JP2009043012A - Settlement system, store apparatus, settlement institution apparatus, and settlement method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce labor and time to input a password and to prevent illegal settlement when a password is leaked out. <P>SOLUTION: The store apparatus transmits order information and customer authentication information to a settlement institution apparatus through a communication means. The settlement institution apparatus receives the customer authentication information from the store apparatus and verifies that the customer ID included in the settlement information is stored in a customer ID storage means by using an ID verification means. When the customer ID is not stored as a result of verification, the settlement institution apparatus transmits a user authentication request to a user apparatus. Then, the user apparatus receives the user authentication request and transmits the user authentication information to the settlement institution apparatus. Then the settlement institution apparatus executes user authentication by using the user authentication means for settlement. When the customer ID is stored on the other hand, the settlement institution apparatus performs settlement without the user authentication. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a settlement system, a store apparatus, a settlement institution apparatus, and a settlement method that collectively settle settlements at various stores using a network such as the Internet.

  In general, in electronic commerce, a user accesses a store server via a communication network, and transmits ordering / ordering information describing a product to be purchased, a price, and the like to the store server. When the store server receives the order information, it automatically performs a settlement process based on the order information, and notifies the store clerk of the order information. Here, the store server manages users, distributes customer IDs and passwords to verify that they are managing users, and may perform customer personal authentication using them. .

  In such electronic commerce, credit card payment is often used as a payment means. In the credit settlement, the credit card number is notified to the store server, and the store server notifies the credit card company of the credit card number and the payment amount. At this time, since the card number is notified to the store server, the credit card number may be leaked from the store to a third party. As a result, it is possible for a third party to impersonate and send the credit card number to an arbitrary store and purchase a product.

  For this reason, a card owner authentication method has been proposed as a method for preventing impersonation of a third party (see Non-Patent Document 1). Specifically, in this card owner authentication method, a password corresponding to the card number is prepared. The password is secret information that is memorized by humans and cannot be leaked to others. When the store notifies the credit card company of the card number, the credit card company requires the user to confirm the password. The user notifies the credit card company of the password, and when the password is successfully verified, settlement is performed. In such a cardholder authentication method, even if the card number leaks from the store, payment is not performed unless the password is known.

  Further, as a method for preventing impersonation by a third party, a settlement agent method is also disclosed (see Patent Document 1). Specifically, in this payment agent system, one payment institution that manages credit card numbers distributes passwords to users. The store transmits the order information transmitted by the user to the settlement organization. At that time, the settlement institution verifies whether or not it is transmitted from a store approved by the settlement institution. Then, the settlement organization asks the user to confirm the password. The user notifies the settlement organization of the password. Then, the settlement organization asks the user to confirm the password. The user notifies the settlement organization of the password. When the password is successfully verified, the settlement organization performs settlement.

Japanese Patent No. 3824500 “VISA, information for cardholders”, [online], [searched August 2, 2007], Internet <http://www.visa-asia.com/ap/jp/cardholders/security/vbv.shtml >

  By the way, in the techniques of Patent Document 1 and Non-Patent Document 1 described above, it is necessary to input a password to the settlement organization at the time of settlement. As a result, when the store server enters a password to authenticate the customer, a separate password entry will be required at the time of payment, so it takes time to enter the password and the password of the payment institution is leaked. There has been a problem that preparatory payments can be made at all the stores that are linked with the payment institutions.

  Accordingly, the present invention has been made to solve the above-described problems of the prior art, and an object thereof is to reduce the trouble of inputting a password and prevent unauthorized payment when a password is leaked.

  In order to solve the above-described problems and achieve the object, the invention according to claim 1 includes a user device for a user who purchases a product, a store device for a store which sells a product to the user, and the user. A customer ID for identifying the user and a user who makes a payment, which is configured by connecting via a network to a payment institution device of a payment institution that processes a payment related to a transaction with the store. A payment system that processes payment using a user ID that is information for specifying the customer ID, and the store apparatus receives from the user apparatus ordering information including the customer ID and information relating to the product to be purchased. If the customer authentication means authenticates the identity of the user using the customer ID, and the customer authentication means authenticates the identity of the user, the authenticated customer ID and reception Is Store communication means for transmitting ordering information to the clearing house device, ID holding means for allowing the clearing house device to associate and register the user ID and the customer ID in the ID storage unit, and the store communication means When receiving the customer ID and the ordering information transmitted by the user ID, the ID verification means for verifying whether the user ID corresponding to the customer ID is stored in the ID storage unit, and received by the ID verification means When it is verified that the user ID corresponding to the customer ID is not stored in the ID storage unit, the user ID is requested and received from the user device, and the user ID is used. It has been verified that a user ID corresponding to the customer ID received by the ID verification unit and a user authentication unit that authenticates the identity of the user is stored in the ID storage unit. In this case, the verified user ID is set as a user ID to be settled, and when the user authentication unit authenticates the user, the authenticated user ID is settled. A payment means for performing payment using the user ID of the payment target and the ordering information as the target user ID is provided.

  Further, in the invention according to claim 2, in the above invention, when the ID holding means is authenticated by the user authentication means as the user, the user ID of the user, The customer ID received by the ID verification unit is associated with the customer ID and registered in the ID storage unit.

  In the invention according to claim 3, in the above invention, the settlement institution device extracts a customer ID associated with a predetermined store device from the customer ID stored in the ID storage unit, and the customer ID And a credit information calculating means for calculating the credit information of the store on the basis of the settlement performed using a pair with the corresponding user ID.

  In the invention according to claim 4, in the above invention, the settlement institution device extracts a customer ID associated with a predetermined store device from the customer ID stored in the ID storage unit, and the customer information It further has an advertisement distribution means for distributing advertisement information about the store to the user associated with the user ID corresponding to the above.

  Further, in the invention according to claim 5, in the above invention, when the settlement agency device distributes the advertisement information by the advertisement distribution means, as a result of purchasing the goods using the settlement organization device, an advertisement is provided. An advertisement fee collecting means for calculating a distribution fee and collecting the advertisement distribution fee from the store is further provided.

  Further, in the invention according to claim 6, in the above invention, when the settlement institution apparatus verifies the validity of the store apparatus and the store apparatus is verified to be valid, the member store is uniquely identified. It further comprises a member store ID transmitting means for generating a member store ID that is information to be identified and transmitting it to the store device, wherein the store device receives the member store ID transmitted by the member store ID transmitting means. And a member store communication means for generating order information including the member store ID and transmitting it to the clearinghouse device.

  The invention according to claim 7 is characterized in that, in the above-mentioned invention, the store communication means adds an electronic signature to the ordering information and transmits it to the clearinghouse apparatus.

  Further, the invention according to claim 8 is characterized in that, in the above-mentioned invention, the settlement institution device further comprises user information transmitting means for transmitting information about the held user to the store device.

  The invention according to claim 9 is characterized in that, in the above invention, the settlement means accumulates processing results in settlement, and analyzes the user's trend using the accumulated processing results. To do.

  The invention according to claim 10 is characterized in that, in the above-mentioned invention, the settlement means performs settlement at a predetermined time when payment is made.

  The invention according to claim 11 is characterized in that, in the above invention, the settlement means performs settlement using electronic money.

  The invention according to claim 12 is the above invention, wherein the user is identified by using a customer ID that identifies the user and a user ID that is information that identifies a user who performs the settlement. Is a store device of a store that sells products to users, and includes information related to the customer ID and the product to be purchased. When the ordering information is received from the user device, the customer authentication means for authenticating the identity of the user using the customer ID, and the customer authentication means authenticating the identity of the user Comprises a store communication means for transmitting the authenticated customer ID and the received ordering information to the clearinghouse apparatus.

  The invention according to claim 13 uses a customer ID that identifies the user himself / herself and a user ID that is information that identifies a user who makes a settlement between the user and the store. A clearing house device of a clearing house that processes the payment related to the transaction, ID holding means for associating the user ID and the customer ID and registering them in an ID storage unit, and the transmitted from the store device When receiving the customer ID and the ordering information, the ID verification unit for verifying whether the user ID corresponding to the customer ID is stored in the ID storage unit, and the customer ID received by the ID verification unit When it is verified that the corresponding user ID is not stored in the ID storage unit, the user ID is requested from the user device and received, and the user is identified using the user ID. Authenticate that When it is verified that the user ID corresponding to the customer ID received by the user authentication unit and the ID verification unit is stored in the ID storage unit, the verified user ID is set as a settlement target. If the user authentication means authenticates the user himself / herself, the authenticated user ID is set as the user ID to be settled and the user ID to be settled. And payment means for making a payment using the ordering information.

  According to a fourteenth aspect of the present invention, a user device of a user who purchases a product, a store device of a store which sells the product to the user, and a settlement relating to a transaction between the user and the store. In a payment system configured by connecting a payment agency device of a payment agency to be processed via a network, a customer ID that identifies the user and information that identifies a user who performs payment A payment method for processing a payment using a customer ID, where the store device receives the customer ID and ordering information including information related to a product to be purchased from the user device. A customer authentication process for authenticating the identity of the user using the authentication method, and if the user authentication is authenticated by the customer authentication step, the authenticated customer ID and the received ordering information are The store communication process to be transmitted to the clearing institution apparatus, the ID holding process in which the clearing house apparatus associates the user ID and the customer ID with each other and registers them in the ID storage unit, and the store communication process has transmitted the store communication process. When the customer ID and the order information are received, an ID verification process for verifying whether a user ID corresponding to the customer ID is stored in the ID storage unit, and the customer ID received by the ID verification process When it is verified that the corresponding user ID is not stored in the ID storage unit, the user ID is requested from the user device and received, and the user is identified using the user ID. When it is verified that the user ID corresponding to the customer ID received by the ID verification process and the user ID received by the ID verification process is stored in the ID storage unit, the verification is performed. The authenticated user ID is set as a payment target user ID, and when the user authentication process is performed, the authenticated user ID is set as the payment target user ID. And a settlement step of performing a settlement using the user ID to be settled and the ordering information.

  According to the inventions of claims 1, 12, 13 and 14, the correspondence relationship between the user ID distributed by the settlement organization and the customer ID distributed by the store is managed by the settlement organization, and settlement is performed only by inputting the customer ID. Can do. As a result, since it becomes possible to settle only by inputting the password at the store, the trouble of performing the password input twice is reduced. In addition, there is a possibility that the password associated with the customer ID may be leaked, but the password cannot be used at other stores. Therefore, compared to the fact that it can be used at other stores when a password is leaked, which is a problem in the “cardholder authentication method” or “settlement proxy method”, only one store is damaged and the spoofing damage is reduced.

  According to the second aspect of the present invention, when the payment institution apparatus is authenticated as the user, the ID storage unit associates the user ID of the user with the received customer ID. Therefore, it is possible to automatically register a user ID and a customer ID in association with each other for an ID that has received a valid authentication.

  According to the invention of claim 3, the customer ID associated with the predetermined store apparatus is extracted from the customer ID stored in the ID storage unit, and the set of the customer ID and the corresponding user ID is used. Since the credit information of the store is calculated based on the settlement made, the user or the like can recognize the store that can be trusted.

  According to the invention of claim 4, the settlement institution device extracts the customer ID associated with the predetermined store device from the customer ID stored in the ID storage unit and associates it with the user ID corresponding to the customer information. Since the advertising information about the store is distributed to the users who have been sent, the advertising information about the store can be efficiently distributed.

  According to the invention of claim 5, when a product is purchased using the settlement organization device as a result of the delivery of the advertisement information by the settlement organization device, the advertisement delivery fee is calculated and the advertisement delivery fee is calculated. Since the payment is collected from the store, the settlement institution device can efficiently collect the advertisement distribution fee.

  According to the sixth aspect of the present invention, the payment institution apparatus verifies the validity of the store apparatus, and if the store apparatus is verified to be valid, the membership is information that uniquely identifies the member store. The store ID is generated and transmitted to the store device, and the store device receives the transmitted member store ID, generates ordering information including the member store ID, and transmits it to the settlement institution device. It is possible to easily register a store as a store apparatus in the payment system.

  According to the invention of claim 7, since the store apparatus adds an electronic signature to the ordering information and transmits it to the settlement institution apparatus, it is possible to transmit / receive the ordering information while preventing eavesdropping and falsification. .

  According to the eighth aspect of the present invention, since the settlement institution device transmits information about the held user to the store device, the store device can grasp the information about the user.

  According to the invention of claim 9, since the processing result is accumulated and the user's trend is analyzed using the accumulated processing result, the consumer's consumption trend and the store purchasing trend are analyzed. It is possible.

  In addition, according to the invention of claim 10, since payment is made at every predetermined period when payment is made periodically, it is possible to reduce the burden of payment for the user.

  According to the eleventh aspect of the present invention, since the charge amount is held and the payment amount is subtracted from the charge amount at the time of settlement, it is possible to perform settlement using electronic money.

  Hereinafter, embodiments of a payment system and a payment method according to the present invention will be described. First, the outline of the present invention will be described with reference to FIGS. FIG. 1 is a diagram for explaining the principle configuration of the present invention.

  As shown in the figure, a user device of a user who purchases a product, a store device of a store that sells the product to the user, and a settlement that processes a settlement relating to a transaction between the user and the store It consists of an institution's payment institution device.

  Under such a configuration, the payment system 1 uses user authentication information, customer authentication information, and ordering information. FIG. 2 shows the data structure of these pieces of information. As shown in FIG. 2, the user authentication information is generated in advance by the payment institution apparatus, and the user authentication information ID, which is information for identifying the user by the payment institution apparatus, and the identity of the user are confirmed. It consists of user verification information that is information. The customer authentication information is composed of a customer ID that is generated in advance by the store apparatus and is information for identifying the user of the store apparatus and customer verification information that is information for confirming the identity of the customer. The ordering information includes information such as an ordering ID that uniquely identifies the ordering information, a product name to be purchased, a delivery address, and a payment amount.

  The user device includes a communication unit. This communication means transmits and receives user authentication information, customer authentication information, and ordering information.

  The settlement institution apparatus is composed of user authentication means, ID holding means, ID verification means, settlement means, and communication means. The user authentication means authenticates whether or not the user is the user using the user authentication information. The ID holding unit holds a correspondence relationship between the user ID and the customer ID. The ID verification means verifies whether there is a user ID corresponding to a certain customer ID, using the correspondence between the user ID and customer ID held by the ID holding means. The settlement means confirms the justification of the information using the user ID and the ordering information, and performs a settlement process. The communication means transmits and receives user authentication information, customer authentication information, and ordering information.

  The store apparatus is composed of customer authentication means, order placement management means, and communication means. The customer authentication means authenticates whether or not the customer himself / herself using the customer authentication information. The order placement / order management means holds order placement / order information. The communication means transmits and receives user authentication information, customer authentication information, and ordering information.

  Next, the operation of the payment system will be described with reference to FIG. FIG. 3 is a diagram for explaining the processing operation of the settlement system. First, the user device transmits customer authentication information and ordering information to the store device using the communication means (see (1) in FIG. 3). Then, the store apparatus receives the customer authentication information and the ordering information from the user apparatus using the communication means, and verifies the identity of the customer using the customer authentication means (see (2) in FIG. 3). Subsequently, the store apparatus transmits ordering order information and customer authentication information to the settlement institution apparatus using the communication means (see (3) in FIG. 3).

  Then, the payment institution apparatus receives the customer authentication information from the store apparatus, and verifies that the customer ID included in the payment information is held in the customer ID holding means using the ID verification means ((FIG. 3 ( 4)).

  As a result, when the customer ID is not held, the clearing house device transmits a user authentication request to the user device (see (5) in FIG. 3). Thereafter, the user device receives the user authentication request and transmits the user authentication information to the settlement institution device (see (6) in FIG. 3). Subsequently, the settlement institution apparatus performs user authentication using user authentication means (see (7) in FIG. 3). On the other hand, when the customer ID is held in the customer ID holding means, the settlement institution apparatus can omit the processes of FIGS. 3 (5) to (7).

  Then, the settlement institution apparatus confirms the validity of the settlement information using the settlement means, and performs settlement processing using the user ID and the ordering information (see (8) in FIG. 3). Subsequently, the settlement institution device notifies the settlement result information to the store device (see (9) in FIG. 3). Thereafter, after receiving the settlement result information, the store apparatus notifies the user apparatus of the settlement result information (see (10) in FIG. 3).

  Note that the payment system of the present invention can make a safe payment by using only the customer ID distributed by the store via the communication network. For example, the present invention can be applied to electronic commerce on the Internet, orders for merchandise sales using radio, television and catalogs.

  Here, the customer ID and user ID described with reference to FIG. 2 may use not only an arbitrary number and character string but also an ID assigned to each unit to be identified, such as a mail address, URL, or telephone number. it can. The customer verification information and the user verification information can use a password, an electronic signature, biometric information, a device ID for specifying a device, a line ID for specifying a line, and the like.

  In order information, various information such as order ID, product name, product image, product ID, delivery address, delivery address, payment amount, payment deadline, electronic signature, etc. are described as information for specifying the order information. it can. Such information can be described using not only a character string but also an easily expandable description format such as CSV, XML, HTML, and SGML. Furthermore, it is possible to include verification information that can detect tampering and can recognize that the store that generated the payment information is a store registered with the payment institution. Specifically, there are a store ID, an electronic signature, a public key certificate, and the like.

  In addition, as a communication method for ordering information, it is possible to perform communication by improving the safety of the communication method itself, such as a challenge and response method, encryption of a communication path using SSL or the like. In addition to direct transmission / reception from the store apparatus to the payment institution apparatus, a method of transmitting / receiving via a user apparatus using HTTP redirection or the like is also possible.

  The ID holding means manages a set of user ID and customer ID. Thereby, the number of user IDs registered for each store is known. By applying this, it is possible to calculate the credit information of the store and disclose it to the outside. It is also possible to send store advertisement information to related users.

  Next, an embodiment of each device constituting the settlement system according to the present invention will be described. Each device is a server, personal computer, POS register, computer equipment such as kiosk terminal, audio, automobile, home appliances such as air conditioner, refrigerator, microwave oven, robot, landline phone, mobile phone, PDA, IC card, RFID, router It can be installed in embedded devices such as home gateways.

  Each device can be held by a user, a settlement institution, and a store. That is, the user holds the user device, the store holds the store device, and the settlement organization holds the settlement organization device. It is also possible to arrange the devices in the same system. For example, it is possible to arrange a settlement institution device and a store device on one server. In this case, it becomes a mall type system in which one settlement organization performs server management and provides store apparatuses for each of a plurality of stores. In addition, when applied to an online auction in which transactions are made between individuals, it is also possible for one settlement organization to perform server management and provide store devices to individuals as in the mall type.

  As the communication network, means such as the Internet, a fixed telephone line, a wireless line, a satellite line, and a wireless LAN can be considered. The communication means encrypts the communication path using SSL or the like as necessary, and can prevent eavesdropping by a third party.

In the following first embodiment, the configuration and processing of the settlement system according to the first embodiment will be described in order, and finally the effects of the first embodiment will be described. Here, the notation used below will be described. A data string composed of a plurality of data X1, X2,... Is described as A = (X1, X2,...). Further, the one-way hash function value Dig for the message m using SHA-1 or MD5 is described as Dig = H (m). Further, an electronic signature Sig for a message m generated using a public key Pk corresponding to a secret key Sk in a public key cryptosystem such as RSA or DSA is described as Sig = S _PK (m).

[Configuration of payment system]
Next, the configuration of the payment system according to the first embodiment will be described with reference to FIG. FIG. 4 is a block diagram illustrating the configuration of the payment system according to the first embodiment.

  The settlement system 1 according to the first embodiment includes a user terminal 10, a store server 20, and a settlement server 30. Each system is connected to the Internet. In each apparatus constituting the payment system 1 according to the present invention, the user apparatus is incorporated in the user terminal 10, the store apparatus is incorporated in the store server 20, and the settlement organization apparatus is incorporated in the settlement server 30.

  The settlement server 30 can have a user / store management system for managing available users and stores. The store server 20 can have a product management system for managing products to be sold. The user terminal 10 can have a browser that performs communication using the Internet.

  Each system maintains a database for storing data. As the database, a nonvolatile storage medium such as a magnetic disk, EEPROM, FeRAM, or MRAM, a volatile storage medium such as a RAM, a magneto-optical medium such as a CD-ROM or a DVD-ROM, or the like can be used.

[Configuration of payment server]
Next, the configuration of the settlement server 30 will be described with reference to FIGS. FIG. 5 is a block diagram illustrating a configuration of the payment server 30 according to the first embodiment, and FIG. 6 is a diagram illustrating a configuration of a database held by the payment server 30.

  As shown in FIG. 5, the settlement server 30 includes a communication unit 31, a control unit 32, and a storage unit 33, and is connected to the user terminal 10 and the store server 20 via the communication network 40. The processing of each of these units will be described below.

  The communication unit 31 controls communication related to various information exchanged between the connected user terminal 10 and the store server 20. Specifically, the communication unit 31 receives ordering / ordering information, authentication response information, user authentication information, and cooperation request, and transmits authentication request information, user authentication request, and settlement result information.

  The storage unit 33 stores data and programs necessary for various types of processing by the control unit 32. In particular, those closely related to the present invention include a session management DB 33a, a user management DB 33b, an order information management DB 33c, an ID The linkage management DB 33d and the key management DB 33e are held.

  As shown in FIG. 6, the session management DB 33a manages ordering information during the settlement process. In this example, it is composed of an order ID, a product name, a delivery address, a payment amount, a customer ID, and a random number. The user management DB 33b stores a set of user ID and password distributed to the user by the settlement server. The order information management DB 33c stores information related to the ordered product. In this example, it is composed of an order ID, a product name, a delivery address, and a payment amount. The ID linkage management DB 33d stores a pair of linked customer ID and user ID. The key management DB 33e stores a signature key of the settlement server 30, a verification key of the store server 20 to be verified, and the like. In this example, the secret key in the public key cryptosystem, the key pair of the public key, and the public key of the store to be verified are stored.

  The control unit 32 has an internal memory for storing a program that defines various processing procedures and the necessary data, and performs various processes by using these programs. Particularly, as closely related to the present invention, User authentication means 32a, ID holding means 32b, ID verification means 32c, and settlement means 32d are provided.

  If it is verified that the user ID corresponding to the customer ID received by the ID verification unit 32c described later is not stored in the ID linkage management DB 33d, the user authentication unit 32a requests the user ID. Receive and authenticate the identity of the user using the user ID. Specifically, when receiving the user authentication information and the authentication cooperation request from the user terminal 10, the user authentication unit 32a stores the user authentication information in the user management DB 33b and uses the user authentication information. User authentication.

  If the user authentication unit 32a authenticates the user, the ID holding unit 32b associates the user ID of the user with the customer ID received by the ID verification unit 32c and associates the ID with the customer ID. Register in the cooperation management DB 33d. Specifically, when the authentication joint request received from the user terminal 10 is True, the ID holding unit 32b holds the combination of (customer ID, user ID) in the ID cooperation management DB 33d.

  When receiving the customer ID and the ordering / ordering information transmitted by the communication unit 31, the ID verification unit 32c verifies whether the user ID corresponding to the customer ID is stored in the ID linkage management DB 33d. Specifically, when receiving the order information, the ID verification unit 32c stores the order information in the order information management DB 33c, generates authentication request information (R, Sig1 generation), and requests an authentication request from the store server 20 Send information.

  Further, when receiving the authentication response information, the ID verification means 32c verifies the authentication response information (Sig2 verification), and uses the customer ID included in the authentication response information and the stored user ID and customer ID. A matching customer ID from the set is specified from the ID linkage management DB 33d.

  When it is verified that the user ID corresponding to the customer ID received by the ID verification unit 32c is stored in the ID cooperation management DB 33d, the settlement unit 32d uses the verified user ID as a target of settlement. When the user authentication unit 32a authenticates the user, the user ID to be settled and the ordering information are used as the user ID to be settled. Make a payment using.

[Configuration of store server]
Next, the configuration of the store server 20 will be described with reference to FIGS. FIG. 7 is a block diagram illustrating a configuration of the store server 20 according to the first embodiment, and FIG. 8 is a diagram illustrating a configuration of a database held by the store server 20.

  As illustrated in FIG. 7, the store server 20 includes a communication unit 21, a control unit 22, and a storage unit 23, and is connected to the user terminal 10 and the settlement server 30 via the communication network 40. The processing of each of these units will be described below.

  The communication unit 21 controls communication regarding various information exchanged between the connected user terminal 10 and the settlement server 30. Specifically, the communication means 21 receives customer authentication information, purchased product information, authentication request information, and settlement result information, and transmits ordering information, user authentication request, settlement completion information, and authentication response information.

  The storage unit 23 stores data and programs necessary for various types of processing by the control unit 22, and particularly those closely related to the present invention include a session management DB 23a, a customer management DB 23b, an order information management DB 23c, and a key management. DB23d is retained.

  As shown in FIG. 8, the session management DB 23a manages ordering information during the settlement process. In this example, it is composed of an order ID, a product name, a delivery address, a payment amount, a customer ID, and a random number. The customer management DB 23b stores a set of customer ID and password distributed to the user by the settlement server 30. The order information management DB 23c stores information related to the ordered product. In this example, it is composed of an order ID, a product name, a delivery address, and a payment amount. The key management DB 23d stores the signature key of the settlement server 30, the verification key of the store server 20 to be verified, and the like. In this example, the secret key in the public key cryptosystem, the key pair of the public key, and the public key of the store to be verified are stored.

  The control unit 22 has an internal memory for storing a program that defines various processing procedures and the necessary data, and executes various processes using these programs. Particularly, as closely related to the present invention, Customer authentication means 22a and order placement / order management means 22b are provided.

  When the customer authentication means 22a receives from the user terminal 10 the customer ID and the ordering / ordering information including information related to the product to be purchased, the customer authentication means 22a authenticates the identity of the user using the customer ID. Specifically, when the customer authentication means 22a receives the customer authentication information and the purchased product information, the customer authentication means 22a performs ID authentication and password authentication using the customer authentication information, generates order information, and transmits it to the settlement server 30.

  Further, when receiving the authentication request information, the customer authentication means 22a verifies the authentication request information (Sig1 verification), generates authentication response information (Sig2 generation), and transmits the authentication response information to the settlement server 30.

  The ordering / ordering managing unit 22b stores the ordering / ordering information received from the user terminal 10 in the ordering / ordering information management DB 23c. Specifically, the order receiving / order management unit 22b stores the order receiving / ordering information generated by the customer authentication unit 22a in the order receiving / ordering information management DB 23c.

[Initial state of payment system]
Next, an initial state of the embodiment will be described. The user holds (ID1, PW1) which is a set of user ID and password distributed by the settlement server 30. Further, the user holds a set of customer ID and password distributed by the store server 20 (ID2, PW2). The settlement server 30 holds a public key / private key pair (SkX, PkX), (ID1, PW1), and PkA. The store server 20 holds the key pair (SkA, PkA), (ID2, PW2), and PkX.

[Data structure of each message]
Next, the data structure of each message used in the embodiment will be described with reference to FIG. The user authentication information is composed of (ID1, PW1). The customer authentication information is composed of (ID2, PW2). The authentication cooperation request is a flag that takes True when cooperation is performed and False when cooperation is not performed. The ordering information includes (ordering ID, product name, delivery address, payment amount). The authentication request information includes (order ID, random number R, electronic signature Sig1), and the authentication response information includes (customer ID, order ID, random number R, electronic signature Sig2).

[Processing by payment system]
Next, the flow of processing by the payment system 1 according to the first embodiment will be described with reference to FIGS. 10 and 11. FIG. 10 is a sequence diagram illustrating a processing operation of the payment system 1 according to the first embodiment, and FIG. 11 is a screen transition diagram in the user terminal 10 of the payment system 1 according to the first embodiment. The process described below describes a case where an ID linkage request for linking a user ID and a customer ID is transmitted and a user ID and a customer ID are registered in the payment server 30 when making a payment. .

  As shown in the figure, the user terminal 10 of the payment system 1 transmits customer authentication information and purchased product information to the store server 20 (step S101). Here, on the screen illustrated in FIG. 11A, the user selects and determines the product to be purchased, the unit price of the product, the number of products, and the delivery address (for example, click the “OK” button). In the screen illustrated in FIG. 11B, after the user inputs and determines the ID and password, the customer authentication information and the purchased product information are transmitted to the store server 20. Then, the store server 20 receives the customer authentication information and the purchased product information, and performs ID authentication and password authentication using the customer authentication information (step S102).

  Then, the store server 20 generates and holds ordering / ordering information (step S103), and transfers the ordering / ordering information to the settlement server 30 by HTTP redirection (step S104). Subsequently, the settlement server 30 receives the ordering information and generates authentication request information (R, Sig1 generation) (step S105).

  Then, the settlement server 30 transmits authentication request information to the store server 20 (step S106). The store server 20 that has received the authentication request information verifies the authentication request information (Sig1 verification), generates authentication response information (Sig2 generation), and transmits the authentication response information to the settlement server 30 (steps S107 to 109). .

  Thereafter, the settlement server 30 receives the authentication response information, verifies the authentication response information (Sig2 verification), and uses the customer ID included in the authentication response information to set the held user ID and customer ID. To match the customer ID from the ID linkage management DB 33d (step S110, step S111). Here, a case where there is no matching customer ID will be described.

  Subsequently, when there is no matching customer ID, the payment server 30 requests user authentication from the user terminal 10 (step S112). Upon receiving the request, the user terminal 10 transmits user authentication information and an authentication cooperation request to the settlement server 30 (step S113). Here, in the screen illustrated in FIG. 11C, after the user inputs the ID and password and decides to omit the second and subsequent ID and password input, the user authentication information and the authentication cooperation request Is transmitted to the settlement server 30. Then, when receiving the user authentication information and the authentication cooperation request, the settlement server 30 performs user authentication using the user authentication information (step S114).

  Then, when the authentication joint request is True, the settlement server 30 holds a combination of a customer ID and a user ID (step S115), and performs settlement using the user ID and ordering information (step S116). Then, the settlement result information is transferred to the store server 20 by HTTP redirection (step S117). The store server 20 receives the settlement result information, generates settlement completion information (step S118), and transmits it to the user terminal 10 (step S119). Then, the user terminal 10 receives the notification and displays a transaction completion screen as illustrated in FIG.

  Next, the flow of processing by the settlement system 1 according to the first embodiment will be described with reference to FIGS. FIG. 12 is a sequence diagram illustrating a processing operation of the payment system 1 according to the first embodiment, and FIG. 13 is a screen transition diagram in the user terminal 10 of the payment system 1 according to the first embodiment. In the process described below, the user ID and the customer ID are linked when the payment is made after the user ID and the customer ID are registered by the above process (step S115 in FIG. 10). The case where it is confirmed will be described.

  As shown in the figure, the user terminal 10 of the payment system 1 transmits customer authentication information and purchased product information to the store server 20 (step S201). Here, in the screen illustrated in FIG. 13A, the user selects and determines the product to be purchased, the unit price of the product, the number of products, and the delivery address, and is illustrated in FIG. 13B. On the screen, the customer authentication information and purchased product information are transmitted to the store server 20 after the user inputs and determines the ID and password. Then, the store server 20 receives the customer authentication information and the purchased product information, and performs ID authentication and password authentication using the customer authentication information (step S202).

  Then, the store server 20 generates and holds ordering / ordering information (step S203), and transfers the ordering / ordering information to the settlement server 30 by HTTP redirection (step S204). Subsequently, the settlement server 30 generates authentication request information (R, Sig1 generation), and holds ordering order information (step S205).

  Then, the settlement server 30 transmits authentication request information to the store server 20 (step S206). The store server 20 that has received the authentication request information verifies the authentication request information (Sig1 verification), generates authentication response information (Sig2 generation), and transmits the authentication response information to the settlement server 30 (steps S207 to S209). .

  Thereafter, the settlement server 30 receives the authentication response information, verifies the authentication response information (Sig2 verification), and uses the customer ID included in the authentication response information to set the held user ID and customer ID. To match the customer ID from the ID linkage management DB 33d (step S210, step S211). Here, a case where there is a matching customer ID will be described. That is, as shown in FIG. 13C, the authentication screen is omitted, so that the number of password inputs can be reduced to one.

  The settlement server 30 performs settlement using the user ID corresponding to the specified customer ID and the ordering / ordering information (step S212), and transfers the settlement result information to the store server 20 by HTTP redirection (step S213). The store server 20 receives the settlement result information, generates settlement completion information (step S214), and transmits it to the user terminal 10 (step S215). And a notification is received in the user terminal 10, and a transaction completion screen is displayed so that it may illustrate in (d) of FIG.

[Effect of Example 1]
As described above, in the present invention, when a customer ID paid out by a store and a user ID paid out by a payment institution are linked, payment can be performed only by inputting a customer ID and a corresponding password. , Password can be entered once. Further, at this time, leakage of the store password becomes a problem. In this case, it is impossible to make a third party spoofing settlement at another store, so that damage can be limited to one store. Further, there is no settlement number that is notified to various stores like credit numbers, and the concentration is concentrated on the user ID and password of the settlement organization, so that the risk of leakage can be kept to a minimum.

  Although the embodiments of the present invention have been described so far, the present invention may be implemented in various different forms other than the embodiments described above. Therefore, another embodiment included in the present invention will be described below as a second embodiment.

(1) Store credit In the present invention, store credit information may be calculated based on facts that have been settled. Specifically, the number of user IDs registered for each store is known using an ID linkage management DB in which a set of user IDs and customer IDs is managed. By applying this, it is possible to calculate the credit information of the store and disclose it to the outside. It is also possible to send store advertisement information to related users.

  As described above, the customer ID associated with the predetermined store apparatus is extracted from the customer ID stored in the ID storage unit, and based on the settlement performed using the pair of the customer ID and the corresponding user ID. Since the credit information of the store is calculated, the user or the like can recognize the store that can be trusted.

(2) Advertising Moreover, you may make it this invention distribute the advertising information regarding a store to a user. Specifically, the settlement server 30 extracts the customer ID associated with the store server 20 from the customer ID stored in the ID linkage management DB 33d, and the user terminal associated with the user ID corresponding to the customer information. The advertisement information about the store is distributed to 10.

  Then, after distributing the advertisement information, the settlement server 30 calculates an advertisement distribution fee and collects the advertisement distribution fee from the store server 20 when the product is purchased as a result of distributing the advertisement information.

  As described above, the customer ID associated with the predetermined store apparatus is extracted from the customer ID stored in the ID storage unit, and the advertisement information regarding the store is distributed to the user associated with the user ID corresponding to the customer information. Therefore, it is possible to efficiently distribute the advertising information regarding the store. In addition, as a result of the distribution of the advertisement information by the settlement institution apparatus, when a product is purchased using the settlement institution apparatus, an advertisement distribution fee is calculated and the advertisement distribution fee is collected from the store. Can effectively collect advertisement distribution fees.

(3) Member store In the present invention, a member store may be newly registered as a store device. Specifically, the settlement server 30 verifies the legitimacy of the store server 20 that newly joins the settlement system 1, and uniquely identifies the member store when the store server 20 is verified to be legitimate. The member store ID, which is information, is generated and transmitted to the store server 20. Then, the store server 20 that has received it receives the transmitted member store ID, generates ordering information including the member store ID, and transmits it to the settlement server 30.

  In this way, the settlement institution device verifies the validity of the store device, and if the store device is verified to be valid, generates a member store ID that is information for uniquely identifying the member store, Since the store apparatus receives the transmitted member store ID, generates the ordering / ordering information including the member store ID, and transmits the order information to the settlement institution apparatus, the settlement system as the member store. It is possible to make new registration easy.

(4) Marketing In the present invention, processing results of settlement may be accumulated, and marketing may be performed based on the accumulated data. Specifically, the settlement server 30 accumulates settlement processing results in a predetermined storage unit, and analyzes consumer consumption trends and store purchase trends using the accumulated processing results.

  As described above, the processing results are accumulated, and the user's trend is analyzed using the accumulated processing results, so that it is possible to analyze the consumer's consumption trend and the store purchasing trend.

(5) Periodic payment Further, the present invention may automatically perform payment processing periodically. Specifically, payment information on which payment is made periodically is held in a predetermined storage unit, and payment processing is automatically performed at a predetermined time for each predetermined time when payment is made periodically.

  As described above, since the payment is performed at every predetermined period when the payment is periodically made, it is possible to reduce the burden of the user's payment.

(6) Electronic Money In the present invention, payment may be performed using electronic money. Specifically, the settlement server 30 holds a predetermined amount as a charge amount in advance in a predetermined storage unit, and subtracts the payment amount from the charge amount at the time of settlement.

  In this way, the charge amount is held, and the payment amount is subtracted from the charge amount at the time of settlement, so that settlement using electronic money can be performed.

  As described above, the settlement system, the store apparatus, the settlement institution apparatus, and the settlement method according to the present invention are useful when performing settlement of various stores using a network such as the Internet. It is suitable for reducing the trouble of inputting and preventing illegal settlement when a password is leaked.

It is a figure for demonstrating the principle structure of this invention. It is a figure which shows the data structure of information. It is a figure for demonstrating the processing operation of a payment system. 1 is a block diagram illustrating a configuration of a payment system according to a first embodiment. 1 is a block diagram illustrating a configuration of a settlement server 30 according to a first embodiment. It is a figure which shows the structure of the database which the payment server 30 hold | maintains. 1 is a block diagram illustrating a configuration of a store server 20 according to a first embodiment. It is a figure which shows the structure of the database which the shop server 20 hold | maintains. It is a figure for demonstrating the data structure of each message | telegram used in an Example. It is a sequence diagram which shows the processing operation of the payment system 1 which concerns on Example 1. FIG. It is a screen transition diagram in the user terminal 10 of the payment system 1 according to the first embodiment. It is a sequence diagram which shows the processing operation of the payment system 1 which concerns on Example 1. FIG. It is a screen transition diagram in the user terminal 10 of the payment system 1 according to the first embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Payment system 10 User terminal 20 Store server 21 Communication means 22 Control part 22a Customer authentication means 22b Order receiving management means 23 Storage part 23a Session management DB
23b Customer management DB
23c Order information management DB
23d Key management DB
30 payment server 31 communication means 32 control part 32a user authentication means 32b ID holding means 32c ID verification means 32d payment means 33 storage part 33a session management DB
33b User management DB
33c Order information management DB
33d ID linkage management DB
33e Key management DB

Claims (14)

A user device of a user who purchases a product, a store device of a store that sells the product to the user, and a clearinghouse device of a clearinghouse that processes a settlement relating to a transaction between the user and the store. In a payment system configured to be connected via a network, a payment is processed using a customer ID that identifies the user and a user ID that is information that identifies a user who performs the payment. A payment system,
The store apparatus is
Customer authentication means for authenticating the identity of the user using the customer ID when the customer ID and the ordering / ordering information including information relating to the product to be purchased are received from the user device;
If the customer authentication means authenticates the user, the store communication means for transmitting the authenticated customer ID and the received ordering information to the clearinghouse device;
The settlement institution device is
ID holding means for associating the user ID with the customer ID and registering them in an ID storage unit;
An ID verification unit that verifies whether a user ID corresponding to the customer ID is stored in the ID storage unit when the customer ID and the ordering information transmitted by the store communication unit are received;
If it is verified that the user ID corresponding to the customer ID received by the ID verification means is not stored in the ID storage unit, the user ID is requested from the user device and received, User authentication means for authenticating the identity of the user using the user ID;
When it is verified that the user ID corresponding to the customer ID received by the ID verification means is stored in the ID storage unit, the verified user ID is set as the user ID to be settled, When the user authentication unit authenticates the user, the user ID to be settled and the ordering information are set as the user ID to be settled. A payment means for making a payment using,
A payment system comprising:   The ID holding means associates the user ID of the user with the customer ID received by the ID verification means when the user authentication means authenticates the user. The payment system according to claim 1, wherein the payment system is registered in an ID storage unit.   The payment institution apparatus extracts a customer ID associated with a predetermined store apparatus from the customer ID stored in the ID storage unit, and is performed using a pair of the customer ID and a corresponding user ID. 3. The settlement system according to claim 1, further comprising credit information calculation means for calculating store credit information based on the settlement.   The payment institution device extracts a customer ID associated with a predetermined store device from the customer ID stored in the ID storage unit, and relates the store to the user associated with the user ID corresponding to the customer information. The settlement system according to any one of claims 1 to 3, further comprising advertisement distribution means for distributing advertisement information.   As a result of distributing the advertisement information by the advertisement distribution means as a result of the payment agency device having purchased goods using the payment authority device, an advertisement distribution fee is calculated and the advertisement distribution fee is collected from the store. The settlement system according to claim 4, further comprising an advertisement fee collection unit. The settlement institution device is
Validate the store device, and if the store device is verified to be valid, a member store ID that is information for uniquely identifying the member store is generated and transmitted to the store device A store ID transmission means;
The store apparatus is
The apparatus further comprises member store communication means for receiving the member store ID transmitted by the member store ID transmitting means, generating ordering information including the member store ID, and transmitting the order information to the payment institution apparatus. The settlement system according to any one of claims 1 to 5.   The payment system according to any one of claims 1 to 6, wherein the store communication unit adds an electronic signature to the ordering information and transmits the information to the payment institution apparatus.   The payment system according to any one of claims 1 to 7, wherein the payment institution apparatus further includes user information transmission means for transmitting user information related to a held user to the store apparatus.   The settlement according to any one of claims 1 to 8, wherein the settlement unit accumulates a processing result in the settlement, and analyzes a trend of the user using the accumulated processing result. system.   The settlement system according to any one of claims 1 to 9, wherein the settlement unit performs settlement at a predetermined time when payment is performed.   The payment system according to claim 1, wherein the payment unit holds a charge amount as electronic money and subtracts the payment amount from the charge amount at the time of payment. Settlement for processing a settlement related to a transaction between the user and the store using a customer ID for identifying the user and a user ID for identifying a user performing settlement. A store device of a store that is connected to a payment institution device of an institution and sells products to users,
Customer authentication means for authenticating the identity of the user using the customer ID when the customer ID and the ordering / ordering information including information relating to the product to be purchased are received from the user device;
If the customer authentication means authenticates the user, the store communication means for transmitting the authenticated customer ID and the received ordering information to the clearinghouse device;
A store apparatus comprising: A clearing house that processes payments related to transactions between a user and a store using a customer ID that identifies the user and a user ID that is information that identifies a user performing the payment. A settlement institution device,
ID holding means for associating the user ID with the customer ID and registering them in an ID storage unit;
ID verification means for verifying whether a user ID corresponding to the customer ID is stored in the ID storage unit when the customer ID and the ordering information transmitted from the store apparatus are received;
If it is verified that the user ID corresponding to the customer ID received by the ID verification means is not stored in the ID storage unit, the user ID is requested from the user device and received, User authentication means for authenticating the identity of the user using the user ID;
When it is verified that the user ID corresponding to the customer ID received by the ID verification means is stored in the ID storage unit, the verified user ID is set as the user ID to be settled, When the user authentication unit authenticates the user, the user ID to be settled and the ordering information are set as the user ID to be settled. A payment means for making a payment using,
A settlement institution apparatus comprising: A user device of a user who purchases a product, a store device of a store that sells the product to the user, and a clearinghouse device of a clearinghouse that processes a settlement relating to a transaction between the user and the store. In a payment system configured to be connected via a network, a payment is processed using a customer ID that identifies the user and a user ID that is information that identifies a user who performs the payment. A payment method,
The store apparatus is
A customer authentication step of authenticating the identity of the user using the customer ID when receiving the customer ID and ordering / ordering information including information relating to the product to be purchased;
If the customer authentication process authenticates the user, the store communication process for transmitting the authenticated customer ID and the received ordering information to the clearinghouse device;
The settlement institution device is
An ID holding step of registering the user ID and the customer ID in an ID storage unit in association with each other;
An ID verification step for verifying whether a user ID corresponding to the customer ID is stored in the ID storage unit when the customer ID and the ordering information transmitted by the store communication step are received;
When it is verified that the user ID corresponding to the customer ID received by the ID verification step is not stored in the ID storage unit, the user ID is requested from the user device and received, A user authentication process for authenticating the identity of the user using the user ID;
When it is verified that the user ID corresponding to the customer ID received by the ID verification step is stored in the ID storage unit, the verified user ID is set as the user ID to be settled, Further, when the user is authenticated by the user authentication step, the user ID to be settled and the ordering information are set with the authenticated user ID as the user ID to be settled. A payment process using the payment method;
A payment method characterized by including

Images