JP2007323249A - Settlement system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a settlement system capable of performing settlement with high security without taking time and labor. <P>SOLUTION: This portable telephone 1 for a user displays information to be used for identifying the user on a picture 1a as a QR code. A portable telephone 2 for a store reads the QR code from the portable telephone 1 for the user, and transmits QR code information QD and store side protection information A21 stored in a store side storage means 22 to a credit company side server 3, and receives information to be transmitted from the credit company side server 3, and displays the information on the picture 2a. The credit company side server 3 decides whether or not the received QR code information QD and the store side protection information A21 are matched with information stored in a company side storage means 32 by comparing them, and when they are matched, the credit company side server 3 transmits face picture data FP with result information R to the portable telephone 2 for the store. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a payment system used when a user such as a credit card or a debit card shop at a store.

  Generally, when shopping using a credit card, a user takes a product to a cash register, presents the card to a store clerk, and then signs on a slip handed over from the store clerk. Also, at this time, the store clerk reads the user information from the card presented by the user with a dedicated card reader and sends the information to the credit company via the dedicated credit network, then issues a slip, Give the slip to the user. Furthermore, the store clerk compares the signature written by the user with the signature written on the back side of the user's card to complete the settlement by performing identity authentication. However, since this method uses a dedicated credit network, there is a problem that communication costs are high, and only authentication is compared for identity authentication. For example, if a card theft user imitates handwriting, Because it will allow the use of people other than the person, it is desired to improve security.

Conventionally, as a technique for solving such a problem, the user presents the card to the store clerk and causes the POS terminal to acquire the card ID number, and the card password is input to the POS terminal via a predetermined input device. In addition, there is a technique in which, when a mobile phone number is transmitted to a POS terminal of a store using a mobile phone, such information is transmitted from the POS terminal to a credit company via the Internet (see Patent Document 1). In this technology, communication between the POS terminal and the credit company is performed via the Internet, so that the communication cost can be reduced. In addition to the card ID number read by the card reader, the card password and the user's mobile phone number are credited. Since it is sent to the company, security is also improved.
JP 2005-275923 A

  However, in the technique described in Patent Document 1, it takes time to input a card password with a predetermined input device and to input a mobile phone number into a mobile phone and transmit it to a POS terminal. There was a problem of becoming.

  Therefore, an object of the present invention is to provide a settlement system that enables a highly secure settlement without taking time and effort.

  The present invention for solving the above problems is a payment system comprising a mobile terminal with a screen used by a user, a store side terminal used by a store clerk, and a payment company side terminal used by a payment company, The portable terminal includes display means for displaying user identification information used for identification of the user on the screen of the portable terminal as a two-dimensional code, and the store-side terminal displays on the screen of the portable terminal Reading means for reading the two-dimensional code, store-side storage means for storing store identification information for identifying the shop, and adding the store identification information to the information of the two-dimensional code read by the reading means Store-side transmission means for transmitting examination information to the settlement company-side terminal, store-side reception means for receiving result information and body identification information transmitted from the settlement company-side terminal, and the result information and body identification information The A payment company-side storage means for storing a notification means for notifying a store clerk, wherein the payment company-side terminal stores the user identification information, the shop identification information, and body identification information depending on the body of the user; The settlement company side receiving means for receiving the examination information transmitted from the store side terminal, and the examination information received by the settlement company side receiving means is stored in the settlement company side storage means Comparing means for determining whether or not they match with the user identification information and the store identification information, and the comparison result by the comparison means is transmitted to the store side terminal as result information, and the result information And payment company side transmission means for transmitting the physical identification information to the store side terminal together with the result information.

  Here, “payment company” refers to a company that makes payment using a card or a company that has been entrusted with payment business, for example, a credit company that issues a credit card or a debit card. In addition to banks, this includes payment companies entrusted with payment operations to credit companies.

  According to the present invention, a user who visits a store first operates the display means of his / her portable terminal to display user identification information as a two-dimensional code on the screen. Thereafter, the store clerk reads the two-dimensional code from the screen of the user's mobile terminal by the reading means, and then uses the information of the two-dimensional code and the store identification information stored in the store-side storage means as examination information. The information is transmitted to the settlement company side terminal by the store side transmission means. The settlement company terminal compares the examination information sent from the store side terminal with the user identification information and the store identification information stored in the settlement company side storage means, and determines whether or not they match. The As a result, if they match, the settlement company side terminal transmits the result information and the body identification information stored in the settlement company side storage means to the store side terminal. And if result information and body identification information are transmitted to a shop side terminal, result information and body identification information will be reported to a store clerk by a reporting means. As a result, the clerk can confirm that the payment company has approved the user based on the result information, and the user in front of the legitimate user is legitimate based on the body identification information (for example, a facial photograph). It is possible to determine whether or not the user is new.

  Further, in the present invention, the payment company terminal converts the data arrangement of the body identification information into shuffle means and the body identification information rearranged by the shuffle means into two pieces of information, guardian information and incarnation information. A splitting means for splitting; and a restoring means for restoring the physical identification information from the guardian information and the incarnation information; the incarnation information is stored in the settlement company-side storage means; , Based on the function of transmitting the protection information to the portable terminal when the division by the dividing means is completed, the protection information transmitted from the portable terminal, and the incarnation information stored in the settlement company storage means A function of transmitting the user identification information to the portable terminal when the restoration by the restoration means is successful, and the body identification information restored by the restoration means Is transmitted to the store side terminal together with the result information, and the mobile terminal is used to receive the protection information and the user identification information transmitted from the settlement company side terminal. Before displaying the two-dimensional code on the screen by the display means, the protection information stored in the user-side storage means is stored in the user-side receiving means, the user-side storage means for storing the protection information, and the display means. User-side transmission means for transmitting to the payment company-side terminal may be provided, and the display means may be configured to display the user identification information received by the user-side reception means as two-dimensional data. .

  Furthermore, the shuffle means may be configured to insert dummy data when the data array is rearranged.

  According to these, since protection information alone is not worth using, even if a third party obtains protection information by some method, for example, the user's information will not be leaked and security can be further improved. it can.

  The shuffle means has a function of operating using a different table every predetermined time, and whenever the body identification information is restored by the restoration means, the restored body identification information is stored at the time at that time. The data array is rearranged using the corresponding table, and the dividing means transmits new incarnation information obtained by dividing the rearranged data to the settlement company storage means to update the incarnation information. And the new protection information may be transmitted to the mobile terminal via the payment company transmission means to update the protection information.

  Further, the table may be constructed based on a random number table or a magic circle.

  According to these, protection information and incarnation information are updated every time a user makes a purchase on a mobile terminal, so even if the protection information is stolen during the communication between the settlement company and the mobile terminal, it is used after a predetermined time. After a person shop with a mobile terminal, the use value of the protection information stolen in the past is lost. Therefore, security can be further enhanced.

  According to the present invention, the user can display the two-dimensional code on the mobile terminal, and the store clerk can read it, send it to the payment company and wait for the result, so that payment can be made without any hassle. It can be performed. In the present invention, since identity verification is finally performed using the body identification information, it is possible to make a payment with high security.

  Next, embodiments of the present invention will be described in detail with reference to the drawings as appropriate. In the drawings to be referred to, FIG. 1 is a schematic diagram showing an outline of a payment system according to the present embodiment, and FIG. 2 is a block diagram showing details of the payment system. In the present embodiment, a mobile phone, an example of a settlement company, a credit company, and a server as an example of a settlement company side terminal are adopted as an example of a portable terminal and a shop side terminal. The mobile phone and the server appropriately include known devices such as a CPU, a memory, a hard disk, a keyboard, a mouse, and a screen.

  As shown in FIG. 1, the payment system S includes a user mobile phone 1 used by a user, a store mobile phone 2 used by a store clerk, and a credit company side server 3 used by a credit company. It is configured. Each of the mobile phones 1 and 2 can communicate with the credit company side server 3 via the predetermined mobile networks N1 and N2 and the Internet N3, and at the predetermined download center D1 via the predetermined mobile networks N1 and N2. , D2 can be communicated.

  The user's mobile phone 1 is a mobile phone with a screen 1a, and a camera 1b (see the schematic diagram of FIG. 2) is provided on the opposite side of the screen 1a. Further, as shown in FIG. 2, the user mobile phone 1 includes a user-side receiving unit 11, a user-side storage unit 12, a display unit 13, and a user-side transmitting unit 14.

  The user side receiving means 11 mainly has a function of receiving the protection information A11 and QR code image information (user identification information) QI transmitted from the credit company side server 3, and the received protection information A11 and QR code image information QI are output to the user-side storage means 12. Here, the guard information A11 and the QR code image information QI are information generated by the credit company side server 3, and the detailed structure thereof will be described in detail later. The user-side receiving means 11 receives a function of downloading a predetermined application from the download center D1 (stored in the user-side storage means 12) or information on the application opened on the download center D1, It has a function of outputting the information to the display means 13. Here, this application mainly displays an image that allows the user to input predetermined registration information (for example, information such as name, date of birth, email address, address, occupation, account number) RD on the screen 1a. In addition to having a function to provide, when the user appropriately inputs or selects a button with respect to the command displayed on the image, the registration information RD and the like are appropriately transmitted via the user side transmitting means 14 to the credit company side server. 3 is transmitted. In the present embodiment, a mode in which information on a predetermined application is displayed on the screen 1a by accessing the download center D1 at any time without downloading the predetermined application to the user mobile phone 1 is applied.

  The user-side storage means 12 stores the guard information A11 and the QR code image information QI output from the user-side receiving means 11, and the stored information A11, QI is the user-side transmission means. 14 and the QR code image information QI is appropriately taken out by the display means 13. Further, when the information A11 and QI are already stored in the user-side storage means 12, when new protection information A11 and QR code image information QI are output from the user-side receiving means 11, Each stored information A11, QI is updated to new information A11, QI.

  The display unit 13 has a function of displaying the QR code image information QI stored in the user-side storage unit 12 on the screen 1a as a QR code (two-dimensional code), and information on the application from the download center D1. When it is received by the user side receiving means 11, it has a function of displaying the information on the screen 1a.

  The user side transmission means 14 transmits the information A11, QI stored in the user side storage means 12 to the credit company side server 3 before displaying the QR code on the screen 1a by the display means 13. have. Specifically, when making a payment using the mobile phone 1 for a user, the user-side transmission unit 14 selects each information A11 by selecting a predetermined button displayed on the screen 1a by the application. , QI is transmitted to the credit company side server 3. Moreover, the user side transmission means 14 also has a function which transmits the user's face photograph data FP imaged with the camera 1b to the credit company side server 3 as an example of body identification information.

  The store mobile phone 2 includes a screen 2a and a camera 2b which is an example of a reading unit, and includes a store side receiving unit 21, a store side storage unit 22, a store side display unit 23, and a store side transmitting unit 24. ing.

  The store-side receiving means 21 mainly has a function of receiving the store-side guard information A21 that is an example of the result information R, the face photo data FP, and the store-side identification information transmitted from the credit company-side server 3. The received information R, FP, A21 is output to the store-side storage means 22. Here, the result information R and the store-side guard information A21 are information generated by the credit company-side server 3, and the detailed structure thereof will be described in detail later. Further, the store-side receiving means 21 receives a function of downloading a predetermined application from the download center D2 (stored in the store-side storage means 22) or information on the application opened on the download center D2, and receives the information. Is output to the store-side display means 23. In the present embodiment, a mode in which information of a predetermined application is displayed on the screen 2a by accessing the download center D2 at any time without downloading the predetermined application to the store mobile phone 2 is applied. Here, this application has substantially the same function as the above-described application. By this, the store clerk appropriately operates the store mobile phone 2 in accordance with the instructions displayed on the screen 2a, so that a predetermined store is stored. The side registration information SRD and the like are transmitted to the credit company side server 3 via the store side transmission means 24. Examples of the store-side registration information SRD include a store name, a phone number of the store mobile phone 2, an address, and a registrant name.

  The store-side storage means 22 stores the result information R, face photo data FP, and store-side guard information A21 output from the store-side receiving means 21, and stores the stored information R, FP, A21. Among them, the result information R and the face photograph data FP are appropriately extracted by the store-side display means 23, and the store-side guard information A21 is appropriately extracted by the store-side transmission means 24. When the store side storage means 22 already stores the result information R, the face photo data FP, and the store side guard information A21, the store side receiving means 21 sends new result information R, face photo data FP and When the store-side guard information A21 is output, the stored information R, FP, A21 is updated to new information R, FP, A21.

  The store-side display means 23 displays the result information R and the face photo data FP stored in the store-side storage means 22 on the screen 2a, thereby causing the store clerk to notify the result information R and the face photo data FP. have. Here, the store side display means 23 and the screen 2a correspond to an example of an informing means. Further, the store-side display means 23 has a function of displaying the information on the screen 2a when the information on the application is received from the download center D2 by the store-side receiving means 21.

  The store-side transmission means 24 stores the QR code information QD obtained by reading the QR code displayed on the screen 1a of the user mobile phone 1 by the camera 2b, and the store-side stored in the store-side storage means 22. It has a function of transmitting the guard information A21 to the credit company server 3 as examination information ED. The store-side transmission means 24 also has a function of transmitting store photo data SP captured by the camera 2b to the credit company-side server 3.

  The credit company side server 3 includes a company side receiving means 31, a company side storing means 32, a shuffle means 33, a dividing means 34, a restoring means 35, a comparing means 36, and a company side transmitting means 37. .

  The company-side receiving means 31 receives the registration information RD, face photo data FP, protection information A11, and QR code image information QI transmitted from the user mobile phone 1 as appropriate, and also transmits from the store mobile phone 2 as appropriate. The store side registration information SRD, the store photo data SP, and the examination information ED are received. When receiving the registration information RD, the face photo data FP, the store side registration information SRD, and the store photo data SP, the company side receiving means 31 stores the information RD, FP, SRD, SP on the company side. When the protection information A11 and the examination information ED are received and output to the means 32, the information A11 and ED are output to the restoration means 35.

  The company-side storage unit 32 stores registration information RD, face photo data FP, store-side registration information SRD, and store photo data SP output from the company-side receiving unit 31, and each stored information RD. , FP, SRD, SP are appropriately taken out by a predetermined examination system (not shown). Here, the examination system examines whether the user is a multiple debtor or the account number actually exists based on the registration information RD. If the examination result by this examination system is not NG, the credit company side server 3 determines a plurality of predetermined IDs and appropriately combines them with a part of the registration information RD and the first basic information and the second information. The basic information is stored in the company-side storage means 32, and information obtained by adding predetermined data to the face photograph data FP is stored in the company-side storage means 32 as authentication information. Further, when the examination result is not NG, the credit company side server 3 determines a plurality of predetermined IDs, and QR code information (user identification information) QD used for user identification based on these IDs. Is stored in the company-side storage means 32. Similarly, the store side information is also screened by a predetermined screening system, and a predetermined plurality of IDs and a part of the store side registration information SRD are stored in the company side storage means 32 as first basic information and second basic information. Information stored and added with predetermined data to the store photo data SP is stored in the company-side storage means 32 as authentication information. Then, the user-side original data OD1 or the store-side original data (store identification information) OD2 is constructed from the first basic information, the second basic information, and the authentication information. The company-side storage unit 32 also stores incarnation information A12 and A22, which will be described in detail later.

  Details of the first basic information, the second basic information, and the authentication information will be described below with reference to FIGS. In the drawings to be referred to, FIG. 3 is a table showing the first basic information, the second basic information and the authentication information of the user side original data, and FIG. 4 is the first basic information, the second basic information and the authentication information of the store side original data. It is a table | surface which shows authentication information.

  First, the first basic information, the second basic information, and the authentication information of the user side original data OD1 will be described.

  As shown in FIG. 3, the first basic information includes UU-ID (Universal Unique ID), Correl-ID1 (transaction ID), Correl-ID2 (old transaction ID), Subscriber-ID (subscriber ID), AM -It is composed of VERSION (version NO) and RESERVED (reserved area). Here, the UU-ID is a CenterID for identifying the credit company (settlement center), a ServerID for identifying the credit company side server 3, and the date and time generated by the UU-ID in millions. Time Stamp (time stamp) indicating up to 1 second unit. Correl-ID1 or Correl-ID2 includes a TranID (TRAN type identifier) that indicates the company type of the mobile phone, and a TimeStamp that indicates the date and time when the Correl-ID1 or Correl-ID2 is generated, in units of 1 / million second (Time stamp) and CorrelNO (TRAN-NO) indicating the number of shuffle conversion table processings performed by the shuffle means 33. In addition, TimeStamp and CorrelNO of Correl-ID1 indicate the processing time and the number of processing cases in the latest processing performed after Correl-ID2. Therefore, each time the conversion table is processed, a new Correl-ID1 is generated, and the old Correl-ID1 is used as it is as the Correl-ID2.

  SubscriberID is an ID for solid authentication of each mobile phone company (carrier). AM-VERSION sets the VERSION of the application program downloaded from the download centers D1 and D2, and RESERVED is a spare area for future use.

  The second basic information includes the same UU-ID, Correl-ID1, Correl-ID2, Subscriber-ID, RESERVED, mobile number, PAN (member number; card number), JIS-1 ( Card stripe information).

  The authentication information includes TOTAL-LEN (data length), CERT-TYPE, IMG-TYPE, SPLIT-NO, LENGTH, and CERT-DATA. Here, TOTAL-LEN is information indicating the data length of the entire authentication information, and CERT-TYPE is information indicating an authentication type (photograph in the present embodiment) such as a photo or a fingerprint. Also, IMG-TYPE is information indicating the type of image format such as PNG or BMP, and SPLIT-NO is information for determining a data division position. Further, LENGTH is information indicating the data length of CERT-DATA (information for enabling mounting of a plurality of CERT-DATA). CERT-DATA is authentication data such as photo data and fingerprint data (this embodiment). Then, it is information indicating face photograph data FP).

  Next, the first basic information, the second basic information, and the authentication information of the store side original data OD2 will be described.

  As shown in FIG. 4, the structures of the first basic information and the authentication information are substantially the same as the first basic information and the authentication information of the user side original data OD1. Further, the second basic information is the same as the second basic information in that it has UU-ID, Correl-ID1, Correl-ID2, Subscriber-ID, mobile number, and RESERVED compared to the second basic information of the user-side original data OD1. However, it differs in having GPS information, a member store name, and a registrant name.

  Returning to FIG. 2, the description of the configuration of the credit company side server 3 will be continued.

  When the predetermined signal is received, the shuffle means 33 receives the first basic information from the user side original data OD1 (or the store side original data OD2) stored in the company side storage means 32 as shown in FIG. And the data array of the second basic information are shuffled by a known XOR scrambling method. Further, the shuffling means 33 has a function of shuffling the data array of the second basic information and the authentication information shuffled by the XOR method while using a different conversion table every predetermined time and appropriately mixing dummy data. Yes. Note that the shuffle means 33 converts the current data OD1, OD2 and each Correl-ID1 in the QR code information QD stored in the company-side storage means 32 before the shuffle process is performed. It will be updated according to the number of shuffles). Further, the shuffling process by the shuffle means 33 is performed when the original data OD1 and OD2 are first generated or when the original data OD1 and OD2 once shuffled and divided as described later are restored normally. May be performed based on a conversion table according to the above.

  Hereinafter, a shuffle method using a predetermined conversion table will be described with reference to FIG. In the drawings to be referred to, FIG. 6 is an explanatory diagram for explaining a shuffle method using a conversion table according to the present embodiment.

  As shown in FIG. 6, for example, different conversion tables are prepared every hour (24 in total).

  In each conversion table, a program for shuffling information before conversion by a predetermined bit length and mixing dummy data at a predetermined position of the information after conversion is set. The program is composed of a plurality of blocks as shown in the figure, and a plurality of pieces of conversion information including a reading pattern P, an effective bit length L, and a magic formation width W are set in each block. . Here, the read pattern P is the order in which the magic circle is read in the present embodiment. For example, in type 1 as one pattern of the read pattern P shown in the figure, from the top of the first line on the left side of the magic circle. Each element is read downward, and when the bottom row is read, the adjacent right side rows are read sequentially from top to bottom. Here, the magic team is a table in which a numerical value is added to a square divided into equal parts vertically and horizontally, and values obtained by adding numerical values that are vertically and horizontally slant become the same value. In the present embodiment, a table of 7 rows and 7 columns is adopted as the magic circle, but any number of magic rows and columns may be used as long as it is an odd number. Moreover, as a pattern to read, the pattern which reads a magic circle from the bottom to the top, the pattern which reads in a spiral form, etc. can be set suitably.

  The effective bit length L is set to determine how much bit length of the pre-conversion information should be shuffled and to determine how much dummy data to insert. It is. The effective bit length L is also used as an index for selecting whether to insert shuffle or dummy data. Specifically, in this embodiment, when the effective bit length L is smaller than the square of the width W (number of rows or columns) of the magic circle, shuffle is performed, and when it is larger, dummy data is inserted. A program is organized. Based on the effective bit length L, each element to be referred to in the magic circle is determined. Specifically, when the effective bit length L is 40, 1 to 40 set in each square of the magic circle shown in the figure are referenceable elements, and the other elements 41 to 49 are skipped. It is like that.

  Next, processing when the read pattern P1, effective bit length L1, and magic band width W1 set in the first block of the program are “1, 40, 7”, respectively, will be described.

  In this case, since the effective bit length L1 is smaller than the square of the magic width W1, data shuffling is selected as the process. Since the read pattern P1 is “1”, the type 1 shown in the figure is selected as the read pattern P. Furthermore, since the effective bit length L1 is “40”, elements 1 to 40 of the magic formation are selected as reference elements. That is, when this magic circle is read with a type 1 reading pattern, each element is referred to while skipping elements 41 to 49 in the order of 30, 38, 5, 13,. The Thus, the first bit of the data from the beginning of the information before conversion to the bit length of 40 minutes is the 30th bit (the upper left element of the magic circle), the second bit is the 38th bit, the third bit is Shuffle is performed by sequentially moving to the fifth bit and so on.

  Next, processing when the read pattern P2, effective bit length L2, and magic band width W2 set in the second block of the program are “2, 40, 5”, respectively, will be described.

  In this case, since the effective bit length L2 is larger than the square of the magic width W2, dummy data insertion is selected as the process. Since the effective bit length L2 is “40”, dummy data having a bit length of 40 is inserted. Note that the reading pattern P2 at this time is irrelevant to the processing, and may be set to any pattern.

  By repeating the above processing, the data array of the second basic information and the authentication information is shuffled by the effective bit length.

  Returning to FIG. 2, the description of the configuration of the credit company side server 3 will be continued.

  As shown in FIG. 2, the dividing unit 34 has a function of dividing the original data OD1 (OD2) rearranged by the shuffle unit 33 into two pieces of information, that is, protection information A11 (A21) and incarnation information A12 (A22). Have. Specifically, as shown in FIG. 5, the dividing unit 34 divides a part of the shuffled second basic information and authentication information (for example, cuts out 128 bytes), and divides the first basic information into the divided information. Is added to generate protection information A11 (A21) with a small amount of data, and the remainder of the original data OD1 (OD2) is generated as incarnation information A12 (A22). The dividing unit 34 also has a function of adding QR code image information QI to the guard information A11 generated from the user-side original data OD1.

  Here, the QR code image information QI is obtained by converting QR code information QD stored in the company-side storage means 32 into image data (such as PNG or GIF) by a predetermined conversion means. The QR code image information QI is composed of UU-ID and Correl-ID1, which are the same as the first basic information, and CVC1 and CVC2. Here, “CVC1, CVC2” are three-digit codes for card authentication. Further, the Correl-ID1 is updated before the shuffle process as described above. Note that the division position of the protection information A11 (A21) is preferably changed for each shuffle process for security reasons. For example, the division position is appropriately set based on the last two digits of the updated Correl-ID1. be able to.

  The dividing unit 34 outputs the protection information A11 (A21) of the divided information to the company side transmitting unit 37 and stores the incarnation information A12 (A22) in the company side storage unit 32. Note that the QR code image information QI is added to the user protection information A11 as described above. Further, when the company-side storage means 32 already has incarnation information A12 (A22), the information A12 (A22) is updated to new incarnation information A12 (A22).

  As shown in FIG. 2, upon receiving the protection information A11 (A21) output from the company-side receiving means 31, the restoration means 35 receives the first basic information in the information A11 (A21). Incarnation information A12 (A22) corresponding to one basic information is extracted from the company-side storage means 32. Then, the restoring means 35 combines the protection information A11 (A21) and the incarnation information A12 (A22), and then restores the original data OD1 (OD2) based on the conversion table of the shuffle means 33 described above. ing. Here, the first basic information is easily decoded by performing an XOR conversion. Based on the time stamp (data indicating the data generation time) of the Correl-ID 1 in the decoded first basic information, It is to be selected. The restoring means 35 outputs the QR code information QD to the comparing means 36 together with the shop-side original data OD2 when the shop-side original data OD2 is restored.

  The comparison unit 36 compares a part of the first basic information in the original data OD1 (OD2) restored by the restoration unit 35 with a part of the second basic information, and authenticates the original data OD1 (OD2). The information and the authentication information stored in the company-side storage means 32 are compared to determine whether or not they match. When it is determined that the restored user-side original data OD1 matches the information on the credit company side, the comparison unit 36 stores the user-side original data OD1 in the company-side storage unit 32. At the same time, a processing start signal is output to the shuffle means 33. If the comparison unit 36 determines that the store-side original data OD2 matches each information on the credit company side, the comparison unit 36 next outputs the QR code information QD output from the restoration unit 35 and the company-side storage. It has a function of comparing the QR code information QD stored in the means 32 and determining whether or not they match. When the comparison unit 36 determines that the QR code information QD matches, the comparison unit 36 uses the result information R indicating the match and the face photo data FP stored in the company-side storage unit 32 for store use. An instruction signal for transmitting to the mobile phone 2 is output to the company-side transmitting means 37. Further, the comparison means 36 is used when the restored user-side original data OD1 does not match the information on the credit company side, or the store-side original data OD2 does not match the information on the credit company side. If the QR code information QD does not match, the result information R indicating that they do not match is output to the company-side transmitting means 37.

  The company side transmission means 37 is based on the function of transmitting the result information R output from the comparison means 36 to each of the mobile phones 1 and 2 and the instruction signal output from the comparison means 36. The face photo data FP stored in the storage means 32 is transmitted to the store mobile phone 2. Further, the company side transmission unit 37 transmits the protection information A11 (A21) and the QR code image information QI output from the dividing unit 34 to the mobile phone 1 (2), and determines that the screening system is OK. When this is done, it has a function of transmitting a signal requesting the user's face photograph to the user's mobile phone 1.

  In addition to the above-described functions (each means), the credit company-side server 3 uses information corresponding to an invoice based on money amount information transmitted from the store mobile phone 2 as described in detail later. And the function of transmitting this information to the user mobile phone 1.

  Next, a user or store registration method and payment method with a credit company by the payment system S according to the present embodiment will be described with reference to FIGS. In the drawings to be referred to, FIG. 7 is an explanatory diagram showing a method for registering a user with a credit company, and FIG. 8 shows a process from the settlement method until the facial photo data is transmitted from the credit company server to the store mobile phone. FIG. 9 is an explanatory diagram showing steps from when face photo data is transmitted from the credit company server to the store mobile phone until payment is completed.

  First, the registration method will be described.

  As shown in FIG. 7, the user first accesses the download center D1 by appropriately operating the user mobile phone 1 to display information on a predetermined application on the screen 1a. On this screen 1a, an image prompting input of registration information RD such as name, date of birth, e-mail address, address, occupation, account information, etc. is displayed. Then, the user appropriately inputs the registration information RD into the blank portion shown in the image, and transmits the registration information RD to the credit company side server 3.

  The credit company side server 3 performs examination by a predetermined examination system based on the registration information RD, and transmits the examination result to the user mobile phone 1. If the result of the examination is OK, the credit company side server 3 transmits a request signal α for requesting the user's face photograph to the user's mobile phone 1 together with the result of examination. After taking a face picture based on the request signal α, the person transmits the face picture data FP to the credit company side server 3. Then, the credit company side server 3 generates the user side original data OD1 based on the registration information RD, the face photo data FP, etc., and stores it in the company side storage means 32. Further, the credit company side server 3 generates the guard information A11 and the incarnation information A12 based on the user side original data OD1, and uses the information obtained by adding the QR code image information QI to the guard information A11. And incarnation information A12 is stored in the company-side storage means 32. Thus, registration of the user with the credit company is completed.

  The store registration method with the credit company is the same as the user registration method described above, except that the QR code image information QI is not added to the store-side guard information A21 transmitted to the store side.

  Next, a settlement method will be described.

  When the user goes to the store for shopping, as shown in FIG. 8, the user first accesses the download center D1 by appropriately operating the user's mobile phone 1 to obtain a predetermined application. Is displayed on the screen 1a. On this screen 1a, buttons for processing that the user wants to perform such as payment, cashing, repayment, etc. are displayed, and when making a payment, the user presses the payment button of each button. By selecting, the Subscriber-ID that is the ID unique to the mobile company, the protection information A11 and the QR code image information QI are transmitted from the user mobile phone 1 to the credit company side server 3.

  The credit company side server 3 extracts the incarnation information A12 corresponding to the protection information A11 from the company side storage means 32 based on the decryption result of the first basic information of the Subscriber-ID and the protection information A11. Further, the credit company side server 3 restores the user side original data OD1 based on the predetermined conversion table from the protection information A11 and the incarnation information A12, and a part of the first basic information and the second basic information. A part of the information is compared, and the authentication information is compared with the authentication information stored in the company storage means 32. If the information matches, the credit company side server 3 re-shuffles / re-divides the restored user-side original data OD1 based on the conversion table according to the time at that time, and newly generates it. Information obtained by adding QR code image information QI to the protected information A11 is transmitted to the user mobile phone 1 and the newly generated incarnation information A12 is overwritten on the company-side storage means 32. Here, each Correl-ID1 in the guard information A11, the incarnation information A12, and the QR code image information QI is updated with a new shuffle process. In addition, the credit company side server 3 is configured to transmit the result information R as a comparison result to the user's mobile phone 1 regardless of whether or not each information matches. Only the result information R is transmitted.

  In the user's mobile phone 1, when the received result information R is information indicating that they do not match, error information indicating that is displayed on the screen 1a and information indicating that they match. If so, the following processing is executed. That is, when the user's mobile phone 1 receives the protection information A11 and the QR code image information QI together with the result information R indicating that they match, the information A11 and QI are updated and the screen 1a is updated. The QR code based on the updated QR code image information QI is displayed. Then, the user presents the user's mobile phone 1 with the QR code displayed on the screen 1 a to the store clerk, and the store clerk reads the QR code by the camera 2 b of the store mobile phone 2. Thereafter, when the store clerk appropriately operates the store mobile phone 2, the read QR code image information QI is converted into QR code information QD in the store mobile phone 2, and the QR code information QD and the store side guard Information A21 is transmitted to the credit company side server 3.

  In the credit company side server 3, the QR code information QD transmitted from the store mobile phone 2 is compared with the QR code information QD stored in the company side storage means 32, and in the same manner as described above. After the store-side original data OD2 is restored based on the side guard information A21 and the store-side incarnation information A22, each information is compared. When the QR code information QD and each information match, the credit company side server 3 reshuffles / redivides the store side original data OD2 restored in the same manner as described above, and also creates a new store side guardian. Information A21, store-side incarnation information A22, and result information R are appropriately transmitted to the store mobile phone 2 and the company-side storage means 32. Further, if the result information R indicates that the result information R matches, the credit company side server 3 also transmits the user face photo data FP stored in the company side storage means 32 to the store mobile phone 2. To do. The credit company side server 3 is configured to transmit the result information R, which is the comparison result, to the store mobile phone 2 regardless of whether or not each information matches in the same manner as described above. If they do not match, only the result information R is transmitted.

  In the store mobile phone 2, when the received result information R is information indicating that they do not match, error information indicating that is displayed on the screen 2 a and is information indicating that they match. In some cases, the following processing is executed. In other words, as shown in FIG. 9, when the store mobile phone 2 receives the store protection information A21 and the face photo data FP together with the result information R indicating that they match, the store protection information A21 is updated. At the same time, the face photo data FP is displayed on the screen 2a. Thereby, the store clerk performs identity verification by comparing the face photograph on the screen 2a with the face of the user in front of the eyes.

  When the face photo matches the user's face, the store clerk inputs the amount of the product that the user wants to buy into the store mobile phone 2 and transmits it to the credit company server 3. The credit company server 3 transmits information DD corresponding to a bill to the user to the user mobile phone 1 based on the amount information MD transmitted from the store mobile phone 2. When the user confirms the contents of the invoice displayed on the screen 1a of the user mobile phone 1 and selects a predetermined confirmation button, the confirmation information CD is transmitted to the credit company side server 3. Settlement is completed.

  According to the above, the following effects can be obtained in the present embodiment.

  Since the user can display the QR code on the mobile phone 1 for the user, the store clerk reads it with the mobile phone 2 for the store, transmits it to the credit company server 3 and waits for the result. You can make payments without any hassle. Further, in the present embodiment, since identity verification is finally performed with a face photograph, it is possible to make a payment with high security.

  Since the protection information A11, A21 is generated by shuffling and dividing the original data OD1, OD2 as appropriate, the protection information A11, A21 alone has no utility value. Therefore, for example, even if a third party acquires the protection information A11, A21 by some method, the user information is not leaked, and the security can be further improved.

  Further, since the protection information A11 and the incarnation information A12 are updated every time the user makes a purchase with the user mobile phone 1, the protection information A11 is in the middle of communication between the credit company server 3 and the user mobile phone 1. Even if the user is stolen, after the user has made a purchase with the user's mobile phone 1 after a predetermined time, the use value of the protection information A11 stolen in the past is lost. Therefore, security can be further enhanced.

  When the registration by the mobile phone 1 is completed, the mobile phone 1 can only be used as a temporary card, and sending a formal document with a registered seal such as a bank account sent at a later date is the same as before. Although the credit company does not need to issue the card even after the registration is completed, the mobile phone 1 can be used as the card as it is. That is, since the mobile phone 1 can be used consistently as a temporary card and a real card, the cost required for card manufacture can be reduced.

  By using the mobile phone 2 as the terminal on the store side, as long as the user calls the store clerk to the location of the product, payment can be made on the spot, so useless labor such as moving from the location of the product to the cash register Can be reduced.

  The present invention is not limited to the above embodiments, and can be used in various forms as exemplified below.

  In the embodiment, the mobile phone 1 with the camera 1b is adopted as the mobile terminal. However, the present invention is not limited to this, and may be, for example, a mobile phone without a camera or a portable computer. In the embodiment, the mobile phone 2 with the camera 2b is used as the store side terminal. However, the present invention is not limited to this, and for example, a POS system equipped with a barcode reader or a personal computer may be used. . In addition, when the mobile terminal or the store side terminal is a camera-less terminal, the registration of the user or the store (registration information, face photo data, store photo data, etc.) to the payment company side terminal is A user or a store clerk may go directly to a settlement company or use a digital camera, a personal computer, or the Internet.

  In the above embodiment, the face photograph data FP is adopted as the body identification information. However, the present invention is not limited to this, and may be, for example, fingerprint data or retinal data.

  In the above embodiment, the QR code is used as the two-dimensional code. However, the present invention is not limited to this, and may be, for example, PDF417, maxi code, Veri code, or the like.

  In the above embodiment, the QR code image information QI is stored in the user-side storage unit 12. However, the present invention is not limited to this, and the QR code image information QI is not stored in the user-side storage unit 12. In addition, the image may be directly transferred to the display means 13 for display.

  In the embodiment, the conversion table is constructed based on the magic circle, but the present invention is not limited to this, and may be constructed based on a random number table or the like.

  In the embodiment, a card image may be transmitted from the credit company server 3 to the user mobile phone 1 and displayed on the screen 1 a of the user mobile phone 1. This makes it easier for the user to imagine that the temporary card or the real card has been issued. In this case, it is desirable to embed predetermined information in the card image data by a known steganography technique. According to this, when the card is updated, the information embedded in the card image data can be confirmed by the payment company terminal, and even if the card image is stolen during communication, it is impossible to decrypt the personal information. Can be prevented from leaking.

  As information transmitted from the store mobile phone 2 to the credit company server 3, for example, GPS information indicating the current position of the store mobile phone 2 may be adopted. According to this, for example, it becomes possible to stop the settlement by the store mobile phone 2 outside the store by the credit company side server 3.

  In the above embodiment, the QR code image information QI is converted into the QR code information QD by the store mobile phone 2, but the present invention is not limited to this, and the image is taken by the camera 2b of the store mobile phone 2. The image data (QR code image information QI) may be transmitted as it is to the credit company server 3 and converted by the credit company server 3.

It is a schematic diagram which shows the outline | summary of the payment system which concerns on this embodiment. It is a block diagram which shows the detail of a payment system. It is a table | surface which shows the 1st basic information, 2nd basic information, and authentication information of user side original data. It is a table | surface which shows the 1st basic information, 2nd basic information, and authentication information of shop side original data. It is explanatory drawing which shows the structure of an original data, the shuffle method, and the division | segmentation method. It is explanatory drawing for demonstrating the shuffle method using the conversion table which concerns on this embodiment. It is explanatory drawing which shows the registration method of the user to a credit company. It is explanatory drawing which shows the process until face photo data is transmitted to the mobile telephone for shops from the credit company side server among payment methods. It is explanatory drawing which shows the process after payment of face photo data is transmitted from the credit company side server to the store mobile phone.

Explanation of symbols

1 User mobile phone (mobile terminal)
1a Screen 1b Camera 2 Store mobile phone (store side terminal)
2a screen (notification means)
2b Camera (reading means)
3 Credit company server (Payment company terminal)
DESCRIPTION OF SYMBOLS 11 User side receiving means 12 User side memory | storage means 13 Display means 14 User side transmission means 21 Store side receiving means 22 Store side storage means 23 Store side display means 24 Store side transmission means 31 Company side receiving means 32 Company side memory Means 33 Shuffle means 34 Division means 35 Restoration means 36 Comparison means 37 Company side transmission means A11 Protection information A12 Incarnation information A21 Shop side protection information (store identification information)
A22 Store side incarnation information ED Examination information FP Face photo data (body identification information)
N1 Mobile network N3 Internet OD1 User side original data OD2 Store side original data QD QR code information QI QR code image information R Result information RD Registration information S Settlement system SP Store photo data SRD Store side registration information

Claims (5)

A payment system comprising a mobile terminal with a screen used by a user, a store side terminal used by a store clerk, and a payment company side terminal used by a payment company,
The portable terminal is
Display means for displaying user identification information used for identification of the user on the screen of the portable terminal as a two-dimensional code;
The store side terminal
Reading means for reading the two-dimensional code displayed on the screen of the portable terminal;
Store-side storage means for storing store identification information for identifying a store;
Store-side transmission means for transmitting examination information obtained by adding the store identification information to the information of the two-dimensional code read by the reading means, to the payment company terminal;
Store-side receiving means for receiving result information and body identification information transmitted from the payment company side terminal;
Informing means for informing the store clerk of the result information and body identification information,
The payment company side terminal is
Payment company side storage means storing the user identification information, the store identification information, and the body identification information depending on the user's body;
A settlement company side receiving means for receiving the examination information transmitted from the store side terminal;
The examination information received by the settlement company side receiving means is compared with the user identification information and the store identification information stored in the settlement company side storage means to determine whether or not they match. A comparison means;
When the comparison result by the comparison means is transmitted to the shop side terminal as result information and the result information is coincident, the physical identification information is also added to the shop side terminal together with the result information. A settlement company-side transmission means for transmitting to the settlement system. The payment company side terminal is
Shuffle means for rearranging the data array of the body identification information;
Dividing means for dividing the body identification information rearranged by the shuffle means into two pieces of information, guardian information and incarnation information;
With a restoration means for restoring the body identification information from the guardian information and the incarnation information,
The incarnation information is stored in the settlement company storage means,
The settlement company side transmission means has a function of transmitting the protection information to the portable terminal when the division by the dividing means is completed, and the protection information transmitted from the portable terminal and the settlement company side storage means. The function of transmitting the user identification information to the portable terminal when the restoration by the restoration means based on the stored incarnation information is successful, and the body identification information restored by the restoration means together with the result information It is configured to have a function to transmit to the store side terminal,
The portable terminal is
User-side receiving means for receiving the protection information and the user identification information transmitted from the settlement company side terminal;
User-side storage means for storing the guard information;
Before displaying the two-dimensional code on the screen by the display means, comprising user side transmission means for transmitting the protection information stored in the user side storage means to the settlement company side terminal,
The payment system according to claim 1, wherein the display means is configured to display the user identification information received by the user side receiving means as two-dimensional data.   3. The settlement system according to claim 2, wherein the shuffle means inserts dummy data when the data array is rearranged. The shuffle means has a function of operating using a different table every predetermined time, and each time the body identification information is restored by the restoration means, the restored body identification information according to the time at that time Rearrange the data array using the table,
The dividing unit transmits new incarnation information obtained by dividing the rearranged data to the settlement company-side storage unit to update the incarnation information, and transmits new protection information to the settlement company side. The payment system according to claim 2 or 3, wherein the payment information is transmitted to the portable terminal via the means to update the protection information. The payment system according to claim 4, wherein the table is constructed based on a random number table or a magic circle.

Images