for switching the operation mode of the personal credit terminal 100, 205 is a telephone switch for a digital wireless telephone, and 206 is an end of the digital wireless telephone A switch, 207 is a function switch, 208 is a numeric key switch, 209 is a power switch, and 210 is a microphone.
Further, in FIG. 2B, reference numeral 211 denotes an execution switch for prompting execution of processing with user confirmation, such as payment of a payment, confirmation of settlement contents, cancellation of credit transaction, and 212, for connecting a headset. Headset jack.
The personal credit terminal 100 has two operation modes, a credit card mode and a digital wireless telephone mode, and is switched by the mode switch 204. The personal credit terminal 100 operates as a digital radio telephone in the digital radio telephone mode, and operates as an electronic credit settlement means, that is, an electronic credit card in the credit card mode.
The electronic credit card is registered in the personal credit terminal 100 on the assumption that the user has a credit service contract with a credit card company. If the user has a membership contract for a plurality of credit services, a plurality of credit cards are registered in the terminal 100.
For example, when making a call using the personal credit terminal 100, the user first sets the operation mode to the digital wireless telephone mode with the mode switch 204, and then inputs the telephone number with the numeric key switch 208. Press the call switch 205. With the above operation, the user can make a call to the input telephone number.
When a call is received from personal credit terminal 100, personal credit terminal 100 emits a ringtone regardless of the operation mode at that time. In this case, pressing the call switch 205 automatically switches to the digital wireless telephone mode, and the user can receive a telephone call.
When paying the merchant with credit, first, the operation mode is set to the credit card mode by the mode switch 204, and the credit card to be used for payment is selected by the function switch 207. Next, the user enters the amount to be paid with the numeric keypad 208, points the infrared communication port 200 toward the merchant's credit card settlement device 101, and presses the execution switch 211. By the above operation, the personal credit terminal 100 performs infrared communication with the credit settlement apparatus 101, and performs digital wireless telephone communication with the service providing system 102, and exchanges settlement information, respectively. And a credit settlement process. The internal configuration and detailed operation of personal credit terminal 100 will be described later.

Next, the credit settlement device 101 will be described.
FIG. 3 is an external view of the credit settlement apparatus 101. This device includes a credit settlement terminal 300 having a credit settlement processing function and a digital telephone function, a cash register 311 for calculating the price of a product, and an RS-232C cable connecting the credit settlement terminal 300 and the cash register 301. 313 and an infrared light receiving / emitting module 301 connected to the credit settlement terminal 300 via the serial cable 310.
In FIG. 3, reference numeral 302 denotes a color liquid crystal display (LCD) displaying 320 × 240 pixels, 303 denotes a receiver, 304 denotes a mode switch for switching the operation mode of the credit settlement terminal 300, 305 denotes a telephone hook switch, and 306 denotes a telephone hook switch. , A function switch, 307 is a ten-key switch, 308 is an execution switch for prompting execution of processing with merchant confirmation, such as payment of money, confirmation of settlement contents, cancellation of credit transaction, etc., 309 is a power switch, Reference numeral 312 denotes a credit settlement switch for designating a settlement process by credit in the cash register 311.
The credit settlement terminal 300 has two operation modes, a credit settlement mode and a digital telephone mode, and is switched by a mode switch 304. In the digital telephone mode, it operates as a digital telephone, and in the credit settlement mode, it operates as a credit settlement processing terminal of a personal remote credit settlement service.
When making a call, for example, from the credit settlement terminal 300, the person in charge first sets the operation mode to the digital telephone mode with the mode switch 304, and then inputs the telephone number with the numeric key switch 307. Through the above operation, the person in charge can make a call to the input telephone number.
Further, when a call is made to the credit settlement terminal 300, the credit settlement terminal 300 emits a ringtone regardless of the operation mode. In this case, when the telephone 303 is raised or the hook switch 305 is pressed, the mode is automatically switched to the telephone mode, and the person in charge can receive the telephone.
When performing the credit settlement processing, first, the cash register 311 calculates the total amount from the commodity price and the tax, and notifies the user of the total amount. Next, in accordance with the request of the user who wants to pay by credit, the user presses the credit settlement switch 312 of the cash register 311 and waits for the user to perform the payment operation at the personal credit terminal 100. When the user performs a payment operation, the payment amount input by the user is displayed on the LCD 302, and the result of the user's credit inquiry is displayed. The person in charge checks the contents and presses the execution switch 308.
Through the above operation, the credit settlement apparatus 101 exchanges settlement information with the personal credit terminal 100 and the service providing system 102, respectively, and performs a credit settlement process. The internal configuration and detailed operation of the credit settlement terminal 300 will be described later.

Next, the service providing system 102 will be described.
FIG. 4 is a block diagram of the service providing system 102. The service providing system 102 performs data processing of payment information exchanged with each of the personal credit terminal 100, the credit payment device 101, and the payment system 103 in the personal remote credit payment service, and controls data communication at that time. A service server 400 that performs the service, a service director information server 401 that manages attribute information on users, merchants, and payment processing institutions, and history information of services provided by the service providing system 102, and user attribute information and the personal credit terminal 100. User information server 402 that manages the data in the merchant, merchant information server 403 that manages the merchant attribute information and the data in the credit settlement terminal 300, and manages the attribute information of the payment processing institution and the history information of the payment processing. Payment processing institution information server 404 Bis provider has a management system 407 for performing management of the service providing system 102, the servers 400 to 404 and management system 407 is composed of one or more computers.
The service server 400, the service director information server 401, the user information server 402, the merchant information server 403, and the settlement processing institution information server 404 are connected to the ATM-LAN switch 405 by ATM-LAN cables 409, 410, 411, 412, 413, respectively. Accesses the service director information server 401, the user information server 402, the merchant information server 403, or the settlement processing institution information server 404 via the ATM-LAN switch 405.
The ATM-LAN switch 405 is connected to the ATM switch 406 by an ATM-LAN cable 415. A digital communication line 109 connected to the digital public network 108 and a digital communication line 111 connected to the settlement system 103 are connected to the ATM exchange 404, and the service server 400 is connected via the ATM-LAN switch 405 and the ATM exchange 406, It communicates with the personal credit terminal 100, the credit settlement device 101, and the settlement system 103.
The management system 407 is connected to an ATM-LAN switch 406 by an ATM-LAN cable 414, and further connected to an ATM switch 406 by an ATM-LAN cable 416. The management system 407 is a service server 400, a service director information server 401, a user information server 402, a merchant information server 403, or a payment processing institution information via an ATM-LAN switch 408, an ATM switch 406, and an ATM-LAN switch 405. By accessing the server 404, the operation management of the service providing system 102 is performed.
The ATM switch 406 operates as a data communication switch in communication between the outside and the inside of the service providing system 102 and in communication between the inside of the service providing system 102. The ATM switch 406 supports a plurality of communication systems and has a function of a communication adapter. For example, in the communication between the service server 400 and the credit settlement apparatus 101, first, an ISDN data packet is exchanged between the credit settlement apparatus 101 and the ATM exchange 406, and the ATM exchange 406 converts the ISDN data packet into an ATM packet. The ATM packet is exchanged between the ATM switch 406 and the service server 400, and the ATM packet is exchanged. Similarly, in the communication between the service server 400 and the personal credit terminal 100, and in the communication between the service server 400 and the settlement system 103, the ATM exchange 406 responds to the respective communication methods and transmits the communication data. Perform the conversion.
In addition, in order to reduce communication costs between the personal credit terminal 100 and the service providing system 102 and between the credit settlement apparatus 101 and the service providing system 102, the service providing system 102 usually provides a personal remote credit settlement service. It is set up for each area where it is provided. Therefore, the ATM exchange 406 is connected to a dedicated digital communication line 417 that connects to a service providing system in another area. In this case, the service providing systems 102 share data with each other and perform data processing in cooperation.

Next, the settlement system 103 will be briefly described.
FIG. 5 is a block diagram of the settlement system 103. The payment system 103 includes a transaction processing server 500 that performs data processing of payment information exchanged with the service providing system 102 in a personal remote credit payment service, and a subscriber information server 501 that manages personal information of a credit service subscriber. A merchant information server 502 that manages information on credit store merchants, a transaction information server 503 that manages credit settlement transaction information, and a management system 506 that manages the operation of the settlement system 103 by a settlement processing institution. Each of the servers 500 to 503 and the management system 506 include one or a plurality of computers.
The transaction processing server 500, subscriber information server 501, member store information server 502, and transaction information server 503 are connected to an ATM-LAN switch 504 by ATM-LAN cables 508, 509, 510, 511, respectively. -Access the subscriber information server 501, member store information server 502, or transaction information server 503 via the LAN switch 504.
The ATM-LAN switch 504 is connected to an ATM switch 505 by an ATM-LAN cable 513. A digital communication line 111 connected to the service providing system 102 is connected to the ATM switch 505, and the transaction processing server communicates with the service providing system 102 via the ATM-LAN switch 504 and the ATM switch 505.
In the personal remote credit payment service, the credit payment processing performed by the payment system 103 is such that the transaction processing server 500 responds to a payment request from the service providing system 102 by using the subscriber information server 501, the member store information server 502, and This is established by updating the information of the transaction information server 503, respectively.
The ATM exchange 505 includes a digital communication line 111 connected to the service providing system 102, a dedicated bank line 515 connected to a bank online system, and a dedicated digital line 516 connected to a payment system of another payment processing organization. Connected, the settlement system 103 communicates with a bank online system and a settlement system of another settlement processing institution, and performs settlement processing between financial institutions.
The management system 506 is connected to an ATM-LAN switch 507 by an ATM-LAN cable 512, and further connected to an ATM switch 505 by an ATM-LAN cable 514. The management system 506 accesses the transaction processing server 500, the subscriber information server 501, the member store information server 502, or the transaction information server 503 via the ATM-LAN switch 507, the ATM switch 505, and the ATM-LAN switch 504. The operation management of the settlement system 103 is performed.
The ATM exchange 505 operates as an exchange for data communication in communication between the outside and inside of the settlement system 103 and communication between inside of the settlement system 103. The ATM switch 505 has a communication adapter function corresponding to a plurality of communication systems, and performs communication between the transaction processing server 500 and the service providing system 102, and communication between the transaction processing server 500 and the bank online system. In communication between the transaction processing server 500 and a payment system of another payment processing institution, the ATM exchange 505 converts communication data according to each communication method.

Next, a personal remote credit settlement service provided by the present system will be described.
The personal remote credit settlement service is roughly divided into four processes: "settlement", "cancel", "customer service call", and "inquiry call".
"Payment" is a process in which a user pays a credit to a merchant by credit without wirelessly transferring a credit card or a statement. "Cancel" is a personal remote credit payment. The process of canceling the transaction completed by the “payment” processing of the service by wireless communication based on the agreement between the user and the merchant, the “customer service call” is the processing of the “payment” of the personal remote credit payment service The process of enabling the merchant to make a telephone call to a user who has made a transaction with the merchant even if the merchant does not know the user's telephone number, and the "inquiry call" is a "payment" of the personal remote credit settlement service. For merchants who have transacted through processing, Without The are known your phone number, it is a process that enables the phone of inquiry.

First, the flow of the “payment” process will be described.
FIG. 6 shows the flow of the “payment” process of the personal remote credit payment service. FIGS. 7A to 7H show display examples on the LCD 203 of the personal credit terminal 100 in the above-mentioned "payment" processing, and FIGS. 8A to 8G show credit settlement. 9 shows a display example of the LCD 302 of the terminal 300.
FIG. 7A shows an initial screen when the personal credit terminal is in the digital wireless telephone mode, FIG. 7B shows an initial screen when the personal credit terminal is in the credit card mode, and FIG. 8 shows an initial screen in the digital telephone mode, and FIG. 8B shows an initial screen in the credit settlement mode.
The “payment” process starts with the user presenting the purchase to the person in charge and the person in charge calculating the price of the product.
In FIG. 6, first, the person in charge calculates the total amount of the payment using the cash register 311 of the credit settlement apparatus (calculates the billed amount in the cash register 600). Then, the cash register displays the calculated total amount (display of charge amount 601). The person in charge informs the user of the total price of the product and asks for the payment method (presents the billed amount and asks for the payment method 602). The user desires the “payment” of the personal remote credit settlement service (instructs “payment” of the personal remote credit settlement service 603), and in response, the person in charge operates the credit settlement switch 312 of the credit settlement device. By pressing the button (pressing the credit settlement switch 604), the user is instructed to start the payment operation of the personal credit terminal 100 (instruction 606 to start the payment operation). At this time, a credit settlement command is transmitted from the cash register 311 to the credit settlement terminal 300 via the RS-232C cable 313. The credit settlement terminal 300 automatically enters the credit settlement mode, and displays a screen as shown in FIG. 8C on the LCD 302 (payment operation waiting display 605).
The user sets the personal credit terminal 100 to the credit card mode with the mode switch 204, switches the credit card displayed on the LCD 203 with the function switch 207, and selects the credit card to be used for payment. At this time, the personal credit terminal 100 changes from the screen of FIG. 7B to the screen of FIG. 7C. Further, the function switch 207 is used to select “payment” from the menu, and the execution switch 211 is pressed. Then, the personal credit terminal 100 has the screen shown in FIG. As shown in FIG. 7E, the user inputs the amount to be paid with the ten-key switch 208, specifies the payment option with the function switch 207, and presses the execution switch 211. Then, the confirmation screen of FIG. 7F is displayed, and the user presses the execution switch 21 with the infrared communication port 200 directed to the credit settlement terminal 300 (payment operation 607). Then, personal credit terminal 100 transmits a message indicating the payment amount, payment offer 608, to credit settlement device 101 by infrared communication.

The credit settlement terminal 300 receives the payment offer 608 from the infrared light emitting / receiving module 301, compares the payment amount therein with the billing amount, and outputs a response message to the payment offer, a payment offer response 609 by infrared communication.・ Send to credit terminal 100. Further, the credit settlement terminal 300 transmits a message for requesting a credit inquiry of the user, a credit inquiry request 610, to the service providing system 102 by digital telephone communication. At this time, the credit settlement terminal 300 changes to the screen shown in FIG. 8D (credit inquiry display 611).
On the other hand, the personal credit terminal 100 receives the payment offer response 609 from the infrared communication port 200, checks the billing amount and the payment amount in the response 609, and outputs a message requesting payment of the credit, a payment request 613. Is transmitted to the service providing system 102 by digital wireless telephone communication. At this time, the personal credit terminal 100 displays the screen shown in FIG. 7G (payment process execution display 612).
The service providing system 102 receives the credit inquiry request 610 from the credit settlement terminal 300 and the payment request 613 from the personal credit terminal 100, respectively, collates the contents thereof, further checks the credit status of the user, A response message to the credit inquiry request, a credit inquiry response 614, is generated and transmitted to the credit settlement terminal 300.
The credit settlement terminal 300 receives the credit inquiry response 614 from the service providing system 102 and displays the contents of the credit inquiry response 614 as shown in FIG. Credit inquiry result display 615).
The person in charge confirms the result of the credit inquiry and presses the execution button 308 of the credit settlement terminal 300 to instruct the start of the settlement processing (payment processing request operation 616). Then, the credit settlement terminal 300 transmits a message requesting the settlement processing, the settlement request 617, to the service providing system 102 by digital telephone communication, and displays the screen of FIG. 8F (payment execution display 618). .
The service providing system 102 receives the settlement request 617 from the credit settlement terminal 300, and transmits a message requesting the settlement system 103 to perform a settlement process, a settlement request 619, to the settlement system 103. A The payment system 103 receives the payment request 619 from the service providing system 102, performs a payment process, and transmits a message indicating that the payment process is completed, and a payment completion notification 620 to the service providing system 102.
The service providing system 102 receives the payment completion notification 620 from the payment system 103, and transmits a message indicating that the payment processing has been completed, a payment completion notification 621 to the credit payment terminal 300.
The credit settlement terminal 300 receives the settlement completion notice 621 and displays the contents of the settlement completion notice 621 as shown in FIG. 8 (g) to notify the person in charge of the completion of the settlement processing (payment completion display). 622). Further, the credit settlement terminal 300 issues an electronic receipt 623 and transmits it to the service providing system 102 by digital telephone communication.
The service providing system 102 receives the receipt 623 issued by the credit settlement terminal 300, generates a receipt 624 converted into a data format for a personal credit terminal, and uses the digital wireless telephone communication to Send to
The personal credit terminal 100 receives the receipt 624 from the service providing system 102, displays the contents of the receipt 624 as shown in FIG. 7 (h), and informs the user that the settlement processing is completed. (Receipt display 625).
As described above, the “payment” processing of the personal remote credit payment service is performed. The details of the data exchanged between the devices in the above-mentioned "settlement" process will be described later.

Next, the flow of the "cancel" process will be described.
FIG. 9 shows a flow of processing of "cancel" of the personal remote credit settlement service.
FIGS. 10A to 10H show display examples on the LCD 203 of the personal credit terminal 100 in the above-mentioned “cancel” processing, and FIGS. 11A to 11G show credit settlement. 9 shows a display example of the LCD 302 of the terminal 300.
The situation in which the personal remote credit card settlement service performs "cancel" processing includes a case where the user and the merchant are close enough to each other to reach each other, and a case where they are far away from each other. The difference between the two cases is that the agreement between the user and the merchant regarding the first "cancel" process is made by talking in person or by telephone. Is the same. Therefore, here, the case where both are distant from each other will be described.
The "cancel" process starts when the user and the merchant rep agree to perform the "cancel" process once for the transaction completed by the "settlement" process.
In FIG. 9, first, the user and the merchant's staff agree to perform “cancel” processing by telephone (voice call 900), and both start a cancel operation.
First, the merchant's staff puts the credit settlement terminal 300 into the credit settlement mode with the mode switch 304 and displays the screen shown in FIG. With the function switch 306, "Sale Cancel" is selected from the menu as shown in the screen of FIG. 11B, and the execution switch 307 is pressed. Then, the sales history list of FIG. 11C is displayed on the credit settlement terminal 300, and the person in charge selects and executes the transaction to be canceled as shown in the screen of FIG. Press switch 308. Then, the confirmation screen of FIG. 11E is displayed, and the person in charge presses the execution switch 308 (cancel operation 901).
Then, the credit settlement terminal 300 transmits, to the service providing system 102, a message requesting the processing of “cancel” and a cancel request 903 by digital telephone communication. At this time, the credit settlement terminal 300 changes to the screen of FIG. 11F (display 902 during cancellation processing).

On the other hand, the user sets the personal credit terminal 100 to the credit card mode with the mode switch 204, switches the credit card displayed on the LCD 203 with the function switch 207, and selects the credit card used for payment. Further, the function switch 207 is used to select "Cancel" from the menu as shown in the screen of FIG. Then, the personal credit terminal 100 displays the purchase history list screen of FIG. 10B, and the user selects the transaction to be canceled with the function switch 207 and presses the execution switch 211. Then, the confirmation screen of FIG. 10C is displayed, and the user presses the execution switch 211 (cancel operation 904).
The personal credit terminal 100 transmits, to the service providing system 102, a message requesting "cancel" processing, a cancel request 906, by digital wireless telephone communication. At this time, the personal credit terminal 100 displays the screen shown in FIG. 10D (in-cancellation display 905).
The service providing system 102 receives the cancellation request 903 from the credit settlement terminal 300 and the cancellation request 903 from the personal credit terminal 100, respectively, collates the contents thereof, and instructs the settlement system 103 to “cancel”. , A cancel request 907 is sent.
The settlement system 103 receives the cancellation request 907 from the service providing system 102, performs a cancellation process of the requested transaction, and transmits a message indicating that the cancellation process is completed, and a cancellation completion notification 908 to the service providing system 102. .
The service providing system 102 receives the cancellation completion notification 908 from the settlement system 103, transmits a message indicating that the cancellation processing has been completed, a cancellation completion notification 909 to the credit settlement terminal 300 by digital telephone communication, A message indicating that the cancellation process has been completed and a cancellation process receipt 910 are generated and transmitted to the credit terminal 100 by digital wireless telephone communication.
The credit settlement terminal 300 receives the cancellation completion notice and displays the contents of the cancellation completion notice to notify the person in charge of the completion of the cancellation processing as shown in FIG. 11 (g) (cancel processing completion display 911). ).
The personal credit terminal 100 receives the cancellation processing receipt, displays the cancellation processing receipt as shown in FIG. 10E, and notifies the user that the cancellation processing has been completed (cancel processing receipt display). 912).
As described above, the "cancel" process of the personal remote credit card settlement service is performed. Thereafter, the person in charge can again make a telephone call (voice call 914) with the user by performing a customer service call operation (customer service call 913). The customer service call will be described later. The details of the data exchanged between the devices in the above-described "cancel" process will be described later.

Next, the flow of processing of a “customer service call” will be described.
FIG. 12A shows a flow of processing of a “customer service call” of the personal remote credit settlement service. FIGS. 13A and 13B show examples of display on the LCD 203 of the personal credit terminal 100 in the above-mentioned "customer service call" process. FIGS. 9 shows a display example of the LCD 302 of the credit settlement terminal 300.
A “customer service call” is a process that allows a user who has made a transaction through the “payment” process of the personal remote credit payment service to make a telephone call even if the merchant does not know the user's telephone number. is there. Therefore, the “customer service call” is based on the premise that there has been a transaction between the user and the merchant by the processing of the “payment” of the personal remote credit payment service before.
The processing of the “customer service call” starts when the person in charge of the merchant starts operating the “customer service call” on the credit settlement terminal 300.
In FIG. 12 (a), first, the person in charge of the merchant uses the mode switch 304 to set the credit settlement terminal 300 to the credit settlement mode and display the screen of FIG. 14 (a). Next, the person in charge selects “sales history” from the menu with the function switch 306, and presses the execution switch 308. Then, the sales history list of FIG. 14B is displayed on the credit settlement terminal 300. The person in charge selects, with the function switch 306, the transaction exchanged with the user who intends to make a telephone call as shown in the screen of FIG. 14 (c), and selects "telephone" from the operation menu at the bottom of the screen. Select and press the execute switch 308 (customer service call operation 1200). Then, the credit settlement terminal 300 automatically enters the digital telephone mode, displays the screen of FIG. 14D (display 1201 during connection processing execution), and makes a “customer service call” to the service providing system 102. , A customer service call request 1202 is transmitted by digital telephone communication.
The service providing system 102 receives the customer service call request 1202, checks the access control information set by the user, and calls the user, a customer service call 1203, and transmits the customer service call 1203 to the user's personal credit terminal 100 by digital wireless telephone communication. Send to Further, the service providing system 102 transmits a message permitting a call with the user and a customer service call request response 1204 to the credit settlement terminal 300 by digital telephone communication.
The credit settlement terminal 300 receives the customer service call request response 1204 from the service providing system 102, displays the screen of FIG. 14E, and notifies the person in charge that the user is being called (calling display 1206). .

On the other hand, the personal credit terminal 100 receives the customer service call 1203, outputs a ringtone, displays the screen of FIG. 13A, and notifies the user that a call is being received from the merchant (incoming call). Display 1205). When the user presses the call switch 205 (call operation 1207), the personal credit terminal 100 transmits a message indicating that the user has accepted the call, a call response 1208 to the service providing system 102 by digital wireless telephone communication, The screen of FIG. 13B is displayed (display during call 1209).
The service providing system 102 receives the incoming response 1208, and transmits a message indicating that the user has accepted the call, a call response 1210, to the credit settlement terminal 300 by digital telephone communication.
The credit settlement terminal 300 receives the call response 1210, displays the screen of FIG. 14F (call display 1211), and the merchant enters a call state with the user (voice call 1212).
As described above, the processing of the "customer service call" of the personal remote credit settlement service is performed.
Further, in the customer service call, the merchant rep selects “telephone” from the operation menu at the bottom of the sales history on the detailed screen of the sales history in FIG. 14G and presses the execution switch 308 (customer service call operation 1200 ), The process can be started. On the completion screen of the “cancel” process of FIG. 11G, “customer service call” is selected from the operation menu at the bottom of the screen, and the execution switch 308 is pressed. (Customer service call operation 1200) can also start the process.
The details of the data exchanged between the devices in the processing of the "customer service call" will be described later.

Next, the flow of the process of the “inquiry call” will be described.
FIG. 12B shows the flow of processing of an “inquiry call” of the personal remote credit settlement service.
FIGS. 13B to 13F show display examples on the LCD 203 of the personal credit terminal 100 in the above-mentioned "inquiry call" processing. FIGS. 14H to 14F show credits. 3 shows a display example of the LCD 302 of the payment terminal 300.
An "inquiry call" is a process that enables a user to make an inquiry call to a merchant who has transacted through the "payment" process of the personal remote credit payment service without having to know his or her own phone number. is there.
The process of the “inquiry call” starts when the user starts the operation of the “inquiry call” on the personal credit terminal 100.
In FIG. 12B, first, the user uses the mode switch 204 to set the personal credit terminal 100 in the credit card mode, and displays the screen of FIG. 13C. Next, as shown in the screen of FIG. 13D, the user selects “use history” from the menu with the function switch 207, and presses the execution switch 211. Then, the personal credit terminal 100 displays the sales history list of FIG. The user uses the function switch 207 to select a transaction exchanged with the merchant who intends to make a telephone call, as shown in the screen of FIG. 13F, and selects “inquiry” from the operation menu at the bottom of the screen. Then, the execution switch 211 is pressed (inquiry call operation 1213). Then, the personal credit terminal 100 automatically enters the digital wireless telephone mode, displays the screen shown in FIG. 13G (display 1214 during execution of connection processing), and calls the service providing system 102 with an inquiry call. A message requesting the processing of ", an inquiry call request 1215 is transmitted by digital wireless telephone communication.
The service providing system 102 receives the inquiry call request 1215, and transmits a message for invoking the merchant, an inquiry call 1216, to the credit settlement terminal 300 of the merchant by digital telephone communication. Further, the service providing system 102 transmits a message permitting a call with the merchant, an inquiry call request response 1217 to the personal credit terminal 100 by digital wireless telephone communication.
The personal credit terminal 100 receives the inquiry call request response 1217 from the service providing system 102, displays the screen in FIG. 13 (h), and notifies the user that the merchant is being called (calling display 1219).

On the other hand, the credit settlement terminal 300 receives the inquiry call 1216, outputs a ring tone, and displays the screen of FIG. ). When the merchant's clerk picks up the handset 303 (call operation 1220), the credit settlement terminal 300 transmits a message indicating that the merchant has accepted the incoming call, an incoming call response 1221 to the service providing system 102 by digital telephone communication, The screen shown in FIG. 14F is displayed (call-in-progress display 1222).
The service providing system 102 receives the incoming response 1221, and transmits a message indicating that the merchant has accepted the call, a call response 1223, to the personal credit terminal 100 by digital wireless telephone communication.
The personal credit terminal 100 receives the call response 1223, displays the screen of FIG. 13B (call display 1224), and the user enters a call state with the merchant (voice call 1225).
As described above, the processing of the "inquiry call" of the personal remote credit settlement service is performed.
The inquiry call is processed by the user selecting “inquiry” from the operation menu at the bottom of the screen on the detailed screen of the use history in FIG. You can also start.
The details of the data exchanged between the devices in the above-mentioned "inquiry call" process will be described later.

Next, the internal configuration of the personal credit terminal 100 will be described.
FIG. 15A is a block diagram of the personal credit terminal 100. The terminal has a CPU (Central Processing Unit) 1500 that processes transmission data and reception data and controls other components via a bus 1529 according to a program stored in a ROM (Read Only Memory) 1501. And a RAM (Random Access Memory) 1502 in which data processed by the CPU 1500 and data processed by the CPU 1500 are stored, a terminal ID of the personal credit terminal 100, a telephone number, a user ID of the user, and a private key and a public key. The operation of the LCD 203 is controlled according to the control of a CPU 1500 and an EEPROM (Electric Erasable Programmable Read Only Memory) 1503 in which a service provider ID, a telephone number, and a service provider public key of the service providing system 102 are stored. An LCD controller 1504 for displaying an image set by the CPU 1500 on the LCD, and control of the CPU 1500 An encryption processor 1505 for performing data encryption and decryption according to a data codec 1506 for encoding transmission data and decrypting received data under the control of the CPU 1500; and transmitting infrared light during infrared communication. And an infrared communication module 1507 that performs reception and a key operation control unit that detects a user's switch operation of a mode switch 204, a call switch 205, an end switch 206, a function switch 207, a numeric key switch 208, a power switch 209, and an execution switch 211 1509, an audio processing unit 1511 that drives a speaker 1510, a receiver 202 or a headset jack 212, amplifies an analog audio signal input from the microphone 210 or the headset jack 212, and encodes an analog audio signal 1542 into digital audio data. And digital voice data analog A voice codec 1512 for decoding into a voice signal 1543, a channel codec 1513 for generating transmission data over a wireless channel and extracting data destined for itself from received data, and a serial input from the channel codec 1513. A modulator 1514 that converts the digital signal 1547 into an analog transmission signal 1549 having the oscillation electric signal 1552 supplied from the PLL 1516 as a baseband; and the oscillation electric signal 1553 supplied from the PLL 1516 as a baseband of the analog reception signal 1550. A demodulation unit 1515 that demodulates the analog reception signal 1550 and supplies a serial digital signal 1548 to the channel codec 1513, and converts the analog transmission signal 1549 supplied from the modulation unit 1514 into a radio wave and outputs the radio wave from the antenna 201, and conversely When the antenna 201 receives a radio wave, an RF signal for inputting an analog reception signal 1550 1517, a battery capacity detection unit 1518 for detecting the capacity of the battery of the personal credit terminal 100, activation control of the channel codec 1513, the PLL 1516, and the RF unit 1517, a key operation control unit 1509, a channel codec 1513, and a battery capacity detection unit 1518. And a control logic unit 1508 serving as an interface when the CPU 1500 accesses the key operation control unit 1509, the audio processing unit 1511, and the register inside the channel codec.
The cryptographic processor 1505 has an encryption / decryption function of a secret key method and an encryption / decryption function of a public key method, and is set by the CPU 1500 using the encryption method and key set by the CPU 1500. Encrypt or decrypt data.
The data codec 1506 encodes transmission data and decodes received data under the control of the CPU 1500. In this case, the encoding means that the data is actually transmitted including communication control information and error correction information. Decoding means processing for performing error correction processing on received data, removing unnecessary communication control information, and generating data that the sender originally intended to transmit. I do. The data codec 1506 has a function of encoding and decoding data in data communication of a digital wireless telephone, and a function of encoding and decoding data in infrared communication. Perform the encoding process and the decoding process set by.
As shown in FIG. 15B, the infrared communication module 1507 includes a serial-parallel conversion circuit 1560 for performing bidirectional conversion between parallel data and serial data, and a serial-parallel conversion circuit 1560. Modulate the digital signal 1562 converted to serial data into a signal that is actually transmitted as infrared light, and also modulate and demodulate the received analog signal 1565 into a serial digital signal 1563 with a modulation and demodulation circuit 1561. An infrared light receiving / emitting unit 200 that converts a signal 1564 into infrared light to emit light and converts received infrared light into an analog signal 1565 is provided.
In addition, the key operation control unit 1509 that detects a switch operation by the user operates the mode switch 204, the call switch 205, the end switch 206, the function switch 207, the ten-key switch 208, the power switch 209, or the execution switch 211. When pressed, the key operation control unit 1509 asserts an interrupt signal 1538 to the CPU 1500 to prompt a process corresponding to the switch operation. The key operation control unit 1509 includes a key operation control register (KEYCTL) 1812 for setting the validity / invalidity of each switch, as shown in FIG.
The audio processing unit 1511 includes an audio processing unit control register (SCTL) for controlling the audio processing operation, as shown in FIG.
The audio codec 1512 performs encoding of the analog audio signal 1542 input from the audio processing unit 1511 into digital audio data, and decoding of digital audio data input from the channel codec 1513 into an analog audio signal 1543. The analog audio signal 1543 is supplied to the audio processing unit 1511. The audio processing unit 1511 amplifies the analog audio signal 1543 and drives the receiver 202, so that audio is output from the receiver 202. The digital audio data generated by the encoding is supplied to a channel codec 1513, and is actually converted into transmission data on a wireless channel.
Further, two types of data are input to the channel codec 1513 as data to be transmitted. One is digital audio data input from the audio codec 1512, and the other is data communication data input from the CPU 1500 via the control logic unit 1508.

The channel codec 1513 adds identification information between digital voice data and data communication data as header information to each data, further converts the data into a digital wireless telephone data format, and modulates the serial digital signal 1547. Supply to the unit 1514.
Conversely, the channel codec 1513 first checks the terminal ID with the serial digital signal 1548 input from the demodulation unit 1515, extracts only data addressed to itself, and further controls communication of the digital radio telephone. The information is removed, digital audio data and data communication data are identified from the header information of the data, and supplied to the audio codec 1512 and the control logic unit 1508, respectively. Further, the channel codec 1513 asserts the interrupt signal 1554 when a digital radio telephone is received and when data communication data is received. The interrupt signal 1554 is an interrupt signal that prompts the CPU 1500 to perform a process at the time of an incoming digital radio telephone and to process data communication data.
In order to perform such an operation, the channel codec 1513 includes an ID register (ID) 1805 for storing a terminal ID and a channel codec control register (CHCTL) for controlling the operation of the channel codec 1513 as shown in FIG. 1806, an audio transmission buffer 1807 for storing digital audio data input from the audio codec 1512, an audio reception buffer 1808 for storing digital audio data extracted from the received data, and data input from the control logic unit 1508. A data transmission buffer 1809 for storing communication data and a data reception buffer 1810 for storing data communication data extracted from received data are provided.

The modulation unit 1514 converts the serial digital signal 1547 input from the channel codec 1513 into an analog transmission signal 1549 having the oscillation electric signal 1552 supplied from the PLL 1516 as a baseband, and supplies the analog transmission signal 1549 to the RF unit. The analog transmission signal 1549 supplied to the RF unit is output from the antenna 201 as a radio wave.
Conversely, when the antenna 201 receives a radio wave, the analog reception signal 1550 is input from the RF unit 1517 to the demodulation unit 1515. The demodulation unit 1515 uses the oscillating electric signal 1553 supplied from the PLL 1516 as a baseband of the analog reception signal 1550, demodulates the analog reception signal 1550, and supplies a serial / digital signal 1548 to the channel codec 1513.
The battery capacity detection unit 1518 for detecting the battery capacity asserts the interrupt signal 1557 when the capacity of the battery of the personal credit terminal 100 becomes equal to or less than the value Q (Q> 0) set by the CPU 1500. The interrupt signal 1557 is an interrupt signal for urging the CPU 1500 to perform a backup process of data on the RAM 1502, and Q is a value sufficient for the personal credit terminal 100 to perform the backup process.
The control logic unit 1508 includes a frame counter (FRAMEC) 1800, a start frame register (FRAME) 1801, a clock counter (CLOCKC) 1802, and an update time register (UPTIME) as shown in FIG. It has five registers, 1803 and an interrupt register (INT) 1804.
A frame counter 1800 is a counter for counting the number of frames of the digital wireless telephone, a start frame register 1801 is a register for storing a frame number to be started next time, a clock counter 1802 is a counter for counting the current time, and an update time register 1803 Is a register in which the personal credit terminal 100 communicates with the service providing system 102 and stores the time at which the process of updating data in the RAM 1502 (update process) is performed. An interrupt register 1804 is used to store an interrupt to the CPU 1500. This register indicates the cause.

In general, in a digital wireless telephone, a control signal of a control channel of the digital wireless telephone is intermittently received and compared with a terminal ID, thereby realizing an incoming call to the digital wireless telephone. In the personal credit terminal 100, intermittent reception of control data is performed using the frame counter 1800 and the activation frame register 1801. In advance, the frame number to be started next time is stored in the start frame register 1801, and when the frame counter 1800 counts up and becomes equal to the value of the start frame register 1801, the control logic unit 1508 stores the address data. The channel codec 1513, the PLL 1516, and the RF unit 1517 are activated via the signal line 1558 to receive control data.
When any of the interrupt signals 1538, 1554, and 1557 is asserted, the control logic unit 1508 sets the interrupt factor in the interrupt register (INT) 1804 and asserts the interrupt signal 1519. The CPU 1500 is urged to perform an interrupt process. The CPU 1500 reads out the interrupt register 1804 in the interrupt processing, and performs processing according to the interrupt factor.

Each bit field of the interrupt register (INT) 1804 has a meaning as shown in FIG.
Bit 31 indicates the state of the power switch 209. When the value is 0, it indicates the power-off state, and when the value is 1, it indicates the power-on state.
Bit 30 indicates the state of the digital radio telephone communication. When the value is 0, it indicates that the digital radio telephone communication is not performed. When the value is 1, the digital radio telephone communication is performed. Indicates that there is.
Bit 29 indicates the occurrence of a frame interrupt that prompts intermittent reception of control data. When the value is 1, it indicates that a frame interrupt has occurred. In this bit field, 1 is set when the value of the frame counter 1800 matches the value of the activation frame register 1801.
Bit 28 indicates the occurrence of a call interruption. When the value is 1, it indicates that the digital radio telephone has been received. In the bit field, 1 is set when the terminal ID matches and the interrupt signal 1554 is asserted in intermittent reception of control data of the digital wireless telephone.
Bit 27 indicates the occurrence of a data reception interrupt. When the value is 1, it indicates that data reception data has been received. In this bit field, 1 is set when digital communication communication receives data communication data and the interrupt signal 1554 is asserted.
Bit 26 indicates the occurrence of an update interrupt prompting the data update process. When the value is 1, it indicates that an update interrupt has occurred. This bit field is set to 1 when the value of the clock counter 1802 matches the value of the update time register 1803.
Bit 25 indicates the occurrence of a battery interrupt prompting a backup process. When the value is 1, it indicates that a battery interrupt has occurred. This bit field is set to 1 when the interrupt signal 1557 input from the battery capacity detection unit 1518 is asserted.
Bit 24 indicates that a key interrupt has occurred due to a switch operation. When the value is 1, it indicates that a key interrupt has occurred.
Bits 0 to 9 correspond to switches 0 to 9 of the numeric keypad 208, respectively, and bits 10 and 11 correspond to switches “*” and “#” of the numeric keypad, respectively. , Bits 12 to 15 correspond to the switches “F1” to “F4” of the function switch 207, respectively, and bits 16 to 20 correspond to the power switch 209, the execution switch 211, the mode switch 204, and the call switch, respectively. 205, corresponding to the end switch 206, when the value of a bit is 1, it indicates that the switch corresponding to that bit has been pressed.

Next, data stored in the RAM 1502 will be described.
FIG. 16 is a schematic diagram of a RAM map of data stored in the RAM 1502.
The RAM 1502 has five areas: a basic program area 1600, a service data area 1601, a user area 1602, a work area 1603, and a temporary area 1604. The basic program area 1600 stores upgraded modules of the programs stored in the ROM 1501 and patch programs.
The user area 1602 is an area that can be freely used by the user, the work 1603 area is a work area used when the CPU 100 executes a program, and the temporary area 1604 temporarily stores information received by the personal credit terminal 100. Area. The service data area 1601 is an area for storing personal remote credit settlement service ID information, credit card information, history information, and the like. Data in this area is managed by the service providing system 102.
The service data area 1601 further includes eight areas of data management information 1605, personal information 1606, photograph data 1607, user setting information 1608, telephone information 1609, credit card list 1610, use history list 1611, and actual data area 1612. There is. The data management information 1605 is an area for storing management information of information stored in the service data area 1601, the personal information 1606 is an area for storing information such as a user's name, age, and gender, and the photo data area 1607 is The area for storing the data of the user's face, the user setting information 1608 stores the user's setting information related to the personal remote credit card settlement service, and the telephone information 1609 stores the information related to the digital wireless telephone. The area, the credit card list 1610 is an area for storing credit card list information registered by the user, the usage history list 1611 is an area for storing personal remote credit payment service usage history information, the actual data area 1612 is This is an area for storing entity data of information managed in the other seven areas.

Next, information stored in the service data area 1601 will be described in detail.
FIG. 17 is a schematic diagram showing the relationship between the information stored in the service data area 1601 in detail.
The data management information 1605 includes the update date and time 1700, next update date and time 1701, terminal status 1702, personal information address 1703, photo data address 1704, user setting information address 1705, telephone information address 1706, credit card list address 1707, and usage. It is composed of nine items of history list address 1708.
The update date and time 1700 indicates the date and time when the service providing system 102 last updated the data in the service data area 1601. Is shown. The personal credit terminal 100 automatically starts the data update processing when the time set for the next update date and time 1701 comes.
The data update process is a process of having the service providing system 102 update the data in the service data area 1601. The data update process will be described later in detail.
The terminal status 1702 indicates the status of the personal credit terminal 100, and includes a personal information address 1703, a photo data address 1704, a user setting information address 1705, a telephone information address 1706, a credit card list address 1707, and a use history list address. Reference numeral 1708 indicates the start address of the area where the personal information 1606, the photograph data 1607, the user setting information 1608, the telephone information 1609, the credit card list 1610, and the usage history list 1611 are stored, respectively.
The telephone information 1609 is further composed of three pieces of information: a calling telephone number 1709, a telephone directory address 1710, and a speed dial setting file address 1711. The originating telephone number 1709 indicates the telephone number of the telephone call last made by the user, and this information is used when retransmitting the digital wireless telephone. The telephone directory address 1710 and the abbreviated dial setting file address 1711 indicate addresses in the entity data area where the telephone directory information and the abbreviated dial setting file are stored, respectively.
The credit card list 1610 stores credit card list information registered by the user. In the credit card list 1610, the credit card name 1712 (1719), credit card number 1713 (1720), expiration date 1714 (1721), credit card status 1715 (1722), image data Seven pieces of information of an address 1716 (1723), an object data address 1717 (1724), and an access time 1718 (1725) are stored.
The credit card status 1715 (1722) indicates whether or not the credit card is valid and the usage limit, and the image data address 1716 (1723) indicates the actual data area in which the credit card image data is stored. Indicates the address on 1612. The object data address 1717 (1724) indicates the address where the object data of the credit card program is stored, and the access time 1718 (1725) indicates the latest time when the user used the credit card. .
In the object data address 1717 (1724), a local address indicating an address on the entity data area 1612 or a remote address indicating an address on the user information server 402 of the service providing system 102 is stored. When a remote address is stored in the object data address 1717 (1724), when the user selects and uses the credit card, the personal credit terminal 100 sends the object The data is downloaded to the temporary area 1604, and the credit card program is executed. By simply displaying the credit card, the image data in the entity data area 1612 indicated by the image data address 1716 (1723) is displayed, and the object data is not downloaded.
The address stored in the object data address 1717 (1724) is determined by the service providing system 102. At the time of data update processing, the access time of each credit card is compared, and a local address is assigned to the credit card with the latest access time. However, if there is room in the capacity of the substantial data area 1612, the object data addresses of all credit cards may be local addresses.

In the usage history list 1611, the request number 1726 (1730), the service code 1727 (1731), the usage time 1728 (1732), and the usage information address 1729 (1733) are used for one personal remote credit settlement service. Are stored.
The request number 1726 (1730) is a number uniquely indicating the transaction with the merchant, the number issued by the personal credit terminal 100 when generating the payment offer 608, the service code 1727 (1731) is the credit used The code number indicating the type of the card service, the use time 1728 (1732) indicates the time at which the personal / remote credit settlement service was used, and the use information address 1729 (1733) indicates the address where the receipt is stored.
The usage information address 1729 (1733) stores a local address indicating an address on the entity data area 1612 or a remote address indicating an address on the user information server 402 of the service providing system 102.
When the user accesses the usage history information when the remote address is stored in the usage information address 1729 (1733), the personal credit terminal 100 downloads the usage information from the service providing system 102 to the temporary area 1604. Then, it is displayed on the LCD 203.
The address stored in the usage information address 1729 (1733) is also determined by the service providing system. At the time of the data update process, the usage times of the pieces of usage information are compared, and a local address is assigned to the usage information with the latest usage time. However, when there is room in the capacity of the substantial data area 1612, all the usage information addresses may be local addresses.

Next, processing performed by CPU 1500 will be described.
FIG. 19 is a conceptual flowchart of the process performed by CPU 1500.
As shown in FIG. 19, the processing of the CPU 1500 can be roughly divided into ten types of processes and an interrupt processing 1901.
The ten types of processes are a power-on process, a wireless telephone process, a credit card process, an inquiry call process, a customer service call process, a data update process, a backup process, a remote access process, a session establishment process, and a power-off process. These ten types of processes are executed in the main loop 1900.
Each process has a word field on the RAM 1502 indicating the status of the process corresponding to the process, and the CPU 1500 executes each process according to the value of the process status.
The power-on process is a process for performing an initial operation process when a user turns on a power switch, the radio telephone process is a process for performing a process in a digital radio telephone mode, and the credit card process is a process for a credit card mode. The process and the inquiry call process are the processes that perform the "inquiry call" process, the customer service call process is the process that performs the "customer service call" process, the data update process is the process that performs the data update process, and the backup process is the The process for performing the backup process and the remote access process are processes for accessing data on the user information server of the service providing system, and the session establishment process is for communicating with the service providing system. Process for performing a process of establishing a trust session, the power-off process is a process for performing termination processing when the user turns off the power switch.

In FIG. 19, when the personal credit terminal is reset, the process proceeds to step 1902, and the CPU 1500 sets the power-on process to “active”.
Next, in step 1903, it is checked whether or not the power-on process is “active”. If “inactive”, the process proceeds to step 1905; if “active”, the process proceeds to step 1904 to execute the power-on process for a certain period of time. Then, the process proceeds to step 1905.
In step 1905, it is checked whether or not the wireless telephone process is “active”. If “inactive”, the process proceeds to step 1907. If “active”, the process proceeds to step 1906 to execute the wireless telephone process for a certain period of time. Then, the process proceeds to step 1907.
In step 1907, it is checked whether or not the credit card process is “active”. If “inactive”, the process proceeds to step 1909; if “active”, the process proceeds to step 1908 to execute the credit card process for a certain period of time. Then, proceed to Step 1909. In step 1909, it is checked whether the inquiry call process is “active”. If “inactive”, the process proceeds to step 1911. If “active”, the process proceeds to step 1910, and the inquiry call process is executed for a certain period of time. , And proceed to step 1911. In step 1911, it is checked whether the customer service call process is “active”. If “inactive”, the process proceeds to step 1913, and if “active”, the process proceeds to step 1912 to execute the customer service call process for a certain period of time. Then, the process proceeds to step 1913.
In step 1913, it is checked whether or not the data update process is “active”. If “inactive”, the process proceeds to step 1915; if “active”, the process proceeds to step 1914 to execute the data update process for a certain period of time. Then go to step 1915.
In step 1915, it is checked whether or not the backup process is “active”. If “inactive”, the process proceeds to step 1917; if “active”, the process proceeds to step 1916. Continue to 1917.
In step 1917, it is checked whether or not the remote access process is “active”. If “inactive”, the process proceeds to step 1919. , And proceed to step 1919. In step 1919, it is checked whether the session establishment process is “active”. If “inactive”, the process proceeds to step 1921. If “active”, the process proceeds to step 1920 to execute the session establishment process for a certain period of time. Then, go to step 1921.
In step 1921, it is checked whether the power-off process is “active”. If “active”, the process proceeds to step 1922, where the power-off process is executed. If “inactive”, the process returns to step 1903. When the interrupt signal 1518 is asserted, the CPU executes the interrupt processing 1901 and returns to the original processing of the main loop 1900.
In the interrupt processing 1901, first, in step 1923, the CPU 1500 reads the interrupt register (INT) 1804 and copies it to the word interrupt on the RAM (work area). At this time, the interrupt register (INT) 1804 read by the CPU is echo-reset.
Next, in step 1924, it is checked from the value of the bit 28 of the interrupt whether or not an incoming interrupt has occurred. If it is not an incoming interrupt (interrupt (bit 28) = 0), the process proceeds to step 1926. (bit28) = 1), the process proceeds to step 1925, the process status of the wireless telephone process is set to “active”, and the process proceeds to step 1926.
In step 1926, from the value of bit 26 of the interrupt, it is checked whether or not an update interrupt has occurred.If it is not an update interrupt (interrupt (bit 26) = 0), the process proceeds to step 1928. = 1), the process proceeds to step 1927, the process status of the data update process is set to “active”, and the process proceeds to step 1928.
In step 1924, from the value of bit 25 of the interrupt, it is checked whether or not a backup interrupt has occurred. If the interrupt is not a backup interrupt (interrupt (bit25) = 0), the process proceeds to step 1930. = 1), the process proceeds to step 1929, the process status of the backup process is set to “active”, and the process proceeds to step 1930.
In step 1930, it is checked from the value of bit 24 of the interrupt whether or not a key interrupt has occurred. If the key has not been interrupted (interrupt (bit24) = 0), the interrupt processing is terminated and the processing returns to the original main loop processing. In the case of a key interrupt (interrupt (bit 24) = 1), the process proceeds to step 1931.
In step 1931, the value of the “power” bit (bit 16) of the interrupt is checked. If the value is 0, the interrupt process ends, the process returns to the original main loop process, and if the value is 1, the power switch is operated. Then, the process proceeds to step 1932.
In step 1932, the value of the interrupt “power indication” bit (bit 31) is checked. If the value is 0, it is determined that the power-off operation has been performed, and the process proceeds to step 1934. It is determined that the operation has been performed, and the process proceeds to step 1933.
In step 1933, the process status of the power-on process is set to “active”, the interrupt process ends, and the process returns to the original main loop process.
In step 1934, the process status of the power-off process is set to “active”, the interrupt process ends, and the process returns to the original main loop process.
In the interrupt processing 1901, the process whose process status has become “active” returns to the main loop and is executed in the main loop.

Next, a description will be given of a digital signature process and a sealing process performed when the personal credit terminal generates a message to be transmitted to the credit settlement terminal and the service providing system.
Since the digital signature processing and the sealed letter processing perform the same processing in the credit settlement terminal, in the following, the characters are not called users, merchants and service providers, but are A and B. The characters are generalized and described.
Digital signatures use the nature of public-key encryption, which means that a message encrypted with a private key can only be decrypted with the public key corresponding to that private key. This is the process to be performed.
FIGS. 20A and 20B are a flowchart showing a digital signature processing procedure when a digital signature of Mr. A is given to a message, and a conceptual explanatory diagram of the flow, respectively.
First, in step 2000, the CPU performs a hash function operation on the message 2003 to generate a message digest 2004.
Next, in step 2001, the CPU encrypts the message digest 2004 with Mr. A's private key using a cryptographic processor to generate a digital signature 2005.
Next, in step 2002, the CPU adds the digital signature 2005 to the original message 2003. By the above procedure, the CPU generates the message 2006 with the digital signature of Mr. A.
20B in FIG. 20B illustrates a message that is digitally signed by Mr. A. Hereinafter, the digitally signed message is illustrated as 2006 in the drawing.

Next, the letter-sealing process will be described. The sealed process uses the property of a public key encryption process that a message encrypted with a public key can only be decrypted with the private key corresponding to the public key, and the content of the message is specified. This is a process that only humans can read.
FIGS. 21 (a) and 21 (b) are a flowchart showing the procedure of a process for sealing a message digitally signed by Mr. A to Mr. B, the destination, and a conceptual explanatory diagram of the flow, respectively.
First, in step 2100, the CPU generates a secret key encryption key and a secret key 2104 using a random function. Next, in step 2101, the CPU encrypts the digitally signed message 2006 with the secret key 2104 using the cryptographic processor.
Next, in step 2102, the CPU encrypts the secret key 2104 with the public key of the destination B using the cryptographic processor.
Next, in step 2103, the CPU adds the output 2106 of step 2102 to the output 2105 of step 2101. Through the above procedure, a sealed message 2107 is generated for Mr. B.
21B in FIG. 21B illustrates a sealed message addressed to Mr. B. In the following, the sealed message is illustrated as 2007 in the drawing. I do.

Next, a process of decrypting the encryption of the sealed message and a process of verifying the digital signature performed when the personal credit terminal receives the message from the service providing system will be described. Even in this case, the characters will be generalized and described.
First, the decoding process will be described.
FIGS. 22A and 22B are a flowchart showing a procedure of a decryption process of a message sealed to Mr. B and a conceptual explanatory diagram of the flow, respectively.
First, in step 2200, the CPU converts the sealed message 2202 to Mr. B into a part 2203 in which the secret key is encrypted with the public key of B and a part 2204 of the message encrypted with the secret key. Using a cryptographic processor, the part 2203 in which the secret key was encrypted with B's public key is decrypted with B's private key, and the secret key 2205 is extracted.
Next, in step 2201, the CPU decrypts the message portion 2204 encrypted with the secret key using the secret key 2205 using the cryptographic processor.

Through the above procedure, the sealed message is decrypted.
Next, a digital signature verification process will be described.
FIGS. 23 (a) and 23 (b) are a flowchart showing the procedure of a process for verifying the digital signature of a message digitally signed by the sender A of the message, and a conceptual explanatory diagram of the flow, respectively.
First, in step 2300, the CPU performs a hash function operation on a message portion (Message '2303) in the digitally signed message 2206 to generate a message digest 2305.
Next, in step 2301, the CPU decrypts the digital signature portion 2304 in the digitally signed message 2206 with the public key of Mr. A using the cryptographic processor.
Next, in step 2302, the CPU compares the output 2305 of step 2300 with the output 2304 of step 2301, and if the contents match, determines that the verification has been passed. It is determined that an error has occurred.
According to the above procedure, the digital signature is verified.

Next, the internal configuration of the credit settlement terminal 300 will be described.
FIG. 24A is a block diagram of the credit settlement terminal 300. The terminal 300 has a CPU (Central Processing Unit) 2400 that processes transmission data and reception data and controls other components via a bus 2429 according to a program stored in a ROM (Read Only Memory) 2401. A RAM (Random Access Memory) 2402 in which data processed by the CPU 2400 and data processed by the CPU 2400 are stored; a hard disk 2403 in which entity data of information specified by management information of the data in the RAM 2402 is stored; An EEPROM (Electric) in which a terminal ID of the settlement terminal 300, a telephone number, a merchant's merchant ID, a private key and a public key, and a service provider ID of the service providing system 102, a telephone number, and a public key of the service provider are stored. (Erasable Programmable Read Only Memory) 2404 and the operation of the LCD 302 under the control of the CPU 2400. Then, an LCD controller 2405 for displaying an image set by the CPU 2400 on the LCD 302, an encryption processor 2406 for performing data encryption and decryption under the control of the CPU 2400, and a code for transmission data according to the control of the CPU 2400. Codec 2407 for performing decoding and decoding of received data, and a serial-parallel conversion circuit 2460 which is connected to the infrared module 301 via a serial cable 310 via a serial port 2409 and performs bidirectional conversion between parallel data and serial data. Circuit, a key operation control unit 2411 for detecting a switch operation of a mode switch 304, a hook switch 305, a function switch 306, a numeric key switch 307, an execution switch 308, or a power switch 309 by a merchant and asserting an interrupt signal 2439, and a speaker 2412. And receiver of handset 303 And an audio processing unit 2413 that amplifies an analog audio signal input from the microphone of the receiver 303, encodes the analog audio signal 2444 into digital audio data, and decodes the digital audio data into an analog audio signal 2443. And a channel codec 2415 for generating transmission data on a communication channel and separating digital voice data and data communication data from received data, and converting a digital signal 2448 into a data format for digital telephone communication. Also, a digital communication adapter 2416 for performing the reverse conversion, an RS-232C interface 2417 for connecting the RS-232C cable 313, and a key operation control unit 2411, a channel codec 2415 or an interrupt signal input from the RS-232C interface 2417. Processing and key operation by CPU 2400 Control unit 2411, and a serving control logic unit 2410 of the interface when accessing the internal registers of the audio processing unit 2413 or the channel codec 2415.

The cryptographic processor 2406 has a function of encrypting and decrypting a secret key system and a function of encrypting and decrypting a public key system, and uses the encryption method and key set by the CPU 2400 to execute data set by the CPU 2400. Is subjected to an encryption process or a decryption process.
Further, the data codec 2407 performs encoding of transmission data and decoding of reception data according to the control of the CPU 2400.In this case, the encoding includes communication control information and error correction information. Decoding means processing for generating data to be transmitted. Decoding is processing for performing error correction processing on received data, removing unnecessary communication control information, and generating data that the sender originally intended to transmit. Means The data codec 2407 has a function of encoding and decoding data in digital telephone data communication and a function of encoding and decoding data in infrared communication, and transmits data set to the CPU 2400 to the CPU 2400. The set encoding process and decoding process are performed.
As shown in FIG. 24B, the infrared module 301 connected to the serial-parallel conversion circuit 2408 via the serial cable 310 and the serial port 2409 includes a serial port 2455 as an interface with the credit settlement terminal 300, A modulation / demodulation circuit 2456 that modulates a digital signal 2458 input from the serial-parallel conversion circuit 2408 into a signal 2460 that is actually transmitted as infrared light, or demodulates a received analog signal 2461 into a serial / digital signal 2459, An infrared light receiving / emitting unit 2457 converts a signal 2460 modulated by the circuit 2456 into infrared light and emits light, or converts received infrared light into an analog signal 2461.

The infrared module 301 transmits and receives infrared light during infrared communication. The infrared module 301 converts the transmission data set by the CPU 2400 into an infrared ray and transmits it, and converts the received infrared ray into reception data.
When the merchant presses any of the mode switch 304, the hook switch 305, the function switch 306, the numeric key switch 307, the execution switch 308, and the power switch 209, the key operation control unit 2411 asserts the interrupt signal 2439. This interrupt signal 2439 prompts the CPU 2400 to perform a process corresponding to the switch operation. As shown in FIG. 27A, the key operation control unit 2411 includes a key operation control register (KEYCTL) 2710 for setting the validity / invalidity of each switch. The CPU 2400 accesses the key operation control register (KEYCTL) 2710 and sets the validity / invalidity of each switch.
The audio processing unit 2413 includes an audio processing unit control register (SCTL) 2709 for controlling the audio processing operation, as shown in FIG. The CPU 2400 accesses the audio processing unit control register (SCTL) 2709 to control the operation of the audio processing unit 2413. For example, when an incoming call request for a digital telephone is received, the CPU 2400 accesses the audio processing unit control register (SCTL) 2709 and performs settings for outputting a digital telephone ringtone. By doing so, the voice processing unit 2413 drives the speaker 2412, and the ring tone of the digital telephone is output.

The audio codec 2414 also encodes the analog audio signal 2444 input from the audio processing unit 2413 into digital audio data, and decodes the digital audio data input from the channel codec 2415 into an analog audio signal 2443. The analog audio signal 2443 is supplied to the audio processing unit 2413, and the audio processing unit 2413 amplifies the analog audio signal 2443 and drives the receiver of the receiver 303, so that the audio is output from the receiver. On the other hand, the digital audio data generated by the encoding is supplied to a channel codec 2415, and is converted into transmission data on a communication channel.
Two types of data are input to the channel codec 2415 as data to be transmitted. One is digital audio data input from the audio codec 2414, and the other is data communication data input from the CPU via the control logic unit 2410.
The channel codec 2415 adds identification information between digital voice data and data communication data as header information to each data, and converts a digital signal 2448 in which digital voice data and data communication data are multiplexed into a digital communication adapter. Supply to 2416.
Conversely, the channel codec 2415 first matches the terminal ID with the digital signal 2448 input from the digital communication adapter 2416, and then identifies digital voice data and data communication data from the header information of the data. Then, they are supplied to the audio codec 2412 and the control logic unit 2410, respectively. Further, the channel codec 2415 asserts the interrupt signal 2449 when receiving a digital telephone call and when receiving data communication data. The interrupt signal 2449 urges the CPU 2400 to perform processing at the time of an incoming digital telephone call and processing of data communication data.
In order to perform such operations, the channel codec 2415 includes an ID register (ID) 2703 for storing a terminal ID and a channel codec control register (CHCTL) for controlling the operation of the channel codec 2415 as shown in FIG. 2704, an audio transmission buffer 2705 for storing digital audio data input from the audio codec 2414, an audio reception buffer 2706 for storing digital audio data extracted from the received data, and data input from the control logic unit 2410. A data transmission buffer 2707 for storing communication data and a data reception buffer 2708 for storing data communication data extracted from received data are provided.

The digital communication adapter 2416 encodes the digital signal 2448 into a digital telephone communication format and outputs the digital signal to the digital telephone communication line 110. Conversely, the digital communication adapter 2416 decodes the signal received from the digital telephone communication line 110 and supplies the digital signal 2448 to the channel codec 2415.
The RS-232C interface 2417 is an interface circuit for connecting the RS-232C cable 313, and the credit settlement terminal communicates with the cash register 311 via the RS-232C interface 2417. The RS-232C interface 2417 asserts the interrupt signal 2452 when receiving the data from the cache register 311. The interrupt signal 2452 prompts the CPU 2400 to process data communication with the cash register 311 via the RS-232C interface 2417.
Also, as shown in FIG. 27A, the control logic unit 2410 has three registers therein, a clock counter (CLOCKC) 2700, an update time register (UPTIME) 2701, and an interrupt register (INT) 2702. I do.
The clock counter is a counter that counts the current time, and the update time register is a time at which the credit settlement terminal 300 performs a process of updating data on the RAM 2402 and the hard disk 2403 (data update process) by communicating with the service providing system. And an interrupt register are registers indicating the cause of an interrupt to the CPU 2400.
When any of the interrupt signals 2439, 2449, and 2452 is asserted, the control logic unit 2410 sets the cause of the interrupt in the interrupt register (INT) 2702, asserts the interrupt signal 2418, and instructs the CPU. Prompt for interrupt processing. The CPU 2400 reads an interrupt register in an interrupt process and performs a process according to the interrupt factor.
Each bit field of the interrupt register (INT) has a meaning as shown in FIG.
Bit 31 indicates the state of the power switch. When the value is 0, it indicates the power-off state, and when the value is 1, it indicates the power-on state.
Bit 30 indicates the state of digital telephone communication. When the value is 0, it indicates that digital telephone communication is not performed. When the value is 1, it indicates that digital telephone communication is performed. Show.
Bit 28 indicates the occurrence of a call interruption. When the value is 1, it indicates that a digital telephone call has been received. This bit field is set to 1 when a digital telephone is received and the interrupt signal 2449 is asserted.
Bit 27 indicates the occurrence of a data reception interrupt. When the value is 1, it indicates that data reception data has been received. This bit field is set to 1 when digital communication communication receives data communication data and the interrupt signal 2449 is asserted.
Bit 26 indicates the occurrence of an update interrupt prompting the data update process. When the value is 1, it indicates that an update interrupt has occurred. In this bit field, 1 is set when the value of the clock counter matches the value of the update time register.
Bit 25 indicates the occurrence of an external IF interrupt that prompts processing of data communication with the cache register 311. When the value is 1, it indicates that an external IF interrupt has occurred. This bit field is set to 1 when the interrupt signal 2452 input from the RS-232C interface 2417 is asserted.
Bit 24 indicates that a key interrupt has occurred due to a switch operation. When the value is 1, it indicates that a key interrupt has occurred.
Bits 0 to 9 correspond to switches 0 to 9 of the numeric keypad, respectively. Bits 10 and 11 correspond to “*” and “#” switches of the numeric keypad, respectively. To 15 correspond to the function switches "F1" to "F4", respectively, bits 16 to 18 correspond to the power switch, the execution switch, the mode switch, and the talk switch, respectively. , A hook switch, and when the value of a bit is 1, it indicates that the switch corresponding to that bit has been pressed.

Next, data stored in the RAM 2402 will be described.
FIG. 25 is a schematic diagram of a RAM map of data stored in the RAM 2402.
The RAM 2402 has five areas: a basic program area 2500, a service data area 2501, a merchant area 2502, a work area 2503, and a temporary area 2504. The basic program area 2500 stores upgraded modules of the programs stored in the ROM 2401 and patch programs. The merchant area 2502 is an area that can be used freely by the merchant, the work 2503 area is a work area used when the CPU 100 executes the program, the temporary area 2504 is information temporarily received by the credit settlement terminal, This is the area to store.
The service data area 2501 is an area for storing personal remote credit settlement service ID information, handled credit card information, and history information, and data in this area is managed by the service providing system.
The service data area 2501 further includes five areas of data management information 2505, merchant setting information 2506, telephone information 2507, credit card list 2508, and sales history list 2509.
The data management information 2505 is an area for storing management information of information stored in the service data area 2501, the merchant setting information 2506 is an area for storing merchant setting information related to a personal remote credit settlement service, and telephone information. 2507 is an area for storing information related to digital telephones, a credit card list 2508 is an area for storing list information of credit cards that can be handled by merchants, and a sales history list 2509 is a personal remote credit payment service. This is an area for storing sales history information.

Next, information stored in the service data area 2501 will be described in detail.
FIG. 26 is a schematic diagram showing the relationship between the information stored in the service data area 2501 in detail.
The data management information 2505 is based on seven pieces of information: update date and time 2600, next update date and time 2601, terminal status 2602, merchant setting information address 2603, telephone information address 2604, credit card list address 2605, and sales history list address 2606. Be composed.
The update date and time 2600 indicates the date and time when the service providing system 102 last updated the data in the service data area 2501, and the next update date and time 2601 is the scheduled date and time for updating the data in the service data area 2501 by the next service providing system 102. Is shown. The credit settlement terminal automatically starts the data update process at the time set for the next update date and time 2601. The data update process is a process of having the service providing system 102 update the data in the service data area 2501. The data update process will be described later in detail.
The terminal status 2602 indicates the status of the credit settlement terminal, and the merchant setting information address 2603, telephone information address 2604, credit card list address 2605, and sales history list address 2606 are merchant setting information 2506 and telephone information 2507, respectively. , The credit card list 2508, and the usage history list 2509.
The telephone information 2507 is further composed of three pieces of information: a calling telephone number 2607, a telephone directory address 2608, and a speed dial setting file address 2609. The originating telephone number 2607 indicates the telephone number of the last call made by the merchant, and this information is used when retransmitting the digital wireless telephone. The telephone directory address 2608 and the speed dial setting file address 2609 indicate addresses on the hard disk 2403 where the phone directory information and the speed dial setting file are stored, respectively.
The credit card list 2508 stores list information of credit cards that can be handled by the merchant. In the credit card list 2508, two pieces of information, that is, a credit card name 2610 (2612, 2614) and a service code list address 2611 (2613, 2615) are stored for one credit card. The credit card name 2610 (2612, 2614) indicates the name of a credit card that the merchant can handle, and the service code list address 2611 (2613, 2615) indicates the merchant's service among the services provided by the credit card. Indicates the address on the hard disk 2403 in which the service code list indicating the type of service that can be handled by.
The sales history list 2509 is an area for storing sales history information of the personal remote credit card settlement service. In the sales history list 2509, transaction number 2616 (2620), service code 2617 (2621), sales time 2618 (2622), sales information address 2619 (2623) for one personal remote credit settlement service Four pieces of information are stored.
The transaction number 2616 (2620) is a number uniquely indicating the transaction with the user, the number issued by the credit settlement terminal when generating the payment offer response 609, the service code 2617 (2621) is the credit used by the user. The code number indicating the type of the card service, the sales time 2618 (2622) indicates the time of sale by the personal / remote credit settlement service, and the sales information address 2619 (2623) indicates the address where the payment completion notice is stored.
The sales information address 2619 (2623) stores a local address indicating an address on the hard disk 2403 or a remote address indicating an address on the merchant information server 402 of the service providing system 102. If a remote address is stored in the sales information address 2619 (2623) and the merchant accesses the sales history information, the credit settlement terminal downloads the sales information from the service providing system to the temporary area, and To be displayed.
The address stored in the sales information address 2619 (2623) is determined by the service providing system. At the time of data update processing, the sales time of each sales information is compared, and a local address is assigned to the sales information with the latest sales time. However, if there is room in the capacity of the hard disk 2403, all sales information addresses may be local addresses.

Next, processing performed by CPU 2400 will be described.
FIG. 28 is a conceptual flowchart of the process performed by the CPU 2400.
As shown in FIG. 28, the processing of the CPU can be roughly divided into ten types of processes and interrupt processing 2801.
The ten types of processes are a power-on process, a telephone process, a credit settlement process, a customer service call process, an inquiry call process, a data update process, a remote access process, a session establishment process, an external IF communication process, and a power-off process. The ten types of processes are executed in the main loop 2800. For each process, a word field indicating the status (status) of the process exists in the RAM 2402 corresponding to the process, and the CPU 2400 executes each process according to the value of the process status.
The power-on process is a process for performing an initial operation process when a merchant turns on a power switch, the telephone process is a process for performing a process in a digital telephone mode, the credit settlement process is a process for performing a process in a credit settlement mode, The customer service call process is a process for performing a "customer service call" process, the inquiry call process is a process for performing an "inquiry call" process, the data update process is a process for performing a data update process, and the remote access process is a service. The process of performing a process of accessing data on the merchant information server of the providing system and the session establishment process include a process of performing a process of establishing a communication session with the service providing system and a process of establishing an external interface. Process, process, power off process for performing data communication with the cash register 311 is a process that performs termination processing when the merchant has turned off the power switch.
In FIG. 28, when the credit settlement terminal is reset, the process proceeds to step 2802, and the CPU 2400 sets the power-on process to “active”. Next, in step 2803, it is checked whether the power-on process is “active”. If “inactive”, the process proceeds to step 2805. If “active”, the process proceeds to step 2804 to execute the power-on process for a certain period of time. Then, proceed to Step 2805.
In step 2805, it is checked whether the telephone process is “active”. If “inactive”, the process proceeds to step 2807. If “active”, the process proceeds to step 2806. Proceed to 2807.
In step 2807, it is checked whether the credit settlement process is “active”. If “inactive”, the process proceeds to step 2809. If “active”, the process proceeds to step 2808 to execute the credit settlement process for a certain period of time. Then, go to step 2809.
In step 2809, it is checked whether or not the customer service call process is “active”. If “inactive”, the process proceeds to step 2811; if “active”, the process proceeds to step 2810 to execute the customer service call process for a certain period of time. Then, the process proceeds to step 2811.
In step 2811, it is checked whether or not the inquiry call process is “active”. If “inactive”, the process proceeds to step 2813. If “inactive”, the process proceeds to step 2812 to execute the inquiry call process for a certain period of time. , And proceed to step 2813. In step 2813, it is checked whether the data update process is “active”. If “inactive”, the process proceeds to step 2815; if “active”, the process proceeds to step 2814 to execute the data update process for a certain period of time. Then, proceed to step 2815.
In step 2815, it is determined whether or not the remote access process is “active”. If “inactive”, the process proceeds to step 2817. If “active”, the process proceeds to step 2816 to execute the remote access process for a certain period of time. Proceed to step 2817. In step 2817, it is checked whether the session establishment process is “active”. If “inactive”, the process proceeds to step 2819. If “active”, the process proceeds to step 2818 to execute the session establishment process for a certain period of time. Then, proceed to step 2819.
In step 2819, it is determined whether the external IF communication process is “active”. If “inactive”, the process proceeds to step 2821. If “active”, the process proceeds to step 2820 to execute the external IF communication process for a certain period of time. Then, the process proceeds to step 2821.
In step 2821, it is checked whether the power-off process is “active”. If “active”, the process proceeds to step 2822, where the power-off process is executed. If “inactive”, the process returns to step 2803.
When the interrupt signal 2418 is asserted, the CPU 2400 executes the interrupt processing 2801 and returns to the processing of the main loop 2800.
In the interrupt processing 2801, first, in step 2823, the CPU 2400 reads the interrupt register (INT) 2702 and copies it to the word interrupt on the work area 2503 of the RAM 1502. At this time, the interrupt register (INT) 2702 read by the CPU 2400 is echo-reset.

Next, in step 2824, it is checked from the value of the bit 28 of the interrupt whether or not an incoming interrupt is detected. If not an interrupt (interrupt (bit 28) = 0), the process proceeds to step 2826, and if an interrupt is received, (bit28) = 1), the process proceeds to step 2825, the process status of the telephone process is set to “active”, and the process proceeds to step 2826.
In step 2826, from the value of bit 26 of the interrupt, it is checked whether or not an update interrupt has occurred. = 1), the process proceeds to step 2827, the process status of the data update process is set to “active”, and the process proceeds to step 2828.
In step 2828, it is checked whether or not an external IF interrupt has occurred based on the value of the bit 25 of the interrupt. If the interrupt is not an external IF interrupt (interrupt (bit 25) = 0), the process proceeds to step 2830. (bit25) = 1), the process proceeds to step 2829, the process status of the external IF communication process is set to “active”, and the process proceeds to step 2830.
In step 2830, it is checked whether or not a key interrupt has occurred based on the value of bit 24 of the interrupt. If the key interrupt has not occurred (interrupt (bit24) = 0), the interrupt processing ends, and the processing returns to the original main loop processing. In the case of a key interrupt (interrupt (bit 24) = 1), the process proceeds to step 2831.
In step 2831, the value of the “power” bit (bit 16) of the interrupt is checked. If the value is 0, the interrupt process ends, the process returns to the original main loop process, and if the value is 1, the power switch is operated. It is determined that the process has been performed, and the process proceeds to step 2832.
In step 2832, the value of the “power indication” bit (bit 31) of the interrupt is checked. If the value is 0, it is determined that the power-off operation has been performed, and the process proceeds to step 2834. It is determined that the operation has been performed, and the flow proceeds to step 2833.
In step 2833, the process status of the power-on process is set to “active”, the interrupt process ends, and the process returns to the original main loop process.
In step 2834, the process status of the power-off process is set to “active”, the interrupt process ends, and the process returns to the original main loop process.
In the interrupt processing 2801, the process whose process status has become “active” returns to the main loop and is executed in the main loop.

Next, information stored in the user information server 402 of the service providing system 102 will be described.
FIG. 29 is a schematic diagram showing information stored in the user information server 402 for one user.
In the user information server 402, for one user, user data management information 2900, personal information 2901, photograph data 2902, terminal properties 2903, user setting information 2904, access control information 2905, terminal data 2906, telephone information 2907, Ten types of information of a credit card list 2908 and a use history list 2909 are stored. The user data management information 2900 is management information of information stored in the user information server 402 for one user.
The personal information 2901 is information about the user's individual such as the user's age, date of birth, occupation, account number, contract details, and a part of this information corresponds to the personal information 1606 of the personal credit terminal 100. .
The photograph data 2902 is data of a photograph of the user's face, and the terminal property 2903 is attribute information of the personal credit terminal 100 such as the model number, serial number, RAM capacity, and stored program version of the personal credit terminal 100. is there.
The user setting information 2904 is user setting information relating to the personal remote credit settlement service, and is information corresponding to the user setting information 1608 of the personal credit terminal 100.
The access control information 2905 is user setting information relating to access control in a customer service call, the terminal data 2906 is RAM data of the personal credit terminal 100, and the telephone information 2907 is information relating to a digital wireless telephone. This is information corresponding to the telephone information 1609 of the terminal 100.
The credit card list 2908 is list information of credit cards registered by the user, and the usage history list 2909 is usage history information of the personal remote credit settlement service.

The user data management information 2900 includes a user name 2910, a user ID 2911, a user status 2912, a personal information address 2913, a photograph data address 2914, a user public key 2915, a terminal property address 2916, a user setting information address 2917, and access control information. It is composed of 15 pieces of information: address 2918, update date and time 2919, next update date and time 2920, terminal data address 2921, telephone information address 2922, credit card list address 2923, and use history list address 2924.
The user status 2912 indicates the state of the personal credit terminal 100 and is information corresponding to the terminal status 1702 of the personal credit terminal 100.
The update date and time 2919 indicates the date and time when the data of the service data area 1601 of the personal credit terminal 100 was last updated, and the next update date and time 2920 indicates the scheduled date and time of the next update of the data in the service data area 1601. -Corresponds to the update date and time 1700 of the credit terminal 100 and the next update date and time 1701.
Personal information address 2913, photo data address 2914, terminal property address 2916, user setting information address 2917, access control information address 2918, terminal data address 2921, telephone information address 2922, credit card list address 2923, and usage history The list address 2924 includes personal information 2901, photograph data 2902, terminal properties 2903, user setting information 2904, access control information 2905, terminal data 2906, telephone information 2907, credit card list 2908, and usage history list 2909, respectively. Is stored on the user information server 402.
The terminal data 2906 is data on the RAM 1502 of the personal credit terminal 100 at the time of the last update processing, and is used as data comparison and backup data at the next update processing.
The credit card list 2908 and the usage history list 2909 are information corresponding to the credit card list 1610 and the usage history list 1611 of the personal credit terminal 100, respectively. However, the image data address 2944, the object data address 2945, and the usage information address 2954 all indicate addresses on the user information server 402.

Next, information stored in the merchant information server 403 of the service providing system 102 will be described.
FIG. 30 is a schematic diagram showing information stored in the merchant information server 403 for one merchant.
In the merchant information server 403, for one merchant, merchant data management information 3000, merchant information 3001, terminal properties 3002, merchant setting information 3003, terminal data 3004, telephone information 3005, credit card list 3006, and sales history Eight types of information in the list 3007 are stored.
The merchant data management information 3000 is management information of information stored in the merchant information server 403 for one merchant.
The merchant information 3001 is information about the merchant, such as the merchant's address, account number, and contract details.The terminal property 3002 contains the model number, serial number, RAM capacity, hard disk capacity, and stored program of the credit settlement terminal 300. This is attribute information of the credit settlement terminal 300 such as a version.
The merchant setting information 3003 is merchant setting information relating to the personal remote credit settlement service, and is information corresponding to the merchant setting information 2506 of the credit settlement terminal 300.
The terminal data 3004 is data of the RAM 2402 and the hard disk 2403 of the credit settlement terminal 300, and the telephone information 3005 is information related to the digital telephone, and is information corresponding to the telephone information 2507 of the credit settlement terminal 300.
The credit card list 3008 is list information of credit cards that can be handled by the merchant, and the sales history list 3007 is sales history information in the personal remote credit settlement service.
Merchant data management information 3000 includes merchant name 3008, merchant ID 3009, merchant status 3010, merchant information address 3011, merchant public key 3012, terminal property address 3013, merchant setting information address 3014, update date and time 3015, next update date and time 3016 , A terminal data address 3017, a telephone information address 3018, a credit card list address 3019, and a sales history list address 3020.
The merchant status 3010 indicates the state of the credit settlement terminal 300, and is information corresponding to the terminal status 2602 of the credit settlement terminal 300.
The update date and time 3015 indicates the date and time when the data of the service data area 2501 of the credit settlement terminal 300 was last updated, the next update date and time 3016 indicates the scheduled date and time of the next data update of the service data area 2501, It corresponds to 300 update date and time 2600 and next update date and time 2601.
The merchant information address 3011, terminal property address 3013, merchant setting information address 3014, terminal data address 3017, telephone information address 3018, credit card list address 3019, and sales history list address 3020 are merchant information 3001 respectively. , Terminal property 3002, merchant setting information 3003, terminal data 3004, telephone information 3005, credit card list 3006, and sales history list 3007 on the merchant information server 403.
The terminal data 3004 is data of the RAM 2402 and the hard disk 2403 of the credit settlement terminal 300 at the time of the last update process, and is used as data comparison at the next update process and as backup data.
The credit card list 3008 and the sales history list 3007 are information corresponding to the credit card list 2508 and the sales history list 2509 of the credit settlement terminal 300, respectively. However, all sales information addresses 3043 indicate addresses on the merchant information server 403.

Next, information stored in the settlement processing institution information server 404 of the service providing system 102 will be described.
FIG. 31 is a schematic diagram showing information stored in the payment processing institution information server 404 for one payment processing institution.
The payment processing institution information server 404 stores four types of information for one payment processing institution: payment processing institution data management information 3100, payment processing institution information 3101, credit card list 3102, and sales history list 3103. You.
The payment processing institution data management information 3100 is management information of information stored in the payment processing institution information server 404 for one payment processing institution. The payment processing institution information 3101 is information on the payment processing institution such as the address, account number, and contract details of the payment processing institution, and the credit card list 3102 is a list of credit cards that the payment processing institution can handle, a payment history Listing 3103 is settlement history information in the personal remote credit settlement service.
The payment processing institution data management information 3100 includes a payment processing institution name 3104, a payment processing institution ID 3105, a payment processing institution status 3106, a payment processing institution information address 3107, a payment processing institution public key 3108, a credit card list address 3109, and a payment. It is composed of seven pieces of information of the history list address 3110.
The payment processing institution status 3106 indicates the service status of the payment processing of the payment system 103, and the payment processing institution information address 3107, the credit card list address 3109, and the payment history list address 3110 are the payment processing institution information 3101, This shows the address on the payment processing institution information server 404 where the credit card list 3102 and the payment history list 3103 are stored.
The credit card list 3102 shows list information of credit cards that can be handled by the payment processing institution. In the credit card list 3102, two pieces of information, that is, a credit card name 3111 (3113, 3115) and a service code list address 3112 (3114, 3116) are stored for one credit card.
The credit card name 3111 (3113, 3115) indicates the name of a credit card that can be handled by the payment processing institution, and the service code list address 3112 (3114, 3116) indicates one of the services provided by the credit card. The address on the payment processing institution information server 404 in which a service code list indicating the type of service that the payment processing institution can handle is stored.
The settlement history list 3103 is an area for storing history information of settlement in the personal remote credit settlement service.
In the settlement history list 3103, for the settlement of one personal remote credit settlement service, the settlement number 3117 (3121), the service code 3118 (3122), the settlement time 3119 (3123), the settlement information address 3120 (3124) Four pieces of information are stored.
The payment number 3117 (3121) is a number issued by the payment system when generating the payment completion notification 620 uniquely indicating the payment processing, and the service code 3118 (3122) is a code indicating the type of the credit card service used by the user. The number and the settlement time 3119 (3123) are the time settled by the personal / remote credit settlement service, and the settlement information address 3120 (3124) is the settlement processing institution information server 404 in which the settlement completion notice issued by the settlement system 103 is stored. Indicates the address above.

Next, information stored in the service director information server 401 of the service providing system 102 will be described.
FIG. 32 is a schematic diagram showing information stored in the service director information server 401.
The service director information server 401 stores five types of information: a user list 3200, a merchant list 3201, a payment processing institution list 3202, a service provision history list 3203, and a payment processing institution table 3204.
The user list 3200 is a list of attribute information of all users contracting with the service provider, the merchant list 3201 is a list of attribute information of all merchants contracting with the service provider, the payment processing agency list 3202 is , A list of attribute information of all payment processing institutions that have contracted with the service provider, a service provision history list 3203 is a list of history information of services provided by the personal remote credit payment service, and The table 3204 is table information in which an optimal payment processing institution is associated with a request for a personal remote credit payment service from a user and a merchant.
The user list 3200 stores four types of information for one user: a user name 3205 (3209), a user ID 3206 (3210), a user telephone number 3207 (3211), and a service list address 3208 (3212). Have been.
The service list address 3208 (3212) indicates an address on the service director information server 401 where a list of service codes available to the user is stored.
The merchant list 3201 includes, for one merchant, a merchant name 3213 (3218), a merchant ID 3214 (3219), a merchant telephone number 3215 (3220), a service list address 3216 (3221), and a customer table address 3217 ( 3222) are stored.
The service list address 3216 (3221) indicates an address on the service director information server 401 in which a list of service codes that can be handled by the merchant is stored.
The customer table address 3217 (3222) indicates an address on the service director information server 401 in which table information indicating the correspondence between the customer number and the user ID is stored.
In the payment processing institution list 3202, for one payment processing institution, a payment processing institution name 3223 (3227), a payment processing institution ID 3224 (3228), a payment processing institution communication ID 3225 (3229), a service list address 3226 ( 3230) are stored.
The payment processing organization communication ID 3225 (3229) indicates the ID of the payment system 103 when the service providing system 102 communicates with the payment system 103 via the digital communication line 111, and the service list address 3226 (3230) An address on the service director information server 401 in which a list of service codes that can be handled by the payment processing institution is stored.
The service provision history list 3203 includes a service provision number 3231 (3235), a service code 3232 (3236), a service provision time 3233 (3237), and service provision information for one service provision of the personal remote credit settlement service. Four pieces of information at addresses 3234 (3238) are stored.
The service providing number 3231 (3235) is a number that uniquely indicates the processing in the service providing system 102 in providing one service, the service code 3232 (3236) is a code number that indicates the type of credit card service used by the user, The provision time 3233 (3237) is the time at which the service of the personal remote credit settlement service was provided, and the service provision information address 3234 (3238) stores the history information of the processing in the service provision system 102 in one service provision. The address on the service director information server 401 is shown.

Next, download processing performed when data at a remote address is accessed in the personal credit terminal 100 or the credit settlement terminal 300 will be described. Hereinafter, this processing is referred to as remote access processing.
FIG. 33A shows the procedure of the remote access processing, and FIGS. 34A and 34B show the contents of the messages to be exchanged. If the accessed data is at the remote address, the personal credit terminal 100 (credit settlement terminal 300) generates a message requesting data from the service providing system 102, a remote access request 3300, and transmits the message to the service providing system 102. I do.
As shown in FIG. 34A, the remote access request 3300 includes header information indicating that the message is a remote access request 3300, a remote access request header 3400, a data address 3401 indicating a remote address, and a user ID (merchant A data (ID) 3402 and an issue date and time 3403 indicating the date and time when the remote access request 3300 was issued are digitally signed 3404 by the user (merchant) and sealed to the service provider.
The service providing system 102 receives the remote access request 3300, decrypts the encryption, checks the digital signature, and sends the requested data to the personal credit terminal 100 (credit settlement terminal 300), the remote access data 3301. Is generated and transmitted to the personal credit terminal 100 (credit settlement terminal 300).
As shown in FIG. 34B, the remote access data 3301 includes header information indicating that the message is the remote access data 3301, a remote access data header 3408, requested data 3409, a service provider ID 3410, The data composed of the issue date 3411 indicating the date and time when the remote access data 3301 was issued is digitally signed by the service provider and sealed to the user (merchant).
The personal credit terminal 100 (the credit settlement terminal 300) receives the remote access data 3301, decrypts the encryption, checks the digital signature, stores the digital signature in the temporary area, and accesses the data.

Next, a data update process performed by the personal credit terminal 100 and the credit settlement terminal 300 in the data update process will be described.
FIG. 33 (b) shows the procedure of the data update process, and FIGS. 34 (c) to (f) and FIG. 35 (a) show the contents of messages to be exchanged.
In the data update process, the personal credit terminal 100 (the credit settlement terminal 300) first generates and transmits a data update request message 3302 to the service providing system 102, requesting a data update process.
As shown in FIG. 34C, the data update request 3302 includes header information indicating that the message is the data update request 3302, a data update request header 3416, a user ID (merchant ID) 3417, and the data update request. The data consisting of the issue date and time 3418 indicating the date and time when the 3302 was issued is digitally signed by the user (merchant) and sealed to the service provider.
The service providing system 102 receives the data update request 3302, decrypts the encryption, checks the digital signature, generates a message indicating that the request is ready, a data update request response 3303, and generates a personal credit. Transmit to terminal 100 (credit payment terminal 300).

As shown in FIG. 34D, the data update request response 3303 includes header information indicating that the message is the data update request response 3303, a data update request response header 3423, a service provider ID 3424, and the data update request. The data composed of the issue date and time 3425 indicating the date and time when the response 3303 was issued is digitally signed by the service provider and sealed to the user (merchant).
The personal credit terminal 100 (the credit settlement terminal 300) receives the data update request response 3303, decrypts the encryption, checks the digital signature, and stores the data in the RAM 1502 (in the case of the credit settlement terminal 300, the RAM 2402 and the hard disk 2403). Is generated in the service providing system 102, and upload data 3304 is generated and transmitted to the service providing system.

As shown in FIG. 34 (e), the upload data 3304 includes header information indicating that the message is the upload data 3304, an upload data header 3430, and RAM 1502 (in the case of the credit settlement terminal 300, the RAM 2402 and the hard disk 2403). A digital signature of a user (merchant) is provided for data including data obtained by compressing data, terminal data 3431, user ID (merchant ID) 3342, and issue date and time 3433 indicating the date and time when the upload data 3304 was issued. It has been sealed to the provider.
The service providing system 102 receives the upload data 3304, decrypts the encryption, and checks the digital signature. Then, the compressed terminal data 3431 is decompressed and collated with the terminal data 2906 (terminal data 3004) on the user information server 402 (merchant information server 403).
Then, a new terminal data 2906 (terminal data 3004) is generated, a message for updating the data of the personal credit terminal 100 (credit payment terminal 300), update data 3305 is generated, and the personal credit terminal 100 (credit payment terminal 300) is generated. 300).

As shown in FIG. 34F, the update data 3305 includes header information indicating that the message is the update data 3305, an update data header 3438, data obtained by compressing new terminal data, terminal data 3439, and a service provider. The data including the ID 3440 and the issue date and time 3441 indicating the date and time when the update data 3305 was issued is digitally signed by the service provider and sealed to the user (merchant).
The personal credit terminal 100 (the credit settlement terminal 300) receives the update data 3305, decrypts the encryption, checks the digital signature, decompresses the compressed terminal data 3439, and stores the RAM 1502 (in the case of the credit settlement terminal 300). Updates the data in the RAM 2402 and the hard disk 2403).
When generating new terminal data, the service providing system 102 compares the access time of each credit card with respect to the personal credit terminal 100 when there is no room in the capacity of the substantial data area 1612. Assign a local address to the object data address of the credit card, compare the usage time of each usage information, assign a local address to the usage information address of the usage information with the latest usage time, When there is no room in the capacity of the hard disk 2403, the usage time of each sales information is compared, and a local address is assigned to the sales information address of the sales information whose usage time is recent.
Further, when the service providing system 102 checks the upload data against the terminal data and finds that the data has been tampered with, the personal credit terminal 100 (the credit settlement terminal 300) replaces the update data 3305. A function stop command 3305 'for stopping the function of ()) is generated and transmitted to the personal credit terminal 100 (credit settlement terminal 300).

As shown in FIG. 35A, the function stop command 3305 ′ includes header information indicating that the message is the function stop command 3305 ′, a function stop command header 3500, a service provider ID 3501, and the function stop command 3305. The data consisting of the issuance date and time 3502 indicating the date and time when 'was issued is digitally signed by the service provider and sealed to the user (merchant).
In this case, the personal credit terminal 100 (credit settlement terminal 300) that has received the function stop command 3305 'decrypts the encryption, checks the digital signature, and sets the terminal status 1702 (terminal status 2602) to "unusable". To become unusable.
The backup process performed by the personal credit terminal 100 in the backup process is performed in the same procedure as the data update process. However, after receiving the update data 3305 and updating the data in the RAM 1502, the terminal status 1702 is changed to “writable” and new data is written to the RAM until the battery capacity becomes sufficient. Prohibit input.

Next, the details of the data exchanged between the devices in the “settlement” process will be described.
FIGS. 36 (a) to (f), FIGS. 37 (a) to (c), and FIGS. 38 (a) and (b) show the contents of messages to be exchanged in the “payment” process.
First, when the user performs the payment operation 607, the personal credit terminal 100 generates a payment offer 608, and transmits the payment offer 608 to the credit settlement terminal 300 by infrared communication.
As shown in FIG. 36 (a), the payment offer 608 includes a header information indicating that the message is the payment offer 608, a payment offer header 3600, a service code 3601, a service provider ID 3602, and a transaction with the merchant. A request number 3603 arbitrarily generated as a unique number, a payment amount 3604 input by the user, a payment option code 3605 indicating the payment option input by the user, an expiration date 3606 of this payment offer 608, and this payment offer The digital signature of the user is given to the data including the issue date and time 3607 indicating the date and time when 608 was issued. The credit settlement terminal 300 receives the payment offer 608, checks the payment amount 3404 against the billing amount, checks whether the payment option 3405 is an available option, and sends the payment offer response 609 by infrared communication. The request is transmitted to the personal credit terminal 100, a credit inquiry request 610 is generated, and transmitted to the service providing system 102 by digital telephone communication.

As shown in FIG. 36 (b), the payment offer response 609 includes header information indicating that the message is the payment offer response 609, the payment offer response header 3608, and the personal credit terminal 100 receiving the payment offer response 609. Message 3609 displayed on the LCD 203 at this time, a transaction number 3610 arbitrarily generated as a number uniquely indicating a transaction with the user, a billing amount 3611, an expiration date 3612 of the payment offer response 609, and a merchant ID 3613. The data including the issue date and time 3614 indicating the date and time when the payment offer response 609 was issued is digitally signed by the merchant. The response message 3609 is a text message set by a merchant option, and may not be set.
As shown in FIG. 36 (c), the credit inquiry request 610 includes header information indicating that the message is the credit inquiry request 610, a credit inquiry request header 3615, a payment offer 608, a payment offer response 609, and a person in charge. The data including the name 3616, the merchant ID 3617, and the issue date and time 3618 indicating the date and time when the credit inquiry request 610 was issued is digitally signed by the merchant and sealed to the service provider. The contact person name 3616 is information set by a merchant option, and may not be set.
The personal credit terminal 100 receives the payment offer response 609, compares the payment amount 3404 with the billing amount, generates a payment request 613, and transmits the payment request 613 to the service providing system 102 by digital wireless telephone communication.

As shown in FIG. 36 (d), the payment request 613 includes header information indicating that the message is the payment request 613, a payment request header 3623, a payment offer 608, a payment offer response 609, a user ID 3624, and A digital signature of the user is given to the data including the issue date and time 3625 indicating the date and time when the payment request 613 was issued, and the data is sealed to the service provider.
The service providing system 102 receives the credit reference request 610 and the payment request 613, respectively, decrypts the encryption and checks the digital signature. Then, the request number, the transaction number, and the merchant ID are collated, and the merchant and the user who are going to make a transaction correspond to the issued credit inquiry request 610 and payment request 613, respectively. The contents of 610 and the payment request 613 are collated to generate a credit inquiry response 614, which is transmitted to the credit settlement terminal 300 by digital telephone communication.
As shown in FIG. 36 (e), the credit inquiry response 614 uniquely indicates header information indicating that the message is the credit inquiry response 614, a credit inquiry response header 3630, a transaction number 3631, and the processing of the credit inquiry. Inquiry number 3632 arbitrarily generated as a number, inquiry result 3633 indicating the result of the credit inquiry, photograph data 363 of the user's face, expiration date 3635 indicating the expiration date of this credit inquiry response 614, and service provider ID 3636 The service provider digitally signs the data including the issue date and time 3637 indicating the date and time when the credit inquiry response 614 was issued, and seals it to the merchant. As a result of the credit inquiry, if there is a problem with the user's credit status, the photo data 3634 is not set.
The credit settlement terminal 300 receives the credit inquiry response 614, decrypts the encryption, checks the digital signature, and displays the result of the credit inquiry on the LCD 302.

Next, when the person in charge of the merchant performs a payment processing request operation 616, the credit payment terminal 300 generates a payment request 617 and transmits it to the service providing system 102 by digital telephone communication.
As shown in FIG. 36 (f), the settlement request 617 includes header information indicating that the message is the settlement request 617, the settlement request header 3642, the payment offer 608, the payment offer response 609, and the service providing system 102. For the data consisting of the issued reference number 3643, the expiration date 3644 indicating the expiration date of the settlement request 617, the person in charge 3645, the merchant ID 3646, and the issue date 3647 indicating the date and time when the settlement request 617 was issued, Digitally signed by the merchant and sealed to the service provider. The contact person name 3616 is information set by a merchant option, and may not be set.
The service providing system 102 receives the payment request 617, decrypts the encryption, checks the digital signature, and checks the contents of the payment request 617 and the payment request 613. Then, referring to the payment processing institution table 3204, the payment processing institution that requests the payment is determined, and the generated payment request 619 is transmitted to the payment system 103 of the payment processing institution.

As shown in FIG. 37A, the payment request 619 includes header information indicating that the message is the payment request 619, a payment request header 3700, a credit card number 3701 corresponding to the service code specified by the user, and a personal information. A request number 3702 issued by the credit terminal 100, a payment amount 3703, a payment option code 3704, a merchant account number 3705 indicating a merchant account number, a transaction number 3706 issued by the credit settlement terminal 300, and the settlement The data including the expiration date 3707 indicating the expiration date of the request 619, the service provider ID 3708, and the issue date and time 3709 indicating the date and time when the settlement request 619 was issued is digitally signed by the service provider and sent to the settlement processing organization. It is a sealed letter.
The payment system 103 receives the payment request 619, decrypts the encryption, checks the digital signature, performs a payment process, generates a payment completion notification 620, and transmits it to the service providing system 102.

As shown in FIG. 37 (b), the payment completion notification 620 is arbitrarily set as header information indicating that the message is the payment completion notification 620, a payment completion notification header 3714, and a number uniquely indicating the payment processing of the payment system 103. Generated payment number 3715, credit card number 3716, request number 3717, payment amount 3718, payment option code 3719, merchant account number 3720, transaction number 3721, and digitally signed service of payment processing agency Issue payment information 3722 for the provider, payment information 3723 for the merchant digitally signed by the payment processing institution, payment information 3724 for the user digitally signed by the payment processing institution, payment processing institution ID 3725, and issue this payment completion notification The data consisting of the issue date and time 3726 indicating the date and time of It has been sealed to the provider.
The service providing system 102 receives the payment completion notification 620, decrypts the encryption, checks the digital signature, generates a payment completion notification 621, and performs digital telephone communication,
The data is transmitted to the credit settlement terminal 300.

As shown in FIG. 37 (c), the payment completion notification 621 includes header information indicating that the message is the payment completion notification 621, a payment completion notification header 3731, a payment number 3732, and a digital signature of the payment processing organization. Merchant payment information 3723, a service providing the merchant with a number generated as a number uniquely indicating a user, a customer number 3733, a cryptographically decrypted payment request 3648, and information on processing in the service providing system 102 The service provider information is digitally signed by the service provider with respect to data including the processing information 3734, the service provider ID 3735, and the issue date and time 3736 indicating the date and time when the settlement completion notification 621 was issued, and is sealed to the merchant. . The service provider processing information 3734 is information set by an option of the service provider, and may not be set.
The credit settlement terminal 300 receives the settlement completion notification 621, decrypts the encryption, checks the digital signature, and displays the content on the LCD 302. Then, the credit settlement terminal 300 generates a receipt 623 and transmits it to the service providing system 102 by digital telephone communication.

As shown in FIG. 38A, the receipt 623 includes header information indicating that the message is the receipt 623, a receipt header 3800, a product name 3801 indicating the name of the sold product, and a user Issuance date and time indicating the sales information 3802 indicating additional information relating to the transaction, the settlement number 3803, the transaction number 3804, the payment offer 608, the person in charge 3805, the merchant ID 3806, and the date and time when the receipt 623 was issued. The data consisting of 3807 is digitally signed by the merchant and sealed to the service provider. The sales information 3802 and the person in charge 3805 are information set by merchant options, and may not be set.
The service providing system 102 receives the receipt 623, decrypts the encryption, checks the digital signature, generates a receipt 624, and transmits it to the personal credit terminal 100 by digital wireless telephone communication.

As shown in FIG. 38 (b), the receipt 624 includes header information indicating that the message is the receipt 624, a receipt header 3812, a decrypted receipt 3808, and a digital signature of the payment processing institution. Data consisting of payment information 3724 for the user who made the service, service provider processing information 3813 indicating information relating to processing in the service providing system 102, a service provider ID 3814, and an issue date 3815 indicating the date and time when the receipt 624 was issued. Is digitally signed by the service provider and sealed to the user. The service provider processing information 3813 is information set by an option of the service provider, and may not be set.
The personal credit terminal 100 receives the receipt 624, decrypts the encryption, checks the digital signature, and displays the content on the LCD 203.

Next, details of the content of data exchanged between devices in the “cancel” process will be described.
FIGS. 39A to 39F show the contents of messages to be exchanged in the process of “cancel”.
First, when the person in charge of the merchant performs a cancel operation 901, the credit settlement terminal 300 generates a cancel request 903 and transmits it to the service providing system 102 by digital telephone communication.
On the other hand, when the user performs a cancel operation 904, the personal credit terminal 100 generates a cancel request 906, and transmits the cancel request 906 to the service providing system 102 by digital wireless telephone communication.
As shown in FIG. 39A, the cancel request 903 includes header information indicating that the message is the cancel request 903, a cancel request header 3900, a settlement completion notification 3737 obtained by decrypting the encryption, and a Digitally sign the merchant for the data consisting of the expiration date 3901 indicating the expiration date, the person in charge 3902, the merchant ID 3903, and the issuance date and time 3904 indicating the date and time when the cancellation request 903 was issued, and send it to the service provider. It is a sealed letter. The person in charge 3916 is information set by a merchant option, and may not be set.

As shown in FIG. 39B, the cancel request 906 includes header information indicating that the message is the cancel request 906, a cancel request header 3909, a receipt 3816 obtained by decrypting the encryption, and validity of the cancel request 906. The data including the expiration date 3910 indicating the expiration date, the user ID 3911, and the issuance date and time 3912 indicating the date and time when the cancel request 906 was issued is digitally signed by the user and sealed to the service provider.
The service providing system 102 receives the cancel request 903 and the cancel request 906, respectively, decrypts the encryption and checks the digital signature. Then, the request number, the transaction number, and the merchant ID are collated, and the merchant and the user who are going to perform the cancellation process correspond to the issued cancellation request 903 and the cancellation request 906, respectively. By collating the content with the cancellation request 906, a cancellation request 907 is generated and transmitted to the settlement system 103.
As shown in FIG. 39 (c), the cancel request 907 includes header information indicating that the message is the cancel request 907, a cancel request header 3917, a settlement completion notice 3727 obtained by decrypting the encryption, and the cancel request 907. The data consisting of the expiration date 3918 indicating the expiration date, the service provider ID 3919, and the issuance date and time 3920 indicating the date and time when the cancellation request 907 was issued is digitally signed by the service provider, and sealed to the settlement processing institution. It was done.
The settlement system 103 receives the cancellation request 907, decrypts the encryption, checks the digital signature, performs a cancellation process, generates a cancellation completion notification 908, and transmits it to the service providing system 102.

  As shown in FIG. 39D, the cancellation completion notification 908 includes header information indicating that the message is the cancellation completion notification 908, a cancellation completion notification header 3925, a number uniquely indicating the cancellation processing performed by the settlement system 103, Cancellation number 3926, cancellation request 3921 that decrypts the encryption, cancellation information 3927 for the service provider digitally signed by the payment processing institution, cancellation information 3928 for the merchant digitally signed by the payment processing institution, and payment processing institution Digital signature of the payment processing institution is performed on the data consisting of the user's cancellation information 3929 that has been digitally signed, the payment processing institution ID 3930, and the issue date and time 3931 indicating the date and time when the payment completion notification was issued, and It is a sealed letter. The service providing system 102 receives the cancellation completion notice 908, decrypts the encryption, checks the digital signature, generates the cancellation completion notice 909 and the cancellation processing receipt 910, and respectively,・ Send to the credit terminal 100.

  As shown in FIG. 39 (e), the cancellation completion notification 909 includes header information indicating that the message is the cancellation completion notification 909, a cancellation completion notification header 3936, a cancellation number 3937, and a cancellation request 3905 obtained by decrypting the encryption. The payment information 3928 for the merchant digitally signed by the payment processing institution, the service provider processing information 3938 indicating information on processing in the service providing system, the service provider ID 3939, and the date and time when the cancellation completion notice 909 was issued The data consisting of the issue date and time 3940 is digitally signed by the service provider and sealed to the merchant. The service provider processing information 3938 is information set by an option of the service provider, and may not be set.

As shown in FIG. 39 (f), the cancellation processing receipt 910 is obtained by decrypting the header information indicating that the message is the cancellation processing receipt 910, the cancellation processing receipt header 3945, the cancellation number 3946, and the encryption. The cancellation request 3913, the payment information 3929 for the user digitally signed by the payment processing institution, the service provider processing information 3947 indicating information relating to the processing in the service providing system, the service provider ID 3948, and the cancellation processing receipt 910. The data consisting of the issue date and time 3949 indicating the issue date and time is digitally signed by the service provider and sealed to the user. The service provider processing information 3947 is information set by an option of the service provider, and may not be set.
The credit settlement terminal 300 receives the cancellation completion notification 909, decrypts the encryption, checks the digital signature, and displays the content on the LCD 302. On the other hand, the personal credit terminal 100 also receives the cancellation processing receipt 910, decrypts the encryption, checks the digital signature, and displays the content on the LCD 203.

Next, the details of the data exchanged between the devices in the processing of the "customer service call" will be described.
FIGS. 40A to 40E show the contents of messages exchanged in the processing of the “customer service call”.
First, when a merchant rep performs a customer service call operation 1200, the credit settlement terminal 300 generates a customer service call request 1202 and transmits it to the service providing system 102 by digital telephone communication.
As shown in FIG. 40A, the customer service call request 1202 includes header information indicating that the message is the customer service call request 1202, the customer service call request header 4000, and “payment” as the number indicating the user. Customer number 4001 issued at the time of processing, request number 4002 uniquely indicating this customer service call request, contact person name 4003, merchant ID 4004, and issue date and time indicating the date and time when this customer service call request 1202 was issued The data consisting of 4005 is digitally signed by the merchant and sealed to the service provider. The contact person name 4003 is information set by a merchant option, and may not be set.
The service providing system 102 receives the customer service call request 1202, decrypts the encryption, and checks the digital signature. Then, the service providing system 102 determines the user from the customer table, compares the user with the access control information of the user, generates a customer service call 1203 and a customer service call request response 1204, and respectively generates the user's personal credit terminal. 100 and the credit settlement terminal 300.

As shown in FIG. 40B, the customer service call 1203 is composed of header information indicating that the message is the customer service call 1203, a customer service call header 4010, a person in charge name 4011, a merchant ID 4012, and a merchant name 4013. Digital signature of the service provider on the data consisting of the request number 4014 set by the credit settlement terminal 300, the service provider ID 4015, and the issue date and time 4016 indicating the date and time when the customer service call 1203 was issued. It is a sealed letter. The person in charge name 4011 is information set by a merchant option, and may not be set.
As shown in FIG. 40C, the customer service call request response 1204 includes header information indicating that the message is the customer service call request response 1204, a customer service call request response header 4021, and a response from the service providing system 102. A digital signature of the service provider on data including a message 4022, a request number 4023 set by the credit settlement terminal 300, a service provider ID 4024, and an issue date and time 4025 indicating the date and time when the customer service call request response 1204 was issued. And sealed the letter to the merchant.
The credit settlement terminal 300 receives the customer service call request response 1204, decrypts the encryption, checks the digital signature, and displays “calling”.

The personal credit terminal 100 receives the customer service call 1203, decrypts the encryption, checks the digital signature, and notifies the user of the incoming call. Then, when the user performs the call operation 1207, the personal credit terminal 100 transmits an incoming call response 1208 to the service providing system 102. The service providing system 102 that has received the incoming call response 1208 transmits a call response 1210 to the credit settlement terminal 300, and the credit settlement terminal 300 and the personal credit terminal 100 enter a communication state.
As shown in FIG. 40D, the incoming response 1208 is composed of header information indicating that the message is the incoming response 1208, an incoming response header 4030, and a request number 4031 set by the credit settlement terminal 300. As shown in FIG. 40 (e), the response 1210 includes header information indicating that the message is the call response 1210, a call response header 4032, and a request number 4033 set by the credit settlement terminal 300.

Next, the details of the data exchanged between the devices in the processing of the "inquiry call" will be described.
FIGS. 41A to 41E show the contents of messages to be exchanged in the processing of the "inquiry call".
First, when the user performs an inquiry call operation 1213, the personal credit settlement terminal 100 generates an inquiry call request 1215 and transmits it to the service providing system 102 by digital wireless telephone communication.
As shown in FIG. 41A, the inquiry call request 1215 includes header information indicating that the message is the inquiry call request 1215, an inquiry call request header 4100, a merchant ID 4101, a person in charge name 4102, and the inquiry call request. A digital signature of the user on the data consisting of the request number 4103 uniquely indicating the request, the user ID 4104, and the issue date and time 4105 indicating the date and time when the inquiry call request 1215 was issued, and sealed to the service provider. It is. The person in charge name 4103 is information set in the merchant's option in the process of “settlement”, and may not be set.

The service providing system 102 receives the inquiry call request 1215, decrypts the encryption, and checks the digital signature. Then, the service providing system 102 generates an inquiry call 1216 and an inquiry call request response 1217, and transmits them to the merchant's credit settlement terminal 300 and personal credit settlement terminal 100, respectively.
As shown in FIG. 41B, the inquiry call 1216 is composed of header information indicating that the message is an inquiry call 1216, an inquiry call header 4110, a customer number 4111, and a request number 4112 set by the personal credit terminal 100. The data comprising the service provider ID 4113 and the issue date and time 4114 indicating the date and time when the inquiry call 1216 was issued is digitally signed by the service provider and sealed to the merchant.

As shown in FIG. 41C, the inquiry call request response 1217 includes header information indicating that the message is the inquiry call request response 1217, an inquiry call request response header 4119, and a response message 4120 from the service providing system 102. The digital signature of the service provider is performed on data including the request number 4121 set by the personal credit settlement terminal 100, the service provider ID 4122, and the issue date and time 4123 indicating the date and time when the inquiry call request response 1217 was issued. , And sealed to the user.
The personal credit terminal 100 receives the inquiry call request response 1217, decrypts the encryption, checks the digital signature, and displays "calling". The credit settlement terminal 300 receives the inquiry call 1216, decrypts the encryption, checks the digital signature, and notifies the merchant of the incoming call. Then, when the merchant performs call operation 1220, credit settlement terminal 300 transmits incoming response 1221 to the service providing system. The service providing system that has received the incoming response 1221 transmits the call response 1223 to the personal credit terminal, and the personal credit terminal 100 and the credit settlement terminal 300 enter a call state.
As shown in FIG. 41D, the incoming response 1221 is composed of header information indicating that the message is the incoming response 1221, an incoming response header 4128, and a request number 4129 set by the personal credit settlement terminal 100. As shown in FIG. 41 (e), the call response 1223 includes header information indicating that the message is the call response 1223, a call response header 4130, and a request number 4131 set by the personal credit settlement terminal 100. Is done.

(Embodiment 2)
Next, a second embodiment of the present invention will be described. In the second embodiment, a personal remote credit settlement system that enables efficient processing of a personal remote credit settlement service will be described.
The basic configuration of this personal remote credit settlement system is the same as that of the first embodiment, and has two bidirectional wireless communication functions and an electronic credit card function as shown in FIG. A personal credit terminal 100, a credit settlement device 101 for performing a credit settlement process in a retail store, a settlement system 103 for performing a credit settlement process in a credit service company or a settlement processing company, a personal credit terminal 100, a credit settlement device 101 And a service providing system 102 for providing a personal remote credit settlement service at the center of a communication network connecting the settlement system 103, a digital public network 108 for providing a data transmission path in the network, Connect to digital public network 108 To and a base station 104 of the wireless telephone.

The personal credit terminal 100 is a portable wireless telephone terminal having a two-way wireless communication function of infrared rays and a digital wireless telephone, and an electronic credit card function. Further, the credit settlement apparatus 101 that performs a credit settlement process at a retail store also has two-way two-way communication functions of infrared communication and digital telephone communication.
In FIG. 1, reference numeral 105 denotes a transmission line for infrared communication performed between the personal credit terminal 100 and the credit settlement apparatus 101, and reference numeral 106 denotes digital wireless communication performed between the personal credit terminal 100 and the base station 104. 107, a digital communication line connecting the base station 104 and the digital public network 108; 109, a digital communication line connecting the digital public network 108 and the service providing system 102; 110, a credit settlement device 101 And a digital telephone communication line 111 connecting the digital public network 108 and a digital communication line 111 connecting the service providing system 102 and the settlement system 103. In particular, the digital communication line 109 and the digital communication line 111 operate as a plurality of communication lines by multiplexing.
The normal operation mode of the personal remote credit settlement service is the same as that of the first embodiment, and is as follows.
The settlement system 103 is installed in a credit card company or a settlement processing company, and the credit settlement apparatus 101 is installed in a retail store, and the consumer carries the personal credit terminal 100. The service providing system 102 is installed in a company that provides a personal remote credit settlement service, and when the credit card company provides a personal remote credit settlement service, the service providing system 102 is installed in the credit card company. Is done.
It is also assumed that a consumer has a credit service membership contract with a credit card company and a personal remote credit payment service member contract with a company that provides a personal remote credit payment service. In addition, we have contracts for wireless telephone services with telephone companies. Similarly, retail outlets may also sign credit card merchant agreements with credit card companies and personal remote credit card payment service merchants with companies that provide personal remote credit settlement services. We have contracts with digital telephone communication services with telephone companies.
If the personal remote credit card payment service is provided by a different company from the credit card company, the personal remote credit card payment service may be provided by one or more credit card companies. In place of credit card companies, electronic credit cards are issued to members who have contracted for credit services, and contracts for operating personal remote credit settlement services have been made.
Further, when the settlement processing company performs the credit settlement processing using the settlement system 103, the settlement processing company performs the credit settlement processing with one or more credit card companies. I have a contract.
When the settlement system for performing the credit settlement process differs depending on the credit card, a plurality of settlement systems are connected to the service providing system 102 by a digital communication line in the same manner as the settlement system 103 in FIG.

In the following, in order to simplify the description of the present system, the consumer who owns the personal credit terminal 100 is a user, the retail store where the credit settlement device 101 is installed is a merchant, and the credit settlement device 101 A sales clerk who operates the service (Operator), a personal remote credit payment service provider is a service provider (Service Provider), and a credit card company or payment processing company that performs credit payment processing using the payment system 103 Is referred to as a payment processor (Transaction Processor).
In this system, when the user pays the merchant for the merchandise by credit, the personal credit terminal 100, the credit settlement device 101 and the service providing system 102 electronically exchange settlement information, and further, Credit exchange processing is performed by electronically exchanging settlement information between the service providing system 102 and the settlement system 103.
Basically, the service providing system 102 receives a payment request and a payment request from the personal credit terminal 100 and the credit payment device 101, respectively, compares the payment request with the payment request, and communicates with the user and the merchant. Instead, it requests the settlement system 103 for settlement processing. Then, the payment system performs the actual payment processing.

At this time, the personal credit terminal 100 and the credit settlement apparatus 101 perform infrared communication using the transmission path 105, and the personal credit terminal 100 and the service providing system 102 communicate with the transmission path 106 and the base station 104, and The digital payment system 101 and the service providing system 102 perform digital telephone communication by a digital wireless telephone via a digital communication line 107, a digital public network 108, and a digital communication line 109. Digital telephone communication is performed via the digital communication line 108 and the digital communication line 109. Then, the service providing system 102 and the settlement system 103 perform digital data communication via the digital communication line 111.
In the communication between the personal credit terminal 100 and the service providing system 102, the communication between the credit settlement apparatus 101 and the service providing system 102, and the communication between the service providing system 102 and the settlement system 103, all exchanged settlement information is used. And encrypt and communicate. In the encryption, information is electronically sealed and communicated by combining encryption processing of a secret key method and encryption processing of a public key method.

Next, each component of the present system will be described.
First, the personal credit terminal 100 will be described. The appearance of the personal credit terminal 100 is the same as that of the first embodiment, and has the front and rear appearances shown in FIGS. 2A and 2B.
The personal credit terminal 100 has three operation modes: a credit card mode, a digital wireless telephone mode, and a personal information management mode. The personal credit terminal 100 operates as a digital radio telephone in the digital radio telephone mode, and operates as an electronic credit settlement means, that is, an electronic credit card in the credit card mode.
The electronic credit card is registered in the personal credit terminal 100 on the assumption that the user has a credit service contract with a credit card company. When the user has a membership contract for a plurality of credit services, a plurality of credit cards are registered in the personal credit terminal 100.
The personal information management mode is an operation mode for managing the user's personal information stored inside the personal credit terminal 100. In the personal information management mode, the user can refer to registered personal information and photograph data. , And user setting information.
For example, when making a call using the personal credit terminal 100, the user first sets the operation mode to the digital wireless telephone mode with the mode switch 204, and then inputs the telephone number with the numeric key switch 208. Press the call switch 205. With the above operation, the user can make a call to the input telephone number.

Further, when a normal telephone call is received from personal credit terminal 100, personal credit terminal 100 emits a ringtone regardless of the operation mode at that time. In this case, pressing the call switch 205 automatically switches to the digital wireless telephone mode, and the user can receive a telephone call.
When paying the merchant with credit, first, the operation mode is set to the credit card mode by the mode switch 204, and the credit card to be used for payment is selected by the function switch 207. Next, the user enters the amount to be paid with the numeric keypad 208, points the infrared communication port 200 toward the merchant's credit card settlement device 101, and presses the execution switch 211. By the above operation, the personal credit terminal 100 performs infrared communication with the credit settlement device 101, performs digital wireless telephone communication with the service providing system 102, and exchanges settlement information with each other. Perform credit settlement processing.

Next, the credit settlement device 101 will be described. The external appearance of the credit settlement apparatus 101 is the same as that of the first embodiment, and has the external appearance shown in FIG.
The credit settlement terminal 300 has three operation modes: a credit settlement mode, a digital telephone mode, and a merchant information management mode. In the digital telephone mode, it operates as a digital telephone, and in the credit settlement mode, it operates as a credit settlement processing terminal of a personal remote credit settlement service.
The merchant information management mode is an operation mode for managing merchant information stored inside the credit settlement terminal 300. In the merchant information management mode, the merchant refers to registered merchant information and the like, and sets merchant information. Set information.
When making a call, for example, from the credit settlement terminal 300, the person in charge first sets the operation mode to the digital telephone mode with the mode switch 304, and then inputs the telephone number with the numeric key switch 307. Through the above operation, the person in charge can make a call to the input telephone number.
In addition, when a normal telephone call is made to the credit settlement terminal 300, the credit settlement terminal 300 emits a ringtone regardless of the operation mode. In this case, when the telephone 303 is raised or the hook switch 305 is pressed, the mode is automatically switched to the telephone mode, and the person in charge can receive the telephone.
When performing the credit settlement processing, first, the cash register 311 calculates the total amount from the commodity price and the tax, and notifies the user of the total amount. Next, in accordance with the request of the user who wants to pay by credit, the user presses the credit settlement switch 312 of the cash register 311 and waits for the user to perform the payment operation at the personal credit terminal 100. When the user performs a payment operation, the payment amount input by the user is displayed on the LCD 302, and the result of the user's credit inquiry is displayed. The person in charge checks the contents and presses the execution switch 308.
Through the above operation, the credit settlement apparatus 101 exchanges settlement information with the personal credit terminal 100 and the service providing system 102, respectively, and performs a credit settlement process.

Next, the service providing system will be described. The service providing system 102 has the same block configuration as that of the first embodiment. As shown in FIG. 4, in the personal remote credit settlement service, the personal credit terminal 100, the credit settlement device 101, and the settlement system A service server 400 for performing data processing of payment information exchanged with each of the exchanges 103 and controlling data communication at that time, attribute information on users, merchants, and payment processing institutions, and history information of services provided by the service providing system 102 Service director information server 401 that manages the attribute information of the user and the data in the personal credit terminal 100, and the user information server 402 that manages the attribute information of the merchant and the data in the credit settlement terminal 300 Merchant information server 403 and the attribute information Payment processing institution information server 404 that manages the transaction history information and the payment processing history information, and a management system 407 in which the service provider performs operation management of the service providing system 102. Each of the servers 400 to 404 and the management system 407 , Each comprising one or more computers.
Further, the service server 400, the service director information server 401, the user information server 402, the merchant information server 403, and the payment processing institution information server 404 are connected to the ATM-LAN switch 405 by ATM-LAN cables 409, 410, 411, 412, 413, respectively. The 400 accesses the service director information server 401, the user information server 402, the merchant information server 403, or the settlement processing institution information server 404 via the ATM-LAN switch 405.
The ATM-LAN switch 405 is connected to the ATM switch 406 by an ATM-LAN cable 415. A digital communication line 109 connected to the digital public network 108 and a digital communication line 111 connected to the settlement system 103 are connected to the ATM exchange 404, and the service server 400 is connected via the ATM-LAN switch 405 and the ATM exchange 406, It communicates with the personal credit terminal 100, the credit settlement device 101, and the settlement system 103.

The management system 407 is connected to an ATM-LAN switch 406 by an ATM-LAN cable 414, and further connected to an ATM switch 406 by an ATM-LAN cable 416. The management system 407 is a service server 400, a service director information server 401, a user information server 402, a merchant information server 403, or a payment processing institution information via an ATM-LAN switch 408, an ATM switch 406, and an ATM-LAN switch 405. By accessing the server 404, the operation management of the service providing system 102 is performed.
The ATM switch 406 operates as a data communication switch in communication between the outside and the inside of the service providing system 102 and in communication between the inside of the service providing system 102. The ATM switch 406 supports a plurality of communication systems and has a function of a communication adapter. For example, in the communication between the service server 400 and the credit settlement apparatus 101, first, an ISDN data packet is exchanged between the credit settlement apparatus 101 and the ATM exchange 406, and the ATM exchange 406 converts the ISDN data packet into an ATM packet. The ATM packet is exchanged between the ATM switch 406 and the service server 400, and the ATM packet is exchanged. Similarly, in the communication between the service server 400 and the personal credit terminal 100, and in the communication between the service server 400 and the settlement system 103, the ATM exchange 406 responds to the respective communication methods and transmits the communication data. Perform the conversion.

In addition, in order to reduce communication costs between the personal credit terminal 100 and the service providing system 102 and between the credit settlement apparatus 101 and the service providing system 102, the service providing system 102 usually provides a personal remote credit settlement service. It is set up for each area (service area) provided. Therefore, the ATM exchange 406 is connected to a dedicated digital communication line 417 that connects to a service providing system in another area. In this case, the service providing systems 102 share data with each other and perform data processing in cooperation.
The mechanism of data sharing and cooperative processing between service providing systems will be described later in detail.

Next, the payment system 103 will be described. The payment system 103 has a block configuration shown in FIG. 5, as in the first embodiment. In the personal remote credit settlement service, the credit settlement process performed by the settlement system 103 is such that the transaction processing server 500 responds to the settlement request from the service providing system 102 by the subscriber information server 501, the member store information server 502, And by updating the information of the transaction information server 503, respectively.
The ATM exchange 505 includes a digital communication line 111 connected to the service providing system 102, a dedicated bank line 515 connected to a bank online system, and a dedicated digital line 516 connected to a payment system of another payment processing organization. Connected, the settlement system 103 communicates with a bank online system and a settlement system of another settlement processing institution, and performs settlement processing between financial institutions.

The management system 506 is connected to an ATM-LAN switch 507 by an ATM-LAN cable 512, and further connected to an ATM switch 505 by an ATM-LAN cable 514. The management system 506 accesses the transaction processing server 500, the subscriber information server 501, the member store information server 502, or the transaction information server 503 via the ATM-LAN switch 507, the ATM switch 505, and the ATM-LAN switch 504. Then, the operation management of the settlement system 103 is performed.
The ATM exchange 505 operates as an exchange for data communication in communication between the outside and inside of the settlement system 103 and communication between inside of the settlement system 103. The ATM switch 505 has a function of a communication adapter corresponding to a plurality of communication systems, and performs communication between the transaction processing server 500 and the service providing system 102 and communication between the transaction processing server 500 and the bank online system. In the communication between the transaction processing server 500 and the payment system of another payment processing institution, the ATM exchange 505 converts communication data in accordance with each communication method.

Next, a personal remote credit settlement service provided by the present system will be described.
The personal remote credit settlement service is roughly divided into four processes: "settlement", "cancel", "customer service call", and "inquiry call".
"Payment" is a process in which a user pays a credit to a merchant by credit without wirelessly transferring a credit card or a statement. "Cancel" is a personal remote credit payment. The process of canceling the transaction completed by the “payment” processing of the service by wireless communication based on the agreement between the user and the merchant, the “customer service call” is the processing of the “payment” of the personal remote credit payment service The process of enabling the merchant to make a telephone call to a user who has made a transaction with the merchant even if the merchant does not know the user's telephone number, and the "inquiry call" is a "payment" of the personal remote credit settlement service. For merchants who have transacted through processing, Without The are known your phone number, it is a process that enables the phone of inquiry.

FIG. 43 shows the flow of processing of “payment” in the personal remote credit payment service. FIG. 44A shows a display example of the LCD 203 of the personal credit terminal 100 in the “payment” processing. (I) to (i), and display examples on the LCD 302 of the credit settlement terminal 300 are shown in (a) to (g) of FIG.
FIG. 9 shows the flow of the "cancel" process in the personal remote credit settlement service, and FIG. 10 shows a display example of the LCD 203 of the personal credit terminal 100 in the "cancel" process. (a) to (h), and display examples of the LCD 302 of the credit settlement terminal 300 are shown in (a) to (g) of FIG.
FIG. 45 (a) shows a flow of processing of a "customer service call" in the personal remote credit settlement service, and the LCD 203 of the personal credit terminal 100 performs this "customer service call" processing. Display examples are shown in FIGS. 13A and 13B, and display examples on the LCD 302 of the credit settlement terminal 300 are shown in FIGS.
FIG. 45 (b) shows a flow of processing of an "inquiry call" in the personal remote credit settlement service, and a display example of the LCD 203 of the personal credit terminal 100 during the "inquiry call" processing. 13 (b) to 13 (f), and examples of display on the LCD 302 of the credit settlement terminal 300 are shown in FIGS. 14 (h) and 14 (f).
The flow of each of these processes is substantially the same as that described in the first embodiment.

Next, the internal configuration of the personal credit terminal 100 will be described.
FIG. 15A is a block diagram of the personal credit terminal 100. The terminal has a CPU (Central Processing Unit) 1500 that processes transmission data and reception data according to a program stored in a ROM (Read Only Memory) 1501 and controls other components via a bus 1529. A RAM (Random Access Memory) 1502 in which data processed by the CPU 1500 and data processed by the CPU 1500 are stored, a terminal ID of the personal credit terminal 100, a telephone number, a user ID of a user, and a private key and a public key, In addition, an EEPROM (which stores the service provider's public key) and a service provider ID and a telephone number of the service provider system 102 (the telephone number of the service provider system is digitally signed by the service provider) and a service provider's public key are stored. Electric Erasable Programmable Read Only Memory) 1503, and controls the operation of the LCD 203 according to the control of the CPU 1500. Accordingly, an LCD controller 1504 for displaying the set image on the LCD, an encryption processor 1505 for performing encryption and decryption of data under the control of the CPU 1500, and encoding and reception of transmission data under the control of the CPU 1500. , A data codec 1506 that performs decoding, an infrared communication module 1507 that performs transmission and reception of infrared light during infrared communication, and a user's mode switch 204, a call switch 205, an end switch 206, a function switch 207, a numeric key switch 208, A power switch 209, a key operation control unit 1509 that detects a switch operation of the execution switch 211, and an analog driver that drives a headset connected to the speaker 1510, the receiver 202, or the headset jack 212, and inputs from the microphone 210 or the headset. Sound that amplifies the audio signal A voice processing unit 1511; a voice codec 1512 that encodes the analog voice signal 1542 into digital voice data and decodes the digital voice data into an analog voice signal 1543; and generates and receives transmission data over a wireless channel. A channel codec 1513 for extracting data destined for itself from data, and a serial digital signal 1547 input from the channel codec 1513 are converted into an analog transmission signal 1549 having an oscillation electric signal 1552 supplied from a PLL 1516 as a baseband. A demodulator 1515 that demodulates the analog received signal 1550 using the oscillating electric signal 1553 supplied from the PLL 1516 as a base band of the analog received signal 1550 and supplies a serial digital signal 1548 to the channel codec 1513; The analog transmission signal 1549 supplied from the unit 1514 is converted into a radio wave and the antenna 201 When the radio wave is received by the antenna 201, the RF unit 1517 inputs the analog reception signal 1550 to the demodulation unit 1515, and the battery capacity detection unit 1518 detects the capacity of the battery of the personal credit terminal 100. , Channel codec 1513, PLL 1516 and RF section 1517, activation control, key operation control section 1509, processing of interrupt signals input from channel codec 1513 and battery capacity detection section 1518, and CPU 1500 having key operation control section 1509 and voice processing. And a control logic unit 1508 serving as an interface when accessing registers inside the audio codec 1512 and the channel codec.

The cryptographic processor 1505 has an encryption / decryption function of a secret key method and an encryption / decryption function of a public key method, and is set by the CPU 1500 using the encryption method and key set by the CPU 1500. Encrypt or decrypt data. Using the encryption and decryption functions of the cryptographic processor 1505, a digital signature process or a letter-sealing process of the message is performed. The digital signature of the received message is verified.
The data codec 1506 encodes transmission data and decodes received data under the control of the CPU 1500. In this case, the encoding means that the data is actually transmitted including communication control information and error correction information. Decoding means processing for performing error correction processing on received data, removing unnecessary communication control information, and generating data that the sender originally intended to transmit. I do. The data codec 1506 has a function of encoding and decoding data in data communication of a digital wireless telephone, and a function of encoding and decoding data in infrared communication. Perform the encoding process and the decoding process set by.

For example, when transmitting a message subjected to digital signature processing and sealed processing by digital wireless telephone communication, the CPU 1500 uses the encryption processing processor 1505 to perform digital signature processing and sealed processing of the message. Performing, further, using the data codec 1506, the digitally signed message and the message subjected to the sealed process, the data format of the data communication of the digital wireless telephone is encoded, through the control logic unit 1508, Send to channel codec 1513.
Conversely, when a message subjected to digital signature processing and sealed processing is received by digital wireless telephone communication, the CPU 1500 reads the received message from the channel codec 1513 through the control logic unit 1508. By using the data codec 1506, the received message is decrypted, and further, using the cryptographic processor 1505, the decryption process of the encrypted message and the verification process of the digital signature applied to the message are performed. Do.

Similarly, when a message that has been subjected to the digital signature processing and the sealed processing is transmitted by infrared communication, the CPU 1500 performs the digital signature processing and the sealed processing of the message using the encryption processing processor 1505. Further, using the data codec 1506, the digitally signed and sealed message is encoded into an infrared communication data format, and the encoded message is sent to the infrared communication module 1507.
Conversely, when a message subjected to digital signature processing and sealed processing is received by infrared communication, the CPU 1500 reads the received message from the infrared communication module 1507, and receives the message using the data codec 1506. The decrypted message is decrypted, and the cryptographic processor 1505 performs a decryption process of the encryption of the sealed message and a verification process of the digital signature applied to the message.

  Further, as shown in FIG. 15B, the infrared communication module 1507 includes therein a serial-parallel conversion circuit 1560 that performs bidirectional conversion between parallel data and serial data, and a serial-parallel conversion circuit 1560. Modulate the digital signal 1562 converted to serial data into a signal that is actually transmitted as infrared light, and also modulate and demodulate the received analog signal 1565 into a serial digital signal 1563 with a modulation and demodulation circuit 1561. An infrared light receiving / emitting unit 200 that converts a signal 1564 into infrared light to emit light and converts received infrared light into an analog signal 1565 is provided.

The key operation control unit 1509 that detects a switch operation by the user presses the mode switch 204, the call switch 205, the end switch 206, the function switch 207, the ten-key switch 208, the power switch 209, or the execution switch 211. The key operation control unit 1509 asserts an interrupt signal 1538 for prompting a process corresponding to the switch operation. Further, as shown in FIG. 46, the key operation control unit 1509 includes a key operation control register (KEYCTL) 21612 for setting validity / invalidity of each switch. The CPU 1500 accesses the key operation control register (KEYCTL) 21612 to set validity / invalidity of each switch.
As shown in FIG. 46, the audio processing unit 1511 includes an audio processing unit control register (SCTL) 21611 for controlling the audio processing operation. The CPU 1500 accesses the audio processing unit control register (SCTL) 21611 to control the operation of the audio processing unit 1511. For example, when an incoming call request for a digital wireless telephone is received, the CPU 1500 accesses the audio processing unit control register (SCTL) 21611 and performs settings for outputting a ring tone for the digital wireless telephone. As a result, the audio processing unit 1511 drives the speaker 1510, and the ring tone of the digital wireless telephone is output. However, if the incoming call request is from the service providing system 102, no ringtone is output, and the CPU 1500 starts processing for establishing a session with the service providing system. The details of the process of establishing a session will be described later.

The audio codec 1512 encodes the analog audio signal 1542 input from the audio processing unit 1511 into digital audio data, and decodes the digital audio data read as the digital audio signal 1546 from the channel codec 1513 into the analog audio signal 1543. And The analog audio signal 1543 is supplied to the audio processing unit 1511. The audio processing unit 1511 amplifies the analog audio signal 1543 and drives the receiver 202, so that audio is output from the receiver 202. The digital audio data generated by the encoding is supplied to the channel codec 1513 as a digital audio signal 1546, and is actually converted into transmission data over a wireless channel.
Further, the audio codec 1512 includes an audio data encryption key register (CRYPT) 21613 that stores an encryption key of a secret key method used for encryption and decryption of audio data, and the audio data encryption key register (CRYPT). If an audio data encryption key is set in the CPU 21500 by the CPU 1500, the audio codec 1512 encodes the analog audio signal 1542 into digital audio data and simultaneously encrypts the digital audio data. At the same time as the signal 1543 is decrypted, the encryption of the digital audio data is decrypted.
Further, two types of data are input to the channel codec 1513 as data to be transmitted. One is digital audio data input as a digital audio signal 1546 from the audio codec 1512, and the other is data communication data input as a digital signal 1556 from the CPU 1500 via the control logic unit 1508.

The channel codec 1513 adds identification information between digital voice data and data communication data as header information to each data, further converts the data into a digital wireless telephone data format, and modulates the serial digital signal 1547. Supply to the unit 1514.
Conversely, the channel codec 1513 first matches the terminal ID with the serial digital signal 1548 input from the demodulation unit 1515, extracts only data addressed to itself, and further controls communication of the digital radio telephone. The information is removed, digital audio data and data communication data are identified from the header information of the data, and supplied to the audio codec 1512 and the control logic unit 1508 as digital audio signals 1546 and 1556, respectively.
Also, the channel codec 1513 asserts the interrupt signal 1554 when receiving a digital wireless telephone and when receiving data communication data, and sets the control signal 1544 to low level when receiving digital voice data. . The interrupt signal 1554 is an interrupt signal that prompts the CPU 1500 to perform processing when a digital radio telephone arrives and to process data communication data, and the control signal 1544 causes the voice codec 1512 to process the received digital voice data. Is a low active control signal for prompting
In order to perform such an operation, the channel codec 1513 includes, as shown in FIG. 46, an ID register (ID) 21605 for storing a terminal ID, a channel codec control register (CHCTL) 21606 for controlling the operation of the channel codec 1513, An audio transmission buffer 21607 for storing digital audio data input from the audio codec 1512, an audio reception buffer 21608 for storing digital audio data extracted from the received data, and an input from the CPU 1500 via the control logic unit 1508 It comprises a data transmission buffer 21609 for storing data communication data and a data reception buffer 21610 for storing data communication data extracted from the received data.

The control signal 1545 is a control signal indicating an operation of writing to and reading from the channel codec 1513 by the audio codec 1512 to and from the audio transmission buffer 21607 and the audio reception buffer 21608, and the audio codec 1512 sets the control signal 1545 to low level. Then, the digital audio data is written into the audio transmission buffer 21607, the control signal 1545 is set to the high level, and the digital audio data is read from the audio reception buffer 21608.
The control signal 1555 is a control signal indicating a write and read operation of the CPU 1500 via the control logic unit 1508 to the data transmission buffer 21609 and the data reception buffer 21610 to the channel codec 1513. Then, the data communication data is written to the data transmission buffer 21609, the control signal 1555 is set to the high level, and the data communication data is read from the data reception buffer 21610.
The modulation unit 1514 converts the serial digital signal 1547 input from the channel codec 1513 into an analog transmission signal 1549 having the oscillation electric signal 1552 supplied from the PLL 1516 as a baseband, and supplies the analog transmission signal 1549 to the RF unit. The analog transmission signal 1549 supplied to the RF unit is output from the antenna 201 as a radio wave.
Conversely, when the antenna 201 receives a radio wave, the analog reception signal 1550 is input from the RF unit 1517 to the demodulation unit 1515. The demodulation unit 1515 uses the oscillating electric signal 1553 supplied from the PLL 1516 as a baseband of the analog reception signal 1550, demodulates the analog reception signal 1550, and supplies a serial / digital signal 1548 to the channel codec 1513.
A battery capacity detection unit 1518 for detecting the battery capacity asserts the interrupt signal 1557 when the capacity of the battery of the personal credit terminal 100 becomes equal to or less than the value Q (Q> 0) set by the CPU 1500. . The interrupt signal 1557 is an interrupt signal for prompting the CPU 1500 to perform a backup process of data on the RAM 1502, and Q indicates that the personal credit terminal 100 communicates with the service providing system 102 to provide the data on the RAM 1502 as a service. This is a value sufficient to perform processing for backing up to the system 102 (data backup processing).
Further, as shown in FIG. 46, the control logic unit 1508 includes therein a frame counter (FRAMEC) 21600, a startup frame register (FRAME) 21601, a clock counter (CLOCKC) 21602, an update time register (UPTIME) 21603, and Five registers of interrupt register (INT) 21604 are built in.

A frame counter 21600 is a counter for counting the number of frames of the digital wireless telephone, a startup frame register 21601 is a register for storing a frame number to be started next time, a clock counter 21602 is a counter for counting the current date and time, and an update time. The register 21603 stores a time at which the personal credit terminal 100 performs processing for updating data on the RAM 1502 (data update processing) by communicating with the service providing system 102, and the interrupt register 21604 stores a time at which the CPU 1500 This register indicates the cause of the interrupt.
In general, in a digital wireless telephone, a control signal of a control channel of the digital wireless telephone is intermittently received and compared with a terminal ID, thereby realizing an incoming call to the digital wireless telephone. In the personal credit terminal 100, intermittent reception of control data is performed using the frame counter 21600 and the activation frame register 21601. In advance, the frame number to be started next time is stored in the start frame register 21601, and when the frame counter 21600 counts up and becomes equal to the value of the start frame register 21601, the control logic unit 1508 stores the address data. The channel codec 1513, the PLL 1516, and the RF unit 1517 are activated via the signal line 1558 to receive control data.
In addition, the control logic unit 1508 determines whether the value of the clock counter 21602 matches the value of the update time register 21603 or when any one of the interrupt signals 1538, 1554, and 1557 is asserted. The interrupt factor is set in the interrupt register (INT) 21604, and the interrupt signal 1519 is asserted to prompt the CPU 1500 to perform the interrupt process. The CPU 1500 reads out an interrupt register (INT) 21604 in an interrupt process and performs a process according to the interrupt factor.
Each bit field of the interrupt register (INT) 21604 has a meaning as shown in FIG. This meaning is the same as that described with reference to FIG. 18B in the first embodiment.

Next, data stored in the RAM 1502 will be described.
FIG. 48 is a schematic diagram of a RAM map of data stored in the RAM 1502.
The RAM 1502 has five areas: a basic program area 21800, a service data area 21801, a user area 21802, a work area 21803, and a temporary area 21804. The basic program area 21800 stores upgraded modules of programs stored in the ROM 1501, patch programs, and additional programs.
The user area 21802 is an area that can be freely used by the user, the work 21803 area is a work area used when the CPU 100 executes a program, and the temporary area 21804 is a area where the information received by the personal credit terminal 100 is temporarily stored. Area. The service data area 21801 is an area for storing personal remote credit settlement service ID information, credit card information, history information, and the like. Data in this area is managed by the service providing system 102.
The service data area 21801 further includes eight areas of data management information 21805, personal information 21806, photograph data 21807, user setting information 21808, telephone information 21809, credit card list 21810, use history list 21811, and actual data area 21812. There is. The data management information 21805 is an area for storing management information of information stored in the service data area 21801, the personal information 21806 is an area for storing information such as a user's name, age, and gender, and the photo data area 21807 is An area for storing data of the user's face photo, the user setting information 21808 is an area for storing user setting information relating to the personal remote credit settlement service, and the telephone information 21809 is an area for storing information related to the digital wireless telephone. , A credit card list 21810 is an area for storing credit card list information registered by the user, a usage history list 21811 is an area for storing usage history information of a personal remote credit card payment service, and an actual data area 21812 is other This is an area for storing entity data of information managed in the seven areas.

Next, the information stored in the service data area 21801 will be described in detail.
FIG. 49 is a schematic diagram showing the relationship between the information stored in the service data area 21801 in detail.
Data management information 21805 includes update date and time 21900, next update date and time 21901, terminal status 21902, personal information address 21903, photo data address 21904, user setting information address 21905, telephone information address 21906, credit card list address 21907, and use It is composed of nine pieces of information of a history list address 21908.
The update date and time 21900 indicates the date and time when the service providing system 102 last updated the data in the RAM 1502, and the next update date and time 21901 indicates the scheduled date and time when the service providing system 102 will update the data in the service data area 21801.
The value of the next update date and time 21901 is set in the update time register 21603, and when the time of the next update date and time 21901 comes, the personal credit terminal 100 starts the data update process. The data update process is a process in which the service providing system 102 updates data in the RAM 1502, and is generally performed every day during a relatively busy time zone (eg, midnight) when communication traffic is relatively low.
The terminal status 21902 indicates the status of the personal credit terminal 100, and includes a personal information address 21903, a photo data address 21904, a user setting information address 21905, a telephone information address 21906, a credit card list address 21907, and a use history list address. 21908 indicates the start address of the area where the personal information 21806, the photograph data 21807, the user setting information 21808, the telephone information 21809, the credit card list 21810, and the usage history list 21811 are stored, respectively.
The telephone information 21809 is further composed of three pieces of information: a calling telephone number 21909, a telephone directory address 21910, and a speed dial setting file address 21911. The originating telephone number 21909 indicates the telephone number of the previous telephone call made by the user, and this information is used when the digital wireless telephone is retransmitted. The telephone directory address 21910 and the speed dial setting file address 21911 indicate addresses in the entity data area where the phone directory information and the speed dial setting file are stored, respectively.

Credit card list 21810 stores credit card list information registered by the user. In the credit card list 21810, for one credit card, the credit card name 21912 (21919), credit card number 21913 (21920), expiration date 21914 (21921), credit card status 21915 (21922), image data Seven pieces of information of an address 21916 (21923), an object data address 21917 (21924), and an access time 21918 (21925) are stored.
The credit card status 21915 (21922) indicates whether or not the credit card is valid, and the usage limit. The image data address 21916 (21923) indicates the actual data area in which the credit card image data is stored. Indicates the address on 21812. The object data address 21917 (21924) indicates the address where the object data of the credit card program is stored, and the access time 21918 (21925) indicates the latest time when the user used the credit card. .
The object data address 21917 (21924) stores a local address indicating an address on the entity data area 21812 or a remote address indicating an address on the user information server 402 of the service providing system 102. If the remote address is stored in the object data address 21917 (21924), when the user selects and uses the credit card, the personal credit terminal 100 transmits the object data from the service providing system 102. Download to the temporary area 21804 (remote access) and execute the credit card program. By simply displaying the credit card, the image data of the entity data area 21812 indicated by the image data address 21916 (21923) is displayed, and the object data is not downloaded.
The address stored in the object data address 21917 (21924) is determined by the service providing system 102. At the time of data update processing, the access time of each credit card is compared, and a local address is assigned to the credit card with the latest access time. However, if there is room in the capacity of the actual data area 21812, the object data addresses of all credit cards may be local addresses.

In the usage history list 21811, the request number 21926 (21930), the service code 21927 (21931), the usage time 21927 (21932), and the usage information address 21929 (21933) are used for one personal remote credit settlement service. Are stored.
The request number 21926 (21930) is a number that uniquely indicates a transaction with the merchant (as viewed from the user), and is a number issued by the personal credit terminal 100 and a service code 21927 (21931) when the payment offer 608 is generated. ) Is the code number indicating the type of credit card service used, usage time 21929 (21932) is the time when the personal remote credit payment service was used, usage information address 21929 (21933) is the receipt or usage Indicates the address where the information indicating the content is stored.
The usage information address 21929 (21933) stores a local address indicating an address on the entity data area 21812 or a remote address indicating an address on the user information server 402 of the service providing system 102.
When the user accesses the usage history information when the remote address is stored in the usage information address 21929 (21933), the personal credit terminal 100 downloads the usage information from the service providing system 102 to the temporary area 21804. (Remote access) and display on the LCD 203.
The address stored in the usage information address 21929 (21933) is also determined by the service providing system. At the time of the data update process, the usage times of the pieces of usage information are compared, and a local address is assigned to the usage information with the latest usage time. However, when there is room in the capacity of the actual data area 21812, all the usage information addresses may be local addresses.

Next, processing performed by CPU 1500 will be described.
FIG. 51 is a conceptual diagram of the processing flow performed by CPU 1500.
As shown in FIG. 51, the processing performed by CPU 1500 includes two processing routines, a main routine 22109 and an interrupt processing routine 22122. The main routine is a processing routine that performs processing of transmission data and reception data, and controls other components, and the interruption processing routine is a processing routine that detects a process (processing) requested by an external interruption. is there. Therefore, CPU 1500 normally performs the processing of the main routine. When the interruption signal 1519 is asserted, the CPU 1500 jumps from the main routine to the interruption processing routine, performs the interruption processing, and when the interruption processing is completed, returns to the main routine and resumes the processing of the original main routine. .
The processes executed by the CPU 1500 in the main routine are 17 types of processes. The CPU 1500 dynamically selects a process and executes the selected process in a time-division manner. FIG. 50A shows 17 types of processes executed in the main routine.
The 17 types of processes executed in the main routine include a process management process for selecting and managing processes executed by the CPU, a power-on process for performing initial operation processing when a power switch is turned on, and a power-on process for turning off a power switch. Power-off process for performing termination processing at the time, GUI (Graphical User Interface) processing in digital wireless telephone mode, digital wireless telephone process for performing data processing (for example, setting of speed dial), and GUI processing in credit card mode (Example: display of usage history), credit card process for data processing, GUI processing (example: display of personal information) in personal information management mode, and data processing (example: setting of user setting information) Personal information management process to be performed and payment process to process “payment” Process, a cancel process for performing a "cancel" process, a customer service call process for performing a "customer service call" process, an inquiry call process for performing an "inquiry call" process, and a data update process for performing a data update process. Process, a forced data update process for performing a forced data update process, a data backup process for performing a data backup process, a remote access process for performing a remote access process, and a process for establishing a session with the service providing system. A session establishing process to be performed, a digital wireless telephone communication process for controlling digital wireless telephone communication, and an infrared communication process for controlling infrared communication.

Each process has a corresponding program module in the basic program area 21802 of the ROM 1501 and the RAM 1502, and the CPU 1500 executes the program module to execute each process.
For each process, information indicating the process status (state) exists in the work area 21803 on the RAM 1502 corresponding to each process, and the process activation status (“active” or “inactive”) is displayed. , The execution state (“running” or “idle”) and the current processing step. “Active” in the activated state indicates that the process is activated as a process executed in the main routine, “inactive” indicates that the process is not activated, and “running” in the activated state is "Idle" indicates that the process is being executed, and "idle" indicates that the process is suspended.
In particular, the execution state of the digital wireless telephone process, credit card process, and personal information management process corresponds to the operation mode of the personal credit terminal. When the execution state of the digital wireless telephone process is "running", the personal credit The terminal is in the digital radio telephone mode, in the credit card mode when the execution state of the credit card process is "running", and in the personal information management mode when the execution state of the personal information management process is "running". The execution status of the digital wireless telephone process, credit card process, and personal information management process always indicates that only one process indicates “running” and the other indicates “idle”. Hereinafter, information indicating the status of this process is referred to as process status.

In the main routine, CPU 1500 repeatedly executes a process management process and a process registered in the process list in a time-sharing manner. The process list is a list indicating running processes other than the process management process, and the process management process updates this process list. The process management process is a process that is always executed in the main routine, and updates the process list and the process status of each process to select a process to be executed in the main routine.
The process management process updates the process list based on a process generation request message sent from another process of the main routine or a process of the interrupt processing routine, and the process status of each process (FIG. 50B). reference).

FIG. 51 is a generalized conceptual diagram showing the flow of processing performed by CPU 1500. As shown in FIG. 50B, a process flow in a case where N processes (N is an integer of 0 or more) is registered in the process list 22000 is shown.
In FIG. 51, first, when the personal credit terminal 100 is reset, the process proceeds to step 22100. The CPU 1500 performs a reset process. When the reset process is completed, the process proceeds to step 22101. In the reset process, initialization of variables defined in the RAM 1502, initialization of internal registers, and generation of a process management process are performed.
In step 22101, the CPU 1500 executes the process management process, updates the process list and the process status of each process, and proceeds to step 22102 (if N ≧ 1) (if N = 0, step 22101 Back to).
(If N ≧ 1) In step 22102, it is checked whether the status of the process registered first in the process list 22000 is “running” or “idle”. If “idle”, then (N ≧ 1) 2) proceed to step 22104 (if N = 1, return to step 22101); if “running”, proceed to step 22103 to execute the first process (if N ≧ 2, The process proceeds to step 22104 (if N = 1, the process returns to step 22101).
(If N ≧ 2) After step 22104, processes for the second to Nth processes in the process list are sequentially performed in the same procedure as the process for the first process in the process list (step 22102, step 22103). Upon ending the processing for the N-th process (Step 22106, Step 22107), the CPU 1500 returns to Step 22101. That is, the CPU 1500 repeats the processing corresponding to step 22101 and steps 22102 to 22107. However, the contents of the processing corresponding to steps 22102 to 22107 are changed by the process management process of step 22101.

  If the interrupt signal 1519 is asserted during execution of the processing of the main routine 22109, the CPU 1500 jumps to the interrupt routine 22122. In the interrupt processing routine 22122, first, in step 22110, the CPU 1500 reads the interrupt register (INT) and copies it to the word interrupt on the RAM (work area). At this time, the interrupt register (INT) read by the CPU is echo-reset, and the interrupt signal 1519 is also negated.

Next, in step 22111, it is checked from the value of the bit 28 of the interrupt whether or not an incoming interrupt has occurred. (bit28) = 1), the process proceeds to step 22112, a digital wireless telephone process generation request message is sent to the process management process, and the process proceeds to step 22113.
In step 22113, from the value of the bit 26 of the interrupt, it is checked whether or not an update interrupt has occurred. = 1), the process proceeds to step 22114, in which a data update process generation request message is sent to the process management process, and the process proceeds to step 22115.
In step 22115, it is checked from the value of the bit 25 of the interrupt whether or not a backup interrupt occurs. If the interrupt is not a backup interrupt (interrupt (bit 25) = 0), the process proceeds to step 22117. = 1), the process proceeds to step 22116, a backup process creation request message is sent to the process management process, and the process proceeds to step 22117.
In step 22117, it is checked from the value of bit 24 of the interrupt whether or not a key interrupt has occurred. In the case of a key interrupt (interrupt (bit 24) = 1), the process proceeds to step 22118.
In step 22118, the value of the "power" bit (bit 16) of the interrupt is checked. If the value is 0, the interrupt processing is terminated, and the process returns to the original main routine. It is determined that the process has been performed, and the process proceeds to step 22119.

In step 22119, the value of the “power indication” bit (bit 31) of the interrupt is checked. If the value is 0, it is determined that the power-off operation has been performed, and the process proceeds to step 22121. It is determined that the operation has been performed, and the process proceeds to step 22120.
In step 22120, a power-on process generation request message is sent to the process management process, the interrupt process ends, and the process returns to the original main routine.
In step 22121, a power off process generation request message is sent to the process management process, the interrupt process ends, and the process returns to the original main routine.
The CPU 1500 that has returned from the interrupt processing routine 22122 to the main routine 22109 restarts the processing of the main routine from the processing step immediately before jumping to the interrupt processing routine. In the interrupt processing routine, the process generation request message sent to the process management process returns from the interrupt processing routine to the main routine, and is evaluated and requested in the process of the process management process of step 22101 executed first. The process is registered in the process list. Then, the requested process is executed in the processing of the main routine thereafter.
For example, when the personal credit terminal 100 is reset, immediately after the reset, nothing is registered in the process list. Therefore, the CPU 1500 repeats the process management process generated in the reset process 22100 in the main routine (see FIG. 52A). On the other hand, by the reset, the control logic unit 1508 sets 1 to bit 24 (key interrupt) and bit 16 ("power supply") of the interrupt register (INT), and asserts the interrupt signal 1519. At this time, when the power switch 209 is on, the CPU 1500 executes the power-on process in the main routine through the processing of the interrupt processing routine by this interrupt, and when the power switch 209 is off. First, the CPU 1500 executes a power-off process in a main routine through the processing of an interrupt processing routine based on this interrupt.

FIG. 52C shows a processing flow when the power switch is turned off or when the power switch is off at the time of reset. In the power-off process, termination processing such as erasing the LCD display and accessing the key operation control register (KEYCTL) 21612 to set only the power switch 209 to be effective is performed. Upon completion of the power-off process, the CPU 1500 shifts to a halt state and stops the processing of the main routine. The CPU 1500 returns from the halt state to the normal operation state only by the interruption by turning on the power switch, or the update interruption, and the battery interruption, and executes the processing of the main routine after the processing of the interruption processing routine. To resume.
FIG. 52B shows a processing flow when the power switch is turned on or when the power switch is turned on at the time of reset. In the power-on process, initialization of LCD display, setting of variables defined in the RAM 1502, internal registers, and processing of a request message for generating a digital wireless telephone process, a credit card process, and a personal information management process are performed. Performs initial operation processing sent to the management process. The process list registers a digital wireless telephone process, a credit card process, and a personal information management process in the process list according to the process request message, and executes these processes in the main routine. However, since the execution status of the process status of each process is stored, the operation mode at power-on is the operation mode at the time when the power switch was turned off last time.

FIG. 53 shows that after the power-on process is completed, or when the personal credit terminal performs “payment”, “cancel”, “customer service call”, “inquiry call”, “data update”, “remote access”, etc. 3 shows a processing flow of the CPU in a steady state in which the above processing is not performed. At this time, three processes, a digital wireless telephone process, a credit card process, and a personal information management process, are registered in the process list, but only one process status is "running". The operation mode of the personal credit terminal is an operation mode corresponding to a process in which the execution status of the process status indicates “running”.
The key operation performed by the user is copied to the word “interrupt” on the RAM 1502 as the interrupt factor of the interrupt register 21604 by the processing of the interrupt processing routine, and the process corresponding to the operation mode of the personal credit terminal (digital radio telephone process) Or a credit card process or a personal information management process), and a process corresponding to a user operation is performed. Then, when the payment operation 607, the cancellation operation 904, the inquiry call operation 1213, etc., or the customer service call 1203 is received, respectively, the settlement process, the cancellation process, the inquiry call process, the customer service call process, etc. To the process management process requesting that a corresponding process be created.
For example, FIG. 54 shows a processing flow of the CPU 1500 at the time of the “payment” processing. When the user performs a payment operation, a settlement process, a session establishment process, a digital wireless telephone communication process, and an infrared communication process are activated in addition to the normal process.

Next, the internal configuration of the credit settlement terminal 300 will be described.
FIG. 55A is a block diagram of the credit settlement terminal 300.
The credit settlement terminal 300 processes a transmission data and a reception data according to a program stored in a ROM (Read Only Memory) 22501, and controls a CPU (Central Processing Unit) that controls other components via a bus 22529. ), A RAM (Random Access Memory) 22502 in which data processed by the CPU 22500, and a hard disk 22503, and a terminal ID, a telephone number, a merchant ID of a merchant, and a private A key and a public key, a service provider ID of the service providing system, a telephone number (the telephone number of the service providing system is digitally signed by the service provider), and a public key of the service provider are stored. In accordance with the control of an EEPROM (Electric Erasable Programmable Read Only Memory) 22504 and the CPU 22500 An LCD controller 22505 for controlling the operation of the LCD 302 and displaying an image set by the CPU 22500 on the LCD; an encryption processor 22506 for performing data encryption and decryption under the control of the CPU 22500; A data codec 22507 for encoding transmission data and decoding received data, a serial port 22509 connected to the infrared light emitting / receiving module 301, and a serial-parallel conversion circuit 22508 for performing bidirectional conversion between parallel data and serial data. And a key operation control unit 22511 for detecting a switch operation of the mode switch 304, hook switch 305, function switch 306, numeric key switch 307, execution switch 308, or power switch 209 by the merchant, a speaker 22512, and a receiver of the receiver 303. Drive and handset 303 An audio processing unit 22513 that amplifies an analog audio signal input from the microphone and supplies it to the audio codec 22514, encoding the analog audio signal 22544 into digital audio data, and decoding digital audio data into the analog audio signal 22543. And a channel codec 22515 for extracting digital audio data and data communication data from the multiplexed received data, and a digital telephone communication. A digital communication adapter 22516 that is a communication adapter with the line 110; an RS-232C interface 22517 that is an interface circuit of an RS-232C cable 313 connecting the cash register 311; a key operation control unit 22513; a channel codec 22515; -Input from 232C interface 22517 When the CPU 22500 accesses the registers inside the key operation control unit 22513, the audio processing unit 22513, the audio codec 22514, and the channel codec, the control logic unit 22510 serves as an interface. Have.

The cryptographic processor 22506 has a function of encrypting and decrypting a secret key method and a function of encrypting and decrypting a public key method, and uses the encryption method and the key set by the CPU 22500 to convert data set by the CPU 22500. , Encryption processing or decryption processing. The CPU 22500 uses the encryption and decryption functions of the cryptographic processor 22506 to perform a digital signature process or a sealed process on the message, and also performs a decryption process on the encrypted message, or The digital signature of the digitally signed message is verified.
The data codec 22507 performs encoding of transmission data and decoding of reception data under the control of the CPU 22500. Encoding in this case means a process of generating data to be actually transmitted including communication control information and error correction information, and decoding means performing an error correction process on received data, This means a process of removing communication control information and generating data originally intended to be transmitted by the sender. The data codec 22507 has a function of encoding and decoding data in data communication of digital telephone and a function of encoding and decoding data in infrared communication, and is set in the CPU for data set in the CPU. Encoding processing and decoding processing are performed.

For example, in the case where a message subjected to digital signature processing and sealed processing is transmitted by digital telephone communication, the CPU 22500 performs digital signature processing and sealed processing of the message using the encryption processing processor 22506. Further, using the data codec 22507, the digitally signed message and the sealed message are encoded into the data format of the data communication of the digital telephone, and it is transmitted to the channel codec via the control logic unit 22510. Send to 22515
Conversely, if the message subjected to the digital signature processing and the encapsulation processing is received by digital telephone communication, the CPU 22500 reads the received message from the channel codec 22515 via the control logic unit 22510, The received message is decrypted by using the data codec 22507, and further, the decryption processing of the encryption of the sealed message and the verification processing of the digital signature applied to the message are performed by using the encryption processor 22506. .
Similarly, when transmitting the message subjected to the digital signature processing and the sealed processing by infrared communication, the CPU 22500 performs the digital signature processing and the sealed processing of the message using the encryption processing processor 22506, Furthermore, using the data codec 22507, the digitally signed and sealed message is encoded into a data format for infrared communication, and the encoded message is sent to the serial-parallel conversion circuit 22560.

Conversely, when the message subjected to the digital signature processing and the encapsulation processing is received by infrared communication, the CPU 22500 reads the received message from the serial-parallel conversion circuit 22560, and uses the data codec 22507, The received message is decrypted, and the cryptographic processor 22506 is used to decrypt the sealed message and verify the digital signature applied to the message.
As shown in FIG. 55B, the serial-parallel conversion circuit 22560, the serial port 22509, and the infrared light receiving / emitting module 301 connected via the serial cable 310 are connected to the serial port 22555 which is an interface with the credit settlement terminal. A digital signal 22556 input from the serial-parallel conversion circuit is actually modulated into a signal transmitted as infrared light, or a modulation / demodulation circuit 22556 for demodulating a received analog signal 22561 into a serial digital signal 22559, and a modulation / demodulation circuit 22556 An infrared receiving / emitting unit 22557 for converting a signal 22560 modulated by the above into an infrared ray to emit light or converting a received infrared ray into an analog signal 22561 is provided.

When the merchant presses any one of the mode switch 304, the hook switch 305, the function switch 306, the numeric key switch 307, the execution switch 308, and the power switch 209, the key operation control unit 22511 Then, an interrupt signal 22538 for prompting a process corresponding to the switch operation is asserted. As shown in FIG. 56, the key operation control unit 22511 includes a key operation control register (KEYCTL) 22610 for setting validity / invalidity of each switch. The CPU 22500 accesses the key operation control register (KEYCTL) 22610 to set the validity / invalidity of each switch.
As shown in FIG. 56, the audio processing unit 22513 includes an audio processing unit control register (SCTL) 22609 for controlling the audio processing operation. The CPU 22500 accesses the audio processing unit control register (SCTL) 22609 to control the operation of the audio processing unit 22513. For example, when an incoming call request for a digital telephone is received, the CPU 22500 accesses the voice processing unit control register (SCTL) 22609 and makes settings to output a ringtone of the digital telephone. As a result, the audio processing unit 22513 drives the speaker 22512 to output a ringtone of the digital telephone. However, if the incoming call request is from the service providing system 102, no ringtone is output, and the CPU 22500 starts processing for establishing a session with the service providing system.

The audio codec 22514 performs encoding of the analog audio signal 22544 input from the audio processing unit 22513 into digital audio data, and decoding of digital audio data read from the channel codec 22515 into an analog audio signal 22543. The analog audio signal 22543 is supplied to the audio processing unit 22513, and the audio processing unit 22513 amplifies the analog audio signal 22543 and drives the receiver of the receiver 303, so that the audio is output from the receiver. The digital audio data generated by the encoding is supplied to a channel codec 22515, and is converted into transmission data.
Also, the audio codec 22514 includes an audio data encryption key register (CRYPT) 22611 for storing an encryption key of a secret key system used for encryption and decryption of audio data. When the audio data encryption key is set by the CPU 22500, the audio codec 22514 performs the encryption of the digital audio data simultaneously with the encoding of the analog audio signal 22544 into the digital audio data, and performs the analog audio signal 22543 of the digital audio data. At the same time, the digital audio data is decrypted.
Two types of data are input to the channel codec 22515 as data to be transmitted. One is digital audio data input from the audio codec 22514 as a digital audio signal 22547, and the other is data communication data input as a digital signal 22551 from the CPU via the control logic unit 22510.
The channel codec 22515 adds digital audio data and data communication data identification information to each data as header information, and multiplexes the digital audio data and data communication data with a digital signal 22548 to the digital communication adapter 22516. Supply.

  Conversely, the channel codec 22515 first matches the terminal ID with the digital signal 22548 input from the digital communication adapter 22516, and then identifies whether it is digital voice data or data communication data from the data header information. Then, they are supplied to the audio codec 22512 and the control logic unit 22510 as a digital audio signal 22546 and a digital signal 22551, respectively. Also, the channel codec 22515 asserts the interrupt signal 22549 when receiving a digital telephone call and when receiving data communication data, and sets the control signal 22545 to low level when receiving digital audio data. The interrupt signal 22549 is an interrupt signal that prompts the CPU 22500 to perform processing upon receipt of a digital telephone call and processing of data communication data. This is a low active control signal that prompts.

To perform such an operation, the channel codec 22515, as shown in FIG. 56, stores an ID register (ID) 22603 for storing a terminal ID, a channel codec control register (CHCTL) 22604 for controlling the operation of the channel codec 22515, An audio transmission buffer 22605 for storing digital audio data input from the audio codec 22514, an audio reception buffer 22606 for storing digital audio data extracted from the received data, and an input from the CPU 22500 via the control logic unit 22510 It includes a data transmission buffer 22607 for storing data communication data and a data reception buffer 22608 for storing data communication data extracted from received data.
The control signal 22546 is a control signal indicating the operation of writing and reading by the audio codec 22514 to the channel codec 22515 and the audio transmission buffer 22605 and the audio reception buffer 22606, and the audio codec 22514 sets the control signal 22546 to low level. Then, the digital audio data is written into the audio transmission buffer 22605, the control signal 22546 is set to the high level, and the digital audio data is read from the audio reception buffer 22606.
The control signal 22550 is a control signal indicating a write and read operation of the CPU 22500 via the control logic unit 22510 to the data transmission buffer 22607 and the data reception buffer 22608 to the channel codec 22515, and sets the control signal 22550 to low level. Then, the data communication data is written into the data transmission buffer 22607, the control signal 22550 is set to the high level, and the data communication data is read from the data reception buffer 22608.
The digital communication adapter 22516 encodes the digital signal 22548 into a digital telephone communication format and outputs the digital signal to the digital telephone communication line 110. Conversely, digital communication adapter 22516 decodes the signal received from digital telephone communication line 110 and supplies digital signal 22548 to channel codec 22515.

The RS-232C interface 22517 is an interface circuit for connecting the RS-232C cable 313, and the credit settlement terminal communicates with the cash register 311 via the RS-232C interface 22517. Upon receiving the data from the cash register 311, the RS-232C interface 22517 asserts an interrupt signal 22552. The interrupt signal 22552 is an interrupt signal that prompts the CPU 22500 to process data communication with the cash register 311 via the RS-232C interface 22517.
Further, as shown in FIG. 56, the control logic unit 22510 incorporates therein three registers: a clock counter (CLOCKC) 22600, an update time register (UPTIME) 22601, and an interrupt register (INT) 22602.
The clock counter is a counter that counts the current time, and the update time register is a time at which the credit settlement terminal 300 performs processing for updating data on the RAM 22502 and the hard disk 22503 (data update processing) by communicating with the service providing system. And an interrupt register are registers that indicate the cause of the interrupt to the CPU 22500.
The control logic unit 22510, when the value of the clock counter 22600 matches the value of the update time register 22601, and when any one of the interrupt signals 22439, 22549, and 22552 is asserted, Is set in an interrupt register (INT) 22602 to assert an interrupt signal 22518 to prompt the CPU to perform an interrupt process. The CPU 22500 reads an interrupt register in an interrupt process and performs a process according to the interrupt factor.
Each bit field of the interrupt register (INT) has a meaning as shown in FIG. This meaning is the same as that described with reference to FIG. 27B in the first embodiment.

Next, data stored in the RAM 22502 will be described.
FIG. 58 is a schematic diagram of a RAM map of data stored in the RAM 22502.
The RAM 22502 has five areas: a basic program area 22800, a service data area 22801, a merchant area 22802, a work area 22803, and a temporary area 22804. The basic program area 22800 stores the upgraded modules of the programs stored in the ROM 22501, and patch programs and additional programs. The merchant area 22802 is an area that can be used freely by the merchant, the work 22803 area is a work area used when the CPU 100 executes the program, and the temporary area 22804 is an area for temporarily storing information received by the credit settlement terminal. It is.
The service data area 22801 is an area for storing personal remote credit settlement service ID information, handled credit card information, and history information. Data in this area is managed by the service providing system. The service data area 22801 further includes six areas of data management information 22805, merchant information 22806, merchant setting information 22807, telephone information 22808, credit card list 22809, and sales history list 22810.
The data management information 22805 is an area for storing management information of information stored in the service data area 22801. The merchant information 22806 is an area for storing information such as a merchant name and the contents of a contract with a service provider. The information 22807 is an area for storing merchant setting information relating to the personal remote credit settlement service, the telephone information 22808 is an area for storing information related to digital telephones, and the credit card list 22809 can be handled by the merchant. The area for storing credit card list information, the sales history list 22810, is an area for storing history information of sales in the personal remote credit settlement service.

Next, the information stored in the service data area 22801 will be described in detail.
FIG. 59 is a schematic diagram showing the relationship between the information stored in the service data area 22801 in detail.
Data management information 22805 includes update date / time 22900, next update date / time 22901, terminal status 22902, merchant information address 22903, merchant setting information address 22904, telephone information address 22905, credit card list address 22906, sales history list address 22907. It is composed of eight pieces of information.
The update date and time 22900 indicates the date and time when the service providing system 102 last updated the data in the RAM 22502 and the hard disk 22503, and the next update date and time 22901 indicates the next update of the data in the service data area 22801 by the service providing system 102. Indicates the scheduled date and time. The credit settlement terminal automatically starts the data update process at the time set for the next update date and time 22901.
The value of the next update date and time 21901 is set in the update time register 21603, and when the next update date and time 21901 comes, the credit settlement terminal 300 starts the data update process. The data update process is a process in which the service providing system 102 updates the data in the RAM and the hard disk, and is generally performed every day during a time when communication traffic is relatively light (eg, late at night). .
The terminal status 22902 indicates the status of the credit settlement terminal. The merchant information address 22903, merchant setting information address 22904, telephone information address 22905, credit card list address 22906, and sales history list address 22907 are merchant information 22806, respectively. , Merchant setting information 22807, telephone information 22808, credit card list 22809, and usage history list 22810.

The telephone information 22808 is further composed of three pieces of information: a calling telephone number 22908, a telephone directory address 22909, and a speed dial setting file address 22910. The originating telephone number 22908 indicates the telephone number of the last call made by the merchant, and this information is used when retransmitting the digital wireless telephone. The telephone directory address 22909 and the speed dial setting file address 22910 indicate addresses on the hard disk 22503 where the telephone directory information and the speed dial setting file are stored, respectively.
The credit card list 22809 stores list information of credit cards that can be handled by the merchant. In the credit card list 22809, two pieces of information, that is, a credit card name 22911 (22913, 2295) and a service code list address 22912 (22914, 22916) are stored for one credit card. The credit card name 22911 (22913,22915) indicates the name of a credit card that the merchant can handle, and the service code list address 22912 (22914,22916) indicates the merchant's service provided by the credit card. Shows the address on the hard disk 22503 where the service code list indicating the type of service that can be handled by the server 22 is stored. The service code list is a list of service codes that can be handled by the merchant and payment option codes.
The sales history list 22810 is an area for storing history information of sales in the personal remote credit settlement service. In the sales history list 22810, transaction number 22917 (22921), service code 22918 (22922), sales time 22919 (22923), sales information address 22920 (22924) for sales of one personal remote credit settlement service Four pieces of information are stored.
The transaction number 22917 (22921) is a number uniquely indicating a transaction with the user, and when generating the payment offer response 609, the number issued by the credit settlement terminal, the service code 22918 (22922) is used by the user. The code number indicating the type of the credit card service, the sales time 22919 (22923) indicates the time at which the personal remote credit card payment service was sold, and the sales information address 22920 (22924) indicates the address where the payment completion notification is stored. .

The sales information address 22920 (22924) stores a local address indicating an address on the hard disk 22503 or a remote address indicating an address on the merchant information server 403 of the service providing system 102. When a remote address is stored in the sales information address 22920 (22924), when the merchant accesses the sales history information, the credit settlement terminal downloads the sales information from the service providing system to the temporary area, To be displayed.
The address stored in the sales information address 22920 (22924) is determined by the service providing system. At the time of the data update process, the sales time of each sales information is compared, and a local address is assigned to the sales information with the latest sales time. However, when there is room in the capacity of the hard disk 22503, all sales information addresses may be local addresses.

Next, processing performed by CPU 22500 will be described.
FIG. 61 is a conceptual diagram of the processing flow performed by CPU 22500.
As shown in FIG. 61, the processing performed by CPU 22500 includes two processing routines: main routine 23109 and interrupt processing routine 23122. The main routine is a processing routine for processing transmission data and reception data and controlling other components, and the interruption processing routine is a processing routine for detecting a process (processing) requested by an external interruption. It is. Therefore, CPU 22500 normally performs the processing of the main routine. When the interrupt signal 22518 is asserted, the CPU 22500 jumps from the main routine to the interrupt processing routine, performs the interrupt processing, and when the interrupt processing ends, returns to the main routine and resumes the processing of the original main routine. .
The processes executed by the CPU 22500 in the main routine are 17 types of processes. The CPU 22500 dynamically selects a process and executes the selected process in a time-division manner. FIG. 60A shows 17 types of processes executed in the main routine.
The 17 types of processes executed in the main routine include a process management process for selecting and managing processes executed by the CPU, a power-on process for performing initial operation processing when a power switch is turned on, and a power-on process for turning off a power switch. Power-off process for ending the time, GUI (Graphical User Interface) process in digital phone mode, digital phone process for data processing (eg, setting of speed dial), and GUI process in credit settlement mode (example) : Display of sales history), credit settlement process for data processing, and GUI processing in merchant information management mode (eg, display of merchant information) and merchant performing data processing (eg, setting of merchant setting information) Information management process and "payment" processing , A customer service call process for performing a "customer service call" process, an inquiry call process for performing an "inquiry call" process, and a data update process. A data update process to be performed, a forced data update process to perform a forced data update process, a remote access process to perform a remote access process, a session establishment process to perform a session establishment process with a service providing system, and a digital telephone A digital telephone communication process for controlling communication, an infrared communication process for controlling infrared communication, and an external interface communication process for controlling data communication via the RS-232C interface. .

Each process has a corresponding program module in the basic program area 21802 of the ROM 22501 and the RAM 22502, and the CPU 22500 executes the program module to execute each process.
For each process, information indicating the status of the process corresponding to each process exists in the work area 2503 on the RAM 22502, and the process activation status (“active” or “inactive”) is displayed. , The execution state (“running” or “idle”) and the current processing step. “Active” in the activated state indicates that the process is activated as a process executed in the main routine, “inactive” indicates that the process is not activated, and “running” in the activated state is "Idle" indicates that the process is being executed, and "idle" indicates that the process is suspended.
In particular, the execution state of the digital telephone process, credit settlement process, and merchant information management process corresponds to the operation mode of the credit settlement terminal. When the execution state of the digital telephone process is “running”, the credit settlement terminal is When the mode and the execution state of the credit settlement process are "running", the credit settlement mode is set, and when the execution state of the merchant information management process is "running", the mode is the merchant information management mode. The execution state of the digital telephone process, credit settlement process, and merchant information management process always indicates that only one process indicates “running” and the other indicates “idle”. Hereinafter, information indicating the status of this process is referred to as process status.
In the main routine, CPU 22500 repeatedly executes the process management process and the processes registered in the process list in a time-sharing manner. The process list is a list indicating running processes other than the process management process, and the process management process updates this process list. The process management process is a process that is always executed in the main routine, and updates the process list and the process status of each process to select a process to be executed in the main routine.

The process management process updates the process list based on a process generation request message sent from another process of the main routine or a process of the interrupt processing routine, and the process status of each process (FIG. 60B). reference).
FIG. 61 is a generalized conceptual diagram showing the flow of processing performed by CPU 22500. As shown in FIG. 60B, a process flow in a case where N processes (N is an integer of 0 or more) is registered in the process list 23000 is shown.
In FIG. 61, first, when the credit settlement terminal 300 is reset, the process proceeds to step 23100, and the CPU 22500 performs a reset process. When the reset process is completed, the process proceeds to step 23101. In the reset processing, initialization of variables defined in the RAM 22502, initialization of internal registers, and generation of a process management process are performed.
In step 23101, the CPU 22500 executes the process management process, updates the process list and the process status of each process, and proceeds to step 23102 (if N ≧ 1) (if N = 0, step 23101 Back to).
(If N ≧ 1) In step 23102, it is checked whether the status of the first registered process in the process list 23000 is “running” or “idle”. If “idle”, then (N ≧ 1) In the case of “2”, the process proceeds to step 23104 (if N = 1, the process returns to step 23101). In the case of “running”, the process proceeds to step 23103, where the first process is executed. The process proceeds to step 23104 (if N = 1, the process returns to step 23101).
(If N ≧ 2) After step 23104, processes for the second to Nth processes in the process list are sequentially performed in the same procedure as the process for the first process in the process list (step 23102, step 23103). Upon ending the processing for the Nth process (steps 23106 and 23107), the CPU 22500 returns to step 23101. That is, CPU 22500 repeats step 23101 and the processing corresponding to steps 23102 to 23107. However, the contents of the processing corresponding to steps 23102 to 23107 are changed by the process management process of step 23101.
If the interrupt signal 22518 is asserted during execution of the processing of the main routine 23109, the CPU 22500 jumps to the interrupt routine 23122. In the interrupt processing routine 23122, first, in step 23110, the CPU 22500 reads the interrupt register (INT) and copies it to the word interrupt on the RAM (work area). At this time, the interrupt register (INT) read by the CPU is echo-reset, and the interrupt signal 22518 is negated.

Next, in step 23111, it is checked from the value of the bit 28 of the interrupt whether or not an incoming interrupt has occurred, and if it is not an incoming interrupt (interrupt (bit 28) = 0), the process proceeds to step 23113. (bit28) = 1), the process proceeds to step 23112, a digital telephone process generation request message is sent to the process management process, and the process proceeds to step 23113.
In step 23113, from the value of the bit 26 of the interrupt, it is checked whether or not an update interrupt has occurred.If it is not an update interrupt (interrupt (bit 26) = 0), the process proceeds to step 23115, and in the case of an update interrupt (interrupt (bit 26) = 1), the process proceeds to step 23114, in which a data update process generation request message is sent to the process management process, and the process proceeds to step 23115.
In step 23115, it is checked whether or not an external IF interrupt has occurred based on the value of bit 25 of the interrupt. If the interrupt is not an external IF interrupt (interrupt (bit 25) = 0), the process proceeds to step 23117. In (bit 25) = 1), the process proceeds to step 23116, in which a request message for generating an external IF communication process is sent to the process management process, and the process proceeds to step 23117.
In step 23117, it is checked whether or not a key interrupt has occurred based on the value of bit 24 of the interrupt. If the key interrupt has not occurred (interrupt (bit 24) = 0), the interrupt processing ends, and the process returns to the original main routine processing In the case of a key interrupt (interrupt (bit 24) = 1), the process proceeds to step 23118.
In step 23118, the value of the “power” bit (bit 16) of the interrupt is checked. If the value is 0, the interrupt processing ends, the process returns to the original main routine, and if the value is 1, the power switch is operated. Then, the process proceeds to step 23119.
In step 23119, the value of the interrupt "power indication" bit (bit 31) is checked. If the value is 0, it is determined that the power-off operation has been performed, and the process proceeds to step 23121. It is determined that the operation has been performed, and the process proceeds to step 23120.
In step 23120, a power-on process generation request message is sent to the process management process, the interrupt process ends, and the process returns to the original main routine.
In step 23121, a power off process generation request message is sent to the process management process, the interrupt process ends, and the process returns to the original main routine.
CPU 22500 having returned from interrupt processing routine 23122 to main routine 23109 resumes the processing of the main routine from the processing step immediately before jumping to the interrupt processing routine. In the interrupt processing routine, the process generation request message sent to the process management process returns from the interrupt processing routine to the main routine, and is evaluated and requested in the process of the process management process in step 23101 to be executed first. The process is registered in the process list. Then, the requested process is executed in the processing of the main routine thereafter.

For example, when the credit settlement terminal 300 is reset, nothing is registered in the process list immediately after the reset. Therefore, the CPU 22500 repeats the process management process generated in the reset process 23100 in the main routine (see FIG. 52A). On the other hand, by the reset, the control logic unit 22510 sets the bit 24 (key interrupt) and the bit 16 (“power”) of the interrupt register (INT) to 1, and asserts the interrupt signal 22518. At this time, when the power switch 309 is in the ON state, the CPU 22500 executes the power-on process in the main routine through the processing of the interrupt processing routine by this interrupt, and when the power switch 309 is in the OFF state. First, the CPU 22500 executes a power-off process in the main routine through the processing of the interrupt processing routine by this interrupt.
FIG. 52C shows a processing flow when the power switch is turned off or when the power switch is off at the time of reset. In the power-off process, termination processing such as erasing the display on the LCD and accessing the key operation control register (KEYCTL) 22610 to make only the power switch 309 effective is performed. When the processing of the power-off process is completed, the CPU 22500 shifts to the halt state, and stops the processing of the main routine. The CPU 22500 returns from the halt state to the normal operation state only by the interruption by turning on the power switch or the update interruption, and resumes the processing of the main routine after the processing of the interruption processing routine.

  FIG. 52B shows a processing flow when the power switch is turned on or when the power switch is turned on at the time of reset. In the power-on process, initialization of LCD display, setting of variables defined in the RAM 22502, setting of internal registers, and generation request messages for the digital telephone process, credit settlement process, and merchant information management process are processed. Performs initial operation processing sent to the management process. By the message for requesting generation of these processes, a digital telephone process, a credit settlement process, and a merchant information management process are registered in the process list, and these processes are executed in the main routine. However, since the execution status of the process status of each process is stored, the operation mode at power-on is the operation mode at the time when the power switch was turned off last time.

FIG. 62 shows that after the processing of the power-on process is completed, or when the credit settlement terminal executes “payment”, “cancel”, “customer service call”, “inquiry call”, “data update”, “remote access”, etc. 9 shows a processing flow of the CPU in a steady state where no processing is performed. At this time, three processes, a digital telephone process, a credit settlement process, and a merchant information management process, are registered in the process list, but only one process status is "running", and the execution status of the process status is "running". The operation mode of the credit settlement terminal is an operation mode corresponding to a process in which the execution status of the process status indicates “running”.
The key operation performed by the merchant is copied to the word “interrupt” in the RAM 22502 by the processing of the interrupt processing routine as an interrupt factor of the interrupt register 22602, and the process corresponding to the operation mode of the credit settlement terminal (digital telephone process or , A credit settlement process, or a merchant information management process), and a process corresponding to the operation of the merchant is performed. Then, when an operation such as a credit settlement operation 604, a cancellation operation 901, a customer service call operation 1200, or an inquiry call 1216 is received, a settlement process, a cancellation process, a customer service call process, an inquiry call, respectively. A message requesting creation of a corresponding process such as a process is sent to the process management process.
For example, FIG. 63 shows a processing flow of CPU 22500 at the time of processing of “settlement”. When the merchant performs a credit settlement operation, a settlement process, a session establishment process, a digital telephone communication process, and an infrared communication process are started in addition to the process at the normal time.

  Next, the digital signature processing and the letter-sealing processing will be described. Digital signature processing when the personal credit terminal generates a message to be transmitted to the credit settlement terminal and the service providing system, and when the credit settlement terminal generates a message to be transmitted to the personal credit terminal and the service providing system. FIG. 64 (a) and (b) show the procedure of the digital signature process, and FIGS. 65 (a) and (b) show the procedure of the letter sealing process. FIGS. 66 (a) and 66 (b) show the procedure for decrypting the sealed message, and FIGS. 67 (a) and 67 (b) show the procedure for verifying the digital signature of the digitally signed message. ing. These procedures are substantially the same as the procedures described with reference to FIGS. 20, 21, 22, and 23 in the first embodiment.

Next, processing in the service providing system 102 will be described.
The service providing system 102 communicates with the personal credit terminal 100, the credit settlement terminal 101, and the settlement system 103, respectively, and mediates between the user, the merchant, and the settlement processing institution to provide the user and the merchant. On the other hand, it is a system that provides a personal remote credit settlement service.
FIG. 68 shows a processing architecture in the service providing system 102.
The service providing system 102 provides a personal remote credit settlement service with a user process (UP: User Process) 23802 generated on the service server 400, a merchant process (MP: Merchant Process) 23802, and a payment processing agency process (TPP: Transaction Processor Process) 23804, service director process (SDP: Service Director Process) 23801, and service manager process (SMP: Service Manager Process) 23800 are provided by cooperative processing of five types of processes. In FIG. 68, a user process 23802 is a process that serves as an interface for communication between the service providing system 102 and the personal credit terminal 100 in one-to-one correspondence with the personal credit terminal 100, and a merchant process 23803 is , A process that serves as an interface for communication between the service providing system 102 and the credit settlement terminal 300 in a one-to-one correspondence with the credit settlement terminal 300. The service director process 23801, which serves as an interface for communication between the 102 and the payment system 103, communicates with the user process 23802, the merchant process 23803, and the payment processing agency process 23804, respectively, to produce a personal remote credit payment service. The process of doing Service manager process 23 800, the user process, the merchant process on the service providing system 102, the settlement processing institution process is a process for managing service director process. The meaning of the expression "produce a personal remote credit settlement service" will be described later in detail.
FIGS. 69 and 70 show a list of these five types of processes.

The service providing system 102 may communicate with a plurality of personal credit terminals and a plurality of credit settlement terminals at the same time, and perform processing of a plurality of personal remote credit settlement services at the same time. In some cases, or at the same time, a plurality of payment systems communicate with each other to process a plurality of personal remote credit payment services. Therefore, a plurality of user processes, a merchant process, a payment processing agency process, and a service director process may each exist on the service server 400 at the same time. These user processes, merchant processes, payment processing agency processes, and service director processes are created, deleted, and managed by a service manager process.
Further, when the service server 400 is configured by a plurality of computers, the user process, the merchant process, the payment processing agency process, and the service director process are provided with a plurality of processes so that the processing load of each process is distributed. It is distributed and generated on one computer.

Further, a set of processes for providing one personal remote credit settlement service by performing cooperative processing is determined by the service manager process, and the set of processes is defined by a user process, a merchant process, and a payment processing agency process. And one or more processes, and one service director process. Hereinafter, a set of processes that perform this cooperative processing is referred to as a process group.
First, the user process 23802 will be described.
The user process controls communication with the personal credit terminal 100, authenticates the user, encrypts data transmitted to the personal credit terminal 100, decrypts data received from the personal credit terminal 100, This is a process for checking the validity of data received from the personal credit terminal 100, and for performing remote access, data update, and data backup processing with the personal credit terminal 100.
The user process 23802 is a process generated by the service manager process 23800 when the service providing system 102 communicates with the personal credit terminal 100. The service manager process 23800 creates one user process 23802 for one personal credit terminal 100 communicating with the service providing system 102. At this time, the service manager process 23800 generates the user process management information 4400 shown in FIG. 75A on the memory or the hard disk of the computer constituting the service server 400, and executes the generated user process 23802. to manage.
The user process 23802 accesses the user process management information 4400, the attribute information of the owner (user) of the personal credit terminal 100 managed by the user information server 402, and the data in the RAM 1502 of the personal credit terminal 100. Permissions are granted. Conversely, user process 23802 has no access to other information.

The personal credit terminal 100 and the user process 23802 have a one-to-one correspondence, and the user process 23802 is a process effective only for the personal credit terminal 100 and directly communicates with other personal credit terminals. I can't.
The user process 23802 and the personal credit terminal 100 communicate using messages shown in columns 23901 and 23902 in FIG. 23901 message (authentication test A response, authentication test C, authentication test D response, remote access request, data update request, upload data, payment request, cancel request, incoming response, inquiry call request, timeout error message, session The “error message” is a message transmitted from the personal credit terminal to the user process, which is a message in the column of 23902 (authentication test A, authentication test B response, authentication test C response, remote access data, data update response, update data, Data update command, function stop command, receipt, cancel processing receipt, customer service call, inquiry call response, call response, timeout error message, session error message, timeout Message) indicates a message sent from the user process to the personal credit terminal. Sending other messages will not be interpreted as valid messages by each other.

Also, the user process 23802 communicates with the service director process 23801 belonging to the same process group using the messages shown in the columns 23903 and 23904 in FIG. 69 as an interface. The messages (receipt, cancellation processing receipt, customer service call, inquiry call response, call response, timeout error message, session error message) in the column of 23903 are the messages sent from the service director process to the user process, The messages in column 23904 (payment request, cancellation request, incoming response, inquiry call request, timeout error message, session error message, timeout message) indicate messages sent from the user process to the service director process. . Sending other messages will not be interpreted as valid messages by each other.
Further, the user process 23802 communicates with the service manager process 23800 using the message shown in the column 23906 in FIG. 69 as an interface. The message (payment request, cancellation request, inquiry request, own process deletion request) in the column of 23906 indicates a message sent from the user process to the service manager process. The column 23905 in FIG. 69 (user process generation, user process deletion) shows the effect of the service manager process on the user process, and the service manager process generates and deletes the user process. The contents of the message will be described later in detail.

There is no interface for communication between a user process and another user's user process, and a user process cannot communicate directly with another user process. Similarly, there is no interface between the user process and the merchant process, the user process and the payment processing agency process, the communication between the user process and the service director process in a different process group, and the user process is the merchant process, the payment processing agency process, And cannot directly communicate with the service director process in a different process group.
When a personal credit terminal is used in a service area other than the service area where the user resides, the service area of the service area where the user resides and the service area where the personal credit terminal is used are used. A user process may be created on the service providing system. Such a case will be described later in detail.

Next, the merchant process 23803 will be described.
The merchant process controls communication with the credit settlement terminal 300, authenticates the merchant, encrypts data transmitted to the credit settlement terminal 300, decrypts data received from the credit settlement terminal 300, and receives data from the credit settlement terminal 300. This is a process of checking the validity of the data, and performing remote access and data update processing with the credit settlement terminal 300.
The merchant process 23803 is a process generated by the service manager process 23800 when the service providing system 102 communicates with the credit settlement terminal 300. The service manager process 23800 generates one merchant process 23803 for one credit settlement terminal 300 communicating with the service providing system 102. At this time, the service manager process 23800 generates merchant process management information 4401 shown in FIG. 75 (b) on a memory or a hard disk of a computer constituting the service server 400, and stores the generated merchant process 23803. to manage.
The merchant process 23803 includes merchant process management information 4401, attribute information of the owner (merchant) of the credit settlement terminal 300 managed by the merchant information server 403, and data in the RAM 22502 and the hard disk 22503 of the credit settlement terminal 300. Permission to access is given. Conversely, merchant process 23803 has no access to other information.
The credit settlement terminal 300 and the merchant process 23803 correspond one-to-one, and the merchant process 23803 is a process effective only for the corresponding credit settlement terminal 300 and directly communicates with other credit settlement terminals. It is not possible.

  The merchant process 23803 communicates with the credit settlement terminal 300 using messages shown in columns 23907 and 23908 in FIG. 23907 message (authentication test A response, authentication test C, authentication test D response, remote access request, data update request, upload data, credit inquiry request, settlement request, receipt, cancellation request, incoming response, customer service call The request, the timeout error message, and the session error message) are the messages (authentication test A, authentication test B response, authentication test C response, remote access data, Data update response, update data, data update instruction, function stop instruction, credit inquiry response, payment completion notification, cancellation completion notification, customer service call response, call response, inquiry call, timeout error message, The error message and the timeout message) indicate messages sent from the merchant process to the credit settlement terminal. Sending other messages will not be interpreted as valid messages by each other.

  Also, the merchant process 23803 communicates with the service director process 23801 belonging to the same process group using the messages shown in the columns 23909 and 23910 in FIG. 69 as an interface. Messages in the 23909 column (credit inquiry response, settlement completion notification, cancellation completion notification, customer service call response, call response, inquiry call, timeout error message, session error message) are sent from the service director process to the merchant process. Messages in the column of 23910 (payment completion notification, cancellation completion notification, customer service call response, call response, inquiry call, timeout error message, session error message, timeout message) are sent from the merchant process to the service This shows a message sent to the director process. Sending other messages will not be interpreted as valid messages by each other.

Further, the merchant process 23803 communicates with the service manager process 23800 using the message shown in the column 23912 in FIG. 69 as an interface. The message (credit inquiry request, cancellation request, customer service call request, own process deletion request) in the column of 23912 indicates a message sent from the merchant process to the service manager process. The column of 23911 (merchant process generation, merchant process deletion) in FIG. 69 shows the effect of the service manager process on the merchant process, and the service manager process generates and deletes the merchant process. The contents of the message will be described later in detail.
There is no interface for communication between a merchant process and another merchant process, and a merchant process cannot communicate directly with another merchant process. Similarly, there is no interface for communication between the merchant process and the user process, the merchant process and the payment processing agency process, and the merchant process and the service director process in a different process group. And cannot directly communicate with the service director process in a different process group.

Next, the settlement institution process 23804 will be described.
The payment processing institution process controls communication with the payment system 103, authenticates the payment processing institution, encrypts data transmitted to the payment system 103, decrypts data received from the payment system 103, and receives data from the payment system 103. This is the process of checking the validity of
The payment processing agency process 23804 is a process generated by the service manager process 23800 when the service providing system 102 communicates with the payment system 103. For communication between the service providing system 102 and the settlement system 103 using one communication line, one settlement processing agency process 23804 is generated. The digital communication line 111 connecting the service providing system 102 and the settlement system 103 operates as a plurality of communication lines by multiplexing. Therefore, when communication is performed between the service providing system 102 and the settlement system 103 using a plurality of communication lines at the same time, the service manager process 23800 requires the same number of payment processing agency processes as the number of communication lines. Generate 23804. At this time, the service manager process 23800 executes the payment processing institution process shown in FIG. 75 (c) for each of the generated payment processing institution processes on the memory or the hard disk of the computer constituting the service server 400. The management information 4402 is generated to manage the payment processing agency process.

The payment processing institution process 23804 accesses the payment processing institution process management information 4402, the attribute information of the payment processing institution where the payment system 103 managed by the payment processing institution information server 404 is installed, and the history information of the payment processing. Permission is given. Conversely, clearing house process 23804 has no access to other information.
Also, the settlement processing institution process 23804 is a process effective only for the settlement system 103, and cannot directly communicate with other settlement systems.
The settlement processing agency process 23804 and the settlement system 103 communicate using messages shown in columns 23913 and 23914 in FIG. The message in the column of 23913 (payment completion notification, cancellation completion notification, timeout error message, session error message) is the message sent from the payment system to the payment processing institution process, the message in the column of 23914 (payment request, cancellation request) , A timeout error message, a session error message, and a timeout message) indicate messages sent from the payment processing agency process to the payment system. Sending other messages will not be interpreted as valid messages by each other.

Also, the settlement processing agency process 23804 communicates with the service director process 23801 belonging to the same process group using the messages shown in columns 23915 and 23916 in FIG. 69 as an interface. The message (payment request, cancellation request, timeout error message, session error message) in the column 23915 is the message sent from the service director process to the payment processing agency process, and the message in the column 23916 (payment completion notification, cancellation) Completion notification, session error message, and timeout message) indicate a message sent from the payment processing agency process to the service director process. Sending other messages will not be interpreted as valid messages by each other.
Further, the settlement processing agency process 23804 communicates with the service manager process 23800 using the message shown in the column 23918 of FIG. 69 as an interface. The message in the column of 23918 (own process deletion request) indicates a message sent from the payment processing agency process to the service manager process. Also, the column 23917 in FIG. 69 (payment processing institution process generation, payment processing institution process erasure) shows the effect of the service manager process on the payment processing institution process. Is generated and deleted. The contents of the message will be described later in detail.

  There is no interface for communication between the clearing house processes and other clearing house processes, and the clearing house processes cannot communicate directly with other clearing house processes. Similarly, there is no interface for communication between the clearing house process and the user process, the clearing house process and the merchant process, and the clearing house process and the service director process in a different process group. , Merchant processes, and service director processes in different process groups cannot be communicated directly.

Next, the service director process 23801 will be described.
The service director process is a process for communicating with a user process, a merchant process, and a payment processing institution process belonging to the same process group to produce a personal remote credit payment service. The expression "produce a personal remote credit payment service" means that the service director process takes the initiative in processing the personal remote credit payment service in cooperation with other member processes of the same process group. Means that.
The service director process 23801 is used when the service providing system 102 performs any one of “payment”, “cancel”, “customer service call”, and “inquiry call” of the personal remote credit payment service. • Created by the manager process 23800. The service manager process 23800 generates the service director process management information 4403 shown in FIG. 75 (d) on the memory or hard disk of the computer constituting the service server 400, and generates the generated service director process 23801. Manage.

Each processing of “payment”, “cancel”, “customer service call”, and “inquiry call” of the personal remote credit payment service has a predetermined processing sequence. The service director process processes a message sent from a member process of the same process group according to the determined processing sequence, and sends a message prompting the process to each member process. Each of the member processes performs a process corresponding to the message sent from the service director process. As described above, the personal remote credit card settlement service is processed by the service director process and the member processes of the same process group performing the processes in cooperation with each other.
In the case of “payment” and “cancel” processing, the service director process, the user process, the merchant process, and the payment processing institution process form one process group, perform the respective processes, and execute In the case of the processing of the "service call" and the processing of the "inquiry call", the service director process, the user process, and the merchant process form one process group and perform the respective processes.

Also, the service director process 23801 accesses the service director process management information 443, information managed by the service director information server 404, and information that a member process of the same process group has access permission to. Permissions are granted. Conversely, the service director process 23801 cannot access other information.
The service director process 23801 communicates with the user processes 23802 belonging to the same process group using the messages shown in the columns 23904 and 23903 in FIG. 70 as an interface. The message (payment request, cancellation request, incoming response, inquiry call request, timeout error message, session error message, timeout message) in the column of 23904 is a message transmitted from the user process to the service director process in 23903. The messages in the columns (receipt, cancellation processing receipt, customer service call, inquiry call response, call response, timeout error message, session error message) indicate messages sent from the service director process to the user process. . Sending other messages will not be interpreted as valid messages by each other.

Similarly, the service director process 23801 communicates with the merchant processes 23803 belonging to the same process group using the messages shown in columns 23910 and 23909 in FIG. 70 as an interface. Messages in the 23910 column (payment completion notification, cancellation completion notification, customer service call response, call response, inquiry call, timeout error message, session error message, timeout message) are sent from the merchant process to the service director process. The messages in the 23909 column (credit inquiry response, settlement completion notification, cancellation completion notification, customer service call response, call response, inquiry call, timeout error message, session error message) are sent from the service director process. It shows a message sent to the merchant process. Sending other messages will not be interpreted as valid messages by each other.
Similarly, the service director process 23801 communicates with the payment processing agency process 23804 belonging to the same process group using the messages shown in the columns 23916 and 23915 in FIG. 70 as an interface. The message in the column 23916 (payment completion notification, cancellation completion notification, session error message, timeout message) is the message sent from the payment processing agency process to the service director process, and the message in the column 23139 (payment request, cancellation) Request, timeout error message, session error message) indicate a message sent from the service director process to the payment processing agency process. Sending other messages will not be interpreted as valid messages by each other.

  Further, the service director process 23801 communicates with the service manager process 23800 using the message shown in the column 23920 of FIG. 70 as an interface. The message (member process request, process deletion request) in the column of 23920 indicates a message sent from the service director process to the service manager process. The column of 23919 in FIG. 70 (service director process generation, service director process deletion, payment request, credit inquiry request, cancellation request, customer service call request, inquiry request) is the service director process of the service manager process. The service manager process creates and deletes the service director process. The contents of the message will be described later in detail.

  There is no interface for communication between the Service Director process and a user process in a different process group, the Service Director process and a merchant process in a different process group, and there is no interface for communication between the Service Director process and the payment processing agency process in a different process group. A process cannot communicate directly with a user process in a different process group, a merchant process in a different process group, and a clearing house process in a different process group.

Next, the service manager process 23800 will be described.
The service manager process is a process for generating and deleting a user process 23802, a merchant process 23803, a settlement processing agency process 23804, and a service director process 23801, and generating and deleting a process group.
The service manager process 23800 stores user process management information 4400, merchant process management information 4401, payment processing institution process management information 4402, and service / service management information shown in FIG. 75 on a memory or a hard disk of a computer constituting the service server 400. It generates six types of management data of director process management information 4403, process group management information 4404, and message list 4405, and manages each process. The process group management information 4404 is process group management data, and the message list 4405 is a list of messages for which processing by the service manager process is suspended. The role of the message list 4405 will be described later in detail.

The service manager process 23800 is a process that is activated whenever the service providing system provides a personal remote credit settlement service. The creation and deletion of the service manager process is controlled by the management system 407.
The service manager process 23800 is given permission to access information managed by the service director information server 401. Conversely, the service manager process 23800 has no access to other information.
The service manager process 23800 communicates with the user process 23802 using the message shown in the column 23906 in FIG. 70 as an interface. The message (payment request, cancellation request, inquiry request, own process deletion request) in the column of 23906 indicates a message sent from the user process to the service manager process. A column 23905 (user process creation, user process deletion) in FIG. 70 shows the effect of the service manager process on the user process, and the service manager process creates and deletes the user process.

Similarly, the service manager process 23800 communicates with the merchant process 23803 using the message shown in the column 23912 in FIG. 70 as an interface. The message (credit inquiry request, cancellation request, customer service call request, own process deletion request) in the column of 23912 indicates a message sent from the merchant process to the service manager process. A column 23911 (merchant process generation, merchant process deletion) in FIG. 70 shows the effect of the service manager process on the merchant process, and the service manager process generates and deletes the merchant process.
Similarly, the service manager process 23800 communicates with the payment processing agency process 23804 using the message shown in the column 23918 in FIG. 70 as an interface. The message in the column of 23918 (own process deletion request) indicates a message sent from the payment processing agency process to the service manager process. Also, the column 23917 in FIG. 70 (payment processing institution process generation, payment processing institution process erasure) shows the effect of the service manager process on the payment processing institution process. Is generated and deleted.

Similarly, the service manager process 23800 communicates with the service director process 23801 using the message shown in the column 23920 of FIG. 70 as an interface. The message (member process request, process deletion request) in the column of 23920 indicates a message sent from the service director process to the service manager process. The column of 23919 (service director process generation, service director process deletion, payment request, credit inquiry request, cancellation request, customer service call request, inquiry request) in FIG. 70 is the service director process of the service manager process. The service manager process creates and deletes the service director process.
The service manager process 23800 communicates with the service manager process of the service providing system in another service area using the messages shown in columns 23921 and 23922 in FIG. 70 as an interface. The message (user process creation, user process deletion, home user process creation, home user process deletion, mobile user process creation, mobile user process deletion, cancellation request, inquiry call request) in the column of 23921 is a service provision of another service area. The message sent from the service manager process of the system to the service manager process 23800 is changed to the message in the column of 23922 (user process creation, user process deletion, home user process creation, home user process deletion, mobile user process creation, mobile user process). (Erase, cancel request, inquiry call request) are sent from the service manager process 23800 to the service manager process of the service providing system in another service area. Shows the message. Communication between service manager processes of different service providing systems is performed when providing a personal remote credit settlement service across service areas. Such a case will be described later in detail.

Next, information managed by the user information server 402 of the service providing system 102 will be described. The user information server 402 manages user attribute information and data in the RAM 1502 of the user's personal credit terminal 100. However, one user information server 402 does not manage the attribute information of all users and the data of the RAM of the personal credit terminal, but manages them in a distributed manner for each service area. Therefore, the user information server 402 manages the attribute information of the user who lives in the service area in charge of the service providing system 102 and the data in the RAM of the personal credit terminal of the user (hereinafter, the service area where the user lives). Is referred to as the “home service area” of the user.)
FIG. 71 is a schematic diagram showing information stored in the user information server 402 for one user. In the user information server 402, for one user, user data management information 24000, personal information 24001, photograph data 24002, terminal properties 24003, user setting information 24004, access control information 24005, terminal data 24006, telephone information 24007, Ten types of information of a credit card list 24008 and a use history list 24009 are stored. The detailed contents of these pieces of information are the same as those described with reference to FIG. 29 in the first embodiment.

  Next, information managed by the merchant information server 403 of the service providing system 102 will be described. The merchant information server 403 manages merchant attribute information and data in the RAM 22502 and the hard disk 22503 of the merchant credit settlement terminal 300. However, one merchant information server 403 does not manage attribute information of all merchants and data of credit settlement terminals, but manages them in a distributed manner for each service area. Therefore, the merchant information server 403 manages the attribute information of the merchant located in the service area in charge of the service providing system 102 and the data of the RAM and the hard disk of the personal credit terminal of the merchant.

  FIG. 72 is a schematic diagram showing information stored in the merchant information server 403 for one merchant. In the merchant information server 403, for one merchant, merchant data management information 24100, merchant information 24101, terminal property 24102, merchant setting information 24103, terminal data 24104, telephone information 24105, credit card list 24106, and sales history Eight types of information of the list 24107 are stored. The details of these pieces of information are the same as those described with reference to FIG. 30 in the first embodiment. The merchant information 24101 is information about the merchant such as the merchant's address, account number, and contract details, and a part of this information corresponds to the merchant information 2506 of the credit settlement terminal 2410.

Next, information managed by the payment processing institution information server 404 of the service providing system 102 will be described. The payment processing institution information server 404 manages attribute information of the payment processing institution and history information of the payment processing by the payment processing institution.
FIG. 73 is a schematic diagram showing information stored in the payment processing institution information server 404 for one payment processing institution. The payment processing institution information server 404 stores four types of information for one payment processing institution: payment processing institution data management information 24200, payment processing institution information 24201, credit card list 24202, and sales history list 24203. You. The detailed contents of these pieces of information are the same as those described with reference to FIG. 31 in the first embodiment.

Next, information stored in the service director information server 401 of the service providing system 102 will be described.
FIG. 74 is a schematic diagram showing information stored in the service director information server 401.
The service director information server 401 stores five types of information: a user list 4300, a merchant list 4301, a payment processing institution list 4302, a service provision history list 4303, and a payment processing institution table 4304.
The user list 4300 is a list of attribute information of all users contracting with the service provider, the merchant list 4301 is a list of attribute information of all merchants contracting with the service provider, and the payment processing institution list 4302 is A list of attribute information of all settlement processing institutions that have contracted with the service provider, a service provision history list 4303 is a list of personal remote credit settlement service history information provided by the service provision system 102, and The processing institution table 4304 is table information in which an optimum payment processing institution is associated with a request for a personal remote credit payment service from a user and a merchant.
The user list 4300 includes, for one user, a user name 4305 (4310), a user ID 4306 (4311), a user telephone number 4307 (4312), a service list address 4308 (4313), and a user information address 4309 ( 4314) is stored.

The service list address 4308 (4313) indicates the address where the list of service codes available to the user is stored, and the user information address 4309 (4314) is the address where the user data management information of the user is stored Is shown. The list of service codes available to the user and the user data management information are managed by the service director information server and the user information server in the service providing system of the user's home service area, respectively. Therefore, when the service providing system 102 is a service providing system of a user's home service area, the service list address and the user information address are the address on the service director information server 401 and the user information, respectively. In the case where the home service area of the user is different from the service area of the service providing system 102, the service list address and the user information address respectively indicate the home service area of the user. The address on the service director information server and the address on the user information server in the area service providing system are shown.
The merchant list 3301 includes, for one merchant, a merchant name 4315 (4321), a merchant ID 4316 (4322), a merchant telephone number 4317 (4323), a service list address 4318 (4324), and a customer table address 4319 ( 4325) and a merchant information address 4320 (4326).

The service list address 4308 (4312) indicates an address where a list of service codes that can be handled by the merchant is stored, and the customer table address 4317 (4322) indicates the correspondence between the customer number and the user ID The address where the table information (customer table) is stored, and the merchant information address 4320 (4326) indicates the address where the merchant data management information of the merchant is stored.
The service code list and the customer table that can be handled by the merchant, and the merchant data management information are managed by the service director information server and the user information server in the service providing system in the home service area of the merchant, respectively. Therefore, when the service providing system 102 is a service providing system of a merchant's home service area, the service list address and the customer table address indicate an address on the service director information server 401, and the user information address is , The address on the user information server 402. If the merchant's home service area is different from the service area of the service providing system 102, the service list address and the customer table address are stored on the service director information server in the service providing system of the merchant's home service area. The user information address indicates an address on the user information server in the service providing system of the merchant's home service area.

The payment processing institution list 4302 includes, for one payment processing institution, a payment processing institution name 4327 (4332), a payment processing institution ID 4328 (4333), a payment processing institution communication ID 4329 (4334), a service list address 4330 ( 5335) and the settlement processing institution information address 4331 (4336).
The payment processing organization communication ID 4329 (4334) indicates the ID of the payment system 103 when the service providing system 102 communicates with the payment system 103 via the digital communication line 111, and the service list address 4330 (4335) is Indicates the address on the service director information server 401 where a list of service codes that can be handled by the payment processing institution is stored, and the payment processing institution information address 4331 (4336) is the payment processing institution data management information of the payment processing institution. Indicates the address on the payment processing institution information server 404 in which is stored.
The service provision history list 4303 includes a service provision number 4337 (4341), a service code 4338 (4342), a service provision time 4339 (4343), and a service provision for one of the personal remote credit settlement services. Four types of information of the information address 4340 (4344) are stored.
The service provision number 4337 (4341) is a number that uniquely indicates processing in the service provision system 102 in one service provision, the service code 4338 (4342) is a code number that indicates the type of credit card service used by the user, the service The provision time 4339 (4343) is the time at which the personal remote credit card payment service was provided, and the service provision information address 4340 (4344) stores the processing history information of the service provision system 102 in one service provision. The address on the service director information server 401 is shown.

Next, process management data generated when the service manager process 23800 manages a user process, a merchant process, a payment processing agency process, and a service director process will be described.
FIGS. 75A to 75F show the configuration of process management data generated by the service manager process.
FIG. 75A shows a data configuration of user process management information 4400 generated for one user process. The user process management information 4400 includes a user process ID 4406 indicating the process ID of the user process, a user ID 4407 of the user corresponding to the user process, and a home process indicating the process ID of the user process on the service providing system in the user's home service area. ID 4408, a mobile process ID 4409 indicating a process ID of a user process on a service providing system in a service area other than the user's home service area, and a service ID indicating a process ID of a service director process belonging to the same process group as the user process. Consists of seven types of information: a director process ID 4410, a process status 4411 indicating the execution state of the user process, and a process data area pointer 4412 indicating the memory area allocated to the user process. It is.
When the personal credit terminal communicates with the user's home service area service providing system, the service manager process of the home service area service providing system creates one user process corresponding to the personal credit terminal. In the field of the user process ID 4406, an ID uniquely indicating the user process is set through the service providing system of all service areas, and "0" is set in the fields of the home process ID 4408 and the mobile process ID 4409.

On the other hand, when a user uses a personal credit terminal in a service area other than the home service area and the personal credit terminal communicates with a service providing system other than the home service area, the personal credit terminal is supported. User processes are created on the service providing system in the user's home service area and on the service providing system with which the personal credit terminal communicates.
In this case, a user process on the service providing system in the home service area is called a home user process (HUP: Home User Process), and a user process on the service providing system with which the personal credit terminal communicates is referred to as a mobile user process (HUP). MUP: Mobile User Process). The home user process and the mobile user process communicate with each other, perform cooperative processing, and function as one user process. Specifically, the home user process accesses the attribute information of the user managed by the user information server and the data in the RAM of the personal credit terminal of the user, and the mobile user process controls the communication with the personal credit terminal. , And data processing. That is, the mobile user process accesses the user information server via the home user process.

The service manager process of the service providing system in the home service area stores, in the field of the user process ID 4406 in the user process management information of the home user process, an ID that uniquely identifies the home user process through the service providing systems in all service areas. Then, “0” is set in the field of the home process ID 4408, and the ID of the mobile user process is set in the field of the mobile process ID 4409.
In addition, the service manager process of the service providing system with which the personal credit terminal communicates, the field of the user process ID 4406 in the user process management information of the mobile user process uniquely identifies the mobile through the service providing system of all service areas. An ID indicating the user process is set, the ID of the home user process is set in the field of the home process ID 4408, and “0” is set in the field of the mobile process ID 4409.
A user ID 4407 and a service director process ID 4410 respectively indicate a user and a service director process that are unique throughout the service providing system in all service areas.

  Next, FIG. 75 (b) shows the data configuration of merchant process management information 4401 generated for one merchant process. The merchant process management information 4401 includes a merchant process ID 4413 indicating the process ID of the merchant process, a merchant ID 4414 of the merchant corresponding to the merchant process, and a service It comprises five types of information: a director process ID 4415, a process status 4416 indicating the execution state of the merchant process, and a process data area pointer 4417 indicating the memory area allocated to the merchant process. A merchant process ID 4413, a merchant ID 4414, and a service director process ID 4415 indicate a merchant process, a merchant, and a service director process, which are unique throughout the service providing system of all service areas.

  Next, FIG. 75 (c) shows the data configuration of the payment processing institution process management information 4402 generated for one payment processing institution process. The payment processing institution process management information 4402 includes a payment processing institution process ID 4418 indicating the process ID of the payment processing institution process, a payment processing institution ID 4419 of the payment processing institution corresponding to the payment processing institution process, and the same process as the payment processing institution process. Service director process ID 4420 indicating the process ID of the service director process belonging to the group, process status 4421 indicating the execution state of the payment processing institution process, and process data area pointer 4422 indicating the memory area allocated to the payment processing institution process And five types of information. The payment processing institution process ID 4418, the payment processing institution ID 4419, and the service director process ID 4420 respectively indicate a payment processing institution process, a payment processing institution, and a service director process, which are unique throughout the service providing system of all service areas. .

  Next, FIG. 75D shows the data configuration of the service director process management information 4403 generated for one service director process. The service director process management information 4403 includes a service director process ID 4423 indicating the process ID of the service director process, a process group ID 4424 indicating the ID of the process group to which the service director process belongs, and an execution state of the service director process. A process status 4425, a member list 4426 indicating a list of process IDs of processes belonging to the same process group as the service director process, and a process data area pointer 4427 indicating a memory area allocated to the service director process. It consists of information of the type. The service director process ID 4423 and the process group ID 4424 respectively indicate a service director process and a process group that are unique throughout the service providing system of all service areas.

  Next, FIG. 75E shows the data configuration of the process group management information 4404 generated for one process group. The process group management information 4404 includes a process group ID 4428 indicating an ID of a process group, a service director process ID 4429 indicating a process ID of a service director process of the process group, and a member indicating a list of process IDs of processes belonging to the process group. It is composed of three types of information as shown in list 4430. The process group ID 4428 and the service director process ID 4429 respectively indicate a process group and a service director process that are unique throughout the service providing system of all service areas.

FIG. 75 (f) shows the data structure of a message list 4405 indicating messages for which processing by the service manager process is suspended.
Of the messages sent to the service manager process, the payment request and cancellation request sent from the user process and the credit inquiry request and cancellation request sent from the merchant process may be temporarily suspended. In some cases, it is registered in the message list 4405 by the service manager process.
For example, in the case of a "settlement" process, if a payment request is sent to a service manager process before a credit inquiry request, the payment request is sent to the service manager process until the corresponding credit inquiry request is sent to the service manager process. The request is registered in the message list 4405. When the corresponding credit reference request is sent to the service manager process, the service manager process creates a service director process, which processes the payment request and the credit reference request. Conversely, if the credit inquiry request is sent to the service manager process before the payment meeting request, the credit inquiry request is registered in the message list 4405 until the corresponding payment request is sent to the service manager process. Is done. When the corresponding payment request is sent to the service manager process, the service manager process generates a service director process, and the generated service director process processes the payment request and the credit inquiry request.

  Also, in the case of the "cancel" process, if the cancellation request from the user process is sent to the service manager process before the cancellation request from the merchant process, the cancellation request from the corresponding merchant process becomes Until it is sent to the service manager process, the cancel request from the user process is registered in the message list 4405. When a cancel request from the corresponding merchant process is sent to the service manager process, the service manager process creates a service director process, and the generated service director process cancels the user process and the merchant process. The request is processed. Conversely, if the cancel request from the merchant process is sent to the service manager process before the cancel request from the user process, the cancel request from the corresponding user process is sent to the service manager process. Until then, the cancellation request from the merchant process is registered in the message list 4405. When a cancel request from the corresponding user process is sent to the service manager process, the service manager process generates a service director process, and the generated service director process cancels the user process and the merchant process. The request is processed.

The service manager process detects a message corresponding to each of the payment request, the credit inquiry request, and the cancellation request from the user process and the merchant process by matching the message registered in the message list 4405 with the content of the message. I do.
The message list 4405 includes, for one message, a message pointer 4431 (4434) that is a pointer to a message and a collation data pointer 4432 (4435) that is a pointer to collation data to be collated when detecting a corresponding message. ) And a process ID 4433 (4436) indicating the process of the message sender are registered.

Next, details of a message exchanged in a process of establishing a session with a service providing system by a personal credit terminal or a credit settlement terminal will be described. The session establishment process is a process in which the personal credit terminal and the service providing system or the credit settlement terminal and the service providing system mutually authenticate each other before starting communication. Hereinafter, this process is referred to as a session establishment process.
FIG. 76 shows the procedure of the session establishment process when connecting to the service providing system from the personal credit terminal. FIGS. 78 (a), (b) and (c) show the personal credit terminal and the service providing system. 4 shows the contents of a message exchanged with the server.
FIG. 77 shows the procedure of a session establishment process when connecting from the service providing system to the personal credit terminal. FIGS. 78 (d), (e) and (f) show the personal credit terminal and the service provision process. It shows the contents of messages exchanged with the system.
When connecting to the service providing system from the personal credit terminal, first, the personal credit terminal 100 calls the service providing system 102 and connects the line (line connection 4505). At this time, the personal credit terminal 100 transmits to the digital public network 108 a message requesting a line connection of a digital radio telephone and a call request 4500, and the digital public network 108 The request 4501 is sent to the service providing system. On the other hand, the service providing system transmits a message permitting a call and an incoming call response 4503 to the digital public network, and the digital public network transmits a message permitting the line connection and a call response 4504 to the personal credit terminal. Then, the personal credit terminal and the service providing system are connected by a line (line connection 4505).

At this time, messages such as a call request 4500, a call request 4501, a call response 4503, and a call response 4504 exchanged between the personal credit terminal and the digital public network, and between the digital public network and the service providing system, It depends on the protocol of the line connection from the digital wireless telephone via the transmission line 106 and the base station 104, the digital communication line 107, the digital public network 108, and the digital communication line 109.
In the service providing system, the service manager process receives a call request 4501 from the digital public network 108. The service manager process generates a user process corresponding to the calling personal credit terminal from the telephone number information of the calling personal credit terminal included in the incoming call request 4501 (process generation 4502), and is generated. The user process sends a call response 4503 to connect the line with the personal credit terminal.
When the line between the personal credit terminal and the user process is connected (line connection 4505), the user process generates a test message for authenticating the personal credit terminal, an authentication test A4506, and transmits it to the personal credit terminal. .

As shown in FIG. 78 (a), the authentication test A4506 includes header information indicating that the message is the authentication test A4506, the authentication test A header 4700, and a test pattern A4701 which is an arbitrary bit pattern with the user's public key. 4702 encrypted.
The personal credit terminal receives the authentication test A4506, decrypts the encryption of the test pattern A with the user's private key, is a response message to the authentication test A4506, and is a test message for authenticating the user process. , Generates an authentication test A response 4507 and sends it to the user process.
As shown in FIG. 78 (b), the authentication test A response 4507 includes header information indicating that the message is the authentication test A response 4507, an authentication test A response header 4703, a test pattern A 4704 obtained by decrypting the encryption, Test pattern B4705, which is an arbitrary bit pattern, is encrypted with the service provider's public key 4706. That is, the authentication test A response 4507 includes an authentication test B for authenticating the user process, which corresponds to the authentication test A for the test pattern A.

The user process receives the authentication test A response 4507, authenticates the user by comparing the test pattern A4701 with the received test pattern A4704. The authentication of the user in this case is based on the premise that the test pattern A encrypted with the user's public key can be decrypted only by a personal credit terminal having the user's private key.
The user process further decrypts the encryption of the test pattern B with the private key of the service provider, generates a response message to the authentication test B, an authentication test B response 4508, and transmits the message to the personal credit terminal.
As shown in FIG. 78 (c), the authentication test B response 4508 includes header information indicating that the message is the authentication test B response 4508, an authentication test B response header 4707, a decrypted test pattern B4708, A session permission message 4709 encrypted with the user's public key 4710. The session permission message 4709 is a message for permitting a session with the personal credit terminal, and includes information on communication conditions.

The personal credit terminal receives the authentication test B response 4508, authenticates the user process by comparing the test pattern B4705 with the received test pattern B4708. The authentication of the user process in this case is based on the premise that the test pattern B encrypted with the service provider's public key can be decrypted only by the service providing system having the service provider's private key.
The personal credit terminal further decrypts the encryption of the session permission message with the user's private key, and changes the communication condition with the user process to the communication condition of the session permission message.
By the above processing, the personal credit terminal and the user process mutually authenticate each other and communicate based on the common communication conditions (session establishment 4509). This state is hereinafter referred to as a session establishment state.

When connecting from the service providing system to the personal credit terminal, first, the service providing system 102 calls the personal credit terminal 100 and connects the line (line connection 4605). At this time, in the service providing system 102, the service manager process generates a user process corresponding to the personal credit terminal connected to the line (process generation 4600), and the generated user process is transmitted to the digital public network 108 by the digital public network 108. The digital public network 108 transmits a message requesting a line connection of a wireless telephone, a call request 4601, and transmits a message for calling the personal credit terminal and a call request 4602 to the personal credit terminal. On the other hand, the personal credit terminal transmits a message permitting a call and an incoming call response 4603 to the digital public network, and the digital public network transmits a message permitting the line connection and a call response 4604 to the user process. Then, the user process and the personal credit terminal are connected by a line (line connection 4605). At this time, messages such as a call request 4601, a call request 4602, a call response 4603, and a call response 4604 exchanged between the user process and the digital public network and between the digital public network and the personal credit terminal are digital. It depends on the protocol of the line connection via the communication line 109, the digital public network 108, the digital communication line 107, the base station 104, and the transmission line 106.
When the line between the user process and the personal credit terminal is connected (line connection 4605), the personal credit terminal generates a test message for authenticating the user process, an authentication test C4606, and transmits it to the user process.

As shown in FIG. 78 (d), the authentication test C4606 discloses the header information indicating that the message is the authentication test C4606, the authentication test C header 4711, and the test pattern C4712 which is an arbitrary bit pattern to the public of the service provider. 4713 encrypted with a key.
The user process receives the authentication test C4606, decrypts the encryption of the test pattern C with the private key of the service provider, is a response message to the authentication test C4606, and a test message for authenticating the personal credit terminal. Is generated, and transmitted to the personal credit terminal.
As shown in FIG. 78 (e), the authentication test C response 4607 includes header information indicating that the message is the authentication test C response 4607, an authentication test C response header 4714, a test pattern C4715 obtained by decrypting the encryption, A test pattern D 4716, which is an arbitrary bit pattern, is encrypted with a user's public key 4717. That is, the authentication test C response 4607 includes an authentication test D for authenticating the personal credit terminal, which corresponds to the authentication test C for the test pattern C.
The personal credit terminal receives the authentication test C response 4607, authenticates the user process by comparing the test pattern C4712 with the received test pattern C4715. The authentication of the user process in this case is based on the premise that the test pattern C encrypted with the service provider's public key can be decrypted only by a service providing system having the service provider's private key.
The personal credit terminal further decrypts the encryption of the test pattern D with the user's private key, generates a response message to the authentication test D, an authentication test D response 4608, and transmits it to the user process.

As shown in FIG. 78 (f), the authentication test D response 4608 includes: header information indicating that the message is the authentication test D response 4608; an authentication test D response header 4718; A session permission message 4720 encrypted with the service provider's public key 4721. The session permission message 4720 is a message for permitting a session with the user process, and includes information on communication conditions.
The user process receives the authentication test D response 4608, checks the test pattern D4716 against the received test pattern D4719, and authenticates the personal credit terminal. The authentication of the personal credit terminal in this case is based on the premise that the test pattern D encrypted with the user's public key can be decrypted only by the personal credit terminal having the user's private key.
The user process further decrypts the encryption of the session permission message with the private key of the service provider, and changes the communication condition with the personal credit terminal to the communication condition of the session permission message.
Through the above processing, the user process and the personal credit terminal mutually authenticate each other, and perform communication based on the common communication conditions, and enter a session established state (session established 4609).

The session establishment process between the credit settlement terminal and the service providing system is performed in exactly the same procedure as the session establishment process between the personal credit terminal and the service providing system.
FIG. 79 shows a procedure of a session establishment process when connecting from the credit settlement terminal to the service providing system. FIGS. 81 (a), (b), and (c) show the connection between the credit settlement terminal and the service providing system. It shows the contents of messages exchanged between them.
FIG. 80 shows the procedure of the session establishment process when connecting from the service providing system to the credit settlement terminal. FIGS. 81 (d), (e) and (f) show the credit settlement terminal and the service providing system. 2 shows the contents of the message exchanged between.
When connecting from the credit settlement terminal to the service providing system, first, the credit settlement terminal 300 calls the service providing system 102 and connects the line (line connection 4805). At this time, the credit settlement terminal 300 transmits, to the digital public network 108, a message requesting a line connection of a digital telephone, a call request 4800, and the digital public network 108 calls a service providing system, a call request 4801. To the service providing system. On the other hand, the service providing system transmits a message permitting the call and the call response 4803 to the digital public network, and the digital public network transmits a message permitting the line connection and the call response 4804 to the credit settlement terminal. The credit settlement terminal and the service providing system are connected by a line (line connection 4805).
At this time, messages such as a call request 4800, a call request 4801, a call response 4803, and a call response 4804 exchanged between the credit settlement terminal and the digital public network and between the digital public network and the service providing system are digital. It depends on the protocol of the line connection from the telephone via the digital telephone communication line 110, the digital public network 108, and the digital communication line 109.

In the service providing system, the service manager process receives a call request 4801 from the digital public network 108. The service manager process generates a merchant process corresponding to the calling credit settlement terminal from the telephone number information of the calling credit settlement terminal included in the incoming call request 4801 (process generation 4802), and generates the generated merchant. The process sends an incoming call response 4803 to connect the line with the credit settlement terminal.
When the line between the credit settlement terminal and the merchant process is connected (line connection 4805), the merchant process generates a test message for authenticating the credit settlement terminal, an authentication test A4806, and transmits it to the credit settlement terminal.
As shown in FIG. 81A, the authentication test A4806 includes header information indicating that the message is the authentication test A4806, an authentication test A header 5000, and a test pattern A5001, which is an arbitrary bit pattern, using the merchant's public key. And 5002 encrypted.
The credit settlement terminal receives the authentication test A4806, decrypts the encryption of the test pattern A with the merchant's private key, is a response message to the authentication test A4806, and is a test message for authenticating the merchant process. An authentication test A response 4807 is generated and transmitted to the merchant process.

As shown in FIG. 81 (b), the authentication test A response 4807 includes header information indicating that the message is the authentication test A response 4807, an authentication test A response header 5003, and a test pattern A5004 obtained by decrypting the encryption. A test pattern B5005, which is an arbitrary bit pattern, is encrypted with the public key of the service provider 5006. That is, the authentication test A response 4807 includes an authentication test B for authenticating the merchant process, which corresponds to the authentication test A for the test pattern A.
The merchant process receives the authentication test A response 4807, authenticates the merchant by comparing the test pattern A5001 with the received test pattern A5004. The merchant authentication in this case is based on the premise that the test pattern A encrypted with the merchant's public key can be decrypted only by the credit settlement terminal having the merchant's private key.
The merchant process further decrypts the encryption of the test pattern B with the private key of the service provider, generates a response message to the authentication test B, an authentication test B response 4808, and transmits it to the credit settlement terminal.
As shown in FIG. 81 (c), the authentication test B response 4808 includes header information indicating that the message is the authentication test B response 4808, an authentication test B response header 5007, a test pattern B5008 obtained by decrypting the encryption, The session permission message 5009 is encrypted with the merchant's public key 5010. The session permission message 5009 is a message for permitting a session with the credit settlement terminal, and includes information on communication conditions.
The credit settlement terminal receives the authentication test B response 4808, checks the test pattern B5005 against the received test pattern B5008, and authenticates the merchant process. The authentication of the merchant process in this case is based on the assumption that the test pattern B encrypted with the service provider's public key can be decrypted only by the service providing system having the service provider's private key.
The credit settlement terminal further decrypts the encryption of the session permission message with the merchant's private key, and changes the communication condition with the merchant process to the communication condition of the session permission message.
Through the above processing, the credit settlement terminal and the merchant process mutually authenticate each other and communicate based on the common communication conditions, and enter a session established state (session established 4809).

When connecting from the service providing system to the credit settlement terminal, first, the service providing system 102 calls the credit settlement terminal 300 and connects the line (line connection 4905). At this time, in the service providing system 102, the service manager process generates a merchant process corresponding to the credit settlement terminal connecting the line (process generation 4900), and the generated merchant process is transmitted to the digital public network 108 by the digital public network 108. The digital public network 108 transmits a message for calling the telephone line connection and a call request 4901, and the digital public network 108 transmits a message for calling the credit settlement terminal and an incoming call request 4902 to the credit settlement terminal. On the other hand, the credit settlement terminal transmits a message permitting the call and the call response 4903 to the digital public network, and the digital public network transmits a message permitting the line connection and the call response 4904 to the merchant process. The merchant process and the credit settlement terminal are connected by a line (line connection 4905). At this time, messages such as a call request 4901, a call request 4902, a call response 4903, and a call response 4904 exchanged between the merchant process and the digital public network, and between the digital public network and the credit settlement terminal are transmitted via digital communication. It depends on the protocol of the line connection via the line 109, the digital public network 108, and the digital telephone communication line 110.
When the line between the merchant process and the credit settlement terminal is connected (line connection 4905), the credit settlement terminal generates a test message for authenticating the merchant process, an authentication test C4906, and transmits it to the merchant process.

As shown in FIG. 81 (d), the authentication test C4906 discloses header information indicating that the message is the authentication test C4906, an authentication test C header 5011, and a test pattern C5012 which is an arbitrary bit pattern to the public of the service provider. 5013 encrypted with a key.
The merchant process receives the authentication test C4906, decrypts the encryption of the test pattern C with the private key of the service provider, is a response message to the authentication test C4906, and is a test message for authenticating the credit settlement terminal. An authentication test C response 4907 is generated and transmitted to the credit settlement terminal.
As shown in FIG. 81 (e), the authentication test C response 4907 includes header information indicating that the message is the authentication test C response 4907, an authentication test C response header 5014, a test pattern C5015 obtained by decrypting the encryption, A test pattern D5016, which is an arbitrary bit pattern, is encrypted with the merchant's public key 5017. That is, the authentication test C response 4907 includes an authentication test D for authenticating the credit settlement terminal, which corresponds to the authentication test C for the test pattern C.
The credit settlement terminal receives the authentication test C response 4907, collates the test pattern C5012 with the received test pattern C5015, and authenticates the merchant process. The authentication of the merchant process in this case is based on the premise that the test pattern C encrypted with the service provider's public key can be decrypted only by the service providing system having the service provider's private key.
The credit settlement terminal further decrypts the encryption of the test pattern D with the merchant's private key, generates a response message to the authentication test D, an authentication test D response 4908, and transmits it to the merchant process.

As shown in FIG. 81 (f), the authentication test D response 4908 includes header information indicating that the message is the authentication test D response 4908, an authentication test D response header 5018, a test pattern D5019 obtained by decrypting the encryption, and A session permission message 5020 encrypted with the service provider's public key 5021. The session permission message 5020 is a message for permitting a session with the merchant process, and includes information on communication conditions.
The merchant process receives the authentication test D response 4908, verifies the test pattern D5016 with the received test pattern D5019, and authenticates the credit settlement terminal. The authentication of the credit settlement terminal in this case is based on the premise that the test pattern D encrypted with the merchant's public key can be decrypted only by the credit settlement terminal having the merchant's private key.
The merchant process further decrypts the encryption of the session permission message with the private key of the service provider, and changes the communication condition with the credit settlement terminal to the communication condition of the session permission message.
Through the above processing, the merchant process and the credit settlement terminal mutually authenticate each other, and perform communication based on common communication conditions, and enter a session established state (session established 4909).

Next, the contents of messages exchanged between the personal credit terminal 100 and the credit settlement terminal 300 with the service providing system 102 in the remote access processing will be described. The remote access process is a process of downloading data from the service providing system 102 when trying to access data existing at a remote address. Hereinafter, this processing is referred to as remote access processing.
FIG. 82 (a) shows a procedure of a remote access process by the personal credit terminal 100, and FIGS. 83 (a) and (b) show contents of a message exchanged between the personal credit terminal 100 and the user process. Is shown. If the data to be accessed exists at the remote address, personal credit terminal 100 generates a remote access process and starts remote access processing. First, a session with the service providing system 102 is established, a message requesting data from the user process of the service providing system 102, a remote access request 5100, is generated and transmitted to the user process.
As shown in FIG. 83A, the remote access request 5100 includes header information indicating that the message is the remote access request 5100, a remote access request header 5200, a data address 5201 indicating a remote address, a user ID 5202, The data composed of the issue date and time 5203 indicating the date and time when the remote access request 5100 was issued is digitally signed 5204 by the user, and is sealed to the service provider.
The user process of the service providing system 102 receives the remote access request 5100, decrypts the encryption, checks the digital signature, and generates a remote access data 5101, a message that sends the requested data to the personal credit terminal 100. , To the personal credit terminal 100.

As shown in FIG. 83 (b), the remote access data 5101 includes header information indicating that the message is the remote access data 5101, a remote access data header 5208, requested data 5209, a service provider ID 5210, The data including the issue date and time 5211 indicating the date and time when the remote access data 5101 was issued is digitally signed by the service provider and sealed to the user.
The personal credit terminal 100 receives the remote access data 5101, decrypts the encryption, checks the digital signature, stores the digital signature in the temporary area, and accesses the data.
Similarly, FIG. 85 (a) shows a procedure of a remote access process by the credit settlement terminal 300, and FIGS. 86 (a) and 86 (b) show contents of a message exchanged between the credit settlement terminal 300 and the merchant process. Is shown. If the data to be accessed exists at the remote address, the credit settlement terminal 300 generates a remote access process and starts a remote access process. First, a session with the service providing system 102 is established, and a message for requesting data to the merchant process of the service providing system 102, a remote access request 5400, is generated and transmitted to the merchant process.

As shown in FIG. 86A, the remote access request 5400 includes header information indicating that the message is the remote access request 5400, a remote access request header 5500, a data address 5501 indicating a remote address, a merchant ID 5502, The data consisting of the issue date and time 5503 indicating the date and time when the remote access request 5400 was issued is digitally signed by the merchant 5504 and sealed to the service provider.
The merchant process of the service providing system 102 receives the remote access request 5400, decrypts the encryption, checks the digital signature, generates a message that sends the requested data to the credit settlement terminal 300, generates remote access data 5401, The data is transmitted to the credit settlement terminal 300.
As shown in FIG. 86 (b), the remote access data 5401 includes header information indicating that the message is the remote access data 5401, a remote access data header 5508, requested data 5509, a service provider ID 5510, The data including the issue date and time 5511 indicating the date and time when the remote access data 5401 was issued is digitally signed by the service provider and sealed to the merchant.
The credit settlement terminal 300 receives the remote access data 5401, decrypts the encryption, checks the digital signature, stores the digital signature in the temporary area, and accesses the data.
Next, the contents of messages exchanged between the personal credit terminal 100 and the credit settlement terminal 300 with the service providing system 102 in the data update process will be described. The data update process is a process in which the service providing system updates the contents of the RAM 1502 of the personal credit terminal 100 or the RAM 22502 and the hard disk 22503 of the credit settlement terminal. Hereinafter, this process is referred to as a data update process.

FIG. 82 (b) shows the procedure of the data update process in the personal credit terminal 100. FIGS. 83 (c) to 83 (f) and FIG. 84 (a) show the relationship between the personal credit terminal 100 and the service providing system 102. It shows the contents of messages exchanged between them.
When the value of the clock counter matches the update time register, personal credit terminal 100 generates a data update process and starts data update processing. The personal credit terminal 100 first establishes a session with the service providing system 102, generates a message requesting a data update process to a user process of the service providing system 102, a data update request 5102, and transmits the message to the user process. .
As shown in FIG. 83 (c), the data update request 5102 includes header information indicating that the message is the data update request 5102, a data update request header 5216, a user ID 5217, and the date and time when the data update request 5102 was issued. Is digitally signed by the user with respect to the data consisting of the issue date and time 5218, and is sealed to the service provider.
The user process of the service providing system 102 receives the data update request 5102, decrypts the encryption, checks the digital signature, generates a message indicating that the request is ready, a data update response 5103, and・ Send to credit terminal 100.

As shown in FIG. 83D, the data update response 5103 issues header information indicating that the message is the data update response 5103, a data update response header 5223, a service provider ID 5224, and this data update response 5103. The service provider digitally signs the data consisting of the issue date and time 5225 indicating the date and time when the data was issued and sealed it to the user.
The personal credit terminal 100 receives the data update response 5103, decrypts the encryption, checks the digital signature, generates a message for uploading the data in the RAM 1502 to the service providing system 102, generates upload data 5104, and Send to
As shown in FIG. 83 (e), upload data 5104 includes header information indicating that the message is upload data 5104, upload data header 5230, data obtained by compressing data in RAM 1502, terminal data 5231, and user ID 5232. The data composed of the issuance date and time 5233 indicating the date and time when the upload data 5104 was issued is digitally signed by the user, and sealed to the service provider.
The user process of the service providing system 102 receives the upload data 5104, decrypts the encryption, and checks the digital signature. Then, the compressed terminal data 5231 is decompressed and compared with the terminal data 24006 on the user information server 402 and other data managed by the user data management information 24000.
Then, new terminal data is generated, a message for updating the data of the personal credit terminal 100, update data 5105 is generated, and transmitted to the personal credit terminal 100.
As shown in FIG. 83 (f), the update data 5105 includes header information indicating that the message is the update data 5105, an update data header 5238, data obtained by compressing new terminal data, terminal data 5239, and a service provider. The data including the ID 5240 and the issue date and time 5241 indicating the date and time when the update data 5105 was issued is digitally signed by the service provider and sealed to the user.
The personal credit terminal 100 receives the update data 5105, decrypts the encryption, checks the digital signature, decompresses the compressed terminal data 5239, and updates the data in the RAM 1502.

When generating new terminal data, the user process of the service providing system 102 compares the access time of each credit card if there is not enough room in the actual data area 21812, and compares the access time of the credit card with the latest access time. A local address is assigned to the data address, the use time of each piece of use information is compared, and the local address is assigned to the use information address of the use information whose use time is recent. When it is necessary to upgrade the program of the personal credit terminal, the data in the basic program area is updated.
In addition, when the user process of the service providing system 102 compares the upload data with the terminal data and finds that the data has been tampered with, the function of the personal credit terminal 100 is used instead of the update data 5105. , A function stop instruction 5105 ′ is generated, and transmitted to the personal credit terminal 100.
As shown in FIG. 84 (a), the function stop command 5105 'includes header information indicating that the message is a function stop command 5105', a function stop command header 5300, a service provider ID 5301, and the function stop command 5105. The digital signature of the service provider is performed on the data consisting of the issue date and time 5302 indicating the date and time when the 'was issued, and the data is sealed to the user.
In this case, the personal credit terminal 100 that has received the function stop command 5105 'decrypts the encryption, checks the digital signature, changes the terminal status 21902 to "unavailable", and enters an unusable state.
As a result of this data update process, relatively frequently used information is stored in the RAM of the personal credit terminal, the program of the personal credit terminal is kept at the latest version, and unauthorized alteration of terminal data is performed. Is prevented.
Similarly, FIG. 85 (b) shows the procedure of a data update process in the credit settlement terminal 300, and FIGS. 86 (c) to (f) and FIG. 84 (a) show the credit settlement terminal 300 and the service providing system 102. 2 shows the contents of the message exchanged between.

When the value of the clock counter matches the update time register, the credit settlement terminal 300 generates a data update process and starts a data update process. The credit settlement terminal 300 first establishes a session with the service providing system 102, generates a message for requesting the merchant process of the service providing system 102 to perform data update processing, a data update request 5402, and transmits the message to the merchant process.
As shown in FIG. 86C, the data update request 5402 includes header information indicating that the message is the data update request 5402, a data update request header 5516, a merchant ID 5517, and the date and time when the data update request 5402 was issued. Is digitally signed by the merchant and sealed to the service provider.
The merchant process of the service providing system 102 receives the data update request 5402, decrypts the encryption, checks the digital signature, generates a message indicating that the request is ready, a data update response 5403, and Send to payment terminal 300.

As shown in FIG. 86 (d), the data update response 5403 issues header information indicating that the message is a data update response 5403, a data update response header 5523, a service provider ID 5524, and this data update response 5403. The service provider digitally signs the data consisting of the issue date and time 5525 indicating the date and time when the data was issued, and sealed it to the merchant.
The credit settlement terminal 300 receives the data update response 5403, decrypts the encryption, checks the digital signature, and generates a message for uploading the data of the RAM 22502 and the hard disk 22503 to the service providing system 102, upload data 5404, Send to the service providing system.

As shown in FIG. 86 (e), the upload data 5404 includes header information indicating that the message is the upload data 5404, an upload data header 5530, data obtained by compressing data of the RAM 22502 and the hard disk 22503, and terminal data 5531. , A merchant ID 5532 and an issue date and time 5533 indicating the date and time when the upload data 5404 was issued, a digital signature of the merchant is performed, and the data is sealed to the service provider.
The merchant process of the service providing system 102 receives the upload data 5404, decrypts the encryption, and checks the digital signature. Then, the compressed terminal data 5531 is decompressed and compared with the terminal data 24104 on the merchant information server 403 and the data managed by the other merchant data management information 24100.
Then, a new terminal data is generated, a message for updating the data of the credit settlement terminal 300, update data 5405 is generated, and transmitted to the credit settlement terminal 300.

As shown in FIG. 86 (f), the update data 5405 includes header information indicating that the message is the update data 5405, an update data header 5538, data obtained by compressing new terminal data, terminal data 5439, and a service provider. The data including the ID 5540 and the issue date and time 5541 indicating the date and time when the update data 5405 was issued is digitally signed by the service provider and sealed to the merchant.
The credit settlement terminal 300 receives the update data 5405, decrypts the encryption, checks the digital signature, decompresses the compressed terminal data 5538, and updates the data in the RAM 22502 and the hard disk 22503.
When generating new terminal data, the merchant process of the service providing system 102 compares the use time of each sales information when the capacity of the hard disk 22503 of the credit settlement terminal does not have room, and Assign a local address to the sales information address. When it is necessary to upgrade the program of the credit settlement terminal, the data in the basic program area is updated.
In addition, the merchant process of the service providing system 102 checks the function of the credit settlement terminal 300 instead of the update data 5405 if the data is illegally tampered with when comparing the upload data with the terminal data. A message to be stopped and a function stop command 5405 'are generated and transmitted to the credit settlement terminal 300.

As shown in FIG. 87A, the function stop command 5405 'includes header information indicating that the message is the function stop command 5405', a function stop command header 5600, a service provider ID 5601, and the function stop command 5405. Is digitally signed by the service provider and sealed to the merchant for the data consisting of the issue date and time 5602 indicating the date and time when the 'was issued.
In this case, the credit settlement terminal 300 that has received the function stop command 5405 'decrypts the encryption, checks the digital signature, changes the terminal status 22902 to "unavailable", and enters the unusable state.
As a result of this data update process, relatively frequently used information is stored in the RAM and the hard disk of the credit settlement terminal, and the program of the credit settlement terminal is kept at the latest version. Unauthorized tampering is prevented.

Next, the contents of messages exchanged between the personal credit terminal 100 and the credit settlement terminal 300 with the service providing system 102 in the process of forcible data update will be described. The forced data update process is performed when the contents of the RAM 1502 of the personal credit terminal 100 or the RAM 22502 and the hard disk 22503 of the credit settlement terminal need to be updated immediately. This is the process of updating. Hereinafter, this process is referred to as a forced data update process.
FIG. 82 (c) shows the procedure of the forced data update process in the personal credit terminal 100. FIGS. 83 (e) and (f) and FIGS. 84 (a) and (b) show the personal credit terminal 100 The content of the message exchanged with the service providing system 102 is shown.
The service providing system 102 first establishes a session with the personal credit terminal 100 when it is necessary to immediately update the data in the RAM of the personal credit terminal 100, such as when there is a change in the contract contents with the user. Then, a message for instructing the personal credit terminal 100 to perform a forced data update process, a data update instruction 5106, is generated and transmitted to the personal credit terminal 100.

As shown in FIG. 84 (b), the data update command 5106 issues header information indicating that the message is the data update command 5106, a data update command header 5307, a service provider ID 5308, and this data update command 5106. The service provider digitally signs the data consisting of the issue date and time 5309 indicating the date and time when the data was issued and sealed it to the user.
The personal credit terminal 100 receives the data update command 5106, decrypts the encryption, checks the digital signature, generates a forced data update process, and starts the forced data update process. The personal credit terminal 100 first generates a message for uploading the data in the RAM 1502 to the service providing system 102, upload data 5107, and transmits the message to the service providing system.
The user process of the service providing system 102 receives the upload data 5107, decrypts the encryption, and checks the digital signature. Then, the compressed terminal data 5231 is decompressed and compared with the terminal data 24006 on the user information server 402.
Then, a new terminal data is generated, a message for updating the data of the personal credit terminal 100, update data 5108 is generated, and transmitted to the personal credit terminal 100.

The personal credit terminal 100 receives the update data 5108, decrypts the encryption, checks the digital signature, decompresses the compressed terminal data 5239, and updates the data in the RAM 1502.
In addition, when the user process of the service providing system 102 checks the upload data against the terminal data and finds that the data has been tampered with, the function of the personal credit terminal 100 is used instead of the update data 5108. , A function stop command 5108 ′ is generated and transmitted to the personal credit terminal 100.
In this case, the personal credit terminal 100 that has received the function stop command 5108 'decrypts the encryption, checks the digital signature, changes the terminal status 21902 to "disabled", and enters the disabled state.
Similarly, FIG. 85 (c) shows a procedure of a forced data update process in the credit settlement terminal 300, and FIGS. 86 (e) and (f) and FIGS. 87 (a) and (b) show the credit settlement terminal 300. 4 shows the contents of a message exchanged between the server and the service providing system 102.
The service providing system 102 first establishes a session with the credit settlement terminal 300 when it is necessary to immediately update the data in the RAM and the hard disk of the credit settlement terminal 300, such as when there is a change in the contract contents with the merchant. Once established, a message for instructing the credit settlement terminal 300 to perform a forced data update process, a data update instruction 5406, is generated and transmitted to the credit settlement terminal 300.

As shown in FIG. 84 (b), the data update command 5406 issues header information indicating that the message is the data update command 5406, a data update command header 5607, a service provider ID 5608, and this data update command 5406. The service provider digitally signs the data consisting of the issue date and time 5609 indicating the date and time when the data was issued, and sealed it to the merchant.
The credit settlement terminal 300 receives the data update command 5406, decrypts the encryption, checks the digital signature, generates a forced data update process, and starts the forced data update process. The credit settlement terminal 300 first generates a message for uploading the data in the RAM and the hard disk to the service providing system 102, upload data 5407, and transmits the message to the service providing system.
The merchant process of the service providing system 102 receives the upload data 5407, decrypts the encryption, and checks the digital signature. Then, the compressed terminal data 5531 is decompressed and compared with the terminal data 24104 on the merchant information server 403.
Then, a new terminal data is generated, a message for updating the data of the credit settlement terminal 300, update data 5408 is generated, and transmitted to the credit settlement terminal 300.

The credit settlement terminal 300 receives the update data 5408, decrypts the encryption, checks the digital signature, decompresses the compressed terminal data 5439, and updates the data in the RAM and the hard disk.
In addition, the merchant process of the service providing system 102 checks the function of the credit settlement terminal 300 instead of the update data 5408 when an illegal alteration of the data is found when the upload data and the terminal data are compared. A message to be stopped, a function stop command 5408 'is generated and transmitted to the credit settlement terminal 300.
In this case, the credit settlement terminal 300 that has received the function stop command 5408 'decrypts the encryption, checks the digital signature, changes the terminal status 22902 to "unavailable", and enters an unusable state.

Next, the contents of a message exchanged between the personal credit terminal 100 and the service providing system in the data backup process will be described. The data backup process is a process of automatically backing up the contents of the RAM 1502 to the user information server of the service providing system when the battery of the personal credit terminal 100 becomes low. Hereinafter, this processing is referred to as data backup processing.
FIG. 82 (d) shows the procedure of the data backup process in the personal credit terminal 100. FIGS. 83 (c) to 83 (f) and FIG. It shows the contents of messages exchanged between them. The data backup process is performed in substantially the same procedure as the data update process. However, in the data backup process, after receiving the update data 5112 and updating the data in the RAM 1502, the personal credit terminal 100 changes the terminal status 21902 of the personal credit terminal 100 to “writable”, Until the battery capacity becomes sufficient, input of new data to the RAM is prohibited.
When the battery capacity falls below Q, the personal credit terminal 100 generates a data backup process and starts the data backup process. The personal credit terminal 100 first establishes a session with the service providing system 102, generates a message requesting a data update process to the user process of the service providing system 102, a data update request 5109, and transmits the message to the user process. .
The user process of the service providing system 102 receives the data update request 5109, decrypts the encryption, checks the digital signature, generates a message indicating that the request is ready, a data update response 5110, and・ Send to credit terminal 100.
The personal credit terminal 100 receives the data update response 5110, decrypts the encryption, checks the digital signature, generates a message for uploading the data in the RAM 1502 to the service providing system 102, generates upload data 5111, and sends the message to the service providing system. Send.
The user process of the service providing system 102 receives the upload data 5111, decrypts the encryption, and checks the digital signature. Then, the compressed terminal data 5231 is decompressed and compared with the terminal data 24006 on the user information server 402.
Then, a new terminal data is generated, a message for updating the data of the personal credit terminal 100, update data 5112 is generated, and transmitted to the personal credit terminal 100.

The personal credit terminal 100 receives the update data 5112, decrypts the encryption, checks the digital signature, decompresses the compressed terminal data 5239, and updates the data in the RAM 1502. Further, the terminal status 21902 is changed to "writable", and input of new data to the RAM is prohibited until the battery capacity is sufficient.
In addition, when the user process of the service providing system 102 checks the upload data against the terminal data and finds that the data has been tampered with, the function of the personal credit terminal 100 is used instead of the update data 5112. , A function stop command 5112 ′ is generated and transmitted to the personal credit terminal 100.
In this case, the personal credit terminal 100 that has received the function stop command 5112 'decrypts the encryption, checks the digital signature, changes the terminal status 21902 to "unavailable" and "writable," and disables it. State.

Next, the contents of a message exchanged between devices in the processing of “settlement” will be described.
FIG. 88 shows a procedure for exchanging messages between devices in the processing of “settlement”. FIGS. 89 (a) to (f), FIGS. 90 (a) to (c), FIGS. 91 (a) and (b) , The contents of the message exchanged between the devices in the process of “settlement”. FIG. 88 is a diagram in which a portion of a message exchanged between devices is extracted from FIG. 43, and FIGS. 88 and 43 show the same “settlement” processing.
First, when the merchant presses the credit settlement switch of the register 20604, the credit settlement terminal 300 generates a settlement process and starts processing of “settlement”. The credit settlement terminal 300 generates a plurality of types of payment offer responses 5701 (20609), and waits for the payment offer 5700.
Next, when the user performs the payment operation 20607, the personal credit terminal 100 generates a payment process and starts processing of “payment”. The personal credit terminal 100 generates a payment offer 5700 (20608) and transmits it to the credit settlement terminal 300 by infrared communication.

As shown in FIG. 89 (a), the payment offer 5700 includes a header information indicating that the message is the payment offer 5700, a payment offer header 5800, a service code 5801, a service provider ID 5802, and a transaction with the merchant. Request number 5803 arbitrarily generated as a unique number, payment amount 5804 entered by the user, payment option code 5805 indicating the payment option entered by the user, validity period 5806 of this payment offer 20608, and this payment offer The digital signature of the user is applied to the data including the issue date and time 5807 indicating the date and time when 20608 was issued.
The credit settlement terminal 300 receives the payment offer 5700, checks the payment amount and the billed amount, checks whether the payment option 5805 is an available option, and determines whether the payment option 5805 is an available option. , The appropriate payment offer response 5701 is selected and transmitted to the personal credit terminal 100 by infrared communication, and further, a credit inquiry request 5702 (20610) is generated, and the merchant process of the service providing system 102 is performed by digital telephone communication. Send to

  As shown in FIG. 89 (b), the payment offer response 5701 includes header information indicating that the message is the payment offer response 5701, the payment offer response header 5808, and the personal credit terminal 100 receiving the payment offer response 5701. A service message 5809 displayed on the LCD 203, a transaction number 5810 arbitrarily generated as a number uniquely indicating a transaction with a user, a billing amount 5811, and a telephone number of a service providing system of a service area of a merchant. A digital signature of a merchant on data comprising a provider telephone number 5812, a validity period 5813 of the payment offer response 5701, a merchant ID 5814, and an issue date and time 5815 indicating the date and time when the payment offer response 5701 was issued. It is. The service provider telephone number 5812 is digitally signed by the service provider, and the response message 5809 is a text message set by a merchant option, and may not be set.

As shown in FIG. 89 (c), the credit inquiry request 5702 includes header information indicating that the message is the credit inquiry request 5702, a credit inquiry request header 5816, a payment offer 5700, a payment offer response 5701, and a person in charge. The data including the name 5817, the merchant ID 5818, and the issuance date and time 5819 indicating the date and time when the credit inquiry request 5702 was issued is digitally signed by the merchant and sealed to the service provider. The person in charge 5817 is information set by a merchant option, and may not be set.
On the other hand, the personal credit terminal 100 receives the payment offer response 5701, compares the payment amount 5804 with the billing amount 5811, generates a payment request 5703 (20613), and uses the digital wireless telephone communication to execute the service providing system 102. To the user process.
As shown in FIG. 89 (d), payment request 5703 includes header information indicating that the message is payment request 5703, payment request header 5824, payment offer 5700, payment offer response 5701, user ID 5825, and The data including the issue date and time 5826 indicating the date and time when the payment request 5703 was issued is digitally signed by the user, and is sealed to the service provider.
Either transmission of the credit inquiry request 5702 to the merchant process by the credit settlement terminal 300 or transmission of the payment request 5703 to the user process by the personal credit terminal may be performed first or simultaneously.

  The merchant process and the user process of the service providing system 102 receive the credit reference request 5702 and the payment request 20613, respectively, decrypt the encryption and check the digital signature, and respectively, the credit reference request 5820 and the payment request 5827, respectively. To the service manager process. The service manager process matches the request number, transaction number, and merchant ID, associates the credit inquiry request with the payment request, creates a service director process, and creates a credit inquiry request 5820 and a payment request 5827. Create a process group that processes. The service director process matches the contents of the credit reference request 5702 and the payment request 5700, performs a user credit reference, generates a credit reference response 5840, and the merchant process mails this to the merchant, An inquiry response 5704 (20614) is transmitted to the credit settlement terminal 300 by digital telephone communication.

As shown in FIG. 89 (e), the credit inquiry response 5704 uniquely indicates header information indicating that the message is a credit inquiry response 5704, a credit inquiry response header 5831, a transaction number 5832, and the processing of the credit inquiry. An inquiry number 5833 arbitrarily generated as a number, an inquiry result 5834 indicating the result of a credit inquiry, user personal data 5835 including a user's name, user's age information, and a photograph of a user's face, Regarding data comprising a customer number 5836 uniquely indicating a user, a validity period 5837 indicating a validity period of the credit inquiry response 5704, a service provider ID 5838, and an issue date 5839 indicating a date and time when the credit inquiry response 5704 was issued. , Digitally signed by the service provider and sealed to the merchant. If there is a problem with the credit status of the user as a result of the credit inquiry, the user personal information 5834 will not be set, and the customer number 5836 will not be exchanged between the user and the merchant before the personal remote credit settlement service. Set when there is a transaction by.
The credit settlement terminal 300 receives the credit inquiry response 5704, decrypts the encryption, checks the digital signature, and displays the result of the credit inquiry on the LCD 302.

Next, when the person in charge of the merchant performs the settlement processing request operation 20616, the credit settlement terminal 300 generates a settlement request 5705 (20618) and transmits it to the merchant process by digital telephone communication.
As shown in FIG. 89 (f), the payment request 5705 includes header information indicating that the message is the payment request 5705, a payment request header 5844, a payment offer 5700, a payment offer response 5701, and the service providing system 102. For the data including the issued reference number 5845, the validity period 5846 indicating the validity period of the settlement request 5705, the person in charge 5847, the merchant ID 5848, and the issue date 5849 indicating the date and time when the settlement request 5705 was issued, Digitally signed by the merchant and sealed to the service provider. The contact person name 5847 is information set by the merchant option, and may not be set.
The merchant process of the service providing system 102 receives the payment request 5705, decrypts the encryption, checks the digital signature, and sends a message of the payment request to the service director process. The service director process checks the contents of the payment request 5705 and the payment request 5700, generates a payment request 5906 to the payment processing institution, and the payment processing institution process seals this to the payment processing institution, It is transmitted to the settlement system as 5706 (20619).

As shown in FIG. 90 (a), the settlement request 5706 includes header information indicating that the message is the settlement request 5706, a settlement request header 5900, a credit card number 5901 corresponding to the service code specified by the user, and personal information. A request number 5902 issued by the credit terminal 100, a payment amount 5903, a payment option code 5904, a merchant account number 5905 indicating a merchant account number, a transaction number 5906 issued by the credit settlement terminal 300, and the settlement A digital signature of the service provider is performed on the data including the validity period 5907 indicating the validity period of the request 5706, the service provider ID 5908, and the issue date and time 5909 indicating the date and time when the settlement request 5706 was issued. It is a sealed letter.
The payment system 103 receives the payment request 5706, decrypts the encryption, checks the digital signature, and performs the payment processing. Then, a payment completion notification 5707 (20620) is generated and transmitted to the service providing system 102.

As shown in FIG. 90 (b), the payment completion notification 5707 is arbitrarily set as header information indicating that the message is the payment completion notification 5707, a payment completion notification header 5914, and a number uniquely indicating the payment processing of the payment system 103. Generated payment number 5915, credit card number 5916, request number 5917, payment amount 5918, payment option code 5919, merchant account number 5920, transaction number 5921, and digitally signed service of payment processing agency Issue payment information 5922 for the provider, payment information 5923 for the merchant digitally signed by the payment processing institution, payment information 5924 for the user digitally signed by the payment processing institution, payment processing institution ID 5925, and a payment completion notice. The data consisting of the date and time of issue 5926 indicating the date and time of It is obtained by sealed letter of addressed to providers.
The payment processing agency process of the service providing system 102 receives the payment completion notification 5707, decrypts the encryption, checks the digital signature, and sends a payment completion notification 5927 to the service director process. The service director process generates a payment completion notification 5937 for the merchant from the payment completion notification 5927, and the merchant process seals this to the merchant, and as a payment completion notification 5708 (20621) to the merchant, by digital telephone communication, The data is transmitted to the credit settlement terminal 300.

As shown in FIG. 90 (c), the payment completion notification 5708 is obtained by adding header information indicating that the message is the payment completion notification 5708, a payment completion notification header 5931, a payment number 5932, and a digital signature of the payment processing organization. Merchant settlement information 5923, a service number indicating a user generated number as a unique number for the merchant, a customer number 5933, a cryptographically decrypted settlement request 5850, and information on processing in the service providing system 102. The service provider information is digitally signed by the service provider with respect to the data including the service processing information 5934, the service provider ID 5935, and the issue date and time 5936 indicating the date and time when the settlement completion notification 5708 was issued, and is sealed to the merchant. . The service provider processing information 5934 is information set by an option of the service provider, and may not be set.
The credit settlement terminal 300 receives the settlement completion notice 5708, decrypts the encryption, checks the digital signature, generates a receipt 5709 (20622), and transmits the receipt 5709 (20622) to the merchant process by digital telephone communication.

As shown in FIG. 91 (a), the receipt 5709 includes header information indicating that the message is the receipt 5709, a receipt header 6000, a product name 6001 indicating the name of the sold product, and a message from the merchant to the user. Sales information 6002 indicating additional information regarding the transaction, a transaction number 6003, a transaction number 6004, a payment offer 5700, a person in charge 6005, a merchant ID 6006, and an issue date and time 6007 indicating the date and time when the receipt 5709 was issued. This data is digitally signed by the merchant and sealed to the service provider. The sales information 6002 and the person in charge 6005 are information set by merchant options, and may not be set.
The merchant process of the service providing system 102 receives the receipt 5709, decrypts the encryption, checks the digital signature, and sends the receipt 6008 to the service director process. The service director process generates a receipt 6016 for the user from the receipt 6008, and the user process seals the receipt to the user and obtains the receipt 5710 (20624) as a personal credit terminal by digital wireless telephone communication. Send to 100.
As shown in FIG. 91 (b), the receipt 5710 is composed of header information indicating that the message is the receipt 5710, a receipt header 6012, a decrypted receipt 6008, and a digital signature of the payment processing institution. Data comprising user settlement information 5924, service provider processing information 6013 indicating information relating to processing in the service providing system 102, service provider ID 6014, and issue date 6015 indicating the date and time when the receipt 5710 was issued. Is digitally signed by the service provider and sealed to the user. The service provider processing information 6013 is information set by an option of the service provider, and may not be set.
Personal credit terminal 100 receives receipt 5710, decrypts the encryption, checks the digital signature, and displays the contents on LCD 203.

Next, the contents of a message exchanged between devices in the "cancel" process will be described.
FIG. 92 shows the procedure for exchanging messages between devices in the "cancel" process. FIGS. 93 (a) to 93 (f) show the contents of messages exchanged between devices in the "cancel" process. . FIG. 92 is a diagram in which a portion of a message exchanged between devices is extracted from FIG. 9, and FIG. 92 and FIG. 9 show the same “cancel” processing.
First, when the person in charge of the merchant performs the cancel operation 901, the credit settlement terminal 300 generates a cancel process and starts the process of “cancel”. The credit settlement terminal 300 generates a cancellation request 6100 (903) from the settlement completion notification of the transaction to be canceled, and transmits it to the merchant process of the service providing system 102 by digital telephone communication.
On the other hand, when the user performs the cancel operation 904, the personal credit terminal 100 generates a cancel process and starts the process of “cancel”. The personal credit terminal 100 generates a cancellation request 6101 (906) from the receipt of the transaction to be canceled, and transmits it to the user process of the service providing system 102 by digital wireless telephone communication.

As shown in FIG. 93 (a), the cancellation request 6100 includes header information indicating that the message is the cancellation request 6100, a cancellation request header 6200, a settlement completion notification 5937 obtained by decrypting the encryption, and the cancellation request 6100. Digitally sign the merchant for the data consisting of the validity period 6201 indicating the validity period, the name of the person in charge 6202, the merchant ID 6203, and the issuance date and time 6204 indicating the date and time when the cancellation request 6100 was issued. It is a sealed letter. The contact person name 6216 is information set by a merchant option, and may not be set.
As shown in FIG. 93 (b), the cancel request 6101 includes header information indicating that the message is the cancel request 6101, a cancel request header 6209, a decrypted receipt 6016, and the cancel request 6101. The data consisting of a validity period 6210 indicating the validity period of the user, a user ID 6211, and an issue date 6212 indicating the date and time when the cancel request 6101 was issued, is digitally signed by the user and sealed to the service provider. is there.
Either the transmission of the cancellation request 6100 by the credit settlement terminal 300 to the merchant process or the transmission of the cancellation request 6101 by the personal credit terminal to the user process may be performed first or simultaneously.
The merchant process and the user process of the service providing system 102 receive the cancel request 6100 and the cancel request 6101, respectively, decrypt the encryption, check the digital signature, and provide the cancel request 6205 and the cancel request 6113 respectively.・ Send to the manager process. The service manager process collates the request number, the transaction number, and the merchant ID, establishes a correspondence between the cancel request 6205 and the cancel request 6113, generates a service director process, and generates the service request process 6205 and the cancel request 6113. Create a process group that processes. The service director process checks the contents of the cancellation request 6205 and the cancellation request 6113 to generate a cancellation request 6221 to the payment processing institution, and the payment processing institution process seals this to the payment processing institution, and performs the payment processing. The request is transmitted to the settlement system 103 as a cancellation request 6102 (907) to the institution.

As shown in FIG. 93 (c), the cancellation request 6102 includes header information indicating that the message is the cancellation request 6102, a cancellation request header 6217, a settlement completion notice 5927 obtained by decrypting the encryption, and a Digital signature of the service provider is performed on the data including the validity period 6218 indicating the validity period, the service provider ID 6219, and the issue date and time 6220 indicating the date and time when the cancellation request 6102 was issued, and the data is sealed to the settlement processing organization. It was done.
The settlement system 103 receives the cancellation request 6102, decrypts the encryption, checks the digital signature, and performs a cancellation process. Then, a cancellation completion notice 6103 (908) is generated and transmitted to the settlement processing organization process of the service providing system 102.

  As shown in FIG. 93 (d), the cancellation completion notification 6103 includes header information indicating that the message is the cancellation completion notification 6103, a cancellation completion notification header 6225, a number uniquely indicating the cancellation processing performed by the settlement system 103, Cancellation number 6226, cancellation request 6221 that decrypts the encryption, cancellation information 6227 for the service provider digitally signed by the payment processing institution, cancellation information 6228 for the merchant digitally signed by the payment processing institution, and payment processing institution Digital signature of the payment processing institution is performed on the data consisting of the user's cancellation information 6229, the payment processing institution ID 6230, and the issue date and time 6231 indicating the date and time when the payment completion notification was issued. It is a sealed letter.

  The payment processing agency process of the service providing system 102 receives the cancellation completion notice 6103, decrypts the encryption, checks the digital signature, and sends a cancellation completion notice 6132 to the service director process. The service director process generates a cancellation completion notification 6241 and a cancellation processing receipt 6250 from the cancellation completion notification 6132. The merchant process seals the cancellation completion notice 6241 to the merchant and sends it to the credit settlement terminal 300 as the cancellation completion notice 6104 (909) .The user process seals the cancellation processing receipt 6250 to the user and cancels. It is transmitted to the personal credit terminal 100 as a processing receipt 6105 (910).

  As shown in FIG. 93 (e), the cancellation completion notification 6104 includes header information indicating that the message is the cancellation completion notification 6104, a cancellation completion notification header 6236, a cancellation number 6237, and a cancellation request 6205 obtained by decrypting the encryption. And payment information 6228 for the merchant digitally signed by the payment processing institution, service provider processing information 6238 indicating information relating to processing in the service providing system, service provider ID 6239, and date and time of issuing the cancellation completion notice 6104. The data including the issue date and time 6240 is digitally signed by the service provider and sealed to the merchant. The service provider processing information 6238 is information set by an option of the service provider, and may not be set.

As shown in FIG. 93 (f), the cancellation processing receipt 6105 is obtained by decrypting the header information indicating that the message is the cancellation processing receipt 6105, the cancellation processing receipt header 6245, the cancellation number 6246, and the encryption. The cancellation request 6213, the payment information 6229 for the user digitally signed by the payment processing institution, the service provider processing information 6247 indicating information on processing in the service providing system, the service provider ID 6248, and the cancellation processing receipt 6105 The data composed of the issue date and time 6249 indicating the issue date and time is digitally signed by the service provider and sealed to the user. The service provider processing information 6247 is information set by a service provider option, and may not be set.
The credit settlement terminal 300 receives the cancellation completion notice 6104, decrypts the encryption, checks the digital signature, and displays the content on the LCD 302. On the other hand, the personal credit terminal 100 also receives the cancellation processing receipt 6105, decrypts the encryption, checks the digital signature, and displays the content on the LCD 203.

Next, the contents of a message exchanged between devices in the processing of the "customer service call" will be described.
FIG. 94 (a) shows a procedure for exchanging messages between devices in the process of “customer service call”, and FIGS. 95 (a) to (e) show exchange of devices between devices in the process of “customer service call”. Indicates the content of the message. FIG. 94 (a) is a diagram in which a portion of a message exchanged between devices is extracted from FIG. 45 (a). FIGS. 94 (a) and 45 (a) show the same “customer service call”. The processing is shown.
First, when a merchant rep performs a customer service call operation 21200, the credit settlement terminal 300 generates a customer service call process and starts processing a “customer service call”. The credit settlement terminal 300 generates a customer service call request 6300 (21202) and transmits the request to the merchant process of the service providing system 102 by digital telephone communication.

  As shown in FIG. 95 (a), the customer service call request 6300 includes header information indicating that the message is the customer service call request 6300, the customer service call request header 6400, and “payment” as the number indicating the user. Customer number 6401 issued at the time of processing, request number 6402 uniquely indicating this customer service call request, person in charge 6403, merchant ID 6404, and issue date and time indicating the date and time when this customer service call request 6300 was issued The data consisting of 6405 is digitally signed by the merchant and sealed to the service provider. The person in charge 6403 is information set in the merchant option, and may not be set.

  The merchant process of the service providing system 102 receives the customer service call request 6300, decrypts the encryption, checks the digital signature, and sends the customer service call request 6406 to the service manager process. The service manager process creates a service director process to create a process group that handles customer service call requests 6406. The service director process determines a user corresponding to the customer number from the customer table and checks the user with the access control information to generate a customer service call 6417 and a customer service call response 6426. The user process seals the customer service call 6417 to the user and sends it to the user's personal credit terminal 100 as a customer service call 6301 (21203) .The merchant process sends the customer service call response 6426 to the merchant. It is sealed and transmitted to the credit settlement terminal 300 as a customer service call response 6302 (21204).

As shown in FIG. 95B, the customer service call 6301 includes header information indicating that the message is the customer service call 6301, a customer service call header 6410, a person in charge 6411, a merchant ID 6412, and a merchant name 6413. Digital signature of the service provider on the data consisting of the request number 6414 set by the credit settlement terminal 300, the service provider ID 6415, and the issue date and time 6416 indicating the date and time when the customer service call 6301 was issued. It is a sealed letter. The contact person name 6411 is information set by a merchant option, and may not be set.
As shown in FIG. 95 (c), the customer service call response 6302 includes header information indicating that the message is the customer service call response 6302, a customer service call response header 6421, and a response message 6422 from the service providing system 102. Digital signature of the service provider is performed on the data including the request number 6423 set by the credit settlement terminal 300, the service provider ID 6424, and the issue date and time 6425 indicating the date and time when the customer service call response 6302 was issued, and the merchant It is a sealed letter.
The credit settlement terminal 300 receives the customer service call response 6302, decrypts the encryption, checks the digital signature, and displays “calling”.

The personal credit terminal 100 receives the customer service call 6301, decrypts the encryption, checks the digital signature, generates a customer service call process, and starts processing a “customer service call”. First, personal credit terminal 100 outputs a ringtone from a speaker to notify the user of the incoming call. Then, when the user performs the call operation 21207, the personal credit terminal 100 generates an incoming response 6303 (21208) and transmits it to the user process of the service providing system 102.
The user process of the service providing system 102 receives the incoming response 6303, decrypts the encryption, and sends the incoming response 6433 to the service director process. The service director process generates a call response 6440 from the incoming response 6433, and the merchant process seals this to the merchant and transmits it to the credit settlement terminal 300 as a call response 6304 (21210).
The credit settlement terminal 300 receives the call response 6304, decrypts the code, and enters a voice communication state between the credit settlement terminal 300 and the personal credit terminal 100.

As shown in FIG. 95 (d), the incoming response 6303 includes header information indicating that the message is the incoming response 6303, an incoming response header 6430, a request number 6431 set by the credit settlement terminal 300, and a voice data encryption key. 6432 data is sealed to the service provider.
As shown in FIG. 95 (e), the call response 6304 includes header information indicating that the message is the call response 6304, a call response header 6437, a request number 6438 set by the credit settlement terminal 300, and voice data. This is a letter enclosed with the data composed of the encryption key 6439 and addressed to the merchant.
The voice data encryption key 6432 and the voice data encryption key 6439 are common encryption keys for encrypting voice data during a call, and the voice data encryption key is stored in the voice data encryption key register ( CRYPT) 21613 and the voice data encryption key register (CRYPT) 22611 of the credit settlement terminal 300 are set, so that the personal credit terminal 100 and the credit settlement terminal 300 encrypt the speech data and make a voice call. If audio data is not encrypted, this audio data encryption key is not set.

Next, the contents of the message exchanged between the devices in the process of the "inquiry call" will be described.
FIG. 94 (b) shows a procedure for exchanging messages between devices in the processing of the "inquiry call". FIGS. Indicates the content. FIG. 94 (b) is a diagram in which a portion of a message exchanged between devices is extracted from FIG. 45 (b). FIGS. 94 (b) and 45 (b) show the same “inquiry call” process. Is shown.
First, when the user performs an inquiry call operation 21213, the personal credit settlement terminal 100 generates an inquiry call process and starts processing of an “inquiry call”. The personal credit settlement terminal 100 first generates an inquiry call request 6307 (21215), and transmits it to the user process of the service providing system 102 by digital wireless telephone communication.

As shown in FIG. 96A, the inquiry call request 6307 includes header information indicating that the message is the inquiry call request 6307, an inquiry call request header 6500, a merchant ID 6501, a person in charge name 6502, and the inquiry call request. The data consisting of the request number 6503 uniquely indicating the request, the user ID 6504, and the issue date and time 6505 indicating the date and time when the inquiry call request 6307 was issued, digitally signed by the user and sealed to the service provider It is. The clerk name 6503 is information set in the merchant's option in the processing of “settlement”, and may not be set.
The user process of the service providing system 102 receives the query call request 6307, decrypts the encryption, checks the digital signature, and sends a query call request 6506 to the service manager process. The service manager process creates a service director process to create a process group that handles the inquiry call request 6506. The service director process refers to the merchant's customer table and generates an inquiry call 6515 and an inquiry call response 6524. The merchant process seals the inquiry call 6515 to the merchant and sends it to the credit settlement terminal 300 as an inquiry call 6307 (21216) .The user process envelopes the inquiry call response 6524 to the user, and sends the inquiry call response 6308. (21217), and transmits it to the personal credit settlement terminal 100.

As shown in FIG. 96B, the inquiry call 6307 is composed of header information indicating that the message is the inquiry call 6307, an inquiry call header 6510, a customer number 6511, and a request number 6512 set by the personal credit terminal 100. The data comprising the service provider ID 6513 and the issue date 6514 indicating the date and time when the inquiry call 6307 was issued is digitally signed by the service provider and sealed to the merchant.
As shown in FIG. 96 (c), the inquiry call response 6308 includes header information indicating that the message is the inquiry call response 6308, an inquiry call response header 6519, a response message 6520 from the service providing system 102, and a personal The data including the request number 6521 set by the credit settlement terminal 100, the service provider ID 6522, and the issue date 6523 indicating the date and time when the inquiry call response 6308 was issued is digitally signed by the service provider, and addressed to the user. It is a sealed letter.

Personal credit terminal 100 receives inquiry call response 6308, decrypts the encryption, checks the digital signature, and displays "ringing".
The credit settlement terminal 300 receives the inquiry call 6307, decrypts the encryption, checks the digital signature, generates an inquiry call process, and starts processing of the “inquiry call”. Credit settlement terminal 300 first outputs a ringtone from the speaker to notify the merchant of the incoming call. Then, when the merchant performs the call operation 1220, the credit settlement terminal 300 generates an incoming response 6309 (21221) and transmits it to the merchant process of the service providing system 102.
The merchant process of the service providing system 102 receives the incoming response 6309, decrypts the encryption, and sends the incoming response 6531 to the service director process. The service director process generates a call response 6538 from the incoming response 6531, and the user process seals it to the user and transmits it to the personal credit terminal 100 as a call response 6310 (21223).
Personal credit terminal 100 receives call response 6310, decrypts the encryption, and establishes a voice call between personal credit terminal 100 and credit settlement terminal 300.
As shown in FIG. 96 (d), the incoming response 6309 includes header information indicating that the message is the incoming response 6309, an incoming response header 6528, a request number 6529 set by the personal credit settlement terminal 100, and voice data. This is data sealed with the data comprising the encryption key 6530 and addressed to the service provider.

As shown in FIG. 96 (e), the call response 6310 includes header information indicating that the message is the call response 6310, a call response header 6535, a request number 6536 set by the personal credit settlement terminal 100, The data including the audio data encryption key 6537 is sealed to the user.
The voice data encryption key 6530 and the voice data encryption key 6537 are a common encryption key for encrypting voice data during a voice call, and the voice data encryption key is stored in the voice data encryption key register of the personal credit terminal 100. By setting (CRYPT) 21613 and the voice data encryption key register (CRYPT) 22611 of the credit settlement terminal 300, the personal credit terminal 100 and the credit settlement terminal 300 encrypt the voice data and make a voice call. If audio data is not encrypted, this audio data encryption key is not set.

Next, session establishment processing, remote access processing, data update processing, forced data update processing, data backup processing, "payment" processing, "cancel" processing, "customer service call" processing, and "inquiry call" Personal credit terminal 100, credit payment terminal 300, payment system 103, and service manager process, service director process, user process, merchant process, and payment processing agency process of service providing system 102 in each process of The details of the processing performed by each process will be described.
The overall processing flows of the personal credit terminal and the credit settlement terminal are as described in the description of FIGS. 51 and 61, respectively. Personal credit terminals and credit settlement terminals are equipped with session establishment processing, remote access processing, data update processing, forced data update processing, data backup processing, "payment" processing, "cancel" processing, and "customer service calls". The process corresponding to each of the processes of "" and "inquiry call" is registered in the process list, and each process is executed by each process of the main routine.
On the other hand, the service providing system executes each process by cooperative processing of five types of processes: a service manager process, a service director process, a user process, a merchant process, and a payment processing agency process.

Of the five types of processes, the service manager process first manages other processes such as a service director process, a user process, a merchant process, and a payment processing agency process in accordance with the processing flows shown in FIGS.
The service manager process is always running and usually waits for a call request message from a personal credit terminal or a credit settlement terminal and a message from each process in step 6600. Upon receiving the message, the service manager process performs the processing corresponding to the type of the message shown in steps 6601 to 6618 and 6700 to 6709, and returns to step 6600.
If the message is a call request, the service manager process performs a process generation process for generating a user process or a merchant process corresponding to the caller in step 6606.
If the message is a credit inquiry request from the merchant process, the service manager process first determines in step 6607 whether a payment request corresponding to the received credit inquiry request is registered in the message list 4405. In step 6608, if the message is not registered, the received message is registered in the message list. If registered, a service director process is generated in step 6609, and the service director process is generated. In step 6610, a registered message is deleted from the message list, and in step 6611, a credit reference request and a payment request are sent to the service director process. Send.
If the message is a payment request from a user process, the service manager process first determines in step 6612 whether a credit reference request corresponding to the received payment request is registered in the message list 4405. Check, if not registered, in step 6613, register the received message in the message list. If registered, proceed to step 6609, and perform the same processing as when the message was a credit inquiry request. Is performed.

If the message is a cancellation request from the merchant process, the service manager process first registers the cancellation request from the user process corresponding to the received cancellation request in the message list 4405 in step 6614. In step 6615, the received message is registered in the message list. If registered, a service director process is generated in step 6616, and the service Creates a process group consisting of a director process, a user process, and a merchant process, deletes the registered message from the message list in step 6617, and cancels the service director process to the service director process in step 6618. To send a cancellation request from the determined and the user process.
If the message is a cancellation request from the user process, the service manager process first registers the cancellation request from the merchant process corresponding to the received cancellation request in the message list 4405 in step 6619. In step 6620, the received message is registered in the message list.If registered, the process proceeds to step 6616, where the message is a cancel request from the merchant process. And the same processing is performed.
In the registration of the received message in the message list in step 6608, step 6613, step 6615, and step 6620, collation data is generated from the merchant ID, transaction number, and request number included in the message, and the message is stored in the message list. Register with.
In the process group generation in step 6609 and step 6616, first, a service director process is generated, process group management information and service director process management information are registered, and further, user process management information, , And updates the merchant process management information to generate a process group including the service director process, the user process, and the merchant process.
Also, if the message is a customer service call request from the merchant process, the service manager process creates a service director process in step 6704 and creates a process group by the service director process and the merchant process. And sends a customer service call request to the service director process at step 6705.

In the generation of the process group in step 6704, first, the service director process is generated, the process group management information and the service director process management information are registered, and the merchant process management information is updated. A process group is created by the director process and the merchant process.
If the message is an inquiry call request from a user process, the service manager process creates a service director process in step 6706 to create a process group by the service director process and the user process. Generate and, in step 6707, send an inquiry call request to the service director process.
In the process group generation in step 6706, first, a service director process is generated, process group management information and service director process management information are registered, and further, user process management information is updated to A process group is created by a director process and a user process.
If the message is a member process request from the service director process, the service manager process in step 6708 adds the requested process to the process group of the service director process. Perform At this time, the service manager process creates the requested process as needed.
If the message is a process deletion request, the service manager process performs a process deletion process for deleting the requested process in step 6709. At this time, if necessary, the service manager process updates the process management information of each process, the process group management information 4404, and the message list 4405.

Further, the process generation processing of step 6606 is performed according to the processing flow shown in FIG.
The service manager process first compares the caller's telephone number information included in the incoming call request with the user telephone number in the user list 4300 and the merchant telephone number in the merchant list 4301 in step 6800. , Determine the requestor. If the telephone number information matches the user telephone number, the requester is determined to be a user, and the process proceeds to step 6801.If the requester matches the merchant telephone number, the requester is determined to be a merchant. Then, the process proceeds to step 6804, and if none of them matches, it is determined that the request is not a call request from a user or a merchant, and the process generation process ends without generating a process.
In step 6801, the registered user process management information is checked to determine whether a user process corresponding to the requesting user already exists. If there is no user process, the process proceeds to step 6802, where a user process is created, user process management information is registered, and the process creation process ends. If the user process already exists, there is a possibility that an improper act such as impersonation of the user has been performed, so the process proceeds to step 6803, where an error message is transmitted to the management system, and the process generation is performed. The processing ends.
In step 6804, the registered merchant process management information is checked to determine whether a merchant process corresponding to the merchant that is the requester already exists. If there is no merchant process, the process proceeds to step 6805, where a merchant process is generated, merchant process management information is registered, and the process generation process ends. If the merchant process already exists, there is a possibility that the merchant has been improperly impersonated or the like, so the process proceeds to step 6806, where an error message is transmitted to the management system, and the process generation is performed. The processing ends.

Next, the user process performs processing according to the message from the personal credit terminal and the message from the service director process according to the processing flow shown in FIG.
The user process generated by the service manager process first performs a process of establishing a session with a personal credit terminal in step 6900, and in steps 6901 and 6905, a message from the personal credit terminal or the service director process. Wait. In step 6901, a message reception determination is made, and in step 6905, a timeout determination is made.
If a message has been received, the user process changes the process status of the user process to the “active” state in step 6902, and performs processing corresponding to the received message in step 6903. For example, when a "payment request" is received from the personal credit terminal, in step 6903, "payment" processing in the user process is performed. Upon ending the processing in step 6903, the user process changes the process status to the “idle” state in step 6904, and returns to step 6901.
In the determination of the timeout in step 6905, if no new message is received for the timeout period TNRU (TNRU> 0) or more, the user process times out, and in step 6906, a user process timeout process is performed. By the user process timeout process, the user process is deleted by the service manager process, and the line between the user process and the personal credit terminal is disconnected.
That is, if the user process does not receive a new message from the personal credit terminal or the service director process for the timeout period TNRU or more, the user process is automatically deleted, and the line to the personal credit terminal is Be cut off.

Next, the merchant process performs a process according to the message from the credit settlement terminal and the message from the service director process according to the process flow shown in FIG.
As in the case of the user process, the merchant process generated by the service manager process first performs a session establishment process with the credit settlement terminal in step 7000, and executes the credit settlement terminal in step 7001 and step 7005, or Waiting for a message from the service director process. At step 7001, message reception is determined, and at step 7005, timeout is determined.
If a message is received, the merchant process changes the process status of the merchant process to the “active” state in step 7002, and performs processing according to the received message in step 7003. For example, when a “credit inquiry request” is received from the credit settlement terminal, in step 7003, the process of “settlement” in the merchant process is performed. Upon ending the processing in step 7003, the merchant process changes the process status to the “idle” state in step 7004, and returns to step 7001.
In the determination of the timeout in step 7005, if no new message is received for the timeout period TNRM (TNRM> 0) or more, the merchant process times out, and in step 7006, a merchant process timeout process is performed. By the merchant process timeout process, the merchant process is deleted by the service manager process, and the line between the merchant process and the credit settlement terminal is disconnected.
That is, the merchant process is automatically deleted if no new message is received from the credit settlement terminal or the service director process for the timeout period TNRM or longer, and the line to the credit settlement terminal is disconnected. You.

Next, the payment processing institution process performs processing according to the message from the payment system and the message from the service director process according to the processing flow shown in FIG.
The payment processing institution process generated by the service manager process first performs an initialization process of a communication line with the payment system in step 7100, and performs a payment system or service director process in steps 7101 and 7105. Waiting for a message from. At step 7101 it is determined whether a message has been received, and at step 7105 a timeout is determined.
When the message is received, the payment processing institution process changes the process status of the payment processing institution process to the “active” state in step 7102, and performs processing corresponding to the received message in step 7103. For example, when a "payment request" is received from the service director process, in step 7103, "payment" processing in the payment processing institution process is performed. Upon completion of the process in step 7103, the payment processing agency process changes the process status to the “idle” state in step 7104, and returns to step 7101.
In the determination of timeout in step 7105, if no new message is received during the timeout period TNRTP (TNRTP> 0) or more, the payment processing institution process times out, and in step 7106, a payment processing institution process timeout process is performed. . The clearing house process timeout process clears the clearing house process by the service manager process and disconnects the line between the clearing house process and the clearing system.
In other words, if the payment processing agency process does not receive a new message from the payment system or the service director process for the timeout time TNRTP or more, the payment processing agency process is automatically deleted, and the line to the payment system is disconnected. You.

Further, when the communication cost between the user process and the personal credit terminal 100 depends on the use time of the communication line, the timeout time TNRU takes a value depending on the communication fee system. For example, if the usage time of the communication line is gradually charged, the timeout time TNRU is equal to or longer than a predetermined time TNRU0 (TNRU0> 0) and does not exceed the next change point of the communication fee. Value. In this case, the communication line between the personal credit terminal and the user process is connected as long as possible as long as the communication cost does not increase. Further, when charging is performed linearly with respect to the usage time of the communication line, the timeout time TNRU is a fixed time TNRU0.
Similarly, when the communication cost between the merchant process and the credit settlement terminal 300, or the communication processing between the settlement processing agency process and the settlement system 103 depends on the use time of the communication line, the time out period of the user process is TNRU. Similarly, the timeout times TNRM and TNRTP are values that depend on the respective communication fee systems.
The service director process will be described in detail in the following description of the processes of “settlement”, “cancel”, “customer service call”, and “inquiry call”. Further, the payment system will be described in detail in the description of each processing of “payment” and “cancel”.

Next, a processing flow in a session establishment process when a personal credit terminal connects to a user process will be described.
FIG. 103 and FIG. 104 respectively show the processing flow of the session establishment process of the personal credit terminal and the user process in the session establishment process when the personal credit terminal connects to the user process.
First, in step 7200, the personal credit terminal transmits a call request 4500 to the digital public network, receives a call response 4504 from the digital public network, and connects the line to the user process. At this time, the service manager process receives the incoming call request 4501 from the digital public network, and generates a user process in the process generation process of step 6606. In step 7300, the generated user process transmits an incoming call response 4503 to the digital public network to connect the line to the personal credit terminal. Next, the user process generates a test pattern A4701 in step 7301, encrypts the test pattern A with the user's public key in step 7302, generates an authentication test A4506, and generates an authentication test A in step 7303. Send to personal credit terminal.

On the other hand, in step 7201, the personal credit terminal generates a test pattern B 4705, and in step 7202, encrypts the test pattern B with the service provider's public key to generate an authentication test B. Waiting for an authentication test A from the user process. In step 7203, the reception of the authentication test A is determined, and in step 7211, the timeout is determined.
In the determination of the timeout in step 7211, if the authentication test A is not received for the timeout time TTAU (TTAU> 0) or more, the personal credit terminal times out, and in step 7212, an error message is displayed on the LCD. In step 7213, the line is disconnected, and the session establishment process ends.
When receiving the authentication test A, the personal credit terminal decrypts the encrypted test pattern A with the user's private key in step 7204, and decrypts the authentication test B and the encryption in step 7205. From the test pattern A, an authentication test A response 4507 is generated, and in step 7206, the authentication test A response is transmitted to the user process.
The user process that transmitted authentication test A to the personal credit terminal waits for an authentication test A response from the personal credit terminal in steps 7304 and 7312. In step 7304, it is determined whether an authentication test A response has been received. In step 7312, a timeout is determined.
In the timeout determination in step 7312, if the authentication test A response is not received for the timeout period TTARU (TTARU> 0) or more, the user process times out, and in step 7313, a session establishment error process is performed. To end. Due to the session establishment error handling, the user process is deleted by the service manager process, and the line is disconnected.
When the authentication test A response is received, the user process compares the test pattern A of the transmitted authentication test A with the test pattern A of the received authentication test A response in step 7305, and determines that the pattern matches. Proceeds to step 7306, if they do not match, determines that the user authentication has failed, performs a session establishment error process in step 7314, and ends the session establishment process.

The user process decrypts the encrypted test pattern B with the service provider's private key in step 7306, generates a session permission message 4709 in step 7307, and converts the session permission message into the user's public key in step 7308. Then, an authentication test B response 4508 is generated from the encrypted test pattern B and the encrypted session permission message, and the authentication test B response is transmitted to the personal credit terminal in step 7309. Then, in step 7310, the user status is changed to the session established state, and in step 7311, the process status is changed to the "idle" state, and the session establishing process is terminated. Proceed to.
The personal credit terminal that has transmitted the authentication test A response to the user process waits for an authentication test B response from the user process in steps 7207 and 7214. At step 7207, it is determined whether an authentication test B response has been received. At step 7214, a timeout is determined.

In the determination of the timeout in Step 7214, if the authentication test B response is not received for the timeout period TTBRU (TTBRU> 0) or more, the personal credit terminal times out, and an error message is displayed on the LCD in Step 7215, Further, in step 7216, the line is disconnected, and the session establishment processing ends.
When receiving the authentication test B response, the personal credit terminal checks in step 7208 the test pattern B of the transmitted authentication test B with the test pattern B of the received authentication test B response, and the patterns match. In step 7209, the process proceeds to step 7209. If they do not match, it is determined that the authentication of the service provider has failed. In step 7217, an error message is displayed on the LCD. Disconnect and end the session establishment process.
In step 7209, the personal credit terminal decrypts the encrypted session permission message with the user's private key. In step 7210, the personal credit terminal changes the terminal status to the session established state, and ends the session establishment process.

The session establishment process when connecting to the merchant process from the credit settlement terminal performs the same process as the session establishment process when connecting to the user process from the personal credit terminal. FIG. 105 and FIG. 106 respectively show the processing flow of the session establishment process of the credit settlement terminal and the merchant process in the session establishment process when connecting from the credit settlement terminal to the merchant process.
First, in step 7400, the credit settlement terminal transmits a call request 4800 to the digital public network, receives a call response 4804 from the digital public network, and connects the line with the merchant process. At this time, the service manager process receives the incoming call request 4801 from the digital public network, and generates a merchant process in the process generation process of step 6606. In step 7500, the generated merchant process transmits an incoming call response 4803 to the digital public network to connect the line with the credit settlement terminal. Next, the merchant process generates a test pattern A5001 in Step 7501, encrypts the test pattern A with the merchant's public key in Step 7502, generates an authentication test A4806, and generates an authentication test A in Step 7503. Send to credit payment terminal.

On the other hand, the credit settlement terminal generates a test pattern B5005 in step 7401, encrypts the test pattern B with the service provider's public key in step 7402, generates an authentication test B, and performs steps 7403 and 7411. Waiting for an authentication test A from the merchant process. In step 7403, the reception of the authentication test A is determined, and in step 7411, the timeout is determined.
In the timeout determination in step 7411, if the authentication test A is not received for the timeout time TTAM (TTAM> 0) or more, the credit settlement terminal times out, and in step 7412, displays an error message on the LCD. In step 7413, the line is disconnected, and the session establishment processing ends.
Upon receiving the authentication test A, the credit settlement terminal decrypts the encrypted test pattern A with the merchant's private key in step 7404, and in step 7405, the authentication test B and the decrypted test. From the pattern A, an authentication test A response 4807 is generated, and in step 7406, the authentication test A response is transmitted to the merchant process.
The merchant process that transmitted the authentication test A to the credit settlement terminal waits for an authentication test A response from the credit settlement terminal in steps 7504 and 7512. In step 7504, it is determined whether an authentication test A response has been received. In step 7512, a timeout is determined.

In the determination of the timeout in step 7512, if the authentication test A response is not received for the timeout time TTARM (TTARM> 0) or more, the merchant process times out, and in step 7513, a session establishment error process is performed, and a session establishment process is performed. To end. Due to the session establishment error handling, the merchant process is deleted by the service manager process and the line is disconnected.
If the authentication test A response is received, the merchant process compares the test pattern A of the transmitted authentication test A with the test pattern A of the received authentication test A response in step 7505, and the pattern matches. In this case, the process proceeds to step 7506, and if they do not match, it is determined that the merchant authentication has failed. In step 7514, a session establishment error process is performed, and the session establishment process ends.

The merchant process decrypts the encrypted test pattern B with the service provider's private key in step 7506, generates a session permission message 4709 in step 7507, and converts the session permission message into the merchant's public key in step 7508. An authentication test B response 4808 is generated from the encrypted test pattern B and the encrypted session permission message, and in step 7509, the authentication test B response is transmitted to the credit settlement terminal. Then, in step 7510, the merchant status is changed to the session established state, and in step 7511, the process status is changed to the "idle" state, and the session establishing process is terminated. The merchant process is executed in step 7001 in FIG. Proceed to. The credit settlement terminal that has transmitted the authentication test A response to the merchant process waits for an authentication test B response from the merchant process in steps 7407 and 7414. In step 7407, it is determined whether an authentication test B response has been received. In step 7414, a timeout is determined.
In the timeout determination in step 7414, if the authentication test B response is not received for the timeout time TTBRM (TTBRM> 0) or more, the credit settlement terminal times out, and in step 7415, an error message is displayed on the LCD, and In step 7416, the line is disconnected, and the session establishment process ends.
When the authentication test B response is received, the credit settlement terminal compares the transmitted test pattern B of the authentication test B with the test pattern B of the received authentication test B response in step 7408, and determines that the patterns match. In step 7409, if they do not match, it is determined that authentication of the service provider has failed, an error message is displayed on the LCD in step 7417, and the line is disconnected in step 7418. Then, the session establishment processing ends.
The credit settlement terminal decrypts the encrypted session permission message with the merchant's private key in step 7409, changes the terminal status to the session established state in step 7410, and ends the session establishment process.

Next, a description will be given of a processing flow in a session establishment process when connecting to a personal credit terminal from a user process.
FIG. 107 and FIG. 108 respectively show the processing flow of the user process in the session establishment process when the user process connects to the personal credit terminal, and the session establishment process of the personal credit terminal.
The user process generated by the service manager process first transmits a call request 4601 to the digital public network in step 7600 and receives a call response 4604 from the digital public network to connect with the personal credit terminal. Connect the line. At this time, in step 7700, the personal credit terminal receives an incoming call request 4602 from the digital public network and transmits an incoming call response 4603 to the digital public network to connect the line with the user process. Further, the personal credit terminal generates a test pattern C4712 in step 7701, encrypts the test pattern C with the service provider's public key in step 7702, generates an authentication test C4606, and generates an authentication test C4606 in step 7703. Send test C to the user process.

On the other hand, the user process generates a test pattern D4716 in step 7601, encrypts the test pattern D with the user's public key in step 7602, generates an authentication test D, and generates a personal test in steps 7603 and 7612. -Waiting for receiving the authentication test C from the credit terminal. In step 7603, the reception of the authentication test C is determined, and in step 7612, the timeout is determined.
In the timeout determination in step 7612, if the authentication test C is not received for the timeout time TTCU (TTCU> 0) or more, the user process times out, and in step 7613, a session establishment error process is performed, and the session establishment process is performed. finish.
When receiving the authentication test C, the user process decrypts the encrypted test pattern C with the private key of the service provider in step 7604, and in step 7605, the authentication test D and the decrypted test pattern C, an authentication test C response 4607 is generated, and in step 7606, the authentication test C response is transmitted to the personal credit terminal.
The personal credit terminal that has transmitted the authentication test C to the user process waits in steps 7704 and 7711 to receive an authentication test C response from the user process. At step 7704, it is determined whether an authentication test C response has been received. At step 7711, a timeout is determined.
In the determination of the timeout in step 7711, if the authentication test C response is not received for the timeout time TTCRU (TTCRU> 0) or more, the personal credit terminal times out and displays an error message on the LCD in step 7712, Further, in step 7613, the line is disconnected and the session establishment processing ends.
If the personal credit terminal receives the authentication test C response, the personal credit terminal compares the test pattern C of the transmitted authentication test C with the test pattern C of the received authentication test C response in step 7705, and the pattern matches. In this case, the process proceeds to step 7706, and if they do not match, it is determined that authentication of the service provider has failed, an error message is displayed on the LCD in step 7714, and the line is disconnected in step 7613. Disconnect and end the session establishment process.
The personal credit terminal decrypts the encrypted test pattern D with the user's private key in step 7706, generates a session permission message 4720 in step 7707, and transmits the session permission message to the service provider in step 7708. An authentication test D response 4608 is generated from the test pattern D encrypted with the public key and decrypted, and the encrypted session permission message, and the authentication test D response is transmitted to the user process in step 7709. Then, in step 7710, the terminal status is changed to the session established state, and the session establishing process ends.

The user process that sent the authentication test C response to the personal credit terminal waits in steps 7607 and 7614 to receive an authentication test D response from the personal credit terminal. In step 7607, it is determined whether an authentication test D response has been received. In step 7614, a timeout is determined.
In the timeout determination in step 7614, if the authentication test D response is not received for the timeout period TTDRU (TTDRU> 0) or more, the user process times out, and in step 7615, a session establishment error process is performed, and a session establishment process is performed. To end.
When receiving the authentication test D response, the user process compares the test pattern D of the transmitted authentication test D with the test pattern D of the received authentication test D response in step 7608, and determines that the pattern matches. Proceeds to step 7609, if they do not match, determines that the user authentication has failed, performs a session establishment error process in step 7616, and ends the session establishment process.
The user process decrypts the encrypted session authorization message with the service provider's private key in step 7609, changes the user status to a session established state in step 7610, and changes the process status to “ The state is changed to the “idle” state, the session establishment processing ends, and the user process proceeds to step 6901 in FIG.

The session establishment process when connecting to the credit settlement terminal from the merchant process performs the same process as the session establishment process when connecting to the personal credit terminal from the user process. FIG. 109 and FIG. 110 respectively show the processing flow from the merchant process to the merchant process in the session establishment process when connecting to the credit settlement terminal, and the session establishment process of the credit settlement terminal.
First, in step 7800, the merchant process generated by the service manager process transmits a call request 4901 to the digital public network, and receives a call response 4904 from the digital public network to connect to the credit settlement terminal. Connect. At this time, the credit settlement terminal receives an incoming call request 4902 from the digital public network and transmits an incoming call response 4903 to the digital public network in step 7900 to connect the line with the merchant process. Further, the credit settlement terminal generates a test pattern C5012 in Step 7901, encrypts the test pattern C with the public key of the service provider in Step 7902, generates an authentication test C4906, and generates an authentication test in Step 7903. Send C to the merchant process.

On the other hand, the merchant process generates a test pattern D5016 in step 7801, encrypts the test pattern D with the merchant's public key in step 7802, generates an authentication test D, and generates a credit test in steps 7803 and 7812. Waiting for receiving authentication test C from the payment terminal. In step 7803, the reception of the authentication test C is determined, and in step 7812, the timeout is determined.
In the determination of the timeout in step 7812, if the authentication test C is not received for the timeout time TTCM (TTCM> 0) or more, the merchant process times out, and in step 7813, a session establishment error process is performed, and the session establishment process is performed. finish.
When the authentication test C is received, the merchant process decrypts the encrypted test pattern C with the service provider's private key in step 7804, and in step 7805 the authentication test D and the decrypted test pattern And C, an authentication test C response 4907 is generated, and in step 7806, the authentication test C response is transmitted to the credit settlement terminal.
The credit settlement terminal that has transmitted the authentication test C to the merchant process waits for an authentication test C response from the merchant process in steps 7904 and 7911. In step 7904, it is determined whether an authentication test C response has been received. In step 7911, a timeout is determined.
In the timeout determination at step 7911, if the authentication test C response is not received for the timeout time TTCRM (TTCRM> 0) or more, the credit settlement terminal times out, and at step 7912, an error message is displayed on the LCD, and In step 7913, the line is disconnected, and the session establishment process ends.

When receiving the authentication test C response, the credit settlement terminal compares the test pattern C of the transmitted authentication test C with the test pattern C of the received authentication test C response in step 7905, and determines that the patterns match. In step 7906, if they do not match, it is determined that authentication of the service provider has failed, an error message is displayed on the LCD in step 7914, and the line is disconnected in step 7915. Then, the session establishment processing ends.
The credit settlement terminal decrypts the encrypted test pattern D with the merchant's private key in step 7906, generates a session permission message 5020 in step 7907, and publishes the session permission message to the service provider in step 7908. An authentication test D response 4908 is generated from the test pattern D encrypted with the key and decrypted and the encrypted session permission message, and in step 7909, the authentication test D response is transmitted to the merchant process. Then, in step 7910, the terminal status is changed to the session established state, and the session establishing process ends.

The merchant process that has transmitted the authentication test C response to the credit settlement terminal waits at steps 7807 and 7814 for receiving the authentication test D response from the credit settlement terminal. In step 7807, it is determined whether or not the authentication test D response has been received. In step 7814, a timeout is determined.
In the timeout determination in step 7814, if no authentication test D response is received for the timeout period TTDRM (TTDRM> 0) or more, the merchant process times out, and in step 7815, a session establishment error process is performed, and a session establishment process is performed. To end.
If the authentication test D response is received, the merchant process checks in step 7808 the test pattern D of the transmitted authentication test D and the test pattern D of the received authentication test D response, and determines that the patterns match. Proceeds to step 7809, and if they do not match, determines that the merchant authentication has failed, performs a session establishment error process in step 7816, and ends the session establishment process.
The merchant process decrypts the encrypted session authorization message with the service provider's private key in step 7809, changes the merchant status to session established in step 7810, and changes the process status to " The state is changed to the “idle” state, the session establishment processing ends, and the merchant process proceeds to step 7001 in FIG.

Next, a processing flow in the remote access processing will be described.
FIG. 111 (a) and FIG. 112 (a) show processing of a personal credit terminal remote access process and a service providing system user process in remote access processing between a personal credit terminal and a service providing system, respectively. 4 shows a flow.
The remote access process is started when a user accesses data existing at a remote address. First, in step 8000, the personal credit terminal generates a remote access request 5100 for data to be accessed, and in step 8001, determines whether or not the terminal is in a session established state from the terminal status. In step 8003, the generated remote access request is transmitted to the user process, and if the session is not established, the session is established in step 8002 to establish a session with the service providing system, and then the process proceeds to step 8003. .
The personal credit terminal that has transmitted the remote access request waits for reception of the remote access data 5101 in steps 8004 and 8011. In step 8004, it is determined whether or not the remote access data has been received. In step 8011, a timeout is determined.
In the determination of the timeout in step 8011, if the remote access data is not received for the timeout time TRADU (TRADU> 0) or more, the personal credit terminal times out, and in step 8012, a user timeout error process is performed. End the remote access processing. In the user timeout error processing, the personal credit terminal sends a user timeout error message to the user process of the service providing system, disconnects the session and the line with the user process, and displays a timeout error on the LCD. I do.

Upon receiving the remote access data, the personal credit terminal decrypts the remote access data encryption with the user's private key in step 8005, performs a user validity check in step 8006, and checks the validity of the remote access data. Verify
If the user validity check passes, the personal credit terminal stores the data 5209 portion of the remote access data in the temporary area of the RAM in step 8007, and stores the address information of the data in step 8008. The data is updated to the stored local address, and in step 8009, the data stored in the RAM is accessed. Then, in step 8010, it is determined from the free space in the temporary area whether or not the data update process is necessary. When the process is completed and the value is smaller than the set value AU, a data update process is generated, and the process proceeds to the data update process.
If the user validity check fails, the personal credit terminal performs user session error processing in step 8013 and ends the remote access processing. In the user session error processing, the personal credit terminal sends a user session error message to the user process of the service providing system, disconnects the session and the line with the user process, and displays a session error on the LCD. I do.

The user validity check is a process for verifying the validity of a message received from a user process of the service providing system. As shown in FIG. 111B, the user validity check performs three types of verification. . First, in step 8014, the digital signature of the service provider is verified, in step 8015, the service provider ID is verified, and in step 8016, the issue time of the received message is verified. In the verification of the issuance time in step 8016, the difference between the issuance time of the received information and the current time is verified, and if the difference is equal to or longer than the time TU (TU> 0), it is determined that the information is invalid. Therefore, it is determined that the user validity check has been passed only when the digital signature of the service provider has passed the verification, the service provider ID matches, and the verification of the issue time has passed, and otherwise, the user has failed. Is determined.
On the other hand, in the user process, the remote access processing is started by receiving the remote access request 5100. First, in step 8100, the user process decrypts the encryption of the received remote access request using the private key of the service provider. In step 8101, the user process performs a user process validity check to verify the validity of the remote access request. .
If the user process has passed the validity check, the user process generates remote access data 5101 in step 8102, and transmits the generated remote access data to the personal credit terminal in step 8103 to perform remote access processing. To end.

If the user process validity check fails, the user process determines that the received message is not valid, performs a user process session error process in step 8104, and ends the remote access process. By the user process session error handling, the user process is deleted by the service manager process, and the session and the line with the personal credit terminal are disconnected. At this time, the user process transmits a session error message indicating that an invalid message has been received to the management system 407.
The user process validity check is a process of verifying the validity of information received from the personal credit terminal. As shown in FIG. 112B, the user process validity check performs three types of verification. . First, in step 8105, the digital signature of the user is verified, in step 8106, the user ID is verified, and in step 8107, the issue time of the received information is verified. In the verification of the issuance time in step 8107, the difference between the issuance time of the received information and the current time is verified. . Therefore, it is determined that the user process validity check has been passed only when the user's digital signature has been verified, the user ID matches, and the issue time has been verified. Otherwise, it is determined that the user process has failed. I do.

FIG. 113 (a) and FIG. 114 (a) show the processing flow of the remote access process of the credit settlement terminal and the merchant process in the remote access process between the credit settlement terminal and the service providing system, respectively. I have.
The remote access process is initiated by a merchant accessing data located at a remote address. The credit settlement terminal first generates a remote access request 5400 for data to be accessed in step 8200, and in step 8201, determines whether or not the terminal is in a session established state from the terminal status. In step 8203, the generated remote access request is transmitted to the merchant process. If the session is not in a session established state, session establishment processing is performed in step 8202, and a session with the service providing system is established.
The credit settlement terminal that has transmitted the remote access request waits for reception of the remote access data 5401 in steps 8204 and 8211. In step 8204, it is determined whether the remote access data has been received. In step 8211, a timeout is determined.
In the timeout determination in step 8211, if the remote access data is not received for the timeout time TRADM (TRADM> 0) or more, the credit settlement terminal times out, and in step 8212, the merchant timeout error processing is performed, The access processing ends. In the merchant timeout error processing, the credit settlement terminal sends a merchant timeout error message to the merchant process of the service providing system, disconnects the session and the line with the merchant process, and displays a timeout error on the LCD. .

When the remote access data is received, the credit settlement terminal decrypts the encryption of the remote access data with the merchant's private key in step 8205, performs a merchant validity check in step 8206, and checks the validity of the remote access data. Verify.
When the merchant validity check is passed, the credit settlement terminal stores the data 5509 portion of the remote access data in the temporary area of the RAM in Step 8207, and stores the address information of the data and the data in Step 8208. In step 8209, the data stored in the RAM is accessed. Then, in step 8210, it is determined from the free space in the temporary area whether data update processing is necessary. If the free space in the temporary area is equal to or greater than the set value AM (AM> 0), remote access is performed as it is. When the process is completed and the value is smaller than the set value AM, a data update process is generated, and the process proceeds to the data update process.
If the merchant validity check fails, the credit settlement terminal performs merchant session error processing in step 8213 and ends the remote access processing. In the merchant session error processing, the credit settlement terminal transmits a merchant session error message to the merchant process of the service providing system, disconnects the session and the line with the merchant process, and displays a session error on the LCD. .

  The merchant validity check is a process of verifying the validity of a message received from the merchant process of the service providing system. As shown in FIG. 113B, the merchant validity check performs three types of verification. . First, in step 8214, the digital signature of the service provider is verified. In step 8215, the service provider ID is verified. Further, in step 8216, the issue time of the received message is verified. In the verification of the issuance time in step 8216, a deviation between the issuance time of the received information and the current time is verified. . Therefore, it is determined that the merchant validity check has been passed only if the service provider's digital signature has been verified, the service provider ID matches, and the issue time has been verified. It is determined that it has been performed.

On the other hand, in the merchant process, the remote access processing is started by receiving the remote access request 5400. In step 8300, the merchant process first decrypts the encryption of the received remote access request using the service provider's private key, and in step 8301 performs merchant process validity check to verify the validity of the remote access request. .
If the merchant process passes the validity check, the merchant process generates the remote access data 5401 in step 8302, and transmits the generated remote access data to the credit settlement terminal in step 8303 to perform the remote access processing. finish.

If the merchant process validity check fails, the merchant process determines that the received message is not valid, performs merchant process session error processing in step 8304, and ends the remote access processing. By the merchant process session error processing, the merchant process is deleted by the service manager process, and the session and the line with the credit settlement terminal are disconnected. At this time, the merchant process transmits a session error message indicating that an invalid message has been received to the management system 407.
The merchant process validity check is a process for verifying the validity of the information received from the credit settlement terminal. As shown in FIG. 114 (b), the merchant process validity check performs three types of verification. First, in step 8305, the merchant's digital signature is verified, in step 8306, the merchant ID is verified, and in step 8307, the issue time of the received information is verified. In the verification of the issuance time in step 8307, a deviation between the issuance time of the received information and the current time is verified. If the deviation is equal to or longer than the time TMP (TMP> 0), it is determined that the information is invalid. . Therefore, only when the merchant's digital signature has been verified, the merchant ID matches, and the issue time has been verified, it is determined that the merchant process has passed the validity check. Otherwise, it is determined that the merchant has failed. I do.

Next, a processing flow in the data update processing will be described.
FIG. 115 and FIG. 116 respectively show the processing flow of the data update process of the personal credit terminal and the user process of the service providing system in the data updating process of the personal credit terminal and the service providing system.
The data update process is performed when the value of the clock counter of the personal credit terminal matches the update time register, or when the free space in the temporary area becomes smaller than the set value AU, It begins by creating a data update process.
The personal credit terminal first displays "data update in progress" on the LCD in step 8400, generates a data update request 5102 in step 8401, and determines in step 8402 whether the terminal is in a session established state from the terminal status. If it is in the session establishment state, the generated data update request is transmitted to the user process in step 8404, and if it is not in the session established state, the session establishment processing is performed in step 8403, and the After establishing the session, go to step 8404.
The personal credit terminal that has transmitted the data update request waits for reception of the data update response 5103 in steps 8405 and 8416. In step 8405, it is determined whether a data update response has been received. In step 8416, a timeout is determined.
In the timeout determination in step 8416, if no data update response is received for a timeout period TRURU (TRURU> 0) or more, the personal credit terminal times out, and in step 8417, a user timeout error process is performed. The data update process ends.

When receiving the data update response, the personal credit terminal decrypts the data update response with the user's private key in step 8406, performs a user validity check in step 8407, and checks the validity of the data update response. Verify
If the user validity check is passed, the personal credit terminal compresses the data in the RAM in step 8408 to generate upload data 5104, and transmits the generated upload data to the user process in step 8409. I do.
If the user validity check fails, the personal credit terminal performs a user session error process in step 8418 and ends the data update process.
In steps 8410 and 8419, the personal credit terminal that has transmitted the upload data waits for reception of a message from the user process. At step 8410, the reception of the message is determined, and at step 8419, the timeout is determined.
In the determination of the timeout in step 8419, if no message is received for the timeout period TDU (TDU> 0) or more, the personal credit terminal times out, and in step 8420, a user timeout error process is performed to update the data. The process ends.

Upon receiving a message from the user process, the personal credit terminal decrypts the received message with the user's private key in step 8411, performs a user validity check in step 8412, and Verify validity.
If the user validity check passes, the personal credit terminal proceeds to step 8413, and if the user validity check fails, the personal credit terminal proceeds to step 8421 to execute the user session error process. And the data update process ends.
In step 8413, the personal credit terminal determines whether the received message is update data 5105 or a function stop command 5105'.If the received message is update data, in step 8414, the personal credit terminal updates the terminal data 5239 of the update data. The data compression is released, the data in the RAM is updated, and in step 8415, the display of "during data update" is released, and the data update process ends.
If the received message is a stop command, the personal credit terminal displays “unavailable” on the LCD in step 8422, and clears the terminal enable bit of the EEPROM 1503 in step 8423, The operation is disabled, the terminal status is changed to unusable in step 8424, and the data update process ends.

On the other hand, in the user process, the data update process is started by receiving the data update request 5102. First, in step 8500, the user process decrypts the encryption of the received data update request using the private key of the service provider. In step 8501, the user process performs a user process validity check to verify the validity of the data update request. .
If the user process has passed the validity check, the user process generates a data update response 5103 in step 8502, and transmits the generated data update response to the personal credit terminal in step 8503.
If the user process validity check fails, the user process determines that the received message is not valid, performs a user process session error process in step 8514, and ends the data update process.
In steps 8504 and 8515, the user process that has transmitted the data update response waits for the upload data 5104 to be received. At step 8504, it is determined whether or not the upload data has been received. At step 8515, a timeout is determined.

In the determination of the timeout in step 8515, if the upload data is not received for the timeout time TUDU (TUDU> 0) or more, the user process times out, and in step 8516, the user process times out and performs error processing to update the data. The process ends. Due to the user process timeout error handling, the user process is deleted by the service manager process, and the session and the line with the personal credit terminal are disconnected. At this time, the user process transmits a timeout error message indicating that timeout has occurred to the management system 407.
If the upload data is received, the user process decrypts the received upload data with the private key of the service provider in step 8505, and performs a user process validity check in step 8506 to check the validity of the upload data. Verify
If the user process validity check passes, the user process proceeds to step 8507. If the user process validity check fails, the user process determines that the received message is not valid, and proceeds to step 8517. Then, the user process / session / error processing is performed, and the data update processing ends.

In step 8507, the user process releases the data compression of the terminal data 5231 of the upload data, and in step 8508, performs a data collation check to verify whether the terminal data has been tampered with. In the data collation check, the terminal data decompressed is collated with the terminal data 24006 of the user information server and the data managed by the other user data management information 24000.
If the data verification check is passed, the user process first changes the access time of the credit card list 24008 of the user information server to the latest information in step 8509 based on the decompressed terminal data. Then, in step 8510, new terminal data is generated based on the capacity of the substantial data area of the personal credit terminal and the data generation time and access time, and in step 8511, the terminal that has released the data compression The difference between the data and the new terminal data is taken, update data 5105 is generated, and in step 8512, the generated update data is transmitted to the personal credit terminal.In 8513, the terminal data 24006 of the user information server is Update and end the data update process.

If the data collation check fails, the user process determines that there is a possibility that the terminal data has been tampered with, and in step 8518, generates a function stop command 5105 ', and in step 8519, the The function stop command is sent to the personal credit terminal, and further, in step 8520, the user status 24012 on the user information server is changed to “unavailable”, and in step 8521, the user process / session error processing is performed. Then, the data update process ends.
In the generation of new terminal data in step 8510, the data stored in the RAM is reorganized so that the temporary area becomes empty. In particular, when there is no room in the capacity of the actual data area 21812, the access time of each credit card is compared, a local address is assigned to the object data address of the latest credit card, and The use times of the information are compared, and a local address is assigned to the use information address of the use information whose use time is recent. When it is necessary to upgrade the program of the personal credit terminal, the data in the basic program area is updated. However, the user area is updated with the data of the user area of the terminal data received from the personal credit terminal.

FIGS. 117 and 118 show the processing flows of the data update process of the credit settlement terminal and the merchant process of the service providing system in the data update process of the credit settlement terminal and the service providing system, respectively.
The data update processing is performed when the value of the clock counter of the credit settlement terminal matches the update time register, or when the free space in the temporary area becomes smaller than the set value AM. Started by creating a process.
First, the credit settlement terminal displays “data updating” on the LCD in step 8600, generates a data update request 5402 in step 8601, and determines in step 8602 from the terminal status whether or not the session is established. If it is determined that the session is established, the generated data update request is transmitted to the merchant process in step 8604. If the session is not established, the session is established in step 8603. And then proceed to step 8604.
The credit settlement terminal that has transmitted the data update request waits for reception of the data update response 5403 in steps 8605 and 8616. In step 8605, it is determined whether a data update response has been received, and in step 8616, a timeout is determined.
In the timeout determination in step 8616, if the data update response is not received for the timeout time TRURM (TRURM> 0) or more, the credit settlement terminal times out, and in step 8617, the merchant timeout error processing is performed, The update process ends.

If the data update response is received, the credit settlement terminal decrypts the data update response with the merchant's private key in step 8606, performs a merchant validity check in step 8607, and checks the validity of the data update response. Verify.
If the merchant validity check is passed, the credit settlement terminal generates the upload data 5404 by compressing the data in the RAM and the hard disk in step 8608, and generates the merchant data in step 8609. Send to process.
If the merchant validity check fails, the credit settlement terminal performs a merchant session error process in step 8618, and ends the data update process.
In steps 8610 and 8619, the credit settlement terminal that has transmitted the upload data waits for reception of a message from the merchant process. At step 8610, a determination is made as to whether the message has been received, and at step 8619, a timeout is determined.
In the determination of timeout in step 8619, if no message is received for the timeout time TDM (TDM> 0) or more, the credit settlement terminal times out, and in step 8620, merchant timeout error processing is performed, and data update processing is performed. To end.

When receiving a message from the merchant process, the credit settlement terminal decrypts the received message with the merchant's private key in step 8611, performs merchant validity check in step 8612, and checks the validity of the received message. Verify the nature.
If the merchant validity check passes, the credit settlement terminal proceeds to step 8613, and if the merchant validity check fails, the credit settlement terminal performs merchant session error processing in step 8621, The data update process ends.
In step 8613, the credit settlement terminal determines whether the received message is the update data 5405 or the function stop command 5405'.If the message is update data, in step 8614, the data of the terminal data The compression is released, the data in the RAM and the hard disk are updated, and in step 8615, the display of “data updating” is released, and the data update process ends.

If the received message is a function stop command, the credit settlement terminal displays "unusable" on the LCD in step 8622, and in step 8623, clears the terminal enable bit of the EEPROM 22504 to perform the operation. In step 8624, the terminal status is changed to unusable, and the data update process ends.
On the other hand, in the merchant process, the data update process is started by receiving a data update request 5402. First, in step 8700, the merchant process decrypts the received data update request using the private key of the service provider. In step 8701, the merchant process performs a merchant process validity check to verify the validity of the data update request. .
If the merchant process passes the validity check, the merchant process generates a data update response 5403 in step 8702, and transmits the generated data update response to the credit settlement terminal in step 8703.

If the merchant process validity check fails, the merchant process determines that the received message is not valid, performs merchant process session error processing in step 8713, and ends the data update processing.
The merchant process that has transmitted the data update response waits for reception of the upload data 5404 in steps 8704 and 8714. In step 8704, it is determined whether or not the upload data has been received. In step 8714, a timeout is determined.
In the determination of the timeout in Step 8714, if the upload data is not received for the timeout time TUDM (TUDM> 0) or more, the merchant process times out, and in Step 8715, the merchant process times out / error processing is performed to update the data. The process ends. Due to the merchant process timeout error processing, the merchant process is deleted by the service manager process, and the session and the line with the credit settlement terminal are disconnected. At this time, the merchant process transmits a timeout error message indicating that timeout has occurred to the management system 407.
If the upload data is received, the merchant process decrypts the received upload data using the service provider's private key in step 8705, performs a merchant process validity check in step 8706, and checks the validity of the upload data. Verify
If the merchant process validity check passes, the merchant process proceeds to step 8707, and if the merchant process validity check fails, the merchant process determines that the received message is not valid, and step 8716 Then, the merchant process / session / error processing is performed, and the data update processing ends.

In step 8707, the merchant process releases the data compression of the terminal data 5531 of the upload data, and performs a data collation check in step 8708 to verify whether the terminal data has been tampered with. In the data collation check, the terminal data decompressed is collated with the terminal data 24006 of the merchant information server and the data managed by the other merchant data management information 24000.
If the data verification check is passed, the merchant process first generates new terminal data based on the capacity of the actual data area of the credit settlement terminal and the data generation time in step 8709, and in step 8710, The difference between the decompressed terminal data and the new terminal data is calculated to generate update data 5405, and in step 8711, the generated update data is transmitted to the credit settlement terminal. In 8712, the merchant information server Is updated, and the data update process ends.
If the data collation check fails, the merchant process determines that there is a possibility that the terminal data has been tampered with, and in step 8717, generates a function stop instruction 5405 ', and in step 8718, the The function stop command is sent to the credit settlement terminal, and in step 8719, the merchant status 24012 on the merchant information server is changed to “unavailable”. In step 8720, merchant process / session error processing is performed. Then, the data update process ends.
In the generation of new terminal data in step 8709, the data stored in the RAM and the hard disk is reorganized so that the temporary area becomes empty. In particular, when there is not enough space in the actual data area, it is necessary to compare the sales time of each sales information, assign a local address to the sales information with the latest sales time, and upgrade the program of the credit settlement terminal. In some cases, the data in the basic program area is also updated. However, the merchant area is updated with the data of the merchant area of the terminal data received from the credit settlement terminal.

Next, a processing flow in the forced data update processing will be described. FIG. 119 and FIG. 120 respectively show the processing flow of the forced data update process of the personal credit terminal and the user process of the service providing system in the forced data updating process of the personal credit terminal and the service providing system. Is shown.
The forced data update process is performed when the service providing system 102 needs to immediately update the data in the RAM of the personal credit terminal 100, for example, when the contract contents with the user are changed.
The user process first generates a data update instruction 5106 in step 8900, determines in step 8901 whether or not the terminal is in a session established state from the terminal status. The data update command is transmitted to the personal credit terminal, and if the session is not established, session establishment processing is performed in step 8902 to establish a session with the service providing system, and the process proceeds to step 8903.
In steps 8904 and 8914, the user process that has transmitted the data update command waits for the upload data 5107 to be received. In step 8904, it is determined whether or not the upload data has been received. In step 8914, a timeout is determined.
In the determination of the timeout in step 8914, if the upload data is not received for the timeout time TUDU (TUDU> 0) or more, the user process times out, and in step 8915, the user process performs time-out / error processing to force The data update process ends.

If the upload data is received, the user process decrypts the received upload data with the private key of the service provider in step 8905, performs a user process validity check in step 8906, and checks the validity of the upload data. Verify
If the user process validity check passes, the user process proceeds to step 8907, and if the user process validity check fails, the user process determines that the received message is not valid, and proceeds to step 8916. Then, the user process / session error processing is performed, and the forced data update processing ends.
In step 8907, the user process releases the data compression of the terminal data 5231 of the upload data, and in step 8908, performs a data collation check to verify whether the terminal data has been tampered with.
If the data verification check is passed, the user process first changes the access time of the credit card list 24008 of the user information server to the latest information based on the terminal data for which data compression has been released in step 8909. Then, in step 8910, new terminal data is generated based on the capacity of the substantial data area of the personal credit terminal and the data generation time and access time, and in step 8911, the terminal that has decompressed the data is generated. By taking the difference between the data and the new terminal data, update data 5108 is generated, and in step 8912, the generated update data is transmitted to the personal credit terminal. In step 8913, the terminal data 24006 of the user information server is transmitted. Is updated, and the forced data update process ends.
If the data collation check fails, the user process determines that there is a possibility that the terminal data has been tampered with and generates a function stop instruction 5108 ′ in step 8917, and generates the function stop instruction 5108 ′ in step 8918. The function stop command is sent to the personal credit terminal, and in step 8919, the user status 24012 on the user information server is changed to “unavailable”. In step 8920, the user process / session error processing is performed. Then, the forcible data update process ends.

In the generation of new terminal data in step 8910, the data stored in the RAM is reorganized so that the temporary area becomes empty. In particular, when there is no room in the capacity of the actual data area 21812, the access time of each credit card is compared, a local address is assigned to the object data address of the latest credit card, and The use times of the information are compared, and a local address is assigned to the use information address of the use information whose use time is recent. When it is necessary to upgrade the program of the personal credit terminal, the data in the basic program area is updated. However, the user area is updated with the data of the user area of the terminal data received from the personal credit terminal.
On the other hand, at the personal credit terminal, the forced data update process is started by receiving the data update instruction 5106 and generating the forced data update process.
First, in step 8800, the personal credit terminal decrypts the encryption of the data update instruction with the user's private key, and in step 8801 performs a user validity check to verify the validity of the data update instruction.
If the user validity check is passed, the personal credit terminal displays “data updating in progress” on the LCD in step 8802, and in step 8803, compresses the data in the RAM to generate upload data 5107. Then, in step 8804, the generated upload data is transmitted to the user process.
If the user validity check fails, the personal credit terminal performs a user session error process in step 8811 and ends the forced data update process.

In steps 8805 and 8812, the personal credit terminal that has transmitted the upload data waits to receive a message from the user process. At step 8805, it is determined whether the message has been received. At step 8812, a timeout is determined.
In the determination of timeout in step 8812, if no message is received for the timeout period TDU (TDU> 0) or more, the personal credit terminal times out, and in step 8813, a user timeout error process is performed, and The data update process ends.
Upon receiving a message from the user process, the personal credit terminal decrypts the received message with the user's private key in step 8806, performs a user validity check in step 8807, and checks the received message. Verify validity.
If the user validity check passes, the personal credit terminal proceeds to step 8808, and if the user validity check fails, the personal credit terminal proceeds to step 8814 to perform user session error processing. To complete the forced data update process.
In step 8808, the personal credit terminal determines whether the received message is the update data 5108 or the function stop command 5108 '. The compression is released, the data in the RAM is updated, and in step 8810, the display of "data updating in progress" is released, and the forced data update process ends.
If the received message is a function stop command, the personal credit terminal displays “unavailable” on the LCD in step 8815, and clears the terminal enable bit of the EEPROM 1503 in step 8816, The operation is disabled, and in step 8817, the terminal status is changed to unusable, and the forced data update process ends.

FIG. 121 and FIG. 122 respectively show the processing flow of the forced data update process of the credit settlement terminal and the merchant process of the service providing system in the forced data update process between the credit settlement terminal and the service providing system. Is shown.
The forced data update process is performed when the service providing system 102 needs to immediately update the data in the RAM and the hard disk of the credit settlement terminal 101, for example, when there is a change in the contract with the merchant. .
The merchant process first generates a data update instruction 5406 in step 9100, determines in step 9101 whether or not the terminal is in a session established state from the terminal status. The data update command is transmitted to the credit settlement terminal, and if the session is not established, a session establishment process is performed in step 9102 to establish a session with the service providing system, and the process proceeds to step 9103.
The merchant process that has transmitted the data update command waits for reception of the upload data 5407 in steps 9104 and 9113. In step 9104, it is determined whether the upload data has been received. In step 9113, a timeout is determined.
In the determination of the timeout in step 9113, if the upload data is not received for the timeout time TUDM (TUDM> 0) or more, the merchant process times out, and in step 9114, the merchant process timeout error processing is performed, and The data update process ends.
If the upload data is received, the merchant process decrypts the received upload data with the private key of the service provider in step 9105, and performs a merchant process validity check in step 9106 to check the validity of the upload data. Verify
If the merchant process validity check passes, the merchant process proceeds to step 9107, and if the merchant process validity check fails, the merchant process determines that the received message is not valid, and step 9115 Then, the merchant process / session / error processing is performed, and the forced data update processing ends.
The merchant process releases the data compression of the terminal data 5531 of the upload data in step 9107, and performs a data collation check in step 9108 to verify whether the terminal data has been tampered with.

If the data verification check is passed, the merchant process first generates new terminal data based on the capacity of the actual data area of the credit settlement terminal and the data generation time in step 9109, and in step 9110 The difference between the decompressed terminal data and the new terminal data is calculated to generate update data 5408.In step 9111, the generated update data is transmitted to the credit settlement terminal.In step 9112, the merchant information The terminal data 24104 of the server is updated, and the forced data update process ends.
If the data collation check fails, the merchant process determines that there is a possibility that the terminal data has been tampered with and generates a function stop command 5408 ′ in step 9116, and generates the The function stop command sent to the credit settlement terminal, the merchant status 24012 on the merchant information server is changed to “unavailable” in step 9118, and the merchant process / session error processing is performed in step 9119. Then, the forced data update process ends.
In the generation of new terminal data in step 9109, the data stored in the RAM and the hard disk is reorganized so that the temporary area becomes empty. In particular, when there is not enough space in the actual data area, it is necessary to compare the sales time of each sales information, assign a local address to the sales information with the latest sales time, and upgrade the program of the credit settlement terminal. In some cases, the data in the basic program area is also updated. However, the merchant area is updated with the data of the merchant area of the terminal data received from the credit settlement terminal.

On the other hand, in the credit settlement terminal, the forced data update process is started by receiving the data update command 5406 and generating the forced data update process.
First, in step 9000, the credit settlement terminal decrypts the encryption of the data update instruction using the merchant's private key, and in step 9001, performs a merchant validity check to verify the validity of the data update instruction.
If the merchant validity check is passed, the credit settlement terminal displays “data updating in progress” on the LCD in step 9002, and in step 9003, compresses the data in the RAM and the hard disk to upload the data. 5407 is generated, and in step 9004, the generated upload data is transmitted to the merchant process.
If the merchant validity check fails, the credit settlement terminal performs merchant session error processing in step 9011, and ends the forced data update processing.
In steps 9005 and 9012, the credit settlement terminal that has transmitted the upload data waits for a message from the merchant process. In step 9005, it is determined whether the message has been received. In step 9012, a timeout is determined.
In the timeout determination in step 9012, if no message is received for the timeout time TDM (TDM> 0) or more, the credit settlement terminal times out, and in step 9013, a merchant timeout error process is performed to The update process ends.
When receiving a message from the merchant process, the credit settlement terminal decrypts the received message with the merchant's private key in step 9006, performs a merchant validity check in step 9007, and validates the received message. Verify the nature.
If the merchant validity check passes, the credit settlement terminal proceeds to step 9008, and if the merchant validity check fails, the credit settlement terminal performs merchant session error processing in step 9014, The forced data update process ends.
In step 9008, the credit settlement terminal determines whether the received message is the update data 5408 or the function stop command 5408'.If the message is update data, in step 9009, the data of the terminal data The compression is released to update the data in the RAM and the hard disk, and in step 9010, the display of "data updating" is released, and the forced data update process ends.
If the received message is a function stop command, the credit settlement terminal displays “unusable” on the LCD in step 9015, and clears the terminal enable bit of the EEPROM 1503 in step 9016 to operate the credit settlement terminal. In step 9017, the terminal status is changed to unusable, and the forced data update process ends.

Next, a processing flow in the data backup processing will be described.
FIG. 123 and FIG. 116 respectively show a processing flow of a data update process of the personal credit terminal and a user process of the service providing system in a data backup process of the personal credit terminal and the service providing system, The process of the user process is the same as the data update process.
The data backup process is started when the personal credit terminal generates a data backup process when the battery capacity of the personal credit terminal falls below Q.
The personal credit terminal first displays "data update in progress" on the LCD in step 9200, generates a data update request 5109 in step 9201, and determines in step 9202 whether the terminal is in a session established state from the terminal status. If the session is established, the generated data update request is transmitted to the user process in step 9204. If the session is not established, the session is established in step 9203. After establishing the session, go to step 9204.
The personal credit terminal that has transmitted the data update request waits for reception of the data update response 5110 in steps 9205 and 9216. At step 9205, it is determined whether a data update response has been received. At step 9216, a time-out determination is made.
In the determination of the timeout in Step 9216, if the data update response is not received for the timeout time TRURU (TRURU> 0) or more, the personal credit terminal times out, and in Step 9217, a user timeout error process is performed. The data backup processing ends.
When the personal credit terminal receives the data update response, the personal credit terminal decrypts the data update response with the user's private key in step 9206, performs a user validity check in step 9207, and checks the validity of the data update response. Verify
If the user validity check is passed, the personal credit terminal compresses the data in the RAM in step 9208 to generate upload data 5111, and transmits the generated upload data to the user process in step 9209. I do.
If the user validity check fails, the personal credit terminal performs a user session error process in step 9218 and ends the data backup process.

In steps 9210 and 9219, the personal credit terminal that has transmitted the upload data waits to receive a message from the user process. In step 9210, a determination is made as to whether the message has been received, and in step 9219, a timeout is determined.
In the determination of timeout in step 9219, if no message is received for the timeout period TDU (TDU> 0) or more, the personal credit terminal times out, and in step 9220, a user timeout error process is performed, and data backup is performed. The process ends.
Upon receiving a message from the user process, the personal credit terminal decrypts the received message with the user's private key in step 9211, performs a user validity check in step 9212, and checks the received message. Verify validity.
If the user validity check passes, the personal credit terminal proceeds to step 9213. If the user validity check fails, the personal credit terminal proceeds to step 9221 to execute the user session error process. To complete the data backup process.
In step 9213, the personal credit terminal determines whether the received message is the update data 5112 or the function stop command 5112 ′. If the message is update data, first, in step 9214, the terminal data of the update data The data compression of the 5239 is released, the data in the RAM is updated, and "LOW BATTERY" is displayed in step 9215. Further, in step 9225, the terminal status is changed to "write protected" and a new Then, the data backup process is terminated by preventing the unnecessary data from being written to the RAM.
If the received message is a function stop command, the personal credit terminal displays “unavailable” on the LCD in step 9222, and clears the terminal enable bit of the EEPROM 1503 in step 9223, The operation is disabled, the terminal status is changed to unusable in step 9224, and the data backup process ends.

Next, a processing flow in the processing of “settlement” will be described.
FIG. 124 to FIG. 125 show the processing flow of the credit settlement terminal in the “payment” processing. The “payment” process is started when the merchant presses the credit settlement switch of the register and the credit settlement terminal 300 generates a settlement process.
First, in step 9300, the credit settlement terminal generates four types of payment offer responses 5701 corresponding to the contents of the payment offer 5700 received from the personal credit terminal. The four types of payment offer responses are a payment offer response indicating that the amount of payment specified by the user is lower than the amount charged by the merchant, and a payment indicating that the user specifies a credit card that the merchant cannot handle. An offer response, a payment offer response indicating that the user specifies a payment option that the merchant cannot handle, and a payment offer response indicating that the merchant can handle the user's payment offer.
The four types of payment offer responses differ in the response message 5809 and the transaction number 5810 of the payment offer response (FIG. 89 (b)), respectively, and the payment amount specified by the user is lower than the merchant's billing amount. In the case of the payment offer response indicating, the response message is set to a message indicating that the payment amount is insufficient, and the transaction number is set to zero. In the case of a payment offer response indicating that the user has specified a credit card that cannot be handled by the merchant, a message indicating that the card cannot be used is set in the response message, and the transaction number is set to zero. You. In the case of a payment offer response indicating that the user has specified a payment option that cannot be handled by the merchant, the response message is set to a message indicating that the payment option is not available, and the transaction number is set to zero. Is done. Then, in the case of the payment offer response indicating that the merchant can handle the user's payment offer, the greeting message is set in the response message, and the transaction number is set to a non-zero number that uniquely indicates the transaction with the user. You.
The credit settlement terminal that has generated the four types of payment offer responses displays “waiting for payment operation” on the LCD in step 9301, and waits for the receipt of the payment offer 5700 by infrared communication in step 9302.

Upon receiving the payment offer from the personal credit terminal, the credit settlement terminal verifies the contents of the received payment offer in steps 9303 to 9305.
If the payment amount of the payment offer is smaller than the billing amount, the credit settlement terminal proceeds to step 9317 and sends a payment offer response indicating that the payment amount specified by the user is lower than the merchant's billing amount to an infrared ray. The communication is transmitted to the personal credit terminal, and in step 9318, the LCD displays a shortage of the amount of payment, and the process returns to step 9302 to wait for the reception of the payment offer again.
If the service code of the payment offer does not exist in the service code list of the credit settlement terminal, the credit settlement terminal proceeds to step 9319, and indicates that the user has specified a credit card that the merchant cannot handle. The payment offer response is transmitted by infrared communication to the personal credit terminal, and in step 9320, a message indicating that the credit card cannot be used is displayed on the LCD, and the process returns to step 9302 to wait for the receipt of the payment offer again.
If the payment option code of the payment offer does not exist in the service code list of the credit settlement terminal, the credit settlement terminal proceeds to step 9321 to confirm that the user has specified a payment option that the merchant cannot handle. The payment offer response is transmitted to the personal credit terminal via infrared communication, and at step 9322, the LCD displays a message indicating that the payment option cannot be handled, and the process returns to step 9302 to wait for the receipt of the payment offer again.

Otherwise, the credit settlement terminal proceeds to step 9306 and sends a payment offer response to the personal credit terminal via infrared communication indicating that the merchant can handle the user's payment offer, and then to step 9307. In step 9308, "credit inquiry is in progress" is displayed on the LCD, and in step 9308, a credit inquiry request 5702 is generated from the payment offer and the payment offer response. If it is determined that the session is established, the generated credit inquiry request is transmitted to the merchant process in step 9311. If the session is not established, the session is established in step 9310 and Is established, and then the process proceeds to step 9311.
In steps 9312 and 9323, the credit settlement terminal that has transmitted the credit inquiry request waits for the receipt of the credit inquiry response 5704. At step 9312, it is determined whether a credit inquiry response has been received. At step 9323, a timeout is determined.
In the determination of the timeout in step 9323, if the credit inquiry response is not received for the timeout time TAR (TAR> 0) or more, the credit settlement terminal times out, and in step 9324, the merchant timeout error processing is performed. The processing of “settlement” is completed.
If the credit inquiry response is received, the credit settlement terminal decrypts the encryption of the credit inquiry response with the merchant's private key in step 9313, performs a merchant validity check in step 9314, and checks the validity of the credit inquiry response. Verify.
If the merchant validity check passes, the credit settlement terminal proceeds to step 9315. If the merchant validity check fails, the credit settlement terminal performs merchant session error processing in step 9325, and performs “payment” processing. To end.
The credit settlement terminal judges the credit inquiry result of the credit inquiry response in step 9315, and if the credit inquiry fails, displays the credit inquiry result on the LCD in step 9326, and ends the “settlement” process. If the credit inquiry is passed, the result of the credit inquiry and the contents of the user's personal data are displayed on the LCD in step 9316.
The credit settlement terminal that has displayed the credit inquiry result and the contents of the user personal data on the LCD waits for a settlement processing request operation 20616 by the merchant in steps 9400 and 9413. In step 9400, the settlement processing request operation by the merchant is determined, and in step 9413, the timeout is determined.
In the determination of the timeout in step 9413, if the payment processing request operation by the merchant is not performed for the timeout time TMAO (TMAO> 0) or more, the credit payment terminal times out. To complete the “payment” process.
When the payment request processing operation is performed by the merchant, the credit payment terminal displays “Payment in progress” on the LCD in step 9401, and generates the payment request 5705 from the payment offer and the payment offer response in step 9402. Then, in step 9403, the generated settlement request 5705 is transmitted to the merchant process.

The credit settlement terminal that has transmitted the settlement request 5705 to the merchant process waits for receiving the settlement completion notification 5708 from the merchant process in steps 9404 and 9415. In step 9404, it is determined whether the payment completion notification 5708 has been received, and in step 9415, a timeout is determined.
In the timeout determination in step 9415, if the payment completion notification 5708 is not received for the timeout time TSPCC (TSPCC> 0) or more, the credit payment terminal times out, and in step 9416, a merchant timeout error process is performed. The “settlement” process ends.
When receiving the payment completion notice 5708, the credit settlement terminal decrypts the encryption of the received payment completion notice 5708 with the merchant's private key in step 9405, performs a merchant validity check in step 9406, and receives the received message. Verify the validity of
If the merchant validity check passes, the credit settlement terminal proceeds to step 9407, and if the merchant validity check fails, the credit settlement terminal performs merchant session error processing in step 9417, The “settlement” process ends.
In Step 9407, the credit settlement terminal generates a receipt 5709, and in Step 9408, transmits the generated receipt 5709 to the merchant process. Then, in step 9409, the settlement completion notice 5708 obtained by decrypting the encryption is stored in the temporary area of the RAM, and in step 9410, the sales history list and the sales history list address are updated. , "Payment Complete" is displayed. Then, in step 9412, it is determined from the free space in the temporary area whether or not the data update processing is necessary. If the free space in the temporary area is equal to or larger than the set value AM (AM> 0), the “payment” is directly performed. If the value is smaller than the set value AM, a data update process is generated, and the process proceeds to the data update process.

FIGS. 126 to 127 show the processing flow of the merchant process in the processing of “settlement”.
In the merchant process, the “payment” process is started by receiving a credit inquiry request 5702 from a credit settlement terminal. First, in step 9500, the merchant process decrypts the encryption of the received credit reference request using the service provider's private key, and in step 9501, performs a merchant process validity check to verify the validity of the credit reference request. .
If the merchant process validity check is passed, the merchant process determines in step 9502 whether or not it belongs to the process group from the value of the service director process ID of the merchant process management information, and If it is (service director process ID @ 0), in step 9515, the trust inquiry request obtained by decrypting the encryption is transmitted to the service director process, and if the request does not belong to the process group (service director process ID) = 0), in step 9503, a credit inquiry request obtained by decrypting the encryption is transmitted to the service manager process.
If the merchant process validity check fails, the merchant process determines that the received message is not valid, performs merchant process session error processing in step 9514, and ends the "settlement" process.
The merchant process that sent the credit inquiry request to the service director process or service manager process waits at step 9504 for receiving a credit inquiry response 5840 from the service director process. Upon receiving the credit inquiry response 5840 from the service director process, the merchant process seals the credit inquiry response 5840 to the merchant in step 9505, and transmits the credit inquiry response 5704 to the credit settlement terminal in step 9506. .
The merchant process that transmitted the credit inquiry response 5704 to the credit settlement terminal waits at step 9507 to receive a settlement request 5705 from the credit settlement terminal. Upon receiving the payment request 5705 from the credit payment terminal, the merchant process decrypts the encryption of the received payment request 5705 with the private key of the service provider in step 9508, and performs a merchant process validity check in step 9509, The validity of the settlement request 5705 is verified.
If the merchant process validity check passes, the merchant process sends the decrypted payment request 5705 to the service director process in step 9510, and receives the merchant process validity check if it fails. It is determined that the received message is not valid, and in step 9516, merchant process / session error processing is performed, and the processing of “settlement” ends.

In step 9511, the merchant process that has sent the settlement request to the service director process waits to receive a settlement completion notification 5937 from the service director process. Upon receiving the payment completion notification 5937 from the service director process, the merchant process seals the payment completion notification 5937 to the merchant in step 9512, and transmits the payment completion notification 5708 to the credit payment terminal in step 9513.
In step 9600, the merchant process that has transmitted the payment completion notification 5708 to the credit payment terminal waits for receipt of the receipt 5709 from the credit payment terminal. Upon receipt of the receipt 5709 from the credit settlement terminal, the merchant process decrypts the received receipt 5709 with the private key of the service provider in step 9601, and performs merchant process validity check in step 9602. Verify the validity of receipt 5709.
If the merchant process validity check passes, the merchant process sends the decrypted receipt 5709 to the service director process in step 9603, and in step 9604, the sales history list on the merchant information server And the sales history list / address are updated, and the “payment” process ends.

If the merchant process validity check fails, the merchant process determines that the received message is not valid, performs merchant process session error processing in step 9605, and ends the "settlement" process.
FIGS. 128 to 129 show the processing flow of the personal credit terminal in the “payment” processing. The "payment" process is started when the user performs a payment operation and the personal credit terminal creates a payment process.
The personal credit terminal first generates a payment offer 5700 based on the credit card, the payment amount, and the payment option specified by the user in the payment operation in step 9700, and in step 9701, generates the payment offer Send to the credit settlement terminal by communication.
The personal credit terminal that has transmitted the payment offer to the credit settlement terminal waits for receipt of the payment offer response 5701 in steps 9702 and 9713. In step 9702, it is determined whether a payment offer response has been received, and in step 9713, a timeout is determined.
In the determination of the timeout of step 9713, if the payment offer response is not received for the timeout period TPOR (TPOR> 0) or more, the personal credit terminal times out, and in step 9714, the LCD displays the timeout of the payment offer response. An error is displayed, and the “payment” process ends.

Upon receiving the payment offer response, the personal credit terminal checks the service provider's digital signature on the service provider telephone number in the payment offer response in step 9703, and if the signature check is passed, If it fails, it is determined that the payment offer response is not valid. In step 9715, an error of the payment offer response is displayed on the LCD, and the "settlement" process ends.
In step 9704, the personal credit terminal determines from the value of the transaction number in the payment offer response whether the payment offer transmitted to the credit settlement terminal has a content that can be handled by the merchant. If the transaction number in the payment offer response is not zero, the payment offer is a content that the merchant can handle, and the personal credit terminal proceeds to step 9705. If the transaction number in the payment offer response is zero, the payment offer is unmerchantable and the personal credit terminal displays an error in the payment offer response on the LCD at step 9716 and displays a "payment" Is completed.
In step 9705, the personal credit terminal checks the payment amount of the payment offer with the payment amount of the payment offer response. If the payment amount is equal to the payment amount, the personal credit terminal proceeds to step 9708, where the payment amount is If it is larger than the amount, a screen for confirming the amount of payment shown in FIG. 44 (i) is displayed on the LCD in step 9706, and in steps 9707 and 9717, a confirmation operation by the user is awaited. When the confirmation operation is performed, the personal credit terminal proceeds to Step 9708. In step 9707, the personal credit terminal determines the confirmation operation by the user, and in step 9717, determines the timeout.
In the determination of the timeout in step 9717, if the confirmation operation is not performed for the timeout period TUAO (TUAO> 0) or more, the personal credit terminal times out, and in step 9718, the LCD displays a confirmation operation timeout error. Is displayed, and the “payment” process ends.

The personal credit terminal displays “Payment in progress” on the LCD in step 9708, and then generates a payment request 5703 from the payment offer and the payment offer response in step 9709, and in step 9710, From the terminal status, it is determined whether or not the session is established.If the session is established, the generated payment request is transmitted to the user process in step 9712.If the session is not established, the process proceeds to step 9711. After session establishment processing is performed to establish a session with the service providing system, the flow advances to step 9712.
In the session establishment process of step 9711, the personal credit terminal calls the service provider telephone number in the payment offer response and connects to the service providing system in the merchant's home service area. In other words, if the personal credit terminal has already established a session with the service providing system during the processing of the “payment”, the personal credit terminal performs the “payment” processing with the service providing system, To establish a session with the service providing system, a "settlement" process is performed with the service providing system in the service area where the merchant is located.
In steps 9800 and 9807, the personal credit terminal that has transmitted the payment request waits for receipt of the receipt 5710 from the user process. In step 9800, the receipt of the receipt 5710 is determined, and in step 9807, the timeout is determined.
In the determination of the timeout in Step 9807, if the receipt 5710 is not received for the timeout period TSPR (TSPR> 0) or more, the personal credit terminal times out, and in Step 9808, the user performs a time-out error process. The “settlement” process ends.

Upon receipt of the receipt 5710, the personal credit terminal decrypts the encryption of the receipt 5710 with the user's private key in step 9801, performs a user validity check in step 9802, and checks the validity of the receipt 5710. Verify
If the user validity check passes, the personal credit terminal proceeds to step 9803, and if the user validity check fails, the personal credit terminal proceeds to step 9809 and executes the user session error processing. Is performed, and the “payment” process ends.
In step 9803, the personal credit terminal stores the decrypted receipt 5710 in the temporary area of the RAM, and in step 9804, updates the use history list and the use history list address, and in step 9805, And display the receipt on the LCD. Then, in step 9806, it is determined from the free space in the temporary area whether or not data update processing is necessary. If the free space in the temporary area is equal to or larger than the set value AU (AU> 0), the "payment" Is completed, and if it is smaller than the set value AU, a data update process is generated and the process proceeds to the data update process.

FIG. 130 shows a processing flow of a user process in the processing of “settlement”.
In the user process, the “payment” process is started by receiving a payment request 5703 from the personal credit terminal. First, in step 9900, the user process decrypts the encryption of the received payment request with the private key of the service provider, and in step 9901 performs a user process validity check to verify the validity of the payment request.
If the user process has passed the validity check, in step 9902, the user process determines whether or not the user belongs to the process group based on the value of the service director process ID in the user process management information. If it is (service director process ID @ 0), in step 9909, the payment request having decrypted the encryption is transmitted to the service director process, and if it does not belong to the process group (service director process ID = In step 0903, in step 9903, the payment request having decrypted the encryption is transmitted to the service manager process.
If the user process validity check fails, the user process determines that the received message is not valid, performs a user process session error process in step 9908, and ends the “settlement” process.

The user process that sent the payment request to the service director process or the service manager process waits in step 9904 to receive a receipt 6016 from the service manager process. Upon receipt of the receipt 6016 from the service manager process, the user process seals the receipt 6016 to the user in step 9905, sends the receipt 5710 to the personal credit terminal in step 9906, In step 9907, the use history list and the use history list address on the user information server are updated, and the “payment” process ends.
FIG. 131A shows a processing flow of the payment system in the processing of “payment”. The “payment” process is started by receiving a payment request 5706 from the payment processing institution process of the service providing system.
First, in step 10000, the payment system decrypts the encryption of the received payment request 5706 with the private key of the payment processing institution, and in step 10001, performs a payment processing institution validity check to verify the validity of the payment request 5706 I do.
If the payment processing institution validity check is passed, the payment system updates the data of the subscriber information server, the member store information server, and the transaction information server in step 10002 based on the payment request 5706. In step 10003, a payment completion notification 5707 is generated, and in step 10004, the generated payment completion notification 5707 is transmitted to the payment processing institution process, and the “payment” process ends.

If the payment processing institution validity check fails, the payment system determines that the received message is not a valid message, and in step 10005, performs a payment processing institution session error process to set the “payment”. The process ends. In the settlement processing institution session error processing, the settlement system sends a session error message to the management system of the settlement system, sends a session error message to the settlement processing institution process of the service providing system, and communicates with the settlement processing institution. Disconnect the line.
Further, the payment processing institution validity check is a process for verifying the validity of a message received from the payment processing institution process of the service providing system. As shown in FIG. Four types of verification are performed. First, in step 10006, the digital signature of the service provider is verified. In step 10007, the service provider ID is verified. In step 10008, the validity period of the received message is verified. Verify the message issue time. In the verification of the issuance time in step 10009, the difference between the issuance time of the received information and the current time is verified, and if the difference is equal to or longer than the time TTP (TTP> 0), it is determined that the information is invalid information. . Therefore, only when the service provider's digital signature has been verified, the service provider ID matches, the validity period has been verified, and the issue time has been verified, the payment processing institution validity check has been passed. It is determined, otherwise, it is determined that a failure has occurred.

FIG. 132 (a) shows the processing flow of the payment processing institution process in the processing of “payment”. In the payment processing agency process, the processing of “payment” is initiated by receiving a payment request 5910 from the service director process.
In step 10100, the payment processing institution process seals the payment request 5910 to the payment processing institution, and in step 10101, transmits the payment request 5706 to the payment system.
In Step 10102, the payment processing agency process that has transmitted the payment request 5706 to the payment system waits for receiving a payment completion notification 5707 from the payment system. Upon receiving the payment completion notification 5707 from the payment system, the payment processing institution process decrypts the encryption of the received payment completion notification 5707 with the service provider's private key in step 10103, and in step 10104, the payment processing institution process is activated. A validity check is performed to verify the validity of the settlement completion notification 5707.
If the payment processing institution process validity check is passed, the payment processing institution process transmits a payment completion notification 5707 having decrypted the encryption to the service director process in step 10105, and in step 10106, the payment processing institution The settlement history list and the settlement history list address on the information server are updated, and the “settlement” process ends.

If the clearing house process validity check fails, the clearing house process determines that the received message is not valid, and in step 10107 performs clearing house process session error handling to settle the "clear" Is completed. Due to the clearinghouse process session error handling, the clearinghouse process is deleted by the service manager process and the line to the clearing system is disconnected. At this time, the payment processing agency process transmits a session error message indicating that the invalid message has been received to the management system 407.
The payment processing institution process validity check is a process for verifying the validity of the information received from the payment system. As shown in FIG. 132 (b), the payment processing institution process validity check includes three types of verification. Perform First, in step 10108, the digital signature of the payment processing institution is verified, in step 10109, the payment processing institution ID is verified, and in step 10110, the issue time of the received information is verified. In the verification of the issuance time in step 10110, a deviation between the issuance time of the received information and the current time is verified, and when the deviation is equal to or longer than the time TTPP (TTPP> 0), it is determined that the information is invalid information. . Therefore, only when the digital signature of the payment processing institution passes the verification, the payment processing institution ID matches, and the issue time is verified, it is determined that the payment processing institution process validity check is passed. Is determined to have failed.

FIGS. 133 to 134 show the processing flow of the service director process in the processing of “settlement”.
The service director process receives the credit inquiry request 5820 and the payment request 5827 from the service manager process, or receives the credit inquiry request 5820 from the merchant process, or receives the payment request 5827 from the user process. In the three cases in which is received, the processing of “payment” is started.
If a credit inquiry request 5820 is received from the merchant process, the service director process waits at step 10216 to receive a payment request 5827 from the user process, and upon receiving the payment request 5827 from the user process, proceeds to step 10200. Proceed to.
In addition, when receiving the payment request 5827 from the user process, the service director process waits for receiving the credit inquiry request 5820 from the merchant process in step 10217, and receives the credit inquiry request 5820 from the merchant process. Then, proceed to step 10200.
If a credit reference request 5820 and a payment request 5827 are received from the service manager process, the service director process proceeds directly to step 10200 to check the validity of the credit reference request 5820 and the payment request 5827. . In the validity check of the credit reference request and the payment request in step 10200, the service director process includes the data of the payment offer and payment offer response part of the credit reference request and the payment offer and payment offer response part of the payment request. Verifies the validity period of the payment offer and the payment offer response, and passes the credit reference request and payment request validity check only if the data verification matches and the validity period passes. Otherwise, it is determined as failed.

If the credit check request and the payment request have failed the validity check, the service director process performs a service director process session error process in step 10212, and ends the “settlement” process. Due to the service director process session error handling, the service director process and the user processes and merchant processes in the same process group as the service director process are deleted by the service manager process. At this time, the service director process transmits a session error message indicating that an invalid message has been received to the management system 407.
If the credit check request and the payment request pass the validity check, the service director process first identifies the customer number corresponding to the user ID of the payment request in step 10201 by referring to the merchant's customer table. Then, in step 10202, the information on the user information server corresponding to the user is accessed to generate a credit inquiry response 5840, and in step 10203, the generated credit inquiry response 5840 is transmitted to the merchant process, and In step 10204, the service providing history of the credit inquiry is added to the service providing history list 4303 to update the service providing history list 4303.

In generating the credit inquiry response 5840 in step 10202, the service director process does not set the user personal data 5834 if there is a problem with the user's credit status. Also, if there is no transaction between the user and the merchant before using the personal remote credit card settlement service, the customer number corresponding to the user ID cannot be specified. Therefore, the customer number 5836 is not set in this case as well.
In step 10204, the service director process that has updated the service providing history list waits in step 10205 and step 10213 to receive a settlement request 5850 from the merchant process. In step 10205, it is determined whether the settlement request 5850 has been received. In step 10213, a timeout is determined.
If the settlement request 5850 is not received for the timeout period TCR (TCR> 0) or more in step 10213, the service director process times out. In step 10214, the service director process timeout error process To complete the “payment” process. Due to the service director process timeout error handling, the service manager process and the user processes and merchant processes in the same process group as the service director process are deleted by the service manager process. At this time, the service director process sends a timeout error message indicating that timeout has occurred to the management system 407.

Upon receiving the payment request 5850 from the merchant process, the service director process checks the validity of the payment request 5850 at step 10206. In the check of the validity of the settlement request in step 10206, the service director process checks the data of the payment offer and payment offer response part of the payment request 5850 with the payment offer and payment offer response part of the payment request, The reference number of the 5850 is compared with the reference number of the credit inquiry response, and the validity period of the settlement request 5850 is verified. If the data matches, the reference number matches, and the validity period passes, Only in this case, it is determined that the validity check of the settlement request has been passed, and otherwise, it is determined that it has failed.
If the settlement request fails the validity check, the service director process performs a service director process session error process in step 10215, and ends the “settlement” process.
If the payment request validity check is passed, the service director process refers to the payment processing institution table 4304 in step 10207, selects a payment processing institution requesting the payment processing, and in step 10208, determines the service -Send a member process request to the manager process to request a payment processing institution process corresponding to the selected payment processing institution as a member process of the same process group, and in step 10209, the requested payment processing institution process Wait to become a member process.

When the requested payment processing agency process becomes a member process, the service director process proceeds to step 10210, where the information on the user information server corresponding to the user, the information on the merchant information server corresponding to the merchant, and the payment processing agency The settlement request 5910 is generated by accessing the information on the settlement processing institution information server corresponding to the request, and the generated settlement request 5910 is transmitted to the settlement processing institution process in step 10211.
The service director process that has sent the settlement request 5910 waits in steps 10300 and 10311 for receiving the settlement completion notification 5927 from the settlement processing organization process. In step 10300, it is determined whether the payment completion notification 5927 has been received, and in step 10311, a timeout is determined.
In the determination of the timeout in step 10311, if the settlement completion notification 5927 is not received for the timeout period TTPCC (TTPCC> 0) or more, the service director process times out, and in step 10312, the service director process timeout error The processing is performed, and the processing of “settlement” ends.
Upon receiving the payment completion notification 5927 from the payment processing agency process, the service director process determines in step 10301 whether or not there is a customer number corresponding to the user, and if there is a customer number, proceeds to step 10303. If there is no customer number, in step 10302, a customer number that uniquely indicates the user to the merchant is generated and registered in the merchant's customer table, and then the process proceeds to step 10303.
In step 10303, the service director process generates a payment completion notification 5937 to the merchant from the payment completion notification 5927 and the payment request 5850, and transmits the generated payment completion notification 5937 to the merchant process in step 10304.
The service director process that has transmitted the settlement completion notification 5937 waits for receipt of the receipt 6008 from the merchant process in steps 10305 and 10313. In step 10305, the reception of the receipt 6008 is determined, and in step 10313, the timeout is determined.

In the timeout determination in step 10313, if the receipt 6008 is not received for the timeout time TMR (TMR> 0) or more, the service director process times out, and in step 10314, the service director process timeout error processing To complete the “payment” process.
Upon receiving the receipt 6008 from the merchant process, the service director process generates a receipt 6016 to the user in step 10306 from the receipt 6008 and the payment completion notification 5927, and in step 10307, generates the generated receipt 6016. Is transmitted to the user process, and in step 10308, the service provision history of the credit settlement is added to the service provision history list 4303, and the service provision history list 4303 is updated.
In step 10309, the service director process that has updated the service provision history list 4303 waits for the user process to complete the “payment” process, and when the user process completes the “payment” process, in step 10310, the service Send the process deletion request of the director process itself to the service manager process, and end the “settlement” process. By sending the process deletion request in step 10310, the service director process is deleted by the service manager process.

Next, a processing flow in the processing of “cancel” will be described.
FIG. 135 shows a processing flow of the credit settlement terminal in the “cancel” processing. The process of “cancel” is started when the merchant performs a cancel operation 901 and the credit settlement terminal 300 generates a cancel process.
The credit settlement terminal firstly displays “sale cancellation processing in progress” on the LCD in step 10400, and generates a cancellation request 6100 from the settlement completion notice 5937 of the transaction to be canceled in step 10401. From the status, it is determined whether or not the session is established. If the session is established, the generated cancel request is transmitted to the merchant process in step 10404. If the session is not established, the session is established in step 10403. After processing is performed to establish a session with the service providing system, the process proceeds to step 10404.
In steps 10405 and 10412, the credit settlement terminal that has transmitted the cancellation request waits to receive the cancellation completion notification 6104 from the merchant process. In step 10405, it is determined whether or not the cancellation completion notification 6104 has been received, and in step 10412, a timeout is determined.

In the determination of the timeout in step 10412, if the cancellation completion notification 6104 is not received for the timeout time TSPCC (TSPCC> 0) or more, the credit settlement terminal times out, and performs a merchant timeout error process in step 10413. The “Cancel” process ends.
When receiving the cancellation completion notice 6104, the credit settlement terminal decrypts the encryption of the received cancellation completion notice 6104 with the merchant's private key in step 10406, performs a merchant validity check in step 10407, and receives the received message. Verify the validity of
If the merchant validity check passes, the credit settlement terminal proceeds to step 10408, and if the merchant validity check fails, the credit settlement terminal performs merchant session error processing in step 10414, The “Cancel” process ends.
The credit settlement terminal stores the cancellation completion notice 6104 obtained by decrypting the encryption in the temporary area of the RAM in Step 10408, and updates the sales history list and the sales history list address in Step 10409. , The completion of the cancel processing is displayed on the LCD. In step 10411, it is determined from the free space in the temporary area whether data update processing is necessary. If the free space in the temporary area is equal to or greater than the set value AM (AM> 0), the process proceeds to “Cancel”. If the value is smaller than the set value AM, a data update process is generated, and the process proceeds to the data update process.

FIG. 136 shows the processing flow of the merchant process in the “cancel” processing.
In the merchant process, the "cancel" process is started by receiving a cancel request 6100 from the credit settlement terminal. First, in step 10500, the merchant process decrypts the encryption of the received cancel request with the private key of the service provider. In step 10501, the merchant process performs a merchant process validity check to verify the validity of the cancel request.
If the merchant process validity check is passed, the merchant process determines in step 10502 whether or not it belongs to the process group from the value of the service director process ID of the merchant process management information. If it is (service director process ID @ 0), in step 10509, a decryption request is transmitted to the service director process, and if it does not belong to the process group (service director process ID = In step 0503, in step 10503, a cancel request obtained by decrypting the encryption is transmitted to the service manager process.
If the merchant process validity check fails, the merchant process determines that the received message is not valid, performs merchant process session error processing in step 10508, and ends the "cancel" process.
In step 10504, the merchant process that has transmitted the cancel request 6205 to the service director process or the service manager process waits for receiving a cancellation completion notification 6241 from the service director process.
Upon receiving the cancellation completion notification 6241 from the service director process, the merchant process seals the cancellation completion notification 6241 to the merchant in step 10505, and transmits the cancellation completion notification 6104 to the credit settlement terminal in step 10506, In step 10507, the sales history list and the sales history list address on the merchant information server are updated, and the "cancel" process ends.

FIG. 137 shows the processing flow of the personal credit terminal in the "cancel" processing. The "cancel" process is started when the user performs a cancel operation 904, and the personal credit terminal generates a cancel process.
The personal credit terminal firstly displays "Payment Cancellation is being executed" on the LCD in step 10600, and then generates a cancellation request 6101 from the receipt 6016 of the transaction to be canceled in step 10601. At 10602, from the terminal status, it is determined whether or not the session is established.If the session is established, at step 10604, the generated cancel request 6101 is transmitted to the user process. In step 10603, a session establishment process is performed to establish a session with the service providing system, and the process proceeds to step 10604.
In steps 10605 and 10612, the personal credit terminal that has transmitted the cancellation request 6101 waits to receive the cancellation processing receipt 6105 from the user process. At step 10605, it is determined whether or not the cancellation processing receipt 6105 has been received. At step 10612, a timeout is determined.
In step 10612, when the personal credit terminal does not receive the cancellation processing receipt 6105 during the timeout time TSPCR (TSPCR> 0) or more, the personal credit terminal times out, and in step 10613, the user timeout error processing is performed. Is performed, and the “cancel” process ends.
If the personal credit terminal receives the cancellation processing receipt 6105, the personal credit terminal decrypts the encryption of the cancellation processing receipt 6105 with the user's private key in step 10606, performs a user validity check in step 10607, and executes the cancellation processing. Verify the validity of the receipt 6105.
If the user validity check passes, the personal credit terminal proceeds to step 10608, and if the user validity check fails, the personal credit terminal proceeds to step 10614, where the personal credit terminal performs user session error processing. Is performed, and the “cancel” process ends.

  In step 10608, the personal credit terminal stores the cancellation processing receipt 6105 obtained by decrypting the encryption in a temporary area of the RAM, and in step 10609, updates the use history list and the use history list address, In step 10610, a cancellation processing receipt is displayed on the LCD. Then, in step 10611, it is determined whether or not the data update process is necessary based on the free space in the temporary area. Is completed, and if it is smaller than the set value AU, a data update process is generated and the process proceeds to the data update process.

FIG. 138 shows a processing flow of the user process in the “cancel” processing.
In the user process, the "cancel" process is started by receiving a cancel request 6101 from the personal credit terminal. First, in step 10700, the user process decrypts the encryption of the received cancellation request 6101 with the private key of the service provider. In step 10701, the user process performs a user process validity check to verify the validity of the cancellation request 6101. .
If the user process has passed the validity check, the user process determines in step 10702 whether or not it belongs to the process group from the value of the service director process ID in the user process management information. If (service director process ID @ 0), in step 10709, a cancel request 6101 obtained by decrypting the encryption is transmitted to the service director process, and if it does not belong to the process group (service director process ID). = 0), in step 10703, a cancel request 6101 obtained by decrypting the encryption is transmitted to the service manager process.

If the user process validity check fails, the user process determines that the received message is not valid, performs a user process session error process in step 10708, and ends the "cancel" process.
In step 10704, the user process that has transmitted the cancel request 6113 to the service director process or the service manager process waits to receive a cancellation processing receipt 6250 from the service director process. Upon receiving the cancellation processing receipt 6250 from the service director process, the user process seals the cancellation processing receipt 6250 to the user in step 10705, and in step 10706, converts the cancellation processing receipt 6105 into a personal credit. Then, in step 10707, the use history list and the use history list address on the user information server are updated, and the "cancel" process ends.

FIG. 139 shows a processing flow of the settlement system in the “cancel” processing. The "cancel" process is started by receiving a cancel request 6102 from the payment processing institution process of the service providing system.
First, in step 10800, the payment system decrypts the encryption of the received cancellation request 6102 with the private key of the payment processing institution, and in step 10801, performs a payment processing institution validity check to verify the validity of the cancellation request 6102. I do.
If the payment processing institution validity check is passed, the payment system updates the data of the subscriber information server, the member store information server, and the transaction information server based on the cancellation request 6102 in step 10802. In step 10803, the cancellation processing of the credit settlement processing is performed, and in step 10803, the cancellation completion notice 6103 is generated. In step 10804, the generated cancellation completion notice 6103 is transmitted to the settlement processing organization process, and the "cancel" processing is completed. I do.
If the payment processing institution validity check fails, the payment system determines that the received message is not a valid message, performs a payment processing institution session error process in step 10805, and performs a "cancel" process. To end.

FIG. 140 shows a processing flow of the settlement processing institution process in the “cancel” processing. In the clearinghouse process, the "cancel" process is started by receiving a cancel request 6221 from the service director process.
First, in Step 10900, the payment processing institution process seals the cancellation request 6221 to the payment processing institution, and in Step 10901, transmits the cancellation request 6102 to the payment system.
In step 10902, the payment processing agency process that has transmitted the cancellation request 6102 to the payment system waits for reception of the cancellation completion notification 6103 from the payment system. Upon receiving the cancellation completion notice 6103 from the settlement system, the settlement processing organization process decrypts the encryption of the received cancellation completion notice 6103 with the private key of the service provider in step 10903, and activates the settlement processing organization process in step 10904. A validity check is performed to verify the validity of the cancellation completion notification 6103.
If the payment processing institution process validity check is passed, the payment processing institution process transmits a cancellation completion notice 6103 obtained by decrypting the encryption to the service director process in step 10905, and in step 10906, the payment processing institution The settlement history list and the settlement history list address on the information server are updated, and the “cancel” process ends.
If the clearing house process validity check fails, the clearing house process determines that the received message is not valid, and in step 10907 performs clearing house process session error handling and “Cancel”. Is completed.

FIG. 141 shows a processing flow of the service director process in the “cancel” processing.
In the service director process, when the cancellation request 6205 and the cancellation request 6123 are received from the service manager process, or when the cancellation request 6205 is received from the merchant process, or when the cancellation request 6123 is received from the user process. In these three cases, the "cancel" process is started.
If a cancel request 6205 is received from the merchant process, the service director process waits in step 11016 to receive a cancel request 6113 from the user process, and upon receiving the cancel request 6113 from the user process, proceeds to step 11000. move on.
Also, when receiving the cancellation request 6213 from the user process, the service director process waits in step 11017 to receive the cancellation request 6205 from the merchant process, and upon receiving the cancellation request 6205 from the merchant process, proceeds to step 11017. Proceed to 11000.
When receiving the cancellation request 6205 and the cancellation request 6113 from the service manager process, the service director process proceeds to step 11000 as it is, and checks the validity of the cancellation request 6205 and the cancellation request 6113. In the validity check of the cancel request 6205 and the cancel request 6113 in step 11000, the service director process checks the data of the settlement completion notification 5937 of the cancel request 6205 with the data on the merchant information server and the receipt 6016 of the cancel request 6123. Data matching with the data on the user information server, matching the payment number of the payment completion notification 5937 of the cancellation request 6205 with the payment number of the receipt 6016 of the cancellation request 6113, and the validity period of the cancellation request 6205 and the cancellation request 6113 Only when the payment completion notification 5937 and the data collation of the receipt 6016 match, the payment number matches, and the validity period is passed. It is determined to have passed, otherwise it is determined to have failed.

If the validity check of the cancellation request and the payment request fails, the service director process performs a service director process session error process in step 11013, and ends the “cancel” process.
If the cancellation request and payment request pass the validity check, the service director process sends a member process request to the service manager process in step 11001, and cancels the request as a member process of the same process group. A settlement processing institution process corresponding to the settlement institution that has performed the credit settlement processing of the transaction to be made is requested, and in step 11002, the process waits until the requested settlement institution process becomes a member process.
When the requested payment processing institution process becomes a member process, the service director process accesses information on the payment processing institution information server corresponding to the payment processing institution in step 11003, and generates a cancellation request 6221. At 11004, the generated cancellation request 6221 is transmitted to the payment processing institution process.
The service director process that has transmitted the cancellation request 6221 waits in steps 11005 and 11014 to receive the cancellation completion notification 6322 from the payment processing institution process. In step 11005, it is determined whether or not the cancellation completion notification 6232 has been received. In step 11014, a timeout is determined.
In the determination of the timeout in step 11014, if the cancellation completion notification 6232 is not received for the timeout time TTPCC (TTPCC> 0) or more, the service director process times out, and in step 11015, the service director process timeout error The process is performed, and the “cancel” process ends.

Upon receiving the cancellation completion notice 6232 from the payment processing agency process, the service director process generates the cancellation completion notice 6241 to the merchant from the cancellation completion notice 6232 and the cancellation request 6205 in step 11006, and in step 11007, A cancellation processing receipt 6250 to the user is generated from the cancellation request 6213 and the cancellation completion notification 6232, and the generated cancellation completion notification 6241 is transmitted to the merchant process in Step 11008, and the generated cancellation processing is generated in Step 11009. The receipt 6250 is transmitted to the user process, and in step 11010, the service provision history list 4303 is updated by adding the service provision history of credit settlement cancellation to the service provision history list 4303.
In step 11011, the service director process that has updated the service providing history list 4303 waits for the merchant process and the user process to complete the “cancel” process, and the merchant process and the user process execute the “cancel” process. Is completed, in step 11012, a process deletion request of the service director process itself is transmitted to the service manager process, and the "cancel" process ends. By sending the process deletion request in step 11012, the service director process is deleted by the service manager process.

Next, a processing flow in the processing of the “customer service call” will be described. FIG. 142 shows a processing flow of the credit settlement terminal in the processing of the “customer service call”. When the merchant performs a customer service call operation, the process of the “customer service call” is started by the credit settlement terminal 300 generating a customer service call process.
In step 11100, the credit settlement terminal first displays "Connecting process in progress" on the LCD, generates a customer service call request 6300 in step 11101, and determines in step 11102 whether the terminal is in a session established state from the terminal status. If the session is established, the generated customer service call request 6300 is transmitted to the merchant process in step 11104. If the session is not established, session establishment is performed in step 11103 to provide the service. After establishing a session with the system, the process proceeds to step 11104.
In steps 11105 and 11113, the credit settlement terminal that has transmitted the customer service call request 6300 waits to receive the customer service call response 6302 from the merchant process. In step 11105, it is determined whether or not the customer service call response 6302 has been received. In step 11113, a timeout is determined.
In the timeout determination in step 11113, if the customer service call response 6302 is not received for the timeout period TCSCR (TCSCR> 0) or more, the credit settlement terminal times out, and in step 11114, a merchant timeout error process is performed. , End the processing of the “customer service call”.

Upon receiving the customer service call response 6302, the credit settlement terminal decrypts the received customer service call response 6302 with the merchant's private key in step 11106, performs a merchant validity check in step 11107, and Verify the validity of the message.
If the merchant validity check passes, the credit settlement terminal proceeds to step 11108, and if the merchant validity check fails, the credit settlement terminal performs merchant session error processing in step 11115, The processing of the “customer service call” ends.
In step 11108, the credit settlement terminal determines whether the response message of the customer service call response is callable or callless. If the call is possible, in step 11109, "calling" is displayed on the LCD. In step 11110, the process waits for the reception of the call response 6304 from the merchant process. If the call cannot be made, an error message indicating that the user could not be accessed is displayed on the LCD in step 11116. The processing of the "customer service call" is terminated.
Upon receiving the call response 6304 from the merchant process, the credit settlement terminal decrypts the received call response 6304 using the merchant's private key in step 11111, and displays “busy” on the LCD in step 11112. To the voice call state. At this time, if the voice data encryption key 6439 is set in the call response 6304, the credit settlement terminal sets the voice data encryption key 6439 in the voice data encryption key register (CRYPT) 22611 and stores the voice data. Make a voice call with encryption.

FIG. 143 shows a processing flow of the merchant process in the processing of the “customer service call”.
In the merchant process, the processing of the “customer service call” is started by receiving a customer service call request 6300 from the credit settlement terminal. The merchant process first decrypts the encryption of the received customer service call request 6300 with the private key of the service provider in step 11200, performs a merchant process validity check in step 11201, and validates the customer service call request 6300. Verify the nature.
If the merchant process has passed the validity check, the merchant process determines in step 11202 whether or not it belongs to the process group from the value of the service director process ID in the merchant process management information. If it is (service director process ID $ 0), in step 11212 the client service call request 6300 having decrypted the encryption is transmitted to the service director process, and if it does not belong to the process group (service director In the process ID = 0), in step 11203, the customer service call request 6300 in which the encryption is decrypted is transmitted to the service manager process.
If the merchant process validity check fails, the merchant process determines that the received message is not valid, performs merchant process session error processing in step 11211, and ends the processing of the “customer service call”. I do.
The merchant process that sent the customer service call request 6406 to the service director process or service manager process waits at step 11204 to receive a customer service call response 6426 from the service director process.
Upon receiving the customer service call response 6426 from the service director process, the merchant process encloses the customer service call response 6426 to the merchant in step 11205, and in step 11206, converts the customer service call response 6302 to the credit settlement terminal. Send to
Then, in step 11207, it is determined whether the response message of the customer service call response is callable or not. If callable, in step 11208, a call response 6440 is received from the service director process. If the call is not possible, the processing of the "customer service call" is terminated.
Upon receiving the call response 6440 from the service director process, the merchant process seals the call response 6440 to the merchant in step 11209, and transmits the call response 6304 to the credit settlement terminal in step 11210, A transition is made to a voice call state for performing voice data communication.

FIG. 144 shows a processing flow of the personal credit terminal in the processing of the “customer service call”. The processing of the “customer service call” is started by the personal credit terminal generating a customer service call process upon receiving the customer service call 6301 from the service providing system.
First, in step 11300, the personal credit terminal decrypts the encryption of the received customer service call 6301 with the user's private key. In step 11301, the personal credit terminal performs a user validity check to verify the validity of the customer service call 6301. I do.
If the user validity check has been passed, the personal credit terminal outputs a ringtone from the speaker in step 11302, displays an incoming customer service call on the LCD, and in step 11303, the user's call operation Wait for.
If the user validity check fails, the personal credit terminal performs a user session error process in step 11307 and ends the process of the “customer service call”.
When the user performs a call operation, the personal credit terminal generates an incoming call response 6303 in step 11304, transmits the generated incoming call response 6303 to the user process in step 11305, and further, in step 11306, displays the incoming call response on the LCD. , "During call" is displayed, and the state shifts to a voice call state.
When making a voice call by encrypting voice data, in step 11304, when generating the incoming response 6303, the personal credit terminal generates a voice data encryption key 6432 and sets it in the incoming response 6303, Further, the generated audio data encryption key 6432 is set in the audio data encryption key register (CRYPT) 21613 to perform encryption and decryption of the audio data.

FIG. 145 shows a processing flow of the user process in the processing of the “customer service call”.
In the user process, the processing of the "customer service call" is initiated by receiving a customer service call 6417 from the service director process. The user process first seals the received customer service call 6417 to the user in step 11400, and then determines in step 11401 from the user status whether or not the session is in the session established state, In step 11403, a customer service call 6301 is transmitted to the personal credit terminal. If the session is not established, a session establishment process is performed in step 11402 to establish a session with the personal credit terminal. From step 11403.
The user process that sent the customer service call 6301 waits at step 11404 to receive an incoming response 6303 from the personal credit terminal, and upon receiving the incoming response 6303, at step 11405, the service provider's private key The encryption of the received incoming response 6303 is decrypted, and in step 11406, the decrypted incoming response is transmitted to the service director process to shift to a voice communication state in which digital voice data communication is performed.

FIG. 146 shows a processing flow of the service director process in the processing of the “customer service call”.
In the service director process, when a customer service call request 6406 is received from the service manager process, or when a customer service call request 6406 is received from the merchant process, processing of a “customer service call” is started.
The service director process first identifies the user ID corresponding to the customer number 6401 in the customer service call request by referring to the merchant's customer table in step 11500, and then in step 11501, the service manager process , Requesting a user process corresponding to a user making a customer service call as a member process of the same process group, and in step 11502 and step 11512, the requested user process Wait for it to be. In step 11502, it is determined whether or not the requested user process has become a member process. In step 11512, a timeout is determined.
In the determination of the timeout in step 11512, if the requested user process does not become a member process for the timeout period TUPMP (TUPMP> 0) or more, the service director process times out, and in step 11513, the response message A customer service call response 6426 indicating “prohibition” is generated, and the generated customer service call response 6426 is transmitted to the merchant process in step 11514. In step 11515, the merchant process ends the processing of the “customer service call”. Wait for. When the merchant process completes the processing of the "customer service call", the service director process sends a process deletion request of the service director process itself to the service manager process in step 11516 to process the "customer service call". To end. By transmitting the process deletion request in step 11516, the service director process is deleted by the service manager process.

When the requested user process becomes a member process, the service director process determines in step 11503 whether or not the user can be accessed by referring to the user's access control information 24005.
If it is determined in step 11503 that the user can be accessed, the service director process generates a customer service call 6417 in step 11504, and transmits the generated customer service call 6417 to the user process in step 11505. At 11506, the response message 6422 generates a customer service call response 6426 indicating that the call is permitted, and at step 11507, sends the generated customer service call response 6426 to the merchant process.
If it is determined in step 11503 that the user cannot be accessed, the service director process proceeds to step 11513, and performs the processing from step 11513 to step 11516.
The service director process that sent the customer service call response 6426 waits in steps 11508 and 11517 to receive an incoming response 6433 from the user process. At step 11508, the reception of the incoming response 6433 is determined, and at step 11517, the timeout is determined.
In the determination of the timeout in step 11515, if the incoming response 6433 is not received for the timeout period TARU (TARU> 0) or more, the service director process times out, and in step 11518, the service director process timeout error processing is performed. To end the processing of the “customer service call”.
Upon receiving the incoming response 6433 from the user process, the service director process generates a call response 6440 from the incoming response 6433 in step 11509, and transmits the generated call response 6440 to the merchant process in step 11510. Then, in step 11511, the service providing history of the customer service call is added to the service providing history list 4303, the service providing history list 4303 is updated, and a transition is made to a voice call state for performing digital voice data communication.

Next, a processing flow in the processing of the “inquiry call” will be described.
FIG. 147 shows a processing flow of the personal credit terminal in the processing of the “inquiry call”. The process of the “inquiry call” is started when the user performs an inquiry call operation, and the personal credit terminal 100 generates an inquiry call process.
First, the personal credit terminal displays “connection processing in progress” on the LCD in step 11600, generates an inquiry call request 6306 in step 11601, and determines in step 11602 whether the terminal is in a session established state from the terminal status. If it is in the session established state, the generated inquiry call request 6306 is transmitted to the user process in step 11604. If it is not in the session established state, session establishment processing is performed in step 11603, and the service providing system After establishing the session with, the process proceeds to step 11604.
The personal credit terminal that has transmitted the inquiry call request 6306 waits for an inquiry call response 6308 from the user process in steps 11605 and 11613. In step 11605, it is determined whether or not the inquiry call response 6308 has been received. In step 11613, a timeout is determined.
In the determination of the timeout in step 11613, if the inquiry call response 6308 is not received for the timeout period TICR or more (TICR> 0), the personal credit terminal times out, and in step 11614, a user timeout error process is performed. Then, the processing of the "inquiry call" is terminated.

When receiving the inquiry call response 6308, the personal credit terminal decrypts the encryption of the received inquiry call response 6308 with the user's private key in step 11606, performs a user validity check in step 11607, and Verify the validity of the message.
If the user validity check passes, the personal credit terminal proceeds to step 11608, and if the user validity check fails, the personal credit terminal proceeds to step 11615 and executes the user session error process. And terminates the “inquiry call” process.
In step 11608, the personal credit terminal determines whether or not the response message of the inquiry call response is callable or callless. If the call is possible, the personal credit terminal displays “ringing” on the LCD in step 11609. In step 11610, the process waits for a call response 6310 from the user process. If the call is not possible, an error message indicating that the merchant could not be accessed is displayed on the LCD in step 11616. Inquiry call ”processing ends.

  Upon receiving the call response 6310 from the user process, the personal credit terminal decrypts the received call response 6310 with the user's private key in step 11611, and displays “busy” on the LCD in step 11612. Then, the state shifts to the voice call state. At this time, if the voice data encryption key 6537 is set in the call response 6310, the personal credit terminal sets the voice data encryption key 6537 in the voice data encryption key register (CRYPT) 21613, and And make a voice call.

FIG. 148 shows a processing flow of the user process in the processing of the “inquiry call”.
In the user process, the processing of an "inquiry call" is initiated by receiving an inquiry call request 6306 from a personal credit terminal. First, in step 11700, the user process decrypts the encryption of the received inquiry call request 6306 with the private key of the service provider. In step 11701, the user process performs a user process validity check, and checks the validity of the inquiry call request 6306. Verify.
If the user process has passed the validity check, the user process determines in step 11702 whether or not it belongs to the process group from the value of the service director process ID in the user process management information. If it is (service director process ID $ 0), in step 11712, it transmits an inquiry call request 6306 having decrypted the encryption to the service director process, and if it does not belong to the process group (service director process At (ID = 0), in step 11703, an inquiry call request 6306 obtained by decrypting the encryption is transmitted to the service manager process.

If the user process fails the validity check, the user process determines that the received message is not valid, performs a user process session error process in step 11711, and terminates the "query call" process. .
The user process that has transmitted the inquiry call request 6506 to the service director process or the service manager process waits at step 11704 for receiving an inquiry call response 6524 from the service director process.
Upon receiving the inquiry call response 6524 from the service director process, the user process seals the inquiry call response 6524 to the user in step 11705, and transmits the inquiry call response 6308 to the personal credit terminal in step 11706. . Then, in step 11707, it is determined whether the response message of the inquiry call response is callable or not. If callable, in step 11708, it is determined that the call response 6538 is received from the service director process. If the call cannot be waited, the process of the “inquiry call” is terminated.
Upon receiving the call response 6538 from the service director process, the user process seals the call response 6538 to the user in step 11709, and transmits the call response 6310 to the personal credit terminal in step 11710, A transition is made to a voice call state for performing digital voice data communication.

FIG. 149 shows a processing flow of the credit settlement terminal in the processing of the “inquiry call”. When the inquiry call 6307 is received from the service providing system, the processing of the “inquiry call” is started by the credit settlement terminal generating an inquiry call process.
The credit settlement terminal first decrypts the encryption of the received inquiry call 6307 with the merchant's private key in step 11800, and performs merchant validity check in step 11801 to verify the validity of the inquiry call 6307.
If the merchant validity check is passed, the credit settlement terminal outputs a ringtone from the speaker in step 11802, displays an incoming call on the LCD, and waits for the merchant's call operation in step 11803. .
If the merchant validity check fails, the credit settlement terminal performs a merchant session error process in step 11807, and ends the “inquiry call” process.
When the merchant performs a call operation, the credit settlement terminal generates an incoming response 6309 in Step 11804, transmits the generated incoming response 6309 to the merchant process in Step 11805, and further, in Step 11806, displays "Calling" is displayed and the state shifts to the voice call state.
In the case of making a voice call by encrypting voice data, in step 11804, when generating an incoming response 6309, the credit settlement terminal generates a voice data encryption key 6530 and sets it in the incoming response 6309, Then, the generated audio data encryption key 6530 is set in the audio data encryption key register (CRYPT) 22611, and encryption and decryption of the audio data are performed.

FIG. 150 shows a processing flow of the merchant process in the processing of the “inquiry call”.
In the merchant process, the processing of the "query call" is initiated by receiving a query call 6515 from the service director process. The merchant process first seals the received inquiry call 6515 to the merchant in step 11900, and then determines in step 11901 from the merchant status whether or not the session is in the established state. In step 11903, an inquiry call 6307 is transmitted to the credit settlement terminal. If the session is not established, a session establishment process is performed in step 11902 to establish a session with the credit settlement terminal. Proceed to.
In step 11904, the merchant process that sent the inquiry call 6307 waits for reception of the incoming response 6309 from the credit settlement terminal, and when the incoming response 6309 is received, in step 11905, the merchant process uses the private key of the service provider. The encryption of the incoming response 6309 is decrypted, and in step 11906, the decrypted incoming response is transmitted to the service director process to shift to a voice communication state in which digital voice data communication is performed.

FIG. 151 shows a processing flow of the service director process in the processing of the “inquiry call”.
In the service director process, when the inquiry call request 6506 is received from the service manager process or the inquiry call request 6506 is received from the user process, the process of the “inquiry call” is started.
First, the service director process sends a member process request to the service manager process in step 12000, and requests a merchant process corresponding to the merchant making an inquiry call as a member process of the same process group. At 12001 and step 12010, the requested merchant process waits to become a member process. In step 12001, it is determined whether or not the requested merchant process has become a member process. In step 12010, a timeout is determined.
In the timeout determination in step 12010, if the requested merchant process does not become a member process for the timeout period TMPMP (TMPMP> 0) or more, the service director process times out, and in step 12011, a response message 6422 indicates a call. A customer service call response 6426 indicating “prohibited” is generated, and in step 11512, the generated inquiry call response 6524 is transmitted to the user process. In step 12513, the user process terminates the processing of the “inquiry call call”. wait. When the user process completes the processing of the "inquiry call", the service director process sends the process deletion request of the service director process itself to the service manager process in step 12014, and terminates the processing of the "inquiry call". I do. By sending the process deletion request in step 12014, the service director process is deleted by the service manager process.

If the requested merchant process becomes a member process, the service director process generates an inquiry call 6515 in step 12002, sends the generated inquiry call 6515 to the merchant process in step 12003, and further proceeds to step 12004. Then, the response message 6422 generates an inquiry call response 6524 indicating that the call is permitted, and in step 12005, transmits the generated inquiry call response 6524 to the user process.
The service director process that sent the inquiry call response 6524 waits for an incoming response 6531 from the merchant process in steps 12006 and 12015. In step 12006, the reception of the incoming response 6531 is determined, and in step 12015, the timeout is determined.
In the timeout determination in step 12015, if the incoming response 6531 is not received for the timeout time TARM (TARM> 0) or more, the service director process times out, and in step 12016, the service director process timeout error processing Is performed, and the processing of the “inquiry call” ends.
When receiving the incoming response 6531 from the merchant process, the service director process generates a call response 6538 from the incoming response 6531 in step 12007, and transmits the generated call response 6538 to the user process in step 12008. Then, in step 12009, the service providing history of the inquiry call is added to the service providing history list 4303, the service providing history list 4303 is updated, and a transition is made to a voice call state for performing digital voice data communication.

Next, an operation when the user uses the personal remote credit settlement service in the user's home service area or a service area other than the home service area will be described.
FIG. 152 (a) shows an operation in the case where the user performs a “payment” process or a “cancel” process in a home service area with a merchant having the same home service area.
In this case, the personal credit terminal 100 and the credit settlement terminal 300 communicate with the service providing system 102 in the home service area (service area 1 12100) to perform “payment” processing or “cancel” processing. Perform
In the service providing system 102, the service manager process 23800 generates and generates a user process 23802, a merchant process 23803, a service director process 23801, and a payment processing agency process 23804 on the service server of the service providing system 102. The service director process 23801, the user process 23802, the merchant process 23803, and the settlement processing institution process 23804 that perform the “payment” process or the “cancel” process in cooperation with each other.

FIG. 152 (b) shows an operation in the case where a user performs a “payment” process or a “cancel” process in a merchant having a different home service area and a merchant's home service area.
In this case, the personal credit terminal 100 and the credit settlement terminal 300 communicate with the service providing system 102 in the merchant's home service area (service area 1 12100) to process “payment” or “cancel”. Is performed.
In the service providing system 102, the service manager process 23800 generates a mobile user process 12105, a merchant process 23803, a service director process 23801, and a payment processing agency process 23804 on the service server of the service providing system 102, On the other hand, in the service providing system 12102 of the user's home service area (service area 2 12101), the service manager process 12103 generates a home user process 12104 on the service server of the service providing system 12102, and generates the generated service. The director process 23801, the home user process 12104, the mobile user process 12105, the merchant process 23803, and the payment processing institution process 23804 cooperate with each other to perform a "payment" process or a "cancel" process.
The home user process 12104 is configured such that, when the service manager process 23800 creates the mobile user process 12105, the service manager process 23800 sends a message to the service manager process 12103 requesting the user to create a home user process corresponding to the user. If the generated home user process 12104 cannot be generated (for example, a user process corresponding to the user has already been generated), the mobile user process 12105 is not generated.

FIG. 153 (a) shows the operation when the user and the merchant perform the "cancel" process in their respective home service areas when the home service areas of the user and the merchant are different.
In this case, the personal credit terminal 100 communicates with the service providing system 12202 of the user's home service area (service area 2 12201), and the credit settlement terminal 300 communicates with the service of the merchant's home service area (service area 1 12200). The communication with the providing system 102 is performed to perform a "cancel" process.
In the service providing system 12202, the service manager process 12203 creates a user process 23802 on the service server of the service providing system 12202, while in the service providing system 102, the service manager process 23800 On the service server, a merchant process 23803, a service director process 23801, and a payment processing agency process 23804 are generated, and the generated service director process 23801, a user process 23802, a merchant process 23803, and a payment processing agency process are generated. 23804 cooperates to perform "cancel" processing.
The cancel request 6123 transmitted from the user process 23802 to the service manager process 12203 is transmitted by the service manager process 12203 to the service manager process 23800, and the cancel request 6205 transmitted from the merchant process 23803 to the service manager process 23800. The process group is generated by the service director process 23801, the user process 23802, the merchant process 23803, and the payment processing agency process 23804.

FIG. 153 (b) shows an operation in the case where the user and the merchant's home service area are different, and the user performs “cancel” processing from a place other than the user or the merchant's home service area. .
In this case, the personal credit terminal 100 communicates with the service providing system 12206 of the nearest service area (service area 2 12204), and the credit settlement terminal 300 provides the service of the merchant's home service area (service area 1 12200). The communication with the system 102 is performed to perform a "cancel" process.
In the service providing system 12206, the service manager process 12208 creates a mobile user process 12211 on the service server of the service providing system 12206, while the service providing system 12207 in the user's home service area (service area 3 12205). The service manager process 12209 creates a home user process 12210 on the service server of the service providing system 12207, and further, in the service providing system 102, the service manager process 23800 creates a home user process 12210 on the service server of the service providing system 102. , A merchant process 23803, a service director process 23801, and a payment processing agency process 23804, and the generated service director process 23801, a home user process 12210, a mobile user process 12211, and a merchant process 23801. And Yantopurosesu 23803, settlement processing engine processes 23,804 and work together carry out the processing of the "Cancel".
The home user process 12210 transmits the message to the service manager process 12209 by requesting the service manager process 12209 to create a home user process corresponding to the user when the service manager process 12208 creates the mobile user process 12211. If the generated home user process 12210 cannot be generated (for example, a user process corresponding to the user has already been generated), the mobile user process 12211 is not generated.
The cancel request 6113 sent from the mobile user process 12211 to the service manager process 12208 is sent by the service manager process 12208 to the service manager process 23800, and the cancel request sent from the merchant process 23803 to the service manager process 23800. Matching with 6205, a process group is created by the service director process 23801, the mobile user process 12211, the merchant process 23803, and the payment processing agency process 23804.

FIG. 154 (a) shows an operation in the case where a "customer service call" process or an "inquiry call" process is performed between a user and a merchant having the same home service area.
In this case, the personal credit terminal 100 and the credit settlement terminal 300 communicate with the service providing system 102 in the home service area (service area 1 12300) to process a “customer service call” or an “inquiry call”. Is performed.
In the service providing system 102, the service manager process 2900 generates a user process 23802, a merchant process 23803, and a service director process 2901 on the service server of the service providing system 102, and the generated service director process 2901 The user process 23802 and the merchant process 23803 cooperate to perform a “customer service call” process or an “inquiry call” process.
FIG. 154 (b) shows an operation when the merchant performs a “customer service call” process with a user having a different home service area. In this case, the personal credit terminal 100 communicates with the service providing system 12302 of the user's home service area (service area 2 12301), and the credit settlement terminal 300 communicates with the service of the merchant's home service area (service area 1 12300). The communication with the providing system 102 is performed to perform a “customer service call” process.
In the service providing system 102, the service manager process 23800 creates a merchant process 23803 and a service director process 23801 on the service server of the service providing system 102, while in the service providing system 12302, the service manager process 12303 Generates a user process 23802 on the service server of the service providing system 12302, and the generated service director process 23801, the user process 23802, and the merchant process 23803 cooperate to process a “customer service call”. Perform
The user process 23802 of the service providing system 12302 in the user's home service area, the service manager process 23800 that has received the member process request from the service director process 23801 sends the service manager process 12303 a request for a user process corresponding to the user. Generated by sending a message requesting generation.

FIG. 155 (a) shows an operation when the user performs an “inquiry call” process from the user's home service area to a merchant having a different home service area.
In this case, the personal credit terminal 100 communicates with the service providing system 12402 of the user's home service area (service area 2 12401), and the credit settlement terminal 300 communicates with the service of the merchant's home service area (service area 1 12400). The communication with the providing system 102 is performed to perform an “inquiry call” process.
In the service providing system 12402, the service manager process 12403 creates a user process 23802 on the service server of the service providing system 12402, while in the service providing system 102, the service manager process 23800 On the service server, a merchant process 23803 and a service director process 23801 are generated, and the generated service director process 23801, the user process 23802, and the merchant process 23803 cooperate to perform the processing of the “inquiry call”. Do.
The inquiry call request 6506 sent from the user process 23802 to the service manager process 12203 is sent by the service manager process 12203 to the service manager process 23800, and the service director process 23801, the user process 23802, the merchant process 23803, Creates a process group.

FIG. 155 (b) shows an operation in the case where a user performs an “inquiry call” process with a merchant having a different home service area from a service area other than the user or merchant's home service area. .
In this case, the personal credit terminal 100 communicates with the service providing system 12406 of the nearest service area (service area 2 12404), and the credit settlement terminal 300 provides the service of the merchant's home service area (service area 1 12400). It communicates with the system 102 to perform "query call" processing.
In the service providing system 12406, the service manager process 12408 creates a mobile user process 12411 on the service server of the service providing system 12406, while the service providing system 12407 in the user's home service area (service area 3 12405). The service manager process 12409 creates a home user process 12410 on the service server of the service providing system 12407, and further, in the service providing system 102, the service manager process 23800 creates a home user process 124800 on the service server of the service providing system 102. , A merchant process 23803 and a service director process 23801 are generated, and the generated service director process 23801, the home user process 12410, the mobile user process 12411, and the merchant process 23803 are linked. Te, a process of "inquiry call".
The home user process 12410 transmits the message to the service manager process 12409 by requesting the service manager process 12409 to create a home user process corresponding to the user when the service manager process 12408 creates the mobile user process 12411. If the generated home user process 12410 cannot be generated (for example, a user process corresponding to the user has already been generated), the mobile user process 12411 is not generated.
The inquiry call request 6506 sent from the mobile user process 12411 to the service manager process 12408 is sent by the service manager process 12408 to the service manager process 23800, where the service director process 23801, the mobile user process 12411, and the merchant process 23803, a process group is generated.

As described above, by operating the personal credit terminal 100, the credit settlement apparatus 101, the service providing system 102, and the settlement system 103, a personal remote credit settlement service is provided. The user can receive the same personal remote credit payment service anywhere in the area where the personal remote credit payment service is provided.
In the personal credit terminal 100, instead of the ROM 1501 and the EEPROM 1503, a ferroelectric nonvolatile memory may be used as a memory device for storing a program executed by the CPU 1500 and a public key of a service provider. . A ferroelectric non-volatile memory is capable of holding data without a battery while being writable like an EEPROM or a flash memory, and has a higher read / write speed than an EEPROM or a flash memory. , A memory device having characteristics of low power consumption.
When a ferroelectric non-volatile memory is used instead of the ROM 1501 and the EEPROM 1503, for example, by substantially the same processing as the data update processing, the version of the program of the personal credit terminal 100 is significantly upgraded, and periodic service provision is performed. There is an advantage that the public key of the user can be updated in a relatively short time and without significantly impairing the life of the battery.
Further, a ferroelectric nonvolatile memory may be used as the RAM 1502 for storing data processed by the CPU 1500 and data processed by the CPU 1500. In this case, even if the battery runs out, the data is retained, so there is no need to perform data backup processing, and there is no need for a power supply for retaining data in the RAM, so that the power consumption of the personal credit terminal can be reduced. There is an advantage that it can be.

In the above description, the personal credit terminal 100 and the credit settlement device 101 constituting the personal remote credit settlement system are the most suitable hardware for realizing the respective functions in the personal remote credit settlement service. Although it has a hardware configuration, the functions include a computer equipped with a wireless telephone communication function (or telephone communication function), an infrared communication function, a display, a keyboard (or pen input device), a microphone, and a speaker. You can also.
In this case, among the internal hardware of the personal credit terminal 100 or the credit settlement apparatus 101, hardware in which the computer does not have functionally corresponding hardware (eg, a data codec, a cryptographic processor, a control logic) , Etc.), the functions are converted into software programs and converted into software programs that run on the OS (Operating System) of the personal computer together with the programs stored in the ROM 1501 (22501). Is stored in a location executable by the computer (eg, a hard disk).

  The personal electronic payment system of the present invention can be applied to various electronic payments such as credit electronic payment.

FIG. 1 is a block diagram of a personal electronic payment system according to first and second embodiments of the present invention; FIG. 1 is a schematic view of a personal credit terminal according to the first and second embodiments of the present invention, FIG. 1 is an overview of a credit settlement terminal according to the first and second embodiments of the present invention, FIG. 1 is a block diagram of a service providing system according to first and second embodiments of the present invention; FIG. 1 is a block diagram of a settlement system according to first and second embodiments of the present invention. FIG. 8 is a processing flow chart of “settlement” in the first embodiment of the present invention; Schematic diagrams (a) to (h) of screens displayed on the LCD of the personal credit terminal at the time of "payment" processing according to the first embodiment of the present invention; Schematic diagrams (a) to (g) of screens displayed on the LCD of the credit settlement terminal at the time of "settlement" processing in the first embodiment of the present invention; FIG. 9 is a processing flowchart of “cancel” in the first and second embodiments of the present invention. Schematic diagrams (a) to (e) of screens displayed on the LCD of the personal credit terminal at the time of "cancel" processing in the first and second embodiments of the present invention; Schematic diagrams (a) to (g) of screens displayed on the LCD of the credit settlement terminal at the time of "cancel" processing in the first and second embodiments of the present invention; (A) a processing flow diagram of a "customer service call" in the first embodiment of the present invention; (b) a processing flow diagram of an "inquiry call" in the first embodiment of the present invention; FIG. 7A is a schematic diagram of a screen displayed on the LCD of the personal credit terminal during processing of a “customer service call” in the first and second embodiments of the present invention, and FIG. A schematic diagram (b) of a screen displayed on the LCD of the personal credit terminal during the processing and the "inquiry call" processing, and a screen displayed on the LCD of the personal credit terminal during the processing of the "inquiry call". (C)-(i) Schematic diagrams (a) to (e) and (g) of screens displayed on the LCD of the credit settlement terminal during the processing of the "customer service call" in the first and second embodiments of the present invention; A schematic diagram (f) of a screen displayed on the LCD of the credit settlement terminal in the processing of the "customer service call" and the "inquiry call", and a credit settlement terminal in the processing of the "inquiry call" Schematic diagram (h) of the screen displayed on the LCD of (A) A block diagram of a personal credit terminal according to the first and second embodiments of the present invention. (B) An infrared communication module of a personal credit terminal according to the first and second embodiments of the present invention. Block diagram, FIG. 4 is a schematic diagram of a RAM map of a personal credit terminal according to the first embodiment of the present invention; FIG. 4 is a schematic diagram of data stored in a service data area of the personal credit terminal according to the first embodiment of the present invention; (A) Configuration diagram of the internal register of the personal credit terminal according to the first embodiment of the present invention, (b) Bit field configuration diagram of the INT register of the personal credit terminal according to the first embodiment of the present invention, (C) A bit field configuration diagram of a variable interrupt on the RAM of the personal credit terminal according to the first embodiment of the present invention, FIG. 4 is a processing flow diagram performed by the CPU of the personal credit terminal according to the first embodiment of the present invention; (A) a flow chart of a digital signature process according to the first embodiment of the present invention; (b) a flow diagram of a digital signature process according to the first embodiment of the present invention; (A) a flow chart of a message sealing process in the first embodiment of the present invention; (b) a flow explanatory diagram of a message sealing process in the first embodiment of the present invention; (A) A flow chart of the decryption processing of the sealed message in the first embodiment of the present invention, (b) The flow of the decryption processing of the sealed message in the first embodiment of the present invention Explanatory diagram, (A) a flowchart of a digital signature verification process according to the first embodiment of the present invention; (b) a flowchart explanatory diagram of a digital signature verification process according to the first embodiment of the present invention; (A) a block configuration diagram of a credit settlement terminal according to the first embodiment of the present invention; (b) a block configuration diagram of an infrared receiving / emitting module of the credit settlement terminal according to the first embodiment of the present invention; FIG. 4 is a schematic diagram of a RAM map of a credit settlement terminal according to the first embodiment of the present invention; FIG. 3 is a schematic diagram of data stored in a service data area of the credit settlement terminal according to the first embodiment of the present invention; (A) Configuration diagram of an internal register of a credit settlement terminal according to the first embodiment of the present invention, (b) Bit field configuration diagram of an INT register of the credit settlement terminal according to the first embodiment of the present invention, (c) FIG. 5 is a diagram illustrating a bit field configuration of a variable interrupt on the RAM of the credit settlement terminal according to the first embodiment of the present invention; FIG. 4 is a flowchart of a process performed by a CPU of the credit settlement terminal according to the first embodiment of the present invention; A schematic diagram of data stored for one user in a user information server of the service providing system according to the first embodiment of the present invention; FIG. 3 is a schematic diagram of data stored for one merchant in a merchant information server of the service providing system according to the first embodiment of the present invention; A schematic diagram of data stored for one payment processing institution in a payment processing institution information server of the service providing system according to the first embodiment of the present invention; FIG. 4 is a schematic diagram of data stored in a service director information server of the service providing system according to the first embodiment of the present invention; (A) a flowchart of a remote access process according to the first embodiment of the present invention; (b) a flowchart of a data update process according to the first embodiment of the present invention; (A) a schematic diagram of a data structure of a remote access request according to the first embodiment of the present invention, (b) a schematic diagram of a data structure of remote access data according to the first embodiment of the present invention, (c) A) a schematic diagram of a data structure of a data update request according to the first embodiment of the present invention; (d) a schematic diagram of a data structure of a data update request response according to the first embodiment of the present invention; A schematic diagram of a data structure of upload data according to the first embodiment of the present invention; (f) a schematic diagram of a data structure of update data according to the first embodiment of the present invention; (A) A schematic diagram of a data structure of a function stop command according to the first embodiment of the present invention, (A) a schematic diagram of a data structure of a payment offer according to the first embodiment of the present invention; (b) a schematic diagram of a data structure of a payment offer response according to the first embodiment of the present invention; (c) A schematic diagram of a data structure of a credit inquiry request according to the first embodiment of the present invention, (d) a schematic diagram of a data structure of a payment request according to the first embodiment of the present invention, and (e) a schematic diagram of the present invention. Schematic diagram of a data structure of a credit inquiry response according to the first embodiment, (f) Schematic diagram of a data structure of a settlement request transmitted from the credit settlement terminal to the service providing system according to the first embodiment of the present invention. Figure, (A) a schematic diagram of a data structure of a settlement request transmitted from the service providing system to the settlement system according to the first embodiment of the present invention; (b) a service from the settlement system according to the first embodiment of the present invention; Schematic diagram of the data structure of the payment completion notification transmitted to the providing system, (c) Schematic diagram of the data structure of the payment completion notification transmitted from the service providing system to the credit payment terminal in the first embodiment of the present invention. Figure, (A) A schematic diagram of a data structure of a receipt transmitted from a credit settlement terminal to a service providing system according to the first embodiment of the present invention, (b) a service providing system according to the first embodiment of the present invention Schematic diagram of the data structure of the receipt sent to the personal credit terminal from (A) A schematic diagram of a data structure of a cancel request transmitted from the credit settlement terminal to the service providing system according to the first embodiment of the present invention, (b) Personal credit according to the first embodiment of the present invention Schematic diagram of the data structure of the cancel request transmitted from the terminal to the service providing system, (c) Schematic diagram of the data structure of the cancel request transmitted from the service providing system to the settlement system in the first embodiment of the present invention Schematic diagram of a data structure of a cancel request transmitted from the service providing system to the settlement system in the embodiment of the present invention, (d) Completion of cancellation transmitted from the settlement system to the service providing system in the first embodiment of the present invention Schematic diagram of notification data structure, (e) Service according to the first embodiment of the present invention Schematic diagram of the data structure of the cancellation completion notification transmitted from the subject system to the credit settlement terminal, schematic view of a data structure of the cancel processing receipt in the first embodiment of the present invention (f), (A) a schematic diagram of a data structure of a customer service call request according to the first embodiment of the present invention; (b) a schematic diagram of a data structure of a customer service call according to the first embodiment of the present invention; c) a schematic diagram of a data structure of a customer service call request response according to the first embodiment of the present invention, and (d) a data structure of an incoming response at the time of a customer service call according to the first embodiment of the present invention. (E) a schematic diagram of a data structure of a call response at the time of a customer service call according to the first embodiment of the present invention; (A) a schematic diagram of a data structure of an inquiry call request according to the first embodiment of the present invention; (b) a schematic diagram of a data structure of an inquiry call according to the first embodiment of the present invention; (c) A schematic diagram of a data structure of an inquiry call request response according to the first embodiment of the present invention; (d) a schematic diagram of a data structure of an incoming call response during an inquiry call according to the first embodiment of the present invention; (E) a schematic diagram of a data structure of a call response at the time of an inquiry call according to the first embodiment of the present invention; Block diagram of a conventional payment system, FIG. 9 is a processing flowchart of “settlement” in the second embodiment of the present invention. Schematic diagrams (a) to (h) of screens displayed on the LCD of the personal credit terminal during the "payment" process, (A) a processing flow diagram of a "customer service call" in the second embodiment of the present invention; (b) a processing flow diagram of an "inquiry call" in the second embodiment of the present invention; FIG. 9 is a configuration diagram of an internal register of a personal credit terminal according to a second embodiment of the present invention; (A) A bit field configuration diagram of the INT register of the personal credit terminal according to the second embodiment of the present invention, (b) A variable interrupt on the RAM of the personal credit terminal according to the second embodiment of the present invention Bit field configuration diagram, FIG. 9 is a schematic diagram of a RAM map of a personal credit terminal according to a second embodiment of the present invention; FIG. 14 is a schematic diagram of data stored in a service data area of a personal credit terminal according to the second embodiment of the present invention; (A) Process list diagram of CPU of personal credit terminal according to second embodiment of the present invention, (b) Update of process list by process management process of personal credit terminal according to second embodiment of the present invention An explanatory diagram for explaining the FIG. 9 is a conceptual diagram of a processing flow performed by a CPU of a personal credit terminal according to a second embodiment of the present invention; (A) Conceptual diagram of the reset processing performed by the CPUs of the personal credit terminal and the credit settlement terminal according to the second embodiment of the present invention, (b) the personal credit terminal according to the second embodiment of the present invention And a conceptual diagram of a processing flow at the time of power-on performed by the CPU of the credit settlement terminal, and (c) a conceptual diagram of a processing flow at the time of power-off performed by the CPUs of the personal credit terminal and the credit settlement terminal in the second embodiment of the present invention. , FIG. 9 is a conceptual diagram of a processing flow during normal operation performed by the CPU of the personal credit terminal according to the second embodiment of the present invention; FIG. 12 is a conceptual diagram of a processing flow at the time of processing “payment” performed by the CPU of the personal credit terminal according to the second embodiment of the present invention; (A) a block configuration diagram of a credit settlement terminal according to the second embodiment of the present invention; (b) a block configuration diagram of an infrared receiving / emitting module of the credit settlement terminal according to the second embodiment of the present invention; FIG. 9 is a configuration diagram of an internal register of a credit settlement terminal according to a second embodiment of the present invention; (A) Bit field configuration diagram of the INT register of the credit settlement terminal according to the second embodiment of the present invention, (b) bit field of variable interrupt on the RAM of the credit settlement terminal according to the second embodiment of the present invention Diagram, FIG. 9 is a schematic diagram of a RAM map of a credit settlement terminal according to a second embodiment of the present invention; FIG. 9 is a schematic diagram of data stored in a service data area of a credit settlement terminal according to the second embodiment of the present invention; (A) Process list diagram of the CPU of the credit settlement terminal according to the second embodiment of the present invention, (b) Update of the process list by the process management process of the credit settlement terminal according to the second embodiment of the present invention Commentary diagram to do, FIG. 9 is a conceptual diagram of a processing flow performed by a CPU of a credit settlement terminal according to a second embodiment of the present invention; FIG. 7 is a conceptual diagram of a processing flow in a normal state performed by a CPU of a credit settlement terminal according to a second embodiment of the present invention; FIG. 13 is a conceptual diagram of a processing flow at the time of “payment” processing performed by the CPU of the credit payment terminal according to the second embodiment of the present invention; (A) a flow chart of a digital signature process according to the second embodiment of the present invention; (b) a flow chart of a digital signature process according to the second embodiment of the present invention; (A) a flowchart of a message sealing process according to the second embodiment of the present invention; (b) a flowchart explanatory diagram of a message sealing process according to the second embodiment of the present invention; (A) A flow chart of the decryption processing of the sealed message in the second embodiment of the present invention, (b) The flow of the decryption processing of the sealed message in the second embodiment of the present invention Explanatory diagram, (A) a flowchart of a digital signature verification process according to the second embodiment of the present invention; (b) a flowchart explanatory diagram of a digital signature verification process according to the second embodiment of the present invention; FIG. 7 is a diagram illustrating a processing architecture of a service providing system according to a second embodiment of the present invention; FIG. 9 is a list of processes of the service providing system according to the second embodiment of the present invention; List of processes of the service providing system according to the second embodiment of the present invention (continued), A schematic diagram of data stored for one user in a user information server of a service providing system according to a second embodiment of the present invention; A schematic diagram of data stored for one merchant in a merchant information server of a service providing system according to a second embodiment of the present invention; A schematic diagram of data stored for one payment processing institution in a payment processing institution information server of the service providing system according to the second embodiment of the present invention; FIG. 9 is a schematic diagram of data stored in a service director information server of the service providing system according to the second embodiment of the present invention; (A) In the service providing system according to the second embodiment of the present invention, a schematic diagram of user process management information generated for one user process, (b) In the second embodiment of the present invention In the service providing system, a schematic diagram of merchant process management information generated for one merchant process, (c) in the service providing system according to the second embodiment of the present invention, Schematic diagram of payment management institution process management information generated by (d), service director process management generated for one service director process in the service providing system according to the second embodiment of the present invention (E) A service providing system according to the second embodiment of the present invention In, schematic view of a process group management information generated for the one process group, schematic view of the message list that is generated in the service providing system according to the second embodiment of the present invention (f), FIG. 13 is a flowchart of a session establishment process when connecting to a service providing system from a personal credit terminal according to the second embodiment of the present invention; FIG. 9 is a flowchart of a session establishment process when connecting from the service providing system to the personal credit terminal according to the second embodiment of the present invention; (A) Schematic diagram of the data structure of the authentication test A, (b) data of the authentication test A response in the session establishment process when connecting from the service providing system to the personal credit terminal according to the second embodiment of the present invention Schematic diagram of the structure, (c) Schematic diagram of the data structure of the authentication test B response, (d) of the session establishment process when connecting from the service providing system to the personal credit terminal according to the second embodiment of the present invention. ) Schematic diagram of data structure of authentication test C, (e) Schematic diagram of data structure of authentication test C response, (f) Schematic diagram of data structure of authentication test D response, Flow chart of a session establishment process when connecting from a credit settlement terminal to a service providing system according to the second embodiment of the present invention, Flow chart of a session establishment process when connecting from the service providing system to the credit settlement terminal according to the second embodiment of the present invention, (A) Schematic diagram of data structure of authentication test A, (b) Data structure of authentication test A response in session establishment processing when connecting from service providing system to credit settlement terminal in the second embodiment of the present invention (C) Schematic diagram of the data structure of the authentication test B response, (d) Authentication of session establishment processing when connecting from the service providing system to the credit settlement terminal in the second embodiment of the present invention A schematic diagram of the data structure of test C, (e) a schematic diagram of the data structure of the authentication test C response, (f) a schematic diagram of the data structure of the authentication test D response, (A) Flow chart of remote access processing by personal credit terminal and user process according to the second embodiment of the present invention, (b) Flow chart of data update processing, (c) Flow chart of forced data update processing, (D) Flow chart of data backup processing, (A) Schematic diagram of the data structure of the remote access request, (b) Schematic diagram of the data structure of the remote access data, (b) Schematic diagram of the data structure of the remote access data exchanged between the personal credit terminal and the user process in the second embodiment of the present invention. c) a schematic diagram of the data structure of the data update request, (d) a schematic diagram of the data structure of the data update response, (e) a schematic diagram of the data structure of the upload data, and (f) a schematic diagram of the data structure of the update data. Formula drawing, (A) a schematic diagram of a data structure of a function stop command, (b) a schematic diagram of a data structure of a data update command, exchanged between a personal credit terminal and a user process according to the second embodiment of the present invention; (A) Flow chart of remote access processing, (b) flow chart of data update processing, (c) flow chart of forced data update processing according to the credit settlement terminal and the merchant process in the second embodiment of the present invention, (A) Schematic diagram of the data structure of the remote access request, (b) Schematic diagram of the data structure of the remote access data, (c) ) Schematic diagram of data structure of data update request, (d) Schematic diagram of data structure of data update response, (e) Schematic diagram of data structure of upload data, (f) Schematic diagram of data structure of update data Figure, (A) a schematic diagram of a data structure of a function stop command, (b) a schematic diagram of a data structure of a data update command, exchanged between a credit settlement terminal and a merchant process in the second embodiment of the present invention; Message exchange procedure explanatory diagram of "settlement" processing in the second embodiment of the present invention, (A) a schematic diagram of a data structure of a payment offer according to the second embodiment of the present invention, (b) a schematic diagram of a data structure of a payment offer response according to the second embodiment of the present invention, (c) A schematic diagram of a data structure of a credit inquiry request in the second embodiment of the present invention, (d) a schematic diagram of a data structure of a payment request in the second embodiment of the present invention, (e) Schematic diagram of a data structure of a credit inquiry response according to the second embodiment, (f) Schematic diagram of a data structure of a settlement request transmitted from the credit settlement terminal to the service providing system according to the second embodiment of the present invention. Figure, (A) a schematic diagram of a data structure of a settlement request transmitted from the service providing system to the settlement system according to the second embodiment of the present invention; (b) a service from the settlement system according to the second embodiment of the present invention; Schematic diagram of the data structure of the payment completion notification transmitted to the providing system, (c) Schematic diagram of the data structure of the payment completion notification transmitted from the service providing system to the credit payment terminal according to the second embodiment of the present invention. Figure, (A) Schematic diagram of the data structure of a receipt transmitted from the credit settlement terminal to the service providing system according to the second embodiment of the present invention, (b) Service providing system according to the second embodiment of the present invention Schematic diagram of the data structure of the receipt sent from the personal credit terminal to Message exchange procedure explanatory diagram of "cancel" processing in the second embodiment of the present invention, (A) Schematic diagram of the data structure of a cancel request transmitted from the credit settlement terminal to the service providing system according to the second embodiment of the present invention, (b) Personal credit according to the second embodiment of the present invention Schematic diagram of the data structure of the cancel request transmitted from the terminal to the service providing system, (c) Schematic diagram of the data structure of the cancel request transmitted from the service providing system to the settlement system according to the second embodiment of the present invention. FIG. (D) Schematic diagram of the data structure of the cancellation completion notification transmitted from the settlement system to the service providing system according to the second embodiment of the present invention, (e) Service according to the second embodiment of the present invention Schematic diagram of the data structure of the cancellation completion notification transmitted from the providing system to the credit settlement terminal, (f) the second embodiment of the present invention. Schematic diagram of the data structure of the cancellation processing receipt in the second embodiment, (A) Message exchange procedure explanatory diagram of "customer service call" processing in the second embodiment of the present invention, (b) Message exchange procedure of "inquiry call" process in the second embodiment of the present invention Explanatory diagram, (A) a schematic diagram of a data structure of a customer service call request according to the second embodiment of the present invention; (b) a schematic diagram of a data structure of a customer service call according to the second embodiment of the present invention; c) a schematic diagram of a data structure of a customer service call response according to the second embodiment of the present invention, and (d) a simulation of a data structure of an incoming response at the time of a customer service call according to the second embodiment of the present invention. (E) a schematic diagram of a data structure of a call response at the time of a customer service call according to the second embodiment of the present invention; (A) a schematic diagram of a data structure of an inquiry call request according to the second embodiment of the present invention; (b) a schematic diagram of a data structure of an inquiry call according to the second embodiment of the present invention; Schematic diagram of the data structure of the inquiry call response according to the second embodiment of the present invention, (d) Schematic diagram of the data structure of the incoming call response at the time of the inquiry call according to the second embodiment of the present invention, ( e) a schematic diagram of a data structure of a call response at the time of an inquiry call according to the second embodiment of the present invention; FIG. 1 shows a main processing flow of a service manager process according to a second embodiment of the present invention; FIG. 2 shows a main processing flow of a service manager process according to the second embodiment of the present invention; FIG. 13 is a flowchart of a process generation process by a service manager process according to the second embodiment of the present invention. FIG. 9 is a main processing flow diagram of a user process according to the second embodiment of the present invention; FIG. 9 is a main processing flow chart of a merchant process according to a second embodiment of the present invention; FIG. 9 is a main processing flowchart of a payment processing institution process according to the second embodiment of the present invention; FIG. 13 is a flowchart of a session establishment process by the personal credit terminal when connecting from the personal credit terminal to the service providing system according to the second embodiment of the present invention; FIG. 13 is a flowchart of a session establishment process by a user process when connecting from the personal credit terminal to the service providing system according to the second embodiment of the present invention; Flow chart of a session establishment process by the credit settlement terminal when connecting from the credit settlement terminal to the service providing system according to the second embodiment of the present invention, FIG. 14 is a flowchart of a session establishment process by a merchant process when connecting from a credit settlement terminal to a service providing system according to the second embodiment of the present invention; FIG. 14 is a flowchart of a session establishment process by a user process when connecting from the service providing system to the personal credit terminal according to the second embodiment of the present invention; FIG. 13 is a flowchart of a session establishment process by the personal credit terminal when connecting from the service providing system to the personal credit terminal according to the second embodiment of the present invention; Flow chart of a session establishment process by a merchant process when connecting from a service providing system to a credit settlement terminal in the second embodiment of the present invention, Flow chart of a session establishment process by the credit settlement terminal when connecting from the service providing system to the credit settlement terminal in the second embodiment of the present invention, (A) Flow chart of remote access processing by a personal credit terminal according to the second embodiment of the present invention, (b) Flow chart of user validity check by the personal credit terminal according to the second embodiment of the present invention , (A) a flow diagram of a remote access process by a user process according to the second embodiment of the present invention; (b) a flow diagram of a user process validity check by the user process according to the second embodiment of the present invention; (A) a flowchart of a remote access process by a credit settlement terminal according to the second embodiment of the present invention; (b) a flowchart of a merchant validity check by the credit settlement terminal according to the second embodiment of the present invention; (A) a flow diagram of a remote access process by a merchant process in the second embodiment of the present invention; (b) a flow diagram of a merchant process validity check by the merchant process in the second embodiment of the present invention; FIG. 13 is a flowchart of a data update process by the personal credit terminal according to the second embodiment of the present invention; FIG. 12 is a flowchart of a data update process by a user process according to the second embodiment of the present invention. FIG. 9 is a flowchart of a data update process by the credit settlement terminal according to the second embodiment of the present invention; Flow chart of a data update process by a merchant process in the second embodiment of the present invention, FIG. 13 is a flowchart of a forced data update process by the personal credit terminal according to the second embodiment of the present invention; FIG. 13 is a flowchart of a forced data update process by a user process according to the second embodiment of the present invention. FIG. 9 is a flowchart of a forcible data update process by the credit settlement terminal according to the second embodiment of the present invention; FIG. 14 is a flowchart of a forced data update process by a merchant process according to the second embodiment of the present invention; Flow chart of data backup processing by a personal credit terminal according to the second embodiment of the present invention, FIG. 1 is a flow chart of a “payment” process by a credit payment terminal according to a second embodiment of the present invention; FIG. 2 is a flowchart of a “payment” process by the credit payment terminal according to the second embodiment of the present invention; FIG. 1 is a flow chart of a “settlement” process by a merchant process according to a second embodiment of the present invention; FIG. 2 is a flowchart of a “settlement” process by a merchant process according to the second embodiment of the present invention; FIG. 1 is a flowchart of a “payment” process performed by a personal credit terminal according to a second embodiment of the present invention; FIG. 2 is a flowchart of a “payment” process performed by the personal credit terminal according to the second embodiment of the present invention. FIG. 14 is a flowchart of a “payment” process by a user process according to the second embodiment of the present invention. (A) Flow chart of processing of "settlement" by the settlement system according to the second embodiment of the present invention, (b) Flow chart of validity check of settlement processing institution by the settlement system according to the second embodiment of the present invention , (A) Flow chart of processing of “settlement” by the settlement processing institution process in the second embodiment of the present invention, (b) Validation of settlement processing institution by the settlement processing institution process in the second embodiment of the present invention Sex check flow diagram, FIG. 1 is a flowchart of a “payment” process by a service director process according to a second embodiment of the present invention; FIG. 2 is a flow chart of a “payment” process by the service director process according to the second embodiment of the present invention; FIG. 14 is a flowchart of a “cancel” process by the credit settlement terminal according to the second embodiment of the present invention; FIG. 14 is a flowchart of a “cancel” process by the merchant process according to the second embodiment of the present invention; FIG. 14 is a flowchart of a “cancel” process performed by the personal credit terminal according to the second embodiment of the present invention; FIG. 14 is a flowchart of a “cancel” process by a user process according to the second embodiment of the present invention. FIG. 13 is a flowchart of a “cancel” process by the settlement system according to the second embodiment of the present invention; FIG. 14 is a flow chart of “cancel” processing by the payment processing institution process according to the second embodiment of the present invention; FIG. 14 is a flowchart of “cancel” processing by the service director process according to the second embodiment of the present invention; FIG. 14 is a flowchart of processing of a “customer service call” by the credit settlement terminal according to the second embodiment of the present invention; FIG. 14 is a flowchart of processing of a “customer service call” by a merchant process according to the second embodiment of the present invention; FIG. 13 is a flowchart of processing of a “customer service call” by the personal credit terminal according to the second embodiment of the present invention; FIG. 14 is a flowchart of processing of a “customer service call” by a user process according to the second embodiment of the present invention; FIG. 14 is a flowchart of processing of a “customer service call” by a service director process according to the second embodiment of the present invention; FIG. 14 is a flowchart of processing of an “inquiry call” by the personal credit terminal according to the second embodiment of the present invention; FIG. 14 is a flowchart of processing of an “inquiry call” by a user process according to the second embodiment of the present invention; FIG. 14 is a flowchart of processing of an “inquiry call” by the credit settlement terminal according to the second embodiment of the present invention; FIG. 14 is a flowchart of processing of an “inquiry call” by a merchant process in the second embodiment of the present invention; FIG. 14 is a flowchart of processing of an “inquiry call” by the service director process according to the second embodiment of the present invention; (A) Operation in the case where the user and the merchant have the same home service area in the second embodiment of the present invention, and the user performs “payment” processing or “cancel” processing in the home service area (B) The user and the merchant's home service area in the second embodiment of the present invention are different from each other, and the user performs “payment” processing or “cancel” processing in the merchant's home service area. Operation explanation diagram when performing, (A) Operation explanation diagram when the user and the merchant's home service area in the second embodiment of the present invention are different and the user performs "cancel" processing in the user's home service area, (b) book Operation explanatory diagram when the user and the merchant's home service area in the second embodiment of the invention are different, and the user performs "cancel" processing in a service area other than the user or the merchant's home service area, (A) In the second embodiment of the present invention, the user and the merchant have the same home service area, and the user and the merchant process a “customer service call” or a “query call” in the home service area. (B) Operation explanation diagram when the user and the merchant in the second embodiment of the present invention have different home service areas, and the merchant performs a “customer service call” process to the user. , (A) Operation explanation diagram when the user and the merchant have different home service areas in the second embodiment of the present invention and the user performs an “inquiry call” process from the user's home service area, (b) FIG. 13 is an operation explanatory diagram when a user and a merchant's home service area in the second embodiment of the present invention are different and the user performs an “inquiry call” process from a service area other than the user or the merchant's home service area. is there.

Explanation of reference numerals

100 Personal Credit Terminal
101 Credit Payment Device
102 Service delivery system
103, 4202 Payment system
104 base stations
108 Digital Public Network
200 Infrared communication port
201 antenna
202 Receiver / Speaker
203, 302 LCD
204, 304 mode switch
205 Call Switch
206 Exit switch
207, 306 Function switch
208, 307 Numeric key switch
209, 309 Power switch
210 microphone
211, 308 execution switch
212 Headset Jack
300 credit payment terminal
301 Infrared light emitting module
303 handset
305 hook switch
310 serial cable
311 Cash Register
312 Credit Switch
313 RS-232C cable
400 service server
401 server director information server
402 User Information Server
403 Merchant information server
404 Payment processing institution information server
405, 408, 504, 507 ATM-LAN switch
406, 505 ATM exchange
407, 506 Management system
500 transaction processing server
501 Subscriber Information Server
502 Merchant information server
503 Transaction Information Server
1507 Infrared communication module
1500, 2400, 22500 CPU
1501, 2401, 22501 ROM
1502, 2402, 22502 RAM
1503, 2404, 22504 EEPROM
1504, 2405, 22505 LCD controller
1505, 2406, 22506 Cryptographic processor
1506, 2407, 22507 data codec
1508, 2410, 22510 Control logic
1509, 2411, 22511 Key operation control unit
1510, 2412, 22512 speakers
1511, 2413, 22513 Audio processing unit
1512, 2414, 22514 audio codecs
1513, 2415, 22515 channel codecs
1514 Modulation section
1515 Demodulator
1517 RF unit
1518 Battery capacity detector
1560, 2408, 22508 Series-parallel converter
1561, 2456, 22556 modem
1800, 21600 frame counter
1801, 21601 Start frame counter
1802, 2700, 21602, 22600 clock counter
1803, 2701, 21603, 22601 Update time register
1804, 2702, 21604, 22602 Interrupt Register
1805, 2703, 21605, 22603 ID register
1806, 2704, 21606, 22604 Channel codec control register
1807, 2705, 21607, 22605 Audio transmission buffer
1808, 2706, 21608, 22606 Audio receive buffer
1809, 2707, 21609, 22607 Data transmission buffer
1810, 2708, 21610, 22608 Data receive buffer
1811, 2709, 21611, 22609 Audio processing unit control register
1812, 2710, 21612, 22610 Key operation control register
21613, 22611 Voice data encryption key register
2403, 22503 Hard disk
2409, 2455, 22503, 22555 serial port
2416, 22516 Digital communication adapter
2417, 22517 RS-232C interface
4200 Credit Card
4201 Credit payment terminal
4203 Public network

Claims (94)

  Payment means comprising a plurality of communication means, claim means comprising a plurality of communication means, and settlement means comprising a plurality of communication means, wherein the payment means, the claim means and the settlement means A personal electronic payment system, wherein communication between the respective devices is performed using different types of communication means.   2. The personal electronic settlement system according to claim 1, wherein the payment unit includes different types of wireless communication units as the communication unit for communicating with the billing unit and the settlement unit.   The wireless communication means between the payment means and the claim means has a shorter communicable distance and a higher directivity than the wireless communication means between the payment means. The personal electronic payment system according to claim 2, wherein:   The wireless communication means between the payment means and the claim means is an optical communication means, and the wireless communication means between the payment means and the settlement means is a radio wireless communication means. The personal electronic payment system according to claim 2 or 3, wherein   The payment unit, the optical communication unit and the radio wireless communication unit, an input unit for inputting a value of the amount to be paid, a process of generating data transmitted by the optical communication unit and the radio wireless communication unit, the optical communication unit, A central processing unit for processing data received by the radio wireless communication unit, a first storage unit for storing a control program for controlling the operation of the central processing unit, and a result of the data processing by the central processing unit. The personal electronic settlement system according to claim 4, further comprising a display unit for displaying, and a second storage unit for storing data processed by the central processing unit.   An optical communication means for communicating with the payment means, a communication means for communicating with the settlement means, an input means for inputting a value of an amount to be charged, and the optical communication means A central processing unit that performs a process of generating data transmitted by the communication unit and a process of data received by the optical communication unit and the communication unit; and a first program that stores a control program that controls an operation of the central processing unit. And a display unit for displaying a result of the data processing by the central processing unit, and a second storage unit for storing data processed by the central processing unit. 6. The personal electronic payment system according to any one of items 1 to 5.   The payment means includes a first storage means for storing information on the payment means, a second storage means for storing information on the billing means, and a computer system for performing data processing in payment processing. The personal electronic payment system according to claim 1, wherein:   The central processing unit of the payment means generates message data requesting payment processing of an amount corresponding to the value input by the input means of the payment means, transmits the message data to the payment means, and receives from the payment means The message data indicating the completion of the payment is processed and output to the display means, and the processed data is stored in the second storage means of the payment means. A personal electronic payment system as described.   9. The method according to claim 1, wherein the central processing unit of the payment unit generates message data for offering payment of an amount corresponding to the value input by the input unit of the payment unit, and transmits the generated message data to the billing unit. The personal electronic payment system according to 1.   The central processing unit of the billing means generates message data for billing the amount corresponding to the value input by the input means of the billing means, transmits the message data to the payment means, and transmits the payment received from the payment means. From the offered message data and the message data requesting payment, message data requesting a payment process is generated and transmitted to the payment means, and the message data indicating completion of payment received from the payment means is processed. 10. The personal electronic settlement system according to claim 1, further comprising: outputting the processed data to the display means of the claim means; and storing the processed data in the second storage means of the claim means.   The central processing unit of the billing unit generates message data for requesting payment and transmits the message data to the payment unit, and the central processing unit of the payment unit receives the generated message data for offering the payment and the message data received from the billing unit. Message data requesting payment processing is generated from the message data requesting payment and transmitted to the settlement means, and the settlement means receives the message data requesting settlement processing received from the billing means and the message data received from the payment means. The payment means is compared with the message data requesting the payment processing, the payment processing is performed, message data representing the completion of the payment is generated and transmitted to the billing means, and the message data representing the completion of the payment is generated. The personal electronic payment system according to any one of claims 1 to 10, wherein the personal electronic payment system transmits the electronic payment.   The central processing unit of the payment means inserts identification information for identifying the message data in the message data for offering payment, and the identification information of the message data for offering payment in the message data requesting the payment processing. And the identification information of the payment means and the identification information of the message data requesting the payment, and the central processing unit of the claim means identifies the message data in the message data requesting the payment. Into the message data requesting the settlement processing, the identification information of the message data requesting the payment, the identification information of the billing means, and the identification information of the message data requesting the payment, Of the message data requesting the payment processing and the message data requesting the payment processing Personal electronic settlement system according to claims 8 to 11, characterized in that collates the identification information of the message data to charge the payment and identification information of the message data offer to the payment of.   The second storage unit of the payment unit stores identification information of a plurality of payment methods, and the central processing unit of the payment unit stores the identification information of the payment method selected by the input unit of the payment unit, 13. The personal electronic settlement system according to claim 8, wherein the message data requesting payment and the message data requesting payment are included in the message data.   The payment means generates identification information of the owner of the payment means valid for the owner of the billing means, transmits the identification information in message data indicating completion of payment, and transmits the identification information to the billing means. 14. The personal electronic payment system according to claim 1, wherein:   The payment means includes a battery capacity detection means for detecting a battery capacity of the payment means, and when the battery capacity becomes Q (Q> 0) or less, the central processing unit of the payment means executes the central processing. Payment means for transmitting the data of the second storage means of the payment means in which the data processed by the device is stored to the payment means, and the payment means stores the received data with information relating to the payment means. 15. The personal electronic payment system according to claim 1, wherein the personal electronic payment system is stored in the first storage unit.   The data processed by the central processing unit of the payment means is stored in the second storage means of the payment means or the first storage means for storing information on the payment means of the settlement means, and these data are The second storage unit of the payment unit is managed by describing the identification information of the data and the address on the storage unit where the data exists, and indicates the address of the payment unit on the first storage unit. When processing the data, the central processing unit of the payment unit generates message data requesting the data and transmits the message data to the payment unit, and the payment unit receiving the message data includes the requested data. The message data is generated and transmitted to the payment unit, and the central processing unit of the payment unit extracts the requested data from the message data received from the payment unit. Personal electronic settlement system according to claims 1 to 15, characterized and.   The data processed by the central processing unit of the claim means is stored in the second storage means of the claim means or the second storage means for storing information on the billing means of the settlement means. The second storage means of the claim means is managed by describing the identification information of the data and the address on the storage means where the data exists, and indicates the address on the second storage means of the settlement means. When processing the data, the central processing unit of the billing unit generates message data requesting the data and transmits the message data to the settlement unit, and the settlement unit receiving the message data includes the requested data. The message data is generated and transmitted to the billing means, and the central processing unit of the billing means extracts the requested data from the message data received from the settlement means. Personal electronic settlement system according to claim 1 to 16, wherein the door.   The central processing unit of the payment means generates message data including data stored in the second storage means of the payment means at a time designated by the payment means and transmits the message data to the payment means, The payment unit that has received the message data generates message data including update data of the second storage unit of the payment unit and transmits the message data to the payment unit, and the central processing unit of the payment unit receives the message data from the payment unit. 18. The personal electronic settlement system according to claim 16, wherein the update data is extracted from the message data, and the data stored in the second storage unit of the payment unit is updated.   The central processing unit of the claim means generates message data including data stored in the second storage means of the claim means at a time designated by the settlement means and transmits the message data to the settlement means, The settlement unit that has received the message data generates message data including the update data of the second storage unit of the billing unit, transmits the message data to the billing unit, and the central processing unit of the billing unit receives the message data from the settlement unit. 19. The personal electronic settlement system according to claim 17, wherein update data is extracted from the message data, and the data stored in the second storage unit is updated.   When the payment unit receives message data including data stored in the second storage unit of the payment unit from the payment unit and generates update data of the second storage unit of the payment unit, Comparing the data generation time, assigning an address on the second storage means of the payment means to the data generated late, and information relating to the payment means of the settlement means to the data generated early. 20. The personal electronic settlement system according to claim 18, wherein an address on a first storage means for storing the information is allocated.   When the payment unit receives message data including data stored in the second storage unit of the payment unit from the payment unit and generates update data of the second storage unit of the payment unit, Comparing the access time of the data by the owner of the payment means, assigning an address on the second storage means of the payment means to the data having a late access time, and 19. The personal electronic payment system according to claim 18, wherein an address on the first storage unit that stores information on the payment unit of the payment unit is assigned.   When the settlement means receives message data including data stored in the second storage means of the claim means from the claim means and generates update data of the second storage means of the claim means, Comparing the generation time of the data, assigning an address on the second storage means of the billing means to the data having a late generation time, and providing information on the billing means of the settlement means to the data having a early generation time. 20. The personal electronic settlement system according to claim 19, wherein an address on a second storage means for storing the password is allocated.   When the settlement means receives message data including the data stored in the second storage means of the payment means from the payment means, the message data is stored in the second storage means of the payment means extracted from the message data. The data stored in the first storage unit that stores information on the payment unit of the payment unit is compared with the data stored in the storage unit. If unauthorized tampering is found, the function of the payment unit is changed. 22. The personal electronic settlement system according to claim 16, wherein message data to be stopped is transmitted to said payment means.   When the settlement means receives message data including data stored in the second storage means from the billing means, data stored in the second storage means extracted from the message data; The message data for stopping the function of the billing means is compared with the data stored in the second storage means for storing information relating to the billing means of the settlement means, and when the unauthorized tampering is found, 23. The personal electronic payment system according to claim 17, 19, or 22, wherein the personal electronic payment system is transmitted to a billing unit.   The central processing unit of the payment unit generates message data requesting a cancellation process of the payment process using the message data indicating the completion of the payment, and transmits the message data to the settlement unit. Using the message data indicating the completion of the settlement, the message data requesting the cancellation process of the settlement process is generated and transmitted to the settlement unit, and the settlement unit receives the message from the payment unit and the billing unit. The data is collated, the settlement process is canceled, message data indicating the completion of the cancellation process of the payment process is transmitted to the payment unit, and message data indicating the completion of the cancellation process of the settlement process is transmitted to the billing unit. The personal electronic payment system according to any one of claims 1 to 24, wherein:   Message data for requesting communication with the payment means, using the identification information of the owner of the payment means included in the message data indicating completion of the payment received from the payment means, Is generated and transmitted to the settlement means. The settlement means generates and transmits message data notifying the connection of the communication line with the billing means to the payment means, and further identifies from the identification information. Connecting the communication line between the payment means and the billing means, the central processing unit of the payment means receives the message data, and displays the identification information of the owner of the billing means on the display means of the payment means. 26. The personal electronic settlement system according to claim 14, wherein a connection status of a communication line with said claim means is displayed.   When connecting the communication line between the payment unit and the billing unit, the payment unit refers to access control information set by the owner of the payment unit stored in the first storage unit of the payment unit. 27. The personal electronic settlement system according to claim 26, wherein when the access from the billing unit is prohibited, the communication line is not connected.   The central processing unit of the payment unit generates message data requesting communication with the billing unit using the message data indicating the completion of the payment received from the payment unit, transmits the message data to the payment unit, and Means for generating and transmitting message data to the billing means, the identification data including the identification information of the owner of the payment means included in the message data indicating the completion of the settlement, and indicating the connection of the communication line with the payment means. Further, a communication line between the payment unit and the billing unit is connected, and the central processing unit of the billing unit receives the message data, and displays the message data on the display unit of the billing unit. 28. The personal electronic payment system according to claim 14, wherein identification information and a connection state of a communication line with the payment unit are displayed.   29. The personal electronic payment system according to claim 1, wherein the payment unit applies a digital signature of an owner of the payment unit to the message data transmitted to the billing unit or the payment unit.   30. The personal electronic payment system according to claim 1, wherein the billing means applies a digital signature of an owner of the billing means to the message data transmitted to the payment means or the payment means.   31. The personal electronic settlement system according to claim 1, wherein the settlement unit applies a digital signature of an owner of the settlement unit to the message data transmitted to the payment unit or the billing unit.   The payment unit converts the voice data input from the voice input unit, the voice output unit, and the voice data input from the voice input unit into data transmitted by the communication unit, and converts the data received by the communication unit into the data. 32. The personal electronic payment system according to claim 1, further comprising: audio data processing means for converting the audio data into audio data output by the audio output means.   The claim means, voice input means, voice output means, and converts voice data input from the voice input means into data transmitted by the communication means, and converts the data received by the communication means to 33. The personal electronic payment system according to claim 1, further comprising voice data processing means for converting the voice data into voice data output by the voice output means.   An encryption unit for performing an encryption process on the message data to be transmitted and a decryption process on the encryption of the received message data; an encryption process on the audio data to be transmitted and decryption of the encryption of the received audio data; The personal electronic payment system according to any one of claims 1 to 33, further comprising voice encryption processing means for performing processing.   An encrypting means for encrypting message data to be transmitted and decrypting received message data; an encrypting means for encrypting transmitted audio data and decrypting an encrypted received audio data; 35. The personal electronic payment system according to claim 1, further comprising: voice encryption processing means for performing processing.   4. The payment method according to claim 1, wherein the message data to be transmitted to the settlement means is digitally signed by an owner of the payment means, and a sealing process is performed to the owner of the settlement means. 35. The personal electronic payment system according to 35.   4. The method according to claim 1, wherein said request means applies a digital signature of an owner of the request means to the message data to be transmitted to the settlement means, and performs a sealing process to the owner of the settlement means. 36. The personal electronic payment system according to 36.   The settlement means applies the digital signature of the owner of the settlement means to the message data to be transmitted to the payment means, performs a letter-sealing process to the owner of the payment means, and transmits the message data to the billing means. 38. The personal electronic settlement system according to claim 1, wherein the message data is digitally signed by the owner of the settlement unit and a letter-sealing process is performed to the owner of the claim unit.   The settlement means accumulates message data indicating the completion of settlement transmitted to the billing means in the second storage means of the settlement means for accumulating information on the billing means, and indicates completion of the payment transmitted to the payment means. 39. The personal electronic payment system according to claim 7, wherein the message data is stored in the first storage unit of the payment unit that stores information on the payment unit.   Service providing means for providing an electronic settlement service to the owner of the payment means and the owner of the billing means via the communication means with the payment means and the communication means with the billing means, and the service 40. A payment processing means connected to the providing means via the communication means and comprising a payment processing means for executing a payment process between the owner of the payment means and the owner of the billing means. Personal electronic payment system.   A first storage unit configured to store information relating to the payment unit and an owner of the payment unit; a second storage unit configured to store information relating to an owner of the billing unit; 41. The personal electronic payment system according to claim 40, further comprising: a computer system for performing data processing for providing a service.   A first storage unit configured to store information relating to a settlement processing contract of an owner of the payment unit, a second storage unit configured to store information relating to a settlement processing contract of an owner of the billing unit, 42. The personal electronic payment system according to claim 40, further comprising a computer system for performing data processing in the payment processing.   The service providing unit compares the message data requesting the payment process transmitted from the billing unit with the message data requesting the payment process transmitted from the payment unit, and the message data requesting the payment execution process Is generated and transmitted to the payment processing means.The payment processing means that has performed the payment processing generates message data indicating completion of the payment processing and transmits the message data to the service providing means. The message data representing the completion of the settlement and the message data representing the completion of the payment are generated from the message data representing the completion of the processing and transmitted to the billing means and the payment means, respectively. 43. The personal electronic payment system according to any one of 40 to 42.   The service providing means stores the message data indicating the completion of the settlement transmitted to the billing means in the second storage means of the service providing means, and transmits the message data indicating the completion of the payment transmitted to the payment means to the service providing means. 44. The personal electronic settlement system according to claim 41, wherein the information is stored in the first storage unit.   The settlement processing means is constituted by a plurality of settlement processing means which handle different types of settlement processing, and the service providing means includes a third storage means for accumulating information on the settlement processing means. The personal electronic payment system according to any one of claims 41 to 44, wherein:   The service providing means sends the message data requesting the payment execution processing based on the result of the comparison between the message data requesting the payment processing and the message data requesting the payment processing, and The personal electronic payment system according to claim 45, wherein the personal electronic payment system is selected from among processing means.   47. The personal device according to claim 45, wherein the service providing unit stores message data indicating completion of the payment process received from the payment processing unit in the third storage unit of the service providing unit. Electronic payment system.   The information on the owner of the payment means stored in the first storage means of the service providing means includes information on a settlement processing contract of the owner of the payment means and information belonging to the owner of the payment means. Included in the information on the owner of the billing means stored in the second storage means of the service providing means, the information on the settlement processing contract of the owner of the billing means and the information belonging to the owner of the billing means 48. The personal electronic payment system according to claim 41, further comprising information.   The information of the first storage means of the service providing means is managed and stored for each owner of the payment means, and the information of the second storage means of the service providing means is stored for each owner of the billing means. 49. The personal electronic payment system according to claim 41, wherein the personal electronic payment system is managed and stored.   The central processing unit of the payment unit puts the validity period information of the message data into the message data for offering the payment and the message data for requesting the payment processing, and the central processing unit of the claim unit executes the payment. The validity period information of the message data is put in the message data to be charged and the message data to request the payment processing, and the payment means or the service providing means requests the message data to request the payment processing and the payment processing. 50. The personal electronic payment system according to claim 11, wherein the respective validity period information is verified when comparing with the message data to be performed.   Before generating the message data requesting the payment processing, the central processing unit of the claim means generates message data requesting an inquiry processing of an owner of the payment means and transmits the message data to the service providing means, A service providing unit compares the message data requesting the payment process with the message data requesting the inquiry process, and obtains information on the owner of the payment unit stored in the first storage unit of the service providing unit. Generating message data indicating a result of the inquiry of the owner and transmitting the message data to the billing means, and the central processing unit of the billing means processes the message data and outputs the message data to a display means of the billing means. The personal electronic settlement system according to any one of claims 41 to 50.   The information on the owner of the payment unit stored in the first storage unit of the service providing unit includes photograph information and age information of the owner of the payment unit, and the service providing unit stores 52. The personal electronic payment system according to claim 51, wherein the message data indicating the inquiry result of the person includes photograph information and age information of the owner of the payment means.   When the free space of the second storage unit of the payment unit becomes less than AU (AU> 0), the central processing unit of the payment unit is stored in the second storage unit of the payment unit. The message data including the data is generated and transmitted to the settlement means or the service providing means, and the settlement means or the service providing means receiving the message data updates the data stored in the second storage means of the payment means. And generating the message data including the updated data from the message data received from the settlement unit or the service providing unit. The central processing unit of the payment unit extracts the updated data from the message data received from the settlement unit or the service providing unit. 53. The personal electronic payment system according to claim 16, wherein data stored in the storage means is updated.   When the free space of the second storage means of the claim means becomes less than AM (AM> 0), the central processing unit of the claim means is stored in the second storage means of the claim means. Message data including data is generated and transmitted to the settlement means or the service providing means, and the settlement means or the service providing means receiving the message data updates the second storage means of the claim means Message data including the update data from the message data received from the settlement means or the service providing means, and the central processing unit of the claim means extracts the updated data from the message data received from the settlement means or the service providing means. 54. The personal electronic payment system according to claim 17, wherein data stored in the storage means is updated.   The settlement means or the service providing means, which has received the message data including the data stored in the second storage means of the payment means from the payment means, updates the second storage means of the payment means with the update data of the second storage means. The central processing unit of the payment unit, which has generated and transmitted message data including the control program of the central processing unit of the new payment unit and received the message data, controls the central processing unit of the new payment unit. The personal electronic settlement system according to claim 16, wherein the program is stored in the first storage unit or the second storage unit of the payment unit, and the control program is executed.   The settlement means or the service providing means, which has received the message data including the data stored in the second storage means of the claim means from the claim means, updates the second storage means of the claim means with the update data of the second storage means. The central processing unit of the claim unit, which has generated and transmitted message data including the control program of the central processing unit of the new claim unit and received the message data, controls the central processing unit of the new claim unit. 56. The personal electronic payment system according to claim 17, wherein the program is stored in the first storage unit or the second storage unit of the charging unit, and the control program is executed.   The settlement means or the service providing means puts identification information of settlement processing in the message data indicating the completion of the settlement and the message data indicating the completion of the payment, and the central processing unit of the payment means and the claim means Puts the identification information of the payment processing in each message data requesting the cancellation processing of the payment processing or the payment processing, and the payment means or the service providing means, from each of the payment means and the claim means 57. The personal electronic settlement system according to claim 25, wherein when comparing each received message data requesting cancellation processing of payment processing and settlement processing, identification information of the settlement processing is collated.   When the service providing unit collates each message data requesting the cancellation process of the payment process and the settlement process received from each of the payment unit and the billing unit, further, the message data requesting the cancellation process of the payment process The message data indicating the completion of the payment stored in the first storage means of the service providing means, and the message data requesting the cancellation processing of the settlement processing and the second storage means of the service providing means. The personal electronic payment system according to any one of claims 44 to 57, wherein the personal electronic payment system performs collation with stored message data indicating completion of payment.   The service providing means accumulates, in the second storage means of the service providing means, message data representing the completion of the settlement processing cancellation processing transmitted to the billing means, and completes the payment processing cancellation processing transmitted to the payment means. The personal electronic payment system according to claim 44, wherein message data representing the following is stored in the first storage unit of the service providing unit.   60. The personal electronic settlement system according to claim 26, wherein the payment unit and the billing unit connected to a communication line by the settlement unit or the service providing unit perform voice data communication.   The payment means and the billing means, which are connected to a communication line by the settlement means or the service providing means, exchange encryption keys and encrypt voice data with each other to perform voice data communication. 61. The personal electronic payment system according to any one of 35 to 60.   A computer system of the service providing means, a user information processing means for performing communication with the payment means and processing information stored in the first storage means of the service providing means, and communication with the claim means and service provision Merchant information processing means for processing information stored in the second storage means, communication with the settlement processing means, and processing of information stored in the third storage means of the service providing means A payment processing institution information processing means; and a service director information processing means for performing data processing in a service providing process by cooperative processing with the user information processing means, the merchant information processing means, and the payment processing institution information processing means. 63. The personal electronic payment system according to claim 45.   A computer system of the service providing means, comprising a user information processing means, a merchant information processing means, a payment processing institution information processing means, and a service manager information processing means for controlling generation and erasure of a service director information processing means; The user information processing means, the merchant information processing means, the payment processing institution information processing means, and the service director information processing means are each generated or deleted by the service manager information processing means as required. 63. The personal electronic payment system according to 62.   The service manager information processing means generates a user information processing means corresponding to each of the payment means on a one-to-one basis for communication with the payment means, and generates each user information means for communication with the billing means. A merchant information processing means corresponding to each of the means is generated on a one-to-one basis, and a payment processing institution information processing means corresponding to each of the respective payment processing means on a one-to-one basis is generated for communication with the payment processing means. Further, one service director information processing means is generated corresponding to each combination of the information processing means for the user information processing means, the merchant information processing means or the payment processing institution information processing means to perform the cooperative processing. 64. The personal electronic payment system according to claim 63, wherein:   When the service manager information processing means generates the service director information processing means, the service manager information processing means defines a group of information processing means for performing cooperative processing, including the service director information processing means, and generates the service director information processing means. The information processing means communicates only with the information processing means belonging to the group and the service manager information processing means, and performs data processing in the service providing processing by cooperative processing with the information processing means belonging to the group. The personal electronic payment system according to claim 63 or 64.   When the service director information processing means needs to cooperate with information processing means which does not belong to the group of the information processing means to which the service director information processing means performs data processing in the service providing processing, the information processing means required Transmitting a message requesting addition to the group to the service manager information processing means, wherein the service manager information processing means generates the requested information processing means and adds it to the group. The personal electronic payment system according to claim 65.   The user information processing means communicates only with the corresponding payment means, the service director information processing means of the group to which the user information processing means belongs, and the service manager information processing means, and is stored in the first storage means of the service providing means. The merchant information processing means processes information relating to the payment means and the owner of the payment means, and the merchant information processing means communicates only with the corresponding billing means, the service director information processing means of the group to which the merchant belongs, and the service manager information processing means. The billing means stored in the second storage means of the service providing means and the information relating to the owner of the billing means are processed, and the payment processing institution information processing means includes a corresponding payment processing means; Only the service director information processing means of the group to which it belongs and the service manager information processing means Personal electronic settlement system according to claim 65 or 66 to the signal, and performs processing of information related to the settlement processing means is stored in the third storage means of the service providing means.   When connecting a communication line between the payment unit and the service providing unit, the payment unit and the corresponding user information processing unit perform mutual authentication processing, and the claim unit and the service providing unit 70. The personal electronic settlement system according to claim 64, wherein when the communication line is connected between the personal electronic payment system and the merchant information processing unit, the billing unit and the corresponding merchant information processing unit perform mutual authentication processing. .   The payment means, the billing means and the payment processing means, the message data transmitted to the corresponding user information processing means of the service providing means, merchant information processing means or payment processing institution information processing means, respectively, the owner of the payment means, The digital signature of the owner of the billing means or the owner of the payment processing means is given, and the user information processing means, merchant information processing means and payment processing institution information processing means are provided to the payment means, the billing means or the payment processing means. A digital signature of the owner of the service providing means is given to the message data to be transmitted, and the payment means, the billing means, the settlement processing means and the user information processing of the service providing means which have received the message data with these digital signatures Means, merchant information processing means and payment processing institution information processing means S is, personal electronic settlement system according to claim 64 or 68 and performs verification processing of the digital signature.   The payment means, the billing means, and the payment processing means own the service providing means with respect to the message data transmitted to the corresponding user information processing means, merchant information processing means, or payment processing institution information processing means of the service providing means. The user information processing means, the merchant information processing means and the payment processing institution information processing means, the message data transmitted to the payment means, the billing means or the payment processing means, The payment means, the billing means, the payment processing means, and the service providing means which perform a letter-sealing process to the owner of the payment processing means and receive the message data subjected to the letter-sealing processing. Each of the user information processing means, merchant information processing means and payment processing institution information processing means, Personal electronic settlement system according to claim 64 or 69 and performing a decoding process of Shoka message data encryption.   The payment unit, the billing unit, the payment processing unit, and the user information processing unit, the merchant information processing unit, and the payment processing institution information processing unit of the service providing unit combine a digital signature and a letter-sealing process with the message data to be transmitted. Each of the payment means, the billing means, the payment processing means, and the user information processing means, the merchant information processing means, and the payment processing institution information processing means of the service providing means which have received the message data are sealed message data. 71. The personal electronic payment system according to claim 70, wherein the personal electronic payment system according to claim 70, wherein the digital signature is verified by decrypting the digital signature.   The merchant information processing means receiving the message data requesting the payment processing from the billing means generates a message requesting the payment processing and transmits it to the service manager information processing means, and the message data requesting the payment processing from the payment means Received from the user information processing means, generates a message requesting payment processing, transmits the message to the service manager information processing means, and collated these messages based on identification information included in the message, the service manager information processing means Generates a service director information processing means and defines a group of information processing means including the merchant information processing means, the user information processing means and the service director information processing means, and the service director information processing means And a message requesting The service is executed by checking the contents of the message requesting the payment processing, selecting the payment processing means for executing the payment processing, and adding the payment processing institution information processing means corresponding to the selected payment processing means to the group. Request to the manager information processing means, the service manager information processing means generates the requested payment processing institution information processing means and adds it to the group, and the service director information processing means transmits a message requesting the payment processing. The payment processing institution information processing means generates message data for requesting the payment processing from the message, transmits the message data to the payment processing means, and transmits the message to the payment processing means. When the message data indicating the completion of the payment processing is transmitted from the means, the payment processing institution information processing means causes the payment processing Generates a message indicating the completion of the settlement process, transmits the message to the service director information processing unit, and stores message data indicating the completion of the settlement process in the third accumulation unit of the service providing unit, and outputs a message indicating the completion of the settlement process. Receiving the service director information processing means, generates a message indicating the completion of payment and a message indicating the completion of payment, respectively, and transmits to the merchant information processing means and the user information processing means, The merchant information processing means generates, from the received message, message data representing the completion of the payment and transmits the message data to the billing processing means, and the message data representing the completion of the payment is stored in the second storage means of the service providing means. Accumulate and complete the payment from the message received by the user information processing means The message data representing the payment is generated and transmitted to the payment means, and the message data representing the completion of the payment is stored in the first storage means of the service providing means. Personal electronic payment system.   The merchant information processing means, which has received the message data requesting the cancellation processing of the settlement processing from the billing means, generates a message requesting the cancellation processing of the settlement processing, transmits the message to the service manager information processing means, and The user information processing means that has received the message data requesting the processing cancellation processing generates a message requesting the payment processing cancellation processing, transmits the message to the service manager information processing means, and based on the identification information included in the message. The service manager information processing means that matches these messages generates a service director information processing means, and defines a group of information processing means including the merchant information processing means, the user information processing means, and the service director information processing means. , The service director information processing person Matches the contents of the message requesting the cancellation processing of the payment processing with the message requesting the cancellation processing of the payment processing, specifies the payment processing means that has performed the payment processing, and corresponds to the specified payment processing means. Requesting the service manager information processing means to add the payment processing institution information processing means to the group, and the service manager information processing means generates the requested payment processing institution information processing means and adds it to the group. The service director information processing means generates a message requesting a cancellation processing of the payment processing and transmits the message to the payment processing institution information processing means, and the payment processing institution information processing means cancels the payment processing from the message. Generates message data requesting processing, transmits the message data to the payment processing means, When the message data indicating the completion of the cancellation processing is transmitted, the payment processing institution information processing means generates a message indicating the completion of the cancellation processing of the payment processing, transmits the message to the service director information processing means, and The message data indicating the completion of the processing cancellation processing is stored in the third storage means of the service providing means, and the service director information processing means, which has received the message indicating the completion of the payment processing cancellation processing, executes the processing of the payment cancellation processing. A message indicating completion and a message indicating completion of payment cancellation processing are generated and transmitted to the merchant information processing means and the user information processing means, respectively, and the merchant information processing means Generates message data representing the completion of the settlement canceling process and sends it to the billing processing means At the same time, message data indicating the completion of the payment cancellation processing is stored in the second storage means of the service providing means, and the user information processing means converts the received message into message data indicating the completion of the payment cancellation processing. 73. The personal electronic device according to claim 64, further comprising: generating and transmitting the generated payment data to the payment unit; and storing message data indicating completion of the payment cancellation process in the first storage unit of the service providing unit. Payment system.   When the billing means generates and transmits message data requesting communication with the payment means using identification information of the owner of the payment means included in the message data indicating the completion of settlement, The merchant information processing means receiving the message data from the means generates a message requesting communication with the payment means and transmits it to the service manager information processing means, and the service manager information processing means receiving this message, A service director information processing means is generated to define a group of information processing means including the merchant information processing means and the service director information processing means, and the service director information processing means is provided for a payment means included in the message. Identify the payment instrument corresponding to the owner identification information and the owner Requesting the service manager information processing means to add a user information processing means corresponding to the specified payment means to the group, wherein the service manager information processing means generates the requested user information processing means In addition to the group, the service director information processing means refers to the access control information set by the owner of the payment means stored in the first storage means of the service providing means, If the access is not prohibited, a message notifying the connection of the communication line with the billing means is generated and transmitted to the user information processing means. 65. A message data for notifying connection of a communication line is generated and transmitted to the payment means. Personal electronic settlement system according to the optimal 73.   When the payment unit generates and transmits message data requesting communication with the billing unit using the message data indicating the completion of the payment, the user information processing unit that has received the message data from the payment unit, A message requesting communication with the billing means is generated and transmitted to the service manager information processing means. Upon receiving the message, the service manager information processing means generates a service director information processing means and generates the user information processing information. Means and a service director information processing means, the service director information processing means defining a group of merchant information processing means corresponding to the claim means to the service manager information processing means. Means for the service manager information processing. Means for generating and adding the requested merchant information processing means to the group, and the service director information processing means generating a message notifying the connection of the communication line with the payment means to the merchant information processing means 75. The merchant information processing means for transmitting, the message data notifying the connection of the communication line with the payment means is generated from the message, and transmitted to the billing means. Personal electronic payment system.   When the settlement means or the service providing means generates message data requesting updating of data stored in the second storage means of the payment means or the billing means and transmits the message data to the payment means or the billing means, The central processing unit of the payment means or the claim means generates message data including the data stored in the second storage means, transmits the message data to the settlement means or the service providing means, and receives the The settlement means or the service providing means generates message data including update data of the second storage means of the payment means or the billing means and transmits the message data to the payment means or the billing means. A processing unit that extracts update data from the message data and updates the data stored in the second storage unit Personal electronic settlement system according to claims 16 to 75, characterized in Rukoto.   77. The personal electronic settlement system according to claim 1, wherein the settlement means is constituted by a plurality of settlement means arranged in a distributed manner, and the settlement means are mutually connected by a communication line. .   78. The personal electronic settlement system according to claim 77, wherein the plurality of settlement units are arranged for each region or for each organization.   Information on the payment means and the owner of the payment means is stored in the first storage means of the payment means or the settlement means having the same attribute as the owner of the payment means, and information on the claim means and the owner of the claim means Is stored in the second storage means of the settlement means having the same attribute as the claim means or the owner of the claim means, and the first storage means of all the settlement means further has communication with the settlement means. The identification information of all the allowed payment means and the position information indicating the place where the information on the payment means and the owner of the payment means are stored are stored, and the second storage means of all the payment means includes: Further, identification information of all billing means permitted to communicate with the settlement means and location information indicating a place where information on the billing means and the owner of the billing means are stored are stored. Personal electronic settlement system according to claim 77 or 78, characterized in.   77. The personal computer according to claim 40, wherein said service providing means is constituted by a plurality of service providing means arranged in a distributed manner, and said service providing means are mutually connected by a communication line. Electronic payment system.   81. The personal electronic payment system according to claim 80, wherein the plurality of service providing units are arranged for each region or for each organization.   Information on the payment means and the owner of the payment means is stored in the first storage means of the payment means or the service providing means having the same attribute as the owner of the payment means, and information on the owner of the claim means and the payment means The information is stored in the second storage unit of the service providing unit having the same attribute as the claim unit or the owner of the claim unit, and the first storage unit of all the service providing units further includes the service providing unit. Identification information of all payment means permitted to communicate with the server and position information indicating a location where information on the payment means and the owner of the payment means are stored, and the second information of all service providing means is stored. The storage means further stores identification information of all the claim means permitted to communicate with the service providing means, and information on the claim means and the owner of the claim means. Personal electronic settlement system according to claim 80 or 81 is in the position information indicating the location and is characterized in that it is accumulated.   83. The personal electronic payment system according to claim 79, wherein the attribute is "organization".   83. The personal electronic payment system according to claim 79, wherein the attribute is "region".   When the payment means connects the communication line with the second service providing means, and the second service providing means is different from the first service providing means for storing information on the payment means and the owner of the payment means. Wherein the service manager information processing means of the second service providing means includes identification information of the payment means stored in the first storage means of the second service providing means, and the owner of the payment means and the payment means. Home service information corresponding to the payment means is specified by the service manager information processing means of the first service providing means from the position information indicating the location where the information on the first service providing means is stored. A mobile user corresponding to the payment means when the home user information processing means is generated on the first service providing means; Report processing means is generated on the second service providing means, and the generated mobile user information processing means and home user information processing means cooperate to communicate with the payment means, 85. The personal electronic settlement system according to claim 82, wherein information processing relating to an owner of the payment means is performed.   A payment means for connecting a communication line with the user information processing means of the second service providing means, requesting a cancellation processing of the payment processing, wherein the second service providing means is related to the payment processing; In a case where the information is different from the first service providing means for storing information on the owner, the service manager information processing means of the second service providing means is stored in the second storing means of the second service providing means. The first service providing means is identified from the identification information of the charging means and the location information indicating the location where the information relating to the charging means and the owner of the charging means is stored, and the first service provision is performed. Sending a message requesting cancellation of the payment process received from the user information processing means to the service manager information processing means, A message that the service manager information processing means requests to cancel the settlement processing received from the merchant information processing means of the first service providing means; and a payment received from the service manager information processing means of the second service providing means. A service request information processing unit is generated on a first service providing unit by comparing the message with a message requesting a process cancellation process, and the service director information processing unit, the merchant information processing unit, and the second service providing unit are provided. 86. The personal electronic payment system according to claim 82, wherein a group of information processing means including user information processing means is defined.   Claiming means transmits message data requesting communication with the payment means to the merchant information processing means of the second service providing means, and the second service providing means accumulates information on the payment means and its owner. When the service manager information processing means of the second service providing means which has received a message requesting communication with the payment means from the merchant information processing means differs from the first service providing means, Means for generating a service director information processing means, defining a group of information processing means comprising the merchant information processing means and the service director information processing means, wherein the generated service director information processing means User information corresponding to the specified payment instrument and the owner of the payment instrument Requesting the service manager information processing means to add the management means to the group, and receiving the request, the service manager information processing means is stored in the first storage means of the second service providing means. The first service providing unit is identified from the identification information of the payment unit and the location information indicating the location where the information on the payment unit and the owner of the payment unit is stored, and the first service providing unit is identified. Requesting a service manager information processing means to generate a user information processing means corresponding to the payment means, and when the user information processing means corresponding to the payment means is generated on the first service providing means, 87. A personal electronic payment system according to claims 82 to 86, wherein means are added to said group.   The payment means transmits message data requesting communication with the billing means to the user information processing means of the second service providing means, and the second service providing means accumulates information on the billing means and its owner. The service manager information processing means of the second service providing means which has received a message requesting communication with the billing means from the user information processing means when the first service providing means is different from the first service providing means. The first service provision is performed based on the identification information of the billing means stored in the second storage means of the provision means and the position information indicating the location where the information on the billing means and the owner of the claim means is stored. Means for specifying means, and receiving from the user information processing means the service manager information processing means of the first service providing means. A message for requesting communication is transmitted, and the service manager information processing means of the first service providing means which has received the message generates service director information processing means on the first service providing means, and A group of information processing means comprising information processing means and user information processing means on the second service providing means is defined, and the generated service director information processing means generates merchant information corresponding to the requested billing means. A request is made to the service manager information processing means of the first service providing means to add processing means to the group, and the service manager information processing means receives the request and adds the processing means to the first service providing means. Generate the corresponding merchant information processing means and add it to the group. Personal electronic settlement system according to claim 82 or 87, characterized in.   89. The personal electronic payment system according to claim 1, wherein the payment unit includes a ferroelectric memory as a storage unit.   The control program recording medium which recorded the control program of the central processing unit of the said payment means of Claims 5 thru | or 89 in the format which a computer can read.   90. A control program recording medium in which a control program of the central processing unit according to claim 6 is recorded in a format readable by an electronic computer.   90. A processing program recording medium in which a processing program of a computer system of said settlement means according to claim 7 is recorded in a format readable by an electronic computer.   90. A processing program recording medium in which the processing program of the computer system of the service providing means according to claim 40 is recorded in a format readable by an electronic computer. 90. A processing program recording medium recording the processing program of the computer system of the settlement processing means according to claim 40 to 89 in a format readable by an electronic computer.

Images