JP2008217836A - Value information control system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a value information control system which can securely exchange mass data in a short time or can exchange value information stored in a server between two terminals. <P>SOLUTION: The terminal 100A reads ID stringing desired data, from the terminal 100B, transmits the ID to a data control server 300, and also, transmits ID stringing its own data to the data control server 300. The data control server 300 causes data held by a user of the terminal 100A to move as data held by a user of the terminal 100B within data base, and informs the terminal 100A and the terminal B through the terminal A that the movement is completed. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an IC module having a memory function for holding data and a value information management system for accessing the module, and in particular, a value information management system for securely exchanging value information stored in a server between two terminals. About.

  Conventionally, various devices using a personal identification number and password for identity verification and authentication processing have been devised and put into practical use. For example, when using a cash card or credit card at a bank or other financial institution, the user must enter a PIN or password as a means of personal authentication on the cash dispenser or other financial terminal. After confirming that the correct password and password have been entered by the user, the deposit / withdrawal operation is performed.

  In a storage medium such as a magnetic stripe arranged on one cash card, only a storage area usable only for the bank is provided. Therefore, since the input of a password or password as described above is only an access to this single storage area, it cannot be said that protection against forgery or theft is sufficient.

  For this reason, from the standpoint of counterfeiting, contact IC cards with electrical contacts to cash cards, credit cards, etc., non-contact IC cards that read and write data without contact via wireless data, etc. Modules in which the IC functions are mounted (hereinafter also referred to as “IC modules”) are often used. For example, an IC card reader / writer installed at a cash dispenser, an entrance / exit of a concert hall, a ticket gate of a station, etc. can access the IC card held by the user in a non-contact manner.

  The user inputs the password to the IC card reader and verifies the identity between the IC card and the IC card reader / writer by comparing the input password with the password stored on the IC card. Alternatively, authentication processing is performed. When the identity verification or authentication process is successful, for example, an application stored in the IC card can be used. Here, examples of applications held by the IC card include value information such as electronic money and electronic tickets. (The personal identification number used when accessing the IC card is particularly called PIN (Personal Identification Number).)

  FIG. 7 schematically shows a system configuration example (prior art) using an IC module. As shown in the figure, this system includes an IC module that is carried by a user and holds predetermined data in a secure state, and a reader / writer that accesses the memory space of the IC module and performs data read / write operations. Composed.

  The IC module is packaged in, for example, a card type, a card encryption control unit that performs communication control between the data storage unit, the reader / writer, and encryption of communication data between the reader / writer. A control unit is provided.

  The reader / writer also includes a reader / writer communication control unit that performs a communication operation with the IC module and a reader / writer encryption control unit that performs encryption control of communication data with the IC module.

  For example, non-contact connection based on the principle of electromagnetic induction is performed between the communication control units of the IC module and the reader / writer.

  A command is issued from the reader / writer communication control unit, and the IC module side receives it by the card communication control unit, and performs processing such as decryption of the cipher by the card encryption processing unit, which is stored in the data storage unit at that time. To access the data. Further, the IC module generates a response by the card encryption processing unit and returns it to the reader / writer. The transaction is completed by continuously executing such a sequence.

  Recently, along with improvements in miniaturization technology, IC modules having relatively large capacity data storage units have emerged and become popular. Since a conventional cash card or the like only carries a single storage area, that is, a single application, it is necessary to carry a plurality of IC cards according to each use or purpose. On the other hand, according to such an IC module with a large-capacity memory, a plurality of applications can be stored simultaneously, so that one IC card can be used for a plurality of purposes. For example, two or more applications such as electronic money for electronic payment, a boarding ticket, and an electronic ticket for entering a specific concert venue are stored on one IC card and one IC card is stored. The card can be applied to various uses.

  By the way, when one terminal is equipped with the functions of an IC module and a reader / writer at the same time, the terminal can have both transmission and reception functions. In such a case, when data is to be exchanged securely between two terminals or between other types of terminals, a secure large-capacity data storage unit is held in each terminal, and the data is exchanged between the terminals. There is a need. In this case, the following problems occur. That is,

When attempting to connect by 1 wireless communication, it is necessary to connect for a long time if the data capacity is large relative to the wireless communication speed.

2 It is necessary to store a large amount of secure memory in the terminal, which increases the cost.

  For example, when a sender's terminal transmits predetermined information to a server that manages electronic money, the electronic money corresponding to the amount is transferred from the sender to the recipient in the server, and is completed on the sender and recipient's terminals. A system for sending notifications has been proposed (see, for example, Patent Document 1). According to the system, when electronic money is issued to a user's electronic wallet, the electronic money account of the user is opened on the server of the electronic wallet management company, and the electronic money amount requested by the user is stored in the account. Is issued. However, if the mobile communication terminal stores the authentication number transferred from the server of the electronic wallet management company when opening the electronic money account, the authentication number to be stored according to the number of electronic money used in the terminal As the amount of information increases, the problem of limited memory capacity emerges. Of course, it is not always necessary to store the authentication number received by the mobile communication terminal, but it is thought that it is troublesome because a means for managing the authentication number is necessary so that it can be reused. In addition, in this system, when it is desired to move electronic money used at a terminal of a user to another terminal, if different types of electronic money are used on the terminal serving as a mobile base, the electronic money differs for each electronic money. It is necessary to perform the same procedure for the server of the electronic wallet management company, and data such as electronic money cannot be transferred between terminals in a short time. Further, the user of the system needs to perform operations such as inputting the terminal call number and password, checking the remaining amount, and inputting the transfer destination terminal call number and transfer amount on the homepage of the electronic wallet management company. That is, when transferring electronic money of a plurality of electronic wallet management companies between terminals, it is necessary to perform the same operation for each electronic wallet management company, and thus data movement between terminals cannot be performed in a short time.

International Publication No. 01/48673 (Special Table No. 2003-518697)

  An object of the present invention is to provide an excellent value information management system capable of securely exchanging value information stored in a server between two terminals.

  A further object of the present invention is to provide an excellent value information management system capable of securely exchanging a large amount of data between two terminals in a short time.

  A further object of the present invention is to provide an excellent value information management system that can be securely exchanged between two terminals without holding a large-capacity secure memory.

The present invention has been made in view of the above problems, and is provided with first and second modes equipped with an IC module mode for securely storing data and a reader / writer mode for securely accessing other IC modules, respectively. A data management system for managing data associated with an IC module between the terminals of
The data used on the IC module of each terminal is associated with unique identification data, and the identification data associated with the data on each IC module is managed on a database,
When moving data from the first terminal to the second terminal,
Obtaining first identification data (ID1) of data to be moved from the first terminal;
Obtaining second identification data (ID2) for linking movement target data from the second terminal;
On the database, the data associated with ID1 is moved to ID2.
This is a data management system characterized by that.

  However, the identification data referred to here means information for specifying an individual, and may be ID that is several bytes of data assigned to the person, or may be biometric information such as a fingerprint that only the person has. The “system” here refers to a logical collection of a plurality of devices (or function modules that realize a specific function), and each device or function module is in a single casing. It does not matter whether or not.

  Here, when moving data from the first terminal to the second terminal, the first terminal operates in a reader / writer mode, and the second terminal operates in an IC module mode. The reader / writer function of the first terminal is used to read ID2 associated with the movement target data from the second terminal.

  In addition, after the data movement on the database is completed, the first terminal is notified that the data movement is completed, and the data movement is completed to the second terminal via the first terminal. It comes to notify the effect.

  Therefore, according to the data management system of the present invention, it is possible to securely exchange between two terminals without holding a large-capacity secure memory.

  Further, the data management system according to the present invention moves data to at least one of the first terminal and the second terminal when moving data from the first terminal to the second terminal. You may make it charge the price regarding use of a service.

  In addition, when the data management system according to the present invention moves data from the first terminal to the second terminal, the electronic money data stored in the second terminal is added along with the data movement. You may make it settle the data movement transaction by electronic money by subtracting only the amount and / or adding the electronic money data stored in the first terminal.

  According to the present invention, it is possible to provide an excellent value information management system capable of securely exchanging value information stored in a server between two terminals.

  Further, according to the present invention, it is possible to provide an excellent value information management system capable of securely exchanging a large amount of data in a short time between two terminals.

  Further, according to the present invention, it is possible to provide an excellent value information management system that can be securely exchanged between two terminals without holding a large-capacity secure memory.

  Other objects, features, and advantages of the present invention will become apparent from more detailed description based on embodiments of the present invention described later and the accompanying drawings.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  The present invention secures only two IDs in two terminals, thereby exchanging data associated with IDs and stored in a server in a short time and only by bringing the terminals close to each other. It is possible.

  As an embodiment of the present invention, the terminal has a mode operating as an IC module (hereinafter referred to as “card mode”) and a mode operating as a reader / writer (hereinafter referred to as “reader / writer mode”). It is equipped with a wireless communication control unit to hold.

  FIG. 1 schematically shows a configuration of a data management system according to an embodiment of the present invention. As shown in the figure, the data management system includes a terminal 100, a reader / writer 200, and a data management server 300. However, it is assumed that the terminal 100 is operating in the card mode.

  The terminal 100 controls a wireless communication control unit 101 equipped with both an IC module and a reader / writer function, an ID storage unit 102 that stores an ID associated with data used on the terminal 100, and data encryption communication. And a server communication control unit 104 that controls a communication operation with the server 300 via the network. However, the wireless communication control unit 101 operates in the card mode.

  Further, the reader / writer 200 performs encrypted communication of data between the wireless communication control unit 201 that performs wireless communication with the terminal 100 that is operating in the card mode and the terminal 100 that is operating in the card mode. A reader / writer encryption control unit 202 for controlling is provided.

  For example, contactless connection based on the principle of electromagnetic induction is performed between the terminal 100 operating in the card mode and the reader / writer 200. The wireless communication control unit 101 on the terminal 100 side changes the load between its own antennas (not shown) according to the response signal to the interrogation signal from the reader / writer 200, and thereby the signal that appears in the receiving circuit of the reader / writer 200 Communication is performed with amplitude modulation applied to.

  The data management server 300 includes a server communication control unit 301 that controls a communication operation with the terminal 100 via a network, and an encryption control unit 302 that controls encryption communication of data between the terminal 100 operating in the card mode. And a data storage unit 303 that provides a virtual memory space for the IC module.

  A network connection based on a predetermined communication protocol such as TCP / IP is performed between the data management server 300 and the server communication control units 301 and 104 of the terminal 100, for example.

  The data management server 300 is for the purpose of virtually expanding a memory area for the terminal 100 as an IC module having hardware restrictions to hold data (value information such as electronic money and electronic tickets). It is a server machine installed on the network. The data management server 300 is not carried by the user and has no hardware restrictions such as a card shape. Therefore, the data storage unit 303 is configured using a large-capacity storage device such as a hard disk device, and operates as a virtual storage space of the terminal 100 so that the maximum memory capacity can be made virtually unlimited. .

  Each data (value information such as electronic money and electronic ticket) used in the terminal 100 operating as an IC module is associated with a unique ID. That is, this ID forms a link with the data entity stored in the data storage unit 303 on the data management server 300.

  FIG. 2 schematically shows the configuration of the data management system when the terminal 100 is operating in the reader / writer mode. As shown in the figure, this data management system includes a terminal 100, an IC card module 400, and a server reader / writer device 500.

  The terminal 100 controls a wireless communication control unit 101 equipped with both an IC module and a reader / writer function, an ID storage unit 102 that stores an ID associated with data used on the terminal 100, and data encryption communication. And a server communication control unit 104 that controls a communication operation with the server 300 via the network. However, the wireless communication control unit 101 operates in the reader / writer mode.

  The IC card module 400 includes a wireless communication control unit 401 that performs communication operations with the terminal 100 that operates as a reader / writer, a card encryption control unit 402 that performs encryption control of communication data with the terminal 100, and data storage. Part 403 is provided. Each data (value information such as electronic money and electronic ticket) used in the IC card module 400 is associated with a unique ID.

  For example, contactless connection based on the principle of electromagnetic induction is performed between the terminal 100 operating in the reader / writer mode and the IC card module 400. The wireless communication control unit 401 on the IC card module 400 side changes the load between its own antennas (not shown) according to the response signal to the interrogation signal from the terminal 100, thereby converting the signal appearing in the receiving circuit of the terminal 100. Communication is performed with amplitude modulation.

  The server reader / writer device 500 includes an encryption control unit 501 that performs an encrypted communication operation with a reader / writer, and a server communication control unit 502 that realizes data communication via a network such as TCP / IP. Yes.

  Here, consider an operation procedure for exchanging data between two terminals 100A and 100B equipped with a card mode and a reader / writer mode. In the present embodiment, data exchange is realized by using data held by the user of one terminal 100A as data held by the user of the other terminal 100B.

  FIG. 3 schematically shows the configuration of a data management system including a terminal 100A operating as a reader / writer mode and a terminal 100B operating as a card mode.

  The terminal 100A operating in the reader / writer mode can transfer the data passed by encrypted communication from the terminal 100B operating in the card mode to the data management server 300.

  When the terminal 100B is sufficiently close to the terminal 100A, the wireless communication control units 101 are activated, and wireless connection based on electromagnetic induction is possible. Then, the terminal 100A reads an ID associated with desired data from the terminal 100B, and transmits the ID to the data management server 300 via the server communication control unit 104.

  In addition, the terminal 100 </ b> A transmits an ID associated with its own data to be exchanged to the data management server 300 via the server communication control unit 104.

  The data management server 300 recognizes that data is moved from the terminal 100A to the terminal 100B, and knows where to move data from the ID of each terminal.

  Then, the data management server 300 moves the data held by the user of the terminal 100A as data held by the user of the terminal 100B within the database constructed on the data storage unit 303.

  The data management server 300 notifies the data movement source terminal 100A that the data movement has been completed.

  Further, the data management server 300 notifies the terminal 100B operating in the card mode via the terminal 100A operating in the reader / writer mode that the data movement has been completed.

  In the data movement sequence described above, of course, similar processing is performed when moving from the terminal 100B to the terminal 100A. In this case, however, the terminal 100A is in the card mode and the terminal 100B is in the reader / writer mode.

  FIG. 4 shows an operation sequence for moving data to the terminal 100A operating as the reader / writer mode and the terminal 100B operating as the card mode on the data management system according to the present embodiment.

  The data management server 300 performs polling of the terminal 100A operating as a reader / writer via the network.

  In response to this polling, the terminal 100A generates a response at the encryption control unit 103 and returns it to the data management server 300. As a result of performing the mutual authentication and response procedure one or more times, mutual authentication and encryption key sharing are realized, and secure data communication using encryption becomes possible.

  Then, the data management server 300 recognizes that the data is to be moved from the terminal 100A, issues a read (Read) request for the movement target data to the terminal 100A, and acquires the movement target data. Next, an ID1 read request (ReadID) for linking the data to be moved is issued to obtain ID1.

  Furthermore, the data management server 300 recognizes that the data to be moved is moved to the terminal 100B, and performs polling of the terminal 100B that is operating in the card mode via the terminal 100A.

  When the terminal 100B is sufficiently close to the terminal 100A, the wireless communication control units 101 are activated, and connection by electromagnetic induction becomes possible. As a result, the terminal 100A generates a response at the encryption control unit 103 and returns it to the data management server 300 via the terminal 100A.

  Thereafter, between the terminal 100B and the data management server 300, mutual authentication and response procedures are performed at least once via the terminal 100A as a reader / writer, mutual authentication and encryption key sharing are realized, and encryption is used. Secure data communication is possible.

  Then, the data management server 300 recognizes that the data is to be moved to the terminal 100B, requests the terminal 100B to read ID2 associated with the movement target data (ReadID), and obtains ID2.

  Then, the data management server 300 moves the data held by the user of the terminal 100A as data held by the user of the terminal 100B within the database constructed on the data storage unit 303. That is, data associated with ID1 is moved as data of ID2.

  Thereafter, the data management server 300 notifies the data movement source terminal 100A that the data movement has been completed.

  Further, the data management server 300 notifies the terminal 100B operating in the card mode via the terminal 100A operating in the reader / writer mode that the data movement has been completed.

  The data management server 300 can charge a secure mobile service between terminals as described above by introducing a payment system. That is, when data is transferred between two terminals, a data transfer fee is collected by a payment system connected to the data management server 300.

  FIG. 5 illustrates a mechanism for collecting a data transfer fee when data is transferred from the terminal 100A to the terminal 100B.

  The terminal 100A reads and writes data associated with ID1 such as value information by the external application server 600 during operation in the card mode. The application server 600 manages data associated with ID1 on the database.

  The application server 600 can access the terminal 100B operating in the card mode via the terminal 100A operating in the reader / writer mode.

  When the data associated with ID1 of the terminal 100A is moved to the terminal 100B, the application server 600 reads ID2 associated with the movement target data from the terminal 100B via the terminal 100A operating as a reader / writer. . Then, the data associated with ID1 on the database is moved as ID2 data.

  The application server 600 is connected to a payment system 700 that collects a price associated with data movement. The payment system 700 monitors the database, and moves data associated with ID1 as data of ID2 from one or both of the data source terminal 100A and the destination terminal 100B. And charge for the use of data movement services.

  Further, when moving data, it is also possible to perform transaction settlement using electronic money stored in each terminal. FIG. 6 schematically shows a mechanism for producing a transaction using electronic money when data is transferred from the terminal 100A to the terminal 100B. However, in the illustrated example, data held by the user of the terminal 100A is transferred to the user of the terminal 100B for a fee.

  The electronic money server 800 centrally manages electronic money data possessed by the terminals 100A and 100B.

  When the data associated with ID1 of the terminal 100A is moved to the terminal 100B, the application server 600 reads ID2 associated with the movement target data from the terminal 100B via the terminal 100A operating as a reader / writer. The data movement is completed by moving the data associated with ID1 on the database as the data of ID2.

  Next, the terminal 100B is set to the card mode, the terminal 100A is set to the reader / writer mode, and the electronic money data stored in the terminal 100B is transferred to the electronic money server 800 via the terminal 100A and the application server 600. Send to. Then, the electronic money server 800 subtracts the electronic money data stored in the terminal 100B by the amount charged for the data movement.

  Further, the electronic money server 800 performs settlement of transactions using electronic money by adding electronic money data stored in the terminal 100A, which is a data provider.

  The function of the electronic money server 800 can be implemented on the data management server 300 described above.

  Further, when electronic money can be exchanged securely between the terminal 100A and the terminal 100B, as described above, it is also possible to exchange directly between the terminals without intervention of a server.

  In the case of server-managed electronic money, it is possible to exchange electronic money data within the server by contacting the server with an ID associated with the electronic money.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiment without departing from the gist of the present invention. That is, the present invention has been disclosed in the form of exemplification, and the contents described in the present specification should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims should be taken into consideration.

It is the figure which showed typically the structure of the data management system which concerns on one Embodiment of this invention. It is the figure which showed typically the structure of the data management system in case the terminal 100 is operate | moving as reader / writer mode. It is the figure which showed typically the structure of the data management system comprised by the terminal 100A which operate | moves as reader / writer mode, and the terminal 100B which operate | moves as card mode. It is the figure which showed the operation | movement sequence for moving data to the terminal 100A which operate | moves as reader / writer mode, and the terminal 100B which operate | moves as card mode. It is the figure which showed the structure which collects a data movement price when moving data from the terminal 100A to the terminal 100B. It is the figure which showed typically the structure which produces transaction using electronic money, when moving data from the terminal 100A to the terminal 100B. It is the figure which showed typically the system configuration example (prior art) using an IC module.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Terminal 101 ... Wireless communication control part 102 ... ID storage part 103 ... Encryption control part 104 ... Server communication control part 200 ... Reader / writer 201 ... Wireless communication control part 202 ... Reader / writer encryption control part 300 ... Virtual memory module DESCRIPTION OF SYMBOLS 301 ... Server communication control part 302 ... Encryption control part 303 ... Data storage part 400 ... IC card module 401 ... Wireless communication control part 402 ... Card encryption control part 403 ... Data storage part

Claims (4)

An IC module for securely storing value information, and first and second communication terminals having unique identification information; and a storage device for storing the value information in association with unique identification information of the communication terminal. A data management system comprising:
The storage device includes communication means for communicating with the communication terminal,
The communication terminal includes communication control means for controlling non-contact proximity communication between the communication terminals,
The communication control means has a card mode that operates by electromagnetic induction and a reader / writer mode that generates electromagnetic induction,
The storage device acquires the first unique identification information and the value information from the first communication terminal through the communication means, and the first terminal that operates as the reader / writer mode. Acquiring the second unique identification information from the second communication terminal that operates as the card mode, and storing the obtained value information in association with the second unique identification information. Characteristic value information management system. The value information is information including at least information used as electronic money or an electronic ticket.
Value information management system characterized by that. The storage device operates as the reader / writer mode via the communication means when the acquired value information is stored in association with the second unique identification information. 3. The value information management system according to claim 2, wherein the second communication terminal operating as the card mode is notified through the terminal that the storage process is completed. The storage device stores the acquired value information in association with at least one of the first terminal and the second terminal when storing the value information in association with the second unique identification information. 3. The value information management system according to claim 2, wherein a charge for processing is charged.

Images