JP2007179214A - Network service anonymous billing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow anonymous log-in without registration of personal information in an affiliated site providing a chargeable network service. <P>SOLUTION: A biometric authentication device allows log-in to a management site when biometric authentication of a user is verified. A communication terminal apparatus transmits site specification information specifying the affiliated site accessed by the user to the management site in predetermined timing. The management site generates a one-time code and transmits it to the communication terminal apparatus and the affiliated site when the site specification information is transmitted. In receipt of the inputted one-time code, the affiliated site compares the received one-time code with that transmitted from the management site. When both one-time codes agree with each other, offer of the network service is started, and billing information matching the one-time code is generated to be transmitted to the management site. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an improvement of a billing system applied to a site that provides a paid network service.

  Nowadays, on the Internet, many ASP services have been established that charge only for registered users using network services such as homepage browsing and product sales. In such an ASP service, an enrollment page for registering a user as a member is provided in the home page that constitutes the network service, and processing for browsing, billing, user address, name, e-mail address, and billing is processed there. Input fields such as credit information (credit card number) are provided. When the user's personal information entered in the input field is transmitted to the server of the service providing site, the user ID and password for logging in to the network service are notified to the user through a predetermined procedure, and the user is notified. The user ID and password can be entered on a predetermined login authentication page to log in to the network service.

  However, there is a security problem because there are users who write down their user ID and password on a sticky note and paste them on a personal computer. In addition, a criminal act called phishing, which creates a fake site that defeats a real site and invites the user to misunderstand and enters personal information illegally, is also appearing.

Accordingly, in relation to such a security problem, the following Patent Document 1 discloses a system that performs biometric authentication of a user and connects to a corporate LAN when the authentication is successful. Non-Patent Document 1 describes a system for personal authentication using a one-time ID, and introduces a technique for storing information necessary for the communication terminal in a fingerprint authentication USB memory.
JP 2005-92614 A Product Information Necessity of SKIP9: Secured Communications (http://www.secured-com.co.jp/product/needs.html)

  However, if there is a situation such as low recognition of the service providing site, you will feel psychological resistance to submitting and disclosing important personal information such as address, name, and other credit information. There were many users who gave up even if they were satisfied. For this reason, the service providing site cannot sufficiently collect registered users, and suffers from problems such as being unable to continue the service business due to insufficient revenue.

  Even if fingerprint authentication USB or the like is used for login authentication, if the person has specialized knowledge of software, use the communication terminal after the OS of the communication terminal has completely started up. It was not impossible to hack the internal information of the fingerprint authentication USB and impersonate a registered user.

  Further, the security against Trojan horse-type spyware that is installed without the user's knowledge and transmits personal information such as a user ID and password to a third party has not been guaranteed.

  Accordingly, in claim 1 of the present invention, in a network service billing system comprising a partner site that provides a paid network service, a management site that settles billing for the network service, and a communication terminal operated by a user. The communication terminal is composed of a biometric authentication device and a terminal main body, and the biometric authentication device displays a predetermined authentication screen and stores biometric authentication software for logging in to the management site when the user is biometrically authenticated. The communication terminal transmits site specifying information for specifying the affiliate site accessed by the user at a predetermined timing to the management site, and the management site stores a database in which personal information including user credit information is registered. And one-time code when site specific information is sent from a communication terminal When the billing information corresponding to the one-time code is received from the partner site, the user is identified from the issuance record of the one-time code, and the credit information of the user is generated and transmitted to the communication terminal and the partner site. If the partner site accepts the one-time code entered by the user on the predetermined login page and compares it with the one-time code sent from the management site, The billing information corresponding to the one-time code is created and transmitted to the management site.

  According to the second aspect, the biometric authentication software has a function of uniquely controlling the network communication function of the terminal device body, and suppresses normal operation by the OS of the terminal device body until logging in to the management site.

  According to a third aspect of the present invention, the biometric authentication device further stores login processing software that periodically notifies the management site of the operating state of the communication terminal.

  In claim 4, the one-time code includes information on the expiration date.

  According to a fifth aspect of the present invention, the biometric authentication device is a portable biometric authentication device that has a connection terminal and is detachably connected to an external device connection portion of the terminal body.

  According to claims 1 to 5, the affiliated site that provides the network service has a login page for the network service that accepts the one-time code, and the one-time code received from the user and the one transmitted from the management site. When the time code is compared and it is determined that the two match, the network service is provided and billing information corresponding to the one-time code is created and transmitted to the management site. Based on the user's personal information, a mechanism for reimbursing the charge is provided. Therefore, the user only has to register personal information only in the management site, and it is possible to log in anonymously by simply inputting the one-time code on the login page of the partner site. Furthermore, since the one-time code can be used only once, there is no possibility of being misused even if it is leaked by Trojan-type spyware.

  In particular, according to claim 2, the biometric authentication software stored in the biometric authentication device has a function of uniquely controlling the network communication function of the terminal device body, and until the user logs in to the management site, Since the normal operation by the OS is suppressed, it is extremely difficult for even a person having software expertise to intercept and acquire the contents of communication with the management site by software operating under the OS. It is impossible to analyze the contents and misuse the accounting system.

  In particular, according to the third aspect, the login processing software stored in the biometric authentication device periodically notifies the management site of the operating state of the communication terminal, so that someone can communicate with the user's communication terminal. Unauthorized access that makes it impossible to communicate and impersonates the user with another communication terminal becomes difficult.

  Particularly, since the one-time code includes information on the expiration date, the one-time code becomes invalid when the expiration date passes even if it is unused. For this reason, even if the one-time code can be stolen while the user is away from the seat, it must be used immediately, and unauthorized use is immediately revealed. Therefore, the safety of the one-time code is improved.

  In particular, according to the fifth aspect, the biometric authentication device is a portable biometric authentication device that is detachably connected to the external device connection portion of the terminal body, so that it can be freely carried and easily used in another communication terminal. Available to:

  FIG. 1 is a system diagram schematically illustrating information transmission in a network service anonymous billing system S according to an embodiment of the present invention.

  The anonymous billing system S of this example includes a communication terminal device 1 used by a user, a management site 3 that provides a one-time code necessary for anonymized login, and a network service that authenticates the user by the one-time code. The affiliated site 4 providing the credit card and the credit site 5 for final payment of the affiliated site 4 are connected through a network N such as the Internet, and the management site 3, the affiliated site 4, The credit site 5 is basically operated and managed by different operators.

  The constituent elements of this figure will be described in more detail. The communication terminal 1 includes, for example, a terminal body (personal computer) 11 capable of network communication that operates on a Windows (registered trademark) OS, and the terminal body. 11 is configured with the biometric authentication device 2 detachably connected to the terminal 11, but the terminal body 11 is not limited to such a personal computer, and even a device operating on another OS may be a dedicated terminal. There may be. The biometric authentication device 2 is preferably configured as the portable biometric authentication device 2 and includes biometric authentication means 21 that reads biometric data such as a fingerprint and discriminates the user.

  The management site 3 acts as a proxy for the user management operations of the individual affiliation sites 4, and provides a one-time code issue server 31 that issues a one-time code for anonymous login to the network service of the affiliation site 4 to the user. , The settlement server 32 that performs the settlement process of the affiliated site 4 used by the user. The settlement server 32 executes the settlement and reimbursement processing upon receipt of the paid service usage notification from the affiliated site 4, A payment notice is transmitted to the credit site 5. Therefore, the management site 3 registers personal information such as the user's name, address, e-mail address, and credit information (credit card information, etc.) of the credit site 5 in a database (not shown) in association with identification information different for each user. The one-time code issuing server 31 and the settlement server 32 refer to the database as necessary. Further, the management site 3 may provide a proxy server so that information that can identify an individual such as a user's network address does not leak to the affiliated site 4. Here, as the identification information that is different for each user, a product ID for each portable biometric authentication device 2 or a user ID assigned to each user by the management site 3 can be used.

  The one-time code is a single-use code that is abandoned once it is used. The one-time code only needs to include an issuance ID to be associated with the recording of the one-time code issuance log. In relation to this, the issue date and time, the product ID of the portable biometric authentication device 2, the user ID, and the like are accumulated and recorded in the database as an issue record (one-time code issue log).

  Further, the management site 3 is further provided with a management server and a database server for managing a database of personal information including credit information. The database server cannot be directly accessed from the network N, and the management server can be configured as one by one. If access permission for the database server is given to the time code issuing server 31 and the settlement server 32, it becomes more robust against attacks from the network N side.

  The affiliated site 4 includes a service providing server 41 that provides a predetermined network service, and an authentication server 42 that authenticates login to the service providing server, and prepares a login page that accepts a one-time code. The authentication server 42 trusts only the one-time code received on the login page, permits login to the network service, and notifies the management site 3 of the billing information corresponding to the one-time code. In addition, as a network service provided by the affiliated site 4, it is possible to provide information through a homepage, but in addition to this, ASP services such as mail service, file storage, exchange service, WEB-based groupware are also possible, There is no limitation.

  The credit site 5 is operated by a credit company or the like, and includes at least a communication server 51 that receives the advance payment notification transmitted from the management site 3, and based on the advance payment notification, remittance, usage statement sending, account Make a withdrawal.

Next, the configuration of the portable biometric authentication device 2 will be specifically described according to the block diagram and the external view.
FIG. 2 is a block diagram showing a schematic configuration of the portable biometric authentication device 2, and FIGS. 3A and 3B are two external views thereof.

  As shown in this block diagram, the portable biometric authentication device 2 corresponds to the USB standard and the like, and reads the connection terminal T for connecting to the communication terminal 1 and the biometric data such as the fingerprint of the registered user. Biometric authentication means 21 for user authentication, biometric authentication data storage means 22 storing biometric authentication registered in advance, and product IDs individually assigned to each portable biometric authentication device 2 are stored. Product ID storage means 23, software storage means 24 storing various types of software, and control means 25 that integrates these components and communicates with the terminal body 11 according to communication procedures such as the USB standard. ing. This configuration may further include display means 26 for displaying the state of the portable biometric authentication device 2 with an LED or the like.

  The control means 25 includes an interface 25a for processing a communication procedure such as a USB standard, a firmware storage means 25b for storing firmware for controlling each unit, a processor 25c for executing the firmware, and a processor 25c. The RAM 25d is referred to, but a function for emulating an external floppy (registered trademark) disk device, CD-ROM device, or the like may be further provided as a storage device capable of starting the terminal body 11. . Each of the storage units 22, 23, 24, and 25b may be integrally configured by allocating areas to an overwritable non-volatile memory such as a flash memory.

  The software storage unit 15 displays a predetermined authentication screen, and when the user is biometrically authenticated, the biometric authentication software for logging in to the management site 3, the terminal activation software, and information for specifying the site accessed by the user , Site notification software for transmitting site identification information including identification information (product ID) to the management site 3 at a predetermined timing, and login processing software for periodically notifying the management site 3 of the operating state of the communication terminal 11 Is remembered.

  3A is provided with a reading unit of the biometric authentication unit 21 and an LED of the display unit 26 on the upper surface, and a cable W having a connection terminal T at the tip. Is provided. On the other hand, the external appearance of the portable biometric authentication device 2 shown in FIG. 3B is provided with the reading unit of the biometric authentication unit 21 and the LED of the display unit 26 on the upper surface, and with the connection terminal T at the tip. A key holder type protective cap 27 for protecting the connection terminal T is provided.

Next, login and billing procedures for the affiliated site in the anonymous billing system S will be described with reference to the drawings.
FIG. 4 is a data flow diagram for explaining a series of basic processes at that time, the process of the portable biometric authentication device 2, the process of the terminal body 11, the process of the management site 3, the process of the partner site 4, The processing of the credit site 5 is divided, and the data flow between them is shown in time series from top to bottom. In the following description, it is assumed that the personal information of the user has already been registered in the management site 3 by a predetermined registration procedure.

  According to this procedure, when the terminal main body 11 is turned on with the portable biometric authentication device 1 connected, it initializes the operation input means including a keyboard and a touch pad, and each part such as a liquid crystal monitor according to the BIOS. It communicates with the portable biometric authentication device 2 and recognizes it as an external storage device that can be activated. Then, instead of the OS installed in the built-in hard disk, the communication terminal device 1 is configured which reads and activates the terminal device activation software from the portable biometric authentication device 2 and can communicate via the network N. In order for this operation to be possible, the terminal body 11 needs to be BIOS-set so that the external storage device is activated in preference to the built-in hard disk device storing the OS (step). 101).

  And the communication terminal 1 reads biometric authentication software from the portable biometric authentication apparatus 2, and performs biometric authentication as follows. That is, a predetermined authentication screen (not shown) is displayed and output, and a biometric authentication request is transmitted to the portable biometric authentication device 1. When the portable biometric authentication device 2 accepts the request, the portable biometric authentication device 2 internally stores an authentication result obtained by comparing the biometric data of the user read by the biometric authentication unit 21 with biometric authentication data registered in advance. The communication terminal 1 determines the authentication result, and if successful, transmits a biometric authentication notification including identification information (product ID) to the management site 3. When the management site 3 accepts the authentication notification, the management site 3 permits the login of the communication terminal 1 (steps 102, 106, 107).

  Thereafter, the communication terminal 1 executes the OS activation software, reads the original OS, and transfers control. Before transferring control to the OS, it is desirable to delete the biometric authentication software from the memory of the terminal body 11 (103).

  Then, when the OS to which the control has been transferred recognizes the portable biometric authentication device 2 as an external storage device, it automatically reads out the site notification software and the login processing software from there and starts executing them in the background. The portable biometric authentication device 2 also stores a setting file for automatic execution (in Windows OS, the autorun.inf file corresponds to the setting file).

  After that, the site notification software sends, to the management site, site identification information including information such as URL for identifying the site and identification information (product ID) at the timing when the user opens a predetermined homepage of the affiliate site. Send to background. For that purpose, a mark such as an icon for the site notification software to identify may be arranged on the predetermined homepage. Alternatively, at the timing when an arbitrary homepage is opened, site specifying information including information such as a URL specifying the site and identification information (product ID) is transmitted to the management site in the background, and the site specifying information is transmitted. The received management site 3 may determine whether the home page is a predetermined home page of the affiliate site. In any case, when the management server 3 determines that the user has accessed a predetermined homepage of the affiliated site, the management server 3 returns a response signal to the site notification software and returns the one-time code issuing service page of the management site 3. Let it open automatically.

  However, as another configuration, a link to the one-time code issuing service page provided by the management site 3 is arranged on the paid network service purchase page of the affiliated site 4, and the user can access the one-time code issuing service page from the link. If the URL is opened as a separate screen, the management site 3 identifies affiliated sites and users from the information and IP address of the referrer site included in the signal that the browser notifies when opening the one-time code issuance service page. It is also possible to do. For this purpose, when the biometric authentication notification is transmitted from the communication terminal device 1 and the login is permitted, the management site 3 may store the IP address of the communication terminal device. In this case, site notification software is not required.

  The one-time code issuance service page is preferably protected by HTTPS, etc., and it is desirable to have the terms of the paid service and the agreement clauses such as charging conditions, etc., but at least to request a one-time code , Operation buttons and the like are provided. When the button is operated, a one-time code request notification is transmitted to the management site 4, and the management site 3 generates a one-time code, updates and records a one-time code issuance log, and generates the generated one-time code. Is transmitted to both the user and the affiliated site 4. At this time, the user may be notified by displaying a one-time code notification screen.

  The login processing software has a function of periodically reporting the operating state of the communication terminal 1 to the management site 3, and the management site 3 forcibly connects to the communication terminal 1 when the report is interrupted. To log out. With this mechanism, the login state to the management site 3 usually lasts until the communication terminal 1 is powered off. However, if someone makes the communication terminal 1 incapable of communication, the login state will not be maintained, so that it is possible to effectively prevent impersonation by impersonating the communication terminal 1 with another communication terminal. The login processing software may also manage proxy settings of the OS when the affiliated site 3 provides a proxy server.

  In the affiliated site 4, when the one-time code is entered in the predetermined field of the network service login page, the entered one-time code is compared with the one-time code transmitted from the management site 3 earlier. When the coincidence between the two is determined, login to the network service is permitted, and a service use start notification corresponding to the one-time code is transmitted to the management site 3. The management site 3 accepting the transmission identifies the user from the one-time code included therein, and stores the conclusion of the paid service consumption contract in the database as the user service use log. Here, the affiliated site 4 authorizes login by trusting the one-time code, and since the contracted service contract with the affiliated site 4 is executed at the management site 3, the user can send personal information to the affiliated site. No need to disclose and provide in 4. Steps 104, 108, 109, 111).

  The network service provided by the affiliated site 4 continues until the user logs out of the affiliated site 4, and when the user logs out, the affiliated site 4 executes a billing process and notifies the result of service use termination corresponding to the one-time code. And transmitted to the management site 3 (steps 105, 110, 112, 113).

  The management site 3 that has accepted the transmission executes settlement, reimbursement processing, and the like based on the credit information registered in advance by the user, and notifies the credit site 5 of the result. It should be noted that the settlement, reimbursement processing, etc. may be executed periodically in accordance with the credit card date (steps 110 and 114).

  In the above description, the one-time code is defined as a disposable code including an issue ID, but an expiration date may be further included. In that case, in the affiliated site 4, it is necessary to check the expiration date when comparing the one-time code input by the user with the one-time code transmitted from the management site 3, but the one-time code If it is stolen, it is an effective measure to prevent its unauthorized use. In addition, if the one-time code is encrypted with a secret key known only to the management site 3, and the public key paired with the secret key is notified to the partner site 4 in advance, Since the legitimacy of the one-time code can be confirmed by decoding, the management site 3 does not need to notify the affiliated site 4 when notifying the user of the one-time code. As a public key and a private key for that purpose, a one-time code attached with an electronic name by the certificate authority may be issued using a certificate issued by a third party certificate authority.

  In the above example, the portable biometric authentication device 1 causes the communication terminal device 3 to read the communication terminal device activation software for controlling the display output and network communication of the communication terminal device 3, and receives the control of the communication terminal device. The device 1 is configured to execute biometric authentication software, and after the authentication, the OS is read after logging into the management site 3. However, as another configuration, the portable biometric authentication device 1 does not prepare terminal device activation software, and the portable biometric authentication device 1 displays while the communication terminal device 3 is activated and the OS is read as usual. It is also possible to directly control output and network communication, execute biometric authentication software by itself without using the CPU of the communication terminal 3, and suppress display output of the OS until logging in to the management site 3.

  Finally, a registration process required when the user introduces the portable biometric authentication device 2 in order to use the anonymous login service S will be described. When the management site 3 provides the portable biometric authentication device 2, the introduction software for performing the registration process may be distributed with a medium such as a CD attached. At this time, the user is also notified of information such as a user ID and a password for the management site 3. Then, the user's biometric data (fingerprint) and the like are internally registered in the portable biometric authentication device 2 by the introduction software, and the user's personal information and product ID are submitted to the management site 3 through the network. In addition, when biometric data is re-registered, another biometric data may be registered after the biometric authentication by using the introduction software. When the management site 3 accepts the information, the management site 3 registers it in the database. Instead of distributing the installed software on a medium such as a CD, the same processing may be executed on the registration page in the home page operated by the management site 3. At that time, an execution program described in Active X or the like can be downloaded from the homepage, and the registration process can be executed.

The system figure explaining the structure of the network service anonymous login system which is an Example of this invention. Block diagram showing the configuration of the portable biometric authentication device (A), (b) is two types of external views of a portable biometric authentication apparatus. The data flow figure explaining the basic processing of anonymous login.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Communication terminal 11 Terminal body 2 Portable biometric authentication device 21 Biometric authentication means 3 Management site 4 Partner site S Network service anonymous login system

Claims (5)

In a network service billing system composed of a partner site that provides paid network services, a management site that settles billing for the network services, and a communication terminal operated by a user,
The communication terminal is composed of a biometric authentication device and a terminal body,
The biometric authentication device is:
When a predetermined authentication screen is displayed and the user is biometrically authenticated, biometric authentication software for logging in to the management site is stored,
The communication terminal transmits site specifying information for specifying a partner site accessed by the user at a predetermined timing to the management site,
The above management site
It has a database in which personal information including credit information of the user is registered,
When the site specific information has been transmitted from the communication terminal device, a one-time code is generated and transmitted to the communication terminal device and the partner site,
When the billing information corresponding to the one-time code is received from the partner site, the user is identified from the one-time code issuance record and settled based on the credit information of the user,
The above partner sites are
When the one-time code input by the user on a predetermined login page is received and compared with the one-time code transmitted from the management site, and when a match between the two is determined, the network service starts to be provided, A network service anonymous billing system, wherein billing information corresponding to the one-time code is created and transmitted to the management site. In claim 1,
The biometric authentication software has a function of uniquely controlling the network communication function of the terminal device body, and suppresses normal operation by the OS of the terminal device body until logging in to the management site. Network service anonymous billing system. In claim 1 or 2,
The biometric authentication device is:
A network service anonymous billing system, further storing login processing software for periodically notifying the management site of an operating state of the communication terminal. In any one of Claims 1-3,
The network service anonymous billing system, wherein the one-time code includes information on the expiration date. In any one of Claims 1-4,
The biometric authentication device is a portable biometric authentication device that has a connection terminal and is detachably connected to an external device connection portion of the terminal body.

Images