JP2005259038A - Purchase history providing method, purchase history providing system, store side information processor, portable device and customer side information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent purchase history of a purchaser from being read by a third person easily. <P>SOLUTION: A POS terminal 11 uses an encryption key 2 stored in an IC card 1 of a customer to encode the purchase history of the customer. Then, the POS terminal 11, via an IC card reader/writer 10, writes the purchase history in a purchase history record area 4 of the IC card of the customer. A customer side dedicated device 21, via an IC card reader/writer 20, reads out the purchase history encoded and written into the IC card 1. Then, the customer side dedicated device 21 uses a decryption key 24 held by the dedicated device 21 and decodes the purchase history. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a purchase history providing method and a purchase history providing system, and more particularly, a purchase history providing method, a purchase history providing system, a store-side information processing apparatus, a portable device, and the like that prevent leakage of customer privacy information to a third party. The present invention relates to a customer side information processing apparatus.

  Recently, services have been provided that provide buyers with detailed purchase records electronically. This service is performed by a purchase history providing system using an IC card (see, for example, Patent Document 1).

  The purchase history providing system according to this document has the following mechanism. That is, the IC card has a function of recording customer authentication information and purchase information such as a store name, use date and time, purchased item, price, and quantity. When a customer makes a purchase using the IC card, purchase information is recorded on the IC card by an IC card reader / writer at the store POS terminal. Then, the purchase information recorded on the IC card is read by the IC card reader / writer at the customer's terminal device, and tabulated by the tabulation software. The counting result is stored in the customer's terminal device as household data.

JP 2002-352067 A

  However, in the purchase history providing system described above, customer privacy management is insufficient. This is because the purchase history of the buyer was written on the IC card without any security measures. Therefore, there has been a problem that the purchase history of the purchaser may be easily read by a third party.

  An object of the present invention is to provide a mechanism in which a third party who has illegally obtained an IC card cannot obtain the owner's personal information or purchase record.

  In the first invention, the store-side information processing apparatus encrypts the purchase history of the customer and then writes it in the purchase history recording area of the customer's portable device, and the customer-side information processing apparatus is encrypted in the portable device. Further, the purchase history is read and decrypted.

  According to a second aspect of the invention, the store side information processing apparatus encrypts the customer purchase history using the encryption key stored in the customer's portable device, and then writes the purchase history into the purchase history recording area of the customer's portable device. The side information processing apparatus reads the encrypted purchase history written in the portable device and decrypts the purchase history using a decryption key held by the customer side information processing apparatus.

  According to a third aspect of the invention, the encryption key stored in the customer's portable device and the decryption key held by the customer side information processing device in the second aspect are generated in advance by the customer side information processing device. It is characterized by being.

  In a fourth aspect of the invention, the portable device in the first or second aspect is an IC card, exchange of information between the store side information processing device and the IC card, and the customer side information processing device and the IC card. The exchange of information is performed through an IC card reader / writer.

  In a fifth invention, the portable device in the first or second invention is a mobile phone, exchange of information between the store-side information processing device and the mobile phone, and the customer-side information processing device and the mobile phone. The exchange of information is performed through short-range radio.

  The sixth invention is characterized in that the decrypted purchase history in the first or second invention is written into a household data file by the customer side information processing apparatus.

  In a seventh aspect of the invention, the store side information processing apparatus includes encryption means for encrypting the purchase history of the customer, and write means for writing the encrypted purchase history in the purchase history recording area of the customer's portable device. The customer-side information processing apparatus is configured to include a reading unit that reads the encrypted purchase history written in the portable device, and a decryption unit that decrypts the read purchase history. It is characterized by.

  According to an eighth aspect of the invention, the store-side information processing device encrypts the purchase history of the customer using an encryption key stored in the mobile device of the customer, and the encrypted purchase history is stored in the customer A writing means for writing in the purchase history recording area of the portable device, and the customer side information processing device reads the encrypted purchase history written in the portable device, and the read purchase It is characterized by comprising decryption means for decrypting the history using the decryption key held by the customer side information processing apparatus.

  According to a ninth aspect of the invention, the encryption key stored in the customer's portable device and the decryption key held by the customer side information processing device in the eighth aspect are generated in advance by the customer side information processing device. It is characterized by being.

  In a tenth invention, the portable device in the seventh or eighth invention is an IC card, exchange of information between the store-side information processing device and the IC card, and the customer-side information processing device and the IC card The exchange of information is performed through an IC card reader / writer.

  In an eleventh aspect of the invention, the portable device in the seventh or eighth aspect is a mobile phone, exchange of information between the store side information processing device and the mobile phone, and the customer side information processing device and the mobile phone. The exchange of information is performed through short-range radio.

  The twelfth invention is characterized in that the purchase history decrypted in the seventh or eighth invention is written into a household data file by the customer side information processing apparatus.

  In a thirteenth aspect, the store-side information processing apparatus includes: an encryption unit that encrypts a customer purchase history using an encryption key stored in the customer's mobile device; and the encrypted purchase history. It is characterized by including a writing means for writing in a purchase history recording area of a customer's portable device.

  In a fourteenth aspect, the mobile device has an encryption key used when encrypting a customer purchase history and a purchase history recording area for recording the encrypted purchase history.

  In a fifteenth aspect of the invention, the customer-side information processing device has a reading means for reading the encrypted purchase history written in the mobile device, and a decryption in which the customer-side information processing device holds the read purchase history. It is characterized by comprising decryption means for decrypting using a key.

  The present invention has an effect that a third party who illegally obtains an IC card cannot obtain the purchase record of the owner. The reason is that the store-side information processing apparatus encrypts the purchase history of the customer, writes it in the recording area of the customer's portable device, and the customer-side information processing apparatus decrypts it and uses it.

  Next, the best mode for carrying out the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a system block diagram showing an embodiment of the present invention.

  Referring to FIG. 1, the present embodiment is roughly composed of an IC card 1 which is a customer's portable device, a store side device 19 and a customer side device 29. The IC card 1 has an encryption key 2, verification means 3 for determining whether or not the encryption key can be rewritten, a purchase history recording area 4, and personal authentication information 5 such as an ID.

  The store side device 19 has an IC card reader / writer 10, a POS terminal 11, and a purchase database 14. The POS terminal 11 includes an encryption unit 12 for encrypting the purchase history of the customer and a personal authentication unit 13 for performing personal authentication of the customer.

  The customer side device 29 includes an IC card reader / writer 20, a dedicated device 21 such as a personal computer, and a household data file 25 for storing household data. The dedicated device 21 has an encryption generation means 22, a decryption means 23, and a decryption key 24 inside.

  The POS terminal 11 reads the personal authentication information 5 written in the IC card 1 and performs personal authentication before inputting the purchase record of the customer's shopping.

  Further, the POS terminal 11 has a function of recording purchase records of customer shopping as purchase data in a purchase database 14 or a data center (not shown). This record is encrypted by the POS terminal 11 using the encryption key 2 stored in the IC card 1 presented by the customer, and then written in the purchase history recording area 4 of the IC card 1.

  The customer's dedicated device 21 reads the encrypted purchase history written in the IC card 1 at the store. The dedicated device 21 has a function of using the decryption key 24 to extract the purchase history data before encryption by the decryption means 23.

  Next, the operation of the best mode for carrying out the present invention will be described with reference to the drawings.

  First, a procedure for registering an encryption key in the IC card 1 will be described with reference to FIG.

  First, the customer obtains the IC card 1 from a service provider (for example, a store that uses the service) (step A1).

  Next, the customer writes personal information (not shown) such as name, address, and telephone number, and personal authentication data such as ID from the dedicated device 21 to the IC card 1 (step A2). Writing to the IC card 1 is performed via the IC card reader / writer 20. Further, it is assumed that personal information and personal authentication data are stored in advance in a storage circuit (not shown) in the dedicated device 21 via an input device (not shown) of the dedicated device 21 before step A2.

  Next, when the generation of the encryption key 2 is requested by the user by an input device (not shown) of the dedicated device 21, the encryption generation means 22 is activated. The cipher generation means 22 first checks whether or not the decryption key 24 has already been registered in the dedicated device 21 (step A3). If the IC card has just been obtained, the decryption key 24 is of course not yet registered, so the encryption generation means 22 proceeds to step A5 and generates a new encryption key / decryption key set (step A5). Then, the encryption generation means 22 instructs the verification means 3 of the IC card 1 to write the encryption key 2 generated in step A5 into the IC card 1 via the IC card reader / writer 20 (step A6). . If the decryption key 24 has already been registered in the dedicated device 21 in step A3, that (old decryption key) is used (step A4).

  The IC card 1 confirms the registration status of the encryption key 2 by the verification means 3 (step A7). If the IC card 1 has just been obtained, the process jumps to step A8 because the encryption key 2 is not registered. The verification means 3 of the IC card 1 writes the encryption key 2 sent from the customer side device 29 into the IC card 1 (step A8). When the writing of the IC card 1 is completed, the verification unit 3 of the IC card 1 reports the writing result to the customer side device 29 via the IC card reader / writer 20 (step A9). The dedicated device 21 of the customer side device 29 verifies the writing result (step A10). When the dedicated device 21 of the customer side device 29 determines that the writing process in the IC card 1 has been completed normally, the decryption key 24 is registered in the dedicated device 21 (step A11), and the encryption key registration process is terminated. To do.

  It should be noted that the encryption key and the decryption key can be written in advance in the IC card 1 by the service provider. In that case, it is necessary to store the decryption key on a separate medium (for example, printed on a floppy (registered trademark) disk or paper) separately from the IC card 1 and give it to the customer. With the above-described method, it is possible to simplify the initial setting of the customer.

  Next, a procedure for recording purchase history information using this service will be described with reference to FIG.

  First, before collecting customer purchase data from the purchase database 14 by the POS terminal 11 at the store, the personal authentication means 13 performs personal authentication. The identity authentication is performed to confirm that the purchase has been made by the principal. In this embodiment, an authentication method using a password is used. However, the present invention is not limited to this, and a method using physical information such as a fingerprint of the person may be used. For personal authentication, the personal authentication information 5 is read from the IC card 1 via the IC card reader / writer 10 (step B1). Then, the personal authentication means 13 collates authentication information such as a password input from the customer with the authentication information held in advance by the POS terminal 11, and performs the subsequent transaction only when they match (step B2).

  First, customer purchase data is recorded in the purchase database 14 by the POS terminal 11 (step B3). In parallel with this purchase process, the POS terminal 11 issues a read request for the encryption key 2 from the IC card 1 to the IC card 1 via the IC card reader / writer 10 (step B4). In response to this request, the IC card 1 returns the encryption key 2 to the POS terminal 11 (step B5). When the customer payment process is completed at the POS terminal 11, the encryption means 12 of the POS terminal 11 checks the registration of the encryption key 2 (step B6). If the encryption key 2 is registered, the encryption unit 12 of the POS terminal 11 reads the purchase data (purchase history information) from the purchase database 14 and encrypts it using the encryption key 2 (step B7). ).

  Subsequently, the POS terminal issues an instruction to write the encrypted purchase history information to the IC card 1 by writing means (not shown) (step B8). The IC card 1 receives the purchase history write request from the POS terminal 11, and writes the encrypted purchase history information sent from the POS terminal 11 into the purchase history recording area 4 of the IC card 1 (step B9). Then, the writing result is returned to the POS terminal 11 (step B10). Information exchange between the IC card 1 and the POS terminal 11 is performed via the IC card reader / writer 10.

  Next, a procedure for reading the purchase history information recorded in the purchase history recording area 4 of the IC card 1 by the customer side device 29 will be described with reference to FIG.

  The dedicated terminal 21 issues a request for reading purchase history information stored in the IC card 1 from the IC card 1 by a reading means (not shown) (step C1). The IC card 1 reads the encrypted purchase history information stored in the purchase history recording area 4 and returns it to the dedicated terminal 21 such as a personal computer (step C2). Information exchange between the IC card 1 and the dedicated terminal 21 is performed via the IC card reader / writer 20. Subsequently, the decryption means 23 of the dedicated terminal 21 decrypts the purchase history information read by the read means (not shown) using the decryption key 24 (step C3) and writes it into the household data file 25 (step C4).

  When the reading means (not shown) of the dedicated terminal 21 finishes reading the purchase history information written in the purchase history recording area 4, the customer deletes the read purchase history information from the purchase history recording area 4 as necessary. Is possible. When the customer needs to delete old data (step C5), the reading means (not shown) of the dedicated terminal 21 issues a purchase record deletion request to the IC card 1 (step C6). At this time, identification information such as a password (which may be a digital signature or the like) is attached to the deletion request. When there is a purchase record deletion request, the IC card 1 verifies the personal authentication information sent from the dedicated device 21 by comparing it with the personal authentication information 5 (step C7). If there is no problem in verification, the IC card 1 deletes the purchase history information from the IC card 1 (step C8), and returns the write result to the dedicated terminal 21 (step C9).

  In FIG. 4, the dedicated terminal 21 does not perform personal authentication when reading purchase history information. However, if a higher level of security is required, it is possible to perform identity authentication such as password confirmation before reading the purchase information.

  In the above description, it is assumed that the purchase history information is stored on the IC card. However, the history information can be stored using an external data center or the like.

  Furthermore, in the above-described embodiment, a purchase history providing system using an IC card as a customer's mobile device has been described, but a method using a mobile device such as a mobile phone instead of the IC card is also possible. That is, the storage device of the portable device holds the encryption key 2, verification means 3 for determining whether or not the encryption key can be rewritten, a purchase history recording area 4, and personal authentication information 5 such as an ID. Then, transmission / reception of purchase history information between the mobile phone and the POS terminal, and between the mobile phone and the customer side device is performed by short-range radio such as Bluetooth.

It is a system block diagram which shows one embodiment of this invention. It is an operation | movement flowchart which shows operation | movement of this invention. It is an operation | movement flowchart which shows operation | movement of this invention. It is an operation | movement flowchart which shows operation | movement of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 IC card 2 Encryption key 3 Verification means 4 Purchasing history recording area 5 Personal authentication information 10 IC card reader / writer 11 POS terminal 12 Encryption means 13 Personal authentication means 14 Purchasing database 19 Shop side device 20 IC card reader / writer 21 Dedicated device 22 Encryption generation means 23 Decryption means 24 Decryption key 25 Household data file 29 Customer side device

Claims (15)

The store-side information processing apparatus encrypts the purchase history of the customer and then writes it in the purchase history recording area of the customer's mobile device, and the customer-side information processing device reads the encrypted purchase history written to the mobile device. And a purchase history providing method characterized by decrypting the data. The store-side information processing device encrypts the customer purchase history using an encryption key stored in the customer's mobile device, and then writes the purchase history in the purchase history recording area of the customer's mobile device. A method for providing a purchase history, comprising: reading the encrypted purchase history written in a mobile device and decrypting the purchase history using a decryption key held by the information processing apparatus on the customer side. 3. The encryption key stored in the customer's mobile device and the decryption key held by the customer-side information processing device are generated in advance by the customer-side information processing device. Purchasing history offer method. The portable device is an IC card, and exchange of information between the store-side information processing device and the IC card, and exchange of information between the customer-side information processing device and the IC card are performed via an IC card reader / writer. 3. The purchase history providing method according to claim 1, wherein the purchase history is provided. The mobile device is a mobile phone, and the exchange of information between the store-side information processing device and the mobile phone and the exchange of information between the customer-side information processing device and the mobile phone are performed via short-range radio. 3. The purchase history providing method according to claim 1, wherein the purchase history is provided. 3. The purchase history providing method according to claim 1, wherein the decrypted purchase history is written into a household data file by the customer side information processing apparatus. The store-side information processing apparatus includes an encryption unit that encrypts a customer purchase history, and a writing unit that writes the encrypted purchase history into a purchase history recording area of the customer's portable device. The processing device includes a reading means for reading the encrypted purchase history written in the portable device, and a decryption means for decrypting the read purchase history. Offer system. The store-side information processing apparatus includes: an encryption unit that encrypts a customer purchase history using an encryption key stored in the customer's mobile device; and the purchase history of the customer's mobile device that is encrypted. The customer side information processing apparatus is configured to include a writing unit that writes in the recording area, and the customer side information processing device reads the encrypted purchase history written in the portable device, and the customer side information A purchase history providing system comprising decryption means for decrypting using a decryption key held by a processing device. 9. The encryption key stored in the customer's mobile device and the decryption key held by the customer-side information processing device are generated in advance by the customer-side information processing device. Purchasing history providing system. The portable device is an IC card, and exchange of information between the store-side information processing device and the IC card, and exchange of information between the customer-side information processing device and the IC card are performed via an IC card reader / writer. 9. The purchase history providing system according to claim 7, wherein the purchase history providing system is performed. The mobile device is a mobile phone, and the exchange of information between the store-side information processing device and the mobile phone and the exchange of information between the customer-side information processing device and the mobile phone are performed via short-range radio. 9. The purchase history providing system according to claim 7, wherein the purchase history is provided. 9. The purchase history providing system according to claim 7 or 8, wherein the decrypted purchase history is written into a household data file by the customer side information processing apparatus. Encryption means for encrypting a customer purchase history using an encryption key stored in the customer's portable device, and writing means for writing the encrypted purchase history in a purchase history recording area of the customer's portable device A store-side information processing apparatus characterized by comprising the above. A portable device comprising: an encryption key used for encrypting a customer purchase history; and a purchase history recording area for recording the encrypted purchase history. A customer-side information processing apparatus using a reading unit that reads an encrypted purchase history written in a mobile device, and a decryption key that the customer-side information processing apparatus holds the read purchase history A customer-side information processing apparatus comprising decryption means for decryption.

Images